BRC FSMA Voluntary Module and Guidance-7 Jun2018 LR
BRC FSMA Voluntary Module and Guidance-7 Jun2018 LR
BRC FSMA Voluntary Module and Guidance-7 Jun2018 LR
FSMA PREVENTIVE
CONTROLS
PREPAREDNESS
MODULE AND
GUIDANCE FOR
BRC-CERTIFIED
FACILITIES
2018
BRC GLOBAL STANDARDS
LIABILITY
BRC Global Standards* publishes information and expresses opinions in good faith, but accepts no liability for any error or omission
in any such information or opinion, including any information or opinion contained in this publication.
Whilst BRC Global Standards has endeavored to ensure that the information in this publication is accurate, it shall not be liable for any
damages (including without limitation damages for pure economic loss or loss of business or loss of profits or depletion of goodwill
or otherwise in each case, whether direct, indirect or consequential) or any claims for consequential compensation whatsoever
(howsoever caused) arising in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or
otherwise, in connection with this publication or any information contained in it, or from any action or decision taken as a result of
reading this publication or any such information.
All warranties, conditions and other terms implied by statute or common law are, to the fullest extent permitted by law, excluded.
Nothing excludes or limits the liability of BRC Global Standards for death or personal injury caused by its negligence, for fraud or
fraudulent misrepresentation or for any matter which it would be illegal for it to exclude or attempt to exclude liability for.
The Global Standard for Food Safety: FSMA Preventive Controls Preparedness Module and Guidance for BRC-certified Facilities and
the terms of the disclaimer set out above shall be construed in accordance with English law and shall be subject to the non-exclusive
jurisdiction of the English Courts.
COPYRIGHT
© BRC Global Standards 2018
All rights reserved. No part of this publication may be transmitted or reproduced in any form (including photocopying or storage in
any medium by electronic means) without the written permission of the copyright owner. Application for permission should be
addressed to the Operations Director of Global Standards at BRC Global Standards (contact details below). Full acknowledgement
of the author and source must be given.
The contents of this publication cannot be reproduced for the purposes of training or any other commercial activity.
No part of this publication may be translated without the written permission of the copyright owner.
Warning: Any unauthorized act in relation to a copyright work may result in both a civil claim for damages and criminal prosecution.
Email: [email protected]
Website: www.brcglobalstandards.com
PART 1 INTRODUCTION
How to use this module 3
Suppliers, manufacturers and GFSI-benchmarked certifications 4
Scope and exclusions 4
Audit planning 5
The onsite audit 5
Nonconformities and corrective action 6
Grading7
Audit reporting 7
Certification7
Audit frequency, recertification and scheduling reaudit dates 7
PART II REQUIREMENTS
Relationship of the module to the Global Standard for Food Safety 9
I Preventive Controls for Human Food: 21 CFR Part 117 10
II Preventive Controls for Animal Food: 21 CFR Part 507 22
III Food Defense: 21 CFR Part 121 23
IV Sanitary Transportation: 21 CFR Part 1 subpart O 29
V Produce Safety: 21 CFR Part 112 34
APPENDICES
Appendix 1: Correlation of activities covered by the Food Safety Standard with FSMA legislation 43
Appendix 2: Process for undertaking module audits 44
GLOSSARY46
FSMA REFERENCES48
The aim of this module is to assist manufacturing organizations in understanding those prescriptive
elements within the FSMA Preventive Controls for Human Foods that are not explicitly covered
within the BRC Global Standard for Food Safety.
It does not represent a certification, nor guarantee that all aspects of the site’s operations will be
found fully compliant with the regulation; rather, it is a deeper clarification of what the expected
interpretations and expectations will be, once implementation dates come into effect.
This module may be used by any facility located within the US as an assessment step in preparation
for their required compliance date. It may be used by facilities outside of the US who see this market
as a current or future export target, to show evidence to the importer of record that they have specifically
addressed certain aspects of the supplier verification program. Additionally, it may be used by
specifiers to gain understanding and evidence of compliance with specific parts of the regulations.
