Global Standard Agents and Brokers,

Issue 3
AB307a: Auditor Checklist / Site Self-
Assessment Tool

Change log:

Version no. Date Description

1 01/10/2021 First version published for Issue 3 of the Standard.

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 1 of 32
Welcome to the BRCGS Auditor Checklist/Site Self-Assessment tool

We hope that you will find this useful when preparing your site for an audit against the
BRCGS Global Standard for Agents and Brokers, Issue 3.

How to use the BRCGS Auditor Checklist/Site Self-Assessment tool?

This tool is designed to help you assess your operation against the requirements of the
Standard and help prepare you for your certification audit.

The checklist covers each of the requirements of the Standard and may be used to check
your site’s compliance with each of these requirements. The checklist also allows you to
add comments or identify areas of improvement in the empty boxes provided at the end
of each section.

While we hope that this tool is useful in helping you prepare for your audit it should not
be considered as evidence of an internal audit and will not be accepted by auditors
during an audit.

Training

The BRCGS Training Academy has courses available to improve the understanding of the
requirements for the BRCGS Global Standard Agents and Brokers Issue 3 and may be
useful for the person using the BRCGS Self-Assessment Tool. For further information on
the courses available please visit the website.

Further Information

If you have any further questions about the BRCGS Self-Assessment Tool or the BRCGS
Global Standard Agents and Brokers Issue 3, please do not hesitate to contact the BRCGS
team.

Email – [email protected]

Clause Requirements
AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 2 of 32
1 Senior management commitment

Summary

1.1 Senior management commitment and continual improvement

Clause Requirements Conforms Comments

Statement of The company’s senior management

Intent shall demonstrate that they are fully
committed to the implementation of
the requirements of the Standard
and to the operation of processes
that facilitate product authenticity
and legality, and the continual
improvement of their product safety
and quality management services.

1.1.1
The company shall have a
documented policy that states the
company’s intention to meet its
obligation to supply safe, legal
and authentic products to the
specified quality, and its
responsibility to its customers.
This shall be:
• signed by the person with overall
responsibility for the company
• communicated to all staff.
1.1.2
The site’s senior management
shall define and maintain a clear
plan for the development and
continuing improvement of a
product safety and quality culture
within the company. This shall
include:
• defined activities involving all
sections of the company that
have an impact on product
safety and quality. As a
minimum, these activities shall
be designed around:
• communication within both the
supply chain and the company
• training
• feedback from employees
• performance measurement on
product safety and quality-related
activities
• an action plan indicating how
the activities will be
undertaken and measured,
AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 3 of 32
 and the intended timescales
• a review of the effectiveness
of completed activities.
1.1.3
The company’s senior management
shall ensure that clear objectives
are defined to maintain and
improve services, ensuring product
safety, authenticity, legality and
quality in accordance with the
quality policy and the requirements
of this Standard. These objectives
shall be:
• documented and include targets or
clear measures of success
• clearly communicated to relevant
staff
• monitored, and the results reported
at least six-monthly to the
company’s senior management.
1.1.4
Management review meetings,
attended by the company’s senior
management, shall be undertaken
at appropriate planned intervals, at
a minimum annually, to review the
company’s performance against the
Standard and the objectives as
described in clause 1.1.3. The
review process shall include the
evaluation of:
• the previous management review
action plans and timescales
• the results of internal, second-party
and/or third-party audits
• any customer complaints and the
results of any customer
performance reviews
• any incidents, corrective
actions, out-of-
specification results and
non-conforming materials
• supplier performance
• the management of the
systems for hazard and risk
assessment (e.g. product
safety system, HACCP or
HACCP-based plan), food
defence or product
security, and authenticity
of products
• resource requirements.

Records of the meeting shall be

kept and documentation shall be
used to revise the objectives,
thereby encouraging continual
improvement.

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 4 of 32
 The decisions and actions agreed
within the review process shall be
effectively communicated to the
appropriate staff, and the actions
implemented within the agreed
timescales.
1.1.5 The company shall have a
demonstrable system to ensure that
significant product safety, authenticity,
legality and quality issues are brought
to the attention of senior management
to allow those issues requiring
immediate action to be resolved.
1.1.6 The company’s senior management
shall provide the resources required to
ensure the product safety,
authenticity, legality and specified
quality of products supplied, in
compliance with the requirements of
this Standard and its customers.
1.1.7 The company’s senior management
shall have a system in place to ensure
that the company is kept informed of,
and reviews, any emerging product
safety, authenticity, quality or legality
issues, industry codes of practice, and
all relevant legislation applicable in the
country where the product is intended
to be sold or used.
1.1.8 Where required by legislation, the
company shall be registered with, or
approved by, the appropriate
authority.
1.1.9 The company shall have a genuine,
original, hard copy or electronic
version of the current Standard
available and be aware of any changes
to the Standard or protocol that are
published on the BRCGS website.
1.1.10 Where the company is certificated to
the Standard, it shall ensure that
announced recertification audits occur
on or before the audit due date
indicated on the certificate.
1.1.11
The opening and closing meetings of
the audit for the Standard shall be
attended by a senior manager of
the site.

If the most senior manager within the

site is absent on the day of the audit
because of other commitments, a
nominated deputy shall be available
(see clause 1.2.1).

