Great companies demand greatness from their operations.

National brands and national retailers demand greatness from their suppliers.

The food industry defines great Food Safety and Quality Assurance programs by whether they operate under a Global Food Safety Initiative (GFSI) certification scheme such as SQF, BRC, FSSC 22000 or PrimusGFS. These GFSI certification schemes require that you maintain the highest levels of accountability and record keeping.

Many Fortune 100 and Fortune 500 grocery stores, distributors and quick service restaurants have required GFSI certification from their suppliers for over 20 years. The requirement to be GFSI certified has made its way to many food manufacturers already, and is coming soon for the remainder of food manufacturers, food storage and distribution companies, food brokers, food growers and food packaging manufacturers that have been exempt from this requirement up to this point.

Food businesses all over the US are finding that legacy customers that previously did not require third party certification programs are all of a sudden demanding GFSI certification.

Regulatory compliance, Good Manufacturing Practices (GMP)/HACCP audits, Good Distribution Practices (GDP) audits, and ISO 9001 quality audits may only buy you a limited amount of time until the GFSI certification requirement is demanded of you.

So what is the difference between:

  1. being compliant to the law,
  2. going through a third party audit such as GMP or GDP,
  3. and becoming certified to a GFSI scheme such as SQF or BRC?

The goal of this blog post is to clarify the main differences between the three levels of certification, and to explain why it’s not a matter of if you will be required to become GFSI certified, but when.

Level 1: Compliant With Federal, State And Local Food Laws

The first level of certification is becoming compliant with the US food laws.

Regulatory requirements apply to government inspections, involve your business’s proof that you are following the law, and that you understand the federal, state and local rules that you must follow. These laws are classified as mandatory because you don’t have a choice whether you will be inspected by the government.

When you register your food business with your state and the federal government, you are signaling to the regulatory body that oversees your type of business that you are going to be in operation, and they will investigate who you are, what type of operation you are, and how you are operating. When a regulator enters the premises, they are looking for signs of fraud, unsafe practices or labor violations, but not whether the product is well made.

Regulators may assess documents, but they are not allowed to ask your business if your clients are happy with how you make your products or if you could be more efficient.

Problems with regulatory compliance mean that your processes or the paperwork you have in place are outside the limits of legally permissible behavior—and you may get shut down, fined or in a worst-case scenario, arrested. Becoming compliant is the bare minimum to operate a food business in the US.

However, increasingly it is not enough to meet the minimum requirements of your customer’s supplier approval programs.

Level 2: GMP, GAP And GDP Audits

This brings us to the second level of certification.

Good Manufacturing Practices(GMP), Good Agricultural Practices (GAP) and Good Distribution Practices (GDP) audits are voluntary third party inspections conducted by certifying bodies against a predetermined set of about 140 rules covering areas such as your food safety program, supplier approval program, food defense plan, building condition and employee hygiene practices.

You are not required by law to go through a third party audit, but instead you choose to have a third party audit by contacting a certifying body, scheduling the audit and agreeing to pay the certifying body for their time and effort grading your business. Once you agree to this audit, it is your company’s responsibility to read the rules, write all of the statements and standard operating procedures necessary to meet the rules, and then to record what you are doing each day to prove to the auditor that you understand the rules and are following them.

Generally, businesses that undergo GMP audits have Quality Assurance Departments, or at least a quality control professional to oversee the paperwork. Part of the GMP rule book includes the regulatory requirements mentioned above.

The GMP audit is interested in assessing if you are capable of operating at a higher level than simply following the law.

In order to pass a GMP audit, you will need more records and more standard operating procedures than are required by law. However, the number of rules and the rigor of the rules pales in comparison to what is expected of you in order to meet the GFSI standard.

This means GMP certifications are increasingly becoming obsolete because they are not considered going far enough.

Level 3: GFSI Certification

The third level of certification is GFSI – the highest level of third party audit currently available in the food industry.

It consists of a group of rule books or schemes that are owned by international companies (SQF, BRC, FSSC 22000, PrimusGFS, GlobalGAP, IFS) and are benchmarked against the definitive international global food safety and quality requirements. The companies that own the different GFSI standards by and large do not perform the audits, but instead oversee other companies called certifying bodies that conduct the audits independently.

A GFSI audit follows the same basic pattern as a GMP audit in that you contact an approved certifying body, and then you agree to pay them to audit your GFSI documentation and your facility and business operation.

The GFSI rule books are very extensive, each containing close to 300 rules and requiring daily record keeping, weekly or monthly meetings between leadership and key members of the staff, as well as high level quality measurements and proof that your customers are satisfied with the products your company supplies. GFSI schemes such as SQF and BRC are accepted by all major food businesses and the rule books can be downloaded free of charge (except for FSSC 22000).

In order to pass a GFSI audit, you must have extensive documentation and recordkeeping to prove that your company is operating to meet each of the 300 GFSI rules.

Pathways To GFSI Certification
Businesses trying to keep up, to get ahead, or just to be the best company possible can do so by selecting the right GFSI scheme for their business and understanding how each GFSI scheme will impact their business.

SQF, BRC, FSSC 22000 and PrimusGFS are no longer acronyms that can be ignored if a business is looking to:

  • expand into new markets,
  • expand relationships with existing customers
  • or close new business

There is no easy pathway to GFSI certification, and each program requires a rigorous and strenuous effort by the operations, sanitation, food safety, quality control/assurance and maintenance teams to meet the GFSI requirements. Ownership and upper management must plan on direct participation and oversight of the GFSI program, and make a commitment to the highest level of food safety and quality for their business.

Because of the complexity and sheer amount of work it takes to become GFSI certified, many companies decide to hire food safety consultants such as Kellerman Consulting to assist in the process of becoming certified.

Working with a consultant can:

  • significantly decrease the amount of time it takes to write and implement the GFSI program
  • significantly increase your chances of passing a GFSI audit on the first try

Becoming GFSI certified is an investment you can’t afford to put off any longer.

Find out what some of Kellerman Consulting’s GFSI certified clients have said about their experience working with us.