GFSI is requiring Scheme owners to comply with their requirements like additional new audit items, but also to ‘audit’ all elements during every audit. This appears in contradiction with the methodology of MS certification as determined for QMS and EMS through IAF MD5 or FSMS through ISO/TS 22003, which applies the audit time reduction for surveillance and recertification audits (of 2/3 and 1/3 of the initial time respectively). Yet AB’s are giving with their accreditation logo’s the impression that auditing all elements is equally effective as covering them during the whole cycle. The clearest example is comparison of ISO22000 versus FSSC22000.
The question is:
- How do we interpret that GFSI based schemes have to ‘audit’ all criteria whereas the methodology of MS certification applies the assessment of all criteria over the certification cycle which therefore allows to give a reduction for surveillance and recertification audits.
- To enable the same amount of confidence to these different types of certification audits, should we require that these schemes apply a different time allocation scheme as well (i.e. above ISO/TS 22003)?
September 2016
GFSI Guidance Document – Version 6.4 / November 2015 – Part II § 3.5.1 states :
“The scheme owner shall have a clearly defined and documented audit frequency programme, which
shall ensure a minimum audit frequency of one audit per year of an organisation’s facility and has the scope
to assess all elements of the scheme’s standard.”
General understanding of the clause and the sentence is that the requirements of assessing all elements lies with the audit programme and not with the annual audit (which is in the sentence the first requirement put on the audit programme). There are no contradiction between GFSI requirements and ISO/IEC 17021-1 ISO/TS 22003 and related IAF MD documents.