1 SENIOR MANAGEMENT COMMITMENT
1.1 SENIOR MANAGEMENT COMMITMENT AND CONTINUAL IMPROVEMENT
The company’s senior management shall demonstrate that they are fully commied to the implementation of the
requirements of the Global Standard for Agents and Brokers and to the operation of processes that facilitate continual
improvement of their product safety and quality management services.
1.1.1 The company shall have a documented policy that states the company’s
intention to meet its obligation to supply safe and legal products to the speciﬁed quality, and its
responsibility to its customers. This
• signed by the person with overall responsibility for the company
• communicated to all staﬀ.
1.1.2 The company’s senior management shall ensure that clear objectives are
deﬁned to maintain and improve the services ensuring product safety, legality and quality in
accordance with the quality policy
and this Standard. These objectives shall be:
• documented and include targets or clear measures of success
• clearly communicated to relevant staﬀ
• monitored, and the results reported at least six-monthly to the company’s
1.1.3 Management review meetings, attended by the company’s senior management,
shall be undertaken at appropriate planned intervals, as a minimum annually, to review the
company’s performance against the
Standard and the objectives set in clause 1.1.2. The review process shall include the evaluation
• the previous management review action plans and timescales
• the results of internal, second-party and/or third-party audits
• any customer complaints and the results of any customer performance reviews
• any incidents, corrective actions, out-of-speciﬁcation results and non-conforming materials
• supplier performance
• the management of the systems for hazard and risk assessment (e.g. product safety system, HACCP
or HACCP-based plan), food defence or product security, and authenticity of products
• resource requirements.
Records of the meeting shall be kept and documentation shall be used to revise the objectives,
thereby encouraging continuous improvement.
The decisions and actions agreed within the review process shall be eﬀectively communicated to the
appropriate staﬀ, and actions implemented within the agreed timescales.
1.1.4 The company shall have a demonstrable system to ensure that signiﬁcant product
safety, legality and quality issues are brought to the attention of senior management to allow
those issues requiring
immediate action to be resolved.
1.1.5 The company’s senior management shall provide the resources required to
ensure the product safety, legality and speciﬁed quality of products supplied in compliance with
the requirements of this Standard
and its customers.
1.1.6 The company’s senior management shall have a system in place to ensure that
the company is kept informed of, and reviews, any emerging product safety, product authenticity,
quality or legality issues,
industry Codes of Practice and all relevant legislation applicable in the country where the product
is intended to be sold or used.
1.1.7 Where required by legislation, the company shall be registered with, or
approved by, the appropriate authority.
1.1.8 The company shall have a genuine, original, hard copy or electronic version of
the current Standard available and shall be aware of any changes to the Standard or protocol that
are published on the BRC
1.1.9 Where the company is certificated to the Standard, it shall ensure that announced recertification audits
occur on or before the audit due date indicated on the certificate.
1.1.10 The opening and closing meetings of the audit for this Standard shall be aended by a senior manager of
If the most senior manager within the company is absent on the day of the audit because of other
commitments, a nominated deputy must be available (see clause 1.2.1).
1.1.11 The company’s senior management shall ensure that the root causes of non-conformities identified at
the previous audit against the Standard have been effectively addressed to prevent their recurrence.
1.2 ORGANISATIONAL STRUCTURE, RESPONSIBILITIES AND MANAGEMENT
The company shall have a clear organisational structure and lines of communication to enable the effective management of
services ensuring product safety, legality and quality.
1.2.1 The company shall have an organisation chart demonstrating its management structure. The
responsibilities for the management of activities that ensure product safety, legality and quality shall be
clearly allocated and understood by the managers responsible. It shall be clearly documented who
deputises in the absence of the responsible person.
1.2.2 The company’s senior management shall ensure that all employees are aware of their responsibilities.
Employees whose role or activity could affect product safety, integrity, legality or quality shall have
access to documented work instructions or procedures and shall be able to demonstrate that work is
carried out in accordance with these instructions.