The checklists address compliance requirements across the following FSMA rules:
○○ Current Good Manufacturing Practice, Hazard Analysis, and Risk-Based Preventive Controls
for Human Food
○○ Current Good Manufacturing Practice and Hazard Analysis and Risk-Based Preventive
Controls for Food for Animals
○○ Mitigation Strategies to Protect Food Against Intentional Adulteration
○○ Sanitary Transportation of Human and Animal Food
○○ Standards for the Growing, Harvesting, Packing, and Holding of Produce for Human Consumption
○○ Where the site is required to register with FDA as a food facility, it shall comply with applicable
requirements of Checklists I–IV.
○○ Where the site is identified as BRC Category 5 and defined as a farm or mixed-type facility
by FDA, it shall comply with all the requirements of Checklists IV and V.
N.B. Mixed-type facilities may be required to register with FDA as a food facility depending
upon operational activities. For mixed-type facilities, farm activities (i.e., harvesting, packing,
and holding) shall comply with the requirements of Checklist V and manufacturing activities
shall comply with applicable requirements of Checklists I–III. All transportation activities shall
comply with Checklist IV.
Satisfying the requirements of the checklists in Part II does not guarantee compliance with US
legislation. Rather, compliance with this module provides clear guidance to help sites navigate the
suite of FSMA rules. Examples provided throughout this module are for illustrative purposes to aid
in the interpretation of BRC Global Standards’ requirements and do not authoritatively determine
the regulation. Full regulatory compliance with FSMA legislation is the responsibility of the site.
Key terms used in the checklists are defined in the Glossary to aid in the interpretation of module
requirements. Additionally, a list of legislative and training references are provided to support sites
in regulatory compliance.
AUDIT DURATION
In order for the FSMA Preventive Controls Preparedness Module to be included within the
audit program, additional time will be needed for the audit. The amount of additional time
will depend on several factors, primarily the organization, knowledge and preparedness of
the facility personnel. The certification body shall indicate the expected additional time
requirements at the time of planning the audit.
During the audit, detailed notes shall be made regarding the site’s conformities and nonconformities
against the requirements of the additional module, and these will be used as the basis for an
addendum to the audit report. The auditor(s) shall assess the nature and severity of any nonconformity.
At the closing meeting, the auditor(s) shall present their findings and discuss all nonconformities
that have been identified against the module during the audit. A written summary of the nonconformities
discussed at the closing meeting will be documented by the auditor either at the closing meeting
or within 1 working day after completion of the audit.
The decision to award certification for the additional module will be determined independently by
the certification body management, following a technical review of the audit report and the closing
of nonconformities in the appropriate timeframe. The company will be informed of the certification
decision following this review.
Typically, it is expected that the module will be conducted in conjunction with the full BRC Global
Standard audit; however, it is acknowledged that there may be instances where the module needs
to be done as a standalone. Full details on how to manage the process in this instance are outlined
in Appendix 2.
NONCONFORMITIES
Nonconformities against requirements of an additional module shall be graded in the same way
as nonconformities identified against requirements of the main Standard, namely:
○○ Critical Where there is a critical failure to comply with a product safety or legal issue within the
scope of the module.
○○ Major Where there is a substantial failure to meet the requirements of any clause of the module
or a situation is identified which would, on the basis of available objective evidence, raise
significant doubt as to the conformity of the product to the module.
○○ Minor Where a clause of the module has not been fully met but, on the basis of objective
evidence, the conformity of the product or service to the module is not in doubt.
Critical nonconformities
If a critical nonconformity is identified against a requirement of the module, then the site cannot
be certificated for this module without a further full audit of the module.
Where this occurs at a site that already holds certification for the module, certification of the module
must be immediately withdrawn.
If it is a requirement of customers that they shall be informed when their suppliers have a critical
nonconformity identified or fail to gain certification against a module, the company shall
immediately inform its customers.
Note a critical nonconformity against a requirement of an additional module does not necessarily
prevent certification against the main Standard or other additional modules.
