[Federal Register Volume 78, Number 145 (Monday, July 29, 2013)]
[Proposed Rules]
[Pages 45782-45839]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-17994]



[[Page 45781]]

Vol. 78

Monday,

No. 145

July 29, 2013

Part IV





Department of Health and Human Services





-----------------------------------------------------------------------





Food and Drug Administration





-----------------------------------------------------------------------





21 CFR Part 1 and 16





Accreditation of Third-Party Auditors/Certification Bodies to Conduct 
Food Safety Audits and to Issue Certifications; Proposed Rule

  Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / 
Proposed Rules  

[[Page 45782]]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Food and Drug Administration

21 CFR Parts 1 and 16

[Docket No. FDA-2011-N-0146]
RIN 0910-AG66


Accreditation of Third-Party Auditors/Certification Bodies to 
Conduct Food Safety Audits and to Issue Certifications

AGENCY: Food and Drug Administration, HHS.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Food and Drug Administration (FDA) is amending its 
regulations to provide for accreditation of third-party auditors/
certification bodies to conduct food safety audits of foreign food 
entities, including registered foreign food facilities, and to issue 
food and facility certifications, under the FDA Food Safety 
Modernization Act (FSMA). Use of accredited third-party auditors/
certification bodies and food and facility certifications will help FDA 
prevent potentially harmful food from reaching U.S. consumers and 
thereby improve the safety of the U.S. food supply. FDA also expects 
that these regulations will increase efficiency by reducing the number 
of redundant food safety audits.

DATES: Submit either electronic or written comments on the proposed 
rule by November 26, 2013.

ADDRESSES: You may submit comments, identified by Docket No. FDA-2011-
N-0146 and/or Regulatory Information Number (RIN) 0910-AG66, by any of 
the following methods.

Electronic Submissions

    Submit electronic comments in the following way:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.

Written Submissions

    Submit written submissions in the following ways:
     Mail/Hand delivery/Courier (for paper or CD-ROM 
submissions): Division of Dockets Management (HFA-305), Food and Drug 
Administration, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852.
    Instructions: All submissions received must include the Agency name 
and Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66 for this 
rulemaking. All comments received may be posted without change to 
http://www.regulations.gov, including any personal information 
provided. For additional information on submitting comments, see the 
``Comments'' heading of the SUPPLEMENTARY INFORMATION section of this 
document.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov and insert the 
docket number, found in brackets in the heading of this document, into 
the ``Search'' box and follow the prompts and/or go to the Division of 
Dockets Management, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852.

FOR FURTHER INFORMATION CONTACT: Charlotte A. Christin, Office of the 
Commissioner, Office of Policy, Food and Drug Administration, 10903 New 
Hampshire Ave., Bldg. 32, Rm. 4234, Silver Spring, MD 20993, 240-402-
3708.

SUPPLEMENTARY INFORMATION:

Executive Summary

Purpose of the Proposed Rule

    This proposed rule, if finalized, will help FDA ensure the 
competence and independence of third-party auditors/certification 
bodies who conduct foreign food safety audits. It also will help ensure 
the reliability of food and facility certifications issued by third-
party auditors/certification bodies that FDA will use in making certain 
decisions relating to imported food (including pet food and animal 
feed). These certifications include, for example, food certifications 
required by FDA as a condition of granting admission to a food 
determined to pose a safety risk. Having comprehensive oversight of a 
credible and reliable program for third-party audits and certifications 
of foreign food facilities will help FDA prevent potentially harmful 
food from reaching U.S. consumers and thereby improve the safety of the 
U.S. food supply. We believe that a trusted program for foreign food 
safety audits and food and facility certifications--with clear 
requirements, standards, and procedures and operated under government 
oversight--will be appealing to accreditation bodies, auditors/
certification bodies, and foreign food facilities. Widespread 
participation and broad acceptance of audits and certifications under 
the FDA program will help increase efficiency and reduce costs, by 
eliminating redundant auditing to assess foreign suppliers' compliance 
with the Federal Food, Drug, and Cosmetic Act (the FD&C Act).
    FSMA adds section 808 to the FD&C Act (21 U.S.C. 384d), which 
directs us to establish a new program for accreditation of third-party 
auditors \1\ conducting food safety audits and issuing food and 
facility certifications to eligible foreign entities (including 
registered foreign food facilities) that meet our applicable 
requirements. Under this provision, we will recognize accreditation 
bodies to accredit third-party auditors/certification bodies, except 
for limited circumstances in which we may directly accredit auditors/
certification bodies to participate in the accredited third-party 
audits and certification program.
---------------------------------------------------------------------------

    \1\ Section 808 of the FD&C Act uses the term ``auditor'' to 
describe an entity that conducts audits and issues certifications. 
We propose to use the term ``auditor/certification body,'' which 
adds the words ``certification body'' to better comport with the 
terminology used by the food industry and the international 
standards community when describing organizations that not only 
conduct audits but also issue certifications based on audit results. 
We will use the statutory term only when referring to the 
requirements of section 808 of the FD&C Act.

---------------------------------------------------------------------------

[[Page 45783]]

[GRAPHIC] [TIFF OMITTED] TP29JY13.008

    We will use certifications issued by accredited third-party 
auditors/certification bodies in deciding whether to admit certain 
imported food into the United States that FDA has determined poses a 
food safety risk and in deciding whether an importer is eligible to 
participate in a program for expedited review and entry of food 
imports. We will exercise oversight of the accredited third-party 
audits and certification program and can remove an accreditation body 
or an auditor/certification body for good cause, by revoking 
recognition of the accreditation body or by withdrawing accreditation 
of the third-party auditor/certification body.
    We must issue implementing regulations that include measures to 
protect against conflicts of interest and must issue model 
accreditation standards that third-party auditors/certification bodies 
must meet to qualify for accreditation.\2\ The statute directs us to 
look to existing standards for guidance when developing these model 
accreditation standards.
---------------------------------------------------------------------------

    \2\ We will issue draft model accreditation standards to specify 
the qualifications for accreditation, such as the minimum 
requirements for education and experience for third-party auditors/
certification bodies (and their audit agents) to qualify for 
accreditation. We will open a public docket to accept comments on 
the draft standards and plan to take necessary procedural steps to 
finalize the model standards.
---------------------------------------------------------------------------

Summary of the Major Provisions of the Proposed Rule

    This proposal contains eligibility requirements for accreditation 
bodies to qualify for recognition and requirements that accreditation 
bodies choosing to participate in the FDA program must meet, once 
recognized. It also contains eligibility requirements for third-party 
auditors/certification bodies to qualify for accreditation and 
requirements that third-party auditors/certification bodies choosing to 
participate in the FDA program must meet, once accredited. These 
requirements will ensure the competence and independence of the 
accreditation bodies and third-party auditors/certification bodies 
participating in the program for accredited third-party audits and 
certification that is established under this subpart.
    This proposal contains procedures for recognition and 
accreditation, as well as requirements relating to monitoring and 
oversight of participating accreditation bodies and auditors/
certification bodies. These include procedures that we will follow when 
removing an auditor/certification body or an accreditation body from 
the program. The proposed rule contains requirements relating to 
auditing and certification of foreign food facilities under the program 
and for notifying us of conditions in an audited facility that could 
cause or contribute to a serious risk to the public health. The 
proposed requirements for monitoring, oversight, and notification are 
needed to give us, consumers, and other stakeholders confidence in the 
program and in the accredited third-party auditors/certification bodies 
and recognized accreditation bodies who participate.
    The proposal also implements the authority granted by Congress in 
section 801(q) of the FD&C Act (21 U.S.C. 381(q)) to make a risk-based 
determination to require, as a condition of admissibility, that a food 
imported or offered for import into the United States be accompanied by 
a certification or other assurance that the food meets the applicable 
requirements of the FD&C Act. This clear authority to require

[[Page 45784]]

import certification for food, based on risk, is one of the tools we 
can use to help prevent potentially harmful food from reaching 
consumers.
    In addition, this document proposes requirements for accredited 
third-party auditors/certification bodies to follow when issuing 
facility certifications that will be used by importers to establish 
eligibility for the Voluntary Qualified Importer Program (VQIP) under 
section 806 of the FD&C Act (21 U.S.C. 384b(a)). The VQIP program 
offers participating importers expedited review and entry of food from 
facilities audited and certified by third-party auditors/certification 
bodies accredited under this subpart.

Costs and Benefits

    We summarize the annualized costs (over a 10-year time period 
discounted at both 3 percent and 7 percent) of the third-party proposed 
rule in Table 1. We are unable to estimate quantitatively the benefits 
of the proposed rule. Although this proposed rule would not itself 
establish safety requirements for imported food, it would benefit the 
public health by helping to ensure that imported food is produced in 
compliance with applicable requirements of the FD&C Act.
    The Preliminary Regulatory Impact Analyses for the proposed rules 
on Current Good Manufacturing Practice and Hazard Analysis and Risk-
Based Preventive Controls for Human Food (Preventive Controls) \3\ and 
the Standards for the Growing, Harvesting, Packing, and Holding of 
Produce for Human Consumption (Produce Safety) \4\ consider and analyze 
the number of illnesses and deaths that those proposed regulations are 
aimed at reducing. The greater the compliance with the Preventive 
Controls and Produce Safety proposed regulations, the greater the 
reduction in illnesses and deaths and associated costs expected.
---------------------------------------------------------------------------

    \3\ The Preventive Controls proposed rule was published in the 
Federal Register on January 16, 2013 (78 FR 3646).
    \4\ The Produce Safety proposed rule was published in the 
Federal Register on January 16, 2013 (78 FR 3503).
---------------------------------------------------------------------------

    This proposed rule would be an important mechanism for improving 
and ensuring compliance with the Preventive Controls and Produce Safety 
proposed regulations as they would apply to imported food. For this 
reason, we account for its public health benefits in the economic 
analyses for those proposed rules and other applicable food safety 
regulations, instead of in the analysis for this proposed rule.

                            Table 1--Summary of Annualized Costs of the Proposed Rule
----------------------------------------------------------------------------------------------------------------
                       Third party accreditation costs                            3 Percent         7 Percent
----------------------------------------------------------------------------------------------------------------
Third Party Accreditation Costs for All Participants........................       $55,548,432       $56,756,016
Third Party Accreditation Costs for FDA.....................................        17,063,089        17,640,083
                                                                             -----------------------------------
    Total Costs.............................................................        72,611,521        74,396,099
----------------------------------------------------------------------------------------------------------------

Table of Contents

I. Introduction
II. Background
    A. Legal Authority
    B. FDA Initiatives on Third Parties
    C. FDA's Use of Certifications for Food
    D. External Recommendations on Third-Party Certification for 
Food
    E. FDA Standards for Assessing Capabilities of Food Safety 
Systems
    F. U.S. Government Policies on Consensus Standards and 
Conformity Assessment
G. Industry Practices on Benchmarking Standards and Third-Party 
Audits and Certification for Food and Food Facilities
III. FSMA Imports Public Meeting and Stakeholder Input
IV. Purpose and Description of the Proposed Rule
    A. Proposed Revisions to Part 1, New Subpart
    B. Proposed Revisions to Part 16
V. Analysis of Environmental Impact
VI. Federalism
VII. Comments
VIII. References

I. Introduction

    Each year, about 48 million Americans (1 in 6) get sick, 128,000 
are hospitalized, and 3,000 die from food-borne diseases, according to 
recent estimates from the Centers for Disease Control and Prevention 
(CDC). CDC food-borne illness outbreak data also show that an increased 
number of outbreaks due to imported foods were reported during the most 
recent years of surveillance. During 2005-2010, 39 outbreaks with 2,348 
illnesses were reported where the implicated food was imported into the 
United States, representing 1.5 percent of reported outbreaks during 
that time. Of the 39 import-associated outbreaks, more were reported in 
2009 and 2010 (n=6 and 8 outbreaks, respectively) than were reported in 
each of the years between 2005 and 2008. A greater percentage of the 
import-related outbreaks were multistate outbreaks as compared to the 
overall percentage of multistate outbreaks reported (Ref. 1).\5\
---------------------------------------------------------------------------

    \5\ The CDC abstract on Foodborne Disease Outbreaks Associated 
with Food Imported Into the United States, 2005-2010 (Ref. 1) 
discussed 23 reported outbreaks with 1,994 illnesses associated with 
imported foods. These data were updated for a presentation at the 
International Conference on Emerging Infectious Diseases, to reflect 
the numbers discussed in this proposed rule.
---------------------------------------------------------------------------

    President Obama signed FSMA (Pub. L.111-353) into law on January 4, 
2011. FSMA enables us to better protect public health by helping to 
ensure the safety and security of the U.S. food supply. The Web page 
describing our FSMA implementation activities is at http://www.fda.gov/fsma.
    Among other things, FSMA gave us important new tools to better 
ensure the safety of imported foods, which constitute approximately 15 
percent of the U.S. food supply (including 80 percent of our seafood, 
50 percent of our fresh fruit, and 20 percent of our vegetables). We 
place high priority on ensuring the accountability of importers to 
verify the safety of food produced overseas and to establish a new 
program for third-party auditing and certification of regulated foreign 
food firms. (By way of background, third-party audits are conducted by 
an entity independent of the audited firm or those who buy its 
products. Second-party audits are conducted by buyers for their 
suppliers and contractors or by one division within a firm of another 
division within the same firm. First-party audits are internal audits a 
firm conducts itself. This proposed regulation relates only to third-
party audits.)
    In this document, we propose requirements for third-party auditors/
certification bodies choosing to become accredited to conduct food 
safety audits and to issue food and facility certifications to eligible 
foreign entities under this FDA program.
    The preamble that follows provides background on the following: (1) 
The FSMA requirement to establish an accredited third-party auditing 
and

[[Page 45785]]

certification program for food and related FSMA provisions, (2) other 
initiatives on third parties, (3) use of food certifications, (4) 
recommendations from external stakeholders on third-party 
certifications for food, (5) standards for assessing programs for 
oversight of food safety, (6) U.S. government policies on consensus 
standards and conformity assessment, and (7) industry programs for 
benchmarking standards and for auditing and certification for food 
facilities and their food. We seek comments on all aspects of this 
proposal.

II. Background

A. Legal Authority

1. Accreditation of Third-Party Auditors/Certification Bodies
    Section 307 of FSMA, Accreditation of Third-Party Auditors, amends 
the FD&C Act (21 U.S.C. 384d) to create a new provision, section 808, 
under the same name. Section 808(b)(1)(A) of the FD&C Act requires us 
to establish a system, within 2 years of enactment, for the recognition 
of accreditation bodies that accredit third-party auditors to conduct 
food safety audits and to issue certifications for eligible foreign 
food entities and their products.
    Section 808(b)(1)(A)(ii) of the FD&C Act further authorizes us to 
directly accredit third-party auditors if we have not identified and 
recognized an accreditation body that meets the requirements of the 
section within 2 years after establishing the system for recognition. 
If those conditions are met, we may begin to directly accredit third-
party auditors.
    Section 808(c)(5)(C) of the FD&C Act directs us to issue 
implementing regulations for section 808 not later than 18 months after 
enactment (i.e., by July 4, 2012). The regulations must require audits 
to be unannounced and must contain protections against conflicts of 
interest between accredited auditors (and their audit agents) and the 
entities they audit or certify, including requirements on timing and 
public disclosure of fees and appropriate limits on financial 
affiliations. (21 U.S.C. 384d(c)(5)(C)(ii) and (c)(5)(C)(iii)). In 
addition, the regulations must require audits to be unannounced (21 
U.S.C. 384d(c)(5)(C)(i)).
    Section 808(b)(2) of the FD&C Act contains an additional 
requirement to develop model accreditation standards to qualify third-
party auditors for accreditation under this FDA program. The statute 
describes the model accreditation standards in terms of requirements an 
auditor must meet to qualify for accreditation. We are including in 
this proposed rule a framework for the model accreditation standards. 
We currently are developing the Model Accreditation Standards document, 
which elaborates on the framework and details the qualifications 
required for accreditation. We are considering existing international 
standards and particularly the work of the International Organization 
for Standardization Committee on conformity assessment (ISO/CASCO). For 
example, we are considering minimum requirements for education and 
experience of auditors/certification bodies. We plan to issue draft 
model standards for public comment, before finalizing them.
2. Voluntary Qualified Importer Program
    Facility certifications (as described in sections 806(a) and 
808(c)(2) of the FD&C Act) will be used by FDA to help determine 
whether a facility is eligible to be a facility from which food may be 
offered for import under VQIP. The criteria and procedures for VQIP 
participation are outside the scope of this rulemaking. FDA plans to 
issue guidance on VQIP and will solicit public comment on VQIP at that 
time.
3. Authority To Require Import Certifications for Food
    Food certifications (as described in sections 801(q) and 808(c)(2) 
of the FD&C Act) will be required to meet a condition for admitting a 
food into the United States under section 801(a) of the FD&C Act, where 
necessary based on our determination of the risk of the food. 
Specifically, section 801(q) of the FD&C Act gives us express authority 
to require such certification based on a determination that includes 
the following factors:
     The known safety risks associated with the food;
     The known food safety risks associated with the country, 
territory, or region of origin (area of origin) of the food;
     A finding we make, supported by scientific, risk-based 
evidence, that:
    [cir] The food safety programs, systems, and standards in the area 
of origin of the food are inadequate to ensure that the article of food 
is as safe as a similar article of food that is manufactured, 
processed, packed, or held in the United States, in accordance with the 
requirements of the FD&C Act; and
    [cir] The certification would assist us in determining whether to 
refuse or admit the article of food into the United States; and
     Information submitted to us, under section 801(q)(7) of 
the FD&C Act, regarding improvements to a food safety program, system, 
or standard we previously found inadequate and demonstrating that those 
controls are adequate to ensure that an article of food is as safe as a 
similar article of food that is manufactured, processed, packed, or 
held in the United States under the requirements of the FD&C Act.
    In addition to giving FDA authority to require food certifications, 
section 801(q) of the FD&C Act grants FDA authority to require, 
alternatively, ``such other assurance'' as FDA determines appropriate, 
that the food complies with applicable requirements of the FD&C Act. 
When making a determination on whether mandatory certification is 
appropriate, we will consider the statutory factors in light of the 
specific circumstances involved and will evaluate various types of 
relevant information/evidence. We intend to exercise our authority 
under section 801(q) of the FD&C Act judiciously and in conjunction 
with our array of other available enforcement tools.
    Section 801(q)(3) of the FD&C Act states the food certifications or 
other assurances used for purposes of section 801(a) of the FD&C Act 
may be issued by third-party auditors accredited under section 808 of 
the FD&C Act or by the government of the country from which such food 
originated, if we so designate (21 U.S.C. 381(q)(3)). The 
certifications or other assurances may take the form of shipment-
specific certificates, a listing of certified facilities that 
manufacture, process, pack, or hold such food, or in such other form as 
we may specify.
    Section 801(q) of the FD&C Act became effective upon enactment of 
FSMA in 2011 and is expressly linked to the accreditation of third-
party auditors/certification bodies that is the subject of this 
proposed rule.
4. Compliance With International Agreements
    FSMA section 404 (21 U.S.C. 2252) states that nothing in the 
statute should be construed in a manner ``inconsistent with'' the 
agreement establishing the World Trade Organization (WTO) or any other 
treaty or international agreement to which the United States is a 
party.
    FSMA was notified to the WTO on February 14, 2011 (G/SPS/N/USA/
2156) (Ref. 2), to provide information on the FD&C Act to WTO members. 
The notification included an electronic mailbox link to receive 
comments from members. Several comments have been received via the 
mailbox. The comments

[[Page 45786]]

note a high degree of interest in FSMA implementation, particularly 
with respect to how implementation will impact developing countries.
    Third-party certification for food is recognized as increasingly 
important for developing nations to gain market access for their 
products. Several international development agencies are focusing 
efforts in this area. The United Nations Industrial Development 
Organization, for example, is supporting the development of conformity 
assessment bodies and accreditation bodies in several developing 
nations (Ref. 3). The U.S. Agency for International Development has 
offered its assistance and support for developing nation governments to 
take a more proactive role in accreditation services, standards 
development, and institutional infrastructure to assist and protect 
their nationals operating in international food markets (Ref. 4).
5. Other Provisions of the Federal Food, Drug, and Cosmetic Act
    The authority for this proposed rule also derives from section 
701(a) of the FD&C Act (21 U.S.C. 371(a)), which authorizes us to issue 
regulations for the efficient enforcement of the FD&C Act. Regulations 
for ensuring the competency and independence of recognized 
accreditation bodies and of accredited third-party auditors/
certification bodies will help assure us of the validity and 
reliability of certifications and other information resulting from the 
food safety audits they conduct. We will accept certifications issued 
by accredited third-party auditors/certification bodies for the two 
purposes identified in section 808 of the FD&C Act: To establish 
eligibility for VQIP participation; and to meet a condition of 
admissibility for imported food subject to a mandatory certification 
requirement. We also can use information from such audits for other 
related purposes in enforcing the FD&C Act. For example, we propose to 
allow importers to use reports of regulatory audits conducted by 
accredited third-party auditors/certification bodies in meeting any 
requirements for onsite audits of foreign suppliers, under the proposed 
rule entitled, ``Foreign Supplier Verification Programs for Importers 
of Food for Humans and Animals'' (FSVP), published elsewhere in this 
issue of the Federal Register.

B. FDA Initiatives on Third Parties

1. Notice Requesting Comments on Third-Party Certification for Food and 
Feed
    In the Federal Register of April 2, 2008 (73 FR 17989), we issued a 
notice (2008 notice) requesting comments on the benefits, obstacles, 
and availability of third-party certification programs for food and 
animal feed. At the time, an increasing number of retailers and food 
services providers had begun to ask their foreign and domestic 
suppliers to become certified to their buyers' requirements for safety 
and quality. Suppliers (such as producers, comanufacturers, and 
repackers) also were increasingly looking to third-party certification 
programs as a means to verify compliance with U.S. regulatory 
requirements, even without requirements from buyers.
    In the 2008 notice, we asked questions about existing certification 
programs and criteria, as well as obstacles and incentives for 
participating in these voluntary programs. We received approximately 70 
comments in response. The comments generally supported the use of 
third-party certification programs and suggested that our 
acknowledgment of such programs would provide additional incentives for 
participation. Further discussion of the comments on the 2008 notice is 
available in the ``Background'' section of the subsequently issued 
draft ``Guidance for Industry on Voluntary Third-Party Certification 
Programs for Foods and Feeds'' and is described in section II.B.2.
2. FDA Guidance on Third-Party Certification for Food and Feed
    In the Federal Register of July 10, 2008 (73 FR 39704), we 
announced the availability of the draft ``Guidance for Industry on 
Voluntary Third-Party Certification Programs for Foods and Feeds.'' The 
draft guidance describes the general attributes of a voluntary third-
party certification program needed to help ensure that certification is 
a reliable verification that food from certified establishment meets 
applicable requirements.
    We finalized the guidance in January 2009, announcing its 
availability in the Federal Register of January 16, 2009 (74 FR 3058) 
(2009 Guidance) (Ref. 5). The 2009 Guidance describes the general 
attributes we believe a third-party certification program should have 
to give us confidence in the reliability of its certifications. It also 
explains our vision, prior to FSMA enactment, of how we might use such 
voluntary third-party certifications to assist in determining 
inspection, field exam, and sampling priorities, as well as in making 
admissibility decisions for imported food. We intend to withdraw the 
2009 Guidance upon publication of a final rule for accredited third-
party certification.
3. Pilot Project on Third-Party Certification for Aquacultured Shrimp
    In the Federal Register of July 10, 2008 (73 FR 39705), we 
published a notice inviting third-party certification bodies to 
participate in a pilot of voluntary third-party certification of 
aquacultured shrimp (shrimp pilot). The goal of the shrimp pilot was to 
gain knowledge and experience with third-party certification to assist 
us in evaluating the utility and feasibility of using third-party 
certification programs as part of our oversight of foreign food firms.
    The pilot data indicate that having the appropriate FDA 
infrastructure, including logistical and resource support, will be 
critical to the success of any full-scale accredited third-party 
certification program (Ref. 6). The role we played in the shrimp pilot 
was analogous to the role traditionally played by an accreditation 
body, monitoring the performance of certification bodies. The pilot 
demonstrated to us that direct accreditation, in which we ourselves 
accredit and provide direct oversight of a potentially unlimited number 
of third-party certification bodies, would be costly and 
administratively burdensome, though direct accreditation may be 
appropriate in limited circumstances, as will be discussed in section 
IV.A.8.
4. FDA Third-Party Program for Mammography
    In developing this proposed rule, we reviewed other Agency third-
party programs, including the FDA program, required by the Mammography 
Quality Standards Act of 1992 (Pub. L. 102-539) (as amended), to 
approve accreditation bodies to evaluate and accredit mammography 
facilities based upon quality standards. Only facilities that are 
accredited by, or undergoing accreditation by, an accreditation body we 
approved, may receive our certificates (or the certificates of a State 
certifying agency we approved) to legally perform mammography (Ref. 7).

C. FDA's Use of Certifications for Food

    For years, we have used certification as a tool for verifying that 
imported foods comply with our food safety requirements and reducing 
the need for

[[Page 45787]]

us to sample at entry. Since the late 1980s, for example, the Export 
Inspection Council of the Indian Ministry of Commerce has sampled, 
analyzed, and issued certificates of conformance for lots of black 
pepper exported directly to the United States. Indian black pepper 
shipments accompanied by such certifications are not subject to 
detention without physical examination under FDA Import Alert 28-02 
(Ref. 8). Under Memoranda of Understanding (MOUs) with several foreign 
governments, we rely upon certifications that caseins and caseinates, 
and mixtures thereof, to be exported to the United States are in 
compliance with our requirements, which are intended to minimize the 
need for us to extensively sample certified products (Ref. 9). These 
are but a few examples of the ways we rely on certifications as a means 
to help assure that an article of food complies with our requirements 
and to minimize the need for extensive sampling at entry.

D. External Recommendations on Third-Party Certification for Food

    In September 2012, the Government Accountability Office (GAO) 
issued a report discussing possible challenges associated with 
establishing and administering the accredited third-party certification 
program, including: offering incentives to encourage participation; 
meeting challenges associated with creating a new program; addressing 
stakeholder concerns; and conducting oversight of the program, once 
established (Ref. 10). We believe this proposed rule addresses the 
relevant challenges identified by GAO.
    In June 2010, a committee of experts convened by the Institute of 
Medicine and the National Research Council (IOM/NRC committee) released 
a report examining gaps in public health protection afforded by the 
farm-to-table food safety system under our purview and identifying 
opportunities to fill those gaps (Ref. 11). The IOM/NRC committee 
concluded that we need to address barriers to improving the efficiency 
of inspections by, among other things, exploring third-party auditing 
of food facilities as an alternative model for measuring compliance. 
The IOM/NRC committee's report specifically recommended that we 
consider the implications of accepting inspection data from third-party 
auditors inspecting facilities for compliance with food safety 
regulatory requirements. The IOM/NRC report also stated that, if we use 
this approach, we should set minimum standards for such auditors and 
audits, with oversight and implementation being assigned to an 
accreditation and standards body.

E. FDA Standards for Assessing Capabilities of Food Safety Systems

    In developing the framework for recognition of accreditation bodies 
and accreditation of third-party auditors required by section 808 of 
the FD&C Act, we looked at our existing standards for assessing the 
capabilities of food safety systems at the State level, through the 
Manufactured Foods Regulatory Program Standards (MFRPS) (Ref. 12). The 
MFRPS establish a uniform foundation for the design and management of 
high-quality State regulatory programs for food manufacturers, focusing 
on ten key areas: (1) Regulatory foundation; (2) inspector training 
program; (3) risk-based inspection program; (4) audits of the 
inspection program; (5) protocols for food-related illnesses, 
outbreaks, and response; (6) compliance and enforcement program; (7) 
industry and other stakeholder relations; (8) program resources; (9) 
program assessment; and (10) laboratory support.
    We also considered a FDA-New Zealand pilot project for assessing 
food safety systems, authority, oversight and monitoring that was 
discussed at a public hearing in March 2011 (Ref. 13). We found 
particularly useful the draft FDA International Comparability 
Assessment Tool (ICAT) used in reviewing New Zealand's food safety 
regulatory system to determine if it provides a similar set of 
protections to that of FDA (Ref. 14). Following the successful 
completion of the New Zealand comparability pilot, in late 2012 FDA 
launched a bilateral pilot project with the Canadian Food Inspection 
Agency (CFIA) on systems recognition (previously known as 
comparability), sharing FDA's draft ICAT as a guide for the systems 
recognition process. FDA and CFIA currently are finalizing their 
respective systems recognition reviews.

F. U.S. Government Policies on Consensus Standards and Conformity 
Assessment

    Implementation of section 808 of the FD&C Act occurs against the 
backdrop of the broader Federal policies on consensus standards and 
conformity assessment under the National Technology Transfer and 
Advancement Act of 1995 (NTTAA) (Public Law 104-113).
    The NTTAA, together with the Office of Management and Budget (OMB) 
Circular A-119, revised February 10, 1998 (Ref. 15), directs Federal 
Agencies to use voluntary consensus standards in lieu of government-
unique standards except where inconsistent with law or otherwise 
impractical. OMB Circular A-119 states that the use of voluntary 
standards, whenever practicable and appropriate, is intended to 
eliminate the cost to government of developing its own standards and 
decrease the cost of goods procured and the burden of complying with 
Agency regulation; provide incentives and opportunities to establish 
standards that serve national needs; encourage long-term growth for 
U.S. enterprises and promote efficiency and economic competition 
through harmonization of standards; and further the policy of reliance 
upon the private sector to supply government needs for goods and 
services.
    In addition, the U.S. Government has issued a National Standards 
Policy and Federal guidance on conformity assessment activities (which 
are defined as activities concerned with determining directly or 
indirectly that requirements for products, services, systems, and 
organizations are fulfilled) (15 CFR 287.2).
    As directed by OMB in Circular A-119 (Ref. 15), the National 
Institute of Standards and Technology (NIST), in the Federal Register 
of August 10, 2000 (65 FR 48894), issued policy guidance on Federal 
conformity assessment activities (Federal conformity assessment 
guidance) (codified at 15 CFR part 287). The guidance applies to all 
Federal Agencies that set policy for, manage, operate, or use 
conformity assessment activities or results, domestically and 
internationally (except for activities conducted pursuant to treaties) 
and is intended to eliminate unnecessary duplication and complexity in 
conformity assessment requirements. (We note that OMB has announced it 
is currently revising Circular A-119, and NIST is revising the Federal 
conformity assessment guidance (Ref. 16)).
    The current Federal conformity assessment guidance provides for 
Federal Agencies to use, where appropriate, relevant guides or 
standards for conformity assessment \6\ practices from domestic and 
international standardizing bodies such as the Codex Alimentarius 
Commission (Codex),\7\ the International Organization

[[Page 45788]]

for Standardization (ISO)/International Electrotechnical Commission 
(IEC),\8\ and the American National Standards Institute (ANSI). The 
guidance also notes that each Agency retains the responsibility, and 
authority, to select the conformity assessment activities and 
procedures (e.g., guides and standards) that will best meet its 
legislative mandates and programmatic objectives (15 CFR part 287).
---------------------------------------------------------------------------

    \6\ ISO/IEC 17000:2004, Conformity assessment--Vocabulary and 
general principles (Ref. 17) defines ``conformity assessment'' as 
``demonstration that specified requirements relating to a product, 
process, systems, person or body are fulfilled.
    \7\ The Codex Alimentarius Commission, established by Food and 
Agriculture Organization of the United Nations (FAO) and the World 
Health Organization (WHO) in 1963 develops harmonized international 
food standards, guidelines and codes of practice to protect the 
health of the consumers and ensure fair trade practices in the food 
trade. The Commission also promotes coordination of all food 
standards work undertaken by international governmental and non-
governmental organizations. See, http://www.codexalimentarius.org/codex-home/en/.
    \8\ ISO is a voluntary, consensus, standards developer with 
standards covering many aspects of technology and business, 
including food safety. See, http://www.iso.org/iso/home/about.htm.
---------------------------------------------------------------------------

    In developing this proposed rule, we considered several voluntary 
consensus standards, specifically ISO/IEC 17000: 2004, Conformity 
assessment--Vocabulary and general principles (Ref. 17) and ISO/IEC 
17011: 2004, Conformity assessment--General requirements for 
accreditation bodies accrediting conformity assessment bodies (Ref. 
18), which contains the following major elements: (1) Legal 
responsibility, structure, and impartiality; (2) management systems, 
including records, internal audits, nonconformities, and corrective 
actions; (3) personnel associated with the accreditation body, 
personnel associated with the accreditation process, and monitoring 
performance assessments of accreditation personnel; (4) the 
accreditation process; and (5) and roles and responsibilities of the 
accreditation body and the certification body. We will address elements 
of ISO/IEC 17011: 2004 that are relevant to this rule in our discussion 
of the proposed requirements for accreditation bodies in section IV.A.2 
through IV.A.4.
    In addition, we considered other ISO/IEC 17021: 2011, Conformity 
assessment--Requirements for bodies providing audit and certification 
of management systems (Ref. 19), which contains similar requirements 
for bodies auditing management systems: (1) Legal matters and 
contractual matters; (2) impartiality; (3) structural requirements; (4) 
resource requirements, including competence of management and 
personnel; (5) monitoring and surveillance; (6) internal audits; and 
(7) records.
    We also considered ISO/IEC Guide 65: 1996, General requirements for 
bodies operating product certification systems (Ref. 20).\9\ ISO also 
has issued the 22000 series of standards for food safety management 
systems, including ISO/TS 22003: 2007, Food safety management systems--
Requirements for bodies providing audit and certification of food 
safety management systems (Ref. 21).\10\
---------------------------------------------------------------------------

    \9\ Subsequently, ISO/IEC Guide 65:1994 (Ref. 20) was updated 
and incorporated into ISO/IEC 17065.
    \10\ This series includes standards the food industry uses in 
establishing and maintaining its food safety management systems and 
also the standards that auditors/certification bodies use in 
assessing those systems.
---------------------------------------------------------------------------

    These standards are among the relevant information we used in 
developing this proposed rule. We do not propose to incorporate these 
standards by reference into our regulations, because they contain 
additional requirements that are not relevant to our program and might 
unnecessarily create disincentives to participation. A copy of each of 
these ISO standards has been placed in the docket for this rulemaking 
and is made available at the Division of Dockets Management at address 
listed in the ADDRESSES section of this document. The standards also 
are available electronically by purchase from ISO, at http://www.iso.org.
    As described more fully in section III, we developed this proposed 
rule having received information and input from a broad range of 
stakeholders that included public and private members of the standards 
community. We met with representatives of other U.S. Government 
agencies and foreign governments and participated in listening sessions 
requested by stakeholders wishing to share their views on section 808 
of the FD&C Act.
    We believe the proposal aligns with the NTTAA, the National 
Standards Policy, and current versions of OMB Circular A-119 (Ref. 15) 
and the Federal conformity assessment guidance (15 CFR part 287), in 
relying upon the principles of voluntary consensus standards currently 
used globally and domestically by the food industry, the international 
standards community, and conformity assessment bodies.
    Under the guidance at 15 CFR 287.4(b), we seek comment on the 
rationale for the conformity assessment decisions we have made in 
developing this proposal. In particular, we seek comment on whether the 
voluntary consensus standards we cite are the appropriate standards 
upon which to base this rulemaking. If alternative standards are 
suggested, we request that copies of any such standards be submitted 
along with the comment(s).

G. Industry Practices on Benchmarking Standards and Third-Party Audits 
and Certification for Food and Food Facilities

    As a result of consolidation within the food industry and the 
globalization of the marketplace, coupled with some high-profile food 
safety incidents, many food retailers and food service providers began 
to require their suppliers to be audited against their standards (more 
commonly known as ``buyer requirements'') (Ref. 11). Some of these 
supplier audits were conducted by auditors/certification bodies 
employed by, or acting as agents of, buyers. Other auditors were third 
parties, independent of both buyers and suppliers.
    As buyers increasingly relied on audits to assess compliance with 
their safety requirements, more and more suppliers began to face 
multiple food safety audits. The proliferation of buyers' requirements 
created inefficiencies that ultimately spurred several efforts to 
harmonize audits. These include the Global Food Safety Initiative 
(GFSI), which was established in 2000 by a group of international 
retailers (Ref. 22). GFSI benchmarks food safety schemes \11\ against a 
harmonized set of key elements for food safety and management systems. 
GFSI's benchmarking guidance (Ref. 23), and indeed many of the food 
safety schemes it benchmarks, use Codex as their foundational 
standards.
---------------------------------------------------------------------------

    \11\ A food safety scheme generally includes the food safety 
standard against which a food facility is assessed and the 
management system associated with the standard.
---------------------------------------------------------------------------

    GFSI's benchmarking assesses a scheme's food safety standards and 
the governance and management structure of the food safety scheme 
owner, such as technical competence, safeguards against conflicts of 
interest, and procedures for accreditation bodies to oversee the 
certification bodies that audit and issue certifications under the food 
safety scheme (Ref. 23). For example, the U.S.-based American National 
Standards Institute (ANSI) currently provides accreditation services 
for three GFSI-benchmarked food safety schemes: The Food Marketing 
Institute's Safe Quality Food Initiative scheme, the British Retail 
Consortium scheme, and the Global GAP scheme (Ref. 24). As is discussed 
in the Preliminary Regulatory Impact Analysis (Ref. 25) for this 
proposed rule, dozens of accreditation bodies worldwide accredit 
certification bodies to conduct food safety audits. Both large and 
small suppliers are increasingly relying on third-party audits and 
certification as a means to ensure

[[Page 45789]]

market access for their food products. In addition, domestic and 
foreign suppliers (such as producers, comanufacturers, or repackers) 
are increasingly looking to third-party certification programs to 
assist them in verifying that their facilities and food meet applicable 
food safety standards, whether private food safety schemes such as 
those benchmarked by GFSI or public standards such as the FD&C Act 
requirements, which are the relevant standards for purposes of the FDA 
accredited third-party audit and certification program. The Federal 
Government recognizes that rigorous voluntary certification programs 
can provide assurance that products meet U.S. requirements. Currently, 
private food and facility certifications are frequently used but can 
result in duplicate audits and certifications. Under this proposal, FDA 
will oversee a certification program that will, we believe, create 
efficiencies by reducing the number of redundant food safety audits and 
by allowing us to better target resources for verifying compliance with 
applicable requirements.

III. FSMA Imports Public Meeting and Stakeholder Input

    Since enactment of FSMA, we have reached out to stakeholders in the 
food industry, the international community, standards organizations, 
accreditation and certification bodies, consumer groups, government 
agencies, and other interested parties to gain input and perspective on 
how best to implement FSMA. Among those activities, on March 29, 2011, 
we held a public meeting with stakeholders to discuss the 
implementation of the FSMA import safety provisions, including section 
808 of the FD&C Act on accredited third-party certification. For 
additional information about this public meeting, including the agenda, 
transcripts, and an archived webcast, see http://www.fda.gov/Food/FoodSafety/FSMA/ucm249257.htm.
    In conjunction with the public meeting, we opened a public docket, 
with notice in the Federal Register of March 14, 2011 (76 FR 13643), 
soliciting comments on implementation of section 808 of the FD&C Act 
and other import provisions added or amended by FSMA. We received 
several comments on accredited third-party certification, from a 
variety of stakeholders including a foreign authority (1); trade 
associations (11); auditors/certification bodies and a laboratory (4); 
consumer groups (3); other non-profits (1); and an individual (1). Some 
common themes emerged, including comments on using existing systems as 
a model; considering impacts on small and medium-sized businesses; 
requiring notification of conditions that could cause or contribute to 
a serious risk to public health; ensuring auditor competency; and 
preventing conflicts of interest. This docket (FDA-2011-N-0146) is 
available electronically at http://www.regulations.gov, or at the 
Division of Dockets Management (see ADDRESSES).
    In addition to attending the public meeting, several stakeholders 
requested meetings to discuss their current programs and to share their 
views and recommendations for implementing section 808 of the FD&C Act. 
These stakeholders represented a broad range of interests, including 
consumer groups, trade associations, auditors/certification bodies and 
laboratories. We also met with representatives of foreign governments, 
as part of ongoing outreach and collaboration with foreign regulatory 
partners. Topics for these meetings included the statutory requirements 
for accreditation of third-party auditors, including FDA's authority to 
directly accredit third-party auditors/certification bodies; \12\ 
voluntary consensus standards and industry practices on accreditation, 
auditing, and certification; and international considerations. 
Additionally, we note that FDA representatives have been invited to 
attend meetings, hosted by stakeholders, which included discussions of 
third-party audits and certifications.
---------------------------------------------------------------------------

    \12\ The docket for this rulemaking contains, as background 
material, a letter from Caroline Smith DeWaal of the Center for 
Science in the Public Interest, which was received after the docket 
for the public meeting closed and before issuance of this proposed 
rule. The letter offers an analysis of FDA's authority for direct 
accreditation.
---------------------------------------------------------------------------

    The input and perspectives gained through each of these 
interactions helped shape this proposed rule. We have identified some 
common themes from these interactions. Most stakeholders expressed 
significant concerns regarding existing capacity of third-party food 
safety auditors/certification bodies and, for some stakeholders, the 
degree of competency demonstrated by the available cadre of auditors/
certification bodies. We recognize that the credibility of the new 
third-party program rests largely on the quality of the auditing and 
certification work performed by accredited third-party auditors/
certification bodies and have attempted to address those concerns in 
this rulemaking.
    In other areas, stakeholders' interests diverged. For example, 
consumer groups expressed a strong interest in transparency of the 
program, including public disclosure of audit reports. Current industry 
practice is to maintain the confidentiality of audit reports except to 
the extent that the audited firm waives confidentiality or where 
otherwise required by law. Industry also has expressed concern about 
the statutory requirement for accredited auditors to notify us of 
conditions in an audited firm that could cause or contribute to a 
serious risk to the public health. Some in industry have taken the 
position that stringent disclosure and transparency requirements may 
dissuade food firms from using third-party auditors/certification 
bodies accredited under our program.
    As an initial matter, we note that we are bound to implement FSMA 
as enacted and to comply with all other applicable disclosure laws 
(e.g., the Freedom of Information Act (FOIA)) (5 U.S.C. 552). Within 
that legal framework, we have balanced the following competing public 
interests: (1) Providing as much information to the public as possible 
about audits of foreign food entities and the performance of accredited 
auditors/certification bodies, so that individuals may assess the 
performance and credibility of the accredited third-party audits and 
certification program; (2) protecting the proprietary interests of food 
entities related to their trade secrets and confidential commercial 
information to the extent allowable by statute, as well concerns about 
public release of sensitive information that would not otherwise be 
publicly available; and (3) protecting the public health by being able 
to attract sufficient numbers of foreign food entities, third-party 
auditors/certification bodies, and accreditation bodies to make the 
program cost-effective and otherwise successful.
    To gain credibility with consumers and address industry views on 
sensitive information, this proposed rule seeks to balance disclosure 
and confidentiality concerns. It reflects our views on how best to 
strike the balance between these and other competing interests. We 
believe this proposal reflects the intent of section 808 of the FD&C 
Act and the purpose of the law, offering a practical, flexible, and 
effective approach to the accredited third-party audits and 
certification program. We seek comment on the framework this proposed 
rule would create for recognition of accreditation bodies and 
accreditation of third-party auditors/certification bodies, how it 
aligns with existing voluntary industry programs, and what expectations 
consumers have for the ability of this program to help us ensure the 
safety of imported food.