2 HAZARD AND RISK ASSESSMENT
The company shall operate a product safety plan for the processes for which it is responsible. This shall be based on the
principles of hazard and risk analysis, and shall be documented, systematic, comprehensive, fully implemented and
2.1 The person responsible for leading the hazard analysis shall be able to demonstrate competence in the
understanding of hazard and risk analysis principles (e.g. HACCP principles) and their application.
Where a team is used, the team members shall have knowledge of the hazard and risk analysis
principles. In the event of the company not having appropriate in-house knowledge it may seek external
expertise, but the day-to-day management of the product safety system shall remain the responsibility of
2.2 Where the hazard and risk analysis study has been undertaken centrally, it shall be possible to
demonstrate that the study has been verified to meet the specific activities of the local operations to
which the study applies.
2.3 The hazard analysis, and the resulting procedures, shall have senior management commitment, and
shall be implemented through the company’s documented product safety and quality management
2.4 The company shall define the scope of the hazard and risk analysis in terms of the products and services
that are included. This shall include:
• a description of the nature of products traded (e.g. canned fish, fresh produce, corrugated board,
household chemicals such as bleach, cosmetics or household electric goods)
• details of any particular specified storage or handling conditions (e.g. temperature control
requirements or propensity to water damage)
• a description of any services provided directly or arranged while the product is the responsibility of
2.5 A process flow diagram shall be prepared to cover each step in the process from the purchase or
acceptance of responsibility for products to acceptance of the products by the company’s customer. As
a guide, this should include the following where applicable:
• import and export processes
• product checks or testing
• subcontracted transport or distribution
• subcontracted storage of products
• processes for damaged or rejected product
• any subcontracted processes undertaken on products (e.g. relabelling or further processing).
2.6 The company shall identify and record all potential hazards associated with each step of the product
flow. The company shall include consideration of the following types of hazard:
• microbiological growth (e.g. resulting from temperature abuse of products that require temperature
control, or exposure of unpacked products to environmental micro-organisms such as pathogens)
• physical contamination (e.g. glass contamination, wood splinters from pallets, dust or pests)
• chemical or radiological contamination (including product tainting)
• physical damage (e.g. breakage, puncturing of packaging, water damage or electrical faults)
• fraud (e.g. substitution or deliberate/intentional adulteration)
• malicious contamination of products
• allergens (e.g. cross-contamination during storage or transportation of open product in silos or
• hazards impacting the functional integrity of packaging materials and their performance
• any other hazards mandated by the customer or relevant regulatory authorities.
2.7 The company shall complete a documented risk analysis of the potential hazards in order to identify
which need to be controlled. The following should be considered:
• the likely occurrence of the hazard
• the severity of the hazard (e.g. injurious to health, potential to cause food poisoning, rejection or a
• existing prerequisite programmes that effectively prevent the hazard or reduce it to acceptable limits.
2.8 For each hazard that requires control, processes shall be established to ensure that subcontracted
service providers effectively manage their operations to prevent or eliminate a significant hazard or
reduce it to acceptable limits. Such processes may include:
• specifications and contracts with subcontracted service providers
• a review of HACCP or hazard and risk management plans operated by service providers to confirm
that the identified hazard is being controlled.
2.8.1 Where controls are managed by HACCP or hazard and risk management plans operated by service
providers, either the plans and controls shall be reviewed by a competent person to determine their
effectiveness or the plans and controls must be within the scope of an accredited certification of the
Contracts or trading agreements must ensure that any significant changes to the service provider’s
hazard and risk management plans are communicated to the company before the changes are
implemented. Any changes shall be reviewed by a competent person to determine the ongoing
effectiveness of the plan before the changes are implemented by the service provider.
Records shall be maintained to demonstrate the results of these reviews.
2.9 There shall be effective processes to monitor and verify that the processes operated by subcontracted
service providers are effectively controlling the hazards identified.
2.10 Corrective action plans shall be defined for instances where monitoring identifies a failure of the controls
or where results indicate that products or services are out of specification.
2.11 The hazard and risk analysis shall be formally reviewed at least annually and whenever:
• new product types are traded; i.e. products with different characteristics from those included within
the original study
• new services or process steps are introduced
• a new risk emerges
• following a product recall, where the agent’s or broker’s processes are implicated.
