Part II Appendices3.5.2.1The company shall have a procedure for the acceptance of raw materials and primary
3.5.4 Management of outsourced processing
Outsourced processing (also referred to as ‘subcontracted processing’) is defined as where intermediate production, processing, storage or any intermediate step in the manufacture of a product is completed at another company or another site.
Note that outsourced processing refers to an intermediate step – therefore during outsourced processing the product or partly processed product leaves the site being audited for the completion of the outsourced processing, before returning to the site. The audited site may or may not complete additional packing or processing steps on the product.
Where there is additional storage or processing of raw materials prior to their initial arrival on site, this is not considered outsourced processing, but should be managed by the site using supplier approval, raw material risk assessments and raw material specifications.
Where a product leaves the site and does not return to it, this is not outsourced processing, and the activities completed off site are outside the scope of the audit.
Where any intermediate process step (including production, processing or storage) in the manufacture of a product is outsourced to a third party or undertaken at another site, and subsequently returned to the site, this shall be managed to ensure it does not compromise the product safety, authenticity, legality or quality.
Part II Appendic es
This section applies to products that are included within the scope of a site’s certification but which have a process step that is outsourced to another company or site. This includes products or intermediates that are partially processed at another location (even a site within the same organisation or group) before being returned to the site. This typically happens when there is a need for specialist equipment (e.g. agglomeration of powders or freeze drying); alternatively the product may be sent to a region with a lower-cost economy for a very labour-intensive part of the process.
The scope of the report and any certificate will only reflect the activities undertaken at the site where the audit was undertaken. Therefore, packing of products by third parties (e.g. contract packing) and products that are entirely manufactured at a separate site (i.e. where co-manufacturing occurs), rather than just part of the manufacturing process being outsourced, are not covered by these requirements, since in both of these situations, the individual sites may be separately certificated and traceability coding should be able to identify at which site the product was manufactured.
For example, consider a simple manufacturing process, as shown in Figure 12.
Raw nuts
from farms Cleaned Packed Pasteurised/
HPP Sold to
customers
Figure 12 Example of a simple manufacturing process
A number of different production models exist for this product, as shown in Figure 13, and these affect the scope and applicability of the Standard.
Pasteurised off site Pasteurised
off site All steps completed
on site
Pasteurised off site
Entire process is off site
• Product doesn’t return to site
• Returned to site for further packing/processing
• Returned to site
• No further packing/processing
Normal scope of Standard (section 3.5.4 does not apply)
Scope of audit is cleaning and packing (section 3.5.4 does not apply but section 3.5.3 should apply)
Outsourced processing – section 3.5.4 applies
Outsourced processing – section 3.5.4 applies
Process is outside scope (co-manufacturer may have its own audit/certification). Traded products apply if finished products sent to site being audited.
Figure 13 Different types of production models (which may affect the scope and applicability of the Standard)
3.5.4.1 The company shall be able to demonstrate that, where part of the production process (i.e.
any intermediate process step) is outsourced or undertaken off site, and subsequently returned to the site, this has been declared to the customer and, where required, approval granted.
Interpretation Brand owner approval
Customers (e.g. brand owners) must be notified of any intention to outsource part of the production process. (Some customers require the opportunity to formally approve or reject this type of outsourcing.) For example, if this is clearly detailed on the approved product specification, then it would demonstrate that the customer has agreed the process.
This requirement is not limited to retail-branded products or to certain markets but applies to any product manufactured on behalf of a customer.
3.5.4.2 The company shall ensure that outsourced processors are approved and monitored, to ensure that they effectively manage risks to product safety and quality and are operating effective traceability processes.
The approval and monitoring procedure shall be based on risk and include either one or a combination of:
• a valid certification to the applicable BRCGS Standard or GFSI-benchmarked standard. The scope of the certification shall include the activities completed for the site
or• supplier audits, with a scope to include product safety, traceability, HACCP review, product security and food defence plan, product authenticity plan and good manufacturing
practices. The audit shall ensure that these plans form part of the supplier’s product safety management system and that any resultant actions are implemented. The supplier audit shall be undertaken by an experienced and demonstrably competent product safety auditor. Where this supplier audit is completed by a second or third party, the company shall be able to:
• demonstrate the competency of the auditor
• confirm that the scope of the audit includes product safety, traceability, HACCP review, product security and food defence plan, product authenticity plan and good manufacturing practices
• obtain and review a copy of the full audit report.
There shall be a documented process for ongoing supplier performance review, based on risk and defined performance criteria. The process shall be fully implemented. Records of the review shall be kept.
