Coronavirus has changed the world. But, what will life be like after?

Wouldn’t it be great if we could use this experience so that we come out of it, better than when we went into it? We have an opportunity now, to take a step back and think about what we want the future to look like. So, here is our dream of what we would like the world of technical to look like…


When the BRC was originally created, the aim was to reduce the number of external audits that sites had to have. Unfortunately, the reality didn’t quite meet this aim. Retailers continued to carry out audits, as the BRC Standard didn’t quite meet their requirements. Plus, customers continued to audit their suppliers and, in reality that’s never going to change.

If you think about it, it’s a waste of the site’s time, it’s a waste of the retailer’s time and a waste of your customer’s time. There are so many parts of these audits that are repetitive. So many of the clauses are the same. So, why audit one site to the same thing, over and over again?

An audit is only one moment in time, so things still get missed. What if it could be different?



Wouldn’t it be great, if audits weren’t kept secret?  Imagine if audits were open book and what if sites shared their audits?

Let’s say a site has a BRC audit. The auditor audits to the BRC Standard. The audit report and close-out of any NCN’s is then made public by the site, to their customers.

The same site manufactures ingredients and their customer comes to audit them. But because the customer has already seen the BRC audit report, they don’t need to audit the same things. They can instead drill down into areas of weakness that were highlighted by the BRC audit. Or, they could just audit their additional requirements.  The customer allows the site to share their audit report and the close out of the NCN’s with their other customers.

The same site makes retailer product and their retailer comes to audit them. But, because the retailer has visibility of the BRC audit and the sites customer audits, they don’t need to audit the same things. They just audit their additional requirements or areas where they feel the site is weaker.

Having an open and transparent supply chain would massively reduce cost and release time for the site to work on improvement. Imagine something similar to SEDEX, where a site can share their audit information up to their customers. Imagine the potential this could have. Less audits, more transparency, more focused assessment and a greater level of due diligence.


What? No way!

Now, we appreciate that this, to some, will be an instant ‘no-no.’ Many companies won’t share their BRC audit reports, never mind the close-out evidence. The reason being that it’s ‘confidential.’


But why is it confidential; really?

If a site is confident in their ability, then why keep it secret? It’s only kept secret because the business is too nervous to share this information.  Because the risk of sharing is too high, as the site are not confident in their abilities.

Some suppliers don’t want to share their supplier’s details, and state that this is confidential.  This is another type of fear – that their customers will bypass them and go straight to their suppliers. We had a situation recently like this, where a spice blend supplier wouldn’t provide their suppliers details. But, the customer would never have gone direct to their suppliers, as they want the blend – not the individual spices. In the majority of the rest of these situations, the customer doesn’t have the buying power to go direct.  If a company is confident in their commercial ability, then why keep the information secret from your customers?


Look at it differently

If a site was transparent and provided this level of detailed due diligence to their customers – imagine the commercial benefit that this site would have. If there was a register of companies who do this for their customers – it could be used as a way of choosing your suppliers.

Those companies who chose not to share – imagine the negative commercial impact that this would have.



Obviously, there would need to be rules around the information that could be shared. Personal information would need deducting. Any information that would pose a security risk should not be documented.  Any intellectual property would need to be deducted or not documented where it’s not needed.



Clearly this is a controversial subject and hopefully it will generate a good discussion.  Please get involved and share your thoughts.  Do you agree/disagree? Do you see the benefits or not? Do you think it’s possible or not?  Do you have any thoughts about what the techie world will look like, after Coronavirus?

Have your say…

20 thoughts on “What will life after Coronavirus look like?

  1. Great article Kassy, as you know I am a proponent of this approach and I do hope that this can be achieved, indeed, if anyone can produce a system to do this very thing we can at Primority with our 3iVerify solution. We already have all the tools, knowledge and technology to make this happen.

    So here is my challenge to your readers and any certification bodies reading this. We will gladly build the system for this and make it happen if enough customers want to get on board. Contact me through if anyone wants to discuss this.