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 5 of 32
1.1.12
The company’s senior management
shall ensure that the root causes of
non-conformities identified at the
previous audit against the Standard
have been effectively addressed to
prevent their recurrence.
1.1.13
The BRCGS logo and references to
certification status shall only be
used in accordance with the
conditions of use detailed in the
audit protocol section (Part III,
section 6.1) of the Standard.
1.2 Organisational structure, responsibilities and management authority

Clause Requirements Conforms Comments

Statement of The company shall have a clear

Intent organisational structure and lines of
communication to enable the
effective management of services
ensuring product safety,
authenticity, legality and quality.

1.2.1 The company shall have an

organisation chart demonstrating its
management structure. The
responsibilities for the management of
activities that ensure product safety,
authenticity, legality and quality shall
be clearly allocated and understood by
the managers responsible. It shall be
clearly documented who deputises in
the absence of the responsible person.
1.2.2 The company’s senior management
shall ensure that all employees are
aware of their responsibilities.
Employees whose role or activity
could affect product safety,
authenticity, legality or quality shall
have access to documented work
instructions or procedures and shall be
able to demonstrate that work is
carried out in accordance with these
instructions.
Clause Requirements

2 Hazard and Risk Assessment

Summary

Statemen The company shall operate a product

t of Intent safety plan for the processes for which it
is responsible. This shall be based on

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 6 of 32
 the principles of hazard and risk
analysis, including the Codex
Alimentarius HACCP principles. The
plan shall be documented, systematic,
comprehensive, fully implemented and
maintained.

Clause Requirements Comments

Conform
s

2.1 The person responsible for leading the

hazard analysis shall be able to
demonstrate competence in the
understanding of hazard and risk analysis
principles (e.g. HACCP principles) and
their application. Where a team is used,
the team members shall have knowledge
of the hazard and risk analysis principles.
In the event of the company not having
appropriate in-house knowledge it may
seek external expertise, but the day-to-
day management of the product safety
system shall remain the responsibility of
the company.
2.2 Where the hazard and risk analysis study
has been undertaken centrally, it shall be
possible to demonstrate that the study
has been verified to meet the specific
activities of the local operations to which
the study applies.
2.3 The hazard analysis, and the resulting
procedures, shall have senior
management commitment, and shall be
implemented through the company’s
documented product safety and quality
management systems.
2.4
The company shall define the scope of
the hazard and risk analysis in terms of
the products and services that are
included. This shall include:
• a description of the nature of
products traded (e.g. canned fish,
fresh produce, corrugated board,
household chemicals such as bleach,
cosmetics or household electric
goods)
• details of any particular specified
storage or handling conditions (e.g.
temperature control requirements or
propensity to water damage)
• a description of any services
provided directly or arranged while
the product is the responsibility of
the company.
2.5
A process flow diagram shall be
prepared to cover each step in the

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 7 of 32
 process from the purchase or
acceptance of responsibility for
products to acceptance of the
products by the company’s customer.
As a guide, this should include the
following where applicable:
• import and export processes
• product checks or testing
• subcontracted transport or distribution
• subcontracted storage of products
• processes for damaged or rejected
product
• any subcontracted processes
undertaken on products (e.g.
relabelling or further processing).
2.6
The company shall identify and record
all potential hazards associated with
each step of the product flow. The
company shall include consideration
of the following types of hazard:
• microbiological growth (e.g.
resulting from temperature abuse
of products that require
temperature control, or exposure
of unpacked products to
environmental micro- organisms
such as pathogens)
• physical contamination (e.g.
glass contamination, wood
splinters from pallets, dust or
pests)
• chemical or radiological contamination
(including product tainting)
• physical damage (e.g. breakage,
puncturing of packaging, water
damage or electrical faults)
• fraud (e.g. substitution or
deliberate/intentional adulteration)
• malicious contamination of products
• allergens (e.g. cross-
contamination during storage or
transportation of open product in
silos or tankers)
• hazards impacting the functional
integrity of packaging materials and
their performance
• any other hazards mandated by the
customer or relevant regulatory
authorities.
2.7
The company shall complete a
documented risk analysis of the
potential hazards in order to identify
which need to be controlled. The
following should be considered:
• the likely occurrence of the hazard

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 8 of 32
 • the severity of the hazard (e.g.
injurious to health, potential to
cause food poisoning, rejection
or a product recall)
• existing prerequisite
programmes that effectively
prevent the hazard or reduce it
to acceptable limits.
2.8
For each hazard that requires control,
processes shall be established to
ensure that service providers
effectively manage their operations to
prevent or eliminate a significant
hazard or reduce it to acceptable
limits. Such processes may include:
• specifications and contracts with
service providers
• a review of HACCP or hazard and risk
management plans operated by
service providers to confirm that the
identified hazard is being controlled.
2.8.1
Where controls are managed by
HACCP or hazard and risk management
plans operated by service providers,
either the plans and controls shall be
reviewed by a competent person to
determine their effectiveness or the
plans and controls shall be within the
scope of an accredited certification of
the service provider.
Contracts or trading agreements shall
ensure that any significant changes to
the service provider’s hazard and risk
management plans are communicated
to the company before the changes
are implemented. Any changes shall
be reviewed by a competent person
to determine the ongoing
effectiveness of the plan before the
changes are implemented by the
service provider.
Records shall be maintained to
demonstrate the results of these
reviews.
2.9 There shall be effective processes to
monitor and verify that the processes
operated by service providers are
effectively controlling the hazards
identified.
2.10 Corrective action plans shall be defined
for instances where monitoring identifies
a failure of the controls or where results
indicate that products or services are out
of specification.
2.11
The hazard and risk analysis shall be

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 9 of 32
 formally reviewed at least annually and
whenever:
• new product types are traded
(i.e. products with different
characteristics from those
included within the original
study)
• new services or process steps are
introduced
• a new risk emerges
• following a product recall, where the
agent’s or broker’s processes are
implicated.

