Regulatory Comments to Docket No. FDA-2011-N-0146 Draft Guidance for Industry and Food and Drug Administration Staff: Third-Party Auditor/Certification Body Accreditation for Food Safety Audits: Model Accreditation StandardsRegulatory Comments to Docket No. FDA-2011-N-0146 Draft Guidance for Industry and Food and Drug Administration Staff: Third-Party Auditor/Certification Body Accreditation for Food Safety Audits: Model Accreditation Standards
Date: October 5, 2015
The FDA Food Safety Modernization Act (FSMA), added Section 808 to the Federal Food, Drug, and Cosmetic Act (the Act). Section 808 of the Act directs Food and Drug Administration (FDA) to establish a program for the recognition of accreditation bodies that accredit third-party auditors/certification bodies to conduct food safety audits to assess compliance with the provisions of the Act and to issue food and/or facility certifications that FDA may use in certain circumstances to facilitate the entry of foods presented for import. Section 808(b)(2) of the Act requires FDA to develop Model Accreditation Standards that recognized accreditation bodies shall use to qualify third-party auditors/certification bodies for accreditation, and in so doing, to look to existing standards for certification bodies to avoid unnecessary duplication of efforts and costs. This draft guidance document is issued as a companion to the proposed rule “Accreditation of Third-Party Auditors/Certification Bodies to Conduct Food Safety Audits and to Issue Certifications” (“the proposed rule”). When finalized, the Model Accreditation Standards submitted for notice and comment by FDA will serve as a companion guidance document to the final rule.
FDA’s standard-setting activities are guided by the National Technology Transfer and Advancement Act of 1995 (NTTAA). This legislation directs federal agencies to use voluntary consensus standards in lieu of government standards, except where inconsistent with law or otherwise impractical. It is our understanding that FDA considered several voluntary consensus standards for their relevance to the qualifications of third-party auditors/certification bodies that would certify foreign food facilities and/or their foods for conformance with the requirements of the Act. In addition, FDA sought to identify the standards most commonly used by stakeholders (e.g., other governments, private and public accreditation bodies, the food industry at large, and the international standards community) in qualifying third-party auditors/certification bodies for conducting food safety audits. In summary, FDA was guided in developing a draft Model Accreditation Standards guidance document by International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) ISO/IEC 17021: Conformity Assessment – Requirements for bodies providing audit and certification management systems (2011)(“ISO/IEC 17021:2011”). If the draft guidance is finalized, it will constitute the model accreditation standards referred to in section 808(b)(2) of the Act. NPA appreciates the opportunity to comment on this draft guidance, and we are submitting this letter as a formal comment, concerning FDA’s draft guidance on third-party auditor/certification body accreditation for food safety audits.
At a minimum, NPA recommended the following general criteria for the operation of performing inspections to include the following parameters:
- Administrative requirements, including the maintenance of documented processes which describe its functions and the technical scope of activity for which it is competent; adequate liability insurance in accordance with or by the organization of which it forms a part; documentation describing the conditions under which it conducts business; and having accounts independently audited.
- Independence, impartiality and integrity to ensure auditors are free from any commercial, financial and other pressures that might affect its judgment in carrying out inspection activities, and that procedures have been implemented to ensure that persons or organizations external to the auditor will not influence the results of inspections.
- Confidentiality to ensure that confidentiality of information obtained during the course of an auditor’s inspection activities are maintained and that proprietary rights are protected.
- Organization and management that enables the auditor to maintain the capability to perform its technical functions satisfactorily.
- The maintenance of a sufficient number of permanent personnel with the range of expertise to carry out its normal functions. The staff responsible for carrying inspection activities should have appropriate qualifications, training, experience and a satisfactory knowledge of the requirements of the inspections to be carried out. Personnel should possess the ability to make professional judgments as to conformity/compliance with general requirements using examination/inspection/audit results and to report there on; relevant knowledge of the technology used for the manufacturing of the products inspected, of the way in which products or processes submitted to their inspections are used or are intended to be used, and of the defects which may occur during use or in service; an understanding of the significance of deviations found with regard to the normal use of the products or processes concerned and report upon them accordingly; and a documented training system to ensure that the training of its personnel, in the technical and administrative aspects of the work in which they will be involved, is kept up-to-date in accordance with its policy.
- Inspection methods and procedures that utilize appropriate methods and procedures for inspection which are defined in the requirements, against which conformity is to be determined.
- Maintenance of records to comply with applicable regulations. Records should include all sufficient information to permit satisfactory evaluation of the inspection/audit. All records should be safely stored for a specified period, held secure and in confidence to the client, unless otherwise required by law.
- Inspection reports and inspection certificates, work should be carried out and covered by a retrievable inspection/audit report and/or inspection/audit certificate. The inspection/audit report and/or inspection/audit certificate should include all the results of examinations and the determination of conformity (compliance) made from the results identified during the inspection/audit as well as all other information needed to understand and interpret such results.
- A Quality System that is fully documented and defined by ISO 17020 to ensure confidence and transparency in the third-party auditor/certification body.
NPA wants FDA to ensure continued compliance among third-party accreditation bodies. Accredited inspection bodies should be regularly re-assessed to ISO/IEC 17020 to ensure they are keeping pace with technical and regulatory changes in their areas of expertise, are maintaining their standards of work and can continue to demonstrate practical competence in compliance to federal rules and provide sound judgement that is consistent.
Accreditation requirements should ensure that third parties are: independent of the parties involved; not responsible for the design, manufacturing, supplier, installing, or purchasing of items inspected; do not own or use or maintain items which are inspected, nor the authorized representative of any of these parties. A third party should provide safeguards within the organization to ensure adequate segregation of responsibilities and accountabilities in the provision of inspection services by organization and/or documented procedures. Inspection parameters may include matters of quantity, quality, safety, fit for purpose or use, and continued safety compliance of plant or systems in operation. ISO 17020: 2008 requirements should cover third parties, whose work may include the examination of materials, products, installations, plant, processes, work procedures, or services, and the determination of the conformity, with requirements, and the subsequent reporting of results of these activities to clients when required.