SQF - Tags - Site - International Food Safety and Quality Network

SQF Edition 9 Updates and Compressed Air Monitoring - what you
need to know
CHANGES TO SQF CODE
SQF Edition 9 comes with several enhancements and improvements to the code
structure, methodology, and technical requirements. Below are the relevant
compressed air and gas updates and how they pertain to the health of your
compressor system and quality system alike.
SQF Edition 9:
The new addition in Module 11 states, “The frequency of analysis shall be risk-based
and at a minimum annually.”
11.5.5.1: Compressed air or other gases (e.g. nitrogen or carbon dioxide) that
contact food or food contact surfaces shall be clean and present no risk to food
safety.
11.5.5.2: Compressed air systems and systems used to store or dispense other
gases that come into contact with food or food contact surfaces shall be
maintained and regularly monitored for quality and applicable food safety
hazards. The frequency of analysis shall be risk-based and at a
minimum annually.
This sentence helps manufacturers understand what kind of minimum frequency

auditors will be looking for when they inspect a facility. These changes can help add
some structure for users and auditors alike, quelling the anxiety of annual assessments.
Because manufacturing facilities vary so dramatically in their needs, procedures,

systems, and workflows, it is critical for each to assess their individual risks.
A compressed air risk assessment is a great place to start. Risk assessments account
for everything from system age, to piping distribution, to filtration and dryers. Knowing
where your system stands, what its limitations are, and how it could contribute to
contamination can help determine the frequency and stringency of analysis.
Annual testing, at a minimum, allows manufacturers to understand their system at that

point in time. More frequent monitoring allows users to create a trend analysis and
understand how seasonal changes, maintenance, and other factors can affect the
quality of their compressed air or gas. Of course, each facility has unique needs and
risks, but the annual requirement of analysis helps to set a minimum benchmark for
manufacturers.
Appendix Additions:
In appendix 2, users will find this definition of compressed air monitoring:
A program that includes particles, water, oil, microorganism, and gases in

compressed air and other gases. A verification of effectiveness of compressor
maintenance and filtration a management facility has in place.
This definition provides manufacturers with clarity on what is expected from them in
terms of their compressed air monitoring and testing. Compressed air systems are
dynamic and subject to a variety of factors that could impact the quality of the air that
is produced and used. Filtration is essential, but if the filters are saturated, blown
through, inadequate, or out of date, they can allow dangerous contaminants to pass
through. It’s important to verify that filtration is performing as intended and as
necessary for the end-products’ requirements.
Leaks in distribution piping can provide contaminants a way to infiltrate the system.
Maintenance without proper purging can introduce contamination into a system and
should be considered a potential source of risk. Additions or changes to a system may
leave the piping or valves vulnerable to contamination as well. Trace Analytics
recommends sampling after any major repair work to ensure that the air quality has
not been negatively impacted. If changes are made to a system and the system is not
effectively purged, contaminants like particles, water, and oil can be left behind.
Without proper monitoring, contamination could remain in the system, and if left
unchecked, could impact the end-product.
WHO IS IMPACTED BY THESE CHANGES:
SQF Edition 9 has expanded and modified codes from previous editions. This change
has introduced compressed air monitoring to some codes where it previously hadn’t
been included. Compressed air requirements can be found in:
• Food Manufacturing
• Pet Food Manufacturing
• Animal Feed Manufacturing
• Animal Product Manufacturing
• Dietary Supplement Manufacturing
• Storage & Distribution
• Manufacturing of Food Packaging
If your facility falls into any of these categories and you use compressed air in your
processes, you will be required to monitor your compressed air and gas systems at
least annually (or more frequently based on your risk assessment) to ensure product
safety.
WHAT TO TEST FOR:
SQF Edition 9 points to particles, water, oil, microorganisms, and gas testing for
manufacturing facilities. Each facility is unique and has individual requirements, so it is
essential for each user to conduct a risk assessment and compare with published
standards, like ISO 8573, to choose the right purity levels for their systems. Higher risk
end-products may require more strict purity levels. Some end-products may require
strict particle testing, but have lower limits for water vapor.
It is also important to consider the capabilities of your system and ensure that your
purity classes are achievable and appropriate. For example, black iron pipes are going
to have a great deal more rust accumulation than stainless steel pipes. Systems with
refrigerated dryers are going to have more moisture than systems with desiccant
dryers.
ISO 8573 is an international compressed air standard that provides purity classes for
particles (viable and nonviable), water, and total oil, allowing users to choose the
appropriate ranges for their use. This standard can be used as a “common language”
between users, laboratories, and compressed air system suppliers.
Particles:
Particles can be categorized as viable and non-viable. Viable particles are
microorganisms, which will be discussed below. Non-viable particles are characterized
by their size, shape, transparency, color, and material. They are of great concern to
many manufacturers. No one wants to find metal shavings in their coffee grounds.
Metal shavings, rust, bits of tubing and plastics are all examples of particles that might
be found in a compressed air system. ISO 8573 designates size ranges with limits for
each purity class to help manufacturers ensure that their filtration systems are
functioning properly. If your point-of-use filter is supposed to filter particles size 0.3um
and up, and your compressed air tests reveal particles sized 0.5-5, then you will need
to troubleshoot your filtration and distribution lines after filtration.
Water:
Water in compressed air systems is concerning as it often leads to much bigger
problems. Excess water can cause piping to rust, producing particles. This
contamination can also create a breeding ground for dangerous microorganisms and
saturate filters, rendering them useless. ISO 8573 offers 6 purity classes to
accommodate users with either desiccant or refrigerated dryers.
Oil:
Oil vapors and oil aerosols together are known as Total Oil. Stricter limits require both
aerosol and vapor testing combined. In less strict classes, oil aerosol alone can be
monitored. Depending on your risk levels, you can choose the appropriate class for
your system. Even if you have an oil-free compressor, maintenance oils, oils from
cleaning supplies, and vehicle exhaust can infiltrate the system. It is not enough to
simply replace your compressor with an oil-free one. If you’ve previously used a
traditional compressor, there could be oil left in the pipes or distribution system.
Regular monitoring helps ensure oils are not impacting your end-products.
Microorganisms (Viable Particles):

Viable particles, or microorganisms, can be hugely detrimental to your end-products,
bottom line, and reputation. Contamination from microbes like Listeria, or
Salmonella should be monitored for regularly if manufacturing consists of dairy
products. Microbes can live in compressed air systems, particularly if these systems are
contaminated by oil, particles, and water. These dark, wet breeding grounds can put
products at risk. ISO 8573-7 recommends testing with an impaction sampler and
incubating contact plates for a minimum of 10 days. Some companies may have
specific indicator microorganisms that they are concerned about and need to do further
identification.
HOW TO SET UP A MONITORING PLAN:
Setting up a monitoring plan is an important part of ensuring the quality of your

compressed air system and meeting your certification requirements. SQF Edition 9
mentions particles, water, oil, microorganisms, and gases as contaminants to monitor.
Using ISO 8573 purity classes along with a compressed air risk assessment, a user can
determine how strict their limits should be.
Where to sample:
A common question from manufacturers is where to take the samples. Results from
your air samples should be representative of their use on the product. If your
compressed air directly impacts your products, you’re going to want to test at the point
of use. Tests at the compressor can help users understand the quality of the air at the
start of the system. Testing can also be performed midway through the line to
understand the impact that the distribution system may have on the quality of that air.
Number of Samples:
The number of samples is also one that must be determined by the manufacturers. If
you have 20 points of use, you may want to test them in rotating percentages. Testing
25% of the points of use quarterly could be an appropriate and manageable way to
test each point annually. This would dictate only 5 samples per quarter. Some users
may choose to test each point of use that impacts end-products. Others may choose to
test at the compressor and then at the end of the line only. While a single test point
does meet the minimum requirement, it hampers the ability to perform seasonal trend
analysis.
Frequency of sampling:
It’s then necessary to consider how often testing should take place. SQF Edition 9 cites
annually - at a minimum. Many manufacturers choose to test quarterly or semi-
annually to build a trend analysis and see how their system changes over time, reacts
to maintenance schedules, and handles seasonal changes.
Each facility is unique and each monitoring plan will be as well. Depending on the risk
levels, the type of system, and the usage of the compressed air, a users’ monitoring
plan should fit their needs. Third-party, ISO 17025 accredited laboratories, like Trace
Analytics, LLC can help implement a monitoring plan, schedule testing, and provide
reliable and expedient air quality results.
CONCLUSION
Preparing your compressed air system for the new Edition 9 improvements means your
facility won’t be left unprepared. With the release of SQF Edition 9 comes the
opportunity for manufacturers to address their quality systems, risk assessments, and
monitoring plans for their compressed air systems. With added guidance from SQF,
users can determine what contaminants to test for, how often to test them, and create
a plan to ensure they maintain appropriate levels of quality year-round. For more
information on compressed air testing, please contact the experts at Trace Analytics,
LLC.
512-263-0000 ext 5 | sales@airchecklab.com
By Jenny Palkowitsh, Trace Analytics, LLC
References:
Chuboff, L. (2021, March 05). Sqf code edition 9: What's changing and how to prepare.
Retrieved March 10, 2021, from https://www.sqfi.com...how-to-prepare/
Sqf code downloads. (2021, January 12). Retrieved March 01, 2021,
from https://www.sqfi.com...on-9-downloads/
Apr 05 2021 11:33 AM
by Simon
SQF from Scratch: 2.3.2.6 Finished Product Labels

2.3.2.6 Finished Product Labels
As we consolidated our raw material documentation in the last post, it occurred to me
that the mention of “accurate finished product labels” was a bit more labor intensive
than the brief aside the code gave it. Product labels are consultant bread-and-butter
because the legislation is vast and product specific, and because frankly, the data
shows that the industry is bad at making sure product labels are accurate! With that in
mind, let’s talk though both some practical ways to maintain control of the content of
the labels and the products therein, as well as how to make sure we can demonstrate
that control for anyone who wants to verify.
The code:
2.3.2 Raw and Packaging Materials
2.3.2.6 Finished product labels shall be accurate, comply with the relevant legislation
and be approved by qualified company personnel.
Also
2.4.1.1 The site shall ensure that, at the time of delivery to its customer, the food
supplied shall comply with the legislation that applies to the food and its production in
the country of use or sale. This includes compliance with legislative requirements
applicable to maximum residue limits, food safety, packaging, product description, net
weights, nutritional, allergen and additive labeling, labeling of identity preserved foods,
any other criteria listed under food legislation, and to relevant established industry
codes of practice.
Also
2.6.6.1.ii finished product is labeled to the customer specification and/or regulatory

requirements.
Also
2.8.1.8 The site shall document and implement methods to control the accuracy of
finished product labels (or consumer information where applicable) and assure work in
progress and finished product is true to label with regard to allergens. Such measures
may include label approvals at receipt, label reconciliations during production,
destruction of obsolete labels, and verification of labels on finished product as
appropriate and product change over procedures.
What’s the point? How is this making our product safer?
Here in the U.S., the recall statistics for inappropriate product labeling have been pretty
damning.
Both FDA and FSIS regulated foods name undeclared allergens as a leading cause of
manufacturer recall. First, because an undeclared allergen has the potential to
be life threatening for people with severe allergies. Second, because it’s an easy
mistake to make. Companies focus so hard on making sure that food is protected from
biological and physical contamination that avoiding the introduction of another,
otherwise safe, food ingredient requires a different approach to hazard prevention.
It’s odd to think that some of the foods sold in a facility can be just as much a hazard
to consumers as material known to be contaminated with pathogens.
There’s a variety of ways that allergens can end up in products that are addressed
throughout the code. In this article we’re going to focus on making labels in the first
place, since an alarming number of recalls are due to unlabeled allergens, rather than a
mix-up at production.
There’s another ROI here if making sure an accurate ingredient declaration isn’t
enough of a motivator. Labels that fail legislative requirements or contain typo’s at
worst put the company at risk, and at best make the product look low quality.
What am I being asked to do?
So how are food labels typically made?
Original art concepts can come from anywhere, but eventually some sort of art house
is going to generate a proof of the label. A (nowadays) digital file that includes the
artwork superimposed on packaging specific details like die lines.
A new label process might look like:
1. The sales and marketing team meets with an art house that specializes in food
labels, and may or may not also be the printer of the packaging.
2. They create concepts, and the food packaging experts at the art house keep
placeholders for required regulatory content like nutrition, net weights,
ingredients, etc.
3. Eventually all of the product details for those nutrition panels etc. are provided
and added to the artwork.
4. The art house submits a “final” draft/revision of the proof to the company to
approve before sale.
5. The SQF practitioner or designee verifies the accuracy of the legal and food
safety portions of the label, or approves the consultant doing it on their behalf.
That step 4 is a doozy, because with so many stakeholders involved in artwork, there
may be 2, 3, or 22 “final” versions of the artwork emailed back and forth!
The code specifies that the labels are “approved”. Now, at a 2-person company, we
might be able to show an auditor the email to the art house that says “Joe has
approved this revision” (assuming it’s saved and filed). But in larger groups, a more
formal system is going to serve us better. The emails quickly get cluttered when the
practitioner has actually approved the last 6 versions while the marketing folks kept
debating whether the text should be taller or shorter.
The approved “final” labels will need to be organized in a register eventually, either as
part of the raw material and packaging specifications, or as a stand-alone register. In a
company with multiple products using the same kind of packaging, a separate register
is often most beneficial. It prevents either enormous packaging specifications or dozens
of duplicated ones.
To demonstrate the label was approved before use, the practitioner can sign and date
either a printed copy, a cover sheet, a change management record like the one we
introduced in 2.1.3, or “sign” the register/database by including an “approved by”
column (note, some auditors don’t like this without a digital certificate process [i.e.
password protected signature], however I’ve had success selling the effectiveness of
this system as long as the reviews were real and I could produce the person who
signed).
If you need help creating an index that would open digital copies of the approved label
“proofs”, there are some examples in this video series here: Excelling at Food Safety.
This process isn’t too complicated, so why give it its own post?
REVISION/VERSION CONTROL
Above we discussed creating and approving new labels, but it’s not going to end there!
Year after year products will be changing art styles, ingredient suppliers, and
formulations. Many of these will require label updates accordingly, and suddenly there
are multiple versions of the same label for each product.
While revision control requires extra inventory management in most circumstances,