The appropriate changes resulting from the review shall be incorporated into the hazard and risk
assessment and product safety and quality management systems.
Where appropriate, the changes shall also be reflected in the company’s product safety policy and
product safety objectives.
3 PRODUCT SAFETY AND QUALITY MANAGEMENT SYSTEM
3.1 PRODUCT SAFETY AND QUALITY SYSTEMS MANUAL
The company’s processes and procedures to meet the requirements of this Standard shall be documented to allow their
consistent application, to facilitate training, and to support due diligence and the supply of a safe product.
3.1.1 The company’s documented procedures, working methods and practices shall be collated in a
navigable and readily accessible system, in the form of a printed or electronic product safety and quality
Consideration shall be given to the need for translation into appropriate languages.
3.1.2 The product safety and quality manual shall be fully implemented, and the manual, or the relevant
components of it, shall be readily available to relevant staff.
3.1.3 All procedures and work instructions shall be clearly legible, unambiguous, in the relevant languages
and sufficiently detailed to enable their correct application by appropriate staff.
3.2 DOCUMENT CONTROL
The company shall operate an effective document control system to ensure that only the correct versions of documents are
available and in use.
3.2.1 The company shall have a procedure to manage the documents that form part of the quality system. This
• a list of all controlled documents, indicating the latest version number
• the method for identifying and authorising controlled documents
• a record of the reason for any changes or amendments to documents
• the method for ensuring documents are maintained in good condition and are retrievable
• a system for the replacement of existing documents when these are updated. Archived documents
shall be retained for a defined period, taking into consideration any legal or customer requirements.
3.3 RECORD COMPLETION
The company shall maintain genuine records to demonstrate the effective control of product safety, legality, integrity and
3.3.1 Records shall be legible, retained in good condition and retrievable. Any alterations to records shall be
authorised and the justification for any alterations shall be recorded. Where records are in electronic
form these shall be suitably backed up to prevent loss.
3.3.2 Records shall be retained for a defined period, taking into consideration any legal or customer
requirements, the shelf life of the product or the usage of packaging materials.
For food products this shall take into account, where it is specified on the label, the possibility that the
shelf life may be extended by the consumer (e.g. by freezing).
Records shall be stored securely (e.g. in designated storage with access restricted to authorised
Records must be accessible in a timely manner.
3.3.3 Where records are held by third parties the company shall be able to obtain copies of the records
typically within one working day (e.g. warehouse intake checks).
3.4 CUSTOMER FOCUS AND COMMUNICATION
The company shall ensure that any customer-specific policies or requirements are understood, implemented and clearly
communicated to the relevant staff and the relevant suppliers of products and services.
3.4.1 The company shall have a system for identifying whether customers have specific requirements. Where
there are specific requirements, they shall be made known to the relevant staff within the company and
kept up to date.
3.4.2 Where specific customer policies need to be enacted by the manufacturing, processing or packing site,
the company shall have effective processes to communicate them to the relevant suppliers of products
and services (e.g. product specifications, contracts with suppliers/service providers or codes of
Records shall be available to demonstrate that where the company has been notified of relevant
requirements, these have been communicated to the relevant immediate suppliers, and there is
supporting documentation to confirm that the suppliers have understood and implemented the
3.4.3 Where required by the customer, the company shall provide information to enable the last manufacturer
or processor of the product to be approved. This shall include the identity of this manufacturer or
3.5 INTERNAL AUDIT
The company shall be able to demonstrate that it verifies the effective application of its product safety and quality system and
the implementation of the requirements of this Standard.
3.5.1 There shall be a scheduled programme of internal audits throughout the year. The scope of the internal
audit programme shall cover:
• the implementation of the product safety and quality management system
• the HACCP plan or product safety plan (i.e. the documents and output from section 2 of this
• product security or food defence (see section 4.3)
• product fraud mitigation plans (see clause 4.8.3)
• the procedures implemented to achieve this Standard.
The scope and frequency of the audits shall be established in relation to the risks associated with the
activity and previous audit performance; all activities shall be covered at least annually.
3.5.2 Internal audits shall be carried out by appropriately trained, competent auditors, who are independent
from the audited activity.