If satisfactory evidence is not provided within the 28-calendar-day period allowed for submission
following the audit, certification for the module will not be granted. The site will then require a
further full audit in order to be considered for certification of the module.
The certification body will review objective evidence of corrective action completed prior to
awarding a certificate.
Any nonconformities identified when assessing an additional module may be taken into account
when deciding the grade for certification against the Global Standard for Food Safety, if the site is
under compliance deadlines as identified by the Food and Drug Administration (FDA).
Any nonconformities identified when assessing the FSMA Preparedness Module and not closed
out shall have no impact on certification to the Global Standard for Food Safety.
AUDIT REPORTING
Following each audit, a written report shall be prepared in the agreed format for the module and this
will form an addendum to the Global Standard for Food Safety audit report. The addendum report
shall be produced in English, with the addition of any other language as required by the audited site.
The report addendum covering the requirements for the module shall be prepared and dispatched
to the company within 42 calendar days of the completion of the full audit.
The full BRC audit report together with the addendum for the FSMA Preventive Controls Preparedness
Module shall be uploaded to the BRC Global Standards Directory in a timely manner irrespective of
whether a certificate is issued. The owner of the audit report may allocate access to the audit report
with the addendum to customers or other parties in the directory.
The audit report and associated documentation, including auditor’s notes, shall be stored safely
and securely for a period of 5 years by the certification body.
CERTIFICATION
After a review of the audit report for the module and documentary evidence provided in relation to
the nonconformities identified, a certification decision shall be made by the designated independent
certification manager. Where certification is granted, this shall be included on the certificate for the
BRC Global Standard for Food Safety and issued by the certification body within 42 calendar days
of the audit.
Note that the module is certificated as an addendum to the Global Standard for Food Safety. Where
certification to the Standard is not achieved, certification for the module cannot be awarded irrespective
of whether the requirements of the module have been met.
Additional references to relationships with other clauses within Issue 7 of the BRC Global Standard
for Food Safety are also included as required.
Where a site determines it must register as a food facility with FDA, it shall then decide if its business operations are regulated by
21 CFR Part 117 (Preventive Controls for Human Food rule). Sites regulated by 21 CFR Part 117 shall comply with all requirements
of the following Preventive Controls for Human Food checklist for compliance with this module.
RECOMMENDATION
Identify backflow prevention risk areas and devices. Add to periodic check program (at a minimum, recommend annual).
GUIDANCE
21 CFR § 117.139 requires a recall plan where the site identifies a hazard requiring a preventive control. The recall plan must include
responsibility and steps for notifying consignees about how to return or dispose of product, conducting effectiveness checks and
appropriate disposal. The expectation for these activities is implied in BRC clause 3.11.2, which generally requires a plan for recovery
or disposal.
It is recommended that sites review their recall and withdrawal procedure to ensure it defines responsibility and steps for the specific
activities described in the regulation. Template letters for notifying consignees about how to return or dispose of product and
conducting effectiveness checks may be drafted in advance and reviewed for effectiveness as a part of the annual mock recall.
Methods for determining appropriate disposal should be science- and risk-based and determined by an individual(s) with the
appropriate knowledge and authority.
RECOMMENDATION
The recall plan should include the identified bullet points. The effectiveness of the plans should be assessed during the site mock recall.
GUIDANCE
Product testing for a pathogen (or indicator organism) or other hazard is a defined verification activity in 21 CFR § 117.165 of the
regulation. Where product testing is used as a verification activity, the site must establish and implement a scientifically valid testing
procedure, which defines sampling, frequency, test method, laboratory, and corrective action procedure. Generally, expectations to
meet this requirement are defined by BRC clause 5.6.2.3.
Where product testing is used as a verification activity to confirm the effective implementation of a preventive control, the site should
reanalyze the applicable procedures for analyses that are critical to safety and legality and update them as necessary to ensure that
the procedure(s) documents all requirements of the regulation.
