Our company is going for its first GFSI certification with BRC, and I have a few questions that I'm looking for help with.
Do the risk assessments for BRC need to be individual controlled documents? Do they need to be done on a regular basis, or just reviewed when there is a change to the system?
Dear WowQC,
Based on various previous threads / examples, the problem can occasionally be met that the textual phrasing of BRC does not always align to a (haccp-type) risk assessment as can be readily handled with a generic template.
Personally, i think BRC do it deliberately so as to compete with SQF's "validation".
Rgds / Charles.C
PS - "GFSI certification" seems to have become a popular terminology but i believe it has no direct (GFSI) meaning.