[[Page 45790]]

    In addition, we invite comments on possible effects of the creation 
of an FDA program for accredited third-party audits and certification. 
We are particularly interested in receiving comments and data on the 
availability of competent auditors/certification bodies to participate 
in our program or about the likelihood of entities being able to scale-
up their capacity to participate in our program and to serve demand 
outside the scope of our program. We understand from public comments 
and stakeholder meetings that industry and the conformity assessment 
community have concerns about access to sufficient numbers of qualified 
third-party auditors/certification bodies under current conditions. We 
also understand that some industry leaders have developed various 
strategies and plans for increasing auditor capacity. We request 
comments and information on the progress of these efforts and the 
impact the establishment of our program will have on accelerating these 
efforts. Given that this program is for food and facility 
certifications only for purposes of mandatory certification and VQIP 
eligibility under sections 801(q) and 806 of the FD&C Act 
(respectively), what effect, if any, do stakeholders anticipate this 
program will have on current capacity issues?
    We also request stakeholder input on any possible trade impacts of 
the program, once established. What effect might this program have on 
the existing issues with auditor capacity? Will it affect foreign or 
domestic food firms' ability to provide certifications to their 
customers? If so, are foreign and domestic firms likely to be affected 
in the same manner and to the same degree? If not, what are the likely 
impacts to each? Are there particular types of food firms or food 
products, or certain areas of the world in which capacity issues are 
more likely to be prevalent and to what degree? Are there other factors 
impacting the availability of competent auditors? Are there any 
solutions or approaches that might be practical and appropriate for 
FDA, as a regulatory Agency, to use in addressing auditor capacity 
issues within the accredited third-party audits and certification 
program?
    We encourage stakeholders to consider and comment on this proposed 
rule and the various interests at stake in this rulemaking, with 
recommendations about the proper balance of competing interests.

IV. Purpose and Description of the Proposed Rule

    In section 808 of the FD&C Act, Congress directed us to establish 
an accredited third-party audits and certification program that 
leverages the work of existing private sector audit programs and 
efforts, while requiring measures to better ensure audit rigor and 
objectivity. We believe this proposed rule, coupled with our oversight 
of the program, will help ensure the competence and independence of 
third-party auditors/certification bodies who conduct foreign food 
safety audits. It also will help ensure the reliability of 
certifications issued by third-party auditors/certification bodies that 
we may use in making certain decisions relating to imported food.
    Having comprehensive oversight of a credible and reliable program 
for third-party audits and certifications of foreign food facilities 
will help us prevent potentially harmful food from reaching U.S. 
consumers and thereby improve the safety of the U.S. food supply. As 
explained previously, we believe this new program will draw a 
significant number of participants and will be broadly accepted by 
industry. Currently, buyers seeking to import regulated product from a 
foreign food facility often require food safety audits that are 
conducted under varying audit criteria. By establishing a trusted 
program for third-party audits and certification of foreign food 
facilities that operates under public oversight, we expect that the 
number of redundant food safety audits performed to assess compliance 
with the FD&C Act will be reduced, which, in turn, will increase 
efficiency and reduce costs to industry. Our estimates relating to 
reductions in redundant audits are addressed more fully in the 
Preliminary Regulatory Impact Analysis (Ref. 25).
    More broadly, we think that by capitalizing on private sector food 
safety efforts and linking them to the public assurance system, 
accredited third-party certification can help transform the way we 
ensure the safety of globally traded food that is consumed in the 
United States. In our vision of the future, we do not see third-party 
audits replacing public oversight, but rather helping us ensure that we 
make the best, most efficient use of both public and private resources 
to produce a safe food supply.
    We are proposing requirements that would apply to several different 
types of entities--i.e., accreditation bodies, third-party auditors/
certification bodies, and eligible entities--and an option for 
importers as well. We are organizing this proposed rule by those 
categories, with specific requirements for accreditation bodies 
(proposed Sec. Sec.  1.610 through 1.636), third-party auditors/
certification bodies (proposed Sec. Sec.  1.640 through 1.672), 
eligible entities (proposed Sec. Sec.  1.680 and 1.681), and importers 
(proposed Sec.  1.698). Provisions of general applicability appear in 
proposed Sec. Sec.  1.600 and 1.601 (definitions and scope), Sec.  
1.690 (publicly available information), Sec. Sec.  1.691 through 1.693 
(challenges to FDA decisions).
    Accordingly, we are proposing to amend our regulations in parts 1 
and 16 (21 CFR parts 1 and 16) to implement FSMA section 307, which 
adds section 808 to the FD&C Act and is codified at 21 U.S.C. 384d. We 
are proposing to add new subpart M to part 1 and to amend existing part 
16 (21 CFR part 16) as follows:

A. Proposed Revisions to Part 1, New Subpart

1. Definitions and Scope
    a. What definitions apply to this subpart? (Proposed Sec.  1.600). 
Proposed Sec.  1.600 contains definitions of several terms used in this 
rule. Where possible, we propose to rely on existing statutory and 
regulatory definitions. Where necessary to provide clarity to this 
rule, we have developed some additional definitions that align with 
existing law and regulations, as well as current practices of the 
international community, accreditation and certification bodies, and 
the food industry.
    Proposed Sec.  1.600(a) and (b) state that definitions contained in 
section 201 of the FD&C Act (21 U.S.C. 321) will apply to this rule, 
except as those terms are otherwise defined in paragraph (c). Because 
``food'' is defined in section 201(f) of the FD&C Act, but not in 
proposed Sec.  1.600(c), the definition of ``food'' that we propose to 
apply to this rule is the definition of ``food'' appearing in section 
201(f). Examples of ``food'' under this proposed definition would 
include, but not be limited to, fruits, vegetables, fish, dairy 
products, eggs, raw agricultural commodities for use as food or 
components of food, animal feed (including pet food), food and feed 
ingredients and additives (including substances that migrate into food 
from packaging and other articles that contact food), dietary 
supplements and dietary ingredients, infant formula, beverages 
(including bottled water), live food animals, bakery goods, snack 
foods, candy, and canned food. (See, e.g., 21 CFR 1.377. See also the 
discussion of proposed Sec.  1.601(d)

[[Page 45791]]

regarding a limited exemption for alcoholic beverages and prepackaged 
foods from certain facilities.)
    ``Accreditation'' means a determination by a recognized 
accreditation body, or by FDA in the case of direct accreditation, that 
a third-party auditor/certification body is competent to perform the 
activities required of an accredited auditor/certification body for the 
purposes of this rule. In developing this definition, we considered 
international standards on accreditation, including ISO/IEC 17011:2004 
(Ref. 18), which defines accreditation as an attestation ``conveying 
formal demonstration'' of a conformity assessment body's competence to 
carry out specific conformity assessment tasks.
    ``Accreditation body'' means an authority that performs 
accreditation of third-party auditors/certification bodies. This 
definition is already in use in section 808(a) of the FD&C Act and is 
consistent with international standards, such as ISO/IEC 17011:2004 
(Ref. 18), which defines ``accreditation body'' as an ``authoritative 
body'' that conducts accreditation.
    ``Accredited auditor/certification body'' means a third-party 
auditor/certification body that a recognized accreditation body (or, in 
the case of direct accreditation, FDA) has determined meets the 
applicable requirements of this subpart and is authorized to conduct 
food safety audits and to issue food or facility certifications to 
eligible entities. This definition reflects the statutory definitions 
of ``accredited third party auditor'' and ``third party auditor'' and a 
common understanding of the activities to be performed under this 
program.
    ``Audit'' means:
    1. With respect to an accreditation body, the systematic, 
independent, and documented examination (through observation, 
investigation, and records review) by FDA to assess the accreditation 
body's authority, qualifications (including its expertise and training 
programs), and resources; its procedures for quality assurance, 
conflicts of interest, and records; its performance in accreditation 
activities; and its capability to meet the applicable requirements of 
this subpart.
    2. With respect to a third-party auditor/certification body, the 
systematic, independent, and documented examination (through 
observation, investigation, and records review) by a recognized 
accreditation body (or, in the case of direct accreditation, FDA) to 
assess the third-party auditor's/certification body's authority, 
qualifications (including its expertise and training programs), and 
resources; its procedures for quality assurance, conflicts of interest, 
and records; its performance in auditing and certification activities; 
and its capability to meet the applicable requirements of this subpart; 
and
    3. With respect to an eligible entity, the systematic, independent, 
and documented examination (through observation, investigation, records 
review, and as appropriate, sampling and laboratory analysis) by an 
accredited auditor/certification body to assess the entity, its 
facility, system(s), and food for the purpose of determining whether 
the food or facility of the eligible entity is in compliance with the 
FD&C Act (which includes, where applicable, an assessment of the 
entity's preventative controls, sanitation, monitoring, verification, 
corrective actions, and recalls) and, for consultative audits, also 
includes an assessment of compliance with applicable industry standards 
and practices.
    The term describes the nature and scope of activities involved in 
the various types of audits and assessments that will be conducted 
under this program. We incorporated relevant language from the 
definitions of consultative audit and regulatory audit in section 
808(a)(5) and (a)(7) of the FD&C Act and language specific to the 
requirements used in audits and assessments of accreditation bodies, 
third-party auditors/certification bodies, and eligible entities.
    We considered our 2009 guidance (Ref. 5) and the descriptions of 
audit activities under our MFRPS (Ref. 12). We also examined usage in 
international standards, such as the Codex Principles for Food Import 
and Export Certification (CAC/GL 20-1995) (Ref. 26), which define 
``audit'' as a ``systematic and functionally independent examination to 
determine whether activities and related results comply with planned 
objectives.'' Additionally, we looked at ISO/IEC 17000:2004 (Ref. 17), 
which defines ``audit'' as a ``systematic, independent, documented 
process for obtaining records, statements of fact or other relevant 
information and assessing them objectively to determine the extent to 
which specified requirements are fulfilled.''
    ``Audit agent'' means an individual who is an employee or other 
agent of an accredited auditor/certification body who, although not 
individually accredited, is qualified to conduct food safety audits on 
behalf of an accredited auditor/certification body. An audit agent 
includes a contractor of the accredited auditor/certification body.
    The term is based on section 808(a)(1) of the FD&C Act, which 
defines ``audit agent'' as an employee or agent of an accredited 
auditor[/certification body] who is qualified to conduct food safety 
audits on its behalf. In the definition, we clarify that contractors 
who are authorized to act for, and under the direction of, the 
accredited auditor/certification body are allowed to serve as an audit 
agents.
    ``Certification body'' means a foreign government, agency of a 
foreign government, foreign cooperative, or any other third party that 
is eligible to be considered for accreditation to conduct food safety 
audits and to certify that eligible entities meet the requirements of 
the FD&C Act. A certification body may be a single individual or an 
organization. A certification body may use audit agents to conduct food 
safety audits. Certification Body has the same meaning as Third-Party 
Auditor as that term is defined in section 808 of the FD&C Act and in 
this subpart.
    This definition emphasizes the role of ``third-party auditors,'' 
under section 808 of the FD&C Act, in issuing facility certifications 
that importers must use to establish eligibility for VQIP participation 
and food certifications that may be required to satisfy a condition of 
admissibility for an imported food we determine poses a safety risk 
under section 801(q) of the FD&C Act.
    In developing the definition of ``certification body,'' we looked 
at the definition of ``third-party auditor'' in section 808(a)(3) of 
the FD&C Act, as well as terminology used by the international 
community and the food industry. For example, ISO/IEC 17000:2004 (Ref. 
17) explains that a ``certification system'' is a conformity assessment 
system that includes ``selection, determination, review and finally 
certification as the attestation activity'. See also, ISO/IEC Guide 
65:1996 (Ref. 20) and ISO/IEC 17021: 2011 (Ref. 19). The term 
``certification body'' also is used by those in the food industry who 
currently rely on audits and certifications as part of their business 
practices. We believe this proposed language more clearly explains the 
role of accredited auditors/certification bodies and the requirements 
for issuance of certification under this program.
    ``Consultative audit'' means an audit of an eligible entity:
    1. To determine whether such entity is in compliance with 
applicable requirements of the FD&C Act and industry standards and 
practices; and

[[Page 45792]]

    2. The results of which are for internal purposes only and cannot 
be used to determine eligibility for a food or facility certification 
issued under this subpart or in meeting the requirements for an onsite 
audit of a foreign supplier under subpart L of this part.
    This reflects the definition of ``consultative audit'' in section 
808(a)(5) of the FD&C Act and emphasizes that the results of a 
consultative audit cannot be used in lieu of a regulatory audit to meet 
the criteria for issuance of food or facility certification under 
section 808(c)(2)(C) of the FD&C Act. It also incorporates language 
from proposed Sec.  1.698, which would allow only reports of regulatory 
audits to be used by importers in meeting proposed verification 
requirements under the Foreign Supplier Verification Rule (FSVP) (to be 
codified in 21 CFR, part 1, subpart L).
    ``Direct accreditation'' means accreditation of a third-party 
auditor/certification body by FDA and is a term used in section 
808(b)(1)(A)(ii) of the FD&C Act when describing FDA accreditation of 
third-party auditors/certification bodies, without the involvement of a 
recognized accreditation body. The distinction between direct 
accreditation and accreditation by an FDA-recognized accreditation body 
is relevant for some provisions of this rule. For example, under 
proposed Sec.  1.656(b), a directly accredited auditor/certification 
body must send its annual self-assessment reports to FDA, while an 
auditor/certification body accredited by a recognized accreditation 
body must submit its annual self-assessment reports to the 
accreditation body, who is responsible for monitoring and ensuring its 
accredited auditors/certification bodies take timely and effective 
corrective actions, where necessary. FDA will access the accredited 
auditor/certification body self-assessments in monitoring recognized 
accreditation bodies and in conducting the periodic monitoring required 
by section 808(f)(2) of the FD&C Act. This definition will help 
accredited auditors/certification bodies determine which requirements 
apply to them.
    ``Eligible entity'' means a foreign entity that chooses to be 
subject to a food safety audit by an accredited auditor/certification 
body. Eligible entities include foreign facilities subject to the 
registration requirements of 21 CFR part 1, subpart H. The definition 
of ``eligible entity'' corresponds to section 808(a)(6) of the FD&C 
Act, which defines ``eligible entity'' as including (and thus not 
limited to) foreign facilities subject to the registration requirements 
of section 415 of the FD&C Act (21 U.S.C. 350d).
    We seek comment on whether to provide examples of specific types of 
entities that may meet the definition of eligible entity. For example, 
are foreign cooperatives \13\ that aggregate product, such as fruits or 
vegetables, the types of entities that should be able to seek audits 
and certification under this program? We note that the National Organic 
Program (NOP) administered by the U.S. Department of Agriculture's 
(USDA's) Agricultural Marketing Service (AMS), allows producers who are 
located in geographic proximity, who are organized under a single 
management and marketing system and whose farms are ``uniform in most 
ways'' to be certified as a group (Ref. 27).\14\ We seek comment on 
whether these NOP criteria are relevant in determining whether a 
foreign cooperative is an ``eligible entity'' under this proposed rule, 
Are there other types of foreign entities or facilities that should be 
eligible to seek audits and certification under the FDA program?
---------------------------------------------------------------------------

    \13\ Under section 808 of the FD&C Act, foreign cooperatives are 
among the types of groups that are eligible to seek accreditation as 
third-party auditors, provided that they meet the standards and 
requirements for accreditation (e.g., for conflicts of interest).
    \14\ Per USDA, grower group certifications have historically 
been used for the certification of cooperatives located in 
geographical proximity, whose crops are marketed collectively. 
Primary crops produced by grower groups include coffee, cocoa, tea, 
spices, and tropical fruits (Ref. 27).
---------------------------------------------------------------------------

    ``Facility'' means any structure, or structures of an eligible 
entity under one ownership at one general physical location, or, in the 
case of a mobile facility, traveling to multiple locations, that 
manufactures/processes, packs, or holds food for consumption in the 
United States. Transport vehicles are not facilities if they hold food 
only in the usual course of business as carriers. A facility may 
consist of one or more contiguous structures, and a single building may 
house more than one distinct facility if the facilities are under 
separate ownership. The private residence of an individual is not a 
facility. Non-bottled water drinking water collection and distribution 
establishments and their structures are not facilities. This same 
definition of ``facility'' appears in subpart H (21 CFR 1.227(b)(2)).
    ``Facility certification'' means an attestation, issued for 
purposes of section 806 of the FD&C Act by an accredited auditor/
certification body, after conducting a regulatory audit and any other 
activities necessary to establish that a facility meets the applicable 
requirements of the FD&C Act.
    ``Food certification'' means an attestation, issued for purposes of 
section 801(q) of the FD&C Act by an accredited auditor/certification 
body, after conducting a regulatory audit and any other activities 
necessary to establish that a food meets the applicable requirements of 
the FD&C Act.
    These definitions reflect the requirements for, and purpose of, 
certification as described in section 808(c)(2)(B) and (c)(2)(C) of the 
FD&C Act, referencing sections 801(q) (food certification) and 806 
(facility certification) of the FD&C Act. Food and facility 
certifications are the two types of certifications authorized by 
section 808 of the FD&C Act. Further, the food and facility 
certification definitions emphasize that certification is an 
attestation \15\ by the accredited third-party auditor/certification 
body that it has: (1) Conducted a regulatory audit (and any other 
activities necessary to establish compliance); (2) verified that the 
specified criteria have been met; and (3) determined, based on the 
results of those activities, that food or facility certification under 
this program is appropriate.
---------------------------------------------------------------------------

    \15\ We propose to use the word ``attestation'' in Sec.  1.600 
to characterize the nature of the statement that certification 
represents. This is the term used in ISO/IEC 17000:2004 (Ref. 20) 
and also is the term we use when characterizing the nature of our 
export certifications (Ref. 28). We believe that ``attestation'' is 
similar to ``assurance,'' which is the term used in Codex CAC/GL 20-
1995 (Ref. 27).
---------------------------------------------------------------------------

    Codex CAC/GL 20-1995 (Ref. 26) defines ``certification'' as the 
procedure by which certification bodies provide ``written or equivalent 
assurance that foods or food control systems conform to requirements.'' 
ISO/IEC 17000:2004 (Ref. 17) describes certification as an 
``attestation'' related to products, processes, systems, or 
persons.\16\
---------------------------------------------------------------------------

    \16\ We are not defining ``facility certification'' or ``food 
certification'' as an ``approval'' by an accredited auditor/
certification body or by (or on behalf of) FDA, nor do we intend for 
it to be interpreted as such. Among other reasons, we do not have 
preapproval authority for food, except for certain additives that 
are required by law to have our approval prior to marketing. 
Moreover, neither Codex CAC/GL 20-1995 (Ref. 27), nor ISO/IEC 
17000:2004 (Ref. 20) uses the term ``approval'' in defining 
``certification.''
---------------------------------------------------------------------------

    We seek comment on our proposed definitions of ``facility 
certification'' and ``food certification'' and on whether the scope of 
these definitions is sufficiently broad to fulfill the objectives of 
section 808 of the FD&C Act. In addition, we seek comment on whether to 
allow groups meeting the NOP criteria (i.e., having multiple sites 
operating under a single management system and whose

[[Page 45793]]

farms are ``uniform in most ways,'' to be issued (group) food 
certifications, facility certifications, or both.
    ``Food safety audit'' means a regulatory audit or a consultative 
audit by an accredited auditor/certification body under this program. 
This term is used throughout section 808 of the FD&C Act, including in 
the definitions of ``audit agent,'' ``third-party auditor,'' and 
``accredited third-party auditor.'' The definition of ``third-party 
auditor'' in section 808(a)(3) of the FD&C Act in particular, mentions 
regulatory and consultative audits in the context of food safety 
audits. Therefore, we used the definitions of ``consultative audit'' 
and ``regulatory audit'' contained in section 808(a)(5) and (a)(7) of 
the FD&C Act in developing a definition of ``food safety audit.''
    Table 1 describes consultative audits and regulatory audits and the 
distinctions between them.

                Table 1--Types and Characteristics of Food Safety Audits Under the Proposed Rule
----------------------------------------------------------------------------------------------------------------
                                                                  Report submitted to
            Type of audit                      Purpose                    FDA?            Records access by FDA?
----------------------------------------------------------------------------------------------------------------
Regulatory Audit.....................  For certification and    Yes....................  FDA may request
                                        report may be used      Submitted no later than   submission at any
                                        under FSVP.              45 days after the        time.
                                                                 audit..
Consultative Audit...................  Internal purposes......  No.....................  FDA access under
                                                                                          section 414 of the
                                                                                          FD&C Act.
----------------------------------------------------------------------------------------------------------------

    ``Foreign cooperative'' means an entity that aggregates food from 
growers or processors that is intended for export to the United States. 
Section 808 of the FD&C Act does not provide a definition of ``foreign 
cooperative,'' so we relied upon the statutory description of foreign 
cooperatives in section 808(c)(1)(B) of the FD&C Act.
    ``Recognized accreditation body'' means an accreditation body that 
FDA has determined meets the applicable requirements and is authorized 
to accredit third-party auditors/certification bodies under this 
program. This definition is based in part on the definition of 
accreditation body in section 808 of the FD&C Act and incorporates the 
concept of ``recognition'' that also appears there. The term 
``recognition'' is also used in section 422 of the FD&C Act (21 U.S.C. 
350k), as amended by FSMA, to describe the status we will accord to a 
laboratory accreditation body that accredits laboratories for purposes 
of food testing under the FD&C Act.
    We also use the term ``recognition'' in the 2009 guidance (Ref. 5) 
and in other FDA programs. In the 2009 guidance, which predates FSMA, 
we mentioned the possible future ``recognition'' of one or more third-
party certification programs. Though FSMA directs us to structure our 
third-party program differently than we envisioned in 2009, the concept 
of ``recognition'' by FDA is similar.
    ``Regulatory audit'' is defined in the statute and means an audit 
of an eligible entity:
    1. To determine whether such entity is in compliance with the 
provisions of the FD&C Act; and
    2. The results of which are used in determining eligibility for 
food certification under section 801(q) of the FD&C Act or facility 
certification under section 806 of the FD&C Act. This definition 
includes language from proposed Sec.  1.698, which would allow an 
importer to use a regulatory audit report in meeting proposed 
requirements for verification of a foreign supplier under subpart L of 
this part.
    ``Relinquishment'' means:
    1. With respect to an accreditation body, a decision to cede 
voluntarily its authority to accredit third-party auditors/
certification bodies as a recognized accreditation body; and
    2. With respect to a third-party auditor/certification body, a 
decision to cede voluntarily its authority to conduct food safety 
audits and to issue food and facility certifications to eligible 
entities.
    We included a definition of ``relinquishment'' in this proposed 
rule because we recognize that an accreditation body, once recognized, 
or a third-party auditor/certification body, once accredited, may 
decide to leave the program and would need a process to voluntarily 
exit the program. Relinquishment differs from revocation of recognition 
and withdrawal of accreditation, as it occurs on the initiative of the 
accreditation body or third-party auditor/certification body and not as 
a result of our finding good cause to remove its recognition or 
accreditation status. Analogous language on relinquishment of 
accreditation appears in our mammography regulations in 21 CFR 900.3.
    ``Self-assessment'' means a systematic assessment conducted by an 
accreditation body to determine whether it meets the recognition 
requirements in Sec. Sec.  1.610 through 1.625, or by a third-party 
auditor/certification body to determine whether it meets the 
accreditation requirements in Sec. Sec.  1.640 through 1.658. ``Self-
assessment'' is defined in this proposed rule in a manner consistent 
with its use in our MFRPS for State food regulatory programs (Ref. 12). 
The MFRPS require States to conduct periodic self-assessments of their 
manufactured food regulatory programs against each of the 10 program 
standards. These self-assessments are designed to identify the 
strengths and weaknesses of the State program by determining the level 
of conformance with the program standards and are independently 
verified through an audit. The results of the initial self-assessments 
are used to develop an improvement plan, and subsequent self-
assessments are used to track the State's progress toward meeting and 
maintaining conformance with the MFRPS.
    The concept of self-assessment is used in international consensus 
standards as well. For example, ISO/IEC Guide 65:1996 (Ref. 20) 
requires a certification body to conduct periodic internal audits to 
verify that its quality system is implemented and effective, that 
corrective actions are taken in a timely and appropriate manner, and 
that records of such reviews are maintained. Both ISO/IEC 17011:2004 
(Ref. 18) and ISO/IEC 17021:2011 (Ref. 19) require internal audits as 
well. Self-assessments are a valuable component of a continuous 
improvement process under our standards and the voluntary consensus 
standards described in this preamble.
    ``Third-Party Auditor'' means a foreign government, agency of a 
foreign government, foreign cooperative, or any other third party that 
is eligible to be considered for accreditation to conduct food safety 
audits and to certify that eligible entities meet the applicable 
requirements of the FD&C Act. A third-party auditor may be a single 
individual or an organization. A third-party auditor may use audit 
agents to conduct food safety audits. Third-Party Auditor has the same 
meaning as Certification Body as that term is defined in this subpart.

[[Page 45794]]

The definition of ``third-party auditor'' is based on section 808 of 
the FD&C Act and clarifies our role in direct accreditation and the 
relationship between audits and certifications under section 808 of the 
FD&C Act. For the reasons explained in the preamble discussion of the 
definition of ``certification body,'' ``third-party auditor'' will have 
the same meaning as ``certification body'' for purposes of this rule.
    b. Who is subject to this subpart? (Proposed Sec.  1.601). This 
proposed rule would apply to those accreditation bodies, third-party 
auditors/certification bodies, and eligible entities that seek to 
participate in our program for third-party food safety audits and 
certification. Participating is voluntary; however any accreditation 
body wishing to accredit third-party auditors/certification bodies 
under our program would have to comply with the applicable requirements 
of the final rule. Under the FDA program, any third-party auditor/
certification body wishing to conduct food safety audits and issue food 
and facility certifications and any eligible entity that seeks a food 
safety audit or food or facility certification would have to comply 
with the applicable requirements of the final rule.\17\
---------------------------------------------------------------------------

    \17\ The terms, ``third-party auditor/certification body,'' 
``consultative audit,'' ``regulatory audit,'' ``food 
certification,'' ``facility certification,'' and ``eligible entity'' 
are defined under this proposed rule.
---------------------------------------------------------------------------

    This proposed rule would codify a limited exemption created by 
section 116 of FSMA (21 U.S.C. 2206) applicable to certification of 
food under section 801(q) of the FD&C Act. Section 116(a) of FSMA 
states that, except as provided by certain listed sections in the FSMA, 
nothing in FSMA, or the amendments made by FSMA, will be construed to 
apply to a facility that (1) under the Federal Alcohol Administration 
Act (27 U.S.C. 201 et seq.) or chapter 51 of subtitle E of the Internal 
Revenue Code of 1986 (26 U.S.C. 5001 et seq.) is required to obtain a 
permit or to register with the Secretary of the Treasury as a condition 
of doing business in the United States; and (2) under section 415 of 
the FD&C Act is required to register as a facility because such 
facility is engaged in manufacturing, processing, packing, or holding 
one or more alcoholic beverages (with respect to the activities of such 
facility that relate to the manufacturing, processing, packing, or 
holding of alcoholic beverages).
    Section 116(b) of FSMA provides that section 116(a) does not apply 
to a facility engaged in the receipt and distribution of any non-
alcohol food, except that section 116(a) does apply to a facility 
described in section 116(a) that receives and distributes non-alcohol 
food, provided such food is received and distributed (1) in a 
prepackaged form that prevents any direct human contact with such food, 
and (2) in amounts that constitute not more than 5 percent of the 
overall sales of such facility, as determined by the Secretary of the 
Treasury.
    Section 116(c) of FSMA provides that, except as provided in section 
116(a) and (b), section 116 cannot be construed to exempt any food, 
other than alcoholic beverages, as defined in section 214 of the 
Federal Alcohol Administration Act (27 U.S.C. 214), from the 
requirements of FSMA (including amendments made by FSMA).
    The Preventive Controls proposed rule includes provisions 
implementing the exemptions provided in section 116 of FSMA to 
establish by regulation the reach of the exemptions. As discussed in 
the preamble to the Preventive Controls proposed rule, FDA tentatively 
concludes the following regarding the reach of the exemptions for the 
purposes of that rule:
     The phrase ``obtain a permit or register'' should be 
interpreted broadly, to include not only facilities that must obtain 
what is technically named a ``permit'' or must ``register'' with 
Treasury, but also those facilities that must adhere to functionally 
similar requirements as a condition of doing business in the United 
States, namely, by submitting a notice or application to Treasury and 
obtaining Treasury approval of that notice or application.
     The exemption would apply not only to domestic facilities 
that are required to secure a permit, registration, or approval from 
Treasury under the relevant statutes, but also to foreign facilities of 
a type that would require such a permit, registration, or approval if 
they were domestic facilities.
     Activities related to alcoholic beverages (including the 
manufacturing, processing, packing, or holding of alcoholic beverages) 
at facilities within the scope of section 116(a) of FSMA would not be 
subject to section 418 of the FD&C Act. Activities related to foods 
other than alcoholic beverages (including the receiving, manufacturing, 
processing, packing, holding, and distributing of such foods) would be 
subject to section 418 even if those activities occur at facilities 
that are otherwise within the scope of section 116(a) (unless they 
qualify for another exemption or are in prepackaged form and constitute 
5 percent or less of the facility's overall sales). (For clarity, we 
use the term ``food other than alcoholic beverages'' rather than ``non-
alcohol food'' in the Preventive Controls proposed rule and in this 
document.)
     Section 418 of the FD&C Act does not apply to the 
manufacturing, processing, packing, or holding of food other than 
alcoholic beverages to the extent that it is physically inseparable 
from the manufacturing, processing, packing, or holding of alcoholic 
beverages.
    Section 116 of FSMA is premised in part upon status as a facility 
required to register under section 415 of the FD&C Act (section 
116(a)(2) of FSMA). As provided in section 808, eligible entities 
include foreign facilities registered under section 415 of the FD&C 
Act.
    Therefore, to implement the exemption in section 116 of FSMA, under 
proposed Sec.  1.601(d)(1), certification of food under section 801(q) 
of the FD&C Act would not apply with respect to alcoholic beverages 
from an eligible entity that is a facility that meets the following two 
conditions:
     Under the Federal Alcohol Administration Act or chapter 51 
of subtitle E of the Internal Revenue Code of 1986 (26 U.S.C. 5001 et 
seq.), the facility is a foreign facility of a type that, if it were a 
domestic facility, would require obtaining a permit from, registering 
with, or obtaining approval of a notice or application from the 
Secretary of the Treasury as a condition of doing business in the 
United States; and
     Under section 415 of the FD&C Act, the facility is 
required to register as a facility because it is engaged in 
manufacturing/processing one or more alcoholic beverages.
    Proposed Sec.  1.601(d)(2) specifies that certification of food 
under section 801(q) of the FD&C Act also would not apply with respect 
to food other than alcoholic beverages from a facility described in 
paragraph (d)(2), provided such food:
     Is in prepackaged form that prevents any direct human 
contact with such food; and
     Constitutes not more than 5 percent of the overall sales 
of the facility, as determined by the Secretary of the Treasury.
    This exemption does not apply to facility certification required by 
section 806 of the FD&C Act.
    We request comment on our proposed exemption of alcoholic beverages 
and food other than alcoholic beverages under the conditions specified 
in proposed Sec.  1.601(d).
    As described in the ``Summary of Major Provisions of the Proposed 
Rule,'' this rule would apply only to entities

[[Page 45795]]

that voluntarily participate in our accredited third-party audits and 
certification program, which would be the following: (1) Accreditation 
bodies seeking recognition, or recognized, under this program; (2) 
third-party auditors/certification bodies (including their audit 
agents) that seek accreditation, or are accredited under this program; 
and (3) eligible entities that seek food safety audits from, or that 
are audited or certified by, accredited auditors/certification bodies 
under this program, except for an eligible entity that meets the 
criteria for exemption under section 116 of FSMA.
    We invite comment on the scope of this proposed rule, including 
comments on its anticipated effects on accreditation bodies and third-
party auditors/certification bodies already performing these 
activities, or that may be interested in doing so. We also seek comment 
on its anticipated effect on foreign food facilities and other eligible 
entities that are currently audited by third-party auditors/
certification bodies.
2. Recognition of Accreditation Bodies
    This rule would establish the following: (1) The eligibility 
requirements for an accreditation body to be authorized 
(``recognized'') by FDA to accredit third-party auditors/certification 
bodies under the accredited third-party audits and certification 
program; (2) requirements on recognized accreditation bodies for 
activities conducted under our program; and (3) procedures FDA and 
accreditation bodies will follow relating to recognition, including 
application, renewal, revocation, voluntary relinquishment, and 
reinstatement of recognition.

         Table 2--Proposed Requirements for Accreditation Bodies
------------------------------------------------------------------------
 Proposed rule section                        Title
------------------------------------------------------------------------
         Recognition of accreditation bodies under this subpart
------------------------------------------------------------------------
1.610..................  Who is eligible for recognition?
1.611..................  What legal authority must an accreditation body
                          have to qualify for recognition?
1.612..................  What competency and capacity must an
                          accreditation body have to qualify for
                          recognition?
1.613..................  What protections against conflicts of interest
                          must an accreditation body have to qualify for
                          recognition?
1.614..................  What quality assurance procedures must an
                          accreditation body have to qualify for
                          recognition?
1.615..................  What records procedures must an accreditation
                          body have to qualify for recognition?
------------------------------------------------------------------------
   Requirements for recognized accreditation bodies under this subpart
------------------------------------------------------------------------
1.620..................  How must a recognized accreditation body assess
                          third-party auditors/certification bodies
                          seeking accreditation?
1.621..................  How must a recognized accreditation body
                          monitor the performance of auditors/
                          certification bodies it accredits?
1.622..................  How must a recognized accreditation body
                          monitor its own performance?
1.623..................  What reports and notifications must a
                          recognized accreditation body submit to FDA?
1.624..................  How must a recognized accreditation body
                          protect against conflicts of interest?
1.625..................  What records requirements must a recognized
                          accreditation body meet?
------------------------------------------------------------------------
  Procedures for recognition of accreditation bodies under this subpart
------------------------------------------------------------------------
1.630..................  How do I apply to FDA for recognition or
                          renewal of recognition?
1.631..................  How will FDA review applications for
                          recognition and for renewal of recognition?
1.632..................  What is the duration of recognition?
1.633..................  How will FDA monitor recognized accreditation
                          bodies?
1.634..................  When will FDA revoke recognition?
1.635..................  How do I voluntarily relinquish recognition?
1.636..................  How do I request reinstatement of recognition?
------------------------------------------------------------------------

    Section 808 of the FD&C Act directs us to establish a system for 
recognition of accreditation bodies to accredit third-party auditors/
certification bodies and generally describes the roles and 
responsibilities of recognized accreditation bodies under the 
accredited third-party audits and certification program. The statute 
requires each recognized accreditation body to: (1) Ensure that third-
party auditors/certification bodies (and audit agents) meet FDA's model 
accreditation standards; (2) perform such reviews and audits necessary 
to determine that a third-party auditor/certification body meets the 
statutory requirements for accreditation; \18\ (3) require a third-
party auditor/certification body to agree to issue certifications in a 
form required by FDA, as a condition of accreditation; and (4) submit 
to FDA a list of all third-party auditors/certification bodies it 
accredited (and the audit agents of each).
---------------------------------------------------------------------------

    \18\ See section 808(c)(1)(A) and (c)(1)(B) of the FD&C Act.
---------------------------------------------------------------------------

    a. Who is eligible for recognition? (Proposed Sec.  1.610). This 
proposed rule would establish eligibility requirements an accreditation 
body would have to meet to qualify for recognition by FDA under the 
accredited third-party audits and certification program. Proposed Sec.  
1.610 states that an accreditation body is eligible for recognition if 
it can demonstrate that it meets requirements relating to legal 
authority, competency, capacity, conflicts of interest, quality 
assurance, and records in proposed Sec. Sec.  1.611 through 1.615.
    In developing this proposed rule, we considered eligibility 
requirements that would help us ensure that accreditation bodies 
seeking recognition--whether public or private, newly formed or long 
standing--are sufficiently qualified to accredit third-party auditors/
certification bodies under our program. We considered the approach 
taken by NIST in its National Voluntary Conformity Assessment Systems 
Evaluation (NVCASE) Program, which is a voluntary program to evaluate 
and recognize organizations which support conformity assessment 
activities (Ref. 28). The NVCASE program handbook states that ISO/IEC 
17011:2004 (Ref. 18) provides that the basic general criteria

[[Page 45796]]

that an accreditor of certification bodies must satisfy for NVCASE 
recognition (Ref. 28). We have tentatively concluded that key elements 
of ISO/IEC 17011: 2004 (Ref. 18) provide an appropriate basis for these 
requirements.\19\ We also considered our 2009 FDA guidance (Ref. 
5),\20\ which states that conformance to ISO/IEC 17011:2004 (Ref. 18) 
helps provide assurance of the reliability and competence of 
accreditation bodies.
---------------------------------------------------------------------------

    \19\ ISO/IEC 17011:2004 contains requirements that are not 
applicable to our program (e.g., liability arrangements). While an 
accreditation body would not need to conform to ISO/IEC 17011:2004 
to qualify for recognition under our program, an accreditation body 
that satisfies the requirements of ISO/IEC 17011:2004 could use that 
in demonstrating it meets the recognition requirements in this rule.
    \20\ We intend to withdraw the 2009 Guidance upon publication of 
a final rule for accredited third-party audits and certification 
under section 808 of the FD&C Act.
---------------------------------------------------------------------------

    We also considered current food industry practices. For example, 
GFSI requires food safety scheme owners to use accreditation bodies 
that comply with ISO/IEC 17011:2004 (Ref. 18) for GFSI-benchmarked food 
safety schemes (Ref. 29). In stakeholder meetings, some stakeholders 
have suggested that FDA consider requiring accreditation bodies 
participating in the accredited third-party audits and certification 
program to be signatories to a multilateral recognition agreement of 
the International Accreditation Forum (IAF). IAF is an organization for 
accreditors of conformity assessment bodies and is a counterpart to 
International Laboratory Accreditation Cooperation (ILAC), for 
laboratory accreditation bodies.\21\ The IAF multilateral recognition 
arrangement (IAF-MLA) (Ref. 30) requires signatories to conform to ISO/
IEC 17011:2004, among other things.
---------------------------------------------------------------------------

    \21\ The ILAC is an international body, established in 1977, to 
help ensure the competency, independence, rigor, and objectivity of 
accreditation bodies that accredit laboratories against 
international standards. The ILAC-mutual recognition agreement 
requires signatories to conduct their activities in accordance with 
ISO/IEC 17011:2004. FDA laboratory programs have worked with ILAC 
and other ILAC signatories for many years.
---------------------------------------------------------------------------

    Unlike our established history with ILAC and ILAC signatories, our 
food and feed programs lack similar experience with the IAF. We have 
found few examples of Federal agencies that require accreditation 
bodies for conformity assessment bodies to be signatories to the IAF-
MLA (for accreditation of product and management system certification) 
and that use signatory status as the sole criterion for accreditation 
bodies. For example, the Department of Health and Human Services is not 
requiring approved accreditors in its Health Information Technology 
certification program (45 CFR part 170) to be signatories to the IAF-
MLA, although signatory status could be provided in support of an 
applicant's request for approval. By contrast, the Environmental 
Protection Agency's WaterSense program (Ref. 31) requires product 
accreditors to be signatories to the IAF-MLA (Ref. 30). The WaterSense 
program is not a regulatory program; rather, it is a partnership 
program.
    We do not have adequate information at this time to propose to 
require accreditation bodies participating in the accredited third-
party audits and certification regulatory program to be IAF-MLA 
signatories--whether as the sole requirement for recognition under 
Sec.  1.610 or as one of several factors in support of recognition. We 
have, however, tentatively concluded that documented conformance to 
ISO/IEC 17011:2004 (Ref. 18) would be relevant in demonstrating that an 
accreditation body is qualified for recognition. We invite comments and 
examples (in particular, examples from regulatory programs) in support 
of, or opposition to, using an accreditation body's status as a 
signatory to an IAF MLA as the sole criterion for recognition or as a 
factor weighing in favor of an application for recognition under the 
accredited third-party audits and certification program.
    b. What legal authority must an accreditation body have to qualify 
for recognition? (Proposed Sec.  1.611). This proposed rule would 
require accreditation bodies seeking recognition to demonstrate they 
have sufficient legal authority to adequately assess third-party 
auditors/certification bodies for accreditation and in conducting 
oversight of them, once accredited.
    Proposed Sec.  1.611 would allow both governmental bodies, with 
accreditation authority inherent in their roles as public officials, 
and private bodies, who have authority under contracts with third-party 
auditors/certification bodies, to qualify for recognition if they have 
the sufficient authority to conduct accreditation activities. This 
includes adequate authority to access records; to conduct onsite 
performance assessments, reassessments, and surveillance; and to grant, 
modify, and remove accreditation status.
    ISO/IEC 17011:2004 (Ref. 18) contains similar requirements for 
bodies accrediting third-party auditors/certification bodies for 
product and management system certification. Clause 4.1 requires 
accreditation bodies to be registered legal entities and explains that 
governmental accreditation bodies are considered legal entities because 
of their governmental status. Clause 4.2.2 states that accreditation 
bodies must have the authority and responsibility to decide on 
granting, maintaining, extending, reducing, suspending, and withdrawing 
accreditation.\22\
---------------------------------------------------------------------------

    \22\ ISO/IEC 17011:2004 also contains requirements relating to 
documentation of the roles and responsibilities of accreditation 
body management and personnel involved in accreditation activities. 
Matters such as these will be more fully explained in the Model 
Accreditation Standards we plan to issue.
---------------------------------------------------------------------------

    Proposed Sec.  1.611(b) would require an accreditation body to 
demonstrate that it has the adequate legal authority to meet the 
requirements for a recognized accreditation body in proposed Sec. Sec.  
1.611 through 1.615, including assessing third-party auditors/
certification bodies for accreditation, monitoring accredited auditors/
certification bodies, perform self-assessments, submitting reports and 
notifications to FDA, implementing procedures to protect against 
conflicts of interest, establishing and maintaining records, and 
following the applicable procedural requirements of our program.
    We are not proposing to require a newly recognized accreditation 
body to wait a certain period of time before beginning to conduct 
accreditation activities under our program. Its accreditation authority 
goes into effect at the moment of recognition. Therefore, we believe 
that an accreditation body seeking recognition must demonstrate its 
capacity to fulfill the roles and responsibilities of recognition, if 
granted. We believe that an accreditation body could meet this 
requirement by providing documentation of its authority to perform 
activities required by proposed Sec. Sec.  1.611 through 1.615. We 
expect this documentation to be provided primarily in the form of 
standard language for contracts with eligible entities under the FDA 
accredited third-party audits and certification program. However, we 
will accept other types of documents (e.g., Standard Operating 
Procedures) that can (individually or as part of a set of documents) 
demonstrate that the accreditation body has adequate legal authority to 
conduct the activities required by proposed Sec.  1.611 through 1.615.
    We invite comment on our proposal to require accreditation bodies 
to have demonstrable evidence to support a conclusion that they would 
have adequate legal authority to meet our requirements (e.g., authority 
to withdraw accreditation for cause), if recognized. We also seek 
examples of other types of evidence that might

