Certification Technical Standard Organization https://www.sqfi.com SQF Institute Safe Quality Food Institute SQFI https://www.sqfi.com https://sqfi.com/ https://www.facebook.com/SQFInstitute https://x.com/sqfi https://www.linkedin.com/company/sqf-institute/ https://www.linkedin.com/company/1268046 https://www.youtube.com/channel/UC39i4KZQ7BhAg0SzuEuAVTQ https://sqfi.compliancemetrix.com/rql/g/Public_Directory ImageObject https://www.sqfi.com/images/sqfilibraries/theme/sqfilogo.svg 2026-05-18T12:00:00Z SQF Code: Agent and Brokers, Edition 9 The Agents and Brokers Code applies to entities that source food and non-food products across domestic and import channels, and that procure and facilitate trade in accordance with supplier and buyer specifications. https://www.sqfi.com/images/sqfilibraries/document-covers/sqf-code-agent-and-brokers.png?sfvrsn=558690c_1 DefinedTerm FSC 35 - Agents and Brokers, Edition 9 Applies to entities that source all types of food and non-food (merchandise) products through domestic and import channels; procuring and facilitating trade according to supplier and/or buyer specifications. The broker/agent acts as a link between the producer/manufacturer and the buyer. In some instances, a broker/agent may never see or handle the product. Example of Service: Includes the buying and selling, and the facilitation of trade, of food, feed, and/or packaging products, and non-food merchandising, excluding the production, storage, and any physical handling of the product. DefinedTermSet Food Sector Categories DefinedTermSet Part A: Implementing and Maintaining the SQF Code - Agents and Brokers, Edition 9 DefinedTerm A1 The Safe Quality Food Institute (SQFI) publishes a suite of globally recognized product and service safety and quality codes that cover all aspects of the supply chain from primary production through to retail and foodservice. All standards are available free of charge at www.sqfi.com.Before embarking on the SQF journey, organizations are encouraged to download and review the SQF code that best fits their needs. DefinedTerm A2 Steps to Achieving SQF Certification (steps 1-10) DefinedTerm A2 Part A (this part) sets out the steps you need to take to implement and maintain certification to the SQF Code for Agents and Brokers.Part B is the auditable standard. It details the SQF System elements that must be met (module 2).If you are in an organization management or technical role and are responsible for implementing the requirements of the relevant SQF Code, you can learn how to get started and implement your SQF System in several ways.SQFI has an online Implementing SQF Systems training course, which can be accessed from www.sqfi.com. It is a web-based education tool where you can enroll and complete SQF Systems training in your own time and at your own pace.An Implementing SQF Systems training course is available through the SQFI network of licensed training centers. Details about the training centers and the countries in which they operate are available at www.sqfi.com.Although training is recommended, you can train yourself by downloading the relevant SQF Code from www.sqfi.com free of charge and applying it to your industry sector, site, processes, or service.Your management may choose to utilize the services of a registered SQF consultant. All SQF consultants are registered by SQFI to work in specific food sector categories (FSCs) and are issued with a digital identification card indicating the FSCs in which they are registered. The criteria outlining the requirements necessary to qualify as an SQF consultant and the application forms are available at www.sqfi.com. The SQF Consultant Code of Conduct outlines the practices expected of SQF consultants.Guidance documents are available for some SQF Codes and FSCs from www.sqfi.com. These documents can help you interpret the requirements of the SQF Codes and assist with documenting and implementing an SQF System. The documents are developed with the assistance of technical experts. The guidance documents are available to assist you, but are not auditable documents. Where there is a divergence between the guidance document and the relevant, the SQF Code prevails. DefinedTerm A2:1 The steps in achieving SQF certification are as follows:Step 1: Register on the SQFI Assessment DatabaseStep 2: Designate an SQF Practitioner2.1. Training (optional)Step 3: Determine the Scope of Certification3.1. ExemptionsStep 4: Document your SQF System4.1. Applicable Elements4.2. Mandatory ElementsStep 5: Implement your SQF SystemStep 6: Pre-assessment Audit (optional)Step 7: Select a Certification Body7.1. Select the SQF AuditorStep 8: The initial Certification Audit8.1. Audit Duration8.2. Corporate Audits8.3. Seasonal ProductionStep 9: Audit Reporting and Closeout9.1. Non-conformances9.2 Audit Score9.3 Reviewed Audit ReportsStep 10: Granting Certification10.1 Certificate Issue10.2 Failure to Comply10.3 Appeals and Complaints DefinedTerm A2:2 Step 1: Register on the SQFI Assessment DatabaseTo be considered for SQF certification, you are required to register your organization on the SQFI assessment database. The database can be accessed at www.sqfi.com.There is a fee for each organization, payable at registration and annual renewal. The scale of registration fees are posted on www.sqfi.com. You need to register your organization with SQFI prior to the start of the initial certification audit and remain registered at all times to retain your certification. If you do not maintain registration, the certificate will be invalid until the organization is properly registered on the SQFI assessment database. DefinedTerm A2:3 Step 2: Designate an SQF PractitionerThe SQF Code requires that every certified organization has a suitably qualified SQF practitioner to oversee the development, implementation, review, and maintenance of the SQF System, including the system elements, and product safety plans. The requirements for an SQF practitioner are described in the system elements, Part B: 2.1 Management Commitment. You are required to have a substitute practitioner in addition to the primary practitioner.You may also choose to have more than one primary SQF practitioner to meet shift and operational requirements.An alternative staff member should also be identified to manage the SQF System in the absence of the designated SQF practitioner. DefinedTerm A2:4 Step 2.1: TrainingAn Implementing SQF Systems training course is available online and through the SQFI network of licensed training centers. SQF practitioners who are responsible for designing, implementing, and maintaining the requirements of the SQF Code: Agents and Brokers are encouraged to participate in a training course. The “Implementing SQF Systems” training course is not mandatory for SQF practitioners but is strongly recommended.Details of the training courses are available at www.sqfi.com.SQF practitioners are required to successfully complete HACCP training when supplying food, food packaging or pet food that is provided by a recognized training institution and assessed.SQF practitioners are required to successfully complete Risk Management training when buying, selling, or facilitating trade for general merchandise that is provided by a recognized training institution and is assessed.Training in other industry disciplines, Good Industry Practices (GIP), and Internal Auditing may also be beneficial, and licensed SQF training centers can provide details about the other training courses they provide. DefinedTerm A2:5 Step 3: Determine the Scope of CertificationBefore implementing the SQF Code, you must decide the scope of certification – in other words, the food sector categories, services, products, and processes to be included in your SQF System.The scope of certification determines which elements of the SQF Code: Agents and Brokers are to be documented and implemented and will be audited by the certification body. The scope needs to be agreed upon between your organization and the certification body before the initial certification audit and cannot be changed during or immediately following a certification or re-certification audit.The scope of certification specifies:The organization. SQF certification is organization specific. The entire organization, including all virtual locations, can be included in the scope of certification.If activities are carried out in different premises but are overseen by the same senior, operational, and technical management and are covered by the one SQF System, the organization can be expanded to include those premises.Food sector categories (FSCs). SQFI has a list of food sector categories to classify product groups and ensure that the auditor who audits your organization has the requisite knowledge and skills. The SQF food sector categories, or FSCs, are aligned with GFSI industry sectors. A full list of food sector categories for all SQF Codes is provided in SQF Food Sector Categories.The service. SQF certification is service specific. Within each applicable food sector category, you need to identify the service(s) that are included in your SQF System. The buying, selling, or facilitation of trade of the service with all listed products will be audited for compliance to SQF and will be listed on the certificate of compliance unless you request an exemption (refer to Part A step 3.1).For requirements on changing the scope of certification, refer to Part A step 15.2. DefinedTerm A2:6 Step 3.1: ExemptionsIf you wish to exempt any service, the request for exemption needs to be submitted to the certification body in writing prior to the certification audit, detailing the reason for exemption.If approved by the certification body, exemptions are listed in the organization description in the SQFI assessment database and in audit reports. However, all parts of the organization that are involved with the buying, selling, and facilitation of trade included in the scope cannot be exempted.Exempted products and parts of the organization cannot be promoted as being covered by the certification. Instances where the promotion of exempted services, products, or areas of the organization are identified and substantiated (either through the regular audit or by other means) will result in the immediate withdrawal of the SQF certification.You need to demonstrate that exempted parts of the organization, services, or products do not put certificated products at risk. DefinedTerm A2:7 Step 4: Document Your SQF SystemTo achieve SQF certification, you need to document and implement the system elements (module 2) of the SQF Code. This is a two-stage process:First, you need to prepare the policies, procedures, work instructions, and specifications that meet the system elements of the SQF Code. In other words, “Say what you do.” DefinedTerm A2:8 Step 4.1: Applicable ElementsThe auditable requirements of the SQF Code are described in the following hierarchy:Module, Module 2 (system elements)Section, e.g., 2.1, 2.2, 2.3, etc.Clause, e.g., 2.1.1, 2.1.2, 2.1.3, etc.Element, e.g., 2.1.1.1. 