Third-party audits are a fact of life in today’s food processing industry.
The expectation within the industry is that processors can provide their customers with proof that they have met the requirements of a third-party food safety audit. Of course, there are other audits that processors have to deal with including kosher, halal, organic and inspections by suppliers.
The latter are part of the quality management system for many processors. These operations want more than a Global Food Safety Initiative (GFSI) audit. They may not trust those audits or they might believe that their suppliers are deemed high risk, and, therefore, deserve special attention.
The Food and Drug Administration (FDA) has the right to conduct an investigation of a facility at any time it is operating. Each and every processor should realize that the FDA is changing to system audits as opposed to the traditional checklist investigation. Investigators are now conducting audits that examine the processor’s food safety management system (FSMS) and asking/challenging the operator to not only explain what they are doing to ensure the production of safe foods, but defend their programs.
However, the focus of this piece are audits conducted under the GFSI aegis or other certification schemes, including those conducted by the United States Department of Commerce (USDC) for seafood processors. These audit schemes are voluntary. The food processor has the option of selecting one of the GFSI audit schemes (SQF, BRC, IFS or FSSC 22000), whereas the seafood processor may select to be audited and certified under the USDC Seafood Inspection Program (SIP). The processor should look closely and each of the four GFSI audit schemes noted above. Among the factors that should be factored into the selection process are:
- Will the audit scheme can help the company in their quest for continuous improvement?
- Will the audit scheme focus on evaluating efficacy of the company programs or will it be a checklist audit?
- Can your company meet the elements of the audit scheme?
- Are the audit elements clear, understandable and readily available to both the auditor and auditee?
- Does the audit scheme contain prescriptive elements that will force the company to change what they do to certain elements?
Next step is to select a certifying body. There are many different organizations that offer these services. Prior to beginning the search, the HACCP team or food safety team should sit down with management and determine what they want in a certifying body. The four elements mentioned above should be considered as part of the process. It is a good idea to select an organization that has been approved by the FDA.
One factor that should be considered is how the company’s people work in the plant and overall experience. Does the company have experience with your products? Remember the Peanut Corporation and its salmonella problems? The person who conducted one of the audits of the plant did not quite understand the issues with peanut butter and salmonella despite previous outbreaks in Australia with Kraft product and in the United States with Con Agra’s Peter Pan peanut butter.
This is and remains a problem with auditing some of the International Organizations for Standardization (ISO) audits. Some ISO auditors feel that they can audit anything whether they have experience in an industry or not. The following is what the Peanut Corporation auditor said after the problems surfaced:
“I never thought that this bacteria would survive in the peanut butter type environment. What the heck is going on??”
Well, salmonella might not grow in peanut butter, but it surely will survive. It is also a good idea to look for a company whose auditors have the ability to understand and evaluate whether programs are effective. Next, look for a company that has a reputation for being fair and understands that the role of the certifying body is just that; evaluate a company’s operation and ensure that what their doing is properly documented and effective.
Audit firms should not act as consultants. It is perfectly acceptable to generally discuss programs and how they might be improved, but it is not appropriate for the firm to tell a company that they should be doing something else.
This is also why it is a good idea to look for an audit scheme that is not prescriptive. So, what does this mean? Let’s look at some examples.
It is expected that a processor should have a pest control program. There are many elements that make up such a program one of which is the placement of live traps or glue boards within a plant. If the pest control program is effective based on the results of monitoring, should the company be written up for having these live traps located every 75 instead of every 50 feet? Look to the results of monitoring and corrective actions. If the results indicate that the company has had no rodent issues, the program must be working.
There is another trap that all too many auditors fall into and that is how they look at the many guidance documents that the USFDA has developed. There are guidance documents for seafood, “Fish and Fishery Products: Hazards and Controls, 4th Edition,” ( https://www.fda.gov/food/seafood-guidance-documents-regulatory-information/fish-and-fishery-products-hazards-and-controls ) and for juice, “Guidance for Industry: Juice Hazard Analysis Critical Control Point Hazards and Controls Guidance, First Edition.” ( https://www.fda.gov/regulatory-information/search-fda-guidance-documents/guidance-industry-juice-hazard-analysis-critical-control-point-hazards-and-controls-guidance-first)
These are just what is stated in the titles; guidance documents. They offer food processors guidance for best practices and the USFDA’s thoughts on different potential hazards and how they may be controlled. They are not mandates and no auditor should ever write up a company for not strictly following what is described in the guidance document.
The last point that a company should look for is whether the audit firm has an appeals process. The auditor is not always right in how they interpret things. If a company disagrees with an auditor’s findings or observations, there is nothing wrong with challenging him or her. And, if a company believes that an audit finding is wrong, they should be able to not only appeal but have that appeal properly addressed. Let’s look at another example of an auditor being unclear on the concept. A processor of syrups which are high in sugar (60o brix) and have a pH of approximately 4.0 was written up for not having an environmental monitoring program. The company not only provided product specifications but shared challenge study data with the auditor which clearly showed that these products were not only bacteriostatic (inhibitory to pathogens) but bacteriocidal (lethal to pathogens.) The processor even shared the citation in the Preventive Controls for Human Food Regulation found in 21 CFR Part 117.130:
“The hazard evaluation required by paragraph (c)(1)(i) of this section must include an evaluation of environmental pathogens whenever a ready-to-eat food is exposed to the environment prior to packaging and the packaged food does not receive a treatment or otherwise include a control measure (such as a formulation lethal to the pathogen) that would significantly minimize the pathogen.”
The company appealed to the home office and got their points back. What was somewhat ironic about this is when the audit firm came back a year later, the auditor wanted to write them up for the same thing. This time the company said, “You are wrong. Contact your company.” The auditor did and the answer was the same as the previous year.
So, the objective of third-party audits should be continuous improvement of a company’s food safety management system. This should be one of the major considerations when selecting an audit scheme and a certifying body. No one really likes the way an audit has the potential to disrupt operations, but when the audit treated as a means of improving operations, it is infinitely more palatable. And, do not be afraid of challenging an auditor. They are not always right.