3.5.3 The internal audit programme shall be fully implemented. Internal audit reports shall identify conformity
as well as non-conformity and the results shall be reported to the personnel responsible for the activity
audited. Corrective actions and timescales for their implementation shall be agreed, and completion of
the actions shall be verified in a timely manner.
3.6 SPECIFICATION FOR PRODUCTS
Product specifications or information to meet legal requirements and to assist customers in the safe usage of the product
shall be maintained and available to customers.
3.6.1 Specifications shall be available for all products. They shall either be in the agreed format of the customer
or, where this is not specified, include key data to meet legal requirements and assist the customer in the
safe usage of the product.
3.6.2 The company shall seek formal agreement of specifications with the relevant parties. Where
specifications are not formally agreed, the company shall be able to demonstrate that it has taken steps
to ensure that formal agreement is in place.
3.6.3 Companies shall operate demonstrable processes to ensure that any customer-specified requirements
are met. This may be by including customer requirements within buying specifications, or by
undertaking further work on purchased product to meet the customer specification (e.g. sorting or
grading of product).
3.6.4 Specifications shall be reviewed whenever products, packaging or suppliers change, or at least every 3
years. The date of review and the approval of any changes shall be recorded. The company shall seek
formal agreement of any changes (in accordance with clause 3.6.2).
The company shall be able to trace all product lots back to the last manufacturer and forward to the customer of the company.
3.7.1 The company shall maintain a traceability system for all products, which identifies the last manufacturer
or place of last significant change of the product (in the case of primary agricultural products this may be
the packer). Records shall also be maintained to identify the recipient of each batch of product from the
3.7.2 The company shall test the traceability system to ensure traceability can be determined back to the last
manufacturer and forward to the customer. This shall include identification of the movement of the
product through the chain from the manufacturer to receipt by the customer (e.g. each movement and
intermediate place of storage).
The company shall complete at least one traceability test annually. Where the agent or broker
subcontracts activity to multiple service providers, additional tests may be required to confirm the
effectiveness of the traceability system within the different supply chains.
Where a company has multiple office locations, then at least one traceability test annually shall involve
products traded or managed by each office.
The traceability test shall include the reconciliation of quantities of product traded by the company for
the chosen batch or product lot. Traceability should be achievable within 4 hours (24 hours when
information is required from external parties).
3.7.3 Where product is further processed on behalf of the company, relabelled or returned, traceability shall
3.7.4 The company shall ensure that its suppliers of products have an effective traceability system. Where a
supplier has been approved based on a questionnaire, a legally enforceable contract or specification, or
a historical trading relationship (instead of certification or audit), verification of the supplier’s traceability
system shall be carried out at the time of the initial approval of that supplier and then at least every 3
3.8 COMPLAINT HANDLING
Customer complaints shall be handled effectively and the information used to reduce recurring complaint levels.
3.8.1 All complaints shall be recorded and investigated, and the results of the investigation recorded.
Corrective action appropriate to the seriousness and frequency of the problems identified shall be
carried out promptly and effectively by appropriately trained staff.
3.8.2 Complaints arising from the action of a service provider or supplier shall be communicated to that
supplier for further investigation.
Corrective actions appropriate to the seriousness and frequency of the problems identified shall be
agreed and the implementation confirmed with the relevant supplier or service provider.
3.8.3 Complaint data relating to products and services shall be analysed for significant trends. Where there
has been either a serious complaint or a significant increase in incidences of a complaint, root cause
analysis shall be undertaken and used to implement ongoing improvements to product safety, legality
and quality, and to avoid recurrence.
This analysis shall be made available to the relevant staff, suppliers and/or service providers.
3.9 CORRECTIVE AND PREVENTIVE ACTIONS
The company shall be able to demonstrate that it uses the information from identified failures in the product safety and quality
management system to make necessary corrections and prevent their recurrence.
3.9.1 The company shall have a documented procedure for handling non-conformities identified within the
scope of this Standard. This shall include:
• clear documentation of the non-conformity
• assessment of consequences by a suitably competent and authorised person
• identification of the corrective action to address the immediate issue
• assignment of responsibilities and appropriate timescales to ensure correction
• verification that the corrective action has been implemented and is effective
• identification of the root cause of significant or recurring non-conformities and implementation of any
necessary action to prevent their recurrence.
