Update on GFSI COVID-19 Policy and Certification Extensions
By Rich Simmons
Food establishments around the globe are feeling the effects of the COVID-19 pandemic. It has affected how they work operationally and socially. It has created concern about employee community spread, workforce decimation and employee health. In the world of GFSI certification and the need to always keep food safe, similar strains have been placed on the auditing business. COVID-19 has affected the priority of allowing visitors entry, including auditors. Similarly, government-mandated travel restrictions, decreased flight availability and the personal risk to auditors has impeded GFSI audit schedules everywhere.
Message from GFSI
Since the start of this crisis, the GFSI community has worked to establish an industry-wide position that best serves the food and beverage industry and consumers, including providing answers to stakeholder questions on it contact page and publishing a position paper with the following points:
1. Certificate extension and audit planning. GFSI mandated a certificate extension of six months providing that:
The Certification Programme Owner (CPO) has confirmed that a certification extension is an acceptable option for their program’s users. (SQF, BRCGS, and FSSC are allowing extensions based on the criteria listed below. IFS is not allowing for extensions, but it will be noted that the certificate expiration was due to COVID-19.)
A risk assessment has confirmed that extending the certificate is advisable. This risk assessment must be carried out by Certification Body (CB) under guidelines from the Certification Programme Owner and the IAF ID3. Based on background information and the current context, the goal is to confirm that the certified organisation is equipped to maintain the practices and processes guaranteed by their certificate. The risk assessment may draw on the organization’s historical data that sits with the CB and may entail current information on the impact of the pandemic, which may be requested by the CB.
The risk assessment can occur only one time and is for a maximum of 6 months.
The GFSI position also states that the next audit should occur wherever it is feasible to do so, and Standard Owners and their certified organisations should continuously review the situation to assess the feasibility of scheduling the overdue audit as soon as reasonably possible. GFSI has made the decision not to support emergency implementation of remote methods to replace standard audits for certification. There is a concern that food operations and auditors may not be equipped to ensure that new audit methods could be applied without compromising the quality of the certificate, putting less equipped companies at a disadvantage.
CPO-Specific Requirements for Extension
SQF (released April 6, 2020)
Per IAF Informative Document for Management of Extraordinary Events or Circumstances Affecting ABs, CABs and Certified Organizations, SQFI provided the following policies regarding auditing of certified sites during the pandemic:
A one-time 6-month extension with an associated risk assessment detailing justification for an extension.
The unannounced audit program is waived for audits scheduled to be conducted on or before August 1, 2020.
The risk assessment includes, where applicable, remote activities used to understand how the site is managing food safety in general and during the pandemic while maintaining its food safety and/or quality management system to justify maintaining certification.
Sites are to request extensions from their CB.
CBs are to communicate extension approvals to sites and maintain records of approvals.
BRC GLOBAL STANDARDS (updated May 15, 2020)
The published document, “BRC072: BRCGS Audits impacted by COVID-19” is applicable to food companies under BRC certification who are unable to receive a physical audit because:
The site is in a country or region where government advice/restrictions prevent movement or access to the site.
Company policy prevents visitors to the site to safeguard the health of employees.
It is the CB’s policy to restrict auditor travel to a country or region to safeguard the health of their auditors.
When an audit is impacted for these reasons, the CB may apply to BRCGS for a 6-month certification extension. The application must include a risk assessment for any affected site (based on BRC072) which includes a discussion with the certified site to ascertain what is being done to maintain its operation to supply safe products under the pandemic. If a site is certified with a grade C or D, an extension will not be accepted as the site is considered high risk. The CB will notify BRCGS of any extensions through the BRC Directory.
Other BRCGS policy updates include:
If an auditor cannot travel due to restrictions in the area where they are located, BRCGS expects certification bodies to find another auditor to complete those audits. Audit delays due to higher costs of auditor travel will not be accepted.
The BRCGS program of unannounced audits has also been temporarily suspended.
Starting June 01, 2020, the CB will be charged a service fee charged to cover the extended certification period.
FSSC 22000 (Updated March 26, 2020)
FSSC has published CB Requirements in relation to Novel Coronavirus (COVID-19) – Version 2 on its website. Following the GFSI Position Statement, participating CBs are to undertake the following action for certified organizations affected by COVID-19:
Perform a Risk Assessment of key changes since the last audit (HACCP Plans, product recalls, significant complaint levels), and assess:
Internal audits of which certified organizations are to increase the frequency in support of the FSMS and to ensure food safety.
Any pending compliance activities/legal proceedings.
Whether the organization is operating to the scope of certification.
Any changes to processes or services outsourced during COVID-19.
Emergency preparedness and response including the impact of the pandemic on its supply chain and the potential impact on resources and food safety.
Assess the risks of continued certification and have a documented policy and process defining the methods for evaluating organizations. This is to involve a discussion with the site on:
Key changes since the last audit (e.g., HACCP plans, product recalls and significant complaint levels).
Status of objectives and key process performance, management review and discussion with the organization. The aim of the discussion is to assess the site actions in response to COVID-19 and to ensure that the certified organization has developed/adjusted its procedures and operations to ensure continued compliance to FSSC 22000 and the supply of safe products.
Agree with the site on appropriate times to complete a review of the risk assessment details to confirm that it is appropriate to maintain and extend certification or postpone the surveillance audit.
For surveillance (V5 Upgrade) audits, CBs will risk assess the situation of the certified organization and take appropriate action. This could lead to a certification decision to maintain the V4.1 certificate, suspend the V4.1 certificate, or postpone the surveillance (V5 upgrade) audit by a maximum of 6 months. The documented risk assessment shall be uploaded to the FSSC Portal as a “special audit.”
For re-certification audits, in case the V4.1 certificate will expire, a certificate validity extension of up to six months is allowed following a documented risk assessment. In all cases the CB is responsible for the decision to extend the certificate validity and is required to keep records to support the decision. Where the validity of the V4.1 certificate is extended, the risk assessment shall be uploaded in the FSSC Portal as a “special audit.” The subsequent certification decision and extended certificate expiry date shall be entered in the Portal, at the latest, 28 days after the decision has been made. The full V5 re-certification audit is to take place within the 6-month validity extension window, with sufficient time to ensure that the extended certificate does not expire, and continuous certification is maintained. The new V5 certificate dates must be aligned with the current certification cycle.
FSSC-certified organizations are eligible for extension if:
1. The certified organization’s company policy is temporarily prohibiting visitors due to COVID-19 and not allowing auditors on their premises. In these cases, the CB is to work with the organization to facilitate and plan the audit using the options provided.
2. The CBs corporate policy prohibits auditors from traveling. In these cases, all options as provided need to be explored to facilitate audit planning and continued certification. The cost to deliver the audit cannot be a determining factor and the exception cannot be applied to Stage 2 audits (initial certification), scope extension, and follow-up audits.
For assistance with your GFSI or other assessment programs, give TAG a call today! We can help.
About The Acheson Group (TAG)
Led by former FDA Associate Commissioner for Foods Dr. David Acheson, TAG is a food safety and public health consulting group that provides guidance and expertise worldwide for companies throughout the food supply chain. With the advent of the COVID-19 pandemic, TAG’s public health and infectious disease expertise has been brought to the forefront to assist food businesses weather the increased challenges of employee protection, food safety, and business continuity. With in-depth industry knowledge combined with real-world experience and advanced virtual technologies, TAG’s team of experts helps companies assess their unique situation, address gaps, and deploy best practices to more effectively mitigate risks, improve operational efficiencies, and protect their brand. www.AchesonGroup.com