- Changes in Issue 4
- Section 1 – senior management commitment
- Section 2 – hazard and risk analysis
- Section 3 – product safety and quality management system
- Section 4 – site and building standards
- Section 5 – vehicle operating standards
- Section 6 – facility management
- Section 7 – good operating practices
- Section 8 – personnel
- When is a procedure required?
Changes in Issue 4
This article takes you through the changes you need to implement to comply with BRCGS Storage & Distribution Issue 4 – Sections 1 to 8.
Each week we’ll update this article until we’ve covered all 8 sections. This week we’ve up to section 6 facility management. Please note, if you’re reading this in the future – you need to check the position statements page to establish if there are now any additional requirements.
Issue 4 audits start on 1st May, so you haven’t got long to get ready.
Want to do a gap analysis to Issue 4? No problem!
Our BRCGS Storage & Distribution Issue 4 – System audits and GMP inspections are compliant to the new Standard. You can update your internal audit system and also use it to complete a gap analysis – as we’ve highlighted all the new requirements for you. We’ve translated all the clauses for you – into simple to use questions, so you can just focus on making the changes you need to.
Pack 3: Continous Improvement – includes the system you need for internal audits.
Just add on the BRCGS Storage & Distribution Issue 4 – System audits and GMP inspections to get the templates for Issue 4.
If you have any questions about the changes, please add them to the comments box at the bottom of this article and we’ll answer them for you. You don’t need to give your real name and your email address is only visible to Techni-K internally and not shared on the website. So, you can ask your question anonymously if you wish.
As we go through the changes, we’ll try to provide you with as much help as possible. We do have training, or documentation that you can take and use, if you don’t have time to start from scratch yourself.
Important points to note
We have included changes where additional wording has been added for clarity. We have not included changes where the wording has only been reformatted for clarity.
Section 9 and the voluntary modules are not covered, we have focussed specifically on the main 8 sections of the Standard.
The definition of procedure includes the fact that it must be documented. So, it isn’t acceptable to have a procedure which isn’t documented. Where you see the word ‘procedure’ you must ensure you have a documented procedure.
When the standard says something needs to be checked. It means it must be recorded to prove that it’s been checked. As far as an auditor is concerned – if it’s not written down, it doesn’t exist.
In the same way – when the Standard says something must be checked or monitored, it means it must be recorded.
Section 1 – senior management commitment
Additional text: 1.1.8 – Department managers and their deputies must be available during the audit
Not only does the senior manager need to be present at the opening and closing meetings, but all relevant staff need to be present when needed during the audit.
Section 2 – hazard and risk analysis
Additional text: 2.1 – Prerequisite programmes
Prerequisites were required in issue 3, but now there needs to be a much more structured approach, so that each prerequisite is covered by a procedure. A list of the prerequisites and the controls are needed, and it’s a good idea to reference the procedure where this is applied in practice.
Additional text: 2.2 – Product Safety Team training
The Product Safety Team need to have training, so that they can demonstrate to the auditor that they understand product safety principles.
A level 2 equivalent would be acceptable for this. Our new Food Safety & GMP for Storage & Distribution eLearning course provides a basic understanding of hazard analysis and the product safety requirements for storing and distributing product.
Additional text: 2.3 – Product Safety Team Leader training
The Product Safety Team Leader needs to have a more in-depth knowledge of hazard analysis and relevant product safety principles. A formal Level 3 HACCP qualification is most suitable for this.
New clause: 2.4 – Information sources
Information sources are a key step of building a robust Product Safety Plan. You need to gather together the information that’s relevant to your products and processes – so that you can use this information to help you to identify which hazards and controls are applicable to you.
Make sure you have a list of documents in your Product Safety Plan, that you’ve used to create the plan. The list needs to include:
- BRCGS Storage & Distribution Issue 4
- Any schemes you work to (e.g. DTAS, SCOPA)
- Relevant legislation
Additional text: 2.5 X – Site ownership
If you have a group function in your business, who provides you with part or all of your Product Safety Plan – this clause requires you to formally accept the documentation. This means you must verify that it works for your site and take ownership of it, including any voluntary modules which are relevant to your local site. The verification and approval at site level must be recorded.
