Selecting a certification standard is an important step for any organization. You are choosing the rules with which the organization will need to comply, even if you later consider them excessive and irrelevant. In some ways, the selection of a standard will shape the food safety culture of your organization and direct future investments. In many cases, companies end up changing standards after discovering that their initial choice was not a good fit for their company, that customer expectations have changed, or that there is a change in their food safety culture. There is not a single correct standard for all organizations. The Global Food Safety Initiative (GFSI) understands this and as a result, allows multiple standards to benchmark to their guidance document, providing diversity and options for the industry.
A well-founded decision results in better preparedness, clarity about what is required, and an indication of the steps to follow. Certification bodies are not allowed to suggest one standard over another, but they can help you assess your strengths, needs, and expectations so you can make the best decision for your organization.
THREE MAIN COMPONENTS. It is important to understand the main components of the GFSI standard as each is different. Each may have more or fewer details in the requirements, but all will have three core components: HACCP, prerequisite programs, and management system requirements.
- HACCP: Demonstrate compliance with the seven principles and 12 steps of implementation according to Codex Alimentarius. Most standards are very similar in this component, but some have more specific requirements (e.g., annual plan review or specific details in the product description).
- Prerequisite Programs: There is a list of minimum requirements in the GFSI guidance document. However, the standards differ greatly in the level of detail and requirements for each program. In some cases, there is a broad description, while in others the requirements are very detailed and considered to be prescriptive. Some organizations prefer the strategy of less is better, but without detailed requirements, it is possible for employees to get lost, resulting in inconsistency and non-compliance. Organizations that fall into product groups that have established regulatory or industry-accepted GMP programs have an advantage as it is typically easier for them to adjust their system to any of the available standards.
- Management Systems: These requirements are included in the GFSI guidance and in the standards to create sustainability and continuous improvement. The approach to management system requirements is the main difference between standards, as the types of programs and levels of detail widely differ. These requirements include documentation and record control, involvement and commitment of senior management, measurement of compliance, and how reported deviations and gaps are addressed and closed. Some standards require more documented procedures to cover these topics while others require identification of rules that would be followed. Organizations that have implemented management systems such as ISO 9000 will have an easier time implementing these programs. In the end, compliance with all requirements is a must, and there are no awards if you excel in some and fail in the others.
There are differences in the scope of industrial sectors that each GFSI-recognized standard covers (food manufacturing, packaging materials, storage and distribution, or brokers). FSSC 22000, SQF, BRC, and IFS are the benchmarked standards with the most global use. Before selecting a standard for your facility, read and review each, along with any supporting information, such as interpretation guidelines.
ADDITIONAL CONSIDERATIONS. Additional aspects of the standards and how they are executed that should be considered in the selection process include:
- Customer Requirements. A good starting point is to discuss needs and expectations with your main customers. With so many options, it may be difficult to make all your customers happy; however, your main customers may have good insights. They will be able to share their implementation experience and pitfalls in the process, and they may have specific needs and expectations. Manufacturing companies usually require a GFSI system with a certain standard, while retailers sometimes have their own specific standard requirements. In North America, most major retailers accept all GFSI standards. Some organizations only request proof of certification while others require a minimum score/audit result to be considered in compliance.
- Export Needs. The needs and expectations of the domestic market of North America will not always match the needs and expectations in other regions. It is not uncommon for Europe-based organizations to certify to multiple standards to meet the requirements of European retailers. Many European retailers prefer IFS and BRC standards because they are more prevalent, used, and known by the customers. This also could be why overseas customers expect their suppliers to use the standard they use. With that said, GFSI has prevented a standard owner from requiring that suppliers use the standard used by the customer.
- Alignment With FSMA. Food companies in or importing to the U.S. need to comply with legal as well as customer requirements. It is important that the organization understands or investigates how its standard aligns with the Food Safety Modernization Act (FSMA). There are many webinars, articles, and other sources of information that make it clear that GFSI does not 100% comply with FSMA requirements, but does highly support the effort to become compliant. All main GFSI standards have performed independent comparative analysis against existing FSMA rules, which, in most cases, cover the Preventive Controls for Human Foods, Sanitary Transportation, and Foreign Supplier Verification rules. These sources describe the cases in which the selected standard meets, exceeds, or falls short of the FSMA requirements. These comparisons will help you determine any extra work that will be needed to attain FSMA compliance.
- Existing Resources. All GFSI standards are expected to be similar to each other using the GFSI benchmark document as a starting point. However, implementation of each is slightly different. Some standards are very specific in nature, describing in detail what is expected. This can help organizations determine the specific type of documented procedures to have in place and the detail expected. This is normally a good fit for organizations that have just begun their compliance journey and do not have a structured system in place. In addition, it allows you to clearly determine what is expected and how many resources you may need to accomplish the task. Other standards are much more generic in nature and define expected documents without clearly determining the details. Many companies are lured to follow this path because it seems less demanding and more simplistic in nature. However, the lack of an established quality and food safety structure may create an environment where employees are unclear on what to do or how to achieve the requirements, and it may reduce consistency in the organization.
