GFSI BENCHMARKING REQUIREMENTS

VERSION 2024

PART II
BENCHMARK
REQUIREMENTS
IMPLEMENTATION
HANDBOOK
 version 13/11/2024

Benchmark Requirements
Implementation Handbook
Contents

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Section 1: Ownership, Development and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Section 2: Accreditation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Section 3: Relationship with Certification Bodies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Section 4: Certification Bodies Personnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Table 1: GFSI sector and sub-sector scopes for recognition

and the associated competence of auditors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Section 5: Management of Audit and Certification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Section 6: Multi-site Certification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Table 2: Minimum sample size for the certification of

multisite organisations based on sampling for scope G. . . . . . . . . . . . . . . . . . . . . 53

Glossary Clarifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

2 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Introduction
The Global Food Safety Initiative aims to improve food safety and business Part III of the GFSI Benchmarking Requirements defines the key elements required
efficiency. GFSI’s work in benchmarking and harmonisation fosters mutual in a Certification Programme in relation to:
acceptance of GFSI-recognised Certification Programmes across the industry
and enables a simplified “once certified, recognised everywhere” approach. This • Hazard and Risk Management Systems (Hazard Analysis and Critical Control
reduces inefficiencies from duplication of audits and helps reduce trade barriers. Points (HACCP) or HACCP based systems);
• Food Safety Management Systems;
The GFSI Benchmarking Requirements are built through consensus of experts; they • Good Industry Practices, Good Manufacturing Practices, Good Agricultural
form a shared and widely accepted understanding of what constitutes a robust Practices.
food safety Certification Programme. Whilst the detailed content of each individual
Certification Programme shall be independently developed this Implementation The documents are split into the 20 scopes AI to K.
Handbook aims to aid understanding and expectations of GFSI in documenting
and demonstrable evidence of implementation of a robust system. GFSI have not provided detailed guidance within this handbook for Part III as it
is beyond the remit of GFSI to dictate the expectation of the implementation of
This Implementation Handbook covers Parts II and III of the GFSI Benchmarking requirements at the site. It is the responsibility of the Certification Programme
Requirements, with part I covered separately. Owner to ensure their requirements and expectations are suitably clear to
stakeholders including sites implementing the Certification Programme, auditors
This Implementation Handbook provides detailed guidance and clarity on the and Certification Bodies certificating the Certification Programme and users of the
Benchmarking Process and Requirements outlining key steps, expectations, best certificate, to ensure that requirements are adequately met.
practices, and examples where necessary to support with the implementation
process for Certification Programmes Owners.

Part II of the GFSI Benchmarking Requirements defines the key elements required
in a Certification Programme in relation to:

• Ownership, development and maintenance;

• Accreditation;
• Relationship with Certification Bodies;
• Certification body personnel;
• Management of audit and certification;
• Multisite sampling and group certification.

3 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Section 1: Ownership, Development and Maintenance

CLAUSE CLAUSE
REQUIREMENTS IMPLEMENTATION GUIDANCE
NUMBER NAME

Evidence provided of legal company registration documents in

1.1 Ownership The Certification Programme Owner shall be a legal entity,
home country matching CPO name.

The Certification Programme Owner shall have the authority to

1.2 Ownership Evidence of authority for ownership of normative documents.
establish and amend the Certification Programme.

To maintain independence and impartiality, the Programme Owner

The Certification Programme Owner shall neither have cannot be a Certification Body or group of Certification Bodies.
conformity assessment nor certification activities for the It is noted that Certification Bodies are a valuable asset to the
1.3 Ownership Certification Programme. In particular, the Certification development of a programme with their experience and knowledge
Programme shall not be developed, managed or owned by a and should be considered a stakeholder in the CPOs development
Certification Body or group of Certification Bodies. process. Therefore Certification Bodies can participate in the
developing process but cannot be a Programme Owner.

The glossary defines consultancy as participation in:

• designing, implementing or maintaining a management system,
for instance:
a) preparing or producing manuals or procedures, and
b) giving specific advice, instructions or solutions towards the
The Certification Programme Owner shall not provide any development and implementation of a management system;
1.4 Ownership
consultancy on their Certification Programme. • designing, manufacturing, installing, maintaining or distributing of
a certified product or a product to be certified, or;
• designing, implementing, operating or maintaining of a certified
process or a process to be certified, or;
• designing, implementing, providing or maintaining of a certified
service or a service to be certified.

4 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Note: Arranging training and participating as a trainer is not

considered as consultancy, provided that, where the course relates
to management systems or auditing, it is confined to the provision of
generic information that is freely available in the public domain; i.e.
the trainer does not provide company-specific solutions.

The certification process shall not be ‘self-promoting’ or

‘selfexpanding’ by mandating that products or services from
There shall not be conditions within the Programme which specify a
1.5 Self-promotion the certified organisation shall contain components which
requirement for certification by the CPO.
are certified under a Certification Programme owned by the
Certification Programme Owner.

The Certification Programme Owner shall not allow products

Evidence of documented rules for product labelling and use of brand
Product produced under the conforming Certification Programme to
1.6 marking. Evidence of active follow up where issues are highlighted
Labelling be labelled, marked or described in any manner which implies
to the CPO.
they meet specific food safety criteria.

The Certification Programme shall specify the use of off- product

Product Documented CPO rules of requirement for Certification Bodies to
1.7 logo or mark and ensure that Certification Bodies communicate
Labelling communicate to applicants/certified organisations.
those rules to applicant/certified organisations.

Certification Documented process for development and formal ongoing review

The Certification Programme shall be developed and maintained
Programme of Programme and its operation.
with the participation of technically competent representatives
1.8 Development
of direct stakeholders or be subjected to formal review by such Demonstrable evidence of input e.g. feedback documentation,
and
parties and subsequently determined as appropriate. meeting minutes.
Maintenance

Documented policy on determination of representatives reflective of

Certification sector i.e. needs to be justified.
The number and interests of the stakeholder representatives
Programme
involved with the Certification Programme development shall Demonstrable evidence of participation of stakeholders relevant
1.9 Development
be reflective of the sector(s) of the food supply chain for which to the Programme sufficiently covering different interests eg
and
the Certification Programme is intended. Accreditation Bodies, Certification Bodies, Auditors, Industry Groups,
Maintenance
Brand Owners, Manufacturers, Consumers.

5 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

There shall be a defined process for review and evidence to

Certification demonstrate implementation.
Programme
The Certification Programme shall be subjected to stakeholder Expectation is that a representative range of persons / industries
1.10 Development
consultation during its development. / governing bodies have the opportunity to comment and that this
and
Maintenance is advertised in an appropriate manner to ensure extensive contact
and clear messaging of timelines and feedback mechanism.

Timescales will need to consider the volume of changes and

Certification therefore the amount of time required to review, the time of year
The consultation period shall allow sufficient time for
Programme when the consultation is undertaken eg further time may be required
stakeholders to review the Certification Programme under
1.11 Development over holiday periods.
development and send their comments to the Certification
and
Programme Owner. The consultation duration should be proportionate to the changes
Maintenance
and the impact to stakeholders.

Certification
Programme The Certification Programme Owner shall ensure due Evidence of consideration shall be available eg documented
1.12 Development consideration to comments received from stakeholders during evidence of discussion or review of comments and their incorporation
and the consultation. or rejection into the update.
Maintenance

The glossary defines Normative documents as ‘documents stating

the specified requirements (need or expectation that is stated) such
Certification as regulations, standards, and technical specifications which are
Programme The Certification Programme’s normative documents shall be part of the Certification Programme’.
1.13 Development established by consensus and issued using a formalised and
and documented approval process. Documented process outlining development and sign off of such
Maintenance documents considering nature and type of changes. Evidence of
examples of such development eg meeting minutes, documented
comments.

6 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Certification
The Certification Programme’s normative documents shall be
Programme Evidence of public availability eg link to website. Expectation is that
appropriately controlled and publicly available. The documents
1.14 Development the normative documents are easily available and not subject to any
submitted to GFSI shall be translated into English and their
and type of subscriber restriction.
translation appropriately controlled.
Maintenance

Certification The Certification Programme’s normative documents shall

Programme be reviewed and re-issued as appropriate to remain current
Evidence of review where stakeholder or GFSI benchmarks have
1.15 Development and address stakeholders’ expectations. This shall include
required change.
and revision in accordance with the issuing of new versions and
Maintenance sub-versions of the GFSI Benchmarking Requirements.

This shall include changes to any normative documents, significant

Certification The Certification Programme Owner shall inform key changes to operational instructions or contractual arrangements.
Programme stakeholders, including GFSI, of any changes to the Certification Evidence of communications to stakeholders.
1.16 Development Programme, in particular all those changes that may impact
and the recognition status of the Certification Programme. (See Confirmation of changes communicated and received by GFSI.
Maintenance Glossary for Reportable incidents to GFSI). CPOs shall complete GFSI process to inform of changes to normative
documents and impact to current benchmarking.

Certification
The Certification Programme Owner shall ensure that
Programme
stakeholders and other interested parties can make effective
1.17 Development Evidence of service – e.g. website contact us details.
contact with the Certification Programme Owner, or authorised
and
authority, to clarify any interpretation.
Maintenance

Evidence of a comprehensive QMS with policies, procedures,

processes, documents, and records to evidence meeting of GFSI
Documentation The Certification Programme Owner shall establish, implement
1.18 requirements. This shall include a clear and current model of the
requirement and maintain a Quality Management System.
organization's structure and the responsibilities of all individuals
within the organization.

7 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Evidence of public availability of documented complaint procedure e.g.

link to website which shall ensure an effective investigation process is
conducted to identify and correct the causes of complaints with the aim
The Certification Programme Owner shall implement an to reduce complaint numbers or not to effect a repeat of the issue.
Complaint
1.19 effective documented complaint procedure. This procedure
procedure Evidence of handling of specific complaints will be interrogated to
shall be publicly available without request.
ensure the process is effectively implemented.
Complaint data should be available to review. If no complaints
received, then other data such as appeals should be included.

Evidence of a data management system which maybe a sophisticated

The Certification Programme Owner shall have in place
database or manual entry type spreadsheet. However, it should be
Data a clearly defined data management system holding and
1.20 clear how the system is kept accurate and up to date and which
Management maintaining data for the effective management and operation
personnel have responsibility for entering and checking the data on
of the Certification Programme.
the system.

The Certification Programme Owner shall ensure that the data

management system shall incorporate data in relation to the
GFSI Benchmarking Requirements and the annual assessment Demonstrable evidence that the data management system contains
questionnaire. This system shall allow to estimate as a minimum: the specified data and can be interrogated to show accurate up to
date information.
Data • Number of auditors approved to audit against the recognised
1.21 System shall be able to be interrogated e.g. number of auditors
Management programme by region; qualified for specific Programme, number of certificates issued
• Number of valid certificates; between specific dates or by country, number of suspended and
• Number of issued certificates within a given period; withdrawn certificate.
• Number of suspended certificates;
• Number of withdrawn certificates.

Demonstrable evidence of authenticity of certificate which is

Data The Certification Programme Owner shall have a process in accessible publicly e.g. certificate identification system e.g. unique
1.22
Management place to verify the authenticity of the certificate. number or QR code which can be checked e.g. public database or
on request back to CPO.

8 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

As per expectation of a well run Quality Management System, the

Certification Programme Owner shall undertake an internal audit
programme of its own processes and procedures to ensure validity
The operations of the Certification Programme Owner shall be and relevance demonstrating that the Certification Programme
subject to formal annual internal review of its relevance and Owner is doing what they say they will do and the Quality
1.23 Internal Review Management System is effective. A documented process shall
compliance to internal processes, and, where appropriate,
revised. outline what processes are reviewed, how, how often and by whom.
Evidence of review and the actions taken shall be available. This
internal audit should be used to implement procedure revisions
where necessary.

The Certification Programme Owner shall ensure that the formal

This assessment expectation is for external feedback and includes
internal review assesses the management of the Certification
1.24 Internal Review analysis of positives and negatives eg complaints, recalls,
Programme, and address any issues or concerns raised by
Certification Body performance, industry feedback, external audits.
stakeholders.

Evidence of what was reviewed and the outcome should be

documented. Findings (including where there are no non-compliance)
1.25 Internal Review The review and any arising actions shall be fully documented.
and corrective actions should be documented and evidence of a
process of review to ensure timely close out is in place.

9 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Section 2: Accreditation

CLAUSE CLAUSE
REQUIREMENTS IMPLEMENTATION GUIDANCE
NUMBER NAME

Documented evidence for the basis of accreditation.

The Certification Programme shall include a certification Note whilst ISO/TS 22003-1 is mandatory within ISO / IEC 17021-1,
Certification process based on one of the following standards: ISO / IEC ISO/TS 22003-2 is an optional accreditation process with ISO/
2.1
Process 17065 for product Certification Bodies or ISO / IEC 17021-1 with IEC 17065 and therefore GFSI do not dictate its mandatory use
ISO / TS 22003-1 for management system Certification Bodies. with ISO17065 schemes but maybe optional by the Certification
Programme Owner.

If applied - documented evidence of clear scoring systems and link

Where scoring, ranking and grading systems are applied, to where these are publicly available.
Certification
2.2 these shall be clearly explained by the Certification Programme
Process The implementation shall be interrogated during benchmarking
Owner and publicly available.
activities.

The Certification Programme Owner shall define clear scope(s)

Scope of of certification related to the sector of the food supply chain
2.3 Documented evidence of clear scope fitting GFSI scopes.
certification for which the Certification Programme is intended and
commensurate to the GFSI scope(s) of recognition.

The Certification Programme Owner shall have a process in

Relationship place to inform the Accreditation Bodies of:
with Documented CPO process with evidence of communications eg
2.8 • relevant information and developments related to the
Accreditation regular meetings, email communications on specific issues.
Bodies Certification Programme
• extending Certification Bodies’ scope of activities

10 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Certification The Certification Programme Owner shall ensure that a list of Evidence of active list e.g. link to website and confirmation that this
2.10
Bodies List active Certification Bodies is publicly available without request. is accurate and up to date.

Documented requirements may be formed by a number of

Certification The Certification Programme Owner shall have documented
documents or contractual arrangements but evidence shall outline
2.11 Bodies requirements for Certification Bodies to operate the Certification
the basis for approval for the Certification Body to operate the
Requirements Programme.
Programme.

The Certification Programme Owner shall ensure that all

activities resulting in the issuing of certificates are delivered
Accreditation
by Certification Bodies accredited by Accreditation Bodies Evidence of Accreditation Bodies being IAF MLA signatories – link
2.12 of Certification
members of the International Accreditation Forum (IAF) and to IAF website listing.
Bodies
signatories to the Multilateral Recognition Arrangement (MLA)
for the appropriate scope.

Accreditation
The Certification Programme Owner shall define clear scope(s)
2.13 of Certification Definition of scope i.e. naming of the Programme to be accredited.
of accreditation for the Certification Bodies.
Bodies

The Certification Programme Owner shall ensure that the Expectation is that this is clearly and easily publicly available such as
scope of accreditation of Certification Bodies shall be publicly on the CPO website or Certification Body websites.
Accreditation
available and precisely defined in terms of the exact name of Note that stakeholders would need to understand who the
2.14 of Certification
the Certification Programme in scope, its revision number and Accreditation Body was and find it difficult to navigate Accreditation
Bodies
/ or date and its sector of application reference (e.g. industry Bodies websites, so relying on links to Accreditation Body websites
sector). would not be accepted as fulfilling this requirement.

The Certification Programme Owner shall ensure that

Accreditation
Certification Bodies seeking accreditation for the Certification Must specify in policy that accreditation shall be achieved within 12
2.17 of Certification
Programme shall be accredited within 12 months from the date months from date of application to an Accreditation Body.
Bodies
of application to an Accreditation Body.

11 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

In the event that accreditation is not granted within 12 months

Evidence of a plan and actions shall be reviewed for specific
or, in situations where there is a delay, the Certification Body
Accreditation examples including the consideration of impact to GFSI recognition
shall provide a plan to the Certification Programme Owner for
2.18 of Certification and communication as appropriate to GFSI in a timely manner - within
approval to achieve accreditation and any potential impact on
Bodies one month of accreditation not being achieved at the maximum but
GFSI Recognition be highlighted to the GFSI Senior Technical
as soon as the issue is identified.
Manager.

If a Certification Body has a pending application for extension

of their scope with an Accreditation Body, the Certification Evidence of requirement within Certification Programme Owner
Accreditation
Body shall inform the Certification Programme Owner. The policy or contracts with Certification Bodies. Certification Programme
2.19 of Certification
Certification Programme Owner shall acknowledge and hold Owner’s to maintain communication records between Certification
Bodies
written notification from the Certification Body of such a Bodies and themselves as evidence of specific examples.
circumstance.

This shall be documented in a policy/contractual agreement and

evidence available e.g. link to accreditation certificate of Certification
Body on the Certification Body or Accreditation Body website.
In the event that the range of certification services offered by a
For example a Certification Body may offer certification to a particular
Accreditation Certification Body is wider than the range of those accredited,
Programme, but may not be accredited for all of the scopes of that
2.20 of Certification the Certification Programme Owner shall mandate that the
Programme – this shall be clearly and publicly explained.
Bodies Certification Body makes clearly and publicly available the
scope of their accreditation. For example a Certification Programme Owner or Certification Body
may offer Programme variants that are not accredited eg foundational
audit programmes and therefore this must be clearly and publicly
explained by the Certification Body offering those services.

In the event that the range of certification services offered Evidence available e.g. website of Certification Programme Owner
Accreditation by a Certification Body is wider than those accredited, the and/or Certification Body website with no conflicting information.
2.21 of Certification Certification Programme Owner shall ensure that those are There needs to be a clear distinction between those services which
Bodies transparent, not conflicting and distinguished from those that are accredited and those which are not which are easily identifiable
are accredited. and understandable for users.

12 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Section 3: Relationship with Certification Bodies

CLAUSE CLAUSE
REQUIREMENTS IMPLEMENTATION GUIDANCE
NUMBER NAME

Relationship The Certification Programme Owner shall have contractual

with and enforceable arrangements with all Certification Bodies
3.1 Evidence of signed legal agreements with all Certification Bodies.
Certification accredited to ISO / IEC 17065 or ISO / IEC 17021-1 with ISO / TS
Bodies 22003-1 to operate their Certification Programme.

Relationship
The Certification Programme Owner shall ensure that IAF MD4
with Evidence of current version of IAF MD4 (note current version is
3.1.2 (current version) is included as a normative reference for their
Certification 2023) shall be referenced within normative documents.
certification Programme(s).
Bodies

Relationship
The Certification Programme Owner shall require that
with Documented policy in place with evidence of communication where
3.2 Certification Bodies notify them of any withdrawal or suspension
Certification such occurs.
of their accreditation.
Bodies

The Certification Programme Owner shall ensure that a

designated Certification Body employee is responsible Documented policy requirement in place with evidence of CPO
Relationship
for the quality system’s development, implementation and oversight e.g. within CPO office audit of Certification Bodies.
with
3.3 maintenance. This designated employee shall also have
Certification Also check who the named designated employee is and their role
the responsibility for reporting on the performance of the
Bodies within the Certification Body.
quality system for the purposes of management review and
subsequent system improvement.

13 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Relationship
The Certification Programme Owner shall ensure that The ‘entirety’ of the Certification Programme shall be implemented
with
3.4 Certification Bodies use the Certification Programme in its ie evidence that all the rules are implemented when undertaking
Certification
entirety for the relevant GFSI scope of recognition. certification activities by the Certification Bodies.
Bodies

The Certification Programme Owner shall ensure that

Certification Bodies make the following information available at
all times to the Certification Programme Owner: Documented policy requirement in place with evidence of
Relationship
Evaluation procedures and certification processes in relation to acknowledgement and implementation by the Certification
with
3.5 the Certification Programme; Bodies and Certification Programme Owner oversight ensuring
Certification
implementation e.g. within Certification Programme Owner office
Bodies Details of complaints, appeals and disputes procedures; audit of Certification Bodies.
A comprehensive list of all certified organisations against the
scope(s) of the Certification Programme.