3.10 CONTROL OF NON-CONFORMING PRODUCT
The company shall ensure that any out-of-specification product is effectively managed.
3.10.1 There shall be documented procedures for managing products that do not conform to buying or
customer specifications, or product safety requirements. This shall include:
• a process for subcontractors handling the product to report potentially non-conforming product
• clear identification of non-conforming product to prevent its release (e.g. stock management IT
• agreed procedures with subcontractors for secure storage to prevent accidental release of
• referral to the brand owner or customer where required
• defined responsibilities for decision-making on the use or disposal of products appropriate to the
issue (i.e. acceptance by concession, redesignation to an alternative customer (e.g. distressed
stock), reworking or destruction)
• records of the decision taken on the use or disposal of the product
• records of destruction where the product is destroyed for product safety reasons.
3.11 MANAGEMENT OF INCIDENTS, PRODUCT WITHDRAWAL AND PRODUCT
The company shall have a plan and system in place to manage incidents effectively and enable the effective withdrawal and
recall of products should this be required.
3.11.1 The company shall have clear processes to enable subcontractors and suppliers to report incidents and
potential emergency situations that impact product safety, legality or quality. The company shall have
procedures and assigned responsibilities for the review of incidents and to define the appropriate
3.11.2 The company shall have documented procedures designed to report and effectively manage incidents
and potential emergency situations that impact food safety, legality or quality, including a product
withdrawal and recall procedure. This product recall and withdrawal procedure shall include as a
• identification of the key personnel constituting the recall management team, with clearly identified
• guidelines for deciding whether a product needs to be recalled or withdrawn, and the records to be
• an up-to-date list of key contacts or reference to the location of such a list (e.g. recall management
team, emergency services, suppliers, customers, certification body and regulatory authority).
• a communication plan that includes:
• the process for providing information to customers and regulatory authorities in a timely manner
• instructions for customers on the return or safe disposal of recalled product
• details of external agencies providing advice and support as necessary (e.g. specialist laboratories,
regulatory authority and legal expertise)
• a plan to handle the logistics of product traceability, recovery or disposal of affected product and
The procedure shall be operable at any time.
3.11.3 The product incident management procedures (including those for recall and withdrawal) shall be
tested at least annually, in a way that ensures their effective operation. Results of the test shall be retained
and shall include timings of key activities. The results of the test and of any actual recall shall be used to
review the procedure and implement improvements as necessary.
3.11.4 In the event of a product recall, the certification body issuing the current certificate for the company
against this Standard shall be informed within 3 working days of the decision to issue a recall.
4 SUPPLIER AND SUBCONTRACTED SERVICE MANAGEMENT
4.1 APPROVAL AND PERFORMANCE MONITORING OF MANUFACTURERS/
PACKERS OF TRADED PRODUCTS
The company shall operate procedures for supplier approval and monitoring of the last manufacturer or packer of products
for which it provides a service, to ensure that traded products are safe, legal and manufactured in accordance with any
defined product specifications.
4.1.1 The company shall have a documented supplier approval procedure that identifies the process for initial
and ongoing approval of suppliers and the manufacturer/processor/packer of each product traded. The
requirements shall be based on the results of a risk assessment. This risk assessment shall include
• the nature of each product and its associated risks
• customer-specific requirements
• legislative requirements in the country of sale or importation of the product
• source or country of origin
• potential for adulteration or fraud
• the brand identity of products (i.e. whether it is the customer’s own brand or a branded product).
4.1.2 The process for the initial and ongoing approval of manufacturers of products shall be based on risk. It
shall include one or a combination of the following:
• Valid certification of the manufacturing or packing site to the applicable BRC Global Standards or a
standard benchmarked by the Global Food Safety Initiative (GFSI). The scope of the certification shall
include the products traded by the agent or broker.
• A supplier audit with a scope to include product safety, traceability testing, HACCP or hazard and risk
management review, and good manufacturing practices. This shall be undertaken by an experienced
and demonstrably competent product safety auditor.
