Private Certification Policy (Food Safety)

Background

Private certification schemes are voluntary systems that set process and product requirements as well as the means of demonstrating conformity with these requirements. Companies implement private certification schemes to manage risk, facilitate effective management of products along the supply chain and differentiate products.^Footnote 1 In recognition of the importance of public endorsement by regulatory bodies, some private certification schemes have been developed with government support and regulatory oversight.

Private certification schemes are a prominent part of the world food supply system and are increasingly being used by industry as a means of achieving food safety and other outcomes. Demand for food safety private certification schemes comes from both the food industry and consumers.

There is a wide range of private certification schemes and many suppliers are facing requirements for multiple audits and certifications. As a result, international efforts are underway to harmonize private certification scheme requirements in order to help reduce costs and improve predictability in market requirements. With respect to food safety, there are global benchmarking initiatives such as the Global Food Safety Initiative (GFSI) and the International Federation of Organic Agriculture Movements (IFOAM) that provide a platform for collaboration between some of the world's leading food safety experts from industry, international organizations, academia and government on global benchmarking of private certification schemes.

The Canadian Food Inspection Agency (CFIA) is transforming how it delivers its food safety programs and activities to better meet the needs of today's consumer and industry. The CFIA recognizes that private certification schemes may play an important role in helping industry achieve food safety regulatory objectives, provided they can be assessed as being effective, credible and aligned with public policy objectives.

Private certification has been identified as one of several factors that CFIA will consider in its modernized approach to risk-based oversight. While the CFIA has always incorporated risk into its approach to food safety oversight, a modernized approach will enable improved risk-management by using private certification data to inform CFIA risk-based planning and prioritization within the regulatory framework, and as a resulting consequence, more targeted compliance verification.

Private certification is not intended to replace regulatory enforcement authorities; however, it may complement food safety regulatory oversight. The CFIA will continue to verify compliance of regulated parties; the type, frequency, and intensity of the CFIA's oversight activities will be proportional to the risks that need to be managed.

Changing Global Economy

The ways in which food, animals and plants are produced and marketed have changed dramatically. The complexity of the production and distribution landscape has increased, driven by changes in methods of production and processing and increases in international trade.^Footnote 2 As a result, the challenges of carrying out regulatory oversight are multiplying. Given the growing importance and prevalence of private certification systems, it is important and timely to understand the challenges and opportunities that they present to the CFIA.

Fixed Resource Base

Compounding the inherent complexities associated with a changing global economy, the CFIA is mandated to manage multiple demands and risks (e.g., safety, consumer protection, market access) across multiple sectors (i.e., food, plant, animal). Given that it operates within a fixed resource base, the Agency must optimize its resources by investing in priority areas (e.g. highest risk) and in areas that produce the most significant return (e.g. reduced risk) on investment of effort/resources.

Risk-Based Approach

With pressures from increased globalization and advances in science and technology, the CFIA is modernizing its approach to inspection to maintain a robust approach to human, animal and plant health and consumer protection. The move towards a more preventative and systems-based approach under the Integrated Agency Inspection Model (IAIM) enables both the CFIA and regulated parties to more readily adapt to emerging risks and global and scientific trends.

Furthermore, the CFIA is developing a systematic, transparent and documented method of comparing risks within and across its business lines in order to align strategies, priorities and resources accordingly. This will be accomplished through the development of the CFIA Integrated Risk Management (IRM) Framework.

Expanding Authorities in Food

Currently, the CFIA can license register establishments for activities that relate to some food commodities The new Safe Food for Canadians Act includes provisions that will enable the CFIA to use licensing and registration for all food commodities. In particular, the current non-federally registered sector is a large and diverse food sector that has not previously been subject to CFIA registration or licensing requirements. With an estimated 50,000 regulated parties, many of whom were previously unknown to the Agency, this sector alone represents a significant increase to the number of establishments for which the Agency must consider in its risk-based oversight. It is anticipated that many of these establishments will have implemented a type of private certification scheme. Certification to a private scheme that has been assessed as meeting some or all regulatory requirements will be extremely useful information in assessing risk and determining appropriate regulatory response and oversight for all food commodities.

Existing Agency Initiatives

There are several existing Agency initiatives that have informed the development and implementation of successful programming in support of this policy such as the Food Safety Recognition Program (FSRP), the CFIA use of the Animal Nutrition Association of Canada Feed Assure program, the Canada Organic Regime and Seed Certification System. The FSRP will be particularly instrumental to the development of programming in support of this policy.

The FSRP process involves an evaluation of the technical soundness and administrative effectiveness of food safety systems developed and implemented by Canada's national (or equivalent) industry organizations. National food industry organizations from the on-farm or post-farm non-federally registered sectors can voluntarily submit their food safety systems to the CFIA FSRP team.

To date, the CFIA has not taken the investments companies have made in the FSRP into consideration in its risk-based oversight approach. The CFIA Private Certification Policy (Food Safety) will be a bridge between the FSRP and the CFIA risk-based oversight.

Policy Statement

In determining the level of risk associated with a regulated party or their establishment, the CFIA may assess the requirements of a private certification scheme used by the regulated party against food safety regulatory requirements and factor the assessment results into its risk-based planning and prioritization.

It should be noted that there is no requirement by virtue of this policy for a regulated party to become certified to any private certification scheme nor does this negate regulatory oversight.

Objectives

1. Support an understanding of voluntary, industry-adapted private certification schemes, and the role such private certification schemes may play in achieving compliance with CFIA food safety regulatory requirements;
2. Provide direction on how industry's investment in an appropriate private certification schemes will be considered within the CFIA risk-based regulatory framework; and
3. Provide a foundation to inform future discussions on broader consideration of private certification schemes within the CFIA regulatory framework.

This policy aligns with the direction and requirements provided in the CFIA Program Policy Management Framework for the management of CFIA program policies.

Definitions

Accreditation

A process by which an authoritative body gives formal recognition of the competence of a certification body to provide certification services.

Accreditation Body

An organization having the jurisdiction to formally recognize the competence of a certification body in providing certification services.

Audit

A systematic and functionally independent examination to determine whether activities and related results comply with a conforming scheme, whereby all the elements of this scheme should be covered by reviewing the supplier's manual and related procedures, together with an evaluation of the production facilities.

Auditor

A person qualified to carry out audits for or on behalf of a certification body.

Benchmark

A process by which food safety schemes are compared to determine equivalence.

Certification

A process by which accredited bodies, based on an audit, provide written assurance that requirements, management systems and their implementation conform to requirements.

Certification Body

A provider of certification services, accredited to do so by an accreditation body.

Hazard Analysis and Critical Control Point (HACCP)

A system which identifies, evaluates, controls and monitors hazards relating to food safety and specified by Codex Alimentarius.

Scheme

A term used to define a commercial program that includes an auditable and certifiable standard and a governance and management system.

Scope

As private certification has a much wider market penetration in food safety, and that the CFIA food safety program is more advanced in its modernization efforts, while initially this policy will apply to program design and delivery of CFIA's risk-based oversight of domestic and imported food, as it relates to food safety, the CFIA is committed to expanding the scope to other aspects (e.g. labelling) and the plant and animal health programs as applicable.

The CFIA will continue to explore other approaches to leveraging industry's use of private certification schemes in support of public policy objectives.

Authorities

This policy is applicable to food safety responsibilities of the Agency, as per Section 11 of the CFIA Act.

Guiding Principles

Creates Value

Value is created for the Agency and regulated parties through improved decision-making, and efficiencies gained by taking known, reliable information relevant to compliance into consideration in risk-based regulatory oversight.

No Intent to Replace Regulatory Oversight

CFIA remains responsible for verifying compliance with regulatory requirements. There is no intent to replace or outsource regulatory oversight or inspection work.

Risk-Based

CFIA uses the best available science, information and assessment of risks in determining regulatory response. Private certification schemes will be considered as one of several factors in CFIA's risk assessment; certification to a private certification scheme that meets most or all regulatory requirements should positively impact the risk profile of a regulated party.