Relationship The Certification Programme Owner shall ensure that Documented policy requirement and evidence of acknowledgement
with Certification Bodies notify the Certification Programme and implementation by the Certification Bodies and Certification
3.6
Certification Owner of changes to ownership, management personnel and Programme Owner oversight. Evidence of communications with
Bodies management structure or constitution in a timely manner. such occurrences.

Documented policy with details of examples considered as a risk

to reputation to both the Certification Programme Owner and GFSI,
not restricted to food safety but shall consider reputational damage
The Certification Programme Owner shall agree on appropriate of the Certification Body, Certification Programme Owner and GFSI.
Relationship
actions with Certification Bodies to mitigate any situations Expected mitigation details shall also be documented e.g. actions
with
3.7 which could result in bringing their Certification Programme expected and timelines.
Certification
or GFSI into disrepute, and notify GFSI of such situation. (See
Bodies This shall be clearly communicated to Certification Bodies.
Glossary for Reportable incidents to GFSI).
Consideration shall be given to communication channels – media
such as mainstream press, trade press, TV as well as social media
channels and whether the CPO name or GFSI name is mentioned.

14 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Consideration shall be given to any situation which has potential

to lead to disrepute – including complaints, recalls, withdrawals,
involvement of regulator, product food safety issues linked to a
certificated site resulting in illnesses, injuries or any death. Issues
with the certification process such as poor Certification Body or
Auditor performance that may lead to suspension of Certification
Body from scheme, suspension or withdrawal of accreditation of
Certification Body or suspension or removal of an auditors approval
and fraud shall also be considered.
Fully traceable documented records of communication shall be kept
and available to GFSI on request as appropriate.

CPO shall have appropriate mechanisms in place to inform

Certification Bodies in a timely manner to allow appropriate actions
Relationship The Certification Programme Owner shall inform Certification to be undertaken when there are relevant developments related to
with Bodies of any relevant information and developments related the Certification Programme. This shall include clear instruction and
3.8
Certification to the Certification Programme. This shall include any changes timelines of impact for Certification Bodies to adjust their processes.
Bodies to the Certification Programme.
Evidence of communications to Certification Bodies where such
changes occur.

The Certification Programme Owner shall publish guidance /

requirements to Certification Bodies on transition arrangements
when a new version of the Certification Programme is issued.
The Certification Programme Owner guidance / requirements
Relationship may encompass elements such as the following: Documented publicly available policy which covers all the elements
with • terms and conditions of transition period between previous listed. Evidence of implementation with communications and
3.9
Certification and new versions; adherence of Certification Bodies to the defined requirements and
Bodies • defined timeline for transition; timelines.
• comparative information between previous and new
versions;
• timeline in which Certification Bodies are required to cascade
information to all auditors and certified organisations.

15 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Evidence of a risk-based programme i.e. demonstration of risk

The Certification Programme Owner shall implement a
matrix considering audit numbers, size and complexity of audits
risk-based programme to monitor and regularly review the
by the Certification Body and how this is applied to a programme
Integrity performance of Certification Bodies, and their compliance to
3.10 of activities e.g. desktop review of audit reports for quality and
Programme the Certification Programme’s requirements. This programme
audit activities, defined office audits and defined KPI metrics such
shall consider the number, size and complexity of audits carried
as adherence to audit activity timelines, audit duration etc for
out by the Certification Bodies.
Certification Bodies.

Evidence of defined results for each Certification Body and evidence

The Certification Programme Owner shall ensure that results
Integrity of communication e.g. documented report, email communications or
3.11 of the integrity programme are communicated to and reviewed
Programme recorded meeting. Appropriate improvement plans shall be agreed,
with the Certification Bodies at least once a year.
documented and monitored.

Evidence of a risk-based programme i.e. demonstration of risk

matrix outlining what elements have been considered and how this
has influenced the resultant activities of reviewing relevant audit
files and auditor records e.g. volume of assessments by Certification
Body/auditor; scope; organisation complexity; geographical spread.
Demonstration of how the reviews are carried out, what the
The Certification Programme Owner shall implement a risk- outcomes are and what follow up action is taken.
Desktop
3.12 based programme of desktop assessments of Certification
Assessment Expectation of review of details contained within audit reports to
Body performance on audit and auditor records.
ensure reports are completed as required and provide sufficient
detail and accuracy of the compliance at the site. Review of auditor
details shall confirm that auditors meet the documented qualification
and competency criteria.
Where improvement is required, appropriate action plans shall be
documented and actioned.

16 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

The Certification Programme Owner shall implement a risk-based

programme of Certification Bodies office audits, focusing on the
implementation of the Certification Programme’s requirements by
the Certification Bodies. Risk factors may include:
Evidence of a risk-based programme i.e. demonstration of risk matrix
• the number of countries in which a Certification Body considering the elements listed and how this is applied to develop
operates; the programme of office audits.
• the number of auditors employed;
Expectation of a documented office audit process outlining what
3.13 Office Visits • languages in which audits are undertaken;
is audited, how, how often and by whom ie competence and
• number of certified companies;
impartiality criteria.
• number of centralised Certification Body offices;
• number of audits undertaken per auditor; Evidence of completed office audit reports along with corrective
• grading and number of non-conformances. actions shall be available.
• management and notification of product recalls to
Certification Programme Owner.
• number of relevant complaints.

The Certification Programme Owner shall define and monitor Documented policy of defined KPIs with evidence of monitoring
Key Key Performance Indicators for Certification Bodies including which includes the elements listed ie complaints, audit report
3.14 Performance complaints, results of desktop assessments and office visits. review and auditor record review, office audit results. Evidence of
Indicators The Key Performance Indicators shall be communicated to and communication e.g. documented report, email communications or
reviewed with the Certification Bodies at least once a year. recorded meeting. Expectation of follow up actions.

17 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Section 4: Certification Bodies Personnel

CLAUSE CLAUSE
REQUIREMENTS IMPLEMENTATION GUIDANCE
NUMBER NAME

Documented requirement for Certification Bodies with evidence of

The Certification Programme Owner shall ensure that a oversight by the Certification Programme Owner e.g. registration
Certification system for auditors / certification personnel reviewed by CPO during
system is in place to ensure all personnel involved in the
Body desktop or office audits, audit of Certification Body systems by the
4.1 certification process meet the competence required by the
Personnel CPO during desktop or office audits.
Certification Bodies, the Certification Programme and the GFSI
Competence
Benchmarking Requirements. Implementation and adherence to requirements will be sampled by
GFSI through benchmarking activities.

The Certification Programme Owner shall ensure that the

Certification Bodies require all personnel involved with the
certification process to sign a contract or agreement, which
Certification clearly commits them to: Documented requirement for Certification Bodies by the CPO.
Body
4.2 • Complying with the rules of the Certification Body, with Evidence of signed contracts or agreements with all certification
Personnel
Competence particular reference to confidentiality, impartiality and personnel with clear reference to the elements listed.
independence from commercial or personal interests;
• Declaring any issues in relation to personal conflicts of
interest.

The Certification Programme Owner shall mandate that the

CPO documented requirement / policy for Certification Bodies.
Certification Bodies clearly document all requirements of ISO
/ IEC 17021-1 and ISO / TS 22003-1 or ISO / IEC 17065, and Evidence of communication / training by Certification Bodies to
Certification IAF MD4, relating to personnel and make them known to their employees.
Body employees.
4.3 Evidence of the Certification Bodies system and evidence of
Personnel
Competence This shall include systems and procedures to ensure that oversight checks by the CPO e.g. office audits, record checks.
auditors conducting assessments meet the capabilities
Implementation and adherence to requirements will be sampled by
described in ISO / IEC 17065 or ISO / IEC 17021-1 and ISO / TS
GFSI through benchmarking activities.
22003-1 and the requirements of IAF MD4.

18 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

The Certification Programme Owner shall ensure that the

Certification Bodies hold and maintain records regarding
the qualifications, training and experience of all personnel Documented requirement for Certification Bodies with evidence
involved in the certification process. All records shall be of oversight by the CPO e.g. registration system for auditors /
Certification dated. The information shall include, as a minimum: certification personnel reviewed by CPO, audit of Certification Body
Body • Name of trainees; systems by the CPO.
4.4
Personnel • Affiliation to the Certification Body and position held;
Competence Implementation and adherence to requirements will be sampled by
• Educational qualifications and professional status;
GFSI through benchmarking activities which will review whether all
• Experience and training in the relevant fields of competence these elements are available.
in relation to the Certification Programme’s requirements;
• Details of performance appraisal(s).

Documented requirement for Certification Bodies with evidence

Certification The Certification Programme Owner shall ensure that of oversight by the CPO e.g. registration system / certification
Body Certification Body’s competence requirement for the personnel reviewed by CPO, audit of Certification Body systems by
Personnel personnel carrying out the technical review include the CPO.
4.5
Competence: understanding of the Certification Programme’s normative
Certification documents and of the Certification Programme’s requirements Implementation and adherence to requirements will be sampled by
Personnel on the completion of audit’s report and checklist. GFSI through benchmarking activities. Note records should adhere
to the details required in 4.4.

CPO policy for Certification Bodies outlining expectations of witness

audits including how they are conducted, when they are conducted,
by whom they are conducted with witness assessor competence
criteria, what the expected evaluation points are and what the
The Certification Programme Owner shall ensure that output is.
the Certification Bodies have a system in place to ensure
Auditors auditors conduct themselves in a professional manner. Attributes to be looked for shall meet requirements within ISO/TS
4.6 22003-1 and ISO/IEC 19011 including the following examples of
Behaviour This shall be evaluated through a defined witness audit
process confirming acceptable auditor performance as personal attributes and behaviour:
specified by the Certification Programme Owner.
• Ethical; i.e. fair, truthful, sincere, honest and discreet,
• Open minded; i.e. willing to consider alternative ideas or points
of view,
• Diplomatic; i.e. tactful in dealing with people,

19 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

• Observant; i.e. actively aware of physical surroundings and

activities,
• Perceptive; i.e. instinctive, aware of and able to understand
situations,
• Versatile; i.e. adjusts readily to different situations,
• Tenacious; i.e. persistent, focussed on achieving objectives,
• Decisive; i.e. timely conclusions based on logical reasoning,
• Self-reliant; i.e. acts independently whilst interacting effectively
with others,
• Integrity; i.e. aware of need for confidentiality and observes
professional codes of conduct
Certification Bodies shall have a documented process meeting CPO
requirements.
Note GFSI Food Safety Auditor Professional Development Framework
could be referenced and used as guidance for implementing an
appropriate auditor development pathway.
Implementation and adherence to requirements will be sampled by
GFSI through benchmarking activities typically review of witness
records looking for evidence of these attributes. Note records
should adhere to the details required in 4.4.

