[Federal Register Volume 78, Number 145 (Monday, July 29, 2013)]
[Proposed Rules]
[Pages 45782-45839]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-17994]
[[Page 45781]]
Vol. 78
Monday,
No. 145
July 29, 2013
Part IV
Department of Health and Human Services
-----------------------------------------------------------------------
Food and Drug Administration
-----------------------------------------------------------------------
21 CFR Part 1 and 16
Accreditation of Third-Party Auditors/Certification Bodies to Conduct
Food Safety Audits and to Issue Certifications; Proposed Rule
��Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 /
Proposed Rules��
[[Page 45782]]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Food and Drug Administration
21 CFR Parts 1 and 16
[Docket No. FDA-2011-N-0146]
RIN 0910-AG66
Accreditation of Third-Party Auditors/Certification Bodies to
Conduct Food Safety Audits and to Issue Certifications
AGENCY: Food and Drug Administration, HHS.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: The Food and Drug Administration (FDA) is amending its
regulations to provide for accreditation of third-party auditors/
certification bodies to conduct food safety audits of foreign food
entities, including registered foreign food facilities, and to issue
food and facility certifications, under the FDA Food Safety
Modernization Act (FSMA). Use of accredited third-party auditors/
certification bodies and food and facility certifications will help FDA
prevent potentially harmful food from reaching U.S. consumers and
thereby improve the safety of the U.S. food supply. FDA also expects
that these regulations will increase efficiency by reducing the number
of redundant food safety audits.
DATES: Submit either electronic or written comments on the proposed
rule by November 26, 2013.
ADDRESSES: You may submit comments, identified by Docket No. FDA-2011-
N-0146 and/or Regulatory Information Number (RIN) 0910-AG66, by any of
the following methods.
Electronic Submissions
Submit electronic comments in the following way:
Federal eRulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
Written Submissions
Submit written submissions in the following ways:
Mail/Hand delivery/Courier (for paper or CD-ROM
submissions): Division of Dockets Management (HFA-305), Food and Drug
Administration, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852.
Instructions: All submissions received must include the Agency name
and Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66 for this
rulemaking. All comments received may be posted without change to
http://www.regulations.gov, including any personal information
provided. For additional information on submitting comments, see the
``Comments'' heading of the SUPPLEMENTARY INFORMATION section of this
document.
Docket: For access to the docket to read background documents or
comments received, go to http://www.regulations.gov and insert the
docket number, found in brackets in the heading of this document, into
the ``Search'' box and follow the prompts and/or go to the Division of
Dockets Management, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852.
FOR FURTHER INFORMATION CONTACT: Charlotte A. Christin, Office of the
Commissioner, Office of Policy, Food and Drug Administration, 10903 New
Hampshire Ave., Bldg. 32, Rm. 4234, Silver Spring, MD 20993, 240-402-
3708.
SUPPLEMENTARY INFORMATION:
Executive Summary
Purpose of the Proposed Rule
This proposed rule, if finalized, will help FDA ensure the
competence and independence of third-party auditors/certification
bodies who conduct foreign food safety audits. It also will help ensure
the reliability of food and facility certifications issued by third-
party auditors/certification bodies that FDA will use in making certain
decisions relating to imported food (including pet food and animal
feed). These certifications include, for example, food certifications
required by FDA as a condition of granting admission to a food
determined to pose a safety risk. Having comprehensive oversight of a
credible and reliable program for third-party audits and certifications
of foreign food facilities will help FDA prevent potentially harmful
food from reaching U.S. consumers and thereby improve the safety of the
U.S. food supply. We believe that a trusted program for foreign food
safety audits and food and facility certifications--with clear
requirements, standards, and procedures and operated under government
oversight--will be appealing to accreditation bodies, auditors/
certification bodies, and foreign food facilities. Widespread
participation and broad acceptance of audits and certifications under
the FDA program will help increase efficiency and reduce costs, by
eliminating redundant auditing to assess foreign suppliers' compliance
with the Federal Food, Drug, and Cosmetic Act (the FD&C Act).
FSMA adds section 808 to the FD&C Act (21 U.S.C. 384d), which
directs us to establish a new program for accreditation of third-party
auditors \1\ conducting food safety audits and issuing food and
facility certifications to eligible foreign entities (including
registered foreign food facilities) that meet our applicable
requirements. Under this provision, we will recognize accreditation
bodies to accredit third-party auditors/certification bodies, except
for limited circumstances in which we may directly accredit auditors/
certification bodies to participate in the accredited third-party
audits and certification program.
---------------------------------------------------------------------------
\1\ Section 808 of the FD&C Act uses the term ``auditor'' to
describe an entity that conducts audits and issues certifications.
We propose to use the term ``auditor/certification body,'' which
adds the words ``certification body'' to better comport with the
terminology used by the food industry and the international
standards community when describing organizations that not only
conduct audits but also issue certifications based on audit results.
We will use the statutory term only when referring to the
requirements of section 808 of the FD&C Act.
---------------------------------------------------------------------------
[[Page 45783]]
[GRAPHIC] [TIFF OMITTED] TP29JY13.008
We will use certifications issued by accredited third-party
auditors/certification bodies in deciding whether to admit certain
imported food into the United States that FDA has determined poses a
food safety risk and in deciding whether an importer is eligible to
participate in a program for expedited review and entry of food
imports. We will exercise oversight of the accredited third-party
audits and certification program and can remove an accreditation body
or an auditor/certification body for good cause, by revoking
recognition of the accreditation body or by withdrawing accreditation
of the third-party auditor/certification body.
We must issue implementing regulations that include measures to
protect against conflicts of interest and must issue model
accreditation standards that third-party auditors/certification bodies
must meet to qualify for accreditation.\2\ The statute directs us to
look to existing standards for guidance when developing these model
accreditation standards.
---------------------------------------------------------------------------
\2\ We will issue draft model accreditation standards to specify
the qualifications for accreditation, such as the minimum
requirements for education and experience for third-party auditors/
certification bodies (and their audit agents) to qualify for
accreditation. We will open a public docket to accept comments on
the draft standards and plan to take necessary procedural steps to
finalize the model standards.
---------------------------------------------------------------------------
Summary of the Major Provisions of the Proposed Rule
This proposal contains eligibility requirements for accreditation
bodies to qualify for recognition and requirements that accreditation
bodies choosing to participate in the FDA program must meet, once
recognized. It also contains eligibility requirements for third-party
auditors/certification bodies to qualify for accreditation and
requirements that third-party auditors/certification bodies choosing to
participate in the FDA program must meet, once accredited. These
requirements will ensure the competence and independence of the
accreditation bodies and third-party auditors/certification bodies
participating in the program for accredited third-party audits and
certification that is established under this subpart.
This proposal contains procedures for recognition and
accreditation, as well as requirements relating to monitoring and
oversight of participating accreditation bodies and auditors/
certification bodies. These include procedures that we will follow when
removing an auditor/certification body or an accreditation body from
the program. The proposed rule contains requirements relating to
auditing and certification of foreign food facilities under the program
and for notifying us of conditions in an audited facility that could
cause or contribute to a serious risk to the public health. The
proposed requirements for monitoring, oversight, and notification are
needed to give us, consumers, and other stakeholders confidence in the
program and in the accredited third-party auditors/certification bodies
and recognized accreditation bodies who participate.
The proposal also implements the authority granted by Congress in
section 801(q) of the FD&C Act (21 U.S.C. 381(q)) to make a risk-based
determination to require, as a condition of admissibility, that a food
imported or offered for import into the United States be accompanied by
a certification or other assurance that the food meets the applicable
requirements of the FD&C Act. This clear authority to require
[[Page 45784]]
import certification for food, based on risk, is one of the tools we
can use to help prevent potentially harmful food from reaching
consumers.
In addition, this document proposes requirements for accredited
third-party auditors/certification bodies to follow when issuing
facility certifications that will be used by importers to establish
eligibility for the Voluntary Qualified Importer Program (VQIP) under
section 806 of the FD&C Act (21 U.S.C. 384b(a)). The VQIP program
offers participating importers expedited review and entry of food from
facilities audited and certified by third-party auditors/certification
bodies accredited under this subpart.
Costs and Benefits
We summarize the annualized costs (over a 10-year time period
discounted at both 3 percent and 7 percent) of the third-party proposed
rule in Table 1. We are unable to estimate quantitatively the benefits
of the proposed rule. Although this proposed rule would not itself
establish safety requirements for imported food, it would benefit the
public health by helping to ensure that imported food is produced in
compliance with applicable requirements of the FD&C Act.
The Preliminary Regulatory Impact Analyses for the proposed rules
on Current Good Manufacturing Practice and Hazard Analysis and Risk-
Based Preventive Controls for Human Food (Preventive Controls) \3\ and
the Standards for the Growing, Harvesting, Packing, and Holding of
Produce for Human Consumption (Produce Safety) \4\ consider and analyze
the number of illnesses and deaths that those proposed regulations are
aimed at reducing. The greater the compliance with the Preventive
Controls and Produce Safety proposed regulations, the greater the
reduction in illnesses and deaths and associated costs expected.
---------------------------------------------------------------------------
\3\ The Preventive Controls proposed rule was published in the
Federal Register on January 16, 2013 (78 FR 3646).
\4\ The Produce Safety proposed rule was published in the
Federal Register on January 16, 2013 (78 FR 3503).
---------------------------------------------------------------------------
This proposed rule would be an important mechanism for improving
and ensuring compliance with the Preventive Controls and Produce Safety
proposed regulations as they would apply to imported food. For this
reason, we account for its public health benefits in the economic
analyses for those proposed rules and other applicable food safety
regulations, instead of in the analysis for this proposed rule.
Table 1--Summary of Annualized Costs of the Proposed Rule
----------------------------------------------------------------------------------------------------------------
Third party accreditation costs 3 Percent 7 Percent
----------------------------------------------------------------------------------------------------------------
Third Party Accreditation Costs for All Participants........................ $55,548,432 $56,756,016
Third Party Accreditation Costs for FDA..................................... 17,063,089 17,640,083
-----------------------------------
Total Costs............................................................. 72,611,521 74,396,099
----------------------------------------------------------------------------------------------------------------
Table of Contents
I. Introduction
II. Background
A. Legal Authority
B. FDA Initiatives on Third Parties
C. FDA's Use of Certifications for Food
D. External Recommendations on Third-Party Certification for
Food
E. FDA Standards for Assessing Capabilities of Food Safety
Systems
F. U.S. Government Policies on Consensus Standards and
Conformity Assessment
G. Industry Practices on Benchmarking Standards and Third-Party
Audits and Certification for Food and Food Facilities
III. FSMA Imports Public Meeting and Stakeholder Input
IV. Purpose and Description of the Proposed Rule
A. Proposed Revisions to Part 1, New Subpart
B. Proposed Revisions to Part 16
V. Analysis of Environmental Impact
VI. Federalism
VII. Comments
VIII. References
I. Introduction
Each year, about 48 million Americans (1 in 6) get sick, 128,000
are hospitalized, and 3,000 die from food-borne diseases, according to
recent estimates from the Centers for Disease Control and Prevention
(CDC). CDC food-borne illness outbreak data also show that an increased
number of outbreaks due to imported foods were reported during the most
recent years of surveillance. During 2005-2010, 39 outbreaks with 2,348
illnesses were reported where the implicated food was imported into the
United States, representing 1.5 percent of reported outbreaks during
that time. Of the 39 import-associated outbreaks, more were reported in
2009 and 2010 (n=6 and 8 outbreaks, respectively) than were reported in
each of the years between 2005 and 2008. A greater percentage of the
import-related outbreaks were multistate outbreaks as compared to the
overall percentage of multistate outbreaks reported (Ref. 1).\5\
---------------------------------------------------------------------------
\5\ The CDC abstract on Foodborne Disease Outbreaks Associated
with Food Imported Into the United States, 2005-2010 (Ref. 1)
discussed 23 reported outbreaks with 1,994 illnesses associated with
imported foods. These data were updated for a presentation at the
International Conference on Emerging Infectious Diseases, to reflect
the numbers discussed in this proposed rule.
---------------------------------------------------------------------------
President Obama signed FSMA (Pub. L.111-353) into law on January 4,
2011. FSMA enables us to better protect public health by helping to
ensure the safety and security of the U.S. food supply. The Web page
describing our FSMA implementation activities is at http://www.fda.gov/fsma.
Among other things, FSMA gave us important new tools to better
ensure the safety of imported foods, which constitute approximately 15
percent of the U.S. food supply (including 80 percent of our seafood,
50 percent of our fresh fruit, and 20 percent of our vegetables). We
place high priority on ensuring the accountability of importers to
verify the safety of food produced overseas and to establish a new
program for third-party auditing and certification of regulated foreign
food firms. (By way of background, third-party audits are conducted by
an entity independent of the audited firm or those who buy its
products. Second-party audits are conducted by buyers for their
suppliers and contractors or by one division within a firm of another
division within the same firm. First-party audits are internal audits a
firm conducts itself. This proposed regulation relates only to third-
party audits.)
In this document, we propose requirements for third-party auditors/
certification bodies choosing to become accredited to conduct food
safety audits and to issue food and facility certifications to eligible
foreign entities under this FDA program.
The preamble that follows provides background on the following: (1)
The FSMA requirement to establish an accredited third-party auditing
and
[[Page 45785]]
certification program for food and related FSMA provisions, (2) other
initiatives on third parties, (3) use of food certifications, (4)
recommendations from external stakeholders on third-party
certifications for food, (5) standards for assessing programs for
oversight of food safety, (6) U.S. government policies on consensus
standards and conformity assessment, and (7) industry programs for
benchmarking standards and for auditing and certification for food
facilities and their food. We seek comments on all aspects of this
proposal.
II. Background
A. Legal Authority
1. Accreditation of Third-Party Auditors/Certification Bodies
Section 307 of FSMA, Accreditation of Third-Party Auditors, amends
the FD&C Act (21 U.S.C. 384d) to create a new provision, section 808,
under the same name. Section 808(b)(1)(A) of the FD&C Act requires us
to establish a system, within 2 years of enactment, for the recognition
of accreditation bodies that accredit third-party auditors to conduct
food safety audits and to issue certifications for eligible foreign
food entities and their products.
Section 808(b)(1)(A)(ii) of the FD&C Act further authorizes us to
directly accredit third-party auditors if we have not identified and
recognized an accreditation body that meets the requirements of the
section within 2 years after establishing the system for recognition.
If those conditions are met, we may begin to directly accredit third-
party auditors.
Section 808(c)(5)(C) of the FD&C Act directs us to issue
implementing regulations for section 808 not later than 18 months after
enactment (i.e., by July 4, 2012). The regulations must require audits
to be unannounced and must contain protections against conflicts of
interest between accredited auditors (and their audit agents) and the
entities they audit or certify, including requirements on timing and
public disclosure of fees and appropriate limits on financial
affiliations. (21 U.S.C. 384d(c)(5)(C)(ii) and (c)(5)(C)(iii)). In
addition, the regulations must require audits to be unannounced (21
U.S.C. 384d(c)(5)(C)(i)).
Section 808(b)(2) of the FD&C Act contains an additional
requirement to develop model accreditation standards to qualify third-
party auditors for accreditation under this FDA program. The statute
describes the model accreditation standards in terms of requirements an
auditor must meet to qualify for accreditation. We are including in
this proposed rule a framework for the model accreditation standards.
We currently are developing the Model Accreditation Standards document,
which elaborates on the framework and details the qualifications
required for accreditation. We are considering existing international
standards and particularly the work of the International Organization
for Standardization Committee on conformity assessment (ISO/CASCO). For
example, we are considering minimum requirements for education and
experience of auditors/certification bodies. We plan to issue draft
model standards for public comment, before finalizing them.
2. Voluntary Qualified Importer Program
Facility certifications (as described in sections 806(a) and
808(c)(2) of the FD&C Act) will be used by FDA to help determine
whether a facility is eligible to be a facility from which food may be
offered for import under VQIP. The criteria and procedures for VQIP
participation are outside the scope of this rulemaking. FDA plans to
issue guidance on VQIP and will solicit public comment on VQIP at that
time.
3. Authority To Require Import Certifications for Food
Food certifications (as described in sections 801(q) and 808(c)(2)
of the FD&C Act) will be required to meet a condition for admitting a
food into the United States under section 801(a) of the FD&C Act, where
necessary based on our determination of the risk of the food.
Specifically, section 801(q) of the FD&C Act gives us express authority
to require such certification based on a determination that includes
the following factors:
The known safety risks associated with the food;
The known food safety risks associated with the country,
territory, or region of origin (area of origin) of the food;
A finding we make, supported by scientific, risk-based
evidence, that:
[cir] The food safety programs, systems, and standards in the area
of origin of the food are inadequate to ensure that the article of food
is as safe as a similar article of food that is manufactured,
processed, packed, or held in the United States, in accordance with the
requirements of the FD&C Act; and
[cir] The certification would assist us in determining whether to
refuse or admit the article of food into the United States; and
Information submitted to us, under section 801(q)(7) of
the FD&C Act, regarding improvements to a food safety program, system,
or standard we previously found inadequate and demonstrating that those
controls are adequate to ensure that an article of food is as safe as a
similar article of food that is manufactured, processed, packed, or
held in the United States under the requirements of the FD&C Act.
In addition to giving FDA authority to require food certifications,
section 801(q) of the FD&C Act grants FDA authority to require,
alternatively, ``such other assurance'' as FDA determines appropriate,
that the food complies with applicable requirements of the FD&C Act.
When making a determination on whether mandatory certification is
appropriate, we will consider the statutory factors in light of the
specific circumstances involved and will evaluate various types of
relevant information/evidence. We intend to exercise our authority
under section 801(q) of the FD&C Act judiciously and in conjunction
with our array of other available enforcement tools.
Section 801(q)(3) of the FD&C Act states the food certifications or
other assurances used for purposes of section 801(a) of the FD&C Act
may be issued by third-party auditors accredited under section 808 of
the FD&C Act or by the government of the country from which such food
originated, if we so designate (21 U.S.C. 381(q)(3)). The
certifications or other assurances may take the form of shipment-
specific certificates, a listing of certified facilities that
manufacture, process, pack, or hold such food, or in such other form as
we may specify.
Section 801(q) of the FD&C Act became effective upon enactment of
FSMA in 2011 and is expressly linked to the accreditation of third-
party auditors/certification bodies that is the subject of this
proposed rule.
4. Compliance With International Agreements
FSMA section 404 (21 U.S.C. 2252) states that nothing in the
statute should be construed in a manner ``inconsistent with'' the
agreement establishing the World Trade Organization (WTO) or any other
treaty or international agreement to which the United States is a
party.
FSMA was notified to the WTO on February 14, 2011 (G/SPS/N/USA/
2156) (Ref. 2), to provide information on the FD&C Act to WTO members.
The notification included an electronic mailbox link to receive
comments from members. Several comments have been received via the
mailbox. The comments
[[Page 45786]]
note a high degree of interest in FSMA implementation, particularly
with respect to how implementation will impact developing countries.
Third-party certification for food is recognized as increasingly
important for developing nations to gain market access for their
products. Several international development agencies are focusing
efforts in this area. The United Nations Industrial Development
Organization, for example, is supporting the development of conformity
assessment bodies and accreditation bodies in several developing
nations (Ref. 3). The U.S. Agency for International Development has
offered its assistance and support for developing nation governments to
take a more proactive role in accreditation services, standards
development, and institutional infrastructure to assist and protect
their nationals operating in international food markets (Ref. 4).
5. Other Provisions of the Federal Food, Drug, and Cosmetic Act
The authority for this proposed rule also derives from section
701(a) of the FD&C Act (21 U.S.C. 371(a)), which authorizes us to issue
regulations for the efficient enforcement of the FD&C Act. Regulations
for ensuring the competency and independence of recognized
accreditation bodies and of accredited third-party auditors/
certification bodies will help assure us of the validity and
reliability of certifications and other information resulting from the
food safety audits they conduct. We will accept certifications issued
by accredited third-party auditors/certification bodies for the two
purposes identified in section 808 of the FD&C Act: To establish
eligibility for VQIP participation; and to meet a condition of
admissibility for imported food subject to a mandatory certification
requirement. We also can use information from such audits for other
related purposes in enforcing the FD&C Act. For example, we propose to
allow importers to use reports of regulatory audits conducted by
accredited third-party auditors/certification bodies in meeting any
requirements for onsite audits of foreign suppliers, under the proposed
rule entitled, ``Foreign Supplier Verification Programs for Importers
of Food for Humans and Animals'' (FSVP), published elsewhere in this
issue of the Federal Register.
B. FDA Initiatives on Third Parties
1. Notice Requesting Comments on Third-Party Certification for Food and
Feed
In the Federal Register of April 2, 2008 (73 FR 17989), we issued a
notice (2008 notice) requesting comments on the benefits, obstacles,
and availability of third-party certification programs for food and
animal feed. At the time, an increasing number of retailers and food
services providers had begun to ask their foreign and domestic
suppliers to become certified to their buyers' requirements for safety
and quality. Suppliers (such as producers, comanufacturers, and
repackers) also were increasingly looking to third-party certification
programs as a means to verify compliance with U.S. regulatory
requirements, even without requirements from buyers.
In the 2008 notice, we asked questions about existing certification
programs and criteria, as well as obstacles and incentives for
participating in these voluntary programs. We received approximately 70
comments in response. The comments generally supported the use of
third-party certification programs and suggested that our
acknowledgment of such programs would provide additional incentives for
participation. Further discussion of the comments on the 2008 notice is
available in the ``Background'' section of the subsequently issued
draft ``Guidance for Industry on Voluntary Third-Party Certification
Programs for Foods and Feeds'' and is described in section II.B.2.
2. FDA Guidance on Third-Party Certification for Food and Feed
In the Federal Register of July 10, 2008 (73 FR 39704), we
announced the availability of the draft ``Guidance for Industry on
Voluntary Third-Party Certification Programs for Foods and Feeds.'' The
draft guidance describes the general attributes of a voluntary third-
party certification program needed to help ensure that certification is
a reliable verification that food from certified establishment meets
applicable requirements.
We finalized the guidance in January 2009, announcing its
availability in the Federal Register of January 16, 2009 (74 FR 3058)
(2009 Guidance) (Ref. 5). The 2009 Guidance describes the general
attributes we believe a third-party certification program should have
to give us confidence in the reliability of its certifications. It also
explains our vision, prior to FSMA enactment, of how we might use such
voluntary third-party certifications to assist in determining
inspection, field exam, and sampling priorities, as well as in making
admissibility decisions for imported food. We intend to withdraw the
2009 Guidance upon publication of a final rule for accredited third-
party certification.
3. Pilot Project on Third-Party Certification for Aquacultured Shrimp
In the Federal Register of July 10, 2008 (73 FR 39705), we
published a notice inviting third-party certification bodies to
participate in a pilot of voluntary third-party certification of
aquacultured shrimp (shrimp pilot). The goal of the shrimp pilot was to
gain knowledge and experience with third-party certification to assist
us in evaluating the utility and feasibility of using third-party
certification programs as part of our oversight of foreign food firms.
The pilot data indicate that having the appropriate FDA
infrastructure, including logistical and resource support, will be
critical to the success of any full-scale accredited third-party
certification program (Ref. 6). The role we played in the shrimp pilot
was analogous to the role traditionally played by an accreditation
body, monitoring the performance of certification bodies. The pilot
demonstrated to us that direct accreditation, in which we ourselves
accredit and provide direct oversight of a potentially unlimited number
of third-party certification bodies, would be costly and
administratively burdensome, though direct accreditation may be
appropriate in limited circumstances, as will be discussed in section
IV.A.8.
4. FDA Third-Party Program for Mammography
In developing this proposed rule, we reviewed other Agency third-
party programs, including the FDA program, required by the Mammography
Quality Standards Act of 1992 (Pub. L. 102-539) (as amended), to
approve accreditation bodies to evaluate and accredit mammography
facilities based upon quality standards. Only facilities that are
accredited by, or undergoing accreditation by, an accreditation body we
approved, may receive our certificates (or the certificates of a State
certifying agency we approved) to legally perform mammography (Ref. 7).
C. FDA's Use of Certifications for Food
For years, we have used certification as a tool for verifying that
imported foods comply with our food safety requirements and reducing
the need for
[[Page 45787]]
us to sample at entry. Since the late 1980s, for example, the Export
Inspection Council of the Indian Ministry of Commerce has sampled,
analyzed, and issued certificates of conformance for lots of black
pepper exported directly to the United States. Indian black pepper
shipments accompanied by such certifications are not subject to
detention without physical examination under FDA Import Alert 28-02
(Ref. 8). Under Memoranda of Understanding (MOUs) with several foreign
governments, we rely upon certifications that caseins and caseinates,
and mixtures thereof, to be exported to the United States are in
compliance with our requirements, which are intended to minimize the
need for us to extensively sample certified products (Ref. 9). These
are but a few examples of the ways we rely on certifications as a means
to help assure that an article of food complies with our requirements
and to minimize the need for extensive sampling at entry.
D. External Recommendations on Third-Party Certification for Food
In September 2012, the Government Accountability Office (GAO)
issued a report discussing possible challenges associated with
establishing and administering the accredited third-party certification
program, including: offering incentives to encourage participation;
meeting challenges associated with creating a new program; addressing
stakeholder concerns; and conducting oversight of the program, once
established (Ref. 10). We believe this proposed rule addresses the
relevant challenges identified by GAO.
In June 2010, a committee of experts convened by the Institute of
Medicine and the National Research Council (IOM/NRC committee) released
a report examining gaps in public health protection afforded by the
farm-to-table food safety system under our purview and identifying
opportunities to fill those gaps (Ref. 11). The IOM/NRC committee
concluded that we need to address barriers to improving the efficiency
of inspections by, among other things, exploring third-party auditing
of food facilities as an alternative model for measuring compliance.
The IOM/NRC committee's report specifically recommended that we
consider the implications of accepting inspection data from third-party
auditors inspecting facilities for compliance with food safety
regulatory requirements. The IOM/NRC report also stated that, if we use
this approach, we should set minimum standards for such auditors and
audits, with oversight and implementation being assigned to an
accreditation and standards body.
E. FDA Standards for Assessing Capabilities of Food Safety Systems
In developing the framework for recognition of accreditation bodies
and accreditation of third-party auditors required by section 808 of
the FD&C Act, we looked at our existing standards for assessing the
capabilities of food safety systems at the State level, through the
Manufactured Foods Regulatory Program Standards (MFRPS) (Ref. 12). The
MFRPS establish a uniform foundation for the design and management of
high-quality State regulatory programs for food manufacturers, focusing
on ten key areas: (1) Regulatory foundation; (2) inspector training
program; (3) risk-based inspection program; (4) audits of the
inspection program; (5) protocols for food-related illnesses,
outbreaks, and response; (6) compliance and enforcement program; (7)
industry and other stakeholder relations; (8) program resources; (9)
program assessment; and (10) laboratory support.
We also considered a FDA-New Zealand pilot project for assessing
food safety systems, authority, oversight and monitoring that was
discussed at a public hearing in March 2011 (Ref. 13). We found
particularly useful the draft FDA International Comparability
Assessment Tool (ICAT) used in reviewing New Zealand's food safety
regulatory system to determine if it provides a similar set of
protections to that of FDA (Ref. 14). Following the successful
completion of the New Zealand comparability pilot, in late 2012 FDA
launched a bilateral pilot project with the Canadian Food Inspection
Agency (CFIA) on systems recognition (previously known as
comparability), sharing FDA's draft ICAT as a guide for the systems
recognition process. FDA and CFIA currently are finalizing their
respective systems recognition reviews.
F. U.S. Government Policies on Consensus Standards and Conformity
Assessment
Implementation of section 808 of the FD&C Act occurs against the
backdrop of the broader Federal policies on consensus standards and
conformity assessment under the National Technology Transfer and
Advancement Act of 1995 (NTTAA) (Public Law 104-113).
The NTTAA, together with the Office of Management and Budget (OMB)
Circular A-119, revised February 10, 1998 (Ref. 15), directs Federal
Agencies to use voluntary consensus standards in lieu of government-
unique standards except where inconsistent with law or otherwise
impractical. OMB Circular A-119 states that the use of voluntary
standards, whenever practicable and appropriate, is intended to
eliminate the cost to government of developing its own standards and
decrease the cost of goods procured and the burden of complying with
Agency regulation; provide incentives and opportunities to establish
standards that serve national needs; encourage long-term growth for
U.S. enterprises and promote efficiency and economic competition
through harmonization of standards; and further the policy of reliance
upon the private sector to supply government needs for goods and
services.
In addition, the U.S. Government has issued a National Standards
Policy and Federal guidance on conformity assessment activities (which
are defined as activities concerned with determining directly or
indirectly that requirements for products, services, systems, and
organizations are fulfilled) (15 CFR 287.2).
As directed by OMB in Circular A-119 (Ref. 15), the National
Institute of Standards and Technology (NIST), in the Federal Register
of August 10, 2000 (65 FR 48894), issued policy guidance on Federal
conformity assessment activities (Federal conformity assessment
guidance) (codified at 15 CFR part 287). The guidance applies to all
Federal Agencies that set policy for, manage, operate, or use
conformity assessment activities or results, domestically and
internationally (except for activities conducted pursuant to treaties)
and is intended to eliminate unnecessary duplication and complexity in
conformity assessment requirements. (We note that OMB has announced it
is currently revising Circular A-119, and NIST is revising the Federal
conformity assessment guidance (Ref. 16)).
The current Federal conformity assessment guidance provides for
Federal Agencies to use, where appropriate, relevant guides or
standards for conformity assessment \6\ practices from domestic and
international standardizing bodies such as the Codex Alimentarius
Commission (Codex),\7\ the International Organization
[[Page 45788]]
for Standardization (ISO)/International Electrotechnical Commission
(IEC),\8\ and the American National Standards Institute (ANSI). The
guidance also notes that each Agency retains the responsibility, and
authority, to select the conformity assessment activities and
procedures (e.g., guides and standards) that will best meet its
legislative mandates and programmatic objectives (15 CFR part 287).
---------------------------------------------------------------------------
\6\ ISO/IEC 17000:2004, Conformity assessment--Vocabulary and
general principles (Ref. 17) defines ``conformity assessment'' as
``demonstration that specified requirements relating to a product,
process, systems, person or body are fulfilled.
\7\ The Codex Alimentarius Commission, established by Food and
Agriculture Organization of the United Nations (FAO) and the World
Health Organization (WHO) in 1963 develops harmonized international
food standards, guidelines and codes of practice to protect the
health of the consumers and ensure fair trade practices in the food
trade. The Commission also promotes coordination of all food
standards work undertaken by international governmental and non-
governmental organizations. See, http://www.codexalimentarius.org/codex-home/en/.
\8\ ISO is a voluntary, consensus, standards developer with
standards covering many aspects of technology and business,
including food safety. See, http://www.iso.org/iso/home/about.htm.
---------------------------------------------------------------------------
In developing this proposed rule, we considered several voluntary
consensus standards, specifically ISO/IEC 17000: 2004, Conformity
assessment--Vocabulary and general principles (Ref. 17) and ISO/IEC
17011: 2004, Conformity assessment--General requirements for
accreditation bodies accrediting conformity assessment bodies (Ref.
18), which contains the following major elements: (1) Legal
responsibility, structure, and impartiality; (2) management systems,
including records, internal audits, nonconformities, and corrective
actions; (3) personnel associated with the accreditation body,
personnel associated with the accreditation process, and monitoring
performance assessments of accreditation personnel; (4) the
accreditation process; and (5) and roles and responsibilities of the
accreditation body and the certification body. We will address elements
of ISO/IEC 17011: 2004 that are relevant to this rule in our discussion
of the proposed requirements for accreditation bodies in section IV.A.2
through IV.A.4.
In addition, we considered other ISO/IEC 17021: 2011, Conformity
assessment--Requirements for bodies providing audit and certification
of management systems (Ref. 19), which contains similar requirements
for bodies auditing management systems: (1) Legal matters and
contractual matters; (2) impartiality; (3) structural requirements; (4)
resource requirements, including competence of management and
personnel; (5) monitoring and surveillance; (6) internal audits; and
(7) records.
We also considered ISO/IEC Guide 65: 1996, General requirements for
bodies operating product certification systems (Ref. 20).\9\ ISO also
has issued the 22000 series of standards for food safety management
systems, including ISO/TS 22003: 2007, Food safety management systems--
Requirements for bodies providing audit and certification of food
safety management systems (Ref. 21).\10\
---------------------------------------------------------------------------
\9\ Subsequently, ISO/IEC Guide 65:1994 (Ref. 20) was updated
and incorporated into ISO/IEC 17065.
\10\ This series includes standards the food industry uses in
establishing and maintaining its food safety management systems and
also the standards that auditors/certification bodies use in
assessing those systems.
---------------------------------------------------------------------------
These standards are among the relevant information we used in
developing this proposed rule. We do not propose to incorporate these
standards by reference into our regulations, because they contain
additional requirements that are not relevant to our program and might
unnecessarily create disincentives to participation. A copy of each of
these ISO standards has been placed in the docket for this rulemaking
and is made available at the Division of Dockets Management at address
listed in the ADDRESSES section of this document. The standards also
are available electronically by purchase from ISO, at http://www.iso.org.
As described more fully in section III, we developed this proposed
rule having received information and input from a broad range of
stakeholders that included public and private members of the standards
community. We met with representatives of other U.S. Government
agencies and foreign governments and participated in listening sessions
requested by stakeholders wishing to share their views on section 808
of the FD&C Act.
We believe the proposal aligns with the NTTAA, the National
Standards Policy, and current versions of OMB Circular A-119 (Ref. 15)
and the Federal conformity assessment guidance (15 CFR part 287), in
relying upon the principles of voluntary consensus standards currently
used globally and domestically by the food industry, the international
standards community, and conformity assessment bodies.
Under the guidance at 15 CFR 287.4(b), we seek comment on the
rationale for the conformity assessment decisions we have made in
developing this proposal. In particular, we seek comment on whether the
voluntary consensus standards we cite are the appropriate standards
upon which to base this rulemaking. If alternative standards are
suggested, we request that copies of any such standards be submitted
along with the comment(s).
G. Industry Practices on Benchmarking Standards and Third-Party Audits
and Certification for Food and Food Facilities
As a result of consolidation within the food industry and the
globalization of the marketplace, coupled with some high-profile food
safety incidents, many food retailers and food service providers began
to require their suppliers to be audited against their standards (more
commonly known as ``buyer requirements'') (Ref. 11). Some of these
supplier audits were conducted by auditors/certification bodies
employed by, or acting as agents of, buyers. Other auditors were third
parties, independent of both buyers and suppliers.
As buyers increasingly relied on audits to assess compliance with
their safety requirements, more and more suppliers began to face
multiple food safety audits. The proliferation of buyers' requirements
created inefficiencies that ultimately spurred several efforts to
harmonize audits. These include the Global Food Safety Initiative
(GFSI), which was established in 2000 by a group of international
retailers (Ref. 22). GFSI benchmarks food safety schemes \11\ against a
harmonized set of key elements for food safety and management systems.
GFSI's benchmarking guidance (Ref. 23), and indeed many of the food
safety schemes it benchmarks, use Codex as their foundational
standards.
---------------------------------------------------------------------------
\11\ A food safety scheme generally includes the food safety
standard against which a food facility is assessed and the
management system associated with the standard.
---------------------------------------------------------------------------
GFSI's benchmarking assesses a scheme's food safety standards and
the governance and management structure of the food safety scheme
owner, such as technical competence, safeguards against conflicts of
interest, and procedures for accreditation bodies to oversee the
certification bodies that audit and issue certifications under the food
safety scheme (Ref. 23). For example, the U.S.-based American National
Standards Institute (ANSI) currently provides accreditation services
for three GFSI-benchmarked food safety schemes: The Food Marketing
Institute's Safe Quality Food Initiative scheme, the British Retail
Consortium scheme, and the Global GAP scheme (Ref. 24). As is discussed
in the Preliminary Regulatory Impact Analysis (Ref. 25) for this
proposed rule, dozens of accreditation bodies worldwide accredit
certification bodies to conduct food safety audits. Both large and
small suppliers are increasingly relying on third-party audits and
certification as a means to ensure
[[Page 45789]]
market access for their food products. In addition, domestic and
foreign suppliers (such as producers, comanufacturers, or repackers)
are increasingly looking to third-party certification programs to
assist them in verifying that their facilities and food meet applicable
food safety standards, whether private food safety schemes such as
those benchmarked by GFSI or public standards such as the FD&C Act
requirements, which are the relevant standards for purposes of the FDA
accredited third-party audit and certification program. The Federal
Government recognizes that rigorous voluntary certification programs
can provide assurance that products meet U.S. requirements. Currently,
private food and facility certifications are frequently used but can
result in duplicate audits and certifications. Under this proposal, FDA
will oversee a certification program that will, we believe, create
efficiencies by reducing the number of redundant food safety audits and
by allowing us to better target resources for verifying compliance with
applicable requirements.
III. FSMA Imports Public Meeting and Stakeholder Input
Since enactment of FSMA, we have reached out to stakeholders in the
food industry, the international community, standards organizations,
accreditation and certification bodies, consumer groups, government
agencies, and other interested parties to gain input and perspective on
how best to implement FSMA. Among those activities, on March 29, 2011,
we held a public meeting with stakeholders to discuss the
implementation of the FSMA import safety provisions, including section
808 of the FD&C Act on accredited third-party certification. For
additional information about this public meeting, including the agenda,
transcripts, and an archived webcast, see http://www.fda.gov/Food/FoodSafety/FSMA/ucm249257.htm.
In conjunction with the public meeting, we opened a public docket,
with notice in the Federal Register of March 14, 2011 (76 FR 13643),
soliciting comments on implementation of section 808 of the FD&C Act
and other import provisions added or amended by FSMA. We received
several comments on accredited third-party certification, from a
variety of stakeholders including a foreign authority (1); trade
associations (11); auditors/certification bodies and a laboratory (4);
consumer groups (3); other non-profits (1); and an individual (1). Some
common themes emerged, including comments on using existing systems as
a model; considering impacts on small and medium-sized businesses;
requiring notification of conditions that could cause or contribute to
a serious risk to public health; ensuring auditor competency; and
preventing conflicts of interest. This docket (FDA-2011-N-0146) is
available electronically at http://www.regulations.gov, or at the
Division of Dockets Management (see ADDRESSES).
In addition to attending the public meeting, several stakeholders
requested meetings to discuss their current programs and to share their
views and recommendations for implementing section 808 of the FD&C Act.
These stakeholders represented a broad range of interests, including
consumer groups, trade associations, auditors/certification bodies and
laboratories. We also met with representatives of foreign governments,
as part of ongoing outreach and collaboration with foreign regulatory
partners. Topics for these meetings included the statutory requirements
for accreditation of third-party auditors, including FDA's authority to
directly accredit third-party auditors/certification bodies; \12\
voluntary consensus standards and industry practices on accreditation,
auditing, and certification; and international considerations.
Additionally, we note that FDA representatives have been invited to
attend meetings, hosted by stakeholders, which included discussions of
third-party audits and certifications.
---------------------------------------------------------------------------
\12\ The docket for this rulemaking contains, as background
material, a letter from Caroline Smith DeWaal of the Center for
Science in the Public Interest, which was received after the docket
for the public meeting closed and before issuance of this proposed
rule. The letter offers an analysis of FDA's authority for direct
accreditation.
---------------------------------------------------------------------------
The input and perspectives gained through each of these
interactions helped shape this proposed rule. We have identified some
common themes from these interactions. Most stakeholders expressed
significant concerns regarding existing capacity of third-party food
safety auditors/certification bodies and, for some stakeholders, the
degree of competency demonstrated by the available cadre of auditors/
certification bodies. We recognize that the credibility of the new
third-party program rests largely on the quality of the auditing and
certification work performed by accredited third-party auditors/
certification bodies and have attempted to address those concerns in
this rulemaking.
In other areas, stakeholders' interests diverged. For example,
consumer groups expressed a strong interest in transparency of the
program, including public disclosure of audit reports. Current industry
practice is to maintain the confidentiality of audit reports except to
the extent that the audited firm waives confidentiality or where
otherwise required by law. Industry also has expressed concern about
the statutory requirement for accredited auditors to notify us of
conditions in an audited firm that could cause or contribute to a
serious risk to the public health. Some in industry have taken the
position that stringent disclosure and transparency requirements may
dissuade food firms from using third-party auditors/certification
bodies accredited under our program.
As an initial matter, we note that we are bound to implement FSMA
as enacted and to comply with all other applicable disclosure laws
(e.g., the Freedom of Information Act (FOIA)) (5 U.S.C. 552). Within
that legal framework, we have balanced the following competing public
interests: (1) Providing as much information to the public as possible
about audits of foreign food entities and the performance of accredited
auditors/certification bodies, so that individuals may assess the
performance and credibility of the accredited third-party audits and
certification program; (2) protecting the proprietary interests of food
entities related to their trade secrets and confidential commercial
information to the extent allowable by statute, as well concerns about
public release of sensitive information that would not otherwise be
publicly available; and (3) protecting the public health by being able
to attract sufficient numbers of foreign food entities, third-party
auditors/certification bodies, and accreditation bodies to make the
program cost-effective and otherwise successful.
