Top 7 Reasons for BRC Audit Non-Conformities

Posted by Chelsey Davis on October 28, 2015 at 11:50 AM

Top 7 Reasons for BRC Audit Non-ConformitiesThe 7th issue of the BRC Global Standard for Food Safety began audits July 1, 2015, and with the few months that have passed, we now have information and results coming back to help paint a picture of the readiness of sites for not only Issue 7 changes, but also for some of the recurring non-conformities overall.

In our on-demand webinar (The Impact of BRC Food 7: Most Common Non-Conformities) with John Kukoly, Director for BRC Americas, he discusses in detail the top reasons BRC has observed for audit failure and how companies should prepare for successful continuation of certification.

Once an audit happens, the site has a number of days to close their non-conformities, and once closed, these get verified by the certification body and uploaded to the BRC directory. BRC can then start to run the numbers and reports to truly get an understanding of what organizations are having trouble with when it comes to passing their audits.

Common Non-Conformities for BRC Audits

Common non-conformities

Supplier Approval

Of course, all companies will need to have a documented supplier approval program, which needs to include the raw materials (including packaging) that go into your product.

Supplier Approval

If you have a low risk supplier, you can utilize a questionnaire. For ingredient or packaging suppliers that have been identified as not low risk—there are identified risks with a particular supplier or material—BRC expects you to have them undergo certification or some form of supplier evaluation (2nd party, 3rd party, etc.) but with a focus on food safety and traceability.

Some of the common issues that come up in this section include:

  • Purchasing stepping away from or not being intimately involved in the process. To have a solid supplier approval program, you need to include production because they need the ingredient, purchasing because they buy it, and QA because you’re the ones who help explain the rules to the group. If you don’t have these in place, this portion of the audit can be challenging, and can especially hinder the process when looking for new suppliers.
  • Companies have great programs in place, but neglect to catch all inventory or raw ingredients that come in via a different route, have been forgotten about, or just aren’t used very often. In other words, the program is strong, but has a few leaks.
  • Some companies have a lack of understanding throughout senior management and the organization on what the real risks are in using less qualified suppliers based on costs.


  • Partner with purchasing and operations to implement your program
  • Compare program with actual inventory and usage
  • Understand risks in using less qualified suppliers based on cost

Vulnerability Assessment 5.4.1

The vulnerability assessment relates to food fraud. BRC’s expectations are that the site has the information available to understand what is meant by food fraud. In other words, the company needs to be educating themselves—understanding the types of risks affecting your industry, and knowing where to get information on these potential risks.

For example, if you’re a baking company and you’re purchasing candied orange peel, you need to know what potential fraud risks may be involved with that ingredient. You need to know where to go to get this information, whether it be your own trade association, other industry associations, or even sites like

Vulnerability assessment

So while people have a general understanding of food fraud, what the risks are, and what needs to be in place, this particular section looks to ensure organizations understand the risks within their industry on a larger scale.


  • Undertake basic training in food fraud
  • Use basic risk assessment tools
  • Think outside of food safety

Supplier Risk Assessment

For groups of raw materials (may include packaging), or individuals (depending on the nature of your operation), you have to assess the risks to product safety, legality, and quality that come through your suppliers. Make sure you understand what the risks are for ingredients and groups of ingredients. This can include:

  • Allergen contamination
  • Foreign-body risks
  • Microbiological contamination
  • Chemical contamination
  • Substitution or fraud (see clause 5.4.2)


  • Group your materials. If you have 300 raw materials, you probably don’t have to do 300 risks assessments, but will most likely only need to do about half a dozen or a dozen. For example, all of your dry, shelf-stable ingredients might fall into one grouping.
  • Include “packaging” in your risk assessments. What BRC means by this is if it’s packaging that you wouldn’t like to fail in some way, include it. Don’t skip product materials.
  • Take an industry wide approach, not a site specific focus. Think about what has happened to similar organizations and not just yours. It helps to broaden your horizon as to what you’re looking at or looking for.

Chemical Control

Plain and simple, you need to control the chemicals. Where required, have trained personnel, appropriate labeling, or anything else needed so that chemicals don’t accidentally or deliberately cause a problem.

It also needs to be part of your routine internal audit. When you’re doing an inspection, look under shelves and in cabinets to see if there is anything there that should not be. If you do find something, like a lubricant, don’t just remove it. You need to understand why it’s there to ensure that if removed, it doesn’t end up there again. Then, bring in maintenance/production and find an appropriate tool to fix the issue.


  • Routine internal audit inspection, focused, dedicated inspector
  • Do not take away necessary tools
  • Involve maintenance and production
  • Purchasing procedures for approvals

Doors 4.4.9


Doors should be maintained and in good condition. They are used as an entrance and exit, but also to prevent the introduction of unwanted materials. To help prevent risks associated with doors, make sure maintenance has these under their internal audit as a routine check.

Additionally, if there is damage to the door, don’t simply repair it. You need to look at why there is damage, what might be causing it, and what the risks are associated with that damaged door (pests, temperatures, etc.).


  • Promote to maintenance responsibility
  • Routine inspection, followed by internal audit
  • Manage the behavior creating the issue (RCA, 5 why’s)
  • Manage the risks when less than perfect (pest monitoring, primary external exclusion, secondary internal barrier)

Material Identification 3.9.1

Materials that are in the facility (ingredients received, part containers, work in process, part pallets) need to be appropriately identified to support your traceability program. FSMA makes it very clear that traceability will be key. Make sure you have proper procedures in place to maintain traceability all the way through from start to finish, even when you do something a little different like work in process.

Additionally, make sure everyone understands why you have a traceability program, how to manage it, and what all the necessary steps are.


  • In house identification system and program
  • Internal audit focus

Verification of Supplier Traceability 3.9.3

This section is key when referring to the Foreign Supplier Verification Program (FSVP) as part of FSMA. You need to verify that your suppliers have an effective traceability system in place.

If they have undergone a GFSI benchmarked audit, you are off to a great start. If they have not, you can either do your own audit, or utilize questionnaires. If you have questionnaires in place, you need to also have a verification step in this process. This means, you need to see the results of a questionnaire at a certain frequency to ensure things are being met according to standards.

Additionally, automation can help to avoid errors. If you have 100 suppliers and 30 of them are verified by questionnaire, you’re going to have 30 staggered times that you need to check these. Automation can help by setting reminders and due dates so that tasks can be completed on time.


  • Tie directly to supplier approval program
  • Understand approved audit program expectations and limitations
  • Automate information and reminders

Flow Diagram 2.5.1

When you’re at the certification stage of BRC, your HACCP plan should be very well done at this point. There is, however, one area that still tends to creep up on non-conformity lists—the flow diagram.

The entire HACCP plan starts with the flow diagram, and this is the area that tends to have issues. You need a flow diagram to cover each product type. It should cover things like, physical layouts, identification of all the inputs (water flow, waste flow, etc.), outsourced processes, contracted work, etc.

They very next step once the flow diagram is created is to make sure it’s correct. This should be done on a regular basis. Additionally, make sure that the person who created the flow diagram isn’t also the one who checks it.


  • Team verify the diagram on the floor

If you'd like to know more about what the changes were with BRC Issue 7, tune in to John’s on-demand webinar, The Impact of BRC Food 7: Most Common Non-Conformities.

New Call-to-action

Subscribe to Our Blog

Get the latest industry news, tips and more straight to your inbox!
Enter your email address below:

Tags: GFSI, brc