The BRC have clarified and simplified the approval of suppliers in Issue 6, which is great. They have also clarified that the process is split into two distinct parts: Approval & Monitoring.

As part of the BRC Packaging Supplier Approval process, monitoring tends to get forgotten, so it makes sense that they’ve split them out to help explain the differences. Let’s go through the approval processes and then we’ll look at monitoring.

BRC Packaging Supplier Approval

So, how we approve a supplier is the same, for raw materials, packaging and also traded products. The approval of co-manufacturers is the same too – with one key difference, that an SAQ is not acceptable, as these suppliers are not deemed to be ‘low risk.’

Risk assessment

The first thing you need to do is to create a supplier risk assessment.  The aim of your supplier risk assessment is to determine if each supplier is – ‘low risk’ or, ‘not low risk.’ Now, if your risk assessment produces supplier risks as low, medium and high – that’s fine too. All the low ones would be ‘low risk.’ And, all the medium and high risk ones would be ‘not low risk.’

Unfortunately, in the Packaging Standard, it’s not clear that you need to produce a result of ‘low risk’ or ‘not low risk.’  But it does mention this in the interpretation guideline under the explanation of when you can use an SAQ (which we’ll come on to) under clause 3.7.2. So, as the Packaging Standard is being aligned with the Food Standard, and it’s clear in the Food Standard, I think we need to go with the principle of ‘low risk’ and ‘not low risk.’

Personally, we don’t like these terms, but it’s what BRC have decided, so that’s just the way it is.

‘Low risk’ or ‘not low risk’

Once you have determined your suppliers as ‘low risk’ or ‘not low risk,’ that defines how you can approve them. You have three options to choose from; a supplier questionnaire (SAQ), a GFSI certificate, or an audit.

  • SAQ: You can only use this for ‘low risk’ suppliers. You cannot use this for ‘not low risk’ suppliers.
  • GFSI certificate & Audit: You can use for both ‘low risk’ and ‘not low risk’ suppliers.


An SAQ is an acceptable way of approving suppliers if you can comply with the 3 following points:

  1. The supplier must be ‘low risk.’
  2. The SAQ must assess the supplier against product safety, hazard analysis review, GMP and traceability.
  3. The SAQ is only used for initial approval and to use this form of approval for the second time, you must comply with the monitoring element (to be explained below).

 GFSI Certificate

This is the easiest option to go for, if you can. All you need to do, is to check that the certificate is valid (it’s not fake) and that the scope of the certificate covers the products you’re buying from the supplier. If you can prove both those, you’re good to go.


If you can’t use a GFSI certificate, the best option you have is an audit. Now, this doesn’t mean you need to go and audit the supplier. You can use any third party audit, including non GFSI audits, such as Red Tractor, SALSA, ISO 22,000 etc. But if you use a third party audit, as your audit of the supplier, you need to prove a few things:

  1. That the audit has checked that the supplier has GMP, food safety, HACCP review and traceability in place.
  2. That any non-conformances to the audit have been closed out.
  3. That the scope of the audit covers the products you are buying from them.

How do I do this?

You need the supplier audit report and the evidence of close out of the non-conformances. Basically, you need to handle the third party audit of your supplier, as if you’d done the audit and make sure it’s closed out.

 No third party audit or GFSI Certificate?

If they’re ‘not low risk’ – then the only option left open to you, is to audit them. This means, you have to go and actually do the audit. If you have to go for this option, make sure that the auditor who does the audit is competent, so they’ll need to be able to prove that they are. The only real way of doing this is through a qualification.  As a minimum they should have an internal auditing certificate, but ideally a lead assessor qualification.

If you need help with your supplier audits, we can help with this – we do supplier audits for quite a few of our clients. Just email Mel on for more information. So, once you’ve approved your supplier, we then move into the monitoring phase…

BRC Packaging Supplier Monitoring

This means that you monitor your supplier performance, use this information to re-assess them and then re-confirm the approval. Therefore, your supplier risk assessment needs to continue to assess their performance.

For example:

  • Have any complaints been received, that were due to your suppliers?
  • Have you had delivery issues with them?
  • Have they created non-conformances?

You need to gather this information throughout the year and then review it each year. The information would need putting into the risk assessment, and where this changes the risk, the correct approval process would need applying.

For example:
If you have a ‘low risk’ supplier, who is approved by an SAQ and because of their performance, the risk changes to ‘not low risk,’ when the risk assessment is updated, then you wouldn’t be able to use an SAQ to approve them anymore. You would need to use a GFSI certificate, or an audit.

This is why the BRC say you can only use an SAQ for ‘initial’ approval. Because, the monitoring needs to prove on an ongoing basis, if they really are ‘low risk,’ or ‘not low risk.’

If the risk assessment defines that the supplier continues to be ‘low risk’ following monitoring, then it’s fine to continue using an SAQ to approve them.

We hope that helps and you can use this to help you update your supplier systems, ready for your Issue 6 audit. If you’d like some help, we have a pack that you can use, which will save you loads of time.  Just download, amend and implement!

This section of the BRC Packaging Standard also includes authenticity, claims and chains of custody – which we’ve written a lot of articles about for food, that you can read here: Food Fraud Vulnerability We’ll be writing more on this subject specifically about packaging for you too soon. If you have any questions on this topic, please put them in the reply box below and I’ll answer them for you.

Have your say…

Share your thoughts…

Your email address will not be published. Required fields are marked *

We've tagged this article as: