Episode 6: Internal Auditing in Quality and Safety Certification Programs
Episode 6: Internal Auditing in Quality and Safety Certification Programs
In the sixth episode of Kellerman Consulting’s internal audit video series, we focus on the Quality Management System and GFSI requirements for internal auditing.
ISO 9001 is a quality management system audit applicable for any organization and can be applied to most products and services across industries. GFSI is the Global Food Safety Initiative, an international organization that publishes requirements for food safety programs to adopt when those safety programs want to be benchmarked to GFSI. ISO 9001 quality management requirements and GFSI programs operate on many similar programs, and all programs have a requirement to internal audit the program as part of yearly activities.
Internal auditing is a mandatory or fundamental requirement for each of the programs we are going to review, and where an organization undergoes auditing for a quality management system of GFSI food safety and quality scheme, an internal audit must have been scheduled, conducted by trained and knowledgeable persons, and must include corrective actions for all non-conforming findings each time the audit is performed.
Additionally, if an auditor finds flaws in the program during the inspection and certification audit, it may call into question the internal audit effectiveness, since a well done internal audit should be able to find the problems prior to the certification audit, so auditing carefully and effectively is a must.
For ISO 9001, Internal audit requirements are found in clause 9.2 and are basic in nature.
Internal auditing must be planned and performed at least once per year, and must be recorded. At least one auditor must have undergone audit training, and that person would be responsible for training other participants if more than one is involved. Top management must confirm that the audits occurred and must confirm that corrective actions for all findings are performed in a reasonable amount of time and are effective.
Lastly, communication of the internal audit, and review of external providers, post operational actions and feedback should be included in any ISO 9001 internal audit
For SQF Edition 9, requirements for internal auditing are found in the System Elements portion of the SQF Safety Code manual in section 2.5.4. This is a mandatory section.
The SQF Practitioner and the backup are expected to have undergone food safety training through a HACCP training course, as well as PCQI food safety trained in FSMA complaint facilities to qualify them to oversee the internal audit process. The practitioner may perform the audit or may delegate the audit to others within the organization. In all cases, the practitioner is responsible to approve of the audit, and for all corrective actions resulting from the audit.
Along with the audit, the facility is required to perform regular GMP inspections for the module or modules applicable to the program. We recommend that regular be treated as monthly or more frequent, but that is up to the facility. In all cases, the food safety trained person or persons must oversee the document controlled non-conformance reports, or at a minimum review those non-conformance records and sign or date them.
For an SQF complaint internal audit program, our videos do not directly address the SQF clauses, but if you take the comprehensive approach to internal audits and GMP walkthrough, your internal audit efforts will meet or exceed SQF standards.
Please do not rely solely on our recommended program, and make sure your program references and meets all SQF clauses in preparation for your audit.
For BRCGS programs, Issue 9 is due to be released after the publishing of this video, so please consult Issue 9 for up to date requirements. The current requirements at this time, found in Issue 8, are located in section 3.4 and this clause is starred as a fundamental, which means you must have a fully developed program in place. Failure to have a fully developed internal audit and GMP inspection program may result in automatic failure of the BRCGS audit.
Training requirements for a BRCGS Safety Lead are HACCP training, PCQI training for FDA regulated facilities, and the ability to demonstrate full control of the internal audit and GMP inspection program.
It is best practice for all participants in a BRCGS internal audit to have undergone internal audit training to either the BRCGS standard, or the ISO 19011 internal audit standard.
The leader of a BRCGS program may delegate the audit responsibilities of performing the audits to others, but final assessment of audits are going to fall on them and must include a demonstration of expertise and knowledge both how the audits are performed and oversight of all corrective actions.
Unlike SQF, BRCGS does prescribe the number of internal audits, which is that the entire BRCGS system must be fully audited annually through at least 4 audits. Additionally, GMP walkthrough inspections must be performed at least every month.
Lastly, BRCGS requires that the number of internal audits and walkthroughs for each areas of the facility is risk based, which means a risk assessment justifying the frequency of both the internal audits and walkthrough inspections is required.
As with SQF, our videos do not directly address the BRCGS clauses for Internal Audits and GMP walkthroughs, but if you take the comprehensive approach to internal audits and walkthroughs in sections, they will meet or exceed BRCGS standards.
Please do not rely solely on our recommended program, and make sure your program references and meets all BRCGS clauses in preparation for your audit.
For FSSC 22000 programs, the internal audit requirement of the FSSC 22000 program is found in section 9.2 of the ISO 22000 Food Safety Management System manual. Since ISO 22000 and ISO 9001 share language, requirements mirror those we discussed in ISO 9001.
At least one auditor must have undergone audit training, and that person would be responsible for training other participants if more than one is involved.
Top management must confirm that the audits occurred and must confirm that corrective actions for all findings are performed in a reasonable amount of time and are effective.
Lastly, communication of the internal audit should be included in any ISO 22000 internal audit.
As with SQF and BRCGS, Kellerman Consulting videos do not directly address the ISO 22000 clause for internal audits, but if these practices are adopted, they will meet or exceed FSSC 22000 standards.
Please do not rely solely on our recommended program, and make sure your traceability and recall programs reference and meets all ISO standards in preparation for your audit.
For PrimusGFS, section 1.04.01 through 1.04.05 of Module 1 requires the internal audit and this includes review of calibration for farm operations. PrimusGFS is on par with ISO requirements, and should follow the same basic approach as we described for ISO 9001 and ISO 22000 as applicable to a farm operation.
Please do not rely solely on our recommended program, and make sure your internal audits programs reference and meets all PrimusGFS standards in preparation for your audit.
Thank you for watching. For free downloads to accompany this video series, visit the free training videos & resources page of our website.
Subscribe to our YouTube channel or follow us on LinkedIn to be notified of new educational food safety resources.