15-4-2020 COVID-19 POSITION PAPER: FAQ's & GUIDANCE TO CBs : MyFSSC

COVID-19 POSITION PAPER: FAQ's & GUIDANCE TO CBs

Modified on: Fri, 10 Apr, 2020 at 3:53 PM

The purpose of this article is to answer frequently asked questions and provide guidance to our licensed CBs on how to
interpret and implement the current Coronavirus position paper requirements.

1. Can the Option 2 remote audit of the previous position paper still be applied?
No – we are required to align our position paper to that of the GFSI and they don’t allow remote audits to be conducted
at this point in time. The only option at the moment is to conduct a risk assessment and either extend the validity of the
current V4.1 certificate where this is due to expire, postpone the surveillance audit by a maximum of 6 months or
suspend the current certificate.

2. When does the risk assessment need to be conducted?

There are 2 dis nct stages where a risk assessment might be required, namely as part of dealing with the Serious
Event and where planned audits have to be postponed/cer ficate validity extended as a result of not being able to
conduct the onsite audit.
a) Corona pandemic as a Serious event:
The first step is to determine whether or not the cer fied organiza on’s opera ons are affected by the
pandemic. The Corona pandemic is considered to be a serious event according to the Scheme rules (Part 3,
sec on5.10) and it needs to be ensured that the cer fica on integrity is being maintained and that the
companies con nue to produce safe food/products.

Affected sites in this case refers to where the company is not opera ng normally, i.e. where produc on
processes have been impacted/changed, a change in supplier base, limita on on resources and/or a change
in scope or ac vi es on site. The la er would also include instances where new risks might have been
introduced as a result of new products being produced e.g. where wineries are using alcohol to produce
hand sani zer. The risk assessments therefore have to be completed for all affected sites within the next 2
months (by 1 June 2020) and uploaded to the portal as a special audit. Where the company is opera ng
normally, the risk assessment is not required. It is important to note that because this is a known serious
event, CBs have to ac vely contact their cer fied organiza ons and cannot only rely on clients informing
them. Records have to be maintained confirming whether or not organiza ons are affected.

b) Inability to conduct planned audits due to the Corona pandemic

Where the CB is unable to perform the planned annual audit as a result of the Corona pandemic and the
requirements as set out in the posi on paper applies, the surveillance/upgrade audit may be postponed by
6 months within the calendar year or in the case of a recer fica on, the validity of the cer ficate may be
extended, subject to conduc ng a risk assessment where the outcome indicates a low risk of maintaining
cer fica on. The outcome of the risk assessment could also lead to a suspension.

3. What version should the extended certificate be issued to in the recertification year?
The requirements as listed in IAF ID3 and those specified in the position paper have to be addressed in a documented
risk assessment. If the risk assessment determines that there is a low risk for continued certification, the existing V4.1
certificate may be extended by a maximum of 6 months.
The portal has to be updated with the new validity information. The CB may issue an updated certificate to the client.
The FSSC certificate template shall be used and the following updated:
• Date of certification decision: date the risk assessment was reviewed by the certifier
• Date of issue: new date the extended certificate was issued

https://myfssc.fssc22000.com/support/solutions/articles/43000566977-covid-19-position-paper-faq-s-guidance-to-cbs 1/3
15-4-2020 COVID-19 POSITION PAPER: FAQ's & GUIDANCE TO CBs : MyFSSC

• Valid until date: original expiry date of the certificate + 6 months

• Add a sentence: The validity of this certificate was extended based on a risk assessment related to the Coronavirus

The full V5 recertification audit has to be completed onsite within the extended validity window. Once the full
recertification audit has been completed successfully, a new V5 certificate can be issued. The expiry date on the new
V5 certificate shall revert back to the original cycle – refer to the example in the position paper.

4. Can a surveillance/upgrade audit be postponed within the calendar year without a risk assessment?
In cases where the company is not affected by the Coronavirus, the audit can be planned at a later stage in the
calendar year – ISO/IEC 17021-1: 9.1.3.3.
However, where a company has been affected by the Coronavirus, a risk assessment is required – refer to Part 3: 5.10
Management of Serious events. The risk assessment has to be conducted asap to determine the impact on and status
of the certification. The Foundation expects the risk assessments to be completed within the next 2 months (to be
completed by 1 June 2020) taking into consideration the number of clients involved.
The requirements as referenced in the Coronavirus position paper have to be addressed and the CB has to make a
certification decision to decide whether the certification can remain in place or has to be suspended. In the case of a
low risk for continued certification, the surveillance audit may be postponed by 6 months within the calendar year.