[[Page 45797]]

demonstrate the scope of an applicant's legal authority. For comments 
opposing this requirement, we request comment on what, if any, 
requirements we should put in place to ensure that an accreditation 
body applying to us for recognition would be equipped, upon 
recognition, to perform the obligations required under the program.
    c. What competency and capacity must an accreditation body have to 
qualify for recognition? (Proposed Sec.  1.612). This rule would 
require accreditation bodies seeking recognition to demonstrate 
adequate resources to fully implement its accreditation program. Under 
proposed Sec.  1.612, an accreditation body must have adequate numbers 
of personnel or other agents with relevant knowledge, skills, and 
experience to adequately assess and monitor third-party auditors/
certification bodies. The accreditation body also would have to show it 
has adequate financial resources for its operations. In the guidance, 
we will explain the types of expertise and training we expect to see 
when reviewing accreditation body records and conducting onsite 
performance assessments. We also will explain the types of 
documentation that might be used to demonstrate financial viability.
    ISO/IEC 17011: 2004, clause 6.1 (Ref. 18) requires accreditation 
bodies to have a sufficient number of competent personnel (internal and 
external) with the educational background, technical qualifications, 
training, skills, and experience necessary for the accreditation body's 
activities. Clause 4.5.2 requires accreditation bodies to demonstrate 
they have financial resource required for accreditation activities.\23\
---------------------------------------------------------------------------

    \23\ ISO/IEC 17011:2004 contains some requirements that are not 
applicable to our program. For example, it contains requirements 
relating to liability coverage.
---------------------------------------------------------------------------

    Under proposed Sec.  1.612(b) an accreditation body seeking to 
qualify for recognition must demonstrate that it has the capability to 
adequately assess third-party auditors/certification bodies seeking 
accreditation and to monitor accredited auditors/certification bodies 
through performance assessments. It also must be capable of submitting 
reports and notifications to FDA in the manner we propose and to follow 
the procedural requirements under our program. As previously explained, 
an accreditation body will be authorized to begin accreditation 
activities under our program immediately upon recognition. Therefore, 
we need to have adequate assurance of its ability to meet the 
competency and capacity requirements of a recognized accreditation body 
when deciding whether to grant recognition.
    d. What protections against conflicts of interest must an 
accreditation body have to qualify for recognition? (Proposed Sec.  
1.613). This proposed rule would require accreditation bodies to have 
established programs to safeguard against conflicts of interest that 
might compromise their objectivity and independence from third-party 
auditors/certification bodies. Proposed Sec.  1.613 would require 
accreditation bodies seeking recognition to have written measures to 
safeguard against financial conflicts of interest between the 
accreditation body (and its officers, personnel, and other agents) and 
third-party auditors/certification bodies (and their officers, 
personnel, and other agents). Without these conflict of interest 
requirements, we believe it would be difficult for an accreditation 
body to demonstrate adequate independence in accrediting auditors/
certification bodies, as required under our accredited third-party 
auditing and certification program.
    ISO/IEC 17011: 2004, clause 4.3.4 (Ref. 18) requires accreditation 
bodies to ensure that personnel and committees that could influence the 
accreditation process act objectively and be free from any undue 
commercial pressures that could compromise impartiality.\24\
---------------------------------------------------------------------------

    \24\ ISO/IEC 17011 contains additional requirements relating to 
opportunities for involvement by interested parties and the manner 
in which the accreditation body presents its services. Such matters 
are beyond the scope of our program.
---------------------------------------------------------------------------

    Under proposed Sec.  1.613(b), an accreditation body seeking 
recognition must demonstrate the capability to meet the conflict of 
interest requirements that would apply under Sec.  1.624, upon 
recognition. This measure is necessary to help ensure that any 
accreditation activities conducted after recognition would be 
considered objective and independent under our program.
    e. What quality assurance procedures must an accreditation body 
have to qualify for recognition? (Proposed Sec.  1.614). This proposed 
rule would require accreditation bodies seeking recognition to have 
written quality assurance procedures in place. Proposed Sec.  1.614(a) 
requires an accreditation body seeking recognition to have a program 
for monitoring and assessing the performance of its officers, 
personnel, and other agents and for assessing the effectiveness of its 
accreditation program. The program must include procedures for 
identifying areas for improvement and quickly executing corrective 
actions.
    ISO/IEC 17011 (Ref. 18) requires accreditation bodies to establish 
procedures for internal audits (clause 5.7.1) and to identify 
nonconformities in its operations (clause 5.5), opportunities for 
improvement, and preventive actions to address root causes (clause 
5.6). Clause 5.8 requires periodic management reviews.
    Proposed Sec.  1.614(b) requires the accreditation body to 
demonstrate it has the capability to meet the quality assurance 
requirements of Sec.  1.622, for performing annual self-assessments 
against our requirements and reporting the results of such self-
assessments. The guidance we plan to issue will discuss the elements of 
an effective quality assurance program for accreditation bodies.
    f. What records procedures must an accreditation body have to 
qualify for recognition? (Proposed Sec.  1.615). This proposed rule 
would require accreditation bodies seeking recognition to have written 
records procedures in place. Under proposed Sec.  1.615(a), an 
accreditation body would have to demonstrate that it has written 
procedures for establishing, controlling, and retaining records on its 
accreditation program and activities. While we are not proposing that 
an accreditation body must have retained records for a specified period 
of time prior to its recognition, we believe it is necessary for an 
accreditation body to have maintained records for such length of time 
to allow us to adequately assess its program and performance to 
determine whether it is qualified for recognition. The accreditation 
body also must maintain records as required by its existing legal 
obligations. Our guidance will explain these recordkeeping, document 
control, and retention requirements.
    Clause 5.4.1 of ISO/1EC 17011: 2004 (Ref. 18) requires 
accreditation bodies to establish procedures for identification, 
collection, filing, storage, maintenance, and disposal of records. 
Under clause 5.4.2, records procedures must require records to be 
retained for a period consistent with the accreditation body's 
contractual and legal obligations. The accreditation body must have 
procedures to control internal and external documents relating to its 
activities, under clause 5.3.\25\
---------------------------------------------------------------------------

    \25\ Requiring accreditation bodies to exert control over 
external documents relating to its accreditation activities would be 
inconsistent with our program.
---------------------------------------------------------------------------

    Proposed Sec.  1.615(b) would require an accreditation body seeking 
recognition to demonstrate its capability to meet the requirements of a 
recognized accreditation body. This would include,

[[Page 45798]]

for example, capacity for maintaining records for 5 years, which is the 
maximum length for which recognition could be granted. It also requires 
recognized accreditation bodies to give us access to records on 
activities conducted under our program. Clause 4.4 of ISO/IEC 17011: 
2004 (Ref. 18) requires accreditation bodies to have adequate 
arrangements to maintain the confidentiality of information obtained 
through its accreditation activities. Confidential information about a 
third-party auditor/certification bodies must not be disclosed without 
the written consent of the auditor/certification body unless the law 
requires the information to be disclosed without such consent. 
Accreditation bodies applying for recognition must demonstrate their 
capacity, if recognized, to grant us access to confidential 
information, including information contained in records, without prior 
written consent of the auditor/certification body involved. Having 
access to records relating to accreditation activities (including 
confidential information) under this subpart is necessary to ensure the 
rigor, credibility, and independence of the program.
3. Requirements for Recognized Accreditation Bodies

  Table 3--Proposed Requirements for Accreditation Bodies Recognized by
                                   FDA
------------------------------------------------------------------------
 Proposed Rule Section                        Title
------------------------------------------------------------------------
1.620..................  How must a recognized accreditation body assess
                          third-party auditors/certification bodies
                          seeking accreditation?
1.621..................  How must a recognized accreditation body
                          monitor the performance of auditors/
                          certification bodies it accredits?
1.622..................  How must a recognized accreditation body
                          monitor its own performance?
1.623..................  What reports and notifications must a
                          recognized accreditation body submit to FDA?
1.624..................  How must a recognized accreditation body
                          protect against conflicts of interest?
1.625..................  What records requirements must a recognized
                          accreditation body meet?
------------------------------------------------------------------------

    Proposed Sec. Sec.  1.620 through 1.625 contain the requirements 
that a recognized accreditation body would have to meet when conducting 
activities under our program.
    a. How must a recognized accreditation body assess third-party 
auditors/certification bodies seeking accreditation? (Proposed Sec.  
1.620). This proposed rule would establish criteria and procedures a 
recognized accreditation body must use in assessing third-party 
auditors/certification bodies for accreditation.
    Proposed Sec.  1.620(a)(1) requires a recognized accreditation body 
to assess foreign governments/agencies by evaluating the food safety 
programs, systems, and standards of the government/agency to determine 
that the government/agency meets the eligibility requirements for 
accreditation under Sec.  1.640(b), except where the criteria for 
direct accreditation in proposed Sec.  1.670(a) are met.\26\ Proposed 
Sec.  1.620(a)(2) requires a recognized accreditation body to assess 
the internal systems and the training and qualifications of audit 
agents used by a foreign cooperative or other third party to determine 
that the cooperative/party meets the eligibility requirements for 
accreditation under Sec.  1.640(c).
---------------------------------------------------------------------------

    \26\ Under section 808(b)(1)(A)(ii) of the FD&C Act, we may 
begin to directly accredit third-party auditors/certification bodies 
if we have not identified and recognized an accreditation body to 
meet the requirements of the section within 2 years after 
establishing the system.
---------------------------------------------------------------------------

    Proposed Sec.  1.620(a)(1) and (a)(2) are based on section 
808(c)(1) to (c)(3) of the FD&C Act, which distinguishes between the 
assessments of foreign governments/agencies and the assessments for 
foreign cooperatives/other third parties seeking accreditation. They 
also require a recognized accreditation body to assess any third-party 
auditor/certification body under the model accreditation standards we 
must issue under section 808(b)(2) of the FD&C Act. The model 
accreditation standards will specify the authority, competency, 
capacity, impartiality, quality assurance, and records that a third-
party auditor/certification body must have to qualify for accreditation 
under our program.
    Proposed Sec.  1.620(a)(3) requires recognized accreditation bodies 
to observe a statistically significant number \27\ of onsite food 
safety audits by a third-party auditor/certification body (or its audit 
agents) seeking accreditation. Correspondingly, ISO/IEC 17011: 2004, 
clause 7.7.3 (Ref. 18) requires an accreditation body's assessment team 
to witness the performance of a representative number of staff to 
provide assurance of the auditor's/certification body's competency.
---------------------------------------------------------------------------

    \27\ Generally speaking, we consider ``statistical 
significance'' to be an interpretation of statistical data 
indicating that an occurrence was likely the result of a causative 
factor and not simply a chance result. With observations of a 
statistically significant number of accredited auditors/
certification bodies, recognized accreditation bodies will be able 
to exert an appropriate degree of oversight of its accredited 
auditors/certification bodies, using the data to help determine 
whether its accreditation program and activities are functioning 
appropriately.
---------------------------------------------------------------------------

    Proposed Sec.  1.620(b) requires a recognized accreditation body to 
impose three conditions on any accreditation under this program as 
follows:
     The third-party auditor/certification body must comply 
with the audit reporting requirements contained in proposed Sec.  
1.656, which is drawn from section 808(c)(3) of the FD&C Act (which 
makes it a condition of accreditation to prepare consultative audit 
reports within 45 days after conducting an audit and, for regulatory 
audits, to submit an audit report within 45 days after conducting an 
audit).
     The third-party auditor/certification body must agree to 
submit electronic certifications to FDA, where appropriate based on the 
results of a regulatory audit. Under section 808(c)(2)(A) of the FD&C 
Act, we have tentatively concluded that submission of electronic 
certification (as opposed to paper certification) is appropriate for 
the following reasons:
    [cir] It would be too time-consuming and resource intensive to 
review paper-based facility certifications and might result delays that 
would frustrate the purpose of the VQIP program for expedited review 
and entry of products; and
    [cir] Requiring submission and manual review of paper food and 
facility certifications would undermine to our efforts to use robust, 
integrated databases to replace manual review, analysis, and reporting 
of data.
     A third-party auditor/certification body would have to 
comply with the requirement in section 808(c)(4)(A) of the FD&C Act to 
notify us immediately upon discovering, during a food safety audit, a 
condition that could cause or contribute to a serious risk to the 
public health, as a condition of its accreditation. Having timely 
notification of such risks directly affects our ability to respond 
rapidly to protect the public health. We believe this notification

[[Page 45799]]

requirement is of such a critical nature that, we are proposing to 
require compliance as a condition of accreditation. We seek comment on 
our tentative conclusion to require compliance with section 
808(c)(4)(A) of the FD&C Act a condition of accreditation.
    Proposed Sec.  1.620(c) requires recognized accreditation bodies to 
maintain records relating to its accreditation activities under the 
program. These include records on any denial of accreditation and on 
any withdrawal, suspension, or decision to reduce the scope of an 
accreditation for cause.\28\ Such records must include the name and 
contact information for such certification body, the scope of 
accreditation denied, withdrawn, suspended, or reduced, and the basis 
for the action. Having access to records on denials of accreditation 
and actions taken due to nonconformities will help us in assessing the 
performance of the recognized accreditation body and also will allow us 
to determine whether poorly performing third-party auditors/
certification bodies are attempting to ``shop'' for favorable 
accreditation decisions elsewhere. Both are important for our oversight 
of the program.
---------------------------------------------------------------------------

    \28\ Denial, withdrawal, suspension, and reduction in scope of 
accreditation differ from voluntary relinquishment of accreditation 
under proposed Sec.  1.665, which is an action taken on the 
initiative of the auditor/certification body and is not based on a 
finding of nonconformity by its accreditation body.
---------------------------------------------------------------------------

    In proposed Sec.  1.620(d), we require recognized accreditation 
bodies to have written procedures in place to consider appeals from 
third-party auditors/certification bodies to adverse accreditation 
decisions. The written procedures must offer protections similar to 
those afforded by FDA under proposed Sec. Sec.  1.692 and 1.693 and 
include requirements to make the appeals procedures publicly available, 
have the appeal investigated and decided upon by people different than 
those involved in the subject matter of the appeal, notify the auditor/
certification body of the final decision on the appeal, and maintain 
records on the appeal, the final decision, and the basis for the 
decision. This provision is analogous to clause 7.10.2 of ISO/IEC 
17011:2004 (Ref. 18), which requires accreditation bodies to establish 
similar procedures for handling appeals by auditors/certification 
bodies. We emphasize that we are not proposing to review a decision by 
a recognized accreditation body to deny, withdraw, suspend, or reduce 
an accreditation, nor do we propose to consider appeals from third-
party auditors/certification bodies to such actions by recognized 
accreditation bodies. We have considered the language of section 808 of 
the FD&C Act and tentatively concluded that it does not require us to 
review such decisions. We believe our proposal is appropriate and 
consistent with international standards that identify these as matters 
between the recognized accreditation body and the third-party auditor/
certification body affected by the decision. Comments suggesting 
alternatives should provide the following: (1) A detailed legal 
rationale for us to review and decide on a challenge to an 
accreditation decision of a recognized accreditation body, including 
the authority to compel a recognized accreditation body to grant an 
accreditation and to conduct the ongoing monitoring of the auditor/
certification body required under this FDA program; (2) a description 
of the procedures FDA should follow, including whether to compile an 
administrative record based on documents from the accreditation body 
and the third-party auditor/certification body, whether to accept new 
evidence or conduct its own investigation, and whether to conduct a 
public hearing; and (3) a prioritization of FDA's program activities as 
between, for example, monitoring the performance of accredited 
auditors/certification bodies under section 808(f) of the FD&C Act and 
determining whether a recognized accreditation body correctly denied an 
application for accreditation.
    b. How must a recognized accreditation body monitor the performance 
of auditors/certification bodies it accredits? (Proposed Sec.  1.621). 
This proposed rule describes the type and frequency of monitoring a 
recognized accreditation body would have to perform for third-party 
auditors/certification bodies it accredits under our program.
    Proposed Sec.  1.621 requires a recognized accreditation body to 
annually evaluate each of its accredited auditors/certification bodies 
to determine whether it is complying with the applicable provisions of 
this rule. For each such auditor/certification body, the accreditation 
body must review its self-assessments (including information on 
compliance with the conflict of interest requirements under Sec.  
1.657); its regulatory audit reports and notifications to FDA (and 
supporting documents for each), and any other information reasonably 
available to the accreditation body regarding the compliance history of 
eligible entities the accredited auditor/certification body certified 
or that would otherwise be relevant in determining its compliance with 
this rule.
    The monitoring requirements we propose are consistent with section 
808(f)(2) of the FD&C Act, which requires us to evaluate each 
accredited auditor/certification body by reviewing its regulatory audit 
reports and the compliance history (as available) of eligible entities 
it certified, and to take any other necessary measures. We believe 
these elements are equally important for recognized accreditation 
bodies to use when monitoring accredited auditors/certification bodies 
under our program. We believe that the conflict of interest disclosures 
and public health notifications are of such importance to the 
reliability and credibility of the program that recognized 
accreditation bodies should review them as well. To provide flexibility 
to a recognized accreditation body that is aware of additional 
information relevant to its evaluation, and consistent with the last 
clause in section 808(f)(2) of the FD&C Act, we propose to allow the 
accreditation body to rely on other information relevant to its 
evaluation. We note that accreditation bodies need only consider 
information that is ``reasonably available'' to them. We do not expect 
an accreditation body to launch an investigation of each auditor/
certification body it accredited, absent cause; however, we expect that 
accreditation bodies will actively monitor for public information about 
their accredited auditors/certification bodies and will not ignore 
public information about problems associated with one or more of this 
accredited auditors/certification bodies.
    ISO/IEC 17011:2004, clause 7.11.3 (Ref. 18) requires accreditation 
bodies to plan for reassessment and surveillance of each accredited 
auditor/certification body at frequencies between 1 and 5 years, 
depending on the nature of reassessment and surveillance performed. In 
general, clause 7.11.3 requires these monitoring activities to occur 
every 2 years.
    We have tentatively concluded that the assessments under proposed 
Sec.  1.621 should be performed on an annual basis because formal 
reviews at that frequency, throughout the duration of an accreditation, 
will help the accreditation body determine whether the auditor/
certification body continues to meet the applicable program 
requirements and the conditions of its accreditation. Not only will 
these assessments help ensure that accredited auditors/certification 
bodies individually comply with our requirements, but also can be used 
by

[[Page 45800]]

the recognized accreditation body to identify trends and any 
deficiencies in its own performance or program.
    We seek comment on our proposal and on whether the information we 
describe in Sec.  1.621 will provide an appropriate basis for 
recognized accreditation bodies to use in evaluating auditors/
certification bodies they accredited. Should we require recognized 
accreditation bodies to conduct witness audits or visits to the 
headquarters of each auditor/certification body it accredits under the 
program, or a subset thereof? For comments recommending other methods 
of performance assessment, we are interested in information on the 
potential costs and benefits associated with these alternatives.
    c. How must a recognized accreditation body monitor its own 
performance? (Proposed Sec.  1.622). This proposed rule would require 
recognized accreditation bodies conduct self-assessments on an annual 
basis and as required under proposed Sec.  1.664(g) (following FDA 
withdrawal of accreditation of a third-party auditor/certification body 
it accredited).
    Proposed Sec.  1.622(a) requires a recognized accreditation body to 
evaluate the performance of its officers, employees, and other agents; 
compliance with applicable conflict of interest requirements; and any 
other aspects FDA requests, to determine whether the accreditation body 
meets our program requirements. Proposed Sec.  1.622(b) requires a 
recognized accreditation body to observe onsite regulatory audits 
conducted by a statistically significant number of its accredited 
auditors/certification bodies.\29\
---------------------------------------------------------------------------

    \29\ As described in footnote 26, we generally interpret 
statistically significant numbers as those indicating that an 
occurrence was likely the result of a causative factor and not a 
chance result.
---------------------------------------------------------------------------

    Based on these assessments, proposed Sec.  1.622(c) requires 
recognized accreditation bodies implement corrective actions to address 
any area needing improvement that was identified through its self-
assessment. The requirements in proposed Sec.  1.622(a), (b), and (c) 
build on proposed Sec.  1.614, which requires accreditation bodies to 
have quality assurance programs to qualify for recognition.
    Proposed Sec.  1.622(d) requires the accreditation body to prepare 
a written report of the findings of its self-assessment, including: (1) 
A statement disclosing the extent to which the accreditation body, and 
its officers, employees, and other agents, complied with the conflict 
of interest requirements in Sec.  1.624 and other applicable 
requirements; and (2) identifying any corrective actions taken to 
address identified deficiencies. The timelines for a recognized 
accreditation body to submit its self-assessment reports to FDA appear 
in proposed Sec.  1.623(b).
    ISO/IEC 17011: 2004, clause 6.3.1 (Ref. 18) requires accreditation 
bodies to establish procedures for monitoring the performance of its 
personnel. Clauses 5.5 and 5.6 require accreditation bodies to 
establish procedures to identify nonconformities in its operations and 
any opportunities for improvement and to record the results of any 
corrective or preventive actions taken.
    d. What reports and notifications must a recognized accreditation 
body submit to FDA? (Proposed Sec.  1.623). This proposed rule would 
require recognized accreditation bodies to submit to FDA reports of its 
self-assessments and monitoring, as well as notice of matters affecting 
recognition and accreditation status. The reports and notifications 
described in proposed Sec.  1.623 would have to be submitted 
electronically and in English.
    Here and other places in this proposed rule, we suggest that any 
information for FDA be submitted in English. For applications or 
requests to FDA, we also propose to require that any translation or 
interpretation services necessary for us to process the application or 
request be made available by the submitter. We invite comment on our 
proposal to require submissions in English and to require translation 
or interpretation services as necessary. For comments in opposition, we 
seek input on how FDA might address translation and interpretation 
issues in a manner that is not overly burdensome or infeasible for the 
Agency and for submitters. How can FDA mitigate indirect effects on 
others submitting applications or requests? For example, is there a 
limit on the amount of time or resources FDA should spend translating 
and processing an application submitted in a foreign language? Are 
there other factors we should consider in deciding whether to require 
submissions in English and translation and interpretation services 
where necessary?
    Proposed Sec.  1.623(a) requires recognized accreditation bodies to 
submit reports of their annual assessments of accredited auditors/
certification bodies under proposed Sec.  1.621 within 45 days of 
completion of the assessment. The report must include updated lists of 
any audit agents used by such auditors/certification bodies. We believe 
that the results of such assessments will help us evaluate the 
performance of recognized accreditation bodies in reassessing their 
accredited auditors/certification bodies. The results also will help us 
perform our own monitoring of each accredited auditor/certification 
body. For example, having data about trends in performance deficiencies 
that the recognized accreditation body identified in its assessments, 
and the corrective actions that were implemented to address such 
deficiencies, gives us useful information on the accredited auditor/
certification body and offers insight into how the recognized 
accreditation body oversees its accredited auditors/certification 
bodies.
    Proposed Sec.  1.623(b) requires recognized accreditation bodies to 
submit reports of their self-assessments under proposed Sec.  1.622. 
These too will be useful to us in overseeing the recognized 
accreditation bodies. Annual self-assessments would have to be 
submitted within 45 days after completing the self-assessment. In 
establishing this timeframe, we considered the statutory requirement 
that accredited auditors/certification bodies submit reports of 
regulatory audits within 45 days after completing the audit. We 
tentatively concluded that the reports of formal assessments under 
Sec.  1.621 and self-assessments under Sec.  1.622, though different in 
nature from regulatory audits, are similarly important to our ability 
to ensure the rigor and credibility of the accredited third-party 
audits and certification program and thus should be submitted to us 
under a similar deadline.
    Additionally, proposed Sec.  1.623(b) provides that reports from 
self-assessments required by proposed Sec.  1.664(g)(1) (following 
withdrawal of accreditation of a third-party auditor/certification 
body) would have to be submitted to FDA within 2 months after the date 
of withdrawal.
    Proposed Sec.  1.623(c) requires recognized accreditation bodies to 
immediately notify us when they grant accreditation to an auditor/
certification body or when they withdraw, suspend, or reduce the scope 
of an accreditation under our program. Immediate notice is essential so 
that we can take timely action to begin to accept certifications from 
newly accredited auditors/certification bodies and to refuse to accept 
certifications from auditors/certification bodies no longer authorized 
to issue them. For each such notification, an accreditation body must 
provide contact information for the auditor/certification body, the 
name(s) of one or more of its officers, and the scope of accreditation. 
For withdrawal,

[[Page 45801]]

suspension, or reduction in scope, the recognized accreditation body 
must specify the basis for the decision and must update any other 
previously submitted information about the auditor/certification body. 
A recognized accreditation body also must immediately notify us if it 
has determined that an accredited auditor/certification body failed to 
comply with the requirements for issuance of a food or facility 
certification under Sec.  1.653 and must include the basis for the 
determination and update any other information previously submitted 
about the auditor/certification body. Each type of notification must be 
made electronically and in English.
    This information is essential to our oversight and management of 
the accredited third-party audits and certification program and the 
programs that rely on certifications issued by accredited third-party 
auditors/certification bodies. For example, section 808(c)(6)(A)(ii) of 
the FD&C Act requires us to withdraw accreditation from a certification 
body if we determine that the certification body no longer meets the 
requirements for accreditation. Having information on the reason(s) for 
withdrawal, suspension, or reduction in scope of an accreditation will 
help us in determining whether and how to conduct such evaluation. 
(Concerns regarding the performance of an accredited auditor/
certification body are of a different nature than, for example, 
suspension of accreditation for failure to make timely fee payments.) 
Without information on the reason an accreditation was withdrawn, 
suspended, or reduced, we believe we will need to automatically 
consider withdrawal of accreditation whenever an accreditation is 
withdrawn, suspended, or reduced.
    We request comment on our tentative conclusion that our oversight 
of the program will be enhanced by timely notice of accreditations, 
withdrawals, suspensions, and reductions in scope of accreditation by a 
recognized accreditation body, and of violations of proposed Sec.  
1.653.
    In proposed Sec.  1.623(d)(1), we require a recognized 
accreditation body to notify us within 30 days after denying 
accreditation to an auditor/certification body (in whole or in part) 
and including the basis for such denial. Proposed Sec.  1.623(d)(1) is 
based on the requirement in proposed Sec.  1.620(c), which requires 
recognized accreditation bodies to maintain records on any denial of 
accreditation under this program. We are not proposing to prohibit 
accreditation of an auditor/certification body previously denied 
accreditation, if the auditor/certification body is subject to a 
separate, full assessment and found to have adequately addressed the 
problems that led to the denial.
    Proposed Sec.  1.623(d)(2) requires recognized accreditation bodies 
to notify FDA within 30 days after making any significant change that 
would affect the manner in which it complies with the recognition 
requirements in Sec. Sec.  1.610 to 1.625 and include an explanation 
for the purpose of the change. For example, the merger of two 
accreditation bodies, or the contracting out of assessment services at 
an accreditation body that previously employed in-house assessors, 
would be the types of changes that should be notified to us. The intent 
of this proposed requirement is to help ensure that we obtain timely 
notice of any changes that could affect the basis upon which we 
recognized the accreditation body. We are not seeking prior notice, nor 
are we suggesting that we have a role in approving or denying such 
change. We are, however, required by section 808(b)(1)(C) of the FD&C 
Act to revoke recognition of any accreditation body found not to be in 
compliance with section 808 of the FD&C Act. A significant change that 
prevents or undermines the accreditation body's compliance with this 
rule may result in revocation of recognition under proposed Sec.  
1.636.
    e. How must a recognized accreditation body protect against 
conflicts of interest? (Proposed Sec.  1.624). This proposed rule would 
require a recognized accreditation body to take certain steps to 
safeguard against conflicts of interest, including the requirement to 
implement a written conflict of interest program.
    Section 808 of the FD&C Act requires us to establish the accredited 
third-party audits and certification program through, in large part, 
recognition of accreditation bodies to themselves accredit third-party 
auditors/certification bodies. Various stakeholders have expressed 
concern about possible conflicts of interest between the accreditation 
bodies and the third-party auditors/certification bodies seeking to 
participate in the program we implement. We believe that the 
credibility of the program will rest, in part, on whether we establish 
effective measures to protect against conflicts of interest among the 
program participants.
    We considered ISO/IEC 17011:2004 (Ref. 18), which requires that all 
accreditation body personnel and committees that could influence the 
accreditation act objectively and be free from any undue commercial, 
financial, and other pressures that could compromise impartiality.
    We believe that, in keeping with the purpose of section 808 of the 
FD&C Act, recognized accreditation bodies should be held to conflict of 
interest provisions of similar rigor to those placed on accredited 
third-party auditors/certification bodies under section 808(c)(5) of 
the FD&C Act and this proposed rule. Failure to have documented 
safeguards against conflicts of interest between a recognized 
accreditation body and the third-party auditor/certification body 
seeking its accreditation could undermine the system at its foundation 
by introducing the possibility of bias into the system. We believe that 
nothing short of rigorous safeguards will offer the transparency and 
credibility we believe necessary for our oversight of, and consumer 
confidence in, this accredited third-party audits and certification 
program.
    Proposed Sec.  1.624(a)(1) addresses conflicts involving ownership, 
management, or control of, or financial interests in, an auditor/
certification body (including its officers, personnel, or other agents) 
or any affiliate, parent, or subsidiary of the auditor/certification 
body. We believe proposed Sec.  1.624(a)(1) aligns with the requirement 
in section 808(c)(5)(A)(i) of the FD&C Act, which prevents an 
accredited third-party certification body from being owned, managed, or 
controlled by any person that owns or operates an eligible entity to be 
certified by such certification body. It also aligns with the 
requirement, in section 808(c)(5)(B)(i) of the FD&C Act, that an audit 
agent of an accredited third-party certification body not own or 
operate an eligible entity to be audited by such agent.
    Proposed Sec.  1.624(a)(2) prohibits officers, employees, or other 
agents of a recognized accreditation body from accepting any monies, 
gifts, gratuities, or items of value other than the payment of fees for 
accreditation services, reimbursement of direct costs associated with 
accreditation, and onsite meals, of a de minimis value, provided during 
an audit or assessment. We believe this is consistent with the 
requirements in section 808(c)(5)(A)(ii) and (c)(5)(B)(ii) of the FD&C 
Act, which requires an accredited auditor/certification body and its 
audit agents to have procedures to safeguard against financial 
conflicts of interest between any officer, employee, or audit agent and 
any eligible entity to be audited or certified.
    We have tentatively concluded that onsite meals of a de minimis 
nature are not gifts, gratuities, or items of value

[[Page 45802]]

likely to influence the outcome of an audit or assessment, nor do we 
think they are likely to undermine the credibility of the program. 
Onsite meals may help expedite audits and assessments, because the 
accreditation body's assessors would not have to leave the premises for 
meals. We seek comment on whether to define de minimis value according 
to the limits established for U.S. Government employees for accepting 
gifts or gratuities.
    Proposed Sec.  1.624(b) imputes the financial interests of 
immediate family members to an officer, employee, or other agent of a 
recognized accreditation body. This proposed requirement is based on 
the approach we recommended in the 2009 Guidance with respect to 
conflicts of accredited certification bodies (Ref. 5). We believe that 
imposing a similar requirement on the immediate family of the officers, 
employees, or other agents of a recognized accreditation body will help 
to ensure the credibility of the accredited third-party audits and 
certification program at every level.
    Proposed Sec.  1.624(c) requires transparency in the payment of 
fees or reimbursement of direct costs by an accredited auditor/
certification body to a recognized accreditation body. We have 
considered the types of disclosures that are necessary to help ensure 
the credibility of the program (and are consistent with existing 
disclosure laws). We recognize the amount or manner of payment by a 
third-party auditor/certification body for accreditation services may 
give rise to questions about whether the payment might affect the 
outcome of the accreditation process. Where, for example, a third-party 
auditor/certification body makes multiple payments to an accreditation 
body or makes payments under a different schedule than the 
accreditation body's usual practice, this may spur questions about 
whether those payments are linked to a favorable outcome for the third-
party auditor/certification body.
    We have tentatively concluded that, to maintain confidence in the 
program through transparency, recognized accreditation bodies disclose 
the timing of payments and reimbursement they receive from auditors/
certification bodies, to the extent that such disclosures are 
consistent with existing law. While we do not believe that information 
on timing of payment of fees would be protected from disclosure under 
existing disclosure laws, we seek comment on this matter.
    Proposed Sec.  1.624(c) also requires recognized accreditation 
bodies to maintain on their Web sites an up-to-date list of each 
auditor/certification body accredited under this program, including the 
scope and duration of such each accreditation and date(s) on which the 
auditor/certification body paid any fee or reimbursement associated 
with such accreditation. Information on the timing of payments to 
recognized accreditation bodies for accreditation services is useful 
because it allows for analysis of such data in the aggregate. Unusual 
patterns in payments by one or more auditors/certification bodies may 
trigger a closer evaluation by us to determine whether the independence 
and objectivity of the recognized accreditation body may have been 
compromised by such payments. Requiring the recognized accreditation 
body to make information on the timing of payments available on its Web 
site creates transparency, thereby lending to the credibility of the 
program.
    We seek comment on the tentative conclusions identified here, 
namely that we should require recognized accreditation bodies to: (1) 
Have a written program to safeguard against conflicts of interest; (2) 
include the interest of any affiliate, parent, or subsidiary of a 
third-party auditor/certification body within the scope of interests 
covered by the accreditation body's conflict of interest program; (3) 
impute the interests of immediate family members of an officer, 
employee, or other agent to such officer, employee, or other agent; and 
(4) maintain on its Web site a list of its accredited auditors/
certification bodies, including duration and scope of each such 
accreditation, and information about the timing of payments by each 
such auditor/certification body. For interested parties recommending 
alternative approaches regarding public disclosure of payments, we 
request that such comments be accompanied by any examples or other 
information to describe or support the recommended approaches.
    We also seek comment on whether there are conflicts other than 
financial interests of recognized accreditation bodies that should be 
addressed in these regulations. For any comment recommending that we 
address other types of conflicts, we are seeking recommended measures 
to address such conflicts, any documents or references that are 
available to support the recommendation, and input on whether similar 
measures should apply to accredited auditors/certification bodies under 
this program.
    f. What records requirements must a recognized accreditation body 
meet? (Proposed Sec.  1.625). This proposed rule identifies specific 
types of documents a recognized accreditation body would be required to 
establish, control, and maintain to document compliance with applicable 
requirements. The recognized accreditation body also would be required 
to provide FDA access to such records.
    The records required by proposed Sec.  1.625 include documents and 
data relating to the following: (1) Applications for accreditation and 
for renewal; (2) decisions to grant, deny, or suspend accreditation, or 
to reduce the scope of an accreditation; (3) challenges to adverse 
accreditation decisions; (4) monitoring of accredited auditors/
certification bodies; (5) the accreditation body's self-assessments and 
corrective actions (which includes information on compliance with 
conflict of interest requirements under proposed Sec.  1.624); (6) 
significant changes to the accreditation program that might affect 
compliance with this rule; (7) regulatory audit reports and supporting 
information from its accredited auditors/certification bodies; and (8) 
any other reports or notifications submitted under Sec.  1.623. 
Proposed Sec.  1.625 requires such records to be maintained, 
electronically and in English, for a period of 5 years. Requiring 
recognized accreditation bodies to maintain records in English is 
necessary to allow FDA to conduct timely and rigorous oversight of the 
accreditation bodies the Agency recognizes. We believe these are the 
types of records that accreditation bodies currently maintain and that 
such records are routinely maintained by accreditation bodies for a 
minimum of 5 years. In addition, by requiring recognized accreditation 
bodies to maintain their records for at least 5 years, it will help us 
ensure that we have an adequate basis for monitoring its performance 
and determining whether to renew recognition, which may be granted for 
a period of up to 5 years.
    Proposed Sec.  1.625(b) requires a recognized accreditation body to 
make such records available to us for inspection and copying upon the 
written request of an authorized FDA representative or, if requested by 
us electronically, to submit them electronically, in English, no later 
than 10 business days after the date of the request. Proposed Sec.  
1.625(c) prohibits a recognized accreditation body from preventing or 
interfering with our access to its accredited auditors/certification 
bodies and the records of the auditors/certification bodies.
    We have tentatively concluded that the records identified and the 
records

[[Page 45803]]

maintenance and access requirements in proposed Sec.  1.625 are 
necessary for us to adequately monitor recognized accreditation bodies, 
as directed by section 808(f) of the FD&C Act. We understand that 
accreditation bodies frequently include confidentiality provisions in 
standard contracts with third-party auditors/certification bodies. Many 
of those contract provisions may, in the past, have prevented 
disclosure of these records to us. If so, the requirements of proposed 
Sec.  1.625, would require revisions to such contracts (and perhaps 
other documents) establishing and limiting the scope of an 
accreditation body's authority to grant us records access. We believe 
that such access is necessary for us to conduct the monitoring required 
by section 808(f) of the FD&C Act and to otherwise exercise adequate 
oversight of the accredited third-party audits and certification 
program. We seek comment on this tentative conclusion and on the 
specific requirements we propose in this section.
4. Procedures for Recognition of Accreditation Bodies

          Table 4--Proposed Procedures for Accreditation Bodies
------------------------------------------------------------------------
 Proposed rule section                        Title
------------------------------------------------------------------------
1.630..................  How do I apply to FDA for recognition or
                          renewal of recognition?
1.631..................  How will FDA review applications for
                          recognition and for renewal of recognition?
1.632..................  What is the duration of recognition?
1.633..................  How will FDA monitor recognized accreditation
                          bodies?
1.634..................  When will FDA revoke recognition?
1.635..................  How do I voluntarily relinquish recognition?
1.636..................  How do I request reinstatement of recognition?
------------------------------------------------------------------------

    a. How do I apply to FDA for recognition or renewal of recognition? 
(Proposed Sec.  1.630). This proposed rule would establish procedures 
for accreditation bodies to follow when applying to FDA for recognition 
or for renewal of recognition. Under proposed Sec.  1.630(a) (initial 
application) and Sec.  1.630(b) (renewal), the applicant must 
demonstrate that it meets the eligibility requirements for recognition 
in proposed Sec.  1.610. Applications for recognition and for renewal 
are subject to the same requirements for the form and manner of 
submission under proposed Sec.  1.630(c) and (d). The accreditation 
body must submit a signed application, accompanied by any supporting 
documents, electronically and in English. We also propose to require an 
applicant to provide any translation or interpretation services we need 
to process the application. This may include providing translators or 
interpreters for FDA staff conducting onsite audits or assessments of 
the applicant.
    We tentatively conclude that the application procedures in proposed 
Sec.  1.630 are reasonable requirements for accreditation bodies to 
meet. We believe that an accreditation body having the competency and 
capacity to qualify for recognition under the criteria in proposed 
Sec.  1.610 would be similarly capable of meeting the application 
requirements in proposed Sec.  1.630. Requirements for electronic, 
English language communications are necessary for us to make well-
informed and timely decisions on applications and to conduct 
appropriate oversight of accreditation bodies, once recognized. We seek 
comment on these conclusions and the proposed requirements of Sec.  
1.630.
    b. How will FDA review applications for recognition and for renewal 
of recognition? (Proposed Sec.  1.631). This proposed rule would 
establish the procedures we will follow in reviewing and deciding on 
applications for recognition and for renewal of recognition. Under 
proposed Sec.  1.631(a), we will create an application queue, organized 
by the date on which each such application submission is complete. In 
the interest of fairness, we are proposing to order the queue on a 
first in, first out basis. We will inform applicants of deficiencies in 
application documentation. To encourage applicants to supply any 
missing information promptly, we will not place an application in the 
queue until it is complete. Allowing incomplete applications in the 
queue might block applications that are ready for review, but were 
submitted later in time.
    We will inform an applicant once its application has been placed in 
the queue. We will review each recognition or renewal application to 
determine whether the applicant meets the eligibility requirements of 
proposed Sec.  1.630(a) and (b). We anticipate that initial 
applications for recognition will require lengthier review times than 
renewal applications will. We will communicate anticipated processing 
periods to applicants. We are not, however, proposing to include 
specific timeframes for review, for the following reasons: (1) It is 
difficult to project the amount of resources that will be available for 
application review, as the program is authorized to be funded by user 
fees under section 808(c)(8) of the FD&C Act; and (2) we expect to 
become more efficient in processing applications as we gain experience 
but currently lack data to reasonably estimate the effect of efficiency 
gains on review times.
    Proposed Sec.  1.631(b), (c), and (d) describe the basis on which 
we will decide whether to approve a recognition or renewal application 
and explains that we will notify the applicant of our decision in 
writing. We may send the notice electronically.
    If we approve an application, the notice will include any 
conditions we may impose on the recognition. (For example, we may 
adjust the date that an accreditation body's annual self-assessment 
would be due, if the anniversary date of its recognition would 
otherwise require the self-assessment to be submitted on a weekend.) If 
we deny a recognition or renewal application, we will explain the 
reason for our denial and will give the address and procedures for 
requesting that we reconsider.
    Proposed Sec.  1.631(e) applies only to applications for renewal of 
recognition and allows us to extend the length of an existing 
recognition to complete our review of the renewal application. We can 
extend the recognition until a specific date or may extend the 
recognition for as long as necessary for us to decide on the 
application.
    c. What is the duration of recognition? (Proposed Sec.  1.632). 
This proposed rule would allow us to grant recognition to an 
accreditation body for up to 5 years, though we will determine the 
length of recognition on a case-by-case basis.
    In deciding that 5 years is the maximum appropriate length of 
recognition, we considered approaches

