Regulatory Compliance and 3rd party audits – What is the difference?

In today’s food manufacturing 3rd party audits are “a must” for companies that want to expand and grow their business. Certification audits including GFSI not only assure you have a robust food safety system but also became a marketing tool to bid for more business especially with big retailers.

On the other side we have the US food safety legislation that sets requirements for most of the food facilities. Currently there are two major food safety regulations (HACCP and FSMA) plus several smaller regulations pertaining to certain food sector categories, i.e., Dietary Supplement Regulation, Acidified Foods, or Low Acid Canned Foods regulation.

HACCP regulations in the US have been around for more than 2 decades but were limited to a few food sector categories. These categories were determined to be high risk and therefore regulated. FDA covered seafood and juice products and USDA regulated Meat, Poultry and Processed Eggs.

Introduction of Food Safety Modernization Act back in 2011 and release of the first rules under that law in 2015 changed food safety regulatory system in the US. With FSMA all businesses that manufacture, process, handle, store, or pack must have a Food Safety Plan with preventive controls (unless exempt).

Regulatory requirements may be limited to Food Safety / HACCP Plans and compliance to cGMP regulation and not necessarily require written pre-requisite programs. According to Preventive Controls regulation for example written Programs are optional and regulation requires businesses to focus on preventive controls. HACCP regulation does require some procedures / written programs to support hazard analysis and HACCP Plans.

Third party audits tend to be more complex and require a lot more of written documents. Global Food Safety Initiative (GFSI) audits require a food safety system that contains not only HACCP Food Safety Plan as a major component but also a long list of written Pre-Requisite Programs and GMPs, records for compliance to Programs and GMP requirements, verification, and validation activities to several elements of the food safety system (not only HACCP) and extensive internal auditing program.

Audit codes detail specific elements that must be included in pre-requisite programs and HACCP Food Safety Plans where regulations are more generic. At the other hand, regulations may require different approach in food safety than 3rd party audits. Being compliant to one standard doesn’t automatically mean you follow every other one.

With introduction of Preventive Controls for Human Food regulation as a Food Safety / HACCP Instructor I was told by course participants on several occasions that they comply with PC rule simply by having a GFSI system implemented at their facilities. The reality turned out to be different and soon they found out that PC rule with preventive controls requirements was slightly varied from their SQF or BRC audit documents.

Today, most 3rd party audit codes were revised to require compliance with local food safety legislation in addition to standard audit code requirements and CODEX HACCP guidelines.

In conclusion, 3rd party audit standards may vary from what is required by law. As a food business, very often you may be required to comply with multiple standards. Our team is always ready to assist with FDA or USDA food safety regulatory or GFSI audit requirements. Contact us at [email protected]