when the new labels have something like an allergen that was added to the product,
additional control becomes necessary.
Example: a new chocolate chip cookie supplier uses walnuts in their dough formula. If
the new cookies are placed in old packaging on hand that doesn’t declare walnuts,
there is now a dangerous hazard for anyone with that allergy.
The best form of revision control is actually printed on the label somewhere. That way
an operator/inspector can verify whether the labels on hand are the current revision
approved in the registry. These can often be found in inconspicuous places on
packaging:
Choose any revision labeling scheme that makes sense in the facility. I always
appreciated a simple one that also shows when the label was approved such as
yymm## (A two-digit year, two-digit month, then some sort of serial count of how
many labels had been approved so far during that month, First being 01, second being
02 etc.).
With each version of the label created, use a new designation and have a system in
place to determine which revisions are okay to continue using if they’re on hand. New
packaging/label orders should only be of approved revisions (which can be inspected
and compared against the registry of approved label proofs). Older label revisions that
are no longer okay to use (such as the allergen example above) need to be isolated
and controlled.
Revision control is often where the “approved label” process can fall apart. Facilities
often have the first label approved in their product development files, but making sure
that nothing important changes when the artwork is updated is one of the most tedious
and error laden tasks asked of label reviewers.
Remember, every single time artwork is revised, review all aspects of the label. The art
house may not have perfect revision control either and I could buy a lot of beer if I had
a dollar for every time my clients requested a minor revision only to find something
random had changed on the next proof.
How will this be audited?
I’ve encountered a few different approaches to auditing this requirement.
1. The auditor will grab a label off the floor and request to see the specification and
the approved copy.
2. The auditor will request to see the register of label proofs and check that there is
some sort of signature approval for them, and may later confirm one of them
matches what’s on the production floor.
3. The auditor will bring in a product they bought on the way there (rare but a fun
tool since they can ask for traceability etc. on the same item)
Red flags are going to be:
There is a register of labels, either in paper or digital, but there’s nowhere to see
when they were approved or by whom.
Everything looks good…for primary packaging labels. But records aren’t being
kept for case labels, boxes, or film overwraps that also contain legal or safety
related information.
There is no evidence of revision control for labels with allergen statements and
the practitioner can’t say for sure that the formula has never changed.
The person responsible for checking labels for accuracy/correct revision when a
new order arrives has no idea where the register of approved labels can be
found.
2.3.2.6 and other label references reveal how much companies pay attention to their
labels as a potential source of safety-related information, rather than just a marketing
tool. It can be tough to get company buy in when so many products on the market
take loose interpretations of labeling regulations, so it’s important to pick your battles.
As always, focus on safety first, because the reason someone goes to the hospital
should never be because someone didn’t bother to read the ingredient statement all
the way through.
And even if you do catch a label mistake on arrival, the company isn’t going to be
thrilled that a lack of upfront review resulted in pallets of unusable packaging.
Author Biography:
Austin Bouck is a food safety consultant in Oregon, USA. You can find more food safety
resources and discussion on his website, Fur, Farm, and Fork, as well as contact
information for consulting services.
Jan 26 2021 02:15 PM
by Simon
SQF-2.3.2 Raw and Packaging Materials

Hello again practitioners, I know we’ve had some challenges so far, but now we have
the management buy-in, time, resources, and motivation to get all of our SQF materials
together! The next thing we need to do is source raw materials and put together some
documentation for them!
The best foods start with the best ingredients, or in the world of manufacturing, the
most consistent products start with the most consistent ingredients! As part of a careful
and well thought out product development process, our teams have approved
formulas, processes, recipes, and risk assessments that were based on ingredients that
met certain criteria.
However, buy-in is going to disappear rapidly if it turns out…
The “raising agent” R&D used was actually baking powder, not soda, and so we
can’t use the 400 lbs of material that just arrived.
The 1 in (2.54cm) diced carrots aren’t going to reach the required temperature
in the retort because the cycle was designed for a ½” dice.
The labels for the muffins say “gluten free” when they, uh, aren’t.
Maybe we should come up with some critical criteria before we just start buying things.
The code:
2.3.2.1 Specifications for all raw and packaging materials, including, but not limited to
ingredients, additives, hazardous chemicals and processing aids that impact on finished
product safety shall be documented and kept current.
2.3.2.2 All raw and packaging materials and ingredients shall comply with the relevant
legislation in the country of manufacture and country of destination, if known.
2.3.2.3 The methods and responsibility for developing and approving detailed raw
material, ingredient, and packaging specifications shall be documented.
2.3.2.4 Raw and packaging materials and ingredients shall be validated to ensure
product safety is not compromised and the material is fit for its intended purpose.
Verification of raw materials and ingredients shall include certificates of conformance,
or certificate of analysis, or sampling and testing.
2.3.2.5 Verification of packaging materials shall include:
i. Certification that all packaging that comes into direct contact with food meets
either regulatory acceptance or approval criteria. Documentation shall either be
in the form of a declaration of continued guarantee of compliance, a certificate
of conformance, or a certificate from the applicable regulatory agency.
i. In the absence of a certificate of conformance, certificate of analysis, or a

letter of guarantee, tests and analyses to confirm the absence of potential
chemical migration from the packaging to the food contents shall be conducted
and records maintained.
2.3.2.7 A register of raw and packaging material specifications and labels shall be
maintained and kept current.
Our entire food safety management system, and more specifically our food safety plan,
is based on a lot of assumptions. Food scientists recognize those assumptions and see
food more often as chemistry than art. Knowing exactly what will come out depends on
what goes in.
Some of the criteria are functionality and quality based. For example, most people
purchase regular sized marshmallows to make s’mores, and a buddy showing up with
miniature marshmallows may not have an easy time manufacturing their dessert.
It could also be problematic if the next shipment of marshmallows was pink or

something.
SQF is less interested in quality or marketing needs, though we should certainly use
this system to help define what we need to make the product successful. For our audit,
what we’re primarily concerned with are criteria that will impact the safety of the
product, rather than its performance. We want to make sure that any variation in the
product won’t suddenly make it dangerous.
First things first, we have some familiar housekeeping.
2.3.2.3 The methods and responsibility for developing and approving detailed raw
material, ingredient, and packaging specifications shall be documented.
As we’ve seen before this particular language is going to be repeated over and over
again in the code in the same format:
“The methods and responsibility for [SQF code portion] shall be documented and
implemented.”
This is a throwback to the food safety management system. The “methods and
responsibility” is the document on hand that describes what the company intends to do
and who is going to do it. It will describe what the management system looks like at
that specific facility and which individuals will make sure the process is followed and
documented (SQF practitioner or designee typically).
Key words: the methods should be “documented”, the policy exists, and “implemented”,
evidence/documentation is available to demonstrate it is being followed.
As we go through the rest of this section, we’ll explore methods to maintain systems
that support the code and create evidence/documentation. Make sure to also document
the process itself and who owns it rather than rely on tribal knowledge to keep the
system running.
2.3.2.1 Specifications for all raw and packaging materials, including, but not limited to
ingredients, additives, hazardous chemicals and processing aids that impact on finished
product safety shall be documented and kept current.
So, what is a specification? We’ll see them again for finished goods later in the code. A
specification should be a description of the critical criteria that needs to be met to
make sure the products are safe.
These specifications will likely be determined, again, by the hazard analysis in the food
safety plan. They’re there so that when sourcing materials we know what to look for
and what is and is not flexible.
Early season or late season fruit? Probably flexible and less important in the hazard
analysis. Contains salmonella? Probably an important distinction.
SQF lists several examples of critical criteria in their guidance documents, so those are
the ones auditors will be expecting to see:
Limits for relevant pathogens or microorganisms

pH
Water activity
Chemical or physical contaminants (e.g. pesticide residues or processing
chemicals)
Presence or absence of allergens
But really, critical criteria are anything identified in the food safety plan.
Ways to keep “specifications” on hand
A common one is to use those provided by the vendor. This can be audit friendly and
save you some time, but inevitably there are a few problems with this solution:
The vendor may not have a “specification” that meets your needs. Either it’s just
advertising material that’s too generic, or they literally don’t have one because
it’s a non-GFSI company that isn’t required to make something like that.
The vendor may have a specification, but they aren’t going to provide an
updated one annually. The packaging they sell generally doesn’t change nor do
many crops.
The vendor just isn’t responsive when asked for documentation, either because
they don’t have it or the customer doesn’t buy enough from them.
The vendor doesn’t include criteria critical to the food safety plan in their
specification.
Vendor interactions are one area of SQF where I inevitably recommend creating some
“audit friendly” documentation that doesn’t necessarily improve the process or product.
I know, that’s breaking our golden rule.

The issue is that while a practitioner can be amazing and document anything that
happens on site, it doesn’t matter if they have an unresponsive vendor. And despite
what some consultants will say about dropping vendors, a little jam company doesn’t
have a ton of buying power to demand special documentation. That company’s supplier
may be the only one feasible to buy from due to pricing or geography.
SQF lists specifications before vendors in the code because in theory companies need
to know exactly what to buy before looking for a source. This is true when finding new
vendors, but for new product or ingredients, normally they’re created with test
materials from a vendor, and a hazard analysis is performed after finalizing a source.
That means that in a way, we’re addressing section 2.4.4 (approved supplier program)
first, because we won’t be able to source a material from an unapproved supplier,
whether we have a specification or not.
So, if we have to talk to a supplier, we might as well try to cover all of our bases at
once. In that spirit, it sometimes makes sense to combine these elements.
In a larger company with multiple suppliers for a single ingredient, independent raw
material specifications may be more helpful, but for many small businesses we can try
to knock these elements out together.
Using this example, we can review vendors, list out the critical criteria outlined in our
food safety plan, and provide a narrative explanation of the specifications and
documents they were able to provide to confirm them. I tend to favor narrative risk
assessments for supplier review, because it allows you to base approval status on your
own specific history with the supplier, and allows for approval even if there’s missing
information.
However, if a vendor does not provide a specification, then one will need to be created
regardless.
This is SUPER bare bones. If sourcing complex ingredients, there’s probably a need for
an ingredient list to ensure that there are no surprises that could conflict with label
claims.
2.3.2.2 All raw and packaging materials and ingredients shall comply with the relevant
legislation in the country of manufacture and country of destination, if known.
This is really an extension of 2.4.1. After all, our products won’t comply with legislation
if the ingredients didn’t comply. We’ll dig into the systems to make sure things are on
the up-and-up in 2.4.1. For this line item, just avoid buying anything sketchy. No
inappropriate suppliers (looking at you, backyard butcher shops), no materials that
can’t normally be sold legally finding their way into inventory at a discount, no
attempts to use state or country boards to circumvent a particular requirement, etc.
The supplier review process will address documentation to support this clause.
SQF specifically calls out suppliers who may use food labeling across country borders
that does not comply with the country of sale. This is a really common issue for
importers and one to watch out for. Consumer facing labels need to comply with the
regulations of the country in which they’re presented for sale.
2.3.2.4 Raw and packaging materials and ingredients shall be validated to ensure
product safety is not compromised and the material is fit for its intended purpose.
Verification of raw materials and ingredients shall include certificates of conformance,
or certificate of analysis, or sampling and testing.
This is tricky, because SQF likes to play fast and loose with “validation” and
“verification” language in the code. For this particular section, to make it even more
confusing, let’s quote the guidance document:
Validation is testing over and above daily monitoring to ensure that established food
safety limits are effective, i.e., they achieve the desired results, so that the supplier can
have confidence that the product and process are safe. Validation methods will vary
depending on the risk to finished product safety. Validation for low risk materials may
include certificates of analysis or certificates of conformance, provided by a trusted
vendor. For high risk materials, testing and analysis is required for validation, and must
be carried out annually (refer to 2.5.2). For food-contact packaging material, this may
include testing or assurances for potential chemical migration to the food product.
They then later ask us to “verify” in 2.3.2.4 using the same criteria they listed for
“validation”.
Here’s the deal, at the end of the day, we can remain consistent by defining these
terms this way:
Validation: The research and testing done to prove that, if everything works the way
we want it to, it will achieve the intended food safety result. We validate our
specifications, target limits, and “the plan”.
Verification: A periodic check to make sure all of our assumptions are still holding
true.
Use the food safety plan and product development process to “validate” raw material
specification requirements and make sure that as written they will work. We need to
validate both the specification and the approval criteria. The food safety plan should
indicate what’s needed, and the specification maintenance document should state how
you’ll use that plan to make sure that what you source meets the needs of the plan.
Then, with existing suppliers and raw materials, “verify” that the ingredients are still
complying with the specifications. This may mean that we got a certificate of analysis
from a supplier with our first shipment saying they were E. coli free. So, we decided to
approve them. But once in a while we should ask for another one, to “verify” that the
supplier is still providing an E. coli free product, or if the juice concentrate is still that
same pH it was a year ago when we made the plan. Minimum interval of annually.
Let’s clarify some other definitions here that are commonly used when discussing
supplier approval, and describe how useful they are to us:
Certificate of Conformance: This is similar to a supplier specification, it’s typically

