This article is written to meet the following sections of the Standards:
|BRCGS Food Safety Issue 8||1.1 Senior management commitment and continual improvement|
1.2 Organisational structure, responsibilities and management authority4.2.4 Local authority registration
|BRCGS Packaging Issue 6||1.1 Senior management commitment and continual improvement|
1.2 Management review
1.3 Organisational structure, responsibilities and management authority
|BRCGS Agents & Brokers Issue 3||1.1 Senior management commitment and continual improvement|
1.2 Organisational structure, responsibilities and management authority
|Storage & Distribution Issue 4||1.1 Senior management commitment and continual improvement|
1.2 Management review
1.3 Organisational structure, responsibility and management authority
|FSSC22000 Version 5.1||ISO 22000:2018 Section 5 Leadership|
|IFS Food Version 7||1 Governance and commitment|
|SQF Edition 9||2.1 Management Commitment|
Information gathering and review
It may seem obvious, but in order to implement a management system that meets the Standard, your customers requirements and the law – you need to have decided what Standard you’re going to work to, and then understand:
- What you need to do to comply.
- Your customer’s expectations, and their codes of practice.
- The legislation the product must comply with, and what it means.
The legislation specified in the list, must cover both the country of manufacture and, where the product is intended to be sold or used.
This list is the beginning of everything you do in the management system, to make sure it complies. That’s why it must be kept up-to-date and relevant personnel need to be informed of the changes, including changes to:
- The documents themselves (industry codes of practice, legislation, customer codes of practice and the Standard).
- Scientific and technical developments.
- New risks from horizon scanning, about the authenticity or security of materials.
Where information is received at one central place, such as a hub or head office, there must be a system in place to ensure that it’s passed to all relevant personnel at sites.
To receive this information isn’t enough on its own. To make it really add value, there needs to be a system which:
- Ensures information is automatically fed in, for example using email alerts.
- Checks for changes.
There must be evidence to prove this is happening and that the information is being reviewed and communicated into actions where it’s necessary.
To prove that you’re using the information you’ve listed, you also need a copy of it – which is why you need to have a copy of the most up-to-date Standard (e.g. BRCGS). Make sure you check through your other documents and that you have the most up-to-date versions of those too. And don’t just file them – make sure what’s in them is understood and implemented.
Keeping up-to-date with all the changes to the Standard, legislation and customer codes of practice is no easy task. The BRCGS issue position statements when they want to add something into the requirements, or if they want to amend something. These aren’t clearly communicated to sites, you have to go looking for them. And unfortunately, BRCGS don’t put them in one easy to find place (they tend to buried in Participate somewhere or on their website).
We have a page for each BRCGS Standard on our website, so you can find the most up-to-date ones and we’ll email you when they’re updated if you’re signed up to of Smart Knowledge:
There must be a documented policy in place. This policy needs to include the sites intentions regarding:
- The processing of products that are safe, legal and authentic and produced to the specified quality.
- The site’s responsibility to its customers.
The policy must be authorised, so it must be signed and dated by the person with overall responsibility for the site. Where the policy is written by group and therefore signed by group, it still needs to be countersigned by site management. This is to prove that your site has taken ownership of it.
The policy also needs to be reviewed and re-signed/dated, to prove that this has been done. Depending on which standard you work to, depends on how often this must be done. Where you make changes, you need to have a record of this as well – like you would with any other document in your management system.
BRCGS Food Safety and BRCGS Agents & Brokers – doesn’t actually specify when, but it’s ‘expected’ that it’s annually. The Standard actually says that it must be updated when there are significant changes to management or the way the management system is run.
BRCGS Packaging – states it must be reviewed every year.
BRCGS Storage & Distribution – says every 2 years.
And then, the policy must be effectively communicated to all staff – which means you either need to include it in training, or put it somewhere that staff can see it.
The company’s senior management must provide the human and financial resources needed to process product safely and in compliance with the requirements (listed in the sources e.g. the Standard, legislation and customer codes of practice).
If the site uses an external consultant as its main source of technical resource, they must be able to demonstrate that the consultant is readily available, and that product safety and legality is not compromised by using external help. The day-to-day responsibilities must be controlled by the site.
The senior management on site, must ensure that all employees are aware of the responsibilities of their role. They must ensure that there’s a process in place to review employee performance. This could be through the measuring of objectives or an appraisal system.