RECOMMENDATION
Sample and test methodology should follow industry-accepted practices, and reference to such practices should be part of the procedure.
GUIDANCE
Environmental monitoring for a pathogen (or indicator organism) is a required verification activity as defined in 21 CFR § 117.165 of
the regulation where RTE product is exposed to the environment before being packaged and the packaged food does not receive
a kill step to eliminate or significantly minimize the pathogen. Where environmental monitoring is applied as a verification activity
for exposed RTE product, the site must establish and implement a scientifically valid testing procedure, which defines sampling
(including location of sites), timing and frequency, test method, laboratory, and the corrective action procedure. Generally, expectations
to meet this requirement are defined by BRC clause 5.6.2.3.
It is recommended that science-based guidance on the establishment, implementation, and maintenance of a pathogen environmental
monitoring program be reviewed when determining the test organism, sample locations and number, timing, frequency, and test
method. This is because these variables significantly impact the ability of the program to verify the effective implementation of
environmental pathogen controls.
Where environmental monitoring is used as a verification activity to confirm the effective implementation of a preventive control
(e.g., sanitation) for an environmental pathogen, the site should reanalyze the applicable procedures for analyses that are critical
to safety and legality and update them as necessary to ensure that the procedure documents all the requirements of the regulation.
RECOMMENDATION
Sample sites and frequency of testing should be based on a risk assessment.
Corrective action should include product disposition in the case of positive results, immediate correction (i.e., reclean), and
corrective action (i.e., reassessment of cleaning procedures).
GUIDANCE
21 CFR § 117.305 specifically requires site, responsible person and product identification information on all records related to the food
safety plan. The expectation for recordkeeping identifiers and the signature or initials of the individual responsible for authorized
verification is implied in BRC clause 3.3.1.
It is recommended that sites review all existing records related to the food safety plan and update the forms as required by the
regulation in a manner consistent with the site’s document control procedures. New forms must take into account all recordkeeping
requirements as described in 21 CFR § 117.305.
RECOMMENDATION
Ensure that records identify all bullet points, specifically the site and traceability to specific product lots.
Sites identified as BRC Category 11 for pet food shall comply with all requirements of the Preventive Controls for Human Food Checklist
and the following additional requirements of the Preventive Controls for Animal Food checklist for compliance with this module.
GUIDANCE
There are specific requirements regarding the labeling of animal food, as well the byproducts to be used (or potentially used), in the
manufacture of animal food that utilizes a common or trade name.
Transport containers, including vehicles, must be assessed for contamination risk.
RECOMMENDATION
Ensure that the risks unique to animal food (dependent on destination use or potential) are identified and mitigated.
GUIDANCE
21 CFR § 121.126 requires a written food defense plan, which contains the following components:
○○ a written vulnerability assessment
○○ written mitigation strategies
○○ written food defense monitoring procedures
○○ written food defense corrective action procedures
○○ written food defense verification procedures.
Sites should review their security assessments and security arrangements for compliance with the regulation and update or establish
new procedures to formalize a food defense plan as described above.
RECOMMENDATION
Note that food defense must assess both external and internal threats.
A vulnerability assessment shall be documented for each food type regardless of the outcome and provide justification as to why
each point, step or procedure in the operation was or was not identified as an actionable process step.
GUIDANCE
21 CFR § 121.130 requires a written vulnerability assessment for each food type manufactured, processed, packed, or held at the site.
The assessment must evaluate key criteria defined in this requirement against each step of the operation for the food type being
analyzed. The QI is responsible for conducting the vulnerability assessment.
The vulnerability assessment must identify two important pieces of information: significant vulnerabilities and actionable process
steps. Utilizing a process flow diagram is recommended.
Significant vulnerabilities are a point, step or procedure in processing, manufacturing, packing, or holding operations susceptible to
intentional adulteration with a likelihood of causing wide-scale public health harm. An example of a significant vulnerability may be the
storage of bulk liquid due to the potential to contaminate a large volume of food uniformly as the result of the homogeneous nature of
the material and continuous mixing.
