FAQ for certification bodies and auditors
IFS HPC V2
February 2018
Issue: 3
1
�1. FAQ | Audit protocol
1.1. Specific information that the certified company shall address with the certification
body
1.1.1 How can a situation be managed when the auditor notices during the audit that the
company did not inform the certification body of “any change that may affect its ability to
conform to the certification requirements…”, as required in chapter 3.2, Part 1 of IFS HPC
version 2?
The auditor may rate a deviation on requirement 5.9.1 (procedure for management of
incidents).
1.2 COID management in the event of a company changes name, or site etc.
1.2.1 Company changes name but keep same site, same address, same personnel, etc.
In this case, the COID will be still the same, but on the certificate shall be mentioned the
new name of the company. Moreover, this situation will be explained on the “overall
summary of the audit” section on the audit report.
To be able to change the name on the current certificate, the certification body shall
contact our IT external service provider.
As a recommendation, the company should also inform to its clients that they will change
the name so that IFS users can search them in the database.
1.2.2 Company has a new address but same name, same personnel, etc.
In this case, as there is a change of address therefore a new site, a new COID shall be
issued and new audit shall be performed. The current certificate shall be suspended as
soon as the production stops in the "old" site.
The first audit to be performed at the new site shall be considered as initial audit.
As a recommendation, the company shall inform its customers due to new COID on the
database.
2
�1.2.3 Company keeps same name and address but changes the Top management (e.g.
new owner)
No change of COID is needed. The certification body may perform a risk assessment and
assess if it is necessary to perform or not a follow-up audit to ensure that current
certificate is still valid. Probably, this follow-up audit shall not be necessary.
1.3 Is it possible to certify two legal entities at a single site?
Yes, it is possible, often retailers want its own brand not connected with the same
production site of other retailers, that’s why the company creates a new legal entity. This
condition is accepted only if, under the pre-requisites that all technical parameters (e.g.
risk profile, processes, employees etc.) are the same.
Later, it will be issued for each legal entity, exactly the same certificates, audit reports and
action plan.
1.4 Translation rules and use of a translator in IFS HPC audits
1.4.1 How to handle a situation when a translator is needed?
Note: please make sure before auditing the site, what is the situation in regards to
use of English during the audit, documentations language, etc. to avoid further
problems.
In any case, the certification body is responsible to ensure the quality of the audit.
(E.g. proper communication with personnel, check of documentation etc.)
The use of the translator shall be necessary in cases where the quality of the IFS HPC audit
is not ensured and can be compromised.
Depending on the situation, a translator may only be necessary during the visit on site, or
in the worst case during the complete audit.
In the event of use of a translator, it is up to the certification body to establish the
time needed with her/him during the audit.
It is also responsibility of the certification body to determine the total audit duration due
to translation activities.
In case of an audit team:
If at least one auditor speaks the language of the company, it is not necessary to use a
translator, but the audit team is not allowed to split during the audit so that the auditor
who is also the translator is always present during the different steps of the audit.
3
� Requirements of a translator:
Senior translator (experienced person /familiar with this activity).
To ensure independency, the certification body performing the audit shall contact the
translator.
Only for IFS Global Markets HPC assessments, the translator could be an employee of the
company (but no consultant). This employee should be in her/his position independent
from the site/department audited.
1.5 Type of audits
1.5.1 Initial audit
1.5.1.1. Pre-assessment: in case of a company has failed the IFS HPC initial audit, can a consultant
perform an assessment of the company before the next “regular” IFS HPC audit?
Yes, it is possible for a consultant to perform an assessment.
It is not accepted that a failed “regular” audit becomes an assessment due to the failure.
Any failed “regular” IFS audits shall be uploaded in the IFS portal.
In any case, the consultant/auditor who performs the assessment shall be different from
the auditor who performs the IFS audit.
1.5.2 Follow-up audit
1.5.2.1 If a company failed the follow-up audit and decides to change certification body, is there
a minimum period of time before starting a complete new certification process?
The company can start a new certification process earliest 6 weeks after the last audit.
1.5.2.2 What to do when a Major is rated during an audit and during the follow-up audit the
Major is still not solved? What is the final result after a successful follow-up audit?
In this case, a KO could be rated on corrective actions (5.11.2).
The result of the follow-up audit is failed and therefore a new audit can be scheduled no
earlier than 6 weeks after the follow-up audit. See section 4.2 of Part 1 of the standard
for further information.
