Since the draft BRC V8 was released for consultation, I thought you might like to see my thoughts on the changes to the standard and my feedback that I submitted to the BRC. We can then use this post, to compare the changes in the actual standard, when V8 is issued. So here is my feedback to BRC as part of the consultation process for the draft BRC V8 – word for word, as it was actually submitted…

Food safety culture

Does the addition of the clause 1.1.2 to the management commitment section, which states the site must have a food safety culture plan, mean that the food safety culture additional module is being incorporated into the main standard? Or will it still be an additional and optional module? Could you please can you clarify in the interpretation guide.


1.1.5 also now refers to integrity. Will ‘integrity’ be defined in the definitions section?


The HACCP section has been amended in line with FSMA, however it still refers to CCPs (which are not a requirement of FSMA) and does not refer to PCs (which are a requirement to FSMA). I presume that either PCs or CCPs or a combination of both are acceptable. If this is the case, could this be clarified.

Supplier approval

Clause has been amended to state that a 2nd or 3rd party audit is acceptable, but only if the stated elements can be evidenced. Following the publication of version 7; the 2nd and 3rd party audit was clarified (on the BRC website or through a position statement), to state that any non GFSI audit was acceptable as long as the audit report was available, along with the evidence of close out of any non-conformances raised during the audit. This included SALSA. Given that we now need to provide evidence of the competency of the auditor, would an auditor that has been vetted by SALSA or any others certification body be sufficient, or would we need actual evidence such as training certificates? In which case, this would eliminate the application of 3rd party audits, where such evidence wouldn’t be available. Please could you clarify in the interpretation guide.

Also, when approving farm level suppliers, where certificates such as red tractor are applicable, the scope of the audit would be different from the elements stated (e.g. HACCP review would not be completed). Can the standard make reference to this type of approval and what the requirements would be?


I really like the addition to clause 3.9.3; the trace test should include a summary of the documents used during the test and clearly show the links between them. This will help sites to make sure that each document is clearly linked. In addition to this, it would be good, if you could clarify that this includes where traceability information changes. i.e. where one trace code changes to another – at a point of the process; that the documentation must show both the old and the new lot code (on the same document) and the link between them.


3.11.1 now has cybercrime included. It would be beneficial to include loss of IT infrastructure (not due to crime).

Customer focus

Would it be possible for you clarify in the introduction to the standard, why this section has been removed again; to aid our understanding of the development of the standard.

Food defence

Really pleased to see that food defence has been added to the standard, in line with GFSI. Clause 4.2.1 states that both internal and external threats shall be included in the assessment. My interpretation of ‘internal’ is on site threats which would include both outsiders gaining access to materials (e.g. unlocked silos) and also, site personnel causing contamination or damage maliciously. If this is the case, then I don’t think ‘internal’ clarifies both of these types of internal threats. Could this be further clarified please?

Metal detection

Could clause be amended, as a memory/reset function test requires clear packs to be placed in between the 3 packs. 3 consecutive (successive) packs is not a memory test. Therefore, the clause is confusing.

High care & high risk

Given that you’ve now moved all the high care and high risk elements to its own new section, section 8, I would like to request that we take this opportunity to simplify the zones and eliminate the need for high care. I understand the current definitions of high risk (cooked) and high care (treated but not cooked), but they don’t really make sense when you look at them closely. Where both sets of products have a use by, require chilled storage and have the potential to allow pathogenic growth – why do we say that it’s ‘acceptable’ to ‘contaminate’ high care products, whereas it’s not acceptable to ‘contaminate’ high risk products? Take the examples provided on the decision tree; a “prepared meal without a garnish” is a high risk product, because it’s been cooked. So, we’re saying it has a higher potential to cause food poisoning. But, a “prepared meal with garnishes” is a high care product. So, we’ve taken potentially the same high risk product, and added something that is not as ‘clean’ to it and now it has less potential to cause food poisoning, so we don’t have to protect it as much from contamination.

High care and high risk cause so much confusion in industry and essentially anything entering a high level zone should have gone through sufficient decontamination to make it safe to eat within its given life and not contaminate the high level zone. Why confuse matters any more than that?

Have your say…

7 thoughts on “Draft BRC Version 8 Consultation

  1. Kassy

    Good article although out of my comfort zone! Anyway my thought are to add something in and around fratricide or blue on blue in military terms!! I’m talking about things like software (not Cyber) updates (example is Apples IOS 11 which broke some phones). This is unintended consequences by OEM or internal automation engineers which may directly affect a CCP (or what ever confusion we seem to be adding in here with nomenclature – we deal with some uneducated people – remind them at BRC KISS) . The software changes/updates may be between PLC (Siemens/Alan Bradley etc). It may be a system glitch but there are safety solutions and things like feedback loops etc….

  2. I really like some of the points raised which we hadn’t picked up on. I especially like the clarification on metal detection memory / reset function test as we get challenged on this each year. We test using consecutive packs as the standard doesn’t say you cant, and every year the auditor questions it even though we have sufficient justification as to why we do it that way. They have never raised a non compliance as the standard isn’t specific and can be interpreted either way so clarification would be good, I hope they include this, although we would then need to change how we do our test. I agree that high risk and high care can be confusing and maybe should have the same controls for some products, although not all high care products (mainly short shelf life) would need them.

    1. Hi!
      That’s really interesting to hear that you have suffered from the confusion around the metal detection test. I can’t wait to find out what version 8 says when it’s issued, I get really excited about these things!

  3. Hi Kassy,

    With my area of expertise being contamination control by provision of hygienic, high quality air and the control of the high risk environments with regard to air changes and positive room pressure, I completely agree with your comments regarding high care/high risk environments. I think this makes what should very relatively simple, very confusing.
    I don’t have the stats in front of me, but it seems that whenever there is a food poisoning outbreak associated with a food production facility, the route cause always seems to be a product like “ready to eat” washed salad.
    I think it’s time to move on… is 2018 after all!

    Treating the air quality/environment regime in these areas as those of high risk with sufficient air changes and positive pressure, would at least reduce risk of microbial contamination in high care areas coming from the air within the production environment.

    If we can then convince the industry to use filtration that will remove microbial contamination, I have no doubt we would see less of these food poisoning outbreaks.

    Best Regards,


    1. Hi James,
      Thanks for your comments, it would be great to simplify the rules – like you say it’s 2018 and we all have enough to do without making things more complicated than they need to be.
      Let’s see what happens!
      The count down begins to Version 8!

  4. Hi Kassy,
    Really good article and like the specific requests for metal detection and high care/risk confusion areas. The area on the competency of auditors for 3rd party supplier approval would need further clarification as to what BRC require in my opinion. It should be an interesting protocol when released and observing what clients shall be putting in place for their food safety culture. Thanks again Kassy

Share your thoughts…

Your email address will not be published. Required fields are marked *

We've tagged this article as:

Thousands of Food Techies all over the world read and trust our newsletter.

Sign-up to our newsletter and get our articles direct to your inbox - for free!