To gain credibility with consumers and address industry views on
sensitive information, this proposed rule seeks to balance disclosure
and confidentiality concerns. It reflects our views on how best to
strike the balance between these and other competing interests. We
believe this proposal reflects the intent of section 808 of the FD&C
Act and the purpose of the law, offering a practical, flexible, and
effective approach to the accredited third-party audits and
certification program. We seek comment on the framework this proposed
rule would create for recognition of accreditation bodies and
accreditation of third-party auditors/certification bodies, how it
aligns with existing voluntary industry programs, and what expectations
consumers have for the ability of this program to help us ensure the
safety of imported food.
[[Page 45790]]
In addition, we invite comments on possible effects of the creation
of an FDA program for accredited third-party audits and certification.
We are particularly interested in receiving comments and data on the
availability of competent auditors/certification bodies to participate
in our program or about the likelihood of entities being able to scale-
up their capacity to participate in our program and to serve demand
outside the scope of our program. We understand from public comments
and stakeholder meetings that industry and the conformity assessment
community have concerns about access to sufficient numbers of qualified
third-party auditors/certification bodies under current conditions. We
also understand that some industry leaders have developed various
strategies and plans for increasing auditor capacity. We request
comments and information on the progress of these efforts and the
impact the establishment of our program will have on accelerating these
efforts. Given that this program is for food and facility
certifications only for purposes of mandatory certification and VQIP
eligibility under sections 801(q) and 806 of the FD&C Act
(respectively), what effect, if any, do stakeholders anticipate this
program will have on current capacity issues?
We also request stakeholder input on any possible trade impacts of
the program, once established. What effect might this program have on
the existing issues with auditor capacity? Will it affect foreign or
domestic food firms' ability to provide certifications to their
customers? If so, are foreign and domestic firms likely to be affected
in the same manner and to the same degree? If not, what are the likely
impacts to each? Are there particular types of food firms or food
products, or certain areas of the world in which capacity issues are
more likely to be prevalent and to what degree? Are there other factors
impacting the availability of competent auditors? Are there any
solutions or approaches that might be practical and appropriate for
FDA, as a regulatory Agency, to use in addressing auditor capacity
issues within the accredited third-party audits and certification
program?
We encourage stakeholders to consider and comment on this proposed
rule and the various interests at stake in this rulemaking, with
recommendations about the proper balance of competing interests.
IV. Purpose and Description of the Proposed Rule
In section 808 of the FD&C Act, Congress directed us to establish
an accredited third-party audits and certification program that
leverages the work of existing private sector audit programs and
efforts, while requiring measures to better ensure audit rigor and
objectivity. We believe this proposed rule, coupled with our oversight
of the program, will help ensure the competence and independence of
third-party auditors/certification bodies who conduct foreign food
safety audits. It also will help ensure the reliability of
certifications issued by third-party auditors/certification bodies that
we may use in making certain decisions relating to imported food.
Having comprehensive oversight of a credible and reliable program
for third-party audits and certifications of foreign food facilities
will help us prevent potentially harmful food from reaching U.S.
consumers and thereby improve the safety of the U.S. food supply. As
explained previously, we believe this new program will draw a
significant number of participants and will be broadly accepted by
industry. Currently, buyers seeking to import regulated product from a
foreign food facility often require food safety audits that are
conducted under varying audit criteria. By establishing a trusted
program for third-party audits and certification of foreign food
facilities that operates under public oversight, we expect that the
number of redundant food safety audits performed to assess compliance
with the FD&C Act will be reduced, which, in turn, will increase
efficiency and reduce costs to industry. Our estimates relating to
reductions in redundant audits are addressed more fully in the
Preliminary Regulatory Impact Analysis (Ref. 25).
More broadly, we think that by capitalizing on private sector food
safety efforts and linking them to the public assurance system,
accredited third-party certification can help transform the way we
ensure the safety of globally traded food that is consumed in the
United States. In our vision of the future, we do not see third-party
audits replacing public oversight, but rather helping us ensure that we
make the best, most efficient use of both public and private resources
to produce a safe food supply.
We are proposing requirements that would apply to several different
types of entities--i.e., accreditation bodies, third-party auditors/
certification bodies, and eligible entities--and an option for
importers as well. We are organizing this proposed rule by those
categories, with specific requirements for accreditation bodies
(proposed Sec. Sec. 1.610 through 1.636), third-party auditors/
certification bodies (proposed Sec. Sec. 1.640 through 1.672),
eligible entities (proposed Sec. Sec. 1.680 and 1.681), and importers
(proposed Sec. 1.698). Provisions of general applicability appear in
proposed Sec. Sec. 1.600 and 1.601 (definitions and scope), Sec.
1.690 (publicly available information), Sec. Sec. 1.691 through 1.693
(challenges to FDA decisions).
Accordingly, we are proposing to amend our regulations in parts 1
and 16 (21 CFR parts 1 and 16) to implement FSMA section 307, which
adds section 808 to the FD&C Act and is codified at 21 U.S.C. 384d. We
are proposing to add new subpart M to part 1 and to amend existing part
16 (21 CFR part 16) as follows:
A. Proposed Revisions to Part 1, New Subpart
1. Definitions and Scope
a. What definitions apply to this subpart? (Proposed Sec. 1.600).
Proposed Sec. 1.600 contains definitions of several terms used in this
rule. Where possible, we propose to rely on existing statutory and
regulatory definitions. Where necessary to provide clarity to this
rule, we have developed some additional definitions that align with
existing law and regulations, as well as current practices of the
international community, accreditation and certification bodies, and
the food industry.
Proposed Sec. 1.600(a) and (b) state that definitions contained in
section 201 of the FD&C Act (21 U.S.C. 321) will apply to this rule,
except as those terms are otherwise defined in paragraph (c). Because
``food'' is defined in section 201(f) of the FD&C Act, but not in
proposed Sec. 1.600(c), the definition of ``food'' that we propose to
apply to this rule is the definition of ``food'' appearing in section
201(f). Examples of ``food'' under this proposed definition would
include, but not be limited to, fruits, vegetables, fish, dairy
products, eggs, raw agricultural commodities for use as food or
components of food, animal feed (including pet food), food and feed
ingredients and additives (including substances that migrate into food
from packaging and other articles that contact food), dietary
supplements and dietary ingredients, infant formula, beverages
(including bottled water), live food animals, bakery goods, snack
foods, candy, and canned food. (See, e.g., 21 CFR 1.377. See also the
discussion of proposed Sec. 1.601(d)
[[Page 45791]]
regarding a limited exemption for alcoholic beverages and prepackaged
foods from certain facilities.)
``Accreditation'' means a determination by a recognized
accreditation body, or by FDA in the case of direct accreditation, that
a third-party auditor/certification body is competent to perform the
activities required of an accredited auditor/certification body for the
purposes of this rule. In developing this definition, we considered
international standards on accreditation, including ISO/IEC 17011:2004
(Ref. 18), which defines accreditation as an attestation ``conveying
formal demonstration'' of a conformity assessment body's competence to
carry out specific conformity assessment tasks.
``Accreditation body'' means an authority that performs
accreditation of third-party auditors/certification bodies. This
definition is already in use in section 808(a) of the FD&C Act and is
consistent with international standards, such as ISO/IEC 17011:2004
(Ref. 18), which defines ``accreditation body'' as an ``authoritative
body'' that conducts accreditation.
``Accredited auditor/certification body'' means a third-party
auditor/certification body that a recognized accreditation body (or, in
the case of direct accreditation, FDA) has determined meets the
applicable requirements of this subpart and is authorized to conduct
food safety audits and to issue food or facility certifications to
eligible entities. This definition reflects the statutory definitions
of ``accredited third party auditor'' and ``third party auditor'' and a
common understanding of the activities to be performed under this
program.
``Audit'' means:
1. With respect to an accreditation body, the systematic,
independent, and documented examination (through observation,
investigation, and records review) by FDA to assess the accreditation
body's authority, qualifications (including its expertise and training
programs), and resources; its procedures for quality assurance,
conflicts of interest, and records; its performance in accreditation
activities; and its capability to meet the applicable requirements of
this subpart.
2. With respect to a third-party auditor/certification body, the
systematic, independent, and documented examination (through
observation, investigation, and records review) by a recognized
accreditation body (or, in the case of direct accreditation, FDA) to
assess the third-party auditor's/certification body's authority,
qualifications (including its expertise and training programs), and
resources; its procedures for quality assurance, conflicts of interest,
and records; its performance in auditing and certification activities;
and its capability to meet the applicable requirements of this subpart;
and
3. With respect to an eligible entity, the systematic, independent,
and documented examination (through observation, investigation, records
review, and as appropriate, sampling and laboratory analysis) by an
accredited auditor/certification body to assess the entity, its
facility, system(s), and food for the purpose of determining whether
the food or facility of the eligible entity is in compliance with the
FD&C Act (which includes, where applicable, an assessment of the
entity's preventative controls, sanitation, monitoring, verification,
corrective actions, and recalls) and, for consultative audits, also
includes an assessment of compliance with applicable industry standards
and practices.
The term describes the nature and scope of activities involved in
the various types of audits and assessments that will be conducted
under this program. We incorporated relevant language from the
definitions of consultative audit and regulatory audit in section
808(a)(5) and (a)(7) of the FD&C Act and language specific to the
requirements used in audits and assessments of accreditation bodies,
third-party auditors/certification bodies, and eligible entities.
We considered our 2009 guidance (Ref. 5) and the descriptions of
audit activities under our MFRPS (Ref. 12). We also examined usage in
international standards, such as the Codex Principles for Food Import
and Export Certification (CAC/GL 20-1995) (Ref. 26), which define
``audit'' as a ``systematic and functionally independent examination to
determine whether activities and related results comply with planned
objectives.'' Additionally, we looked at ISO/IEC 17000:2004 (Ref. 17),
which defines ``audit'' as a ``systematic, independent, documented
process for obtaining records, statements of fact or other relevant
information and assessing them objectively to determine the extent to
which specified requirements are fulfilled.''
``Audit agent'' means an individual who is an employee or other
agent of an accredited auditor/certification body who, although not
individually accredited, is qualified to conduct food safety audits on
behalf of an accredited auditor/certification body. An audit agent
includes a contractor of the accredited auditor/certification body.
The term is based on section 808(a)(1) of the FD&C Act, which
defines ``audit agent'' as an employee or agent of an accredited
auditor[/certification body] who is qualified to conduct food safety
audits on its behalf. In the definition, we clarify that contractors
who are authorized to act for, and under the direction of, the
accredited auditor/certification body are allowed to serve as an audit
agents.
``Certification body'' means a foreign government, agency of a
foreign government, foreign cooperative, or any other third party that
is eligible to be considered for accreditation to conduct food safety
audits and to certify that eligible entities meet the requirements of
the FD&C Act. A certification body may be a single individual or an
organization. A certification body may use audit agents to conduct food
safety audits. Certification Body has the same meaning as Third-Party
Auditor as that term is defined in section 808 of the FD&C Act and in
this subpart.
This definition emphasizes the role of ``third-party auditors,''
under section 808 of the FD&C Act, in issuing facility certifications
that importers must use to establish eligibility for VQIP participation
and food certifications that may be required to satisfy a condition of
admissibility for an imported food we determine poses a safety risk
under section 801(q) of the FD&C Act.
In developing the definition of ``certification body,'' we looked
at the definition of ``third-party auditor'' in section 808(a)(3) of
the FD&C Act, as well as terminology used by the international
community and the food industry. For example, ISO/IEC 17000:2004 (Ref.
17) explains that a ``certification system'' is a conformity assessment
system that includes ``selection, determination, review and finally
certification as the attestation activity'. See also, ISO/IEC Guide
65:1996 (Ref. 20) and ISO/IEC 17021: 2011 (Ref. 19). The term
``certification body'' also is used by those in the food industry who
currently rely on audits and certifications as part of their business
practices. We believe this proposed language more clearly explains the
role of accredited auditors/certification bodies and the requirements
for issuance of certification under this program.
``Consultative audit'' means an audit of an eligible entity:
1. To determine whether such entity is in compliance with
applicable requirements of the FD&C Act and industry standards and
practices; and
[[Page 45792]]
2. The results of which are for internal purposes only and cannot
be used to determine eligibility for a food or facility certification
issued under this subpart or in meeting the requirements for an onsite
audit of a foreign supplier under subpart L of this part.
This reflects the definition of ``consultative audit'' in section
808(a)(5) of the FD&C Act and emphasizes that the results of a
consultative audit cannot be used in lieu of a regulatory audit to meet
the criteria for issuance of food or facility certification under
section 808(c)(2)(C) of the FD&C Act. It also incorporates language
from proposed Sec. 1.698, which would allow only reports of regulatory
audits to be used by importers in meeting proposed verification
requirements under the Foreign Supplier Verification Rule (FSVP) (to be
codified in 21 CFR, part 1, subpart L).
``Direct accreditation'' means accreditation of a third-party
auditor/certification body by FDA and is a term used in section
808(b)(1)(A)(ii) of the FD&C Act when describing FDA accreditation of
third-party auditors/certification bodies, without the involvement of a
recognized accreditation body. The distinction between direct
accreditation and accreditation by an FDA-recognized accreditation body
is relevant for some provisions of this rule. For example, under
proposed Sec. 1.656(b), a directly accredited auditor/certification
body must send its annual self-assessment reports to FDA, while an
auditor/certification body accredited by a recognized accreditation
body must submit its annual self-assessment reports to the
accreditation body, who is responsible for monitoring and ensuring its
accredited auditors/certification bodies take timely and effective
corrective actions, where necessary. FDA will access the accredited
auditor/certification body self-assessments in monitoring recognized
accreditation bodies and in conducting the periodic monitoring required
by section 808(f)(2) of the FD&C Act. This definition will help
accredited auditors/certification bodies determine which requirements
apply to them.
``Eligible entity'' means a foreign entity that chooses to be
subject to a food safety audit by an accredited auditor/certification
body. Eligible entities include foreign facilities subject to the
registration requirements of 21 CFR part 1, subpart H. The definition
of ``eligible entity'' corresponds to section 808(a)(6) of the FD&C
Act, which defines ``eligible entity'' as including (and thus not
limited to) foreign facilities subject to the registration requirements
of section 415 of the FD&C Act (21 U.S.C. 350d).
We seek comment on whether to provide examples of specific types of
entities that may meet the definition of eligible entity. For example,
are foreign cooperatives \13\ that aggregate product, such as fruits or
vegetables, the types of entities that should be able to seek audits
and certification under this program? We note that the National Organic
Program (NOP) administered by the U.S. Department of Agriculture's
(USDA's) Agricultural Marketing Service (AMS), allows producers who are
located in geographic proximity, who are organized under a single
management and marketing system and whose farms are ``uniform in most
ways'' to be certified as a group (Ref. 27).\14\ We seek comment on
whether these NOP criteria are relevant in determining whether a
foreign cooperative is an ``eligible entity'' under this proposed rule,
Are there other types of foreign entities or facilities that should be
eligible to seek audits and certification under the FDA program?
---------------------------------------------------------------------------
\13\ Under section 808 of the FD&C Act, foreign cooperatives are
among the types of groups that are eligible to seek accreditation as
third-party auditors, provided that they meet the standards and
requirements for accreditation (e.g., for conflicts of interest).
\14\ Per USDA, grower group certifications have historically
been used for the certification of cooperatives located in
geographical proximity, whose crops are marketed collectively.
Primary crops produced by grower groups include coffee, cocoa, tea,
spices, and tropical fruits (Ref. 27).
---------------------------------------------------------------------------
``Facility'' means any structure, or structures of an eligible
entity under one ownership at one general physical location, or, in the
case of a mobile facility, traveling to multiple locations, that
manufactures/processes, packs, or holds food for consumption in the
United States. Transport vehicles are not facilities if they hold food
only in the usual course of business as carriers. A facility may
consist of one or more contiguous structures, and a single building may
house more than one distinct facility if the facilities are under
separate ownership. The private residence of an individual is not a
facility. Non-bottled water drinking water collection and distribution
establishments and their structures are not facilities. This same
definition of ``facility'' appears in subpart H (21 CFR 1.227(b)(2)).
``Facility certification'' means an attestation, issued for
purposes of section 806 of the FD&C Act by an accredited auditor/
certification body, after conducting a regulatory audit and any other
activities necessary to establish that a facility meets the applicable
requirements of the FD&C Act.
``Food certification'' means an attestation, issued for purposes of
section 801(q) of the FD&C Act by an accredited auditor/certification
body, after conducting a regulatory audit and any other activities
necessary to establish that a food meets the applicable requirements of
the FD&C Act.
These definitions reflect the requirements for, and purpose of,
certification as described in section 808(c)(2)(B) and (c)(2)(C) of the
FD&C Act, referencing sections 801(q) (food certification) and 806
(facility certification) of the FD&C Act. Food and facility
certifications are the two types of certifications authorized by
section 808 of the FD&C Act. Further, the food and facility
certification definitions emphasize that certification is an
attestation \15\ by the accredited third-party auditor/certification
body that it has: (1) Conducted a regulatory audit (and any other
activities necessary to establish compliance); (2) verified that the
specified criteria have been met; and (3) determined, based on the
results of those activities, that food or facility certification under
this program is appropriate.
---------------------------------------------------------------------------
\15\ We propose to use the word ``attestation'' in Sec. 1.600
to characterize the nature of the statement that certification
represents. This is the term used in ISO/IEC 17000:2004 (Ref. 20)
and also is the term we use when characterizing the nature of our
export certifications (Ref. 28). We believe that ``attestation'' is
similar to ``assurance,'' which is the term used in Codex CAC/GL 20-
1995 (Ref. 27).
---------------------------------------------------------------------------
Codex CAC/GL 20-1995 (Ref. 26) defines ``certification'' as the
procedure by which certification bodies provide ``written or equivalent
assurance that foods or food control systems conform to requirements.''
ISO/IEC 17000:2004 (Ref. 17) describes certification as an
``attestation'' related to products, processes, systems, or
persons.\16\
---------------------------------------------------------------------------
\16\ We are not defining ``facility certification'' or ``food
certification'' as an ``approval'' by an accredited auditor/
certification body or by (or on behalf of) FDA, nor do we intend for
it to be interpreted as such. Among other reasons, we do not have
preapproval authority for food, except for certain additives that
are required by law to have our approval prior to marketing.
Moreover, neither Codex CAC/GL 20-1995 (Ref. 27), nor ISO/IEC
17000:2004 (Ref. 20) uses the term ``approval'' in defining
``certification.''
---------------------------------------------------------------------------
We seek comment on our proposed definitions of ``facility
certification'' and ``food certification'' and on whether the scope of
these definitions is sufficiently broad to fulfill the objectives of
section 808 of the FD&C Act. In addition, we seek comment on whether to
allow groups meeting the NOP criteria (i.e., having multiple sites
operating under a single management system and whose
[[Page 45793]]
farms are ``uniform in most ways,'' to be issued (group) food
certifications, facility certifications, or both.
``Food safety audit'' means a regulatory audit or a consultative
audit by an accredited auditor/certification body under this program.
This term is used throughout section 808 of the FD&C Act, including in
the definitions of ``audit agent,'' ``third-party auditor,'' and
``accredited third-party auditor.'' The definition of ``third-party
auditor'' in section 808(a)(3) of the FD&C Act in particular, mentions
regulatory and consultative audits in the context of food safety
audits. Therefore, we used the definitions of ``consultative audit''
and ``regulatory audit'' contained in section 808(a)(5) and (a)(7) of
the FD&C Act in developing a definition of ``food safety audit.''
Table 1 describes consultative audits and regulatory audits and the
distinctions between them.
Table 1--Types and Characteristics of Food Safety Audits Under the Proposed Rule
----------------------------------------------------------------------------------------------------------------
Report submitted to
Type of audit Purpose FDA? Records access by FDA?
----------------------------------------------------------------------------------------------------------------
Regulatory Audit..................... For certification and Yes.................... FDA may request
report may be used Submitted no later than submission at any
under FSVP. 45 days after the time.
audit..
Consultative Audit................... Internal purposes...... No..................... FDA access under
section 414 of the
FD&C Act.
----------------------------------------------------------------------------------------------------------------
``Foreign cooperative'' means an entity that aggregates food from
growers or processors that is intended for export to the United States.
Section 808 of the FD&C Act does not provide a definition of ``foreign
cooperative,'' so we relied upon the statutory description of foreign
cooperatives in section 808(c)(1)(B) of the FD&C Act.
``Recognized accreditation body'' means an accreditation body that
FDA has determined meets the applicable requirements and is authorized
to accredit third-party auditors/certification bodies under this
program. This definition is based in part on the definition of
accreditation body in section 808 of the FD&C Act and incorporates the
concept of ``recognition'' that also appears there. The term
``recognition'' is also used in section 422 of the FD&C Act (21 U.S.C.
350k), as amended by FSMA, to describe the status we will accord to a
laboratory accreditation body that accredits laboratories for purposes
of food testing under the FD&C Act.
We also use the term ``recognition'' in the 2009 guidance (Ref. 5)
and in other FDA programs. In the 2009 guidance, which predates FSMA,
we mentioned the possible future ``recognition'' of one or more third-
party certification programs. Though FSMA directs us to structure our
third-party program differently than we envisioned in 2009, the concept
of ``recognition'' by FDA is similar.
``Regulatory audit'' is defined in the statute and means an audit
of an eligible entity:
1. To determine whether such entity is in compliance with the
provisions of the FD&C Act; and
2. The results of which are used in determining eligibility for
food certification under section 801(q) of the FD&C Act or facility
certification under section 806 of the FD&C Act. This definition
includes language from proposed Sec. 1.698, which would allow an
importer to use a regulatory audit report in meeting proposed
requirements for verification of a foreign supplier under subpart L of
this part.
``Relinquishment'' means:
1. With respect to an accreditation body, a decision to cede
voluntarily its authority to accredit third-party auditors/
certification bodies as a recognized accreditation body; and
2. With respect to a third-party auditor/certification body, a
decision to cede voluntarily its authority to conduct food safety
audits and to issue food and facility certifications to eligible
entities.
We included a definition of ``relinquishment'' in this proposed
rule because we recognize that an accreditation body, once recognized,
or a third-party auditor/certification body, once accredited, may
decide to leave the program and would need a process to voluntarily
exit the program. Relinquishment differs from revocation of recognition
and withdrawal of accreditation, as it occurs on the initiative of the
accreditation body or third-party auditor/certification body and not as
a result of our finding good cause to remove its recognition or
accreditation status. Analogous language on relinquishment of
accreditation appears in our mammography regulations in 21 CFR 900.3.
``Self-assessment'' means a systematic assessment conducted by an
accreditation body to determine whether it meets the recognition
requirements in Sec. Sec. 1.610 through 1.625, or by a third-party
auditor/certification body to determine whether it meets the
accreditation requirements in Sec. Sec. 1.640 through 1.658. ``Self-
assessment'' is defined in this proposed rule in a manner consistent
with its use in our MFRPS for State food regulatory programs (Ref. 12).
The MFRPS require States to conduct periodic self-assessments of their
manufactured food regulatory programs against each of the 10 program
standards. These self-assessments are designed to identify the
strengths and weaknesses of the State program by determining the level
of conformance with the program standards and are independently
verified through an audit. The results of the initial self-assessments
are used to develop an improvement plan, and subsequent self-
assessments are used to track the State's progress toward meeting and
maintaining conformance with the MFRPS.
The concept of self-assessment is used in international consensus
standards as well. For example, ISO/IEC Guide 65:1996 (Ref. 20)
requires a certification body to conduct periodic internal audits to
verify that its quality system is implemented and effective, that
corrective actions are taken in a timely and appropriate manner, and
that records of such reviews are maintained. Both ISO/IEC 17011:2004
(Ref. 18) and ISO/IEC 17021:2011 (Ref. 19) require internal audits as
well. Self-assessments are a valuable component of a continuous
improvement process under our standards and the voluntary consensus
standards described in this preamble.
``Third-Party Auditor'' means a foreign government, agency of a
foreign government, foreign cooperative, or any other third party that
is eligible to be considered for accreditation to conduct food safety
audits and to certify that eligible entities meet the applicable
requirements of the FD&C Act. A third-party auditor may be a single
individual or an organization. A third-party auditor may use audit
agents to conduct food safety audits. Third-Party Auditor has the same
meaning as Certification Body as that term is defined in this subpart.
[[Page 45794]]
The definition of ``third-party auditor'' is based on section 808 of
the FD&C Act and clarifies our role in direct accreditation and the
relationship between audits and certifications under section 808 of the
FD&C Act. For the reasons explained in the preamble discussion of the
definition of ``certification body,'' ``third-party auditor'' will have
the same meaning as ``certification body'' for purposes of this rule.
b. Who is subject to this subpart? (Proposed Sec. 1.601). This
proposed rule would apply to those accreditation bodies, third-party
auditors/certification bodies, and eligible entities that seek to
participate in our program for third-party food safety audits and
certification. Participating is voluntary; however any accreditation
body wishing to accredit third-party auditors/certification bodies
under our program would have to comply with the applicable requirements
of the final rule. Under the FDA program, any third-party auditor/
certification body wishing to conduct food safety audits and issue food
and facility certifications and any eligible entity that seeks a food
safety audit or food or facility certification would have to comply
with the applicable requirements of the final rule.\17\
---------------------------------------------------------------------------
\17\ The terms, ``third-party auditor/certification body,''
``consultative audit,'' ``regulatory audit,'' ``food
certification,'' ``facility certification,'' and ``eligible entity''
are defined under this proposed rule.
---------------------------------------------------------------------------
This proposed rule would codify a limited exemption created by
section 116 of FSMA (21 U.S.C. 2206) applicable to certification of
food under section 801(q) of the FD&C Act. Section 116(a) of FSMA
states that, except as provided by certain listed sections in the FSMA,
nothing in FSMA, or the amendments made by FSMA, will be construed to
apply to a facility that (1) under the Federal Alcohol Administration
Act (27 U.S.C. 201 et seq.) or chapter 51 of subtitle E of the Internal
Revenue Code of 1986 (26 U.S.C. 5001 et seq.) is required to obtain a
permit or to register with the Secretary of the Treasury as a condition
of doing business in the United States; and (2) under section 415 of
the FD&C Act is required to register as a facility because such
facility is engaged in manufacturing, processing, packing, or holding
one or more alcoholic beverages (with respect to the activities of such
facility that relate to the manufacturing, processing, packing, or
holding of alcoholic beverages).
Section 116(b) of FSMA provides that section 116(a) does not apply
to a facility engaged in the receipt and distribution of any non-
alcohol food, except that section 116(a) does apply to a facility
described in section 116(a) that receives and distributes non-alcohol
food, provided such food is received and distributed (1) in a
prepackaged form that prevents any direct human contact with such food,
and (2) in amounts that constitute not more than 5 percent of the
overall sales of such facility, as determined by the Secretary of the
Treasury.
Section 116(c) of FSMA provides that, except as provided in section
116(a) and (b), section 116 cannot be construed to exempt any food,
other than alcoholic beverages, as defined in section 214 of the
Federal Alcohol Administration Act (27 U.S.C. 214), from the
requirements of FSMA (including amendments made by FSMA).
The Preventive Controls proposed rule includes provisions
implementing the exemptions provided in section 116 of FSMA to
establish by regulation the reach of the exemptions. As discussed in
the preamble to the Preventive Controls proposed rule, FDA tentatively
concludes the following regarding the reach of the exemptions for the
purposes of that rule:
The phrase ``obtain a permit or register'' should be
interpreted broadly, to include not only facilities that must obtain
what is technically named a ``permit'' or must ``register'' with
Treasury, but also those facilities that must adhere to functionally
similar requirements as a condition of doing business in the United
States, namely, by submitting a notice or application to Treasury and
obtaining Treasury approval of that notice or application.
The exemption would apply not only to domestic facilities
that are required to secure a permit, registration, or approval from
Treasury under the relevant statutes, but also to foreign facilities of
a type that would require such a permit, registration, or approval if
they were domestic facilities.
Activities related to alcoholic beverages (including the
manufacturing, processing, packing, or holding of alcoholic beverages)
at facilities within the scope of section 116(a) of FSMA would not be
subject to section 418 of the FD&C Act. Activities related to foods
other than alcoholic beverages (including the receiving, manufacturing,
processing, packing, holding, and distributing of such foods) would be
subject to section 418 even if those activities occur at facilities
that are otherwise within the scope of section 116(a) (unless they
qualify for another exemption or are in prepackaged form and constitute
5 percent or less of the facility's overall sales). (For clarity, we
use the term ``food other than alcoholic beverages'' rather than ``non-
alcohol food'' in the Preventive Controls proposed rule and in this
document.)
Section 418 of the FD&C Act does not apply to the
manufacturing, processing, packing, or holding of food other than
alcoholic beverages to the extent that it is physically inseparable
from the manufacturing, processing, packing, or holding of alcoholic
beverages.
Section 116 of FSMA is premised in part upon status as a facility
required to register under section 415 of the FD&C Act (section
116(a)(2) of FSMA). As provided in section 808, eligible entities
include foreign facilities registered under section 415 of the FD&C
Act.
Therefore, to implement the exemption in section 116 of FSMA, under
proposed Sec. 1.601(d)(1), certification of food under section 801(q)
of the FD&C Act would not apply with respect to alcoholic beverages
from an eligible entity that is a facility that meets the following two
conditions:
Under the Federal Alcohol Administration Act or chapter 51
of subtitle E of the Internal Revenue Code of 1986 (26 U.S.C. 5001 et
seq.), the facility is a foreign facility of a type that, if it were a
domestic facility, would require obtaining a permit from, registering
with, or obtaining approval of a notice or application from the
Secretary of the Treasury as a condition of doing business in the
United States; and
Under section 415 of the FD&C Act, the facility is
required to register as a facility because it is engaged in
manufacturing/processing one or more alcoholic beverages.
Proposed Sec. 1.601(d)(2) specifies that certification of food
under section 801(q) of the FD&C Act also would not apply with respect
to food other than alcoholic beverages from a facility described in
paragraph (d)(2), provided such food:
Is in prepackaged form that prevents any direct human
contact with such food; and
Constitutes not more than 5 percent of the overall sales
of the facility, as determined by the Secretary of the Treasury.
This exemption does not apply to facility certification required by
section 806 of the FD&C Act.
We request comment on our proposed exemption of alcoholic beverages
and food other than alcoholic beverages under the conditions specified
in proposed Sec. 1.601(d).
As described in the ``Summary of Major Provisions of the Proposed
Rule,'' this rule would apply only to entities
[[Page 45795]]
that voluntarily participate in our accredited third-party audits and
certification program, which would be the following: (1) Accreditation
bodies seeking recognition, or recognized, under this program; (2)
third-party auditors/certification bodies (including their audit
agents) that seek accreditation, or are accredited under this program;
and (3) eligible entities that seek food safety audits from, or that
are audited or certified by, accredited auditors/certification bodies
under this program, except for an eligible entity that meets the
criteria for exemption under section 116 of FSMA.
We invite comment on the scope of this proposed rule, including
comments on its anticipated effects on accreditation bodies and third-
party auditors/certification bodies already performing these
activities, or that may be interested in doing so. We also seek comment
on its anticipated effect on foreign food facilities and other eligible
entities that are currently audited by third-party auditors/
certification bodies.
2. Recognition of Accreditation Bodies
This rule would establish the following: (1) The eligibility
requirements for an accreditation body to be authorized
(``recognized'') by FDA to accredit third-party auditors/certification
bodies under the accredited third-party audits and certification
program; (2) requirements on recognized accreditation bodies for
activities conducted under our program; and (3) procedures FDA and
accreditation bodies will follow relating to recognition, including
application, renewal, revocation, voluntary relinquishment, and
reinstatement of recognition.
Table 2--Proposed Requirements for Accreditation Bodies
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
Recognition of accreditation bodies under this subpart
------------------------------------------------------------------------
1.610.................. Who is eligible for recognition?
1.611.................. What legal authority must an accreditation body
have to qualify for recognition?
1.612.................. What competency and capacity must an
accreditation body have to qualify for
recognition?
1.613.................. What protections against conflicts of interest
must an accreditation body have to qualify for
recognition?
1.614.................. What quality assurance procedures must an
accreditation body have to qualify for
recognition?
1.615.................. What records procedures must an accreditation
body have to qualify for recognition?
------------------------------------------------------------------------
Requirements for recognized accreditation bodies under this subpart
------------------------------------------------------------------------
1.620.................. How must a recognized accreditation body assess
third-party auditors/certification bodies
seeking accreditation?
1.621.................. How must a recognized accreditation body
monitor the performance of auditors/
certification bodies it accredits?
1.622.................. How must a recognized accreditation body
monitor its own performance?
1.623.................. What reports and notifications must a
recognized accreditation body submit to FDA?
1.624.................. How must a recognized accreditation body
protect against conflicts of interest?
1.625.................. What records requirements must a recognized
accreditation body meet?
------------------------------------------------------------------------
Procedures for recognition of accreditation bodies under this subpart
------------------------------------------------------------------------
1.630.................. How do I apply to FDA for recognition or
renewal of recognition?
1.631.................. How will FDA review applications for
recognition and for renewal of recognition?
1.632.................. What is the duration of recognition?
1.633.................. How will FDA monitor recognized accreditation
bodies?
1.634.................. When will FDA revoke recognition?
1.635.................. How do I voluntarily relinquish recognition?
1.636.................. How do I request reinstatement of recognition?
------------------------------------------------------------------------
Section 808 of the FD&C Act directs us to establish a system for
recognition of accreditation bodies to accredit third-party auditors/
certification bodies and generally describes the roles and
responsibilities of recognized accreditation bodies under the
accredited third-party audits and certification program. The statute
requires each recognized accreditation body to: (1) Ensure that third-
party auditors/certification bodies (and audit agents) meet FDA's model
accreditation standards; (2) perform such reviews and audits necessary
to determine that a third-party auditor/certification body meets the
statutory requirements for accreditation; \18\ (3) require a third-
party auditor/certification body to agree to issue certifications in a
form required by FDA, as a condition of accreditation; and (4) submit
to FDA a list of all third-party auditors/certification bodies it
accredited (and the audit agents of each).
---------------------------------------------------------------------------
\18\ See section 808(c)(1)(A) and (c)(1)(B) of the FD&C Act.
---------------------------------------------------------------------------
a. Who is eligible for recognition? (Proposed Sec. 1.610). This
proposed rule would establish eligibility requirements an accreditation
body would have to meet to qualify for recognition by FDA under the
accredited third-party audits and certification program. Proposed Sec.
1.610 states that an accreditation body is eligible for recognition if
it can demonstrate that it meets requirements relating to legal
authority, competency, capacity, conflicts of interest, quality
assurance, and records in proposed Sec. Sec. 1.611 through 1.615.
In developing this proposed rule, we considered eligibility
requirements that would help us ensure that accreditation bodies
seeking recognition--whether public or private, newly formed or long
standing--are sufficiently qualified to accredit third-party auditors/
certification bodies under our program. We considered the approach
taken by NIST in its National Voluntary Conformity Assessment Systems
Evaluation (NVCASE) Program, which is a voluntary program to evaluate
and recognize organizations which support conformity assessment
activities (Ref. 28). The NVCASE program handbook states that ISO/IEC
17011:2004 (Ref. 18) provides that the basic general criteria
[[Page 45796]]
that an accreditor of certification bodies must satisfy for NVCASE
recognition (Ref. 28). We have tentatively concluded that key elements
of ISO/IEC 17011: 2004 (Ref. 18) provide an appropriate basis for these
requirements.\19\ We also considered our 2009 FDA guidance (Ref.
5),\20\ which states that conformance to ISO/IEC 17011:2004 (Ref. 18)
helps provide assurance of the reliability and competence of
accreditation bodies.
---------------------------------------------------------------------------
\19\ ISO/IEC 17011:2004 contains requirements that are not
applicable to our program (e.g., liability arrangements). While an
accreditation body would not need to conform to ISO/IEC 17011:2004
to qualify for recognition under our program, an accreditation body
that satisfies the requirements of ISO/IEC 17011:2004 could use that
in demonstrating it meets the recognition requirements in this rule.
\20\ We intend to withdraw the 2009 Guidance upon publication of
a final rule for accredited third-party audits and certification
under section 808 of the FD&C Act.
---------------------------------------------------------------------------
We also considered current food industry practices. For example,
GFSI requires food safety scheme owners to use accreditation bodies
that comply with ISO/IEC 17011:2004 (Ref. 18) for GFSI-benchmarked food
safety schemes (Ref. 29). In stakeholder meetings, some stakeholders
have suggested that FDA consider requiring accreditation bodies
participating in the accredited third-party audits and certification
program to be signatories to a multilateral recognition agreement of
the International Accreditation Forum (IAF). IAF is an organization for
accreditors of conformity assessment bodies and is a counterpart to
International Laboratory Accreditation Cooperation (ILAC), for
laboratory accreditation bodies.\21\ The IAF multilateral recognition
arrangement (IAF-MLA) (Ref. 30) requires signatories to conform to ISO/
IEC 17011:2004, among other things.
---------------------------------------------------------------------------
\21\ The ILAC is an international body, established in 1977, to
help ensure the competency, independence, rigor, and objectivity of
accreditation bodies that accredit laboratories against
international standards. The ILAC-mutual recognition agreement
requires signatories to conduct their activities in accordance with
ISO/IEC 17011:2004. FDA laboratory programs have worked with ILAC
and other ILAC signatories for many years.
---------------------------------------------------------------------------
Unlike our established history with ILAC and ILAC signatories, our
food and feed programs lack similar experience with the IAF. We have
found few examples of Federal agencies that require accreditation
bodies for conformity assessment bodies to be signatories to the IAF-
MLA (for accreditation of product and management system certification)
and that use signatory status as the sole criterion for accreditation
bodies. For example, the Department of Health and Human Services is not
requiring approved accreditors in its Health Information Technology
certification program (45 CFR part 170) to be signatories to the IAF-
MLA, although signatory status could be provided in support of an
applicant's request for approval. By contrast, the Environmental
Protection Agency's WaterSense program (Ref. 31) requires product
accreditors to be signatories to the IAF-MLA (Ref. 30). The WaterSense
program is not a regulatory program; rather, it is a partnership
program.
We do not have adequate information at this time to propose to
require accreditation bodies participating in the accredited third-
party audits and certification regulatory program to be IAF-MLA
signatories--whether as the sole requirement for recognition under
Sec. 1.610 or as one of several factors in support of recognition. We
have, however, tentatively concluded that documented conformance to
ISO/IEC 17011:2004 (Ref. 18) would be relevant in demonstrating that an
accreditation body is qualified for recognition. We invite comments and
examples (in particular, examples from regulatory programs) in support
of, or opposition to, using an accreditation body's status as a
signatory to an IAF MLA as the sole criterion for recognition or as a
factor weighing in favor of an application for recognition under the
accredited third-party audits and certification program.
b. What legal authority must an accreditation body have to qualify
for recognition? (Proposed Sec. 1.611). This proposed rule would
require accreditation bodies seeking recognition to demonstrate they
have sufficient legal authority to adequately assess third-party
auditors/certification bodies for accreditation and in conducting
oversight of them, once accredited.
Proposed Sec. 1.611 would allow both governmental bodies, with
accreditation authority inherent in their roles as public officials,
and private bodies, who have authority under contracts with third-party
auditors/certification bodies, to qualify for recognition if they have
the sufficient authority to conduct accreditation activities. This
includes adequate authority to access records; to conduct onsite
performance assessments, reassessments, and surveillance; and to grant,
modify, and remove accreditation status.
ISO/IEC 17011:2004 (Ref. 18) contains similar requirements for
bodies accrediting third-party auditors/certification bodies for
product and management system certification. Clause 4.1 requires
accreditation bodies to be registered legal entities and explains that
governmental accreditation bodies are considered legal entities because
of their governmental status. Clause 4.2.2 states that accreditation
bodies must have the authority and responsibility to decide on
granting, maintaining, extending, reducing, suspending, and withdrawing
accreditation.\22\
---------------------------------------------------------------------------
\22\ ISO/IEC 17011:2004 also contains requirements relating to
documentation of the roles and responsibilities of accreditation
body management and personnel involved in accreditation activities.
Matters such as these will be more fully explained in the Model
Accreditation Standards we plan to issue.
---------------------------------------------------------------------------
Proposed Sec. 1.611(b) would require an accreditation body to
demonstrate that it has the adequate legal authority to meet the
requirements for a recognized accreditation body in proposed Sec. Sec.
1.611 through 1.615, including assessing third-party auditors/
certification bodies for accreditation, monitoring accredited auditors/
certification bodies, perform self-assessments, submitting reports and
notifications to FDA, implementing procedures to protect against
conflicts of interest, establishing and maintaining records, and
following the applicable procedural requirements of our program.
