Virtual Integrated Advanced management SYstems Solutions & Tools cont FSSC Integrity Program Audit Data Summary & Auditor Database CB instructions for use Introduction In the framework of the implementation of the FSSC 22000 integrity program, the FSSC Foundation partnered with ViaSyst to implement the FSSC 22000 audit data summary (or full report) & auditor database on the ViaSyst audit management platform. The ViaSyst platform is a fully dematerialized, web-based tool allowing CBs to manage audit reports, action plans & auditor experience & qualification by ensuring both consistency and time & costs saving. The ViaSyst platform supports audit reports for the major management systems standards: ISO 9001, ISO 14001, ISO (or FSSC) 22000, OHSAS 18001, ISO 27000. The new databases are directly linked, on the same server and accesses, with the existing certificate database launched in May 2012. All existing data will be kept. FSSC database implementation steps: 1. Certificate database: since 01.05.2012 a) Certificate database 2. Integrity program, KPIs & indicators: from 01.10.2014: b) Audit data summary c) Auditor database 3. Full audit report: open (available from 01.10.2014, but not required by FSSC) d) Full audit report database For the step 2, CBs will not be required to submit full audit report data on the database, but only an audit data summary. CBs will be free to submit the full audit report to their clients on the format they want. Nevertheless, CBs wishing to benefit the simplifications, advantages and savings brought by the full report will have the opportunity to use the ViaSyst platform to edit their full reports and share them with their clients. Interested CBs are invited to contact ViaSyst (info@viasyst.com) for more information and a free demonstration. Summary 1. Login... 2 2. Browse your CB Administrator homepage... 2 3. Personalise your application... 3 4. Add an auditor or a CB user... 4 5. Enter an FSSC Audit Data Summary (ADS)... 10 6. Edit / update a certificate... 22 7. Enter an FSSC full report... 24 1/24
1. Login Use a compatible browser, i. e. Internet Explorer 7 or 8, Firefox 2 or 3, Chrome, Safari. Browse www.viasyst.net The following access page will appear: Enter the access codes you received and login. 2. Browse your CB Administrator homepage Study briefly the various options available behind the various menus of your CB administrator (or auditor) homepage. Come back to the homepage for the next step. 2/3
3. Personalise your application As a CB, you can personalise your environment by uploading your logo. Click on Admin on the menu bar on the top: Click on Edit on the right: Browse and upload your logo. NOTE: Maximum file size: 24 MB. Allowed extensions: png gif jpg jpeg Save and : YES! 3/3
4. Add an auditor or a CB user The CB Admin can create as much additional auditors (and/or CB users) as necessary, according to its organisation, responsibilities and authorities for entering and updating the FSSC database. Proceed according to the following steps. 4.1 Add Auditor Click on Auditors on the menu bar on the top of your Home page. Click on Add auditor on the right: Enter First name, Last name, and CB Auditor Number (allocated according the CB s own numbering system). NB: Choose the numbering system for the auditors that is convenient for you or just take over the one you already use. 4/3
Save 4.2 Edit & update the auditor qualification folder Select the auditor to update (by clicking on his/her CB auditor number on the link Auditor ) and click on FSSC qualification on the top right. Click on Edit on the top right to enter the general information related to the auditor. NOTE: the database checks automatically all obligatory fields and warns you about the missing information requested to save your data. 5/3
Enter all requested information and Save. Click on FSSC qualification on the top right to enter the granted specification: Click on «Edit»: Enter the granted 22003 scopes + the various dates (all required by FSSC) & Save This database contains a register with the details of the auditor s qualifications, training, experience and scope of activity in relation to the scheme s product categorization (FSSC Part II, Auditor registration system). 6/3