Changes resulting from the review shall

be incorporated into the hazard and
risk assessment and product safety and
quality management systems.

Where appropriate, the changes shall

also be reflected in the company’s
product safety policy and product
safety objectives.
Clause Requirements

3 Product Safety and Quality Management System

Summary

3.1 Product Safety and Quality Systems Manual

Clause Requirements Confor Comments

ms

Statement The company’s processes and

of Intent procedures to meet the requirements of
this Standard shall be documented to
allow their consistent application, to
facilitate training, and to support due
diligence and the supply of a safe
product.

3.1.1
The company’s procedures, working
methods and practices shall be
collated in a navigable and readily
accessible system, in the form of a
printed or electronic product safety
and quality manual.
Consideration shall be given to the
need for translation into appropriate
languages.

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 10 of 32
3.1.2 The product safety and quality manual
shall be fully implemented, and the
manual, or the relevant components of
it, shall be readily available to relevant
staff.
3.1.3 All procedures and work instructions
shall be clearly legible, unambiguous, in
the relevant languages and sufficiently
detailed to enable their correct
application by appropriate staff.
3.2 Documentation control

Clause Requirements Confor Comments

ms

Statement The company shall operate an effective

of Intent document control system to ensure that
only the correct versions of documents
are available and in use.

3.2.1
The company shall have a procedure to
manage the documents that form part
of the quality system. This shall include:
• a list of all controlled documents,
indicating the latest version number
• the method for identifying and
authorising controlled documents
• a record of the reason for any
changes or amendments to
documents
• the method for ensuring documents
are maintained in good condition and
are retrievable
• a system for the replacement of
existing documents when these
are updated. Archived documents
shall be retained for a defined
period, taking into consideration
any legal or customer
requirements.

Where documents are stored in

electronic form these shall also be:
• stored securely (e.g. with
authorised access, control of
amendments, or password-
protected)
• suitably backed up to prevent
loss.
3.3 Record completion

Clause Requirements Confor Comments

ms

Statement The company shall maintain genuine

of Intent records to demonstrate the effective

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 11 of 32
 control of product safety, authenticity,
legality and quality.

3.3.1 Records shall be legible, retained in good

condition and retrievable. Any alterations
to records shall be authorised and the
justification for any alterations shall be
recorded. Where records are in electronic
form these shall be suitably backed up to
prevent loss.
3.3.2
Records shall be retained for a
defined period, taking into
consideration any legal or customer
requirements, the shelf life of the
product or the usage of packaging
materials.
For food products this shall take into
account, where it is specified on the
label, the possibility that the shelf life
may be extended by the consumer
(e.g. by freezing).
Records shall be stored securely (e.g.
in designated storage with access
restricted to authorised personnel).
Records shall be accessible in a
timely manner.
3.3.3 Where records are held by third parties,
the company shall be able to obtain
copies of the records typically within 1
working day (e.g. warehouse intake
checks).
3.4 Customer Focus and Communication

Clause Requirements Confor Comments

ms

Statement The company shall ensure that any

of Intent customer-specific policies or
requirements are understood,
implemented and clearly communicated
to the relevant staff and relevant
suppliers of products and services.

3.4.1 The company shall have a system for

identifying whether customers have
specific requirements. Where there are
specific requirements, they shall be
made known to the relevant staff within
the company and kept up to date.
3.4.2
Where specific customer policies need
to be enacted by the manufacturing,
processing or packing site, the
company shall have effective
processes to communicate them to
the relevant suppliers of products and
services (e.g. product specifications,
AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 12 of 32
 contracts with suppliers/service
providers or codes of practice).
Records shall be available to
demonstrate that where the company
has been notified of relevant
requirements, these have been
communicated to the relevant
immediate suppliers, and there is
supporting documentation to confirm
that the suppliers have understood
and implemented the requirements.
3.4.3 Where required by the customer, the
company shall provide information to
enable the last manufacturer or
processor of the product to be approved.
This shall include the identity of this
manufacturer or processor.
3.5 Internal Audit

Clause Requirements Confor Comments

ms

Statement The company shall be able to

of Intent demonstrate that it verifies the effective
application of its product safety and
quality system and the implementation
of the requirements of this Standard.

3.5.1
There shall be a scheduled programme
of internal audits.
As a minimum, the programme shall
include at least two different audit
dates spread throughout the year.
The frequency at which each activity
is audited shall be established in
relation to the risks associated with
the activity and previous audit
performance. All activities shall be
covered at least once each year.
As a minimum, the scope of the internal
audit programme shall include the:
• implementation of the product safety
and quality management system
• HACCP plan or product safety plan
(i.e. the documents and outputs from
section 2)
• product security or food defence (see
section 4.3)
• product fraud mitigation plan (see
clause 4.8.3)
• procedures implemented to achieve
the Standard.