Interpretation Outsourced processor approval
The company must document its procedure for approval and monitoring of outsourced processors. This needs to include the methods of approval, frequency of monitoring, responsibilities and how the process will be managed.
The acceptable methods of approval will depend on the nature of the activity performed and its associated risks, and will include one or more of the following:
• Certification to the relevant BRCGS Standard or another of the GFSI-benchmarked schemes. The site must confirm the validity of the certification. This will include:
Part II Appendic es
Interpretation
continued • Confirmation of the certification status (this can be confirmed, for example, on an independent database; for BRCGS it can be confirmed in the BRCGS Directory).
Photocopies of certificates are not recommended and on their own are not considered suitable validation of certification status. During the BRCGS audit the site may be asked to demonstrate its validation process.
• Confirmation that the certification remains up to date (e.g. by receiving confirmation of successful completion of the recertification processes or by recording certificate expiry dates and completing checks for ongoing certification).
• Ensuring that the activities are within the scope of the certification.
• A successful site audit covers at a minimum product safety, traceability, HACCP review, product security and food defence plan, product authenticity plan and good manufacturing processes. This audit must be completed by an appropriately experienced and competent auditor (i.e. someone who has completed training in auditing techniques, has experience of auditing, and has knowledge of the product, ingredient or processes being audited). Non-conformities should be addressed (e.g. in an agreed action plan with timescales) unless they are critical to product safety or legality, in which case supply should not be permitted until the non-conformities have been satisfactorily addressed.
If the outside processor is independently audited to another standard that is not GFSI- benchmarked, this may be acceptable as an alternative to the site completing its own audit of the processor providing that:
• The scope of the audit meets the requirements of the Standard (i.e. at a minimum product safety, traceability, HACCP review, product security and food defence plan, product authenticity plan and good manufacturing practices).
• The site has a copy of the full audit report (not just a certificate).
• The processor can demonstrate the competence of the auditor.
The auditor will expect to see, and will challenge, risk assessments.
The site must be able to demonstrate to the auditor that the monitoring and ongoing review it uses is appropriate, justified and risk-based.
3.5.4.3 Where any processes are outsourced, including production, manufacture, processing or storage, the risks to the product safety, authenticity and legality shall form part of the site’s food safety plan (HACCP plan).
Interpretation The HACCP (or food safety plan) is the foundation of product safety processes and it is therefore vital that any outsourced processing is incorporated into the HACCP plan to ensure that any risks to product safety, authenticity and legality are identified and appropriate controls applied.
3.5.4.4 Requirements for outsourced processing shall be agreed and documented in a service specification (similar to a finished product specification). This shall include any specific handling requirements for the products.
Interpretation The company must ensure that product safety, authenticity, legality and quality are maintained during outsourced processing and the return of products to the site.
Therefore a service specification shall be in place for all outsourced processes, which details the activities to be completed and any specific handling requirements needed to maintain the safety, authenticity, legality or quality of the product.
3.5.4.5 Any outsourced processing operations shall:
• be undertaken in accordance with established contracts which clearly define any processing requirements
• maintain product traceability.
Interpretation Contracts and traceability
Contracts must be in place for the approved processors detailed in clause 3.5.4.2 to ensure:
• the correct level of service is provided
• the processing requirements are clearly defined in terms of the work to be undertaken, the product, ingredient specification, and any relevant safety, quality, legality or authenticity requirements.
There must be documented mechanisms to ensure traceability is maintained throughout the process.
Records relating to the traceability of individual batches of processed ingredient or product must be available.
3.5.4.6 The company shall establish inspection and test procedures for products where part of the processing has been outsourced, including visual, chemical and/or microbiological testing.
The frequency and methods of inspection or testing shall depend on risk assessment.
Interpretation Acceptance and test procedures
A documented acceptance procedure must identify the checks to be made when outsourced processing is complete. When products that have been processed are returned to the site, this procedure could form part of the goods receipt system.
Acceptance procedures may, for example, include:
• visual inspection
• chemical, microbiological or allergen testing
• hold/release requirements for the specific material (e.g. to allow additional testing or quality assurance checks).
The requirements (both acceptance methods and the frequency of any checks or tests) must be based on risk assessment of the nature of the ingredient or product, the process and the outside processor undertaking the processing; for example, the processor may handle allergens that could potentially contaminate the processed product.
The acceptance procedure must document any non-conformities, the person(s) authorised to accept conforming materials and reject non-conforming batches, and the action to be taken in the event of a non-conformity.
