«Introduction Accreditation and certification are terms that are often used incorrectly within industry in general, and the food sector is no ...»
Certification and Accreditation Framework
Certification and Accreditation Framework
‘’Accreditation reduces risk for business and its customers by assuring them that accredited bodies are
competent to carry out the work they undertake.’
~International Accreditation Forum website: www.iaf.nu
Accreditation and certification are terms that are often used incorrectly within industry in general, and the
food sector is no exception. In an industry that abounds with auditable schemes, standards, regulations, and requirements, it is little wonder that even the most seasoned professionals become confused by the jargon that surrounds the audit processes they undertake.
Throw in terms like ‘accredited certification body’ sometimes known as ‘accredited registrar’, and ‘conformity assessment’ and the confusion increases. Other terms such as ‘third-party audit or certification’ and ‘auditor competence’ are closer to home and more widely accepted, but the difference in rigour and outcome of a third party audit from a non-accredited audit agency as compared to an accredited certification body is not always understood. Similarly ‘management system certification’ and ‘product certification’ are also misunderstood.
In recent years third party food safety audits have come under critical scrutiny from the mainstream media, particularly in the US. Food plants with reportedly excellent ratings by these independent auditors have been linked to outbreaks associated with serious illness and death, and have subsequently been closed down by regulators. In most reported cases to date, these instances were one-to-one arrangements between suppliers and independent non-accredited audit agencies, without any oversight or recognition.
Accredited certification does not deliver a guarantee of food safety nor prevent food safety incidents. It provides a proven framework of checks and balances that significantly improves the rigour of the audit process and reduces the risk of food safety failures. Food businesses should not rely solely on third party audits to provide evidence of their food safety compliance. However, accredited third-party certification audits, if used correctly, are worthwhile tools for any food business seeking to implement and maintain behaviours and practices within their facilities.
So what does accredited certification mean, where does it fit within the GFSI benchmarking process and, more importantly, what significance does it have on the integrity and value of the food safety audit process?
Global Food Safety Initiative | Certification and Accreditation Framework / March 2011 2 Enhancing Food Safety Through Third Party Certification The History Accredited certification is not new and is not unique to the food industry. The International Organisation for Standardisation (ISO) is an international collaboration of national standards setting organisations.
Since 1947, ISO has developed and published commercial standards, many of which have become law and/or national standards in contributing countries. When GFSI introduced benchmarking of food safety management systems in 2001, there were numerous private standards, audit management schemes, and ISO standards that covered the food supply chain with multiple audits and varying degrees of diligence.
GFSI recognised the credibility, rigour and consistency offered by the accredited certification system, and from the start applied the same principles to the GFSI benchmarking process. Schemes applying for benchmarking had to agree to operate according to the principles of ISO/IEC Guide 65, and include a standard that could only be audited by Certification Bodies accredited to ISO/IEC Guide 65. This has since been widened to include ISO/IEC 17021, supplemented by ISO/TS 22003 to ensure the approach is equivalent to that of ISO/IEC Guide 65.
Cutting Through the Jargon Figure 1 (next page) provides a simple outline of the accredited certification framework as it applies to GFSI recognised schemes.
Starting from the bottom, a food business applies to a GFSI recognised scheme for certification and then selects a Certification Body (CB) to audit and certify the selected standard. CBs are sometimes referred to as ‘Conformity Assessment Bodies’ (CABs) or ‘Accredited Certification Bodies’, because they must, under the GFSI Guidance and scheme rules, be accredited to either ISO/IEC Guide 65, or ISO/IEC 17021 (with ISO/TS 22003) for the delivery of the particular GFSI recognised scheme being applied for.
Certification, according to ISO/IEC 17000:2004, is "third party attestation related to products, processes, systems or persons." What that means in food industry parlance, is the process by which CBs, based on conformity assessments (or audits), provide written assurance that an audited food business has identified all potential food safety hazards, implemented effective controls, continues to validate and verify these controls, and has a management system in place that conforms to the requirements of the scheme’s standard.
The CB must also have systems in place to ensure the capability of all management, technical, and administrative personnel, and in particular the competence of auditors involved in the certification process. Auditors must be competent in food safety management as applied to the industry sector(s) they are auditing, and the requirements of the specific scheme.
For the GFSI recognised schemes, Accreditation Bodies, in turn, assess the Certification Bodies against one of two ISO standards : ISO/IEC Guide 65 or ISO/IEC 17021, supplemented by ISO/TS 22003.
The GFSI Guidance Document (version 6) gives the following definition of Accreditation:
“A process by which an authoritative body gives formal recognition of the competence of a certification body to provide certification services against an international standard.”
The International Accreditation Forum Even ABs are not immune from further scrutiny. Sitting over the top of the accredited certification framework is the International Accreditation Forum (IAF). The IAF is the world association of conformity assessment Accreditation Bodies. Its primary function is to develop a single worldwide program of conformity assessment which reduces risk for business and its customers by assuring them that accredited Global Food Safety Initiative | Certification and Accreditation Framework / March 2011 4 Enhancing Food Safety Through Third Party Certification certificates may be relied upon. The mechanism by which IAF implements its objective is the IAF Multilateral Recognition Arrangement (MLA).
To put it simply, the IAF helps to ensure that all ABs are following the rules of accreditation and applying the standards to affirm consistent delivery of the certification schemes. This is achieved by peer evaluation to ISO/IEC 17011: 2004 – General Requirements for Accreditation Bodies Accrediting Conformity Assessment Bodies.
