was successfully added to your cart.

Supplier approval and monitoring for BRC Issue 8

The BRC have clarified and simplified the approval of suppliers in issue 8, which is great. They have also clarified that the process is split into two distinct parts – approval and monitoring. Monitoring tends to get forgotten, so it makes sense that they’ve split them out to help explain the differences. Let’s go through the approval processes and then we’ll look at monitoring.

Approval

So, how we approve a supplier is the same, for ingredients, packaging and also traded products. The approval of co-manufacturers is the same too – with one key difference, that an SAQ is not acceptable, as these suppliers are not deemed to be low risk. In the last article we looked at raw material risk assessment, so the output from this risk assessment, should then feed into your supplier risk assessment. If you’d like to read that article first, you can do here:

The aim of your supplier risk assessment is to determine if each supplier is – low risk or, not low risk. Now, if your risk assessment produces supplier risks as low, medium and high – that’s fine too. All the low ones would be low risk. And, all the medium and high risk ones would be – not low risk. Personally, I don’t like these terms, but it’s what BRC have decided, so that’s just the way it is.

Once we have our supplier risks, as low risk or not low risk, that defines how we can approve them. We have three options to choose from; a supplier questionnaire (SAQ), a GFSI certificate, or an audit.

  • SAQ: You can only use this for low risk suppliers. You cannot use this for not low risk suppliers.
  • GFSI certificate & Audit: You can use for both low risk and not low risk suppliers.

GFSI Certificate

This is the easiest option to go for, if you can. All you need to do, is to check that the certificate is valid (it’s not fake) and that the scope of the certificate covers the products you’re buying from the supplier. If you can prove both those, you’re good to go.

Audit

If you can’t use a GFSI certificate, the best option you have is an audit. Now, this doesn’t mean you need to go and audit the supplier. You can use any third party audit, including non GFSI audits, such as Red Tractor, SALSA, ISO 22,000 etc. But if you use a third party audit, as your audit of the supplier, you need to prove a few things:

  1. That the audit has checked that the supplier has GMP, food safety, HACCP review and traceability in place.
  2. That any non-conformances to the audit have been closed out.
  3. That the scope of the audit covers the products you are buying from them.

How do I do this?

You need the supplier audit report and the evidence of close out of the non-conformances. Basically, you need to handle the third party audit of your supplier, as if you’d done the audit and make sure it’s closed out.

No third party audit or GFSI Certificate?

If they’re not low risk – then the only option left open to you, is to audit them. This means, you have to go and actually do the audit. If you have to go for this option, make sure that the auditor who does the audit is competent, so they’ll need to be able to prove that they are. The only real way of doing this is through a qualification.  As a minimum they should have an internal auditing certificate, but ideally a lead assessor qualification.

If you need help with your supplier audits, we can help with this – we do supplier audits for quite a few of our clients. Just email Mel on info@techni-k.co.uk for more information. So, once you’ve approved your supplier, we then move into the monitoring phase…

Monitoring

This means that you monitor your supplier performance, use this information to re-assess them and then re-confirm the approval. Therefore, your supplier risk assessment needs to continue to assess their performance.

For example:

  • Have any complaints been received, that were due to your suppliers?
  • Have you had delivery issues with them?
  • Have they created non-conformances?

You need to gather this information throughout the year and then review it each year. The information would need putting into the risk assessment, and where this changes the risk, the correct approval process would need applying.

For example:
If you have a low risk supplier, who is approved by an SAQ and because of their performance, the risk changes to not low risk, when the risk assessment is updated, then you wouldn’t be able to use an SAQ to approve them anymore. You would need to use a GFSI certificate, or an audit.

This is why the BRC say you can only use an SAQ for ‘initial’ approval. Because, the monitoring needs to prove on an ongoing basis, if they really are low risk, or not.

If you have any questions regarding this subject, or would like to share your thoughts, please do – by adding them to the reply box below. This article has been updated from the one we published for issue 7 above, so I’ve left the previous comments as they’re still valid and may be of use.

If you’d like to update your raw material and supplier approval and monitoring system, we have a pack for that!

BRC Supplier Performance Monitoring

£290 plus vat


Raw Material Risk Assessment

We’ve created a really handy cheat sheet to help you approve suppliers that are sending you certificates for schemes that they are accredited by. This should make it easier for you to understand. It might brighten up your office space too and it’s a great way to see boring information you can digest more easily!

If you’d like one, just complete the form below and we’ll email it to you. You will then be added to our BRC Material  & Supplier Approval list so we can update you about our solutions for this area of compliance with BRC Issue 8.

9 Comments

  • Karen says:

    HI Kassy
    Would that mean that we would pick up a non conformance if we ranked our suppliers as low medium and high risk? Are we saying that low risk suppliers are our high & medium risk suppliers and low suppliers are non low risk? Or the other way round? How come BRC don’t state their expectations within in the interpretation guide? great article thanks for the explanation although more confused 😉
    Thank you

    • Kassy Marsh says:

      Hi Karen,
      No I don’t think so – as long as you are defining which suppliers are low risk, the medium and high risk ones would be classed as ‘not low-risk’. I can only think it’s not covered in the interpretation guide because it was missed.
      Does that help?
      Thanks
      Kassy

  • Karen says:

    Thank you Kassy I have updated my approval risk assessment scoring and made it simpler to fit with BRC requirements. I guess they just want to see suppliers approved or not approved which makes sense as you can’t have half an approved supplier? But as you said you can almost approve everyone now. However in some ways having more flexibility on approval takes the pressure of smaller businesses as the one I work for would not be able to finance audits as most suppliers are in other countries. Plus just because they may not have certification in place doesn’t make them a bad supplier other factors can be taken into account such as supplier history quality of the product etc. Thanks for your help regards Karen

  • Clem Griffiths says:

    Hi Kassy, regarding Supplier approval please comment on this scenario.
    Given:
    • Supplier A, GFSI, Strong QA core competencies; manufacturer.
    • Supplier B, Non- GFSI, Non HACCP, poor QA core competency; distributor, blender.
    • Product: 6 spices inherent risks clearly defined.
    Risk Assessment Method:
    Combination of ingredient risk and Supplier core competency to provide a supplier classification score
    • Score X = High risk – Do not approve
    • Score Y = Medium Risk = Not low Risk – Approve and require GFSI cert ,etc
    • Score Z = Low risk – Approve and use questionnaire
    Supplier A = medium risk = Not low risk use GFSI cert
    Supplier B = Score X = High Risk – Find a replacement supplier or mitigate using 2’nd part audit to food safety scope and track corrective action against NCRs.
    Thanks for your time.
    Clem

    • Kassy Marsh says:

      Hi Clem,
      I totally agree with your scenario, it makes sense to me! I would also suggest that you would have a base line to mitigate against for supplier B. For example, if they don’t have a HACCP, then you can’t use them, even with an additional audit. Or that they have to correct the NCNs raised on the audit, prior to supply.
      Thanks
      Kassy

  • Clem Griffiths says:

    Thanks

  • Pawel says:

    Hi Kassy
    Would a BRC accreditation of supplier be sufficient?

Leave a Reply