Additional text: 2.7 – Scope
The scope of the Product Safety Plan has now been extended, so you must now describe all products and processes, including any activities for voluntary modules. You must also detail in your scope, where you subcontract any of these activities. Once you’ve added this to your scope, you must also ensure that you update your hazard analysis to include anything you’ve added. Plus, where you subcontract activities, you must include the controls that are subcontracted in your supplier approval of these contractors.
New clause: 2.8 – Process flow diagram
In Issue 3 you didn’t actually need to have drawn a process flow. For Issue 4, this is now a requirement and must include:
- A step-by-step flow of how products are processed (handled);
- service activities (e.g. waste handling);
- any steps in the process where delays may be incurred;
- where product goes out and comes in, from subcontracted activities;
- returns and rework;
- waste and recycling;
- voluntary module activities.
A site plan is also required and listed in this section for some reason. However, this wouldn’t normally be shown on the same document as the process flow diagram, but rather would be a supporting document.
The process flow diagram must be checked by the Product Safety Team and signed off at least annually, following a recall, or whenever there’s a change which impacts the product flow.
Additional text: 2.9 – Hazards
Additional hazards must now be considered in your Product Safety Plan, which are:
- Malicious contamination.
- Hazards specified by the customer.
- Hazards from voluntary modules.
The above are actually situations or events that would cause a hazard (they are not actually hazards – a hazard is physical, chemical, microbial, allergenic or radiological). Therefore, make sure that you list the above in your scope – to say that you will consider these events when identifying which hazards are relevant to your product and process. Then of course, make sure you do consider them in your hazard analysis.
Additional text: 2.14 – Review
For Issue 3, when there was a change to the product or how the product was processed, a review of the hazard analysis was required. For Issue 4 this has been widened, so that the whole of the Product Safety Plan must be reviewed (not just the hazard analysis) so that would include, the scope, the process flow diagram, the hazard analysis, the controls and the prerequisites that underpin the whole system. And now, where there isn’t a change, a review must be completed and recorded at least annually.
New clause: 2.15 – Supplier Product Safety Plan review
Where any of the activities you provide to your customers are subcontracted, your business is still responsible for them. That means your Product Safety Plan, must identify the relevant controls that your suppliers (who you subcontract to) must have in place. The new clause now requires you to be able to prove that you’ve checked that your suppliers have these controls in place, and that you continually monitor them to ensure that they continue to be effective. This would be applied through your supplier approval and monitoring system.
Check to make sure that your Product Safety Plan covers these subcontracted activities and that it’s clear which controls are applied by your suppliers. Then make sure you can provide evidence that you’ve checked that your suppliers have these controls in place and that you’re continually monitoring them.
Section 3 – product safety and quality management system
New clause: 22.214.171.124 – Group function management systems
Where you have a group function that provides part or all of the documentation that’s used in your management system, this clause requires you to document the roles and responsibilities at both group and at local site level. The purpose of this is to ensure that you have sufficient visibility of it and take ownership of it locally. This means you must write into your management system procedure, how the relationship works and who is responsible for what.
Additional text: 126.96.36.199 – Document management
For Issue 4, you now have to have a procedure which details how the document control system works – including digital document control.
Important note: The definition of procedure includes the fact that it must be documented. So, it isn’t acceptable to have a procedure which isn’t documented. Where you see the word ‘procedure’ you must ensure you have a documented procedure.
Additional text: 188.8.131.52 – Records
Where records are altered, the alteration must be controlled – so it’s clear why it’s been altered, when and who by. The same rules apply for records now – where they are digital, they must be backed up and also secure so that they can’t be tampered with.
Additional text: 3.2.4 – Root cause analysis
This is a theme of Issue 4 – root cause analysis is required (where needed) to determine preventive actions for non-conformances raised during internal audits. The key is knowing when to apply them – we teach you a system for this in our Best Practice Internal Auditor Training
New clause: 3.3.3 – Root cause analysis
Root cause analysis is now required (where needed) for all non-conformances. You now need a procedure which details when you’ll carry out root cause analysis and also, how you’ll do it. We provide this procedure with our root cause analysis method in Pack 3: Continuous Improvement.
Additional text: 184.108.40.206 – Service supplier contracts/specs
Where you subcontract aspects of your process, that means that your suppliers are responsible for implementing controls, then it’s up to you to make sure that these are specified clearly in contracts and/or specifications.