The certification body shall register qualified auditors with the Foundation and update the register at least once a year. Element 1. Competence assessment 2. Initial and continuous training 3. Auditor experience FSSC 22000 requirement A documented sign off of the satisfactory completion of the training program by the appointed supervisor. The competence of auditors shall be reestablished every 3 years. Reference: FSSC 22000, Part II, Appendix II A1, section 1. A plan for continued training to keep the auditors up to date with the best practices and relevant regulatory and statutory developments in the sector(s) where they perform audits. Reference: FSSC 22000, Part II, Appendix II A1, section 2. In order to maintain category and scheme knowledge, auditors shall be required to carry out a minimum of 5 on-site GFSI recognized audits at different organizations each year. Reference: FSSC 22000, Part II, Appendix II A1, section 2. 4. Witness audit Witness audit. Reference: ISO 17021, clause 7.2.12 Enter the date on which the documents (evidence) were reviewed and accepted by the appointed supervisor of the CB. The CB is responsible for keeping records and documents as supporting evidence. 4.3 Complete the auditor qualification folder for desk review purposes (ONLY on FSSC specific request, not mandatory for all auditors) Continue entering the auditor folder by using the menus on the left (followed by Edit ): - Audit experience (see further on) - Competence assessment - Witnessing - Initial & continuous training 7/3
NOTE 1: enter no more audit experience than required by FSSC, i.e. 5 audits per year against any GFSI recognized FSMS scheme (see drop list of accepted schemes by entering data). NOTE 2: there are 2 ways to enter audit experience: a) automatically incremented for any FSSC audit report (full or summary)entered in the database, b) entered manually by using Add experience for additional GFSI audits as necessary. NOTE 3: format of the competence assessment report to be uploaded is free, provided it is in English. Competence assessment shall be repeated every 3 years, and shall address all ISO 22003 food chain categories for which the auditor is qualified. NOTE 4: format of the witnessing report to be uploaded is free, provided it is in English. Witnessing shall be repeated every 3 years, on any FSSC scheme. NOTE 5: initial training shall be entered only once, by creating the auditor folder. NOTE 6: continuous training shall be recorded according to FSSC requirement, i.e. 1 day per year FSSC training (program & attendance record to be uploaded). 4.4 Assign CB admin (or auditor) access rights To assign a CB user login and password: (NOTE: this is only necessary for CB admin people needing to enter or upload data on the database, or for auditors for CBs who choose to edit full audit reports on the database) Click on Access rights on the menu bar on the top of your Home page. 8/3
Enter the fields, select language, and assign or not CB Admin level (necessary to have right to add organisations and to create, edit and assign auditors). 4.5 Assign organisations to an auditor (ONLY for editing full reports on the database not required by FSSC) For auditors (who normally do not have access to all organisations data within the CB, tick (Column Edit / Write) the organisations he/she is authorised to edit audit report data: 9/3
NOTE 1: to find an organisation in the list, use the Ctrl+F search function. NOTE 2: by changing the assigned auditor(s), the new one will access the entire organisation s folder, and the ancient one will loose access. 5. Enter an FSSC Audit Data Summary (ADS) The present section provides instructions for entering audit report data (full or summary) directly in the database, e.g. for CBs who decided to use the database to use the database functionalities to interactively provide the audit report and manage the action plan with their clients. NOTE 1: if the data are to be entered by another (or several other) person within your CB organisation, first move to section 4 of the present instructions and create the corresponding user. NOTE 2: the most efficient way to enter the audit report data is to ask the (lead) auditor to do it directly. NOTE 3: for certification of organizations with multiple sites, each certified site shall be entered separately within the database (see 6.2). 5.1 Add Organisation Click on Organisations on the menu-bar on the top of your Home page. You access the following page: Click on Add organisation on the right. NOTE: a CB Admin access is necessary to create an organisation and to assign it to the lead auditor. 10/3
You access the following page: Enter all fields marked with a *, which are the obligatory fields requested by FSSC for the audit data summary. NOTE: the same *code will be repeated on all pages where data shall be entered for the audit data summary. All the other fields do not have to be filled in they are to be entered for editing a full audit report (for CBs using the database for sharing full reports and managing actions plans with their clients, or for integrity program desk reviews). Click on Save in the bottom of the page. Check whether organisation creation succeeded (green display bar below), unless (red display bar with error message) remediate by using Edit on the right. 5.2 Provide access to your client organization NOTE: this step is not required by FSSC for entering the audit data summary. RATIONALE: the ViaSyst database allows CBs to interact with their certified organizations for a) sharing audit report (full or summary) data, b) online interactive editing & completing action plans linked to non-conformities. Interested CBs may (but are not obliged to) use this functionality instead of any other form or database to save time by managing the action plans (see 5.8). Click on Contact in the left hand side margin (see print screen above). 11/3