We are not proposing to require a newly recognized accreditation
body to wait a certain period of time before beginning to conduct
accreditation activities under our program. Its accreditation authority
goes into effect at the moment of recognition. Therefore, we believe
that an accreditation body seeking recognition must demonstrate its
capacity to fulfill the roles and responsibilities of recognition, if
granted. We believe that an accreditation body could meet this
requirement by providing documentation of its authority to perform
activities required by proposed Sec. Sec. 1.611 through 1.615. We
expect this documentation to be provided primarily in the form of
standard language for contracts with eligible entities under the FDA
accredited third-party audits and certification program. However, we
will accept other types of documents (e.g., Standard Operating
Procedures) that can (individually or as part of a set of documents)
demonstrate that the accreditation body has adequate legal authority to
conduct the activities required by proposed Sec. 1.611 through 1.615.
We invite comment on our proposal to require accreditation bodies
to have demonstrable evidence to support a conclusion that they would
have adequate legal authority to meet our requirements (e.g., authority
to withdraw accreditation for cause), if recognized. We also seek
examples of other types of evidence that might
[[Page 45797]]
demonstrate the scope of an applicant's legal authority. For comments
opposing this requirement, we request comment on what, if any,
requirements we should put in place to ensure that an accreditation
body applying to us for recognition would be equipped, upon
recognition, to perform the obligations required under the program.
c. What competency and capacity must an accreditation body have to
qualify for recognition? (Proposed Sec. 1.612). This rule would
require accreditation bodies seeking recognition to demonstrate
adequate resources to fully implement its accreditation program. Under
proposed Sec. 1.612, an accreditation body must have adequate numbers
of personnel or other agents with relevant knowledge, skills, and
experience to adequately assess and monitor third-party auditors/
certification bodies. The accreditation body also would have to show it
has adequate financial resources for its operations. In the guidance,
we will explain the types of expertise and training we expect to see
when reviewing accreditation body records and conducting onsite
performance assessments. We also will explain the types of
documentation that might be used to demonstrate financial viability.
ISO/IEC 17011: 2004, clause 6.1 (Ref. 18) requires accreditation
bodies to have a sufficient number of competent personnel (internal and
external) with the educational background, technical qualifications,
training, skills, and experience necessary for the accreditation body's
activities. Clause 4.5.2 requires accreditation bodies to demonstrate
they have financial resource required for accreditation activities.\23\
---------------------------------------------------------------------------
\23\ ISO/IEC 17011:2004 contains some requirements that are not
applicable to our program. For example, it contains requirements
relating to liability coverage.
---------------------------------------------------------------------------
Under proposed Sec. 1.612(b) an accreditation body seeking to
qualify for recognition must demonstrate that it has the capability to
adequately assess third-party auditors/certification bodies seeking
accreditation and to monitor accredited auditors/certification bodies
through performance assessments. It also must be capable of submitting
reports and notifications to FDA in the manner we propose and to follow
the procedural requirements under our program. As previously explained,
an accreditation body will be authorized to begin accreditation
activities under our program immediately upon recognition. Therefore,
we need to have adequate assurance of its ability to meet the
competency and capacity requirements of a recognized accreditation body
when deciding whether to grant recognition.
d. What protections against conflicts of interest must an
accreditation body have to qualify for recognition? (Proposed Sec.
1.613). This proposed rule would require accreditation bodies to have
established programs to safeguard against conflicts of interest that
might compromise their objectivity and independence from third-party
auditors/certification bodies. Proposed Sec. 1.613 would require
accreditation bodies seeking recognition to have written measures to
safeguard against financial conflicts of interest between the
accreditation body (and its officers, personnel, and other agents) and
third-party auditors/certification bodies (and their officers,
personnel, and other agents). Without these conflict of interest
requirements, we believe it would be difficult for an accreditation
body to demonstrate adequate independence in accrediting auditors/
certification bodies, as required under our accredited third-party
auditing and certification program.
ISO/IEC 17011: 2004, clause 4.3.4 (Ref. 18) requires accreditation
bodies to ensure that personnel and committees that could influence the
accreditation process act objectively and be free from any undue
commercial pressures that could compromise impartiality.\24\
---------------------------------------------------------------------------
\24\ ISO/IEC 17011 contains additional requirements relating to
opportunities for involvement by interested parties and the manner
in which the accreditation body presents its services. Such matters
are beyond the scope of our program.
---------------------------------------------------------------------------
Under proposed Sec. 1.613(b), an accreditation body seeking
recognition must demonstrate the capability to meet the conflict of
interest requirements that would apply under Sec. 1.624, upon
recognition. This measure is necessary to help ensure that any
accreditation activities conducted after recognition would be
considered objective and independent under our program.
e. What quality assurance procedures must an accreditation body
have to qualify for recognition? (Proposed Sec. 1.614). This proposed
rule would require accreditation bodies seeking recognition to have
written quality assurance procedures in place. Proposed Sec. 1.614(a)
requires an accreditation body seeking recognition to have a program
for monitoring and assessing the performance of its officers,
personnel, and other agents and for assessing the effectiveness of its
accreditation program. The program must include procedures for
identifying areas for improvement and quickly executing corrective
actions.
ISO/IEC 17011 (Ref. 18) requires accreditation bodies to establish
procedures for internal audits (clause 5.7.1) and to identify
nonconformities in its operations (clause 5.5), opportunities for
improvement, and preventive actions to address root causes (clause
5.6). Clause 5.8 requires periodic management reviews.
Proposed Sec. 1.614(b) requires the accreditation body to
demonstrate it has the capability to meet the quality assurance
requirements of Sec. 1.622, for performing annual self-assessments
against our requirements and reporting the results of such self-
assessments. The guidance we plan to issue will discuss the elements of
an effective quality assurance program for accreditation bodies.
f. What records procedures must an accreditation body have to
qualify for recognition? (Proposed Sec. 1.615). This proposed rule
would require accreditation bodies seeking recognition to have written
records procedures in place. Under proposed Sec. 1.615(a), an
accreditation body would have to demonstrate that it has written
procedures for establishing, controlling, and retaining records on its
accreditation program and activities. While we are not proposing that
an accreditation body must have retained records for a specified period
of time prior to its recognition, we believe it is necessary for an
accreditation body to have maintained records for such length of time
to allow us to adequately assess its program and performance to
determine whether it is qualified for recognition. The accreditation
body also must maintain records as required by its existing legal
obligations. Our guidance will explain these recordkeeping, document
control, and retention requirements.
Clause 5.4.1 of ISO/1EC 17011: 2004 (Ref. 18) requires
accreditation bodies to establish procedures for identification,
collection, filing, storage, maintenance, and disposal of records.
Under clause 5.4.2, records procedures must require records to be
retained for a period consistent with the accreditation body's
contractual and legal obligations. The accreditation body must have
procedures to control internal and external documents relating to its
activities, under clause 5.3.\25\
---------------------------------------------------------------------------
\25\ Requiring accreditation bodies to exert control over
external documents relating to its accreditation activities would be
inconsistent with our program.
---------------------------------------------------------------------------
Proposed Sec. 1.615(b) would require an accreditation body seeking
recognition to demonstrate its capability to meet the requirements of a
recognized accreditation body. This would include,
[[Page 45798]]
for example, capacity for maintaining records for 5 years, which is the
maximum length for which recognition could be granted. It also requires
recognized accreditation bodies to give us access to records on
activities conducted under our program. Clause 4.4 of ISO/IEC 17011:
2004 (Ref. 18) requires accreditation bodies to have adequate
arrangements to maintain the confidentiality of information obtained
through its accreditation activities. Confidential information about a
third-party auditor/certification bodies must not be disclosed without
the written consent of the auditor/certification body unless the law
requires the information to be disclosed without such consent.
Accreditation bodies applying for recognition must demonstrate their
capacity, if recognized, to grant us access to confidential
information, including information contained in records, without prior
written consent of the auditor/certification body involved. Having
access to records relating to accreditation activities (including
confidential information) under this subpart is necessary to ensure the
rigor, credibility, and independence of the program.
3. Requirements for Recognized Accreditation Bodies
Table 3--Proposed Requirements for Accreditation Bodies Recognized by
FDA
------------------------------------------------------------------------
Proposed Rule Section Title
------------------------------------------------------------------------
1.620.................. How must a recognized accreditation body assess
third-party auditors/certification bodies
seeking accreditation?
1.621.................. How must a recognized accreditation body
monitor the performance of auditors/
certification bodies it accredits?
1.622.................. How must a recognized accreditation body
monitor its own performance?
1.623.................. What reports and notifications must a
recognized accreditation body submit to FDA?
1.624.................. How must a recognized accreditation body
protect against conflicts of interest?
1.625.................. What records requirements must a recognized
accreditation body meet?
------------------------------------------------------------------------
Proposed Sec. Sec. 1.620 through 1.625 contain the requirements
that a recognized accreditation body would have to meet when conducting
activities under our program.
a. How must a recognized accreditation body assess third-party
auditors/certification bodies seeking accreditation? (Proposed Sec.
1.620). This proposed rule would establish criteria and procedures a
recognized accreditation body must use in assessing third-party
auditors/certification bodies for accreditation.
Proposed Sec. 1.620(a)(1) requires a recognized accreditation body
to assess foreign governments/agencies by evaluating the food safety
programs, systems, and standards of the government/agency to determine
that the government/agency meets the eligibility requirements for
accreditation under Sec. 1.640(b), except where the criteria for
direct accreditation in proposed Sec. 1.670(a) are met.\26\ Proposed
Sec. 1.620(a)(2) requires a recognized accreditation body to assess
the internal systems and the training and qualifications of audit
agents used by a foreign cooperative or other third party to determine
that the cooperative/party meets the eligibility requirements for
accreditation under Sec. 1.640(c).
---------------------------------------------------------------------------
\26\ Under section 808(b)(1)(A)(ii) of the FD&C Act, we may
begin to directly accredit third-party auditors/certification bodies
if we have not identified and recognized an accreditation body to
meet the requirements of the section within 2 years after
establishing the system.
---------------------------------------------------------------------------
Proposed Sec. 1.620(a)(1) and (a)(2) are based on section
808(c)(1) to (c)(3) of the FD&C Act, which distinguishes between the
assessments of foreign governments/agencies and the assessments for
foreign cooperatives/other third parties seeking accreditation. They
also require a recognized accreditation body to assess any third-party
auditor/certification body under the model accreditation standards we
must issue under section 808(b)(2) of the FD&C Act. The model
accreditation standards will specify the authority, competency,
capacity, impartiality, quality assurance, and records that a third-
party auditor/certification body must have to qualify for accreditation
under our program.
Proposed Sec. 1.620(a)(3) requires recognized accreditation bodies
to observe a statistically significant number \27\ of onsite food
safety audits by a third-party auditor/certification body (or its audit
agents) seeking accreditation. Correspondingly, ISO/IEC 17011: 2004,
clause 7.7.3 (Ref. 18) requires an accreditation body's assessment team
to witness the performance of a representative number of staff to
provide assurance of the auditor's/certification body's competency.
---------------------------------------------------------------------------
\27\ Generally speaking, we consider ``statistical
significance'' to be an interpretation of statistical data
indicating that an occurrence was likely the result of a causative
factor and not simply a chance result. With observations of a
statistically significant number of accredited auditors/
certification bodies, recognized accreditation bodies will be able
to exert an appropriate degree of oversight of its accredited
auditors/certification bodies, using the data to help determine
whether its accreditation program and activities are functioning
appropriately.
---------------------------------------------------------------------------
Proposed Sec. 1.620(b) requires a recognized accreditation body to
impose three conditions on any accreditation under this program as
follows:
The third-party auditor/certification body must comply
with the audit reporting requirements contained in proposed Sec.
1.656, which is drawn from section 808(c)(3) of the FD&C Act (which
makes it a condition of accreditation to prepare consultative audit
reports within 45 days after conducting an audit and, for regulatory
audits, to submit an audit report within 45 days after conducting an
audit).
The third-party auditor/certification body must agree to
submit electronic certifications to FDA, where appropriate based on the
results of a regulatory audit. Under section 808(c)(2)(A) of the FD&C
Act, we have tentatively concluded that submission of electronic
certification (as opposed to paper certification) is appropriate for
the following reasons:
[cir] It would be too time-consuming and resource intensive to
review paper-based facility certifications and might result delays that
would frustrate the purpose of the VQIP program for expedited review
and entry of products; and
[cir] Requiring submission and manual review of paper food and
facility certifications would undermine to our efforts to use robust,
integrated databases to replace manual review, analysis, and reporting
of data.
A third-party auditor/certification body would have to
comply with the requirement in section 808(c)(4)(A) of the FD&C Act to
notify us immediately upon discovering, during a food safety audit, a
condition that could cause or contribute to a serious risk to the
public health, as a condition of its accreditation. Having timely
notification of such risks directly affects our ability to respond
rapidly to protect the public health. We believe this notification
[[Page 45799]]
requirement is of such a critical nature that, we are proposing to
require compliance as a condition of accreditation. We seek comment on
our tentative conclusion to require compliance with section
808(c)(4)(A) of the FD&C Act a condition of accreditation.
Proposed Sec. 1.620(c) requires recognized accreditation bodies to
maintain records relating to its accreditation activities under the
program. These include records on any denial of accreditation and on
any withdrawal, suspension, or decision to reduce the scope of an
accreditation for cause.\28\ Such records must include the name and
contact information for such certification body, the scope of
accreditation denied, withdrawn, suspended, or reduced, and the basis
for the action. Having access to records on denials of accreditation
and actions taken due to nonconformities will help us in assessing the
performance of the recognized accreditation body and also will allow us
to determine whether poorly performing third-party auditors/
certification bodies are attempting to ``shop'' for favorable
accreditation decisions elsewhere. Both are important for our oversight
of the program.
---------------------------------------------------------------------------
\28\ Denial, withdrawal, suspension, and reduction in scope of
accreditation differ from voluntary relinquishment of accreditation
under proposed Sec. 1.665, which is an action taken on the
initiative of the auditor/certification body and is not based on a
finding of nonconformity by its accreditation body.
---------------------------------------------------------------------------
In proposed Sec. 1.620(d), we require recognized accreditation
bodies to have written procedures in place to consider appeals from
third-party auditors/certification bodies to adverse accreditation
decisions. The written procedures must offer protections similar to
those afforded by FDA under proposed Sec. Sec. 1.692 and 1.693 and
include requirements to make the appeals procedures publicly available,
have the appeal investigated and decided upon by people different than
those involved in the subject matter of the appeal, notify the auditor/
certification body of the final decision on the appeal, and maintain
records on the appeal, the final decision, and the basis for the
decision. This provision is analogous to clause 7.10.2 of ISO/IEC
17011:2004 (Ref. 18), which requires accreditation bodies to establish
similar procedures for handling appeals by auditors/certification
bodies. We emphasize that we are not proposing to review a decision by
a recognized accreditation body to deny, withdraw, suspend, or reduce
an accreditation, nor do we propose to consider appeals from third-
party auditors/certification bodies to such actions by recognized
accreditation bodies. We have considered the language of section 808 of
the FD&C Act and tentatively concluded that it does not require us to
review such decisions. We believe our proposal is appropriate and
consistent with international standards that identify these as matters
between the recognized accreditation body and the third-party auditor/
certification body affected by the decision. Comments suggesting
alternatives should provide the following: (1) A detailed legal
rationale for us to review and decide on a challenge to an
accreditation decision of a recognized accreditation body, including
the authority to compel a recognized accreditation body to grant an
accreditation and to conduct the ongoing monitoring of the auditor/
certification body required under this FDA program; (2) a description
of the procedures FDA should follow, including whether to compile an
administrative record based on documents from the accreditation body
and the third-party auditor/certification body, whether to accept new
evidence or conduct its own investigation, and whether to conduct a
public hearing; and (3) a prioritization of FDA's program activities as
between, for example, monitoring the performance of accredited
auditors/certification bodies under section 808(f) of the FD&C Act and
determining whether a recognized accreditation body correctly denied an
application for accreditation.
b. How must a recognized accreditation body monitor the performance
of auditors/certification bodies it accredits? (Proposed Sec. 1.621).
This proposed rule describes the type and frequency of monitoring a
recognized accreditation body would have to perform for third-party
auditors/certification bodies it accredits under our program.
Proposed Sec. 1.621 requires a recognized accreditation body to
annually evaluate each of its accredited auditors/certification bodies
to determine whether it is complying with the applicable provisions of
this rule. For each such auditor/certification body, the accreditation
body must review its self-assessments (including information on
compliance with the conflict of interest requirements under Sec.
1.657); its regulatory audit reports and notifications to FDA (and
supporting documents for each), and any other information reasonably
available to the accreditation body regarding the compliance history of
eligible entities the accredited auditor/certification body certified
or that would otherwise be relevant in determining its compliance with
this rule.
The monitoring requirements we propose are consistent with section
808(f)(2) of the FD&C Act, which requires us to evaluate each
accredited auditor/certification body by reviewing its regulatory audit
reports and the compliance history (as available) of eligible entities
it certified, and to take any other necessary measures. We believe
these elements are equally important for recognized accreditation
bodies to use when monitoring accredited auditors/certification bodies
under our program. We believe that the conflict of interest disclosures
and public health notifications are of such importance to the
reliability and credibility of the program that recognized
accreditation bodies should review them as well. To provide flexibility
to a recognized accreditation body that is aware of additional
information relevant to its evaluation, and consistent with the last
clause in section 808(f)(2) of the FD&C Act, we propose to allow the
accreditation body to rely on other information relevant to its
evaluation. We note that accreditation bodies need only consider
information that is ``reasonably available'' to them. We do not expect
an accreditation body to launch an investigation of each auditor/
certification body it accredited, absent cause; however, we expect that
accreditation bodies will actively monitor for public information about
their accredited auditors/certification bodies and will not ignore
public information about problems associated with one or more of this
accredited auditors/certification bodies.
ISO/IEC 17011:2004, clause 7.11.3 (Ref. 18) requires accreditation
bodies to plan for reassessment and surveillance of each accredited
auditor/certification body at frequencies between 1 and 5 years,
depending on the nature of reassessment and surveillance performed. In
general, clause 7.11.3 requires these monitoring activities to occur
every 2 years.
We have tentatively concluded that the assessments under proposed
Sec. 1.621 should be performed on an annual basis because formal
reviews at that frequency, throughout the duration of an accreditation,
will help the accreditation body determine whether the auditor/
certification body continues to meet the applicable program
requirements and the conditions of its accreditation. Not only will
these assessments help ensure that accredited auditors/certification
bodies individually comply with our requirements, but also can be used
by
[[Page 45800]]
the recognized accreditation body to identify trends and any
deficiencies in its own performance or program.
We seek comment on our proposal and on whether the information we
describe in Sec. 1.621 will provide an appropriate basis for
recognized accreditation bodies to use in evaluating auditors/
certification bodies they accredited. Should we require recognized
accreditation bodies to conduct witness audits or visits to the
headquarters of each auditor/certification body it accredits under the
program, or a subset thereof? For comments recommending other methods
of performance assessment, we are interested in information on the
potential costs and benefits associated with these alternatives.
c. How must a recognized accreditation body monitor its own
performance? (Proposed Sec. 1.622). This proposed rule would require
recognized accreditation bodies conduct self-assessments on an annual
basis and as required under proposed Sec. 1.664(g) (following FDA
withdrawal of accreditation of a third-party auditor/certification body
it accredited).
Proposed Sec. 1.622(a) requires a recognized accreditation body to
evaluate the performance of its officers, employees, and other agents;
compliance with applicable conflict of interest requirements; and any
other aspects FDA requests, to determine whether the accreditation body
meets our program requirements. Proposed Sec. 1.622(b) requires a
recognized accreditation body to observe onsite regulatory audits
conducted by a statistically significant number of its accredited
auditors/certification bodies.\29\
---------------------------------------------------------------------------
\29\ As described in footnote 26, we generally interpret
statistically significant numbers as those indicating that an
occurrence was likely the result of a causative factor and not a
chance result.
---------------------------------------------------------------------------
Based on these assessments, proposed Sec. 1.622(c) requires
recognized accreditation bodies implement corrective actions to address
any area needing improvement that was identified through its self-
assessment. The requirements in proposed Sec. 1.622(a), (b), and (c)
build on proposed Sec. 1.614, which requires accreditation bodies to
have quality assurance programs to qualify for recognition.
Proposed Sec. 1.622(d) requires the accreditation body to prepare
a written report of the findings of its self-assessment, including: (1)
A statement disclosing the extent to which the accreditation body, and
its officers, employees, and other agents, complied with the conflict
of interest requirements in Sec. 1.624 and other applicable
requirements; and (2) identifying any corrective actions taken to
address identified deficiencies. The timelines for a recognized
accreditation body to submit its self-assessment reports to FDA appear
in proposed Sec. 1.623(b).
ISO/IEC 17011: 2004, clause 6.3.1 (Ref. 18) requires accreditation
bodies to establish procedures for monitoring the performance of its
personnel. Clauses 5.5 and 5.6 require accreditation bodies to
establish procedures to identify nonconformities in its operations and
any opportunities for improvement and to record the results of any
corrective or preventive actions taken.
d. What reports and notifications must a recognized accreditation
body submit to FDA? (Proposed Sec. 1.623). This proposed rule would
require recognized accreditation bodies to submit to FDA reports of its
self-assessments and monitoring, as well as notice of matters affecting
recognition and accreditation status. The reports and notifications
described in proposed Sec. 1.623 would have to be submitted
electronically and in English.
Here and other places in this proposed rule, we suggest that any
information for FDA be submitted in English. For applications or
requests to FDA, we also propose to require that any translation or
interpretation services necessary for us to process the application or
request be made available by the submitter. We invite comment on our
proposal to require submissions in English and to require translation
or interpretation services as necessary. For comments in opposition, we
seek input on how FDA might address translation and interpretation
issues in a manner that is not overly burdensome or infeasible for the
Agency and for submitters. How can FDA mitigate indirect effects on
others submitting applications or requests? For example, is there a
limit on the amount of time or resources FDA should spend translating
and processing an application submitted in a foreign language? Are
there other factors we should consider in deciding whether to require
submissions in English and translation and interpretation services
where necessary?
Proposed Sec. 1.623(a) requires recognized accreditation bodies to
submit reports of their annual assessments of accredited auditors/
certification bodies under proposed Sec. 1.621 within 45 days of
completion of the assessment. The report must include updated lists of
any audit agents used by such auditors/certification bodies. We believe
that the results of such assessments will help us evaluate the
performance of recognized accreditation bodies in reassessing their
accredited auditors/certification bodies. The results also will help us
perform our own monitoring of each accredited auditor/certification
body. For example, having data about trends in performance deficiencies
that the recognized accreditation body identified in its assessments,
and the corrective actions that were implemented to address such
deficiencies, gives us useful information on the accredited auditor/
certification body and offers insight into how the recognized
accreditation body oversees its accredited auditors/certification
bodies.
Proposed Sec. 1.623(b) requires recognized accreditation bodies to
submit reports of their self-assessments under proposed Sec. 1.622.
These too will be useful to us in overseeing the recognized
accreditation bodies. Annual self-assessments would have to be
submitted within 45 days after completing the self-assessment. In
establishing this timeframe, we considered the statutory requirement
that accredited auditors/certification bodies submit reports of
regulatory audits within 45 days after completing the audit. We
tentatively concluded that the reports of formal assessments under
Sec. 1.621 and self-assessments under Sec. 1.622, though different in
nature from regulatory audits, are similarly important to our ability
to ensure the rigor and credibility of the accredited third-party
audits and certification program and thus should be submitted to us
under a similar deadline.
Additionally, proposed Sec. 1.623(b) provides that reports from
self-assessments required by proposed Sec. 1.664(g)(1) (following
withdrawal of accreditation of a third-party auditor/certification
body) would have to be submitted to FDA within 2 months after the date
of withdrawal.
Proposed Sec. 1.623(c) requires recognized accreditation bodies to
immediately notify us when they grant accreditation to an auditor/
certification body or when they withdraw, suspend, or reduce the scope
of an accreditation under our program. Immediate notice is essential so
that we can take timely action to begin to accept certifications from
newly accredited auditors/certification bodies and to refuse to accept
certifications from auditors/certification bodies no longer authorized
to issue them. For each such notification, an accreditation body must
provide contact information for the auditor/certification body, the
name(s) of one or more of its officers, and the scope of accreditation.
For withdrawal,
[[Page 45801]]
suspension, or reduction in scope, the recognized accreditation body
must specify the basis for the decision and must update any other
previously submitted information about the auditor/certification body.
A recognized accreditation body also must immediately notify us if it
has determined that an accredited auditor/certification body failed to
comply with the requirements for issuance of a food or facility
certification under Sec. 1.653 and must include the basis for the
determination and update any other information previously submitted
about the auditor/certification body. Each type of notification must be
made electronically and in English.
This information is essential to our oversight and management of
the accredited third-party audits and certification program and the
programs that rely on certifications issued by accredited third-party
auditors/certification bodies. For example, section 808(c)(6)(A)(ii) of
the FD&C Act requires us to withdraw accreditation from a certification
body if we determine that the certification body no longer meets the
requirements for accreditation. Having information on the reason(s) for
withdrawal, suspension, or reduction in scope of an accreditation will
help us in determining whether and how to conduct such evaluation.
(Concerns regarding the performance of an accredited auditor/
certification body are of a different nature than, for example,
suspension of accreditation for failure to make timely fee payments.)
Without information on the reason an accreditation was withdrawn,
suspended, or reduced, we believe we will need to automatically
consider withdrawal of accreditation whenever an accreditation is
withdrawn, suspended, or reduced.
We request comment on our tentative conclusion that our oversight
of the program will be enhanced by timely notice of accreditations,
withdrawals, suspensions, and reductions in scope of accreditation by a
recognized accreditation body, and of violations of proposed Sec.
1.653.
In proposed Sec. 1.623(d)(1), we require a recognized
accreditation body to notify us within 30 days after denying
accreditation to an auditor/certification body (in whole or in part)
and including the basis for such denial. Proposed Sec. 1.623(d)(1) is
based on the requirement in proposed Sec. 1.620(c), which requires
recognized accreditation bodies to maintain records on any denial of
accreditation under this program. We are not proposing to prohibit
accreditation of an auditor/certification body previously denied
accreditation, if the auditor/certification body is subject to a
separate, full assessment and found to have adequately addressed the
problems that led to the denial.
Proposed Sec. 1.623(d)(2) requires recognized accreditation bodies
to notify FDA within 30 days after making any significant change that
would affect the manner in which it complies with the recognition
requirements in Sec. Sec. 1.610 to 1.625 and include an explanation
for the purpose of the change. For example, the merger of two
accreditation bodies, or the contracting out of assessment services at
an accreditation body that previously employed in-house assessors,
would be the types of changes that should be notified to us. The intent
of this proposed requirement is to help ensure that we obtain timely
notice of any changes that could affect the basis upon which we
recognized the accreditation body. We are not seeking prior notice, nor
are we suggesting that we have a role in approving or denying such
change. We are, however, required by section 808(b)(1)(C) of the FD&C
Act to revoke recognition of any accreditation body found not to be in
compliance with section 808 of the FD&C Act. A significant change that
prevents or undermines the accreditation body's compliance with this
rule may result in revocation of recognition under proposed Sec.
1.636.
e. How must a recognized accreditation body protect against
conflicts of interest? (Proposed Sec. 1.624). This proposed rule would
require a recognized accreditation body to take certain steps to
safeguard against conflicts of interest, including the requirement to
implement a written conflict of interest program.
Section 808 of the FD&C Act requires us to establish the accredited
third-party audits and certification program through, in large part,
recognition of accreditation bodies to themselves accredit third-party
auditors/certification bodies. Various stakeholders have expressed
concern about possible conflicts of interest between the accreditation
bodies and the third-party auditors/certification bodies seeking to
participate in the program we implement. We believe that the
credibility of the program will rest, in part, on whether we establish
effective measures to protect against conflicts of interest among the
program participants.
We considered ISO/IEC 17011:2004 (Ref. 18), which requires that all
accreditation body personnel and committees that could influence the
accreditation act objectively and be free from any undue commercial,
financial, and other pressures that could compromise impartiality.
We believe that, in keeping with the purpose of section 808 of the
FD&C Act, recognized accreditation bodies should be held to conflict of
interest provisions of similar rigor to those placed on accredited
third-party auditors/certification bodies under section 808(c)(5) of
the FD&C Act and this proposed rule. Failure to have documented
safeguards against conflicts of interest between a recognized
accreditation body and the third-party auditor/certification body
seeking its accreditation could undermine the system at its foundation
by introducing the possibility of bias into the system. We believe that
nothing short of rigorous safeguards will offer the transparency and
credibility we believe necessary for our oversight of, and consumer
confidence in, this accredited third-party audits and certification
program.
Proposed Sec. 1.624(a)(1) addresses conflicts involving ownership,
management, or control of, or financial interests in, an auditor/
certification body (including its officers, personnel, or other agents)
or any affiliate, parent, or subsidiary of the auditor/certification
body. We believe proposed Sec. 1.624(a)(1) aligns with the requirement
in section 808(c)(5)(A)(i) of the FD&C Act, which prevents an
accredited third-party certification body from being owned, managed, or
controlled by any person that owns or operates an eligible entity to be
certified by such certification body. It also aligns with the
requirement, in section 808(c)(5)(B)(i) of the FD&C Act, that an audit
agent of an accredited third-party certification body not own or
operate an eligible entity to be audited by such agent.
Proposed Sec. 1.624(a)(2) prohibits officers, employees, or other
agents of a recognized accreditation body from accepting any monies,
gifts, gratuities, or items of value other than the payment of fees for
accreditation services, reimbursement of direct costs associated with
accreditation, and onsite meals, of a de minimis value, provided during
an audit or assessment. We believe this is consistent with the
requirements in section 808(c)(5)(A)(ii) and (c)(5)(B)(ii) of the FD&C
Act, which requires an accredited auditor/certification body and its
audit agents to have procedures to safeguard against financial
conflicts of interest between any officer, employee, or audit agent and
any eligible entity to be audited or certified.
We have tentatively concluded that onsite meals of a de minimis
nature are not gifts, gratuities, or items of value
[[Page 45802]]
likely to influence the outcome of an audit or assessment, nor do we
think they are likely to undermine the credibility of the program.
Onsite meals may help expedite audits and assessments, because the
accreditation body's assessors would not have to leave the premises for
meals. We seek comment on whether to define de minimis value according
to the limits established for U.S. Government employees for accepting
gifts or gratuities.
Proposed Sec. 1.624(b) imputes the financial interests of
immediate family members to an officer, employee, or other agent of a
recognized accreditation body. This proposed requirement is based on
the approach we recommended in the 2009 Guidance with respect to
conflicts of accredited certification bodies (Ref. 5). We believe that
imposing a similar requirement on the immediate family of the officers,
employees, or other agents of a recognized accreditation body will help
to ensure the credibility of the accredited third-party audits and
certification program at every level.
Proposed Sec. 1.624(c) requires transparency in the payment of
fees or reimbursement of direct costs by an accredited auditor/
certification body to a recognized accreditation body. We have
considered the types of disclosures that are necessary to help ensure
the credibility of the program (and are consistent with existing
disclosure laws). We recognize the amount or manner of payment by a
third-party auditor/certification body for accreditation services may
give rise to questions about whether the payment might affect the
outcome of the accreditation process. Where, for example, a third-party
auditor/certification body makes multiple payments to an accreditation
body or makes payments under a different schedule than the
accreditation body's usual practice, this may spur questions about
whether those payments are linked to a favorable outcome for the third-
party auditor/certification body.
We have tentatively concluded that, to maintain confidence in the
program through transparency, recognized accreditation bodies disclose
the timing of payments and reimbursement they receive from auditors/
certification bodies, to the extent that such disclosures are
consistent with existing law. While we do not believe that information
on timing of payment of fees would be protected from disclosure under
existing disclosure laws, we seek comment on this matter.
Proposed Sec. 1.624(c) also requires recognized accreditation
bodies to maintain on their Web sites an up-to-date list of each
auditor/certification body accredited under this program, including the
scope and duration of such each accreditation and date(s) on which the
auditor/certification body paid any fee or reimbursement associated
with such accreditation. Information on the timing of payments to
recognized accreditation bodies for accreditation services is useful
because it allows for analysis of such data in the aggregate. Unusual
patterns in payments by one or more auditors/certification bodies may
trigger a closer evaluation by us to determine whether the independence
and objectivity of the recognized accreditation body may have been
compromised by such payments. Requiring the recognized accreditation
body to make information on the timing of payments available on its Web
site creates transparency, thereby lending to the credibility of the
program.
We seek comment on the tentative conclusions identified here,
namely that we should require recognized accreditation bodies to: (1)
Have a written program to safeguard against conflicts of interest; (2)
include the interest of any affiliate, parent, or subsidiary of a
third-party auditor/certification body within the scope of interests
covered by the accreditation body's conflict of interest program; (3)
impute the interests of immediate family members of an officer,
employee, or other agent to such officer, employee, or other agent; and
(4) maintain on its Web site a list of its accredited auditors/
certification bodies, including duration and scope of each such
accreditation, and information about the timing of payments by each
such auditor/certification body. For interested parties recommending
alternative approaches regarding public disclosure of payments, we
request that such comments be accompanied by any examples or other
information to describe or support the recommended approaches.
We also seek comment on whether there are conflicts other than
financial interests of recognized accreditation bodies that should be
addressed in these regulations. For any comment recommending that we
address other types of conflicts, we are seeking recommended measures
to address such conflicts, any documents or references that are
available to support the recommendation, and input on whether similar
measures should apply to accredited auditors/certification bodies under
this program.
f. What records requirements must a recognized accreditation body
meet? (Proposed Sec. 1.625). This proposed rule identifies specific
types of documents a recognized accreditation body would be required to
establish, control, and maintain to document compliance with applicable
requirements. The recognized accreditation body also would be required
to provide FDA access to such records.
The records required by proposed Sec. 1.625 include documents and
data relating to the following: (1) Applications for accreditation and
for renewal; (2) decisions to grant, deny, or suspend accreditation, or
to reduce the scope of an accreditation; (3) challenges to adverse
accreditation decisions; (4) monitoring of accredited auditors/
certification bodies; (5) the accreditation body's self-assessments and
corrective actions (which includes information on compliance with
conflict of interest requirements under proposed Sec. 1.624); (6)
significant changes to the accreditation program that might affect
compliance with this rule; (7) regulatory audit reports and supporting
information from its accredited auditors/certification bodies; and (8)
any other reports or notifications submitted under Sec. 1.623.
Proposed Sec. 1.625 requires such records to be maintained,
electronically and in English, for a period of 5 years. Requiring
recognized accreditation bodies to maintain records in English is
necessary to allow FDA to conduct timely and rigorous oversight of the
accreditation bodies the Agency recognizes. We believe these are the
types of records that accreditation bodies currently maintain and that
such records are routinely maintained by accreditation bodies for a
minimum of 5 years. In addition, by requiring recognized accreditation
bodies to maintain their records for at least 5 years, it will help us
ensure that we have an adequate basis for monitoring its performance
and determining whether to renew recognition, which may be granted for
a period of up to 5 years.
Proposed Sec. 1.625(b) requires a recognized accreditation body to
make such records available to us for inspection and copying upon the
written request of an authorized FDA representative or, if requested by
us electronically, to submit them electronically, in English, no later
than 10 business days after the date of the request. Proposed Sec.
1.625(c) prohibits a recognized accreditation body from preventing or
interfering with our access to its accredited auditors/certification
bodies and the records of the auditors/certification bodies.
We have tentatively concluded that the records identified and the
records
[[Page 45803]]
maintenance and access requirements in proposed Sec. 1.625 are
necessary for us to adequately monitor recognized accreditation bodies,
as directed by section 808(f) of the FD&C Act. We understand that
accreditation bodies frequently include confidentiality provisions in
standard contracts with third-party auditors/certification bodies. Many
of those contract provisions may, in the past, have prevented
disclosure of these records to us. If so, the requirements of proposed
Sec. 1.625, would require revisions to such contracts (and perhaps
other documents) establishing and limiting the scope of an
accreditation body's authority to grant us records access. We believe
that such access is necessary for us to conduct the monitoring required
by section 808(f) of the FD&C Act and to otherwise exercise adequate
oversight of the accredited third-party audits and certification
program. We seek comment on this tentative conclusion and on the
specific requirements we propose in this section.
4. Procedures for Recognition of Accreditation Bodies
Table 4--Proposed Procedures for Accreditation Bodies
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
1.630.................. How do I apply to FDA for recognition or
renewal of recognition?
1.631.................. How will FDA review applications for
recognition and for renewal of recognition?
1.632.................. What is the duration of recognition?
1.633.................. How will FDA monitor recognized accreditation
bodies?
1.634.................. When will FDA revoke recognition?
1.635.................. How do I voluntarily relinquish recognition?
1.636.................. How do I request reinstatement of recognition?
------------------------------------------------------------------------
a. How do I apply to FDA for recognition or renewal of recognition?
(Proposed Sec. 1.630). This proposed rule would establish procedures
for accreditation bodies to follow when applying to FDA for recognition
or for renewal of recognition. Under proposed Sec. 1.630(a) (initial
application) and Sec. 1.630(b) (renewal), the applicant must
demonstrate that it meets the eligibility requirements for recognition
in proposed Sec. 1.610. Applications for recognition and for renewal
are subject to the same requirements for the form and manner of
submission under proposed Sec. 1.630(c) and (d). The accreditation
body must submit a signed application, accompanied by any supporting
documents, electronically and in English. We also propose to require an
applicant to provide any translation or interpretation services we need
to process the application. This may include providing translators or
interpreters for FDA staff conducting onsite audits or assessments of
the applicant.
We tentatively conclude that the application procedures in proposed
Sec. 1.630 are reasonable requirements for accreditation bodies to
meet. We believe that an accreditation body having the competency and
capacity to qualify for recognition under the criteria in proposed
Sec. 1.610 would be similarly capable of meeting the application
requirements in proposed Sec. 1.630. Requirements for electronic,
English language communications are necessary for us to make well-
informed and timely decisions on applications and to conduct
appropriate oversight of accreditation bodies, once recognized. We seek
comment on these conclusions and the proposed requirements of Sec.
1.630.
b. How will FDA review applications for recognition and for renewal
of recognition? (Proposed Sec. 1.631). This proposed rule would
establish the procedures we will follow in reviewing and deciding on
applications for recognition and for renewal of recognition. Under
proposed Sec. 1.631(a), we will create an application queue, organized
by the date on which each such application submission is complete. In
the interest of fairness, we are proposing to order the queue on a
first in, first out basis. We will inform applicants of deficiencies in
application documentation. To encourage applicants to supply any
missing information promptly, we will not place an application in the
queue until it is complete. Allowing incomplete applications in the
queue might block applications that are ready for review, but were
submitted later in time.
We will inform an applicant once its application has been placed in
the queue. We will review each recognition or renewal application to
determine whether the applicant meets the eligibility requirements of
proposed Sec. 1.630(a) and (b). We anticipate that initial
applications for recognition will require lengthier review times than
renewal applications will. We will communicate anticipated processing
periods to applicants. We are not, however, proposing to include
specific timeframes for review, for the following reasons: (1) It is
difficult to project the amount of resources that will be available for
application review, as the program is authorized to be funded by user
fees under section 808(c)(8) of the FD&C Act; and (2) we expect to
become more efficient in processing applications as we gain experience
but currently lack data to reasonably estimate the effect of efficiency
gains on review times.
Proposed Sec. 1.631(b), (c), and (d) describe the basis on which
we will decide whether to approve a recognition or renewal application
and explains that we will notify the applicant of our decision in
writing. We may send the notice electronically.
If we approve an application, the notice will include any
conditions we may impose on the recognition. (For example, we may
adjust the date that an accreditation body's annual self-assessment
would be due, if the anniversary date of its recognition would
otherwise require the self-assessment to be submitted on a weekend.) If
we deny a recognition or renewal application, we will explain the
reason for our denial and will give the address and procedures for
requesting that we reconsider.
Proposed Sec. 1.631(e) applies only to applications for renewal of
recognition and allows us to extend the length of an existing
recognition to complete our review of the renewal application. We can
extend the recognition until a specific date or may extend the
recognition for as long as necessary for us to decide on the
application.
c. What is the duration of recognition? (Proposed Sec. 1.632).
This proposed rule would allow us to grant recognition to an
accreditation body for up to 5 years, though we will determine the
length of recognition on a case-by-case basis.
In deciding that 5 years is the maximum appropriate length of
recognition, we considered approaches
[[Page 45804]]
taken in other government programs. Another DHHS operating division,
the Substance Abuse and Mental Health Services Administration (SAMHSA),
approves accreditation bodies to accredit programs that use opioid
agonist treatment medications. SAMHSA may approve an accreditation body
for a period not to exceed 5 years (42 CFR 8.3). Under the FDA
mammography program, we may approve accreditation bodies for terms of
up to 7 years (21 CFR 900.3(g)).
We are proposing to recognize accreditation bodies for a period of
up to 5 years, based in part on these examples. We do not expect to
grant every recognition at the maximum duration. We believe that
shorter terms of recognition may be appropriate in the early years of
the program or for accreditation bodies with fewer years of experience
accrediting auditors/certification bodies for food safety auditing and
certification. As we gain experience with the program, we may revisit
this matter.
