Management review is the process of reviewing the quality management system (QMS)/food safety management system (FSMS) and food integrity management system (FIMS) and is undertaken by senior management at regular intervals. Management review is undertaken to determine the degree of management control and its effectiveness, and verify that the food safety and quality policy and food safety and quality objectives, QMS, FSMS and FIMS, are suitable and being complied with. It is also an opportunity to identify any areas for improvement. An internal audit programme should support the management review process. It provides an input to management review by measuring the level of conformance with the QMS/FSMS/FIMS and the effectiveness of the QMS/FSMS/FIMS in achieving food safety, legality and quality objectives.
11.1 Management review is formally addressed by manufacturing organisations at regular structured management meetings. The effectiveness of the management review meetings requires certain prerequisites to be in place, including determining:
The meeting minutes form part of the formal records of the organisation (see Chapter 13) and need to be retained to provide objective evidence that the meeting(s) took place The minutes also need to identify the actions that were agreed as a result of the meeting and any follow‐up action that was agreed at the meeting to ensure that the agreed actions were implemented and were effective. Clear actions need to be agreed with responsibilities for action and timescales for completion. It is important that all actions are SMART (specific, measurable, achievable, relevant and time based) otherwise preventive or corrective action will be limited in its degree of effectiveness. The channels of communication of the meeting decisions and the actions that have been agreed must be formalised. The frequency of meetings can be monthly, bimonthly or quarterly. If the meetings are any less frequent, then they become a historic review rather than a real‐time management process that drives continuous improvement. For the same reason, minutes need to be circulated to those concerned without delay as a guide to agreed decisions and in order to facilitate prompt action.
11.2 Inputs to the management review process can include the following:
11.3 If an integrated management review process is undertaken, inputs could also include social accountability and organisational and food safety culture, animal welfare, corporate social responsibility, personnel health and safety, and environmental issues.
11.4 Measurable outputs that demonstrate the effectiveness of the management review process include:
11.5 It is the role of the senior management team, using the management review process as a driver, to provide the resources required to fulfil food safety, food integrity and quality objectives and to ensure legal compliance. Management review needs to consider whether existing human, physical and financial resources are adequate to achieve this and, where this is not the case, drive the implementation of appropriate corrective action so that adequate resources are in place.
11.6 The senior management review process should have a formal process in place to ensure that the manufacturing organisation can access, and then address within its management systems and procedures, scientific and technical developments, including the emergence of new food safety hazards, food quality issues or food integrity concerns and mitigation measures, changes and updates to industry guidance and codes of practice, and changes to legislation both in the country of manufacture and those countries to which the organisation is seeking to export its products.
11.7 Auditing is the management tool that identifies whether the food safety, integrity and quality manual, and associated procedures and systems, including prerequisite programmes (PRPs), have been developed and implemented appropriately, are effective and are being complied with and that there are no weaknesses in the formal system that could give rise to non‐conformance and/or no evidence of actual non‐conformance evident during the audit. Audits can be described as:
11.8 Audits can be undertaken to two levels of depth: the first is a system audit where the auditee’s (the organisation being audited) documented management system is audited against the system requirements of the standard, i.e. how the documented management system should be constructed and what elements it should contain. The second level of audit is a compliance audit, which measures if what the manufacturing organisation is doing meets the requirements of their own documented management system and the requirements of the system standard, e.g. the organisation’s documented management system may have greater requirements in place than the system standard, e.g. with regard to training, traceability or provenance standards. It is also important to determine the scope of the audit, i.e. the products and processes that will be audited and identified as being compliant, or not, in the audit.