After a successful follow-up audit, the company shall be granted with certification only at
foundation level.
4
�1.5.3 Extension audit
1.5.3.1 Is it possible to change the scoring of one requirement already audited during the
“regular” audit?
As defined in the protocol, the report of extension audit is an annex of the existing audit
report and the new scoring shall not have any impact on the scoring of the normal audit.
So it can happen that the scoring of an already audited requirement is changed during
the extension audit, but this does not affect the “regular” scoring.
1.5.3.2 What happens if the final score is < 75 % following the extension audit?
In this case, the activity (subject to the extension audit) cannot be included in the audit
scope. In general, it is recommended to the auditor during the extension audit, to
inspect if conditions of the IFS certification are maintained in general. Based on their
risk assessment, the certification body shall decide if the “normal” audit is still valid or
not and if a full new audit shall be performed.
1.5.3.3 What is the fee for uploading an extension audit in the IFS portal?
As for follow-up audits, uploading an extension audit report is free of charge.
1.5.3.4 Should the auditor who performs the extension audit be the same as the one who
performed the “main” audit?
The choice of the auditor remains the responsibility of the certification body: the only
pre-requisite is that the selected auditor is IFS approved for the product scope(s)
related to the scope of the extension audit.
1.5.3.5 How is a situation managed when the auditor notices during the “regular” audit that a
new activity has been implemented but the company did not require an extension
audit?
The auditor should rate a deviation on requirement 4.1.2 (changes of contractual
agreements).
1.5.3.6 One auditor performs 3 consecutive audits in the same production site. Each
year, there is an extension audit. If the extension audit for the 3rd year is performed
by another auditor, can the main auditor perform the ”regular” audit for the 4th year?
No, this is not possible. The rule for “3 consecutive audits” applies for “regular”
audits.
5
� 1.6 Management of outsourced products/processes
1.6.1 How are outsourced processes/products managed in IFS HPC version 2? Certificate and
report.
If an HPC processing site being IFS HPC audited, outsources parts or all of its production
processes/product(s), to another different company, the assessment of the sub-chapter
4.4.8 shall be done.
For further information see guideline for auditors.
Besides being stated on the report, it shall be declared on the certificate too. If the
description is very long, it may be acceptable to write the following sentence beneath
the description of products and processes: “Besides own production, company has
outsourced processes and/or products.” Additional details on the report shall be given.
If requirements for outsourced processes and/or products are not respected, it may lead
to a non-conformity scoring for the site being audited.
Note: storage, distribution, pest control, cleaning and disinfection, etc. are typical service
providers and therefore not considered outsource production processes as it is meant in
the standard.
1.7 Management of traded products
1.7.1 How are traded products handled in IFS HPC version 2?
Traded products are products which are manufactured, packed and labeled by and under
a different company name than the company being IFS HPC certified. Traded products as
above defined, are excluded from the scope of the IFS HPC audit.
Traded products shall be only mentioned on the company profile of the audit report.
If an HPC processing company would like to certify traded products (processed, packed
and labeled by and under a different company name), a combined IFS HPC/IFS Broker
audit may be performed.
In this case the company will be subjected to two certificates and two reports.
1.8 What if the company does not fulfill the conditions of use of the IFS logo?
In cases where the auditor identified that the company does not fulfil the conditions of
use of the IFS logo, the auditor shall notify it on the company profile of the audit report
and shall inform the IFS offices accordingly.
6
� 2. FAQ | General questions related to requirements, performing audit etc.
2.1 Scoring a requirement as a deviation
2.1.1 Is double devaluation/punishment allowed in IFS scoring?
Double punishment should be avoided in general, but if the corrective action of the fault
is different and in relation to another requirement, then the same topic can be punished
twice or more often.
2.2 Audit trial of the IFS HPC audit
• Finished products selected as examples for the audit are the "audit trail" for obtaining
audit evidence (products may be selected from the companies finished goods
warehouse or retain sample storage).
• Careful product selection enables the auditor to obtain effectively and efficiently audit
evidences against IFS requirements.
• If an appropriate number of products has been selected (often 2-3), the corresponding
documents e.g. finished product specifications are used as a reference and interface
during the whole audit.
• This approach helps the audit to perform a product/process audit and to remain
focused.
The auditor selects the product to obtain the maximum information about the company
and its products (often: most complex product).