Actionable process steps are a point, step or procedure where a vulnerability exists and a mitigation strategy can be applied, which is
necessary to minimize or prevent the vulnerability. An example of an actionable process step is ‘material receiving’ where a significant
vulnerability exists for the receiving of bulk liquids. Several types of mitigation strategies (e.g., controlled access, visitor sign-in,
locked storage tanks, etc.) may be applied individually or in combination as appropriate to the operation and vulnerability.
RECOMMENDATION
Risk matrices should take into account ease of access to open product. In general, access restriction to processing and storage
areas will manage external but not internal threats. Internal threats may be managed by a combination of access restriction, employee
vetting, restriction of materials entering the area (limiting what employees can bring into production area), and oversight.
It is important to note that each mitigation strategy must be tied to an identified actionable process step, documented, and justified
to explain how it prevents or reduces the corresponding vulnerability.
RECOMMENDATION
No additional recommendations.
RECOMMENDATION
Recommend including verification or assessment of mitigation strategies into internal audit systems.
GUIDANCE
21 CFR § 121.145 requires that mitigation strategies have associated corrective action procedures where implementation is not
performed as intended.
BRC clause 3.7.1 requires a corrective action procedure. The scope of this procedure should ensure that deviations (i.e., nonconformities)
from implementing mitigation strategies, food defense monitoring, or food defense verification are covered by the procedure and
subject to the established corrective action protocol as required by clause 3.7.2.
RECOMMENDATION
Corrective action procedures within the food defense plan should include failure of, or failure to utilize, mitigation strategies.
GUIDANCE
21 CFR § 121.150 requires that mitigation strategies be verified through several mechanisms to ensure consistent implementation
of the strategy as intended.
A food defense verification procedure shall be established and should include:
○○ scope of mitigation strategies
○○ verification activities, which include those specified in the requirement
○○ frequency of verification to include a schedule of activities
○○ responsibility
○○ recordkeeping.
Where internal audits shall be used as ‘other verification activities’ to satisfy compliance with this requirement, the scope of the
internal audit procedure and schedule required by BRC clause 3.4.1 shall be expanded to include all mitigation strategies.
RECOMMENDATION
Recommend including verification procedures for all mitigation strategies in internal audit activities.
GUIDANCE
21 CFR § 121.157 requires that the food defense plan be reanalyzed every 3 years (at a minimum) or following changes, which can
impact the outcome of the vulnerability assessment and effective application of mitigation strategies. The QI is responsible for
performing reanalysis of the food defense plan.
Revisions to the food defense plan shall occur where facility or operational changes create a new potential vulnerability or elevate
a vulnerability to significant status. Reanalysis and changes shall be made (and documented) before changes at the site occur,
within 90 days of production or within an appropriate timeframe based on justification.
BRC clause 4.2.1 requires a documented review of the security risk assessment and results whenever changes at the facility occur or
annually (at a minimum). Site procedures for the documented review should be expanded to cover review of the vulnerability assessment,
actionable process steps, mitigation strategies, and food defense monitoring, corrective action and verification procedures.
RECOMMENDATION
No additional recommendations.
GUIDANCE
21 CFR § 121.305 is equivalent to § 117.305 (refer to guidance in Preventive Controls for Human Food checklist) for records that
relate to the food defense plan – including monitoring, corrective action, and verification.
It is recommended that sites review all existing records related to food defense and site security and update forms as required
by the regulation in a manner consistent with the site’s document control procedures. New forms (e.g., food defense monitoring)
must consider all recordkeeping requirements as described in 21 CFR § 121.305.
RECOMMENDATION
Specific attention to be paid to the last two bullet points, ensuring site identification and lot code where applicable.
RECOMMENDATION
Responsibility for appropriate transport equipment shall be undertaken by the site or embedded into the contract for service suppliers.
Where the site’s customer or another entity receives the product, they bear responsibility for assessing and documenting
temperature abuse.
This clause applies even when the site is not the final recipient.