- Corrective Action Implementation. After the audit, your organization is allotted time to implement corrective actions for identified deviations. Some of those deviations are considered capital projects which will take time and money. The standard you choose will determine the implementation timeframe which could be as few as 14 days from the last day of the audit up to the next audit. In all cases, there must be evidence that immediate actions are taken to control non-conformities. The table above defines three corrective action terms and the example of application to a roof leak discovered during an audit that is damaging some raw materials. It is important to ensure your organization meets required timeline commitments. At the time of the next audit, one of the first activities that will be conducted is the review of corrective action implementation. If corrective actions are not demonstrated, you will likely receive a major deviation, increasing your chances of a certificate suspension.
- Qualified Auditor Availability. All GFSI standards are globally accepted, but there are different concentrations of available auditors. While some standards are widely used in certain regions, in others it can be a challenge for auditors to find enough audits to maintain their credentials. This could mean that a certification body would need to fly an auditor overseas to perform your audit. For example, there could be more than 100 IFS food auditors in Spain, but in North America there may be fewer than 20. Similarly, all standards split food products into categories and, in some cases, products fit in very specific categories with few auditors approved to audit them. For example, there are only 10 registered SQF auditors in North America for bee honey, so this may require audit planning six to eight months in advance with few auditor options. Other GFSI standards may consider bee honey to be under a category for which you will have plenty of auditor options.
- Length of Audits. Every standard has a method to determine audit length. Review the required parameters and ensure you have good information to provide your certification body. Consider that in some standards an increase of one HACCP group may mean an additional half day of audit time. The main parameters usually include the number of employees, the number of HACCP groups (or product groups), and size of the facility. Other factors may be the number of production lines or type of manufacturing processes. Between standards the information may look the same, but the expected number may be different (e.g., BRC requires total number of employees in the main shift, while FSSC requires total number of employees that are significant to the scope of the certification at all shifts). If you plan to compare the time and cost of the certification of different options, it is best to consider a three-year overview. While FSSC requires different amounts of audit time depending on the place in the certification cycle, others will remain constant from year to year. Be aware that, at the time of the initial certification, SQF and FSSC require a separate initial document review. BRC and IFS do not require this.
- Food Safety vs. Food Safety/Quality. With all GFSI standards, the common ground is food safety, and they cover, in detail, HACCP, prerequisite programs, and system requirements that allow organizations to maintain and improve their compliance. Quality program requirements also may be included. IFS and BRC have quality aspects integrated into their standards. Compliance to the standard means compliance to quality and food safety parameters. On the other hand, SQF and FSSC focus on food safety. While there are quality requirements that can be added, the result of quality may not affect the result of the food safety portion. In the worst case, if you pass the food safety standard but fail the quality standard, you are still able to certify against GFSI requirements. While some organizations consider both to be relevant and important, others believe compliance complicates the process and may place risks on their initial efforts. Also, some organizations have complex and well-defined quality standards that are not a good fit with an externally developed standard.
- Audit Frequency. All GFSI standards require annual audits. At each audit, it is required that compliance with all applicable clauses is evaluated. What is not mandated by GFSI are the actions for low performance. While IFS and FSSC 22000 require annual audits to be conducted in all cases, BRC and SQF require audits every six months until you reach a certain score or level of performance. This is a condition to keep in mind as it may affect your audit budget. Additionally, it should be considered that BRC and IFS require site visits to verify corrective actions for certain judgments, such as majors or criticals. This incurs additional auditor travel expense. For SQF and FSSC 22000, revisits are not mandatory, and verification is determined by the certification body.
- Unannounced Audits. In an effort to ensure audits capture a company’s performance in normal conditions and increase its level of compliance at all times, GFSI requires that all standards provide the option for unannounced audits. The approach to these activities is not common between standards. FSSC and SQF require that at least one audit every three years be conducted unannounced; this is currently a voluntary option for BRC and IFS. These differences in the standards may conflict with customer requirements. You will need to confirm your customers’ requirements for announced or unannounced audits early in your selection process, as some retailers require unannounced audits by default.
- Bundle of Requirements. Food safety compliance is more than likely the main interest of your company and your customers. However, there are other topics that may be of concern for you or your customers including: sustainability, gluten-free, trade of products, organic, animal feed, FSMA readiness, etc. The structure of some standards has been set to meet food safety and quality but nothing else, while others may allow you to cover multiple needs in the same visit. For example, SQF has sustainability requirements which could be bundled in the same audit visit as your SQF audit, as well as a FSMA readiness evaluation; BRC is well known for its capacity to add voluntary modules that may fit customer needs, such as gluten-free, animal feed as byproducts, FSMA readiness, and even the possibility to measure the food safety culture. The idea is to reduce costs and meet multiple customer or internal needs in a single visit.
- Expected Level of Readiness. While the intent in most cases is to demonstrate, to cusotmers and stakeholders, your company’s compliance to an existing GFSI standard, it also is recognized that, after years of industry requests, most multi-national and large organizations have already achieved that step. Now it is time for the rest of the industry, including small organizations which are concerned about their readiness, to accomplish certification.
GFSI recognized the difficulties and developed a tool to help smaller organizations initiate the process in a gradual step program called Global Markets. Each standard has a Global Markets solution. It is important to understand that these programs do not equate to full compliance to GFSI, but are processes that guide achievement. Before approaching Global Markets as the next step, communicate with your customers who will provide guidance and/or approval to meet their needs.
For additional questions or details about standard requirements, contact AIBI Certification Services at firstname.lastname@example.org.The author is General Manager, AIB International Certification Services.