2.1.1.2, 2.1.1.3, etc.The applicable elements are the elements of the relevant SQF Code that must be documented and implemented to assure the safety of services within the scope of certification. Not all elements are applicable. There may be some sections or clauses that do not apply to your organization (e.g., 2.3.3 Supplier Agreements would not be applicable if the Agent/Broker does not require supplier agreements).Where an element is not applicable and this can be appropriately justified, it is stated as “not applicable” or “N/A” by the SQF auditor in the audit report. DefinedTerm A2:9 Step 4.2: Mandatory ClausesMandatory clauses are requirements within module 2 – system elements that must be documented, implemented, and audited for an organization to achieve SQF certification; system elements that cannot be exempted during a certification or re-certification audit.Mandatory elements cannot be reported as “not applicable” or “exempt” and must be audited and compliance/non-compliance reported.Mandatory elements are designated with “Mandatory” in the system elements in the SQF Code. They are:2.1.1 Management Responsibility2.1.2 Management Review2.1.3 Complaint Management2.2.1 Product Safety Management System2.2.2 Document Control2.2.3 Records2.3.1 Sourcing and Development2.3.2 Specifications2.3.4 Approved Supplier Program2.4.1 Product Legislation2.4.3 Product Safety Plan2.4.5 Non-conforming Products or Service2.4.6 Product Release2.5.1 Validation and Effectiveness2.5.2 Verification Activities2.5.3 Corrections, and Corrective and Preventative Action2.5.4 Internal Audits2.6.1 Product Identification2.6.2 Product Trace2.6.3 Product Withdrawal and Recall2.7.1 Product Defense2.7.2 Product Fraud2.8.1 Training Program DefinedTerm A2:10 Step 5: Implement Your SQF SystemOnce you are satisfied that the policies, procedures, work instructions, specifications, and other related documents and records are in place to meet the SQF requirements, you need to make sure that all documents are being followed and records are being kept demonstrating compliance to the relevant modules of the SQF Code.In other words, “Do what you say.”SQFI recommends that a minimum of ninety (90) days of records is available before an audit is conducted. DefinedTerm A2:11 Step 6: Pre-assessment Audit (optional)A pre-assessment audit is not mandatory but is suggested as a way to provide a “health check” of the organization's implemented SQF System. A pre-assessment audit may include an on-site or off-site review of your documentation and can assist in identifying gaps in your organization's SQF System so that corrective action can occur before engaging the selected certification body for a full certification audit.The pre-assessment audit can be conducted using a variety of means, such as internal resources, a registered SQF consultant, or a registered SQF auditor. DefinedTerm A2:12 Step 7: Select a Certification BodyCertification bodies are licensed by SQFI to conduct SQF audits and issue SQF certificates. SQFI-licensed certification bodies are accredited to the international standard ISO/IEC 17065:2012 (or subsequent versions as applicable) and are subject to annual assessments of their certification activities by SQFI-licensed accreditation bodies.Your organization needs to have an agreement with a certification body in place at all times, which outlines the agreed SQF certification services to be provided. At a minimum, these include:The scope of certification (refer to step 3) including any approved exemptions;The expected audit duration and the reporting requirements;The certification body’s fees structure, including audit costs, travel time and expenses, report writing, ancillary costs, and costs for close-out of non-conformances;The conditions under which the SQF certificate is issued, withdrawn; or suspended;The certification body’s appeals and complaints process, andThe availability of auditor(s) for the organization's FSC(s).A list of licensed certification bodies that operate in your region or country is available at www.sqfi.com. Certification bodies are also listed in the SQFI assessment database, and you can request a quote or select a certification body online once you have registered (refer to Part A, step 1). DefinedTerm A2:13 Step 7.1: The SQF AuditorThe SQF auditor is selected by the certification body. The auditor is required to be employed by or contracted to the certification body and registered with SQFI for the same food sector category(ies) as the organization's scope of certification (refer to Part A, step 3). In the event the SQF auditor does not have the required food sector category(ies), a technical expert may be used to assist the registered SQF auditor (refer to Part A, 15.7).The certification body is required to ensure that no SQF auditor conducts audits of the same organization for more than three (3) consecutive certification cycles.The certification body has to advise you of the name of the SQF auditor at the time that the SQF audit is scheduled (except for unannounced audits). You can check the registration and food sector category(ies) of the SQF auditor at www.sqfi.com.An SQF auditor cannot audit an organization where he/she has participated in a consulting role or has a conflict of interest with anyone at the organization within the last two (2) years. You can refuse the service of an SQF auditor if you think the auditor has a conflict of interest, or for other valid reasons. In such circumstances, you need to outline the reasons in writing to the certification body. DefinedTerm A2:14 Step 8: The Initial Certification AuditAn SQF audit of the SQF Code is an assessment by a qualified and registered SQF auditor (or audit team) to ensure that your documentation (refer to step 4) complies with the SQF Code and that your product safety and management activities are carried out according to your documented policies, procedures, and specifications. A full definition of the SQF audit is in the Glossary.Once the audit scope (refer to step 3) is agreed with your certification body, it cannot be changed after the audit has started.The initial certification audit is conducted by the SQF auditor(s) appointed by the certification body. The audit can be conducted fully onsite, fully remote using information and communication technology (ICT), or a combination of on-site and remote. DefinedTerm A2:15 Step 8.1: Audit DurationThe audit duration is the expected total time that is required for the SQF auditor to complete the assessment of the SQF System. It may or may not include the time necessary for report writing. You should confirm with your certification body the fees for the audit, including report writing time.The minimum duration for a certification or re-certification audit depends on the scope of the certification and includes both remote and on-site activities (refer to step 8). At a minimum, the audit duration should be at least one-half (1/2) day.The audit duration is calculated by the certification body based on the size of the facility, the number of employees, the complexity of your processes, and the operational risks. The certification body will discuss and agree on the audit duration with you to ensure complete coverage of your SQF System.Factors that can impact the audit duration include:The scope of the audit;The size of the organization, services and products traded;The number and complexity of services, product lines and the overall process;The complexity of the SQF System design and documentation;The level of mechanization and labor intensiveness; andThe ease of communication with company personnel (e.g., different languages spoken within the organization).The certification body is required to document the justification for the audit duration in their agreement with you. DefinedTerm A2:16 Step 8.2: Corporate AuditsIf your organization is part of a larger corporation and some organizational functions are conducted at a corporate head office (i.e., an office that does not service, process or trade products), an optional corporate audit of the Code elements managed by that office can be conducted by the certification body. This part of the assessment may also be conducted remotely using ICT.The decision on whether a separate corporate audit should be conducted is made by agreement between the certification body and the corporation and communicated by the corporate office to SQF-certified organizations managed by the corporate office.When a corporate audit is conducted, the audit evidence shall be reviewed and all identified corporate non-conformances must be closed out before the audits are conducted. Any open non-conformances that, are not closed out, are attributed to the organization or organizations.The SQF auditor audits the application of the corporate functions relative to the organization's scope of certification during the audit of each organization managed by the corporate office. All mandatory and applicable elements of the relevant SQF Food Safety Code are audited at each organization regardless of the findings of the corporate audit. DefinedTerm A2:17 Step 8.3: Seasonal ProductionIf your business is involved in seasonal production (i.e., the major production activities are conducted over a shorter time duration that does not exceed more than five consecutive months in any calendar year), your initial certification audit will need to be conducted during the peak operational part of the season (i.e., when your processes are operating and you are managing your largest commodity).If you are seeking to include services from more than one season within your scope of certification, you need to agree with the certification body that it will conduct the initial certification audit during the highest risk and/or highest volume production operation.Documentation and records for other seasonal services are reviewed as part of the certification audit.Re-certification audits in subsequent years should be scheduled during other times so that all services within the scope of certification have been audited within at least three years. DefinedTerm A2:18 Step 9: Audit Reporting and Close-outThe SQF auditor(s) reviews your documentation and the effective implementation of your documented policies, procedures, and specifications. The auditor(s) collects evidence of compliance or non-compliance against all mandatory and applicable elements of the SQF code by reviewing documentation and records, interviews with key staff, and observation of operational activities. DefinedTerm A2:19 Step 9.1: Non-conformancesWhere the SQF auditor(s) find non-conformances from the requirements of relevant modules of the SQF Code, the SQF auditor(s) advises you of the number, description, and extent of the non-conformances. Non-conformances are also referred to as non-conformities.Non-conformances against the SQF Code are graded as follows:A minor non-conformance is evidence of a random or infrequent failure to maintain compliance with a requirement, but does not indicate a breakdown in the safety management system or that product safety is compromised. It is evidence of an incomplete or inappropriate implementation of SQF requirements, which, if not corrected, could lead to system element breakdown.A major non-conformance is a failure of a system element, a systemic breakdown in the safety management system, a serious deviation from the requirements, and/or absence of evidence demonstrating compliance to an applicable system element. It is evidence of a product safety risk to services included in the scope of certification.A critical non-conformance is a breakdown of control(s) at a critical control point, risk mitigation step, a prerequisite program, or other process steps and judged likely to cause a significant public health risk and/or product contamination.A critical non-conformance is also raised if the certification body deems that there is systemic falsification of records relating to the SQF System.If the SQF auditor considers that a critical non-conformance exists during a certification audit, the SQF auditor is required to immediately advise you and notify the certification body.A critical non-conformance raised at an initial certification audit results in an automatic failure of the audit, and your organization is required to re-apply for certification (refer to step 10.2.). DefinedTerm A2:20 Step 9.2: Audit ScoreBased on the evidence collected by the SQF auditor, each applicable clause of the SQF certification audit is automatically scored in the audit report.The score is based on the following factors:0 - aspect meets the criteria1 - aspect does not meet the criteria due to minor variations (minor non-conformance)5 - aspect does not meet the criteria (major non-conformance)50 - aspect does not meet the criteria (critical non-conformance)A single rating is calculated for your audit as (100 – N) where N is the sum of the individual rating criteria allocated. The rating provides an indication of the overall condition of your organization against the SQF Code: Agents and Brokers and provides a guideline on the required level of surveillance by the certification body. The audit frequency at each rating level is indicated as follows:96-100: E-Excellent; Certificate Issued; 12 monthly recertification audit86-95: G-Good; Certificate issued; 12 monthly recertification audit70-85: C-Complies; Certificate issued; 6 monthly surveillance audit0-69: F-Fails to comply; No certificate issued; Considered to have failed the SQF audit DefinedTerm A2:21 Step 9.3: Reviewed Audit ReportSQFI provides the certification body with the electronic audit checklist to be used by SQF auditors when conducting your SQF audit. It is available on the SQFI assessment database and is customized by the SQF industry sector. The checklist used for your audit is specific to your organization.The SQF checklist is designed to ensure the uniform application of SQF audit requirements. It is used by SQF auditors to record their findings and determine