RECOMMENDATION
This requirement applies to all steps, interim and final, in the transport chain for temperature-controlled product. Where a site
receives temperature-controlled product, it may need to verify multiple previous steps if the risk assessment indicates the need.
GUIDANCE
Where formally agreed upon with the shipper, the US carrier is responsible for the following sanitary activities:
○○ ensuring that the vehicles and activities meet the shipper’s sanitary specifications
○○ documenting compliance with the specified operating temperature where temperature-controlled product is shipped
(e.g., data loggers or recording the temperature during loading and unloading)
○○ precooling of the refrigeration unit where specified by the shipper
○○ identifying the previous cargo of bulk transport to the shipper upon request
○○ disclosing the most recent cleaning of the vehicle to the shipper upon request
○○ establishing and implementing cleaning, sanitizing, and inspection procedures for ensuring that vehicles and transportation
equipment are maintained in a sanitary condition.
RECOMMENDATION
Procedures should include not only initial verification of cleanliness, but also the expectation to maintain these conditions during transport.
GUIDANCE
The site shall document assurance that US carriers implement adequate training programs required by the Sanitary Transportation
rule in carrier contracts.
Where the US carrier is responsible for the sanitary conditions of the transportation operations, the training requirements defined in
the Sanitary Transportation rule shall include the following:
○○ provision of adequate training to all personnel engaged in transportation regarding: the awareness of potential food safety
problems that may occur during food transportation; basic sanitary transportation practices to address those potential problems;
and the responsibilities of the carrier
○○ provision of training upon hire and periodically thereafter
○○ maintenance of training records which include the date of the training, the type of training, and the person(s) trained.
RECOMMENDATION
All transport employees responsible for the product will require adequate training on the relevant FSMA regulations (primarily those
identified in this section).
RECOMMENDATION
Ensure that the record retention policy identifies key transport-related records, and that they are maintained for a minimum of 12 months.
Where a site determines that its business operations are regulated by 21 CFR Part 112 (Produce Safety rule), it shall comply
with all requirements of the following Produce Safety checklist for compliance with this module.
GUIDANCE
21 CFR § 112.22(a) requires that all persons engaged in handling produce or food contact surfaces receive training in:
○○ principles of food hygiene and food safety
○○ health and personal hygiene – including recognizing symptoms of health conditions likely to contaminate produce or
food contact surfaces
○○ produce safety standards applicable to the individual’s job.
The intent of this regulatory requirement is covered by BRC section 7.1 as the Food Safety Standard requires all personnel to receive
‘appropriate’ training commensurate with the type of work and all persons engaged in activities related to CCPs to be trained and
assessed for competency.
To ensure clarity in expectations for personnel who handle produce or food contact surfaces and regulatory alignment, the site shall
ensure compliance with this module requirement, which is in addition to compliance with all training requirements of BRC section 7.1.
As the Produce Safety rule does not require the implementation of HACCP and CCPs, but rather the application of specific produce
standards, personnel who handle produce or food contact surfaces shall be additionally trained in these standards (e.g., water
quality measures) where applicable.
RECOMMENDATION
No additional recommendations.
GUIDANCE
21 CFR § 112.22(b) requires that all persons engaged in harvest activities receive training on methods to prevent and correct
cross-contamination of produce and food contact surfaces.
As discussed in the previous clause, the intent of this regulatory requirement is covered by BRC section 7.1 as the Food Safety
Standard requires all personnel to receive ‘appropriate’ training commensurate with the type of work. However, to ensure clarity
in expectations and regulatory alignment, the site shall ensure compliance with this module requirement.
RECOMMENDATION
Indication of potential sources of and contamination by pathogens represent the key area of focus for the training.
Additionally, all records must be reviewed, dated, and signed within a reasonable time after the records are made by a supervisor
or responsible party.
BRC clauses 3.3.1 and 3.3.2 capture most requirements of the regulation but it is recommended that sites review all existing records
related to produce safety and update forms as required by the regulation in a manner consistent with the site’s document control
procedures. New forms must consider all recordkeeping requirements described in 21 CFR § 112.161.