We seek comment on proposed Sec. 1.632 and the factors we
considered in developing it. We do not claim to have compiled an
exhaustive list of government programs for approving accreditation
bodies and are interested in comments offering other examples that are
relevant to the type of program we are establishing. To the extent that
an alternative term of recognition is suggested, we seek any
information that can be provided in support of such alternative.
d. How will FDA monitor recognized accreditation bodies? (Proposed
Sec. 1.633). This proposed rule would establish the frequency and
manner for our formal evaluations of recognized accreditation bodies.
Proposed Sec. 1.633 builds on the self-assessment requirements of
proposed Sec. 1.622, which are submitted to us under proposed Sec.
1.623. Section 808(f)(1) of the FD&C Act requires us to reevaluate a
recognized accreditation body at least once every 4 years to determine
its compliance with applicable FDA requirements.
Proposed Sec. 1.633(a) describes the timeframes in which we will
conduct reevaluations: At least 4 years after the date of accreditation
for an accreditation body recognized for a 5-year term, and the mid-
term point for recognitions granted for less than 5 years. These
represent the maximum times that may elapse before we conduct a formal
reevaluation of a recognized accreditation body. We lack data to set a
more definitive schedule for reevaluations but may be able to do so as
we gain experience under the program. Proposed Sec. 1.633(a) explains
that we may perform additional performance evaluations of recognized
accreditation bodies at any time.
Proposed Sec. 1.633(b) describes the types of information we may
gather as part of a performance evaluation. Section 808(f)(3) of the
FD&C Act gives us authority to conduct onsite audits of eligible
entities that have been issued certification by an accredited auditor/
certification body at any time, with or without the accredited auditor/
certification body present, and section 808(f)(4) gives us authority to
take any other measures we deem necessary. Proposed Sec. 1.633(b)
explains that we may conduct onsite audits of eligible entities
certified by the accreditation body's accredited auditors/certification
bodies, as indicators of the effectiveness of the recognized
accreditation body's performance, including its assessments and
decisionmaking. These assessments and audits may be conducted at any
time, with or without the accredited auditor/certification body
present. We believe it is necessary for us to have the option to
conduct onsite audits of certified eligible entities outside the
presence of a recognized accreditation body with an interest in the
outcome of FDA's evaluation. Therefore, proposed Sec. 1.633(b) allows
us to conduct onsite assessments of accredited auditors/certification
bodies at any time, with or without the recognized accreditation body
present. We believe that such spot checks are useful in testing the
program and ensuring compliance, which is the purpose of section 808(f)
of the FD&C Act.
e. When will FDA revoke recognition? (Proposed Sec. 1.634). This
proposed rule would establish the criteria and procedures for
revocation of recognition of an accreditation body. It also describes
the effects (if any) of revocation on accreditations and certifications
occurring prior to the revocation. Section 808(b)(1)(C) of the FD&C Act
requires us to revoke the recognition of an accreditation body for
failure to comply with section 808 of the FD&C Act and the implementing
regulations in this subpart.
Proposed Sec. 1.634 describes several circumstances that we
believe each warrant revocation of recognition:
Under proposed Sec. 1.634(a)(1), we will revoke recognition of any
accreditation body that refuses to grant us access to records or to
conduct audits, assessments, or investigations necessary to ensure the
recognized accreditation body's continued compliance. Denial of access
to perform our oversight functions would prevent us from meeting our
statutory responsibilities for monitoring recognized accreditation
bodies under section 808(f)(1) of the FD&C Act.
We will revoke recognition under proposed Sec. 1.634(a)(2)(i) for
failure to take timely and necessary corrective action after we
withdraw accreditation of one of its accredited auditors/certification
bodies for unjustifiably certifying a facility or food that was linked
to an outbreak with a reasonable probability of causing serious adverse
health consequences or death in humans or animals. When we withdraw the
accreditation of an auditor/certification body, we believe its
accreditor should promptly conduct an internal review to identify
whether any problems in its accreditation program or performance may
have caused or contributed to the circumstances leading to withdrawal
and to effectively address any problems found. For example, we expect
such an accreditation body to review its monitoring program to
determine whether it should conduct more frequent onsite assessments of
the auditors/certification bodies it accredited under our program.
We also will revoke recognition under proposed Sec.
1.634(a)(2)(ii) for failure to take timely and necessary corrective
action when the results of the accreditation body's self-assessment or
the self-assessments or monitoring of one or more of its accredited
auditors/certification bodies identify a significant problem with the
accreditation body's performance. This provision focuses on significant
problems the accreditation body knew or should have known it needed to
address through prompt and effective corrective actions. For example,
we believe it appropriate to revoke the recognition of an accreditation
body that ignores obvious, significant problems in its performance yet
chooses to take no corrective action to address the problems.
In addition, we will revoke recognition under proposed Sec.
1.634(a)(2)(iii) when a recognized accreditation body fails to promptly
implement corrective actions we direct to bring the accreditation body
into compliance. This provision is based on the requirement of section
808(b)(1)(C) of the FD&C Act to promptly revoke the recognition of an
accreditation body found not to be in compliance with section 808 of
the FD&C Act.
Proposed Sec. 1.634(a)(3) allows us to revoke recognition when we
determine that a recognized accreditation body has committed fraud or
submitted material false statements to us. Fraud and falsehood
undermine the credibility of the program and our ability to rely on
[[Page 45805]]
the certifications issued by auditors/certification bodies it
accredited.
Proposed Sec. 1.634(a)(4) describes circumstances that we believe
warrant revocation but do not fit into the categories in proposed Sec.
1.634(a)(1), (a)(2), and (a)(3), such as a lack of objectivity
(demonstrated bias) in its activities or failure to adequately support
one or more of its accreditation decisions. There may be unforeseen
circumstances that we determine provide good cause for revocation of
recognition for failure to comply with applicable requirements.
Proposed Sec. 1.634(a)(4) gives accreditation bodies notice of our
intention to revoke recognition where we find good cause.
Proposed Sec. 1.634(b) specifies that we may request records from
the accreditation body or one or more of its accredited auditors/
certification bodies to assist us in deciding whether to revoke
recognition.
Proposed Sec. 1.634(c)(1) establishes the procedures for us to
notify the accreditation body of revocation of recognition and its
opportunity to challenge the revocation in an informal hearing
conducted under part 16 of our regulations. Part 16 hearings are used
for, among other things, approval, reapproval, or withdrawal of
approval of mammography accreditation bodies under 21 CFR 900.7. We
believe part 16 hearings provide adequate process for accreditation
bodies subject to revocation of recognition under this proposed rule.
The notice of revocation also will identify the procedures for
requesting reinstatement of recognition under proposed Sec.
1.634(c)(1). Regardless of whether the accreditation body challenges
its revocation or seeks reinstatement, under proposed Sec.
1.634(c)(2), it must notify us of the location where the records
required by proposed Sec. 1.625 will be maintained.
Proposed Sec. 1.634(d) addresses the possible effects of
revocation of recognition on an auditor/certification body accredited
prior to the revocation. Under proposed Sec. 1.634(d)(1), FDA would
notify any auditor/certification body accredited by an accreditation
body whose recognition was revoked. The auditor's/certification body's
accreditation will remain in effect provided that it conducts a self-
assessment under proposed Sec. 1.655 and reports its results to FDA
within 2 months of the revocation under proposed Sec. 1.656(b). We
believe the accredited auditor/certification body that complies with
these requirements should not face adverse consequences when its
accreditation body fails to meet its obligations as a recognized
accreditation body. Requiring the accredited auditor/certification body
to verify that it is in compliance with the applicable requirements
through self-assessment and reporting would help provide confidence
that the auditor's/certification body's program is under control during
the time it is transitioning from one accreditation body to another.
The auditor/certification body would have 1 year after the revocation
of its accreditation body's recognition to become reaccredited, under
proposed Sec. 1.634(d)(1)(ii). We believe this gives the auditor/
certification body sufficient time to find a new recognized
accreditation body and to go through its accreditation process, but
would not allow a prolonged period of auditing and certification
activity without the immediate oversight of an accrediting body.
Proposed Sec. 1.634(d)(2) explains that FDA may withdraw accreditation
of an auditor/certification body whenever FDA finds good cause under
proposed Sec. 1.664. Where an accredited auditor/certification body
fails to comply with the requirements of proposed Sec. 1.634(d)(1)(i)
or (d)(1)(ii), we may withdraw the accreditation for cause under
proposed Sec. 1.664. Our decision to withdraw accreditation will be
based on the circumstances associated with the auditor/certification
body. Revocation of the recognition of its accrediting body does not,
by itself, provide cause for withdrawal of the accreditation of an
auditor/certification body that is in compliance with this rule. If
evidence from a revocation proceeding reveals problems with the
auditor/certification body, then we may pursue withdrawal of
accreditation under proposed Sec. 1.664 based on evidence associated
with the auditor/certification body--not because of the revocation of
recognition of its accrediting body.
Under proposed Sec. 1.634(e), certifications issued by an auditor/
certification accredited by an accreditation body whose recognition is
subsequently revoked will remain in effect until the certifications
terminate by expiration. We believe that eligible entities should not
face adverse consequences solely because of the failure of an
accreditation body selected by its auditor/certification body. However,
we retain the authority, under section 801(q) of the FD&C Act, to
refuse to accept a food certification, offered for admissibility
purposes, if we reasonably believe the certification is not valid or
reliable. Revocation of the recognition of its accrediting body does
not, by itself, provide the basis for refusing a certification under
section 801(q) of the FD&C Act. We will look to circumstances bearing
on the issuance of a food certification to an eligible entity and
submission by an accredited auditor/certification body in determining
its validity or reliability. For example, if an investigation of fraud
by an accreditation body also reveals evidence of fraud by the eligible
entity or by the auditor/certification body, we may determine that the
food certification is not valid or reliable.
Proposed Sec. 1.634(f) explains that we will provide notice on our
public Web site when we revoke the recognition of an accreditation
body. We believe that public notice of matters such as revocation are
necessary to help ensure the credibility of the program.
We solicit comment on our tentative conclusions regarding possible
grounds for revocation, particularly revocation for cause. We seek
examples that commenters believe do or do not represent good cause for
revocation. We also solicit input on our proposal to use the informal
hearing procedures set out in part 16 for challenges to a revocation
decision.
f. How do I voluntarily relinquish recognition? (Proposed Sec.
1.635). This proposed rule would offer an accreditation body a
mechanism for voluntarily relinquishing its recognition before it
terminates by expiration. Relinquishment on the initiative of the
accreditation body is distinct from FDA revocation of recognition for
good cause.
Proposed Sec. 1.635 describes the procedures that an accreditation
body must follow when it intends to relinquish its recognition. Current
mammography regulations in 21 CFR 900.3 offer accreditation bodies the
opportunity to voluntarily relinquish their authority to grant
accreditation. We believe that accreditation bodies operating under our
accredited third-party audits and certification program should likewise
have the option to voluntarily relinquish their recognition. We are
proposing certain procedural requirements--similar to those in the
mammography regulations--that accreditation bodies must follow in
relinquishing recognition. We believe these procedures are necessary to
ensure an orderly transition for auditors/certification bodies
accredited by an accreditation body that is relinquishing its
recognition and for us to make necessary adjustments in the program,
such as preparing to review self-assessments from any auditor/
certification body accredited by such accreditation body. Proposed
Sec. 1.635(a) requires accreditation bodies to notify us at least 6
months before relinquishing recognition. The notifications must be
submitted electronically and in English.
[[Page 45806]]
It is essential that we have the ability to maintain adequate oversight
of the program, and particularly accredited auditors/certifications
bodies that will no longer be under the oversight of a recognized
accreditation body. Therefore, we are proposing to require an
accreditation body relinquishing its recognition to identify the
location where the records required by proposed Sec. 1.625 will be
maintained.
The decision to relinquish recognition is made solely by the
accreditation body, without FDA involvement. Therefore, in
relinquishing recognition under proposed Sec. 1.635(a), the
accreditation body would waive its rights to appeal, because there is
no FDA action to serve as the basis for appeal.
Proposed Sec. 1.635(b) requires the accreditation body to notify
any third-party auditor/accreditation body, currently accredited, of
the date on which it intends to relinquish recognition. An accredited
auditor/certification body needs timely notice of its accreditation
body's intent to relinquish recognition so that the auditor/
certification body can begin to seek accreditation from another
recognized accreditation body.
Proposed Sec. 1.635(c) explains that an accreditation granted by a
recognized accreditation body prior to relinquishing its recognition
will remain in effect until it expires, except where we determine there
is good cause for withdrawal under proposed Sec. 1.664. In general, we
believe an accredited auditor/certification body should not face
adverse consequences from its accreditation body's decision to withdraw
from our program and upon expiration of its accreditation would apply
for accreditation from a different accreditation body under proposed
Sec. 1.660. If however we determine that there are grounds for us to
withdraw the accreditation of the auditor/certification body, the
auditor/certification body would have to seek reaccreditation under
proposed Sec. 1.666.
Proposed Sec. 1.635(d) explains that an accreditation granted by
an accreditation body that voluntarily relinquished recognition will
not affect certifications issued by auditors/certification bodies
accredited prior to its voluntary relinquishment, except that we may
refuse to consider such certification in determining the admissibility
of an article of food under section 801(q) of the FD&C Act if we
determine the certification is not valid or reliable. Such
certifications generally will remain in effect until they terminate by
expiration. In considering the impact of relinquishment of recognition
on certifications, we were mindful that eligible entities would not
have input into the accreditation body's decision to relinquish
recognition and that voluntary relinquishment likely would have no
bearing on the performance of its accredited auditors/certification
bodies and the validity or reliability of certifications they issue.
Proposed Sec. 1.635(e) states that we will provide notice on our
public Web site of the voluntary relinquishment of recognition by an
accreditation body. To provide notice to program participants and to
provide certainty to the markets, we also will post information on the
status of accreditations and certifications as described under proposed
Sec. 1.635(c) and (d).
g. How do I request reinstatement of recognition? (Proposed Sec.
1.636). This proposed rule describes the procedures that an
accreditation body would have to follow when seeking reinstatement of
its recognition. Under proposed Sec. 1.636(a), an accreditation body
that has had its recognition revoked may seek reinstatement by
submitting a new application for recognition if it did not seek a
regulatory hearing on the merits of the revocation of its recognition
under proposed Sec. 1.634 or if required to do so by a decision
following a regulatory hearing. Proposed Sec. 1.636(b) requires such
application to be supported by evidence demonstrating that the grounds
for revocation have been resolved and are unlikely to recur.
We believe that a new application would be an appropriate
requirement for an accreditation body that had been previously shown
not to be in compliance with the requirements of this rule, and any
conditions we imposed on its recognition. We seek comment on this
tentative conclusion and on the requirements we propose in Sec. 1.636
for reinstatement of recognition.
5. Accreditation of Third-Party Auditors/Certification Bodies
This proposed rule would establish: (1) The eligibility
requirements for an auditor/certification body to be authorized
(``accredited'') by a recognized accreditation body or by FDA (``direct
accreditation'') under the accredited third-party audits and
certification program; (2) requirements for accredited auditors/
certification bodies, including auditing, reporting, certification, and
assessments; and (3) procedures FDA and third-party auditors/
certification bodies will follow under the program.
Table 5--Proposed Requirements for Third-Party Auditors/Certification
Bodies
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
Accreditation of third-party auditors/certification bodies under this
subpart
------------------------------------------------------------------------
1.640.................. Who is eligible to seek accreditation?
1.641.................. What legal authority must a third-party auditor/
certification body have to qualify for
accreditation?
1.642.................. What competency and capacity must a third-party
auditor/certification body have to qualify for
accreditation?
1.643.................. What protections against conflict of interest
must a third-party auditor/certification body
have to qualify for accreditation?
1.644.................. What quality assurance procedures must a third-
party auditor/certification body have to
qualify for accreditation?
1.645.................. What records procedures must a third-party
auditor/certification body have to qualify for
accreditation?
------------------------------------------------------------------------
Requirements for accredited auditors/certification bodies under this
subpart
------------------------------------------------------------------------
1.650.................. How must an accredited auditor/certification
body ensure its audit agents are competent and
objective?
1.651.................. How must an accredited auditor/certification
body conduct a food safety audit of an
eligible entity?
1.652.................. What must an accredited auditor/certification
body include in food safety audit reports?
1.653.................. What must an accredited auditor/certification
body do when issuing food or facility
certification?
1.654.................. When must an accredited auditor/certification
body monitor an eligible entity with food or
facility certification?
1.655.................. How must an accredited auditor/certification
body monitor its own performance?
1.656.................. What reports and notifications must an
accredited auditor/certification body submit?
1.657.................. How must an accredited auditor/certification
body protect against conflicts of interest?
[[Page 45807]]
1.658.................. What records requirements must an accredited
auditor/certification body meet?
------------------------------------------------------------------------
Procedures for accreditation of third-party auditors/certification
bodies under this subpart
------------------------------------------------------------------------
1.660.................. Where do I apply for accreditation or renewal
of accreditation from a recognized
accreditation body?
1.661.................. What is the duration of accreditation?
1.662.................. How will FDA monitor accredited auditors/
certification bodies?
1.663.................. How do I request an FDA waiver or waiver
extension for the 13-month limit for audit
agents conducting regulatory audits?
1.664.................. When can FDA withdraw accreditation?
1.665.................. How do I voluntarily relinquish accreditation?
1.666.................. How do I request reaccreditation?
------------------------------------------------------------------------
Additional procedures for direct accreditation of third-party auditors/
certification bodies under this subpart
------------------------------------------------------------------------
1.670.................. How do I apply to FDA for direct accreditation
or renewal of direct accreditation?
1.671.................. How will FDA review applications for direct
accreditation and for renewal of direct
accreditation?
1.672.................. What is the duration of direct accreditation?
------------------------------------------------------------------------
Section 808 of the FD&C Act directs us to establish a voluntary
program for accreditation of third-party auditors/certification bodies
to conduct food safety audits and to issue certifications to eligible
foreign entities. Sections 808(b)(2) and (c)(5)(C) of the FD&C Act
require us to issue model accreditation standards to qualify third-
party auditors/certification bodies as accredited auditors/
certification bodies and to issue implementing regulations for the
program.
The statute requires accredited auditors/certification bodies to:
(1) Issue a written (and, as appropriate, electronic) food or facility
certification after conducting a regulatory audit and such other
activities necessary to determine compliance with the FD&C Act; (2)
submit regulatory audit reports within 45 days; (3) complete reports of
consultative audits within 45 days; (4) maintain onsite audit reports
and other audit documents in its records; (5) immediately notify us of
a condition that could cause or contribute to a serious risk to the
public health; (6) prevent an audit agent from conducting a regulatory
audit of an eligible entity for which the agent conducted a
consultative or regulatory audit within the preceding 13 months, unless
waived by FDA; and (7) comply with conflict of interest requirements.
a. Who is eligible for accreditation? (Proposed Sec. 1.640). This
proposed rule would establish the eligibility requirements for a third-
party auditor/certification body to be qualified for accreditation by a
recognized accreditation body or for direct accreditation by FDA. Under
section 808(a)(3) of the FD&C Act, a third-party auditor can be a
foreign government, an agency of a foreign government, a foreign
cooperative, or any other third party, as FDA determines appropriate
according to the Agency model accreditation standards. Section
808(c)(1)(A) of the FD&C Act requires a foreign government/agency
seeking accreditation to demonstrate that its food safety programs,
systems, and standards are capable of adequately ensuring that eligible
entities or foods it certified meet applicable FDA requirements for
food manufactured, processed, packed, or held for import into the
United States. Section 808(c)(1)(B) of the FD&C Act requires a foreign
cooperative or other third party seeking accreditation to demonstrate
that each eligible entity it certified has systems and standards in use
to ensure that the entity or food meets the applicable requirements of
the FD&C Act. The statute requires us to issue model accreditation
standards under section 808(b)(2) of the FD&C Act to qualify third-
party auditors/certification bodies for accreditation.\30\
---------------------------------------------------------------------------
\30\ Section 808(b)(2) of the FD&C Act directs us to include
requirements for regulatory audit reports in the model accreditation
standards. Because such reports are prepared by accredited third-
party auditors/certification bodies, we have included requirements
for regulatory audit reports in the proposed requirements for
accredited auditors/certification bodies in this subpart.
---------------------------------------------------------------------------
Proposed Sec. 1.640(a) aligns with the definition of third-party
auditor in section 808(a)(3) of the FD&C Act, describing the types of
organizations that may be eligible for accreditation under our program:
Foreign governments and agencies of foreign governments, foreign
cooperatives, and other third parties. Proposed Sec. 1.640(b) reflects
the requirements of section 808(b) and (c)(1)(A) of the FD&C Act,
stating that a foreign government or agency of a foreign government is
eligible for accreditation if it meets the requirements of Sec. Sec.
1.641 through 1.645, as specified in FDA model standards on
qualifications for accreditation, including legal authority,
competency, capacity, conflicts of interest, quality assurance, and
records. We believe the scope of the review of a foreign government/
agency's food safety programs, systems, and standards for accreditation
purposes should focus on the program, systems, and standards relevant
to the scope of accreditation sought. Under proposed Sec. 1.640(c), a
foreign cooperative or other third party is eligible for accreditation
if it can demonstrate that the training and qualifications of its audit
agents and its internal systems and standards meet the requirements of
Sec. Sec. 1.641 through 1.645, as explained in FDA model standards on
qualifications for accreditation, including legal authority,
competency, capacity, conflicts of interest, quality assurance, and
records.
These proposed eligibility requirements build on the language in
section 808 of the FD&C Act, using the approach we described in our
2009 guidance on voluntary certification for food and feed (Ref. 5),
which contained recommendations relating to authority, competency,
capacity, conflicts of interest, quality assurance, and recordkeeping.
We also considered the FDA MFRPS (Ref. 12) and draft ICAT (Ref. 14) for
similar standards that could help assure the maximum degree of
consistency across domestic and international foods programs. Looking
externally, we considered the GFSI Guidance version 6 (Ref. 23), which
requires food safety scheme owners to use third-party auditors/
certification bodies that comply with either ISO/IEC Guide 65:1996
(Ref. 20) for product
[[Page 45808]]
certification or ISO/IEC 17021:2006 (revised in 2011) (Ref. 19) coupled
with ISO TS 22003:2007 (Ref. 21) for management systems certification.
b. What legal authority must a third-party auditor/certification
body have to qualify for accreditation? (Proposed Sec. 1.641). This
proposed rule would require third-party auditors/certification bodies
seeking accreditation to demonstrate that they have sufficient legal
authority, which may include authority established by contract, to
adequately audit food facilities and to certify them for compliance
with food safety requirements, once accredited.
Proposed Sec. 1.641(a) would allow governmental bodies, with
auditing and certification authority inherent in their roles as public
officials, and private bodies, who have authority under contracts with
food facilities, to qualify for accreditation if they have sufficient
authority to conduct auditing and certification activities. This
includes adequate authority to access records; conduct onsite audits;
and to grant, suspend or withdraw certification. Clause 4.2(d) of ISO/
IEC Guide 65:1996 (Ref. 20) requires auditors/certification bodies to
be legal entities. Clause 5 of ISO/IEC 22003:2007 (Ref. 21), by cross
reference to ISO/IEC 17021:2011 (Ref. 19), clause 5, requires auditors/
certification bodies to be legal entities, or defined parts of a legal
entity that can be held legally responsible for its certification
activities. Clause 5.1.3 requires auditors/certification bodies to
retain authority for their certification decisions, including granting,
maintaining, renewing, extending, reducing, suspending, and withdrawing
certification.
Proposed Sec. 1.641(b) would require a third-party auditor/
certification body to demonstrate that it has adequate legal authority
to meet the requirements for an accredited auditor/certification body
in proposed Sec. Sec. 1.650 through 1.658, including conducting food
safety audits using FDA requirements and industry standards and
practices as audit criteria, preparing audit reports, issuing
certifications, submitting reports and notification to us, implementing
procedures to protect against conflicts of interest, maintaining
records, conducting monitoring when necessary, and following the
procedural requirements of our program.
Consistent with our procedures for recognition of accreditation
bodies, we are not proposing to require a newly accredited auditor/
certification body to wait a certain length of time before beginning to
conduct foods safety audits and issue certifications under our program.
Its certification authority goes into effect at the moment of
accreditation. Therefore, we believe a third-party auditor seeking
accreditation must demonstrate its capacity to fulfill the roles and
responsibilities of an accredited auditor/certification body, if
granted.
We seek comment on this tentative conclusion and our proposal to
require third-party auditors/certification bodies to have demonstrable
evidence to support a conclusion that they would be capable of meeting
our requirements, if accredited. For comments opposing this
requirement, we seek comment on what, if any, requirements we should
put in place to ensure that a third-party auditor/certification body
seeking accreditation would be equipped, upon accreditation, to perform
the obligations required under the program.
c. What competency and capacity must a third-party auditor/
certification body have to qualify for accreditation? (Proposed Sec.
1.642). This proposed rule would require third-party auditors/
certification bodies seeking accreditation to demonstrate adequate
resources to fully implement their auditing and certification programs.
Under proposed Sec. 1.642(a), a third-party auditor/certification body
must have adequate numbers of personnel and other agents with relevant
knowledge, skills, and experience to effectively audit for compliance
with applicable FDA requirements and industry standards and practices
and to issue valid and reliable certifications. The third-party
auditor/certification body would have to show it has adequate financial
resources for its operations. In the model accreditation standards, we
will explain the types of expertise and training we expect third-party
auditors/certification bodies to demonstrate. We also will explain the
types of documentation that might be used to demonstrate financial
viability.
Standards associated with auditor competency are critical to
international standards for certification bodies and are an area of
focus for GFSI and other stakeholders. Audit agents and other personnel
that lack the necessary knowledge, skills, and abilities will be unable
to perform credible audits and may result in flawed certification
decisions. ISO/IEC 17021:2011 (Ref. 19), clauses 7.2.1 and 7.2.2,
requires certification bodies to have personnel with sufficient
competence to manage their audit and certification work and to employ,
or have access to, sufficient numbers of auditors and technical experts
to cover the volume and types of its activities.
Under proposed Sec. 1.642(b), a third-party auditor/certification
body seeking to qualify for recognition must demonstrate that it has
the competency and capacity to adequately audit eligible foreign
entities to determine if they are in compliance with applicable FDA
requirements and, for consultative audits, industry standards and
practices. It also must be capable of making certification decisions
that are valid and reliable, submitting reports and notifications to
FDA in the manner we propose, and following the procedural requirements
of our program. As previously explained, a third-party auditor/
certification body will be authorized to begin auditing and
certification under our program immediately upon accreditation.
Therefore, it needs to sufficiently demonstrate its ability to meet the
competency and capacity requirements of an accredited auditor/
certification body in its application for accreditation.
d. What protections against conflicts of interest must a third-
party auditor/certification body have to qualify for accreditation?
(Proposed Sec. 1.643). This proposed rule would require third-party
auditors/certification bodies to have established programs to safeguard
against conflicts of interest that might compromise their objectivity
and independence from food facilities they audit and certify. Proposed
Sec. 1.643(a) would require accreditation bodies seeking recognition
to have written measures to safeguard against financial conflicts of
interest between the third-party auditor/certification body (and its
officers, personnel, and other agents) and food facilities (and owners
and operators). Without these conflict of interest requirements, we
believe it would be difficult for a third-party auditor/certification
body to demonstrate it has adequate independence, as a third party, in
auditing and certifying food facilities. The model accreditation
standards will describe appropriate measures to protect against
conflicts of interest.
ISO/IEC 17021: 2011 (Ref. 19), clause 4.2.2, recognizes that
payment for certification services can be a potential threat to
impartiality. Clause 5.2.2 requires auditors/certification bodies to
identify, analyze, and document the possibilities for conflicts of
interest and how it eliminates or minimizes such threats.
Under proposed Sec. 1.643(b), a third-party auditor/certification
body seeking accreditation must demonstrate its capability to meet the
conflict of interest requirements that would apply under Sec. 1.657,
upon accreditation. This measure is necessary to help ensure that any
auditing and certification activities conducted after accreditation
would be
[[Page 45809]]
considered objective and independent under our program.
e. What quality assurance procedures must a third-party auditor/
certification body have to qualify for accreditation? (Proposed Sec.
1.644). This proposed rule would require third-party auditors/
certification bodies seeking accreditation to have quality assurance
procedures in place. Proposed Sec. 1.614(a) requires a third-party
auditor/certification body seeking accreditation to have a written
program for monitoring and assessing the performance of its officers,
personnel, and other agents. The program must include procedures for
identifying areas for improvement and quickly executing corrective
actions. The model accreditation standards will describe types of
quality assurance measures that may be used to qualify for
accreditation.
We considered both international and domestic standards in
developing proposed Sec. 1.644. ISO/IEC Guide 65: 1996 (Ref. 20),
clause 4.7.1, requires auditors/certification bodies to conduct
periodic internal audits to verify that their quality systems are
implemented and effective, to take timely and appropriate corrective
actions, and to document results. The MFPRS (Ref. 12), which apply
domestically, also include requirements for quality assurance/internal
audit programs that involve assessment, corrective action, and
continuous improvement.
Proposed Sec. 1.644(b) requires the third-party auditor/
certification body to demonstrate it has the capability to meet the
quality assurance requirements of Sec. 1.655, for performing annual
self-assessments against our requirements and reporting the results of
such self-assessments.
f. What records procedures must a third-party auditor/certification
body have to qualify for accreditation? (Proposed Sec. 1.645). This
proposed rule would require third-party auditors/certification bodies
seeking accreditation to have written records procedures in place.
Under proposed Sec. 1.645(a), a third-party auditor/certification body
would have to demonstrate that it has written procedures for
establishing, controlling, and retaining records on its auditing and
certification program and activities. While we are not proposing that a
third-party auditor/certification body must have retained records for a
specified period of time prior to its accreditation, we believe it is
necessary for a third-party auditor/certification body to have
maintained records for such length of time to allow for its program and
performance to be adequately assessed in determining whether it is
qualified for accreditation. The third-party auditor/certification body
also must maintain records as required by its existing legal
obligations. The model accreditation standards will explain these
recordkeeping, document control, and retention requirements.
In developing proposed Sec. 1.645(a), we considered the records
requirements in ISO/IEC 17021:2011 (Ref. 19), clause 9.9.1, which
requires auditors/certification bodies to maintain records on audits
and other certification activities for all clients, including all
organizations submitting applications and all organizations audited,
certified, or with suspended or withdrawn certifications. Clause 9.9.4
requires auditors/certification bodies to have documented records
policies and procedures for retaining records for the current cycle and
an additional certification cycle, noting that records may need to be
retained for a longer period, where required by law.
Proposed Sec. 1.645(b) would require a third-party auditor/
certification body seeking accreditation to demonstrate its capability
to meet the requirements of an accredited auditor/certification body,
if accredited. This would include, for example, capacity for
maintaining records for 4 years, which is the maximum length for which
accreditation could be granted. It also requires accredited auditors/
certification bodies to give us routine access to records of regulatory
audits and, for consultative audits, access to records in specific
circumstances. We realize that existing third-party auditors/
certification bodies might need to modify the confidentiality
provisions in their standard contracts with food facilities. Third-
party auditors/certification bodies applying for accreditation under
this voluntary program must demonstrate their capacity to grant us
access to relevant records, upon accreditation, because records are
necessary to ensure the rigor, credibility, and independence of the
accredited third-party audits and certification program.
6. Requirements for Accredited Auditors/Certification Bodies
Table 6--Proposed Requirements for Third-Party Auditors/Certification
Bodies Accredited by Recognized Accreditation Bodies or by FDA
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
1.650.................. How must an accredited auditor/certification
body ensure its audit agents are competent and
objective?
1.651.................. How must an accredited auditor/certification
body conduct a food safety audit of an
eligible entity?
1.652.................. What must an accredited auditor/certification
body include in food safety audit reports?
1.653.................. What must an accredited auditor/certification
body do when issuing food or facility
certifications?
1.654.................. When must an accredited auditor/certification
body monitor an eligible entity with food or
facility certification?
1.655.................. How must an accredited auditor/certification
body monitor its own performance?
1.656.................. What reports and notifications must an
accredited auditor/certification body submit?
1.657.................. How must an accredited auditor/certification
body protect against conflicts of interest?
1.658.................. What records requirements must an accredited
auditor/certification body meet?
------------------------------------------------------------------------
a. How must an accredited auditor/certification body ensure its
audit agents are competent and objective? (Proposed Sec. 1.650). This
proposed rule would require an accredited auditor/certification body to
ensure that any audit agents it uses are competent and objective.
(Where an accredited auditor/certification body is an individual, the
determination of whether such auditor/certification body is competent
and objective will be made as part of the accreditation decision.)
Proposed Sec. 1.650(a)(1) and (a)(2) require an accredited
auditor/certification body to use audit agents that have knowledge and
experience to conduct food safety audits within the scope of its
accreditation. We believe that competency and independence cannot be
demonstrated solely by records or by an interview. We have tentatively
concluded that a determination of competency must be based in part on
observations of the audit agent conducting food safety audits that use
the requirements of the
[[Page 45810]]
FD&C Act as the standard against which eligible entities are audited.
We recognize that many audit agents currently are being assessed
for their performance in conducting audits under private food safety
schemes. However, section 808(a)(7) of the FD&C Act clearly states that
regulatory audits performed under this system must assess firms for
compliance with the FD&C Act and the results of such audits are to be
used to determine whether certification may be issued. Even
consultative audits for internal purposes must include assessments of
compliance with the FD&C Act, although they also include audits on
industry standards and practices. For these reasons, we are proposing
to require that audit agents be qualified through observation of audits
assessing compliance with the FD&C Act.
ISO/IEC Guide 65:1996 (Ref. 20), clauses 5.1.1 and 5.2.1, require
auditors/certification bodies to establish minimum criteria for
competence to ensure that personnel are competent for the functions
they perform and that auditors'/certification bodies' evaluations and
certifications are carried out effectively and uniformly. ISO/IEC
17021:2011 (Ref. 19), clause 7.1.3, requires auditors/certification
bodies to have documented processes for initial competency evaluations
and ongoing monitoring of personnel performance and competency. Clauses
7.2.11 and 7.2.12 state that the documented monitoring procedures for
auditors/certification bodies must include onsite observation at a
frequency based on need determined from all monitoring information
available (e.g., review of audit reports and client feedback).
Proposed Sec. 1.650(a)(3) requires audit agents to participate in
annual food safety training. ISO/IEC 17021:2011 (Ref. 19), clause
7.2.8, requires auditors/certification bodies to identify training
needs and to offer or provide access to specific training to ensure
competency of its auditors, technical experts, and personnel. The FDA
MFRPS (Ref. 12), Standard Two, requires each State inspector to receive
36 contact hours of classroom training and participate in at least two
joint or audit inspections with a qualified trainer, every 3 years.
Proposed Sec. 1.650(a)(4) requires the accredited auditor/
certification body to ensure that its audit agents have no conflicts of
interest with the eligible entity to be audited and is in compliance
with the conflicts of interest requirements of Sec. 1.657. Section
808(c)(5)(B) of the FD&C Act prohibits audit agents from owning or
operating an eligible entity to be audited by such agent. Accredited
certification bodies also are required to have procedures to ensure
against using any of its officers or employees that has a financial
conflict of interest regarding an eligible entity to be certified by
the certification body under section 808(c)(5)(A) of the FD&C Act. We
believe that proposed paragraph (a)(4) is an appropriate way to
implement these requirements.
The language in proposed Sec. 1.650(a)(4) also is consistent with
existing international standards, including ISO/IEC Guide 65:1996 (Ref.
20), clause 5.2.2, which requires personnel to agree to comply with the
auditor's/certification body's conflict of interest rules and to
declare any prior or present association with a supplier or designer of
products they are to be assigned to audit or certify. ISO/IEC
17021:2011 (Ref. 19), clause 5.2.12, states that certification body
personnel who could influence certification activities must act
impartially and must not allow commercial, financial, or other
pressures to compromise impartiality.
Proposed Sec. 1.650(a)(5) requires audit agents to agree to notify
their certification bodies immediately upon discovering, during a food
safety audit, any condition that could cause or contribute to a serious
risk to the public health, cross-referencing proposed Sec. 1.656(c),
which requires the accredited auditor/certification body to immediately
notify FDA of such condition. Proposed Sec. 1.650(a)(5) reflects the
language of section 808(c)(4)(A) and (c)(4)(B) of the FD&C Act, which
require notification based on conditions found during an audit and
identifies ``audits'' as both consultative and regulatory audits. To
ensure that roles and responsibilities of the audit agent and
accredited auditor/certification body are clearly delineated, proposed
Sec. 1.650(a)(3) places the audit agent under an obligation to report
to its auditor/certification body immediately upon discovering a
notifiable condition. (Having been informed by its agent, the
accredited auditor/certification body must immediately notify FDA,
under proposed Sec. 1.656(c).)
ISO/IEC Guide 65: 1996 (Ref. 20), clause 5.2.2, requires auditor/
certification body personnel to sign a contract or other commitment by
which they agree to comply with the certification body rules, which
often include confidentiality requirements. The legal obligation to
alert FDA, as a regulator, of a notifiable condition is a new
requirement. Voluntary notification is not a common practice of third-
party auditors/certification bodies. We believe the statutory
notification requirement is of such importance to our program that an
individual serving as an audit agent should agree to notify its
accredited auditor/certification body upon finding any condition
meeting the notification criteria of section 808(c)(4)(A) of the FD&C
Act. We believe this will help ensure that audit agents and accredited
auditors/certification bodies are aware of the notification
requirements for food safety audits conducted under the FDA program.
Proposed Sec. 1.650(b) contains additional requirements that the
accredited auditor/certification body must meet before assigning any
individual acting as its audit agent to conduct an audit of a
particular eligible entity. This requirement is intended to ensure that
each food safety audit assigned to an audit agent is conducted by a
qualified audit agent. Put another way, in order to meet proposed Sec.
1.650(b), an accredited third-party certification body would have to
ensure not only that a food safety audit is within the scope of its
accreditation but also that the audit is within the scope of
qualifications of any audit agent the certification body assigns to
conduct it.
Clauses 7.1.1 and 7.1.2 of ISO/IEC 17021: 2011 (Ref. 19) require
auditors/certification bodies to ensure that their personnel have
appropriate relevant knowledge and set competence criteria of required
knowledge and skills necessary to effectively perform audit and
certification tasks to achieve the intended results. Clause 7.2.7
requires the auditor/certification body to use auditors and technical
experts only for those certification activities (including audits)
where they have demonstrated competence. Similarly, ISO/IEC Guide
65:1996 (Ref. 20), clause 5.1.1, requires auditors'/certification
bodies' personnel to be competent for the functions they perform.
Proposed Sec. 1.650(c) imposes additional statutory restrictions
on audit agents conducting regulatory audits. Under section
808(c)(4)(C) of the FD&C Act, an audit agent may not conduct a
regulatory audit of an eligible entity if such agent conducted a
consultative or regulatory audit for the same eligible entity in the
preceding 13 months (except that such limitation may be waived under
proposed Sec. 1.663 if the accredited auditor/certification body
demonstrates there is insufficient access to accredited certification
bodies in the country or region where the eligible entity is located.)
We seek comment on the requirements we propose to ensure that audit
agents as competent and objective and on any other requirements
necessary to achieve this objective. In
[[Page 45811]]
particular, we seek input on whether we should place other requirements
or limitations to help ensure auditor competency. Any recommendations
that are based on common industry standards or practices should be so
identified.
b. How must an accredited auditor/certification body conduct a food
safety audit of an eligible entity? (Proposed Sec. 1.651). This
proposed rule would establish requirements for the conduct of
consultative and regulatory audits by accredited auditors/certification
bodies. Proposed Sec. 1.651 implements section 808(c)(3) of the FD&C
Act regarding audit reports and sets out requirements we believe are
necessary for planning and conducting audits in a manner that fulfills
the purposes of section 808 of the FD&C Act, including ensuring that
audits are of sufficient rigor to allow us to rely on the
certifications that issue based on the results of such audits.
Proposed Sec. 1.651(a) requires accredited auditors/certification
bodies to obtain basic information from the eligible entity about the
type and nature of the requested audit, which will allow the accredited
auditor/certification body to determine whether: (1) The requested
audit is within the scope of its accreditation and which of its audit
agents would be qualified to conduct the audit; (2) whether any
conflicts of interest prevent it from conducting an audit; or (3)
whether any other limitations apply, such as the 13-month limit
described in proposed Sec. 1.650(c). ISO/IEC Guide 65:1996 (Ref. 20),
clause 8.2.1, is similar, requiring auditors/certification bodies to
ensure that their clients complete a signed application that describes
the scope of the desired certification and to provide information on
the products to be certified, the certification system, and the
certification standards, if known. The information we propose to
require under Sec. 1.651(a) is essential for ensuring that the
accredited auditor/certification body (and any audit agent assigned)
has the appropriate qualifications to conduct the food safety audit.