Click on Add user on the top right. Enter the client s organization contact details and Save NOTE 1: you may create as much client s users as required. NOTE 2: the tick box Quality manager shall be activated if you want that your client can complete the action plans directly on the database. 5.3 Add Audit The present section provides instructions for entering audit report data using 2 methods, 1- Enter audit report data directly on the database (5.3.1) 2- Add an audit data summary by using the transfer form to upload the audit report (5.3.2) CBs can choose one of the methods described below. 5.3.1 Enter an audit data summary (ADS) directly on the database Go back to the Home page. Click on the organisation name you just created on the left hand side margin. TIP: To browse a longer organisations list - type Ctrl + F, and enter company name, or - click on Organisations on the menu bar on the top of your screen and use the filters by typing the company name 12/3
The following screen appears: Click on Audits in the left hand side menu (see above). Click on Add audit on the right (see image below). Choose New audit in the drop list. Click on Create on the right (see image below). 13/3
TIP: if there is already an audit report (or summary) for the organisation on the database, you will preferably choose the last audit in the drop list. This brings advantage that all available and potentially stable data will be taken over from the last report so that you spare a lot of time for entering the new report, by just checking existing data and updating as necessary. Assign the applicable standards (see below), whereby systematically 3 standards shall be assigned, i.e.: 1. ISO 22000 2. Applicable PRP scheme, with corresponding 22003 version 3. FSSC additional requirements, with corresponding 22003 version Save Browse the italic menus on the left hand side (see below) and enter the corresponding data by editing/saving each page (all fields marked with * are requested for the FSSC audit data summary) NOTE: FSSC editorial guidance is associated to the fields as necessary 14/3
Validate the audit report summary (see 5.7) 5.3.2 Transfer form to upload the audit report NB: The FSSC audit data summary transfer tags document will help you set up an audit report form allowing to identify (or tag ) the data to be uploaded. Use the tags in this document to construct your audit report. Refer to the instructions for use in the introduction of the applicable FSSC audit data summary transfer tags document. Go back to the Home page. Click on the organisation name you just created on the left hand side margin. TIP: To browse a longer organisations list - type Ctrl + F, and enter company name, or - click on Organisations on the menu bar on the top of your screen and use the filters by typing the company name The following screen appears: 15/3
Click on Upload Audit Data summary in the left hand side menu (see above). Click on Attach new file. Browse the tagged report to upload from your documents Save Check whether upload succeeded (green display bar below), unless (red display bar with error message) remediate by correcting the tagged transfer document. 16/3
Once the entire audit s information is entered, click on CB Validation to validate the audit. Note: The validation of the audit is necessary to increment the audit experience for the auditor and be visible on his profile. 5.4 Audit Folder You accessed the directory page of the audit folder you just created. This is the hub from where you can manage the audit report (full or summary) edition & validation. In contrary to the organization s page, this page and all related items (see menu on the left hand side) is editable by the assigned auditors. For editing the audit title (e.g. specifying whether it is a certification or surveillance audit, or entering the real audit date), click on Edit on the top right. NOTE 1: the tick box Visible by customer may be activated if you want to share the audit report data with your client organization (see 5.2), e.g. for completing the action plan. 17/3