  2. There is so many due diligence, risk assessments and extra or a bit stricter than the BRC and then the Internal Audit. It comes down to the responsibility of each company. An audit is possible to be fixed to get the certificate but it is still out responsibility for the rest of the season (9 months).
    It is therefore practical to do the Internal Audit frequently by the company, do assessments on the standards and/or clauses to cover the due diligence. The clients should be linked to see at the company’s documents and records.
    For ethical standards we work through SIZA and they are connected with SEDEX. All the exporters going through this packhouse are linked to SIZA. We do the SAQ every 6 months and update records or documents.
    If the auditor is not allowed to visit the site…pictures, videos and the auditor must have faith. If the auditor must visit the site, rules must be followed and the auditor must be on the floor for the hour or 2 and not what the BRC standards are showing.
    But yes, everything is changing but we must still produce products from low to high risk

    1. Agreed. I’ve been trying to work up a theory where the internal audits are the ongoing assessment that is shared with customers – so totally agree with your thinking there!

    2. You mention 9 months here were things might not be perfect – the unannounced scheme doesn’t allow that happen as you only have a 3 month window that isn’t open for your audit.

      Being members of the unannounced scheme, as is demanded by some retailers, should give other customers confidence that your site tries to get it right at all times.

      Surely, we have moved past the era of fixing audits – or am I being completely naive?

      1. I appreciate the need for the surprise element of unannounced audits, The only problem them is for very small sites. We have the necessary cover within our small team when I’m off-site but that cover can be a couple of hours away working off site. Plus we all know technical cover for day to day is very different to knowing exactly where to find that sentence/word the auditor wants to see right now. Managing an audit needs someone in technical – so if you’re a department of one it makes time away from site interesting.

        We need something though to take away repetition. I’m all for sharing audits, or having BRC with bolt-ons for retailers? Like having RTA and LEAF at the same time.

  3. I’m unfortunately old enough to remember the introduction of the BRC approach, and back then we did not believe it’d reduce customer audits. The 1990 food safety act was still being understood and on average the biscuit factory I worked for back then, had on average, a day audit every week. Much joy was experienced on the very rare occasions when a customer cancelled! The poultry factory I have recently worked for had the same at the beginning of the year, an audit a week.

    So, as an experienced TM I’m doing pretty much the same as I was back in the 90’s. Not a lot has changed. But then sometimes, I come across a company where the technical role is about progressing the overall business within food safety standards of the site – that is what 21st century food manufacturing business should be doing, not having a technical department for compliance. Compliance is everyone’s responsibility and while the latest BRC scope has shifted the onus away from technical in the factory, it is still technical who usually end up putting the hours in over the audit days.

    The culture of the site needs to be audited. The policy makers and drivers need to be to be scrutinised in their support of food safety and quality in whatever guise that is.

    Internal audits can be an indicator of culture, but not the actual audit. How often (never!) are internal corrective actions followed through to see if they actually happened, have been sustained or even developed further?

    And auditors need to be people who have recently had factory TM or similar, experience. Professional auditors do not understand the massive demands on department head management. Maybe auditors should have a maximum of 2 years in the role and be required to return to the industry for a re-calibration?

    Quite how BRC (and any future audit) will audit site COVID-19 risk assessments when they were not be faced with the terrifying notion of keeping a workforce safe, and a business viable while still running is, frankly, beyond me.

    1. I love that you’ve brought you experience to this discussion. I’d love to know what year the first version of the BRC Standard was published – can you remember? I don’t suppose you have a copy, I’d LOVE to see it!

  4. I have always shared our audit with anyone that asks for it because I’m always confident that when it has gone wrong or we haven’t met the standard in some way that we have addressed that issue and fixed it, that’s what a NC is all about. I’m a big fan of auditors coming in and just auditing one or two sections in depth rather then trying to cram the whole thing into an impossibly short time frame. If you don’t know what section they are going to audit, but you know they are going to look in detail, you are going to make sure all your areas are right!
    I also completely agree, let me publish my internal audits or some form of ongoing assessment I always think its better to have no secrets and operate in transparency.

  5. Gosh, i’m with Carol on this subject. I too can remember when the 1990 Food Safety Act arrived although my first experience for food safety accreditations was with EFSIS (anyone else remember this?) before going onto BRC. I was hopeful about the lessening of audits but that just hasn’t happened. I also found as a TM that i was spending most of my time dealing with audits (again about 1 a week) and the stress of those plus trying to get the normal day to day work/improvements done was hellish.

