BRC Audit Finding: Withdrawal/Recall policy - Advice?

[tsmith7858]

Over the last 9 months I have been implementing an ISO 22000 Food Safety System and several weeks ago we had a customer come to us asking that we certify one of our lines with BRC. :mg: After a review of the standard, we felt we had the processes in place to meet the standard and we were successfully audited last week and overall did very well (a few minor issues and one major) and passed!!!

My only question on corrective actions that were given is in regards to Withdrawal/Recall policy.

BRC Standard states the following in 3.11.7:

In the event of a product recall, the certification body issuing the current certificate for the site against the Global Standard for Food Safety and the appropriate authorities shall be informed in a timely manner.

​

Our policy does not state that the certification body needs to be informed and we received a non conformance to BRC standards.

I could not find a similar statement in ISO 22000 and wanted some insight on whether informing the certification body is a requirement for ISO (and I missed it somewhere) or if it is typical to include this in the policy.

Thanks in advance for any feedback

 

[Marc]

General info for people unfamiliar with BRC (British Retail Consortium):

The BRC Global Standards

In 1998 the British Retail Consortium (BRC), responding to industry needs, developed and introduced the BRC Food Technical Standard to be used to evaluate manufacturers of retailers own brand food products. It is designed to be used as a pillar to help retailers and brand owners with their 'due diligence' defence, should they be subject to a prosecution by the enforcement authorities. Under EU food Law, retailers and brand owners have a legal responsibility for their brands.

In a short space of time, this Standard became invaluable to other organisations across the sector. It was and still is regarded as the benchmark for best practice in the food industry. This and its use outside the UK has seen it evolve into a Global Standard used not just to assess retailer suppliers, but as a framework upon which many companies have based their supplier assessment programmes and manufacture of some branded products.

The majority of UK, and many European and Global retailers, and brand owners will only consider business with suppliers who have gained certification to the appropriate BRC Global Standard.

Following the success and widespread acceptance of the Global Standard – Food, the BRC published the first issue of the Packaging Standard in 2002, followed by Consumer Products Standard in August 2003, and finally by the BRC Global Standard - Storage and Distribution in August 2006 . Each of these Standards is regularly reviewed and each standard is fully revised and updated at least every 3 years after extensive consultation with a wide range of stakeholders.

Many registrars have 'extra' requirements. I'm not familiar enough with BRC requirements to comment. Hopefully one of the others here will be able to help.

 

[harry]

As the party that certify your system, I think it is fair if your CB wants to be considered as 'relevant interested parties' and be notified of any withdrawals under Cl 7.10.4 b(1) of ISO 22000 - even though they are not among the examples given.

 

[John Broomfield]

Over the last 9 months I have been implementing an ISO 22000 Food Safety System and several weeks ago we had a customer come to us asking that we certify one of our lines with BRC. :mg: After a review of the standard, we felt we had the processes in place to meet the standard and we were successfully audited last week and overall did very well (a few minor issues and one major) and passed!!!

My only question on corrective actions that were given is in regards to Withdrawal/Recall policy.

BRC Standard states the following in 3.11.7:

In the event of a product recall, the certification body issuing the current certificate for the site against the Global Standard for Food Safety and the appropriate authorities shall be informed in a timely manner.

​

Our policy does not state that the certification body needs to be informed and we received a non conformance to BRC standards.

I could not find a similar statement in ISO 22000 and wanted some insight on whether informing the certification body is a requirement for ISO (and I missed it somewhere) or if it is typical to include this in the policy.

Thanks in advance for any feedback

ISO system standards work perfectly well without a registrar or certification body being involved.

I agree, that in the event of an organization obtaining accredited certification of its food safety management system to ISO 22000 that it would be wise for them to require said system to include them in the notifications part of the recall procedure as as an interested party.

ISO, as a matter of policy, would not make any registrar or certification body an integral part of their system standards.

BRC has a finiancial interest in making themselvs an integral part of their standards. Some would consider this a conflict of interest.

 

[Sidney Vianna]

ISO system standards work perfectly well without a registrar or certification body being involved.

Can you give me one example of a management system standard (ISO or otherwise) that has global deployment and does not have a certification process associated with it?

 

[John Broomfield]

Can you give me one example of a management system standard (ISO or otherwise) that has global deployment and does not have a certification process associated with it?

I do not see how my statement and your question are related.

If the system needs a registrar to make it work effectively then that system does not conform to the standard.

 

[JCVP1969]

I had a similar issue a few years ago! The BRC Standard as a whole seems to be a very profitable back rubbing exercise (we had to rub SGS's back so to speak!)

They said my client should test the product recall procedure every year by having dummy recalls and stated this was done in the medical devices industry!! I had a quiet word and mentioned he was talking out of his ass and do you know what he shut up!

In answer to your question, just do what he says as it will probably cost you an additional 1000 - 2000 pounds / dollars per day for them to come back if you do not.

If you want a list of parties interested when a recall happens it may be worth referring to the medical device / in vitro diagnostic medical device guidance on post market vigilance and this makes it quite clear (mind you the other 50'ish pages are full of tosh!).

If you wish I can send you a link or perhaps even the document!

 

[Sidney Vianna]

I do not see how my statement and your question are related.

I beg to differ. Only standards that are deployed and used can work "perfectly well". Standards that exist, but are not used, don't "work perfectly well". Unfortunately, the reality is: management system standards only get traction when an associated certification system is developed around it. Case in point: ISO 9001 and 9004.

 

[tsmith7858]

I added a "one liner" to the SOP including certifying bodies to be notified. It is not specified in any other standard but I do agree that it is a good practice. Recalls are public knowledge anyway so it would not be a secret.

Thanks for the responses

 

[John Broomfield]

I beg to differ. Only standards that are deployed and used can work "perfectly well". Standards that exist, but are not used, don't "work perfectly well". Unfortunately, the reality is: management system standards only get traction when an associated certification system is developed around it. Case in point: ISO 9001 and 9004.

Would that be a ISO 9001:2008 clause 5.1 nonconformity "failure of top management to provide evidence of their commitment to the development, implementation or continually improving the effectiveness of its management system"?

Or would it be evidence of a nonconformity with clause 6.1: "Failure of the organization to determine or provide the resources needed to implement and maintain its management system and continually improve its effectiveness"?

You seem to be arguing that the registrar is an essential 6.1 resource. What does that do for their independence?

Do you know of a single registrar that has issued a nonconformity when the system depends too much on them as they should?

Life is too short for guidelines, Nortel tried to hold themselves to ISO 9004. Most people have time only for requirements, perhaps supplemented by an idea every now and then that is so good it becomes a top management requirement.

It is not reasonable to expect companies to conform to the recomendations of ISO 9004 but I personally know of many organizations that choose to ensure their business management systems conform to ISO 9001.

Certification, they see, is a separate marketing decision.