For products (food or non-food) assessed as low-risk only, and where a valid risk-based justification is
provided, initial and ongoing approval may be based on a completed manufacturing site questionnaire
that has been reviewed and verified by a demonstrably competent person.
For non-food products assessed as low-risk only, and where a valid risk-based justification is provided,
initial and ongoing approval may also be based on at least one of the following:
• a legally enforceable contract/specification from the supplier
• a historical trading relationship, supported by documented evidence of performance reviews that
demonstrate satisfactory performance.
This clause may not be applicable where it is a customer requirement that products are supplied by a
specific manufacturer and the liability is with that customer. A record of the customer’s requirement for
the use of a specific supplier shall be maintained.
4.1.3 The site shall have an up-to-date list or database of approved suppliers. This may be on paper (hard
copy) or it may be controlled on an electronic system.
4.1.4 Where products are purchased from other agents or brokers, the company being certificated shall know
the identity of the last manufacturer, processor or packer or, for bulk commodity food products, the
consolidation place of the product.
Information to enable the approval of the manufacturer, packer or, for bulk commodity products, the
consolidation place of the raw material (as in clause 4.1.2), shall be obtained from the other agent or
broker or directly from the supplier, unless that agent or broker is itself certificated to the BRC Global
Standard for Agents and Brokers.
4.1.5 Records shall be maintained of the manufacturer or packer approval process, including audit reports or
verification of certificates, confirming the product safety status of the manufacturing or packing sites
supplying products traded. There shall be a process of review, and records shall be kept of the follow-up
of any issues identified at the manufacturing or packing sites that have the potential to affect products
traded by the company.
4.1.6 There shall be a documented process for the ongoing review of manufacturers or packers, based on risk
and using defined performance criteria; these may include complaints, results of any product tests,
regulatory warnings or alerts, customer rejections or feedback. The process shall be fully implemented.
Where approval is based on questionnaires, these shall be reissued at least every 3 years.
Contracts or formal agreements shall require suppliers to notify the company of any significant changes
that take place between these formal reviews, this shall include any change in certification status.
4.1.7 The procedures shall define how exceptions to the supplier approval process in clause 4.1.2 are handled
(e.g. where product suppliers are prescribed by a customer) or where information for effective supplier
approval is not available (e.g. bulk agricultural products) and instead product testing is used to verify
product quality and safety.
When a company trades customer-branded product, the customer shall be made aware of the relevant
4.2 MANAGEMENT OF SUPPLIERS OF SERVICES
The company shall be able to demonstrate that suppliers of outsourced services have been approved, that they are managed
to ensure that any risks to product safety have been evaluated, and that effective controls are in place.
4.2.1 There shall be a documented procedure for the approval and monitoring of suppliers of services
(e.g. transport, storage, laboratory testing or labelling).
The approval process shall be risk-based and shall take into consideration:
• risk to the safety and quality of products
• compliance with legal requirements (e.g. weight or label controls)
• customer-specific requirements
• potential risks to the security of the product (i.e. risks identified in the vulnerability and food defence
4.2.2 The supplier approval process shall be based on one or more of the following options:
• certification of the supplier (e.g. BRC Global Standards or another applicable GFSI-benchmarked or
• a supplier audit with a scope that includes product safety, traceability testing, hazard analysis review
and good operating practices, undertaken by an experienced and demonstrably competent product
• historical performance, supported by documented evidence of performance reviews demonstrating
• a supplier questionnaire that has been reviewed and verified by a demonstrably competent person
• a licence to operate (e.g. a licensed waste management contractor).
4.2.3 Contracts or formal agreements shall be in place with the suppliers of services. These shall clearly
specify the service requirements and shall ensure that potential product safety risks associated with the
service have been addressed.