    BRC (and others) should have made that difference but in my experience and in particular the major retailers, it has not. It’s also about how they risk assess you as a supplier and that can still be a subjective.They always want to project the image that their standards are tougher or more detailed. This is to convince the customer and consumer that they have food safety and security sewn up. Some do, some don’t. But hey, look at all the issues still around (meat substituted with horsemeat being picked up yet again in Europe!) makes you wonder about the effectiveness of these audits – third or second party. Most of us work with integrity though and i can’t think of anyone i’ve worked with that goes into work thinking that they are going in to do a bad job.

    As a small company we tend to view audits now as a learning activity. What does a fresh pair of eyes see that can help us improve. It also challenges your thought processes and whether your risk assessments and conclusions stand up. So as a technical person that is moving toward the twighlight of their career, seeing it as a learning activity stops me from wanting to grab auditors and shake them because i’m going crazy answering the same old, same old!

    My company share their BRC audits to customers who request them. In fact a particular customer did actually use it as a desk top audit with extra questions recently due to COVID19 and restrictions on travel. It was almost as though it was ‘oh, didn’t realise we could do it like this’ moment for them.

    The one thing i always make clear to auditors as part of their audit reports is that they do not use staff or customers details. Most auditors are ok with this but some have had to be reminded of this. They can abbreviate and we agree product codes they can use so this still allows traceability within the audit report to what information the auditor reviewed and who they spoke with. This works well and covers more of the confidentiality issues and this allows the report to be sent without issues.

    As part of the changed way we are all having to work maybe this is the time to really think about why we are doing things the way we’ve always done them. I certainly don’t take that excuse, just because it’s always been done like that doesn’t mean it’s the right way to work and surely audits are supposed to add value to a business or am i being old and naive?

  6. BRC should work with all the retailers to deliver an audit standard that is best practice for all. We should then work to the BRC standard that fits all (as originally intended!). This should then be shared with all customers like an open book. Customers should then have Technical visits rather than audits, where they can review areas that concern them individually and work with the site collaboratively to improve those specific areas in preparation for a better outcome in the next BRC audit.
    Working at sites that supply all major retailers, we are inundated with audits throughout the year, so a joined up approach to standard and expectations would help everyone to perform better in the future.

  7. I have been thinking about this all along and this is the first time that i see someone covering this topic so brilliantly. BRC or any other GFSI schemes were created to align food safety standards among food processor. It not design to create more and more audit: then what what is the point being certified if my customer will come audit me anyway regarding the same standards. This level of duplication create a lot fatigue and sometimes waste precious resources that could be allocated to other critical area. The analogy to SEDEX is a wonderful idea.

  8. I echo the feelings that several people have indicated here, in that the BRC audit was intended to be the main food safety audit for all customers to see to prevent the necessity for all these individual customer audits. Like many other contributors we have also been subjected to nearly an audit every week which is so counter productive because it takes valuable time away from doing the day to day job, and so many of these audits are repetitive, and often paper based rather than looking at the actual risks the businesses are managing. I have been disappointed on several occasions, knowing the hoops that suppliers have to go through, to see some of the standards that exist behind the scenes in some of the retailer outlets. I feel there should be more retailer focus on their own outlets and I totally agree that the internal audit system would be more effective in both supplier and retailer businesses. I too can remember the starting of EFSIS and everybody was very pleased to embrace this at the time to improve and demonstrate that good manufacturing standards were being employed, but I feel that every three years when BRC updates are brought in that somebody setting standards is trying to justify their existence by introducing new clauses. Also from experience I find that there needs to be “calibration” of auditors because sometimes issues are raised which have no direct concern to food safety and it tends to be auditors who have worked as TM’s who tend to be more understanding and pragmatic in the real factory environment.

  9. I too remember pre-BRC when we thought EFSIS etc was going to lower the number of customer audits. effective internal auditing is crucial for every food business and when done correctly this should demonstrate a companies position and commitment to improvement. I find companies don’t wan t to admit to NC’s and yet we all have them

  10. I believe that going forward, due to Covid 19, we may have to change the way that we operate & work together on maintaining certification for quite some time. I do think that there needs to be more ownership in all areas of business and more drill down into food safety culture to see if this really is embedded in all levels of the business.
    There are some retailers out there (you know who they are), that believe if they use a lot of jargon and long words this means that they have a good standard – but it doesn’t ! Adhering to every letter of a COP doesn’t make your factory better but robust internal audit procedures that generate business improvements do!