the extent to which your operations comply with SQF requirements.The audit report is in draft form and the audit evidence is only recommended until technically reviewed and approved by the authorized person of the certification body.SQFI requires that:The auditor must report (compliant/non-compliant) on all mandatory elements (refer to step 4.2) for the SQF audit report to be submitted.Non-conformances (refer to step 9.1) identified during the audit need to be accurately described in the SQF audit report and include the element of the SQF Code: Agents and Brokers and the reason for the non-conformance.The SQF auditor is required to report all non-conformances to you before the close of the audit.The draft audit report is completed by the SQF auditor and provided to the certification body for technical review.The certification body reviews and approves the audit evidence record and makes it available to you within ten (10) calendar days from the last day of the audit. DefinedTerm A2:22 Step 9.4: Corrective ActionsYou need to take appropriate corrective action for every non-conformance identified by the SQF auditor. Corrective action is the action you take to eliminate the cause of a detected non-conformance to prevent its recurrence (a full definition is in the Glossary).Evidence of your corrective actions is required to be sent to the SQF auditor so that it can be verified and closed out within thirty (30) calendar days of the completion of your audit.If you fail to submit corrective actions, or the SQF auditor does not verify your corrective actions within thirty days, the certification body is unable to certify your organization, and you are required to re-apply for certification (refer to step 10.2).Minor non-conformances (refer to step 9.1) are required to be closed out in the SQFI assessment database within thirty (30) calendar days of the completion of the organization audit. The certification body can grant additional time for close-out where there is no immediate threat to product safety and alternative temporary methods of control are initiated. Your organization is advised of the extended time frame.Where additional time is granted, the non-conformance is still closed out in the SQFI assessment database and the SQF food safety auditor documents all details of justification of the extension, how the risk is being controlled, and the agreed completion date.A documented root cause analysis is required as part of the corrective action evidence for every minor non-conformance.Major non-conformances (refer to step 9.1) are also required to be closed out in the SQFI assessment database within thirty (30) calendar days of the completion of the organization audit. A documented root cause analysis is required as part of the corrective action evidence for every major non-conformance.If the corrective action involves structural change or cannot be corrected due to seasonal conditions or installation lead times, additional time can be granted provided the corrective action time frame is acceptable to the certification body and temporary action is taken by your organization to mitigate the risk to product safety.In such cases, the non-conformance is closed out and the SQF food safety auditor documents all details of justification of the extension, how the risk is being controlled, and the agreed completion date. DefinedTerm A2:23 Step 10: Granting CertificationThe certification body makes the certification decision based on the evidence of compliance and non-compliance recommended by the SQF auditor during the SQF audit. Although SQFI provides guidance on certification, the certification body is responsible for deciding if certification is justified and granted, based on the objective evidence provided by the SQF auditor.Any certification decisions that are made outside the scope of this clause require the certification body to provide written justification to SQFI.The final audit report with completed and approved corrective actions is made available to the organization before the final certification decision is made. The SQF audit report is the property of the organization and cannot be distributed to other parties without your organization's permission.Certification of the SQF System is awarded to organizations that achieve a “C - complies” audit rating or greater with no outstanding non-conformances. Your certification body makes the certification decision no more than forty-five (45) calendar days from the last day of the audit. Once SQF certification is granted, SQFI issues a unique SQFI Identification Number (SIN), which is specific to that organization. DefinedTerm A2:24 Step 10.1: Certificate IssueWithin ten (10) calendar days of granting certification, the certification body provides you with an electronic and/or hard copy of your certificate. The certificate is valid for seventy- five (75) days beyond the anniversary of the initial certification audit date.The certificate remains the property of the certification body and can be in a form approved by SQFI but it must include the following information:The name and address of your organization as listed on the SQFI assessment database;The name, address, and logo of the certification body;The logo of the accreditation body and the certification body’s accreditation number;The heading “certificate”;The phrase “(organization name) is registered as meeting the requirements of the relevant SQF Code";The scope of registration – food sector category (ies) and services;Dates of audit (last day), date of next re-certification audit, date of certification decision, and date of certificate expiry;Indication of unannounced re-certification audit (where applicable);Signatures of the authorized officer and issuing officer of the certification body; andThe SQF logo.Certified organization information is posted on www.sqfi.com.Certificates are published in English. However, certified organizations in non-English-speaking countries may require a certificate in a local language. SQFI allows the certification body to issue local language certificates on request as long as:The certificate information listed above is included;The certification body has a protocol in place for translation and can verify the translation; andAn English and a translated copy of the certificate are uploaded to the SQFI assessment database and the accreditation body register. DefinedTerm A2:25 Step 10.2: Failure to ComplyIf your organization receives an “F – Fails to comply” rating at an initial certification audit or fails to correct identified non-conformances within the required time frame (refer to step 9.4), your organization is considered to have failed the SQF audit and must then re-apply for another certification audit. DefinedTerm A2:26 Step 10.3: Appeals and ComplaintsYour certification body needs to provide you with its documented procedure for handling and resolving appeals and complaints made by your organization or by another party about your organization.Appeals. If you have reason to appeal a decision made by your SQF auditor as a result of an audit or a decision taken by your certification body regarding your certification, you are required to lodge that appeal with your certification body. Your certification body is required to investigate and resolve this matter without delay and keep a record of all appeals and their resolution.If the appeal cannot be satisfactorily resolved by the certification body, the matter is to be referred to SQFI via email to compliance@sqfi.com; however, this is only after the matter has been referred to the certification body and not satisfactorily resolved.Appeals regarding decisions on the suspension and/or withdrawal of the SQF certification by a certification body do not delay the decision to suspend or withdraw the certification.Complaints about the conduct or behavior of an SQF-registered auditor or other certification body personnel are to be lodged with the certification body, which is required to investigate and resolve the complaint without delay and keep a record of the resolution.If the certification body receives a complaint about your organization from other parties, the certification body is required to investigate and resolve the matter without delay and keep a record of the resolution.If upon the investigation of a complaint, it is determined that there has been a substantiated breakdown of your organization's SQF System or any other condition not in compliance with the relevant SQF Code and/or other supporting documents, the certification body is required to suspend certification as outlined in step 14.Complaints about SQFI, the SQF Codes, the SQFI assessment database, SQF training centers, and SQF professionals and unresolved complaints lodged with certification bodies can be referred to SQFI via email to compliance@sqfi.com. DefinedTerm A3 Maintaining Your SQF Certification (steps 11 - 15) DefinedTerm A3:1 Step 11: Re-certificationTo maintain your certification to the SQF, your organization is required to attain a “C - complies” audit rating or greater at your certification and re-certification audits, ensure that surveillance and/or re-certification audits occur within the required time frame, ensure that no critical non-conformances are raised at surveillance or re-certification audits, and that all major and minor non-conformances are corrected within the time frame specified. DefinedTerm A3:2 Step 11.1: Re-certification AuditsYour organization's re-certification audit is conducted within thirty (30) calendar days either side of the anniversary of the last day of the initial certification audit. It is conducted to verify the continued effectiveness of the SQF System.As per the initial certification audit, the re-certification audit may be conducted fully onsite, fully remote using information and communication technology (ICT), or a combination of onsite and remote. Remote activities can only be conducted by agreement with your certification body and are dependent on your ICT capability and information security requirements.The re-certification audit score is calculated in the same way as the initial certification audit, and the same rating system is applied (refer to step 9.2).The purpose of the re-certification audit is to:Verify the continued efficacy of corrections and corrective actions closed out at your previous audits;Verify that your SQF System continues to be implemented as documented;Verify that your internal audits, annual reviews of the crisis and food defense plans and recall system, and management reviews have been effectively completed;Verify that corrective and preventative actions have been taken on all non-conformities;Ensure you have taken appropriate action where changes to your operations have been made that impact the SQF System;Verify all critical steps and the effective interactions among all elements of your SQF System remain under control;Verify the overall effectiveness of the SQF System in its entirety in light of changes within your operations;Verify that you continue to demonstrate a commitment to maintaining the effectiveness of your SQF System and to meeting regulatory and customer requirements; andEnsure contribution to the continued improvement of the SQF System and business operation. DefinedTerm A3:3 Step 11.2: Variations from the Initial Certification ProcessThe requirements for the re-certification audit are the same as those described in step 8 for the initial certification audit, with the following exceptions:If your organization fails to permit the re-certification audit within the agreed time frame, the certification body is required to immediately suspend your certificate.If your organization receives an “F – fails to comply” rating at the re-certification audit, the certification body is required to immediately suspend your certificate.If your organization fails to closeout non-conformities within thirty (30) days, the certification body is required to immediately suspend your organization's certificate.Refer to step 15.1 for temporary or permanent changes of re-certification audit dates and certificate extensions. DefinedTerm A3:4 Step 11.3: Re-certification Audits – Seasonal OperationsThe re-certification audit of seasonal operations follows the requirements of step 11.1. However, where there is a significant change in seasonal operations, whereby your re-certification audit’s sixty (60) day window cannot be met, you can agree with your certification body to temporarily reset your re-certification audit date so that it