WRITING PROCEDURES

Over the years, many have stated that “writing the procedures was the hardest part of implementation.” However, many of the same people realize that the suc- cess of the procedures is directly related to the fact that they are written by the people who are actually doing the job. Having associates within the same areas of responsibility team up and write procedures, work instructions, flow diagrams, etc., which reflect what they actually do, not only enhances the consistency of the process, but also results in a document that responsible associates understand because it was written by those who must use it. It was mentioned earlier that we must reduce variation and build consistency. What better documentation method is there than to build a team empowering those who know their work. The result is a document that is consistent and user friendly and accurately describes the must

do requirements.

The hardest part of the system implementation effort was getting everyone to agree on how we do something. It is amazing on how we think we do something the same and then putting it down in a procedure or work instruction identifies so many interest- ing variations. The most difficult aspect of maintaining the system after certification is

• Initially inexpensive • Labor intensive • Simple • Error prone

• Process is slow and can require considerable time to ensure manuals are kept current

FIGURE 6.3 Hard copy controlled documents.

Semiautomated (limited paper copies) (i.e., Excel spreadsheets—Access) document control process

• Better organization

• May or may not need organization’s computer management department (i.e., IT involved)

• Improved efficiencies • Decrease in number of errors

FIGURE 6.4 Combination (electronic and hard copies).

• Collaborative

• Systemized processes promote compliance • Reduced errors

• Replaces the manual activities

101

Document Control

remembering when you revise a procedure, that you need to look at all the other pro- cedures or documents that the revision might affect. (Charlie Stecher, an independent consultant and third party auditor, Anchar, Inc.)

Since we know that following food safety is an issue of quality, it is diminished by increased variation. The use of documentation reduces variation. Management must be a proponent of strong document control systems. During management review sessions, top management must be especially attentive to the document control related issues that are reported through internal or external audits. (Link 2008, pp. 13–14)

KEY POINTS

a. Requirements for document control must be defined in a procedure. b. Existing documents must be reviewed and, where necessary, revised to

ensure accuracy.

c. Associates must understand, be compliant with, and able to demonstrate familiarity with defined requirements.

d. Management must ensure that associates have ready access to documenta- tion related to their areas of responsibility.

e. External documents must be identified and controlled.

f. Software backup processes must be defined and supported by objective evi- dence (records).

g. The software backup process must be challenged to prove the effec-

tiveness of the process with records maintained to provide objective evidence.

h. Associates not responsible for the revision of a document must have read

only access.

i. Documentation revision must be controlled. For example, documents can be revised (changed and/or edited) by only the responsible department man- ager or the document control coordinator.

j. Control of documents and control of records are two different processes. Records are a specific kind of documentation.

k. An internal audit of the document control process must confirm that

• relevant versions of applicable documents are available at points of use.

• Obsolete documents are suitably identified and stored in a manner to

protect against unintended use.

• Any posted documents are properly identified and controlled in compli-

ance with the procedure for document control.

• External documents are identified in compliance with defined

requirements.

• Documents are legible, readily identifiable, and do not include any

handwritten changes.

• Document control, identified in existing or potential nonconformances

must be addressed in a timely manner based on the potential risk through the organization’s formalized corrective action and preventive action programs (Chapter 4).

COMMON FINDINGS/NONCONFORMANCES

a. It could not be confirmed that all processes had been evaluated to identify required food safety documents.

b. Although it was stated verbally that the document control process had been defined and implemented, through the review of process areas and inter- views with operators and document coordinators, it could not be confirmed that implementation was completed and that the system was in compliance with the defined requirements of the document control procedure and spe- cific management system standards.

c. Document review did not confirm that documentation had been reviewed for accuracy.

d. Requirements for back-up of the software program used for document con- trol were not defined.

e. Although it was stated that procedures and work instructions were main- tained on the database, associates could not demonstrate ability to access the related documents for their areas.

f. Several posted controlled documents were of a different version from that identified on the master list.

g. Several controlled documents had handwritten changes, which were not permitted according to work instruction DC-01 Rev.2.

h. Although the work instruction stated that handwritten changes were allowed by the person authorizing the document, the handwritten changes in several instances did not match the content of the master document.

i. Documentation stated that a master list of documents would be maintained in each department; however, several departments either did not have a master list or the list was outdated.