the suppliers “finished good specification”. The Parameters that they say they the
product will meet based on their own internal testing/monitoring. This is different from
a “certificate of analysis”, which will include actual test results. A certificate of
conformance may be issued in general, or issued for every lot when it is released (e.g.
based on testing that was performed, the material will conform). These can sometimes
be used as a supplier specification if it happens to have everything you need. It could
list specific criteria like this:
Or for packaging it may be something like this:
Or even something as simple as:
Certificate of Analysis: A certificate of analysis covers actual test results for a particular
sample. Sometimes they’ll be for each individual lot of product, other times they may
be the suppliers’ own validation testing. Typically, a certificate of analysis will have a
letterhead from the laboratory that performed the work, indicate what samples were
tested and show the actual test results. It might look something like this:
Letter of guarantee/declaration of continued guarantee of

compliance: Letters of guarantee were covered in the Food, Drug, and Cosmetic Act
(USA) to protect manufacturers from upstream food fraud. Per the FDA:
Section 303, paragraph © of the Act states that no person shall be subject to the
penalties of subsection (a)(1) for having received, or proffered delivery of, adulterated
or misbranded food additives if he has established a good faith guarantee from whom
he received the articles. This paragraph was included in the 1958 amendments to the
Federal Food, Drug and Cosmetic Act and remains the legal basis for the "letter of
guaranty" supplied by many manufacturers to their clients.
This can be part of ensuring materials are compliant with legislation. FDA provides
language used in these letters here.
So, for us to meet the requirement of 2.3.2.4
1. We should make sure we have either tested the material or requested

verification from the supplier that it is still meeting our validated specification.
2. Do this at an interval appropriate to the amount of risk associated with the
hazard.
2.3.2.5 Verification of packaging materials shall include:
i. Certification that all packaging that comes into direct contact with food meets
either regulatory acceptance or approval criteria. Documentation shall either be
in the form of a declaration of continued guarantee of compliance, a certificate
of conformance, or a certificate from the applicable regulatory agency.
i. In the absence of a certificate of conformance, certificate of analysis, or a

letter of guarantee, tests and analyses to confirm the absence of potential
chemical migration from the packaging to the food contents shall be conducted
and records maintained.
Food packaging is sort of in a separate category, and will normally give the most
trouble in terms of getting things from vendors. These companies may make food
contact packaging, but here in the U.S. they aren’t audited, so it’s on the practitioner or
procurement team to find someone who knows what needs to be covered.
The purchaser can either perform chemical migration testing themselves at an

appropriate interval (expensive), or work to get that documentation together and keep
it current. Auditors tend to be a bit laxer on this as long as there is something recent
on hand to show them.
….You know what, we’ll address label review in the next SQF from scratch. It’s a big
enough topic to merit its own article. Sorry to make you wait!
2.3.2.7 A register of raw and packaging material specifications and labels shall be
maintained and kept current.
To make a register of these specifications and label reference materials, check

out Making sense of the SQF code: so what the heck is a “register?”
Make a list of the specifications and label reference materials, organize it in a way that
helps keep it organized and up to date.
I’ve encountered a few different approaches to auditing this requirement.

1. The auditor during the site tour will identify 3 different ingredients, some
packaging and some ingredients, and then request to see specifications for those
materials followed by verification documentation.
2. The auditor will request to see the specification register first, then select
materials at random to review the documentation.
3. The auditor will request verification of ingredient specifications and testing while
reviewing the hazard analysis (and supplier preventive controls in the U.S.).
Whichever way they get to it, they’re probably going to review some of the supplier
documentation at the same time. But for this portion of the code, they’re looking for
the following
There is a specification for the material. Either
One the site created itself, reviewed within the last year.
One from the supplier that has sufficient information, and has at least
been reviewed by the site within the last year (even if the supplier didn’t
update
There is verification documentation of the material, either:
Test results from an on-site sampling program.

Testing performed by the supplier and provided at a minimum annually,
more frequently for higher risk criteria (like microbiological results).
For food contact packaging, either testing or some kind of documentation
from the supplier (like a letter of guarantee or certificate of conformance)
indicating it’s appropriate for food contact.
A narrative review of the supplier that explains how the site verified the
information without the need for specific testing (e.g. maybe the supplier’s
continued SQF certification ensures they would comply with their own
finished good specifications; it can be worth a shot)
The verification documentation matches and has been conducted at the intervals
specified in the SOP. (Say what you do and do what you say).
Red flags are going to be:
Outdated or unprofessional looking “specifications” from a supplier. A copy of

their webpage from 3 years ago doesn’t look legit. Keep in mind, a signature and
date showing that the practitioner “reviewed” this document within the last year
will actually go a long way to making these sufficient.
Testing or documentation required by the SOP that are outdated or not
performed for all of the materials, new ones, or ones purchased infrequently.
Materials purchased from brokers or distributors that have little to no information
from the actual manufacturer of the product when needed.
Using one document for everything. A single CoA might be able to be used for
everything once at initial vetting…. but it looks like something’s missing, and
there probably is.
2.3.2 is a beast of a requirement, and it asks a lot of our companies. It’s deeply
integrated into the hazard analyses and risk assessments for shelf life and pathogen
control, it’s documentation heavy, and it requires constant surveillance and
maintenance to keep it current. It can take a ton of time, and even if 98% of it is
brilliant it is still so easy to miss one ingredient and get that minor finding.
It can be worth it though, especially when we find out that our suppliers aren’t as
consistent as we thought.
Many companies without SQF will make sure they’re sourcing ingredients that don’t
have common pathogens, but without the code they may forget risks associated with
packaging and other subtle changes. Taking the time to “specify” what we need may
be the difference between getting a consistent ingredient or one that caused an
accidental recall.
Author Biography:
Austin Bouck is a food safety consultant and manufacturing supervisor in Oregon, USA.
You can find more food safety resources and discussion on his website, Fur, Farm, and
Fork, as well as contact information for consulting services.
Oct 27 2020 02:34 PM
by Simon
SQF from Scratch: 2.3.1 Product Development and Realization

2.3.1 Product Development and Realization
Well reader, maybe this is a new role for you, maybe it’s one you’ve played at your
company for a long time, but I hope that you’ll find it rewarding.
No, I’m not referring to SQF practitioner, I’m referring to the role of wet
blanket technical resource for new product development activities!
The food industry can sometimes be challenging not because of the work, but because
everyone knows a little something about food! After all, everyone has intimately
studied and investigated their foods by eating several times a day since birth! We’re as
much experts at understanding how to fix hunger as we are at growing our own hair. It
comes naturally and everyone a wealth of experience to draw on.
Thus, the day comes when entrepreneurial folks say to themselves, I know how to
make tasty things, let’s sell them! Unfortunately, while starting a business is hard
anyway, with food there’s an extra hitch when people get sick.
Dr. Powell over at Barfblog summarizes the risk of food as a business well:
“I’ve yet to see divine intervention as a cause of foodborne illness. Instead, illnesses
and outbreaks are frighteningly consistent in their underlying causes: a culmination of
a small series of mistakes that, over time, results in illness and death.”
SQF recognizes that some of those small mistakes are a result of moving forward with
the mass distribution of food products using the same risk evaluation as having
neighbors over for a barbecue. Not only does mass distribution make illness a public
health numbers game instead of a personal risk assessment, but our intimacy with food
lends itself to confidence, not expertise. Just like we cannot predict the behavior of the
ocean by studying a single water molecule, jumping into food based on personal
kitchen experience can lead to missing details that make products dangerous (or just
bad!).
Let’s just put our tasty beverage in a can! There’s probably no extra
requirements to address botulism.
This never made me sick, so there’s no way it could hurt anyone else.
We just sell shrimp, why do I need to know what a HACCP plan is?
We sourced the best ingredients possible, so we covered all the potential
contamination risks, right?
I just make cheese, I’m not a microbiologist.
It’s got alcohol in it, so that makes it safe to drink.
SQF understands that enthusiastic leadership, sales teams, and R&D folks are psyched
to get into the minds of customers and start making the next trendy food! These
elements are stuck in there as a built-in devil’s advocate to make sure we don’t get
ahead of ourselves.
So speak quietly, ask smart questions, and let’s carefully rain on this parade!
The code:
2.3.1 Product Development and Realization
2.3.1.1 The methods and responsibility for designing, developing and converting
product concepts to commercial realization shall be documented and implemented.
2.3.1.2 Product formulation, manufacturing process and the fulfillment of product

requirements shall be validated by site trials, shelf life trials and product testing.
2.3.1.3 Shelf life trials where necessary shall be conducted to establish and validate a
product’s:
i. Handling, storage requirements including the establishment of “use by” or

“best before dates”;
ii. Microbiological criteria; and
iii. Consumer preparation, storage and handling requirements.
2.3.1.4 A food safety plan shall be validated and verified for each new product and its
associated process through conversion to commercial production and distribution, or
where a change to ingredients, process, or packaging occurs that may impact food
safety.
2.3.1.5 Records of all product design, process development, shelf life trials, and
approvals shall be maintained.
The examples linked above are all too common. Before jumping in, business owners
must recognize that they have liability and a public health responsibility to take
reasonable precautions to prevent foodborne illness. By using this portion of the code
to make sure that food safety was part of the product development process, companies
can be proactive in ensuring new products are safe.
Businesses only exist when there are consistent customers. It’s both bad planning and
bad form to use them as guinea pigs.
Thankfully, resources like government food safety agencies, colleges and universities,
and groups like IFSQN have created a library of information to help the food
entrepreneur anticipate risk.
2.3.1.1 The methods and responsibility for designing, developing and converting
product concepts to commercial realization shall be documented and implemented.
This particular language is going to be repeated over and over again in the code in the
same format:
“The methods and responsibility for [SQF code portion] shall be documented and
implemented.”
This is a throwback to the food safety management system. The “methods and
responsibility” is the document on hand that describes what the company intends to do
and who is going to do it. It will describe what product development looks like at that
specific facility and which individuals will make sure the process is followed and
documented (SQF practitioner or designee typically).
Key words: the methods should be “documented”, the policy exists, and “implemented”,
evidence/documentation is available to demonstrate it is being followed.
How should this program be organized? Any way that makes sense for the facility and
details when different people are involved in development is fine, but the point of this
article series is to provide advice for meeting the code in a direct and audit-ready
manner.
The order of these requirements is really a bit scrambled, because there is already a
system in place that the entire food safety management system revolves around. The
sole purpose of which is to assess the risk a product might pose and take steps to
address and mitigate those risks.
2.3.1.4 A food safety plan shall be validated and verified for each new product and its
associated process through conversion to commercial production and distribution, or
where a change to ingredients, process, or packaging occurs that may impact food
safety.
This article series still hasn’t covered 2.4.3, but it’s really the first thing that should be
done! Following a CODEX or HARPC approach to risk assessment for a new product in
the same way that one would an existing product, all of the necessary documentation
will be covered. There will be:
A thorough risk assessment of any novel ingredients or processes in the hazard
analysis
Validation any new manufacturing/processing steps for the conditions of use (so
both the R&D lab, pilot batch, and actual plant conditions)
A review of consumer use conditions and what hazards would be presented by
them (e.g. shelf life, ready-to-eat, cold supply chain)
Microbiological criteria used for verification of microbial controls
Documented and organized testing data used to design and develop the new
product and any testing specifications
Approval from the food safety team when they sign off on the new plan revision
The key is to make sure this is done prior to product launch, and that it reflects the
conditions of production, not the conditions of the lab or test kitchen. Cooking
validations need to be done inside the heat tunnel, not the stovetop.
Once a food safety plan is completed for a new product, the typical HACCP/HARPC
hazard analysis and plan does everything that 2.3.1 requires. In some ways this portion
of the code is redundant because if a product is within the scope of certification, it
should have a plan under 2.4.3. However, there’s one specific piece of the code here
that often trips suppliers up.
2.3.1.2 Product formulation, manufacturing process and the fulfillment of product

requirements shall be validated by site trials, shelf life trials and product testing.
2.3.1.3 Shelf life trials where necessary shall be conducted to establish and validate a
product’s:
i. Handling, storage requirements including the establishment of “use by” or