Each internal audit within the

programme shall have a defined scope

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 13 of 32
 and consider a specific activity or section
of the product safety activities.
3.5.2 Internal audits shall be carried out by
appropriately trained, competent
auditors who are independent from the
audited activity.
3.5.3
The internal audit programme shall be
fully implemented.
Internal audit reports shall identify
conformity as well as non-conformity
and include objective evidence of
findings.
The results shall be reported to the
personnel responsible for the activity
audited. Corrective and preventive
actions, and timescales for their
implementation, shall be agreed, and
completion of the actions shall be
verified in a timely manner.
3.6 Specification for Products

Clause Requirements Confor Comments

ms

Statement Product specifications or information to

of Intent meet legal requirements and to assist
customers in the safe usage of the
product shall be maintained and
available to customers.

3.6.1 Specifications shall be available for all

products. They shall either be in the
agreed format of the customer or, where
this is not specified, include key data to
meet legal requirements and assist the
customer in the safe usage of the
product.
3.6.2 The company shall seek formal
agreement of specifications with the
relevant parties. Where specifications
are not formally agreed, the company
shall be able to demonstrate that it has
taken steps to ensure that formal
agreement is in place.
3.6.3 Companies shall operate demonstrable
processes to ensure that any customer-
specified requirements are met. This
may be by including customer
requirements within buying
specifications, or by undertaking further
work on purchased product to meet the
customer specification (e.g. sorting or
grading of product).
3.6.4 Specifications shall be reviewed
whenever products, packaging or
suppliers change, or at least every 3
years. The date of review and the
AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 14 of 32
 approval of any changes shall be
recorded. The company shall seek formal
agreement of any changes (in
accordance with clause 3.6.2).
3.7 Traceability

Clause Requirements Confor Comments

ms

Statement The company shall be able to trace all

of Intent product lots back to the last
manufacturer and forward to the
customer of the company.

3.7.1
The company shall maintain a
traceability system for all products,
which identifies the last manufacturer
or place of last significant change of
the product (in the case of primary
agricultural products this may be the
packer). Records shall also be
maintained to identify the recipient of
each batch of product from the
company.
Where applicable, the traceability
system shall meet the legal
requirements in the country of sale or
intended use.
3.7.2
The company shall test the
traceability system to ensure
traceability can be determined back
to the last manufacturer and forward
to the customer. This shall include
identification of the movement of the
product through the chain from the
manufacturer to receipt by the
customer (e.g. each movement and
intermediate place of storage).
The company shall complete at least
one traceability test annually. Where
the agent or broker subcontracts
activity to multiple service providers,
additional tests may be required to
confirm the effectiveness of the
traceability system within the
different supply chains.
Where a company has multiple office
locations, then at least one
traceability test annually shall involve
products traded or managed by each
office.
The traceability test shall include the
reconciliation of quantities of product
traded by the company for the chosen
batch or product lot. Traceability
should be achievable within 4 hours
AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 15 of 32
 (24 hours when information is
required from external parties).
3.7.3 Where product is further processed on
behalf of the company, relabelled or
returned, traceability shall be
maintained.
3.7.4 The company shall ensure that its
suppliers of products have an effective
traceability system. Where a supplier has
been approved based on a
questionnaire, a legally enforceable
contract or specification, or a historical
trading relationship (instead of
certification or audit), verification of the
supplier’s traceability system shall be
carried out at the time of the initial
approval of that supplier and then at
least every 3 years.
3.8 Complaint Handling

Clause Requirements Confor Comments

ms

Statement Customer complaints shall be handled

of Intent effectively and the information used to
reduce recurring complaint levels.

3.8.1 All complaints shall be recorded and

investigated, and the results of the
investigation recorded. Corrective action
appropriate to the seriousness and
frequency of the problems identified
shall be carried out promptly and
effectively by appropriately trained staff.
3.8.2
Complaints arising from the action of
a service provider or supplier shall be
communicated to that supplier for
further investigation.
Corrective actions appropriate to the
seriousness and frequency of the
problems identified shall be agreed
and the implementation confirmed
with the relevant supplier or service
provider.
3.8.3
Complaint data relating to products and
services shall be analysed for
significant trends.
Where there has been either a serious
complaint or a significant increase in
incidences of a complaint, root cause
analysis shall be undertaken and used
to implement ongoing improvements
to product safety, legality and quality,
and to avoid recurrence.
This analysis shall be made available

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 16 of 32
 to the relevant staff, suppliers and/or
service providers.
3.9 Corrective and Preventive Actions

Clause Requirements Confor Comments

ms

Statement The company shall be able to

of Intent demonstrate that it uses the information
from identified failures in the product
safety and quality management system
(e.g. non-conforming products, internal
audits, complaints, product recalls,
product testing, second and third-party
audits) to make necessary corrections
and prevent their recurrence.