RECOMMENDATION
No additional recommendations.
The plan shall describe aseptic methods for sample collection and testing according to FDA’s ‘Testing methodology
for Listeria species or L. monocytogenes in environmental samples,’ Version 1, October 2015 (or equivalent).
RECOMMENDATION
No additional recommendations.
RECOMMENDATION
No additional recommendations.
Appendix 1: Correlation of activities covered by the Food Safety Standard with FSMA legislation 43
Appendix 2: Process for undertaking module audits 44
I grow, harvest, pack, and/or hold I must comply with 21 CFR Part 112: Standards for
produce on a farm (as defined by FDA) the Growing, Harvesting, Packing, and Holding of
for food to be sold within the US Produce for Human Consumption, unless excepted.
In this case, it is recommended that the audit is planned for 1 day in duration, and the auditor should
assess both the FSMA module and reassess the relevant aspects of the Standard where needed
as specified below.
Where a return visit to a seasonal site is required and it is not in operation, the module may be
evaluated, providing the auditor can audit sufficient records and production areas to have
confidence of compliance with the requirements.
3 UNCERTIFICATED SITE
Where the site is not currently certificated to the Standard, the FSMA Preventive Controls
Preparedness Module may not be used alone. If a non-certificated site wishes to be assessed
for the FSMA module, the certification body must follow the full protocol for onboarding and
certifying a new site to the BRC Global Standard.
Identified nonconformities should be documented and actioned within the normal protocol of
the Standard (i.e., the company has 28 days to provide appropriate evidence of close out and the
certification body should review the information and confirm the decision in the normal manner).
If practices are seen during the FSMA assessment that give the auditor cause to doubt continued
compliance with the Standard, then nonconformities against the Standard may be raised which
will require close out. This will not affect the current grade of the certificate in force. However, if
a high number of nonconformities are identified, then action on the BRC certificate may be taken,
resulting in a full reaudit. If a critical nonconformity is identified, the certification body shall withdraw
the current certificate and arrange a full reaudit of the site.
As the module audit will not be undertaken at the same time as the Standard audit (although it will
be carried out by the same auditor), controls may have changed and therefore it is important that
the auditor audits all the relevant areas and provides details of the controls in place. The following
is a guide regarding the additional details:
○○ The standalone report template contains a section to outline a description of the company
and any major changes since the last Standard audit. This section can include management
changes, for example.
○○ The template also contains a section to outline an overview of the facility inspection. Here the
auditor can summarize whether the facility is secure, the building fabric has been maintained,
and whether it is in a hygienic state. This section should confirm that there were no concerns
regarding foreign body and allergen controls.
Actionable process step A point, step, or procedure in a food process where a mitigation strategy can be applied
(Food Defense rule) and is necessary to minimize or prevent an existing significant vulnerability.
Agricultural water Water used in growing, harvesting, packing, and holding activities (including washing or
(Produce Safety rule) cooling), which is in contact with produce or food contact surfaces.
Carrier A person or entity that physically moves food by rail or motor vehicle in commerce within the US.
The term ‘carrier’ does not include any person who transports food while operating as a parcel
delivery service.
Covered activity Growing, harvesting, packing, or holding produce on a farm (see farm).
(Produce Safety rule)
Entity A legal business.
Environmental pathogen A pathogen of the manufacturing, processing, packing, or holding environment, which can
contaminate food and cause foodborne illness if consumed. An example of an environmental
pathogen common in wet environments is Listeria monocytogenes. An example of an
environmental pathogen common in dry environments is Salmonella.
Farm (Produce Safety rule) FDA defines two types of farms, which fall under the scope of the Produce Safety regulation:
primary production farm and secondary activities farm.
A primary production farm is an operation under one management in one general physical location
devoted to the growing and harvesting of crops. Farm activities include: packing or holding raw
agricultural commodities (RACs); drying or dehydrating RACs to create a distinct commodity
such as raisins where additional manufacturing is not applied; treatment to facilitate ripening;
and packaging or labeling where the activity includes additional manufacturing (e.g., irradiation).
