BRCGS Blended Audit: Remote Audits, but not quite

Food Safety, Packaging, Storage & Distribution, Consumer Products and Agents & Brokers - all these BRCGS standards can be partially audited remotely as of August 1. BRCGS' so-called blended audit consists of a remote audit followed by an on-site audit. It applies only to recertification procedures and announced audits and is based on a positive risk assessment.

The risk assessment

The risk assessment is based on a questionnaire that identifies, among other things, the historical performance of the site and the availability of documentation and records. The certification body is responsible for assessing the risk assessment. It decides whether a site can achieve the audit objectives with the help of a remote audit.

How is a blended audit conducted?

The blended audit is carried out with the help of information and communication technology. There are no precise regulations regarding the means of communication. To minimize risks related to data security, DQS auditors ideally work with the tools that the respective clients are already familiar with.

What is audited?

What is audited remotely during the blended audit and what is scrutinized on-site can be identified in almost all BRCGS standards by the color coding. This can usually be found to the left of each requirement.

Remote audits review documentation, records and systems. On-site audits look at good manufacturing practices, implementation of food safety management systems, and traceability (traceability test).

Audit duration

Whether a site is audited remotely or completely on-site does not affect audit duration. If a site chooses the blended audit, the total audit duration is exactly the same as the audit duration of a traditional audit. How the time is split between the remote portion and the on-site portion depends on the risk assessment. What is certain, however, is that at least half of the audit duration must be spent on-site.

Confidentiality, security and data protection

Protecting sensitive information is a very high priority for remote audits. Certification bodies must take local data protection laws into account. To prepare for the use of information and communications technology, all certification, client, and legal requirements related to confidentiality, security, and privacy must be defined and measures taken to ensure their effective implementation. All participants must demonstrably agree to the confidentiality, security, and privacy requirements.

BRCGS Remote Audits

Certification during pandemics and severe restrictions.

If your BRCGS certificate or certificate renewal is about to expire or has already expired during 2020, but travel or access restrictions still do not allow a regular audit, we have important news for you: since September 7, affected companies can also conduct BRCGS audits completely remotely. This is made possible by the document BRCGS086 - Remote Certification During Pandemic and Serious Event Restriction. You can view it here.

The new regulation applies to BRCGS Food Safety (including START! Audits), Packaging, Storage & Distribution, Consumer Product  and the Gluten Free Certification Program. The Remote Certification Program is valid through at least April 2021, and the option is available to all currently BRCGS certified sites and sites whose certificate has expired in 2020. Sites that are not currently BRCGS certified may also be approved for a remote audit after individual review. Please note that the remote audit option is not recognized by GFSI.

Four steps to BRCGS Remote Audit

BRCGS remote certification is completed in four steps:

  1. During the feasibility assessment, the site submits information needed to plan the audit. In addition to the requirements in the standard protocol, this includes questions about, among other things, the site's historical performance, recalls in the last 12 months, and any changes to processes or outsourced services due to the COVID-19 pandemic.
  2. Once this information is available, the remote audit can be scheduled. To do this, the information and communication technology must be defined and tested - ideally at a test meeting. If problems are encountered during this process, the audit cannot be performed remotely. In the event that the technology fails during the audit, the remote audit can be rescheduled within 28 days of the first remote audit day. All audits will be announced and will ideally occur on the normal audit schedule. However, audits that occur later are not sanctioned.
  3. The third step is to conduct the audit. The audit must have a live visual feed that is portable and can be used throughout the site.
  4. Deviations are handled as in a normal audit. Evidence of Corrective Action, Root Cause Analysis and Preventive Action Plan must be received by the certification body within 28 days of the remote audit. The audit certificate is valid for 6 or 12 months. The next BRCGS audit will be scheduled in the normal audit cycle.
Dr. Thijs Willaert

Dr. Thijs Willaert is Head of Marketing & Communications for the Sustainability and Food Safety segments. He is also an auditor for the external audit of sustainability reports. His areas of interest include sustainability management, sustainable procurement, and the digitalization of the audit landscape.