If you have not done so already, please download the example risk assessment format from Kellerman Consulting to help guide you through performing and documenting your risk assessment.
In all of the required risk assessments for SQF, they must be documented and reviewed by the SQF practitioner or the backup SQF practitioner, and must be reviewed as part of the SQF program during the internal audit, the review of the safety program and by senior management at least every year.
The SQF Code makes a statement in section 2.4.2 that any of the GMPs found in the SQF module may be exempted through risk assessment. Now, in theory, you could not even have a GMP program any only have a series of 20 or so risk assessments exempting operations, but that is not a realistic approach, and we recommend implementing a documented GMP program as part of an SQF system.
The BRCGS Issue 8 has many risk assessment requirements for operation, and this is one of the major differences between BRC and the other GFSI programs such as SQF. Where SQF has eight required risk assessments, and a statement that more can be used to exempt operations, BRCGS takes a more prescriptive approach and does not generally use risk assessments to exempt programs. Instead, there are at least 15 required risk assessments, and they address all of the major areas of the BRCGS standard.
In an FSSC 22000 program, the ISO 22000 manual and ISO 22002 pre-requisite program are far less prescriptive than SQF and BRC, which means that Risk Assessments are not required by the code on the one hand, but are very useful in showing the auditor how the facility decided to take the approach towards meeting the requirements, and so a facility can have dozens if they like. We also strongly recommend that a risk assessment be performed for external communication and internal communication in the facility, and when this performed, we are assessing the risk that required information is correctly communicated to suppliers, regulators, customers and stakeholders, and then a separate risk assessment is performed for internal training, work instructions and other employee interactions.
For agricultural programs undergoing PrimusGFS audit, there are 5 main areas where risk assessments should be documented. Required risk assessments are found for Supplier Approval in 1.06 of Module 1, for food defense in 1.08 of module 1 and again in the inner modules. Additionally, fecal matter in water found in the inner modules, where livestock is present next to the farm, water usage on the farm, pesticide usage cleaning and reentry intervals on the farm. Also, for the indoor warehouse module, a risk assessment of protective clothing should be performed.
Please do not rely solely on our recommendations in this video, and make sure your program references and complies with the standards from the most current versions of the GFSI code your facility follows in preparation for your audit.
To learn more, visit the free food safety training videos & resources section of our website.