A secondary activities farm is an operation not located on a primary production farm whose
operations are dedicated to harvesting (e.g., hulling or shelling), packing, holding, and/or other
activities applied to the RACs described above where the primary production farm supplying the
RACs jointly owns or has a majority interest in the secondary activities farm.
Food defense Activities which protect food from intentional adulteration.
Foreign supplier A supplier that produces, processes, or manufactures food which is exported to the US.
Harvesting Cutting or separating the edible portion of fruits and vegetables from the plant. This includes
(Produce Safety rule) removing or trimming leaves, husks, roots, stems, etc. Examples of harvest activities include
cooling, field coring, filtering, gathering, hulling, removing stems and husks, shelling, sifting,
threshing, trimming outer leaves, and washing produce grown on a farm.
Hazard, known or A biological, chemical (including radiological) or physical hazard associated with a food or the
reasonably foreseeable process/facility of production.
Hazard requiring a control A known or reasonably foreseeable hazard (see hazard, known or reasonably foreseeable)
requiring one or more controls to prevent, significantly minimize or eliminate the hazard in the
food as determined by a hazard analysis.
Holding All activities related to the storage of food. Examples of holding activities include the following,
provided that the activity does not process or transform the product: storage, drying, blending,
fumigation, and handling unexposed product. Holding facilities may include (but are not limited to)
bulk silos, cold storage facilities, grain elevators, liquid tanks, shipping containers, and warehouses.
Loader A person or entity that loads food onto a rail or motor vehicle during transportation operations.
Mitigation strategy A risk-based measure determined from a vulnerability assessment, which is applied at a point
in the supply chain or at a process step to prevent or minimize a threat intending to cause
widespread public health harm.
LEGISLATION
FSMA Final Rule for Preventive Controls for Human Food: Current Good Manufacturing Practice,
Hazard Analysis, and Risk-Based Preventive Controls for Human Food
https://www.fda.gov/food/guidanceregulation/fsma/ucm334115.htm
FSMA Final Rule for Preventive Controls for Animal Food: Establish Current Good Manufacturing
Practice and Hazard Analysis and Risk-Based Preventive Controls for Food for Animals
https://www.fda.gov/food/guidanceregulation/fsma/ucm366510.htm
FSMA Final Rule on Foreign Supplier Verification Programs (FSVP) for Importers of Food for Humans
and Animals
https://www.fda.gov/food/guidanceregulation/fsma/ucm361902.htm
FSMA Final Rule for Mitigation Strategies to Protect Food Against Intentional Adulteration
https://www.fda.gov/food/guidanceregulation/fsma/ucm378628.htm
FSMA Final Rule for Sanitary Transportation of Human and Animal Food
https://www.fda.gov/food/guidanceregulation/fsma/ucm383763.htm
Summary: Standards for the Growing, Harvesting, Packing, and Holding of Produce for Human
Consumption (Final Rule)
https://www.fda.gov/downloads/Food/GuidanceRegulation/FSMA/UCM360734.pdf
GUIDANCE
Food Facility Registration User Guide: Step-by-Step Instructions
https://www.fda.gov/food/guidanceregulation/foodfacilityregistration/ucm073706.htm
Draft Guidance for Industry: Questions and Answers Regarding Food Facility Registration (Seventh
Edition – Revised)
https://www.fda.gov/Food/GuidanceRegulation/GuidanceDocumentsRegulatoryInformation/
FoodDefense/ucm331959.htm
FSMA Rules & Guidance for Industry (a list of all FSMA-related guidance documents)
https://www.fda.gov/food/guidanceregulation/fsma/ucm253380.htm
TRAINING
Further information on the following training courses is available at https://www.fda.gov/food/
guidanceregulation/fsma/ucm461513.htm
FSPCA: Foreign Supplier Verification Programs (FSVP): FSVP Curriculum and Training