[[Page 45804]]

taken in other government programs. Another DHHS operating division, 
the Substance Abuse and Mental Health Services Administration (SAMHSA), 
approves accreditation bodies to accredit programs that use opioid 
agonist treatment medications. SAMHSA may approve an accreditation body 
for a period not to exceed 5 years (42 CFR 8.3). Under the FDA 
mammography program, we may approve accreditation bodies for terms of 
up to 7 years (21 CFR 900.3(g)).
    We are proposing to recognize accreditation bodies for a period of 
up to 5 years, based in part on these examples. We do not expect to 
grant every recognition at the maximum duration. We believe that 
shorter terms of recognition may be appropriate in the early years of 
the program or for accreditation bodies with fewer years of experience 
accrediting auditors/certification bodies for food safety auditing and 
certification. As we gain experience with the program, we may revisit 
this matter.
    We seek comment on proposed Sec.  1.632 and the factors we 
considered in developing it. We do not claim to have compiled an 
exhaustive list of government programs for approving accreditation 
bodies and are interested in comments offering other examples that are 
relevant to the type of program we are establishing. To the extent that 
an alternative term of recognition is suggested, we seek any 
information that can be provided in support of such alternative.
    d. How will FDA monitor recognized accreditation bodies? (Proposed 
Sec.  1.633). This proposed rule would establish the frequency and 
manner for our formal evaluations of recognized accreditation bodies. 
Proposed Sec.  1.633 builds on the self-assessment requirements of 
proposed Sec.  1.622, which are submitted to us under proposed Sec.  
1.623. Section 808(f)(1) of the FD&C Act requires us to reevaluate a 
recognized accreditation body at least once every 4 years to determine 
its compliance with applicable FDA requirements.
    Proposed Sec.  1.633(a) describes the timeframes in which we will 
conduct reevaluations: At least 4 years after the date of accreditation 
for an accreditation body recognized for a 5-year term, and the mid-
term point for recognitions granted for less than 5 years. These 
represent the maximum times that may elapse before we conduct a formal 
reevaluation of a recognized accreditation body. We lack data to set a 
more definitive schedule for reevaluations but may be able to do so as 
we gain experience under the program. Proposed Sec.  1.633(a) explains 
that we may perform additional performance evaluations of recognized 
accreditation bodies at any time.
    Proposed Sec.  1.633(b) describes the types of information we may 
gather as part of a performance evaluation. Section 808(f)(3) of the 
FD&C Act gives us authority to conduct onsite audits of eligible 
entities that have been issued certification by an accredited auditor/
certification body at any time, with or without the accredited auditor/
certification body present, and section 808(f)(4) gives us authority to 
take any other measures we deem necessary. Proposed Sec.  1.633(b) 
explains that we may conduct onsite audits of eligible entities 
certified by the accreditation body's accredited auditors/certification 
bodies, as indicators of the effectiveness of the recognized 
accreditation body's performance, including its assessments and 
decisionmaking. These assessments and audits may be conducted at any 
time, with or without the accredited auditor/certification body 
present. We believe it is necessary for us to have the option to 
conduct onsite audits of certified eligible entities outside the 
presence of a recognized accreditation body with an interest in the 
outcome of FDA's evaluation. Therefore, proposed Sec.  1.633(b) allows 
us to conduct onsite assessments of accredited auditors/certification 
bodies at any time, with or without the recognized accreditation body 
present. We believe that such spot checks are useful in testing the 
program and ensuring compliance, which is the purpose of section 808(f) 
of the FD&C Act.
    e. When will FDA revoke recognition? (Proposed Sec.  1.634). This 
proposed rule would establish the criteria and procedures for 
revocation of recognition of an accreditation body. It also describes 
the effects (if any) of revocation on accreditations and certifications 
occurring prior to the revocation. Section 808(b)(1)(C) of the FD&C Act 
requires us to revoke the recognition of an accreditation body for 
failure to comply with section 808 of the FD&C Act and the implementing 
regulations in this subpart.
    Proposed Sec.  1.634 describes several circumstances that we 
believe each warrant revocation of recognition:
    Under proposed Sec.  1.634(a)(1), we will revoke recognition of any 
accreditation body that refuses to grant us access to records or to 
conduct audits, assessments, or investigations necessary to ensure the 
recognized accreditation body's continued compliance. Denial of access 
to perform our oversight functions would prevent us from meeting our 
statutory responsibilities for monitoring recognized accreditation 
bodies under section 808(f)(1) of the FD&C Act.
    We will revoke recognition under proposed Sec.  1.634(a)(2)(i) for 
failure to take timely and necessary corrective action after we 
withdraw accreditation of one of its accredited auditors/certification 
bodies for unjustifiably certifying a facility or food that was linked 
to an outbreak with a reasonable probability of causing serious adverse 
health consequences or death in humans or animals. When we withdraw the 
accreditation of an auditor/certification body, we believe its 
accreditor should promptly conduct an internal review to identify 
whether any problems in its accreditation program or performance may 
have caused or contributed to the circumstances leading to withdrawal 
and to effectively address any problems found. For example, we expect 
such an accreditation body to review its monitoring program to 
determine whether it should conduct more frequent onsite assessments of 
the auditors/certification bodies it accredited under our program.
    We also will revoke recognition under proposed Sec.  
1.634(a)(2)(ii) for failure to take timely and necessary corrective 
action when the results of the accreditation body's self-assessment or 
the self-assessments or monitoring of one or more of its accredited 
auditors/certification bodies identify a significant problem with the 
accreditation body's performance. This provision focuses on significant 
problems the accreditation body knew or should have known it needed to 
address through prompt and effective corrective actions. For example, 
we believe it appropriate to revoke the recognition of an accreditation 
body that ignores obvious, significant problems in its performance yet 
chooses to take no corrective action to address the problems.
    In addition, we will revoke recognition under proposed Sec.  
1.634(a)(2)(iii) when a recognized accreditation body fails to promptly 
implement corrective actions we direct to bring the accreditation body 
into compliance. This provision is based on the requirement of section 
808(b)(1)(C) of the FD&C Act to promptly revoke the recognition of an 
accreditation body found not to be in compliance with section 808 of 
the FD&C Act.
    Proposed Sec.  1.634(a)(3) allows us to revoke recognition when we 
determine that a recognized accreditation body has committed fraud or 
submitted material false statements to us. Fraud and falsehood 
undermine the credibility of the program and our ability to rely on

[[Page 45805]]

the certifications issued by auditors/certification bodies it 
accredited.
    Proposed Sec.  1.634(a)(4) describes circumstances that we believe 
warrant revocation but do not fit into the categories in proposed Sec.  
1.634(a)(1), (a)(2), and (a)(3), such as a lack of objectivity 
(demonstrated bias) in its activities or failure to adequately support 
one or more of its accreditation decisions. There may be unforeseen 
circumstances that we determine provide good cause for revocation of 
recognition for failure to comply with applicable requirements. 
Proposed Sec.  1.634(a)(4) gives accreditation bodies notice of our 
intention to revoke recognition where we find good cause.
    Proposed Sec.  1.634(b) specifies that we may request records from 
the accreditation body or one or more of its accredited auditors/
certification bodies to assist us in deciding whether to revoke 
recognition.
    Proposed Sec.  1.634(c)(1) establishes the procedures for us to 
notify the accreditation body of revocation of recognition and its 
opportunity to challenge the revocation in an informal hearing 
conducted under part 16 of our regulations. Part 16 hearings are used 
for, among other things, approval, reapproval, or withdrawal of 
approval of mammography accreditation bodies under 21 CFR 900.7. We 
believe part 16 hearings provide adequate process for accreditation 
bodies subject to revocation of recognition under this proposed rule. 
The notice of revocation also will identify the procedures for 
requesting reinstatement of recognition under proposed Sec.  
1.634(c)(1). Regardless of whether the accreditation body challenges 
its revocation or seeks reinstatement, under proposed Sec.  
1.634(c)(2), it must notify us of the location where the records 
required by proposed Sec.  1.625 will be maintained.
    Proposed Sec.  1.634(d) addresses the possible effects of 
revocation of recognition on an auditor/certification body accredited 
prior to the revocation. Under proposed Sec.  1.634(d)(1), FDA would 
notify any auditor/certification body accredited by an accreditation 
body whose recognition was revoked. The auditor's/certification body's 
accreditation will remain in effect provided that it conducts a self-
assessment under proposed Sec.  1.655 and reports its results to FDA 
within 2 months of the revocation under proposed Sec.  1.656(b). We 
believe the accredited auditor/certification body that complies with 
these requirements should not face adverse consequences when its 
accreditation body fails to meet its obligations as a recognized 
accreditation body. Requiring the accredited auditor/certification body 
to verify that it is in compliance with the applicable requirements 
through self-assessment and reporting would help provide confidence 
that the auditor's/certification body's program is under control during 
the time it is transitioning from one accreditation body to another. 
The auditor/certification body would have 1 year after the revocation 
of its accreditation body's recognition to become reaccredited, under 
proposed Sec.  1.634(d)(1)(ii). We believe this gives the auditor/
certification body sufficient time to find a new recognized 
accreditation body and to go through its accreditation process, but 
would not allow a prolonged period of auditing and certification 
activity without the immediate oversight of an accrediting body. 
Proposed Sec.  1.634(d)(2) explains that FDA may withdraw accreditation 
of an auditor/certification body whenever FDA finds good cause under 
proposed Sec.  1.664. Where an accredited auditor/certification body 
fails to comply with the requirements of proposed Sec.  1.634(d)(1)(i) 
or (d)(1)(ii), we may withdraw the accreditation for cause under 
proposed Sec.  1.664. Our decision to withdraw accreditation will be 
based on the circumstances associated with the auditor/certification 
body. Revocation of the recognition of its accrediting body does not, 
by itself, provide cause for withdrawal of the accreditation of an 
auditor/certification body that is in compliance with this rule. If 
evidence from a revocation proceeding reveals problems with the 
auditor/certification body, then we may pursue withdrawal of 
accreditation under proposed Sec.  1.664 based on evidence associated 
with the auditor/certification body--not because of the revocation of 
recognition of its accrediting body.
    Under proposed Sec.  1.634(e), certifications issued by an auditor/
certification accredited by an accreditation body whose recognition is 
subsequently revoked will remain in effect until the certifications 
terminate by expiration. We believe that eligible entities should not 
face adverse consequences solely because of the failure of an 
accreditation body selected by its auditor/certification body. However, 
we retain the authority, under section 801(q) of the FD&C Act, to 
refuse to accept a food certification, offered for admissibility 
purposes, if we reasonably believe the certification is not valid or 
reliable. Revocation of the recognition of its accrediting body does 
not, by itself, provide the basis for refusing a certification under 
section 801(q) of the FD&C Act. We will look to circumstances bearing 
on the issuance of a food certification to an eligible entity and 
submission by an accredited auditor/certification body in determining 
its validity or reliability. For example, if an investigation of fraud 
by an accreditation body also reveals evidence of fraud by the eligible 
entity or by the auditor/certification body, we may determine that the 
food certification is not valid or reliable.
    Proposed Sec.  1.634(f) explains that we will provide notice on our 
public Web site when we revoke the recognition of an accreditation 
body. We believe that public notice of matters such as revocation are 
necessary to help ensure the credibility of the program.
    We solicit comment on our tentative conclusions regarding possible 
grounds for revocation, particularly revocation for cause. We seek 
examples that commenters believe do or do not represent good cause for 
revocation. We also solicit input on our proposal to use the informal 
hearing procedures set out in part 16 for challenges to a revocation 
decision.
    f. How do I voluntarily relinquish recognition? (Proposed Sec.  
1.635). This proposed rule would offer an accreditation body a 
mechanism for voluntarily relinquishing its recognition before it 
terminates by expiration. Relinquishment on the initiative of the 
accreditation body is distinct from FDA revocation of recognition for 
good cause.
    Proposed Sec.  1.635 describes the procedures that an accreditation 
body must follow when it intends to relinquish its recognition. Current 
mammography regulations in 21 CFR 900.3 offer accreditation bodies the 
opportunity to voluntarily relinquish their authority to grant 
accreditation. We believe that accreditation bodies operating under our 
accredited third-party audits and certification program should likewise 
have the option to voluntarily relinquish their recognition. We are 
proposing certain procedural requirements--similar to those in the 
mammography regulations--that accreditation bodies must follow in 
relinquishing recognition. We believe these procedures are necessary to 
ensure an orderly transition for auditors/certification bodies 
accredited by an accreditation body that is relinquishing its 
recognition and for us to make necessary adjustments in the program, 
such as preparing to review self-assessments from any auditor/
certification body accredited by such accreditation body. Proposed 
Sec.  1.635(a) requires accreditation bodies to notify us at least 6 
months before relinquishing recognition. The notifications must be 
submitted electronically and in English.

[[Page 45806]]

It is essential that we have the ability to maintain adequate oversight 
of the program, and particularly accredited auditors/certifications 
bodies that will no longer be under the oversight of a recognized 
accreditation body. Therefore, we are proposing to require an 
accreditation body relinquishing its recognition to identify the 
location where the records required by proposed Sec.  1.625 will be 
maintained.
    The decision to relinquish recognition is made solely by the 
accreditation body, without FDA involvement. Therefore, in 
relinquishing recognition under proposed Sec.  1.635(a), the 
accreditation body would waive its rights to appeal, because there is 
no FDA action to serve as the basis for appeal.
    Proposed Sec.  1.635(b) requires the accreditation body to notify 
any third-party auditor/accreditation body, currently accredited, of 
the date on which it intends to relinquish recognition. An accredited 
auditor/certification body needs timely notice of its accreditation 
body's intent to relinquish recognition so that the auditor/
certification body can begin to seek accreditation from another 
recognized accreditation body.
    Proposed Sec.  1.635(c) explains that an accreditation granted by a 
recognized accreditation body prior to relinquishing its recognition 
will remain in effect until it expires, except where we determine there 
is good cause for withdrawal under proposed Sec.  1.664. In general, we 
believe an accredited auditor/certification body should not face 
adverse consequences from its accreditation body's decision to withdraw 
from our program and upon expiration of its accreditation would apply 
for accreditation from a different accreditation body under proposed 
Sec.  1.660. If however we determine that there are grounds for us to 
withdraw the accreditation of the auditor/certification body, the 
auditor/certification body would have to seek reaccreditation under 
proposed Sec.  1.666.
    Proposed Sec.  1.635(d) explains that an accreditation granted by 
an accreditation body that voluntarily relinquished recognition will 
not affect certifications issued by auditors/certification bodies 
accredited prior to its voluntary relinquishment, except that we may 
refuse to consider such certification in determining the admissibility 
of an article of food under section 801(q) of the FD&C Act if we 
determine the certification is not valid or reliable. Such 
certifications generally will remain in effect until they terminate by 
expiration. In considering the impact of relinquishment of recognition 
on certifications, we were mindful that eligible entities would not 
have input into the accreditation body's decision to relinquish 
recognition and that voluntary relinquishment likely would have no 
bearing on the performance of its accredited auditors/certification 
bodies and the validity or reliability of certifications they issue.
    Proposed Sec.  1.635(e) states that we will provide notice on our 
public Web site of the voluntary relinquishment of recognition by an 
accreditation body. To provide notice to program participants and to 
provide certainty to the markets, we also will post information on the 
status of accreditations and certifications as described under proposed 
Sec.  1.635(c) and (d).
    g. How do I request reinstatement of recognition? (Proposed Sec.  
1.636). This proposed rule describes the procedures that an 
accreditation body would have to follow when seeking reinstatement of 
its recognition. Under proposed Sec.  1.636(a), an accreditation body 
that has had its recognition revoked may seek reinstatement by 
submitting a new application for recognition if it did not seek a 
regulatory hearing on the merits of the revocation of its recognition 
under proposed Sec.  1.634 or if required to do so by a decision 
following a regulatory hearing. Proposed Sec.  1.636(b) requires such 
application to be supported by evidence demonstrating that the grounds 
for revocation have been resolved and are unlikely to recur.
    We believe that a new application would be an appropriate 
requirement for an accreditation body that had been previously shown 
not to be in compliance with the requirements of this rule, and any 
conditions we imposed on its recognition. We seek comment on this 
tentative conclusion and on the requirements we propose in Sec.  1.636 
for reinstatement of recognition.
5. Accreditation of Third-Party Auditors/Certification Bodies
    This proposed rule would establish: (1) The eligibility 
requirements for an auditor/certification body to be authorized 
(``accredited'') by a recognized accreditation body or by FDA (``direct 
accreditation'') under the accredited third-party audits and 
certification program; (2) requirements for accredited auditors/
certification bodies, including auditing, reporting, certification, and 
assessments; and (3) procedures FDA and third-party auditors/
certification bodies will follow under the program.

  Table 5--Proposed Requirements for Third-Party Auditors/Certification
                                 Bodies
------------------------------------------------------------------------
 Proposed rule section                        Title
------------------------------------------------------------------------
  Accreditation of third-party auditors/certification bodies under this
                                 subpart
------------------------------------------------------------------------
1.640..................  Who is eligible to seek accreditation?
1.641..................  What legal authority must a third-party auditor/
                          certification body have to qualify for
                          accreditation?
1.642..................  What competency and capacity must a third-party
                          auditor/certification body have to qualify for
                          accreditation?
1.643..................  What protections against conflict of interest
                          must a third-party auditor/certification body
                          have to qualify for accreditation?
1.644..................  What quality assurance procedures must a third-
                          party auditor/certification body have to
                          qualify for accreditation?
1.645..................  What records procedures must a third-party
                          auditor/certification body have to qualify for
                          accreditation?
------------------------------------------------------------------------
  Requirements for accredited auditors/certification bodies under this
                                 subpart
------------------------------------------------------------------------
1.650..................  How must an accredited auditor/certification
                          body ensure its audit agents are competent and
                          objective?
1.651..................  How must an accredited auditor/certification
                          body conduct a food safety audit of an
                          eligible entity?
1.652..................  What must an accredited auditor/certification
                          body include in food safety audit reports?
1.653..................  What must an accredited auditor/certification
                          body do when issuing food or facility
                          certification?
1.654..................  When must an accredited auditor/certification
                          body monitor an eligible entity with food or
                          facility certification?
1.655..................  How must an accredited auditor/certification
                          body monitor its own performance?
1.656..................  What reports and notifications must an
                          accredited auditor/certification body submit?
1.657..................  How must an accredited auditor/certification
                          body protect against conflicts of interest?

[[Page 45807]]

 
1.658..................  What records requirements must an accredited
                          auditor/certification body meet?
------------------------------------------------------------------------
   Procedures for accreditation of third-party auditors/certification
                        bodies under this subpart
------------------------------------------------------------------------
1.660..................  Where do I apply for accreditation or renewal
                          of accreditation from a recognized
                          accreditation body?
1.661..................  What is the duration of accreditation?
1.662..................  How will FDA monitor accredited auditors/
                          certification bodies?
1.663..................  How do I request an FDA waiver or waiver
                          extension for the 13-month limit for audit
                          agents conducting regulatory audits?
1.664..................  When can FDA withdraw accreditation?
1.665..................  How do I voluntarily relinquish accreditation?
1.666..................  How do I request reaccreditation?
------------------------------------------------------------------------
 Additional procedures for direct accreditation of third-party auditors/
                 certification bodies under this subpart
------------------------------------------------------------------------
1.670..................  How do I apply to FDA for direct accreditation
                          or renewal of direct accreditation?
1.671..................  How will FDA review applications for direct
                          accreditation and for renewal of direct
                          accreditation?
1.672..................  What is the duration of direct accreditation?
------------------------------------------------------------------------

    Section 808 of the FD&C Act directs us to establish a voluntary 
program for accreditation of third-party auditors/certification bodies 
to conduct food safety audits and to issue certifications to eligible 
foreign entities. Sections 808(b)(2) and (c)(5)(C) of the FD&C Act 
require us to issue model accreditation standards to qualify third-
party auditors/certification bodies as accredited auditors/
certification bodies and to issue implementing regulations for the 
program.
    The statute requires accredited auditors/certification bodies to: 
(1) Issue a written (and, as appropriate, electronic) food or facility 
certification after conducting a regulatory audit and such other 
activities necessary to determine compliance with the FD&C Act; (2) 
submit regulatory audit reports within 45 days; (3) complete reports of 
consultative audits within 45 days; (4) maintain onsite audit reports 
and other audit documents in its records; (5) immediately notify us of 
a condition that could cause or contribute to a serious risk to the 
public health; (6) prevent an audit agent from conducting a regulatory 
audit of an eligible entity for which the agent conducted a 
consultative or regulatory audit within the preceding 13 months, unless 
waived by FDA; and (7) comply with conflict of interest requirements.
    a. Who is eligible for accreditation? (Proposed Sec.  1.640). This 
proposed rule would establish the eligibility requirements for a third-
party auditor/certification body to be qualified for accreditation by a 
recognized accreditation body or for direct accreditation by FDA. Under 
section 808(a)(3) of the FD&C Act, a third-party auditor can be a 
foreign government, an agency of a foreign government, a foreign 
cooperative, or any other third party, as FDA determines appropriate 
according to the Agency model accreditation standards. Section 
808(c)(1)(A) of the FD&C Act requires a foreign government/agency 
seeking accreditation to demonstrate that its food safety programs, 
systems, and standards are capable of adequately ensuring that eligible 
entities or foods it certified meet applicable FDA requirements for 
food manufactured, processed, packed, or held for import into the 
United States. Section 808(c)(1)(B) of the FD&C Act requires a foreign 
cooperative or other third party seeking accreditation to demonstrate 
that each eligible entity it certified has systems and standards in use 
to ensure that the entity or food meets the applicable requirements of 
the FD&C Act. The statute requires us to issue model accreditation 
standards under section 808(b)(2) of the FD&C Act to qualify third-
party auditors/certification bodies for accreditation.\30\
---------------------------------------------------------------------------

    \30\ Section 808(b)(2) of the FD&C Act directs us to include 
requirements for regulatory audit reports in the model accreditation 
standards. Because such reports are prepared by accredited third-
party auditors/certification bodies, we have included requirements 
for regulatory audit reports in the proposed requirements for 
accredited auditors/certification bodies in this subpart.
---------------------------------------------------------------------------

    Proposed Sec.  1.640(a) aligns with the definition of third-party 
auditor in section 808(a)(3) of the FD&C Act, describing the types of 
organizations that may be eligible for accreditation under our program: 
Foreign governments and agencies of foreign governments, foreign 
cooperatives, and other third parties. Proposed Sec.  1.640(b) reflects 
the requirements of section 808(b) and (c)(1)(A) of the FD&C Act, 
stating that a foreign government or agency of a foreign government is 
eligible for accreditation if it meets the requirements of Sec. Sec.  
1.641 through 1.645, as specified in FDA model standards on 
qualifications for accreditation, including legal authority, 
competency, capacity, conflicts of interest, quality assurance, and 
records. We believe the scope of the review of a foreign government/
agency's food safety programs, systems, and standards for accreditation 
purposes should focus on the program, systems, and standards relevant 
to the scope of accreditation sought. Under proposed Sec.  1.640(c), a 
foreign cooperative or other third party is eligible for accreditation 
if it can demonstrate that the training and qualifications of its audit 
agents and its internal systems and standards meet the requirements of 
Sec. Sec.  1.641 through 1.645, as explained in FDA model standards on 
qualifications for accreditation, including legal authority, 
competency, capacity, conflicts of interest, quality assurance, and 
records.
    These proposed eligibility requirements build on the language in 
section 808 of the FD&C Act, using the approach we described in our 
2009 guidance on voluntary certification for food and feed (Ref. 5), 
which contained recommendations relating to authority, competency, 
capacity, conflicts of interest, quality assurance, and recordkeeping. 
We also considered the FDA MFRPS (Ref. 12) and draft ICAT (Ref. 14) for 
similar standards that could help assure the maximum degree of 
consistency across domestic and international foods programs. Looking 
externally, we considered the GFSI Guidance version 6 (Ref. 23), which 
requires food safety scheme owners to use third-party auditors/
certification bodies that comply with either ISO/IEC Guide 65:1996 
(Ref. 20) for product

[[Page 45808]]

certification or ISO/IEC 17021:2006 (revised in 2011) (Ref. 19) coupled 
with ISO TS 22003:2007 (Ref. 21) for management systems certification.
    b. What legal authority must a third-party auditor/certification 
body have to qualify for accreditation? (Proposed Sec.  1.641). This 
proposed rule would require third-party auditors/certification bodies 
seeking accreditation to demonstrate that they have sufficient legal 
authority, which may include authority established by contract, to 
adequately audit food facilities and to certify them for compliance 
with food safety requirements, once accredited.
    Proposed Sec.  1.641(a) would allow governmental bodies, with 
auditing and certification authority inherent in their roles as public 
officials, and private bodies, who have authority under contracts with 
food facilities, to qualify for accreditation if they have sufficient 
authority to conduct auditing and certification activities. This 
includes adequate authority to access records; conduct onsite audits; 
and to grant, suspend or withdraw certification. Clause 4.2(d) of ISO/
IEC Guide 65:1996 (Ref. 20) requires auditors/certification bodies to 
be legal entities. Clause 5 of ISO/IEC 22003:2007 (Ref. 21), by cross 
reference to ISO/IEC 17021:2011 (Ref. 19), clause 5, requires auditors/
certification bodies to be legal entities, or defined parts of a legal 
entity that can be held legally responsible for its certification 
activities. Clause 5.1.3 requires auditors/certification bodies to 
retain authority for their certification decisions, including granting, 
maintaining, renewing, extending, reducing, suspending, and withdrawing 
certification.
    Proposed Sec.  1.641(b) would require a third-party auditor/
certification body to demonstrate that it has adequate legal authority 
to meet the requirements for an accredited auditor/certification body 
in proposed Sec. Sec.  1.650 through 1.658, including conducting food 
safety audits using FDA requirements and industry standards and 
practices as audit criteria, preparing audit reports, issuing 
certifications, submitting reports and notification to us, implementing 
procedures to protect against conflicts of interest, maintaining 
records, conducting monitoring when necessary, and following the 
procedural requirements of our program.
    Consistent with our procedures for recognition of accreditation 
bodies, we are not proposing to require a newly accredited auditor/
certification body to wait a certain length of time before beginning to 
conduct foods safety audits and issue certifications under our program. 
Its certification authority goes into effect at the moment of 
accreditation. Therefore, we believe a third-party auditor seeking 
accreditation must demonstrate its capacity to fulfill the roles and 
responsibilities of an accredited auditor/certification body, if 
granted.
    We seek comment on this tentative conclusion and our proposal to 
require third-party auditors/certification bodies to have demonstrable 
evidence to support a conclusion that they would be capable of meeting 
our requirements, if accredited. For comments opposing this 
requirement, we seek comment on what, if any, requirements we should 
put in place to ensure that a third-party auditor/certification body 
seeking accreditation would be equipped, upon accreditation, to perform 
the obligations required under the program.
    c. What competency and capacity must a third-party auditor/
certification body have to qualify for accreditation? (Proposed Sec.  
1.642). This proposed rule would require third-party auditors/
certification bodies seeking accreditation to demonstrate adequate 
resources to fully implement their auditing and certification programs. 
Under proposed Sec.  1.642(a), a third-party auditor/certification body 
must have adequate numbers of personnel and other agents with relevant 
knowledge, skills, and experience to effectively audit for compliance 
with applicable FDA requirements and industry standards and practices 
and to issue valid and reliable certifications. The third-party 
auditor/certification body would have to show it has adequate financial 
resources for its operations. In the model accreditation standards, we 
will explain the types of expertise and training we expect third-party 
auditors/certification bodies to demonstrate. We also will explain the 
types of documentation that might be used to demonstrate financial 
viability.
    Standards associated with auditor competency are critical to 
international standards for certification bodies and are an area of 
focus for GFSI and other stakeholders. Audit agents and other personnel 
that lack the necessary knowledge, skills, and abilities will be unable 
to perform credible audits and may result in flawed certification 
decisions. ISO/IEC 17021:2011 (Ref. 19), clauses 7.2.1 and 7.2.2, 
requires certification bodies to have personnel with sufficient 
competence to manage their audit and certification work and to employ, 
or have access to, sufficient numbers of auditors and technical experts 
to cover the volume and types of its activities.
    Under proposed Sec.  1.642(b), a third-party auditor/certification 
body seeking to qualify for recognition must demonstrate that it has 
the competency and capacity to adequately audit eligible foreign 
entities to determine if they are in compliance with applicable FDA 
requirements and, for consultative audits, industry standards and 
practices. It also must be capable of making certification decisions 
that are valid and reliable, submitting reports and notifications to 
FDA in the manner we propose, and following the procedural requirements 
of our program. As previously explained, a third-party auditor/
certification body will be authorized to begin auditing and 
certification under our program immediately upon accreditation. 
Therefore, it needs to sufficiently demonstrate its ability to meet the 
competency and capacity requirements of an accredited auditor/
certification body in its application for accreditation.
    d. What protections against conflicts of interest must a third-
party auditor/certification body have to qualify for accreditation? 
(Proposed Sec.  1.643). This proposed rule would require third-party 
auditors/certification bodies to have established programs to safeguard 
against conflicts of interest that might compromise their objectivity 
and independence from food facilities they audit and certify. Proposed 
Sec.  1.643(a) would require accreditation bodies seeking recognition 
to have written measures to safeguard against financial conflicts of 
interest between the third-party auditor/certification body (and its 
officers, personnel, and other agents) and food facilities (and owners 
and operators). Without these conflict of interest requirements, we 
believe it would be difficult for a third-party auditor/certification 
body to demonstrate it has adequate independence, as a third party, in 
auditing and certifying food facilities. The model accreditation 
standards will describe appropriate measures to protect against 
conflicts of interest.
    ISO/IEC 17021: 2011 (Ref. 19), clause 4.2.2, recognizes that 
payment for certification services can be a potential threat to 
impartiality. Clause 5.2.2 requires auditors/certification bodies to 
identify, analyze, and document the possibilities for conflicts of 
interest and how it eliminates or minimizes such threats.
    Under proposed Sec.  1.643(b), a third-party auditor/certification 
body seeking accreditation must demonstrate its capability to meet the 
conflict of interest requirements that would apply under Sec.  1.657, 
upon accreditation. This measure is necessary to help ensure that any 
auditing and certification activities conducted after accreditation 
would be

[[Page 45809]]

considered objective and independent under our program.
    e. What quality assurance procedures must a third-party auditor/
certification body have to qualify for accreditation? (Proposed Sec.  
1.644). This proposed rule would require third-party auditors/
certification bodies seeking accreditation to have quality assurance 
procedures in place. Proposed Sec.  1.614(a) requires a third-party 
auditor/certification body seeking accreditation to have a written 
program for monitoring and assessing the performance of its officers, 
personnel, and other agents. The program must include procedures for 
identifying areas for improvement and quickly executing corrective 
actions. The model accreditation standards will describe types of 
quality assurance measures that may be used to qualify for 
accreditation.
    We considered both international and domestic standards in 
developing proposed Sec.  1.644. ISO/IEC Guide 65: 1996 (Ref. 20), 
clause 4.7.1, requires auditors/certification bodies to conduct 
periodic internal audits to verify that their quality systems are 
implemented and effective, to take timely and appropriate corrective 
actions, and to document results. The MFPRS (Ref. 12), which apply 
domestically, also include requirements for quality assurance/internal 
audit programs that involve assessment, corrective action, and 
continuous improvement.
    Proposed Sec.  1.644(b) requires the third-party auditor/
certification body to demonstrate it has the capability to meet the 
quality assurance requirements of Sec.  1.655, for performing annual 
self-assessments against our requirements and reporting the results of 
such self-assessments.
    f. What records procedures must a third-party auditor/certification 
body have to qualify for accreditation? (Proposed Sec.  1.645). This 
proposed rule would require third-party auditors/certification bodies 
seeking accreditation to have written records procedures in place. 
Under proposed Sec.  1.645(a), a third-party auditor/certification body 
would have to demonstrate that it has written procedures for 
establishing, controlling, and retaining records on its auditing and 
certification program and activities. While we are not proposing that a 
third-party auditor/certification body must have retained records for a 
specified period of time prior to its accreditation, we believe it is 
necessary for a third-party auditor/certification body to have 
maintained records for such length of time to allow for its program and 
performance to be adequately assessed in determining whether it is 
qualified for accreditation. The third-party auditor/certification body 
also must maintain records as required by its existing legal 
obligations. The model accreditation standards will explain these 
recordkeeping, document control, and retention requirements.
    In developing proposed Sec.  1.645(a), we considered the records 
requirements in ISO/IEC 17021:2011 (Ref. 19), clause 9.9.1, which 
requires auditors/certification bodies to maintain records on audits 
and other certification activities for all clients, including all 
organizations submitting applications and all organizations audited, 
certified, or with suspended or withdrawn certifications. Clause 9.9.4 
requires auditors/certification bodies to have documented records 
policies and procedures for retaining records for the current cycle and 
an additional certification cycle, noting that records may need to be 
retained for a longer period, where required by law.
    Proposed Sec.  1.645(b) would require a third-party auditor/
certification body seeking accreditation to demonstrate its capability 
to meet the requirements of an accredited auditor/certification body, 
if accredited. This would include, for example, capacity for 
maintaining records for 4 years, which is the maximum length for which 
accreditation could be granted. It also requires accredited auditors/
certification bodies to give us routine access to records of regulatory 
audits and, for consultative audits, access to records in specific 
circumstances. We realize that existing third-party auditors/
certification bodies might need to modify the confidentiality 
provisions in their standard contracts with food facilities. Third-
party auditors/certification bodies applying for accreditation under 
this voluntary program must demonstrate their capacity to grant us 
access to relevant records, upon accreditation, because records are 
necessary to ensure the rigor, credibility, and independence of the 
accredited third-party audits and certification program.
6. Requirements for Accredited Auditors/Certification Bodies

  Table 6--Proposed Requirements for Third-Party Auditors/Certification
     Bodies Accredited by Recognized Accreditation Bodies or by FDA
------------------------------------------------------------------------
 Proposed rule section                        Title
------------------------------------------------------------------------
1.650..................  How must an accredited auditor/certification
                          body ensure its audit agents are competent and
                          objective?
1.651..................  How must an accredited auditor/certification
                          body conduct a food safety audit of an
                          eligible entity?
1.652..................  What must an accredited auditor/certification
                          body include in food safety audit reports?
1.653..................  What must an accredited auditor/certification
                          body do when issuing food or facility
                          certifications?
1.654..................  When must an accredited auditor/certification
                          body monitor an eligible entity with food or
                          facility certification?
1.655..................  How must an accredited auditor/certification
                          body monitor its own performance?
1.656..................  What reports and notifications must an
                          accredited auditor/certification body submit?
1.657..................  How must an accredited auditor/certification
                          body protect against conflicts of interest?
1.658..................  What records requirements must an accredited
                          auditor/certification body meet?
------------------------------------------------------------------------

    a. How must an accredited auditor/certification body ensure its 
audit agents are competent and objective? (Proposed Sec.  1.650). This 
proposed rule would require an accredited auditor/certification body to 
ensure that any audit agents it uses are competent and objective. 
(Where an accredited auditor/certification body is an individual, the 
determination of whether such auditor/certification body is competent 
and objective will be made as part of the accreditation decision.)
    Proposed Sec.  1.650(a)(1) and (a)(2) require an accredited 
auditor/certification body to use audit agents that have knowledge and 
experience to conduct food safety audits within the scope of its 
accreditation. We believe that competency and independence cannot be 
demonstrated solely by records or by an interview. We have tentatively 
concluded that a determination of competency must be based in part on 
observations of the audit agent conducting food safety audits that use 
the requirements of the

[[Page 45810]]

FD&C Act as the standard against which eligible entities are audited.
    We recognize that many audit agents currently are being assessed 
for their performance in conducting audits under private food safety 
schemes. However, section 808(a)(7) of the FD&C Act clearly states that 
regulatory audits performed under this system must assess firms for 
compliance with the FD&C Act and the results of such audits are to be 
used to determine whether certification may be issued. Even 
consultative audits for internal purposes must include assessments of 
compliance with the FD&C Act, although they also include audits on 
industry standards and practices. For these reasons, we are proposing 
to require that audit agents be qualified through observation of audits 
assessing compliance with the FD&C Act.
    ISO/IEC Guide 65:1996 (Ref. 20), clauses 5.1.1 and 5.2.1, require 
auditors/certification bodies to establish minimum criteria for 
competence to ensure that personnel are competent for the functions 
they perform and that auditors'/certification bodies' evaluations and 
certifications are carried out effectively and uniformly. ISO/IEC 
17021:2011 (Ref. 19), clause 7.1.3, requires auditors/certification 
bodies to have documented processes for initial competency evaluations 
and ongoing monitoring of personnel performance and competency. Clauses 
7.2.11 and 7.2.12 state that the documented monitoring procedures for 
auditors/certification bodies must include onsite observation at a 
frequency based on need determined from all monitoring information 
available (e.g., review of audit reports and client feedback).
    Proposed Sec.  1.650(a)(3) requires audit agents to participate in 
annual food safety training. ISO/IEC 17021:2011 (Ref. 19), clause 
7.2.8, requires auditors/certification bodies to identify training 
needs and to offer or provide access to specific training to ensure 
competency of its auditors, technical experts, and personnel. The FDA 
MFRPS (Ref. 12), Standard Two, requires each State inspector to receive 
36 contact hours of classroom training and participate in at least two 
joint or audit inspections with a qualified trainer, every 3 years.
    Proposed Sec.  1.650(a)(4) requires the accredited auditor/
certification body to ensure that its audit agents have no conflicts of 
interest with the eligible entity to be audited and is in compliance 
with the conflicts of interest requirements of Sec.  1.657. Section 
808(c)(5)(B) of the FD&C Act prohibits audit agents from owning or 
operating an eligible entity to be audited by such agent. Accredited 
certification bodies also are required to have procedures to ensure 
against using any of its officers or employees that has a financial 
conflict of interest regarding an eligible entity to be certified by 
the certification body under section 808(c)(5)(A) of the FD&C Act. We 
believe that proposed paragraph (a)(4) is an appropriate way to 
implement these requirements.
    The language in proposed Sec.  1.650(a)(4) also is consistent with 
existing international standards, including ISO/IEC Guide 65:1996 (Ref. 
20), clause 5.2.2, which requires personnel to agree to comply with the 
auditor's/certification body's conflict of interest rules and to 
declare any prior or present association with a supplier or designer of 
products they are to be assigned to audit or certify. ISO/IEC 
17021:2011 (Ref. 19), clause 5.2.12, states that certification body 
personnel who could influence certification activities must act 
impartially and must not allow commercial, financial, or other 
pressures to compromise impartiality.
    Proposed Sec.  1.650(a)(5) requires audit agents to agree to notify 
their certification bodies immediately upon discovering, during a food 
safety audit, any condition that could cause or contribute to a serious 
risk to the public health, cross-referencing proposed Sec.  1.656(c), 
which requires the accredited auditor/certification body to immediately 
notify FDA of such condition. Proposed Sec.  1.650(a)(5) reflects the 
language of section 808(c)(4)(A) and (c)(4)(B) of the FD&C Act, which 
require notification based on conditions found during an audit and 
identifies ``audits'' as both consultative and regulatory audits. To 
ensure that roles and responsibilities of the audit agent and 
accredited auditor/certification body are clearly delineated, proposed 
Sec.  1.650(a)(3) places the audit agent under an obligation to report 
to its auditor/certification body immediately upon discovering a 
notifiable condition. (Having been informed by its agent, the 
accredited auditor/certification body must immediately notify FDA, 
under proposed Sec.  1.656(c).)
    ISO/IEC Guide 65: 1996 (Ref. 20), clause 5.2.2, requires auditor/
certification body personnel to sign a contract or other commitment by 
which they agree to comply with the certification body rules, which 
often include confidentiality requirements. The legal obligation to 
alert FDA, as a regulator, of a notifiable condition is a new 
requirement. Voluntary notification is not a common practice of third-
party auditors/certification bodies. We believe the statutory 
notification requirement is of such importance to our program that an 
individual serving as an audit agent should agree to notify its 
accredited auditor/certification body upon finding any condition 
meeting the notification criteria of section 808(c)(4)(A) of the FD&C 
Act. We believe this will help ensure that audit agents and accredited 
auditors/certification bodies are aware of the notification 
requirements for food safety audits conducted under the FDA program.
    Proposed Sec.  1.650(b) contains additional requirements that the 
accredited auditor/certification body must meet before assigning any 
individual acting as its audit agent to conduct an audit of a 
particular eligible entity. This requirement is intended to ensure that 
each food safety audit assigned to an audit agent is conducted by a 
qualified audit agent. Put another way, in order to meet proposed Sec.  
1.650(b), an accredited third-party certification body would have to 
ensure not only that a food safety audit is within the scope of its 
accreditation but also that the audit is within the scope of 
qualifications of any audit agent the certification body assigns to 
conduct it.
    Clauses 7.1.1 and 7.1.2 of ISO/IEC 17021: 2011 (Ref. 19) require 
auditors/certification bodies to ensure that their personnel have 
appropriate relevant knowledge and set competence criteria of required 
knowledge and skills necessary to effectively perform audit and 
certification tasks to achieve the intended results. Clause 7.2.7 
requires the auditor/certification body to use auditors and technical 
experts only for those certification activities (including audits) 
where they have demonstrated competence. Similarly, ISO/IEC Guide 
65:1996 (Ref. 20), clause 5.1.1, requires auditors'/certification 
bodies' personnel to be competent for the functions they perform.
    Proposed Sec.  1.650(c) imposes additional statutory restrictions 
on audit agents conducting regulatory audits. Under section 
808(c)(4)(C) of the FD&C Act, an audit agent may not conduct a 
regulatory audit of an eligible entity if such agent conducted a 
consultative or regulatory audit for the same eligible entity in the 
preceding 13 months (except that such limitation may be waived under 
proposed Sec.  1.663 if the accredited auditor/certification body 
demonstrates there is insufficient access to accredited certification 
bodies in the country or region where the eligible entity is located.)
    We seek comment on the requirements we propose to ensure that audit 
agents as competent and objective and on any other requirements 
necessary to achieve this objective. In

[[Page 45811]]

particular, we seek input on whether we should place other requirements 
or limitations to help ensure auditor competency. Any recommendations 
that are based on common industry standards or practices should be so 
identified.
    b. How must an accredited auditor/certification body conduct a food 
safety audit of an eligible entity? (Proposed Sec.  1.651). This 
proposed rule would establish requirements for the conduct of 
consultative and regulatory audits by accredited auditors/certification 
bodies. Proposed Sec.  1.651 implements section 808(c)(3) of the FD&C 
Act regarding audit reports and sets out requirements we believe are 
necessary for planning and conducting audits in a manner that fulfills 
the purposes of section 808 of the FD&C Act, including ensuring that 
audits are of sufficient rigor to allow us to rely on the 
certifications that issue based on the results of such audits.
    Proposed Sec.  1.651(a) requires accredited auditors/certification 
bodies to obtain basic information from the eligible entity about the 
type and nature of the requested audit, which will allow the accredited 
auditor/certification body to determine whether: (1) The requested 
audit is within the scope of its accreditation and which of its audit 
agents would be qualified to conduct the audit; (2) whether any 
conflicts of interest prevent it from conducting an audit; or (3) 
whether any other limitations apply, such as the 13-month limit 
described in proposed Sec.  1.650(c). ISO/IEC Guide 65:1996 (Ref. 20), 
clause 8.2.1, is similar, requiring auditors/certification bodies to 
ensure that their clients complete a signed application that describes 
the scope of the desired certification and to provide information on 
the products to be certified, the certification system, and the 
certification standards, if known. The information we propose to 
require under Sec.  1.651(a) is essential for ensuring that the 
accredited auditor/certification body (and any audit agent assigned) 
has the appropriate qualifications to conduct the food safety audit.
    Proposed Sec.  1.651(a) also requires the auditor/certification 
body to obtain the eligible entity's operating schedule for a 30-day 
window, including information relevant to the scope and purposes of the 
audit. This information will help accredited auditors/certification 
bodies in meeting the requirements of section 808(c)(5)(C)(i) of the 
FD&C Act for ``unannounced'' food safety audits. Having the facility's 
operating schedule for a certain period of time will allow the auditor/
certification body to determine when to appear at the facility to 
conduct a food safety audit under proposed Sec.  1.651(b). ISO/IEC 
17021:2011 (Ref. 19) has several provisions on audit planning, such as 
clause 9.1.2.1, which requires them to establish an audit plan for each 
audit. The requirement to provide a production schedule to enable audit 
planning also is a feature of the British Retail Consortium's Global 
Standard for Food Safety (BRC scheme) (Ref. 32). In advance of an 
audit, a facility subject to audit under the BRC scheme (Ref. 32) may 
be asked to provide, among other things, a production schedule and 
typical shift pattern to allow planning to cover relevant 
processes.\31\
---------------------------------------------------------------------------

    \31\ Section III, Part I, Clause 7.2 states that a certification 
body may request ``production schedules, to allow audits to cover 
relevant processes, for example night-time manufacture or where 
production processes are not carried out each day'' and ``typical 
shift patterns.''
---------------------------------------------------------------------------

    Proposed Sec.  1.651(b) would require accredited auditors/
certification bodies to develop contracts or other arrangements 
granting them adequate authority to conduct unannounced audits, access 
records and any area in the facility relevant to the scope of the 
audit, use an accredited laboratory for analytical results, notify FDA 
of a condition that could cause or contribute to a serious risk to the 
public health, prepare and submit audit reports, as appropriate, and 
allow FDA to observe any food safety audit it conducts. This provision 
is intended to help ensure that the auditor/certification body has such 
access to areas within the facility and records maintained by the 
eligible entity as is necessary to conduct a rigorous food safety 
audit. Proposed Sec.  1.651(b) also ensures that that auditor/
certification body has authority to use a laboratory accredited under 
section 422 of the FD&C Act to perform analytical work, and authority 
to provide any reports and the notifications that must be submitted to 
us under this subpart.
    Under clause 8.6.1(d)(2) of ISO/IEC 17021:2011 (Ref. 19), auditors/
certification bodies must require prospective clients to make all 
necessary arrangements for the conduct of the audits, including for 
examining records and access to all processes, areas, records, and 
personnel. An application for certification must include a statement 
that the applicant agrees to supply any information needed for 
evaluation of the products to be certified, under clause 8.2.1(b) of 
ISO/IEC Guide 65:1996 (Ref. 20).
    Proposed Sec.  1.651(c) addresses the protocols for food safety 
audits under this rule. The audit must be conducted in a manner 
consistent with the identified scope and purpose of the audit, on an 
unannounced basis as required by section 808(c)(5)(C)(i) of the FD&C 
Act, and must be sufficiently rigorous to give confidence in the 
reliability and validity of the audit outcomes.
    ISO/IEC 17021:2011 (Ref. 19), clause 9.1.9.5.1, requires that 
information relevant to the audit objectives, scope, and criteria be 
collected by appropriate sampling and verified to become audit 
evidence. Information may be collected through observation, records 
review, and interviews. Under clause 9.1.9.6, audit findings, 
summarizing conformity and detailing nonconformity and its supporting 
audit evidence must be recorded and reported to enable an informed 
certification decision.
    Proposed Sec.  1.651(c) requires the facility audit portion of the 
food safety audit to be conducted at an appropriate time within the 30 
days covered by the operating schedule provided by the eligible entity 
under proposed Sec.  1.651(a)(1)(ii).
    Though most private food safety audit standards rely on announced 
audits, the BRC scheme (Ref. 32) has protocols for both announced and 
unannounced audits.\32\ An unannounced audit under the BRC scheme may 
be conducted in 2 parts, with the ``Good Manufacturing Practices-type 
audit'' unannounced and occurring prior to a records review, which may 
be a planned visit.
---------------------------------------------------------------------------

    \32\ The BRC scheme (Ref. 32) only allows facilities that have 
achieved sufficiently high scores on announced audits to be audited 
under the unannounced protocol.
---------------------------------------------------------------------------

    We considered several factors in developing the audit protocols in 
proposed Sec.  1.651(c), including the 2-part BRC unannounced audit 
protocol. We have tentatively concluded that it is reasonable and 
appropriate to interpret the ``unannounced audit'' requirement of 
section 808(c)(5)(C)(i) of the FD&C Act to apply to the onsite facility 
assessment portion of a food safety audit. We have further concluded 
that an accredited auditor/certification body, equipped with a 30-day 
facility operating schedule, would have adequate opportunity to plan 
and conduct an unannounced facility audit. We anticipate that an 
eligible entity seeking a food safety audit would sign a contract with 
an accredited auditor/certification body at eligible entity (e.g., its 
headquarters), where some or all of the relevant records of the entity 
would be maintained. We think it is appropriate and efficient to allow 
an auditor/certification body to review records maintained at the 
eligible entity on the same day that the contract is signed, even 
though the signing of the contract is a planned event.