Proposed Sec. 1.651(a) also requires the auditor/certification
body to obtain the eligible entity's operating schedule for a 30-day
window, including information relevant to the scope and purposes of the
audit. This information will help accredited auditors/certification
bodies in meeting the requirements of section 808(c)(5)(C)(i) of the
FD&C Act for ``unannounced'' food safety audits. Having the facility's
operating schedule for a certain period of time will allow the auditor/
certification body to determine when to appear at the facility to
conduct a food safety audit under proposed Sec. 1.651(b). ISO/IEC
17021:2011 (Ref. 19) has several provisions on audit planning, such as
clause 9.1.2.1, which requires them to establish an audit plan for each
audit. The requirement to provide a production schedule to enable audit
planning also is a feature of the British Retail Consortium's Global
Standard for Food Safety (BRC scheme) (Ref. 32). In advance of an
audit, a facility subject to audit under the BRC scheme (Ref. 32) may
be asked to provide, among other things, a production schedule and
typical shift pattern to allow planning to cover relevant
processes.\31\
---------------------------------------------------------------------------
\31\ Section III, Part I, Clause 7.2 states that a certification
body may request ``production schedules, to allow audits to cover
relevant processes, for example night-time manufacture or where
production processes are not carried out each day'' and ``typical
shift patterns.''
---------------------------------------------------------------------------
Proposed Sec. 1.651(b) would require accredited auditors/
certification bodies to develop contracts or other arrangements
granting them adequate authority to conduct unannounced audits, access
records and any area in the facility relevant to the scope of the
audit, use an accredited laboratory for analytical results, notify FDA
of a condition that could cause or contribute to a serious risk to the
public health, prepare and submit audit reports, as appropriate, and
allow FDA to observe any food safety audit it conducts. This provision
is intended to help ensure that the auditor/certification body has such
access to areas within the facility and records maintained by the
eligible entity as is necessary to conduct a rigorous food safety
audit. Proposed Sec. 1.651(b) also ensures that that auditor/
certification body has authority to use a laboratory accredited under
section 422 of the FD&C Act to perform analytical work, and authority
to provide any reports and the notifications that must be submitted to
us under this subpart.
Under clause 8.6.1(d)(2) of ISO/IEC 17021:2011 (Ref. 19), auditors/
certification bodies must require prospective clients to make all
necessary arrangements for the conduct of the audits, including for
examining records and access to all processes, areas, records, and
personnel. An application for certification must include a statement
that the applicant agrees to supply any information needed for
evaluation of the products to be certified, under clause 8.2.1(b) of
ISO/IEC Guide 65:1996 (Ref. 20).
Proposed Sec. 1.651(c) addresses the protocols for food safety
audits under this rule. The audit must be conducted in a manner
consistent with the identified scope and purpose of the audit, on an
unannounced basis as required by section 808(c)(5)(C)(i) of the FD&C
Act, and must be sufficiently rigorous to give confidence in the
reliability and validity of the audit outcomes.
ISO/IEC 17021:2011 (Ref. 19), clause 9.1.9.5.1, requires that
information relevant to the audit objectives, scope, and criteria be
collected by appropriate sampling and verified to become audit
evidence. Information may be collected through observation, records
review, and interviews. Under clause 9.1.9.6, audit findings,
summarizing conformity and detailing nonconformity and its supporting
audit evidence must be recorded and reported to enable an informed
certification decision.
Proposed Sec. 1.651(c) requires the facility audit portion of the
food safety audit to be conducted at an appropriate time within the 30
days covered by the operating schedule provided by the eligible entity
under proposed Sec. 1.651(a)(1)(ii).
Though most private food safety audit standards rely on announced
audits, the BRC scheme (Ref. 32) has protocols for both announced and
unannounced audits.\32\ An unannounced audit under the BRC scheme may
be conducted in 2 parts, with the ``Good Manufacturing Practices-type
audit'' unannounced and occurring prior to a records review, which may
be a planned visit.
---------------------------------------------------------------------------
\32\ The BRC scheme (Ref. 32) only allows facilities that have
achieved sufficiently high scores on announced audits to be audited
under the unannounced protocol.
---------------------------------------------------------------------------
We considered several factors in developing the audit protocols in
proposed Sec. 1.651(c), including the 2-part BRC unannounced audit
protocol. We have tentatively concluded that it is reasonable and
appropriate to interpret the ``unannounced audit'' requirement of
section 808(c)(5)(C)(i) of the FD&C Act to apply to the onsite facility
assessment portion of a food safety audit. We have further concluded
that an accredited auditor/certification body, equipped with a 30-day
facility operating schedule, would have adequate opportunity to plan
and conduct an unannounced facility audit. We anticipate that an
eligible entity seeking a food safety audit would sign a contract with
an accredited auditor/certification body at eligible entity (e.g., its
headquarters), where some or all of the relevant records of the entity
would be maintained. We think it is appropriate and efficient to allow
an auditor/certification body to review records maintained at the
eligible entity on the same day that the contract is signed, even
though the signing of the contract is a planned event.
[[Page 45812]]
We propose to sequence our audit protocol different than that of
the BRC, in that we would allow the planned records review to occur
prior to the unannounced onsite facility audit. We believe it will be
important for accredited auditors/certification bodies to gather
information about the facility before going onsite to audit it.
(Unannounced audits under the BRC scheme occur only after an announced
audit has been conducted, which allows the auditors/certification
bodies to become familiar with the facility and its records before
conducting an unannounced audit.) Accredited auditors/certification
bodies operating under the FDA program would have a limited
opportunity, if any, to gain knowledge about a facility prior to
conducting an unannounced audit. For this reason, we believe that
accredited auditors/certification bodies under the FDA program should
sequence the unannounced audit differently than the 2-part BRC
unannounced audit. We propose to require accredited auditors/
certification bodies to first review an eligible entity's management
systems (e.g., records) before conducting an onsite food safety audit
at the facility.
We believe that the requirement for unannounced audits will help
provide confidence in our program. It helps ensure that food facilities
will remain ``audit ready.'' It also reinforces the independence of the
accredited auditor/certification body.
We seek comment on our proposed approach for ``unannounced''
audits, including whether it is feasible and appropriate. We also
request information on current industry practice on arranging audits--
e.g., does industry commonly provide an auditor/certification body
information about its operating schedule? If not, what other means are
used to ensure that the auditor/certification body visits a facility at
the appropriate time to conduct the requested activities? For comments
suggesting other approaches, we request information on the practical
implications of the recommended alternate approach(es).
c. What must an accredited auditor/certification body include in
food safety audit reports? (Proposed Sec. 1.652). This proposed rule
would implement the audit reporting requirements of section 808 of the
FD&C Act and describes the elements of consultative and regulatory
audit reports that we believe would be appropriate.
As required by section 808(c)(3) of the FD&C Act, proposed Sec.
1.652(a) requires a report of a consultative audit be prepared not
later than 45 days after the audit was completed. Proposed Sec.
1.652(a) also sets requirements for the content of reports of
consultative audits, based on the content required by section
808(c)(3)(A)(i) through (c)(3)(A)(iv) of the FD&C Act: (1) The identity
of the persons at the eligible entity responsible for compliance with
food safety requirements; (2) the dates and scope of the audit; and (3)
any other information we require that relates to or may influence an
assessment of compliance with the FD&C Act.
ISO/IEC 17021:2011 (Ref. 19), clause 9.1.10.2, requires audit
reports to provide an accurate, concise, and clear record of the audit
to allow for informed certification decisions and include or refer to
the name and address of the client, the type of audit, the audit scope,
the dates and places where audit activities were conducted, audit
findings, evidence, and conclusions, consistent with the requirements
of the type of audit, and any unresolved issues, if defined.
Under proposed Sec. 1.652(a)(1) and (a)(2), we propose to require
that the following identifying information for the facility and the
eligible entity (if it differs from the facility) that chooses to
participate in the voluntary third-party certification program be
included in the consultative audit report: Name, address, and a unique
facility identifier (UFI), as required by FDA.
We are proposing to require this information to help ensure that we
have comprehensive, accurate, and up-to-date on eligible entities and
audited facilities that chose to participate in the program, which will
allow us to conduct efficient and effective oversight of the program.
Firm name and address alone may not provide sufficient information to
allow us to correctly identify an eligible foreign entity, such as a
farm that is not subject to the FDA facility registration requirements
and that may be located in a remote area in the foreign country. An UFI
could help us with eligible entities and facilities that would
otherwise be difficult to identify or locate.
After considering the types of information available, we have
tentatively concluded that an UFI should include two elements: (1) A
common business identifier, and (2) information on the firm's
geographic location. For the business identifier, we believe the Data
Universal Numbering System (D-U-N-S[supreg]) numbers system is
appropriate because it is a commonly used international business entity
listing system under which a company can obtain, at no charge, a unique
identification number for its business. D-U-N-S[supreg] numbers are
distinct, site-specific, 9-digit numbers that would allow us to
identify and verify certain business information, e.g., its trade
names, the name of each corporate officer and director, and additional
ownership information that may be useful in determining possible
conflicts of interest between eligible entities and accredited
auditors/certification bodies.\33\ The use of D-U-N-S[supreg] numbers,
as a unique numerical identification system, is less prone to mistake
or ambiguity than the use of an eligible entity's or facility's name
and address. Similarly, geographic information, such as Global
Positioning System (GPS) coordinates, would identify precisely where a
facility or eligible entity (if different) is located. We believe this
is a necessary element of a UFI, particularly for facilities such as
farms that are not required to register with us under Sec. Sec. 1.225
through 1.243 and that may be difficult to locate by street address. We
expect that accredited auditors/certification bodies that are qualified
to participate in our program likely would already own GPS units or
would be adequately resourced to purchase them.
---------------------------------------------------------------------------
\33\ D-U-N-S[supreg] numbers are assigned by Dun & Bradstreet
and maintained in their database of D-U-N-S[supreg] numbers. If the
D-U-N-S[supreg] Number for a location has not been assigned, a
business may obtain one for no cost directly from Dun & Bradstreet
(http://www.dnb.com).
---------------------------------------------------------------------------
Proposed Sec. 1.652(a)(3) and (a)(4) requires reports of
consultative audits to include the contact information for the
person(s) responsible for food safety compliance, the dates and scope
of the consultative audit, both of which are statutory requirements.
Proposed Sec. 1.652(a)(5) requires information on any deficiencies
observed during the audit that require corrective action and the date
on which such corrective actions were completed. ISO/IEC 17021:2011
(Ref. 19), clause 9.1.11, states that [audit/]certification bodies must
require their clients to analyze the cause of nonconformities and the
corrective actions to address such nonconformities within a defined
time. [Auditors/]certification bodies must verify and document the
effectiveness of the corrective actions based on document review or,
where necessary, onsite verification or additional audits under clauses
9.1.12 and 9.1.13. Proposed Sec. 1.652(a)(5) would require such
documentation be included in the consultative audit report.
Proposed Sec. 1.652(b) requires an accredited auditor/
certification body to prepare a report of a regulatory audit and submit
it to us electronically, in English, within 45 days after conducting
such audit, as mandated by section 808(c)(3) of the FD&C Act. We have
[[Page 45813]]
tentatively concluded that electronic submission of regulatory audit
reports, written in English, will help ensure we have ready access to
information needed for monitoring and oversight of the program.
Proposed Sec. 1.652(b) also requires auditors/certification bodies
accredited by recognized accreditation bodies to submit each regulatory
audit report to the accrediting body in the same timeframe and manner
as it is submitted to us. We believe that this information is important
to recognized accreditation bodies in conducting monitoring and
oversight of the auditors/certification bodies they accredit, including
monitoring required by proposed Sec. 1.621, and in assessing its own
performance of accreditation activities under proposed Sec. 1.622.
The report of a regulatory audit must contain all of the data
elements required for reports of consultative audits under proposed
Sec. 1.652(a). Proposed Sec. 1.652(b) requires that regulatory audit
reports contain the following additional data elements: (1) The FDA
registration number assigned to the facility, where applicable; (2) the
process(es), food(s), and facility observed during the audit; and (3)
information on sampling and laboratory analysis, recent food recalls,
recent significant changes at the facility, and any food or facility
certifications recently issued to the entity. We discuss each of these
additional data elements.
FDA Registration Number: Having an audited facility's FDA
registration number, where required, will allow us to verify (and to
correct, where necessary) registration information in our database.
This will help us in overseeing this program and in risk-based planning
for FDA foreign inspections.
Process(es) and food(s) observed during a regulatory audit: In
proposed Sec. 1.652(b)(4) we require a description of the process(es)
and food(s) observed during the audit, because we believe that,
otherwise, the description of the scope of the audit may not provide
sufficient information to allow the accredited auditor/certification
body, its recognized accreditation body, or us to determine whether the
certification matches the scope of the audit stated and, furthermore,
whether the stated scope of the audit matches the scope of auditor's/
certification body's accreditation. In sum, the description of the
process(es) and food(s) subject to regulatory audit help to verify the
validity of any food or facility certifications issued as a result of
the regulatory audit.
Sampling and analysis: Proposed Sec. 1.652(b)(8) requires
information on whether the entity uses sampling and laboratory analysis
(e.g., under a microbiological sampling plan) as part of the facility's
preventive control plan. We are not proposing to require the accredited
auditor/certification body to include the results of such sampling and
analysis in the regulatory audit report. Information on whether a
facility uses sampling and laboratory analysis helps identify how the
facility has chosen to verify its preventive controls.
Recalls during the preceding 2 years: Proposed Sec. 1.652(b)(9)
requires information on whether the entity issued a food-safety related
recall of an article of food from the facility during the 2 years
preceding the audit and, if so, any such article(s) recalled and the
reason(s) for the recall(s). We believe this is an important element of
a regulatory audit for certification purposes, because it may be
relevant in helping us to determine whether to accept a certification
or other assurance by an accredited auditor/certification body for
purposes of admitting a food into the United States under section
801(q) of the FD&C Act. Recent food safety-related recalls might call
into question the reliability of any food certifications issued to the
facility. Recall information also may be relevant to the risk factors
used to determine VQIP eligibility.
Recent significant changes: Proposed Sec. 1.652(b)(10) requires
submission of information regarding whether, during the 2 years
preceding the audit, the entity made a significant change in the
activities conducted at the facility, if such change creates a
reasonable potential for a new hazard or a significant increase in a
previously identified hazard. For example, a new hazard might arise if
a facility began to process a different type of commodity or began to
package an existing product in a different way (e.g., going from a
canned product to a vacuum-packed ready-to-eat product).
We developed this criterion based on the language in section 418(i)
of the FD&C Act, regarding conditions that trigger a requirement to
reanalyze hazards under section 418(b) of the FD&C Act (21 U.S.C.
350g(b) and (i)), as described in the Preventive Controls proposed
rule. While the types of facilities that may be audited are not limited
to facilities subject to the proposed preventive controls regulations,
we nonetheless believe the language set out in the statute sets the
appropriate boundaries for proposed Sec. 1.652(b)(9). We have
tentatively concluded that the type of information that has relevance
for reanalysis of hazards in a facility under the Preventive Controls
proposed rule is the same type of information that has relevance for
the conduct of a regulatory audit of a facility under this rule. We
invite comment on this tentative conclusion. For comments that oppose
this criterion, we seek comment on whether any other information on
facility changes has relevance for our oversight and, if so, we seek
alternative language for proposed Sec. 1.652(b)(9).
Prior certifications: Proposed Sec. 1.652(b)(11) requires
regulatory audit reports to contain information on any food or facility
certifications issued to the entity during the 2 years preceding the
audit, where available. The information must include the scope and
duration of each such certification. This information is a helpful in
verifying certifications submitted to us by importers for purposes of
VQIP eligibility or as required to accompany food for which
certification is a condition of admission under section 801(q) of the
FD&C Act. It also verifies the activities of an accredited auditor/
certification body under this program, which should be documented in
the records of the accredited auditor/certification body under proposed
Sec. 1.658.
Proposed Sec. 1.652(c) explains that an accredited auditor/
certification body must submit a report, as required by paragraph (b),
for each regulatory audit it conducts, regardless of whether
certification issued as a result. This requirement is consistent with
section 808(c)(3)(A) of the FD&C Act, which requires all regulatory
audit reports to be submitted. That statutory provision is not limited
to reports of regulatory audits where certifications were issued.
Proposed Sec. 1.652(d) requires accredited certification bodies to
implement written procedures for receiving and addressing challenges
from eligible entities contesting adverse regulatory audit results and
requires them to maintain records of such challenges under Sec. 1.658.
ISO/IEC 17021:2011 (Ref. 19) requires auditors/certification bodies to
have a documented process to receive, evaluate, and make decisions on
complaints relating to certification activities under clause 9.8.4., as
well as a documented process for handling appeals under clause 9.7.1.
d. What must accredited auditor/certification body do when issuing
food or facility certifications? (Proposed Sec. 1.653). This proposed
rule describes the activities that an accredited auditor/certification
body would have to perform when issuing food and facility
certifications. It is based on the language in section 808(c)(2)(C)
(requiring a regulatory audit and such other
[[Page 45814]]
necessary activities) and (c)(5)(C)(i) (requiring unannounced audits)
of the FD&C Act.
Proposed Sec. 1.653(a) specifies that the certification body must
have conducted a regulatory audit meeting the requirements of proposed
Sec. 1.651, including verification of corrective actions and using an
accredited laboratory, subject to the requirements of the laboratory
accreditation program we implement under that provision (21 U.S.C.
350k).
ISO/IEC 17021:2011 (Ref. 19) requires auditors/certification bodies
to use certain information in considering certification decisions:
Audit reports; comments on nonconformities and corrective actions (if
any); verified application information; and the audit agent's
recommendation on certification, including any conditions or
observations. The auditor's/certification body's decision must be based
on an evaluation of the audit findings and conclusions and any other
relevant information, such as public information and the client's
comments on the audit report.
Proposed Sec. 1.653(b) sets out the requirements for issuance of
certification. As with other submissions under this rule, we propose to
require certifications to be submitted electronically and in English.
Proposed paragraph (b)(2) describes the minimum elements of a
certification: Identifying information for the accredited auditor/
certification body, the eligible entity to which certification was
issued (including its unique facility identifier), and the facility (if
different from the eligible entity); the scope and date(s) of the
regulatory audit and the name of the audit agent conducting it, where
applicable; and the scope of the certification, its date of issuance,
and its date of expiration. These are the minimum elements we believe
necessary for us to link the certification to an importer in the VQIP
program under section 806 of the FD&C Act or to a food subject to
mandatory certification under section 801(q) of the FD&C Act. Moreover,
these data elements will help us determine whether the certification is
valid and reliable or should be refused under section 801(q)(4)(B) of
the FD&C Act.
e. When must an accredited auditor/certification body monitor an
eligible entity with food or facility certification? (Proposed Sec.
1.654). This proposed rule would require accredited auditors/
certification bodies to monitor eligible entities in certain
circumstances. Under proposed Sec. 1.654, an accredited auditor/
certification body is required to conduct monitoring of an eligible
entity if the auditor/certification body has reason to believe that an
eligible entity to which it issued a certification may no longer be in
compliance with the FD&C Act.
In developing proposed Sec. 1.654, we considered international
standards. ISO/IEC Guide 65: 1996 (Ref. 20), clause 13.1, requires
auditors/certification bodies to have documented procedures for
surveillance under applicable criteria. Under clause 13.2, auditors/
certification bodies must determine whether changes, such as a client's
intended changes in manufacturing processes, require further
investigation. ISO/IEC 17021:2011 (Ref. 19), clause 9.3, requires
auditors/certification bodies to develop their surveillance activities
so that representative areas and functions are regularly monitored.
Surveillance may include onsite audits. While we are not proposing to
require regular surveillance of certified eligible entities, we believe
requiring an accredited auditor/certification body to conduct
monitoring when it has ``reason to believe'' that the entity is no
longer in compliance with the FD&C Act strikes an appropriate balance.
Proposed Sec. 1.654 requires the accredited auditor/certification
body to immediately notify us under proposed Sec. 1.656(d) if it
determines that the entity to which it issued certification is out of
compliance with the FD&C Act. We believe that such notification is
necessary to ensure the protection of the public health and to maintain
the credibility of the program, particularly in light of the use of
such certifications: To allow admission of a food subject to mandatory
certification based on a determination of safety risk, under section
801(q) of the FD&C Act, and to allow importers to participate in a
program giving them expedited review and entry of product from a
certified facility, under section 806 of the FD&C Act.
f. How must an accredited auditor/certification body monitor its
own performance? (Proposed Sec. 1.655). This proposed rule would
require accredited auditors/certification bodies to conduct self-
assessments annually and following revocation of the recognition of its
accreditation body. Proposed Sec. 1.655(a) requires an accredited
auditor/certification body prepare a report of the results of each
self-assessment. The report must address the performance of its
officers, employees, or other agents in activities under this subpart.
For audit agents in particular, the accredited auditor/certification
body must report on whether its audit agents, during food safety
audits, focused on the elements of production, manufacturing,
processing, packing, and holding of food that pose the most significant
risks to human and/or animal health.
Under proposed Sec. 1.655(a), the self-assessment report must
evaluate the degree of consistency among its officers, employees, or
other agents in performing activities under this subpart. (With audit
agents, this is frequently called ``auditor correlation.'') In
addition, the report must assess compliance with the conflict of
interest requirements of Sec. 1.657, actions taken based on
assessments by FDA or its recognized accreditation body, and must
address any other aspects of performance relevant to a determination of
compliance, if requested by FDA.
Proposed Sec. 1.655(b) states that, in conducting its self-
assessment, an accredited auditor/certification body may assess the
compliance of one or more of the eligible entities it certified, as a
means to evaluate its performance. Under proposed Sec. 1.655(c), the
auditor/certification body must quickly execute appropriate corrective
actions when problems are identified during a self-assessment under
paragraphs (a) or (b) and must maintain records documenting the
completion of such actions under proposed Sec. 1.658. In addition,
proposed Sec. 1.655(d) describes the contents of the written reports
of its self-assessments, including describing any corrective actions
taken based on its self-assessments and stating the extent of its
compliance with conflict of interest requirements and other applicable
requirements of this rule.
ISO/IEC Guide 65:1996 (Ref. 20), clause 4.7.1, requires auditors/
certification bodies to conduct periodic internal audits covering all
of its procedures and to ensure that personnel responsible for the area
audited are informed of the audit outcome, timely and appropriate
corrective actions are taken, and audit results are documented.
Additionally, clause 4.7.2 requires the management with executive
responsibility to review its quality systems at sufficiently short
intervals to ensure its continuing suitability and effectiveness.
The FDA MFRPS (Ref. 12) have elements requiring States to conduct
periodic self-assessments of its manufactured food regulatory program
against the criteria we established. These self-assessments are
designed to identify the strengths and weaknesses of the State program
by determining the level of conformance with the program standards and
are independently verified through an audit. Records documenting the
results of the self-assessment must be maintained. We have tentatively
concluded that self-assessments would serve a similarly
[[Page 45815]]
important role for accredited auditors/certification bodies under our
accredited third-party audits and certification program.
g. What reports and notifications must an accredited auditor/
certification body submit? (Proposed Sec. 1.656). This proposed rule
would establish requirements for various reports and notifications that
accredited auditors/certification bodies would have to submit to FDA.
Proposed Sec. 1.656(a) requires accredited auditors/certification
bodies to submit regulatory audit reports no later than 45 days after
completing such audit. This requirement is based on section
808(c)(3)(A) of the FD&C Act, which requires submission of regulatory
audit reports as a condition of accreditation. The regulatory audit
report must be submitted electronically, in English, contain the
information required by proposed Sec. 1.652(b). The requirement for
electronic submissions, in English language, is required consistently
throughout this rule, for the reasons explained in section IV.3.c and
IV.3.d.
Under proposed Sec. 1.656(b), an accredited auditor/certification
body must submit its annual self-assessment report to its accreditation
body (or, in the case of direct accreditation, to us) no later than 45
days after the anniversary date of its accreditation under this program
and, for reports required following revocation of its accreditation
body's recognition, within 2 months of the revocation. The self-
assessment report, which is required by Sec. 1.655, must be submitted
electronically, in English, and must include an up-to-date list of any
audit agents the certification body uses to conduct audits under this
subpart. As explained in the discussion of proposed Sec. 1.621, we
believe that the results of such assessments will be helpful to us in
performing our monitoring of not only the accredited auditor/
certification body itself, but also the recognized accreditation body
that accredited it, where applicable. Monitoring of recognized
accreditation bodies and accredited third-party auditors/certification
bodies is required by section 808(f)(2) of the FD&C Act.
Having information about deficiencies the accredited auditor/
certification body identified in its own performance and program,
together with the corrective actions that were implemented to address
such deficiencies helps us target our monitoring activities. Moreover,
the results of self-assessments across a number of accredited auditors/
certification bodies will help us identify trends in program
performance and may offer an early signal of potential issues for the
Agency to address at the program level.
Proposed Sec. 1.656(c) requires an accredited auditor/
certification body to immediately notify us when any audit agent or the
auditor/certification body itself, discovers during an audit any
condition that could cause or contribute to a serious risk to the
public health. This notification is required by section 808(c)(4) of
the FD&C Act, which identifies certain information that must be
contained in the notification.
Based on that requirement and the authority granted to us to issue
regulations for the efficient enforcement of its authority, under
section 701(a) of the FD&C Act, proposed Sec. 1.656(c) requires such
notification to include the following: (1) The name and address of the
facility where the condition was discovered; (2) the FDA registration
number assigned to the facility, where applicable; (3) the name and
address of the eligible entity, if different from that of the facility;
and (4) the condition that could cause or contribute to a serious risk
to the public health and for which notification is required.
Information on the identity of the entity and the notifiable
condition is required by section 808(c)(4) of the FD&C Act. The other
data elements we propose to require are essential for us to take
immediate and necessary steps to protect the public health. In the
event that the facility where the condition was discovered is different
than the eligible entity, or is at a different location, we need to
know the name and address of the facility so that we can interact
directly with the facility. Knowing the facility's FDA registration
number (where required) helps us quickly assemble relevant information
we possess, including information from our foreign regulatory partners.
The data elements required for notification under Sec. 1.656(c)(1),
(c)(2), and (c)(3) offer the minimum information we believe necessary
to allow the Agency to determine the appropriate course of action with
respect to the situation.
We note that section 808 of the FD&C Act does not define ``serious
risk to the public health,'' nor does it give examples of
``condition[s] that could cause or contribute to a serious risk to the
public health.'' The statutory description of notifiable conditions--as
ones that ``could'' cause or contribute to a serious risk to public
health--suggests to us that the scope of this provision is broad. In
developing these proposed implementing regulations, we looked for the
precise phrase, ``cause or contribute to a serious risk to the public
health'' elsewhere in the FD&C Act, but did not find it there (21
U.S.C. 301 et seq.). In considering section 808 of the FD&C Act as a
whole, we noted that the provision giving us access to records
associated with consultative audits cross-references section 414 of the
FD&C Act (21 U.S.C. 350c). Section 414 of the FD&C Act, among other
things, gives us access to records if we have a reasonable belief that
an article of food, and any other article of food that we reasonably
believe is likely to be affected in a similar manner, is adulterated
and presents a threat of serious adverse health consequences or death
to humans or animals (SAHCODHA) (21 U.S.C. 350c(a)). Although Congress
chose to incorporate SAHCODHA by referencing section 414 of the FD&C
Act as authority for us to access records of consultative audits under
section 808(c)(3)(C) of the FD&C Act, Congress did not use the SAHCODHA
standard in describing the types of conditions that could cause or
contribute to a serious risk to the public health and that must be
reported to FDA under section 808(c)(4)(A) of the FD&C Act. We believe
Congress intended the standard for notification to be a different
standard than SAHCODHA.
We invite comment from interested parties interpreting the
notification standard in section 808(c)(4)(A) of the FD&C Act and
providing examples of circumstances that stakeholders believe do and do
not rise to the level of a ``condition that could cause or contribute
to a serious risk to the public health.'' We are particularly
interested in receiving input on whether our existing Class I and Class
II recall standards (Ref. 33), taken together, might adequately address
any condition covered by section 808(c)(4)(A) of the FD&C Act. An FDA
Class I recall occurs in a situation in which there is a reasonable
probability that the use of or exposure to a violative product will
cause serious adverse health consequences or death. An FDA Class II
recall occurs in a situation in which use of or exposure to a violative
product may cause temporary or medically reversible adverse health
consequences or where the probability of serious adverse health
consequences is remote.
We also note that international standards for [auditors/
]certification bodies have exceptions to confidentiality agreements
where disclosure is required by law. For example, ISO/IEC Guide
17021:2011 (Ref. 19), clause 8.5.3, requires an auditor/certification
body that is required by law to release confidential information to a
third party, to notify the client before providing such information to
a third party, ``unless regulated by law.'' Based on section
808(c)(4)(A) of the FD&C Act, which
[[Page 45816]]
requires that the accredited third-party certification body
``immediately'' notify us, proposed Sec. 1.656(c) requires an
accredited auditor/certification body to notify us of a serious risk to
public health prior to notifying its client, the eligible entity. We
recommend that accredited auditors/certification bodies include a
provision explaining this notification requirement in their contracts
with eligible entities. We believe this will help ensure that eligible
entities are aware of the notification requirement and will help
emphasize to the accredited auditors/certification bodies their
obligation to notify FDA of such condition.
Proposed Sec. 1.656(d) requires an accredited auditor/
certification body to immediately notify us electronically, in English,
upon withdrawing or suspending the food or facility certification of an
eligible entity. The notice must describe the basis for withdrawal or
suspension. We believe immediate notification of suspension or
withdrawal of certifications is necessary because of how we use these
certifications: As a condition of granting admission to a food subject
to an risk determination under section 801(q) of the FD&C Act and as a
criteria for an importer's eligibility to participate in VQIP under
section 806 of the FD&C Act. We realize that certification bodies
currently withdraw and suspend certifications for a number of reasons,
some of which relate to payment of fees and others relate to food
safety matters. Therefore, having information on the fact that a
certification has been withdrawn or suspended, as well as the reason(s)
for the action, allows us to determine the effect of suspension or
withdrawal on our use of the certifications under sections 801(a) and
806 of the FD&C Act. Depending on the reasons for suspension or
withdrawal of certification, we may conduct an inspection or take other
action.
Under proposed Sec. 1.656(e)(1), an accredited auditor/
certification body that notifies us under proposed Sec. 1.656(c) must
immediately thereafter notify the eligible entity where the condition
was discovered. Proposed Sec. 1.656(e)(2) requires an accredited
auditor/certification body to notify its accreditation body (or, in the
case of direct accreditation, to us) electronically, in English, within
30 days after making any significant change that may affect its
compliance with the requirements of Sec. Sec. 1.640 through 1.658. The
notice must describe the purpose of the change and an explanation for
whether and how the change might affect its accreditation under this
program. In that proposed Sec. 1.640 requires auditors/certification
bodies to maintain compliance with the requirements of this rule as a
condition of their accreditation, this notification is necessary for
our program oversight. We will use this information in monitoring the
certification body as required by section 808(f)(2) of the FD&C Act and
may use the notification (or the failure to notify under proposed Sec.
1.656(e)(2)) in determining whether to withdraw accreditation under
section 808(c)(6) of the FD&C Act.
h. How must an accredited auditor/certification body protect
against conflicts of interest? (Proposed Sec. 1.657). This proposed
rule would require accredited auditors/certification bodies to have
procedures to ensure against financial conflicts of interest and to
make annual financial disclosure statements available to us, as
required by section 808(c)(5)(A) and (c)(5)(B) of the FD&C Act.
Additionally, section 808(c)(5)(C) of the FD&C Act directs us to issue
implementing regulations including requirements for unannounced audits,
a structure to decrease the potential for conflicts of interest
(including requirements for timing and public disclosure of fee
payments), and appropriate limits on financial affiliations between
certification bodies (and their audit agents) and eligible entities to
be certified.
Proposed Sec. 1.657 sets out the elements of a conflict of
interest program we believe are appropriate to implement this mandate
and to ensure the objectivity and independence of accredited auditors/
certification bodies necessary for to maintain the credibility of the
program. Proposed Sec. 1.657(a) requires the accredited auditor/
certification body to have written program that covers the
certification body itself and any of its officers, employees, or other
agents (e.g., audit agents) conducting audits or certification
activities under this program.
Based in large part on section 808(c)(5)(A)(i) of the FD&C Act,
proposed Sec. 1.657(a)(1) prohibits an accredited auditor/
certification body and its officers, personnel, and other agents
(except for audit agents subject to paragraph (a)(2)) from owning,
controlling, managing, or otherwise having a financial interest in an
eligible entity, or an affiliate, parent, or subsidiary of such entity,
to be certified by the auditor/certification body . The effect of the
language in proposed Sec. 1.657(a)(1) would be to prevent a foreign
food firm with its own audit team from conducting regulatory audits and
issuing certifications for its own facilities, processes, or products
(i.e., first-party audits) or for an affiliate or for its parent or
subsidiary (i.e., second-party audits). Given the multinational nature
and multiple corporate interests of many food companies, we have
tentatively concluded it is important to extend the conflict of
interest safeguards in proposed Sec. 1.657 to subsidiaries,
affiliates, and parent organizations. We seek comment on this tentative
conclusion.
Proposed Sec. 1.657(a)(2) prohibits an audit agent of an
accredited auditor/certification body from conducting a food safety
audit of an eligible entity, or an affiliate, parent, or subsidiary of
such entity, that the agent owns or operates. This provision is largely
based on the section 808(c)(5)(B)(i) of the FD&C Act, which prohibits
an audit agent from owning or operating an eligible entity to be
audited by the agent, coupled with language covering financial
interests associated with an affiliate, parent, or subsidiary of the
eligible entity, for the reasons previously described.
To be clear, proposed Sec. 1.657(a)(2) does not go so far as to
prohibit audit agents from having any financial interest in any food
company; rather, it prevents an audit agent from conducting a
consultative or regulatory audit of an eligible entity or an affiliate,
parent, or subsidiary of such entity, owned or operated by such agent.
We believe that requiring any audit agent conducting audits under this
program to divest all interests in FDA-regulated food firms might
unnecessarily limit the pool of qualified audit agents.
We seek comment on these tentative conclusions and on the approach
we propose in Sec. 1.657(a)(2), including whether this approach might
unnecessarily limit the availability of competent audit agents to
conduct audits under this program and whether removing the restriction
relating to interests in affiliates, parents, or subsidiaries might
create, or create the appearance of, bias.
Proposed Sec. 1.657(a)(3) prohibits officers, employees, or other
agents of an accredited auditor/certification body from accepting any
gift, gratuity, or item of value from the entity subject to audit. A
gift, gratuity, or item of value would not include meals of a de
minimis value provided on the premises where the audit or assessment is
being conducted, recognizing that some facilities may be remotely
located and allowing onsite meals is appropriate in the interest of
efficiency. We seek comment on whether to interpret de minimis value
according to the limits for gifts or items of value applicable to U.S.
Government employees. Proposed Sec. 1.657(a)(3) also
[[Page 45817]]
allows for authorized officials, employees, or agents to accept
payments of fees for the audit and certification, as described in
proposed Sec. 1.657(b).
Proposed Sec. 1.657(b) addresses the requirement, in section
808(c)(5)(C) of the FD&C Act, to issue implementing regulations that
include a structure to decrease the potential for conflicts of
interest, including timing and public disclosure, for fees paid by
eligible entities to accredited third-party certification bodies. After
considering this statutory provision, we have tentatively concluded
that an appropriate structure to decrease the potential for conflicts
of interests between an eligible entity and an accredited auditor/
certification body would be one in which there was public disclosure of
the point at which the entity paid fees for audit and certification
services. Proposed Sec. 1.657(b) provides that that payment of such
fees does not constitute a covered financial conflict of interest.
Proposed Sec. 1.657(c) imputes to an officer, employee, or other
agent of an accredited auditor/certification body the financial
interests of his or her spouse and minor children, if any. This
proposed requirement is based on the approach we recommended in the
2009 Guidance that no auditor acting for the [auditor/]certification
body (or spouse or minor children) should have any significant
ownership or other financial interest regarding any product of the type
it certifies (Ref. 5). As another example, FDA regulations on conflicts
of interest of experts serving on panels for unapproved new animal
drugs imputes the financial interests and arrangements of an expert's
spouse and minor children to the expert him- or herself (21 CFR
516.141(g)).
We believe that imposing a similar requirement on the immediate
family of the officers, employees, or other agents of an accredited
auditor/certification body will help to ensure the credibility of the
accredited third-party audits and certification program at every level.
We seek comment on this tentative conclusion.
Proposed Sec. 1.657(d) requires accredited certification bodies to
maintain on their Web sites an up-to-date list of eligible entities to
which they issued certifications under this subpart, the duration and
scope of each such certifications, and the date on which the eligible
entity paid any fee or reimbursement under proposed Sec. 1.657(c).
Information on timing of fee payments is required by section
808(b)(5)(C)(iii) of the FD&C Act and is necessary, we believe, in the
interest of transparency.
We seek comment on the tentative conclusions identified here--
namely, we should require accredited certification bodies to: (1) Have
a written program to safeguard against conflicts of interest; (2)
include the interest of any affiliate, parent, or subsidiary of a
certification body within the scope of interests covered by its
conflict of interest program; (3) impute the interests of immediate
family members of an officer, employee, or other agent to such officer,
employee, or other agent; and (4) to maintain on its Web site a list of
its certified eligible entities, including duration and scope of each
such certification, and disclosure of the date(s) on which an eligible
entity paid the accredited auditor/certification body any fee or
reimbursement associated with an audit or certification under this
program.
i. What records requirements must an accredited auditor/
certification body meet? (Proposed Sec. 1.658). This proposed rule
would establish requirements for accredited auditors/certification
bodies to establish, control, and retain records relating to their
auditing and certification activities under our program.
Proposed Sec. 1.658 requires accredited auditors/certification
bodies to maintain certain documents and data electronically, in
English, for 4 years, to document compliance with this rule.\34\ These
records include: (1) Requests for regulatory audits; (2) audit reports
and other documents resulting from a consultative or regulatory audit;
(3) any notification of a condition under proposed Sec. 1.650(a)(5) or
by the accredited auditor/certification body to FDA under proposedSec.
1.656(c); (4) any food or facility certification issued under this
program; (5) any challenge to an adverse regulatory audit decision and
its disposition; (6) any monitoring it conducted of a certified
eligible entity; (7) the auditor's/certification body's self-
assessments and corrective actions; and (8) any significant change to
the auditing and certification program that might affect compliance
with this rule.
---------------------------------------------------------------------------
\34\ We are proposing records be maintained for 4 years, which
aligns with the maximum length of time for which accreditation may
be granted. This will be particularly useful in decisionmaking on an
application to renew accreditation, because the accrediting body
will have access to data and information on activities conducted at
any time during its current accreditation. We used a similar
rationale in proposing to require recognized accreditation bodies to
maintain their records for 5 years, which is the maximum length of
time for which recognition may be granted.
---------------------------------------------------------------------------
Maintenance of records on requests for regulatory audits under
proposed Sec. 1.658(a)(1) is one means to verify the adequacy of audit
planning under proposed Sec. 1.651(a). Records associated with audits,
certifications, challenges to auditor/certification body decisions,
internal reviews, significant changes, and monitoring (also known as
surveillance) of eligible entities are among the records commonly
required to be maintained by international standards. We believe it
appropriate to require maintenance of similar records for purposes of
this rule.
We propose to require accredited auditors/certification bodies
choosing to participate in this program to maintain their program
records in English. We believe this English-language records
requirement is necessary for our oversight based on, among other
things, our experience with the shrimp pilot (Ref. 6). During the pilot
project, we faced costly delays and logistical hurdles in attempting to
assess third-party [auditors/]certification bodies, because we needed
English-language translations of their records to be able to conduct
performance audits. Based on that experience, we believe that having
real-time access to English-language records is necessary for
conducting efficient and effective assessments to the fullest extent of
our authority.
We solicit comment on the English-language records requirement in
proposed Sec. 1.658 and on whether other approaches might be similarly
efficient and effective. For example, should we allow an accredited
auditor/certification body to maintain its records in a language other
than English, if the auditor/certification body would be required to
make an English translation of its records available ``promptly'' upon
a written FDA request? What should ``promptly'' mean in this context
(e.g., 2 business days of the written request)? Would such an approach
be as efficient and effective as the proposed English-language records
requirement would be? For comments offering other approaches, we
request a detailed description of the alternative, an analysis of the
impacts of the alternative on our ability to ensure the compliance of
accredited auditors/certification bodies with applicable FDA
requirements.
Based on section 808(c)(3)(B) of the FD&C Act, proposed Sec.
1.658(b) and (c) require an accredited auditor/certification body to
provide FDA access to records upon request of an officer or employee we
designate, except that reports or other documents of a consultative
audit must be made available to us only in accordance with the
requirements of subpart J (records access under section 414 of the FD&C
Act). Proposed Sec. 1.658(b) reflects section 808(c)(3)(C) of the FD&C
Act, which
[[Page 45818]]
states that reports or other documents resulting from a consultative
audit are accessible to us only under circumstances that meet the
threshold for records access under section 414 of the FD&C Act (21
U.S.C. 350c). Based on these statutory requirements, we can access such
documents from consultative audits in either of the following
circumstances: If we have a reasonable belief that an article of food,
and any other article of food that we reasonably believe is likely to
be affected in a similar manner, is adulterated and presents a threat
of SAHCODHA; or if we believe that there is a reasonable probability
that the use of or exposure to an article of food, and any other
article of food that we reasonably believe is likely to be affected in
a similar manner, will cause SAHCODHA, as described in Sec. 1.361 of
this part.