If the Certification Programme Owner allows the use

of ICT to assess auditor behaviour as per 4.6, the IAF MD 4 current version shall be adequately referenced in
Auditors
4.6.1 Certification Programme Owner shall ensure that IAFMD4 Certification Programme Owner policy outlining what they allow for
Behaviour
is included as a normative reference of their Certification remote witnessing of auditors.
Body requirements on assessing auditor behaviour.

20 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

CPO categories shall be able to be cross referenced to the listed

GFSI categories - if GFSI categories are not used directly, they need
to be clear as to which CPO category fits to which GFSI category.
CPO shall mandate how Certification Bodies use the categories in
The Certification Programme Owner shall ensure that terms of auditor competence and site certification scopes and have
Auditors’
Certification Bodies base the scopes of auditors’ activities systems of oversight e.g. auditing of Certification Bodies processes
4.7 Scopes of
on the sectors described in table 1 and the scopes of or auditor registration.
Activity
certification defined by the Certification Programme Owner.
Implementation and adherence to requirements will be sampled by
GFSI through benchmarking activities typically reviewing auditor
competence records and the audits they have conducted to confirm
the Certification Bodies has correctly identified an auditors suitability
for a category.

Documented evidence shall be clearly available to demonstrate the

auditors work experience.
Two years full-time work experience in food safety functions is
required.
⊲ Auditing experience is excluded as it does not involve managing
or implementing food safety.
⊲ Consultant experience may count if:
The Certification Programme Owner shall ensure that
• The role demonstrates responsibility for food safety at
Auditors’ Certification Bodies appoint auditors with experience
the site.
4.8 Industry in the food or associated industry, including at least
• Evidence details the nature of responsibilities and
Experience two years full time work in food safety functions
includes documented work days equating to two years.
and requirements defined in table 1, column 4.
Evidence of Relevant Experience
Evidence must relate to the relevant GFSI scopes (A1 to K) and
include:
• Job descriptions specifying food safety duties.
• Employment records showing time in food safety roles.
• Employer statements verifying direct food safety
responsibilities.

21 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Food Safety Functions Defined

Includes roles responsible for:
• Developing or managing food safety systems (e.g.
HACCP plans).
• Ensuring regulatory compliance.
• Conducting hazard analyses and risk assessments.
• OverseeIng corrective and preventive actions related to
food safety.
Scope-Specific Relevance
Relevant experience must align with the specific GFSI scope(s)
the auditor is qualified for (e.g., scope A1 experience for scope A1
qualification).

A Bioscience Degree with a Focus on Food

An academic programme merging the study of living organisms and
biological processes with practical applications in food production,
safety, and sustainability.
Key Features
The Certification Programme Owner shall ensure • Core Subjects: Food microbiology, biochemistry, nutrition,
that the Certification Bodies appoint auditors that genetics, biotechnology, and ecology.
Auditors have the required education, as described in table 1, • Specialized Focus: Deep dives into food preservation,
4.9
Training column 3, and Hazard Analysis and Critical Control fermentation, agricultural biosciences, foodborne pathogens,
Point (HACCP) / Hazard and Risk Assessment training and the role of biotechnology in modern food systems.
course relevant to their sector of activities. • Practical Skills: Comprehensive training in laboratory techniques,
food analysis, quality control processes, and cutting-edge
methods for sustainable food production.
• Applications: Addressing critical issues such as reducing food
waste, improving crop yields, creating functional and nutritionally
enhanced foods, and ensuring global food security.

22 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Educational Qualifications
• Auditors must hold a degree in a relevant discipline or have
completed a related higher education course.
• Certification Bodies must confirm and retain records of all
qualifications.
No Grandfather Rights
All auditors, regardless of tenure, must meet current requirements.
Certification Bodies should review qualifications and experience to
ensure compliance.
Degree Relevance: The degree subject must be appropriate for the
auditor’s sector. For example, Chemistry and Veterinary Science may
be acceptable for scopes A1, A2, and C0, while Veterinary Science
is less suitable for C4, and Environmental Biology is generally not
appropriate.
Justification and Equivalence: Justifications for "relevant" higher
education courses or "equivalent" qualifications must be robust
and defensible, with evidence and consideration of course
details including learning outcomes and duration or professional
experience.
HACCP Training: HACCP or Hazard and Risk Assessment training
must be separate from other qualifications (e.g., degrees) and
aligned with the auditor's sector of activities.
Framework Reference: The GFSI Food Safety Auditor Professional
Development Framework may be used as a reference for
qualifications and training standards

23 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

CPO shall mandate the policy for initial auditor qualification and have
systems of Certification Body oversight e.g. auditing of Certification
Body processes or auditor registration.
The Certification Programme Owner shall ensure
that Certification Bodies have a documented Note the requirement for assessment during 3 audits of the GFSI
program for initial auditor qualification. recognised Programme with at least one witness audit until they are
Initial Auditor deemed competent i.e. that they can audit independently.
4.10 This shall include as a minimum that auditors will be assessed
Qualification on their performance during at least 3 food safety audits The CPO shall outline the requirements for ‘assessment’ which may
against the GFSI-recognised Certification Programme include ICT remote activities subject to conformance to point 4.10.2.
the auditor is being qualified for, including at least one
Implementation and adherence to requirements will be sampled
witness audit, and until they are assessed as competent.
by GFSI through benchmarking activities typically reviewing
the documents of auditor assessment e.g. witness audits and
documented performance assessment.

CPO shall have a clearly defined policy for Certification Bodies. The
witness audit (minimum one required) can be carried out during an
The Certification Programme Owner shall ensure that the audit which combines on site and ICT (remote) auditing, however,
witness audit(s) carried out as part of the certification body’s where the audit is carried out onsite, the witness assessor must also
initial auditor qualification follows the standard audit plan be present onsite. The witness audit shall follow 'the standard audit
Initial Auditor agreed with the certified organisation, including the use plan' ie it will be for the full duration of the audit and witness of part
4.10.2
Qualification of ICT if applicable, as long as this does not compromise audits for initial qualification are not acceptable.
the effectiveness of the assessment. The Certification
Programme Owner shall ensure that the witness assessor Implementation and adherence to requirements will be sampled
is present on site for parts of the audit carried out on site. by GFSI through benchmarking activities typically reviewing
the documents of auditor assessment eg witness audits and
documented site audit plan.

The Certification Programme Owner shall ensure that

Scope Certification Bodies require an auditor extending their
CPO shall have a clearly defined policy for Certification Bodies.
Extension scope of activity to undergo a programme including
4.11 Extension of scope includes extension to further sectors / CPO
of Auditor training in the new sector, supervised audits as per
defined product categories where assessment in 3 audits is required.
Activities 4.10 and assessment and sign off as competent
in the new sector by the Certification Body.

24 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

CPO shall have a clearly defined requirement for Certification

Bodies to ensure auditors are trained and evaluated with oversight
of implementation such as auditor registration/desktop or
office audit.

Maintenance CPOs may specify the regularity of training depending on need e.g.
The Certification Programme Owner shall ensure that annual, Programme updates or new Programme version.
of Auditor
4.12 auditors are regularly trained and evaluated on their
Skills and Evidence of systems shall be in place to demonstrate that these
understanding of the Certification Programme.
Competence training requirements are met in line with the specified frequency
and that appropriate action is taken where required.
Evidence of evaluation may be through formal examination during
training, documented evaluation of ongoing work or specific
exercises such as calibration exercises or discussions.

CPO shall have a clearly defined requirement for Certification Bodies

so that auditors keep up to date with industry sector best practice,
food safety and technological developments, have access to and can
The Certification Programme Owner shall ensure that
apply relevant laws and regulations. The CPO shall have processes
Certification Bodies have a structure in place so that
Maintenance of oversight of implementation such as auditor registration / desktop
auditors keep up to date with industry sector best
of Auditor audit or witness audit and be able to demonstrate evidence of how
4.13 practice, food safety and technological developments,
Skills and auditors are kept up to date.
have access to and can apply relevant laws and
Competence
regulations. The Certification Bodies shall maintain Note training records shall conform to point 4.4.
written records of all relevant training undertaken.
Note GFSI Food Safety Auditor Professional Development
Framework could be referenced and used as guidance for
implementing an appropriate auditor development pathway

The Certification Programme Owner shall ensure that the CPO shall have a policy for Certification Bodies that auditors carry
Maintenance Certification Bodies implement an annual programme for auditors out at least five on-site audits at different organisations against
of Auditor to carry out at least five on-site audits at different organisations any of the relevant GFSI-recognised Certification Programmes i.e.
4.14
Skills and against any of the relevant GFSI-recognised Certification if the CPO has more than one defined Programme there can be a
Competence Programmes owned by the Certification Program Owner to total of 5 audits across all these Programmes and not 5 audits each
maintain sector and Certification Programme knowledge. Programme.

25 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

CPO shall have a documented policy outlining the specific situations

in which this may be applied.
In specific situations where requirement 4.14 cannot be met, the
Maintenance Certification Programme Owner shall ensure that Certification A total of 5 audits against any GFSI recognised Programme (i.e. not
of Auditor Bodies implement an annual programme for auditors to owned by the CPO) maybe included but must include one of the
4.15
Skills and carry out at least five onsite audits against GFSI approved named GFSI Programme.
Competence Certification Programmes and at least one annual onsite audit
This policy should be applied as an exception only and where
against the relevant GFSI Certification Programmes.
evidence of regular occurrences are seen then this shall be
challenged by GFSI during benchmarking activities.

The Certification Programme Owner shall have in place a

register of approved auditors including the details of the Evidence of register of approved auditors listed according to
Auditor auditors’ competence, education, relevant experience and GFSI sector (or cross reference of CPO sector / category to GFSI
4.16
Register scope(s) of activities, and applicable Certification Bodies. The specified sectors). Evidence of process to keep accurate, up to date
register shall remain current and be made available to GFSI and current.
upon request.