11.9 Internal audits complement the management review process. Internal, or first‐party, audits are where the organisation develops an auditing programme to audit itself in terms of products, procedures and processes. The auditing programme should include all the activities within the scope of the QMS/FSMS/FIMS. The audit programme should be defined in an audit schedule that defines audit criteria, scope, the proposed auditor and planned frequency of audits. An internal audit procedure should be developed defining the requirements for the internal audit programme, including planning and conducting audits, mechanisms for reporting the results of the audit and how any required actions will be monitored and followed up. Individual responsibilities should be defined within the procedure. The procedure should also outline the working documents that will be used, such as audit reports, audit checklists and corrective action plans. The resource required for the internal auditing programme should be reviewed, including the required number of auditors and the training required in order to develop the auditors’ specific auditing skills and technical knowledge. The resource will depend on the number of audits scheduled and their scope and frequency. The frequency of audits should be established by a formal risk assessment. The internal audit procedure should identify the depth of the internal audits, i.e. whether they are system or compliance audits, or both, and the scope of the audit, i.e. not only the area of activities being audited, but also the elements of the management systems (s) (QMS, FSMS and/or FIMS and also environmental, health and safety of personnel or other criteria) for a compliance audit and the system standard such as the British Retail Consortium (BRC) Global Standard for Food Safety, alternative private or retailer standard, ISO 22000 or EN ISO 9001:2000 or other relevant standard in the event of a system audit. Auditors should have technical knowledge of the food products and processes being audited. Auditors cannot objectively audit their own work, so internal audits should be carried out by competent auditors who are independent of the area or activity being audited. This will ensure the objectivity and impartiality of the audit process.
11.10 The results of the audit should be documented and brought to the attention of the management responsible for the area being audited. This should include areas of both conformance and non‐conformance. Any preventive or corrective actions and timescales for their implementation should be mutually agreed. The management responsible for the area being audited is responsible for ensuring that any required actions are undertaken in a reasonable time frame in order to eliminate non‐conformance and ensure effective corrective action. Verification activities should then be undertaken to ensure that the prescribed preventive or corrective actions have been implemented and have been effective. A process should be put in place to manage all preventive and corrective action required within the organisation. This can be through a preventive and corrective action plan, non‐conformance or corrective action log or similar document. The quality control manager should be responsible for monitoring the completion of preventive and corrective action according to agreed timescales and should highlight poor performance for follow up, additional resources and/or further action.
11.11 The implementation of quality assurance processes within an effective QMS/FSMS/FIMS requires not only the implementation of procedural audits but also those that address extrinsic food safety hazards and food integrity threats. This requires an audit plan to be established to monitor the ‘fabric’ of the manufacturing premises in terms of the building and its physical security, zoning and access to specific areas within the manufacturing premises, use and security of equipment and tools, premises housekeeping and hygiene, and personnel hygiene. The frequency of these audits should be based on risk assessment, including assessing the degree to which the product is enclosed within food‐processing equipment or secure production zones. These premises and personnel audits should be undertaken by trained, competent individuals, and where possible should not just be seen as simply as the completion of a checklist and an opportunity to identify non‐conformance, i.e. a tick‐box activity. Auditors should be encouraged not only to have awareness of the premises and personnel standards required but also to use the internal audit process to improve staff understanding of the good manufacturing practice (GMP) standards required and promote continuous improvement. Senior management should support this activity as a preventive approach to minimising food safety and food integrity risk.
11.12 Trend analysis should be undertaken across a series of internal audits to identify areas that give rise to ongoing, albeit minor, non‐conformance, especially where corrective action is shown to have limited value in addressing weaknesses or breakdowns in the QMS, FSMS and/or FIMS. This should form an input into the management review process, as previously described. The trend analysis should form a framework for the development of specific key performance indicators (KPIs) or critical success factors (CSFs) that are robust enough to drive continuous improvement in all aspects of GMP.
11.13 Guidance on undertaking audits and developing auditing programmes can be accessed in BS EN ISO 19011:2011 Guidelines for auditing management systems. Although not relevant to internal auditing itself ISO/TS 22003:2013 Food safety management systems – Requirements for bodies providing audit and certification of food safety management systems provides guidance relevant to the undertaking of audit activities that still proves useful in developing an internal auditing programme. The annexes of this standard provide specific guidance on the time requirements for auditing.
11.14 Guidelines for auditing FIMS in the food manufacturing environment are limited to date. However, when considering the development of an auditing programme to verify the four aspects of food integrity (product, process, data and people) it is important to consider the ISO/IEC 27000 standards for information security management systems which are under development at the time of writing this Guide, including:
3.148.108.112