Based on Best Available Information

Assessments of private certification scheme requirements will be performed on the best available information and documented; assessments and decision-making should be supported by information management / information technology (IM/IT) solutions that will facilitate planning, reporting and decision making.

International Alignment

Assessments and application of the policy will be aligned with the international standards developed by Codex Alimentarius.

Voluntary Industry Investment

Industry is responsible for its products and processes and to demonstrate ongoing compliance with legislative requirements. Private company decisions taken to achieve certification to a private certification scheme are business decisions and not a regulatory requirement or recommendation.

Avoids Trade Barriers

The policy is designed to inform CFIA risk-based decision making. It is non-prejudicial to products whether imported or domestic in origin.

Transparency

The CFIA is committed to being transparent and proactively providing the public with useful information relevant to this policy. For instance, the assessment process and criteria will be published on the CFIA web site.

Requirements

Assessment Process

1. The private certification scheme will be assessed in its entirety to determine to what level federal legislated food safety requirements are met.

2. An assessment process will be developed and that same process will be used to assess all private certification schemes against current regulatory requirements.

3. The assessment process and criteria will be published on the CFIA web site.

4. The assessment process will demonstrate that certification schemes may partially - or fully, meet some - or all, CFIA regulatory requirements.

5. Assessment outcomes will not be made public. CFIA may communicate the assessment outcomes to implicated stakeholders as necessary, for instance, proprietors who submit their private certification schemes for assessment.

6. Assessment outcomes will inform CFIA's risk-based planning and prioritization.

7. Assessment outcomes will not constitute any formal approval, recognition or endorsement of the private certification schemes by the CFIA.

Scheme Selection

8. Criteria will be established in support of CFIA selection of private food safety certification schemes for assessment.

9. Proprietors of private certification schemes may voluntarily submit their schemes for assessment.

10. Assessments will be conducted on a first come first served basis for voluntary submissions of private certification schemes to the CFIA.

11. In keeping with the CFIA's user fee policy and framework, the possibility of cost-recovery for private certification scheme assessment will be explored.

Confidence in the Certification

12. In addition to CFIA's need for confidence in the process to assess how food safety certification schemes align with CFIA regulatory requirements, it will equally need confidence in the certification result. Consideration will be given to four different categories of food safety certification schemes to accommodate the complexity and size of businesses.

Category 1 - CFIA-Assessed Programs:

Any organization/establishment that has completed evaluation by the CFIA for FSRP is considered to meet CFIA food safety regulatory requirements. No further assessment is required. CFIA will consider certifications to FSRP within its risk-based assessment continuum.

Category 2 - International Private Certification Schemes (GFSI-Recognized Schemes and ISO Food Safety Standards); and Category 3 - Schemes Certified to HACCP:

Certification to a GFSI-recognized food safety scheme, an ISO food safety standard and HACCP are certifications achieved without regulatory oversight. The CFIA has analyzed the oversight or governance structure that exists within industry for the majority of such schemes and has concluded that the accredited certification oversight structure (see Annex 1 for details) provides the Agency with the confidence it needs to consider certification results from a GFSI-recognized food safety scheme, an ISO food safety standard and HACCP certification within the Agency's risk-based assessment continuum.

The CFIA will consider GFSI-recognition, certification to a relevant food safety ISO standard and HACCP certification within its risk-based assessment continuum if the certification has been achieved under an accredited certification oversight structure described in Annex 1.

Category 4: Other Private Certification Schemes:

Where the oversight requirements for a private certification scheme do not fit one of the categories identified above, CFIA will undertake an assessment of the oversight structure that is in place to establish whether the Agency has confidence in the oversight structure, and by extension, the certification result.

Information Sharing / Feedback Loop

13. The establishment must successfully achieve and maintain certification to the private certification scheme.

14. A mechanism to enable continued information sharing between certification bodies and CFIA to update certification data will be developed.