falls during the peak operational part of the season.If you wish to permanently change the re-certification audit date due to seasonal conditions, the request must be made in writing to SQF Compliance. DefinedTerm A3:5 Step 11.4: Unannounced AuditsYou may elect to incorporate unannounced audits when scheduling audits. Please contact your certification body to determine how and if this would occur. If annual unannounced re-certification audits are conducted at your organization, then the protocol outlined for the unannounced audit requirement is to be followed for each audit.Organizations with annual unannounced re-certification audits are recognized on the SQF certificate as an “SQFI Select Site.” DefinedTerm A3:6 Step 12: Surveillance AuditsA surveillance audit is conducted if your organization attains a “C - complies” rating at a certification audit or a “C - complies” or "F-fails to comply" rating at a recertification audit. If the surveillance audit is a result of a "F-fails to comply" rating it will be unannounced.The surveillance audit is conducted within thirty (30) calendar days on either side of the six (6) month anniversary of the last day of the last certification or re-certification audit.A new score and rating are issued at the surveillance audit, but the organization's re-certification audit date is not affected.The surveillance audit is a full SQF System audit. In particular, the surveillance audit is intended to:Verify the continued efficacy of corrections and corrective actions closed out at your previous audits;Verify that your SQF System continues to be implemented as documented;Verify you have taken appropriate action where changes to your operations have been made that impact on the organization's SQF System;Confirm continued compliance with the requirements of the SQF Code;Verify all critical steps remain under control; andContribute to continued improvement of your organization's SQF System and business operation.Major or minor non-conformities raised at the surveillance audit are required to be closed out, as indicated in Part A, step 9.4. DefinedTerm A3:7 Step 12.1: Surveillance Audit – Seasonal OperationsSeasonal operations occur at where the major operational activities are conducted over a shorter time duration that does not exceed more than five consecutive months in any calendar year.Seasonal operations that attain a “C - complies” rating at a certification audit or a “C - complies” or "F-fails to comply" rating at a recertification audit are required to have a surveillance audit.Where the surveillance audit date falls within the operational season, your surveillance audit is required within thirty (30) days either side of the six (6) month anniversary of the last day of the previous certification or re-certification audit.If the due date of your surveillance audit falls outside the operational season, then the certification body is required to conduct a pre-operational audit no less than thirty (30) days prior to the next season. The pre-operational audit comprises a full review of corrective actions from the last audit and preparedness for the next re-certification audit. DefinedTerm A3:8 Step 13: Suspending CertificationThe certification body is required to suspend your SQF certificate if the organization:Fails to permit the re-certification or surveillance audit within the audit window;Fails to take corrective action within the time frame specified in step 9.4; orReceives an “F – fails to comply” rating at a surveillance or re-certification audit.The certification body may also suspend certification, if in their opinion, the organization fails to maintain the requirements of the SQF Code. DefinedTerm A3:9 Step 13.1: Reporting SuspensionIf your organization's certificate is suspended, the certification body immediately amends the organization's details in the SQFI assessment database to “suspended” status, indicating the reason for the suspension and the effective date. The certification body also:Informs your organization in writing of the reasons for the action taken and the effective date. Acknowledgment of receipt of the suspension notification is required; andNotifies SQFI about the suspension.If your organization's SQF certificate is suspended, your organization cannot represent itself as holding an SQF certificate for the duration of the suspension.Appeals regarding decisions on the suspension and/or withdrawal of your SQF certification by a certification body shall not delay the decision to suspend or withdraw the certification (refer to step 10.3).The following action is required, dependent on the reason for suspension: DefinedTerm A3:10 i. Reporting suspension in the event the organization does not permit the audit to occur.IF: Your organization does not permit the re-certification or surveillance audit to occur within the audit window:THEN: The certification body requests that within forty-eight (48) hours of receiving notice of the suspension you provide a plan detailing the justification for the delay and the time table for the rescheduled audit (must be no more than thirty (30) days from the audit window).The certification body conducts an announced re-certification or surveillance audit (as applicable) within thirty (30) calendar days of receiving your corrective action plan.If your organization successfully completes the SQF audit with an E, G, or C rating, the certification body reinstates your status on the SQFI assessment database and provides you with written notice that your certificate is no longer suspended.Regardless of the rating and because the organization failed to permit the re-certification audit in the designated time frame, the certification body conducts an additional unannounced surveillance audit no more than six (6) months after the suspension to verify continued compliance with the SQF Code. DefinedTerm A3:11 ii. Reporting suspension in the event the organization fails to take corrective action.IF: Your organization does not take corrective action within the time frame specified:THEN: The certification body requests that within forty-eight (48) hours of receiving notice of the suspension you provide a detailed plan outlining the corrective actions to be taken to resolve the outstanding non-conformances.The certification body verifies that the corrective action plan has been implemented within thirty (30) calendar days of receiving your corrective action plan.When the corrective action plan has been successfully implemented, the certification body reinstates your status on the SQFI assessment database and provides you with written notice that your certificate is no longer suspended. DefinedTerm A3:12 iii. Reporting suspension in the event the organization receives an “F – fails to comply” rating at a surveillance or re- certification audit.IF: Your organization receives an “F – fails to comply” rating at a surveillance or re- certification audit:THEN: The certification body requests that within forty-eight (48) hours of receiving notice of the suspension you provide a detailed plan outlining the corrective actions to be taken to resolve the outstanding non-conformances.The certification body verifies that the corrective actions have been implemented within sixty (60) calendar days of receiving your corrective action plan.When the corrective action plan has been successfully implemented, the certification body reinstates your status on the SQFI assessment database and provides you with written notice that your certificate is no longer suspended.If the suspension is the result of a re-certification audit, the certification body conducts an unannounced surveillance audit no more than six (6) months after the suspension to verify the effective implementation of the corrective action plan. DefinedTerm A3:13 iv. Reporting suspension in the event the organization fails to maintain the requirements of the SQF Code for Agents and Brokers.IF: Your organization does not maintain the requirements of the SQF Code for Agents and Brokers:THEN: The certification body requests that within forty-eight (48) hours of receiving notice of the suspension you provide a detailed plan outlining the corrective actions to be taken regarding the failure to maintain the SQF Code.The certification body verifies the corrective actions have been implemented within thirty (30) calendar days of receiving your corrective action plan.When the corrective action plan has been successfully implemented, the certification body re-instates your status on the SQFI assessment database and provides you with written notice that your certificate is no longer suspended. DefinedTerm A3:14 Step 14: Withdrawing CertificationThe certification body withdraws the certificate if your organization:Has been placed under suspension and fails to follow the suspension protocol, as defined by the certification body in your notice of suspension;Fails to take approved corrective action within the time frames specified, as determined by the certification body (refer to step 13.1);Has intentionally and systemically falsified its records;Fails to maintain the integrity of the SQF certificate; orIf your organization certificate is withdrawn, the certification body immediately amends your organization details on the SQFI assessment database to a “withdrawn” status, indicating the reason for the withdrawal and the effective date. The certification body also:Informs you in writing that the SQF certificate has been withdrawn, the reason for such action, and the effective date. Acknowledgment of receipt of the withdrawal notification is required;Notifies SQFI about the withdrawal; andInstructs you to return the certificate within thirty (30) days of notification.If your certificate is withdrawn, you are not permitted to re-apply for certification for twelve(12) months from the date the certificate was withdrawn by the certification body. The withdrawn organization is posted on www.sqfi.com for twelve (12) months. DefinedTerm A3:15 Step 15: Changes to Site SQF RequirementsThe SQF Code enables you to change your requirements based on your changing business arrangements. These include changes and additions in services scope, changing your certification body, organization relocation, and changes in business ownership.If your organization experiences a recall of products included in its scope of certification or has regulatory intervention, SQFI and your certification body are required to be notified.The SQF requirements are listed below. If you need assistance with any of these changes, you can contact the SQFI customer service team at info@sqfi.com. DefinedTerm A3:16 Step 15.1: Temporary or Permanent Change of Audit DatesWritten approval by SQF Compliance is required to issue an extension to your organization certificate or a temporary or permanent change to re-certification audit time frame, including changes due to extraordinary events such as acts of nature.All change requests are required to be sent by the certification body that issued your organization's most recent SQF certificate.All requests regarding temporary or permanent certification changes for legitimate business reasons are to be submitted to SQFI by the certification body (available at www.sqfi.com). Using this online process enables SQFI to track and manage all incoming requests and respond in a timely manner. DefinedTerm A3:17 Step 15.2: Changing the Scope of CertificationIf you wish to add food sector categories or new services to your scope of certification, you may request the increased scope of certification in writing to the certification body.If the scope change is a new process, major change to an existing process, a new service line, significant change in personnel or commodities, then the certification body is required to be advised in writing. The certification body conducts an audit of the additional process or products and either issues a new certificate or advises you in writing why a new certificate cannot be issued.An audit for an expansion in scope does not change the re-certification date or certificate expiry date. When a new certificate is issued, the re-certification audit date and certificate expiry date remain the same as on the original certificate.When the scope of certification has been changed, the certification body makes the appropriate scope changes to your organization record in the SQFI assessment database.If your request is received within thirty (30) days prior to the re-certification audit window, the certification body may defer the scope extension