26 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Table 1: GFSI sector and sub-sector scopes for recognition

and the associated competence of auditors

GFSI SCOPE OF
REQUIRED EDUCATION REQUIRED WORK EXPERIENCE
RECOGNITION

AI Farming of Animals A degree in a food-related or bioscience discipline, Experience of farming is required in the following sectors,
for Meat / Milk / veterinary science or agronomy, or, at a minimum, has as applicable:
Eggs / Honey successfully completed a food related or bioscience • Cattle
higher education course or equivalent. • Sheep and Goats
• Pigs
• Poultry
• Bees
• Game

AII Farming of Fish A degree in a food-related or bioscience discipline, Experience of farming is required in the following sectors:
and Seafood veterinary science or agronomy, or, at a minimum, has • Fish Aquaculture
successfully completed a food related or bioscience • Seafood Aquaculture
higher education course or equivalent.

BI Farming of Plants Education in an agricultural/crop-based discipline or, at Experience is required in the fresh produce farming sectors:
(other than grains a minimum, has successfully completed a food-related • Fruit
and pulses) or bioscience higher education course or equivalent. • Vegetables Herbs and Spices
• Grasses (Sugar)

BII Farming of Grains Education in an agricultural /crop-based discipline or, at Experience is required in the fresh plant farming sectors:
and Pulses a minimum, has successfully completed a food-related • Grains and Cereals
or bioscience higher education course or equivalent. • Nuts
• Pulses and Legumes

27 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

BIII Pre-Process Handling Education in an agricultural/crop-based discipline or, at Crop based experience such as the farming and handling of:
of Plant Products, a minimum, has successfully completed a food-related • Grains and Cereals
Nuts and Grains or bioscience higher education course or equivalent. • Nuts
• Pulses and Legumes
• Fruits and Vegetables

C0 Animal Conversion A degree in a food-related or bioscience discipline Experience is required of conversion in the following
or, at a minimum, has successfully completed a food- sectors:
related or bioscience higher education course or • Cattle
equivalent. • Sheep and Goats
• Pigs
• Poultry Fish
• Game

CI Processing of A degree in a food-related or bioscience discipline Experience is required in the following food industry
Perishable Animal or, at a minimum, has successfully completed a food- sectors:
Products related or bioscience higher education course or • Red Meat Processing
equivalent. • Poultry Processing Fish Processing
• Seafood Processing Meat Product Processing
• Fish Product Processing
• Dairy Technology
• Egg Processing

CII Processing of A degree in a food-related or bioscience discipline Experience is required in the following food industry
Perishable Plant or, at a minimum, has successfully completed a food- sectors:
Products related or bioscience higher education course or • Fruit and Vegetable Processing
equivalent.

28 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

CIII Processing of A degree in a food-related or bioscience discipline Experience is required in the following food industry
Perishable Animal or, at a minimum, has successfully completed a food- sectors:
and Plant Products related or bioscience higher education course or • Meat Product Processing
(mixed products) equivalent. • Fish Product Processing
• Dairy Technology
• Ready to Eat Food Processing

CIV Processing of Ambient A degree in a food-related or bioscience discipline Experience is required in the following food industry
Stable Products or, at a minimum, has successfully completed a food- sectors:
related or bioscience higher education course or • Meat Product Processing
equivalent. • Fish Product Processing
• Dairy Technology
• Ready to Eat Food Processing.
• Experience is required in the following food industry
sectors:
• Thermal Processing
• Baking Technology
• Dairy Technology
• Brewing Technology
• Extrusion Technology
• Vegetable and Animal Fats and Oils Processing
• Sugar Refining
• Beverage Production
• Alcoholic Drink Production
• Drink Production

29 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

D Production of Feed Post-secondary education in related field or equivalent Experience is required in the following feed industry
by experience. sectors:
Trained on the sector specific risk assessments. Work • Compound Feed Production
experience or training in the feed and / or food sector, • Plant Protein Processing
and experience in quality management environment in • Rendering Technology
the feed / food sector. • Fermentation Technology
• Dry Milling Technology
• Wet Milling Technology
• Extrusion Technology
• Dairy Processing Technology
• Vegetable and Animal
• Fats and Oils Processing

E Catering A degree in a food-related or bioscience discipline or, at Experience is required in the following food industry sectors:
a minimum, has successfully completed a food-related • Catering
or bioscience higher education course or equivalent. • Food service

FI Retail / Wholesale A degree in a food-related or bioscience discipline or, at Experience is required in the following food industry
a minimum, has successfully completed a food-related sectors:
or bioscience higher education course or equivalent. • Retail
• Wholesaling

FII Food Broker / Agent A degree in a food-related or bioscience discipline Experience is required in the following industry sectors:
or, at a minimum, has successfully completed a food- • Perishable Food and Feed
related or bioscience higher education course or • Non-Perishable Food and Feed
equivalent. • Packaging Materials
Trained on the sector specific risk assessments. • Based on sector of activity of the broker

30 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

G Provision of Storage A degree in a food-related or bioscience discipline Experience is required in the following industry sectors:
and Distribution or, at a minimum, has successfully completed a food- • Perishable Food, and / or Feed Storage and Distribution
Services for Food, related or bioscience higher education course or • Non-perishable Food, Feed and / or Packaging
Feed and / or equivalent. • Storage and Distribution
Packaging
Trained on the sector specific risk assessments.

H Provision of Food A degree in a food-related or bioscience discipline; or, Experience is required in the food sector or relevant service
Safety Services successfully completed a food-related or bioscience provision.
higher education course or equivalent.
The auditor shall be able to demonstrate an understanding
Trained on the food and service specific risk and knowledge of specific categories of service provision
assessments. for which they are approved.
The verification to carry out work within specific categories
of service provision will be carried out by the certification
body

I Production of A primary qualification, a degree or higher certificate Experience is required in the specific sectors of packaging
Food Packaging in packaging technology or material engineering, and manufacture:
a relevant certificate recognised by the Certification • Plastics
Programme Owner in food technology, food hygiene • Paper and Board
or related science subject OR a primary qualification • Metal
in food technology, food safety / hygiene or related • Glass
science subject and a certificate in packaging
technology that is recognised by the Certification
Programme Owner.

JI Hygienic Design A degree in architecture; civil, mechanical or chemical Experience in building design and construction or food
of Food Buildings engineering; food related or bioscience discipline. processing equipment design and construction.
and Processing Additional training in hygienic design, the hygienic
design process and food safety.
Equipment
(for building
constructors
and equipment
manufacturers)

31 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

JII Hygienic Design of As currently for scopes A-G, I and K plus a short course As currently for scopes A-G, I and K.
Food Buildings and on the scope JII hygienic design process.
Processing Equipment
(for building and
equipment users)

K Production of (Bio) A degree in a food-related, bioscience or chemical Experience is required in the following industry sectors:
Chemicals (Additives, engineering discipline or, at a minimum, has • Fermentation Technology
Vitamins, Minerals, successfully completed a food-related or bioscience • Chemical Engineering
Bio-cultures, higher education course or equivalent. • Biochemical Engineering
Flavourings, Enzymes
and Processing Aids)

32 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Section 5: Management of Audit and Certification

CLAUSE CLAUSE
REQUIREMENTS IMPLEMENTATION GUIDANCE
NUMBER NAME

The Certification Programme Owner shall ensure that the Certification Expectations shall be clearly set by the Certification
Bodies clarify the activities and products of the audited organisation Programme Owner to ensure the scope of the audit clearly
to include in the scope of the audit. describes products and processes so there is no ambiguity
for the reader in understanding what has been audited.
Audit Generalisations such as ‘fruit and vegetables’ should not
Programme be considered acceptable. Procedures shall be in place by
5.1
– scope of Certification Bodies to ensure accurate audit scopes that
the audit meet the defined requirements e.g. documented check on
activities of site during application and audit.
Evidence of implementation will be sampled during GFSI
benchmarking activities.

The Certification Programme Owner shall have a clearly defined and Evidence of CPO defined rationale referencing all listed
documented audit frequency programme: factors with an audit frequency giving 12 months on average.
• Ensuring a minimum audit frequency of one full audit of an Implementation will be challenged during GFSI benchmarking
organisation’s facility and food safety management system activities.
Audit against the elements of the Certification Programme’s normative
Programme documents per 12-month period on average;
5.2
– audit
frequency • Defining the frequency of audit for each product category covered
by the scope of certification of the Certification Programme;
• Defining a time window during which next recertification audit
shall be conducted;

33 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

• Considering a number of factors to decide the audit frequency

such as activities and products of the audited organisation to
include in the audit (scope of the audit), previous audit history,
concerns about compliance with a Certification Programme’s
normative documents, seasonality of product, significant capacity
increases, structural changes, changes in product technology or
changes in product type.
The Certification Programme Owner shall clearly define the rationale
for the determination of frequency within the Certification Programme.

If a Certification Programme Owner has scopes of certification CPO defined policy with seasonality defined.
Audit that include the growing or production of seasonal products and,
Programme Implementation will be challenged during GFSI benchmarking
5.3 therefore, require some limited flexibility of audit frequency to allow
– audit activities.
effective auditing of seasonal products, these variations to audit
frequency frequency shall be clearly defined.

The Certification Programme Owner shall ensure that the Documented CPO policy which outlines expectations and
includes examples of the changes that would lead to re-
Certification Bodies re-evaluate the certified organisations to assess
evaluation.
compliance with the Certification Programme normative documents
in the event of: Implementation will be challenged during GFSI benchmarking
activities
Audit • Significant changes which could affect the safety of product;
5.4 programme • Changes to the normative documents of the Certification
– re-auditing Programme;
• Changes of ownership or management of the certified
organisations;
or if the Certification Bodies have reason to believe there could be
compliance issues in relation to certification.

34 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Irrespective of the defined minimum audit frequency, the The Certification Programme Owner shall have a defined
documented process for Certification Bodies to assess the
Certification Programme Owner shall ensure that the Certification
Audit impact to continued certification and undertake additional
Bodies undertake additional audits if there is evidence or suspicion
Programme investigation activities if there is concern regarding the
5.5 that the integrity of the Certification is at risk within a certified
– audit integrity of certification of a certified organisation. This may
organisation.
frequency include additional onsite audits.
Implementation will be challenged during GFSI benchmarking
activities.

