Tag Archives: third-party audit

Audit

The Multi-Step Process of Third-Party Accreditation

By Charles Breen
No Comments
Audit

The FSMA Third Party Accreditation (TPA) final rule was published in the Federal Register in final form on November 27, 2015. Although TPA is not limited to imported food, its primary use will most likely be for food imports. TPA offers foreign food facilities and food importers a way to show FDA that the items coming to the United States meet federal food safety requirements.

An acceptable audit by a certified auditor is the only way an importer can take advantage of another FDA program, the Voluntary Qualified Importer Program (VQIP), which offers expedited review and entry of food. If FDA deems it necessary, the agency can also require certified audits for the import of specific foods.

The TPA process requires a number of administrative steps by FDA and non-FDA entities before the first third-party inspection is made. The four major steps are:

  • FDA is responsible for officially recognizing accreditation bodies.
  • An officially recognized accreditation body will accredit third-party certification bodies.
  • The accredited third-party certification body will certify third-party auditors.
  • The certified auditors will conduct consultative and regulatory audits of food facilities.

If FDA does not find an applicant that it can officially recognize as an accreditation body within two years, it may directly accredit third-party certification bodies.

In order to recognize an accreditation body, FDA must review an applicant’s legal authority, competency, capacity, conflict-of-interest safeguards, quality assurance and record procedures. By using an already existing framework familiar to industry, accreditation bodies and certification bodies will be allowed to use documentation of their conformance with the International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC) standards, supplemented if necessary, in meeting program requirements under this rule. An official recognition of an accreditation body is granted for up to five years.

FDA is authorized to recognize a foreign government/agency or a private third party as an accreditation body under TPA.

Recognized accreditation bodies under TPA will be required to:

  • Evaluate potential third-party certification bodies for accreditation, including observing representative samples of the prospective certification body’s work
  • Monitor performance of the third-party certification bodies it has accredited, including periodical on-site observations, and notifying the FDA of any change in, or withdrawal of, accreditations it has granted
  • Self-evaluate and correct any problems in their own performance
  • Submit monitoring and self-assessment reports and other notifications to the FDA
  • Maintain and provide the FDA access to records required to be kept under the program

Once accredited, third-party certification bodies under TPA are required to perform unannounced facility audits, and to notify the FDA if a condition is found that could cause or contribute to a serious risk to public health.

Ask the Expert : Root Cause Analysis – Responding to Audit Non-Conformances

A food manufacturer’s food safety program must encourage continual improvement to their existing program in order to be successful and to comply with their food safety standard. And root cause analysis is a great tool for problem solving when a site is found not to be in conformance.

The food industry has been introduced to the concept of third-party certification to help manage and control their food safety programs. Food manufacturers benefit from a food safety quality system that is based on Global Food Safety Initiative (GFSI) principles.

Business People with Puzzle Pieces and Teamwork Concept

A food manufacturer’s food safety program must encourage continual improvement to their existing program in order to be successful. Current GFSI benchmarking initiatives have introduced the concept of implementing root cause analysis as a tool for problem solving when a site is found not to be in conformance with their food safety standard.

A new white paper from CERT ID covers relevant information that can assist food companies understand how to implement their solution, review and evaluate the results, and reflect and act on what was learned. This Q&A with CERT ID’s Michael J. Pearsall, Vice President of Business Development, offers some insights.

Q: These RCA tools are nice but require large amounts of resources to solve problems. Is this really necessary?

A: The effort and resources utilized to solve a problem should reflect the scale of the issue with regard to the impact on the person or organization. The tools that are normally advertised are to be used for complex problems. What about the simple day-to-day problems we all face as managers? A human being solves problems without even realizing it. You have a built in mechanism that you have acquired through life experiences and this device should be called upon first. Develop a personal strategy as to how to approach a problem that starts with observation; defining the issue; prioritization; short term strategy and finally a long term strategy to prevent issues from reoccurring. Complexity of problems change but your strategy should not.

Q: We went through a complex root cause analysis and solved the problem but it keeps reoccurring. It is very frustrating so how do we prevent this?

A: I hate to tell you this but problems are only temporarily solved. Many very intelligent people forget, the most important part of problem solving, developing a strategy to maintain the gains you spent so much of your resources to obtain.

There is an overused Old Testament bible story about David and Goliath. Many think that David killed Goliath with a stone from his sling but this is not true. David had developed a strategy to maintain his gain. David had to immobilize the giant to gain access to him. He solved the problem by hitting him in the head with a stone, but the long term strategy was to grab his sword to cut his head off securing the gains to his problem solving effort. It is necessary to think about how you will maintain the gain once a problem is unraveled.