The aim is to select representative samples (products).
Suggestions for the selection of a product:
• A product used for retailer branded products,
• A complex product produced in small quantities,
• A product produced in large quantities,
• A product produced on the day of the audit,
• Products which represent the complexity of the existing product groups,
(e.g. a low risk/secondary and a high risk/primary product)
2.3 One HPC company produces besides household and personal care goods packaging
materials for its own products. How to handle this situation?
Production of packaging material shall be audited but not included in the scope. In this
case, how shall then the auditor assess packaging production whether is not included in the
scope?
7
� The auditor shall check how the company ensures the packaging they produce is
safe and right for the product. Although there is no a specific subchapter in HPC for
packaging materials, there are several requirements which could be audited by the auditor.
For instance:
2.2.3.5, 4.2.11, 4.2.2.5, 4.3.2.9, 4.3.2.10, etc.
Further information can be found in the guideline for auditors. Some examples:
• How is it ensured that packaging materials have no negative effects on the product?
• Did the company consider migration tests (mandatory for cosmetics)?
• Has a risk assessment been performed in relation to suitability of packaging material?
<risk assessment>
• Packaging material should be tested concerning negative influences on the product. The
results should be documented. Which frequency? Are all components of the packaging
material considered?
3. FAQ | Requirements for auditors and certification bodies
3.1 Sign-off witness audit/observer
Besides the explanation that can be found in section 3.2.1 of part 3 of the standard, it is also
possible to accept as an initial witness audit (sign-off audit) e.g. an IFS PACsecure audit,
COSMOS audit, etc.
According to the standard, if option 2 is chosen, the observer must be an approved IFS HPC
auditor for the right scope(s).
If option 1 is chosen then, the observer may be an approved IFS auditor (for any production
scheme) having taken part at the IFS HPC a/r course.
3.1 What are the requirements for the witness auditor in the frame of the maintenance
of auditor’s qualification? i.e., the witness audit conducted every two years.
The observant in the frame of qualification maintenance shall be:
Preferably an IFS HPC auditor.
or
8
� IFS approved auditor (for any production scheme) plus having taken part at the IFS
HPC a/r course.
3.2 One day in house training for HPC to be performed yearly. Is it allowed to train
auditors via webinar or other virtual means? Is it necessary to provide evidences to IFS
of this in house training?
This training shall be held as face to face session. For exceptional cases, please contact the
IFS offices.
It is no necessary to submit any proof to IFS as this is something that might be checked by
Integrity Program during a normal certification body office audit.
3.3 Can a HPC auditor be automatically an IFS HPC reviewer?
Yes, they could be automatically IFS HPC reviewers too.
4 FAQ | Reporting, auditXpressX software and IFS audit portal
4.1 Is it possible to upload first audit report/ corrective action plan and later the
certificate on the IFS portal?
No, the IFS IT system does not allow this; every document shall be uploaded at the same
time.
4.2 What is expected on the “overall summary of the audit” in the IFS report?
IFS expects the auditor to provide a summary about the major results of the audit,
especially focusing on the main deviations/non-conformities found. This summary shall
neither be a repetition of the mandatory fields nor of the explanations provided for the
assessment of each requirement.
All topics that may be important for the auditor to mention.
The aim of the report is to have a general overview of the company ‘processes,
organization, how they control their risks etc.
In a nutshell, easy to understand for a third reader.
IFS does not expect a long description of two pages but complete enough to
understand the situation.
9
� Note: general sentences are not useful for the readers as they can be used for all
type of companies and all type of situations and does not entirely fit with company´s reality.
4.3 Guidance on scoping in the IFS HPC certificate
As the scope of an IFS HPC audit is purely processing activities, all steps which may go
beyond that are not relevant. Processes which are already per se included in the
requirements chapters of the standard, shall not be pointed out additionally, because if a
production site has product development this shall be audited by the auditor during the
audit.
Either way, it is not allowed to specify on an IFS HPC certificate words like “distribution”
(as it may be confusing with pure logistics activities) or “sales” as it is an activity which is
excluded from the scope of IFS HPC.
“R+ D”, and/ or “design/development” are also excluded from the scope as the focus of
the standard is on production activities.
In general, the scope of the certificate shall mention detailed description of process (es) /
product(s) groups.
In case of outsourcing and/ or Product Defense is assessed it will be anyway mentioned on
the certificate.
10
