BRCGS Blended Audit: Remote, but not quite
While BRCGS recognizes that parts of the audit can be done off-site, it still requires the auditor to execute at least a part of the audit on-site. A so-called blended audit will consist of a remote document review, followed by an audit on-site. This approach is optionally available for the Food Safety Standard, Packaging, Storage & Distribution, Consumer Products and Agents & Brokers.
The use of the blended audit is limited to announced recertification audits. For initial certification and unannounced audits, choosing a blended audit is not possible.
The blended approach is optional: if certified sites prefer to have the full audit on-site, this will still be possible!
The Risk Assessment
The Blended Audit is only possible after a positive risk assessment, performed by the certification body. Based on a questionnaire, the certification body must evaluate whether a Blended Audit is appropriate to achieve the desired results. It takes into account the historical performance of a site, including any risks identified from complaints and recalls, as well as the availability of records and documentation in electronic form.
How is the remote part of the Blended Audit done?
The remote audit is done by use of ICT. BRCGS does not prescribe what type of tools should be used. In order to protect data security, DQS auditors typically work with the tools suggested by the certified site.
What is being audited?
The BRCGS Standards use color coding to indicate which clauses can be audited remotely, and which ones must be covered on-site. The remote part of the audit typically focuses on documentation, record-keeping and systems. The on-site audit covers GMP, the implementation of food safety management systems and the traceability challenge.
Whether a site is audited remotely or not does not affect the total audit duration. If a site has a remote audit plus an on-site audit, the sum of the remote audit duration and the on-site audit duration will be the same as for a regular on-site audit. The amount of time spent remotely is dependent on the risk assessment, but can never exceed 50 % of the total audit duration.
Confidentiality, Security and Data Protection
Needless to say, protecting confidential information during and after a remote audit is essential. Certification bodies and their auditors must comply with local data privacy laws. As part of the audit preparation, all certification, legal and customer requirements related to confidentiality, security and data protection shall be identified and actions taken to ensure their effective implementation. This implies that both the auditor and the auditee agree with the use of ICT and with the measures taken to fulfil these requirements.
Timeline for BRCGS Blended Audits
The BRCGS procedure for Blended Audits is available for download here.
How DQS can assist you
As an approved certification body for the BRCGS Standards as well as the founder of DQS Remote, we are at the forefront of remote auditing. With auditors available across the globe, we are ready to support you – remotely or on-site. Contact us today or sign up for our newsletter to stay up to date!