Do the changes in BRC 8 bring increased focus on traceability, risk management and cyber security?
Traceability, recall and risk
Hardly a day goes by without another recall or food scare, today it’s farmed liquid egg white, yesterday it was scotch eggs and kebab rolls. In fact, in USDA market research they declare that there is some recall every 3 days. Traceability is still one of the biggest reasons for implementation of software solutions into the food and beverage industry, and it’s easy to see why—the costs and penalties can be catastrophic for a business.
No matter which area of the food or beverage processing industry you are involved in, the importance of traceability has never been greater, not just because of recent high-profile scares, but because of the requirements put in place by retailers—after all it is their name, not yours, that gets plastered across the media when a food scare occurs.
When it happens, speed is of the essence. If you cannot give complete confidence in the accuracy and granularity of your traceability, all your product will be removed from the shelves, at your cost, not to mention that you may be excluded from the next range review and a fine will certainly be imposed. More importantly the longer it takes to identify affected batches the greater the risk to the public and the more widescale the recall.
What does the legislation say?
We all assume that the legislation will be on the side of safety but is that true? For example, the EU Regulation 178/2002 lays down the general principles and requirements of food law, and requires every food and feed business in Europe to have a traceability and recall system in place and states:
“All food and feed businesses must be able to identify where their raw materials (e.g. ingredients and packaging) come from and where their products are going or have gone to, i.e. they must be able to identify one step back and one step forward in the food chain.”
What’s missing from this requirement is the TIME dimension. The British Retail Consortium (BRC) in its audit requirements states that “Traceability should be achievable within 4 hours.” Why is the word ‘should’ in there? In my mind with modern technology and sophisticated ERP solutions available to manufacturers, traceability can be achieved in less than 5 minutes—in fact recall information should be obtainable at the press of a button—but it often takes days for the recall to be enforced. One could understand the missing time dimension if there was no risk to human health but there is and the new BRC standard includes changes that only go to reinforce that the risk is real.
whats changed in bRC 8
The BRC standard is standard in over 20,000 sites in more than 135 different countries and is often seen as a standard for any food company. The latest version 8 released in August 2018 will be used for audits from February 2019, and it comes with some new clauses.
In terms of traceability and timeliness nothing has really changed except for a higher focus on food safety with the addition of new clauses:
- Food Defence and the potential for deliberate malicious contamination from both internal and external sources will now need to be risk assessed, which is aligning itself with TACCP – Threat Assessment Critical Control Point and VACCP – Vulnerability Assessment and Critical Control Point
- A new section Environmental Monitoring has been introduced that requires risk-based assessment programs to be in place for pathogens or spoilage organisms in all production areas with ready to eat products.
- There is also the addition of a Cyber Security paragraph, maybe there are concerns over the hacking of a pork pie recipe?
But in all seriousness the introduction of these new audit requirements are looking at more stringent controls for processes, personnel and data and in my opinion have their roots in de-risking bio-terrorism in the food supply chain, or am I just being paranoid?
The changes to BRC reinforce the necessity to mitigate against risk in food manufacture. The rules, the processes, the programmes and the audits are there to prevent risk to human life from food contamination. However, I can find no definitive legislation anywhere that says you must be able to inform of a recall within a minimum time. That TIME is critical and, in my opinion, should be in minutes not days. It is the real life recalls where the risk really is, and technology is not a barrier to achieving the recall information in minutes so why is it not legislated for? Add to that the ability to connect systems and join this data to the products I have purchased recently from a retailer we will all be safer as our mobile phones buzz and ping the alerts to us instantaneously.
You can read more on traceability and leveraging data insight in process manufacturing in our eBook
If you enjoyed this blog then please look out for others in IFSBlogs
I welcome comments on this or any other topic concerning process manufacturing.
Connect, discuss, and explore using any of the following means:
- Twitter: @ElkinsColin
- Email: firstname.lastname@example.org
- Blog: http://blog.ifs.com/author/colin-elkins
- LinkedIn: https://www.linkedin.com/in/colinelkins
Do you have questions or comments?
We’d love to hear them so please leave us a message below.