“best before dates”;
ii. Microbiological criteria; and
iii. Consumer preparation, storage and handling requirements.
Unfortunately, a brief search of IFSQN on “shelf life trial” quickly demonstrates that this
article will not be able to help define what sort of testing is necessary for a specific
product any more than it could describe what hazards would be present in all products.
Shelf life is a complicated determination that crosses food safety with food quality
goals, local legislation, supplier agreements, and consumer perception.
However, without knowing the specific details we can still use a hazard analysis
approach to document our decision-making process behind the shelf life we are using
for our products, and thus meet the requirement.
The auditor isn’t on site to agree with the documented justification (assuming it’s
compliant from a regulatory standpoint and somewhat reasonable), but to make sure it
was carefully considered and tested when appropriate. Here’s a simple example of a
form that could be used to evaluate shelf life for a new product:
Shelf life trials also only need to be documented “when necessary”. It is entirely
possible that a new product mirrors one already made on site with a proven market
shelf life. If the products are effectively similar (e.g. two different cuts of steak, or
lemonade vs. limeade), the existing success of the current product on the market may
validate the same shelf life on the new one.
The key is to still perform an evaluation and document why they should be treated
similarly. Don’t let the marketing team keep the same shelf life on the limeade if they
also decided it should be fresh-squeezed and not pasteurized like the lemonade, the
two products are no longer similar.
Step one is simple: the auditor will straight up ask if there have been any new products
introduced to the market since the last audit.
Keep in mind that per the code, this includes:
“a change to ingredients, process, or packaging occurs that may impact food safety.”
While many companies launch new flavors each year, making the changes obvious,
others may only change raw material suppliers, packaging, or configurations (e.g.
introducing a larger container). Some of these changes may happen in the background
of the food safety plan, and it’s helpful to document them via a change management
process that can support the requirements of 2.1.3. I like to use a generic change
management form to cover the management review portion as well as keep track of
any activities that should be red flagged for review.
Pulling out one of these is usually a slam dunk on meeting this requirement in the code
if there were no major product launches. If there was a new product, there will need to
be deeper documentation from the food safety plan detailing the shelf life evaluation
and any new validations that were necessary.
The big auditing red flag is finding a product that was introduced without any record of
a development process in place. It happens. Unfortunately, while an up to date food
safety plan is a good record that everything was done correctly, it doesn’t always prove
that it was done prior to launch. Some sort of consolidation of the documentation that
happened during development can put a gold star next to this requirement. The journal
the R&D team kept about the project, a project management chart or file, a draft food
safety plan for the product dated before launch, or even just a dedicated folder space
where all of the data was organized can act as additional proof the site followed the
methods outlined in the policy document.
2.3.1 is there to make sure that we take the proper care to bring things to market and
prevent the use of customers as an experimental group. It’s part of what makes the
SQF certification worth something. When sourcing from SQF suppliers, there’s an
assurance that they won’t send out new products or product changes without properly
vetting them first.
Have you ever received an inferior product from a supplier because of a change on
their end? Maybe they reduced the amount of material used or changed a process,
then shipped it out assuming it wouldn’t impact the customer. An IQF fruit provider
sending a ½” dice vs. a 3/8” dice, a film supplier who switches from extruded to blown
LDPE, or a corrugate supplier that changes to a new adhesive?
If companies rely on customers to determine whether new products are still safe and
effective, customers will evaluate the business, not the product.
Author Biography:
Jul 27 2021 03:16 PM
by Simon
SQF from Scratch: 2.1.5 Crisis Management Planning

2.1.5 Crisis Management Planning
Well…this sure got relevant in the past few months.
SQF understands that businesses aren’t just going to sign yearbooks and close the
doors if a disaster happens. In the most philanthropic mindset, food businesses play an
important infrastructure role, but if we’re honest, the common motivation is that
owners and employees care about the business they have. If there’s still a way to
operate, we won’t be ready to just call it quits when faced with a disaster.
“If the sour cream line still works we can make it through this, let’s start digging.”
With customer loyalty, cashflow needs, and employee job security at stake, companies
will try and find a way to get products out the door as quickly as possible. What SQF
wants to see is that they aren’t just going to throw food safety out the window due to
“extenuating circumstances”, even if they’re legitimate.
HACCP plans include corrective actions so that we determine the right course of action
before knowing what the cost will be. Similarly, a crisis management plan made in
“peacetime” will ensure we had the time and capacity to commit to sound food safety
decisions before the sewage hit the fan.
The code:
2.1.5 Crisis Management Planning
2.1.5.1 A crisis management plan that is based on the understanding of known

potential dangers (e.g., flood, drought, fire, tsunami, or other severe weather or
regional events such as warfare or civil unrest) that can impact the site’s ability to
deliver safe food, shall be documented by senior management outlining the methods
and responsibility the site shall implement to cope with such a business crisis.
2.1.5.2 The crisis management plan shall include as a minimum:
i. A senior manager responsible for decision making, oversight and initiating

actions arising from a crisis management incident;
ii. The nomination and training of a crisis management team;
iii. The controls implemented to ensure a response does not compromise product
safety;
iv. The measures to isolate and identify product affected by a response to a
crisis;
v.The measures taken to verify the acceptability of food prior to release;
vi. The preparation and maintenance of a current crisis alert contact list,
including supply chain customers;
vii. Sources of legal and expert advice; and
viii. The responsibility for internal communications and communicating with
authorities, external organizations and media.
2.1.5.3 The crisis management plan shall be reviewed, tested and verified at least
annually.
2.1.5.4 Records of reviews of the crisis management plan shall be maintained.
This element can feel out of place if we get swept up with focusing on the business
and personal safety aspects of the crisis. SQF didn’t help with previous language in the
code which used to reference “business continuity”, which read as business oriented
versus food safety.
The current language of the code does a much better job of making clear that the
point of this element is to make sure the site doesn’t just start pitching out unsafe
product in order to keep the business alive. We know from previous outbreaks and
litigation that, when faced with significant financial impacts, companies will feel
pressure to make poor food safety decisions.
We see these events and start to think, if a company is willing to release unsafe food
just to avoid losing a single customer…what would they be willing to release to keep
the business from closing?
In the same way a starving person will eat from the trash, a business crippled by
natural disaster will have immense pressure to sell anything, and its personnel won’t
feel like they have the time or resources to find a better solution.
Imagine being a local meat distributor, and a massive blackout hits the city one week
before thanksgiving. The 6 team members on site are staring at a warehouse holding
3000 turkeys that are now warming up. They have 4 hours to figure out a solution that
maintains all of their various requirements….or play it by ear and hope the power goes
back on. I mean, are we really prepared to toss everything on inventory the week
before a holiday just because it got a little warmer than it should? It’s not like there
was a sewage leak all over it and the turkeys will be cooked for hours!
Even if the best solution was to get a block of ice for every single turkey, who sells
that? Do they have the capacity? How will it be transported? Figuring out the logistics
will also take time, maybe so much time that the company will be in the same situation
anyway, less the effort.
Rather than wait until the moment the building loses power, this is a reasonably
foreseeable event that SQF states suppliers should already have planned for. So that
when through no fault of their own they face a crisis, there is a plan in place that puts
food safety as a priority.
Making the Plan
The practitioner needs to develop a policy/procedure document that includes all of the
elements outlined in the code. Some of these feel silly, like identifying a “senior
decision maker” (isn’t that why we have an organization chart and job descriptions
already?), and some of them can be very burdensome for the QA team if we aren’t
taking steps to keep the documentation lean. Let’s look at how we can include these
point by point.
2.1.5.1 A crisis management plan that is based on the understanding of known

potential dangers (e.g., flood, drought, fire, tsunami, or other severe weather or
regional events such as warfare or civil unrest) that can impact the site’s ability to
deliver safe food, shall be documented by senior management outlining the methods
and responsibility the site shall implement to cope with such a business crisis.
The plan needs to give consideration to specific crisis that are reasonably foreseeable.
Frankly, outside of some site or region-specific natural disasters (such as tsunami,
tornado, ammonia leak), most of these will be the same for any company. I
recommend identifying the following at minimum:
• Fire
• Structural failure from weather, flood, sabotage, accident.
• Prolonged Power Loss
• Food-based or biological terror attack
• Epidemic
• Civil Unrest or Domestic Terrorism
• Source water contamination, boil notice, or no longer available
These are all reasonably foreseeable in any location, and do a decent job of providing
some categorical planning (e.g. prolonged power loss could be a secondary crisis to
any of the above) to allow for the unforeseen stuff.
i. A senior manager responsible for decision making, oversight and initiating actions
arising from a crisis management incident;
ii. The nomination and training of a crisis management team;

…
viii. The responsibility for internal communications and communicating with authorities,
external organizations and media.
These sections of the code are more relevant to larger companies, which may have
rotating “task forces” for these things like the HACCP Team, Recall Team, and Crisis
team. In a small company, the final decision maker in all of these situations is generally
going to be the lead person at the site (based on the organizational chart). The SQF
practitioner is still going to be on all of the teams.
As with all employee lists in documentation, I encourage the use of job descriptions
rather than names so that they remain relevant with regular turnover. For this list, we
can outline the responsibilities required in the code as well and knock out a few other
requirements. For example:
Crisis Management Team

In the event any of the above individuals is incapacitated or unavailable, their
successor in the Job description or organizational chart will be trained on this
procedure to stand in that role temporarily.
SQF does not specify any particular training this team requires, so make sure they are
trained on the procedure itself or that they participated in creating/modifying the plan
(make sure to document).
iii. The controls implemented to ensure a response does not compromise product
safety;
This is why the plan exists. Looking at the “foreseeable events” we identified above,
think about the last one, “Source water contamination, boil notice, or no longer
available”. If I was farming hydroponically in greenhouses and happened to be using
municipal water, I may be immediately willing to use nearby irrigation sources in the
event of a boil notice. However, without having ever investigated that water or ensured
it didn’t present any new hazards in my food safety plan, that rapid response could
compromise food safety.
If, however, I had determined that the water source was acceptable with appropriate
filtration in place, I could have those details outlined in my plan! For everything
identified as reasonably foreseeable, determine what hazards are created, what actions
would be needed to address them, and fleece them out to make sure there is a feasible
plan in place in the event of a crisis.
So, if the response to a crisis changes our process flows or procedures, the crisis team
needs to make sure the product remains safe in the new setup. Luckily, the SQF
practitioner already has a method for evaluating hazards in a process, our hazard
analysis. As part of the plan procedure, reference using the HACCP method to ensure
response actions don’t compromise safety:
“Before resuming production, conduct a hazard analysis for any

response/recovery/repair that resulted in a process flow change and/or any new
hazards that have been introduced to the facility due to the crisis to ensure
safety of product.”
iv. The measures to isolate and identify product affected by a response to a
crisis;
v.The measures taken to verify the acceptability of food prior to release;
To keep this document under control, we need to use our golden rule and rely on
systems we already put in place. Therefore, this document should reference the
existing recall plan, corrective action procedures, product hold procedures, product
release procedures, and hazard analysis, rather than rewrite them all.
There is absolutely NO REASON to create a special, duplicated, or different corrective

action procedure here. The quality team deals with non-conforming products and
hazards every day, they should be approached using the same methods and
documentation already in place.
Make sure these references are clear, obvious, and appropriately notated so that
procedures only need to be updated in one location whenever possible! It can be
helpful to include a general statement regarding product disposition in the policy
section prior to mentioning it in the step-by-step procedure (should be the first thing
that happens after we made sure everyone is safe and we can all communicate). The
reference can look something like this:
“Product Evaluation and Disposition
Any product either already produced or in production in the event of a crisis shall
be identified, isolated, and evaluated for disposition using Corrective and
Preventative action investigation procedures and the food safety plan. Product
for which safety cannot be reasonably assured shall be isolated and recall
procedures initiated as necessary.
Product produced or released after a crisis response has been initiated shall be
evaluated for disposition using corrective and preventative action investigation
procedures. Product for which safety cannot be reasonably assured shall be
isolated and recall procedures initiated as necessary. Should crisis response
result in a process flow change, a new hazard analysis will be performed to
evaluate the controls necessary to maintain product safety.”
vi. The preparation and maintenance of a current crisis alert contact list,
including supply chain customers
vii. Sources of legal and expert advice; and

This is a tricky one, again, the goal is to avoid duplicating anything in this plan that’s
going to be reviewed annually anyway, but we really should make sure we know who
to call when disaster strikes (the recall plan has similar needs).
These lists may be in different locations, so make sure the plan explains how to access
them as well as the employee/department responsible for maintaining them.
For customers, we can use the contact lists the sales and customer service teams
maintain. However, these lists to be producible during an audit. Grabbing the sales
manager’s cell phone and explaining that “Dave J.” is the contact for a major grocery
chain is not going to fly. This is a good one to aggressively test annually, especially if
computer systems or key personnel are unavailable during the crisis. Where are the
phone numbers/email addresses, can they be produced, are we pretty sure they all still
work, and what will we do if they don’t?
There needs to be similar contact lists for company staff, but those tend to be
maintained by HR or office administration.
The final contacts that need to be available are providers of essential services. This is a
really helpful component of the plan, and one that’s very testable. Identify “essential
functions” of the business and the appropriate contacts. Common ones are utilities,
communications (phone and internet), government resources (police, FBI, USDA/FDA),
insurance providers, legal advisors (this is in the code, put someone down, insurers
usually have recommendations), and distribution partners; additional helpful contacts
would be contract service providers for things like emergency refrigeration (maybe
bring diesel refrigerated trucks on site), contractors for emergency building repair, and
equipment maintenance.
Here's an example of some essential function providers:
2.1.5.3 The crisis management plan shall be reviewed, tested and verified at least
annually.
2.1.5.4 Records of reviews of the crisis management plan shall be maintained.
Just like with other major elements, it’s often the plan review that trips folks up. Unlike
other policies that just need an “annual review” (a.k.a. read, modify, sign), this plan
needs to be exercised using a mock scenario like the recall or food defense plans.
Not going to lie. These are awkward. There are simple and helpful portions of the test,
like making sure that all of the contacts are still current/relevant and the planned
responses are still feasible. Detail those checks in the test documentation as it provides
evidence a thorough review was conducted.
However, auditors want a test with a mock incident. This entails coming up with a
scenario, going through the procedure, using the contact lists, and basically conducting
a roleplaying game of an incident. It can be fun…or it can feel silly. Depends on the
group.
My recommendation, pick a disaster that is very likely (no reason to do something