Senior management must also provide clear direction. This means that they need to provide documented work instructions for staff responsible for carrying out activities. And it’s up to the management team to make sure that employees can carry out the activities detailed in these work instructions.
This subject comes up a few times in Senior Management Commitment sections of the Standards. When a site is governed by a head office or group function, the Standard really enforces the need for the site to take ownership of group lead direction, locally. This is to ensure that the site can’t say that it’s not their responsibility. Think about where group are responsible for certain parts of your management system, and make sure that you have enough detail to be able to present it locally. You must be able to show that you ‘own it’ at site.
Where cross-docking takes place, the Standard states that the site that’s audited, must take ownership of the cross-docking locations. And that it must have overall responsibility for the management system that’s adopted at those locations.
The most senior person on site must attend the opening and closing meeting for the certification audit. Relevant staff must also be available when needed during the audit.
The management team must make sure that root cause analysis is used, to work out what preventive actions are needed to rectify any non-conformances raised during the certification audit.
If the site, hub or depot, has a head office (or group function), someone from group must be available for the site audits.
It’s up the management team to make sure that any announced recertification audits occur on or before the due date printed on the certificate. If the certificate is allowed to lapse, this will cause an automatic non-conformance on the next audit.
For BRCGS the site is only allowed to use the BRCGS logo if they have been approved to do so. To register to use the logo you must:
- Go to BRCGS logo request
- Fill in the form and submit it.
- Once registered, BRCGS will send you the information you need to make sure you have the right logo.
Meeting the legislation
The site must be registered (or approved by) the appropriate authority, where this is required by legislation. If the local authority provide evidence of this, it must be retained for audit.
There are certain responsibilities that must be applied to those present on site. This is to ensure that all the requirements for compliance to the Standard are met.
This includes ensuring that someone or a team of people is responsible for:
- Reviewing and updating the company on legislative and other issues.
- Product safety, integrity, legality and quality.
- Leading the Product Safety Team.
Those who are responsible for the above, must also have deputies. You need to be able to look at a document, whether it be a job description or an organisational chart and be able to see who is responsible for what. And, that person(s) needs to know they’re responsible for it, so you need evidence that they do.
The site must have an organisation chart which clearly shows the management structure and the reporting channels of the business.
The chart needs to include the names of people who occupy the roles. If it doesn’t, this must be documented somewhere else.
Confidential reporting system (whistleblowing)
The site must have a confidential reporting system so that staff can report concerns relating to product safety, authenticity, quality and legality.
Even if the site already has a whistleblowing system in place that’s been established by brand owners or retailers, the site must still have its own system – to make sure that all products processed by the site are covered.
Staff must know how to report their concerns, e.g. using a phone number.
Once a concern has been reported, there must be a set process for senior management to use. Records of this assessment and any actions taken need to be documented and retained.
So, what does the BRC mean by a ‘confidential reporting system’?
A confidential reporting system is the same as a whistleblowing system. There’s a law on whistleblowing in the UK – the Employment Rights Act 1996 (as amended by the Public Interest Disclosure Act 1998). This law defines what whistleblowing is.
What does the term whistleblowing mean?
Making a disclosure or blowing the whistle. Basically, it’s telling someone about a wrongdoing, which most of the time happens at work. The law states, that the person blowing the whistle, by law, must believe two things:
- That they’re acting in the best interests of the general public.
- That the wrongdoing conforms to the definition, as set out by the law.
What is the definition of a wrongdoing?
A wrongdoing is something that’s happened in the past, is currently happening, or they feel is likely to occur in the future, such as:
- A criminal offence (this may include, for example, types of financial impropriety such as fraud).
- Failure to comply with an obligation set out in law.
- A miscarriage of justice.
- That someone’s health and safety is in danger.
- Damage to the environment.
- Or, covering up wrongdoing described.
The whistleblowing law protects the individual that’s blown the whistle and gives them the right to take the case to tribunal if they feel they’ve been victimised at work, because of it.
The Government has provided a guidance document for businesses who wish to implement a whistleblowing system. You can find the document here: Government guidance document
Your whistleblowing next steps
If you’re looking to implement or update your whistleblowing system, we have two solutions for you to choose from.
Want a ready to go whistleblowing system?
Then you need Pack 1 Senior Management Commitment eDocs.
Everything you need with practically no work – follow the instructions to implement, and you’re ready!