5. Who has to conduct the Risk assessment?

The expectation is that a FSSC approved auditor with the category complete the risk assessment and the discussion
with the site. If at all possible, use an auditor who has already been to the site as they will have a better understanding
of the site and the processes involved. It is also possible for an individual with the same competency level as the
auditor e.g. a technical manager or technical reviewer, to complete the risk assessment. In all instances the CB shall
train the individuals on the risk assessment process.

6. What is the process required if issues are detected during the risk assessment?
In the first instance, the CB has to consider as part of the risk assessment if sufficient mitigating measures are in place
to allow for continued certification. It might be needed to request additional information from the certified organization
or a corrective action plan to support the decision. The CB is responsible for the certification decision on whether or
not the outcome of the risk assessment supports continued certification or if the company needs to be suspended.

7. Can a Head Office audit be conducted remotely?

It is not possible to conduct the head office audit remotely, although it is allowed to use ICT as described in IAF MD4 for
virtual sites or interviews with key personnel as part of the onsite audit. Refer to Part 3 of the Scheme rules – 4.3.3a.

8. Can a Stage 1 audit be conducted as a full remote audit?

A full remote Stage 1 audit is not allowed at this stage as it is not aligned with the GFSI position. ISO/TS22003: 2013
allows for part of the Stage 1 to be conducted off-site in exceptional circumstances such as this – refer clause 9.2.3.1.3

9. Is it possible for an organization certified against another GFSI recognized scheme to move over to FSSC
22000 and can the exception as described in the position paper be applied?
It is possible for an organization certified to another GFSI recognized scheme to move to FSSC. The transition audit
shall be at least two-thirds of the initial certification audit time and it shall be a full onsite audit. The exception as
described in the Corona paper cannot not be applied because it only applies to existing FSSC 22000 certified
organizations.

10. Does the COVID-19 Position paper also apply in the case of a transfer audit, i.e. an organization with an
existing FSSC 22000 certificate who wants to move to another CB?
In the first instance, the new CB needs to conduct the transfer pre-review as described in IAF MD2. It is up to the CB
to decide whether to take over the existing certificate based on the requirements and it could either be based on a
document review or an onsite verification audit might be required. The normal transfer process has to be followed as
per IAF MD2.
Once the certificate has been taken over and issued then based on the planned scheduling, the position paper could be
applied if the conditions of the paper is met. For example, if the next surveillance audit is due within the next 3 months
and the organization is situated in an area affected by the Corona virus, the surveillance audit could be delayed based
https://myfssc.fssc22000.com/support/solutions/articles/43000566977-covid-19-position-paper-faq-s-guidance-to-cbs 2/3
15-4-2020 COVID-19 POSITION PAPER: FAQ's & GUIDANCE TO CBs : MyFSSC

on the risk assessment.

11. How do I upload the risk assessment to the FSSC portal?

The risk assessment has to be uploaded in the portal as a special audit, with the justification Pandemic – Coronavirus.
It will be possible to upload the documents in the portal as of 1 April 2020. For more details, refer to the following
articles:
1. Corona virus: How to register special audit and certificate validity extension:
https://myfssc.fssc22000.com/en/support/solutions/articles/43000563106-corona-virus-how-to-register-special-
audit-and-certificate-validity-extension (https://myfssc.fssc22000.com/en/support/solutions/articles/43000563106-
corona-virus-how-to-register-special-audit-and-certificate-validity-extension)
2. Special audit registration:
https://myfssc.fssc22000.com/en/support/solutions/articles/43000563100-special-audit-registration
(https://myfssc.fssc22000.com/en/support/solutions/articles/43000563100-special-audit-registration)

12. Is there a fee for uploading the special audit (risk assessment) in the portal?
No – The Foundation will not charge a fee for uploading the risk assessments to the portal.

13. What about remote audits that has already been done according to the previous position paper?
As CBs acted in good faith, the Foundation will honor these audits and the CB can proceed to use the steps as outlined
in the previous position statement to complete the process. It is requested that CBs sends us a list of clients where
remote audits have been conducted to ensure continued transparency.

14. What is the process to follow in the case of seasonal sites?

As there are numerous variations with seasonal sites, we will deal with specific requests regarding to seasonal sites on
a case-by-case basis through the Helpdesk.

15. Our Accreditation Body (AB) has different rules than what is stated in the FSSC Position Paper. Which
requirements do the CB follow?
In cases where the AB requirements are stricter than what is stated in the FSSC Position Paper, the AB requirements
should be followed i.e. some ABs only allow a 3 month validity extension of the certificate. In all other cases the FSSC
statement are to be followed. If the ABs statement differs significantly from that of the FSSC, then we ask that you
inform us via the info@fssc22000.com email so we can follow up with the relevant AB. The ABs has also been
informed of our CB position paper in an effort to align approaches.

https://myfssc.fssc22000.com/support/solutions/articles/43000566977-covid-19-position-paper-faq-s-guidance-to-cbs 3/3