New clause: 220.127.116.11 – Contract/spec review
Once contracts and/or specifications are set, you need to make sure they continue to be kept up-to-date. At a minimum, they must be reviewed every three years. But if anything changes, then they must be updated when this happens.
Additional text: 18.104.22.168 – Contracts
The contracts (mentioned in 22.214.171.124 and 126.96.36.199) need to include all relevant controls and BRCGS have now listed product security as an example. So, make sure you’ve included this.
Additional text: 188.8.131.52 – Approved supplier list
Approved suppliers need documenting in a list that can be shared. The purpose of this is to make sure that everyone on site only uses and accepts materials from suppliers who are approved.
New clause: 184.108.40.206 X – Exceptions
Where suppliers are used, who haven’t been through the normal approval process – there must be a procedure in place for how they will be controlled. The purpose being, that the service or material that they provide must not compromise the product.
New clause: 220.127.116.11 X Assessment of supplier transport controls
Where activities are subcontracted, that are critical to product safety – the approval procedure must ensure that the suppliers used must be approved to GFSI standards.
Additional text: 3.6.1 – Traceability procedure
The procedure (which must be documented) for traceability, now needs to be much more detailed. It must detail each step in the traceability system and explain all the key points that makes it work. Where a traceability code changes, the link between the old and the new code must be clear.
Additional text: 3.6.4 – Traceability test
You now need to state how often you’re going to do the trace test (and it must be at least once a year). It must also include a mass balance check. Plus, any subcontracted activities must be tested (e.g. suppliers who store or distribute product on your behalf).
New clause: 3.7.1 – Withdrawal and recall procedure
A procedure must now be in place for product withdrawal and recall. This must include all the key elements needed to effectively handle a real withdrawal or recall.
Additional text: 3.8.4 – Cyber security
Cyber security must now be listed in your procedure and you must have contingency plans in place where this is deemed to be a risk.
New clause: 3.8.6 – Notification to the certification body
Your procedure must now state that you will notify your certification body, where your site is implicated in a product safety incident. This could be a recall, or where your local authority has issued you with an enforcement notice for example.
New clause: 3.9.1 – Non-conforming product procedure
You now need a procedure for handling non-conforming product. The procedure must detail what a non-conforming product is, how it must be labelled and stored so that it doesn’t get used by mistake and also, who has the authority to decide what should happen to it.
Additional text: 3.10.1 – Complaint investigations
Complaints must now be investigated (where needed). This means you must document which complaints need to be investigated and which don’t. The procedure should also detail how the investigation will be carried out and recorded.
Additional text: 3.10.2 – Complaint analysis
Complaints now need to be trended and the trending reviewed. Where a trend is identified, root cause analysis is also needed so that preventive actions can be applied. Make sure that you have the trending in place and you can provide evidence that it’s been reviewed too.
We’ve got a host of products to help with Section 3…
|Pack 2: Document Management covers:
3.1 General documentation requirements
3.4 Customer contractual arrangements
|Pack 3: Continuous improvement covers:
3.2 Internal audit
3.3 Corrective and preventive action
3.9 Control of non-conforming product, damages and returns
3.10 Complaints handling
|Best Practice Internal Auditor Training covers:
3.2 internal audits
|Pack 8: Supplier management covers:
Pack 4: Contingency planning covers:
3.7 Management of product withdrawal and product recall
3.8 Incident management and business continuity
Pack 11: Product defence covers:
3.5.3 Product fraud risk management
Section 4 – site and building standards
Additional text: 4.1.2 – Vegetation
Grass, shrubs, trees and other vegetation needs to be keep well cut back so that it doesn’t provide harbourage for pests.
Additional text: 4.1.3 – Proofing
Buildings need to be proofed so that pests can’t get inside. This means the fabrication of the building needs to be maintained, so that proofing doesn’t become an issue.
New clause: 4.2.4 – Access controls
There must be access controls to the site and this must include contractors, visitors and drivers. Such personnel must also be made aware of security measures and any other relevant contamination controls. Where contractors are working on site, they must have a host.
New clause: 4.3.1 – Site plan
A plan of the site must be in place and this plan must show all the routes for; personnel, product and waste. The plan must also detail staff facilities, storage areas and chemical handling areas. Once the plan is done, it must then be used to establish if there are any contamination risks. Where there is, this must be covered by the Product Safety Plan or zone controls.