3.9.1
The company shall have a procedure
for handling and correcting non-
conformities identified within the
scope of the product safety and
quality management system.
Where a non-conformity places the
safety, authenticity, legality or quality
of products at risk, this shall be
investigated and recorded. The
investigation shall include:
• clear documentation of the non-
conformity
• assessment of the consequences by a
suitably competent and authorised
person
• identification of the corrective action
to address the immediate issue
• assignment of responsibilities for
action
• appropriate timescales to ensure
correction
• verification that the correction has
been implemented and is effective.
3.9.2
The site shall have a procedure for the
completion of root cause analysis.
As a minimum, root cause analysis
shall be used to implement any
necessary action to prevent
recurrence of significant or recurring
non-conformities.
3.10 Control of non-conforming product

Clause Requirements Confor Comments

ms

Statement The company shall ensure that any out-

of Intent of-specification product is effectively

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 17 of 32
 managed.

3.10.1
There shall be procedures for
managing products that do not
conform to buying or customer
specifications, or product safety
requirements. This shall include:
• a process for
subcontractors handling
the product to report
potentially non-
conforming product
• clear identification of non-
conforming product to
prevent its release (e.g.
stock management IT
systems)
• agreed procedures with
subcontractors for secure storage to
prevent accidental release of
implicated product
• referral to the brand owner or
customer where required
• defined responsibilities for
decision-making on the use or
disposal of products appropriate
to the issue (i.e. acceptance by
concession, redesignation to an
alternative customer (e.g.
distressed stock), reworking or
destruction)
• records of the decision taken on the
use or disposal of the product
• records of destruction where the
product is destroyed for product
safety reasons.
3.11 Management of Incidents, Product Withdrawal and Product Recall

Clause Requirements Confor Comments

ms

Statement The company shall have a plan and

of Intent system in place to manage incidents
effectively and enable the effective
withdrawal and recall of products should
this be required.

3.11.1 The company shall have clear processes

to enable subcontractors and suppliers to
report incidents and potential emergency
situations that impact product safety,
authenticity, legality or quality. The
company shall have procedures and
assigned responsibilities for the review of
incidents and to define the appropriate
action.
3.11.2
The company shall have documented

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 18 of 32
 procedures designed to report and
effectively manage incidents and
potential emergency situations that
impact food safety, legality or
quality, including a product
withdrawal and recall procedure.
This product recall and withdrawal
procedure shall include, as a
minimum:
• identification of the key personnel
constituting the recall management
team, with clearly identified
responsibilities
• guidelines for deciding whether a
product needs to be recalled or
withdrawn, and the records to be
maintained
• an up-to-date list of key contacts
or reference to the location of
such a list (e.g. recall
management team, emergency
services, suppliers, customers,
certification body and regulatory
authority)
• a communication plan that includes:
• the process for providing
information to customers and
regulatory authorities in a
timely manner
• instructions for customers on
the return or safe disposal of
recalled product
• details of external agencies
providing advice and support as
necessary (e.g. specialist
laboratories, regulatory
authority and legal expertise)
• a plan to handle the logistics of
product traceability, recovery or
disposal of affected product and
stock reconciliation
• a plan to conduct root cause
analysis and to implement ongoing
improvements to avoid recurrence
(this may be an assessment or
verification of the supplier’s root
cause and preventive action plan
where the incident occurred within
the supply chain, rather than
within the agent/broker’s
operations)
• a plan to record timings of key
activities.

The procedure shall be operable at any

time.
3.11.3 The product incident management
procedures (including those for recall

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 19 of 32
 and withdrawal) shall be tested at least
annually, in a way that ensures their
effective operation. Results of the test
shall be retained and shall include
timings of key activities. The results of
the test and of any actual recall shall be
used to review the procedure and
implement improvements as necessary.
3.11.4
In the event of a significant product
safety incident, including a product
recall or regulatory product safety
non-conformity (e.g. a regulatory
enforcement notice), the certification
body issuing the current certificate for
the site against the Standard shall be
informed within
3 working days.
The company shall provide sufficient
information to enable the certification
body to assess any effects of the
incident on the ongoing validity of the
current certificate (as detailed in the
audit protocol, Part III, section 6.4). As
a minimum:
• where the agent or broker is
facilitating an incident originating
in the supply chain, this will
include the agent’s or broker’s
corrective action, and a review of
the relevant supplier’s or service
provider’s actions.
• where the incident is the result of
the agent’s or broker’s activity,
this will include corrective action,
root cause analysis and a
preventive action plan.
Clause Requirements

4 Supplier and subcontracted service management

Summary

4.1 Approval and performance monitoring of manufacturers/packers of traded products

Clause Requirements Conform Comments

s

Statemen The company shall operate procedures

t of Intent for supplier approval and monitoring of
the last manufacturer or packer of
products for which it provides a service,
to ensure that traded products are safe,
legal and manufactured in accordance
with any defined product specifications.

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 20 of 32
4.1.1
The company shall have a supplier
approval procedure that identifies the
process for initial and ongoing
approval of suppliers and the
manufacturer/processor/packer of
each product traded. The
requirements shall be based on the
results of a risk assessment. This risk
assessment shall include
consideration of:
• the nature of each product and its
associated risks
• customer-specific requirements
• legislative requirements in the
country of sale or importation of the
product
• source or country of origin
• potential for adulteration or fraud
• the brand identity of
products (i.e. whether it is
the customer’s own brand
or a branded product).