The Certification Programme Owner shall ensure that Certification CPO documented policy including outlining the timelines
Bodies perform at a minimum: i.e. when did the 3/4-year period start; how is 10% of audits
calculated. CPO shall have methods of ongoing review and
• For scopes AI, AII, BI, BII and BIII: 10% of audits unannounced per
tracking of Certification Body process.
year or one audit every 4 years for each certified organisation;
Any variations to policy shall be clear in the circumstances
• For scopes C0, CI, CII, CIII, CIV, DI, E, FI, G, H, JI, K and I: one audit
required and the handling of the process e.g. reduced
unannounced every 3 years for each certified organisation.
Audit unannounced window maybe required for seasonal sites
Programme – For scopes FII and JII, unannounced audits may be available as an which typically operate for a short amount of time.
5.6
unannounced option.
CPO policy will outline what actions are expected when
audit
Certification Bodies do not meet this requirement.
Note the definition of unannounced audit is that it will be ‘no
notice’.
The scope of any such unannounced audit shall meet all GFSI
requirements and shall include evaluation of appropriate
operational activities.

Reports, certificates and grading systems shall clearly identify Clear documented CPO policy on identification of
whether certification audits are unannounced. unannounced audits on reports and certificates and
Audit explanation, where applicable, within any grading system.
Programme –
5.7 Where no detail is given on certificates or reports it is
unannounced
acceptable to assume the audit was ‘announced’.
audit
Evidence of reports and certificates being correctly identified
as ‘unannounced’.

35 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

The Certification Programme Owner shall define the expected duration Clearly defined CPO policy outlining rationale for the
of audits and the rationale for the determination of the duration of the determination of audit duration meeting the GFSI defined
audit; it is expected the duration of an audit to be at minimum: minimums.

Audit • Half a day for scopes AI, AII, BI, BII, BIII, E, FI and FII; It is expected that the CPO will have oversight mechanisms
5.8 Programme – to check the Certification Body implementation of the
• One day for scopes G, I, JI and JII;
audit duration requirement.
• Two days for scopes C0, CI, CII, CII, CIV, DI and K; in order to
Implementation will be challenged during GFSI benchmarking
effectively assess an organisation’s systems and premises
activities.
against the Certification Programme’s normative documents and
provide confidence in the certification process.

The Certification Programme Owner shall define clear criteria, Clearly defined CPO policy outlining criteria for deviation
which specify the justification for deviation from the minimum audit meeting the requirement.
durations, including the effectiveness of the audit such as the level
Audit It is expected that the CPO will have oversight mechanisms
and depth of assessment of management systems and GAP / GMP
5.9 Programme – to check the Certification Body implementation of the
/ GDP and premises / systems (e.g. product lines, products and
audit duration requirement. Corrective actions to be described.
product categories).
Implementation will be challenged during GFSI benchmarking
activities.

The Certification Programme Owner shall implement monitoring Definition of CPO monitoring process.
Audit procedures to ensure that contracted Certification Bodies comply
5.10 Programme – Implementation will be challenged during GFSI benchmarking
with the defined audit duration criteria and that appropriate actions
audit duration activities with records of review, the outcome and evidence
are taken if they do not meet those criteria.
of appropriate actions taken where relevant.

36 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

The Certification Programme Owner shall ensure that the audit Documented requirement e.g. details of information that
should be included in the report or standard audit report
report incorporates details of the audit duration and shall monitor
template.
Audit such information.
5.11 Programme – Definition of CPO monitoring process.
audit duration
Implementation will be challenged during GFSI benchmarking
activities with records of review, the outcome and evidence
of appropriate actions taken where relevant.

The Certification Programme Owner shall ensure that Certification CPO defined policy for Certification Bodies on auditor
appointment and oversight mechanism to ensure these
Bodies have rules for the appointment of auditors to audits to ensure
are applied. This shall consider rules around certification
impartiality, including rotation of auditors.
audits following any ‘pre-audits’ by the auditor as well as any
Audit consultancy activity by the auditor.
Programme
5.12 Typically includes records of auditor self-declaration of
– auditor
impartiality for specific audits or a signed contractual
selection
agreement for informing the Certification Body of impartiality
concerns.
Evidence of policy on rotation of auditors and documented
justification of deviation from the policy.

The Certification Programme Owner shall have in place a clearly CPO defined policy for Certification Bodies with specified
defined system for the generation and issue of audit reports. The timeline.
Audit Certification Programme Owner shall ensure that Certification Bodies
5.13 It is expected that CPO will have a monitoring process that
Reporting provide the report to audited organisations within a defined timeline.
Certification Bodies adhere to timeline that forms part of KPIs
(ref 3.14).

The Certification Programme Owner shall ensure that Certification CPO defined policy for translation to and from various
Audit
5.14 Bodies have processes in place to address situations when reports languages defining how and by whom the translation will
Reporting
may be translated. occur to ensure accurate translation.

37 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

The Certification Programme Owner shall ensure that the audit report CPO defined expectation on audit report quality.
incorporates an executive summary and / or a summary of each main
Audit report should provide sufficient details to enable the
section of the Certification Programme’s audit requirements, even in
reader to ascertain whether all aspects of the Certification
case of absence of non-conformities.
Audit Programme have been reviewed in full. Expectation that
5.15
Reporting there shall be detail of conformance by the site to the
requirements which will be over and above a ‘checklist’.
Expected that CPOs will have a process of audit report quality
monitoring as part of their desktop assessments (ref 3.12).

The Certification Programme Owner shall ensure that clear and CPO defined expectation on audit report quality in
concise details of the non-conformities are provided in the audit documenting non-conformities and where these should be
Audit report when identified. detailed in the report.
5.16
Reporting
Expected that CPOs will have a process of audit report quality
monitoring as part of their desktop assessments (ref 3.12).

The Certification Programme Owner shall ensure that the audit CPO defined expectation on audit report quality typically
report contains evidence that all the specified requirements of the through defined audit report content.
Certification Programme related to the GFSI scope(s) of recognition
Expectation that there shall be detail of conformance by
Audit have been evaluated during the audit and clearly express the
5.17 the site to all requirements which will be over and above a
Reporting outcome of the evaluation.
‘checklist’.
Expected that CPOs will have a process of audit report quality
monitoring as part of their desktop assessments (ref 3.12).

The Certification Programme Owner shall ensure that appropriate Outline of CPO policy and demonstration of mechanism.
confidentiality is in place and that the audit report is only released at Typically, through secure log on of online database system
Audit the discretion of the contracted organisation. Ownership of the audit or secure release to nominated organisation contact. Other
5.18 report, determination of details made available and authorisation for methods shall be clearly defined and demonstrated.
Reporting
access shall remain with the contracted organisation.

38 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

The Certification Programme Owner shall ensure that necessary Evidence of signed agreements with the audited
agreements are in place with the audited organisations and the organisations stating that audit information may be shared
Audit Certification Bodies so that the audit records are available on request with GFSI. Typically, within contractual agreement or
5.19 to the Certification Programme Owner and to GFSI. referenced as part of Programme rules.
Reporting
Audit records include any records that form part of the audit
process and do not just refer to any final audit report.

The Certification Programme Owner shall ensure that Certification CPO defined policy requirement for Certification Bodies
Management
Bodies have a clearly defined system for the granting, suspension to have documented the conditions and process for the
5.20 of
and withdrawal of certification for the scope of their Certification granting, suspension and withdrawal of certification.
Certification
Programme.

The Certification Programme Owner shall ensure that Certification Evidence of Certification Body having a self-assessment
Bodies have a tool in place to evaluate conformance with the process to evaluate conformance with the Certification
Management Certification Programme’s audit requirements. Programme’s audit requirements. e.g. internal audit or
5.21 of ongoing monitoring / internal KPIs.
Certification
CPO shall have a policy requirement and have evidence that
this is monitored during CPO’s audit’s of CBs.

Management The Certification Programme Owner shall specify the information Evidence of direction from CPO typically a certificate
5.22 of required on the certificate. template or clear details of minimum required information.
Certification

The Certification Programme Owner shall ensure that Certification CPO policy on the requirement for Certification Bodies
Bodies verify that the audited organisation implements corrective outlining expectation on process to verify corrective actions
action plans. Verification of the corrective action plan and of the – how this is done, under what circumstances and by whom.
Management
implementation of the corrective actions may take various forms
5.23 of
(further on-site assessment or the scrutiny of submitted evidence
Certification
through ICT); it must be carried out by technically competent
personnel of the Certification Bodies using a method appropriate to
an effective verification of the corrective actions.

39 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Evidence of corrections or corrective actions shall be returned, CPO policy on the requirement for Certification Bodies
completed and verified by the Certification Bodies, within a timescale outlining expectation on process for completing and verifying
Management defined with the Certification Programme Owner, before certification corrections or corrective actions including timescale. This
5.24 of can be awarded. shall ensure this covers all audit stages such as where
Certification CPOs operate surveillance or monitoring audits as part of a
certification cycle longer than one year. Evidence of oversight
by the CPO e.g. desktop assessment or office audits.

The Certification Programme Owner shall ensure that Certification CPO policy on the requirement for Certification Bodies
outlining expectation on technical review process. Typically
Bodies perform a thorough technical review of each audit report prior
evidenced through a documented ‘technical review checklist.
to granting, suspending, withdrawing or renewing certification. For
the review process to be effective it shall ensure that: Evidence of oversight by the CPO e.g. desktop assessment
or office audits may be requested during GFSI benchmark
• Reports are accurately assessed to demonstrate satisfactory
activities as well as evidence of the Certification Bodies
evidence of compliance with the Certification Programme;
technical review documentation on request
Management • All applicable requirements of the Certification Programme have
5.25 of been fully covered, using any supporting notes made during the
Certification assessment;
• The scope of the report covers the scope applied for by the audited
organisation and the report provides satisfactory evidence that all
areas of the scope have been fully investigated;
• All areas of non-conformity have been identified and effective
corrective actions have been completed and verified to resolve
these non-conformities.

The Certification Programme Owner shall ensure that Certification Defined CPO policy outlining expected appeals process
Management
Bodies have in place a clearly defined and publicly available appeals including timelines with evidence of implementation by
5.26 of
procedure. Certification Body e.g. website link. Evidence of oversight by
Certification
the CPO e.g. desktop assessment or office audits.

