FAQ — Audit Questions
How does this process work if we have already been certified for BRC-IOP by an approved audit firm?
If you have a current audit to the BRC standard and required AuditOne Module conducted by one of the AuditOne approved certification bodies it will be accepted if it was conducted after July 1, 2016. The CB/auditor may post the audit on the platform and be authenticated to meet your annual quality assessment for 2017. All future audits must be on the platform.
What if a company is already EFfCI certified? Is another audit required?
Yes. In 2016 a level 4 (in-depth audit) is required. The audit must be conducted by one of the AuditOne approved CBs. The audit frequency will be annual.
Do AuditOne standards include typical Social Responsibility audit components?
Not at this point. Brand owners have indicated an interest in this in the future.
What if we are already EXCIPACT certified but not by your approved audit firm?
The audit required by the AuditOne is a level 4 audit (in depth) requiring objective evidence the quality system being audited is meeting requirements. The audit firms participating in this program have been trained to this standard. Therefore we must use the AuditOne approved firms for this program.
Are subsequent audits, done annually, full audits or partial (surveillance) audits?
AuditOne requires an annual audit in order to meet all participating brand owners’ audit requirements.
What if we are already audited to GFSI standards, i.e. SQF?
This is a food safety standard. As AuditOne is currently for non-foods products only, GFSI does not apply.
If we are already certified to the ISO standards required by an accredited body, why would we need to have another audit for this program?
The standards approved by FMCG/CPG companies participating in this program can be found here. The brand owners participating in this program are listed here. The approved audit firms can be found here. To qualify, suppliers must have an audit conducted by one of the approved audit firms, using the approved standard for the category of products produced in the facility.
Do you see AuditOne as being the primary source to handle CAPA completion?
Yes, the AuditOne platform provides complete CAPA documentation. Once mobile audit is rolled out in 2017 there will be a corresponding digital CAPA tool.
If the physical site audits typically are on 2-3 year cycles and the annual requirement is conducted through a desktop audit is J&J expecting an annual site audit through the AuditOne program?
Yes, the program requires and annual site audit, some standards require a full audit in year one and two surveillance audits in years 2 and 3 followed by a full assessment in year 4. Some require a full assessment each year.
What is the audit cost for suppliers?
Anywhere from $2,500 to $5,000 depending on kind of audit, time/duration.
What if you are currently ISO 13485 certified, would you need annual audits?
The ISO 13485 standard was chosen for Medical Device manufactures and is part of the AuditOne program.
What if we are currently under contract with a Registrar for a standard, will we be required to add additional cost for this Audit One or after our contract is complete?
Yes, to qualify for AuditOne, you must be audited to the appropriate standard selected by the participating brand owners.
We are already required to obtain ISO/FSSC 22000, e.g. Are you saying that AuditOne will audit suppliers to the ISO22000, or are you just recording audits from others? Are you just warehousing audits from others?
You may upload any documents you like to the platform and share them as needed. The brand owners participating in the AuditOne program have developed a list of published audits specific to product categories they all accept as meeting their annual compliance requirements. If, as a supplier, you post the results of this audit, each participating brand owner will accept that audit as meeting their annual requirement.
How are multi-site suppliers handled? Will there be a mechanism for multi-site certifications or is each site expected to have its own AuditOne assessment?
Each site is required to have its own assessment.
What if the facility is already certified, with an approved auditor, to a higher standard than required? Example, Cosmetics facility certified to FSSC22000
There is a hierarchy of standards – certifications to a higher standard is acceptable as meeting all the categories a supplier may operate within.
What qualifies as “approved” in the audit?
Each standard is graded upon a number of findings in three categories -critical, major, minor – as long as you meet the criteria established for your standard, you will be approved.
Do you have to be a member of F4SS to participate in AuditOne? if so what is cost? I thought I heard there was a cost avoidance of $4,000 , what is cost of actual audit?
You do not have to be a member of F4SS to participate in AuditOne. F4SS and AuditOne are now two separate entities. We estimate the cost to a supplier hosting a full blown compliance audit to be $4,000, including audit preparation, actual hosting, and follow up reporting. The audit costs can range from $2,500 to $8,000 depending on the locations, scheme, certification requirements, and supplier preparedness.