The risk assessment shall be updated:

• when there is a change in product,
processing or supplier
• if a new risk emerges
• following a product recall or
withdrawal, where a specific product
has been implicated
• at least once every 3 years.
4.1.2
The process for the initial and
ongoing approval of manufacturers
of products shall be based on risk. It
shall include one or a combination of
the following:
• Valid certification of the
manufacturing or packing site to
the applicable BRCGS Standard or a
standard benchmarked by the
Global Food Safety Initiative (GFSI).
The scope of the certification shall
include the products traded by the
agent or broker.
• A supplier audit with a scope to
include product safety, traceability
testing, HACCP or hazard and risk
management review, the product
security (food defence) plan, the
product authenticity plan, and good
manufacturing practices. The audit
shall include confirmation that these
plans form part of the supplier’s
product safety management system
and that any resultant actions are

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 21 of 32
 implemented. The supplier audit
shall be undertaken by an
experienced and demonstrably
competent product safety auditor.
Where it is completed by a second
or third party, the company shall be
able to:
• demonstrate the competency of the
auditor
• confirm that the scope of the
audit includes product safety,
traceability, HACCP or hazard
and risk management review,
the product security (food
defence) plan, the product
authenticity plan, and good
manufacturing practices
• obtain and review a copy of
the full audit report.

For products (food or non-food)

assessed as low-risk only, and where
a valid risk-based justification is
provided, initial and ongoing approval
may be based on a completed
manufacturing site questionnaire. As
a minimum, the questionnaire shall
demonstrate that the supplier has
effective action plans to control
product safety, product security (food
defence) and product authenticity.
The questionnaire shall be reviewed
and verified by a demonstrably
competent person.
For non-food products assessed as
low-risk only, and where a valid risk-
based justification is provided, initial
and ongoing approval may also be
based on at least one of the
following:
• a legally enforceable
contract/specification from the
supplier
• a historical trading relationship,
supported by documented
evidence of performance
reviews that demonstrate
satisfactory performance.

This clause may not be

applicable where it is a customer
requirement that products are
supplied by a specific
manufacturer and the liability is
with that customer. A record of
the customer’s requirement for
the use of a specific supplier
shall be maintained.
AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 22 of 32
4.1.3 The site shall have an up-to-date list or
database of approved suppliers. This
may be on paper (hard copy) or it may
be controlled on an electronic system.
4.1.4 Where products are purchased from
other agents or brokers, the company
being certificated shall know the
identity of the last manufacturer,
processor or packer or, for bulk
commodity food products, the
consolidation place of the product.
4.1.5
Where products are purchased from
other agents or brokers, the company
being certificated shall obtain
information to enable the approval of
the manufacturer, packer or, for bulk
commodity products, the consolidation
place of the raw material (as in clause
4.1.2), unless the other agent or
broker is itself certificated to the
Standard or a standard benchmarked
by the Global Food Safety Initiative
(GFSI).
This information may be obtained from
the other agent or broker or directly
from the supplier.
4.1.6 Records shall be maintained of the
manufacturer or packer approval
process, including audit reports or
verification of certificates, confirming
the product safety status of the
manufacturing or packing sites
supplying products traded. There shall
be a process of review, and records
shall be kept of the follow-up of any
issues identified at the manufacturing or
packing sites that have the potential to
affect products traded by the company.
4.1.7
There shall be a documented process
for the ongoing review of
manufacturers or packers, based on
risk and using defined performance
criteria; these may include
complaints, results of any product
tests, regulatory warnings or alerts,
customer rejections or feedback. The
process shall be fully implemented.
Where approval is based on
questionnaires, these shall be reissued
at least every 3 years.
Contracts or formal agreements shall
require suppliers to notify the
company of any significant changes
that take place between these formal
reviews; this shall include any change
in certification status.

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 23 of 32
4.1.8
The procedures shall define how
exceptions to the supplier approval
process in clause 4.1.2 are handled
(e.g. where product suppliers are
prescribed by a customer) or where
information for effective supplier
approval is not available (e.g. bulk
agricultural products) and instead
product testing is used to verify
product quality and safety.
When a company trades customer-
branded product, the customer shall
be made aware of the relevant
exceptions.
4.2 Management of service providers

Clause Requirements Conform Comments

s

Statement The company shall be able to

of Intent demonstrate that service providers
have been approved, that they are
managed to ensure that any risks to
product safety have been evaluated,
and that effective controls are in place.

4.2.1
There shall be a procedure for the
approval and monitoring of service
providers (e.g. transport, storage,
laboratory testing or labelling).
The approval process shall be risk-
based and shall take into
consideration:
• risk to the safety and quality of
products
• compliance with legal requirements
(e.g. weight or label controls)
• customer-specific requirements
• potential risks to the security of the
product (i.e. risks identified in the
vulnerability and food defence
assessments).
4.2.2
The service provider approval
process shall be based on one or
more of the following options:
• certification of the
supplier (e.g. BRCGS
Standards or another
applicable GFSI-
benchmarked or ISO
standard)
• a supplier audit with a scope that
includes product safety,
traceability testing, hazard
analysis review, the product

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 24 of 32
 security (food defence) plan, the
product authenticity plan, and
good operating practices,
undertaken by an experienced
and demonstrably competent
product safety auditor
• historical performance,
supported by documented
evidence of performance
reviews demonstrating
satisfactory performance
• a supplier questionnaire
that has been reviewed
and verified by a
demonstrably competent
person
• a licence to operate (e.g. a licensed
waste management contractor).