crazy like volcanic eruption or pandemic…wait) and talk through the plan with the
team. See if everything makes sense and do a hazard analysis on any changes that
would need to take place. Structural damage is a good candidate. It’s easy to think
about the existing facility and how to get up and running again while shielding product
from the elements, having to evaluate the disposition of items that were in the building
at the time, etc.
(bonus, you can also highlight some needed maintenance and use it to demonstrate
what the impact will be if that structure fails)
Document the review by writing down a hazard analysis formatted like the food safety
plan, the team’s ideas, and what resources would be need to be available (e.g. if the
phones don’t work how to we contact our senior decision maker?). Use the crisis
procedure as a guide and write down the team’s mock responses to each step.
This section of the code has been revised a lot, and will have various opinions attached
to how it should look, so be prepared to explain the documentation and rationale at
length. Once the specific elements of the code are checked off, the meat of the
auditing fall most heavily under the management commitment and review umbrella.
Auditors want to see that the team took it seriously and thought about how they will
make sure food safety is maintained in a crisis, not just when it’s easy.
Auditor red flags will go up if presented a plan that only has vague, generic crises like
floods or fire, and that the tests are similarly non-specific (what part of the building
was the fire in?). Other red flags will be any statements, both in the plan and spoken
during the audit, that claim “we just wouldn’t produce” or “we would shut down”.
Those aren’t appropriate responses because everyone knows better! If every crisis was
so catastrophic that the business was immediately destroyed no one would need this
plan. “We wouldn’t run” plans imply that the practitioner threw together a document to
meet the requirement and didn’t use it as a tool for food safety or hazard analysis.
The testing document needs to reflect a real consideration of an event, not just reading
the procedure and signing. It’s not a hard and fast rule, but testing documentation that
doesn’t include any plan revisions, corrective actions, or updates of any kind is going to
be assumed to have been on paper only. If indeed the team found nothing to update or
improve about the plan, document the crew’s thoughts and that conclusion, leaving no
doubt that the test was thorough.
The more the test documentation demonstrates that a group came together to fully
consider a crisis, the better. While it can be done with a checklist (and at minimum the
SQF elements should be reviewed), it will read much better as a narrative during the
audit.
If an all-star team is 5 years in and stuck in a rut on a well-prepared plan, throw

additional wrenches in the works! Make sure that flood takes out one of the raw
material suppliers so that the team needs to find and approve a backup. Or select
disasters that provide no government guidance (e.g. structural failures that affect
specific areas of the building or transportation/logistics concerns from a strike).
Remember that disasters that don’t happen INSIDE the facility will still affect it.
2.1.5 is an extension of the food safety plan, an opportunity to take hazard analysis
skills and make sure they can still be applied when things get crazy. Putting time and
thought into these scenarios is a demonstration of management commitment; that the
SQF system is not just “fair weather” guidance that goes out the window when times
get tough, but that we’ve incorporated them into our company’s priorities and that they
will remain so, even when everything is at risk.
Right now, around the world, food manufacturers are learning to work within the new
normal, a set of hazard considerations that they’ve probably never thought of that are
affecting every single part of their business model.
But here and there, there were trained SQF suppliers that were able to take a deep
breath and say, “okay then, let’s execute the plan and get these products moving.”
Author Biography:
Oct 16 2020 01:14 PM
by Simon
SQF from Scratch: 2.1.4 Complaint Management

2.1.4 Complaint Management
Complaints happen. No matter how close to perfect a system may be, if the quantities
are large enough, even the smallest of mistakes will ultimately reach customers.
Thankfully, some of them will take the time to let us know.
While it’s easy to see complaints as just a customer service issue, they also reveal the
best opportunities to improve our quality system, both by showing where the problems
are happening, and how much the customer cares about the defect. Our best systems
will look for metrics while we still have control of the product, but when someone takes
the time to pick up the phone or write an email, we need to make sure those
individuals aren’t revealing larger problems that have escaped our attention.
The code:
2.1.4 Complaint Management
2.1.4.1 The methods and responsibility for handling and investigating the cause and
resolution of complaints from customers and authorities, arising from products
manufactured or handled on site, shall be documented and implemented.
2.1.4.2 Trends of customer complaint data shall be investigated and analyzed by
personnel knowledgeable about the incidents.
2.1.4.3 Corrective action shall be implemented based on the seriousness of the incident
and as outlined in 2.5.3.
2.1.4.4 Records of customer complaints and their investigations shall be implemented.
Food manufacturing is different than making food at home. If you’re reading this
article, you probably already know this. However, it’s not because it’s a business, is
subject to regulations, or the products aren’t meals that are eaten immediately.
It’s different because food manufacturers make so much more food than any individual
is ever going to make in their lifetime. That means a mistake that might be rare in the
home, such as breaking a glass, can become a common occurrence when handling
thousands of glasses every day instead of one or two, even if we’re extra careful.
It’s similar to thinking about the lottery. Buying the winning ticket is an uncommon
thing, and no one should expect it to happen to them. However, one of the millions of
tickets sold winning the lottery is a common occurrence, and should be expected.
Responding to complaint feedback and recording it appropriately allows companies to

identify trends that can be traced back to a specific issue.
In the worst-case scenario, practitioners play the role of epidemiologist, identifying a

potential outbreak related to the product based on reported illness. Much more
commonly, complaint analysis identifies a gap in the system or malfunctioning
equipment. Maybe a piece of rubber gasket material that’s been slowing falling apart or
a transport issue in the cold supply chain.
Regardless of size or product, every company enjoys the benefit of 100% inspection
when the products are finally opened and eaten by the consumer. Complaint
management is how we can use that inspection step to verify that our intermittent
sampling and inspection activities are doing their job.
Policy document
To start, there needs to be a policy document in place that identifies the who and how
the company responds to complaints and how to determine whether more action is
needed. Generally, this will identify the SQF practitioner (or designee) as the one
responsible for determining the seriousness of the complaint, and thus the seriousness
of the response. This policy/procedure will also define what documentation is used and
where it will be kept.
Policy Example:
I. POLICY
All complaints from customers or authorities that suggest or reflect a failure of

product safety shall be entered into the complaint management system.
Any employee may log a complaint into the system, but only the SQF practitioner
or designee can review and close a complaint investigation.
The SQF Practitioner or designee will use the complaint management system to
analyze complaint data for trends, investigate potential root causes, and present
data to management.
Complaints shall be considered valid and initiate investigations/corrective actions
if:
There is enough information to determine where/how the defect may have

occurred (e.g. what product, specific descriptions).
The customer can provide pictures of the affected products or ship them
back.
A food safety or medical authority is involved.
The complaint is part of a trend or known issue.
The available information demonstrates the complaint is not a matter of
consumer preference or incorrect handling of the product.
Complaint investigation and corrective actions shall be carried out in response to

observed trends and seriousness of the complaint according to our corrective
action procedure.
Complaints need to be taken seriously…but what does that mean?
Depending on the product, consumer suspicion can swing wildly from deeply distrustful
to “that wouldn’t get me sick in a million years”. The code says the response should be
proportionate to the complaint, and that evaluation criteria needs to be defined in the
procedure (like in the above example).
No matter what, make sure every complaint is logged for trending, but complaints
alleging illness or injury require a more detailed response proportionate to the validity
of the complaint. “My stomach hurt after eating your bacon” will demand a different
quality of investigation than “my physician believes that this is salmonella, and your
product (pictured here) appeared undercooked when I ate it 3 days prior.”
The complaint record
After creating a policy document defining who and how, we also need to include the
what. Complaint documentation is going to be used by anyone at the company who
might answer the phone and be subject to the wrath of the upset customer, so the
form should be intuitive and flexible. Sometimes the only information available is an
angry voicemail!
Complaint record example:
This record includes all the information we might want to get regarding the product, it’s
origins, contact info from the customer, and a way to show the review actions taken by
the SQF practitioner (or designee). Keep in mind that the only action taken may have
been to determine whether the complaint was valid and logged for trending, or that no
other information was available.
Keeping these forms will meet the requirements to have records of customer
complaints and the review/actions taken (combined with corrective action records as
needed).
Trending
Most public health agencies don’t consider something an outbreak until there are at
least two unrelated cases (there are exceptions). So, when a complaint is received,
how do we identify if it’s part of a trend or not? This is where the record created above
is NOT useful, because a file cabinet full of complaint records does no good.
Create a database of some kind that has the critical product information, so that the
nature of the complaints can be categorized and presented to management.
This database can be as simple as the date the complaint was received, the product
and traceability info, and categorically what the issue was. Complaints of illness or
injury should also be called out, as those are going to require more complete
investigations.
For a video with detailed instructions on how to create a database like this in excel,
click here.
Once a database is made, use graphs and other reporting tools to watch for trends, or
simply look at the data and document a narrative of relevant/actionable observations.
Example graph trending by product:
Example trending by narrative:
January 2020
We received 12 complaints in January, most were feedback on the change in almond

supplier (more loose skin pieces). However, there was one complaint of a found screw
in the product that was determined to be valid. A brief search of our records shows one
other screw found in November that looked the same. I have alerted maintenance and
sent them the picture and they are examining the trail mix line to determine where the
screws are coming from. Will update when we have closed the CAPA.
After reviewing complaints for trends, include the graphs or narrative in a management
report and document any observations/corrective actions/investigations that were
initiated. Make sure to also close the loop on previous issues and document whether
previous investigations/corrections were successful.
For more on how to present complaint trends to management, see SQF From Scratch
2.1.3 Management Review.
This and similar programs tend to be audited in this order:
1. Show the policy

2. Show the records
3. Show the management review
4. Show the follow up
The policy review is the strict code audit, is everything there represented in the
procedure? Does it have the criteria for “validity” and “seriousness” of the complaint?
Who reviews and how?
Next are the records, are they complete, are they readily available, and do they provide
useful information. Here it is still helpful to make sure the complaint database doesn’t
get polluted with “customer service” type complaints (e.g. billing) as it makes it hard to
review for problematic trends.
Auditors will also typically ask for any complaints from authorities (e.g. public health) or
complaints of illness specifically, as those will definitely need complete investigations
and corrective actions attached. If those investigations are missing, it gives the
impression that complaints are just recorded and brushed off as irrelevant or random,
which is no good.
Finally, the trending and management communication portion tends to trip up a lot of
companies. Many of us cover these items in weekly or monthly meetings verbally, but
there needs to be written documentation that these trends were reviewed and it was
determined if action was necessary or not. If action was necessary, additional
documentation needs to be readily available showing the corrective actions taken. This
should fall under the corrective action procedures and be neatly summarized in the
management review records.
For a known issue, it can be easy to forget the follow up, or forget to tie it back to the
original complaint. Make sure that the CA documentation is duplicated and attached to
the complaint, or cross-references it in some other way (e.g. complaint number).
For a smooth audit, identify in advance some recent complaints or complaint trends
that were valid, have a complete investigation, and a happy ending. Don’t let an
auditor go fishing through the entire complaint history looking for the one they think
deserved more attention. Find one that’s relatively harmless, for example a packaging
defect, and demonstrate the complete history of the investigation, resolution, and
follow up. The goal is to give the auditor confidence that they can “check the box” and
think, “yep, I saw all of these code elements in action from start to finish on a
complaint that mattered.”
Trivial documentation issues in other complaints will be less of a big deal if the
company can demonstrate real and actionable response and follow through on an
important one. As with any program audit, if the practitioner can demonstrate that the
intent of the requirement is achieved and documented, it is much easier to glide
through disagreements in language used or auditor documentation preferences.
2.1.4 is a unique challenge because every facility is going to have a very different
“portfolio” of customer complaints. Some are going to have complaints from industry
customers in the know, reporting back specification failures and micro results; others
will have complaints from concerned parents who report the product is a different color
or clumping unusually. They key is to make sure this feedback is seen as valuable, and
that we use trending tools to evaluate our system.
Because while the odds of a winner are small, we sell a lot of lottery tickets every day.
Author Biography:
Jun 29 2020 12:42 PM
by Simon
SQF from Scratch: 2.1.3 Management Review

2.1.3 Management Review
These first few elements established the relationship site management needs to have
with the food safety system. SQF is not just an exercise for the practitioner.
First, we had management identify that food safety is part of our business mission, not
just something we have to do.
Then, we made them put their money where their mouth is by designating an SQF
practitioner and showing employees how the top levels of the company are ultimately
responsible for that mission.
Now, we need to make sure that long after we’ve created these policies, the people in
charge are going to receive the information needed to uphold that responsibility every
day, long after we’ve attained certification. We’re also going to make sure that this
system stays alive, and doesn’t become a binder on the shelf that just gets whipped
out when the auditor arrives, and no one at the company has any idea what’s inside.
The code:
2.1.3 Management Review
2.1.3.1 The senior site management shall be responsible for reviewing the SQF system
and documenting the review procedure. Reviews shall include:
i. The policy manual;
ii. Internal and external audit findings;
iii. Corrective actions and their investigations and resolution;
iv. Customer complaints and their resolution and investigation;
v. Hazard and risk management system; and
vi. Follow-up action items from previous management review.