[[Page 45812]]

    We propose to sequence our audit protocol different than that of 
the BRC, in that we would allow the planned records review to occur 
prior to the unannounced onsite facility audit. We believe it will be 
important for accredited auditors/certification bodies to gather 
information about the facility before going onsite to audit it. 
(Unannounced audits under the BRC scheme occur only after an announced 
audit has been conducted, which allows the auditors/certification 
bodies to become familiar with the facility and its records before 
conducting an unannounced audit.) Accredited auditors/certification 
bodies operating under the FDA program would have a limited 
opportunity, if any, to gain knowledge about a facility prior to 
conducting an unannounced audit. For this reason, we believe that 
accredited auditors/certification bodies under the FDA program should 
sequence the unannounced audit differently than the 2-part BRC 
unannounced audit. We propose to require accredited auditors/
certification bodies to first review an eligible entity's management 
systems (e.g., records) before conducting an onsite food safety audit 
at the facility.
    We believe that the requirement for unannounced audits will help 
provide confidence in our program. It helps ensure that food facilities 
will remain ``audit ready.'' It also reinforces the independence of the 
accredited auditor/certification body.
    We seek comment on our proposed approach for ``unannounced'' 
audits, including whether it is feasible and appropriate. We also 
request information on current industry practice on arranging audits--
e.g., does industry commonly provide an auditor/certification body 
information about its operating schedule? If not, what other means are 
used to ensure that the auditor/certification body visits a facility at 
the appropriate time to conduct the requested activities? For comments 
suggesting other approaches, we request information on the practical 
implications of the recommended alternate approach(es).
    c. What must an accredited auditor/certification body include in 
food safety audit reports? (Proposed Sec.  1.652). This proposed rule 
would implement the audit reporting requirements of section 808 of the 
FD&C Act and describes the elements of consultative and regulatory 
audit reports that we believe would be appropriate.
    As required by section 808(c)(3) of the FD&C Act, proposed Sec.  
1.652(a) requires a report of a consultative audit be prepared not 
later than 45 days after the audit was completed. Proposed Sec.  
1.652(a) also sets requirements for the content of reports of 
consultative audits, based on the content required by section 
808(c)(3)(A)(i) through (c)(3)(A)(iv) of the FD&C Act: (1) The identity 
of the persons at the eligible entity responsible for compliance with 
food safety requirements; (2) the dates and scope of the audit; and (3) 
any other information we require that relates to or may influence an 
assessment of compliance with the FD&C Act.
    ISO/IEC 17021:2011 (Ref. 19), clause 9.1.10.2, requires audit 
reports to provide an accurate, concise, and clear record of the audit 
to allow for informed certification decisions and include or refer to 
the name and address of the client, the type of audit, the audit scope, 
the dates and places where audit activities were conducted, audit 
findings, evidence, and conclusions, consistent with the requirements 
of the type of audit, and any unresolved issues, if defined.
    Under proposed Sec.  1.652(a)(1) and (a)(2), we propose to require 
that the following identifying information for the facility and the 
eligible entity (if it differs from the facility) that chooses to 
participate in the voluntary third-party certification program be 
included in the consultative audit report: Name, address, and a unique 
facility identifier (UFI), as required by FDA.
    We are proposing to require this information to help ensure that we 
have comprehensive, accurate, and up-to-date on eligible entities and 
audited facilities that chose to participate in the program, which will 
allow us to conduct efficient and effective oversight of the program. 
Firm name and address alone may not provide sufficient information to 
allow us to correctly identify an eligible foreign entity, such as a 
farm that is not subject to the FDA facility registration requirements 
and that may be located in a remote area in the foreign country. An UFI 
could help us with eligible entities and facilities that would 
otherwise be difficult to identify or locate.
    After considering the types of information available, we have 
tentatively concluded that an UFI should include two elements: (1) A 
common business identifier, and (2) information on the firm's 
geographic location. For the business identifier, we believe the Data 
Universal Numbering System (D-U-N-S[supreg]) numbers system is 
appropriate because it is a commonly used international business entity 
listing system under which a company can obtain, at no charge, a unique 
identification number for its business. D-U-N-S[supreg] numbers are 
distinct, site-specific, 9-digit numbers that would allow us to 
identify and verify certain business information, e.g., its trade 
names, the name of each corporate officer and director, and additional 
ownership information that may be useful in determining possible 
conflicts of interest between eligible entities and accredited 
auditors/certification bodies.\33\ The use of D-U-N-S[supreg] numbers, 
as a unique numerical identification system, is less prone to mistake 
or ambiguity than the use of an eligible entity's or facility's name 
and address. Similarly, geographic information, such as Global 
Positioning System (GPS) coordinates, would identify precisely where a 
facility or eligible entity (if different) is located. We believe this 
is a necessary element of a UFI, particularly for facilities such as 
farms that are not required to register with us under Sec. Sec.  1.225 
through 1.243 and that may be difficult to locate by street address. We 
expect that accredited auditors/certification bodies that are qualified 
to participate in our program likely would already own GPS units or 
would be adequately resourced to purchase them.
---------------------------------------------------------------------------

    \33\ D-U-N-S[supreg] numbers are assigned by Dun & Bradstreet 
and maintained in their database of D-U-N-S[supreg] numbers. If the 
D-U-N-S[supreg] Number for a location has not been assigned, a 
business may obtain one for no cost directly from Dun & Bradstreet 
(http://www.dnb.com).
---------------------------------------------------------------------------

    Proposed Sec.  1.652(a)(3) and (a)(4) requires reports of 
consultative audits to include the contact information for the 
person(s) responsible for food safety compliance, the dates and scope 
of the consultative audit, both of which are statutory requirements.
    Proposed Sec.  1.652(a)(5) requires information on any deficiencies 
observed during the audit that require corrective action and the date 
on which such corrective actions were completed. ISO/IEC 17021:2011 
(Ref. 19), clause 9.1.11, states that [audit/]certification bodies must 
require their clients to analyze the cause of nonconformities and the 
corrective actions to address such nonconformities within a defined 
time. [Auditors/]certification bodies must verify and document the 
effectiveness of the corrective actions based on document review or, 
where necessary, onsite verification or additional audits under clauses 
9.1.12 and 9.1.13. Proposed Sec.  1.652(a)(5) would require such 
documentation be included in the consultative audit report.
    Proposed Sec.  1.652(b) requires an accredited auditor/
certification body to prepare a report of a regulatory audit and submit 
it to us electronically, in English, within 45 days after conducting 
such audit, as mandated by section 808(c)(3) of the FD&C Act. We have

[[Page 45813]]

tentatively concluded that electronic submission of regulatory audit 
reports, written in English, will help ensure we have ready access to 
information needed for monitoring and oversight of the program. 
Proposed Sec.  1.652(b) also requires auditors/certification bodies 
accredited by recognized accreditation bodies to submit each regulatory 
audit report to the accrediting body in the same timeframe and manner 
as it is submitted to us. We believe that this information is important 
to recognized accreditation bodies in conducting monitoring and 
oversight of the auditors/certification bodies they accredit, including 
monitoring required by proposed Sec.  1.621, and in assessing its own 
performance of accreditation activities under proposed Sec.  1.622.
    The report of a regulatory audit must contain all of the data 
elements required for reports of consultative audits under proposed 
Sec.  1.652(a). Proposed Sec.  1.652(b) requires that regulatory audit 
reports contain the following additional data elements: (1) The FDA 
registration number assigned to the facility, where applicable; (2) the 
process(es), food(s), and facility observed during the audit; and (3) 
information on sampling and laboratory analysis, recent food recalls, 
recent significant changes at the facility, and any food or facility 
certifications recently issued to the entity. We discuss each of these 
additional data elements.
    FDA Registration Number: Having an audited facility's FDA 
registration number, where required, will allow us to verify (and to 
correct, where necessary) registration information in our database. 
This will help us in overseeing this program and in risk-based planning 
for FDA foreign inspections.
    Process(es) and food(s) observed during a regulatory audit: In 
proposed Sec.  1.652(b)(4) we require a description of the process(es) 
and food(s) observed during the audit, because we believe that, 
otherwise, the description of the scope of the audit may not provide 
sufficient information to allow the accredited auditor/certification 
body, its recognized accreditation body, or us to determine whether the 
certification matches the scope of the audit stated and, furthermore, 
whether the stated scope of the audit matches the scope of auditor's/
certification body's accreditation. In sum, the description of the 
process(es) and food(s) subject to regulatory audit help to verify the 
validity of any food or facility certifications issued as a result of 
the regulatory audit.
    Sampling and analysis: Proposed Sec.  1.652(b)(8) requires 
information on whether the entity uses sampling and laboratory analysis 
(e.g., under a microbiological sampling plan) as part of the facility's 
preventive control plan. We are not proposing to require the accredited 
auditor/certification body to include the results of such sampling and 
analysis in the regulatory audit report. Information on whether a 
facility uses sampling and laboratory analysis helps identify how the 
facility has chosen to verify its preventive controls.
    Recalls during the preceding 2 years: Proposed Sec.  1.652(b)(9) 
requires information on whether the entity issued a food-safety related 
recall of an article of food from the facility during the 2 years 
preceding the audit and, if so, any such article(s) recalled and the 
reason(s) for the recall(s). We believe this is an important element of 
a regulatory audit for certification purposes, because it may be 
relevant in helping us to determine whether to accept a certification 
or other assurance by an accredited auditor/certification body for 
purposes of admitting a food into the United States under section 
801(q) of the FD&C Act. Recent food safety-related recalls might call 
into question the reliability of any food certifications issued to the 
facility. Recall information also may be relevant to the risk factors 
used to determine VQIP eligibility.
    Recent significant changes: Proposed Sec.  1.652(b)(10) requires 
submission of information regarding whether, during the 2 years 
preceding the audit, the entity made a significant change in the 
activities conducted at the facility, if such change creates a 
reasonable potential for a new hazard or a significant increase in a 
previously identified hazard. For example, a new hazard might arise if 
a facility began to process a different type of commodity or began to 
package an existing product in a different way (e.g., going from a 
canned product to a vacuum-packed ready-to-eat product).
    We developed this criterion based on the language in section 418(i) 
of the FD&C Act, regarding conditions that trigger a requirement to 
reanalyze hazards under section 418(b) of the FD&C Act (21 U.S.C. 
350g(b) and (i)), as described in the Preventive Controls proposed 
rule. While the types of facilities that may be audited are not limited 
to facilities subject to the proposed preventive controls regulations, 
we nonetheless believe the language set out in the statute sets the 
appropriate boundaries for proposed Sec.  1.652(b)(9). We have 
tentatively concluded that the type of information that has relevance 
for reanalysis of hazards in a facility under the Preventive Controls 
proposed rule is the same type of information that has relevance for 
the conduct of a regulatory audit of a facility under this rule. We 
invite comment on this tentative conclusion. For comments that oppose 
this criterion, we seek comment on whether any other information on 
facility changes has relevance for our oversight and, if so, we seek 
alternative language for proposed Sec.  1.652(b)(9).
    Prior certifications: Proposed Sec.  1.652(b)(11) requires 
regulatory audit reports to contain information on any food or facility 
certifications issued to the entity during the 2 years preceding the 
audit, where available. The information must include the scope and 
duration of each such certification. This information is a helpful in 
verifying certifications submitted to us by importers for purposes of 
VQIP eligibility or as required to accompany food for which 
certification is a condition of admission under section 801(q) of the 
FD&C Act. It also verifies the activities of an accredited auditor/
certification body under this program, which should be documented in 
the records of the accredited auditor/certification body under proposed 
Sec.  1.658.
    Proposed Sec.  1.652(c) explains that an accredited auditor/
certification body must submit a report, as required by paragraph (b), 
for each regulatory audit it conducts, regardless of whether 
certification issued as a result. This requirement is consistent with 
section 808(c)(3)(A) of the FD&C Act, which requires all regulatory 
audit reports to be submitted. That statutory provision is not limited 
to reports of regulatory audits where certifications were issued.
    Proposed Sec.  1.652(d) requires accredited certification bodies to 
implement written procedures for receiving and addressing challenges 
from eligible entities contesting adverse regulatory audit results and 
requires them to maintain records of such challenges under Sec.  1.658. 
ISO/IEC 17021:2011 (Ref. 19) requires auditors/certification bodies to 
have a documented process to receive, evaluate, and make decisions on 
complaints relating to certification activities under clause 9.8.4., as 
well as a documented process for handling appeals under clause 9.7.1.
    d. What must accredited auditor/certification body do when issuing 
food or facility certifications? (Proposed Sec.  1.653). This proposed 
rule describes the activities that an accredited auditor/certification 
body would have to perform when issuing food and facility 
certifications. It is based on the language in section 808(c)(2)(C) 
(requiring a regulatory audit and such other

[[Page 45814]]

necessary activities) and (c)(5)(C)(i) (requiring unannounced audits) 
of the FD&C Act.
    Proposed Sec.  1.653(a) specifies that the certification body must 
have conducted a regulatory audit meeting the requirements of proposed 
Sec.  1.651, including verification of corrective actions and using an 
accredited laboratory, subject to the requirements of the laboratory 
accreditation program we implement under that provision (21 U.S.C. 
350k).
    ISO/IEC 17021:2011 (Ref. 19) requires auditors/certification bodies 
to use certain information in considering certification decisions: 
Audit reports; comments on nonconformities and corrective actions (if 
any); verified application information; and the audit agent's 
recommendation on certification, including any conditions or 
observations. The auditor's/certification body's decision must be based 
on an evaluation of the audit findings and conclusions and any other 
relevant information, such as public information and the client's 
comments on the audit report.
    Proposed Sec.  1.653(b) sets out the requirements for issuance of 
certification. As with other submissions under this rule, we propose to 
require certifications to be submitted electronically and in English. 
Proposed paragraph (b)(2) describes the minimum elements of a 
certification: Identifying information for the accredited auditor/
certification body, the eligible entity to which certification was 
issued (including its unique facility identifier), and the facility (if 
different from the eligible entity); the scope and date(s) of the 
regulatory audit and the name of the audit agent conducting it, where 
applicable; and the scope of the certification, its date of issuance, 
and its date of expiration. These are the minimum elements we believe 
necessary for us to link the certification to an importer in the VQIP 
program under section 806 of the FD&C Act or to a food subject to 
mandatory certification under section 801(q) of the FD&C Act. Moreover, 
these data elements will help us determine whether the certification is 
valid and reliable or should be refused under section 801(q)(4)(B) of 
the FD&C Act.
    e. When must an accredited auditor/certification body monitor an 
eligible entity with food or facility certification? (Proposed Sec.  
1.654). This proposed rule would require accredited auditors/
certification bodies to monitor eligible entities in certain 
circumstances. Under proposed Sec.  1.654, an accredited auditor/
certification body is required to conduct monitoring of an eligible 
entity if the auditor/certification body has reason to believe that an 
eligible entity to which it issued a certification may no longer be in 
compliance with the FD&C Act.
    In developing proposed Sec.  1.654, we considered international 
standards. ISO/IEC Guide 65: 1996 (Ref. 20), clause 13.1, requires 
auditors/certification bodies to have documented procedures for 
surveillance under applicable criteria. Under clause 13.2, auditors/
certification bodies must determine whether changes, such as a client's 
intended changes in manufacturing processes, require further 
investigation. ISO/IEC 17021:2011 (Ref. 19), clause 9.3, requires 
auditors/certification bodies to develop their surveillance activities 
so that representative areas and functions are regularly monitored. 
Surveillance may include onsite audits. While we are not proposing to 
require regular surveillance of certified eligible entities, we believe 
requiring an accredited auditor/certification body to conduct 
monitoring when it has ``reason to believe'' that the entity is no 
longer in compliance with the FD&C Act strikes an appropriate balance.
    Proposed Sec.  1.654 requires the accredited auditor/certification 
body to immediately notify us under proposed Sec.  1.656(d) if it 
determines that the entity to which it issued certification is out of 
compliance with the FD&C Act. We believe that such notification is 
necessary to ensure the protection of the public health and to maintain 
the credibility of the program, particularly in light of the use of 
such certifications: To allow admission of a food subject to mandatory 
certification based on a determination of safety risk, under section 
801(q) of the FD&C Act, and to allow importers to participate in a 
program giving them expedited review and entry of product from a 
certified facility, under section 806 of the FD&C Act.
    f. How must an accredited auditor/certification body monitor its 
own performance? (Proposed Sec.  1.655). This proposed rule would 
require accredited auditors/certification bodies to conduct self-
assessments annually and following revocation of the recognition of its 
accreditation body. Proposed Sec.  1.655(a) requires an accredited 
auditor/certification body prepare a report of the results of each 
self-assessment. The report must address the performance of its 
officers, employees, or other agents in activities under this subpart. 
For audit agents in particular, the accredited auditor/certification 
body must report on whether its audit agents, during food safety 
audits, focused on the elements of production, manufacturing, 
processing, packing, and holding of food that pose the most significant 
risks to human and/or animal health.
    Under proposed Sec.  1.655(a), the self-assessment report must 
evaluate the degree of consistency among its officers, employees, or 
other agents in performing activities under this subpart. (With audit 
agents, this is frequently called ``auditor correlation.'') In 
addition, the report must assess compliance with the conflict of 
interest requirements of Sec.  1.657, actions taken based on 
assessments by FDA or its recognized accreditation body, and must 
address any other aspects of performance relevant to a determination of 
compliance, if requested by FDA.
    Proposed Sec.  1.655(b) states that, in conducting its self-
assessment, an accredited auditor/certification body may assess the 
compliance of one or more of the eligible entities it certified, as a 
means to evaluate its performance. Under proposed Sec.  1.655(c), the 
auditor/certification body must quickly execute appropriate corrective 
actions when problems are identified during a self-assessment under 
paragraphs (a) or (b) and must maintain records documenting the 
completion of such actions under proposed Sec.  1.658. In addition, 
proposed Sec.  1.655(d) describes the contents of the written reports 
of its self-assessments, including describing any corrective actions 
taken based on its self-assessments and stating the extent of its 
compliance with conflict of interest requirements and other applicable 
requirements of this rule.
    ISO/IEC Guide 65:1996 (Ref. 20), clause 4.7.1, requires auditors/
certification bodies to conduct periodic internal audits covering all 
of its procedures and to ensure that personnel responsible for the area 
audited are informed of the audit outcome, timely and appropriate 
corrective actions are taken, and audit results are documented. 
Additionally, clause 4.7.2 requires the management with executive 
responsibility to review its quality systems at sufficiently short 
intervals to ensure its continuing suitability and effectiveness.
    The FDA MFRPS (Ref. 12) have elements requiring States to conduct 
periodic self-assessments of its manufactured food regulatory program 
against the criteria we established. These self-assessments are 
designed to identify the strengths and weaknesses of the State program 
by determining the level of conformance with the program standards and 
are independently verified through an audit. Records documenting the 
results of the self-assessment must be maintained. We have tentatively 
concluded that self-assessments would serve a similarly

[[Page 45815]]

important role for accredited auditors/certification bodies under our 
accredited third-party audits and certification program.
    g. What reports and notifications must an accredited auditor/
certification body submit? (Proposed Sec.  1.656). This proposed rule 
would establish requirements for various reports and notifications that 
accredited auditors/certification bodies would have to submit to FDA. 
Proposed Sec.  1.656(a) requires accredited auditors/certification 
bodies to submit regulatory audit reports no later than 45 days after 
completing such audit. This requirement is based on section 
808(c)(3)(A) of the FD&C Act, which requires submission of regulatory 
audit reports as a condition of accreditation. The regulatory audit 
report must be submitted electronically, in English, contain the 
information required by proposed Sec.  1.652(b). The requirement for 
electronic submissions, in English language, is required consistently 
throughout this rule, for the reasons explained in section IV.3.c and 
IV.3.d.
    Under proposed Sec.  1.656(b), an accredited auditor/certification 
body must submit its annual self-assessment report to its accreditation 
body (or, in the case of direct accreditation, to us) no later than 45 
days after the anniversary date of its accreditation under this program 
and, for reports required following revocation of its accreditation 
body's recognition, within 2 months of the revocation. The self-
assessment report, which is required by Sec.  1.655, must be submitted 
electronically, in English, and must include an up-to-date list of any 
audit agents the certification body uses to conduct audits under this 
subpart. As explained in the discussion of proposed Sec.  1.621, we 
believe that the results of such assessments will be helpful to us in 
performing our monitoring of not only the accredited auditor/
certification body itself, but also the recognized accreditation body 
that accredited it, where applicable. Monitoring of recognized 
accreditation bodies and accredited third-party auditors/certification 
bodies is required by section 808(f)(2) of the FD&C Act.
    Having information about deficiencies the accredited auditor/
certification body identified in its own performance and program, 
together with the corrective actions that were implemented to address 
such deficiencies helps us target our monitoring activities. Moreover, 
the results of self-assessments across a number of accredited auditors/
certification bodies will help us identify trends in program 
performance and may offer an early signal of potential issues for the 
Agency to address at the program level.
    Proposed Sec.  1.656(c) requires an accredited auditor/
certification body to immediately notify us when any audit agent or the 
auditor/certification body itself, discovers during an audit any 
condition that could cause or contribute to a serious risk to the 
public health. This notification is required by section 808(c)(4) of 
the FD&C Act, which identifies certain information that must be 
contained in the notification.
    Based on that requirement and the authority granted to us to issue 
regulations for the efficient enforcement of its authority, under 
section 701(a) of the FD&C Act, proposed Sec.  1.656(c) requires such 
notification to include the following: (1) The name and address of the 
facility where the condition was discovered; (2) the FDA registration 
number assigned to the facility, where applicable; (3) the name and 
address of the eligible entity, if different from that of the facility; 
and (4) the condition that could cause or contribute to a serious risk 
to the public health and for which notification is required.
    Information on the identity of the entity and the notifiable 
condition is required by section 808(c)(4) of the FD&C Act. The other 
data elements we propose to require are essential for us to take 
immediate and necessary steps to protect the public health. In the 
event that the facility where the condition was discovered is different 
than the eligible entity, or is at a different location, we need to 
know the name and address of the facility so that we can interact 
directly with the facility. Knowing the facility's FDA registration 
number (where required) helps us quickly assemble relevant information 
we possess, including information from our foreign regulatory partners. 
The data elements required for notification under Sec.  1.656(c)(1), 
(c)(2), and (c)(3) offer the minimum information we believe necessary 
to allow the Agency to determine the appropriate course of action with 
respect to the situation.
    We note that section 808 of the FD&C Act does not define ``serious 
risk to the public health,'' nor does it give examples of 
``condition[s] that could cause or contribute to a serious risk to the 
public health.'' The statutory description of notifiable conditions--as 
ones that ``could'' cause or contribute to a serious risk to public 
health--suggests to us that the scope of this provision is broad. In 
developing these proposed implementing regulations, we looked for the 
precise phrase, ``cause or contribute to a serious risk to the public 
health'' elsewhere in the FD&C Act, but did not find it there (21 
U.S.C. 301 et seq.). In considering section 808 of the FD&C Act as a 
whole, we noted that the provision giving us access to records 
associated with consultative audits cross-references section 414 of the 
FD&C Act (21 U.S.C. 350c). Section 414 of the FD&C Act, among other 
things, gives us access to records if we have a reasonable belief that 
an article of food, and any other article of food that we reasonably 
believe is likely to be affected in a similar manner, is adulterated 
and presents a threat of serious adverse health consequences or death 
to humans or animals (SAHCODHA) (21 U.S.C. 350c(a)). Although Congress 
chose to incorporate SAHCODHA by referencing section 414 of the FD&C 
Act as authority for us to access records of consultative audits under 
section 808(c)(3)(C) of the FD&C Act, Congress did not use the SAHCODHA 
standard in describing the types of conditions that could cause or 
contribute to a serious risk to the public health and that must be 
reported to FDA under section 808(c)(4)(A) of the FD&C Act. We believe 
Congress intended the standard for notification to be a different 
standard than SAHCODHA.
    We invite comment from interested parties interpreting the 
notification standard in section 808(c)(4)(A) of the FD&C Act and 
providing examples of circumstances that stakeholders believe do and do 
not rise to the level of a ``condition that could cause or contribute 
to a serious risk to the public health.'' We are particularly 
interested in receiving input on whether our existing Class I and Class 
II recall standards (Ref. 33), taken together, might adequately address 
any condition covered by section 808(c)(4)(A) of the FD&C Act. An FDA 
Class I recall occurs in a situation in which there is a reasonable 
probability that the use of or exposure to a violative product will 
cause serious adverse health consequences or death. An FDA Class II 
recall occurs in a situation in which use of or exposure to a violative 
product may cause temporary or medically reversible adverse health 
consequences or where the probability of serious adverse health 
consequences is remote.
    We also note that international standards for [auditors/
]certification bodies have exceptions to confidentiality agreements 
where disclosure is required by law. For example, ISO/IEC Guide 
17021:2011 (Ref. 19), clause 8.5.3, requires an auditor/certification 
body that is required by law to release confidential information to a 
third party, to notify the client before providing such information to 
a third party, ``unless regulated by law.'' Based on section 
808(c)(4)(A) of the FD&C Act, which

[[Page 45816]]

requires that the accredited third-party certification body 
``immediately'' notify us, proposed Sec.  1.656(c) requires an 
accredited auditor/certification body to notify us of a serious risk to 
public health prior to notifying its client, the eligible entity. We 
recommend that accredited auditors/certification bodies include a 
provision explaining this notification requirement in their contracts 
with eligible entities. We believe this will help ensure that eligible 
entities are aware of the notification requirement and will help 
emphasize to the accredited auditors/certification bodies their 
obligation to notify FDA of such condition.
    Proposed Sec.  1.656(d) requires an accredited auditor/
certification body to immediately notify us electronically, in English, 
upon withdrawing or suspending the food or facility certification of an 
eligible entity. The notice must describe the basis for withdrawal or 
suspension. We believe immediate notification of suspension or 
withdrawal of certifications is necessary because of how we use these 
certifications: As a condition of granting admission to a food subject 
to an risk determination under section 801(q) of the FD&C Act and as a 
criteria for an importer's eligibility to participate in VQIP under 
section 806 of the FD&C Act. We realize that certification bodies 
currently withdraw and suspend certifications for a number of reasons, 
some of which relate to payment of fees and others relate to food 
safety matters. Therefore, having information on the fact that a 
certification has been withdrawn or suspended, as well as the reason(s) 
for the action, allows us to determine the effect of suspension or 
withdrawal on our use of the certifications under sections 801(a) and 
806 of the FD&C Act. Depending on the reasons for suspension or 
withdrawal of certification, we may conduct an inspection or take other 
action.
    Under proposed Sec.  1.656(e)(1), an accredited auditor/
certification body that notifies us under proposed Sec.  1.656(c) must 
immediately thereafter notify the eligible entity where the condition 
was discovered. Proposed Sec.  1.656(e)(2) requires an accredited 
auditor/certification body to notify its accreditation body (or, in the 
case of direct accreditation, to us) electronically, in English, within 
30 days after making any significant change that may affect its 
compliance with the requirements of Sec. Sec.  1.640 through 1.658. The 
notice must describe the purpose of the change and an explanation for 
whether and how the change might affect its accreditation under this 
program. In that proposed Sec.  1.640 requires auditors/certification 
bodies to maintain compliance with the requirements of this rule as a 
condition of their accreditation, this notification is necessary for 
our program oversight. We will use this information in monitoring the 
certification body as required by section 808(f)(2) of the FD&C Act and 
may use the notification (or the failure to notify under proposed Sec.  
1.656(e)(2)) in determining whether to withdraw accreditation under 
section 808(c)(6) of the FD&C Act.
    h. How must an accredited auditor/certification body protect 
against conflicts of interest? (Proposed Sec.  1.657). This proposed 
rule would require accredited auditors/certification bodies to have 
procedures to ensure against financial conflicts of interest and to 
make annual financial disclosure statements available to us, as 
required by section 808(c)(5)(A) and (c)(5)(B) of the FD&C Act. 
Additionally, section 808(c)(5)(C) of the FD&C Act directs us to issue 
implementing regulations including requirements for unannounced audits, 
a structure to decrease the potential for conflicts of interest 
(including requirements for timing and public disclosure of fee 
payments), and appropriate limits on financial affiliations between 
certification bodies (and their audit agents) and eligible entities to 
be certified.
    Proposed Sec.  1.657 sets out the elements of a conflict of 
interest program we believe are appropriate to implement this mandate 
and to ensure the objectivity and independence of accredited auditors/
certification bodies necessary for to maintain the credibility of the 
program. Proposed Sec.  1.657(a) requires the accredited auditor/
certification body to have written program that covers the 
certification body itself and any of its officers, employees, or other 
agents (e.g., audit agents) conducting audits or certification 
activities under this program.
    Based in large part on section 808(c)(5)(A)(i) of the FD&C Act, 
proposed Sec.  1.657(a)(1) prohibits an accredited auditor/
certification body and its officers, personnel, and other agents 
(except for audit agents subject to paragraph (a)(2)) from owning, 
controlling, managing, or otherwise having a financial interest in an 
eligible entity, or an affiliate, parent, or subsidiary of such entity, 
to be certified by the auditor/certification body . The effect of the 
language in proposed Sec.  1.657(a)(1) would be to prevent a foreign 
food firm with its own audit team from conducting regulatory audits and 
issuing certifications for its own facilities, processes, or products 
(i.e., first-party audits) or for an affiliate or for its parent or 
subsidiary (i.e., second-party audits). Given the multinational nature 
and multiple corporate interests of many food companies, we have 
tentatively concluded it is important to extend the conflict of 
interest safeguards in proposed Sec.  1.657 to subsidiaries, 
affiliates, and parent organizations. We seek comment on this tentative 
conclusion.
    Proposed Sec.  1.657(a)(2) prohibits an audit agent of an 
accredited auditor/certification body from conducting a food safety 
audit of an eligible entity, or an affiliate, parent, or subsidiary of 
such entity, that the agent owns or operates. This provision is largely 
based on the section 808(c)(5)(B)(i) of the FD&C Act, which prohibits 
an audit agent from owning or operating an eligible entity to be 
audited by the agent, coupled with language covering financial 
interests associated with an affiliate, parent, or subsidiary of the 
eligible entity, for the reasons previously described.
    To be clear, proposed Sec.  1.657(a)(2) does not go so far as to 
prohibit audit agents from having any financial interest in any food 
company; rather, it prevents an audit agent from conducting a 
consultative or regulatory audit of an eligible entity or an affiliate, 
parent, or subsidiary of such entity, owned or operated by such agent. 
We believe that requiring any audit agent conducting audits under this 
program to divest all interests in FDA-regulated food firms might 
unnecessarily limit the pool of qualified audit agents.
    We seek comment on these tentative conclusions and on the approach 
we propose in Sec.  1.657(a)(2), including whether this approach might 
unnecessarily limit the availability of competent audit agents to 
conduct audits under this program and whether removing the restriction 
relating to interests in affiliates, parents, or subsidiaries might 
create, or create the appearance of, bias.
    Proposed Sec.  1.657(a)(3) prohibits officers, employees, or other 
agents of an accredited auditor/certification body from accepting any 
gift, gratuity, or item of value from the entity subject to audit. A 
gift, gratuity, or item of value would not include meals of a de 
minimis value provided on the premises where the audit or assessment is 
being conducted, recognizing that some facilities may be remotely 
located and allowing onsite meals is appropriate in the interest of 
efficiency. We seek comment on whether to interpret de minimis value 
according to the limits for gifts or items of value applicable to U.S. 
Government employees. Proposed Sec.  1.657(a)(3) also

[[Page 45817]]

allows for authorized officials, employees, or agents to accept 
payments of fees for the audit and certification, as described in 
proposed Sec.  1.657(b).
    Proposed Sec.  1.657(b) addresses the requirement, in section 
808(c)(5)(C) of the FD&C Act, to issue implementing regulations that 
include a structure to decrease the potential for conflicts of 
interest, including timing and public disclosure, for fees paid by 
eligible entities to accredited third-party certification bodies. After 
considering this statutory provision, we have tentatively concluded 
that an appropriate structure to decrease the potential for conflicts 
of interests between an eligible entity and an accredited auditor/
certification body would be one in which there was public disclosure of 
the point at which the entity paid fees for audit and certification 
services. Proposed Sec.  1.657(b) provides that that payment of such 
fees does not constitute a covered financial conflict of interest.
    Proposed Sec.  1.657(c) imputes to an officer, employee, or other 
agent of an accredited auditor/certification body the financial 
interests of his or her spouse and minor children, if any. This 
proposed requirement is based on the approach we recommended in the 
2009 Guidance that no auditor acting for the [auditor/]certification 
body (or spouse or minor children) should have any significant 
ownership or other financial interest regarding any product of the type 
it certifies (Ref. 5). As another example, FDA regulations on conflicts 
of interest of experts serving on panels for unapproved new animal 
drugs imputes the financial interests and arrangements of an expert's 
spouse and minor children to the expert him- or herself (21 CFR 
516.141(g)).
    We believe that imposing a similar requirement on the immediate 
family of the officers, employees, or other agents of an accredited 
auditor/certification body will help to ensure the credibility of the 
accredited third-party audits and certification program at every level. 
We seek comment on this tentative conclusion.
    Proposed Sec.  1.657(d) requires accredited certification bodies to 
maintain on their Web sites an up-to-date list of eligible entities to 
which they issued certifications under this subpart, the duration and 
scope of each such certifications, and the date on which the eligible 
entity paid any fee or reimbursement under proposed Sec.  1.657(c). 
Information on timing of fee payments is required by section 
808(b)(5)(C)(iii) of the FD&C Act and is necessary, we believe, in the 
interest of transparency.
    We seek comment on the tentative conclusions identified here--
namely, we should require accredited certification bodies to: (1) Have 
a written program to safeguard against conflicts of interest; (2) 
include the interest of any affiliate, parent, or subsidiary of a 
certification body within the scope of interests covered by its 
conflict of interest program; (3) impute the interests of immediate 
family members of an officer, employee, or other agent to such officer, 
employee, or other agent; and (4) to maintain on its Web site a list of 
its certified eligible entities, including duration and scope of each 
such certification, and disclosure of the date(s) on which an eligible 
entity paid the accredited auditor/certification body any fee or 
reimbursement associated with an audit or certification under this 
program.
    i. What records requirements must an accredited auditor/
certification body meet? (Proposed Sec.  1.658). This proposed rule 
would establish requirements for accredited auditors/certification 
bodies to establish, control, and retain records relating to their 
auditing and certification activities under our program.
    Proposed Sec.  1.658 requires accredited auditors/certification 
bodies to maintain certain documents and data electronically, in 
English, for 4 years, to document compliance with this rule.\34\ These 
records include: (1) Requests for regulatory audits; (2) audit reports 
and other documents resulting from a consultative or regulatory audit; 
(3) any notification of a condition under proposed Sec.  1.650(a)(5) or 
by the accredited auditor/certification body to FDA under proposedSec.  
1.656(c); (4) any food or facility certification issued under this 
program; (5) any challenge to an adverse regulatory audit decision and 
its disposition; (6) any monitoring it conducted of a certified 
eligible entity; (7) the auditor's/certification body's self-
assessments and corrective actions; and (8) any significant change to 
the auditing and certification program that might affect compliance 
with this rule.
---------------------------------------------------------------------------

    \34\ We are proposing records be maintained for 4 years, which 
aligns with the maximum length of time for which accreditation may 
be granted. This will be particularly useful in decisionmaking on an 
application to renew accreditation, because the accrediting body 
will have access to data and information on activities conducted at 
any time during its current accreditation. We used a similar 
rationale in proposing to require recognized accreditation bodies to 
maintain their records for 5 years, which is the maximum length of 
time for which recognition may be granted.
---------------------------------------------------------------------------

    Maintenance of records on requests for regulatory audits under 
proposed Sec.  1.658(a)(1) is one means to verify the adequacy of audit 
planning under proposed Sec.  1.651(a). Records associated with audits, 
certifications, challenges to auditor/certification body decisions, 
internal reviews, significant changes, and monitoring (also known as 
surveillance) of eligible entities are among the records commonly 
required to be maintained by international standards. We believe it 
appropriate to require maintenance of similar records for purposes of 
this rule.
    We propose to require accredited auditors/certification bodies 
choosing to participate in this program to maintain their program 
records in English. We believe this English-language records 
requirement is necessary for our oversight based on, among other 
things, our experience with the shrimp pilot (Ref. 6). During the pilot 
project, we faced costly delays and logistical hurdles in attempting to 
assess third-party [auditors/]certification bodies, because we needed 
English-language translations of their records to be able to conduct 
performance audits. Based on that experience, we believe that having 
real-time access to English-language records is necessary for 
conducting efficient and effective assessments to the fullest extent of 
our authority.
    We solicit comment on the English-language records requirement in 
proposed Sec.  1.658 and on whether other approaches might be similarly 
efficient and effective. For example, should we allow an accredited 
auditor/certification body to maintain its records in a language other 
than English, if the auditor/certification body would be required to 
make an English translation of its records available ``promptly'' upon 
a written FDA request? What should ``promptly'' mean in this context 
(e.g., 2 business days of the written request)? Would such an approach 
be as efficient and effective as the proposed English-language records 
requirement would be? For comments offering other approaches, we 
request a detailed description of the alternative, an analysis of the 
impacts of the alternative on our ability to ensure the compliance of 
accredited auditors/certification bodies with applicable FDA 
requirements.
    Based on section 808(c)(3)(B) of the FD&C Act, proposed Sec.  
1.658(b) and (c) require an accredited auditor/certification body to 
provide FDA access to records upon request of an officer or employee we 
designate, except that reports or other documents of a consultative 
audit must be made available to us only in accordance with the 
requirements of subpart J (records access under section 414 of the FD&C 
Act). Proposed Sec.  1.658(b) reflects section 808(c)(3)(C) of the FD&C 
Act, which

[[Page 45818]]

states that reports or other documents resulting from a consultative 
audit are accessible to us only under circumstances that meet the 
threshold for records access under section 414 of the FD&C Act (21 
U.S.C. 350c). Based on these statutory requirements, we can access such 
documents from consultative audits in either of the following 
circumstances: If we have a reasonable belief that an article of food, 
and any other article of food that we reasonably believe is likely to 
be affected in a similar manner, is adulterated and presents a threat 
of SAHCODHA; or if we believe that there is a reasonable probability 
that the use of or exposure to an article of food, and any other 
article of food that we reasonably believe is likely to be affected in 
a similar manner, will cause SAHCODHA, as described in Sec.  1.361 of 
this part.
    We have tentatively concluded that the records identified and the 
records maintenance and access requirements in proposed Sec.  1.658 are 
necessary to monitor and evaluate accredited certification bodies, as 
directed by section 808(f)(2) of the FD&C Act. We believe it is 
reasonable to require accredited auditors/certification bodies to 
maintain such records for the maximum length of accreditation, 4 years. 
We acknowledge that the requirements of proposed Sec.  1.658 may 
require revisions to contracts and perhaps other documents establishing 
and limiting the scope of an auditor's/certification body's authority 
with respect to granting records access. We nonetheless have 
tentatively concluded that such access is necessary to help ensure the 
credibility of the program. We seek comment on this tentative 
conclusion and on the specific records requirements we propose.
7. Procedures for Accreditation of Third-Party Auditors/Certification 
Bodies

   Table 7--Proposed Procedures for Third-Party Auditors/Certification
                                 Bodies
------------------------------------------------------------------------
 Proposed rule section                        Title
------------------------------------------------------------------------
1.660..................  Where do I apply for accreditation or renewal
                          of accreditation by a recognized accreditation
                          body?
1.661..................  What is the duration of accreditation?
1.662..................  How will FDA monitor accredited auditors/
                          certification bodies?
1.663..................  How do I request an FDA waiver or waiver
                          extension for the 13-month limit for audit
                          agents conducting regulatory audits?
1.664..................  When can FDA withdraw accreditation?
1.665..................  How do I voluntarily relinquish accreditation?
1.666..................  How do I request reaccreditation?
------------------------------------------------------------------------

    a. Where do I apply to obtain accreditation from a recognized 
accreditation body? (Proposed Sec.  1.660). This proposed rule explains 
where interested third-party auditors/certification bodies could apply 
for accreditation under our accredited third-party audits and 
certification program.
    Proposed Sec.  1.660 informs third-party auditors/certification 
bodies that they must apply directly to a recognized accreditation body 
for accreditation, except for those circumstances meeting the 
requirements of proposed Sec.  1.670 for direct accreditation.
    b. What is the duration of accreditation? (Proposed Sec.  1.661). 
Proposed Sec.  1.661 states that accreditation of a third-party 
auditor/certification body may be granted for a period up to 4 years. 
This applies both to accreditations granted by recognized accreditation 
bodies and to direct accreditations that we grant under proposed Sec.  
1.672. We have tentatively concluded that 4 years is an appropriate 
duration for an accreditation, because we believe the rigor and 
credibility of this new program rests, in part, on the extent of 
oversight of accredited third-party auditors/certification bodies to 
conduct audits and to certify eligible foreign entities.
    The process for renewal of accreditation provides an opportunity 
for recognized accreditation bodies (and us, for directly accredited 
auditors/certification bodies) to look closely at all aspects of the 
auditor's/certification body's program and performance and to decide 
anew whether the auditor/certification body meets the eligibility 
requirements.
    We note proposed Sec.  1.661 set the duration of accreditation in 
the new accredited third-party auditor/certification body program for a 
shorter period than the duration of accreditation we allow in the 
mammography program under 21 CFR part 900, which is a time-tested 
program. As we and the recognized accreditation bodies participating in 
the accredited third-party audits and certification program for food 
gain experience with the program, we may revisit this matter. For these 
reasons, we have tentatively concluded that accreditation should be 
granted for a period of no longer than 4 years. We seek comment on this 
tentative conclusion.
    c. How will FDA monitor accredited auditors/certification bodies? 
(Proposed Sec.  1.662). This proposed rule would establish requirements 
for our evaluation of the performance of accredited auditors/
certification bodies, based on section 808(f)(2) of the FD&C Act, which 
requires us to monitor accredited auditors/certification bodies 
periodically, or at least once every 4 years.
    The statute makes no distinction between the frequency of our 
monitoring necessary for auditors/certification bodies accredited by 
recognized accreditation bodies and for auditors/certification bodies 
that we directly accredit. However, we are proposing, in Sec.  1.621, 
to require a recognized accreditation body to conduct annual 
assessments of the performance of each third-party auditor/
certification body it accredited under this program. Under proposed 
Sec.  1.662(a) we will perform our own performance evaluations of 
auditors/certification bodies accredited by recognized accreditation 
bodies at least once every 3 years for auditors/certifications bodies 
accredited for 4 year terms, and at the mid-term point for auditors/
certification bodies accredited for less than 4 years. Proposed Sec.  
1.662(a) also establishes requirements for our monitoring of directly 
accredited auditors/certification bodies. In these circumstances, we 
act in the role of a recognized accreditation body and will perform 
annual monitoring. Not only would annual monitoring by us provide 
oversight similar to the annual monitoring requirements of proposed 
Sec.  1.621, but also it would satisfy the monitoring requirement of 
section 808(f)(2) of the FD&C Act with respect to monitoring of 
directly accredited auditors/certification bodies.