You also get everything you need to implement culture, business planning, management reviews and organisational structure.
This is one of our most popular packs – join the many other businesses who have embraced the new confidential reporting system requirements with ease!
Want to develop your own whistleblowing system?
Then you need our mini training – Whistleblowing eLearning.
This awesome 40 minute course is packed with everything you need to understand the requirements, develop your own system and successfully implement it.
Ideal for senior management, those developing the system and anyone managing the completed system.
Business plan and objectives
In order to comply with the quality policy and the list of sources specified; the site’s senior management must have clear objectives that are defined in order to maintain and improve the safety, legality, authenticity and quality of the products produced.
The objectives must be:
- Documented and include targets or how they’ll be measured.
- Clearly communicated to relevant staff.
- Monitored and the results reported at a set frequency to site senior management, or each operating location if working as part of a group.
The set frequency of reporting the information to management depends on the Standard that you’re working to:
- BRCGS Food and BRCGS Storage & Distribution: at least quarterly.
- BRCGS Agents & Brokers: at least every 6 months.
- BRCGS Packaging: it only specifies a set frequency, so you’d need to assume it’s annually at least.
Independent sites or sites which are part of a large group are able to adopt business wide objectives, but they must be implemented, monitored and reviewed by the site. This is to make sure that they’re accepted and owned by the site.
Business performance review
Once the plan and the objectives have been set, then the management team need to ensure that they’re met. They must do this using a programme of business performance review meetings.
Although the Standard says these meetings must be at least every 12 months, you can’t really check that you’re on track by only reviewing it once. You have to report the information to senior management (as we discussed in the last section) regularly (e.g. quarterly if you’re a food site), so it makes sense that it’s reviewed when this happens.
These meetings must be scheduled. This means you must be able to prove that they’re booked, so the auditor has confidence that they’ll happen.
When these reviews happen you need to review:
- The last meeting and any actions, to make sure they happen when they said they should.
- The objectives and if they’re on track.
- Any resources that are needed to make sure that the objectives are achieved.
- If it’s the annual review, you need to assess any objectives that haven’t been met, to understand the underlying reasons – using root cause analysis. This information shall be used when setting future objectives and to facilitate continual improvement.
The BRCGS Standards also say the following must be reviewed, but these items are really objectives – so they’re essentially saying you must include them in your objectives and targets:
- The results of internal, second-party and/or third-party audits.
- Customer complaints and the results of any customer feedback.
- Incidents (including both recalls and withdrawals).
- Returns/rejections, wastage, out-of-specification results and non-conforming materials.
- Progress with corrective and preventive actions.
They also say the following should be reviewed; this is to ensure that senior management have a top view understanding of how the overall management system is performing:
- The effectiveness of the systems for hazard analysis, product defence, authenticity and site security risk assessments. This means they need to review, the reviews of these systems – not the systems themselves. The aim is here, is for them to check that things are working as they should.
- Any changes to the Standards, relevant legislative and customer codes of practice. Because if there are changes, they need to ensure these changes are implemented and that the site has the resources to do this.
Meetings (employee communication channels)
It’s essential that business review meetings cover all levels of management in the business, to allow information to effectively flow up and down the reporting channels.
Your site will most likely have meetings already in place and these are the meetings that the Standard is referring to. If you have a huddle in the factory when the shift starts – this is included. The information that’s discussed here, should then be relayed at the morning meeting for example. The information at the morning meeting should then be wrapped up and discussed at monthly meetings. Which is then reviewed at quarterly senior management meetings and so on.
The communication should flow the other way too. When a direction is given in the quarterly senior management meeting, this should be transferred all the way back down to the shift huddle. The level of detail and the way it’s communicated would change, but the overall aim is to ensure everyone is working to the same goal.
If you don’t have shift or daily meetings, that’s OK, as long as they happen at least monthly. And make sure that it’s clear in the evidence of these meetings, that this is where issues relating to product safety, legality, authenticity and quality are reported.
Also, make sure that you can prove that employees know that they need to report any instances of unsafe or out-of-specification materials to a designated manager, so that action can be taken to resolve them. This also needs to include a way of staff being able to make suggestion for improvement.
Records of these meetings must be documented and used to aid the development of the following year’s business objectives. Where actions are raised in meetings, there must be evidence that these actions have been verified and signed off as completed within the agreed timescales. These records need to be available for audit.