In reviewing and rewriting the standard, BRCGS sought to focus on a few key areas where the standard needed to be revised to take into account developments in product safety issues.
Most requirements have remained unchanged or have been slightly modified for clarification. The focus of the changes is on a few key areas, such as fraud prevention, supplier approval mechanisms, incident management and the implementation of effective corrective actions including the performance of root cause analysis. In addition, the entire standard has been adapted to the new GFSI requirements (food defense and product authenticity have been added, among other things).
ISSUE 2 of the standard introduced an additional voluntary module on FSMA. This module has been revised and updated for ISSUE 3. The module is voluntary; however, when the company applies for certification for the module, all relevant requirements from the standard (sections 1-5) must be met, in addition to all requirements listed in the module.
Below is a brief overview of important changes in the standard requirements between versions 2 and 3.
EA new clause has been added (1.1.2) related to product safety culture
The word “documented” is not included in every clause of the standard; however, locations are
must have documented policies, procedures, assessments, records, etc.
There is a supplement when documents are stored in electronic form.
Internal audits
There has been a change in the requirements for an effective internal audit program to clarify that it is a vital tool for product safety management and enforcement. Internal audits must contain evidence of both conformity and non-conformity and preventive measures are added to the requirement.
Traceability
As there are specific legal requirements with regard to traceability in some countries, this has been added to the standard.
Corrective and preventive actions
Root cause analysis and preventive action are important aspects of incident management and have been added. There should be a plan to conduct root cause analysis and continuous improvement to prevent recurrence, and the timing of key activities should be recorded.
The method of communication with the CB in the event of an incident has changed.
It has been added that the risk analysis must be up-to-date and it has been indicated when it must be updated.
Supplements to the Supplier Ratings and Supplier Survey are in place to ensure compliance with GFSI (addition of a food defense and product authenticity plan)
The term ‘providers of services’ has been changed to ‘service providers’.
All staff require training relevant to their role. The venue is responsible for determining the types and content appropriate for each role. Therefore, at 5.1.1. ‘relevant’ has been removed. Authenticity and legality has been added to the competences of employees to meet the scope of the standard (GFSI).