This clause may not be applicable

where it is a customer requirement that
services are provided by a specific
service provider and the liability is with
that customer. A record of the
customer’s requirement for the use of a
specific service provider shall be
maintained.
4.2.3 Contracts or formal agreements shall
be in place with the service providers.
These shall clearly specify the service
requirements and shall ensure that
potential product safety risks
associated with the service have been
addressed.
4.2.4 There shall be a formal process of
review of the service providers. This
review shall be undertaken at a
frequency based on risk, but as a
minimum annually. It shall use defined
performance criteria, which may
include complaints, results of any
product tests, customer rejections or
feedback. The process shall be fully
implemented.
4.2.5
Where activities covered by a service
provider are subcontracted by that
supplier to another company (e.g.
third-party distribution or pallet-
sharing schemes), the subcontractor
shall be required to:
• work in accordance with the relevant
legislation
• maintain product traceability
• work in accordance with the
requirements identified by the risk
assessment of the supplier of
services (e.g. its HACCP plan), such
that identified risks are prevented or
AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 25 of 32
 reduced to an acceptable level.
•
The contract or formal agreement with
the service provider shall include
details of any permitted or prohibited
subcontracting.
4.2.6
The procedures shall define how
exceptions to the approval process
for service providers detailed in
clause 4.2.2 are handled (e.g. where
service providers are prescribed by a
customer), or where information for
effective approval is not available
(e.g. emergency transport) and
instead product testing is used to
verify product quality and safety.
When a company trades customer-
branded product, the customer shall
be made aware of the relevant
exceptions.
4.3 Product Security/Food Defence

Clause Requirements Conform Comments

s

Statemen Security systems shall be in place to

t of Intent protect products from theft, substitution
or malicious contamination or damage
while they are under the management
control of the agent or broker.

4.3.1
The company shall assess the
potential risks to the security of the
products from any attempt to steal,
contaminate, substitute or damage
the products during subcontracted
transportation and storage by the
service providers appointed by the
company.
Security measures identified by the risk
assessment shall be documented and
form part of the contract or terms and
conditions for the service providers that
have access to the product.
4.3.2 The security arrangements of the
service providers that handle the
product shall be verified at the start of a
contract and thereafter at a frequency
based on risk, unless they are
certificated to a BRCGS Standard or a
GFSI-benchmarked standard which
includes requirements for food defence
or product security.
4.4 Product Inspection and Laboratory Testing

Clause Requirements Conform Comments

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 26 of 32
 s

Statemen The company shall operate processes to

t of Intent ensure that products received comply
with buying specifications and that the
supplied product is in accordance with
any customer specification.

4.4.1
The company shall have a product
sampling or verification programme
to ensure that products are in
accordance with buying specifications
and meet legal and safety
requirements.
Product verification may be
completed by the agent or broker or
by the supplier. Selection of the
appropriate verification techniques
shall be based on risk, and may
include:
• product safety testing (e.g.
microbiological, chemical,
physical or allergen contaminants,
or flammability testing of home
furnishings)
• testing for authenticity/integrity
• product quality assessment
(e.g. organoleptic testing of
food, integrity testing of
packaging, colourfastness
in fabrics, or fragrance
testing of cosmetics)
• verification and product
testing by the
manufacturer (e.g.
certificates of analysis or
conformance).

Where verification is based on

sampling, the sample rate and
assessment process shall be risk-
based and documented.

Records of the results of the

assessments or analysis shall be
maintained.
4.4.2
Where verification of conformity is
provided by the supplier (e.g.
certificates of conformance or
analysis), the level of confidence in
the information provided shall be
substantiated.
Procedures shall be in place to ensure
the reliability of the supplier’s
laboratory results; this may include
confirmation of recognised laboratory
accreditation or laboratory operation
AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 27 of 32
 in accordance with the requirements
and principles of ISO/IEC 17025.
4.4.3 Where claims are made about the
products handled, including the
provenance, chain of custody, and
assured or ‘identity preserved’ status
(see Appendix 8, Glossary) of a product
or raw materials used, supporting
information shall be available from the
supplier or independently to verify the
claim.
4.4.4 Where the company undertakes or
subcontracts analyses that are critical
to product safety or legality, the
laboratory or subcontractors shall have
gained recognised laboratory
accreditation or shall operate in
accordance with the requirements and
principles of ISO/ IEC 17025.
Documented justification shall be
available where non-accredited test
methods are used.
4.4.5 The significance of external laboratory
results shall be understood and acted
upon accordingly. Appropriate actions
shall be implemented promptly to
address any unsatisfactory results or
trends.
4.5 Product Legality and Labelling

Clause Requirements Conform Comments

s

Statemen The company shall have processes in

t of Intent place to ensure that the products traded
comply with the legal requirements in
the country of manufacture and the
country of sale, where known.

4.5.1
The company shall have documented
processes to verify the legality of
products that are traded. This shall
include, as applicable:
• labelling information
• compliance with the relevant legal
requirements, such as export or
compositional requirements (e.g.
ingredients list, allergen labelling,
INCI list) or specific product safety
legislation (e.g. directions for safe
use, warning labels, flammability)
• compliance with quantity or volume
requirements.