to the upcoming re-certification audit and advise you accordingly. No new certificate is issued until after a successful re-certification audit. DefinedTerm A3:18 Step 15.3: Changing the Certification BodyIf you are not satisfied with the arrangements or performance of your certification body, you can change to another SQF-licensed certification body after one certification cycle and only after closure of all outstanding non-conformances, and as long as the certification is not suspended or under threat of suspension or withdrawal.If your organization requires a surveillance audit, you can change certification bodies only after the surveillance audit is conducted or by written approval from SQF Compliance (compliance@sqfi.com).When an organization changes certification bodies, the certificate issued by the previous certification body remains valid until the expected expiration date.Your certification number and re-certification date are transferred with your organization to the new certification body.The new certification body is required to undertake a review of your organization's certification before the transfer is complete to:Confirm the certificate is current, valid, and relates to the SQF System as certified;Confirm your organization's food sector category falls within the new certification body’s scope of accreditation;Confirm any complaints received are actioned;Review your organization's audit history (where you can demonstrate such history to the satisfaction of the new certification body by way of copies of audit reports completed by any previous certification body(ies) and the impact of any outstanding non-conformances); andConfirm the stage of the current certification cycle.If you are changing your certification body, you need to make the last re-certification audit report and surveillance audit report (if applicable) available to the new certification body. DefinedTerm A3:19 Step 15.4: Relocation of PremisesSQF certification is organization specific (refer to step 3), so if you relocate your business premises. the certification does not transfer to the new location.A successful certification of the new premises is required. An initial certification audit must be completed for the new organization. DefinedTerm A3:20 Step 15.5: Change of Business OwnershipIf the ownership of a certified organization changes (e.g., the organization's business has been sold), within thirty (30) calendar days of the change of ownership the new owner is required to notify the certification body and apply to retain the SQF certification and the existing certification number.If the staff with major responsibility for the management and oversight of the SQF System has been retained, the certification body may retain the existing audit frequency status.If there are significant changes in management and personnel, the certification body is required to complete an initial certification audit and issue a new certificate and a new certification number. The audit frequency applicable to a new certification applies. DefinedTerm A3:21 Step 15.6 Notification of Recalls and Regulatory InfringementsIf your organization initiates an event that requires public notification, such as a Class l or Class ll recall or receives a regulatory warning letter, you must notify your certification body and SQFI in writing at foodsafetycrisis@sqfi.com within twenty-four (24) hours of the event.Your certification body and SQFI are required to be listed in your essential contacts lists as defined in system element 2.6.3 of the SQF Food Safety Code.Your certification body is required to notify SQFI within a further forty-eight (48) hours of any action it intends to take to ensure the integrity of the certification. DefinedTerm A3:22 Step 15.7: Use of a Technical ExpertTechnical experts may be used to assist SQF auditors in audits where the auditor is SQF registered but does not possess some or any of the organization's food sector category(ies) or for products/processes where the audit would benefit from expert technical advice.The use of a technical expert to assist an SQF auditor in the performance of an SQF audit is permitted, provided your organization has been notified before the audit and accepts the expert’s participation. The technical expert must sign a confidentiality agreement with the certification body.Before the audit, the certification body must submit the technical qualifications of the technical expert and the justification for use of the technical expert to SQFI. Approval, if granted, is for one audit only.Technical experts are required to:Hold a university degree in a discipline related to the food sector category;Have received HACCP and/or Risk Management training with certificate of attainment issued; andHave five years’ full-time experience in a technical, professional, or supervisory position related to the food sector category and or specific products.If the audit includes remote activities, the assigned technical expert may make use of ICT during the audit process. The registered SQF auditor is required to be present, either in person or remotely. DefinedTerm A3:23 Step 15.8: Language Used During the AuditThe certification body is required to ensure that the SQF auditor conducting the audit can competently communicate in the oral and written language of the organization being audited.In circumstances where a translator is required, the translator must be provided by the certification body and have knowledge of the technical terms used during the audit, be independent of the organization being audited, and have no conflict of interest. The organization is to be notified of any increase in audit duration and cost associated with the use of a translator.If there is a conflict, the English version of the SQF Code prevails. DefinedTerm A3:24 Step 15.9: The SQFI Compliance and Integrity ProgramTo meet the requirements of SQFI’s Compliance and Integrity Program, SQFI may randomly monitor the activities of the certification bodies and their auditors through techniques that include but are not limited to validation and/or witness audits.While conducting these additional monitoring activities, your organization is required to allow SQFI-authorized representatives access during or after the audit has taken place.The attendance of an SQFI representative does not interfere with the operation or result in additional audit time or non-conformances, and it will not increase the cost charged by the certification body for the audit. DefinedTermSet Module 2: System Elements - Agents and Brokers, Edition 9 DefinedTerm 2.1 Management Commitment DefinedTerm 2.3.5.1 The organization shall document and implement a procedure to evaluate any changes, including temporary, emergency, unplanned, or those made as a result of the corrective action process, that could impact product safety, legality or the SQF safety system to ensure that controls are still effective. This procedure, at a minimum, shall include changes in:Suppliers approval status;Product, specifications, components, materials, ingredients, labels or product statements and claims;The hazard or risk assessments including breaches to controls (critical, risk control limits);Product safety plan(s);Personnel changes, service or other resources identified as critical to meeting the effective implementation and maintenance SQF system;Stock management, inventory or procurement processes; andLegislation.Changes shall be confirmed or validated, documented and communicated, as necessary, in a time frame that ensures product safety and customer requirements are maintained. DefinedTerm 2.4.3.1 The methods, responsibility, and criteria for obtaining, sampling, reviewing, approving product samples, evaluations, and tests shall be documented and implemented. A sampling, testing, and analysis schedule shall be developed and implemented including the methods, frequency, and specified limits of testing. Sampling, testing, and analysis shall be completed by the organization, suppliers or a combination of both and be based on:Product and supplier risk (refer to 2.3.1.2);Product sampling and release protocol (refer to 2.3.4.1 and 2.4.6.1);Any legal requirements for testing in the region(s) of intended sale;The organizations and customer requirements for demonstrating the safe and or legally compliant supply of products; andProduct specifications criteria.Sampling, testing and analysis shall be conducted to nationally recognized methods. Alternative methods that are validated as equivalent to the nationally recognized methods can be used.Where the assessment has been completed by a service provider or by the customer, confirmation of the safety and legality of the product must be available. DefinedTerm 2.4.2.1 The product safety plan shall be effectively implemented and maintained and shall outline how the organization controls and assures the safety and legality of the products or product groups by the administration of the organizations services included in the scope of the SQF certification. More than one product safety plan may be required to cover all services included in the scope of certification. The supply of food, pet food and food packaging product safety plans shall be prepared in accordance with the steps identified in the latest version of Codex Alimentarius Commission's General Principles of Food Hygiene. General merchandise product safety plans shall be prepared in accordance with Risk Management principles (e.g., ISO 31000). DefinedTerm 2.1.3.1 The methods and responsibility for handling, investigating, and resolving product safety complaints from customers, consumers (where applicable), and authorities shall be documented and implemented.Each associated complaint shall be investigated without delay. DefinedTerm 2.2.1 Product Safety Management System (Mandatory) DefinedTerm 2.8.1.1 A training program shall be documented and implemented that at a minimum: Establishes the training needs of personnel to ensure they have the required competencies to carry out those functions essential to the effective implementation of the SQF System; Identifies the training methods to be applied; Provides the appropriate training and training materials, in language(s) understood by personnel, to ensure products meet legal, customer, company, and SQF Code requirements; Determines the frequency that training is to be conducted; and Includes provisions for identifying and implementing the refresher training needs of the organization. DefinedTerm 2.4.5.1 The responsibility and methods for releasing products to supply shall be documented and implemented. The methods applied shall ensure:The product is released by authorized and qualified personnel;Where the organization implements positive release protocols, no product shall be released to the customer until all required testing and analyses have been completed, the results reviewed, and compliance confirmed (refer to 2.4.4.1);The inventory stock control system cannot release products without authorization approval; and Records shall be maintained to demonstrate compliance with approved supplier list (refer to 2.3.4.4). DefinedTerm 2.2.3.1 The organization shall maintain relevant and appropriate records, as necessary, to demonstrate the effective implementation, maintenance, and continuous improvement of the SQF system. The methods and responsibility for maintaining and retaining records shall be documented and implemented. DefinedTerm 2.5.3.1 The responsibility and methods outlining how issues and non-conformances are investigated and resolved shall be documented. These shall include, but not be limited to, deviations of critical limits, complaints, findings at internal and external audits, non-conforming product and services, deficiencies found during tests and reviews, verification and validation activities, recalls and regulatory infractions, and negative trends of the product safety system. This procedure shall include, at a minimum, the: Use of corrections, as applicable, to address the identified issue; Method(s) of analysis used to investigate and identify the root cause; Process for determining and implementing the corrective and preventative actions needed to address the root cause; Verification of effectiveness of the implemented actions to prevent reoccurrence; and Communication of results to relevant organization leadership and personnel. DefinedTerm 2.6.1 Product Identification (Mandatory) DefinedTerm 2.7.2.1 The methods, responsibility, and criteria for identifying the organizations