2.1.3.2 The SQF practitioner(s) shall update senior site management on a (minimum)
monthly basis on matters impacting the implementation and maintenance of the SQF
system. The updates and management responses shall be documented. The SQF
system in its entirety shall be reviewed at least annually.
2.1.3.3 Food safety plans, good manufacturing practices, and other aspects of the SQF
system shall be reviewed and updated as needed when any potential changes
implemented have an impact on the site’s ability to deliver safe food.
2.1.3.4 Records of all management reviews and updates shall be maintained.
“Oh my goodness”, you may think, “we have to review EVERYTHING at least once a
YEAR?”
Yes.
I spend a lot of my time working with QA departments on making their systems more
flexible, easier to maintain, and reduce overall paperwork because unnecessary clerical
work hurts our ability to make safe food (even if it makes it look like we are).
But that’s just it, we want to make systems that follow our golden rule, which means
we use them and we integrate them. We review them constantly to make sure that
nothing has become obsolete.
We review them to make sure that they still make sense to our business.
We review them to make sure the science is still holding up.
We loosen requirements for things that are no longer an issue and tighten them for
things that are affecting our customers.
And an SQF practitioner who is ready to demonstrate how they attain food safety, not
just provide a bunch of forms that say they do, needs to be an expert in their own
policy manual.
What’s the point of an SQF practitioner, not to mention a company point person for
audits, if they don’t know their own systems backwards and forwards? Knowing how all
of the pieces of the system connect together not only helps avoid creating redundant
waste, it also shows where there are gaps.
So, what’s a review? It depends.
Policy Manual and Hazard and risk management system (food safety plan)
For a “policy manual”, a.k.a. the “register” of controlled policies, procedures, and food
safety plan that make up the system; the review is of the system rather than its
outputs.
The review of a policy manual document (SOP, Policy, Procedure, Food Safety Plan)
should entail:
A complete read-through by the SQF practitioner
The opportunity for stakeholders in the procedure to review or request any
revisions
Note: Stakeholders change, not everyone needs to see the waste

management SOP, but top levels do need to see the food safety plan
If no changes, documentation that the review actually took place.
Note that if we’re talking about the food safety plan or product specifications, reviews
aren’t going to just be scheduled annually; they’ll be prompted by new products,
ingredients, suppliers, equipment, and facilities. “Annually” does not mean “once per
year”, it means “no less than once per year”. This is specified in 2.1.3.3 but should be
obvious to any company actually using its system. A food safety plan that doesn’t
include the newest product line is a big red flag indicating that it isn’t used. This would
be reflected as a non-conformance to 2.1.3 or 2.1.2 (if it didn’t just fall under the plan
requirements).
Depending on the company’s level of integration and support in the SQF system, those
other stakeholders in the policy may not actually thoroughly review things. That’s not
ideal but does not stop a practitioner from making helpful documents. As long as their
own review is thorough and they audit whether those policies and procedures are
actually followed, the documents stay alive and relevant.
Companies should never have something written down in the policy manual
that doesn’t happen. Either it’s important enough that it actually needs to be done,
or it doesn’t and it has no business being in the manual. Keeping something there just
because an auditor may want to see it violates our golden rule:
Never make systems to “pass audits”. Make systems that work for your
company that help it make safer/higher quality products more efficiently.
This can be very tough for some quality personnel to grasp, as they may have been in
a quality environment where their performance is based on auditing or “making sure
we follow the code”. That’s a management error. If there is a company issue where a
policy requirement does not have good follow through or buy-in from other
departments, it needs to be adopted or dropped. It turns out that when quality
personnel spend time doing those tasks (usually by spending time in production), not
just asking for them to be done, or when they have to actually draw lines in the sand
for everything they specify in an SOP, those “auditable” things in documents tend to go
away, making them better documents that support the most critical components.
As each document is reviewed, the practitioner should ask and answer these questions:
Does this document still support it’s intended purpose?

Do we actually practice this document as written without exceptions?
Are any of the requirements/procedures obsolete?
Are any of the justifications obsolete?
Is new information available that should change how we do things (e.g.
complaint trending, internal audits, industry changes)?
Nothing in that review process is oriented around “meeting the code”. Reviewing is
used to make sure that our documentation supports a system that produces safe food
in the most efficient manner possible.
Some auditors may disagree. That’s okay, their responsibilities are different than ours.
This doesn’t eliminate the reality that we need to make sure the SQF code is supported
by our policy manual. Heck, that’s the entire point of this article series! So how to we
get this taken care of?
My recommendation is that practitioners conduct a separate, annual review using

the SQF checklist. This review is the one everyone is more familiar with, but it’s less
important than what we discussed above, where we review the efficacy of our systems
rather than conformance to code.
For this review, examine each individual clause in the code, and make sure it’s
supported within all of the various documentation in the policy manual and records.
This review does not need to include anyone but the audit team, and should be used
as an opportunity to prepare for the audit. The intent is to make sure all of the
elements are actually covered somewhere in the system. Not by copying and pasting
them, but by showing that the company has incorporated them into their own policies
and procedures.
This review has the secondary benefit of documenting itself in an auditor friendly way
(using the checklist). I like to use it as a training opportunity for backup auditors or
folks wanting to learn the code better, and it can be run like a mock/practice audit.
Documenting policy manual reviews
Documentation can be extremely varied, but it’s important to make sure that time is
only spent recording information that may be helpful in the future, avoiding
documentation for documentation’s sake.
Proof of review of a policy can be accomplished in several common ways:
1. The classic revision table at the end of the document
Simple, to prove things are reviewed, just put it in the document itself. This is super
common, but somewhat cumbersome. In this setup, in order to verify that every
document has been reviewed, every document needs to be inspected. Further, this
table is just one more place where errors can occur when new revisions are created
(woops, forgot to add the changes!).
2. The review coversheet

Some organizations get a step closer and think, “Our pest control policy is good to go,
so why go through the effort of issuing a new revision? Let’s document that everyone
took a look at it and keep that on file instead!”. It’s not bad, but if we’re documenting
something with everyone’s signature on it already, all we’ve done is created two
documents that need to be archived, the SOP’s and the reviews. Plus, if changes WERE
made, the same amount of work needs to be done, but now it requires two sets of
signatures instead of one. Seasoned document controllers know that the time it takes
to issue new revisions is not consumed by the editing time, but trying to get all of the
approvals.
3. New revisions & the review database

A lean solution to making sure you keep your documents clean and recently reviewed is
to simply have your SOP’s make the rounds for signatures annually, even if they contain
no changes. The same stakeholders need to approve them again, no problems there,
you don’t need to update the revision number if you don’t want or need to, since the
signatures will have dates indicating a recent review. To document changes made (if
needed), keep a separate database or file where you can sort for any document and
pull up the history of changes at any time. Boom, documentation that’s organized for
your use. We can also be detailed and keep all old revision information without taking
up additional pages on each policy.
This is going to cover most of our review documentation needs. As far as timing, going
by previous approval dates reviews should naturally happen on a rolling schedule. This
makes sense from a business practicality stand point, but occasionally auditors will get
fixated on the statement in 2.1.3.2, “The SQF system in its entirety shall be reviewed
at least annually,” and expect some sort of master review that happens once a year.
This is worth arguing over since a simultaneous review of everything is both impractical
and supports the idea that we shouldn’t ALWAYS be reviewing these policies. However,
if you did do the SQF checklist review with your audit team, you can show it to the
auditor and be done with it.
Audit findings, corrective actions, complaints, investigations, follow up items
This group of materials to review are the outputs of your system. Like we discussed
above, the point of this clause is to make sure that management has the information
necessary to support the food safety mission and allocate resources accordingly. This
means that critical information from the QA teams needs to be presented to them, at a
minimum monthly.
Often management teams meet more often, which is excellent! The tricky non-
conformance catch here tends to be due to the lack of documentation of these
meetings. Not every meeting has or needs minutes, especially if your QA update is
something as simple as “no complaints or issues this week”. Taking the time to write up
minutes that cover every word of 2.1.3 is tedious and cumbersome.
Any time we use our scarce minutes or hours to put something together, just so it can
be reviewed in seconds by an auditor, it had better be useful to the company and its
food safety systems. AKA it should follow our golden rule.
Instead of documenting every individual meeting with management) where multiple
topics are discussed and actions are often delegated to other levels), put together a
monthly digest of pertinent QA information and distribute it to ANY stakeholder that
would be interested. Here’s an example of what such a review could look like:
Compared to how I usually coach documentation, this one does take some time to put
together, especially if individual programs don’t have a lot of automated or simple
reporting built in. However, it’s a crazy valuable tool to meet a TON of
documentation/communication requirements in the code (across multiple elements,
thus consolidating paperwork), and it’s very helpful to communicate not only what’s
going on in quality to multiple teams, but also the value the quality team is adding to
the company.
Sometimes QA works in the background and has a hard time demonstrating that work
is being done, this report is a communication tool to show the value QA personnel are
adding to the facility in a real way. This leads to better buy in and understanding from
other departments. Heck, paper copies can be provided to the entire production floor
or have portions shown in a breakroom posting for anyone interested.
How this form is constructed is entirely up to each company, as the focus areas are
going to change based on challenges and product categories. If other system outputs
(like complaint tracking) already have good databases for trending and reporting, it can
be incredibly quick to put together. The key is to keep it simple for a lay audience. It
isn’t an internal QA document, it’s for the CEO, plant manager, marketing manager, or
whomever to understand what QA is currently doing to make the products safer and
higher quality.
The review procedure
We do need to document how these reviews are intended to be performed. But it

doesn’t need to be extremely explicit as long as we can, as always, demonstrate that
it’s happening. I’ll typically have an SOP called “internal audit” which is intended to
cover the policy portions of 2.5.5. In that SOP, I’ll specify the creation of the monthly
report outlined above.
Example:
1. Management Updates
a. Every 30-40 days, senior management shall receive an “Monthly Quality Update”
that covers matters impacting the implementation and maintenance of the SQF system.
That’s all you need! When crafting the policy it is not necessary to copy the language of
the code as long as the monthly update includes all of the information the code
requires (like in the above example).
For policy and procedure reviews, I’ll typically include this policy in my document
organization/control SOP that supports the recordkeeping and review requirements of
section 2.2. I’ll include a tidbit like this one:
1. Review procedure:
a. SOPs shall be routed for revisions/review at least annually.
At a minimum, as the auditor goes through each of the policies and procedures, they’re
going to look for a document revision change or review within the last 12 months. It’s
often not a big deal if one or two are “out of date” by a month or so, especially if a
draft is making the rounds. However, if all of them are in that window, it demonstrates
that reviews are only taking place around the audit, which doesn’t look great.
Reasons for changes need to be available, but are typically only looked at critically
when they are justifications for changing requirements or specifications. E.g. if you
started to clean something only every 48 hours instead of 24, that’s a change that
needs justification documented.
Changes to process flows or other aspects of the food safety plan will need to have
new validations etc. in place to justify the change. If they’re missing this, it often
becomes a non-conformance in 2.4.3. But if it’s a matter of there being no record of
the new product line getting an analysis at all, it technically would fall under
management review. The first example is a failure to follow HACCP principals, the
second is a lack of review to make sure the food safety plan stays relevant.
Auditors will seek evidence that management updates turn into actions. If the monthly
reports have been getting done, they should also include corrective actions and
changes driven by management in response to previous versions of the report. This is a
tricky auditing nuance, because auditors love lists and columns. They want to see a
form that has: finding, response, who’s responsible, timeframe, time completed, issue
closed.
You don’t have to do this again and again on paper, and you shouldn’t. Continuous
improvement is just that, continuous. The documentation exists if they’re consistently
included in the reports, and the practitioner needs to be able to guide the auditor
through the narrative.
Have one or two solid examples ready for the audit. If there was an increase in
complaints for labels falling off products, show the progression of that in the monthly
updates!
One month showed a complaint increase and an investigation.

The next month a corrective action.
The next month shows a note that QA implemented the new supplier/quality
check/machine/whatever that was needed.
The next month shows how the complaints trended down.
This is a process of ongoing communication, but it is on the practitioner to demonstrate

to the auditor how that works in your facility, not create yet another form to summarize
it for the auditor. Again, practitioners need to know their own system well enough to
demonstrate that it meets the code, not tailor it for ease of audit.
If you can’t think of examples, you’re either not giving yourself enough credit for the
improvements you’ve made, or your company is not continuously improving. Usually it’s
the former.
2.1.3 does one thing effectively. It demonstrates whether a bunch of documents were
created solely to get the SQF certification and keep it, or if SQF elements were
integrated into the quality system. Companies who do not meet the elements of 2.1.3
have the following characteristics:
Only the SQF practitioner knows where the policies are

Only the SQF practitioner can lead an audit
The food safety plan hasn’t changed since it was made
Management has no idea what QA does day to day
SOP’s contain procedures that aren’t followed and forms that aren’t used (the
binder is bloated)
SQF practitioners don’t remember what all their procedures are during the audit,
or perhaps where to find them
If an element of the system has not changed, it should be challenged to make sure it
still holds up.
Author Biography:
Jun 29 2020 12:44 PM
by Simon
SQF from Scratch: 2.1.2 Management Responsibility

Remember, the goal is not “Audit ready 365”, it’s to know that our facility embraces
globally recognized best practices to maintain food safety. Because of this, as we dive
into each element, we must always remember the quality management system golden
rule: Never make systems to “pass audits”. Make systems that work for your
2.1.2 Management Responsibility
Following right up on commitment. In addition to identifying our mission of food safety,

we also need to determine who will be held accountable for that mission. Where does
the buck stop? How are we going to make sure that our new commitment to food
safety isn’t just a plaque on the wall, but is a living, breathing (and costly) endeavor?
Some things will be a paperwork exercise, sure, after all everything important happens
on paper. But we also need evidence that we have used the time and resources
necessary to make sure that competent people, with the right expertise, are making
our food safety plan a reality.
The code:
2.1.2 Management Responsibility
2.1.2.1 The reporting structure describing those who have responsibility for food safety
shall be identified and communicated within the site.
2.1.2.2 The senior site management shall make provision to ensure food safety
practices and all applicable requirements of the SQF System are adopted and
maintained.
2.1.2.3 The senior site management shall ensure adequate resources are available to
achieve food safety objectives and support the development, implementation,
maintenance, and ongoing improvement of the SQF System.
2.1.2.4 Senior site management shall designate an SQF practitioner for each site with
responsibility and authority to:
i. Oversee the development, implementation, review, and maintenance of the

