The IFS Audit
The company will assist and co-operate with the auditor during the audit. As part of the audit, personnel from different levels of management are interviewed. It is advisable that the company’s senior managers are present at the opening and closing meetings so that any deviations and non-conformities can be discussed.
The auditor(s) who conduct(s) the audit will assess all the requirements of IFS which are relevant to the company’s structure and function.
During the closing meeting, the auditor (or lead auditor in the case of an audit team) shall present all findings and discuss all deviations and non-conformities which have been identified. As specified by ISO/IEC Guide 65 (future ISO/IEC 17065 norm), the auditor may only issue a provisional assessment of company’s status during the closing meeting. The certification body shall issue a provisional audit report and outline an action plan to the company, which shall be used as a basis for drawing up corrective actions for the determined deviations and non-conformities.
The certification body is responsible for making the certification decision and the preparation of the formal audit report after the receipt of the completed action plan. The issue of the certificate is dependent on the audit results and on agreement on an appropriate action plan.
Types of audit
An initial audit is a company’s first audit to IFS. It is performed at a time and date agreed between the company and the selected certification body. During this audit the entire company is audited, both in relation to its documentation and the processes themselves. During the audit, all criteria of the IFS requirements shall be assessed by the auditor. In the case of a pre-audit, the auditor who performs this audit shall be different from the auditor who performs the initial audit.
A follow-up audit is required in a specific situation when the results of the audit (an initial audit or a renewal audit) have been insufficient to allow the award of the certificate. During the follow-up audit, the auditor focuses on the implementation of the actions taken to correct the Major non-conformity determined during the previous audit. The follow-up audit shall be performed within a six months period from the date of the previous audit. In general, the auditor who performed the audit where a Major non-conformity has been identified shall perform the follow up audit.
If the Major non-conformity is related to production failure(s), the follow up audit shall be performed at least 6 weeks after the previous audit and no later than 6 months after the previous audit. For other kinds of failures (e.g. documentation), the certification body is responsible for the determination of the date of the follow-up audit.
If there is no follow-up audit performed after 6 months from the date of the previous audit, then a complete new audit is necessary.
In the event that the follow-up audit establishes that requirements remain inadequate, a complete new audit is necessary. The elimination of Major non-conformities shall always be established by an on-site visit by the auditor.
Renewal audit (for recertification)
Renewal audits are those which are performed after the initial audit. The period in which a renewal audit shall be performed is shown on the certificate. A renewal audit involves a full and thorough audit of a company resulting in the issue of a new certificate. During the audit, all criteria of the IFS requirements shall be assessed by the auditor. Particular attention is paid to the deviations and non-conformities identified during the previous audit, as well as to the effectiveness and implementation of corrective actions and preventive measures laid down in the company’s corrective action plan.
Note: corrective action plans from the previous audit shall always be assessed by the auditor, even if the previous audit has been performed more than one year ago. Therefore, audited companies shall always inform their certification body if they have already been IFS certified in the past.
The date of the renewal audit shall be calculated from the date of the initial audit and not from the date of issue of the certificate. Furthermore, the renewal audit can be scheduled at earliest 8 weeks before and at latest 2 weeks after the renewal audit due date. Companies are responsible for maintaining their certification. All IFS certified companies will receive a reminder from the IFS on-line audit portal three months before certification expiration.
The certification bodies shall contact companies in advance in order to set a date for a new audit.
In general, the expected date of each audit shall be uploaded in the IFS audit portal, in the diary function and at latest 2 weeks (14 calendar days) before the audit due date (it is possible to change the date short term).
In specific situations, such as new products and/ or processes to be included in the audit scope or each time the audit scope would need to be updated on the certificate, then, for an IFS certified company, it is not necessary to perform a complete new audit, but to organise an on-site extension audit during the validity period of the existing certificate. The certification body is responsible for determining relevant requirements to be audited and relevant audit duration. The report of this extension audit shall be represented as an annex adjoined with the current audit report. Conditions for passing the extension audit (relative score ≥ 75 %) are the same as normal one, but only focused on specific requirements which have been audited; the original audit score does not change.
If the extension audit demonstrates compliance, the certificate shall be updated with the new scope and uploaded in the audit portal.
The updated certificate shall keep the same due date of end of validity as the current certificate.
If, during the extension audit, a Major non-conformity or a KO (Knock Out non-conformity) has been identified, the full audit is failed and the current certificate shall be suspended as described in 5.8.1 and 5.8.2 (IFS Food).
Requirements for IFS Auditors
In general, the auditors shall meet the requirements of chapters 7.2 and 7.3.1 of ISO 19011.
During an IFS audit, auditors shall, as IFS good auditing practices, use relevant samples of products, in order to investigate on-site the auditee’s production processes and documentation and to check the fulfilment of IFS requirements. In particular, auditors shall perform, during the audit, a traceability test in the company.
IFS publishes Guidelines which can provide further information on topics to be checked and/ or requested to the audited company during the audit.
Evaluation of requirements
The auditor assesses the nature and significance of any deviation or non-conformity. In order to determine whether compliance with a requirement of IFS Food has been met, the auditor has to evaluate every requirement in the Standard. There are different levels to rank the findings.
In IFS Food, there are 4 scoring possibilities:
A: Full compliance with the requirement specified in the Standard
B: Almost full compliance with the requirement specified in the Standard, but a small deviation was found
C: Only a small part of the requirement has been implemented
D: The requirement in the Standard has not been implemented
The auditor shall explain all scorings with B, C and D in the audit report.In addition to this scoring, the auditor can decide to give the company a “KO” or a “Major".
A Major is defined as follows:
A Major non-conformity can be given to any requirement which is not defined as KO requirement.
When there is a substantial failure to meet the requirements of the Standard, which includes food safety and/ or the legal requirements of the production and destination countries. A Major can also be given when the identified non-conformity can lead to a serious health hazard.
KO (Knock out)
In IFS, there are specific requirements which are designated as KO requirements (KO – Knock Out).
If during the audit the auditor establishes that these requirements are not fulfilled by the company, this results in non-certification.
In IFS Food the following 10 requirements are defined as KO requirements:
1.2.4 Responsibility of the senior management
184.108.40.206.1 Monitoring system of each CCP
220.127.116.11 Personnel hygiene
18.104.22.168 Raw material specifications
22.214.171.124 Recipe compliance
4.12.1 Foreign material management
4.18.1 Traceability system
5.1.1 Internal audits
5.9.2 Procedure for withdrawal and recall
5.11.2 Corrective actions
Scoring a requirement with N/A (not applicable)
When the auditor decides that a requirement is not applicable for a company, the auditor has to use as scoring: N/A: Not applicable and provide a short explanation in the audit report.