vulnerability to product fraud, shall be documented, implemented, and maintained. This shall consider at a minimum:The susceptibility to product, ingredient, or component and service substitution;Misrepresentation of products (e.g., false or misleading statements made about a product for economic gain); andUse of grey market or stolen goods. DefinedTerm 2.6.3.1 The methods and responsibility used to withdraw or recall product shall be documented and implemented. The procedure shall: Identify those responsible for initiating, managing, and investigating a product withdrawal or recall; Describe the management procedures to be implemented; Document sources of legal, regulatory, and expert advice; Provide essential traceability information; Include the risk to programs outside of the organizations purview; and Outline a communication plan to inform organization personnel, customers, consumers, regulatory authorities, and other essential bodies in a timely manner appropriate about the nature of the incident and as per customer and legal requirements. DefinedTerm 2.5.1 Validation and Effectiveness (Mandatory) DefinedTerm 2.7.1 Product Defense (Mandatory) DefinedTerm 2.4.1.1 The organization shall ensure that at the time of delivery to customers products shall comply with: Product safety laws and regulations applicable in the locality, country of manufacture, and intended sale, if known; Customer and organization requirements; and Where applicable, established industry codes of practice. DefinedTerm 2.8.1 Training Program (Mandatory) DefinedTerm 2.3.3.1 Agreements with suppliers, including manufacturers, distributors, traders, and or other service providers (businesses that the broker is trading with) that have a potential impact on product safety or legality shall be documented. Cooperative memberships and or, statutory frameworks shall ensure agreements are in place. Agreements shall and include:A description of the products and or services to be provided;Information to ensure all legislative requirements are met for the intended place of sale including, where applicable, customer requirements; andInformation to ensure all product safety requirements are met.These agreements shall be approved by the both parties, communicated to relevant personnel, and kept current. DefinedTerm 2.2.1.1 The organization shall ensure that all documentation used to meet the requirements of the SQF Agents and Brokers Code relevant to the scope of certification are established, implemented, and maintained, kept current and made available to the relevant personnel. Documentation may be in electronic and/or hard copy form. DefinedTerm 2.5.4.1 The methods and responsibility for scheduling and conducting internal audits to verify the effectiveness of the entire SQF System shall be documented and implemented. Internal audits must be conducted at least annually. The methods applied shall ensure: Personnel conducting internal audits are independent of the function audited, where practical; All applicable requirements of the SQF Code are audited per the current SQF audit checklist or a similar tool that covers all applicable requirements of the SQF Code; Objective evidence is recorded to verify compliance and/or non-compliance; Root cause analysis, corrections, and corrective and preventative actions for deficiencies or trends indicating potential; Audit results are communicated to relevant organization leadership and personnel responsible for implementing and verifying the effectiveness of actions taken according to 2.3.5; and Internal auditors to be trained (refer to 2.8.1.2), use of qualified consultants / external experts is permitted. DefinedTerm 2.2.2.1 The methods and responsibility for maintaining document control and ensuring personnel have access to current requirements and instructions shall be documented and implemented. Current product safety documents shall be maintained and changes communicated to relevant personnel when documents have been revised. DefinedTerm 2.4.1 Product Legislation (Mandatory) DefinedTerm 2.6.2.1 The methods and responsibility for the organization to ensure products are traceable, throughout the supply chain (within the scope of trade) shall be documented and implemented including: Compliance with all regulatory requirements in the country of production and intended sale; Traceability is at a minimum, one step back from the source of supply, any transportation or logistics (where applicable) and one step forward to the customer; Products origin of manufacture and identification; Traceability is maintained where product is reused for alternative purposes; and The effectiveness of the product trace system is tested at least annually and shall be carried out on products from different suppliers that are shipped to a wide range of customers. DefinedTerm 2.4.4.1 The responsibility and methods outlining how to communicate and administer the control of non-conforming product or services shall be documented and implemented. Non-conforming product or service may be non-compliant to safety, legality, and customer requirements including specifications, agreements, approved supplier requirements, and may be detected throughout the supply chain. The methods applied shall ensure:Non-conforming product is identified, quarantined, assessed or evaluated and or dispositioned in a manner that minimizes the risk of inadvertent or improper use;Both supplier (refer to 2.3.4.2), internal and customer (where applicable) communication channels are in place and are implemented regarding non-conformance and potential non-conformance including identification, location, amounts, details of non-conformance and handling requirements;A stock management quarantine hold system is in place and implemented to ensure the control and removal of product from supply;Only authorized personnel can administer the removal of product from quarantine hold status;Product is not released from quarantine hold status without evidence of the non-conformance being addressed;All relevant personnel are aware of the organization’s requirements for quarantine hold status and release;All products of unknown status are included in this process;Unsafe products that cannot be released must be administered through the supply chain to ensure secure disposal / destroyed; andRecords are maintained. DefinedTerm 2.6.4.1 A crisis management plan shall document the known potential dangers that can impact the organizations ability to supply safe and legally compliant products and outline the methods to implement to cope with such a crisis. The crisis management plan shall include at a minimum:A senior manager responsible for decision-making, oversight, and initiating actions arising from a crisis management incident;The selection of a crisis management team;The controls implemented to ensure any responses do not compromise product safety;The measures to communicate, isolate, and identify product affected by a response to a crisis;The measures taken to verify the acceptability of product prior to release;The preparation and maintenance of a current crisis alert contact list, including supply chain customers;Sources of legal and expert advice; andThe responsibility for communications internally, with authorities, external organizations, and media. DefinedTerm 2.3.2.1 The methods and responsibility for the developing, managing and approving specifications shall be in place. Specifications shall be accessible to all relevant personnel. Specifications shall be established, implemented and maintained for all products, and services that are purchased, sold, utilized or facilitated throughout the scope of trade. These shall include all safety criteria which shall be based on applicable: legislation, industry standards, codes of practice, customer requirements, validation testing and appropriate scientific principles. DefinedTerm 2.7.1.1 A product defense threat assessment shall be conducted to identify potential threats that can be caused by a deliberate act of sabotage or terrorist-like incident. The assessment shall consider internal and external threats. DefinedTerm 2.5.2.1 The methods, responsibility, and criteria for verifying product safety and risk management controls, including critical control points and risk mitigation control steps, are operating as intended shall be documented and implemented. The methods applied shall:Ensure that responsible personnel authorize each verified record to demonstrate proper completion of the monitoring activities;Require verification of certificates of conformance, certificates of analysis, letter of guarantee, and/or inspection and testing for materials and products; andVerify that control measures remain effective and are consistently applied during service delivery and ensure that any non-conformance is identified, documented, and addressed through corrective action (refer to 2.5.3). DefinedTerm 2.3.4.1 Supplier approval and ongoing supplier performance shall ensure products meet all customer, regulatory, safety, and organizational requirements. The methods and responsibility for selecting, evaluating, approving, and monitoring suppliers, including emergency suppliers and suppliers under the same corporate ownership, shall be documented and implemented and include, at a minimum:Past performance of a supplier;Risk level of the supplier and product (refer to 2.3.1.2);Agreed specifications;Summary of the product safety controls implemented by the supplier;Methods for granting approval and reviewing supplier status;Methods and frequency of monitoring supplier performance;Methods and frequency of verification of supplied product or service such as product sampling, testing and release protocol;Methods of identification and traceability; andSupplier contact details, including emergency contacts.Additional requirements shall be implemented where applicable to product, service and supplier (refer to 2.3.1.2):Laboratory testing conducted accordance with in scope and requirements of ISO/IEC 17025 or equivalent;Product sampling release protocol including the applicable analysis, inspections, testing and provision of records;Retention sample maintenance program for the stated life, shelf life or warranty period of the product;Non-conforming products requirements including identification and quarantine controls;Secure product destruction protocols including the prevention of inadvertent use;Product defense and product fraud controls including verification;Supplier certification requirements (such as SQF), accreditation, an audit by the organization, or other suitable means;Licenses, approvals and or authorizations; andRetention samples, shall be stored according to the typical storage conditions for the product and maintained for the stated shelf life, warranty, or claim period of the product or as per customer requirements. DefinedTerm 2.1.1.1 A product safety policy, signed by the senior responsible manager shall be established and maintained that outlines at a minimum the commitment of all management to: The supply of safe products in compliance with all customer and regulatory requirements; Establish and maintain a positive product safety culture within the organization; Establish and continually improve the organizations SQF system; and Effectively communicate this policy to all personnel in a language(s) they understand. DefinedTerm 2.1.1 Management Responsibility (Mandatory) DefinedTerm 2.3.1 Sourcing and Development (Mandatory) DefinedTerm 2.3.1.1 The methods and responsibility for designing, developing, sourcing, and commercializing products or services shall be documented and implemented.Confirmation of the safety, legality, and where applicable, customer requirements must be available prior to initial commercialization.Reintroducing of products and or services, including those that have not been sourced for more than a year shall be assessed to ensure supplier controls and requirements are still effective for changes that have occurred to processes, the supply chain, legislation, standards, and customer requirements. DefinedTerm 2.5.1.1 The methods, responsibility, and criteria for ensuring the effectiveness of all applicable elements of the SQF Program shall be documented and implemented.The methods applied shall validate that product safety plans, including critical limits (refer to 2.4.3.11), are effective at implementation and re-validated or justified by regulatory standards when changes occur. DefinedTerm 2.1.2.1 The SQF System shall be reviewed by management at least annually