[[Page 45819]]

    Proposed Sec.  1.662(b) identifies the types of information we may 
review in conducting our evaluations of accredited auditors/
certification bodies. Proposed Sec.  1.662(c) makes clear that we can 
conduct our evaluation of an auditor/certification body through onsite 
observations of performance during the conduct of food safety audits 
and through document review.
    For both directly accredited auditors/certification bodies and 
those accredited by recognized accreditation bodies, we will evaluate 
performance based on whether the auditor/certification body continues 
to comply with the requirements of Sec. Sec.  1.640 through 1.658 and 
whether there are performance deficiencies that would warrant 
withdrawal of accreditation under this rule. We seek comment on whether 
the criteria in proposed Sec.  1.662(a) and (b) are appropriate for 
evaluating accredited auditors/certification bodies under this program. 
Additionally, we seek recommendations for possible approaches we might 
use to monitor performance, such as conducting our inspections of a 
certain number of eligible entities, shortly after the accredited 
auditor/certification body conducted a food safety audit of an eligible 
entity. For each such recommendation, we seek comment on the how the 
approach might affect: (1) The incentives for auditors/certification 
bodies to seek accreditation under our program, and (2) the degree of 
oversight needed to meet the objectives of section 808 of the FD&C Act.
    d. How do I request a waiver or waiver extension for the 13-month 
limit for audit agents conducting regulatory audits? (Proposed Sec.  
1.663). This proposed rule would allow accredited auditors/
certification bodies to seek an FDA waiver of the limit on audit agents 
conducting regulatory audits of an eligible entity where they conducted 
a regulatory or consultative audit in the preceding 13 months. Under 
section 808(c)(4)(C)(ii) of the FD&C Act, we may waive the limit, which 
appears in proposed Sec.  1.650(c), where there is insufficient access 
to accredited certification bodies in the country or region where an 
eligible entity is located. Proposed Sec.  1.663(a) establishes the 
requirements for a waiver or waiver extension and proposed Sec.  
1.663(b) to (f) describes the procedural requirements for a waiver or 
waiver extension request, including electronic submission, in English. 
Under proposed Sec.  1.663(g), we explain that an accredited auditor/
certification body should not use an audit agent subject to the 13-
month limit in proposed Sec.  1.650 unless we have granted the request 
or the 13-month limit has elapsed. The procedural requirements in 
proposed Sec.  1.663 mirror the procedural requirements for other 
applications submitted to us.
    e. When can FDA withdraw accreditation? (Proposed Sec.  1.664). 
This proposed rule would establish the conditions under which we could 
withdraw accreditation from an auditor/certification body, regardless 
of whether it was directly accredited or accredited by a recognized 
accreditation body.
    Proposed Sec.  1.664(a) describes criteria for mandatory withdrawal 
that reflect section 808(c)(6)(A) of the FD&C Act, which requires us to 
withdraw accreditation in certain outbreak situations, whenever we find 
that an accredited auditor/certification body is no longer meeting the 
requirements for accreditation, or following a refusal to allow U.S. 
officials to conduct audits and investigations to ensure compliance 
with these requirements. The statute directs us to withdraw 
accreditation if a food or facility certified by an accredited auditor/
certification body under our program is linked to an outbreak of 
foodborne illness that has a reasonable probability of causing serious 
adverse health consequences or death in human or animals, except under 
section 808(c)(6)(C) of the FD&C Act, if we conduct an investigation of 
the material facts of the outbreak, review the steps and actions taken 
by the auditor/certification body, and determine that the accredited 
auditor/certification body satisfied the requirements for issuance of 
certification under this rule. The exception is set out in proposed 
Sec.  1.664(b).
    Section 808(c)(6)(B) of the FD&C Act allows us to withdraw 
accreditation from an accredited auditor/certification body whose 
accrediting body had its recognition revoked, if we determine there is 
good cause for withdrawal. This statutory provision is reflected in 
Sec.  1.664(c), which also provides two examples of circumstances we 
believe provide good cause for withdrawal, including bias or lack of 
objectivity and performance calling into question the validity or 
reliability of its food safety audits and certifications.
    In proposed Sec.  1.664(d) we provide for records access when 
considering possible withdrawal of accreditation. In proposed Sec.  
1.664(e) we provide for notice of withdrawal of accreditation and 
describe the processes to challenge such withdrawal.
    Proposed Sec.  1.665(f) describes the effect of withdrawal on 
eligible entities. In general, a food or facility certification issued 
by an accredited auditor/certification prior to withdrawal of 
accreditation will remain in effect until it terminates by expiration, 
except if we have reason to believe a certification issued for purposes 
of section 801(q) of the FD&C Act is not valid or reliable, we can 
refuse to accept the certification.
    Proposed Sec.  1.664(g)(1) explains that FDA will notify the 
recognized accreditation body that accredited the third-party auditor/
certification body whose accreditation was withdrawn by FDA. In such 
circumstances, proposed Sec.  1.664(g)(1) requires the recognized 
accreditation body to conduct a self-assessment, as described in Sec.  
1.622, and report the results of such self-assessment to FDA within 2 
months after withdrawal, as required by Sec.  1.623(b). Proposed Sec.  
1.664(g)(2) explains that FDA may revoke recognition of an 
accreditation body whenever FDA determines there is good cause for 
revocation under proposed Sec.  1.634.
    Proposed Sec.  1.664(h) provides for public notice of withdrawal of 
accreditation on FDA's Web site. We believe this information is 
necessary in the interest of transparency.
    f. How do I voluntarily relinquish accreditation? (Proposed Sec.  
1.665). This proposed rule would allow accredited auditors/
certification bodies to voluntarily relinquish their accreditations 
before they expire and without having them withdrawn by FDA.
    Proposed Sec.  1.665 offers the mechanism for voluntarily 
relinquishment before it terminates by expiration. Relinquishment on 
the initiative of the auditor/certification body is distinct from 
withdrawal of accreditation for cause.
    The mammography regulations in 21 CFR 900.3 offer accreditation 
bodies the opportunity to voluntarily relinquish their authority to 
grant accreditation. We believe that auditors/certification bodies 
operating under our accredited third-party audits and certification 
program should have the option to voluntarily relinquish their 
accreditation for their business reasons. We are proposing certain 
procedural requirements--similar to those contained in the mammography 
regulations--which auditors/certification bodies must follow in 
relinquishing accreditation. We believe these measures are necessary to 
ensure an orderly transition for eligible entities certified by the 
auditor/certification body that is relinquishing its accreditation, and 
for us to make the necessary adjustments in the program.
    Proposed Sec.  1.665(a) requires auditors/certification bodies to 
notify us and to

[[Page 45820]]

notify their accreditation body (where applicable) at least 6 months 
before relinquishing accreditation. We propose to require such 
notifications to be submitted electronically and in English. To ensure 
that we have the ability to maintain adequate oversight of the program, 
including through access the records of the auditor/certification body, 
the notice required under proposed Sec.  1.665(a) must identify the 
location where the records required by proposed Sec.  1.658 will be 
maintained.
    The decision to relinquish accreditation is made solely by the 
third-party auditor/certification body, without FDA involvement. 
Therefore, in relinquishing accreditation under proposed Sec.  
1.665(a), the auditor/certification body would waive its rights to 
appeal, because there is no FDA action to serve as the basis for 
appeal.
    Proposed Sec.  1.665(b) requires the accreditation body to notify 
any eligible entity to which it issued a food or facility certification 
no later than 15 business days after notifying FDA of its intent to 
voluntarily relinquish accreditation.
    Proposed Sec.  1.665(c) describes the effects of relinquishment of 
accreditation on certification issued by an auditor/certification body 
prior to relinquishing its accreditation. In considering the impact of 
relinquishment on eligible entities, we were mindful that such entities 
would likely have little, if any, opportunity to provide input on a 
decision by its auditor/certification body whether or not to relinquish 
accreditation. We believe that, under most circumstances, the fact that 
an auditor/certification body decided to relinquish its accreditation 
is likely to have no bearing on the validity or reliability of 
certifications it issued. Therefore, we have tentatively concluded that 
the certification of an eligible entity whose auditor/certification 
body voluntarily relinquished its accreditation under proposed Sec.  
1.665 will remain in effect (subject to recertification under proposed 
Sec.  1.681), except that we may refuse to consider a certification 
issued for purposes of section 801(q) of the FD&C Act, if we have 
reason to believe the certification is not valid or reliable.
    Proposed Sec.  1.665(d) provides for public notice on our Web site 
of the voluntary relinquishment of accreditation by an auditor/
certification body.
    g. How do I request reaccreditation? (Proposed Sec.  1.666). This 
proposed rule would allow a third-party auditor/certification body to 
become reaccredited after withdrawal or relinquishment of its 
accreditation.
    Section 808(c)(7) of the FD&C Act requires us to establish 
procedures to reinstate the accreditation of an auditor/certification 
body for which we have withdrawn accreditation. Under proposed Sec.  
1.666(a), we will reinstate accreditation if the auditor/certification 
body can demonstrate that the grounds for withdrawal no longer exist, 
or if the withdrawal was prompted by the revocation of recognition of 
its accreditation body and the auditor/certification body finds a new 
recognized accreditation body, becomes directly accredited, or 
otherwise meets conditions we impose in the withdrawal. Under proposed 
Sec.  1.666(b), an auditor/certification body that voluntarily 
relinquished its accreditation may become reaccredited by submitting a 
new application for accreditation under proposed Sec.  1.660 or Sec.  
1.670 (where the criteria for direct accreditation are met).
8. Additional Procedures for Direct Accreditation of a Third-Party 
Auditors/Certification Bodies

   Table 8--Additional Procedures Proposed for Direct Accreditation of
                Third-Party Auditors/Certification Bodies
------------------------------------------------------------------------
 Proposed rule section                        Title
------------------------------------------------------------------------
1.670..................  How do I apply to FDA for direct accreditation
                          or renewal of direct accreditation?
1.671..................  How will FDA review applications for direct
                          accreditation and for renewal of direct
                          accreditation?
1.672..................  What is the duration of direct accreditation?
------------------------------------------------------------------------

    a. How do I apply to FDA for direct accreditation or renewal of 
direct accreditation? (Proposed Sec.  1.670). This proposed rule 
describes the circumstances and procedures that would apply for direct 
accreditation and renewal of direct accreditation.
    Proposed Sec.  1.670 describes the conditions under which we will 
accept applications for direct accreditation, reflecting the statutory 
language in section 808(b)(1)(A)(ii) of the FD&C Act, which allows us 
to directly accredit auditors/certification bodies if we have not 
identified and recognized an accreditation body to meet the 
requirements of section 808 of the FD&C Act within 2 years after 
establishing our program. Proposed Sec.  1.670(a)(1) identifies certain 
circumstances and criteria that we have tentatively concluded are 
relevant for determining whether we have not identified and recognized 
an accreditation body to meet the requirements of section 808 of the 
FD&C Act. Proposed Sec.  1.670(a)(2) specifies conditions under which 
we may revoke or modify such a determination. Proposed Sec.  
1.670(a)(3) provides for public notice of such determination or its 
revocation or revision.
    Proposed Sec.  1.670(b) sets out the procedures for applying for 
direct accreditation or renewal of direct accreditation. This mirrors 
the procedures for applications established elsewhere under this rule.
    b. How will FDA review applications for direct accreditation and 
for renewal of direct accreditation? (Proposed Sec.  1.671). This 
proposed rule would establish procedures for processing applications 
for direct accreditation and for renewal of direct accreditation.
    Proposed Sec.  1.671 describes a process for reviewing and deciding 
on applications for direct accreditation and renewal that is consistent 
with the procedures for reviewing and deciding on applications under 
other provisions in this rule. For example, we propose to establish a 
queue for direct accreditation and renewal applications based on the 
date on which an application was completed, and we will review 
applications on a first in, first out basis. We will inform applicants 
of deficiencies in application documentation. To encourage applicants 
to supply any missing information promptly, we will not place an 
application in the queue until it is complete. Allowing incomplete 
applications in the queue might block applications that are ready for 
review, but were submitted later in time.
    We will inform an applicant once its application has been placed in 
the queue. We will review each application for direct accreditation or 
renewal of direct accreditation to determine

[[Page 45821]]

whether the applicant meets the eligibility requirements of proposed 
Sec.  1.640. We will communicate anticipated processing periods to 
applicants. We are not proposing to include specific timeframes for 
review in the regulation, for the following reasons: (1) It is 
difficult to project, at this time, the amount of resources that will 
be available to us for this program, which under section 808(c)(8) of 
the FD&C Act, is funded through user fees established by regulation; 
and (2) we anticipate that, as we gain experience in reviewing 
applications and in overall administration of the program, we will 
become more efficient in processing applications but currently lack 
data that would allow us to reasonably estimate the effect of 
efficiency gains on review times.
    Under proposed Sec.  1.671(c), (d), and (e), we will notify an 
applicant, in writing, whether the application has been approved or 
denied. If approved, the notice will describe any conditions imposed on 
the direct accreditation. If denied, the notice will state the basis 
for the denial and will describe procedures for requesting 
reconsideration of the decision. We believe this provision offers 
necessary protections for applicants. We seek comment on the process 
and procedures required by proposed Sec.  1.671.
    c. What is the duration of direct accreditation? (Proposed Sec.  
1.672). This proposed rule would establish the duration of 
accreditation.
    Proposed Sec.  1.672 states that direct accreditation of a third-
party auditor/certification body may be granted for a period up to 4 
years. Similarly, proposed Sec.  1.661 allows a recognized 
accreditation body to grant accreditation for a period of up to 4 
years. We have tentatively concluded that 4 years is an appropriate 
duration for an accreditation--whether granted by a recognized 
accreditation body or by us--because we believe the rigor and 
credibility of this new program rests, in part, on the extent of 
oversight of accredited third-party auditors/certification bodies to 
conduct audits and to certify eligible foreign entities. The process 
for renewal of accreditation provides an opportunity for us to look 
closely at all aspects of the auditor's/certification body's program 
and performance and to decide anew whether the auditor/certification 
body meets the eligibility requirements for accreditation.
    We are proposing to set the duration of accreditation under this 
new program for a shorter period than the duration of accreditation we 
allow under 21 CFR part 900, which is the mammography program 
established several years ago. As we gain experience with accredited 
auditors/certification bodies in the food and feed programs, we may 
revisit this matter. For these reasons, we have tentatively concluded 
that accreditation should be granted for a period of no longer than 4 
years. We seek comment on this tentative conclusion.
9. Requirements for Eligible Entities

          Table 9--Proposed Requirements for Eligible Entities
------------------------------------------------------------------------
 Proposed rule section                        Title
------------------------------------------------------------------------
1.680..................  How and when will FDA monitor eligible
                          entities?
1.681..................  How frequently must eligible entities be
                          recertified?
------------------------------------------------------------------------

    a. How and when will FDA monitor eligible entities? (Proposed Sec.  
1.680). This proposed rule would provide for FDA monitoring of eligible 
entities that choose to be audited under our program.
    Proposed Sec.  1.680(a) states that we may conduct an onsite audit 
of an eligible entity that has received certification under this 
program, as allowed under section 808(f)(3) of the FD&C Act, which 
specifies that we may conduct an onsite audit of a certified entity at 
any time, with or without the accredited auditor/certification body 
present. Proposed Sec.  1.680(b) reflects section 808(h)(1) of the FD&C 
Act, explaining that a food safety audit conducted under this program 
is not considered an inspection under section 704 of the FD&C Act.
    b. How frequently must eligible entities be recertified? (Proposed 
Sec.  1.681). This proposed rule would require eligible entities to be 
recertified annually.
    Section 808(d) of the FD&C Act requires eligible entities to apply 
for annual certification for food required to have certification under 
section 801(q) of the FD&C Act or for its facility, if it intends the 
certification to be used by an importer in establishing eligibility to 
participate in VQIP under section 806 of the FD&C Act. This statutory 
requirement is reflected in proposed Sec.  1.681(a). Proposed Sec.  
1.681(b) states that FDA may require renewal of a food certification at 
any time FDA determines appropriate under section 801(q)(4)(A) of the 
FD&C Act.
10. General Requirements

                 Table 10--Proposed General Requirements
------------------------------------------------------------------------
 Proposed rule section                        Title
------------------------------------------------------------------------
1.690..................  How will FDA make information about recognized
                          accreditation bodies and accredited auditors/
                          certification bodies available to the public?
1.691..................  How do I request reconsideration of a denial by
                          FDA of an application or a waiver request?
1.692..................  How do I request internal agency review of a
                          denial of an application or waiver request
                          upon reconsideration?
1.693..................  How do I request a regulatory hearing on a
                          revocation of recognition or withdrawal of
                          accreditation?
------------------------------------------------------------------------

    a. How will FDA make information about recognized accreditation 
bodies and accredited auditors/certification bodies available to the 
public? (Proposed Sec.  1.690). This proposed rule explains how and 
where we would make information on the accredited third-party audits 
and certification program public. Section 808(g) of the FD&C Act 
requires us to establish a publicly available registry of recognized 
accreditation bodies and accredited auditors/certification bodies, 
including their names and contact information.
    Proposed Sec.  1.690 provides that we will post on our Web site a 
registry of recognized accreditation bodies and of accredited auditors/
certification bodies

[[Page 45822]]

and explains that we may meet the obligation with respect to accredited 
auditors/certification bodies by establishing links on our Web site to 
the Web sites of recognized accreditation bodies, who are required to 
maintain this information for auditors/certification bodies they 
accredit under this program. As appropriate based on available 
resources, we may use such links in the interest of minimizing the 
administrative burden on us and in acknowledgement that some 
accreditation bodies currently maintain such information on their Web 
sites. We are seeking comment on our proposed public registry.
    b. How do I request reconsideration of a denial by FDA of an 
application or a waiver request? (Proposed Sec.  1.691). This proposed 
rule would establish procedures for an applicant or requestor to seek 
reconsideration of a denial. Under proposed Sec.  1.691, accreditation 
bodies and certification bodies may ask us to reconsider an application 
or waiver request we previously denied. The types of applications and 
requests that may be reconsidered are: (1) Denial of an application for 
recognition or for renewal of recognition; (2) denial of an application 
submitted to reinstate recognition; or (3) denial of a request for a 
waiver of the 13-month limit on audit agents or for a waiver extension; 
(4) denial of an application for direct accreditation or for renewal of 
direct accreditation; and (5) denial of an application for 
reaccreditation.
    The procedures described in proposed Sec.  1.691 require submission 
of the request for reconsideration within 10 business days of the date 
of such decision, in accordance with the procedures described in the 
notice of denial, including requirements relating to submission of 
supporting information. Within a reasonable time after completing its 
review and evaluation of the request for reconsideration and the 
supporting information (if any) submitted, we will notify the 
requestor, in writing, of our decision to grant the application or 
waiver request upon reconsideration, or our decision to deny upon 
reconsideration the application or waiver request.
    c. How do I request internal Agency review of a denial of an 
application or waiver request upon reconsideration? (Proposed Sec.  
1.692). This proposed rule would offer additional process for 
applicants or requestors whose request for reconsideration was denied.
    Proposed Sec.  1.692 states that the requestor who received a 
denial upon reconsideration may seek internal Agency review of such 
denial under 21 CFR 10.75(c)(1), which is a currently established 
process for review but different than the initial review process under 
proposed Sec.  1.691. The request for internal Agency review must be 
submitted within 10 business days of the date of denial upon 
reconsideration, in accordance with procedures described in the denial 
upon reconsideration and must be signed by the accreditation body or 
certification body, as appropriate, or by an individual authorized to 
act on its behalf. Internal Agency review of the denial upon 
reconsideration must be based on the information in the administrative 
file, which will include any supporting information submitted under 
proposed Sec.  1.691(c). Within a reasonable time after completing the 
review and evaluation of the administrative file, we will notify the 
requestor, in writing, of our decision to overturn the denial and grant 
the application or waiver request or to affirm the denial. Affirmation 
of a denial constitutes final Agency action for purposes of 5 U.S.C. 
702.
    d. How do I request a regulatory hearing on a revocation of 
recognition or withdrawal of accreditation? (Proposed Sec.  1.693). 
This proposed rule explains the procedures that would be used for 
challenges to revocation of recognition or withdrawal of accreditation.
    Under proposed Sec.  1.693(a) an accreditation body whose 
recognition was revoked (or an individual authorized to act on its 
behalf) may submit a request for a regulatory hearing, under part 16, 
on the revocation. The request must be submitted within 10 business 
days of the date of revocation. Similarly, under proposed Sec.  
1.693(b) a certification body whose accreditation was withdrawn by FDA 
may submit a request for a part 16 regulatory hearing on the 
withdrawal. Such request must be submitted within 10 business days of 
the date of withdrawal. Written notices of revocation and of withdrawal 
will contain all of the elements required by Sec.  16.22 of this 
chapter and will thereby constitute the notice of an opportunity for 
hearing under part 16 of this chapter.
    Under proposed Sec.  1.693(c), the request for a regulatory hearing 
under paragraph (a) or (b) of this section must be submitted with a 
written appeal that responds to the bases for our decision described in 
the written notice of revocation or withdrawal, as appropriate, 
together with any supporting information upon which the requestor is 
relying. The request, appeal, and supporting information must be 
submitted in accordance with the procedures described in the notice.
    Proposed Sec.  1.693 makes clear that the submission of a request 
for a regulatory hearing under this subpart will not operate to delay 
or stay the effect of our decision to revoke recognition of an 
accreditation body or to withdraw accreditation of a certification body 
unless we determine that delay or a stay is in the public interest.
    Under proposed Sec.  1.693(e) and (f), the presiding officer for a 
regulatory hearing under this subpart will be designated after a 
request for a regulatory hearing is submitted to us. The presiding 
officer may deny a request for regulatory hearing under this subpart 
pursuant to Sec.  16.26(a) of this chapter.
    Proposed Sec.  1.693(g) states that if a hearing request is 
granted, the hearing will be held within 10 business days after the 
date the request was filed or, if applicable, within a time frame 
agreed upon in writing by requestor and the presiding officer. The 
presiding officer may require that a hearing conducted under this 
subpart be completed within 1 business day, as appropriate.
    The presiding officer must conduct the hearing under part 16 of 
this chapter, except that, under Sec.  16.5(b) of this chapter, the 
procedures for a regulatory hearing described in part 16 of this 
chapter apply only to the extent that such procedures are supplementary 
and not in conflict with the procedures specified for the conduct of 
regulatory hearings under this subpart. Based on Sec.  16.5(b), the 
following requirements of part 16 of this chapter are inapplicable to 
regulatory hearings conducted under this subpart: The requirements of 
Sec.  16.22 (Initiation of a regulatory hearing), Sec.  16.24(e) 
(Timing) and (f) (Contents of notice), Sec.  16.40 (Commissioner), 
Sec.  16.95(b) (Administrative decision and record for decision), and 
Sec.  16.119 (Reconsideration and stay of action).
    Proposed Sec.  1.693(g)(4) states that a decision by the presiding 
officer to affirm the revocation of recognition or the withdrawal of 
accreditation that served as the basis for the request for a regulatory 
hearing is considered a final Agency action for purposes of 5 U.S.C. 
702.
11. Audits for Other Purposes

[[Page 45823]]



   Table 11--Proposed Use of Regulatory Audit Reports Under Subpart L
------------------------------------------------------------------------
 Proposed rule section                        Title
------------------------------------------------------------------------
1.698..................  May importers use reports of regulatory audits
                          by accredited auditors/certification bodies
                          for purposes of subpart L of this part?
------------------------------------------------------------------------

    May importers use reports of regulatory audits by accredited 
auditors/certification bodies for purposes of subpart L of this part? 
(Proposed Sec.  1.698). This proposed rule would allow importers to use 
certain information from accredited auditors/certification bodies in 
meeting the Foreign Supplier Verification Program (FSVP) requirements.
    Proposed Sec.  1.698 allows an importer, as defined in the proposed 
regulations for the FSVP published elsewhere in this edition of the 
Federal Register, to use a report of a regulatory audit of a foreign 
supplier (which is an eligible entity), in meeting the verification 
requirements under the proposed FSVP regulations.
    The FSVP proposed rule would require importers to verify that 
hazards identified as reasonably likely to occur are being adequately 
controlled. Onsite auditing may be used under the FSVP proposed rule. 
While the FSVP proposed rule would not require use of accredited 
auditors/certification bodies, we believe accredited auditor/
certification body program we are establishing under section 808 of the 
FD&C Act will help ensure the rigor and objectivity of audits performed 
by auditors/certification bodies accredited under our program.
    Proposed Sec.  1.698 allows an importer required (or having the 
option) to perform onsite auditing of its foreign supplier to comply 
with the FSVP proposed rule to use the results of a regulatory audit in 
meeting such requirement. The regulatory audit report of the foreign 
supplier would be the documentation of such verification activity. (We 
have tentatively concluded that the report of a consultative audit 
would not be appropriate documentation for purposes of the proposed 
FSVP rule. Among other things, consultative audits are defined as being 
conducted for internal purposes only and are conducted against industry 
standards as well as the requirements of the FD&C Act.)
    We see significant value in having the food industry use competent 
and impartial auditors/certification bodies to conduct food safety 
audits of their facilities and are aware that many leaders in the food 
industry are working to assure those objectives are achieved. We 
believe that the accredited third-party audits and certification 
program we are establishing to implement section 808 of the FD&C Act 
offers a credible system to help ensure that the audits conducted by 
auditors/certification bodies accredited under our program and the 
certifications they issue based on the results of those audits are 
valid and reliable not only to us, but also to companies throughout the 
supply chain of the audited facility. We further believe that our 
involvement, as the regulator responsible with oversight of these 
facilities, offers an added level of assurance to consumers in the 
validity of these third-party audits--a confidence they otherwise might 
not gain from private audit systems.
    It is our intent that the program we establish for foreign food 
safety audits be solidly grounded in the key principles set out in the 
statute and in the international standards and best practices that are 
currently used by leaders at the forefront of efforts to ensure auditor 
competency and objectivity. We realize that the same principles and 
standards that are features of a rigorous and credible program for 
audits of foreign firms would likewise hold great merit for audits of 
domestic food facilities.
    We seek comment on the value of, and need for, a program 
established and administered by FDA for the use of accredited auditors/
certification bodies to conduct domestic food safety audits. We seek 
input on whether accreditation bodies, auditors/certification bodies, 
and domestic food facilities might be interested in such a program and 
the incentives we might offer to encourage participation.

B. Proposed Revisions to Part 16

    We are proposing a conforming change to the section of the CFR that 
describes procedures for regulatory hearings that would add revocation 
of recognition of an accreditation body and withdrawal of accreditation 
of a third-party auditor/certification body to the list of actions for 
which a hearing under this part may be held. The affected section in 
title 21 of the CFR is 16.1.

V. Analysis of Environmental Impact

    We have carefully considered the potential environmental effects of 
this action. We have concluded, under 21 CFR 25.30(h), that this action 
is of a type that does not individually or cumulatively have a 
significant effect on the human environment. Therefore, neither an 
environmental assessment nor an environmental impact statement is 
required (Ref. 34).

VI. Federalism

    We have analyzed this proposed rule in accordance with the 
principles set forth in Executive Order 13132. We have determined that 
the proposed rule does not contain policies that have substantial 
direct effects on the States, on the relationship between the National 
Government and the States, or on the distribution of power and 
responsibilities among the various levels of government. Accordingly, 
we have concluded that the proposed rule does not contain policies that 
have federalism implications as defined in the Executive order and, 
consequently, a federalism summary impact statement is not required.

VII. Comments

    Interested persons may submit either electronic comments regarding 
this document to http://www.regulations.gov or written comments to the 
Division of Dockets Management (see ADDRESSES). It is only necessary to 
send one set of comments. Identify comments with the docket number 
found in brackets in the heading of this document. Received comments 
may be seen in the Division of Dockets Management between 9 a.m. and 4 
p.m., Monday through Friday, and will be posted to the docket at http://www.regulations.gov.

VIII. References

    The following references have been placed on display in the 
Division of Dockets Management (see ADDRESSES) and may be seen by 
interested persons between 9 a.m. and 4 p.m., Monday through Friday. 
(FDA has verified all the Web site addresses in this References 
section, but FDA is not responsible for any subsequent changes to the 
Web sites after this document publishes in the Federal Register).

1. Centers for Disease Control and Prevention. ``CDC research shows 
outbreaks linked to imported foods increasing.'' http://www.cdc.gov/media/releases/2012/p0314_foodborne.html. Accessed April 23, 2013.

[[Page 45824]]

2. ``Notification to the World Trade Organization (G/SPS/N/USA/
2156).'' Food and Drug Administration, 2011. https://docs.wto.org/imrd/directdoc.asp?DDFDocuments/t/G/SPS/NUSA2156.DOC.
3. International Organization for Standardization/CASCO. ``Building 
Trust: The Conformity Assessment Toolbox,'' 2009. http://www.iso.org/iso/casco_building-trust.pdf. Accessed April 23, 2013.
4. U.S. Agency for International Development. ``The Relationship of 
Third-Party Certification (TPC) to Sanitary/Phytosanitary (SPS) 
Measures and the International Agri-Food Trade: Final Report,'' 
2005. http://cs3.msu.edu/d/pubs/
The%20Relationship%20of%20TPC%20to%20SPS%20Measures--
Final%20Report%20+%20Annexes.pdf. Accessed April 23, 2013.
5. ``Guidance for Industry--Voluntary Third-Party Certification 
Program for Foods and Feeds,'' 2009. Food and Drug Administration. 
http://www.fda.gov/regulatoryinformation/guidances/ucm125431.html.
6. ``Assessment of the Third-Party Certification Program for 
Aquacultured Shrimp,'' 2011. Food and Drug Administration. http://www.fda.gov/Food/GuidanceRegulation/GuidanceDocumentsRegulatoryInformation/Seafood/ucm265934.htm.
7. ``Mammography Quality Standards Act and Program, Facility 
Certification and Inspection (MQSA).'' Food and Drug Administration. 
http://www.fda.gov/Radiation-EmittingProducts/MammographyQualityStandardsActandProgram/AbouttheMammographyProgram/default.htm. Accessed on April 23, 2013. Last Modified 2012.
8. ``Import Alert 28-20 Detention Without Physical Examination of 
Indian Pepper.'' http://www.accessdata.fda.gov/cms_ia/importalert_90.html. Accessed April 23, 2013. Last Modified 2011.
9. ``Memorandum of Understanding Between the Food and Drug 
Administration, Department of Health and Human Services, United 
States of America and the Ministry of Agriculture of the Republic of 
France Covering Caseins, Caseinates, and Mixtures Thereof Exported 
to the United States of America.'' Food and Drug Administration. 
http://www.fda.gov/InternationalPrograms/Agreements/MemorandaofUnderstanding/ucm107563.htm. Accessed on April 23, 2013. 
Last Modified 1987. ``Cooperative Arrangement with the Department of 
Agriculture, Fisheries, and Food of Ireland Concerning Certification 
Requirements for Caseins, Caseinates, and Mixtures Thereof Exported 
from Ireland to the United States of America.'' Food and Drug 
Administration. http://www.fda.gov/InternationalPrograms/Agreements/MemorandaofUnderstanding/ucm107596.htm. Accessed on April 23, 2013. 
Last Modified 2010. ``Memorandum of Understanding Between the Food 
and Drug Administration and the Royal Norwegian Ministry of 
Agriculture Covering Rennet Casein Exported to the United States of 
America.'' Food and Drug Administration. http://www.fda.gov/InternationalPrograms/Agreements/MemorandaofUnderstanding/ucm107618.htm. Accessed on April 23, 2013. Last Modified 1982.
10. Government Accountability Office. ``Food Safety: FDA Can Better 
Oversee Food Imports by Assessing and Leveraging Other Countries' 
Oversight Resources (GAO-12-933),'' 2012. http://www.gao.gov/assets/650/649010.pdf.
11. National Academies Press. ``Enhancing Food Safety: The Role of 
the Food and Drug Administration,'' 2010. http://www.iom.edu/Reports/2010/Enhancing-Food-Safety-The-Role-of-the-Food-and-Drug-Administration.aspx.
12. ``Manufactured Foods Regulatory Program Standards.'' Food and 
Drug Administration. http://www.fda.gov/downloads/RegulatoryInformation/Guidances/UCM125448.pdf. Accessed on April 23, 
2013. Last Modified 2007.
13. ``Ensuring the Safety of Imported Foods and Animal Feed: 
Comparability of Food Safety Systems and Import Practices of Foreign 
Countries; Notice of Public Hearing; Request for Comments, 2011.'' 
Food and Drug Administration. http://www.fda.gov/Food/NewsEvents/WorkshopsMeetingsConferences/ucm243781.htm. Accessed on April 23, 
2013.
14. ``Draft International Comparability Assessment Tool, 2010.'' 
Food and Drug Administration. http://www.fda.gov/downloads/Food/InternationalInteragencyCoordination/UCM331177.pdf. Accessed on 
April 23, 2013.
15. ``Circular A-119 Federal Participation in the Development and 
Use of Voluntary Consensus Standards and in Conformity Assessment 
Activities, 1998.'' Office of Management and Budget. http://www.whitehouse.gov/omb/circulars_a119. Accessed on April 23, 2013.
16. ``Federal Participation in the Development and Use of Voluntary 
Consensus Standards and in Conformity Assessment Activities; Request 
for Information and Notice of Public Workshop, 2012.'' Office of 
Management and Budget. http://www.regulations.gov/#!documentDetail;D=OMB-2012-0003-0001. Accessed on April 23, 2013.
17. ``ISO/IEC 17000:2004 Conformity assessment--Vocabulary and 
General Principles.'' International Organization for 
Standardization/International Electrotechnical Commission. Accessed 
on April 23, 2013. Copies are available from the International 
Organization for Standardization, 1, rue de Varembe, Case postale 
56, CH-1211 Geneve 20, Switzerland, or on the Internet at http://www.iso.org/iso/catalogue_detail.htm?csnumber=29316 or may be 
examined at the Division of Dockets Management (see ADDRESSES) (Ref. 
Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66).
18. ``ISO/IEC 17011:2004 Conformity assessment--General requirements 
for accreditation bodies accrediting conformity assessment bodies.'' 
International Organization for Standardization/International 
Electrotechnical Commission. Accessed on April 23, 2013. Copies are 
available from the International Organization for Standardization, 
1, rue de Varembe, Case postale 56, CH-1211 Geneve 20, Switzerland, 
or on the Internet at http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=29332 or may be examined at the 
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
19. ``ISO/IEC 17021: 2006/2011 Conformity assessment--Requirements 
for bodies providing audit and certification of management 
systems.'' International Organization for Standardization/
International Electrotechnical Commission. Accessed on April 23, 
2013. Last Modified 2011. Copies are available from the 
International Organization for Standardization, 1, rue de Varembe, 
Case postale 56, CH-1211 Geneve 20, Switzerland, or on the Internet 
at http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=46568 or may be examined at the Division of 
Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-2011-N-0146 
and/or RIN 0910-AG66).
20. ``ISO/IEC Guide 65:1996 General requirements for bodies 
operating product certification systems.'' International 
Organization for Standardization/International Electrotechnical 
Commission. Accessed on February 27, 2013. Copies are available from 
the International Electrotechnical Commission, 3, rue de Varembe, 
P.O. Box 131, CH-1211 Geneva 20--Switzerland, or on the Internet at 
http://webstore.iec.ch/webstore/webstore.nsf/Artnum_PK/40140, or 
may be examined at the Division of Dockets Management (see 
ADDRESSES) (Ref. Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66). 
``ISO/IEC 17065:2012 Conformity assessment--Requirements for bodies 
certifying products, processes and services.'' International 
Organization for Standardization/International Electrotechnical 
Commission. Accessed on April 23, 2013. Copies are available from 
the International Organization for Standardization, 1, rue de 
Varembe, Case postale 56, CH-1211 Geneve 20, Switzerland, or on the 
Internet at http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=46568 or may be examined at the 
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
21. ``ISO/TS 22003:2007 Food safety management systems--Requirements 
for bodies providing audit and certification of food safety 
management systems.'' International Organization for 
Standardization/International Electrotechnical Commission. Accessed 
on April 23, 2013. Copies are available from the International 
Organization for

[[Page 45825]]

Standardization, 1, rue de Varembe, Case postale 56, CH-1211 Geneve 
20, Switzerland, or on the Internet at http://www.iso.org/iso/home/store/cataloguetc/catalogue_detail.htm?csnumber=39834 or may be 
examined at the Division of Dockets Management (see ADDRESSES) (Ref. 
Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66).
22. ``Enhancing Food Safety Through Third-Party Certification.'' 
Global Food Safety Initiative. http://www.mygfsi.com/technical-resources/global-regulatory-affairs-working-group.html. Accessed on 
April 23, 2013. Last Modified 2011.
23. ``GFSI Guidance Document Sixth Edition, Version 6.2.'' Global 
Food Safety Initiative. http://www.mygfsi.com/gfsifiles/GFSI_Guidance_Document_Sixth_Edition_Version_6.2.pdf. Accessed on 
April 23, 2013. Last Modified 2012.
24. ``Accreditation Services,'' 2013. American National Standards 
Institute. https://www.ansica.org/wwwversion2/outside/PROsectorprograms.asp?menuID=1. Accessed on April 23, 2013.
25. Food and Drug Administration. Analysis to examine the impacts of 
the proposed rules for the Foreign Supplier Verification Program and 
the Accreditation of Third-Party Auditors/Certification Bodies to 
Conduct Food Safety Audits and to Issue Certifications under 
Executive Order 12866, Executive Order 13563, the Regulatory 
Flexibility Act (5 U.S.C. 601-612), the Unfunded Mandates Reform Act 
of 1995 (Pub. L. 104-4), and the Paperwork Reduction Act of 1995 (44 
U.S.C. 3501-3520), 2013. http://www.fda.gov/AboutFDA/ReportsManualsForms/Reports/EconomicAnalyses/default.htm. Accessed 
on July 22, 2013.
26. Codex Alimentarius Commission. Principles for Food Import and 
Export Inspection and Certification (CAC/GL 20-1995). 
www.codexalimentarius.org/input/download/standards/37/CXG_020e.pdf. 
Accessed on April 23, 2013.
27. ``Policy Memorandum, Certification of Grower Groups,'' 2011. 
U.S. Department of Agriculture Agricultural Marketing Service 
National Organic Program. http://www.ams.usda.gov/AMSv1.0/getfile?dDocName=STELPRDC5088955. Accessed on April 23, 2013.
28. ``NVCASE Program Handbook: Procedures for Obtaining NIST 
Recognition as an Accreditor (NISTIR 6440),'' 2004. National 
Institute for Standards and Technology. http://gsi.nist.gov/global/docs/NVCASE_Handbook.pdf. Accessed on April 23, 2013.
29. ``GFSI Requirements on the Application of ISO/IEC 17011:2004,'' 
2009. Global Food Safety Initiative. http://www.mygfsi.com/gfsifiles/GFSI_ISO_17011_Requirements_190209_Final_IAF.pdf. 
Accessed April 23, 2013.
30. ``Multilateral Recognition Arrangement Documents (ML Series).'' 
International Accreditation Forum. http://www.iaf.nu/articles/MRA_Documents/39. Accessed April 23, 2013.
31. ``Letter to Interested Parties re: Draft WaterSense[supreg] 
Program,'' 2007. Environmental Protection Agency. http://www.epa.gov/watersense/docs/cert_scheme_cover_letter508.pdf. 
Accessed on April 23, 2013. ``WaterSense[supreg] Program, Product 
Certification System, Version 2.0,'' 2011. Environmental Protection 
Agency. http://www.epa.gov/watersense/docs/cert_system_508.pdf. 
Accessed on April 23, 2013.
32. ``Global Standard for Food Safety, Issue 6,'' 2012. British 
Retail Consortium. Copies are available from the British Retail 
Consortium, Second Floor, 21 Dartmouth Street, London SW1H 9BP, or 
on the Internet at http://www.brcglobalstandards.com/GlobalStandards/Standards/Food.aspx or may be examined at the 
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
33. ``Recalls Background and Definitions.'' Food and Drug 
Administration. http://www.fda.gov/Safety/Recalls/IndustryGuidance/ucm129337.htm. Accessed on April 23, 2013. Last Modified 2009.
34. McCarthy, A. and Food and Drug Administration. ``Memorandum: 
Establishment of regulation to accredit third-party auditors and 
laboratories as required by the Food Safety Modernization Act of 
2011.''