New clause: 4.3.9 – Temporary structures
Temporary structures may be put in place when building work is being carried out. Where this is the case, the standards must be retained and therefore, the structure must be fit for purpose (e.g. proofing must still be adequate).
Additional text: 4.4.9 XD – External doors
External doors must be kept closed, or where they have to be open – they must have additional proofing for pests (e.g. curtains).
Additional text: 4.5.2 X – Handwashing risk assessment
To determine when handwashing must take place, you need a risk assessment.
Additional text: 4.5.4 X – Vending machines
In Issue 3 catering facilities must not pose a risk to the product. Now for Issue 4, this has been widened to say that vending machines must also not pose a risk to product. Meaning – they shouldn’t be in product areas.
Section 5 – vehicle operating standards
Additional text: 5.1.4 – Preloading checks
Issue 4 now specifies more specific checks that must be done before loading – to ensure that that; walls, ceilings and floors, the door seal, drains, strip curtains and lights are in good condition and there is no sign of pests.
Additional text: 5.1.8 X – Tanker regulations and schemes
Bulk tankers must comply with relevant regulations and any schemes that your site is certified to.
Additional text: 5.2.1 – Threat assessment
The threat assessment is required to identify any product security risks during transportation. This threat assessment doesn’t need to different from the one completed for 4.2.1. See 4.2.1 for more information.
Additional text: 5.2.4 X – Mixed loads
Where customers state that their product can’t be loaded with other certain products, this must be documented in procedures – to ensure that it’s adhered to. Once it’s in the procedure make sure it’s trained out to those who need it (e.g. those picking or loading), including drivers.
Additional text: 5.2.7 – Transport incidents
A procedure must be in place to cover incidents relating to vehicles. This clause is mainly referring to incidents when migrants have gained access to a vehicle. The procedure must cover the communication and escalation plans and must consider possible contamination risks to the product.
Additional text: 5.3.3 XS – Breakdown records
The procedure for breakdown has been strengthened, so it now must include emergency contact numbers, temperature control instructions, and the checks and records that must be completed, before the journey continues.
Additional text: 5.4.1 X – Temperature validation
A detailed validation is now required to prove that vehicles are capable of achieving the required temperature controls and – can retain that temperature in worst case scenarios.
Additional text: 5.4.2 X – Temperature verification
Once the temperature control has been validated, it needs to be verified for each journey. This can be done using automated temperature monitoring or manual checks. Whichever option is used, records must be checked to ensure that each journey was compliant. And if it’s done manually, you need to work out how often these checks must be done – to ensure that where the temperature is found to be out of spec, that there’s enough time left to do something about it, before the product is negatively impacted.
Additional text: 5.4.3 X – Temperature settings
Where the temperature of vehicles can be adjusted, the settings must be secure – so that only authorised personnel can adjust them. This means they must be behind a physical, or digital ‘lock and key.’
Section 6 – facility management
Additional text: 6.1.2 XD – Racking checks
A risk assessment is needed which determines how often racking must be checked.
New clause: 6.1.4 X – Automated systems
If you have any equipment on site that handles the product, you now must have a risk assessment that looks at how the product could be affected, if that equipment was to be faulty. And, where’s there’s a risk to the product, you must determine what checks are needed of the equipment to make sure that it’s working correctly.
Additional text: 6.2.1 X – Planned preventive maintenance
The requirements of maintenance have been widened from just temperature controlled facilities, to all product equipment and facilities. The system must also cover commissioning of new equipment.
New clause: 6.2.6 – Temporary repairs
Where equipment can’t be fixed immediately, a temporary repair is allowed. However, there must be a system to ensure that the temporary repair doesn’t pose a risk and that the repair is booked, so it’s completed in a timely manner.
New clause: 6.3.1 X – Measuring equipment
A list of all the measuring equipment on site (or in vehicles) is now required. This list must document the equipment, its location, the ID and calibration due date. This equipment must also be protected so it doesn’t get damaged and it should not be adjusted by unauthorised personnel – so this means settings must be behind a key, or password.
Additional text: 6.3.2 X – Measuring equipment risk assessment
The frequency of the calibration and accuracy checks of measuring equipment must be determined by risk assessment.