Roles and Responsibilities

The Vice-President of Policy and Programs Branch is responsible for:

1. the development of the programming associated with regulatory oversight for food safety;
2. ensuring that this policy is implemented consistently, and senior managers make arrangements within their areas of responsibility to comply with this policy; and
3. reviewing and maintaining this policy.

Monitoring and Reporting

The policy governing the use of private certification will be reviewed to evaluate its implementation, its success in achieving the stated objectives and whether it needs to be updated. The review will be conducted periodically on an as-needed basis, or at least once every five years.

Inquiries

For interpretation, clarification or inquiries regarding this policy please contact: Director, Food Program Integration Division, Food Safety and Consumer Protection Directorate, Policy and Programs Branch, Canadian Food Inspection Agency.

Effective Date

This policy comes into effect on September 3, 2015.

Approval

The Private Certification Policy (Food Safety) has been approved by the CFIA Program Management Committee.

Signature

Date

Annex 1 - Accredited Certification Framework

Background

In recent years third party food safety audits have come under critical scrutiny from the mainstream media. Accredited certification does not deliver a guarantee of food safety nor prevent food safety incidents; it provides a proven framework of checks and balances that significantly improves the rigour of the audit process and reduces the risk of food safety failures.

Food businesses should not rely solely on third party audits to provide evidence of their food safety compliance. However, accredited third-party certification audits, if used correctly, are worthwhile tools for any food business seeking to implement and maintain behaviours and practices within their facilities.

Cutting through the Jargon

Accredited certification is not new and is not unique to the food industry. The accredited certification system offers credibility, rigour and consistency.

The Accredited Certification framework is a tried and tested process that applies credibility and robustness to third party food certification audits. It is a process by which Accreditation Bodies (ABs), who are themselves subject to peer review, test the competence of Certification Body (CB) involved in food safety certification, which in turn hire and provide oversight of auditors who audit and certify food businesses.

To begin with, a food business applies to a scheme for certification and then selects a CB to audit and certify the selected standard.

CBs, based on conformity assessments (or audits), provide written assurance that an audited food business has identified all potential food safety hazards, implemented effective controls, continues to validate and verify these controls, and has a management system in place that conforms to the requirements of the scheme's standard.

The CB must also have systems in place to ensure the capability of all management, technical, and administrative personnel, and in particular the competence of auditors involved in the certification process. Auditors must be competent in food safety management as applied to the industry sector(s) they are auditing, and the requirements of the specific scheme.

ABs, in turn, assess the CBs against one of two ISO standards: ISO/IEC Guide 65 or ISO/IEC 17021, supplemented by ISO/TS 22003. ISO Standards Accreditation is "a process by which an authoritative body gives formal recognition of the competence of a certification body to provide certification services against an international standard." Accreditation activities are conducted by ABs, which are not-for-profit organisations, either government owned or under agreement with government, charged with ensuring that participating CB in the country are subject to oversight by an authoritative body. The Standards Council of Canada is a Canadian AB that leads and facilitates the development and use of accreditation services. ABs may not be high profile in each country, but play a key role in the accredited certification process and ensuring international consistency in conformity assessment.

The International Accreditation Forum

Even ABs are not immune from further scrutiny. Sitting over the top of the accredited certification framework is the International Accreditation Forum (IAF). The IAF is the world association of conformity assessment ABs. Its primary function is to develop a single worldwide program of conformity assessment which reduces risk for business and its customers by assuring them that accredited certificates may be relied upon. The mechanism by which IAF implements its objective is the IAF Multilateral Recognition Arrangement (MLA).

To put it simply, the IAF helps to ensure that all ABs are following the rules of accreditation and applying the standards to affirm consistent delivery of the certification schemes. This is achieved by peer evaluation to ISO/IEC 17011: 2004–General Requirements for Accreditation Bodies Accrediting Conformity Assessment Bodies.

The Food Certification Process

The food business generally does not need to have any contact with IAF or the Accreditation Bodies, but does need to know that there is a robust accredited certification framework behind the scheme, that helps to protect the interests of the food business and the scheme owner.