SQF System, including food safety fundamentals outlined in 2.4.2, and the food
safety plan outlined in 2.4.3.
ii. Take appropriate action to ensure the integrity of the SQF system; and
iii. Communicate to relevant personnel all information essential to ensure the
effective implementation and maintenance of the SQF System.
2.1.2.5 The SQF practitioner shall:
i. Be employed by the site as a company employee on a full-time basis;

ii. Hold a position of responsibility in relation to the management of the site’s
SQF System;
iii. Have completed a HACCP training course;
iv. Be competent to implement and maintain HACCP based food safety plans;
and
v. Have an understanding of the SQF Food Safety Code and the requirements to
implement and maintain SQF System relevant to the site’s scope of certification.
2.1.2.6 Senior site management shall ensure the training needs of the site are
resourced, implemented, and meet the requirements outlined in system elements, 2.9,
and that site personnel have met the required competencies to carry out those
functions affecting the legality and safety of food products.
2.1.2.7 Senior site management shall ensure that all staff are informed of their food
safety and regulatory responsibilities, are aware of their role in meeting the
requirements of the SQF food safety code, and are informed of their responsibility to
report food safety problems to personnel with authority to initiate action.
2.1.2.8 Job descriptions for those responsible for food safety shall be documented and
include provision to cover for the absence of key personnel.
2.1.2.9 Senior site management shall establish processes to improve the effectiveness
of the SQF System to demonstrate continuous improvement
2.1.2.10 Senior site management shall ensure the integrity and continued operation of
the food safety system in the event of organizational or personnel changes within the
company or associated facilities.
2.1.2.11 Senior site management shall designate defined blackout periods that prevent
unannounced re-certification audits from occurring out of season or when the site is
not operating for legitimate business reasons. The list of blackout dates and their
justification shall be submitted to the certification body a minimum of one (1) month
before the sixty (60) day re-certification window for the agreed up on unannounced
audit.
If you follow companies who either have large outbreaks or legal action, a common
thread tends to be that company representatives blame a lack of information or
appreciation for the details necessary to make good food safety risk management
decisions. They respond to regulators with their hands up in the air saying things like:
Wait, there are regulations covering a product like this?

We’ve never gotten sick and we’ve been eating our own foods for years.
Hey, nothing is 100%.
It must have been someone else.
But we use only the best ingredients.
Our test results don’t say what yours do.
We’ve never heard of this requirement.
It hasn’t been a problem before.
I don’t understand what you want us to do, we don’t know how to fix this.
This stuff is hard to do, and just as important as being willing and capable to learn the
details is knowing when you may not have them all. In smaller companies, where
capable people in other roles are moved into food safety roles, there can be issues with
knowledge gaps. 2.1.2 establishes the need to make sure you have proper expertise on
site, and that everyone is made aware of the decisions being made so that
accountability is shared.
This one’s a pretty stout element with a lot of details, so let’s break it down line by line.
2.1.2.1 The reporting structure describing those who have responsibility for food safety
shall be identified and communicated within the site.
Your business probably already has an organizational chart showing reporting structure,
so this one is nearly done! What SQF wants to see is that you know who is responsible
for food safety.
It’s not just the Manager or SQF practitioner!
Food safety responsibility mostly falls on the production floor. Floor employees need to
know they are the first and most important element in this system. After that, they
need to know who’s head to go over when they have a food safety concern. Identifying
this in your reporting structure can happen in a variety of ways. My favorite is placing it
directly in the org chart.
If you need an org chart, there are a million different tools to make one. I typically
recommend one in particular, since most employers already have it on site and it’s a
surprisingly powerful tool, Microsoft PowerPoint.
Despite there being a dedicated flowchart tool in Microsoft Visio, that’s another license
to buy for every user that needs access. Dynamic flowchart shapes are available in
PowerPoint with many of the same controls, and PowerPoint generates vector images
that can be printed clearly in any size.
You can find the flowchart tools when you go to “shapes” on the insert ribbon.
The connector arrows once connected to flowchart shapes will stay connected when
moved around or resized, just like Visio, all you need to do now is fill in the names and
titles like this example below:
Now how can we identify those with responsibility for food safety? Simply add a
qualifier of some kind, like a color or a code to the applicable portions of the chart. I’ve
used both in the example below (remember you only need one!):
There, now it exists, but still must be “communicated throughout the site”. You can
post it somewhere like an employee notice/safety board, or make it a controlled
document and include it with your regular training and employee resources. The end
goal being that your employees know where to find it in case they need to run
something up the ladder.
2.1.2.2 The senior site management shall make provision to ensure food safety
practices and all applicable requirements of the SQF System are adopted and
maintained.
This one feels a bit redundant; it’s going to be supported by later portions of the code,
particularly training and internal audits. There’s no specific action here other than
showing evidence of implementing and enforcing food safety practices. We can move
on.
2.1.2.3 The senior site management shall ensure adequate resources are available to
achieve food safety objectives and support the development, implementation,
maintenance, and ongoing improvement of the SQF System.
Again, this portion of the code doesn’t require a specific form or policy to be in place.
It’s going to be audited throughout the entire system. If things are out of repair, not
being improved, or otherwise not happening due to time or cost constraints, it becomes
evidence that 2.1.2.3 has not been supported.
2.1.2.4 Senior site management shall designate an SQF practitioner for each site with
responsibility and authority to:
i. Oversee the development, implementation, review, and maintenance of the

SQF System, including food safety fundamentals outlined in 2.4.2, and the food
safety plan outlined in 2.4.3.
ii. Take appropriate action to ensure the integrity of the SQF system; and
iii. Communicate to relevant personnel all information essential to ensure the
effective implementation and maintenance of the SQF System.
Here we are, the SQF practitioner. You must designate, either on your organization
chart or in a job description, the individual(s) who is(are) ultimately responsible for the
effective implementation of the system. This can be the CEO, a dedicated quality role,
or anyone that makes sense for the company size and structure, but they need in their
job description both the assigned role of SQF practitioner, and the authority to do it
effectively.
Here’s an example of how to integrate assignment of a practitioner into a job

description, my preferred method since these descriptions need to be made regardless:
Other ways to designate are to include the designee in the management commitment
statement, or identify them on the organization chart similarly to how we selected
individuals responsible for food safety. The point is that a specified individual was
chosen, they have sufficient authority, and other employees know who they are.
2.1.2.5 The SQF practitioner shall:
i. Be employed by the site as a company employee on a full-time basis;

ii. Hold a position of responsibility in relation to the management of the site’s
SQF System;
iii. Have completed a HACCP training course;
iv. Be competent to implement and maintain HACCP based food safety plans;
and
v. Have an understanding of the SQF Food Safety Code and the requirements to
implement and maintain SQF System relevant to the site’s scope of certification.
Here we’ve reiterated the basic requirements of a practitioner, but also provided some
additional detail on what needs to be on file. As above, first and foremost the SQF
Practitioner needs to be a paid employee with sufficient authority to get things done in
the production areas. No interns, no offsite sales representatives, no lawyers on
retainer.
A HACCP training course is required (specifically CODEX HACCP, not an FDA juice
HACCP, seafood HACCP, and NOT Preventive Controls Qualified Individuals classes,
though if you’re in the US those will be required for regulatory compliance reasons).
Note that no where in the code or guidance does SQF use the term “certified”.
A personal pet peeve of mine is inappropriate use of the word certified. Certified means
that some sort of organization determined that you met their standards and said you
can call yourself certified. Therefore, if you want to take my class about HACCP under
Fur, Farm, and Fork’s standards, I can call you “certified” under the FF&F standard for
HACCP.
Certifications are only meaningful based on the granting organization, if someone
claims they’re “certified” anything, the key question to ask is “according to whom?” It’s
similar to saying something was “published”. As much as I’d like to claim everything
“published” on furfarmandfork.com holds the same weight as something published in
“science”, unfortunately that’s not the case.
SQF makes no requirements what “standard” of HACCP training is needed, other than
training needs to exist on paper. Therefore, as an example you could take IFSQN’s
compact, inexpensive, 4 hour class. By doing so, you’ve met the written requirements
of the code and you even have a certificate to show an auditor when they ask. Done
and done.
Anything demanded other than “HACCP training was provided and documented” is not
code but auditor preference. However, when preference becomes a fight it may not be
worth starting to argue early in the audit. Besides, additional training isn’t a bad thing.
One industry gold standard for HACCP training is a workshop type HACCP class that
incorporates at least 16 hours of classroom time, and is accredited by an organization
with some recognized weight such as the international HACCP alliance.
Many certifying bodies sell HACCP training/certification services, feel free to take
advantage, but remember that the code does not require anyone’s specific training
(despite what salespeople say). Of course, you won’t be able to support the efficacy of
the training you received if your HACCP plan isn’t up to snuff, which is why the code
follows up the training requirement with “Be competent to implement and maintain
HACCP based food safety plans”.
The evidence that the training was effective will be in the plan. If the plan does not
include monitoring and verification of critical control points, and you have no idea that
it’s incomplete, that’s nonconformance with 2.1.2.5. You demonstrated that the
practitioner does not have the required competency to make a functional plan, and it
may have been because they didn’t have effective HACCP training.
Finally, SQF basically says that the SQF practitioner needs to know the code well
enough to implement it. Again, this can be accomplished through either training,
experience, consultant help, or personal study, but it will be evaluated during the audit
based on how many times you say “I didn’t know that was in the code”. So, do
whatever is necessary to know this stuff; If you’re reading this blog series, you’re on
the right track 😉.
2.1.2.6 Senior site management shall ensure the training needs of the site are
resourced, implemented, and meet the requirements outlined in system elements, 2.9,
and that site personnel have met the required competencies to carry out those
functions affecting the legality and safety of food products.
Again, this is reiterating that the training requirements we’ll go into detail on later have
evidence that they’re effective, no specific action here other than showing that the
auditor is looking for competence, not just paperwork exercises.
2.1.2.7 Senior site management shall ensure that all staff are informed of their food
safety and regulatory responsibilities, are aware of their role in meeting the
requirements of the SQF food safety code, and are informed of their responsibility to
report food safety problems to personnel with authority to initiate action.
The first portion of this is again going to be based on employee interview, knowledge,
and demonstrated competency during the audit. However, hidden in this clause is an
obvious but not always written requirement that “employees are informed of their
responsibility to report food safety problems”.
This can be embedded in the management commitment statements, an employee “day

one” SOP, or other training tool. But an employee on the floor needs to be able to say
they know that they need to report when something has gone wrong and that they
have the support and authority to do so.
Keeping it simple: this reporting method can be as simple as “report to supervisor as

soon as condition is observed”. But this reporting method needs to be actually written
down and documented in a trained policy or procedure.
The culture change necessary to make consistent reporting a reality is hard, but the
demonstrated training portion is easy. When training employees on the basics on day
one like when to wash hands, PPE, etc., include a responsibility to report food safety
problems.
2.1.2.8 Job descriptions for those responsible for food safety shall be documented and
include provision to cover for the absence of key personnel.
Everyone identified as personnel responsible for food safety in the org chart needs a
job description, and that job description specifically needs to call out that they have a
responsibility to food safety. But, there’s no requirements about formatting, content,
etc. except one.
In general, when approaching required paperwork for SQF, if they’re mandatory, make
them useful to your business. Work with the HR team to generate job descriptions that
clarify responsibilities and competencies for employees in key roles and use it for
performance accountability. I’ve got a template below of a bare bones description that
I’ve found useful.
There is that one specific requirement for “provision to cover for the absence of key
personnel.” Key here is that SQF wants to make sure that food safety isn’t dependent
on the practitioner being on vacation, but that the company maintains both standards
and tools (e.g. can’t stop verifying thermometers just because the lab tech is out)
rather than just placing it all contingent on one person’s presence.
Why I don’t like this provision is that it requires it to be written into the job
descriptions. Job descriptions aren’t usually very “live” documents, and making (SQF)
certified suppliers document this specific provision in a specific place is burdensome. In
my humble opinion, this should be audited similar to other responsibility provisions in
that the proof will be in actual demonstration of the coverage. Instead it becomes a
checkbox on the audit list, making this is a very common non-conformance when
suppliers don’t follow the code and place it exactly where it’s supposed to be in the
paperwork.
So, the most audit-proof way to meet this requirement I’ve found is to take the code
very literally, and add a “coverage in absence” line to your job descriptions.
Alternatively, you might be able to get away with a more general statement that relies
on your org chart. Instead write “Coverage in absence: Direct supervisor (see
organization chart)”. This would be pretty solid, defensible, and per the code technically
written into the job description. You only run into trouble if for some reason coverage
isn’t actually provided by a supervisor but by a subordinate. For example, a lab
manager may do all of the micro CoA review, but when they’re out a senior technician
may cover that task for a week. So be careful with that one.
2.1.2.9 Senior site management shall establish processes to improve the effectiveness
of the SQF System to demonstrate continuous improvement.
Once again, this will be demonstrated through internal audit and management review
systems to be discussed further.
2.1.2.10 Senior site management shall ensure the integrity and continued operation of
the food safety system in the event of organizational or personnel changes within the
company or associated facilities.
Basically, if an SQF practitioner gets laid off or goes on leave, is everything going to fall
apart? This is another one that will be demonstrated via observation during the audit.
If things have fallen through the cracks that are normally done (supplier review,
internal auditing, reporting, verification tasks) and the excuse is that there was an
organizational change, that’s a problem under this clause. Doesn’t matter if you just
moved into a new building or got a new boss, the standards are supposed to continue
to be met.
2.1.2.11 Senior site management shall designate defined blackout periods that prevent
unannounced re-certification audits from occurring out of season or when the site is
not operating for legitimate business reasons. The list of blackout dates and their
justification shall be submitted to the certification body a minimum of one (1) month
before the sixty (60) day re-certification window for the agreed up on unannounced
audit.
Basically, SQF has no interest in auditing a seasonal facility that is not producing
anything that month. Alternatively, if the facility only operates Mon-Thus. Then SQF
doesn’t want to pop in unannounced on a Friday and find nobody there. On years with
unannounced audits, communicate with the certifying body regarding what days are
actually going to be worth visiting.
As a bonus, you can also try to specify blackouts like planned vacations for key
personnel or your SQF practitioner(s). While the SQF system needs to be maintained
when those people are out, Audits are a different situation that does not require
everyday coverage. There’s an expectation that the system is maintained, but certain
folks will be able to explain the system in its entirety during an audit that others will
not. I’ve had good luck with CB’s when blacking these out, provided it doesn’t defeat
the purpose of an unannounced audit by blocking out the majority of the window.

