Industry Resources on Third-Party Audit Standards and FSMA Supplier Verification Requirements
Under the Preventive Controls for Human Food (PCHF) regulation (21 CFR part 117), Preventive Controls for Food for Animals (PCAF) regulation (21 CFR part 507), and Foreign Supplier Verification Programs (FSVP) regulation (21 CFR Part 1, Subpart L), receiving facilities and importers may need to conduct onsite audits to determine if their suppliers are producing food in compliance with FDA food safety standards, including the new standards promulgated under the FDA Food Safety Modernization Act (FSMA). An annual onsite audit is required under the PCHF, PCAF, and FSVP regulations when the hazard will result in a serious adverse health consequences or death to humans or animals (SAHCODHA) and is controlled by the supplier, unless the receiving facility or importer has made a written determination that other verification activities and/or less frequent onsite auditing of the supplier provide adequate verification.
While onsite audits conducted to meet these supply-chain program requirements do not have to be conducted under FDA’s Accredited Third-Party Certification Program (21 CFR Part 1, Subpart M), they must be conducted by a “qualified auditor” and consider applicable food safety regulations. See 21 CFR 117.435 (PCHF); 21 CFR 507.135 (PCAF); 21 CFR 1.506(e)(1)(i) (FSVP). Many receiving facilities and importers have been using third-party audits as a business practice prior to the issuance of FDA’s FSMA regulations. These audits are often based upon food safety standards developed by third-party audit programs rather than FDA food safety requirements. We have heard from stakeholders that it would be helpful for industry to have tools to help determine if the safety standards used in these third-party audits adequately consider FDA’s food safety standards so that they can be used to fulfill FSMA regulatory requirements for supplier verification.
We are providing templates that may be used to help receiving facilities, importers, and other stakeholders (e.g., audit programs) compare the standards used in a third-party audits to FDA food safety requirements. More specifically, the templates will facilitate comparisons between the safety standards used in these third-party audits and the food safety requirements of the PCHF regulation, PCAF regulation, and Standards for the Growing, Harvesting, Packing, and Holding of Produce for Human Consumption (Produce Safety) regulation (21 CFR Part 112). The templates present certain food safety requirements in a table format, which can be used to more easily compare third-party food safety audit standards to these food safety requirements. While receiving facilities and importers must consider all applicable food safety regulations, we are focusing on the PCHF, PCAF, and Produce Safety regulations because importers are required to verify that their suppliers are using processes and procedures that provide the same level of public health protection as those required under these three regulations.
These templates are not required to be used. Receiving facilities, importers, and other stakeholders may use other means to determine that audits used as verification activities meet the supply chain requirements of the PCHF, PCAF, or FSVP regulations.
While these templates can help determine if the third-party audit standards align with FDA food safety standards, receiving facilities and importers are responsible for meeting all the supply chain requirements in the PCHF, PCAF, and FSVP rules, including whether audits of their suppliers are conducted by qualified auditors.