and include:Changes to SQF safety management system documentation (e.g., policies, procedures, supplier approval requirements, supplier agreements, product safety plan, product safety policy);Results of annual system tests (e.g., product defense, crisis management, recall, and product trace);Trends related to the SQF safety management system (e.g., audit findings, customer complaints);Performance towards product safety culture assessment plan;Performance to product safety objectives and measures;Performance of supplier approval process and supplier communication plan;Review of recalls and regulatory issues;Updates to all hazard analyses, risk assessments; andFollow-up action items from previous management reviews. DefinedTerm 2.6.1.1 The methods and responsibility for the identification of products, throughout the supply chain within the scope of trade shall be documented and implemented to ensure:The organization can identify products through stock management functions;Products are identified and labelled to the specification, customer, and regulatory requirements to support traceability (refer to 2.6.2); andLabelling shall include including all safety and precautionary labelling as required (e.g., food allergens, electrical safety, chemical safety, refer to 2.5.4). DefinedTerm 2.3.4.2 The organization and suppliers shall have a communication plan ensuring notification to the organization of changes to products or processes outside of agreements, specifications, and/or supplier requirements. Changes shall include:New and emerging changes to products and or service;New and emerging product safety and or regulatory issues or risks;Non-compliant product safety test results;Identification and location of non-conforming product or service including non-conformance details;Manufacturing processes, raw material, component, packaging or formulations changes;Emerging issues from trending complaints;Supplier product recalls or withdrawals;Failed certification audits, including loss or suspension of certification;Actual regulatory breaches; andChange management criteria (refer to 2.3.5). DefinedTerm 2.4.5.2 If product is packaged and distributed in bulk or unlabelled, product information shall be made available to inform customers and/or consumers of the requirements for its safe use. DefinedTerm 2.6.2 Product Trace (Mandatory) DefinedTerm 2.1.3.2 Where an investigation requires time due to consultation with the supply chain, and or if there are subsequent delays, the customer shall be sent an acknowledgement of the complaint receipt and the estimated timeframe of the investigation. DefinedTerm 2.2.2 Document Control (Mandatory) DefinedTerm 2.6.2.2 Transaction records to be maintained for all purchased, sold, or traded products to demonstrate traceability including:Supplier details;Authorized release dates (refer 2.4.6);Products, units or volumes and identification;Product and/or service provider details;Dates of purchase or facilitation transaction;Product logistic details including locations and transactions; andCustomer receival locations and dates for all products and or services. DefinedTerm 2.1.1.2 Management shall build a positive product safety culture within the organization that ensures that all requirements of the SQF system are implemented and maintained. All personnel shall: Understand and fulfil their SQF system responsibilities; Understand and fulfil their product safety, customer and regulatory responsibilities; Notify management about actual or potential product safety issues; Act to resolve product safety or compliance issues within their scope of work; andDemonstrate a commitment to the service of supplying safe and legally compliant products. DefinedTerm 2.8.1.2 Training shall be provided for all personnel involved in:Developing and maintaining product defense, product fraud, and product safety plans;Monitoring critical control points and or risk control mitigation steps;Implementing the corrective action process, including root cause analysis;Conducting audits (internal, supplier);Supplier approval and review (refer to 2.3.4), procurement, stock management systems including product release (refer to 2.4.6) and quarantine hold (refer to 2.4.5);Product identification and traceability (refer to 2.6.1 and 2.6.2); andAny other tasks identified as critical to meeting the effective implementation and maintenance of the SQF Code.A documented assessment to demonstrate appropriate knowledge and expertise shall be included as part of the training. DefinedTerm 2.6.4.2 The crisis management plan shall be reviewed, updated when a new vulnerability is identified, tested, and verified at least annually. The test shall include all components of the crisis management program. DefinedTerm 2.1.3.3 A documented root cause analysis and the corrective action process, shall be completed for all adverse trends and serious incidents as outlined in 2.5.3. DefinedTerm 2.4.1.2 The methods and responsibility for ensuring the organization is kept informed of changes to relevant laws and regulations, standards, scientific and technical developments, emerging product safety issues, and relevant industry codes of practice shall be documented and implemented. DefinedTerm 2.4.3.2 Internal laboratories shall operate in accordance with the applicable requirements of ISO/IEC 17025, including proficiency testing. External laboratories shall be accredited to ISO/IEC 17025, or equivalent. The tests performed shall be included on the laboratory's scope of accreditation. DefinedTerm 2.2 Documentation and Records DefinedTerm 2.5.2 Verification Activities (Mandatory) DefinedTerm 2.5.2.2 A verification schedule outlining the verification activities, their frequency of completion, and the person responsible for each activity shall be prepared and implemented. DefinedTerm 2.3.2.2 Periodic reviews of specifications shall occur to confirm they are traceable, current, and compliant to customer and legal requirements. DefinedTerm 2.1.2.2 Management shall be updated at least monthly and include: Matters impacting the implementation or maintenance of the SQF System (e.g., deviations of CCPs or risk mitigation steps, customer issues, regulatory issues, adverse trends, emerging risks); Supplier agreements, approvals and removals; Specifications and compliance; Identified non-conforming products and status; Corrections, and corrective and preventative actions; Results from internal and external audits; and Product safety complaints. DefinedTerm 2.7.2 Product Fraud (Mandatory) DefinedTerm 2.6.3.2 The product withdrawal and recall system shall be reviewed for accuracy and completeness, tested, and verified as effective at least annually. The test shall include all components of the recall program. DefinedTerm 2.2.3.2 Records shall be legible, readily accessible, retrievable, and securely stored to prevent unauthorized access, loss, damage, and deterioration. Retention periods shall be in accordance with customer, legal, and regulatory requirements, at minimum the product shelf life or warranty period, or established by the organization if no shelf life exists. DefinedTerm 2.3.2 Specifications (Mandatory) DefinedTerm 2.7.1.2 A product defense plan shall be documented and implemented based on the threat assessment. The defense plan shall meet regulatory requirements as applicable and shall include the methods, responsibility, and criteria for preventing adulteration caused by an act of sabotage. The methods implemented shall mitigate public health and safety risks and, at a minimum, ensure:Only authorized personnel have access to the organizations business process capability and functions including online systems;Protection of sensitive data, processing, and access points;Authorization for approval and release of products; andAccess to the product purchase, stock management, control and release systems by personnel, contractors, and visitors is recorded and controlled. DefinedTerm 2.4.2.2 Where possible, the product safety plan shall be developed and maintained by a multidisciplinary team that includes personnel with expertise in technical, supply chain, management, procurement, and associated processes. Where the relevant expertise is not available, advice may be obtained from other sources to assist the product safety team.The team leader shall be HACCP trained (food) and or Risk Management trained (general merchandise) where applicable. DefinedTerm 2.7.2.2 A product fraud mitigation plan shall be developed and implemented that specifies the methods by which the identified product fraud vulnerabilities shall be controlled. DefinedTerm 2.1.2 Management Review (Mandatory) DefinedTerm 2.3.1.2 A risk assessment of each product, service and supplier prior to supply shall be completed to determine the Approved Supplier requirements (refer to 2.3.4) and level of ongoing verification required to demonstrate safety, customer and legislative requirements. This risk assessment shall consider, where applicable: Product or service type; Scope of service; Intended consumer or customer group; Intended use including foreseeable / known misuse; Product fraud; Components or ingredient such as food allergens and / or known hazardous materials such as batteries and chemicals; Legislated and regulatory criteria including safety labelling or written statements including the establishment of expiration dates, electrical, chemical, or other safety claims; Customer requirements; and Third party certification or accreditation status in the case of a service. DefinedTerm 2.3.2.3 All product labelling, supplied product information, product statements or claims shall comply with the relevant legislation in the country of intended sale and be approved by qualified personnel. DefinedTerm 2.5.3 Corrections, and Corrective and Preventative Action (Mandatory) DefinedTerm 2.4.3.3 Where the organization maintains retention samples, they shall be stored according to the typical storage conditions for the product and maintained for the stated shelf life, warranty, or claim period of the product or as per customer requirements. DefinedTerm 2.3.4.3 Product and suppliers shall be risk assessed whenever a change occurs or at a minimum annually, taking into consideration customer complaints, trends, and supplier performance, to ensure suppliers are meeting relevant supplier requirements. DefinedTerm 2.1.1.3 A product safety culture assessment plan to drive continuous improvement shall be documented, implemented, and maintained. This plan shall address at a minimum: Effective communication strategies to ensure all personnel are informed and engaged in positive product safety behaviors including decision making and practices;Comprehensive training programs for all personnel including organizational management; Mechanism to collect and address feedback from all personnel regarding SQF system including product safety practices; and Regular measurement and evaluation of product safety related activities. DefinedTerm 2.7.1.3 The product defense threat assessment and prevention plan shall be reviewed for effective implementation and tested at least annually or when the threat level, as defined in the threat assessment, changes. DefinedTerm 2.7.2.3 The product fraud vulnerability assessment and mitigation plan shall be reviewed and verified at least annually or when the vulnerabilities, as defined in the vulnerability assessment, changes. DefinedTerm 2.4.2 Product Safety Plan (Mandatory) DefinedTerm 2.2.3.3 Records to support the completion of all annual requirements, including relevant documents (e.g., root cause methodology, corrections, and corrective and preventative actions etc.) shall be maintained and include at a minimum: Management review (refer to 2.1.2); Approved Supplier Program (refer to 2.3.4); Product safety plan review, including process flow (refer to 2.4.3); Internal audits (refer to 2.5.4); Traceability test (refer to 2.6.2); Recall test (refer to 2.6.3); Crisis management test (refer to 2.6.4) Product defense threat assessment and prevention plan review (refer to 2.7.1); Product defense test (refer to 2.7.1); and Product fraud vulnerability assessment and mitigation plan review (refer to 2.7.2). DefinedTerm 2.4.1.3 SQFI and the Certification Body shall be notified in writing within twenty-four (24) hours as a result of a regulatory warning letter or action, named in an food outbreak, and / or product safety incident. Notification to SQFI shall be by email to foodsafetycrisis@sqfi.com. DefinedTerm 2.3.3 Supplier Agreements