SQF guidance tells auditors to be patient when gauging compliance with 2.1.2, as it’s
the proof that the system isn’t just a pile of SOP’s and verification records. It can take
time to tease that out of a company that knows how to “pencil whip” an audit.
There are some items that will be reviewed at the desk: job descriptions, HACCP
training proof, maybe the resume of the SQF practitioner, and organization charts. But
the majority of this clause is just saying “we made you do all of this stuff…are you
actually doing it even when it’s hard?”
A leaky roof or broken floor that’s been there for 2 years of audits is evidence
that the business has not been allocating sufficient resources to maintenance.
A team that has no idea that they are supposed to be monitoring a critical
control point to keep the food safe is not one that was actually trained well.
A vacant microbiologist position combined with raw materials no longer being
tested on site is evidence that the company has not provided for coverage and
the system fails when individuals are absent.
A HACCP plan that doesn’t have a process flow for a product launched last
month is not being reviewed or updated enough to support food safety in the
plant.
Not having FSMA requirements in place is evidence that staff are not keeping up
with new regulatory requirements and implementing them.
A sanitation schedule that says “clean once a day” but records show days are
skipped when we “get busy” or too many people call in sick is evidence that the
SQF practitioner does not have sufficient authority to implement the plan.
Microbiologists were no longer using the paddle blender because they didn’t like
waiting for it to finish, signing off one procedure and doing another is evidence
of ineffective training and lack of competence for the role.
An SQF practitioner that is expected to maintain the system while also
performing all front desk, office management, freight scheduling, product
testing, production scheduling, and outside sales support; didn’t update the old
SOP’s potentially because they have not been allocated the time to do the job
properly.
During the paperwork review, as always be cautious of auditors who may dislike the
system used, not doing “what they’ve seen at other plants” does not mean it isn’t in
compliance. Always bring it back to the code and identify when a format or statement
is actually required or not.
In the plant, while inspecting the line and problems are noted, if you are already aware
of them with a plan in place to fix, sharing it demonstrates planned improvement and
resource allocation, even if occasionally an auditor with no company responsibility may
disagree with the timeline.
In a real business environment, not everything can be fixed right away. But you can
demonstrate management responsibility by providing a plan, with deadlines, and how
you will mitigate risk until the fix happens. Continuous improvement is not immediate
improvement, show what you’ve fixed so far to demonstrate your commitment, and
you will give the auditor confidence that the things they see will be fixed according to
plan as well.
2.1.2 takes management commitment and calls the bluff. It starts with creating a
system and providing resources so that the code can be upheld no matter what, and
ends with a competent practitioner that keeps it on track and makes sure the company
is never “surprised” by gaps in their system. SQF practitioners should demonstrate
command of their own system and facility, with its weaknesses already known and
highlighted for future improvements.
Author Biography:
Jan 12 2020 02:21 PM
by Simon
SQF from Scratch: 2.1 Management Commitment, 2.1.1 Food

Safety Policy
Remember, the goal is not “Audit ready 365”, it’s to know that our facility embraces
globally recognized best practices to maintain food safety. Because of this, as we dive
into each element, we must always remember the quality management system golden
rule: Never make systems to “pass audits”. Make systems that work for your
2.1 Management Commitment
Management commitment is the pre-requisite to company culture. Whether talking

about safety culture, lean culture, continuous improvement culture, anti-discriminatory
culture, ethical business culture, or food safety culture, company direction and
leadership begins with those holding the purse strings at the top.
The fact that this is our FIRST element is not a mistake, it’s an acknowledgement that
this process will have no legs if it is not supported by those in control of the business.
SQF has taken the same approach that successful safety, lean, and corporate
responsibility initiatives have, wherein you begin with missions and core values that
provide a compass for company priorities, especially when you get stuck back in the
day-to-day.
The code:
2.1 Management Commitment
2.1.1 Food Safety Policy (Mandatory)
2.1.1.1 Senior site management shall prepare and implement a policy statement that
outlines as a minimum the:
i. The site's commitment to supply safe food;
ii. Methods used to comply with its customer and regulatory requirements and
continually improve its food safety management system; and
iii. The site's commitment to establish and review food safety objectives.
2.1.1.2 The policy statement shall be:

i. Signed by senior site management;
ii. Made available in language understood by all staff;
iii. Displayed in a prominent position; and
iv. Effectively communicated to all staff
Food safety procedure is what we tend to think of when we consider GFSI certification,
a.k.a. all the stuff we should/need to get done. But each element of the code begins
with “policy”; we’re asked to define our values as a company, from which our actions
and priorities will follow.
SQF doesn’t begin the code with with any specific rule or task, but by asking us as an
organization to establish food safety as part of our company’s core values. Not just a
series of forms or tasks to be completed, but a wholistic view that when we strategize
and determine the direction our business will take, food safety is going to be just as
much a part of that discussion as finance.
Accepting and committing to food safety as a senior management value empowers

departments, teams, and individuals to also treat food safety as a priority in their work.
It shows all levels of the organization that GFSI certification isn’t just a pile of
requirements, but a representation of what leadership is going to look for when they
identify high performers and reliable employees.
You need a sort of company values/mission statement style document, you need the
top representatives at your company site to review and sign it, and it needs to be
posted and visible to your workforce.
Ideally, take some time to work with management to make something unique to your
company. Maybe it’s formed on customer issues in the past, or ties into your existing
mission statement. At the end of the day, there are some specifics that you, the SQF
practitioner, are going to want to stick in there. Our standard approach is going to be
taking the code line by line and making sure that language is represented or even
mirrored in our documentation.
Whenever SQF asks for a policy, you have two objectives. First, that the people who
are leaders supporting the policy know and embrace it. Second, that you have included
language clear enough that you can defend your policy to an auditor who may just be
using the code to “tick the box”. Below is an example policy that simply parrots the
actual code. This will work very well in an audit but is not tailored specific to any
particular company. Ideally your policy will reference your specific products and
challenges.
I. Policy
a. [Company Name] is committed to manufacturing foods that are safe and compliant
with both our customer and regulatory requirements. We will do this by:
i. Ensuring that adequate resources are available to support the continuous
improvement of our food safety management system.
ii. Establishing and reviewing food safety objectives with senior site management.
iii. Ensuring we remain informed in new regulatory updates, customer requirements, or
new technologies that support the mission of safe food.
To make this available, stick it into your SOP’s and maybe regular training. But it’s
common (therefore expected by auditors) that it’s incorporated into signage. A simple
way to do this is to build a sign in Microsoft PowerPoint (which will create a vector
image that will scale indefinitely with size and still print well), then use a local print
shop to print a laminated sign (or order a fancier sign if you prefer).
Get that somewhere visible for all staff and you’re good to go!
Auditors are going to look at the document, how it’s made available to your staff, and
whether anyone on your production floor knows what it is and where to find it. If they
talk to several new temps who say, “no idea, I was just put out on the line”, that’s
going to be a potential issue. For the most part, effective implementation and evidence
of management commitment is going to be more covered by 2.1.2 Management
Responsibility.
Typically points of contention will be when auditors disagree with the language in your
policy, that’s fine as long as you can defend it! Make sure your policy obviously covers
all the components identified in the code, and don’t worry about an auditor who wants
to go after semantics. It isn’t law if an auditor claims “you didn’t say continuously
improve” when your statement says, “our system is going to be flexible and achieve
the highest quality possible to support our customers”. OF COURSE that means you’re
going to review and improve it! Back it up with evidence that you actually do and feel
free to let the auditor grouse about how they would have written something different.
It’s not their company, their liability, its yours. And the opinion of a single audit should
not change the way your entire facility communicates its food safety values from the
top the other 364 days of the year. Modifying your mission statement based on auditor
preference violates our golden rule.
Author Biography:
Jun 29 2020 12:45 PM
by FurFarmandFork
GFSI Announce Consultation for SQF Scope Extension for Storage

and Distribution
GFSI are inviting stakeholders to comment on the thorough process that SQF, the
Benchmark Committee Leader and the Benchmark Committee Members have been
involved in over the past months.
The SQF scope extension benchmarking process consisted of:
2 desktop reviews and corresponding responses from SQF providing the required
information.
A review of the SQF response by the Benchmark Committee Members.
The extension of scope Benchmarking Application is open for a consultation until 8th
December 2014.
Download the benchmarking summary report and send any comments on

the benchmarking form to Adria Bryan at a.bryan@theconsumergoodsforum.com.
About SQF:
The SQF Code is a process and product certification standard. It is a Hazard Analysis
Critical Control Points (HACCP)-based food safety and quality management system that
utilizes the National Advisory Committee on Microbiological Criteria for Food (NACMCF)
and the CODEX Alimentarius Commission HACCP principles and guidelines, and is
intended to support industry or company branded product and to offer benefits to
suppliers and their customers. Certifications under the SQF Code retain a high degree
of acceptance in global markets.
Edition 7 of the SQF Code was redesigned in 2012 for use by all sectors of the food
industry from primary production to transport and distribution. It replaced the SQF
2000 Code edition 6 and the SQF 1000 Code edition 5.
About GFSI:
The Global Food Safety Initiative (GFSI) is a business-driven initiative for the
continuous improvement of food safety management systems to ensure confidence in
the delivery of safe food to consumers worldwide. GFSI was launched in 2000 following
a number of food safety crises when consumer confidence was at an all-time low. Its
collaborative approach to food safety brings together international food safety experts
from the entire food supply chain at technical working group and stakeholder meetings,
conferences and regional events to share knowledge and promote a harmonized
approach to managing food safety across the industry.

SQF - Tags - Site - International Food Safety and Quality Network

Uploaded by

Copyright:

Available Formats

You might also like

SQF - Tags - Site - International Food Safety and Quality Network

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SQF - Tags - Site - International Food Safety and Quality Network

Uploaded by

Copyright:

Available Formats

SQF Edition 9 Updates and Compressed Air Monitoring - what you

This sentence helps manufacturers understand what kind of minimum frequency

Because manufacturing facilities vary so dramatically in their needs, procedures,

Annual testing, at a minimum, allows manufacturers to understand their system at that

In appendix 2, users will find this definition of compressed air monitoring:

A program that includes particles, water, oil, microorganism, and gases in

WHO IS IMPACTED BY THESE CHANGES:

WHAT TO TEST FOR:

Microorganisms (Viable Particles):

HOW TO SET UP A MONITORING PLAN:

Setting up a monitoring plan is an important part of ensuring the quality of your

By Jenny Palkowitsh, Trace Analytics, LLC

SQF from Scratch: 2.3.2.6 Finished Product Labels

2.3.2 Raw and Packaging Materials

2.6.6.1.ii finished product is labeled to the customer specification and/or regulatory

What’s the point? How is this making our product safer?

What am I being asked to do?

So how are food labels typically made?

A new label process might look like:

While revision control requires extra inventory management in most circumstances,

How will this be audited?

I’ve encountered a few different approaches to auditing this requirement.

Red flags are going to be:

SQF-2.3.2 Raw and Packaging Materials

However, buy-in is going to disappear rapidly if it turns out…

2.3.2 Raw and Packaging Materials

2.3.2.5 Verification of packaging materials shall include:

i. In the absence of a certificate of conformance, certificate of analysis, or a

What’s the point? How is this making our product safer?

It could also be problematic if the next shipment of marshmallows was pink or

What am I being asked to do?

First things first, we have some familiar housekeeping.

Limits for relevant pathogens or microorganisms

Ways to keep “specifications” on hand

I know, that’s breaking our golden rule.

Certificate of Conformance: This is similar to a supplier specification, it’s typically

Or even something as simple as:

Letter of guarantee/declaration of continued guarantee of

So, for us to meet the requirement of 2.3.2.4

1. We should make sure we have either tested the material or requested

2.3.2.5 Verification of packaging materials shall include:

i. In the absence of a certificate of conformance, certificate of analysis, or a

The purchaser can either perform chemical migration testing themselves at an

To make a register of these specifications and label reference materials, check

How will this be audited?

I’ve encountered a few different approaches to auditing this requirement.

There is a specification for the material. Either

There is verification documentation of the material, either:

Test results from an on-site sampling program.

Red flags are going to be:

Outdated or unprofessional looking “specifications” from a supplier. A copy of

SQF from Scratch: 2.3.1 Product Development and Realization

2.3.1 Product Development and Realization

2.3.1.2 Product formulation, manufacturing process and the fulfillment of product

i. Handling, storage requirements including the establishment of “use by” or

What am I being asked to do?

2.3.1.2 Product formulation, manufacturing process and the fulfillment of product

i. Handling, storage requirements including the establishment of “use by” or

How will this be audited?