j. A master list of documents was being maintained in each department as required by Document Control Procedure DC-01 Rev. 2. The revision sta- tus and/or the distribution were not identified on the master list.

k. Evidence was not available to confirm that documents such as 21 CFR 110 and equipment manuals for the refractometer (referenced as required by the system) were being controlled as external documents.

l. An obsolete version of form PCF-02 Rev 2 was in use in the process areas.

m. Obsolete versions of controlled documents were referenced by operators in sev-

eral process areas.

n. It could not be confirmed through review of the documentation process that all documents required by the food safety management standard had been identified and were being controlled through a formalized process for document control. o. During the evaluation of the receiving department, there were several

uncontrolled food safety related forms in use.

p. During the evaluation of the mixing department, there were eight uncon- trolled documents posted on the bulletin board.

q. During the evaluation of the shipping department, four documents related to transport loading and inspection were not of the current version as stated on the master list of controlled documents.

103

Document Control

r. Documents referenced in the maintenance department but external to the system were not controlled. Through the interview process, an understanding of external documents and the requirements for identifying and controlling these in compli- ance with the procedure for document control could not be clearly demonstrated. s. A master list of documents was available; however, some information listed

was not current, nor did it match the electronic version, which was defined as the most current version.

t. Records were not available to confirm that the food safety team reviewed all proposed changes to specific (SOP) documents for food safety prior to implementation to determine their effects and impact on food safety. u. The document control procedure did not define the requirements for con-

trolled documents that were printed for use.

v. Records were not available to confirm that challenges of the electronic backup had been performed to confirm effectiveness as required by the document control procedure and also the record control procedure.

w. Statutory and regulatory requirements specific for this operation were not identified and controlled as external documents.

x. It could not be confirmed through the interview process that associates were familiar with related procedures and work instructions for their areas of responsibility.

y. Some controlled documents did not have identification and pagination, thus the complete hard copy document was not formally controlled (pages could be changed or removed inadvertently).

z. Procedure for performing management review meetings stated that its fre- quency was to be “randomly, on a periodic basis,” which did not reflect an actual defined frequency.

REFERENCES

Link, E. 2008. An Audit of the System, Not of the People: An ISO 22000:2005 Pocket Guide for Every Employee, Quality Pursuit, Inc., Fairport, NY.

Surak, J. 2001. International Organization for standardization ISO 9000 and related standards. In: Food Safety Handbook, Schmidt, R. and Rodrick, G. (eds.), Wiley-Interscience, Hoboken, NJ.

*Additional Food Safety Management System References (not all inclusive)

FSSC 22000:2010

ISO 22000:2005 Sections 4.2, 4.2.2 SQF 7th Edition: Section 2.2

BRC Issue 6: Sections 2.13, 3.2 IFS Version 6: 2.1.1

*Note: Always review the standard or visit the website for your chosen standard to ensure that all related requirements are identified and addressed.

105

7

Record Control

The identification and maintenance of records to demonstrate compliance to defined requirements and the effective operation of the food safety management system (FSMS) are critical. Records that must be identified and maintained are required by the

a. Specific standard of choice

b. Organization’s (specific site and corporate) defined procedures

c. Regulatory and statutory requirements including federal, state, and county d. Customers

When defining the system, it is best to first review the standard closely and ensure that everywhere the word record is stated that this record either exists or is created within the system. After this is completed, identification of any additional required records, under the guidelines mentioned earlier, must be completed. It has been found to be most effective if responsible department managers, teams, or designees identify the records that they must maintain in order to demonstrate compliance and/or confirm the effectiveness of a process or activity.

The following is a summary of records that, at a minimum, must be formally maintained. However, keep in mind that required records may vary between standards:

• Internal audit reports • Internal audit schedule

• Management review meeting minutes • Training records

• Supplier management, approval, and evaluation • External and internal communication

• PRP verification

• Required Hazard Analysis and Critical Control Point (HACCP) program records such as those related to critical control points, etc.

• Verified flow diagrams

• Pest control and other specific PRP records • Individual verification results

• Analysis of results of verification activities • Corrective action and preventive action

• Change management

• Control of nonconforming product • Receiving, storage, and shipping records

• Lot traceability and recall (including mock recalls) • Crisis management

• Food safety team meeting minutes

• HACCP team meeting minutes (if specific HACCP teams exist)

• Others, depending on the specific standard, legal requirements, and organi- zation’s specific defined requirements