4.2.4 There shall be a formal process of review of the service providers. This review shall be undertaken at a
frequency based on risk, but as a minimum annually. It shall use defined performance criteria, which may
include complaints, results of any product tests, customer rejections or feedback. The process shall be
4.2.5 Where activities covered by a supplier of services are subcontracted by that supplier to another
company (e.g. third-party distribution or pallet-sharing schemes), the subcontractor shall be required to:
• work in accordance with the relevant legislation
• maintain product traceability
• work in accordance with the requirements identified by the risk assessment of the supplier of services
(e.g. its HACCP plan), such that identified risks are prevented or reduced to an acceptable level.
The contract or formal agreement with the supplier of services shall include details of any permied or
4.2.6 The procedures shall define how exceptions to the approval process for suppliers of services detailed in
clause 4.2.2 are handled (e.g. where suppliers of services are prescribed by a customer), or where
information for effective approval is not available (e.g. emergency transport) and instead product testing
is used to verify product quality and safety.
When a company trades customer-branded product, the customer shall be made aware of the relevant
4.3 PRODUCT SECURITY/FOOD DEFENCE
Security systems shall be in place to protect products from the, substitution or malicious contamination while they are under
the management control of the agent or broker.
4.3.1 The company shall assess the potential risks to the security of the products from any aempt to inflict
contamination or damage during subcontracted transportation and storage by the service providers
appointed by the company.
Security measures identified by the risk assessment shall be documented and form part of the contract
or terms and conditions for the subcontracted suppliers that have access to the product.
4.3.2 The security arrangements of the subcontracted suppliers that handle the product shall be verified at the
start of a contract and thereaer at a frequency based on risk, unless they are certificated to a BRC
Global Standard or a GFSI-benchmarked standard which includes requirements for food defence or
4.4 PRODUCT INSPECTION AND LABORATORY TESTING
The company shall operate processes to ensure that products received comply with buying specifications and that the
supplied product is in accordance with any customer specification.
4.4.1 The company shall have a product sampling or verification programme to ensure that products are in
accordance with buying specifications and meet legal and safety requirements.
Product verification may be completed by the agent or broker or by the supplier. Selection of the
appropriate verification techniques shall be based on risk, and may include:
• product safety testing (e.g. microbiological, chemical, physical or allergen contaminants, or
flammability testing of home furnishings)
• testing for authenticity/integrity
• product quality assessment (e.g. organoleptic testing of food, integrity testing of packaging,
colourfastness in fabrics, or fragrance testing of cosmetics)
• verification and product testing by the manufacturer (e.g. certificates of analysis or conformance).
Where verification is based on sampling, the sample rate and assessment process shall be risk-based
Records of the results of the assessments or analysis shall be maintained.
4.4.2 Where verification of conformity is provided by the supplier (e.g. certificates of conformance or analysis),
the level of confidence in the information provided shall be substantiated.
Procedures shall be in place to ensure the reliability of the supplier’s laboratory results; this may include
confirmation of recognised laboratory accreditation or laboratory operation in accordance with the
requirements and principles of ISO/IEC 17025.
4.4.3 Where claims are made about the products handled, including the provenance, chain of custody, and
assured or ‘identity preserved’ status (see Appendix 7, Glossary) of a product or raw materials used,
supporting information shall be available from the supplier or independently to verify the claim.
4.4.4 Where the company undertakes or subcontracts analyses that are critical to product safety or legality,
the laboratory or subcontractors shall have gained recognised laboratory accreditation or shall operate
in accordance with the requirements and principles of ISO/IEC 17025. Documented justification shall be
available where non-accredited test methods are used.
4.4.5 The significance of external laboratory results shall be understood and acted upon accordingly.
Appropriate actions shall be implemented promptly to address any unsatisfactory results or trends.
4.5 PRODUCT LEGALITY AND LABELLING
The company shall have processes in place to ensure that the products traded comply with the legal requirements in the
country of manufacture and the country of sale, where known.
4.5.1 The company shall have documented processes to verify the legality of products that are traded. This
shall include, as applicable:
• labelling information
• compliance with the relevant legal requirements, such as export or compositional requirements (e.g.
ingredients list, allergen labelling, INCI list) or specific product safety legislation (e.g. directions for
safe use, warning labels, flammability)
• compliance with quantity or volume requirements.
Where such responsibilities are undertaken by the customer, this shall be clearly stated in the contracts.