List of Subjects

21 CFR Part 1

    Cosmetics, Drugs, Exports, Food labeling, Imports, Labeling, 
Reporting and recordkeeping requirements.

21 CFR Part 16

    Administrative practice and procedure.

    Therefore, under the Federal Food, Drug, and Cosmetic Act and under 
authority delegated to the Commissioner of Food and Drugs, it is 
proposed that 21 CFR parts 1 and 16 be amended as follows:

PART 1--GENERAL ENFORCEMENT REGULATIONS

0
1. The authority citation for 21 CFR part 1 is revised to read as 
follows:

    Authority: 15 U.S.C. 1453, 1454, 1455; 19 U.S.C. 1490, 1491; 21 
U.S.C. 321, 331, 332, 333, 334, 335a, 343, 350c, 350d, 350k, 352, 
355, 360b, 362, 371, 374, 381, 382, 384a, 384b, 384d, 393, 42 U.S.C. 
216, 241, 243, 262, 264.

0
2. Add subpart M, consisting of Sec. Sec.  1.600 through 1.698, to read 
as follows:
Subpart M--Accredited Third-Party Food Safety Audits and Food or 
Facility Certification
1.600 What definitions apply to this subpart?
1.601 Who is subject to this subpart?

Recognition of Accreditation Bodies Under This Subpart

1.610 Who is eligible for recognition?
1.611 What legal authority must an accreditation body have to 
qualify for recognition?
1.612 What competency and capacity must an accreditation body have 
to qualify for recognition?
1.613 What protections against conflicts of interest must an 
accreditation body have to qualify for recognition?
1.614 What quality assurance procedures must an accreditation body 
have to qualify for recognition?
1.615 What records procedures must an accreditation body have to 
qualify for recognition?

Requirements for Recognized Accreditation Bodies Under This Subpart

1.620 How must a recognized accreditation body assess third-party 
auditors/certification bodies seeking accreditation?
1.621 How must a recognized accreditation body monitor the 
performance of third-party auditors/certification bodies it 
accredits?
1.622 How must a recognized accreditation body monitor its own 
performance?
1.623 What reports and notifications must a recognized accreditation 
body submit to FDA?
1.624 How must a recognized accreditation body protect against 
conflicts of interest?
1.625 What records requirements must a recognized accreditation body 
meet?

Procedures for Recognition of Accreditation Bodies Under This Subpart

1.630 How do I apply to FDA for recognition or renewal of 
recognition?
1.631 How will FDA review applications for recognition and for 
renewal of recognition?
1.632 What is the duration of recognition?
1.633 How will FDA monitor recognized accreditation bodies?
1.634 When will FDA revoke recognition?
1.635 How do I voluntarily relinquish recognition?
1.636 How do I request reinstatement of recognition?

Accreditation of Third-Party Auditors/Certification Bodies Under This 
Subpart

1.640 Who is eligible for accreditation?
1.641 What legal authority must a third-party auditor/certification 
body have to qualify for accreditation?
1.642 What competency and capacity must a third-party auditor/
certification body have to qualify for accreditation?
1.643 What protections against conflicts of interest must a third-
party auditor/certification body have to qualify for accreditation?
1.644 What quality assurance procedures must a third-party auditor/
certification body have to qualify for accreditation?
1.645 What records procedures must a third-party auditor/
certification body have to qualify for accreditation?

[[Page 45826]]

Requirements for Accredited Auditors/Certification Bodies Under This 
Subpart

1.650 How must an accredited auditor/certification body ensure its 
audit agents are competent and objective?
1.651 How must an accredited auditor/certification body conduct a 
food safety audit of an eligible entity?
1.652 What must an accredited auditor/certification body include in 
food safety audit reports?
1.653 What must an accredited auditor/certification body do when 
issuing food or facility certifications?
1.654 When must an accredited auditor/certification body monitor an 
eligible entity with food or facility certification?
1.655 How must an accredited auditor/certification body monitor its 
own performance?
1.656 What reports and notifications must an accredited auditor/
certification body submit?
1.657 How must an accredited auditor/certification body protect 
against conflicts of interest?
1.658 What records requirements must an accredited auditor/
certification body meet?

Procedures for Accreditation of Third-Party Auditors/Certification 
Bodies Under This Subpart

1.660 Where do I apply for accreditation or renewal of accreditation 
by a recognized accreditation body?
1.661 What is the duration of accreditation?
1.662 How will FDA monitor accredited auditors/certification bodies?
1.663 How do I request an FDA waiver or waiver extension for the 13-
month limit for audit agents conducting regulatory audits?
1.664 When can FDA withdraw accreditation?
1.665 How do I voluntarily relinquish accreditation?
1.666 How do I request reaccreditation?

Additional Procedures for Direct Accreditation of Third-Party Auditors/
Certification Bodies Under This Subpart

1.670 How do I apply to FDA for direct accreditation or renewal of 
direct accreditation?
1.671 How will FDA review applications for direct accreditation and 
for renewal of direct accreditation?
1.672 What is the duration of direct accreditation?

Requirements for Eligible Entities Under This Subpart

1.680 How and when will FDA monitor eligible entities?
1.681 How frequently must eligible entities be recertified?

General Requirements of This Subpart

1.690 How will FDA make information about recognized accreditation 
bodies and accredited auditors/certification bodies available to the 
public?
1.691 How do I request reconsideration of a denial by FDA of an 
application or a waiver request?
1.692 How do I request internal agency review of a denial of an 
application or waiver request upon reconsideration?
1.693 How do I request a regulatory hearing on a revocation of 
recognition or withdrawal of accreditation?

Audits for Other Purposes

1.698 May importers use reports of regulatory audits by accredited 
auditors/certification bodies for purposes of subpart L of this 
part?

Subpart M--Accredited Third-Party Food Safety Audits and Food or 
Facility Certification

    Authority: 15 U.S.C. 1453, 1454, 1455; 19 U.S.C. 1490, 1491; 21 
U.S.C. 321, 331, 332, 333, 334, 335a, 343, 350c, 350d, 350k, 352, 
355, 360b, 362, 371, 374, 381, 382, 384a, 384b, 384d, 393, 42 U.S.C. 
216, 241, 243, 262, 264.


Sec.  1.600  What definitions apply to this subpart?

    (a) The FD&C Act means the Federal Food, Drug, and Cosmetic Act.
    (b) Except as otherwise defined in paragraph (c) of this section, 
the definitions of terms in section 201 of the FD&C Act apply when the 
terms are used in this subpart.
    (c) In addition, for the purposes of this subpart:
    Accreditation means a determination by a recognized accreditation 
body (or, in the case of direct accreditation, by FDA) that a third-
party auditor/certification body meets the applicable requirements of 
this subpart, including the model accreditation standards.
    Accreditation body means an authority that performs accreditation 
of third-party auditors/certification bodies.
    Accredited auditor/certification body means a third-party auditor/
certification body that a recognized accreditation body (or, in the 
case of direct accreditation, FDA) has determined meets the applicable 
requirements of this subpart and is authorized to conduct food safety 
audits and to issue food or facility certifications to eligible 
entities.
    Audit means:
    (1) With respect to an accreditation body, the systematic, 
independent, and documented examination (through observation, 
investigation, and records review) by FDA to assess the accreditation 
body's authority, qualifications (including its expertise and training 
program), and resources; its procedures for quality assurance, 
conflicts of interest, and records; its performance in accreditation 
activities; and its capability to meet the applicable requirements of 
this subpart.
    (2) With respect to a third-party auditor/certification body, the 
systematic, independent, and documented examination (through 
observation, investigation, and records review) by a recognized 
accreditation body (or, in the case of direct accreditation, by FDA) to 
assess the third-party auditor's/certification body's authority, 
qualifications (including its expertise and training program), and 
resources; its procedures for quality assurance, conflicts of interest, 
and records; its performance in auditing and certification activities; 
and its capability to meet the applicable requirements of this subpart; 
and
    (3) With respect to an eligible entity, the systematic, 
independent, and documented examination (through observation, 
investigation, records review, and as appropriate, sampling and 
laboratory analysis) by an accredited auditor/certification body to 
assess the entity, its facility, system(s), and food using audit 
criteria for consultative or regulatory audits, including compliance 
with any applicable requirements for preventative controls, sanitation, 
monitoring, verification, corrective actions, and recalls, and, for 
consultative audits, also includes an assessment of compliance with 
applicable industry standards and practices.
    Audit agent means an individual who is an employee or other agent 
of an accredited auditor/certification body who, although not 
individually accredited, is qualified to conduct food safety audits on 
behalf of an accredited auditor/certification body. An audit agent 
includes a contractor of the accredited auditor/certification body.
    Certification body means a foreign government, agency of a foreign 
government, foreign cooperative, or any other third party that is 
eligible to be considered for accreditation to conduct food safety 
audits and to certify that eligible entities meet applicable 
requirements of the FD&C Act. A certification body may be a single 
individual or an organization. A certification body may use audit 
agents to conduct food safety audits. Certification body has the same 
meaning as Third-party auditor as that term is defined in section 808 
of the FD&C Act and in this subpart.
    Consultative audit means an audit of an eligible entity:
    (1) To determine whether such entity is in compliance with 
applicable requirements of the FD&C Act and industry standards and 
practices; and
    (2) The results of which are for internal purposes only and cannot 
be used to determine eligibility for a food or facility certification 
issued under this subpart or in meeting the requirements

[[Page 45827]]

for an onsite audit of a foreign supplier under subpart L of this part.
    Direct accreditation means accreditation of a third-party auditor/
certification body by FDA.
    Eligible entity means a foreign entity that chooses to be subject 
to a food safety audit by an accredited auditor/certification body. 
Eligible entities include foreign facilities subject to the 
registration requirements of subpart H of this part.
    Facility means any structure, or structures of an eligible entity 
under one ownership at one general physical location, or, in the case 
of a mobile facility, traveling to multiple locations, that 
manufactures/processes, packs, or holds food for consumption in the 
United States. Transport vehicles are not facilities if they hold food 
only in the usual course of business as carriers. A facility may 
consist of one or more contiguous structures, and a single building may 
house more than one distinct facility if the facilities are under 
separate ownership. The private residence of an individual is not a 
facility. Non-bottled water drinking water collection and distribution 
establishments and their structures are not facilities.
    Facility certification means an attestation, issued for purposes of 
section 806 of the FD&C Act by an accredited auditor/certification 
body, after conducting a regulatory audit and any other activities 
necessary to establish that a facility meets the applicable 
requirements of the FD&C Act.
    Food certification means an attestation, issued for purposes of 
section 801(q) of the FD&C Act by an accredited auditor/certification 
body, after conducting a regulatory audit and any other activities 
necessary to establish that a food meets the applicable requirements of 
the FD&C Act.
    Food safety audit means a regulatory audit or a consultative audit.
    Foreign cooperative means an entity that aggregates food from 
growers or processors that is intended for export to the United States.
    Recognized accreditation body means an accreditation body that FDA 
has determined meets the applicable requirements of this subpart and is 
authorized to accredit third-party auditors/certification bodies under 
this subpart.
    Regulatory audit means an audit of an eligible entity:
    (1) To determine whether such entity is in compliance with the 
provisions of the FD&C Act; and
    (2) The results of which are used in determining eligibility for 
food certification under section 801(q) of the FD&C Act or facility 
certification under section 806 of the FD&C Act, and may be used by an 
importer in meeting the requirements for an onsite audit of a foreign 
supplier under subpart L of this part.
    Relinquishment means:
    (1) With respect to an accreditation body, a decision to cede 
voluntarily its authority to accredit third-party auditors/
certification bodies as a recognized accreditation body; and
    (2) With respect to a third-party auditor/certification body, a 
decision to cede voluntarily its authority to conduct food safety 
audits and to issue food and facility certifications to eligible 
entities.
    Self-assessment means a systematic assessment conducted by an 
accreditation body or by a third-party auditor/certification body to 
determine whether it meets the applicable requirements of this subpart.
    Third-party auditor means a foreign government, agency of a foreign 
government, foreign cooperative, or any other third party that is 
eligible to be considered for accreditation to conduct food safety 
audits and to certify that eligible entities meet the applicable 
requirements of the FD&C Act. A third-party auditor may be a single 
individual or an organization. A third-party auditor may use audit 
agents to conduct food safety audits. Third-party auditor has the same 
meaning as Certification body as that term is defined in this subpart.


Sec.  1.601  Who is subject to this subpart?

    (a) Accreditation bodies. Any accreditation body seeking 
recognition from FDA to accredit third-party auditor/certification 
bodies for conducting food safety audits and for issuing food and 
facility certifications to eligible entities.
    (b) Third-party auditors/certification bodies. Any third-party 
auditor/certification body seeking accreditation from a recognized 
accreditation body or direct accreditation by FDA for:
    (1) Conducting food safety audits; and
    (2) Issuing food and facility certifications that may be used in 
satisfying a condition of admissibility of an article of food under 
section 801(q) of the FD&C Act; or in meeting the eligibility 
requirements for the Voluntary Qualified Importer Program under section 
806 of the FD&C Act.
    (c) Eligible entities. Any eligible entity seeking a food safety 
audit or a food or facility certification from an accredited auditor/
certification body, except as provided in paragraph (d) of this 
section.
    (d) Limited exemptions from section 801(q) of the FD&C Act. (1) The 
certification of food under section 801(q) of the FD&C Act does not 
apply with respect to alcoholic beverages from an eligible entity that 
is a facility that meets the following two conditions:
    (i) Under the Federal Alcohol Administration Act (27 U.S.C. 201 et 
seq.) or chapter 51 of subtitle E of the Internal Revenue Code of 1986 
(26 U.S.C. 5001 et seq.), the facility is a foreign facility of a type 
that, if it were a domestic facility, would require obtaining a permit 
from, registering with, or obtaining approval of a notice or 
application from the Secretary of the Treasury as a condition of doing 
business in the United States; and
    (ii) Under section 415 of the FD&C Act, the facility is required to 
register as a facility because it is engaged in manufacturing/
processing one or more alcoholic beverages.
    (2) Certification of food under section 801(q) of the FD&C Act does 
not apply with respect to food other than alcoholic beverages that is 
from a facility described in paragraph (d)(1) of this section, provided 
such food:
    (i) Is in prepackaged form that prevents any direct human contact 
with such food; and
    (ii) Constitutes not more than 5 percent of the overall sales of 
the facility, as determined by the Secretary of the Treasury.

Recognition of Accreditation Bodies Under This Subpart


Sec.  1.610  Who is eligible for recognition?

    An accreditation body is eligible for recognition by FDA if it can 
demonstrate that it meets the requirements of Sec. Sec.  1.611 to 
1.615.


Sec.  1.611  What legal authority must an accreditation body have to 
qualify for recognition?

    (a) An accreditation body seeking recognition must demonstrate that 
it has the authority (as a governmental entity or through contractual 
rights) to perform such assessments of a third-party auditor/
certification body as are necessary to determine its capability to 
audit and certify food facilities and food, including authority to:
    (1) Review any relevant records;
    (2) Conduct onsite assessments of the performance of third-party 
auditors/certification bodies, such as by witnessing the performance of 
a statistically significant number of personnel and other agents 
conducting assessments;
    (3) Perform any reassessments or surveillance necessary to monitor

[[Page 45828]]

compliance of accredited auditors/certification bodies; and
    (4) Suspend, withdraw, or reduce the scope of accreditation for 
failure to comply with the requirements of accreditation.
    (b) An accreditation body seeking recognition must demonstrate that 
it is capable of exerting any authority necessary to meet the 
requirements of recognition in Sec. Sec.  1.620 to 1.625 and the 
procedures in Sec. Sec.  1.630, 1.635, and 1.636, if recognized.


Sec.  1.612  What competency and capacity must an accreditation body 
have to qualify for recognition?

    An accreditation body seeking recognition must demonstrate that it 
has:
    (a) The resources required to adequately implement its 
accreditation program, including:
    (1) Adequate numbers of personnel and other agents with relevant 
knowledge, skills, and experience to effectively assess the 
qualifications of third-party auditors/certification bodies seeking 
accreditation and to effectively monitor the performance of third-party 
auditors/certification bodies; and
    (2) Adequate financial resources for its operations; and
    (b) The capability to meet the assessment and monitoring 
requirements of Sec. Sec.  1.620 and 1.621, the reporting and 
notification requirements of Sec.  1.623, and the procedures in 
Sec. Sec.  1.630, 1.631, 1.635, and 1.636, if recognized.


Sec.  1.613  What protections against conflicts of interest must an 
accreditation body have to qualify for recognition?

    An accreditation body must demonstrate that it has:
    (a) Implemented written measures to protect against conflicts of 
interest between the accreditation body (and its officers, personnel, 
and other agents) and third-party auditors/certification bodies (and 
their officers, personnel, and other agents) seeking accreditation 
from, or accredited by, such accreditation body; and
    (b) The capability to meet the conflict of interest requirements in 
Sec.  1.624, if recognized.


Sec.  1.614  What quality assurance procedures must an accreditation 
body have to qualify for recognition?

    An accreditation body seeking recognition must demonstrate that it 
has:
    (a) Implemented a written program for monitoring and assessing the 
performance of its officers, personnel and other agents and its 
accreditation program, including procedures to:
    (1) Identify areas in its accreditation program or performance that 
need improvement; and
    (2) Quickly execute appropriate corrective actions when problems 
are found; and
    (b) The capability to meet the quality assurance requirements of 
Sec.  1.622, if recognized.


Sec.  1.615  What records procedures must an accreditation body have to 
qualify for recognition?

    An accreditation body seeking recognition must demonstrate that it 
has:
    (a) Implemented written procedures to establish, control, and 
retain records (including documents and data) for the period of time 
necessary to meet its contractual and legal obligations and to provide 
an adequate basis for assessing its program and performance; and
    (b) Is capable of meeting the reporting and notification 
requirements of Sec.  1.623 and the records requirements of Sec.  
1.625, if recognized.

Requirements for Recognized Accreditation Bodies Under This Subpart


Sec.  1.620  How must a recognized accreditation body assess third-
party auditors/certification bodies seeking accreditation?

    (a) Prior to accrediting a third-party auditor/certification body 
under this subpart, a recognized accreditation body must perform, at a 
minimum, the following:
    (1) In the case of a foreign government or an agency of a foreign 
government, such reviews and audits of its food safety programs, 
systems, and standards as are necessary to determine that it meets the 
eligibility requirements of Sec.  1.640(b) and any requirements 
specified in FDA model accreditation standards regarding qualifications 
for accreditation, including legal authority, competency, capacity, 
conflicts of interest, quality assurance, and records.
    (2) In the case of a foreign cooperative that aggregates the 
products of growers or processor or any other third-party seeking 
accreditation as a third-party auditor/certification body, such reviews 
and audits of the training and qualifications of audit agents used by 
such cooperative or other third party and such reviews of internal 
systems and any other investigation of the cooperative or other third 
party necessary to determine that it meets the eligibility requirements 
of Sec.  1.640(c) and any requirements specified in FDA model 
accreditation standards regarding qualifications for accreditation, 
including legal authority, competency, capacity, conflicts of interest, 
quality assurance, and records.
    (3) In conducting a review and audit under paragraph (a)(1) or 
(a)(2) of this section, observe a statistically significant number of 
onsite audits conducted by the third-party auditor/certification body 
(or its audit agents) to assess compliance with the applicable 
requirements of the FD&C Act.
    (b) A recognized accreditation body must require a third-party 
auditor/certification body, as a condition of accreditation under this 
subpart, to comply with the reports and notification requirements of 
Sec. Sec.  1.652 and 1.656 and to agree to submit electronic food and 
facility certifications, in English, to FDA for purposes of sections 
801(q) and 806 of the FD&C Act.
    (c) A recognized accreditation body must maintain records on any 
denial of accreditation (in whole or in part) and on any withdrawal, 
suspension, or reduction in scope of accreditation of a third-party 
auditor/certification body under this subpart. The records must include 
the name and contact information for the third-party auditor/
certification body; the scope of accreditation denied, withdrawn, 
suspended, or reduced; and the basis for such action.
    (d) A recognized accreditation body must implement written 
procedures for receiving and addressing appeals from any third-party 
auditor/certification body challenging an adverse decision associated 
with accreditation under this subpart and for investigating and 
deciding on appeals in a fair and meaningful manner. The appeals 
procedures must provide similar protections to those offered by FDA 
under Sec. Sec.  1.692 and 1.693, including requirements to:
    (1) Make the appeals procedures publicly available;
    (2) Use competent, independent persons to investigate and decide 
appeals;
    (3) Advise third-party auditors/certification bodies of the final 
decisions on their appeals; and
    (4) Maintain records under Sec.  1.625 of appeals, final decisions 
on appeals, and the bases for such decisions.


Sec.  1.621  How must a recognized accreditation body monitor the 
performance of third-party auditors/certification bodies it accredits?

    A recognized accreditation body must annually conduct a 
comprehensive assessment of the performance of each auditor/
certification body it accredited under this subpart by reviewing the 
auditor's/certification body's self-assessments (including information 
on

[[Page 45829]]

compliance with the conflict of interest requirements of Sec. Sec.  
1.643 and 1.657); its regulatory audit reports and notifications 
submitted to FDA under Sec.  1.656; and any other information 
reasonably available to the accreditation body:
    (a) Regarding the compliance history of eligible entities it 
certified; or
    (b) That is otherwise relevant to a determination whether the 
accredited auditor/certification body is in compliance with this 
subpart.


Sec.  1.622  How must a recognized accreditation body monitor its own 
performance?

    (a) A recognized accreditation body must annually, and as required 
under Sec.  1.664(g), conduct a self-assessment that includes 
evaluation of:
    (1) The performance of its officers, personnel, or other agents in 
activities under this subpart and the degree of consistency among such 
performances;
    (2) The compliance of the accreditation body and its officers, 
personnel, and other agents, with the conflict of interest requirements 
of Sec.  1.624; and
    (3) If requested by FDA, any other aspects of its performance 
relevant to a determination whether the accreditation body is in 
compliance with this subpart.
    (b) As a means to evaluate the accreditation body's performance, 
the self-assessment must include onsite observation of regulatory 
audits by a statistically significant number of third-party auditors/
certification bodies it accredited under this subpart.
    (c) Based on the evaluations conducted under paragraphs (a) and (b) 
of this section, the accreditation body must:
    (1) Identify any area(s) needing improvement;
    (2) Quickly implement effective corrective action(s) to address 
those area(s); and
    (3) Establish and maintain records of such corrective action(s) 
under Sec.  1.625.
    (d) The accreditation body must prepare, and as required by Sec.  
1.623(b) submit, a written report of the results of its self-assessment 
that includes:
    (1) A description of any corrective actions taken under paragraph 
(c) of this section;
    (2) A statement disclosing the extent to which the accreditation 
body, and its officers, personnel, and other agents, complied with the 
conflict of interest requirements in Sec.  1.624; and
    (3) A statement attesting to the extent to which the accreditation 
body complied with applicable requirements of this subpart.


Sec.  1.623  What reports and notifications must a recognized 
accreditation body submit to FDA?

    (a) Reporting results of assessments of certification body 
performance. A recognized accreditation body must submit to FDA 
electronically, in English, a report of the results of any assessment 
conducted under Sec.  1.621, no later than 45 days after completing 
such assessment. The report must include an up-to-date list of any 
audit agent used by the accredited auditor/certification body to 
conduct food safety audits under this subpart.
    (b) Reporting results of accreditation body self-assessments. A 
recognized accreditation body must submit to FDA electronically, in 
English, a report of the results of an annual self-assessment required 
under Sec.  1.622, no later than 45 days after completing such self-
assessment and, for a recognized accreditation body subject to Sec.  
1.664(g)(1), must submit a report of such self-assessment to FDA within 
2 months.
    (c) Immediate notification to FDA. A recognized accreditation body 
must notify FDA electronically, in English, immediately upon:
    (1) Granting accreditation to an auditor/certification body under 
this subpart, and include:
    (i) The name, address, and telephone number of the auditor/
certification body;
    (ii) The name of one or more officers of the auditor/certification 
body;
    (iii) A list of the auditor's/certification body's audit agents; 
and
    (iv) The scope of accreditation and the date on which it was 
granted.
    (2) Withdrawing, suspending, or reducing the scope of an 
accreditation under this subpart, and include:
    (i) The basis for such action; and
    (ii) Any additional changes to accreditation information previously 
submitted to FDA under paragraph (c)(1) of this section.
    (3) Determining that an auditor/certification body it accredited 
failed to comply with Sec.  1.653 in issuing a food or facility 
certification under this subpart, and include:
    (i) The basis for such determination; and
    (ii) Any changes to accreditation information previously submitted 
to FDA under paragraph (c)(1) of this section.
    (d) Other notification to FDA. A recognized accreditation body must 
notify FDA electronically, in English, within 30 days after:
    (1) Denying accreditation (in whole or in part) under this subpart 
and include:
    (i) The name, address, and telephone number of the auditor/
certification body;
    (ii) The name of one or more officers of the auditor/certification 
body;
    (iii) The scope of accreditation requested; and
    (iv) The basis for such denial.
    (2) Making any significant change that would affect the manner in 
which it complies with the requirements in Sec. Sec.  1.610 to 1.625 
and include:
    (i) A description of the change; and
    (ii) An explanation for the purpose of the change.


Sec.  1.624  How must a recognized accreditation body protect against 
conflicts of interest?

    (a) A recognized accreditation body must implement a written 
program to protect against conflicts of interest between the 
accreditation body (and its officers, personnel, and other agents) and 
a third-party auditor/certification body (and its officers, personnel, 
and other agents) seeking accreditation from, or accredited by, such 
accreditation body, including the following:
    (1) Ensuring that the accreditation body (and its officers, 
personnel, or other agents) do not own or have a financial interest in, 
manage, or otherwise control the third-party auditor/certification body 
(or any affiliate, parent, or subsidiary); and
    (2) Prohibiting officers, personnel, or other agents of the 
accreditation body from accepting any money, gift, gratuity, or item of 
value from the third-party auditor/certification body.
    (3) The items specified in paragraph (a)(2) of this section do not 
include:
    (i) Money representing payment of fees for accreditation services 
and reimbursement of direct costs associated with an onsite audit or 
assessment of the third-party auditor/certification body; or
    (ii) Meals, of de minimis value, provided on the premises where the 
audit or assessment is conducted.
    (b) The financial interests of the spouses and children younger 
than 18 years of age of officers, personnel, and other agents of a 
recognized accreditation body will be considered the financial 
interests of such officers, personnel, and other agents of the 
accreditation body.
    (c) A recognized accreditation body must maintain on its Web site 
an up-to-date list of the auditors/certification bodies it accredited 
under this subpart and must identify the duration and scope of each 
accreditation and date(s) on each the accredited auditor/certification 
body paid any fee or reimbursement associated with such accreditation.

[[Page 45830]]

Sec.  1.625  What records requirements must a recognized accreditation 
body meet?

    (a) A recognized accreditation body must maintain electronically 
for 5 years records (including documents and data), in English, 
demonstrating its compliance with this subpart, including records 
relating to:
    (1) Applications for accreditation and renewal of accreditation 
under Sec.  1.660;
    (2) Decisions to grant, deny, suspend, withdraw, or reduce the 
scope of an accreditation;
    (3) Challenges to adverse accreditation decisions under Sec.  
1.620(c);
    (4) Its monitoring of accredited auditors/certification bodies 
under Sec.  1.621;
    (5) Self-assessments and corrective actions under Sec.  1.622;
    (6) Regulatory audit reports, including any supporting information, 
that an accredited auditor/certification body may have submitted; and
    (7) Any reports or notifications to FDA under Sec.  1.623, 
including any supporting information.
    (b) A recognized accreditation body must make records required by 
paragraph (a) of this section available for inspection and copying 
promptly upon written request of an authorized FDA officer or employee 
at the place of business of the accreditation body or at a reasonably 
accessible location. If the records required by paragraph (a) of this 
section are requested by FDA electronically, the records must be 
submitted to FDA electronically, in English, not later than 10 business 
days after the date of the request.
    (c) A recognized accreditation body must not prevent or interfere 
with FDA's access to its accredited auditors/certification bodies and 
the auditor/certification body records required by Sec.  1.658.

Procedures for Recognition of Accreditation Bodies Under This Subpart


Sec.  1.630  How do I apply to FDA for recognition or renewal of 
recognition?

    (a) Applicant for recognition. An accreditation body seeking 
recognition must submit an application demonstrating that it meets the 
eligibility requirements in Sec.  1.610.
    (b) Applicant for renewal of recognition. An accreditation body 
seeking renewal of its accreditation must submit a renewal application 
demonstrating that it continues to meet the eligibility requirements in 
Sec.  1.610.
    (c) Submission. Recognition and renewal applications and any 
documents provided as part of the application process must be submitted 
electronically, in English. An applicant must provide any translation 
and interpretation services needed by FDA to process the application, 
including during onsite audits or assessments of the applicant by FDA.
    (d) Signature. Recognition and renewal applications must be signed 
by the applicant or by any individual authorized to act on behalf of 
the applicant for purposes of seeking recognition or renewal of 
recognition.


Sec.  1.631  How will FDA review applications for recognition and for 
renewal of recognition?

    (a) FDA will review a recognition or renewal application on a first 
in, first out basis according to the date on which the application was 
submitted in complete form.
    (b) FDA will evaluate any completed recognition or renewal 
application to determine whether the applicant meets the eligibility 
requirements in Sec.  1.610 and will notify the applicant, in writing, 
whether the application has been approved or denied. FDA may make such 
notification electronically.
    (c) When FDA notifies an applicant that its recognition or renewal 
application has been approved, the notification will list any 
conditions associated with the recognition.
    (d) If FDA denies a recognition or renewal application, the 
notification will state the basis for such denial and will provide the 
address and procedures for requesting reconsideration of the 
application under Sec.  1.691.
    (e) If FDA does not reach a final decision on a renewal application 
before an accreditation body's recognition terminates by expiration, 
FDA may extend such recognition for a specified period of time or until 
the agency reaches a final decision on the renewal application.


Sec.  1.632  What is the duration of recognition?

    FDA may grant recognition of an accreditation body for a period not 
to exceed 5 years.


Sec.  1.633  How will FDA monitor recognized accreditation bodies?

    (a) FDA will periodically evaluate the performance of each 
recognized accreditation body to determine its compliance with the 
applicable requirements of this subpart. Such evaluation must occur by 
at least 4 years after the date of accreditation for a 5-year term of 
recognition, or by no later than mid-term point for recognition granted 
for less than 5 years. FDA may conduct additional performance 
evaluations of a recognized accreditation body at any time.
    (b) An FDA performance evaluation may include onsite assessments of 
statistically significant numbers of auditors/certification bodies the 
recognized accreditation body accredited and onsite audits of eligible 
entities such auditors/certification bodies certified. These may be 
conducted at any time, with or without the accreditation body or 
auditor/certification body present.


Sec.  1.634  When will FDA revoke recognition?

    (a) Grounds for revocation of recognition. FDA will revoke the 
recognition of an accreditation body for any one or more of the 
following:
    (1) Refusal to allow FDA to access records required by Sec.  1.625, 
or to conduct an audit, assessment, or investigation of the 
accreditation body or of a third-party auditor/certification body it 
accredited to ensure the accreditation body's continued compliance with 
the requirements of this subpart.
    (2) Failure to take timely and necessary corrective action when:
    (i) The accreditation of an auditor/certification body it 
accredited is withdrawn by FDA under Sec.  1.664(a);
    (ii) A significant problem with the accreditation body is 
identified through self-assessment under Sec.  1.622, monitoring under 
Sec.  1.621, or self-assessment by one or more of its accredited 
auditors/certification bodies under Sec.  1.655; or
    (iii) Directed by FDA to ensure compliance with this subpart.
    (3) A determination by FDA that the accreditation body has 
committed fraud or has submitted material false statements to the 
agency.
    (4) A determination by FDA that there is otherwise good cause for 
revocation, including:
    (i) Demonstrated bias or lack of objectivity when conducting 
activities under this subpart; or
    (ii) Failure to adequately support one or more decisions to grant 
accreditation under this subpart.
    (b) Records request associated with revocation. To assist in 
determining whether revocation is warranted under paragraph (a) of this 
section, FDA may request records of the accreditation body required by 
Sec.  1.625 or the records, required by Sec.  1.658, of one or more of 
the auditors/certification bodies it accredited under this subpart.
    (c) Notice to the accreditation body of revocation of recognition. 
(1) Upon revocation, FDA will notify the accreditation body 
electronically, in English, stating the grounds for revocation, the 
procedures for requesting a regulatory hearing under

[[Page 45831]]

Sec.  1.693 on the revocation, and the procedures for requesting 
reinstatement of recognition under Sec.  1.636.
    (2) Within 10 business days of the date of revocation, the 
accreditation body must notify FDA electronically, in English, of the 
location where the records required by Sec.  1.625 will be maintained.
    (d) Effect of revocation of recognition on accredited auditors/
certification bodies. (1) FDA will notify an accredited auditor/
certification body, electronically and in English, if the recognition 
of its accreditation body is revoked. Such auditor's/certification 
body's accreditation will remain in effect if the auditor/certification 
body:
    (i) No later than 2 months after the revocation, conducts a self-
assessment under Sec.  1.655 and reports the results of the self-
assessment to FDA under Sec.  1.656(b); and
    (ii) No later than 1 year after the revocation, becomes accredited 
by a recognized accreditation body or by FDA through direct 
accreditation.
    (2) FDA may withdraw the accreditation of a third-party auditor/
certification body whenever FDA determines there is good cause for 
withdrawal of accreditation under Sec.  1.664.
    (e) Effect of revocation of recognition on food or facility 
certifications issued to eligible entities. A food or facility 
certification issued by an auditor/certification body accredited by an 
accreditation body prior to revocation of recognition will remain in 
effect until the certificate terminates by expiration. If FDA has 
reason to believe that a food certification issued for purposes of 
section 801(q) of the FD&C Act is not valid or reliable, FDA may refuse 
to consider the certification in determining the admissibility of the 
article of food for which the certification was offered.
    (f) Public notice of revocation and the status of accreditations 
and food and facility certifications. FDA will provide notice on the 
Web site described in Sec.  1.690 of the revocation of recognition of 
an accreditation body under this subpart.


Sec.  1.635  How do I voluntarily relinquish recognition?

    (a) An accreditation body that decides to relinquish recognition 
before it terminates by expiration must notify FDA electronically, in 
English, at least 6 months before relinquishing such authority and must 
identify the location where the records required by Sec.  1.625 will be 
maintained. An accreditation body waives the right to a hearing when 
relinquishing its recognition under this subpart.
    (b) No later than 15 business days after notifying FDA, the 
accreditation body must notify any third-party auditor/accreditation 
body currently accredited that it intends to relinquish its 
recognition, specify the date on which it will occur. The accreditation 
body must establish and maintain records of such notification under 
Sec.  1.625.
    (c) An accreditation granted by an accreditation body prior to 
relinquishing its recognition will remain in effect, subject to 
reaccreditation under Sec.  1.665, except where FDA determines that 
there is good cause for withdrawal of accreditation under Sec.  1.664.
    (d) A food certification issued by such accredited auditor/
certification body will remain in effect until it terminates by 
expiration, unless FDA requires renewal of the certification under 
section 801(q)(4)(A) of the FD&C Act prior to its expiration. If FDA 
has reason to believe that a certification issued for purposes of 
section 801(q) of the FD&C Act is not valid or reliable, FDA may refuse 
to consider the certification in determining the admissibility of the 
article of food for which the certification was offered.
    (e) FDA will provide notice on the Web site described in Sec.  
1.690 of the voluntary relinquishment of recognition of an 
accreditation body. The notice will describe the effect, if any, on any 
third-party auditor/certification body it accredited and on any food or 
facility certifications such auditor/certification body issued under 
this subpart.


Sec.  1.636  How do I request reinstatement of recognition?

    (a) Application following revocation. An accreditation body that 
has had its recognition revoked may seek reinstatement by submitting a 
new application for recognition under Sec.  1.630, or may be required 
to submit such application after a determination in a regulatory 
hearing under Sec.  1.693 that revocation was appropriate. The 
accreditation body must submit evidence that the grounds for revocation 
have been resolved, including evidence addressing the cause or 
conditions that were the basis for revocation and identifying measures 
that have been implemented to help ensure that such cause(s) or 
condition(s) are unlikely to recur.
    (b) Application following relinquishment. An accreditation body 
that previously relinquished its recognition under Sec.  1.635 may seek 
recognition by submitting a new application for recognition under Sec.  
1.630.

Accreditation of Third-Party Auditors/Certification Bodies Under This 
Subpart


Sec.  1.640  Who is eligible for accreditation?

    (a) A foreign government, agency of a foreign government, foreign 
cooperative, or any other third party may seek accreditation from a 
recognized accreditation body (or, where direct accreditation is 
appropriate, FDA) to conduct food safety audits and to issue food and 
facility certifications to eligible entities under this subpart.
    (b) A foreign government or an agency of a foreign government is 
eligible for accreditation if it can demonstrate that its food safety 
programs, systems, and standards meet the requirements of Sec. Sec.  
1.641 to 1.645, as specified in FDA model standards on qualifications 
for accreditation, including legal authority, competency, capacity, 
conflicts of interest, quality assurance, and records.
    (c) A foreign cooperative or other third party is eligible for 
accreditation if it can demonstrate that the training and 
qualifications of its audit agents and its internal systems and 
standards meet the requirements of Sec. Sec.  1.641 to 1.645, as 
specified in FDA model standards on qualifications for accreditation, 
including legal authority, competency, capacity, conflicts of interest, 
quality assurance, and records.


Sec.  1.641  What legal authority must a third-party auditor/
certification body have to qualify for accreditation?

    (a) A third-party auditor/certification body seeking accreditation 
from a recognized accreditation body or from FDA must demonstrate that 
it has the authority (as a governmental entity or through contractual 
rights) to perform such assessments of facilities, their process(es), 
and food(s) as are necessary to determine compliance with the FD&C Act 
and with industry standards and practices and to issue certifications 
where appropriate based on a review of the findings of such 
assessments. This includes authority to:
    (1) Review any relevant records;
    (2) Conduct onsite audits of the eligible entity, such as 
witnessing the performance of a statistically significant number of 
personnel and other agents conducting audits of food facilities; and
    (3) Suspend or withdraw certification for failure to comply with 
applicable requirements.
    (b) A third-party auditor/certification body seeking accreditation 
must demonstrate that it is capable of exerting any authority necessary 
to meet the requirements of accreditation in Sec. Sec.  1.650 to 1.658 
and the procedures in Sec. Sec.  1.660, 1.663, 1.665, 1.666, and 1.670, 
if accredited.

[[Page 45832]]

Sec.  1.642  What competency and capacity must a third-party auditor/
certification body have to qualify for accreditation?

    A third-party auditor/certification body seeking accreditation must 
demonstrate that it has:
    (a) The resources necessary to fully implement its audit and 
certification program, including:
    (1) Adequate numbers of personnel and other agents with relevant 
knowledge, skills, and experience to effectively audit and assess 
compliance with applicable FDA requirements and industry standards and 
practices and to issue valid and reliable certifications; and
    (2) Adequate financial resources for its operations; and
    (b) The competency and capacity to meet the requirements of 
Sec. Sec.  1.650 to 1.658 and the procedures in Sec. Sec.  1.660, 
1.663, 1.665, 1.666, and 1.670, if accredited.


Sec.  1.643  What protections against conflicts of interest must a 
third-party auditor/certification body have to qualify for 
accreditation?

    A third-party auditor/certification body must demonstrate that it 
has:
    (a) Implemented written measures to protect against conflicts of 
interest between the auditor/certification body (and its officers, 
personnel, and other agents) and eligible entities (and their owners 
and operators) seeking assessment and certification from, or assessed 
and certified by, such auditor/certification body; and
    (b) The capability to meet the conflict of interest requirements in 
Sec.  1.657, if accredited.


Sec.  1.644  What quality assurance procedures must a third-party 
auditor/certification body have to qualify for accreditation?

    A third-party auditor/certification body seeking accreditation must 
demonstrate that it has:
    (a) Implemented a written program for monitoring and assessing the 
performance of its officers, personnel, and other agents involved in 
auditing and certification activities, including procedures to:
    (1) Identify areas in its auditing and certification program or 
performance that need improvement; and
    (2) Quickly execute appropriate corrective actions when problems 
are found; and
    (b) The capability to meet the quality assurance requirements of 
Sec.  1.655, if accredited.


Sec.  1.645  What records procedures must a third-party auditor/
certification body have to qualify for accreditation?