Where such responsibilities are

undertaken by the customer, this shall
be clearly stated in the contracts.
AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 28 of 32
4.5.2 The company shall have documented
processes to verify that the product
bears the appropriate information
according to the customer’s
requirements.
4.6 Product Design and Development

Clause Requirements Conform Comments

s

Statemen Product design and development

t of Intent procedures shall be in place for new
manufactured product development
processes, where this is a service
managed by the company, to ensure
that safe and legal products are
developed, meeting the appropriate
quality and customer- specified
requirements.

4.6.1
The company shall have a process
for managing new product
development activities with potential
suppliers, which shall include:
• a project brief defining the
requirements for the products to be
developed
• a process for reviewing product
samples against the brief
• a formal product approval process.
4.6.2 The company shall ensure that all new
manufactured products have been
included within the manufacturing site’s
HACCP or hazard and risk management
plan. This shall ensure that hazards
have been assessed and that suitable
controls are implemented.
4.6.3
The company shall be able to
demonstrate that the shelf life
attributed to new food products has
been verified through:
• shelf-life testing assessment or
• documented protocols reflecting the
conditions experienced during
storage and handling.

Where these methods are not

practicable, verification shall be by a
documented, science- based
justification.
4.6.4 The company shall have processes to
ensure that new products are labelled to
meet legal requirements for the
designated country of use. Depending
on the legislation, this shall include
information to allow the safe handling,
AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 29 of 32
 display, storage, preparation and use of
the product within the supply chain or
by the customer. There shall be a
process to verify that labelling of
ingredients, allergens and allergen
cross-contamination is correct based on
the product recipe and the expected
country of sale.
4.6.5 Where a product is designed to enable a
claim to be made to satisfy a consumer
group (e.g. a nutritional claim, ‘reduced
sugar’, ‘dermatologically tested’), the
company shall ensure that the product
formulation and production process is
fully validated to meet the stated claim.

4.7 Product Release

Clause Requirements Conform Comments

s

Statemen Where products require formal release

t of Intent by a customer or legal authority, the
company shall ensure that an effective
product release procedure is in place
with the facilities holding products on
behalf of the company.

4.7.1 Where products require positive release,

procedures shall be in place to ensure
that release does not occur until all the
release criteria have been completed,
and the release has been authorised by
the company.
4.8 Product Authenticity

Clause Requirements Conform Comments

s

Statemen Systems shall be in place to minimise

t of Intent the risk of trading fraudulent or
adulterated products and to ensure that
all product descriptions are legal,
accurate and verified.

4.8.1
The company shall have processes in
place to access information on
historical and developing threats to
the supply chain that may present a
risk of adulteration or substitution of
products. Such information may come
from:
• trade associations
• government sources
• private resource centres.

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 30 of 32
4.8.2
A documented vulnerability
assessment shall be carried out
on all products, or groups of
products, to assess the potential
risk of adulteration or
substitution. This shall take into
account:
• any historical evidence of
substitution or adulteration
• any economic factors that may make
adulteration or substitution more
attractive
• ease of access to products
• the sophistication of routine testing
to identify adulterants
• the nature of the product.

The vulnerability assessment shall be

kept under review to reflect changing
economic circumstances and market
intelligence that may alter the potential
risk. It shall be formally reviewed
annually.
4.8.3 Where products are identified as being
at particular risk of adulteration or
substitution, the company shall have a
documented fraud mitigation plan which
details the appropriate assurance
and/or testing processes that are in
place to reduce the risk.
4.9 Management of Surplus Products

Clause Requirements Conform Comments

s

Statemen Effective processes shall be in place to

t of Intent ensure the safety and legality of surplus
products donated to charities or other
organisations.

4.9.1 Surplus customer-branded products

shall be disposed of, or rendered
unusable, in accordance with customer-
specific requirements.

4.9.2 Where customer-branded products that

do not meet specification are passed on
to charities or other organisations, this
shall be with the prior consent of the
brand owner.
4.9.3 Where products are donated, processes
shall be in place to ensure that all
donated products are fit for
consumption or use and meet legal
requirements.

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 31 of 32
Clause Requirements

5 Personnel

Summary

5.1 Training and Competency

Clause Requirements Conform Comments

s

Statement The company shall ensure that all

of Intent personnel performing work that affects
product safety, authenticity, legality
and quality are demonstrably
competent to carry out their activity,
through training, work experience or
qualification.

5.1.1 All personnel, including temporary staff,

shall be appropriately trained before
commencing work and adequately
supervised throughout the working
period.
5.1.2 The company shall have a documented
training procedure and records to
demonstrate that the training is
appropriate and effective.
5.1.3 The company shall routinely review the
competencies of staff directly involved
with product safety, authenticity,
legality and quality. As appropriate, it
shall provide relevant training. This
may be in the form of new training,
refresher training, coaching, mentoring
or on-the-job experience.

Copyright © BRCGS 2021 protected under UK and international law.

AB307a: Auditor checklist/Self-Assessment Tool BRCGS Global Standard Agents and Brokers, Issue 3
Version 1: 01/10/2021 Page 32 of 32