  11. I to agree that he BRC system was to reduce the number of customer audits in our facility. Has this happened, no! But the length of some have been reduced to a day or half a day with just addendums that they are required to complete. The costs are still there and time used to attend to these has not changed. Allowing access to the audits may help reduce those needs I would think but not sure until we saw it happen. Many customers do not rely on our BRC audit at this time as well so there is still that sticking point. But again the BRC audit is only a moment in time and are we that efficient all the time may be the question to some.

  12. Ive seen and experienced this from a number of angles.
    I too remember the first BRC Audits which promised to reduce the burden of auditing and apply consistent base line standards across the industry.
    Every year the Technical team would spend weeks in preparation for their BRC ‘snapshot’; schooling functional colleagues on what was required for their ‘section’ of the standard. An approach which moved the industry forward without any guarantee of constancy. Roll on the unannounced, the prospect of which filled many a site with dread! (and still does) It drove the right behaviours though, with well managed business maintaining standards with an all year round audit ready approach.
    From a customer perspective with brand reputations to protect, each food scare and horizon scan brought a new requirement, individually suited to each business, all builds (subtly different) on the basic GFSI. Increased consumer awareness and the ability on social media to share and question every blemish in the food chain has meant the proliferation of both requirements and the inevitable audits to verify compliance. If it were my brand, i’d want that reassurance and confidence.
    It is true there are too many audits to enable (all but the most focussed) technical teams the time to implement true preventative corrective actions and put in place cohesive foundational systems. Most audit responses being unsustainable sticking plasters at worst or tweaks to existing systems at best.
    The solution then?
    A bit of everything to build confidence through transparency:

    – Collaborative governance. A combination of internal audits; defined KPI’s – regularly reviewed and reported; routine meetings and customer reviews. Each customer will have a particular emphasis and view on what this looks like for them – but from one set of information – many uses and still more efficient than numerous site visits each week.
    – Earned recognition. Placing emphasis and burden of scrutiny on those food businesses with a poor record. If you are a good site, fewer audits. For an underperforming site, more frequent audits. The annual audit approach is pretty antiquated for the risk based approach culture we all recognise today.
    – Use of technology, There is existing technology which enables 24/7 access to CCTV and records; audits can now be done remotely; likewise, routine meetings and reviews on skype, zoom, teams – enumerable platforms exits.
    – Shared intelligence – Platforms for information sharing, do exist Sedex is a good example, sharing audits and corrective actions. The principle, linking entire supply chain compliance information is sound and could be developed further to include KPI metrics as well as development objectives and progress reports.
    – Bolt-on’s – Again good in principle, i’m an advocate as long as they are in a sensible framework in which they are managed so they don’t over proliferate or become over complex and repetitive.

  13. The customers that come to audit us already have copies of the (FSSC in our case) audit report and non-conformances. All of our customers require these from us on an annual basis and those who come to audit us do a complete audit. Firstly, any audit is only a “snap shot” of what is found during that audit. It could have been that something was observed that never usually happens or it could be that something that doesn’t work well wasn’t picked up on. Also, so much depends on the actual auditor. They all do what they are trained to do but personality also plays a role. We have had auditors who have been surprised at what previous auditors have and have not picked up on. Publishing all results for all to see could mean that your company is unfairly shown in a bad light. It would also mean that other companies competing with you for market position could use knowledge of such information – be it real or exaggerated – to gain business. Your business. On the other hand it could also mean that you can portray yourself in a better light, if a weakness wasn’t observed. Then the headlines would read “Salmonella death because BRC audit didn’t pick up on dire circumstances” or something to that effect. Sorry to be a dampener of spirits but this is what experience has taught me.

    1. Hi Eva,
      Please don’t apologise – all points of view are welcome and valid. I can completely see what you’re saying. I think it’s about controlling what information is shared and to who. I don’t think information should be shared to everyone, so that your competitors can see it. Just your customers and even then, there should be only at the approval of the site.
      Good points to include for detailed consideration, thank you. 🙂

Share your thoughts…

Your email address will not be published. Required fields are marked *

We've tagged this article as: ,