Additional text: 6.3.3 X – Accuracy checks
Not only does measuring equipment need to be calibrated, but you need to have routine checks in place to ensure it continues to be accurate. For example, for a temperature probe – you may get an engineer to come in and calibrate it once a year. But you would also need to check it regularly throughout that year – to make sure it’s still reading the temperature accurately.
Additional text: 6.3.4 X – Calibration traceability
The accuracy checks and the calibration checks that are completed on your measuring equipment must be traceable back to an accredited standard (in the UK this is generally UKAS). So, make sure you can trace your checks back to calibrated equipment which has been calibrated to an accredited standard (e.g. UKAS).
Also, where you use measuring equipment for CCPs you must ensure that you take the inaccuracy of the equipment into account, when working out your critical limits.
Additional text: 6.3.5 X – Measuring equipment corrective action
A corrective action procedure is needed for when measuring equipment is found to be inaccurate. This procedure must take into consideration the impact that the inaccuracy has had on the product. Where the equipment can’t be fixed, the procedure needs to consider what should happen until a replacement is provided.
New clause: 6.3.6 X – Calibration and accuracy procedures
For each accuracy check you do, you must have a procedure. And, if you calibrate and adjust equipment in-house, you must have a procedure for this as well. The Standard specifically picks out robotic sensors as an example, so auditors will be asking about these – so where you have them, make sure this is covered.
New clause: 6.4.1 – Hygienic equipment and facilities
There is a new clause which now sets the expectations that the site must be clean and in a hygienic state. You don’t need to do anything about this exactly, as long as your site is clean. This clause is here, so that it can be used by auditors – if they feel the site isn’t generally clean enough.
Additional text: 6.4.2 – Cleaning procedures
Each clean now needs a procedure – whereas before it was enough to just have a schedule. The procedures need to detail; who is going to do the clean, what is to be cleaned, how often it should be cleaned, how to do the clean, what chemicals and concentration to use, what equipment to use, who must check the clean and how to record it.
Additional text: 6.4.3 – Cleaning validation
Where you clean to control a specific hazard (such as allergens) this clean must be validated to prove that it works.
Additional text: 6.4.4 – CIP
A validation of CIP systems, including recovery systems, must be in place and include a schematic. Where the system is altered it must be revalidated. It must also be revalidated at a set frequency.
Additional text: 6.5.1 – Emptying bins
Bins needs to be kept clean (to a standard suitable for a bin) and they must be emptied often enough, so that rubbish doesn’t pose a risk.
New clause: 6.6.1 – Pest sightings
All employees now need to know what signs to look out for, which may indicate that there is a pest problem. They also need to know how to report this to a designated person.
Additional text: 6.6.3 XD – Pest activity corrective action
Where pests activity is found, you need to be able to prove that immediate action was taken. This needs to include an assessment of the product, to establish if it’s been affected.
Additional text: 6.6.4 XD – Pest inspection frequency
A risk assessment is required which determines how often the pest inspections must take place. The risk assessment must be reviewed, where there are changes on site which may impact the associated risks and following a pest issue.
Additional text: 6.6.6 XD – Pest control folder
The requirements for what paperwork you need for pest control are now much more prescriptive. You must have; a site plan, roles and responsibilities, information about pest chemicals, and records for inspections, sightings, treatments and follow ups. The site plan must show all monitoring devices and their locations and IDs.
New clause: 6.6.7 XD – In-house pest management
Where you don’t have a pest control contractor, but instead you do your own pest control – there are specific rules.
Additional text: 6.6.8 XD – Inspection analysis and trending
The results of all pest inspections must now be trended and then reviewed at least once a year.
Additional text: 6.6.9 XD – Pest control actions
You need to make sure that you have records of all pest control activities and where actions are raised (e.g. during inspections by your contractor) you need records to show that you’ve actioned these and closed them out in a timely manner.
New clause: 6.6.10 XD – Pest management survey
A survey of your pest management system needs to be carried out at least once a year. This is typically your biologist visit.
Section 7 – good operating practices
Additional text: 7.2.1 – Product handling procedure
A procedure is now required for handling product. This must include details of how to handle the product (e.g. to prevent damages), what product must be segregated and how and what product can’t be stored or loaded together.