For more information, click here to download Responding to Audit Non-Conformances: Root Cause Analysis, a complimentary white paper from CERT ID

What Constitutes a Successful FDA Audit?

By Sangita Viswanathan
No Comments

From the proposed third party accreditation rule, to GFSI audits, and needing more trained and experienced auditors, the process of auditing food facilities is undergoing a sea-change. What is the impact going to be on food companies, auditors, and the auditing process?

In a recent FSMA Fridays webinar, sponsored by SafetyChain Software, an expert team from The Acheson Group, comprised of Melanie Neumann, J.D., M.S., VP and Chief Financial Officer; Jennifer McEntire, Ph.D., VP and Chief Scientific Officer; Anne Sherod, M.S., Director of Food Safety and Valerie Scheidt, MBA, CP-FS, Director of Food Safety, answered key questions on conducting successful FDA audits. We present some excerpts below.  

How does the FSMA third party audit accreditation rule impact the audit process?

 

The purpose of the third party accreditation and certification audit is to issue a certificate for high risk foods or the voluntary qualified importer program. The main foundation of the standards that FDA is setting will come from the human preventative controls rule, the animal preventative controls rule, and the produce safety rule. Some standards may also come from the sanitary transportation rule and food defense rule. FDA will be appointing an accreditation body and this accreditation body will approve and monitor certifying bodies (CB). These CBs can be private companies or private individuals who will be authorized by the accreditation body to perform the audits and issue those certifications. 

 
Foreign governments can also be approved by FDA to act as a CB. Right now only New Zealand is approved and FDA is looking at approving Canada. We don’t anticipate any other country to be approved in the near future.;

Certifying bodies will have strict conflict of interest and reporting requirements to FDA. CBs must report to FDA within 45 days even if they’re just performing a consultative audit. They must also report to FDA if they see an issue that could lead to a Class I or Class II recall and they have to report to FDA before they report to the company that they are auditing.

 

Will a GFSI audit satisfy FSMA audit requirements?

GFSI audit requirements do not match the FSMA audit requirements, but they are not too different. Several of the schemes are very similar, and each scheme owner is making a concerted effort to become FSMA compliant. If an auditor is doing a GFSI audit, they do not need report to FDA before the company. The FSMA requirements of avoiding conflicts of interest, record keeping, and training may deter GFSI auditors from becoming Certifying bodies under FSMA. Unless FDA offers an incentive, there will be a shortage of FSMA CB auditors. 

 

What are the elements of a successful audit?

The number one goal of an audit is to identify risk. The audit needs to accurately describe the non-conformances against the audit standard to give your quality and operations team reliable and actionable data so they can mitigate that risk. The relationship between the auditor and the facility should be a partnership, add value, and build trust. The facility should learn from the auditor and the auditor should understand what the facility is doing to mitigate risk and promote food safety. Continuous improvement takes the feedback from the non-conformances and evaluates them against the organization’s goal around risk. Whether the results are from an announced, unannounced, internal, second, or third-party audit, continuous improvement is critical, and this requires commitment from management and will help the facility become audit ready. 

 

How can I ensure my auditor is up to the task?

Most audits use checklists. This goes for both the auditor and the audited. The checklist provides a standardized list of what’s expected and adds an element of order and control to the audit. It also allows for an effective way to quantify metrics. 

However, using a checklist alone can lead to minimum risk finding. The auditor needs to find a balance between being strategic and prescriptive. In order to be effective, audit protocols need to be periodically reviewed and updated. This is especially relevant with FSMA and holds true for internal and third-party audits. Check to see if the auditor’s checklist is pre-FSMA or post-FSMA. Ask the auditor when was the last time that they reviewed and updated their audit protocols. 

 

Will we have enough good auditors to meet the need?

No, we already don’t have enough good auditors. The implications of this are that we may get substandard audits from substandard auditors. The current model isn’t working and we need a new approach. Currently, most auditors have extensive prior experience working in industry and often become auditors after they retire.

We are creating auditors not through structured training. This model is not sustainable and has limited growth potential. It will not provide the level of training required for GFSI or FDA third party certification requirement. We need a training program for auditors who come right out of school. We need people to go to school for food safety and be able to become an auditor after graduation. Food safety needs to be incentivized at the university level. There should be a bachelors degree in food safety auditing. We need structured training and developmental opportunities for folks earlier in their career rather creating auditors at the end of their career.