4.5.2 The company shall have documented processes to verify that the product bears the appropriate
information according to the customer’s requirements.
4.6 PRODUCT DESIGN AND DEVELOPMENT
Product design and development procedures shall be in place for new manufactured product development processes,
where this is a service managed by the company, to ensure that safe and legal products are developed, meeting the
appropriate quality and customer-specified requirements.
4.6.1 The company shall have a process for managing new product development activities with potential
suppliers, which shall include:
• a project brief defining the requirements for the products to be developed
• a process for reviewing product samples against the brief
• a formal product approval process.
4.6.2 The company shall ensure that all new manufactured products have been included within the
manufacturing site’s HACCP or hazard and risk management plan. This shall ensure that hazards have
been assessed and that suitable controls are implemented.
4.6.3 The company shall be able to demonstrate that the shelf life aributed to new food products has been
• shelf-life testing assessment or
• documented protocols reflecting the conditions experienced during storage and handling.
Where these methods are not practicable, verification shall be by a documented, science-based
4.6.4 The company shall have processes to ensure that new products are labelled to meet legal requirements
for the designated country of use. Depending on the legislation, this shall include information to allow
the safe handling, display, storage, preparation and use of the product within the supply chain or by the
customer. There shall be a process to verify that labelling of ingredients, allergens and allergen crosscontamination
is correct based on the product recipe and the expected country of sale.
4.6.5 Where a product is designed to enable a claim to be made to satisfy a consumer group (e.g. a nutritional
claim, ‘reduced sugar’, ‘dermatologically tested’), the company shall ensure that the product formulation
and production process is fully validated to meet the stated claim.
4.7 PRODUCT RELEASE
Where products require formal release by a customer or legal authority, the company shall ensure that an effective product
release procedure is in place with the facilities holding products on behalf of the company.
4.7.1 Where products require positive release, procedures shall be in place to ensure that release does not
occur until all the release criteria have been completed, and the release has been authorised by the
4.8 PRODUCT AUTHENTICITY
Systems shall be in place to minimise the risk of trading fraudulent or adulterated products and to ensure that all product
descriptions are legal, accurate and verified.
4.8.1 The company shall have processes in place to access information on historical and developing threats
to the supply chain that may present a risk of adulteration or substitution of products. Such information
may come from:
• trade associations
• government sources
• private resource centres.
4.8.2 A documented vulnerability assessment shall be carried out on all products, or groups of products, to
assess the potential risk of adulteration or substitution. This shall take into account:
• any historical evidence of substitution or adulteration
• any economic factors that may make adulteration or substitution more aractive
• ease of access to products
• the sophistication of routine testing to identify adulterants
• the nature of the product.
The vulnerability assessment shall be kept under review to reflect changing economic circumstances
and market intelligence that may alter the potential risk. It shall be formally reviewed annually.
4.8.3 Where products are identified as being at particular risk of adulteration or substitution, the company
shall have a documented fraud mitigation plan which details the appropriate assurance and/or testing
processes that are in place to reduce the risk.
4.9 MANAGEMENT OF SURPLUS PRODUCTS
Effective processes shall be in place to ensure the safety and legality of surplus products donated to charities or other
4.9.1 Surplus customer-branded products shall be disposed of, or rendered unusable, in accordance with
4.9.2 Where customer-branded products that do not meet specification are passed on to charities or other
organisations, this shall be with the prior consent of the brand owner.
4.9.3 Where products are donated, processes shall be in place to ensure that all donated products are fit for
consumption or use and meet legal requirements.
5.1 TRAINING AND COMPETENCY
The company shall ensure that all personnel performing work that affects product safety, legality and quality are
demonstrably competent to carry out their activity, through training, work experience or qualification.
5.1.1 All relevant personnel, including temporary staff, shall be appropriately trained before commencing work
and adequately supervised throughout the working period.
5.1.2 The company shall have a documented training procedure and documented training records to
demonstrate that the training is appropriate and effective.
5.1.3 The company shall routinely review the competencies of staff directly involved with product safety. As
appropriate, it shall provide relevant training. This may be in the form of new training, refresher training,
coaching, mentoring or on-the-job experience.