    A third-party auditor/certification body seeking accreditation must 
demonstrate that it:
    (a) Implemented written procedures to establish, control, and 
retain records (including documents and data) for a period of time 
necessary to meet its contractual and legal obligations and to provide 
an adequate basis for assessing its program and performance; and
    (b) Is capable of meeting the reporting and notification 
requirements of Sec.  1.656 and the records requirements of Sec.  
1.658, if accredited.

Requirements for Accredited Auditors/Certification Bodies Under This 
Subpart


Sec.  1.650  How must an accredited auditor/certification body ensure 
its audit agents are competent and objective?

    (a) An accredited auditor/certification body that uses audit agents 
to conduct food safety audits must ensure that each such agent meets 
the following requirements with respect to the scope of its 
accreditation under this subpart:
    (1) Has relevant knowledge and experience that provides an adequate 
basis for the agent to assess compliance with the FD&C Act and, for 
consultative audits, industry standards and practices;
    (2) Has been determined by the accredited auditor/certification 
body, through observations of a representative number of audits, to be 
competent to conduct food safety audits under this subpart;
    (3) Participates in annual food safety training under the 
accredited auditor's/certification body's training plan;
    (4) Is in compliance with the conflict of interest requirements of 
Sec.  1.657 and has no other conflicts of interest with the eligible 
entity to be audited that might impair the agent's objectivity; and
    (5) Agrees to notify its accredited auditor/certification body 
immediately upon discovering, during a food safety audit, any condition 
that could cause or contribute to a serious risk to the public health.
    (b) In assigning an audit agent to conduct a food safety audit at a 
particular eligible entity, an accredited auditor/certification body 
must determine that the agent is qualified to conduct such audit under 
the criteria established in paragraph (a) of this section and based on 
the scope and purpose of the audit and the type of facility, its 
process(es), and food.
    (c) An accredited auditor/certification body cannot use an audit 
agent to conduct a regulatory audit at an eligible entity if such agent 
conducted a consultative audit or regulatory audit for the same 
eligible entity in the preceding 13 months, except that such limitation 
may be waived if the accredited auditor/certification body demonstrates 
to FDA, under Sec.  1.663, there is insufficient access to accredited 
auditors/certification bodies in the country or region where the 
eligible entity is located or in the country of export.


Sec.  1.651  How must an accredited auditor/certification body conduct 
a food safety audit of an eligible entity?

    (a) Audit planning. Before beginning to conduct a food safety audit 
under this subpart, an accredited auditor/certification body must:
    (1) Require the entity seeking an audit to:
    (i) Identify the scope and purpose of the food safety audit, 
including the facility, process(es), or food to be audited; whether the 
audit is to be conducted as a consultative or regulatory audit, and if 
a regulatory audit, the type(s) of certification(s) sought; and
    (ii) Provide a 30-day operating schedule for such facility that 
includes information relevant to the scope and purpose of the audit; 
and
    (2) Determine whether the requested audit is within its scope of 
accreditation.
    (b) Authority to audit. In arranging a food safety audit with an 
eligible entity, an accredited auditor/certification body must ensure 
it has authority, whether contractual or otherwise, to:
    (1) Conduct an unannounced audit to verify whether the activities 
and results of the eligible entity (within the scope of the audit) 
comply with the applicable requirements of the FD&C Act and, for 
consultative audits, industry standards and practices;
    (2) Access any records and any area of the facility, its 
process(es), and food of the eligible entity relevant to the scope and 
purpose of such audit and, where appropriate, to issue food and 
facility certifications;
    (3) Where FDA requires sampling and analysis, use of validated 
sampling or analytical methodologies and analysis by a laboratory that 
is accredited, in accordance with the requirements of section 422 of 
the FD&C Act;
    (4) Notify FDA immediately if, at any time during a food safety 
audit, the accredited auditor/certification body (or its audit agent, 
where applicable) discovers a condition that could cause or contribute 
to a serious risk to the public health and provide information required 
by Sec.  1.656(c);
    (5) Prepare reports of consultative audits that contain the 
elements

[[Page 45833]]

specified in Sec.  1.652(a) and, for regulatory audits, prepare reports 
that contain the elements specified in Sec.  1.652(b) and submit them 
to FDA and to its accreditation body (where applicable) under Sec.  
1.656(a); and
    (6) Allow FDA and the recognized accreditation body that accredited 
such third-party auditor/certification body, if any, to observe any 
food safety audit for purposes of evaluating the accredited auditor's/
certification body's performance under Sec. Sec.  1.621 and 1.662 or, 
where appropriate, the recognized accreditation body's performance 
under Sec. Sec.  1.622 and 1.633.
    (c) Audit protocols. An accredited auditor/certification body (or 
its audit agent, where applicable) must conduct a food safety audit in 
a manner consistent with the identified scope and purpose of the audit 
and within the scope of its accreditation.
    (1) The audit must be conducted without announcement during the 30-
day timeframe identified under paragraph (a)(1)(ii) of this section and 
must be focused on the highest food safety risk(s) associated with the 
facility, its process(es), and food within the scope of the audit.
    (2) The audit must include records review; an onsite assessment of 
the facility, its process(es), and the food that results from such 
process(es); and where appropriate, environmental or product sampling 
and analysis, using validated procedures (including sample integrity 
procedures) and analysis performed by a laboratory accredited in 
accordance with the requirements of section 422 of the FD&C Act. The 
audit may include any other activities necessary to establish 
compliance with the FD&C Act.
    (3) The audit must be sufficiently rigorous to allow the accredited 
auditor/certification body to determine whether the entity is in 
compliance with the FD&C Act at the time of the audit; and for a 
regulatory audit, whether the entity would be likely to remain in 
compliance with the applicable requirements of the FD&C Act for at 
least 12 months following the audit, provided that the facility and its 
process(es) are properly maintained and implemented.
    (4) Audit observations and assessments, including corrective 
actions, must be documented and must be used to support the findings 
contained in the audit report required by Sec.  1.652 and maintained as 
a record of the accredited auditor/certification body under Sec.  
1.658.


Sec.  1.652  What must an accredited auditor/certification body include 
in food safety audit reports?

    (a) Consultative audits. An accredited auditor/certification body 
must prepare a report of a consultative audit, in English, not later 
than 45 days after completing such audit and must maintain such report 
under Sec.  1.658. A consultative audit report must include:
    (1) The name and address of the facility subject to audit and the 
name and address of the eligible entity, if different from the 
facility;
    (2) A unique facility identifier, as required by FDA, for the 
facility and for the eligible entity, if different from the facility;
    (3) The names and telephone numbers of the persons responsible for 
food safety compliance at the facility;
    (4) The dates and scope of the audit; and
    (5) Any deficiencies observed that require corrective action, the 
corrective action plan, and the date on which such corrective actions 
were completed. Such audit report must be maintained as a record under 
Sec.  1.658 and must be made available to FDA under Sec.  1.361.
    (b) Regulatory audits. An accredited auditor/certification body 
must, no later than 45 days after completing a regulatory audit, 
prepare and submit electronically, in English, to FDA and to its 
accreditation body (or, in the case of direct accreditation, only to 
FDA) a report of such regulatory audit that includes the following 
information:
    (1) The identity of the audited facility, including:
    (i) The name and address of the facility subject to audit and a 
unique facility identifier, as required by FDA; and
    (ii) Where applicable, the FDA registration number assigned to the 
facility under subpart H of this part;
    (2) The identity of the eligible entity, including the name, 
address, and unique facility identifier, as required by FDA, of the 
eligible entity (if different than that of facility);
    (3) The dates and scope of the regulatory audit;
    (4) The process(es) and food(s) observed during such audit;
    (5) The identity of the person(s) responsible for the facility's 
compliance with the applicable requirements of the FD&C Act;
    (6) Any deficiencies observed during the audit that present a 
reasonable probability that the use of or exposure to a violative 
product:
    (i) Will cause serious adverse health consequences or death; or
    (ii) May cause temporary or medically reversible adverse health 
consequences or where the probability of serious adverse health 
consequences is remote;
    (7) The corrective action plan for addressing each deficiency 
identified under paragraph (b)(6) of this section, unless corrective 
action was implemented immediately and verified onsite by the 
accredited auditor/certification body (or its audit agent);
    (8) Whether any sampling and laboratory analysis (e.g., under a 
microbiological sampling plan) is used in the facility;
    (9) Whether the entity has issued a food safety-related recall of 
an article of food from the facility during the 2 years preceding the 
audit and, if so, any such article(s) recalled and the reason(s) for 
the recall(s);
    (10) Whether the entity has made significant changes to the 
facility, its process(es), or products during the 2 years preceding the 
audit; and
    (11) Any food or facility certifications issued to the entity 
during the 2 years preceding the audit, including the scope and 
duration of each such certification.
    (c) Submission of regulatory audit report. An accredited auditor/
certification body must submit a completed regulatory audit report as 
required by paragraph (b) of this section, regardless of whether the 
food or facility certification was issued under this subpart.
    (d) Appeals of adverse regulatory audit results. An accredited 
auditor/certification body must implement written procedures for 
receiving and addressing appeals from eligible entities challenging 
adverse regulatory audit results and for investigating and deciding on 
appeals in a fair and meaningful manner. The appeals procedures must 
provide similar protections to those offered by FDA under Sec. Sec.  
1.692 and 1.693, including requirements to:
    (1) Make the appeals procedures publicly available;
    (2) Use qualified persons, different from those involved in the 
subject of the appeal, to investigate and decide on an appeal;
    (3) Advise the eligible entity of the final decision on its appeal; 
and
    (4) Maintain records under Sec.  1.658 of the appeal, the final 
decision, and the basis for such decision.


Sec.  1.653  What must accredited auditor/certification body do when 
issuing food or facility certifications?

    (a) Basis for issuance of a food or facility certification. (1) 
Prior to issuing a food or facility certification to an eligible 
entity, an accredited auditor/certification body (or an audit agent on 
its behalf) must complete a regulatory

[[Page 45834]]

audit that meets the requirements of Sec.  1.651 and any other 
activities that may be necessary to establish compliance with 
applicable requirements of the FD&C Act.
    (2) If, as a result of an observation during a regulatory audit, an 
eligible entity must implement a corrective action plan to address an 
observation, an accredited auditor/certification body may not issue a 
food or facility certification to such entity until after the 
accredited auditor/certification body verifies that eligible entity has 
implemented the corrective action plan through onsite observation, 
except for corrective actions taken to address recordkeeping 
deficiencies that may be verified through submission of records or 
through assurances by the eligible entity.
    (3) An accredited auditor/certification body must consider each 
observation and assessment made during a regulatory audit and other 
activities conducted under Sec.  1.651 to determine whether the entity 
was in compliance with the applicable requirements of the FD&C Act at 
the time of the audit and whether the entity would be likely to remain 
in compliance for the duration of a food or facility certification 
issued under this subpart.
    (4) A single regulatory audit may result in issuance of one or more 
food or facility certifications under this subpart, provided that the 
requirements of issuance are met as to each such certification.
    (5) Where an accredited auditor/certification body uses an audit 
agent to conduct a regulatory audit of an eligible entity under this 
subpart, the accredited auditor/certification body (and not the audit 
agent) must make the determination whether to issue a food or facility 
certification based on the results of such regulatory audit.
    (b) Issuance of a food or facility certification and submission to 
FDA. (1) For purposes of submission to FDA under this subpart, an 
accredited auditor/certification body must issue a food or facility 
certification electronically and in English. The accredited auditor/
certification body must not issue a food or facility certification 
under this subpart for a term that is longer than 12 months.
    (2) A food or facility certification must contain, at a minimum, 
the following elements:
    (i) The name and address of the accredited auditor/certification 
body and the scope and date of its accreditation under this subpart;
    (ii) The name, address, and unique facility identifier, as required 
by FDA, of the eligible entity to which the food or facility 
certification was issued;
    (iii) The name, address, and unique facility identifier, as 
required by FDA, of the facility where the audit was conducted, if 
different than the eligible entity;
    (iv) The scope and date(s) of the audit;
    (v) The name of the audit agent(s) (where applicable) conducting 
the audit;
    (vi) The scope of the food or facility certification, date of 
issuance, and date of expiration.
    (3) FDA may refuse to accept any food certification or other 
assurance for food issued by an accredited auditor/certification body 
for purposes of section 801(q) of the FD&C Act, if FDA determines, 
under section 801(q)(4)(B), that such food certification or assurance 
was not validly issued or does not reliably demonstrate that the food 
is in compliance with the applicable requirements of the FD&C Act, 
including the following:
    (i) That the food certification or assurance is offered in support 
of the admissibility of a food that was not within the scope of the 
certification or assurance; and
    (ii) That the food certification was issued by an accredited 
auditor/certification body acting outside the scope of its 
accreditation under this subpart.


Sec.  1.654  When must an accredited auditor/certification body monitor 
an eligible entity with food or facility certification?

    If an accredited auditor/certification body has reason to believe 
that an eligible entity to which it issued a food or facility 
certification may no longer be in compliance with the applicable 
requirements of the FD&C Act, the accredited auditor/certification body 
must conduct any monitoring (including an onsite assessment) of such 
eligible entity necessary to determine whether the entity is in 
compliance. The accredited auditor/certification body must immediately 
notify FDA, under Sec.  1.656(d), if it determines the entity is no 
longer in compliance with the applicable requirements of the FD&C Act. 
The accredited auditor/certification body must maintain records of such 
monitoring under Sec.  1.658.


Sec.  1.655  How must an accredited auditor/certification body monitor 
its own performance?

    (a) An accredited auditor/certification body must annually, and as 
required under Sec.  1.634(d)(1)(i) or upon FDA request made for cause, 
conduct a self-assessment that includes evaluation of:
    (1) The performance of its officers, personnel, or other agents in 
activities under this subpart, including assessing whether its audit 
agents focused on the most significant risks to human and/or animal 
health when conducting food safety audits of facilities involved in the 
production, manufacturing, processing, packing, or holding of food;
    (2) The degree of consistency among its officers, personnel, or 
other agents in performing activities under this subpart, including 
assessing whether its audit agents interpreted audit protocols in a 
consistent manner;
    (3) The compliance of the accredited auditor/certification body and 
its officers, personnel, and other agents, with the conflict of 
interest requirements of Sec.  1.657;
    (4) Actions taken in response to the results of any assessments 
conducted by FDA or, where applicable, the recognized accreditation 
body under Sec.  1.621; and
    (5) As requested by FDA, any other aspects of its performance 
relevant to a determination whether the accredited auditor/
certification body is in compliance with this subpart.
    (b) As a means to evaluate its performance, the accredited auditor/
certification body may evaluate the compliance of one or more of 
eligible entities to which food or facility certification was issued 
under this subpart.
    (c) Based on the evaluations conducted under paragraphs (a) and (b) 
of this section, the accredited auditor/certification body must:
    (1) Identify any area(s) needing improvement;
    (2) Quickly implement effective corrective action(s) to address 
those area(s); and
    (3) Under Sec.  1.658, establish and maintain records of such 
corrective action(s).
    (d) The accredited auditor/certification body must prepare a 
written report, in English, of the results of its self-assessment that 
includes:
    (1) A description of any corrective action(s) taken under paragraph 
(c) of this section;
    (2) A statement disclosing the extent to which the accredited 
auditor/certification body, and its officers, personnel, and other 
agents complied with the conflict of interest requirements in Sec.  
1.657; and
    (3) A statement attesting to the extent to which the accredited 
auditor/certification body complied with the applicable requirements of 
this subpart.


Sec.  1.656  What reports and notifications must an accredited auditor/
certification body submit?

    (a) Reporting results of regulatory audits. An accredited auditor/

[[Page 45835]]

certification body must submit a regulatory audit report, as described 
in Sec.  1.652(b), electronically, in English, to FDA and to the 
accreditation body that granted its accreditation (where applicable), 
no later than 45 days after completing such audit.
    (b) Reporting results of accredited auditor/certification body 
self-assessments. An accredited auditor/certification body must submit 
the report of its annual self-assessment required by Sec.  1.655 
electronically to its accreditation body (or, in the case of direct 
accreditation, FDA), within 45 days of the anniversary date of its 
accreditation under this subpart and, for an accredited auditor/
certification body subject to Sec.  1.634(d)(1)(i) or an FDA request 
for cause, must submit the report of its self-assessment to FDA within 
2 months. Such report must include an up-to-date list of any audit 
agents it uses to conduct audits under this subpart.
    (c) Notification to FDA of a serious risk to public health. An 
accredited auditor/certification body must immediately notify FDA 
electronically, in English, when any of its audit agents or the 
accredited auditor/certification body itself, discovers any condition, 
found during a regulatory or consultative audit of an eligible entity, 
which could cause or contribute to a serious risk to the public health, 
providing the following information:
    (1) The name and address of the eligible entity subject to the 
audit;
    (2) The name and address of the facility where the condition was 
discovered (if different from that of the eligible entity) and, where 
applicable, the FDA registration number assigned to the facility under 
subpart H of this part; and
    (3) The condition for which notification is submitted.
    (d) Immediate notification to FDA of withdrawal or suspension of 
food or facility certification. An accredited auditor/certification 
body must notify FDA electronically, in English, immediately upon 
withdrawing or suspending the food or facility certification of an 
eligible entity and the basis for such action.
    (e) Notification to its accreditation body or an eligible entity. 
(1) After notifying FDA under paragraph (c) of this section, an 
accredited auditor/certification body must immediately notify the 
eligible entity of such condition and must immediately thereafter 
notify the accreditation body that granted its accreditation, except 
for auditors/certification bodies directly accredited by FDA.
    (2) An accredited auditor/certification body must notify its 
accreditation body (or, in the case of direct accreditation, FDA) 
electronically, in English, within 30 days after making any significant 
change that would affect the manner in which it complies with the 
requirements of Sec. Sec.  1.640 to 1.658, and must include with such 
notification the following information:
    (i) A description of the change; and
    (ii) An explanation for the purpose of the change.


Sec.  1.657  How must an accredited auditor/certification body protect 
against conflicts of interest?

    (a) An accredited auditor/certification body must implement a 
written program to protect against conflicts of interest between the 
accredited auditor/certification body (and its officers, personnel, and 
agents) and an eligible entity seeking a food safety audit or food or 
facility certification from, or audited or certified by, such 
accredited auditor/certification body, including the following:
    (1) Ensuring that the accredited auditor/certification body and its 
officers, personnel, or agents (other than audit agents subject to 
paragraph (a)(2) of this section) do not own or have a financial 
interest in, manage, or otherwise control an eligible entity to be 
certified, or any affiliate, parent, or subsidiary of the entity;
    (2) Ensuring that an audit agent of the accredited auditor/
certification body does not own or operate an eligible entity, or any 
affiliate, parent, or subsidiary of the entity, to be subject to 
consultative or regulatory audit by such agent; and
    (3) Prohibiting an officer, employee, or other agent of the 
accredited auditor/certification body from accepting any money, gift, 
gratuity, or item of value from the eligible entity to be audited or 
certified under this subpart.
    (4) The items specified in paragraph (a)(3) of this section do not 
include:
    (i) Money representing payment of fees for accreditation services 
and reimbursement of direct costs associated with an onsite audit or 
assessment of the third-party auditor/certification body; or
    (ii) Meals, of de minimis value, provided on the premises where the 
audit or assessment is conducted.
    (b) An accredited auditor/certification body may accept the payment 
of fees for auditing and certification services and the reimbursement 
of direct costs associated with an audit of an eligible entity only 
after the date on which the report of such audit was completed or the 
date a food or facility certification was issued, whichever is later. 
Such payment is not considered a conflict of interest for purposes of 
paragraph (a) of this section.
    (c) The financial interests of the spouses and children younger 
than 18 years of age of officers, personnel, and other agents of an 
accredited auditor/certification body will be considered the financial 
interests of such officers, personnel, and other agents of the 
accredited auditor/certification body for purposes of this subpart.
    (d) An accredited auditor/certification body must maintain on its 
Web site an up-to-date list of the eligible entities to which it has 
issued food or facility certifications under this subpart. For each 
such eligible entity, the Web site also must identify the duration and 
scope of the food or facility certification and date(s) on which the 
eligible entity paid the accredited auditor/certification body any fee 
or reimbursement associated with such audit or certification.


Sec.  1.658  What records requirements must an accredited auditor/
certification body meet?

    (a) An accredited auditor/certification body must maintain 
electronically for 4 years records (including documents and data), in 
English, that document compliance with this subpart, including:
    (1) Any audit report and other documents resulting from a 
consultative audit conducted under this subpart, including the audit 
agent's observations, laboratory testing records and results (as 
applicable), correspondence with the eligible entity, and corrective 
actions to address deficiencies identified during the audit;
    (2) Any request for a regulatory audit from an eligible entity;
    (3) Any audit report and other documents resulting from a 
regulatory audit conducted under this subpart, including the audit 
agent's observations, laboratory testing records and results (as 
applicable), correspondence with the eligible entity, and corrective 
actions to address deficiencies identified during the audit;
    (4) Any notification submitted by an audit agent to the accredited 
auditor/certification body under Sec.  1.650(a)(5) or by the accredited 
auditor/certification body to FDA under Sec.  1.656(c);
    (5) Any food or facility certification issued under this subpart;
    (6) Any challenge to an adverse regulatory audit decision and the 
disposition of the challenge;
    (7) Any monitoring it conducted of an eligible entity to which food 
or facility certification was issued;

[[Page 45836]]

    (8) Its self-assessments and corrective actions taken as a result; 
and
    (9) Significant changes to the auditing or certification program 
that might affect compliance with this subpart.
    (b) An accredited auditor/certification body must make the records 
of a consultative audit required by paragraph (a)(1) of this section 
available to FDA in accordance with the requirements of subpart J of 
this chapter.
    (c) An accredited auditor/certification body must make the records 
required by paragraphs (a)(2) to (a)(9) of this section available for 
inspection and copying promptly upon written request of an authorized 
FDA officer or employee at the place of business of the auditor/
certification body or at a reasonably accessible location. If such 
records are requested by FDA electronically, the records must be 
submitted electronically, in English, not later than 10 business days 
after the date of the request.

Procedures for Accreditation of Third-Party Auditors/Certification 
Bodies Under This Subpart


Sec.  1.660  Where do I apply for accreditation or renewal of 
accreditation by a recognized accreditation body?

    Except as allowed under Sec.  1.670, a third-party auditor/
certification body seeking accreditation must submit its request for 
accreditation or renewal of accreditation to an accreditation body 
recognized by FDA under this subpart and identified on the Web site 
described in Sec.  1.690.


Sec.  1.661  What is the duration of accreditation?

    A recognized accreditation body may grant accreditation to a third-
party auditor/certification body under this subpart for a period not to 
exceed 4 years.


Sec.  1.662  How will FDA monitor accredited auditors/certification 
bodies?

    (a) FDA will periodically evaluate the performance of each auditor/
certification body accredited under this subpart to determine whether 
the accredited auditor/certification body continues to comply with the 
requirements of Sec. Sec.  1.640 to 1.658 and whether there are 
deficiencies in the performance of the accredited auditor/certification 
body that, if not corrected, would warrant withdrawal of its 
accreditation under this subpart. FDA will evaluate each directly 
accredited auditor/certification body annually. FDA will evaluate an 
accredited auditor/certification body annually evaluated by a 
recognized accreditation body under Sec.  1.621 by not later than 3 
years after the date of accreditation for a 4-year term of 
accreditation, or by no later than the mid-term point for accreditation 
granted for less than 4 years. FDA may conduct additional performance 
evaluations of an accredited auditor/certification body at any time.
    (b) In evaluating the performance of an accredited auditor/
certification body under paragraph (a) of this section, FDA may review 
any one or more of the following:
    (1) Regulatory audit reports and food and facility certifications;
    (2) The accredited auditor's/certification body's annual self-
assessments under Sec.  1.655;
    (3) Reports of assessments by a recognized accreditation body under 
Sec.  1.621, where applicable;
    (4) Documents and other information regarding the accredited 
auditor's/certification body's authority, qualifications (including the 
expertise and training of its audit agents), conflict of interest 
program, internal quality assurance program, and monitoring by its 
accreditation body (or, in the case of direct accreditation, FDA); and
    (5) Information obtained by FDA, including during inspections, 
audits, onsite observations, or investigations, of one or more eligible 
entities to which food or facility certification was issued by such 
accredited auditor/certification body.
    (c) FDA may conduct its evaluation of an accredited auditor/
certification body through onsite observations of performance during a 
food safety audit of an eligible entity or through document review.


Sec.  1.663  How do I request an FDA waiver or waiver extension for the 
13-month limit for audit agents conducting regulatory audits?

    (a) An accredited auditor/certification body may submit a request 
to FDA to waive the requirements of Sec.  1.650(c) preventing an audit 
agent from conducting a regulatory audit of an eligible entity if the 
agent has conducted a food safety audit of such entity during the 
previous 13 months. The auditor/certification body seeking a waiver or 
waiver extension must demonstrate there is insufficient access to 
accredited auditors/certification bodies in the country or region where 
the eligible entity is located.
    (b) Requests for a waiver or waiver extension and all documents 
provided in support of the request must be submitted to FDA 
electronically, in English. The requestor must provide such translation 
and interpretation services as are needed by FDA to process the 
request.
    (c) The request must be signed by the requestor or by any 
individual authorized to act on behalf of the requestor for purposes of 
seeking such waiver or waiver extension.
    (d) FDA will review requests for waivers and waiver extensions on a 
first in, first out basis according to the date on which the submission 
was completed. FDA will evaluate any completed waiver request to 
determine whether the criteria for waiver have been met.
    (e) FDA will notify the requestor, in writing, whether the request 
for a waiver or waiver extension is approved or denied. Such 
notification may be made electronically.
    (f) If FDA approves the request, the notification will state the 
duration of the waiver and list any conditions associated with it. If 
FDA denies the request, the notification will state the basis for 
denial and will provide the address and procedures for requesting 
reconsideration of the request under Sec.  1.691.
    (g) Unless FDA notifies a requestor that its waiver request has 
been approved, an accredited auditor/certification body must not use 
the agent to conduct a regulatory audit of such eligible entity until 
the 13-month limit in Sec.  1.650(a) has elapsed.


Sec.  1.664  When can FDA withdraw accreditation?

    (a) Mandatory withdrawal. FDA will withdraw accreditation from an 
auditor/certification body:
    (1) Except as provided in paragraph (b) of this section, if the 
food or facility certified under this subpart is linked to an outbreak 
of foodborne illness that has a reasonable probability of causing 
serious adverse health consequences or death in humans or animals;
    (2) Following an evaluation and finding by FDA that the auditor/
certification body no longer meets the requirements for accreditation; 
or
    (3) Following its refusal to allow FDA to access records under 
Sec.  1.658 or to conduct an audit, assessment, or investigation 
necessary to ensure continued compliance with this subpart.
    (b) Exception. FDA may waive mandatory withdrawal under paragraph 
(a)(1) of this section, if FDA:
    (1) Conducts an investigation of the material facts related to the 
outbreak of human or animal illness;
    (2) Reviews the steps or actions taken by the accredited auditor/
certification body to justify the food or facility certification; and
    (3) Determines that the accredited auditor/certification body 
satisfied the

[[Page 45837]]

requirements for issuance of certification under sections 801(q) or 806 
of the FD&C Act, as applicable, and under this subpart.
    (c) Discretionary withdrawal. FDA may withdraw accreditation from 
an auditor/certification body when such auditor/certification body is 
accredited by an accreditation body for which recognition is revoked 
under Sec.  1.634, if FDA determines there is good cause for 
withdrawal, including:
    (1) Demonstrated bias or lack of objectivity when conducting 
activities under this subpart; or
    (2) Performance that calls into question the validity or 
reliability of its food safety audits and food and facility 
certifications.
    (d) Records access. FDA may request records of the accredited 
auditor/certification body under Sec.  1.658 and, where applicable, may 
request records of the recognized accreditation body under Sec.  1.625, 
when considering withdrawal under paragraphs (a)(1), (a)(2), or (c) of 
this section.
    (e) Notice to the auditor/certification body of withdrawal of 
accreditation. (1) FDA will notify the auditor/certification body of 
the withdrawal electronically, in English, stating the grounds for 
withdrawal, the procedures for requesting a regulatory hearing under 
Sec.  1.693 on the withdrawal, and the procedures for requesting 
reaccreditation under Sec.  1.666.
    (2) Within 10 business days of the date of withdrawal, the auditor/
certification body must notify FDA electronically, in English, of the 
location where the records will be maintained as required by Sec.  
1.658.
    (f) Effect of withdrawal of accreditation on eligible entities. A 
food or facility certification issued by third-party auditor/
certification body prior to withdrawal will remain in effect until the 
certification terminates by expiration. If FDA has reason to believe 
that a food certification issued for purposes of section 801(q) of the 
FD&C Act is not valid or reliable, FDA may refuse to consider the 
certification in determining the admissibility of the article of food 
for which the certification was offered.
    (g) Effect of withdrawal of accreditation on recognized 
accreditation bodies. (1) FDA will notify a recognized accreditation 
body, electronically and in English, if the accreditation of one of its 
auditors/certification bodies is withdrawn. Such accreditation body's 
recognition will remain in effect if, no later than 2 months after 
withdrawal, the accreditation body conducts a self-assessment under 
Sec.  1.622 and reports the results of the self-assessment to FDA as 
required by Sec.  1.623(b).
    (2) FDA may revoke the recognition of such accreditation body 
whenever FDA determines there is good cause for revocation of 
recognition under Sec.  1.634.
    (h) Public notice of withdrawal and the status of recognition and 
food and facility certifications. FDA will provide notice on the Web 
site described in Sec.  1.690 of its withdrawal of accreditation of an 
auditor/certification body under this subpart.


Sec.  1.665  How do I voluntarily relinquish accreditation?

    (a) An accredited auditor/certification body that decides to 
relinquish accreditation before it terminates by expiration must notify 
the accreditation body (where applicable) and must notify FDA 
electronically, in English, at least 6 months before relinquishing such 
authority. The notice must identify the location where the records will 
be maintained as required by Sec.  1.658. A third-party auditor/
certification body waives the right to a hearing when relinquishing its 
accreditation under this subpart.
    (b) No later than 15 business days after notifying FDA under 
paragraph (a) of this section, the accredited auditor/certification 
body must notify any eligible entity to which it issued food or 
facility certification under this subpart.
    (c) A food or facility certification issued by an accredited 
auditor/certification body prior to relinquishing its accreditation 
will remain in effect until terminated by expiration. If FDA has reason 
to believe that a certification issued for purposes of section 801(q) 
of the FD&C Act is not valid or reliable, FDA may refuse to consider 
the certification in determining the admissibility of the article of 
food for which the certification was offered.
    (d) FDA will provide notice on the Web site described in Sec.  
1.690 of the voluntary relinquishment of accreditation by an auditor/
certification body.


Sec.  1.666  How do I request reaccreditation?

    (a) Application following withdrawal. FDA will reinstate the 
accreditation of an auditor/certification body for which it has 
withdrawn accreditation:
    (1) If, in the case of direct accreditation, FDA determines, based 
on evidence presented by the auditor/certification body, that the 
auditor/certification body satisfies the requirements for accreditation 
and adequate grounds for withdrawal no longer exist; or
    (2) In the case of an auditor/certification body accredited by an 
accreditation body for which recognition has been revoked under Sec.  
1.634:
    (i) If the auditor/certification body becomes accredited by a 
recognized accreditation body or by FDA through direct accreditation 
not later than 1 year after withdrawal of accreditation; or
    (ii) Under such conditions as FDA may impose in withdrawing 
accreditation.
    (b) Application following relinquishment. An auditor/certification 
body that previously relinquished its accreditation under Sec.  1.665 
may seek accreditation by submitting a new application for 
accreditation under Sec.  1.660 or, where applicable, Sec.  1.670.

Additional Procedures for Direct Accreditation of Third-Party Auditors/
Certification Bodies Under This Subpart


Sec.  1.670  How do I apply to FDA for direct accreditation or renewal 
of direct accreditation?

    (a) Eligibility. (1) FDA will accept applications from third-party 
auditors/certification bodies for direct accreditation or renewal of 
direct accreditation only if FDA determines that it has not identified 
and recognized an accreditation body to meet the requirements of 
section 808 of the FD&C Act within 2 years after establishing the 
accredited third-party audits and certification program. Such FDA 
determination may apply, as appropriate, to specific types of auditor/
certification bodies, types of expertise, or geographic location; or 
through identification by FDA of any requirements of section 808 of the 
FD&C Act not otherwise met by previously recognized accreditation 
bodies. FDA will only accept applications for direct accreditation and 
renewal applications that are within the scope of the determination.
    (2) FDA may revoke or modify a determination under paragraph (a)(1) 
of this section if FDA subsequently identifies and recognizes an 
accreditation body that affects such determination.
    (3) FDA will provide notice on the Web site described in Sec.  
1.690 of a determination under paragraph (a)(1) of this section and of 
a revocation or modification of the determination under paragraph 
(a)(2) of this section.
    (b) Application for direct accreditation or renewal of direct 
accreditation. (1) An auditor/certification body seeking direct 
accreditation or renewal of direct accreditation must submit an 
application to FDA, demonstrating that it is within the scope of the

[[Page 45838]]

determination issued under paragraph (a) of this section, and it meets 
the eligibility requirements of Sec.  1.640.
    (2) Applications and all documents provided as part of the 
application process must be submitted electronically, in English. An 
applicant must provide such translation and interpretation services as 
are needed by FDA to process the application, including during an 
onsite audit of the applicant.
    (3) The application must be signed by the applicant or by any 
individual authorized to act on behalf of the applicant for purposes of 
seeking or renewing direct accreditation.


Sec.  1.671  How will FDA review applications for direct accreditation 
and for renewal of direct accreditation?

    (a) FDA will review applications for direct accreditation and for 
renewal of direct accreditation on a first in, first out basis 
according to the date the submission was completed.
    (b) FDA will evaluate any completed application to determine 
whether the applicant meets the requirements for direct accreditation 
under this subpart.
    (c) FDA will notify the applicant in writing whether the 
application has been approved or denied. FDA may provide such 
notification electronically.
    (d) If an application has been approved, the notification will list 
any conditions associated with the accreditation.
    (e) If FDA denies an application, the notification will state the 
basis of denial and will provide the address and procedures for 
requesting reconsideration of the application under Sec.  1.691.
    (f) If FDA does not reach a final decision on a renewal application 
before the expiration of its direct accreditation, FDA may extend the 
duration of such direct accreditation for a specified period of time or 
until the agency reaches a final decision on the renewal application.


Sec.  1.672  What is the duration of direct accreditation?

    FDA will grant direct accreditation of a third-party auditor/
certification body for a period not to exceed 4 years.

Requirements for Eligible Entities Under This Subpart


Sec.  1.680  How and when will FDA monitor eligible entities?

    (a) FDA may, at any time, conduct an onsite audit of an eligible 
entity that has received food or facility certification from an 
accredited auditor/certification body under this subpart. The audit may 
be conducted with or without the accredited auditor/certification body 
or the recognized accreditation body (where applicable) present.
    (b) A food safety audit conducted by an accredited auditor/
certification body under this subpart is not considered an inspection 
under section 704 of the FD&C Act.


Sec.  1.681  How frequently must eligible entities be recertified?

    (a) An eligible entity seeking to maintain facility certification 
under this subpart must seek recertification prior to expiration of its 
certification. To obtain recertification, the eligible entity must 
demonstrate its continuing compliance with the applicable requirements 
of the FD&C Act.
    (b) FDA may require an eligible entity to renew a food 
certification at any time FDA determines appropriate under section 
801(q)(4)(A) of the FD&C Act.

General Requirements of This Subpart


Sec.  1.690  How will FDA make information about recognized 
accreditation bodies and accredited auditors/certification bodies 
available to the public?

    FDA will place on its Web site a registry of recognized 
accreditation bodies and accredited auditors/certification bodies, 
including the name and contact information for each. The registry may 
provide information on auditors/certification bodies accredited by 
recognized accreditation bodies through links to the Web sites of such 
accreditation bodies.


Sec.  1.691  How do I request reconsideration of a denial by FDA of an 
application or a waiver request?

    (a) An accreditation body may seek reconsideration of the denial of 
an application for recognition, renewal of recognition, or 
reinstatement of recognition no later than 10 business days after the 
date of such decision.
    (b) A third-party auditor/certification body may seek 
reconsideration of the denial of an application for direct 
accreditation, renewal of direct accreditation, reinstatement of direct 
accreditation, a request for a waiver of the conflict of interest 
requirement in Sec.  1.650(b), or a waiver extension no later than 10 
business days after the date of such decision.
    (c) A request to reconsider an application or waiver request under 
paragraph (a) or (b) of this section must be signed by the requestor or 
by an individual authorized to act on its behalf in submitting the 
request for reconsideration. The request must be submitted in English 
to the address specified in the notice of denial and must comply with 
the procedures it describes.
    (d) After completing its review and evaluation of the request for 
reconsideration, FDA will notify the requestor, in writing, of its 
decision to grant the application or waiver request upon 
reconsideration, or its decision to deny the application or waiver 
request upon reconsideration.


Sec.  1.692  How do I request internal agency review of a denial of an 
application or waiver request upon reconsideration?

    (a) No later than 10 business days after the date FDA issued a 
denial of an application or waiver request upon reconsideration under 
Sec.  1.691, the requestor may seek internal agency review of such 
denial under Sec.  10.75(c)(1) of this chapter.
    (b) The request for internal agency review under paragraph (a) of 
this section must be signed by the requestor or by an individual 
authorized to act on its behalf in submitting the request for internal 
review. The request must be submitted in English to the address 
specified in the letter of denial upon reconsideration and must comply 
with procedures it describes.
    (c) Under Sec.  10.75(d) of this chapter, internal agency review of 
such denial must be based on the information in the administrative 
file, which will include any supporting information submitted under 
Sec.  1.691(c).
    (d) After completing the review and evaluation of the 
administrative file, FDA will notify the requestor, electronically, of 
its decision to overturn the denial and grant the application or waiver 
request or to affirm the denial of the application or waiver request 
upon reconsideration.
    (e) Affirmation by FDA of a denial of an application or waiver 
request upon reconsideration constitutes final agency action under 5 
U.S.C. 702.


Sec.  1.693  How do I request a regulatory hearing on a revocation of 
recognition or withdrawal of accreditation?

    (a) Request for hearing on revocation. No later than 10 business 
days after the date FDA issued a revocation of recognition of an 
accreditation body under Sec.  1.634, the accreditation body or an 
individual authorized to act on its behalf may submit a request for a 
regulatory hearing on the revocation under part 16 of this chapter. The 
written notice of revocation issued under Sec.  1.634 will contain all 
of the elements required by Sec.  16.22 of this chapter and will 
thereby constitute the notice of an opportunity for hearing under part 
16 of this chapter.
    (b) Request for hearing on withdrawal. No later than 10 business 
days after the date FDA issued a withdrawal of

[[Page 45839]]

accreditation of a third-party auditor/certification body under Sec.  
1.664, the auditor/certification body or an individual authorized to 
act on its behalf may submit a request for a regulatory hearing on the 
withdrawal under part 16 of this chapter. The written notice of 
withdrawal under Sec.  1.664 will contain all of the elements required 
by Sec.  16.22 of this chapter and will thereby constitute the notice 
of opportunity of hearing under part 16 of this chapter.
    (c) Submission of request for regulatory hearing. The request for a 
regulatory hearing under paragraph (a) or (b) of this section must be 
submitted with a written appeal that responds to the basis for the FDA 
decision, as described in the written notice of revocation or 
withdrawal, as appropriate, and includes any supporting information 
upon which the requestor is relying. The request, appeal, and 
supporting information must be submitted in English to the address 
specified in the notice and must comply with the procedures it 
describes.
    (d) Effect of submission of request on FDA decision. The submission 
of a request for a regulatory hearing under paragraph (a) or (b) of 
this section will not operate to delay or stay the effect of a decision 
by FDA to revoke recognition of an accreditation body or to withdraw 
accreditation of an auditor/certification body unless FDA determines 
that a delay or a stay is in the public interest.
    (e) Presiding officer. The presiding officer for a regulatory 
hearing for a revocation or withdrawal under this subpart will be 
designated after a request for a regulatory hearing is submitted to 
FDA.
    (f) Denial of a request for regulatory hearing. The presiding 
officer may deny a request for regulatory hearing for a revocation or 
withdrawal under Sec.  16.26(a) of this chapter.
    (g) Conduct of regulatory hearing. (1) If the presiding officer 
grants a request for a regulatory hearing for a revocation or 
withdrawal, the hearing will be held within 10 business days after the 
date the request was filed or, if applicable, within a timeframe agreed 
upon in writing by requestor, the presiding officer, and FDA.
    (2) The presiding officer may require that a regulatory hearing for 
a revocation or withdrawal be completed within 1 business day, as 
appropriate.
    (3) The presiding officer must conduct the regulatory hearing for 
revocation or withdrawal under part 16 of this chapter, except that, 
under Sec.  16.5 of this chapter, such procedures apply only to the 
extent that the procedures are supplementary and do not conflict with 
the procedures specified for regulatory hearings under this subpart. 
Accordingly, the following requirements are inapplicable to regulatory 
hearings under this subpart: The requirements of Sec.  16.22 
(Initiation of a regulatory hearing); Sec.  16.24(e) (timing) and (f) 
(contents of notice); Sec.  16.40 (Commissioner); Sec.  16.95(b) 
(administrative decision and record for decision) and Sec.  16.119 
(Reconsideration and stay of action) of this chapter.
    (4) A decision by the presiding officer to affirm the revocation of 
recognition or the withdrawal of accreditation is considered a final 
agency action under 5 U.S.C. 702.

Audits for Other Purposes


Sec.  1.698  May importers use reports of regulatory audits by 
accredited auditors/certification bodies for purposes of subpart L of 
this part?

    An importer, as defined in Sec.  1.500 of this part, may use a 
regulatory audit of an eligible entity, documented in a regulatory 
audit report, in meeting requirements for an onsite audit of a foreign 
supplier under subpart L of this part.

PART 16--REGULATORY HEARING BEFORE THE FOOD AND DRUG ADMINISTRATION

0
3. The authority citation for 21 CFR part 16 continues to read as 
follows:

    Authority: 15 U.S.C. 1451-1461; 21 U.S.C. 141-149, 321-394, 
467f, 679, 821, 1034; 28 U.S.C. 2112; 42 U.S.C. 201-262, 263b, 364.

0
4. Section 16.1 is amended by numerically adding the following entry in 
paragraph (b)(2) to read as follows:


Sec.  16.1  Scope.

* * * * *
    (b) * * *
    (2) * * *
    Sec. Sec.  1.634 and 1.664, relating to revocation of recognition 
of an accreditation body and withdrawal of accreditation of auditors/
certification bodies that conduct food safety audits of eligible 
entities in the food import supply chain and issue food and facility 
certifications.
* * * * *

    Dated: July 23, 2013.
Leslie Kux,
Assistant Commissioner for Policy.
[FR Doc. 2013-17994 Filed 7-26-13; 8:45 am]
BILLING CODE 4160-01-P