We have tentatively concluded that the records identified and the
records maintenance and access requirements in proposed Sec. 1.658 are
necessary to monitor and evaluate accredited certification bodies, as
directed by section 808(f)(2) of the FD&C Act. We believe it is
reasonable to require accredited auditors/certification bodies to
maintain such records for the maximum length of accreditation, 4 years.
We acknowledge that the requirements of proposed Sec. 1.658 may
require revisions to contracts and perhaps other documents establishing
and limiting the scope of an auditor's/certification body's authority
with respect to granting records access. We nonetheless have
tentatively concluded that such access is necessary to help ensure the
credibility of the program. We seek comment on this tentative
conclusion and on the specific records requirements we propose.
7. Procedures for Accreditation of Third-Party Auditors/Certification
Bodies
Table 7--Proposed Procedures for Third-Party Auditors/Certification
Bodies
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
1.660.................. Where do I apply for accreditation or renewal
of accreditation by a recognized accreditation
body?
1.661.................. What is the duration of accreditation?
1.662.................. How will FDA monitor accredited auditors/
certification bodies?
1.663.................. How do I request an FDA waiver or waiver
extension for the 13-month limit for audit
agents conducting regulatory audits?
1.664.................. When can FDA withdraw accreditation?
1.665.................. How do I voluntarily relinquish accreditation?
1.666.................. How do I request reaccreditation?
------------------------------------------------------------------------
a. Where do I apply to obtain accreditation from a recognized
accreditation body? (Proposed Sec. 1.660). This proposed rule explains
where interested third-party auditors/certification bodies could apply
for accreditation under our accredited third-party audits and
certification program.
Proposed Sec. 1.660 informs third-party auditors/certification
bodies that they must apply directly to a recognized accreditation body
for accreditation, except for those circumstances meeting the
requirements of proposed Sec. 1.670 for direct accreditation.
b. What is the duration of accreditation? (Proposed Sec. 1.661).
Proposed Sec. 1.661 states that accreditation of a third-party
auditor/certification body may be granted for a period up to 4 years.
This applies both to accreditations granted by recognized accreditation
bodies and to direct accreditations that we grant under proposed Sec.
1.672. We have tentatively concluded that 4 years is an appropriate
duration for an accreditation, because we believe the rigor and
credibility of this new program rests, in part, on the extent of
oversight of accredited third-party auditors/certification bodies to
conduct audits and to certify eligible foreign entities.
The process for renewal of accreditation provides an opportunity
for recognized accreditation bodies (and us, for directly accredited
auditors/certification bodies) to look closely at all aspects of the
auditor's/certification body's program and performance and to decide
anew whether the auditor/certification body meets the eligibility
requirements.
We note proposed Sec. 1.661 set the duration of accreditation in
the new accredited third-party auditor/certification body program for a
shorter period than the duration of accreditation we allow in the
mammography program under 21 CFR part 900, which is a time-tested
program. As we and the recognized accreditation bodies participating in
the accredited third-party audits and certification program for food
gain experience with the program, we may revisit this matter. For these
reasons, we have tentatively concluded that accreditation should be
granted for a period of no longer than 4 years. We seek comment on this
tentative conclusion.
c. How will FDA monitor accredited auditors/certification bodies?
(Proposed Sec. 1.662). This proposed rule would establish requirements
for our evaluation of the performance of accredited auditors/
certification bodies, based on section 808(f)(2) of the FD&C Act, which
requires us to monitor accredited auditors/certification bodies
periodically, or at least once every 4 years.
The statute makes no distinction between the frequency of our
monitoring necessary for auditors/certification bodies accredited by
recognized accreditation bodies and for auditors/certification bodies
that we directly accredit. However, we are proposing, in Sec. 1.621,
to require a recognized accreditation body to conduct annual
assessments of the performance of each third-party auditor/
certification body it accredited under this program. Under proposed
Sec. 1.662(a) we will perform our own performance evaluations of
auditors/certification bodies accredited by recognized accreditation
bodies at least once every 3 years for auditors/certifications bodies
accredited for 4 year terms, and at the mid-term point for auditors/
certification bodies accredited for less than 4 years. Proposed Sec.
1.662(a) also establishes requirements for our monitoring of directly
accredited auditors/certification bodies. In these circumstances, we
act in the role of a recognized accreditation body and will perform
annual monitoring. Not only would annual monitoring by us provide
oversight similar to the annual monitoring requirements of proposed
Sec. 1.621, but also it would satisfy the monitoring requirement of
section 808(f)(2) of the FD&C Act with respect to monitoring of
directly accredited auditors/certification bodies.
[[Page 45819]]
Proposed Sec. 1.662(b) identifies the types of information we may
review in conducting our evaluations of accredited auditors/
certification bodies. Proposed Sec. 1.662(c) makes clear that we can
conduct our evaluation of an auditor/certification body through onsite
observations of performance during the conduct of food safety audits
and through document review.
For both directly accredited auditors/certification bodies and
those accredited by recognized accreditation bodies, we will evaluate
performance based on whether the auditor/certification body continues
to comply with the requirements of Sec. Sec. 1.640 through 1.658 and
whether there are performance deficiencies that would warrant
withdrawal of accreditation under this rule. We seek comment on whether
the criteria in proposed Sec. 1.662(a) and (b) are appropriate for
evaluating accredited auditors/certification bodies under this program.
Additionally, we seek recommendations for possible approaches we might
use to monitor performance, such as conducting our inspections of a
certain number of eligible entities, shortly after the accredited
auditor/certification body conducted a food safety audit of an eligible
entity. For each such recommendation, we seek comment on the how the
approach might affect: (1) The incentives for auditors/certification
bodies to seek accreditation under our program, and (2) the degree of
oversight needed to meet the objectives of section 808 of the FD&C Act.
d. How do I request a waiver or waiver extension for the 13-month
limit for audit agents conducting regulatory audits? (Proposed Sec.
1.663). This proposed rule would allow accredited auditors/
certification bodies to seek an FDA waiver of the limit on audit agents
conducting regulatory audits of an eligible entity where they conducted
a regulatory or consultative audit in the preceding 13 months. Under
section 808(c)(4)(C)(ii) of the FD&C Act, we may waive the limit, which
appears in proposed Sec. 1.650(c), where there is insufficient access
to accredited certification bodies in the country or region where an
eligible entity is located. Proposed Sec. 1.663(a) establishes the
requirements for a waiver or waiver extension and proposed Sec.
1.663(b) to (f) describes the procedural requirements for a waiver or
waiver extension request, including electronic submission, in English.
Under proposed Sec. 1.663(g), we explain that an accredited auditor/
certification body should not use an audit agent subject to the 13-
month limit in proposed Sec. 1.650 unless we have granted the request
or the 13-month limit has elapsed. The procedural requirements in
proposed Sec. 1.663 mirror the procedural requirements for other
applications submitted to us.
e. When can FDA withdraw accreditation? (Proposed Sec. 1.664).
This proposed rule would establish the conditions under which we could
withdraw accreditation from an auditor/certification body, regardless
of whether it was directly accredited or accredited by a recognized
accreditation body.
Proposed Sec. 1.664(a) describes criteria for mandatory withdrawal
that reflect section 808(c)(6)(A) of the FD&C Act, which requires us to
withdraw accreditation in certain outbreak situations, whenever we find
that an accredited auditor/certification body is no longer meeting the
requirements for accreditation, or following a refusal to allow U.S.
officials to conduct audits and investigations to ensure compliance
with these requirements. The statute directs us to withdraw
accreditation if a food or facility certified by an accredited auditor/
certification body under our program is linked to an outbreak of
foodborne illness that has a reasonable probability of causing serious
adverse health consequences or death in human or animals, except under
section 808(c)(6)(C) of the FD&C Act, if we conduct an investigation of
the material facts of the outbreak, review the steps and actions taken
by the auditor/certification body, and determine that the accredited
auditor/certification body satisfied the requirements for issuance of
certification under this rule. The exception is set out in proposed
Sec. 1.664(b).
Section 808(c)(6)(B) of the FD&C Act allows us to withdraw
accreditation from an accredited auditor/certification body whose
accrediting body had its recognition revoked, if we determine there is
good cause for withdrawal. This statutory provision is reflected in
Sec. 1.664(c), which also provides two examples of circumstances we
believe provide good cause for withdrawal, including bias or lack of
objectivity and performance calling into question the validity or
reliability of its food safety audits and certifications.
In proposed Sec. 1.664(d) we provide for records access when
considering possible withdrawal of accreditation. In proposed Sec.
1.664(e) we provide for notice of withdrawal of accreditation and
describe the processes to challenge such withdrawal.
Proposed Sec. 1.665(f) describes the effect of withdrawal on
eligible entities. In general, a food or facility certification issued
by an accredited auditor/certification prior to withdrawal of
accreditation will remain in effect until it terminates by expiration,
except if we have reason to believe a certification issued for purposes
of section 801(q) of the FD&C Act is not valid or reliable, we can
refuse to accept the certification.
Proposed Sec. 1.664(g)(1) explains that FDA will notify the
recognized accreditation body that accredited the third-party auditor/
certification body whose accreditation was withdrawn by FDA. In such
circumstances, proposed Sec. 1.664(g)(1) requires the recognized
accreditation body to conduct a self-assessment, as described in Sec.
1.622, and report the results of such self-assessment to FDA within 2
months after withdrawal, as required by Sec. 1.623(b). Proposed Sec.
1.664(g)(2) explains that FDA may revoke recognition of an
accreditation body whenever FDA determines there is good cause for
revocation under proposed Sec. 1.634.
Proposed Sec. 1.664(h) provides for public notice of withdrawal of
accreditation on FDA's Web site. We believe this information is
necessary in the interest of transparency.
f. How do I voluntarily relinquish accreditation? (Proposed Sec.
1.665). This proposed rule would allow accredited auditors/
certification bodies to voluntarily relinquish their accreditations
before they expire and without having them withdrawn by FDA.
Proposed Sec. 1.665 offers the mechanism for voluntarily
relinquishment before it terminates by expiration. Relinquishment on
the initiative of the auditor/certification body is distinct from
withdrawal of accreditation for cause.
The mammography regulations in 21 CFR 900.3 offer accreditation
bodies the opportunity to voluntarily relinquish their authority to
grant accreditation. We believe that auditors/certification bodies
operating under our accredited third-party audits and certification
program should have the option to voluntarily relinquish their
accreditation for their business reasons. We are proposing certain
procedural requirements--similar to those contained in the mammography
regulations--which auditors/certification bodies must follow in
relinquishing accreditation. We believe these measures are necessary to
ensure an orderly transition for eligible entities certified by the
auditor/certification body that is relinquishing its accreditation, and
for us to make the necessary adjustments in the program.
Proposed Sec. 1.665(a) requires auditors/certification bodies to
notify us and to
[[Page 45820]]
notify their accreditation body (where applicable) at least 6 months
before relinquishing accreditation. We propose to require such
notifications to be submitted electronically and in English. To ensure
that we have the ability to maintain adequate oversight of the program,
including through access the records of the auditor/certification body,
the notice required under proposed Sec. 1.665(a) must identify the
location where the records required by proposed Sec. 1.658 will be
maintained.
The decision to relinquish accreditation is made solely by the
third-party auditor/certification body, without FDA involvement.
Therefore, in relinquishing accreditation under proposed Sec.
1.665(a), the auditor/certification body would waive its rights to
appeal, because there is no FDA action to serve as the basis for
appeal.
Proposed Sec. 1.665(b) requires the accreditation body to notify
any eligible entity to which it issued a food or facility certification
no later than 15 business days after notifying FDA of its intent to
voluntarily relinquish accreditation.
Proposed Sec. 1.665(c) describes the effects of relinquishment of
accreditation on certification issued by an auditor/certification body
prior to relinquishing its accreditation. In considering the impact of
relinquishment on eligible entities, we were mindful that such entities
would likely have little, if any, opportunity to provide input on a
decision by its auditor/certification body whether or not to relinquish
accreditation. We believe that, under most circumstances, the fact that
an auditor/certification body decided to relinquish its accreditation
is likely to have no bearing on the validity or reliability of
certifications it issued. Therefore, we have tentatively concluded that
the certification of an eligible entity whose auditor/certification
body voluntarily relinquished its accreditation under proposed Sec.
1.665 will remain in effect (subject to recertification under proposed
Sec. 1.681), except that we may refuse to consider a certification
issued for purposes of section 801(q) of the FD&C Act, if we have
reason to believe the certification is not valid or reliable.
Proposed Sec. 1.665(d) provides for public notice on our Web site
of the voluntary relinquishment of accreditation by an auditor/
certification body.
g. How do I request reaccreditation? (Proposed Sec. 1.666). This
proposed rule would allow a third-party auditor/certification body to
become reaccredited after withdrawal or relinquishment of its
accreditation.
Section 808(c)(7) of the FD&C Act requires us to establish
procedures to reinstate the accreditation of an auditor/certification
body for which we have withdrawn accreditation. Under proposed Sec.
1.666(a), we will reinstate accreditation if the auditor/certification
body can demonstrate that the grounds for withdrawal no longer exist,
or if the withdrawal was prompted by the revocation of recognition of
its accreditation body and the auditor/certification body finds a new
recognized accreditation body, becomes directly accredited, or
otherwise meets conditions we impose in the withdrawal. Under proposed
Sec. 1.666(b), an auditor/certification body that voluntarily
relinquished its accreditation may become reaccredited by submitting a
new application for accreditation under proposed Sec. 1.660 or Sec.
1.670 (where the criteria for direct accreditation are met).
8. Additional Procedures for Direct Accreditation of a Third-Party
Auditors/Certification Bodies
Table 8--Additional Procedures Proposed for Direct Accreditation of
Third-Party Auditors/Certification Bodies
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
1.670.................. How do I apply to FDA for direct accreditation
or renewal of direct accreditation?
1.671.................. How will FDA review applications for direct
accreditation and for renewal of direct
accreditation?
1.672.................. What is the duration of direct accreditation?
------------------------------------------------------------------------
a. How do I apply to FDA for direct accreditation or renewal of
direct accreditation? (Proposed Sec. 1.670). This proposed rule
describes the circumstances and procedures that would apply for direct
accreditation and renewal of direct accreditation.
Proposed Sec. 1.670 describes the conditions under which we will
accept applications for direct accreditation, reflecting the statutory
language in section 808(b)(1)(A)(ii) of the FD&C Act, which allows us
to directly accredit auditors/certification bodies if we have not
identified and recognized an accreditation body to meet the
requirements of section 808 of the FD&C Act within 2 years after
establishing our program. Proposed Sec. 1.670(a)(1) identifies certain
circumstances and criteria that we have tentatively concluded are
relevant for determining whether we have not identified and recognized
an accreditation body to meet the requirements of section 808 of the
FD&C Act. Proposed Sec. 1.670(a)(2) specifies conditions under which
we may revoke or modify such a determination. Proposed Sec.
1.670(a)(3) provides for public notice of such determination or its
revocation or revision.
Proposed Sec. 1.670(b) sets out the procedures for applying for
direct accreditation or renewal of direct accreditation. This mirrors
the procedures for applications established elsewhere under this rule.
b. How will FDA review applications for direct accreditation and
for renewal of direct accreditation? (Proposed Sec. 1.671). This
proposed rule would establish procedures for processing applications
for direct accreditation and for renewal of direct accreditation.
Proposed Sec. 1.671 describes a process for reviewing and deciding
on applications for direct accreditation and renewal that is consistent
with the procedures for reviewing and deciding on applications under
other provisions in this rule. For example, we propose to establish a
queue for direct accreditation and renewal applications based on the
date on which an application was completed, and we will review
applications on a first in, first out basis. We will inform applicants
of deficiencies in application documentation. To encourage applicants
to supply any missing information promptly, we will not place an
application in the queue until it is complete. Allowing incomplete
applications in the queue might block applications that are ready for
review, but were submitted later in time.
We will inform an applicant once its application has been placed in
the queue. We will review each application for direct accreditation or
renewal of direct accreditation to determine
[[Page 45821]]
whether the applicant meets the eligibility requirements of proposed
Sec. 1.640. We will communicate anticipated processing periods to
applicants. We are not proposing to include specific timeframes for
review in the regulation, for the following reasons: (1) It is
difficult to project, at this time, the amount of resources that will
be available to us for this program, which under section 808(c)(8) of
the FD&C Act, is funded through user fees established by regulation;
and (2) we anticipate that, as we gain experience in reviewing
applications and in overall administration of the program, we will
become more efficient in processing applications but currently lack
data that would allow us to reasonably estimate the effect of
efficiency gains on review times.
Under proposed Sec. 1.671(c), (d), and (e), we will notify an
applicant, in writing, whether the application has been approved or
denied. If approved, the notice will describe any conditions imposed on
the direct accreditation. If denied, the notice will state the basis
for the denial and will describe procedures for requesting
reconsideration of the decision. We believe this provision offers
necessary protections for applicants. We seek comment on the process
and procedures required by proposed Sec. 1.671.
c. What is the duration of direct accreditation? (Proposed Sec.
1.672). This proposed rule would establish the duration of
accreditation.
Proposed Sec. 1.672 states that direct accreditation of a third-
party auditor/certification body may be granted for a period up to 4
years. Similarly, proposed Sec. 1.661 allows a recognized
accreditation body to grant accreditation for a period of up to 4
years. We have tentatively concluded that 4 years is an appropriate
duration for an accreditation--whether granted by a recognized
accreditation body or by us--because we believe the rigor and
credibility of this new program rests, in part, on the extent of
oversight of accredited third-party auditors/certification bodies to
conduct audits and to certify eligible foreign entities. The process
for renewal of accreditation provides an opportunity for us to look
closely at all aspects of the auditor's/certification body's program
and performance and to decide anew whether the auditor/certification
body meets the eligibility requirements for accreditation.
We are proposing to set the duration of accreditation under this
new program for a shorter period than the duration of accreditation we
allow under 21 CFR part 900, which is the mammography program
established several years ago. As we gain experience with accredited
auditors/certification bodies in the food and feed programs, we may
revisit this matter. For these reasons, we have tentatively concluded
that accreditation should be granted for a period of no longer than 4
years. We seek comment on this tentative conclusion.
9. Requirements for Eligible Entities
Table 9--Proposed Requirements for Eligible Entities
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
1.680.................. How and when will FDA monitor eligible
entities?
1.681.................. How frequently must eligible entities be
recertified?
------------------------------------------------------------------------
a. How and when will FDA monitor eligible entities? (Proposed Sec.
1.680). This proposed rule would provide for FDA monitoring of eligible
entities that choose to be audited under our program.
Proposed Sec. 1.680(a) states that we may conduct an onsite audit
of an eligible entity that has received certification under this
program, as allowed under section 808(f)(3) of the FD&C Act, which
specifies that we may conduct an onsite audit of a certified entity at
any time, with or without the accredited auditor/certification body
present. Proposed Sec. 1.680(b) reflects section 808(h)(1) of the FD&C
Act, explaining that a food safety audit conducted under this program
is not considered an inspection under section 704 of the FD&C Act.
b. How frequently must eligible entities be recertified? (Proposed
Sec. 1.681). This proposed rule would require eligible entities to be
recertified annually.
Section 808(d) of the FD&C Act requires eligible entities to apply
for annual certification for food required to have certification under
section 801(q) of the FD&C Act or for its facility, if it intends the
certification to be used by an importer in establishing eligibility to
participate in VQIP under section 806 of the FD&C Act. This statutory
requirement is reflected in proposed Sec. 1.681(a). Proposed Sec.
1.681(b) states that FDA may require renewal of a food certification at
any time FDA determines appropriate under section 801(q)(4)(A) of the
FD&C Act.
10. General Requirements
Table 10--Proposed General Requirements
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
1.690.................. How will FDA make information about recognized
accreditation bodies and accredited auditors/
certification bodies available to the public?
1.691.................. How do I request reconsideration of a denial by
FDA of an application or a waiver request?
1.692.................. How do I request internal agency review of a
denial of an application or waiver request
upon reconsideration?
1.693.................. How do I request a regulatory hearing on a
revocation of recognition or withdrawal of
accreditation?
------------------------------------------------------------------------
a. How will FDA make information about recognized accreditation
bodies and accredited auditors/certification bodies available to the
public? (Proposed Sec. 1.690). This proposed rule explains how and
where we would make information on the accredited third-party audits
and certification program public. Section 808(g) of the FD&C Act
requires us to establish a publicly available registry of recognized
accreditation bodies and accredited auditors/certification bodies,
including their names and contact information.
Proposed Sec. 1.690 provides that we will post on our Web site a
registry of recognized accreditation bodies and of accredited auditors/
certification bodies
[[Page 45822]]
and explains that we may meet the obligation with respect to accredited
auditors/certification bodies by establishing links on our Web site to
the Web sites of recognized accreditation bodies, who are required to
maintain this information for auditors/certification bodies they
accredit under this program. As appropriate based on available
resources, we may use such links in the interest of minimizing the
administrative burden on us and in acknowledgement that some
accreditation bodies currently maintain such information on their Web
sites. We are seeking comment on our proposed public registry.
b. How do I request reconsideration of a denial by FDA of an
application or a waiver request? (Proposed Sec. 1.691). This proposed
rule would establish procedures for an applicant or requestor to seek
reconsideration of a denial. Under proposed Sec. 1.691, accreditation
bodies and certification bodies may ask us to reconsider an application
or waiver request we previously denied. The types of applications and
requests that may be reconsidered are: (1) Denial of an application for
recognition or for renewal of recognition; (2) denial of an application
submitted to reinstate recognition; or (3) denial of a request for a
waiver of the 13-month limit on audit agents or for a waiver extension;
(4) denial of an application for direct accreditation or for renewal of
direct accreditation; and (5) denial of an application for
reaccreditation.
The procedures described in proposed Sec. 1.691 require submission
of the request for reconsideration within 10 business days of the date
of such decision, in accordance with the procedures described in the
notice of denial, including requirements relating to submission of
supporting information. Within a reasonable time after completing its
review and evaluation of the request for reconsideration and the
supporting information (if any) submitted, we will notify the
requestor, in writing, of our decision to grant the application or
waiver request upon reconsideration, or our decision to deny upon
reconsideration the application or waiver request.
c. How do I request internal Agency review of a denial of an
application or waiver request upon reconsideration? (Proposed Sec.
1.692). This proposed rule would offer additional process for
applicants or requestors whose request for reconsideration was denied.
Proposed Sec. 1.692 states that the requestor who received a
denial upon reconsideration may seek internal Agency review of such
denial under 21 CFR 10.75(c)(1), which is a currently established
process for review but different than the initial review process under
proposed Sec. 1.691. The request for internal Agency review must be
submitted within 10 business days of the date of denial upon
reconsideration, in accordance with procedures described in the denial
upon reconsideration and must be signed by the accreditation body or
certification body, as appropriate, or by an individual authorized to
act on its behalf. Internal Agency review of the denial upon
reconsideration must be based on the information in the administrative
file, which will include any supporting information submitted under
proposed Sec. 1.691(c). Within a reasonable time after completing the
review and evaluation of the administrative file, we will notify the
requestor, in writing, of our decision to overturn the denial and grant
the application or waiver request or to affirm the denial. Affirmation
of a denial constitutes final Agency action for purposes of 5 U.S.C.
702.
d. How do I request a regulatory hearing on a revocation of
recognition or withdrawal of accreditation? (Proposed Sec. 1.693).
This proposed rule explains the procedures that would be used for
challenges to revocation of recognition or withdrawal of accreditation.
Under proposed Sec. 1.693(a) an accreditation body whose
recognition was revoked (or an individual authorized to act on its
behalf) may submit a request for a regulatory hearing, under part 16,
on the revocation. The request must be submitted within 10 business
days of the date of revocation. Similarly, under proposed Sec.
1.693(b) a certification body whose accreditation was withdrawn by FDA
may submit a request for a part 16 regulatory hearing on the
withdrawal. Such request must be submitted within 10 business days of
the date of withdrawal. Written notices of revocation and of withdrawal
will contain all of the elements required by Sec. 16.22 of this
chapter and will thereby constitute the notice of an opportunity for
hearing under part 16 of this chapter.
Under proposed Sec. 1.693(c), the request for a regulatory hearing
under paragraph (a) or (b) of this section must be submitted with a
written appeal that responds to the bases for our decision described in
the written notice of revocation or withdrawal, as appropriate,
together with any supporting information upon which the requestor is
relying. The request, appeal, and supporting information must be
submitted in accordance with the procedures described in the notice.
Proposed Sec. 1.693 makes clear that the submission of a request
for a regulatory hearing under this subpart will not operate to delay
or stay the effect of our decision to revoke recognition of an
accreditation body or to withdraw accreditation of a certification body
unless we determine that delay or a stay is in the public interest.
Under proposed Sec. 1.693(e) and (f), the presiding officer for a
regulatory hearing under this subpart will be designated after a
request for a regulatory hearing is submitted to us. The presiding
officer may deny a request for regulatory hearing under this subpart
pursuant to Sec. 16.26(a) of this chapter.
Proposed Sec. 1.693(g) states that if a hearing request is
granted, the hearing will be held within 10 business days after the
date the request was filed or, if applicable, within a time frame
agreed upon in writing by requestor and the presiding officer. The
presiding officer may require that a hearing conducted under this
subpart be completed within 1 business day, as appropriate.
The presiding officer must conduct the hearing under part 16 of
this chapter, except that, under Sec. 16.5(b) of this chapter, the
procedures for a regulatory hearing described in part 16 of this
chapter apply only to the extent that such procedures are supplementary
and not in conflict with the procedures specified for the conduct of
regulatory hearings under this subpart. Based on Sec. 16.5(b), the
following requirements of part 16 of this chapter are inapplicable to
regulatory hearings conducted under this subpart: The requirements of
Sec. 16.22 (Initiation of a regulatory hearing), Sec. 16.24(e)
(Timing) and (f) (Contents of notice), Sec. 16.40 (Commissioner),
Sec. 16.95(b) (Administrative decision and record for decision), and
Sec. 16.119 (Reconsideration and stay of action).
Proposed Sec. 1.693(g)(4) states that a decision by the presiding
officer to affirm the revocation of recognition or the withdrawal of
accreditation that served as the basis for the request for a regulatory
hearing is considered a final Agency action for purposes of 5 U.S.C.
702.
11. Audits for Other Purposes
[[Page 45823]]
Table 11--Proposed Use of Regulatory Audit Reports Under Subpart L
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
1.698.................. May importers use reports of regulatory audits
by accredited auditors/certification bodies
for purposes of subpart L of this part?
------------------------------------------------------------------------
May importers use reports of regulatory audits by accredited
auditors/certification bodies for purposes of subpart L of this part?
(Proposed Sec. 1.698). This proposed rule would allow importers to use
certain information from accredited auditors/certification bodies in
meeting the Foreign Supplier Verification Program (FSVP) requirements.
Proposed Sec. 1.698 allows an importer, as defined in the proposed
regulations for the FSVP published elsewhere in this edition of the
Federal Register, to use a report of a regulatory audit of a foreign
supplier (which is an eligible entity), in meeting the verification
requirements under the proposed FSVP regulations.
The FSVP proposed rule would require importers to verify that
hazards identified as reasonably likely to occur are being adequately
controlled. Onsite auditing may be used under the FSVP proposed rule.
While the FSVP proposed rule would not require use of accredited
auditors/certification bodies, we believe accredited auditor/
certification body program we are establishing under section 808 of the
FD&C Act will help ensure the rigor and objectivity of audits performed
by auditors/certification bodies accredited under our program.
Proposed Sec. 1.698 allows an importer required (or having the
option) to perform onsite auditing of its foreign supplier to comply
with the FSVP proposed rule to use the results of a regulatory audit in
meeting such requirement. The regulatory audit report of the foreign
supplier would be the documentation of such verification activity. (We
have tentatively concluded that the report of a consultative audit
would not be appropriate documentation for purposes of the proposed
FSVP rule. Among other things, consultative audits are defined as being
conducted for internal purposes only and are conducted against industry
standards as well as the requirements of the FD&C Act.)
We see significant value in having the food industry use competent
and impartial auditors/certification bodies to conduct food safety
audits of their facilities and are aware that many leaders in the food
industry are working to assure those objectives are achieved. We
believe that the accredited third-party audits and certification
program we are establishing to implement section 808 of the FD&C Act
offers a credible system to help ensure that the audits conducted by
auditors/certification bodies accredited under our program and the
certifications they issue based on the results of those audits are
valid and reliable not only to us, but also to companies throughout the
supply chain of the audited facility. We further believe that our
involvement, as the regulator responsible with oversight of these
facilities, offers an added level of assurance to consumers in the
validity of these third-party audits--a confidence they otherwise might
not gain from private audit systems.
It is our intent that the program we establish for foreign food
safety audits be solidly grounded in the key principles set out in the
statute and in the international standards and best practices that are
currently used by leaders at the forefront of efforts to ensure auditor
competency and objectivity. We realize that the same principles and
standards that are features of a rigorous and credible program for
audits of foreign firms would likewise hold great merit for audits of
domestic food facilities.
We seek comment on the value of, and need for, a program
established and administered by FDA for the use of accredited auditors/
certification bodies to conduct domestic food safety audits. We seek
input on whether accreditation bodies, auditors/certification bodies,
and domestic food facilities might be interested in such a program and
the incentives we might offer to encourage participation.
B. Proposed Revisions to Part 16
We are proposing a conforming change to the section of the CFR that
describes procedures for regulatory hearings that would add revocation
of recognition of an accreditation body and withdrawal of accreditation
of a third-party auditor/certification body to the list of actions for
which a hearing under this part may be held. The affected section in
title 21 of the CFR is 16.1.
V. Analysis of Environmental Impact
We have carefully considered the potential environmental effects of
this action. We have concluded, under 21 CFR 25.30(h), that this action
is of a type that does not individually or cumulatively have a
significant effect on the human environment. Therefore, neither an
environmental assessment nor an environmental impact statement is
required (Ref. 34).
VI. Federalism
We have analyzed this proposed rule in accordance with the
principles set forth in Executive Order 13132. We have determined that
the proposed rule does not contain policies that have substantial
direct effects on the States, on the relationship between the National
Government and the States, or on the distribution of power and
responsibilities among the various levels of government. Accordingly,
we have concluded that the proposed rule does not contain policies that
have federalism implications as defined in the Executive order and,
consequently, a federalism summary impact statement is not required.
VII. Comments
Interested persons may submit either electronic comments regarding
this document to http://www.regulations.gov or written comments to the
Division of Dockets Management (see ADDRESSES). It is only necessary to
send one set of comments. Identify comments with the docket number
found in brackets in the heading of this document. Received comments
may be seen in the Division of Dockets Management between 9 a.m. and 4
p.m., Monday through Friday, and will be posted to the docket at http://www.regulations.gov.
VIII. References
The following references have been placed on display in the
Division of Dockets Management (see ADDRESSES) and may be seen by
interested persons between 9 a.m. and 4 p.m., Monday through Friday.
(FDA has verified all the Web site addresses in this References
section, but FDA is not responsible for any subsequent changes to the
Web sites after this document publishes in the Federal Register).
1. Centers for Disease Control and Prevention. ``CDC research shows
outbreaks linked to imported foods increasing.'' http://www.cdc.gov/media/releases/2012/p0314_foodborne.html. Accessed April 23, 2013.
[[Page 45824]]
2. ``Notification to the World Trade Organization (G/SPS/N/USA/
2156).'' Food and Drug Administration, 2011. https://docs.wto.org/imrd/directdoc.asp?DDFDocuments/t/G/SPS/NUSA2156.DOC.
3. International Organization for Standardization/CASCO. ``Building
Trust: The Conformity Assessment Toolbox,'' 2009. http://www.iso.org/iso/casco_building-trust.pdf. Accessed April 23, 2013.
4. U.S. Agency for International Development. ``The Relationship of
Third-Party Certification (TPC) to Sanitary/Phytosanitary (SPS)
Measures and the International Agri-Food Trade: Final Report,''
2005. http://cs3.msu.edu/d/pubs/
The%20Relationship%20of%20TPC%20to%20SPS%20Measures--
Final%20Report%20+%20Annexes.pdf. Accessed April 23, 2013.
5. ``Guidance for Industry--Voluntary Third-Party Certification
Program for Foods and Feeds,'' 2009. Food and Drug Administration.
http://www.fda.gov/regulatoryinformation/guidances/ucm125431.html.
6. ``Assessment of the Third-Party Certification Program for
Aquacultured Shrimp,'' 2011. Food and Drug Administration. http://www.fda.gov/Food/GuidanceRegulation/GuidanceDocumentsRegulatoryInformation/Seafood/ucm265934.htm.
7. ``Mammography Quality Standards Act and Program, Facility
Certification and Inspection (MQSA).'' Food and Drug Administration.
http://www.fda.gov/Radiation-EmittingProducts/MammographyQualityStandardsActandProgram/AbouttheMammographyProgram/default.htm. Accessed on April 23, 2013. Last Modified 2012.
8. ``Import Alert 28-20 Detention Without Physical Examination of
Indian Pepper.'' http://www.accessdata.fda.gov/cms_ia/importalert_90.html. Accessed April 23, 2013. Last Modified 2011.
9. ``Memorandum of Understanding Between the Food and Drug
Administration, Department of Health and Human Services, United
States of America and the Ministry of Agriculture of the Republic of
France Covering Caseins, Caseinates, and Mixtures Thereof Exported
to the United States of America.'' Food and Drug Administration.
http://www.fda.gov/InternationalPrograms/Agreements/MemorandaofUnderstanding/ucm107563.htm. Accessed on April 23, 2013.
Last Modified 1987. ``Cooperative Arrangement with the Department of
Agriculture, Fisheries, and Food of Ireland Concerning Certification
Requirements for Caseins, Caseinates, and Mixtures Thereof Exported
from Ireland to the United States of America.'' Food and Drug
Administration. http://www.fda.gov/InternationalPrograms/Agreements/MemorandaofUnderstanding/ucm107596.htm. Accessed on April 23, 2013.
Last Modified 2010. ``Memorandum of Understanding Between the Food
and Drug Administration and the Royal Norwegian Ministry of
Agriculture Covering Rennet Casein Exported to the United States of
America.'' Food and Drug Administration. http://www.fda.gov/InternationalPrograms/Agreements/MemorandaofUnderstanding/ucm107618.htm. Accessed on April 23, 2013. Last Modified 1982.
10. Government Accountability Office. ``Food Safety: FDA Can Better
Oversee Food Imports by Assessing and Leveraging Other Countries'
Oversight Resources (GAO-12-933),'' 2012. http://www.gao.gov/assets/650/649010.pdf.
11. National Academies Press. ``Enhancing Food Safety: The Role of
the Food and Drug Administration,'' 2010. http://www.iom.edu/Reports/2010/Enhancing-Food-Safety-The-Role-of-the-Food-and-Drug-Administration.aspx.
12. ``Manufactured Foods Regulatory Program Standards.'' Food and
Drug Administration. http://www.fda.gov/downloads/RegulatoryInformation/Guidances/UCM125448.pdf. Accessed on April 23,
2013. Last Modified 2007.
13. ``Ensuring the Safety of Imported Foods and Animal Feed:
Comparability of Food Safety Systems and Import Practices of Foreign
Countries; Notice of Public Hearing; Request for Comments, 2011.''
Food and Drug Administration. http://www.fda.gov/Food/NewsEvents/WorkshopsMeetingsConferences/ucm243781.htm. Accessed on April 23,
2013.
14. ``Draft International Comparability Assessment Tool, 2010.''
Food and Drug Administration. http://www.fda.gov/downloads/Food/InternationalInteragencyCoordination/UCM331177.pdf. Accessed on
April 23, 2013.
15. ``Circular A-119 Federal Participation in the Development and
Use of Voluntary Consensus Standards and in Conformity Assessment
Activities, 1998.'' Office of Management and Budget. http://www.whitehouse.gov/omb/circulars_a119. Accessed on April 23, 2013.
16. ``Federal Participation in the Development and Use of Voluntary
Consensus Standards and in Conformity Assessment Activities; Request
for Information and Notice of Public Workshop, 2012.'' Office of
Management and Budget. http://www.regulations.gov/#!documentDetail;D=OMB-2012-0003-0001. Accessed on April 23, 2013.
17. ``ISO/IEC 17000:2004 Conformity assessment--Vocabulary and
General Principles.'' International Organization for
Standardization/International Electrotechnical Commission. Accessed
on April 23, 2013. Copies are available from the International
Organization for Standardization, 1, rue de Varembe, Case postale
56, CH-1211 Geneve 20, Switzerland, or on the Internet at http://www.iso.org/iso/catalogue_detail.htm?csnumber=29316 or may be
examined at the Division of Dockets Management (see ADDRESSES) (Ref.
Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66).
18. ``ISO/IEC 17011:2004 Conformity assessment--General requirements
for accreditation bodies accrediting conformity assessment bodies.''
International Organization for Standardization/International
Electrotechnical Commission. Accessed on April 23, 2013. Copies are
available from the International Organization for Standardization,
1, rue de Varembe, Case postale 56, CH-1211 Geneve 20, Switzerland,
or on the Internet at http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=29332 or may be examined at the
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
19. ``ISO/IEC 17021: 2006/2011 Conformity assessment--Requirements
for bodies providing audit and certification of management
systems.'' International Organization for Standardization/
International Electrotechnical Commission. Accessed on April 23,
2013. Last Modified 2011. Copies are available from the
International Organization for Standardization, 1, rue de Varembe,
Case postale 56, CH-1211 Geneve 20, Switzerland, or on the Internet
at http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=46568 or may be examined at the Division of
Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-2011-N-0146
and/or RIN 0910-AG66).
20. ``ISO/IEC Guide 65:1996 General requirements for bodies
operating product certification systems.'' International
Organization for Standardization/International Electrotechnical
Commission. Accessed on February 27, 2013. Copies are available from
the International Electrotechnical Commission, 3, rue de Varembe,
P.O. Box 131, CH-1211 Geneva 20--Switzerland, or on the Internet at
http://webstore.iec.ch/webstore/webstore.nsf/Artnum_PK/40140, or
may be examined at the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66).
``ISO/IEC 17065:2012 Conformity assessment--Requirements for bodies
certifying products, processes and services.'' International
Organization for Standardization/International Electrotechnical
Commission. Accessed on April 23, 2013. Copies are available from
the International Organization for Standardization, 1, rue de
Varembe, Case postale 56, CH-1211 Geneve 20, Switzerland, or on the
Internet at http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=46568 or may be examined at the
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
21. ``ISO/TS 22003:2007 Food safety management systems--Requirements
for bodies providing audit and certification of food safety
management systems.'' International Organization for
Standardization/International Electrotechnical Commission. Accessed
on April 23, 2013. Copies are available from the International
Organization for
[[Page 45825]]
Standardization, 1, rue de Varembe, Case postale 56, CH-1211 Geneve
20, Switzerland, or on the Internet at http://www.iso.org/iso/home/store/cataloguetc/catalogue_detail.htm?csnumber=39834 or may be
examined at the Division of Dockets Management (see ADDRESSES) (Ref.
Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66).
22. ``Enhancing Food Safety Through Third-Party Certification.''
Global Food Safety Initiative. http://www.mygfsi.com/technical-resources/global-regulatory-affairs-working-group.html. Accessed on
April 23, 2013. Last Modified 2011.
23. ``GFSI Guidance Document Sixth Edition, Version 6.2.'' Global
Food Safety Initiative. http://www.mygfsi.com/gfsifiles/GFSI_Guidance_Document_Sixth_Edition_Version_6.2.pdf. Accessed on
April 23, 2013. Last Modified 2012.
24. ``Accreditation Services,'' 2013. American National Standards
Institute. https://www.ansica.org/wwwversion2/outside/PROsectorprograms.asp?menuID=1. Accessed on April 23, 2013.
25. Food and Drug Administration. Analysis to examine the impacts of
the proposed rules for the Foreign Supplier Verification Program and
the Accreditation of Third-Party Auditors/Certification Bodies to
Conduct Food Safety Audits and to Issue Certifications under
Executive Order 12866, Executive Order 13563, the Regulatory
Flexibility Act (5 U.S.C. 601-612), the Unfunded Mandates Reform Act
of 1995 (Pub. L. 104-4), and the Paperwork Reduction Act of 1995 (44
U.S.C. 3501-3520), 2013. http://www.fda.gov/AboutFDA/ReportsManualsForms/Reports/EconomicAnalyses/default.htm. Accessed
on July 22, 2013.
26. Codex Alimentarius Commission. Principles for Food Import and
Export Inspection and Certification (CAC/GL 20-1995).
www.codexalimentarius.org/input/download/standards/37/CXG_020e.pdf.
