FAQs

Answers to general questions regarding how BRC certification works can be found here. Specific questions relating to the clauses and protocol of the Global Standard for Consumer Products Issue 2a are detailed below.

1. About the audit

What is the Product Group?

The Global Standard for Consumer Products Issue 2a defines 4 product groups which affects the detail of the requirement clause based on the hygiene requirements of the final product. In broad terms, group 1 is for products where there are hygiene and legal requirements or potential to cause serious harm eg cosmetics, group 2 or 3 where there are legal requirements and / or potential to cause serious harm/injury and group 4 for low risk products. Therefore the product group should be determined and agreed with the Certification Body and any relevant customers prior to the audit taking place. A Product Group Decision Tree has been developed to help in establishing the product group as well as an explanation sheet and worked examples that may be downloaded here.

What are the Fields of Audit?

Consumer products covers a large range of goods and the Standard identifies 21 specific categories divided by product technology and material type and auditors are trained to have knowledge and experience of the particular technologies in order to be registered.

  • Textiles & textile products
  • Leather, leather products, footwear
  • Wood, wooden products, cork, straw
  • Paper & paper products
  • Printing & recorded media
  • Coke, charcoal, refined petroleum products
  • Chemicals & chemical products
  • Pharmaceuticals
  • Rubber & plastic products
  • Glass, clay, ceramic & porcelain products
  • Concrete, cement, lime, plaster
  • Metal products excluding machinery
  • Machinery & equipment
  • Computer, electronic, communications & optical
  • Electrical equipment, batteries
  • Transport equipment, cycles, boats
  • Furniture
  • Games & toys 
  • Jewellery and accessories
  • Medical devices
  • Other

How often will I need to be audited against the Standard?

The frequency of the audits depends upon the product group.

We already have ISO 9000:2000 what is different about the BRC Standard?

The BRC Global Standard for Consumer Products Issue 2a includes many of the Quality Management systems of the ISO Standard but is extended to provide a more prescriptive framework for risk assessment, hygiene and quality control. The standardised report format provides information to customers to demonstrate how the site complies with the Standard.

How long will the audit take?

The length of the audit will depend on the size and complexity of your operations. A typical audit would be expected to take 1.5 days on site with another 0.5 days to produce the detailed report. 

How quickly will I get my Report/Certificate?

At the end of the audit the auditor is expected to provide a summary of any non conformities identified and will usually provide a written report setting these out. Sites are then allowed 28 or 90 days to provide the evidence that they have completed any actions identified at the audit. A further 14 days are allowed for the Certification Body to review the information, complete the report and make a certification decision. In all a time of 42 to 104 days should be allowed between the audit and issue of a certificate. 

I have had a BRC audit and am not happy with the non-conformities identified – what can I do?

The company has the right to appeal the certification decision made by the certification body which should be made in writing to the Certification Body within 7 days of the decision. The Certification Body shall give a full written response within 30 days following a full and thorough investigation. The company also has the option to contact the BRC if resolution cannot be attained by the two parties.

2. Clause Clarification

What would you expect to see for a risk assessment, since the Standard now bases many of the requirements on this?

Some sort of documentation would be expected to be seen as evidence of the thought process and conclusions made as to the risks to products. However, the principles and objectives behind 'risk assessment' are to ensure that the company has considered the issues pertinent to the requirements and can justify the reasons for their policy or procedures, responding to the challenge by an auditor. In some instances it would be appropriate to have a detailed document (along the principles of a HACCP/hazard analysis plan) showing those considerations, an example may be the risk rating for suppliers and the subsequent approval process or the risks to product from physical contamination which would be included within the HACCP/hazard analysis plan. However, other requirements such as the policy on where beard snoods shall be worn could be evidenced in other ways such as a documented policy, to the understanding by staff and the reasoning behind this policy. This would include considerations of best practice within the industry and be open to challenge by an auditor. The need for a documented risk assessment would be particularly pertinent where you have decided not to adopt procedures for a particular requirement e.g. not wearing beard snoods in a particular area.

How many people should make up the hazard and risk management team and what training do they require?

The number of people on the hazard and risk management team should be pertinent to the size and structure of the company as the team should include representatives of each department with responsibility for operation of the Standard. It should not be too large and note that 1 person does not constitute a ‘team’. It would be expected that participants should have appropriate training, with particular regard to the team leader. This may be achieved through external, industry recognised training specific to HACCP/hazard analysis but may equally be achieved by a good quality internal course. At the audit, the competency and understanding of the hazard and risk management team would be assessed as well as the quality of the resultant hazard and risk management plan.

Note: that if the hazard and risk management plan has been prepared with the help of an external consultant, internal staff must still be fully conversant with the plan, principles and practices associated with it. Records need also to demonstrate the training of the external consultant in HACCP/ hazard and risk management principles.

What documentation do you need to keep for hazard and risk management?

You need to ensure that the information on which the hazard and risk management plan is based is referenced and available on request by the auditor. This may include published literature on known hazards, codes of practice or legislation. You need to keep records of hazard and risk management team meetings and the decisions which were reached. You should have documents to demonstrate how the decisions for establishing CCPs were reached.

What training do internal auditors have to have completed and what does ‘independent of the area of operation being assessed. Auditors shall not audit their own work’ mean in clause 2.8.3?

Internal auditors should be able to show via training records that they have received formal training either via attendance of an external course or via training within the company. Training should cover the planning and scheduling of internal audits, preparing reports and follow up of audit findings. The objective behind the requirement for auditors to be independent of the activity being audited is to ensure that the audit is rigorous and thorough and is not influenced by the work which may need to be carried out to effect corrections and improvements. Auditors should not be biased or influenced. External auditors may need to be used where there are insufficient internal resources.

  • Group 1 - 12 months
  • Group 2 - 12 months
  • Group 3 - 24 months
  • Group 4 - 36 months 
     
The BRC Directory

More
The BRC Bookshop
More