For the most part, the only points of contact for the food business are the scheme owner and the CB. The points to consider are:

1. Select the Right Scheme:
   The first step in the certification process is selecting the scheme with a standard that best fits with the products and processes of the business, and helps meet customer requirements. This may be requested by a retailer, food service business, or manufacturing customer, or maybe to confirm the business's internal food safety protocols and controls.
2. Select a CB:
   Each of the scheme owners maintains a list of accredited CBs that are licensed to certify to their standard. The ABs also maintain a list of accredited CBs. When selecting a certification body, it is important for food businesses to consider a number of aspects including availability of qualified auditors, regional presence, seasonality, scheduling, audit duration, and overall costs.
3. Apply for Certification:
   The certification process is essentially the same, irrespective of the scheme or CB selected The process officially starts with completion of CBs application documents which allow the certification body to fully understand the scope of a facility's operations and the products to be covered by certification. It also becomes the basis of the contract between the CB and supplier, and is critical for calculating audit duration and proper assignment of an auditor with expertise in the appropriate food sector category(s).
4. Scheduling:
   The CB contacts the facility to schedule a mutually acceptable date for the certification audit. Most GFSI benchmarked schemes specify time limits within which certification and re-certification audits must occur to maintain certification. However, within these limits, the audit must be scheduled on a date that suits both the facility and the auditor, and within a peak production period.
5. Certification Audits:
   All food safety standards require an on-site third-party certification audit. Some schemes also require a document review prior to the certification audit. The role of the audit is to determine how well a facility identifies and implements food safety controls and complies with the requirements of the applicable standard. Certification audits are always non-consultative, which means that the auditor is not permitted to instruct or advise the facility on how to meet requirements of the schemes. The auditor reviews HACCP plans, procedures, policies, physical conditions, and records and observes the implementation of food safety plans within the facility Any non-conformances observed during the audit are documented in the audit report. At the conclusion of the audit, the facility is informed of all observed non-conformances.
6. Closure of Non-Conformances:
   To achieve certification the food business is required to take actions necessary to sufficiently correct any non-conformances noted during the audit, and to prevent their recurrence. Each certification schemes has unique time-line requirements for non-conformance closure. The CB reviews the evidence submitted and accepts the corrective actions if they are sufficient to resolve the noted non-conformance. If the submitted corrective actions do not sufficiently resolve the non-conformance, the CB rejects them, and the food business is required to re-submit within a specific timeframe.

   In some cases or as prescribed by the scheme, the CB can undertake a further site visit to verify closure of non-conformances. A certificate can only be issued when non-conformances have been appropriately addressed.

7. Certification Decision and Issuance:
   The auditor does not make the decision on certification. An individual within the CB, independent of the original site audit, makes the final determination on certifications based on a review of the audit report and evidence of close-out of non-conformances. Only after a successful certification decision can a certificate be issued.
8. Annual Recertification:
   Each year a certified food business is required to undertake a recertification audit to maintain certification. The rules around the timing of this may vary based on a scheme's rules and procedures, but typically the recertification audit will take place very close to the anniversary date of their initial certification audit. Just as in initial certification audits, the facility must address non-conformances prior to being issued a certificate.
9. Appeals:
   A third party audit is a process of obtaining objective evidence of conformance or non-conformance to a specified standard. The auditor obtains objective evidence by observation, interview, and review of documented procedures and records. However there are occasions where food businesses do not accept the outcomes of the audit, feel the auditor was not objective, was superficial, or did not adequately understand the process or technology.

   Most CBs have a complaints and appeals process in place to deal with such occasions. Where a food business justifiably feels that the CB or its representative (i.e. the auditor) have not fulfilled their side of the agreement, the food business must first report it to the CB and work through their complaints and appeals process.

   If it cannot be satisfactorily resolved at that level, it is then escalated to the scheme owner's complaints and appeals process. There are "checks and balances" procedures defined in the accreditation and certification framework Global Food Safety Initiative that addresses situations where there is misconduct on behalf of an auditor or CB.

References

Global Food Safety Initiative http://www.mygfsi.com.