40 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

The Certification Programme Owner shall define minimum Defined CPO policy outlining expected process including
Management requirements for Certification Bodies considerations when how unannounced audits details are captured so that the
5.27 of organisations switch between GFSI-recognised Certification timelines of unannounced audits (i.e. every 3 or 4 years) is
Certification Programmes. This should include but not be limited to an evaluation adhered to. Evidence of oversight by the CPO e.g. desktop
of the organisation’s audit history, last unannounced audit, etc. assessment or office audits.

The Certification Programme Owner shall ensure that Certification CPO detailed policy for Certification Bodies with evidence
Bodies have agreements in place with certified organisations of agreements in place between audited organisations and
ensuring that the Certification Programme Owner is informed of any the Certification Body. Agreements may be in the form of
significant public food safety incidents, such as significant regulatory contracts or individual audit agreements for the audit being
Management food safety non-conformities, product recalls. scheduled but in all cases must include the required details.
5.28 of
Certification Consideration shall be given to incidents that affect the
operation of the site or safe production of product such as
legal proceedings, food safety regulatory authorities non-
conformities or enforcement proceedings as well as product
recalls and significant product withdrawals.

The Certification Programme Owner shall ensure that Certification CPO detailed policy for Certification Bodies with expectation
Bodies have procedures in place to ensure the integrity of certification of actions following such notifications in 5.28.
Management
is maintained after such notification.
5.29 of Evidence of actions taken when there are such occurrences.
Certification
Evidence of oversight by the CPO e.g. desktop assessment
or office audits.

The Certification Programme Owner shall ensure that Certification CPO policy for Certification Bodies with evidence of process.
Management Bodies notify them of any withdrawal or suspension of certification
Typically through update of online database or timely
5.30 of of an organisation.
communication of change in status. Evidence of email
Certification communication are acceptable where this is recorded and
records maintained.

Use of ICT With the exception of audits under the scope of recognition “FII - CPO defined process with an expectation that the audit
5.31 during the Broker”, At least part of the annual full audit shall be carried out on process shall be clear from the audit report.
audit site.

41 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

The Certification Programme Owner shall define what part(s) of CPO defined process.
the audit may be carried out remotely without compromising the
Use of ICT effectiveness of the audit. On site audit activities shall include as a
5.32 during the minimum inspection / physical verification of Good Manufacturing
audit Practices, and verification that the Food Safety Management System
(including HACCP) addresses all applicable parts of the operation of
the audited organisation.

Use of ICT The remote part of the audit may only be carried out with the mutual CPO defined policy. Evidence of agreement between
5.33 during the agreement of the audited organisation and the Certification Body. Certification Body and audited site.
audit

The CPO shall specify the maximum period of time between the CPO policy with design of audit stages.
Use of ICT
beginning and the end of all audit activities included in the audit
5.34 during the Evidence of oversight by the CPO e.g. desktop assessment
duration to maintain the audit efficiency and integrity. That period of
audit or office audits.
time shall not exceed 30 days.

In specific situations where requirement 5.34 cannot be met, the CPO policy with outline of specific scenarios which shall be
Certification Programme Owner shall ensure that Certification seen as exceptional.
Use of ICT Bodies have a clear dispensation process including at least the risk
Evidence of oversight by the CPO e.g. desktop assessment
5.34.1 during the assessment of further extension on the efficiency and integrity of the
or office audits.
audit audit. The period between the beginning and the end of all audit
activities included in the audit duration shall not be extended beyond
90 days.

42 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Section 6: Multi-site Certification

Only the following scopes of recognition may be considered for certification of multi- It shall be stressed that certification of multi-site organisations based on sampling
site organisations, based on a sampling of the sites: is not compulsory for a Certification Programme Owner within these scopes
• AI FARMING OF ANIMALS FOR MEAT/ MILK/ EGGS / HONEY of recognition and a Certification Programme Owner may opt for single site
• AII FARMING OF FISH AND SEAFOOD certification only.
• BI FARMING OF PLANTS (OTHER THAN GRAINS AND PULSES)
• BII FARMING OF GRAINS AND PULSES Where a Certification Programme Owner permits the use of certification of multi-site
• BIII PRE-PROCESS HANDLING OF PLANT PRODUCTS, NUTS AND GRAINS organisations based on sampling, then the Certification Programme shall satisfy the
• G PROVISION OF STORAGE AND DISTRIBUTION SERVICES below GFSI Benchmarking Requirements.

CLAUSE CLAUSE
REQUIREMENTS IMPLEMENTATION GUIDANCE
NUMBER NAME

Certification Programmes shall ensure that Certification Policy within normative documents shall clearly state conditions.
General
6.1 Bodies meet or exceed the requirements defined in IAF Definition of how CPO’s assess that CBs are in alignment with the
Requirements
MD1 current version. requirements.

The Certification Programme Owner shall clearly specify

General
6.2 the conditions for certification of multi-site organisations Policy within normative documents shall clearly state conditions.
Requirements
based on sampling for eligible scopes

All sites included in the scope of certification of a multi-

General site organisation shall operate under the same Food
6.3 Policy within normative documents shall clearly state conditions.
Requirements Safety Management System and under the control of a
central function.

General There shall be a legal or contractual link between the Policy within normative documents shall clearly state conditions.
6.4
Requirements sites and the central function. Evidence of contract/legal link between the site and central function.

43 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

The central function shall request certification as a multi-

site organisation based on sampling in their application
General Policy within normative documents shall clearly state conditions
6.5 to the Certification Body. The central function, not the
Requirements Evidence of contract with Certification Body with the central function.
individual sites, shall be contracted to the Certification
Body.

General The central function shall be included in the scope of the Policy within normative documents shall clearly state conditions
6.6
Requirements certification. Evidence of certification scope including the central function.

The central function shall be audited by the Certification Policy within normative documents shall clearly state conditions
Body at least annually and before the Certification Body including the conditions for exceptions.
General
6.7 undertakes the auditing of sample sites. If necessary, a
Requirements Evidence of CPO oversight of adherence to rule eg sampling, desk
small number of the sample sites may be audited prior to
the audit of the central function. top assessment.

The central function shall ensure management

commitment to the system / integrity and clearly describe
Policy within normative documents shall clearly state conditions.
6.8 Central Function the roles and responsibilities of management, internal
Evidence documented within the audit report.
auditors and other members of the organisation. The
central function shall be separate from the sites.

The central function shall have authoritative control of

the Food Safety Management System of all sites within
Policy within normative documents shall clearly state conditions.
6.9 Central Function the certification and shall maintain traceability and issue,
Evidence documented within the audit report.
maintain and retain all relevant documents relating to the
sites within the Programme.

The central function shall have an effective customer Policy within normative documents shall clearly state conditions.
6.10 Central Function
complaint procedure. Evidence documented within the audit report.

44 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

The central function shall manage and maintain relations

Policy within normative documents shall clearly state conditions.
6.11 Central Function with the sites for the activities related to the scope of
Evidence documented within the audit report.
certification.

The central function shall have in place sufficient

Policy within normative documents shall clearly state conditions.
6.12 Central Function management and technical capacity to implement and
Evidence documented within the audit report.
maintain the internal audit programme.

The central function shall be subject to management

Policy within normative documents shall clearly state conditions.
6.13 Central Function review in accordance with Certification Programme
Evidence documented within the audit report.
requirements and shall be itself subject to internal audit.

An internal audit programme based on site and risk profile

shall be in place and undertaken by the central function.
Policy within normative documents shall clearly state conditions.
6.14 Internal Audit This programme shall ensure audits of all sites within the
Evidence documented within the audit report.
scope of certification the central function and the food
safety management system at least annually.

The internal audit programme shall have documented

Policy within normative documents shall clearly state conditions.
6.15 Internal Audit procedures and be both practical and feasible in
Evidence documented within the audit report.
operative terms.

Clear requirements for internal auditors and technical

Policy within normative documents shall clearly state conditions.
6.16 Internal Audit reviewers shall be defined, documented and reviewed
Evidence documented within the audit report.
by the Certification Body.

45 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Internal auditors shall meet similar or comparable

requirements to those for external auditors, as set out
within each Certification Programme Owner’s rules. This
shall include, at a minimum, requirements related to
internal auditor education, training, work experience or
other qualifications. Their qualifications shall be assessed Policy within normative documents shall clearly state conditions.
6.17 Internal Audit
annually by the Certification Body. Evidence documented within the audit report.

Certification Programme Owners may require the

organisation’s internal auditors to successfully complete
the Certification Programme Owners specific auditor
training.

Internal auditors shall be regularly evaluated, calibrated Policy within normative documents shall clearly state conditions.
6.18 Internal Audit
and monitored. Evidence documented within the audit report.

Policy in normative documents shall clearly state conditions. Evidence

documented within the audit report.
Internal auditors shall be assigned by the central function
6.19 Internal Audit Note expectation is that ‘independent to site’ shall mean they are not
that are independent to the sites to ensure impartiality.
employed and working at the site, but may be employed at the central
function for example.

Internal audit reports shall be reviewed by the central

Policy within normative documents shall clearly state conditions
6.20 Internal Audit function and include addressing the non-conformities
Evidence documented within the audit report.
resulting from the internal audit.

46 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

The Certification Programme Owner shall have a system

in place for the Certification Bodies to define a risk-based
sampling programme that includes a minimum sample
size determined by the Certification Programme Owner.
Site Audit The sampling programme shall include provisions to CPO Policy shall clearly state conditions. Evidence shall confirm
6.21
Sampling increase sample size based on various risk factors (e.g., sampling meets IAF MD1.
audit scope, types of activities on-site, findings of the
central management system audit, findings at sampled
sites, customer requirements, etc.), size of the group or
multi-site organisation and the internal structure.

Site Audit The Certification Programme Owner shall ensure that CPO Policy shall clearly state conditions. Evidence shall confirm
6.22
Sampling Certification Bodies audit a sample of the sites every year. sampling meets IAF MD1.

The annual sampling size of the Certification Body audit

sampling programme shall be based on IAF MD1 current
version. The square root sample of the Certification
Site Audit Body’s audit of the sites shall be calculated per risk CPO Policy shall clearly state condition.s Evidence shall confirm
6.23
Sampling category. sampling meets IAF MD1.

