In reviewing and rewriting the standard, BRCGS sought to focus on a few key areas where the standard needed to be revised to take into account developments in product safety issues.

Most requirements have remained unchanged or have been slightly modified for clarification. The focus of the changes is on a few key areas, such as fraud prevention, supplier approval mechanisms, incident management and the implementation of effective corrective actions including the performance of root cause analysis. In addition, the entire standard has been adapted to the new GFSI requirements (food defense and product authenticity have been added, among other things).

FSMA

ISSUE 2 of the standard introduced an additional voluntary module on FSMA. This module has been revised and updated for ISSUE 3. The module is voluntary; however, when the company applies for certification for the module, all relevant requirements from the standard (sections 1-5) must be met, in addition to all requirements listed in the module.

WChanges to the audit protocol are

• that there is now an option for a mixed announced audit. This announced audit allows the CB to consider which requirements of the standard can be audited using ICT to perform a remote assessment.
• that it is now possible to apply some limited exclusions from the scope of the standard.
• that audits of additional office locations have been revised and simplified.
• that there is a protocol for remote audits..

Changes in standard requirements between versions 2 and 3

Below is a brief overview of important changes in the standard requirements between versions 2 and 3.

Chapter 1 Involvement of the management

EA new clause has been added (1.1.2) related to product safety culture

Chapter 3 Product Safety and Quality Management System

The word “documented” is not included in every clause of the standard; however, locations are
must have documented policies, procedures, assessments, records, etc.
There is a supplement when documents are stored in electronic form.

Internal audits
There has been a change in the requirements for an effective internal audit program to clarify that it is a vital tool for product safety management and enforcement. Internal audits must contain evidence of both conformity and non-conformity and preventive measures are added to the requirement.

Traceability
As there are specific legal requirements with regard to traceability in some countries, this has been added to the standard.

Corrective and preventive actions
Root cause analysis and preventive action are important aspects of incident management and have been added. There should be a plan to conduct root cause analysis and continuous improvement to prevent recurrence, and the timing of key activities should be recorded.
The method of communication with the CB in the event of an incident has changed.

Chapter 4 Management of suppliers and outsourced services

It has been added that the risk analysis must be up-to-date and it has been indicated when it must be updated.
Supplements to the Supplier Ratings and Supplier Survey are in place to ensure compliance with GFSI (addition of a food defense and product authenticity plan)
The term ‘providers of services’ has been changed to ‘service providers’.

Chapter 5 Personnel

All staff require training relevant to their role. The venue is responsible for determining the types and content appropriate for each role. Therefore, at 5.1.1. ‘relevant’ has been removed. Authenticity and legality has been added to the competences of employees to meet the scope of the standard (GFSI).