BRCGS Blended Audit & Remote Audit
BRCGS Blended Audit: Remote, but not quite
While BRCGS recognizes that parts of the audit can be done off-site, it still requires the auditor to execute at least a part of the audit on-site. A so-called blended audit will consist of a remote document review, followed by an audit on-site. This approach is optionally available for the Food Safety Standard, Packaging, Storage & Distribution, Consumer Products and Agents & Brokers.
The use of the blended audit is limited to announced recertification audits. For initial certification and unannounced audits, choosing a blended audit is not possible.
The blended approach is optional: if certified sites prefer to have the full audit on-site, this will still be possible!
The Risk Assessment
The Blended Audit is only possible after a positive risk assessment, performed by the certification body. Based on a questionnaire, the certification body must evaluate whether a Blended Audit is appropriate to achieve the desired results. It takes into account the historical performance of a site, including any risks identified from complaints and recalls, as well as the availability of records and documentation in electronic form.
How is the remote part of the Blended Audit done?
The remote audit is done by use of ICT. BRCGS does not prescribe what type of tools should be used. In order to protect data security, DQS auditors typically work with the tools suggested by the certified site.
What is being audited?
The BRCGS Standards use color coding to indicate which clauses can be audited remotely, and which ones must be covered on-site. The remote part of the audit typically focuses on documentation, record-keeping and systems. The on-site audit covers GMP, the implementation of food safety management systems and the traceability challenge.
Whether a site is audited remotely or not does not affect the total audit duration. If a site has a remote audit plus an on-site audit, the sum of the remote audit duration and the on-site audit duration will be the same as for a regular on-site audit. The amount of time spent remotely is dependent on the risk assessment, but can never exceed 50 % of the total audit duration.
Confidentiality, Security and Data Protection
Needless to say, protecting confidential information during and after a remote audit is essential. Certification bodies and their auditors must comply with local data privacy laws. As part of the audit preparation, all certification, legal and customer requirements related to confidentiality, security and data protection shall be identified and actions taken to ensure their effective implementation. This implies that both the auditor and the auditee agree with the use of ICT and with the measures taken to fulfil these requirements.
Timeline for BRCGS Blended Audits
The BRCGS procedure for Blended Audits is available for download here.
BRCGS Remote Audits
BRCGS Remote Certification during the COVID-19 Pandemic
If your BRCGS certificate is about to expire or has already expired in the course of 2020, but travel or access restrictions still do not allow a regular audit, then we have important news for you: Since September 7, it is possible to perform BRCGS audits completely remotely. The document BRCGS086 - Remote Certification During Pandemic and Serious Event Restriction describes this procedure. You can access it here.
The new regulation applies to BRCGS Food Safety Standard (including START! Audits), Packaging, Storage & Distribution, Consumer Products and the Gluten Free Certification Program. The remote audit option will remain available to sites until at least April 2021. The option is available to all currently BRCGS certified locations and locations whose certificate expired in 2020. Even locations that are not currently BRCGS certified can be approved for a remote audit after an individual check. Please note that the remote audit option is not recognized by GFSI.
Four steps to the BRCGS remote audit
The BRCGS remote certification is carried out in four steps:
- During the feasibility assessment, the site provides information that is necessary to plan the audit. In addition to the requirements in the standard protocol, this includes questions about the historical performance of the location, recalls in the preceding 12 months and any changes to processes or services outsourced following the COVID-19 pandemic.
- As soon as this information is available, the remote audit can be scheduled. To do this, the information and communication technology must be defined and tested - ideally at a test meeting. If problems arise, the audit cannot be performed remotely. In the event that the technology fails during the audit, the remote audit can be rescheduled within 28 days of the first day of the remote audit. All audits are announced and ideally take place within the normal due period. However, there is no penalty for a late audit within this assessment.
- In the third step, the audit is carried out. The audit must have a live visual broadcast that is portable and can be used across the site.
- Non-conformities identified by the auditor during the remote audits will be handled as per the usual protocol. Evidence of corrective measures, root cause analysis and preventive action plans must be submitted to the certification body within 28 days. The certificate shall have an expiry of 6 or 12 months from the audit date based on the normal protocol specified within the Standard, unless the site requests an earlier expiry date to re-align the audit due date with the preferred time of year.
What DQS can do for you
As the founder of DQS Remote, DQS is a pioneer when it comes to remote audits. We have qualified auditors around the world who are happy to support your projects. Contact us today - we'd be happy to discuss your plans! More information and tips can be found in our monthly newsletter - you can register here.