The sampling programme can be adjusted based on the

use of monitoring technologies as per IAF MD1.

The programme shall be partly selective and partly non-

selective, but at least 25% of the sample shall be randomly
Site Audit selected from the total number of sites. Selected sites CPO Policy shall clearly state conditions. Evidence shall confirm
6.24
Sampling shall be identified based on the organisation’s internal sampling meets IAF MD1.
audit programme findings and the site risk profiles as per
IAF MD 1.

47 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Non-conformities found on sites shall be assessed to

ascertain if these indicate an overall Food Safety System
deficiency and therefore may be applicable to all or
Management of CPO Policy shall clearly state conditions. Documented within audit
6.25 other sites. If non-conformities relate to all or other sites,
non-conformities report and evidence shall confirm meets IAF MD1.
corrective action shall be undertaken and verified both
by the central function and by the Certification Body as
per IAF MD 1.

In the event that non-conformities are found when

auditing sites, which may not jeopardise certification but
Management of may raise concerns on conformity of the organisation, CPO Policy shall clearly state conditions. Evidence shall confirm meets
6.26
non-conformities the Certification Body shall increase the sample size to IAF MD1.
ensure adequate confidence in the conformity of the
organisation as per IAF MD 1.

If the central function, or any site fails to meet the critical

Certification Programme requirements, then the whole
Management of organisation, including the central function and all sites, CPO Policy shall clearly state conditions. Evidence shall confirm meets
6.27
non-conformities will fail to gain certification. Where certification has conditions.
previously been in place, this shall initiate the Certification
Body’s process to suspend or withdraw its certification.

48 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

In addition, Certification Programmes recognised against those scopes:

• AI FARMING OF ANIMALS FOR MEAT/ MILK/ EGGS / HONEY
• AII FARMING OF FISH AND SEAFOOD
• BI FARMING OF PLANTS (OTHER THAN GRAINS AND PULSES)
• BII FARMING OF GRAINS AND PULSES
• BIII PRE-PROCESS HANDLING OF PLANT PRODUCTS, NUTS AND GRAINSG PROVISION OF STORAGE AND DISTRIBUTION SERVICES
shall satisfy the below criteria, where:

CLAUSE CLAUSE
REQUIREMENTS IMPLEMENTATION GUIDANCE
NUMBER NAME

CPO Policy shall clearly state conditions that

will be based on risk.
The Certification Body shall define the
risk level in accordance to data and facts
A risk-based approach shall be in place to determine the eligibility of commodities.
Site Audit associated with known food safety hazards
6.28 Certain crops or activities deemed “high-risk” shall be risk assessed to determine
Sampling and risks and not perceived risk linked to
their eligibility for multi-site or group certification.
quality or commodity value.
Certification Bodies shall have clear process
of implementation with clear details from
sites to agree multisite option for site.

The sampling programme shall be determined so that all members within the
Site Audit
6.29 group or multi-site organisation are audited within a defined period, based on the CPO Policy shall clearly state conditions.
Sampling
risk of the commodity, for example 3-5 years.

A proportion of the sites selected to be audited by the Certification Body shall be

Site Audit
6.30 unannounced. The unannounced audit sample size shall be determined by the CPO Policy shall clearly state conditions.
Sampling
risk of the commodity but be at a minimum of 20% of the sample size.

49 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

The Certification Programme Owner shall determine the methodology for issuing
certificates to the central function and the sites.
A certificate shall be issued to the central function of the group or multi-site
organisation.
6.31 Certificates CPO Policy shall clearly state conditions.
Separate certificates may only be issued to sites that were audited as part of
the sample programme. Those certificates shall be clearly distinguishable from
certificates that are issued to individually certified companies and shall state
explicitly that the recipient is part of a certified group or multi-site organisation,
and any limitations to the scope of certification shall be transparent to customers.

If the multi-site organisation is allowed to sell their product outside of the group
or multi-site organisation, in all cases the member sites shall be transparent about
6.32 Certificates CPO Policy shall clearly state conditions.
the source and scope of certification, by providing customers with a copy of the
certificate as issued above.

In addition, Certification Programmes recognised against those scopes:

• G PROVISION OF STORAGE AND DISTRIBUTION SERVICES

shall satisfy the below criteria, where:

• Tier 1 (T1): Main / National / Regional Distribution Centres or Central Warehouses: Food, Feed or Packaging Distribution or Storage Facilities, at a single site or location
and operating under one Food Safety Management System. T1 facilities can have T2 facilities and / or sites (T3) managed by the organisation seeking the certification
(each site shall have a certificate, no multi-site sampling option available).

• Tier 2 (T2) and Tier (T3): Satellite Warehouse, Distribution Hub, Cross Docking site: Food, Feed or Packaging Distribution or Storage Facilities, at a single site or location
and operating under one Food Safety Management System. These sites are always linked to a larger T1 distribution centre, storage warehouse or organisation with
multiple T1 facilities or in the case of a T3 site via a T2 site. T2 sites and T3 sites are always managed and under the direct control of a T1 facility or an organisation with
multiple T1 facilities seeking certification (multisite sampling option available).

50 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

SINGLE SITE CERTIFICATION

TIER 1 SITE

MULTI-SITE CERTIFICATION

TIER 2 SITE TIER 2 SITE TIER 2 SITE TIER 2 SITE TIER 2 SITE

TIER 3 SITE TIER 3 SITE TIER 3 SITE TIER 3 SITE TIER 3 SITE TIER 3 SITE TIER 3 SITE TIER 3 SITE TIER 3 SITE TIER 3 SITE

TIER 3 SITE TIER 3 SITE TIER 3 SITE TIER 3 SITE TIER 3 SITE

MULTI-SITE CERTIFICATION

51 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

CLAUSE CLAUSE
REQUIREMENTS IMPLEMENTATION GUIDANCE
NUMBER NAME

General Multi-site certification shall only apply to organisations with CPO Policy shall clearly state conditions meeting IAF MD 1
6.33
Requirements more than 20 sites operating similar processes conditions.

A Certification Programme shall certify each Tier 1 facility site

of a company’s distribution and / or warehouse operations
General with each T1 site having its own single certificate. However, CPO Policy shall clearly state conditions.
6.34
Requirements a multi-site approach may be used to include all T2 or Evidence of compliance through certificates.
below (e.g. T3) satellite sites linked to the T1 organisations’
certification.

All sites within a multi-site sampling programme shall

be operating under the same storage conditions (e.g.
ambient stable, refrigerated, frozen or combinations of
these) and have the same risk profile (e.g. size of site, shift
General
6.35 patterns, management structure and employee numbers). CPO Policy shall clearly state conditions.
Requirements
Therefore, it is recognised that an organisation could have
several multi-site sampling programmes based on different
process and risk profile, but these programmes shall be
clearly defined and documented.

The sample size shall meet the requirements defined in the

6.36 Site Audit Sampling CPO Policy shall clearly state conditions.
table 2.

52 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Table 2: Minimum sample size for the certification of multisite

organisations based on sampling for scope G
20-25 5

26-50 8

51-100 10

101-250 16

251-500 23

501-1000 32

Roundup number of square root of

Over 1000
total number of sites.

53 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

Glossary Clarifications
Site A site could include all land on which processes/activities under the control of an organisation at a given location are carried out,
including any connected or associated storage of raw materials, by-products, intermediate products, end products and waste material,
and any equipment or infrastructure involved in the processes/activities, whether or not fixed. Alternatively, where required by law,
definitions laid down in national or local licensing regimes shall apply. Where it is not practicable to define a location (e.g. for services),
the coverage of the certification should take into account the organisation’s headquarters processes/activities as well as delivery of its
services. Where relevant, the Certification Body may decide that the certification audit will be carried out only where the organisation
delivers its services. In such cases all the interfaces with its central function shall be identified and audited.

Single site certification A full certification audit covering the entire scope (of the audit) shall be conducted at the site. This certification option does not allow for
sampling (multi-site) or partial audits.

Central function An identified central department (but not necessarily the headquarters of the organisation) which has the responsibility to plan, control
and manage the organisation’s food safety management system.
Note: this could also be an organisation which is employed by or is a subsidiary of a larger organisation.
Note: This is only applicable to scopes stated within Section 6 Multisite

Multi-site organisation A multi-site organisation need not be a unique legal entity, but all sites shall have a legal or contractual link with the central function
(See Glossary) of the organisation and be subject to a single management system, which is laid down, established and subject to
continuous surveillance and internal audits by the central function. This means that the central function has rights to require that the
sites implement corrective actions when needed in any site. Where applicable this should be set out in the formal agreement between
the central function and the sites. PLEASE NOTE: This definition does not apply to multi-site organisations with multiple management
systems implemented across the organisation. In such cases, each site is treated as a single-site organisation and audited accordingly.

Remote From a location other than the physical location of the audited organisation

On-site On-site audit activities are performed at the location of the audited organisation.

ICT Information and communication technology. The use of technology for gathering, storing, retrieving, processing, analysing and
transmitting information. It includes software and hardware such as smartphones, handheld devices, laptop computers, desktop
computers, drones, video cameras, wearable technology, artificial intelligence, emails, and others.

54 The GFSI Benchmarking Process

 The GFSI Benchmarking Requirements version 2024

These glossary definitions shall help to clarify the expectations of design of audits.

Note that section 6 ‘multisite’ audit design is only permissible for scopes for the
specified farming scopes AI, AII, BI and BII, BIII PRE-PROCESS HANDLING and G
PROVISION OF STORAGE AND DISTRIBUTION. Iterations of multisite auditing within
other scopes is not permitted.

Site certification is based on undertaking the audit and issuing a certificate to

the audited site and shall meet all GFSI requirements ensuring the Certification
Programme is audited in its entirety at the certificated site which may include remote
auditing activities.

For example:

• Specific functions eg purchasing, product development are audited remotely

using ICT at the time of (including within 30 days of) the site audit is acceptable.

• Central office functions audited at a separate time and used as part of certification
of a number of single site audits is NOT acceptable.

• Physically separate sites incorporating part of the manufacturing process such

as storage is physically audited at the time of the onsite audit is acceptable.

Documented rules around these permitted scenarios shall be clear and unambiguous
ensuring GFSI requirements are met.

55 The GFSI Benchmarking Process