Part II Appendic es
Specifications shall exist for raw materials (including primary packaging), finished products and any product or service which could affect the integrity of the finished product.
Interpretation
The company must be assured of the quality of the products purchased. This includes any raw material or service that can affect food safety – for example, water and cleaning chemicals used, as well as services such as pest control, cleaning services or distribution.
Specifications for in-house intermediate products (work in progress) must be developed where they need to be checked and where they have an impact on product safety, authenticity, legality and quality.
A finished product specification must exist for all products covered under the certification scope, which ensures that required legislation and customer expectations are achieved.
Specifications must also be available for any product or service that can affect the integrity of the finished product.
These should be sufficiently detailed to allow the company to understand and agree the product or service parameters; for example, specifications for cleaning chemicals should contain details on the components, usage instructions and material safety data.
Current specifications must be available for relevant personnel in order to ensure the specifications are being appropriately fulfilled. This may be the complete specification or parts thereof, or relevant details may be developed as production reference sheets, such as simple photographic specifications.
Clause Requirements
3.6.1 Specifications for raw materials and primary packaging shall be adequate and accurate and ensure compliance with relevant safety and legislative requirements. The specifications shall include defined limits for relevant attributes of the material which may affect the quality or safety of the final products (e.g. chemical, microbiological, physical or allergen standards).
Interpretation Raw material and packaging specifications
Specifications for all raw materials, including primary packaging materials, must be provided and adequately detailed. They must include the defined limits for all parameters critical to the safety, legality and quality of the product. They must also include details of packaging.
The specifications may be in the format provided by the supplier or in the company’s own format, as long as the information controlling the product’s quality and safety are clearly defined.
3.6.2 Accurate, up-to-date specifications shall be available for all finished products. These may be in the form of a printed or electronic document, or part of an online specification system.
They shall include key data to meet customer and legal requirements and assist the user in the safe usage of the product.
Interpretation Finished product specifications
Specifications must be in place detailing all finished products. These specifications must be up to date (i.e. they must accurately represent the current version of the product) and should be reviewed whenever changes occur to the product, process or formulation. Good practice is therefore to ensure that the company has a system of change control where changes in products are identified before manufacture commences, that relevant amendments are made to the specification in a timely manner and that only the correct version of the specification is available to staff (see clause 3.6.4 for further details).
The format of the specifications should be agreed with the customer to ensure that all relevant customer requirements are incorporated. This may, for example, be printed documents, electronic files or an online database. In the case of the company’s branded products, it is acceptable to have an internal specification setting parameters for the manufacture of a product and a technical data sheet for customer use containing the key information for the safe use of the product, including but not limited to:
• ingredients, including the presence of allergens
• nutritional information
• preparation or cooking instructions
• storage instructions
• shelf-life/code information
• quantity.
Specifications must be accurate and the control of amendments and approval of
specifications should therefore be laid down in a documented procedure. This procedure should also detail who can approve the amendments.
3.6.3 Where the company is manufacturing customer-branded products, it shall seek formal agreement of the finished product specifications. Where specifications are not formally agreed, the company shall be able to demonstrate that it has taken steps to ensure formal agreement is in place.
Interpretation Formal agreement of specifications
Customer-branded, finished product specifications must be formally agreed with the relevant customer and must, wherever possible, be signed by both parties. However, where the customer’s signature or approval is not formally available, proof that specifications have been issued (such as an email request for formal acknowledgement or specifications on customer IT specification systems) is required. In this situation the site must be able to demonstrate it is following a formal process agreed with the customer.
3.6.4 Specification review shall be sufficiently frequent to ensure that data is current or at a minimum every 3 years, taking into account product changes, suppliers, regulations and other risks.
Reviews and changes shall be documented.
Part II Appendic es
Interpretation Review of specifications
Specifications must be reviewed whenever changes occur to the product, process or formulation. Where no known changes have occurred, the specifications must be reviewed at least every 3 years, or more frequently if required by a specific customer, to ensure they remain completely up to date and accurate. Evidence that a review has been completed needs to be available and this should be achieved through the addition of a signature and date to the specification or through the use of a matrix showing specifications and the latest review date and reviewer.
The control of the amendment and approval of specifications should be laid down in a documented procedure. The procedure should also detail who can approve the amendments.
Some sites, companies or customers use cloud-based services which are able to notify the user when there has been a change to the data. In these cases, the site should have a mechanism to review the specification or change to understand whether there is any impact to product safety, the HACCP or food safety plan, or the production processes. This requirement is also reflected in clause 2.12.3, which explains how the HACCP or food safety plan needs to be reviewed whenever raw materials change.