NOTE 2: this page is visible neither by the client organization nor by the scheme owner (FSSC). Click on Save 5.5 Enter Audit Report Data (full or summary) NOTE 1: only fields marked with a * are requested by FSSC for the audit data summary. NOTE 2: all the other fields do not have to be filled in they are to be entered for editing a full audit report (for CBs using the database for sharing full reports and managing actions plans with their clients, or for integrity program desk reviews). NOTE 3: for CBs using the database for editing & sharing their full audit reports, it is advantageous that the auditors edit their report directly on the database. Browse the italic menu on the left hand side and enter either a) fields marked with a *, as a minimum required by the FSSC audit data summary, or b) all fields for a FSSC compliant full report audit. NOTE 4: there are no required fields (*) on the page General impression for the FSSC audit data summary. 5.6 Add audit findings All the audit findings can be added directly from the tagged transfer template that you will upload, but you can also add findings manually, as described below: To add an audit finding, click on Add finding on the top right. 18/3
You access following page: First, assign your finding to the corresponding clause of the standard and grade it by clicking on add beside the standard number (see above). Use the tick lists to select corresponding interpretation (grading) and clause, Save. TIP: to reorder audit findings according to your editing preferences or rules (e.g. progressive clause numbering), you can click on the cross on the left of the finding and drag it at the correct place + Save. See below: before 19/3
and after 5.7 Validate the audit report Once he entered and checked all audit data, the auditor (or CB) shall validate the audit report by clicking on Validation by the lead auditor on the top right. If any required field for the FSSC audit data summary is missing, a red bar will appear, with links to complete the corresponding fields (see print screen below). 20/3
Note: The validation of the audit is necessary to increment the audit experience for the auditor and be visible on his profile. 5.8 Complete & validate the action plan Complete (CB, lead auditor or client) the action plan by editing the fields Cause analysis and Planned corrective action. Click on Non-conformity manager on the lhs. You ll see the summary of all findings, with their completion progress & status: Click on See finding to edit any of them. To validate the action plan, go on the bottom of the page and Validate finding per finding: NOTE 1: the lead auditor may validate progressively as soon as he receives an automatic e-mail alert when the client completes the action plan. 21/3
NOTE 2: the status will appear ticked as validated once the non-conformity completion will have been verified and validated at next audit (which is another level of validation as validation of the action plan): 6. Edit / update a certificate 6.1 Add or update a certificate Click on Certificates linked to the audit at the bottom of the left hand side menu (see print screen). Click on Add certificate on the right. Select the corresponding standard: For Food Manufacturing: FSSC Manufacturing - ISO 22002-1:2009 (22003:2007) FSSC Manufacturing - ISO 22002-1:2009 (22003:2013) For Packaging: FSSC Packaging - ISO 22002-4:2013 (22003:2007) FSSC Packaging - ISO 22002-4:2013 (22003:2013) FSSC Packaging - PAS 223:2011 (22003:2007) FSSC Packaging - PAS 223:2011 (22003:2013) For Feed: FSSC Feed - PAS 222:2011 (22003:2007) FSSC Feed - PAS 222:2011 (22003:2013) NOTE: DON T use the ISO 22000 option, as it doesn t allow to differentiate which scheme is applicable 22/3
In addition to the data already available through the audit data summary (or full report), enter the following fields as required by the FSSC certificate database: - Accredited: enter whether the certificate is issued yes or no under your current CB accreditation scope - Issue ( From date: ) and expiry date ( To date; ) - Initial certification date (may be the same as initial for first certification) - Issuer is a facultative field, where you can enter the persons in charge of the certification decision. Enter the issue, expiry and initial dates on the bottom of the page. Click on Save 23/3
6.2 Organizations with more than one location In case of organizations with more than one location, FSSC requires a separate certificate and report for each location or site. Repeat steps 5.1 to 5.9 for each certified site. IMPORTANT: FSSC does not allow multi-site certification. See FSSC guidance document Guidance notes on certification with more than one location. 6.3 Renewal of certificate in case of recertification In case of recertification (certificate renewal), you can either a) Create a new certificate with specific dates, or b) Edit the existing certificate and change issue and expiry dates Enter an FSSC full report To be completed Dublin, September 17, 2014 24/3