Accessed on April 23, 2013.
27. ``Policy Memorandum, Certification of Grower Groups,'' 2011.
U.S. Department of Agriculture Agricultural Marketing Service
National Organic Program. http://www.ams.usda.gov/AMSv1.0/getfile?dDocName=STELPRDC5088955. Accessed on April 23, 2013.
28. ``NVCASE Program Handbook: Procedures for Obtaining NIST
Recognition as an Accreditor (NISTIR 6440),'' 2004. National
Institute for Standards and Technology. http://gsi.nist.gov/global/docs/NVCASE_Handbook.pdf. Accessed on April 23, 2013.
29. ``GFSI Requirements on the Application of ISO/IEC 17011:2004,''
2009. Global Food Safety Initiative. http://www.mygfsi.com/gfsifiles/GFSI_ISO_17011_Requirements_190209_Final_IAF.pdf.
Accessed April 23, 2013.
30. ``Multilateral Recognition Arrangement Documents (ML Series).''
International Accreditation Forum. http://www.iaf.nu/articles/MRA_Documents/39. Accessed April 23, 2013.
31. ``Letter to Interested Parties re: Draft WaterSense[supreg]
Program,'' 2007. Environmental Protection Agency. http://www.epa.gov/watersense/docs/cert_scheme_cover_letter508.pdf.
Accessed on April 23, 2013. ``WaterSense[supreg] Program, Product
Certification System, Version 2.0,'' 2011. Environmental Protection
Agency. http://www.epa.gov/watersense/docs/cert_system_508.pdf.
Accessed on April 23, 2013.
32. ``Global Standard for Food Safety, Issue 6,'' 2012. British
Retail Consortium. Copies are available from the British Retail
Consortium, Second Floor, 21 Dartmouth Street, London SW1H 9BP, or
on the Internet at http://www.brcglobalstandards.com/GlobalStandards/Standards/Food.aspx or may be examined at the
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
33. ``Recalls Background and Definitions.'' Food and Drug
Administration. http://www.fda.gov/Safety/Recalls/IndustryGuidance/ucm129337.htm. Accessed on April 23, 2013. Last Modified 2009.
34. McCarthy, A. and Food and Drug Administration. ``Memorandum:
Establishment of regulation to accredit third-party auditors and
laboratories as required by the Food Safety Modernization Act of
2011.''
List of Subjects
21 CFR Part 1
Cosmetics, Drugs, Exports, Food labeling, Imports, Labeling,
Reporting and recordkeeping requirements.
21 CFR Part 16
Administrative practice and procedure.
Therefore, under the Federal Food, Drug, and Cosmetic Act and under
authority delegated to the Commissioner of Food and Drugs, it is
proposed that 21 CFR parts 1 and 16 be amended as follows:
PART 1--GENERAL ENFORCEMENT REGULATIONS
0
1. The authority citation for 21 CFR part 1 is revised to read as
follows:
Authority: 15 U.S.C. 1453, 1454, 1455; 19 U.S.C. 1490, 1491; 21
U.S.C. 321, 331, 332, 333, 334, 335a, 343, 350c, 350d, 350k, 352,
355, 360b, 362, 371, 374, 381, 382, 384a, 384b, 384d, 393, 42 U.S.C.
216, 241, 243, 262, 264.
0
2. Add subpart M, consisting of Sec. Sec. 1.600 through 1.698, to read
as follows:
Subpart M--Accredited Third-Party Food Safety Audits and Food or
Facility Certification
1.600 What definitions apply to this subpart?
1.601 Who is subject to this subpart?
Recognition of Accreditation Bodies Under This Subpart
1.610 Who is eligible for recognition?
1.611 What legal authority must an accreditation body have to
qualify for recognition?
1.612 What competency and capacity must an accreditation body have
to qualify for recognition?
1.613 What protections against conflicts of interest must an
accreditation body have to qualify for recognition?
1.614 What quality assurance procedures must an accreditation body
have to qualify for recognition?
1.615 What records procedures must an accreditation body have to
qualify for recognition?
Requirements for Recognized Accreditation Bodies Under This Subpart
1.620 How must a recognized accreditation body assess third-party
auditors/certification bodies seeking accreditation?
1.621 How must a recognized accreditation body monitor the
performance of third-party auditors/certification bodies it
accredits?
1.622 How must a recognized accreditation body monitor its own
performance?
1.623 What reports and notifications must a recognized accreditation
body submit to FDA?
1.624 How must a recognized accreditation body protect against
conflicts of interest?
1.625 What records requirements must a recognized accreditation body
meet?
Procedures for Recognition of Accreditation Bodies Under This Subpart
1.630 How do I apply to FDA for recognition or renewal of
recognition?
1.631 How will FDA review applications for recognition and for
renewal of recognition?
1.632 What is the duration of recognition?
1.633 How will FDA monitor recognized accreditation bodies?
1.634 When will FDA revoke recognition?
1.635 How do I voluntarily relinquish recognition?
1.636 How do I request reinstatement of recognition?
Accreditation of Third-Party Auditors/Certification Bodies Under This
Subpart
1.640 Who is eligible for accreditation?
1.641 What legal authority must a third-party auditor/certification
body have to qualify for accreditation?
1.642 What competency and capacity must a third-party auditor/
certification body have to qualify for accreditation?
1.643 What protections against conflicts of interest must a third-
party auditor/certification body have to qualify for accreditation?
1.644 What quality assurance procedures must a third-party auditor/
certification body have to qualify for accreditation?
1.645 What records procedures must a third-party auditor/
certification body have to qualify for accreditation?
[[Page 45826]]
Requirements for Accredited Auditors/Certification Bodies Under This
Subpart
1.650 How must an accredited auditor/certification body ensure its
audit agents are competent and objective?
1.651 How must an accredited auditor/certification body conduct a
food safety audit of an eligible entity?
1.652 What must an accredited auditor/certification body include in
food safety audit reports?
1.653 What must an accredited auditor/certification body do when
issuing food or facility certifications?
1.654 When must an accredited auditor/certification body monitor an
eligible entity with food or facility certification?
1.655 How must an accredited auditor/certification body monitor its
own performance?
1.656 What reports and notifications must an accredited auditor/
certification body submit?
1.657 How must an accredited auditor/certification body protect
against conflicts of interest?
1.658 What records requirements must an accredited auditor/
certification body meet?
Procedures for Accreditation of Third-Party Auditors/Certification
Bodies Under This Subpart
1.660 Where do I apply for accreditation or renewal of accreditation
by a recognized accreditation body?
1.661 What is the duration of accreditation?
1.662 How will FDA monitor accredited auditors/certification bodies?
1.663 How do I request an FDA waiver or waiver extension for the 13-
month limit for audit agents conducting regulatory audits?
1.664 When can FDA withdraw accreditation?
1.665 How do I voluntarily relinquish accreditation?
1.666 How do I request reaccreditation?
Additional Procedures for Direct Accreditation of Third-Party Auditors/
Certification Bodies Under This Subpart
1.670 How do I apply to FDA for direct accreditation or renewal of
direct accreditation?
1.671 How will FDA review applications for direct accreditation and
for renewal of direct accreditation?
1.672 What is the duration of direct accreditation?
Requirements for Eligible Entities Under This Subpart
1.680 How and when will FDA monitor eligible entities?
1.681 How frequently must eligible entities be recertified?
General Requirements of This Subpart
1.690 How will FDA make information about recognized accreditation
bodies and accredited auditors/certification bodies available to the
public?
1.691 How do I request reconsideration of a denial by FDA of an
application or a waiver request?
1.692 How do I request internal agency review of a denial of an
application or waiver request upon reconsideration?
1.693 How do I request a regulatory hearing on a revocation of
recognition or withdrawal of accreditation?
Audits for Other Purposes
1.698 May importers use reports of regulatory audits by accredited
auditors/certification bodies for purposes of subpart L of this
part?
Subpart M--Accredited Third-Party Food Safety Audits and Food or
Facility Certification
Authority: 15 U.S.C. 1453, 1454, 1455; 19 U.S.C. 1490, 1491; 21
U.S.C. 321, 331, 332, 333, 334, 335a, 343, 350c, 350d, 350k, 352,
355, 360b, 362, 371, 374, 381, 382, 384a, 384b, 384d, 393, 42 U.S.C.
216, 241, 243, 262, 264.
Sec. 1.600 What definitions apply to this subpart?
(a) The FD&C Act means the Federal Food, Drug, and Cosmetic Act.
(b) Except as otherwise defined in paragraph (c) of this section,
the definitions of terms in section 201 of the FD&C Act apply when the
terms are used in this subpart.
(c) In addition, for the purposes of this subpart:
Accreditation means a determination by a recognized accreditation
body (or, in the case of direct accreditation, by FDA) that a third-
party auditor/certification body meets the applicable requirements of
this subpart, including the model accreditation standards.
Accreditation body means an authority that performs accreditation
of third-party auditors/certification bodies.
Accredited auditor/certification body means a third-party auditor/
certification body that a recognized accreditation body (or, in the
case of direct accreditation, FDA) has determined meets the applicable
requirements of this subpart and is authorized to conduct food safety
audits and to issue food or facility certifications to eligible
entities.
Audit means:
(1) With respect to an accreditation body, the systematic,
independent, and documented examination (through observation,
investigation, and records review) by FDA to assess the accreditation
body's authority, qualifications (including its expertise and training
program), and resources; its procedures for quality assurance,
conflicts of interest, and records; its performance in accreditation
activities; and its capability to meet the applicable requirements of
this subpart.
(2) With respect to a third-party auditor/certification body, the
systematic, independent, and documented examination (through
observation, investigation, and records review) by a recognized
accreditation body (or, in the case of direct accreditation, by FDA) to
assess the third-party auditor's/certification body's authority,
qualifications (including its expertise and training program), and
resources; its procedures for quality assurance, conflicts of interest,
and records; its performance in auditing and certification activities;
and its capability to meet the applicable requirements of this subpart;
and
(3) With respect to an eligible entity, the systematic,
independent, and documented examination (through observation,
investigation, records review, and as appropriate, sampling and
laboratory analysis) by an accredited auditor/certification body to
assess the entity, its facility, system(s), and food using audit
criteria for consultative or regulatory audits, including compliance
with any applicable requirements for preventative controls, sanitation,
monitoring, verification, corrective actions, and recalls, and, for
consultative audits, also includes an assessment of compliance with
applicable industry standards and practices.
Audit agent means an individual who is an employee or other agent
of an accredited auditor/certification body who, although not
individually accredited, is qualified to conduct food safety audits on
behalf of an accredited auditor/certification body. An audit agent
includes a contractor of the accredited auditor/certification body.
Certification body means a foreign government, agency of a foreign
government, foreign cooperative, or any other third party that is
eligible to be considered for accreditation to conduct food safety
audits and to certify that eligible entities meet applicable
requirements of the FD&C Act. A certification body may be a single
individual or an organization. A certification body may use audit
agents to conduct food safety audits. Certification body has the same
meaning as Third-party auditor as that term is defined in section 808
of the FD&C Act and in this subpart.
Consultative audit means an audit of an eligible entity:
(1) To determine whether such entity is in compliance with
applicable requirements of the FD&C Act and industry standards and
practices; and
(2) The results of which are for internal purposes only and cannot
be used to determine eligibility for a food or facility certification
issued under this subpart or in meeting the requirements
[[Page 45827]]
for an onsite audit of a foreign supplier under subpart L of this part.
Direct accreditation means accreditation of a third-party auditor/
certification body by FDA.
Eligible entity means a foreign entity that chooses to be subject
to a food safety audit by an accredited auditor/certification body.
Eligible entities include foreign facilities subject to the
registration requirements of subpart H of this part.
Facility means any structure, or structures of an eligible entity
under one ownership at one general physical location, or, in the case
of a mobile facility, traveling to multiple locations, that
manufactures/processes, packs, or holds food for consumption in the
United States. Transport vehicles are not facilities if they hold food
only in the usual course of business as carriers. A facility may
consist of one or more contiguous structures, and a single building may
house more than one distinct facility if the facilities are under
separate ownership. The private residence of an individual is not a
facility. Non-bottled water drinking water collection and distribution
establishments and their structures are not facilities.
Facility certification means an attestation, issued for purposes of
section 806 of the FD&C Act by an accredited auditor/certification
body, after conducting a regulatory audit and any other activities
necessary to establish that a facility meets the applicable
requirements of the FD&C Act.
Food certification means an attestation, issued for purposes of
section 801(q) of the FD&C Act by an accredited auditor/certification
body, after conducting a regulatory audit and any other activities
necessary to establish that a food meets the applicable requirements of
the FD&C Act.
Food safety audit means a regulatory audit or a consultative audit.
Foreign cooperative means an entity that aggregates food from
growers or processors that is intended for export to the United States.
Recognized accreditation body means an accreditation body that FDA
has determined meets the applicable requirements of this subpart and is
authorized to accredit third-party auditors/certification bodies under
this subpart.
Regulatory audit means an audit of an eligible entity:
(1) To determine whether such entity is in compliance with the
provisions of the FD&C Act; and
(2) The results of which are used in determining eligibility for
food certification under section 801(q) of the FD&C Act or facility
certification under section 806 of the FD&C Act, and may be used by an
importer in meeting the requirements for an onsite audit of a foreign
supplier under subpart L of this part.
Relinquishment means:
(1) With respect to an accreditation body, a decision to cede
voluntarily its authority to accredit third-party auditors/
certification bodies as a recognized accreditation body; and
(2) With respect to a third-party auditor/certification body, a
decision to cede voluntarily its authority to conduct food safety
audits and to issue food and facility certifications to eligible
entities.
Self-assessment means a systematic assessment conducted by an
accreditation body or by a third-party auditor/certification body to
determine whether it meets the applicable requirements of this subpart.
Third-party auditor means a foreign government, agency of a foreign
government, foreign cooperative, or any other third party that is
eligible to be considered for accreditation to conduct food safety
audits and to certify that eligible entities meet the applicable
requirements of the FD&C Act. A third-party auditor may be a single
individual or an organization. A third-party auditor may use audit
agents to conduct food safety audits. Third-party auditor has the same
meaning as Certification body as that term is defined in this subpart.
Sec. 1.601 Who is subject to this subpart?
(a) Accreditation bodies. Any accreditation body seeking
recognition from FDA to accredit third-party auditor/certification
bodies for conducting food safety audits and for issuing food and
facility certifications to eligible entities.
(b) Third-party auditors/certification bodies. Any third-party
auditor/certification body seeking accreditation from a recognized
accreditation body or direct accreditation by FDA for:
(1) Conducting food safety audits; and
(2) Issuing food and facility certifications that may be used in
satisfying a condition of admissibility of an article of food under
section 801(q) of the FD&C Act; or in meeting the eligibility
requirements for the Voluntary Qualified Importer Program under section
806 of the FD&C Act.
(c) Eligible entities. Any eligible entity seeking a food safety
audit or a food or facility certification from an accredited auditor/
certification body, except as provided in paragraph (d) of this
section.
(d) Limited exemptions from section 801(q) of the FD&C Act. (1) The
certification of food under section 801(q) of the FD&C Act does not
apply with respect to alcoholic beverages from an eligible entity that
is a facility that meets the following two conditions:
(i) Under the Federal Alcohol Administration Act (27 U.S.C. 201 et
seq.) or chapter 51 of subtitle E of the Internal Revenue Code of 1986
(26 U.S.C. 5001 et seq.), the facility is a foreign facility of a type
that, if it were a domestic facility, would require obtaining a permit
from, registering with, or obtaining approval of a notice or
application from the Secretary of the Treasury as a condition of doing
business in the United States; and
(ii) Under section 415 of the FD&C Act, the facility is required to
register as a facility because it is engaged in manufacturing/
processing one or more alcoholic beverages.
(2) Certification of food under section 801(q) of the FD&C Act does
not apply with respect to food other than alcoholic beverages that is
from a facility described in paragraph (d)(1) of this section, provided
such food:
(i) Is in prepackaged form that prevents any direct human contact
with such food; and
(ii) Constitutes not more than 5 percent of the overall sales of
the facility, as determined by the Secretary of the Treasury.
Recognition of Accreditation Bodies Under This Subpart
Sec. 1.610 Who is eligible for recognition?
An accreditation body is eligible for recognition by FDA if it can
demonstrate that it meets the requirements of Sec. Sec. 1.611 to
1.615.
Sec. 1.611 What legal authority must an accreditation body have to
qualify for recognition?
(a) An accreditation body seeking recognition must demonstrate that
it has the authority (as a governmental entity or through contractual
rights) to perform such assessments of a third-party auditor/
certification body as are necessary to determine its capability to
audit and certify food facilities and food, including authority to:
(1) Review any relevant records;
(2) Conduct onsite assessments of the performance of third-party
auditors/certification bodies, such as by witnessing the performance of
a statistically significant number of personnel and other agents
conducting assessments;
(3) Perform any reassessments or surveillance necessary to monitor
[[Page 45828]]
compliance of accredited auditors/certification bodies; and
(4) Suspend, withdraw, or reduce the scope of accreditation for
failure to comply with the requirements of accreditation.
(b) An accreditation body seeking recognition must demonstrate that
it is capable of exerting any authority necessary to meet the
requirements of recognition in Sec. Sec. 1.620 to 1.625 and the
procedures in Sec. Sec. 1.630, 1.635, and 1.636, if recognized.
Sec. 1.612 What competency and capacity must an accreditation body
have to qualify for recognition?
An accreditation body seeking recognition must demonstrate that it
has:
(a) The resources required to adequately implement its
accreditation program, including:
(1) Adequate numbers of personnel and other agents with relevant
knowledge, skills, and experience to effectively assess the
qualifications of third-party auditors/certification bodies seeking
accreditation and to effectively monitor the performance of third-party
auditors/certification bodies; and
(2) Adequate financial resources for its operations; and
(b) The capability to meet the assessment and monitoring
requirements of Sec. Sec. 1.620 and 1.621, the reporting and
notification requirements of Sec. 1.623, and the procedures in
Sec. Sec. 1.630, 1.631, 1.635, and 1.636, if recognized.
Sec. 1.613 What protections against conflicts of interest must an
accreditation body have to qualify for recognition?
An accreditation body must demonstrate that it has:
(a) Implemented written measures to protect against conflicts of
interest between the accreditation body (and its officers, personnel,
and other agents) and third-party auditors/certification bodies (and
their officers, personnel, and other agents) seeking accreditation
from, or accredited by, such accreditation body; and
(b) The capability to meet the conflict of interest requirements in
Sec. 1.624, if recognized.
Sec. 1.614 What quality assurance procedures must an accreditation
body have to qualify for recognition?
An accreditation body seeking recognition must demonstrate that it
has:
(a) Implemented a written program for monitoring and assessing the
performance of its officers, personnel and other agents and its
accreditation program, including procedures to:
(1) Identify areas in its accreditation program or performance that
need improvement; and
(2) Quickly execute appropriate corrective actions when problems
are found; and
(b) The capability to meet the quality assurance requirements of
Sec. 1.622, if recognized.
Sec. 1.615 What records procedures must an accreditation body have to
qualify for recognition?
An accreditation body seeking recognition must demonstrate that it
has:
(a) Implemented written procedures to establish, control, and
retain records (including documents and data) for the period of time
necessary to meet its contractual and legal obligations and to provide
an adequate basis for assessing its program and performance; and
(b) Is capable of meeting the reporting and notification
requirements of Sec. 1.623 and the records requirements of Sec.
1.625, if recognized.
Requirements for Recognized Accreditation Bodies Under This Subpart
Sec. 1.620 How must a recognized accreditation body assess third-
party auditors/certification bodies seeking accreditation?
(a) Prior to accrediting a third-party auditor/certification body
under this subpart, a recognized accreditation body must perform, at a
minimum, the following:
(1) In the case of a foreign government or an agency of a foreign
government, such reviews and audits of its food safety programs,
systems, and standards as are necessary to determine that it meets the
eligibility requirements of Sec. 1.640(b) and any requirements
specified in FDA model accreditation standards regarding qualifications
for accreditation, including legal authority, competency, capacity,
conflicts of interest, quality assurance, and records.
(2) In the case of a foreign cooperative that aggregates the
products of growers or processor or any other third-party seeking
accreditation as a third-party auditor/certification body, such reviews
and audits of the training and qualifications of audit agents used by
such cooperative or other third party and such reviews of internal
systems and any other investigation of the cooperative or other third
party necessary to determine that it meets the eligibility requirements
of Sec. 1.640(c) and any requirements specified in FDA model
accreditation standards regarding qualifications for accreditation,
including legal authority, competency, capacity, conflicts of interest,
quality assurance, and records.
(3) In conducting a review and audit under paragraph (a)(1) or
(a)(2) of this section, observe a statistically significant number of
onsite audits conducted by the third-party auditor/certification body
(or its audit agents) to assess compliance with the applicable
requirements of the FD&C Act.
(b) A recognized accreditation body must require a third-party
auditor/certification body, as a condition of accreditation under this
subpart, to comply with the reports and notification requirements of
Sec. Sec. 1.652 and 1.656 and to agree to submit electronic food and
facility certifications, in English, to FDA for purposes of sections
801(q) and 806 of the FD&C Act.
(c) A recognized accreditation body must maintain records on any
denial of accreditation (in whole or in part) and on any withdrawal,
suspension, or reduction in scope of accreditation of a third-party
auditor/certification body under this subpart. The records must include
the name and contact information for the third-party auditor/
certification body; the scope of accreditation denied, withdrawn,
suspended, or reduced; and the basis for such action.
(d) A recognized accreditation body must implement written
procedures for receiving and addressing appeals from any third-party
auditor/certification body challenging an adverse decision associated
with accreditation under this subpart and for investigating and
deciding on appeals in a fair and meaningful manner. The appeals
procedures must provide similar protections to those offered by FDA
under Sec. Sec. 1.692 and 1.693, including requirements to:
(1) Make the appeals procedures publicly available;
(2) Use competent, independent persons to investigate and decide
appeals;
(3) Advise third-party auditors/certification bodies of the final
decisions on their appeals; and
(4) Maintain records under Sec. 1.625 of appeals, final decisions
on appeals, and the bases for such decisions.
Sec. 1.621 How must a recognized accreditation body monitor the
performance of third-party auditors/certification bodies it accredits?
A recognized accreditation body must annually conduct a
comprehensive assessment of the performance of each auditor/
certification body it accredited under this subpart by reviewing the
auditor's/certification body's self-assessments (including information
on
[[Page 45829]]
compliance with the conflict of interest requirements of Sec. Sec.
1.643 and 1.657); its regulatory audit reports and notifications
submitted to FDA under Sec. 1.656; and any other information
reasonably available to the accreditation body:
(a) Regarding the compliance history of eligible entities it
certified; or
(b) That is otherwise relevant to a determination whether the
accredited auditor/certification body is in compliance with this
subpart.
Sec. 1.622 How must a recognized accreditation body monitor its own
performance?
(a) A recognized accreditation body must annually, and as required
under Sec. 1.664(g), conduct a self-assessment that includes
evaluation of:
(1) The performance of its officers, personnel, or other agents in
activities under this subpart and the degree of consistency among such
performances;
(2) The compliance of the accreditation body and its officers,
personnel, and other agents, with the conflict of interest requirements
of Sec. 1.624; and
(3) If requested by FDA, any other aspects of its performance
relevant to a determination whether the accreditation body is in
compliance with this subpart.
(b) As a means to evaluate the accreditation body's performance,
the self-assessment must include onsite observation of regulatory
audits by a statistically significant number of third-party auditors/
certification bodies it accredited under this subpart.
(c) Based on the evaluations conducted under paragraphs (a) and (b)
of this section, the accreditation body must:
(1) Identify any area(s) needing improvement;
(2) Quickly implement effective corrective action(s) to address
those area(s); and
(3) Establish and maintain records of such corrective action(s)
under Sec. 1.625.
(d) The accreditation body must prepare, and as required by Sec.
1.623(b) submit, a written report of the results of its self-assessment
that includes:
(1) A description of any corrective actions taken under paragraph
(c) of this section;
(2) A statement disclosing the extent to which the accreditation
body, and its officers, personnel, and other agents, complied with the
conflict of interest requirements in Sec. 1.624; and
(3) A statement attesting to the extent to which the accreditation
body complied with applicable requirements of this subpart.
Sec. 1.623 What reports and notifications must a recognized
accreditation body submit to FDA?
(a) Reporting results of assessments of certification body
performance. A recognized accreditation body must submit to FDA
electronically, in English, a report of the results of any assessment
conducted under Sec. 1.621, no later than 45 days after completing
such assessment. The report must include an up-to-date list of any
audit agent used by the accredited auditor/certification body to
conduct food safety audits under this subpart.
(b) Reporting results of accreditation body self-assessments. A
recognized accreditation body must submit to FDA electronically, in
English, a report of the results of an annual self-assessment required
under Sec. 1.622, no later than 45 days after completing such self-
assessment and, for a recognized accreditation body subject to Sec.
1.664(g)(1), must submit a report of such self-assessment to FDA within
2 months.
(c) Immediate notification to FDA. A recognized accreditation body
must notify FDA electronically, in English, immediately upon:
(1) Granting accreditation to an auditor/certification body under
this subpart, and include:
(i) The name, address, and telephone number of the auditor/
certification body;
(ii) The name of one or more officers of the auditor/certification
body;
(iii) A list of the auditor's/certification body's audit agents;
and
(iv) The scope of accreditation and the date on which it was
granted.
(2) Withdrawing, suspending, or reducing the scope of an
accreditation under this subpart, and include:
(i) The basis for such action; and
(ii) Any additional changes to accreditation information previously
submitted to FDA under paragraph (c)(1) of this section.
(3) Determining that an auditor/certification body it accredited
failed to comply with Sec. 1.653 in issuing a food or facility
certification under this subpart, and include:
(i) The basis for such determination; and
(ii) Any changes to accreditation information previously submitted
to FDA under paragraph (c)(1) of this section.
(d) Other notification to FDA. A recognized accreditation body must
notify FDA electronically, in English, within 30 days after:
(1) Denying accreditation (in whole or in part) under this subpart
and include:
(i) The name, address, and telephone number of the auditor/
certification body;
(ii) The name of one or more officers of the auditor/certification
body;
(iii) The scope of accreditation requested; and
(iv) The basis for such denial.
(2) Making any significant change that would affect the manner in
which it complies with the requirements in Sec. Sec. 1.610 to 1.625
and include:
(i) A description of the change; and
(ii) An explanation for the purpose of the change.
Sec. 1.624 How must a recognized accreditation body protect against
conflicts of interest?
(a) A recognized accreditation body must implement a written
program to protect against conflicts of interest between the
accreditation body (and its officers, personnel, and other agents) and
a third-party auditor/certification body (and its officers, personnel,
and other agents) seeking accreditation from, or accredited by, such
accreditation body, including the following:
(1) Ensuring that the accreditation body (and its officers,
personnel, or other agents) do not own or have a financial interest in,
manage, or otherwise control the third-party auditor/certification body
(or any affiliate, parent, or subsidiary); and
(2) Prohibiting officers, personnel, or other agents of the
accreditation body from accepting any money, gift, gratuity, or item of
value from the third-party auditor/certification body.
(3) The items specified in paragraph (a)(2) of this section do not
include:
(i) Money representing payment of fees for accreditation services
and reimbursement of direct costs associated with an onsite audit or
assessment of the third-party auditor/certification body; or
(ii) Meals, of de minimis value, provided on the premises where the
audit or assessment is conducted.
(b) The financial interests of the spouses and children younger
than 18 years of age of officers, personnel, and other agents of a
recognized accreditation body will be considered the financial
interests of such officers, personnel, and other agents of the
accreditation body.
(c) A recognized accreditation body must maintain on its Web site
an up-to-date list of the auditors/certification bodies it accredited
under this subpart and must identify the duration and scope of each
accreditation and date(s) on each the accredited auditor/certification
body paid any fee or reimbursement associated with such accreditation.
[[Page 45830]]
Sec. 1.625 What records requirements must a recognized accreditation
body meet?
(a) A recognized accreditation body must maintain electronically
for 5 years records (including documents and data), in English,
demonstrating its compliance with this subpart, including records
relating to:
(1) Applications for accreditation and renewal of accreditation
under Sec. 1.660;
(2) Decisions to grant, deny, suspend, withdraw, or reduce the
scope of an accreditation;
(3) Challenges to adverse accreditation decisions under Sec.
1.620(c);
(4) Its monitoring of accredited auditors/certification bodies
under Sec. 1.621;
(5) Self-assessments and corrective actions under Sec. 1.622;
(6) Regulatory audit reports, including any supporting information,
that an accredited auditor/certification body may have submitted; and
(7) Any reports or notifications to FDA under Sec. 1.623,
including any supporting information.
(b) A recognized accreditation body must make records required by
paragraph (a) of this section available for inspection and copying
promptly upon written request of an authorized FDA officer or employee
at the place of business of the accreditation body or at a reasonably
accessible location. If the records required by paragraph (a) of this
section are requested by FDA electronically, the records must be
submitted to FDA electronically, in English, not later than 10 business
days after the date of the request.
(c) A recognized accreditation body must not prevent or interfere
with FDA's access to its accredited auditors/certification bodies and
the auditor/certification body records required by Sec. 1.658.
Procedures for Recognition of Accreditation Bodies Under This Subpart
Sec. 1.630 How do I apply to FDA for recognition or renewal of
recognition?
(a) Applicant for recognition. An accreditation body seeking
recognition must submit an application demonstrating that it meets the
eligibility requirements in Sec. 1.610.
(b) Applicant for renewal of recognition. An accreditation body
seeking renewal of its accreditation must submit a renewal application
demonstrating that it continues to meet the eligibility requirements in
Sec. 1.610.
(c) Submission. Recognition and renewal applications and any
documents provided as part of the application process must be submitted
electronically, in English. An applicant must provide any translation
and interpretation services needed by FDA to process the application,
including during onsite audits or assessments of the applicant by FDA.
(d) Signature. Recognition and renewal applications must be signed
by the applicant or by any individual authorized to act on behalf of
the applicant for purposes of seeking recognition or renewal of
recognition.
Sec. 1.631 How will FDA review applications for recognition and for
renewal of recognition?
(a) FDA will review a recognition or renewal application on a first
in, first out basis according to the date on which the application was
submitted in complete form.
(b) FDA will evaluate any completed recognition or renewal
application to determine whether the applicant meets the eligibility
requirements in Sec. 1.610 and will notify the applicant, in writing,
whether the application has been approved or denied. FDA may make such
notification electronically.
(c) When FDA notifies an applicant that its recognition or renewal
application has been approved, the notification will list any
conditions associated with the recognition.
(d) If FDA denies a recognition or renewal application, the
notification will state the basis for such denial and will provide the
address and procedures for requesting reconsideration of the
application under Sec. 1.691.
(e) If FDA does not reach a final decision on a renewal application
before an accreditation body's recognition terminates by expiration,
FDA may extend such recognition for a specified period of time or until
the agency reaches a final decision on the renewal application.
Sec. 1.632 What is the duration of recognition?
FDA may grant recognition of an accreditation body for a period not
to exceed 5 years.
Sec. 1.633 How will FDA monitor recognized accreditation bodies?
(a) FDA will periodically evaluate the performance of each
recognized accreditation body to determine its compliance with the
applicable requirements of this subpart. Such evaluation must occur by
at least 4 years after the date of accreditation for a 5-year term of
recognition, or by no later than mid-term point for recognition granted
for less than 5 years. FDA may conduct additional performance
evaluations of a recognized accreditation body at any time.
(b) An FDA performance evaluation may include onsite assessments of
statistically significant numbers of auditors/certification bodies the
recognized accreditation body accredited and onsite audits of eligible
entities such auditors/certification bodies certified. These may be
conducted at any time, with or without the accreditation body or
auditor/certification body present.
Sec. 1.634 When will FDA revoke recognition?
(a) Grounds for revocation of recognition. FDA will revoke the
recognition of an accreditation body for any one or more of the
following:
(1) Refusal to allow FDA to access records required by Sec. 1.625,
or to conduct an audit, assessment, or investigation of the
accreditation body or of a third-party auditor/certification body it
accredited to ensure the accreditation body's continued compliance with
the requirements of this subpart.
(2) Failure to take timely and necessary corrective action when:
(i) The accreditation of an auditor/certification body it
accredited is withdrawn by FDA under Sec. 1.664(a);
(ii) A significant problem with the accreditation body is
identified through self-assessment under Sec. 1.622, monitoring under
Sec. 1.621, or self-assessment by one or more of its accredited
auditors/certification bodies under Sec. 1.655; or
(iii) Directed by FDA to ensure compliance with this subpart.
(3) A determination by FDA that the accreditation body has
committed fraud or has submitted material false statements to the
agency.
(4) A determination by FDA that there is otherwise good cause for
revocation, including:
(i) Demonstrated bias or lack of objectivity when conducting
activities under this subpart; or
(ii) Failure to adequately support one or more decisions to grant
accreditation under this subpart.
(b) Records request associated with revocation. To assist in
determining whether revocation is warranted under paragraph (a) of this
section, FDA may request records of the accreditation body required by
Sec. 1.625 or the records, required by Sec. 1.658, of one or more of
the auditors/certification bodies it accredited under this subpart.
(c) Notice to the accreditation body of revocation of recognition.
(1) Upon revocation, FDA will notify the accreditation body
electronically, in English, stating the grounds for revocation, the
procedures for requesting a regulatory hearing under
[[Page 45831]]
Sec. 1.693 on the revocation, and the procedures for requesting
reinstatement of recognition under Sec. 1.636.
(2) Within 10 business days of the date of revocation, the
accreditation body must notify FDA electronically, in English, of the
location where the records required by Sec. 1.625 will be maintained.
(d) Effect of revocation of recognition on accredited auditors/
certification bodies. (1) FDA will notify an accredited auditor/
certification body, electronically and in English, if the recognition
of its accreditation body is revoked. Such auditor's/certification
body's accreditation will remain in effect if the auditor/certification
body:
(i) No later than 2 months after the revocation, conducts a self-
assessment under Sec. 1.655 and reports the results of the self-
assessment to FDA under Sec. 1.656(b); and
(ii) No later than 1 year after the revocation, becomes accredited
by a recognized accreditation body or by FDA through direct
accreditation.
(2) FDA may withdraw the accreditation of a third-party auditor/
certification body whenever FDA determines there is good cause for
withdrawal of accreditation under Sec. 1.664.
(e) Effect of revocation of recognition on food or facility
certifications issued to eligible entities. A food or facility
certification issued by an auditor/certification body accredited by an
accreditation body prior to revocation of recognition will remain in
effect until the certificate terminates by expiration. If FDA has
reason to believe that a food certification issued for purposes of
section 801(q) of the FD&C Act is not valid or reliable, FDA may refuse
to consider the certification in determining the admissibility of the
article of food for which the certification was offered.
(f) Public notice of revocation and the status of accreditations
and food and facility certifications. FDA will provide notice on the
Web site described in Sec. 1.690 of the revocation of recognition of
an accreditation body under this subpart.
Sec. 1.635 How do I voluntarily relinquish recognition?
(a) An accreditation body that decides to relinquish recognition
before it terminates by expiration must notify FDA electronically, in
English, at least 6 months before relinquishing such authority and must
identify the location where the records required by Sec. 1.625 will be
maintained. An accreditation body waives the right to a hearing when
relinquishing its recognition under this subpart.
(b) No later than 15 business days after notifying FDA, the
accreditation body must notify any third-party auditor/accreditation
body currently accredited that it intends to relinquish its
recognition, specify the date on which it will occur. The accreditation
body must establish and maintain records of such notification under
Sec. 1.625.
(c) An accreditation granted by an accreditation body prior to
relinquishing its recognition will remain in effect, subject to
reaccreditation under Sec. 1.665, except where FDA determines that
there is good cause for withdrawal of accreditation under Sec. 1.664.
(d) A food certification issued by such accredited auditor/
certification body will remain in effect until it terminates by
expiration, unless FDA requires renewal of the certification under
section 801(q)(4)(A) of the FD&C Act prior to its expiration. If FDA
has reason to believe that a certification issued for purposes of
section 801(q) of the FD&C Act is not valid or reliable, FDA may refuse
to consider the certification in determining the admissibility of the
article of food for which the certification was offered.
(e) FDA will provide notice on the Web site described in Sec.
1.690 of the voluntary relinquishment of recognition of an
accreditation body. The notice will describe the effect, if any, on any
third-party auditor/certification body it accredited and on any food or
facility certifications such auditor/certification body issued under
this subpart.
Sec. 1.636 How do I request reinstatement of recognition?
(a) Application following revocation. An accreditation body that
has had its recognition revoked may seek reinstatement by submitting a
new application for recognition under Sec. 1.630, or may be required
to submit such application after a determination in a regulatory
hearing under Sec. 1.693 that revocation was appropriate. The
accreditation body must submit evidence that the grounds for revocation
have been resolved, including evidence addressing the cause or
conditions that were the basis for revocation and identifying measures
that have been implemented to help ensure that such cause(s) or
condition(s) are unlikely to recur.
(b) Application following relinquishment. An accreditation body
that previously relinquished its recognition under Sec. 1.635 may seek
recognition by submitting a new application for recognition under Sec.
1.630.
Accreditation of Third-Party Auditors/Certification Bodies Under This
Subpart
Sec. 1.640 Who is eligible for accreditation?
(a) A foreign government, agency of a foreign government, foreign
cooperative, or any other third party may seek accreditation from a
recognized accreditation body (or, where direct accreditation is
appropriate, FDA) to conduct food safety audits and to issue food and
facility certifications to eligible entities under this subpart.
(b) A foreign government or an agency of a foreign government is
eligible for accreditation if it can demonstrate that its food safety
programs, systems, and standards meet the requirements of Sec. Sec.
1.641 to 1.645, as specified in FDA model standards on qualifications
for accreditation, including legal authority, competency, capacity,
conflicts of interest, quality assurance, and records.
(c) A foreign cooperative or other third party is eligible for
accreditation if it can demonstrate that the training and
qualifications of its audit agents and its internal systems and
standards meet the requirements of Sec. Sec. 1.641 to 1.645, as
specified in FDA model standards on qualifications for accreditation,
including legal authority, competency, capacity, conflicts of interest,
quality assurance, and records.
Sec. 1.641 What legal authority must a third-party auditor/
certification body have to qualify for accreditation?
(a) A third-party auditor/certification body seeking accreditation
from a recognized accreditation body or from FDA must demonstrate that
it has the authority (as a governmental entity or through contractual
rights) to perform such assessments of facilities, their process(es),
and food(s) as are necessary to determine compliance with the FD&C Act
and with industry standards and practices and to issue certifications
where appropriate based on a review of the findings of such
assessments. This includes authority to:
(1) Review any relevant records;
(2) Conduct onsite audits of the eligible entity, such as
witnessing the performance of a statistically significant number of
personnel and other agents conducting audits of food facilities; and
(3) Suspend or withdraw certification for failure to comply with
applicable requirements.
(b) A third-party auditor/certification body seeking accreditation
must demonstrate that it is capable of exerting any authority necessary
to meet the requirements of accreditation in Sec. Sec. 1.650 to 1.658
and the procedures in Sec. Sec. 1.660, 1.663, 1.665, 1.666, and 1.670,
if accredited.
[[Page 45832]]
Sec. 1.642 What competency and capacity must a third-party auditor/
certification body have to qualify for accreditation?
A third-party auditor/certification body seeking accreditation must
demonstrate that it has:
(a) The resources necessary to fully implement its audit and
certification program, including:
(1) Adequate numbers of personnel and other agents with relevant
knowledge, skills, and experience to effectively audit and assess
compliance with applicable FDA requirements and industry standards and
practices and to issue valid and reliable certifications; and
(2) Adequate financial resources for its operations; and
(b) The competency and capacity to meet the requirements of
Sec. Sec. 1.650 to 1.658 and the procedures in Sec. Sec. 1.660,
1.663, 1.665, 1.666, and 1.670, if accredited.
Sec. 1.643 What protections against conflicts of interest must a
third-party auditor/certification body have to qualify for
accreditation?
A third-party auditor/certification body must demonstrate that it
has:
(a) Implemented written measures to protect against conflicts of
interest between the auditor/certification body (and its officers,
personnel, and other agents) and eligible entities (and their owners
and operators) seeking assessment and certification from, or assessed
and certified by, such auditor/certification body; and
(b) The capability to meet the conflict of interest requirements in
Sec. 1.657, if accredited.
Sec. 1.644 What quality assurance procedures must a third-party
auditor/certification body have to qualify for accreditation?
A third-party auditor/certification body seeking accreditation must
demonstrate that it has:
(a) Implemented a written program for monitoring and assessing the
performance of its officers, personnel, and other agents involved in
auditing and certification activities, including procedures to:
(1) Identify areas in its auditing and certification program or
performance that need improvement; and
(2) Quickly execute appropriate corrective actions when problems
are found; and
(b) The capability to meet the quality assurance requirements of
Sec. 1.655, if accredited.
Sec. 1.645 What records procedures must a third-party auditor/
certification body have to qualify for accreditation?