To assist in this process and ensure it applies to the food industry, GFSI has developed a set of specific requirements in relation to assessors carrying out assessment on ABs working with food safety schemes.
Issued in 2009, this document is available on the GFSI site and has been integrated into the Guidance Document Version 6.
Why Two Accreditation Standards?
GFSI recognises two ISO standards for accreditation purposes. One is ISO/IEC Guide 65, and the other ISO/IEC 17021, supplemented by ISO/TS 22003. Both of these standards contain similar requirements for how a certification body must operate. They both address issues of preventing conflict of interest, managing customer information, properly qualifying personnel, auditor calibration, and many other aspects involved with the certification process.
Both ISO/IEC Guide 65 and ISO/IEC 17021/ISO22003, require the accreditation body to observe auditors in the field as well as conduct a detailed office review of policies, procedures, and document control. It is only after the successful assessment of auditors and the certification body operations that accreditation can be granted.
But there is a distinct difference between the two. ISO/IEC 17021 covers conformity assessment of ‘management systems”, and is applied in combination with ISO/TS 22003, which covers audit and certification of food safety management systems. However ISO 17021/ISO 22003 “does not attest to the safety or fitness of the products of an organization within the food chain” (ISO/TS 22003:2007). It is not product specific. ISO/IEC Guide 65, on the other hand, is concerned with verifying that particular products or services meet specified requirements.
The type and scope of GFSI benchmarked scheme selected, determines the accreditation standard which applies. The majority of GFSI recognised schemes fall under ISO/IEC Guide 65 accreditation requirements, whereas only two currently recognised schemes are management system schemes accredited to ISO 17021/ISO22003.
The Food Certification Process So how does this impact on the certified food business? The food business generally does not need to have any contact with IAF or the Accreditation Bodies, but does need to know that there is a robust accredited certification framework behind the scheme, recognised by GFSI, that helps to protect the interests of the food business and the scheme owner.
Global Food Safety Initiative | Certification and Accreditation Framework / March 2011 5 Enhancing Food Safety Through Third Party Certification For the most part, the only points of contact for the food business are the scheme owner and the
Certification Body (CB). The points to consider are:
1. Select the Right Scheme: All GFSI recognised food safety schemes include a standard – which is the auditable set of requirements that is applied to the food business. The first step in the certification process is selecting the scheme with a standard that best fits with the products and processes of the business, and helps meet customer requirements.. This may be requested by a retailer, food service business, or manufacturing customer, or may be to confirm the business’s internal food safety protocols and controls. A list of GFSI recognised schemes can be found on the ‘my GFSI’ site at http://www.mygfsi.com/about-gfsi/gfsi-recognised-schemes.html. It should be noted that all existing schemes are required to re-apply to GFSI for re-benchmarking to the recently released edition 6 in 2011, before 31st December 2011.
2. Select a Certification Body: Each of the scheme owners maintains a list of accredited CBs that are licensed to certify to their standard. The Accreditation Bodies also maintain a list of accredited CBs. When selecting a certification body, it is important for food businesses to consider a number of aspects including availability of qualified auditors, regional presence, seasonality, scheduling, audit duration, and overall costs.
3. Apply for Certification: The certification process is essentially the same, irrespective of the scheme or CB selected The process officially starts with completion of CBs application documents which allow the certification body to fully understand the scope of a facility’s operations and the products to be covered by certification. It also becomes the basis of the contract between the CB and supplier, and is critical for calculating audit duration and proper assignment of an auditor with expertise in the appropriate food sector category(s).
4. Scheduling: The CB contacts the facility to schedule a mutually acceptable date for the certification audit. Most GFSI benchmarked schemes specify time limits within which certification and re-certification audits must occur to maintain certification. However, within these limits, the audit must be scheduled on a date that suits both the facility and the auditor, and within a peak production period.
5. Certification Audits: All food safety standards require an on-site third-party certification audit.
Some schemes also require a document review prior to the certification audit. The role of the audit is to determine how well a facility identifies and implements food safety controls and complies with the requirements of the applicable standard.
Certification audits are always non-consultative, which means that the auditor is not permitted to instruct or advise the facility on how to meet requirements of the schemes. The auditor reviews HACCP plans, procedures, policies, physical conditions, and records and observes the implementation of food safety plans within the facility Any non-conformances observed during the audit are documented in the audit report. At the conclusion of the audit, the facility is informed of all observed non-conformances.
Global Food Safety Initiative | Certification and Accreditation Framework / March 2011 6 Enhancing Food Safety Through Third Party Certification
6. Closure of Non-Conformances: To achieve certification the food business is required to take actions necessary to sufficiently correct any non-conformances noted during the audit, and to prevent their recurrence. Each certification schemes has unique time-line requirements for nonconformance closure. The CB reviews the evidence submitted and accepts the corrective actions if they are sufficient to resolve the noted non-conformance. If the submitted corrective actions do not sufficiently resolve the non-conformance, the CB rejects them, and the food business is required to re-submit within a specific timeframe. In some cases or as prescribed by the scheme, the CB can undertake a further site visit to verify closure of non-conformances. A certificate can only be issued when non-conformances have been appropriately addressed.
7. Certification Decision and Issuance: The auditor does not make the decision on certification. An individual within the CB, independent of the original site audit, makes the final determination on certifications based on a review of the audit report and evidence of close-out of nonconformances. Only after a successful certification decision can a certificate be issued. The entire process from the completion of the audit to the issuance of the certificate is typically about 45 days.