DefinedTerm 2.8.1.3 Instruction shall be provided, at a minimum, to all relevant personnel and contractors involved in the effective implementation of the following programs or plans: Approved Supplier Program; Product fraud mitigation; Product defense; Specifications; Recall; Product Identification and Traceability; Crisis management; Product release; and Corrections, and Corrective and Preventative Action. DefinedTerm 2.3.1.3 Where applicable, the creation of new products shall be developed and validated by authorized personnel to ensure that they meet the intended application or use. Trials and testing shall be conducted to ensure products meet safety, legal and customer requirements throughout the application of the product life. Consideration shall be given to: Consumer or user preparation, storage, handling, assembly instructions; The establishment of shelf life (e.g., use-by, best before), warranty period or life of the product; Packaging adequacy; Expected product use testing (e.g., dropped product, repeated usage testing);Label or claim validation; and Ingredients and or components are legal within the country of intended use. DefinedTerm 2.6.3 Product Withdrawal and Recall (Mandatory) DefinedTerm 2.2.3 Records (Mandatory) DefinedTerm 2.4.2.3 The scope of each product safety plan shall be developed and documented including all services across locations (including virtual site locations) from the start and the end points of the process under consideration within the scope of Certification. DefinedTerm 2.6.3.3 SQFI and the Certification Body shall be notified in writing within twenty-four (24) hours upon identification of a safety event that has been initiated by the organization in which use of or exposure to the product:Has a reasonable probability of causing serious adverse health consequences, or death; orMay cause temporary or medically reversible health consequences.SQFI shall be notified at foodsafetycrisis@sqfi.com. All required information from either SQFI or the Certification Body shall be submitted as requested. DefinedTerm 2.3 Supply Sourcing, Specifications, Agreements and Approval DefinedTerm 2.1.3 Complaint Management (Mandatory) DefinedTerm 2.3.4.4 A current approved supplier list is to be maintained including products and or services approved to supply. DefinedTerm 2.4.3 Sampling, Testing, and Analysis DefinedTerm 2.1.1.4 Management shall establish, document, and communicate to all personnel product safety objectives and performance measures. They will ensure all operations are appropriately staffed and organizationally aligned with adequate resources to meet these objectives. The reporting structure and responsibilities shall: Document the job functions for key personnel whose service delivery activities affect the sourcing and supply of safe products; Identify a backup(s) for these key personnel; and Ensure the integrity and continued operation of the SQF system in the event of organizational or personnel changes. DefinedTerm 2.4.2.4 Product descriptions shall be developed and documented for all products included in the scope of the product safety plans. The descriptions shall reference the product specifications (refer to 2.3.2.4) plus any additional information relevant to product safety, such as customer, intended end user, consumer, labelling, and or storage and use conditions. DefinedTerm 2.3.2.4 Product specifications shall be documented and shall include, where applicable:Legislation and customer criteria;Safety criteria limits (e.g., microbiological, chemical, allergens, physical, electrical, size, age limits, weight limits);Labelling, mandatory warnings statements, instructions for use;Composition and / or criteria to meet label, warning and or statement claims;Packaging requirements;Storage, distribution, and handling conditions;Shelf life and / or warranty period of the product;Intended use by the customer and end user / consumer;Component specifications, safety criteria and origins; andSampling and / or sensory testing requirements.All finished product specifications shall be approved / agreed to by both the organization and the supplier, and when required, by the customer. DefinedTerm 2.2.3.4 Where applicable, records demonstrating the implementation of the SQF safety management system shall be maintained and include: Monthly management updates (refer to 2.1.2); Complaints, investigations, and resolutions (refer to 2.1.3); Product sourcing and product development records (refer to 2.3.1); Specifications (refer to 2.3.2); Supplier agreements (refer to 2.3.3); Supplier approvals (refer to 2.3.4); Process changes (refer to 2.3.5); Validation and verification records (refer to 2.5.1 and 2.5.2); and Root cause analysis and the corrective action process (refer to 2.5.3). DefinedTerm 2.6.4 Crisis Management Planning DefinedTerm 2.5.4 Internal Audits (Mandatory) DefinedTerm 2.3.4 Approved Supplier Program (Mandatory) DefinedTerm 2.4 Product Safety System DefinedTerm 2.8.1.4 Training records shall be maintained and include: Participant name; Description of necessary skills; Description of the training provided; Date training completed; Trainer or training provider; and Verification that the trainee is competent to complete the required tasks. DefinedTerm 2.3.4.5 Supplier audits shall be based on risk and shall be conducted by personnel knowledgeable of applicable regulatory, product safety requirements and auditing. DefinedTerm 2.5 Validation and Verification DefinedTerm 2.3.5 Change Management DefinedTerm 2.4.2.5 The intended use of each product shall be determined and documented by the product safety team. This shall include target user, consumer groups, the potential for use or consumption by vulnerable groups of the population, requirements for further processing, assembling or application and potential foreseeable alternative uses of the product. DefinedTerm 2.4.4 Non-conforming Products or Service (Mandatory) DefinedTerm 2.2.3.5 Where applicable, records to support the SQF system shall be maintained and include: Approved supplier list and compliance (refer to 2.3.4.4); Critical control point and or risk mitigation step monitoring (refer to 2.4.3.16); Product sampling, testing and analysis (refer to 2.4.4); Non-conforming product or service (refer to 2.4.5); Product traceability and transaction (refer to 2.6.2); Product recall (refer to 2.6.3); and Product release (refer to 2.4.7). DefinedTerm 2.1.1.5 A primary and substitute SQF Practitioner shall be designated with responsibility and authority to:Oversee the development, implementation, review, and maintenance of the SQF System through an understanding of the SQF Code(s) relevant to the organizations scope of certification;Take appropriate action to ensure the integrity of the SQF System and escalate to management, key product safety issues or events;Communicate to relevant personnel all information essential to ensure the effective implementation and maintenance of the SQF System, including participation in the annual management review and monthly management updates;Ensure the proper use of the SQF logo, according to the requirements in the SQF Logo Rules of Use; andEnsure relevant blackout dates are provided to the Certification Body a minimum of ninety (90) days prior to the start of the audit window that prevent an audit from occurring when the organization is not operating for legitimate business reasons.The primary and substitute SQF Practitioners shall:Be employed by the organization (while designated as the primary SQF Practitioner);Have successfully completed a Hazard Analysis and Critical Control Point (HACCP) - based training course when the organization is conducting the service to supply food, food packaging, and pet food; andHave successfully completed Risk Management training for the service delivery of general merchandise; and Be competent to implement and maintain the organizations product safety management plans. DefinedTerm 2.4.5 Product Release (Mandatory) DefinedTerm 2.4.2.6 The product safety team shall develop and document a flow diagram covering the scope of each product safety plan. The flow diagram shall include:Every step in the organizations process; andSourcing and release controls including authorization.Each flow diagram shall be verified to cover all applicable actual and virtual locations, personnel and hours of operation. DefinedTerm 2.6 Product Traceability and Crisis Management DefinedTerm 2.4.2.7 The product safety team shall identify and document all product safety hazards or risks that can reasonably be expected to occur at each step of the process. The product safety team shall ensure that all products and applicable organizational services are considered by the hazard analysis or risk assessment. DefinedTerm 2.7 Product Defense and Fraud DefinedTerm 2.4.2.8 The product safety team shall conduct a hazard analysis (food) or risk assessment (general merchandise) for every identified hazard or risk to determine which are significant, i.e., their elimination or reduction to an acceptable level is necessary to control product safety. The methodology for determining significance shall be documented and used consistently to assess all potential hazards or risks in the absence of control. DefinedTerm 2.8 Training DefinedTerm 2.4.2.9 The product safety team shall determine and document the control measures that must be applied to all significant hazards or risks. More than one control measure may be required to control an identified hazard or risk, and more than one significant hazard may be controlled by a specific control measure. DefinedTerm 2.4.2.10 Based on the results of the hazard analysis and / or risk assessment (refer 2.4.3.8), the product safety team shall identify the steps in the organizations process where control must be applied to eliminate, prevent or reduce a significant hazard or risk to an acceptable level (i.e., a critical control point (CCP) - food; risk mitigation control step - general merchandise). In instances where a significant hazard or risk has been identified at a step in the process but no control measure exists, the product safety team shall modify the process to include an appropriate control measure. DefinedTerm 2.4.2.11 For each identified CCP (food) and risk mitigation control step (general merchandise), the product safety team shall identify and document the limits that separate safe from unsafe product limits, acceptable from unacceptable (critical limits). The product safety team shall validate (refer to 2.5.1.1) all critical limits to ensure the level of control of the identified product safety hazard(s) / risk(s) and that all critical limits and control measures individually or in combination effectively provide the level of control required (refer to 2.5.2.1). Critical product safety limits are reviewed annually, or at a minimum, whenever a change occurs. DefinedTerm 2.4.2.12 The product safety team shall develop and document procedures to monitor CCPs and or risk mitigation control steps to ensure they remain within the established limits (refer 2.4.3.11). Monitoring procedures shall identify the personnel assigned to monitor, sampling, methods, and the frequency. DefinedTerm 2.4.2.13 The product safety team shall develop and document deviation procedures that identify the removal of affected product from the scope of supply when monitoring indicates a loss of control at a CCP and or risk mitigation control step. The procedures shall include root cause analysis, corrections, and corrective and preventative actions to correct the process step to prevent recurrence of the failure. DefinedTerm 2.4.2.14 The documented and approved product safety plan(s) shall be implemented in full and reviewed annually or when a change occurs (refer 2.3.5). DefinedTerm 2.4.2.15 Procedures shall be in place to verify that CCP's and risk mitigation control steps are effectively monitored and appropriate root cause analysis, corrections, and corrective and preventative actions are applied, as applicable. DefinedTerm 2.4.2.16 CCP and risk mitigation step monitoring, corrective action, and verification records shall be maintained and appropriately used. DefinedTerm 2.4.2.17 Where product safety regulations in the country of service and or intended sale (if known) prescribe a product safety control methodology (e.g., Codex Alimentarius Commission's General Principles of Food Hygiene), the product safety team shall implement product safety plans that meet both regulatory requirements and SQF Code requirements.