Additional text: 7.3.2 – Temperature checks
For temperature controlled storage areas, you must either manually check the temperature at least every 4 hours or automatically. Where you do the checks less frequently than 4-houly, you must have a risk assessment that justifies why this is sufficient and how the product won’t be negatively impacted.
Additional text: 7.3.4 – Temperature control limits
Where temperature control is needed for product safety there must be critical limits in place. The temperature must be controlled through the application of a procedure which includes; how long product can be out of a temperature controlled area and how any seasonal variations are controlled, which impact the temperature.
Additional text: 7.3.7 – Controlled storage validation
Storage areas which have a controlled environment (e.g. temperature, humidity, gas) must be now be validated and then verified at a frequency determined by risk assessment.
Additional text: 7.4.1 – Glass and brittle plastic controls
You now need a glass and brittle plastic register, which risk assesses each piece to determine how often it must be checked. Checks must take place to confirm integrity at that frequency. The process for this must all be documented in a procedure and include how maintenance and cleaning of these items takes place too.
Additional text: 7.4.3 – Chemical controls
There’s now a new requirement for controlling chemicals which means you must have an approved list of chemicals, safety data sheets and specifications. In order for the chemicals to go on the approved list, they must be assessed to ensure that they are fit for purpose and not strongly scented. Chemicals need to be labelled at all times and stored so that only trained personnel can access them. Although the Standard says you need a ‘process’ not a ‘procedure’ this level of detail needs to be written down and so we would recommend you have a procedure.
New section: 7.7 – Management of allergens
There’s a new section about managing allergens. First of all – you now need a procedure which manages the risks of allergen cross-contamination. The procedure must identify what risks there are and put controls in place to mitigate these risks. These controls should include how to handle spillages, how to handle allergenic materials to prevent spillages, and any controls specified by your customers. For spillages you need to validate the cleaning procedure and revalidate it, at a set frequency.
Section 8 – personnel
New clause: 8.1.3 – Training records
There are now specific requirements for how you must record training. The records must include; the date of the training, how long it took, the name and signature of the trainer and the trainee. Where the course is delivered by an external provider, the course name and details are required. Where the course is delivered in-house you need to be able to show what was included in the course, so make sure the materials are document controlled and the document control details are included on the training records. The same goes for training out a procedure, make sure you record on the training record – the procedure reference and version, so it’s clear which version of the procedure was trained out.
Additional text: 8.2.3 – Smoking
The smoking rules have now been extended to include e-cigarettes. Areas where smoking is allowed must also now have sufficient waste bins and be kept clean.
New clause: 8.2.6 – Medicines
A procedure is now required for medicines – to ensure that they don’t pose a risk to the product.
New clause: 8.2.7 X – Health questionnaires
When visitors and contractors come to site, a health questionnaire is now required (as long as this is allowed by local law).
When is a procedure required?
When the Standard says you need a procedure, it means that you must document it.
The definition for procedure in the BRCGS glossary is:
“Agreed method of carrying out an activity or process which is implemented and documented in the form of detailed instructions or process description (e.g. a flowchart).”
This means it’s not enough to be doing something, you have written down that you’re going to do it, how often it must be done and how it should be done.
We thought you might find it useful to know what procedures are required for Issue 4, so here you go:
- Each prerequisite programmes, including voluntary modules
- Pest management
- Environmental control (e.g. temperature)
- Personal hygiene
- Product Safety Controls (e.g. CCPs, OPRPs or PCs)
- Document control
- Record management
- Corrective and preventive actions
- Supplier management (purchasing, subcontractors, exceptions, supplier approval, supplier monitoring, final mile companies)
- Contingency planning (withdrawal, recall, incidents)
- Non-conforming product
- Receipt of goods
- Product handling
- Allergen control
- Medical screening
- Changing of protective clothing
- Product development
- Online measuring equipment testing
- Site, vehicle and product security
- Vehicle maintenance
- Vehicle breakdowns and incidents
- Wooden pallet and plastic tray monitoring
- Calibration and accuracy of measuring equipment
- Contamination control (glass and brittle plastics)
- Stock rotation
- Product release
- Product inspection and analysis
- Environmental controls
- Legal labelling
We've tagged this article as: BRCGS Issue Conversion