A third-party auditor/certification body seeking accreditation must
demonstrate that it:
(a) Implemented written procedures to establish, control, and
retain records (including documents and data) for a period of time
necessary to meet its contractual and legal obligations and to provide
an adequate basis for assessing its program and performance; and
(b) Is capable of meeting the reporting and notification
requirements of Sec. 1.656 and the records requirements of Sec.
1.658, if accredited.
Requirements for Accredited Auditors/Certification Bodies Under This
Subpart
Sec. 1.650 How must an accredited auditor/certification body ensure
its audit agents are competent and objective?
(a) An accredited auditor/certification body that uses audit agents
to conduct food safety audits must ensure that each such agent meets
the following requirements with respect to the scope of its
accreditation under this subpart:
(1) Has relevant knowledge and experience that provides an adequate
basis for the agent to assess compliance with the FD&C Act and, for
consultative audits, industry standards and practices;
(2) Has been determined by the accredited auditor/certification
body, through observations of a representative number of audits, to be
competent to conduct food safety audits under this subpart;
(3) Participates in annual food safety training under the
accredited auditor's/certification body's training plan;
(4) Is in compliance with the conflict of interest requirements of
Sec. 1.657 and has no other conflicts of interest with the eligible
entity to be audited that might impair the agent's objectivity; and
(5) Agrees to notify its accredited auditor/certification body
immediately upon discovering, during a food safety audit, any condition
that could cause or contribute to a serious risk to the public health.
(b) In assigning an audit agent to conduct a food safety audit at a
particular eligible entity, an accredited auditor/certification body
must determine that the agent is qualified to conduct such audit under
the criteria established in paragraph (a) of this section and based on
the scope and purpose of the audit and the type of facility, its
process(es), and food.
(c) An accredited auditor/certification body cannot use an audit
agent to conduct a regulatory audit at an eligible entity if such agent
conducted a consultative audit or regulatory audit for the same
eligible entity in the preceding 13 months, except that such limitation
may be waived if the accredited auditor/certification body demonstrates
to FDA, under Sec. 1.663, there is insufficient access to accredited
auditors/certification bodies in the country or region where the
eligible entity is located or in the country of export.
Sec. 1.651 How must an accredited auditor/certification body conduct
a food safety audit of an eligible entity?
(a) Audit planning. Before beginning to conduct a food safety audit
under this subpart, an accredited auditor/certification body must:
(1) Require the entity seeking an audit to:
(i) Identify the scope and purpose of the food safety audit,
including the facility, process(es), or food to be audited; whether the
audit is to be conducted as a consultative or regulatory audit, and if
a regulatory audit, the type(s) of certification(s) sought; and
(ii) Provide a 30-day operating schedule for such facility that
includes information relevant to the scope and purpose of the audit;
and
(2) Determine whether the requested audit is within its scope of
accreditation.
(b) Authority to audit. In arranging a food safety audit with an
eligible entity, an accredited auditor/certification body must ensure
it has authority, whether contractual or otherwise, to:
(1) Conduct an unannounced audit to verify whether the activities
and results of the eligible entity (within the scope of the audit)
comply with the applicable requirements of the FD&C Act and, for
consultative audits, industry standards and practices;
(2) Access any records and any area of the facility, its
process(es), and food of the eligible entity relevant to the scope and
purpose of such audit and, where appropriate, to issue food and
facility certifications;
(3) Where FDA requires sampling and analysis, use of validated
sampling or analytical methodologies and analysis by a laboratory that
is accredited, in accordance with the requirements of section 422 of
the FD&C Act;
(4) Notify FDA immediately if, at any time during a food safety
audit, the accredited auditor/certification body (or its audit agent,
where applicable) discovers a condition that could cause or contribute
to a serious risk to the public health and provide information required
by Sec. 1.656(c);
(5) Prepare reports of consultative audits that contain the
elements
[[Page 45833]]
specified in Sec. 1.652(a) and, for regulatory audits, prepare reports
that contain the elements specified in Sec. 1.652(b) and submit them
to FDA and to its accreditation body (where applicable) under Sec.
1.656(a); and
(6) Allow FDA and the recognized accreditation body that accredited
such third-party auditor/certification body, if any, to observe any
food safety audit for purposes of evaluating the accredited auditor's/
certification body's performance under Sec. Sec. 1.621 and 1.662 or,
where appropriate, the recognized accreditation body's performance
under Sec. Sec. 1.622 and 1.633.
(c) Audit protocols. An accredited auditor/certification body (or
its audit agent, where applicable) must conduct a food safety audit in
a manner consistent with the identified scope and purpose of the audit
and within the scope of its accreditation.
(1) The audit must be conducted without announcement during the 30-
day timeframe identified under paragraph (a)(1)(ii) of this section and
must be focused on the highest food safety risk(s) associated with the
facility, its process(es), and food within the scope of the audit.
(2) The audit must include records review; an onsite assessment of
the facility, its process(es), and the food that results from such
process(es); and where appropriate, environmental or product sampling
and analysis, using validated procedures (including sample integrity
procedures) and analysis performed by a laboratory accredited in
accordance with the requirements of section 422 of the FD&C Act. The
audit may include any other activities necessary to establish
compliance with the FD&C Act.
(3) The audit must be sufficiently rigorous to allow the accredited
auditor/certification body to determine whether the entity is in
compliance with the FD&C Act at the time of the audit; and for a
regulatory audit, whether the entity would be likely to remain in
compliance with the applicable requirements of the FD&C Act for at
least 12 months following the audit, provided that the facility and its
process(es) are properly maintained and implemented.
(4) Audit observations and assessments, including corrective
actions, must be documented and must be used to support the findings
contained in the audit report required by Sec. 1.652 and maintained as
a record of the accredited auditor/certification body under Sec.
1.658.
Sec. 1.652 What must an accredited auditor/certification body include
in food safety audit reports?
(a) Consultative audits. An accredited auditor/certification body
must prepare a report of a consultative audit, in English, not later
than 45 days after completing such audit and must maintain such report
under Sec. 1.658. A consultative audit report must include:
(1) The name and address of the facility subject to audit and the
name and address of the eligible entity, if different from the
facility;
(2) A unique facility identifier, as required by FDA, for the
facility and for the eligible entity, if different from the facility;
(3) The names and telephone numbers of the persons responsible for
food safety compliance at the facility;
(4) The dates and scope of the audit; and
(5) Any deficiencies observed that require corrective action, the
corrective action plan, and the date on which such corrective actions
were completed. Such audit report must be maintained as a record under
Sec. 1.658 and must be made available to FDA under Sec. 1.361.
(b) Regulatory audits. An accredited auditor/certification body
must, no later than 45 days after completing a regulatory audit,
prepare and submit electronically, in English, to FDA and to its
accreditation body (or, in the case of direct accreditation, only to
FDA) a report of such regulatory audit that includes the following
information:
(1) The identity of the audited facility, including:
(i) The name and address of the facility subject to audit and a
unique facility identifier, as required by FDA; and
(ii) Where applicable, the FDA registration number assigned to the
facility under subpart H of this part;
(2) The identity of the eligible entity, including the name,
address, and unique facility identifier, as required by FDA, of the
eligible entity (if different than that of facility);
(3) The dates and scope of the regulatory audit;
(4) The process(es) and food(s) observed during such audit;
(5) The identity of the person(s) responsible for the facility's
compliance with the applicable requirements of the FD&C Act;
(6) Any deficiencies observed during the audit that present a
reasonable probability that the use of or exposure to a violative
product:
(i) Will cause serious adverse health consequences or death; or
(ii) May cause temporary or medically reversible adverse health
consequences or where the probability of serious adverse health
consequences is remote;
(7) The corrective action plan for addressing each deficiency
identified under paragraph (b)(6) of this section, unless corrective
action was implemented immediately and verified onsite by the
accredited auditor/certification body (or its audit agent);
(8) Whether any sampling and laboratory analysis (e.g., under a
microbiological sampling plan) is used in the facility;
(9) Whether the entity has issued a food safety-related recall of
an article of food from the facility during the 2 years preceding the
audit and, if so, any such article(s) recalled and the reason(s) for
the recall(s);
(10) Whether the entity has made significant changes to the
facility, its process(es), or products during the 2 years preceding the
audit; and
(11) Any food or facility certifications issued to the entity
during the 2 years preceding the audit, including the scope and
duration of each such certification.
(c) Submission of regulatory audit report. An accredited auditor/
certification body must submit a completed regulatory audit report as
required by paragraph (b) of this section, regardless of whether the
food or facility certification was issued under this subpart.
(d) Appeals of adverse regulatory audit results. An accredited
auditor/certification body must implement written procedures for
receiving and addressing appeals from eligible entities challenging
adverse regulatory audit results and for investigating and deciding on
appeals in a fair and meaningful manner. The appeals procedures must
provide similar protections to those offered by FDA under Sec. Sec.
1.692 and 1.693, including requirements to:
(1) Make the appeals procedures publicly available;
(2) Use qualified persons, different from those involved in the
subject of the appeal, to investigate and decide on an appeal;
(3) Advise the eligible entity of the final decision on its appeal;
and
(4) Maintain records under Sec. 1.658 of the appeal, the final
decision, and the basis for such decision.
Sec. 1.653 What must accredited auditor/certification body do when
issuing food or facility certifications?
(a) Basis for issuance of a food or facility certification. (1)
Prior to issuing a food or facility certification to an eligible
entity, an accredited auditor/certification body (or an audit agent on
its behalf) must complete a regulatory
[[Page 45834]]
audit that meets the requirements of Sec. 1.651 and any other
activities that may be necessary to establish compliance with
applicable requirements of the FD&C Act.
(2) If, as a result of an observation during a regulatory audit, an
eligible entity must implement a corrective action plan to address an
observation, an accredited auditor/certification body may not issue a
food or facility certification to such entity until after the
accredited auditor/certification body verifies that eligible entity has
implemented the corrective action plan through onsite observation,
except for corrective actions taken to address recordkeeping
deficiencies that may be verified through submission of records or
through assurances by the eligible entity.
(3) An accredited auditor/certification body must consider each
observation and assessment made during a regulatory audit and other
activities conducted under Sec. 1.651 to determine whether the entity
was in compliance with the applicable requirements of the FD&C Act at
the time of the audit and whether the entity would be likely to remain
in compliance for the duration of a food or facility certification
issued under this subpart.
(4) A single regulatory audit may result in issuance of one or more
food or facility certifications under this subpart, provided that the
requirements of issuance are met as to each such certification.
(5) Where an accredited auditor/certification body uses an audit
agent to conduct a regulatory audit of an eligible entity under this
subpart, the accredited auditor/certification body (and not the audit
agent) must make the determination whether to issue a food or facility
certification based on the results of such regulatory audit.
(b) Issuance of a food or facility certification and submission to
FDA. (1) For purposes of submission to FDA under this subpart, an
accredited auditor/certification body must issue a food or facility
certification electronically and in English. The accredited auditor/
certification body must not issue a food or facility certification
under this subpart for a term that is longer than 12 months.
(2) A food or facility certification must contain, at a minimum,
the following elements:
(i) The name and address of the accredited auditor/certification
body and the scope and date of its accreditation under this subpart;
(ii) The name, address, and unique facility identifier, as required
by FDA, of the eligible entity to which the food or facility
certification was issued;
(iii) The name, address, and unique facility identifier, as
required by FDA, of the facility where the audit was conducted, if
different than the eligible entity;
(iv) The scope and date(s) of the audit;
(v) The name of the audit agent(s) (where applicable) conducting
the audit;
(vi) The scope of the food or facility certification, date of
issuance, and date of expiration.
(3) FDA may refuse to accept any food certification or other
assurance for food issued by an accredited auditor/certification body
for purposes of section 801(q) of the FD&C Act, if FDA determines,
under section 801(q)(4)(B), that such food certification or assurance
was not validly issued or does not reliably demonstrate that the food
is in compliance with the applicable requirements of the FD&C Act,
including the following:
(i) That the food certification or assurance is offered in support
of the admissibility of a food that was not within the scope of the
certification or assurance; and
(ii) That the food certification was issued by an accredited
auditor/certification body acting outside the scope of its
accreditation under this subpart.
Sec. 1.654 When must an accredited auditor/certification body monitor
an eligible entity with food or facility certification?
If an accredited auditor/certification body has reason to believe
that an eligible entity to which it issued a food or facility
certification may no longer be in compliance with the applicable
requirements of the FD&C Act, the accredited auditor/certification body
must conduct any monitoring (including an onsite assessment) of such
eligible entity necessary to determine whether the entity is in
compliance. The accredited auditor/certification body must immediately
notify FDA, under Sec. 1.656(d), if it determines the entity is no
longer in compliance with the applicable requirements of the FD&C Act.
The accredited auditor/certification body must maintain records of such
monitoring under Sec. 1.658.
Sec. 1.655 How must an accredited auditor/certification body monitor
its own performance?
(a) An accredited auditor/certification body must annually, and as
required under Sec. 1.634(d)(1)(i) or upon FDA request made for cause,
conduct a self-assessment that includes evaluation of:
(1) The performance of its officers, personnel, or other agents in
activities under this subpart, including assessing whether its audit
agents focused on the most significant risks to human and/or animal
health when conducting food safety audits of facilities involved in the
production, manufacturing, processing, packing, or holding of food;
(2) The degree of consistency among its officers, personnel, or
other agents in performing activities under this subpart, including
assessing whether its audit agents interpreted audit protocols in a
consistent manner;
(3) The compliance of the accredited auditor/certification body and
its officers, personnel, and other agents, with the conflict of
interest requirements of Sec. 1.657;
(4) Actions taken in response to the results of any assessments
conducted by FDA or, where applicable, the recognized accreditation
body under Sec. 1.621; and
(5) As requested by FDA, any other aspects of its performance
relevant to a determination whether the accredited auditor/
certification body is in compliance with this subpart.
(b) As a means to evaluate its performance, the accredited auditor/
certification body may evaluate the compliance of one or more of
eligible entities to which food or facility certification was issued
under this subpart.
(c) Based on the evaluations conducted under paragraphs (a) and (b)
of this section, the accredited auditor/certification body must:
(1) Identify any area(s) needing improvement;
(2) Quickly implement effective corrective action(s) to address
those area(s); and
(3) Under Sec. 1.658, establish and maintain records of such
corrective action(s).
(d) The accredited auditor/certification body must prepare a
written report, in English, of the results of its self-assessment that
includes:
(1) A description of any corrective action(s) taken under paragraph
(c) of this section;
(2) A statement disclosing the extent to which the accredited
auditor/certification body, and its officers, personnel, and other
agents complied with the conflict of interest requirements in Sec.
1.657; and
(3) A statement attesting to the extent to which the accredited
auditor/certification body complied with the applicable requirements of
this subpart.
Sec. 1.656 What reports and notifications must an accredited auditor/
certification body submit?
(a) Reporting results of regulatory audits. An accredited auditor/
[[Page 45835]]
certification body must submit a regulatory audit report, as described
in Sec. 1.652(b), electronically, in English, to FDA and to the
accreditation body that granted its accreditation (where applicable),
no later than 45 days after completing such audit.
(b) Reporting results of accredited auditor/certification body
self-assessments. An accredited auditor/certification body must submit
the report of its annual self-assessment required by Sec. 1.655
electronically to its accreditation body (or, in the case of direct
accreditation, FDA), within 45 days of the anniversary date of its
accreditation under this subpart and, for an accredited auditor/
certification body subject to Sec. 1.634(d)(1)(i) or an FDA request
for cause, must submit the report of its self-assessment to FDA within
2 months. Such report must include an up-to-date list of any audit
agents it uses to conduct audits under this subpart.
(c) Notification to FDA of a serious risk to public health. An
accredited auditor/certification body must immediately notify FDA
electronically, in English, when any of its audit agents or the
accredited auditor/certification body itself, discovers any condition,
found during a regulatory or consultative audit of an eligible entity,
which could cause or contribute to a serious risk to the public health,
providing the following information:
(1) The name and address of the eligible entity subject to the
audit;
(2) The name and address of the facility where the condition was
discovered (if different from that of the eligible entity) and, where
applicable, the FDA registration number assigned to the facility under
subpart H of this part; and
(3) The condition for which notification is submitted.
(d) Immediate notification to FDA of withdrawal or suspension of
food or facility certification. An accredited auditor/certification
body must notify FDA electronically, in English, immediately upon
withdrawing or suspending the food or facility certification of an
eligible entity and the basis for such action.
(e) Notification to its accreditation body or an eligible entity.
(1) After notifying FDA under paragraph (c) of this section, an
accredited auditor/certification body must immediately notify the
eligible entity of such condition and must immediately thereafter
notify the accreditation body that granted its accreditation, except
for auditors/certification bodies directly accredited by FDA.
(2) An accredited auditor/certification body must notify its
accreditation body (or, in the case of direct accreditation, FDA)
electronically, in English, within 30 days after making any significant
change that would affect the manner in which it complies with the
requirements of Sec. Sec. 1.640 to 1.658, and must include with such
notification the following information:
(i) A description of the change; and
(ii) An explanation for the purpose of the change.
Sec. 1.657 How must an accredited auditor/certification body protect
against conflicts of interest?
(a) An accredited auditor/certification body must implement a
written program to protect against conflicts of interest between the
accredited auditor/certification body (and its officers, personnel, and
agents) and an eligible entity seeking a food safety audit or food or
facility certification from, or audited or certified by, such
accredited auditor/certification body, including the following:
(1) Ensuring that the accredited auditor/certification body and its
officers, personnel, or agents (other than audit agents subject to
paragraph (a)(2) of this section) do not own or have a financial
interest in, manage, or otherwise control an eligible entity to be
certified, or any affiliate, parent, or subsidiary of the entity;
(2) Ensuring that an audit agent of the accredited auditor/
certification body does not own or operate an eligible entity, or any
affiliate, parent, or subsidiary of the entity, to be subject to
consultative or regulatory audit by such agent; and
(3) Prohibiting an officer, employee, or other agent of the
accredited auditor/certification body from accepting any money, gift,
gratuity, or item of value from the eligible entity to be audited or
certified under this subpart.
(4) The items specified in paragraph (a)(3) of this section do not
include:
(i) Money representing payment of fees for accreditation services
and reimbursement of direct costs associated with an onsite audit or
assessment of the third-party auditor/certification body; or
(ii) Meals, of de minimis value, provided on the premises where the
audit or assessment is conducted.
(b) An accredited auditor/certification body may accept the payment
of fees for auditing and certification services and the reimbursement
of direct costs associated with an audit of an eligible entity only
after the date on which the report of such audit was completed or the
date a food or facility certification was issued, whichever is later.
Such payment is not considered a conflict of interest for purposes of
paragraph (a) of this section.
(c) The financial interests of the spouses and children younger
than 18 years of age of officers, personnel, and other agents of an
accredited auditor/certification body will be considered the financial
interests of such officers, personnel, and other agents of the
accredited auditor/certification body for purposes of this subpart.
(d) An accredited auditor/certification body must maintain on its
Web site an up-to-date list of the eligible entities to which it has
issued food or facility certifications under this subpart. For each
such eligible entity, the Web site also must identify the duration and
scope of the food or facility certification and date(s) on which the
eligible entity paid the accredited auditor/certification body any fee
or reimbursement associated with such audit or certification.
Sec. 1.658 What records requirements must an accredited auditor/
certification body meet?
(a) An accredited auditor/certification body must maintain
electronically for 4 years records (including documents and data), in
English, that document compliance with this subpart, including:
(1) Any audit report and other documents resulting from a
consultative audit conducted under this subpart, including the audit
agent's observations, laboratory testing records and results (as
applicable), correspondence with the eligible entity, and corrective
actions to address deficiencies identified during the audit;
(2) Any request for a regulatory audit from an eligible entity;
(3) Any audit report and other documents resulting from a
regulatory audit conducted under this subpart, including the audit
agent's observations, laboratory testing records and results (as
applicable), correspondence with the eligible entity, and corrective
actions to address deficiencies identified during the audit;
(4) Any notification submitted by an audit agent to the accredited
auditor/certification body under Sec. 1.650(a)(5) or by the accredited
auditor/certification body to FDA under Sec. 1.656(c);
(5) Any food or facility certification issued under this subpart;
(6) Any challenge to an adverse regulatory audit decision and the
disposition of the challenge;
(7) Any monitoring it conducted of an eligible entity to which food
or facility certification was issued;
[[Page 45836]]
(8) Its self-assessments and corrective actions taken as a result;
and
(9) Significant changes to the auditing or certification program
that might affect compliance with this subpart.
(b) An accredited auditor/certification body must make the records
of a consultative audit required by paragraph (a)(1) of this section
available to FDA in accordance with the requirements of subpart J of
this chapter.
(c) An accredited auditor/certification body must make the records
required by paragraphs (a)(2) to (a)(9) of this section available for
inspection and copying promptly upon written request of an authorized
FDA officer or employee at the place of business of the auditor/
certification body or at a reasonably accessible location. If such
records are requested by FDA electronically, the records must be
submitted electronically, in English, not later than 10 business days
after the date of the request.
Procedures for Accreditation of Third-Party Auditors/Certification
Bodies Under This Subpart
Sec. 1.660 Where do I apply for accreditation or renewal of
accreditation by a recognized accreditation body?
Except as allowed under Sec. 1.670, a third-party auditor/
certification body seeking accreditation must submit its request for
accreditation or renewal of accreditation to an accreditation body
recognized by FDA under this subpart and identified on the Web site
described in Sec. 1.690.
Sec. 1.661 What is the duration of accreditation?
A recognized accreditation body may grant accreditation to a third-
party auditor/certification body under this subpart for a period not to
exceed 4 years.
Sec. 1.662 How will FDA monitor accredited auditors/certification
bodies?
(a) FDA will periodically evaluate the performance of each auditor/
certification body accredited under this subpart to determine whether
the accredited auditor/certification body continues to comply with the
requirements of Sec. Sec. 1.640 to 1.658 and whether there are
deficiencies in the performance of the accredited auditor/certification
body that, if not corrected, would warrant withdrawal of its
accreditation under this subpart. FDA will evaluate each directly
accredited auditor/certification body annually. FDA will evaluate an
accredited auditor/certification body annually evaluated by a
recognized accreditation body under Sec. 1.621 by not later than 3
years after the date of accreditation for a 4-year term of
accreditation, or by no later than the mid-term point for accreditation
granted for less than 4 years. FDA may conduct additional performance
evaluations of an accredited auditor/certification body at any time.
(b) In evaluating the performance of an accredited auditor/
certification body under paragraph (a) of this section, FDA may review
any one or more of the following:
(1) Regulatory audit reports and food and facility certifications;
(2) The accredited auditor's/certification body's annual self-
assessments under Sec. 1.655;
(3) Reports of assessments by a recognized accreditation body under
Sec. 1.621, where applicable;
(4) Documents and other information regarding the accredited
auditor's/certification body's authority, qualifications (including the
expertise and training of its audit agents), conflict of interest
program, internal quality assurance program, and monitoring by its
accreditation body (or, in the case of direct accreditation, FDA); and
(5) Information obtained by FDA, including during inspections,
audits, onsite observations, or investigations, of one or more eligible
entities to which food or facility certification was issued by such
accredited auditor/certification body.
(c) FDA may conduct its evaluation of an accredited auditor/
certification body through onsite observations of performance during a
food safety audit of an eligible entity or through document review.
Sec. 1.663 How do I request an FDA waiver or waiver extension for the
13-month limit for audit agents conducting regulatory audits?
(a) An accredited auditor/certification body may submit a request
to FDA to waive the requirements of Sec. 1.650(c) preventing an audit
agent from conducting a regulatory audit of an eligible entity if the
agent has conducted a food safety audit of such entity during the
previous 13 months. The auditor/certification body seeking a waiver or
waiver extension must demonstrate there is insufficient access to
accredited auditors/certification bodies in the country or region where
the eligible entity is located.
(b) Requests for a waiver or waiver extension and all documents
provided in support of the request must be submitted to FDA
electronically, in English. The requestor must provide such translation
and interpretation services as are needed by FDA to process the
request.
(c) The request must be signed by the requestor or by any
individual authorized to act on behalf of the requestor for purposes of
seeking such waiver or waiver extension.
(d) FDA will review requests for waivers and waiver extensions on a
first in, first out basis according to the date on which the submission
was completed. FDA will evaluate any completed waiver request to
determine whether the criteria for waiver have been met.
(e) FDA will notify the requestor, in writing, whether the request
for a waiver or waiver extension is approved or denied. Such
notification may be made electronically.
(f) If FDA approves the request, the notification will state the
duration of the waiver and list any conditions associated with it. If
FDA denies the request, the notification will state the basis for
denial and will provide the address and procedures for requesting
reconsideration of the request under Sec. 1.691.
(g) Unless FDA notifies a requestor that its waiver request has
been approved, an accredited auditor/certification body must not use
the agent to conduct a regulatory audit of such eligible entity until
the 13-month limit in Sec. 1.650(a) has elapsed.
Sec. 1.664 When can FDA withdraw accreditation?
(a) Mandatory withdrawal. FDA will withdraw accreditation from an
auditor/certification body:
(1) Except as provided in paragraph (b) of this section, if the
food or facility certified under this subpart is linked to an outbreak
of foodborne illness that has a reasonable probability of causing
serious adverse health consequences or death in humans or animals;
(2) Following an evaluation and finding by FDA that the auditor/
certification body no longer meets the requirements for accreditation;
or
(3) Following its refusal to allow FDA to access records under
Sec. 1.658 or to conduct an audit, assessment, or investigation
necessary to ensure continued compliance with this subpart.
(b) Exception. FDA may waive mandatory withdrawal under paragraph
(a)(1) of this section, if FDA:
(1) Conducts an investigation of the material facts related to the
outbreak of human or animal illness;
(2) Reviews the steps or actions taken by the accredited auditor/
certification body to justify the food or facility certification; and
(3) Determines that the accredited auditor/certification body
satisfied the
[[Page 45837]]
requirements for issuance of certification under sections 801(q) or 806
of the FD&C Act, as applicable, and under this subpart.
(c) Discretionary withdrawal. FDA may withdraw accreditation from
an auditor/certification body when such auditor/certification body is
accredited by an accreditation body for which recognition is revoked
under Sec. 1.634, if FDA determines there is good cause for
withdrawal, including:
(1) Demonstrated bias or lack of objectivity when conducting
activities under this subpart; or
(2) Performance that calls into question the validity or
reliability of its food safety audits and food and facility
certifications.
(d) Records access. FDA may request records of the accredited
auditor/certification body under Sec. 1.658 and, where applicable, may
request records of the recognized accreditation body under Sec. 1.625,
when considering withdrawal under paragraphs (a)(1), (a)(2), or (c) of
this section.
(e) Notice to the auditor/certification body of withdrawal of
accreditation. (1) FDA will notify the auditor/certification body of
the withdrawal electronically, in English, stating the grounds for
withdrawal, the procedures for requesting a regulatory hearing under
Sec. 1.693 on the withdrawal, and the procedures for requesting
reaccreditation under Sec. 1.666.
(2) Within 10 business days of the date of withdrawal, the auditor/
certification body must notify FDA electronically, in English, of the
location where the records will be maintained as required by Sec.
1.658.
(f) Effect of withdrawal of accreditation on eligible entities. A
food or facility certification issued by third-party auditor/
certification body prior to withdrawal will remain in effect until the
certification terminates by expiration. If FDA has reason to believe
that a food certification issued for purposes of section 801(q) of the
FD&C Act is not valid or reliable, FDA may refuse to consider the
certification in determining the admissibility of the article of food
for which the certification was offered.
(g) Effect of withdrawal of accreditation on recognized
accreditation bodies. (1) FDA will notify a recognized accreditation
body, electronically and in English, if the accreditation of one of its
auditors/certification bodies is withdrawn. Such accreditation body's
recognition will remain in effect if, no later than 2 months after
withdrawal, the accreditation body conducts a self-assessment under
Sec. 1.622 and reports the results of the self-assessment to FDA as
required by Sec. 1.623(b).
(2) FDA may revoke the recognition of such accreditation body
whenever FDA determines there is good cause for revocation of
recognition under Sec. 1.634.
(h) Public notice of withdrawal and the status of recognition and
food and facility certifications. FDA will provide notice on the Web
site described in Sec. 1.690 of its withdrawal of accreditation of an
auditor/certification body under this subpart.
Sec. 1.665 How do I voluntarily relinquish accreditation?
(a) An accredited auditor/certification body that decides to
relinquish accreditation before it terminates by expiration must notify
the accreditation body (where applicable) and must notify FDA
electronically, in English, at least 6 months before relinquishing such
authority. The notice must identify the location where the records will
be maintained as required by Sec. 1.658. A third-party auditor/
certification body waives the right to a hearing when relinquishing its
accreditation under this subpart.
(b) No later than 15 business days after notifying FDA under
paragraph (a) of this section, the accredited auditor/certification
body must notify any eligible entity to which it issued food or
facility certification under this subpart.
(c) A food or facility certification issued by an accredited
auditor/certification body prior to relinquishing its accreditation
will remain in effect until terminated by expiration. If FDA has reason
to believe that a certification issued for purposes of section 801(q)
of the FD&C Act is not valid or reliable, FDA may refuse to consider
the certification in determining the admissibility of the article of
food for which the certification was offered.
(d) FDA will provide notice on the Web site described in Sec.
1.690 of the voluntary relinquishment of accreditation by an auditor/
certification body.
Sec. 1.666 How do I request reaccreditation?
(a) Application following withdrawal. FDA will reinstate the
accreditation of an auditor/certification body for which it has
withdrawn accreditation:
(1) If, in the case of direct accreditation, FDA determines, based
on evidence presented by the auditor/certification body, that the
auditor/certification body satisfies the requirements for accreditation
and adequate grounds for withdrawal no longer exist; or
(2) In the case of an auditor/certification body accredited by an
accreditation body for which recognition has been revoked under Sec.
1.634:
(i) If the auditor/certification body becomes accredited by a
recognized accreditation body or by FDA through direct accreditation
not later than 1 year after withdrawal of accreditation; or
(ii) Under such conditions as FDA may impose in withdrawing
accreditation.
(b) Application following relinquishment. An auditor/certification
body that previously relinquished its accreditation under Sec. 1.665
may seek accreditation by submitting a new application for
accreditation under Sec. 1.660 or, where applicable, Sec. 1.670.
Additional Procedures for Direct Accreditation of Third-Party Auditors/
Certification Bodies Under This Subpart
Sec. 1.670 How do I apply to FDA for direct accreditation or renewal
of direct accreditation?
(a) Eligibility. (1) FDA will accept applications from third-party
auditors/certification bodies for direct accreditation or renewal of
direct accreditation only if FDA determines that it has not identified
and recognized an accreditation body to meet the requirements of
section 808 of the FD&C Act within 2 years after establishing the
accredited third-party audits and certification program. Such FDA
determination may apply, as appropriate, to specific types of auditor/
certification bodies, types of expertise, or geographic location; or
through identification by FDA of any requirements of section 808 of the
FD&C Act not otherwise met by previously recognized accreditation
bodies. FDA will only accept applications for direct accreditation and
renewal applications that are within the scope of the determination.
(2) FDA may revoke or modify a determination under paragraph (a)(1)
of this section if FDA subsequently identifies and recognizes an
accreditation body that affects such determination.
(3) FDA will provide notice on the Web site described in Sec.
1.690 of a determination under paragraph (a)(1) of this section and of
a revocation or modification of the determination under paragraph
(a)(2) of this section.
(b) Application for direct accreditation or renewal of direct
accreditation. (1) An auditor/certification body seeking direct
accreditation or renewal of direct accreditation must submit an
application to FDA, demonstrating that it is within the scope of the
[[Page 45838]]
determination issued under paragraph (a) of this section, and it meets
the eligibility requirements of Sec. 1.640.
(2) Applications and all documents provided as part of the
application process must be submitted electronically, in English. An
applicant must provide such translation and interpretation services as
are needed by FDA to process the application, including during an
onsite audit of the applicant.
(3) The application must be signed by the applicant or by any
individual authorized to act on behalf of the applicant for purposes of
seeking or renewing direct accreditation.
Sec. 1.671 How will FDA review applications for direct accreditation
and for renewal of direct accreditation?
(a) FDA will review applications for direct accreditation and for
renewal of direct accreditation on a first in, first out basis
according to the date the submission was completed.
(b) FDA will evaluate any completed application to determine
whether the applicant meets the requirements for direct accreditation
under this subpart.
(c) FDA will notify the applicant in writing whether the
application has been approved or denied. FDA may provide such
notification electronically.
(d) If an application has been approved, the notification will list
any conditions associated with the accreditation.
(e) If FDA denies an application, the notification will state the
basis of denial and will provide the address and procedures for
requesting reconsideration of the application under Sec. 1.691.
(f) If FDA does not reach a final decision on a renewal application
before the expiration of its direct accreditation, FDA may extend the
duration of such direct accreditation for a specified period of time or
until the agency reaches a final decision on the renewal application.
Sec. 1.672 What is the duration of direct accreditation?
FDA will grant direct accreditation of a third-party auditor/
certification body for a period not to exceed 4 years.
Requirements for Eligible Entities Under This Subpart
Sec. 1.680 How and when will FDA monitor eligible entities?
(a) FDA may, at any time, conduct an onsite audit of an eligible
entity that has received food or facility certification from an
accredited auditor/certification body under this subpart. The audit may
be conducted with or without the accredited auditor/certification body
or the recognized accreditation body (where applicable) present.
(b) A food safety audit conducted by an accredited auditor/
certification body under this subpart is not considered an inspection
under section 704 of the FD&C Act.
Sec. 1.681 How frequently must eligible entities be recertified?
(a) An eligible entity seeking to maintain facility certification
under this subpart must seek recertification prior to expiration of its
certification. To obtain recertification, the eligible entity must
demonstrate its continuing compliance with the applicable requirements
of the FD&C Act.
(b) FDA may require an eligible entity to renew a food
certification at any time FDA determines appropriate under section
801(q)(4)(A) of the FD&C Act.
General Requirements of This Subpart
Sec. 1.690 How will FDA make information about recognized
accreditation bodies and accredited auditors/certification bodies
available to the public?
FDA will place on its Web site a registry of recognized
accreditation bodies and accredited auditors/certification bodies,
including the name and contact information for each. The registry may
provide information on auditors/certification bodies accredited by
recognized accreditation bodies through links to the Web sites of such
accreditation bodies.
Sec. 1.691 How do I request reconsideration of a denial by FDA of an
application or a waiver request?
(a) An accreditation body may seek reconsideration of the denial of
an application for recognition, renewal of recognition, or
reinstatement of recognition no later than 10 business days after the
date of such decision.
(b) A third-party auditor/certification body may seek
reconsideration of the denial of an application for direct
accreditation, renewal of direct accreditation, reinstatement of direct
accreditation, a request for a waiver of the conflict of interest
requirement in Sec. 1.650(b), or a waiver extension no later than 10
business days after the date of such decision.
(c) A request to reconsider an application or waiver request under
paragraph (a) or (b) of this section must be signed by the requestor or
by an individual authorized to act on its behalf in submitting the
request for reconsideration. The request must be submitted in English
to the address specified in the notice of denial and must comply with
the procedures it describes.
(d) After completing its review and evaluation of the request for
reconsideration, FDA will notify the requestor, in writing, of its
decision to grant the application or waiver request upon
reconsideration, or its decision to deny the application or waiver
request upon reconsideration.
Sec. 1.692 How do I request internal agency review of a denial of an
application or waiver request upon reconsideration?
(a) No later than 10 business days after the date FDA issued a
denial of an application or waiver request upon reconsideration under
Sec. 1.691, the requestor may seek internal agency review of such
denial under Sec. 10.75(c)(1) of this chapter.
(b) The request for internal agency review under paragraph (a) of
this section must be signed by the requestor or by an individual
authorized to act on its behalf in submitting the request for internal
review. The request must be submitted in English to the address
specified in the letter of denial upon reconsideration and must comply
with procedures it describes.
(c) Under Sec. 10.75(d) of this chapter, internal agency review of
such denial must be based on the information in the administrative
file, which will include any supporting information submitted under
Sec. 1.691(c).
(d) After completing the review and evaluation of the
administrative file, FDA will notify the requestor, electronically, of
its decision to overturn the denial and grant the application or waiver
request or to affirm the denial of the application or waiver request
upon reconsideration.
(e) Affirmation by FDA of a denial of an application or waiver
request upon reconsideration constitutes final agency action under 5
U.S.C. 702.
Sec. 1.693 How do I request a regulatory hearing on a revocation of
recognition or withdrawal of accreditation?
(a) Request for hearing on revocation. No later than 10 business
days after the date FDA issued a revocation of recognition of an
accreditation body under Sec. 1.634, the accreditation body or an
individual authorized to act on its behalf may submit a request for a
regulatory hearing on the revocation under part 16 of this chapter. The
written notice of revocation issued under Sec. 1.634 will contain all
of the elements required by Sec. 16.22 of this chapter and will
thereby constitute the notice of an opportunity for hearing under part
16 of this chapter.
(b) Request for hearing on withdrawal. No later than 10 business
days after the date FDA issued a withdrawal of
[[Page 45839]]
accreditation of a third-party auditor/certification body under Sec.
1.664, the auditor/certification body or an individual authorized to
act on its behalf may submit a request for a regulatory hearing on the
withdrawal under part 16 of this chapter. The written notice of
withdrawal under Sec. 1.664 will contain all of the elements required
by Sec. 16.22 of this chapter and will thereby constitute the notice
of opportunity of hearing under part 16 of this chapter.
(c) Submission of request for regulatory hearing. The request for a
regulatory hearing under paragraph (a) or (b) of this section must be
submitted with a written appeal that responds to the basis for the FDA
decision, as described in the written notice of revocation or
withdrawal, as appropriate, and includes any supporting information
upon which the requestor is relying. The request, appeal, and
supporting information must be submitted in English to the address
specified in the notice and must comply with the procedures it
describes.
(d) Effect of submission of request on FDA decision. The submission
of a request for a regulatory hearing under paragraph (a) or (b) of
this section will not operate to delay or stay the effect of a decision
by FDA to revoke recognition of an accreditation body or to withdraw
accreditation of an auditor/certification body unless FDA determines
that a delay or a stay is in the public interest.
(e) Presiding officer. The presiding officer for a regulatory
hearing for a revocation or withdrawal under this subpart will be
designated after a request for a regulatory hearing is submitted to
FDA.
(f) Denial of a request for regulatory hearing. The presiding
officer may deny a request for regulatory hearing for a revocation or
withdrawal under Sec. 16.26(a) of this chapter.
(g) Conduct of regulatory hearing. (1) If the presiding officer
grants a request for a regulatory hearing for a revocation or
withdrawal, the hearing will be held within 10 business days after the
date the request was filed or, if applicable, within a timeframe agreed
upon in writing by requestor, the presiding officer, and FDA.
(2) The presiding officer may require that a regulatory hearing for
a revocation or withdrawal be completed within 1 business day, as
appropriate.
(3) The presiding officer must conduct the regulatory hearing for
revocation or withdrawal under part 16 of this chapter, except that,
under Sec. 16.5 of this chapter, such procedures apply only to the
extent that the procedures are supplementary and do not conflict with
the procedures specified for regulatory hearings under this subpart.
Accordingly, the following requirements are inapplicable to regulatory
hearings under this subpart: The requirements of Sec. 16.22
(Initiation of a regulatory hearing); Sec. 16.24(e) (timing) and (f)
(contents of notice); Sec. 16.40 (Commissioner); Sec. 16.95(b)
(administrative decision and record for decision) and Sec. 16.119
(Reconsideration and stay of action) of this chapter.
(4) A decision by the presiding officer to affirm the revocation of
recognition or the withdrawal of accreditation is considered a final
agency action under 5 U.S.C. 702.
Audits for Other Purposes
Sec. 1.698 May importers use reports of regulatory audits by
accredited auditors/certification bodies for purposes of subpart L of
this part?
An importer, as defined in Sec. 1.500 of this part, may use a
regulatory audit of an eligible entity, documented in a regulatory
audit report, in meeting requirements for an onsite audit of a foreign
supplier under subpart L of this part.
PART 16--REGULATORY HEARING BEFORE THE FOOD AND DRUG ADMINISTRATION
0
3. The authority citation for 21 CFR part 16 continues to read as
follows:
Authority: 15 U.S.C. 1451-1461; 21 U.S.C. 141-149, 321-394,
467f, 679, 821, 1034; 28 U.S.C. 2112; 42 U.S.C. 201-262, 263b, 364.
0
4. Section 16.1 is amended by numerically adding the following entry in
paragraph (b)(2) to read as follows:
Sec. 16.1 Scope.
* * * * *
(b) * * *
(2) * * *
Sec. Sec. 1.634 and 1.664, relating to revocation of recognition
of an accreditation body and withdrawal of accreditation of auditors/
certification bodies that conduct food safety audits of eligible
entities in the food import supply chain and issue food and facility
certifications.
* * * * *
Dated: July 23, 2013.
Leslie Kux,
Assistant Commissioner for Policy.
[FR Doc. 2013-17994 Filed 7-26-13; 8:45 am]
BILLING CODE 4160-01-P