Accreditation of Third-Party Certification Bodies To Conduct Food Safety Audits and To Issue Certifications, 74569-74667 [2015-28160]
Download as PDF
<![CDATA[
Vol. 80
Friday,
No. 228
November 27, 2015
Part IV
Department of Health and Human Services
mstockstill on DSK4VPTVN1PROD with RULES4
Food and Drug Administration
21 CFR Parts 1, 11, and 16
Accreditation of Third-Party Certification Bodies To Conduct Food Safety
Audits and To Issue Certifications; Final Rule
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
PO 00000
Frm 00001
Fmt 4717
Sfmt 4717
E:\FR\FM\27NOR4.SGM
27NOR4
74570
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Food and Drug Administration
21 CFR Parts 1, 11, and 16
[Docket No. FDA–2011–N–0146]
RIN 0910–AG66
Accreditation of Third-Party
Certification Bodies To Conduct Food
Safety Audits and To Issue
Certifications
AGENCY:
Food and Drug Administration,
HHS.
ACTION:
Final rule.
The Food and Drug
Administration (FDA or we) is adopting
regulations to provide for accreditation
of third-party certification bodies to
conduct food safety audits of foreign
food entities, including registered
foreign food facilities, and to issue food
and facility certifications, under the
FDA Food Safety Modernization Act
(FSMA). These certifications will be
required for participation in the
voluntary qualified importer program
(VQIP) established under the Federal
Food, Drug, and Cosmetic Act (FD&C
Act). In addition, when the Agency has
determined that an imported food is
subject to certification under FSMA, the
Agency may require a certification
under this rule as a condition for
admitting the food into the United
States. FDA also expects that these
regulations will increase efficiency by
reducing the number of redundant food
safety audits.
DATES: This rule is effective January 26,
2016.
FOR FURTHER INFORMATION CONTACT:
Charlotte A. Christin, Office of Foods
and Veterinary Medicine, Food and
Drug Administration, 10903 New
Hampshire Ave., Silver Spring, MD
20993, 301–796–7526.
SUPPLEMENTARY INFORMATION:
SUMMARY:
mstockstill on DSK4VPTVN1PROD with RULES4
Table of Contents
Executive Summary
I. Introduction and Background
A. FDA Food Safety Modernization Act
B. Purpose of This Rulemaking
C. The Proposed Rule
D. Public Comments
II. Legal Authority
III. Comments on What Definitions Apply to
This Subpart (§ 1.600)
A. Definitions, Generally
B. Assessment
C. Audit
D. Audit Agent
E. Consultative Audit
F. Eligible Entity
G. Facility
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
H. Facility Certification and Food
Certification
I. Food
J. Food Safety Audit
K. Foreign Cooperative
L. Regulatory Audit
M. Self-Assessment
N. Third-Party Auditor
IV. Comments on Who Is Subject to This
Subpart (§ 1.601)
A. Limiting the Scope of the Rule to
Regulatory Audits and Certifications
B. Exemption for Alcoholic Beverages
C. USDA Regulated Products
V. Comments on Recognition of
Accreditation Bodies Under This
Subpart
A. Who is eligible to seek recognition?
(§ 1.610)
B. What legal authority must an
accreditation body have to qualify for
recognition? (§ 1.611)
C. What competency and capacity must an
accreditation body have to qualify for
recognition? (§ 1.612)
D. What protections against conflicts of
interest must an accreditation body have
to qualify for recognition? (§ 1.613)
E. What quality assurance procedures must
an accreditation body have to qualify for
recognition? (§ 1.614)
F. What records procedures must an
accreditation body have to qualify for
recognition? (§ 1.615)
VI. Comments on Requirements for
Accreditation Bodies That Have Been
Recognized Under This Subpart
A. How must a recognized accreditation
body evaluate third-party certification
bodies seeking accreditation? (§ 1.620)
B. How must a recognized accreditation
body monitor the performance of thirdparty certification bodies it accredited?
(§ 1.621)
C. How must a recognized accreditation
body monitor its own performance?
(§ 1.622)
D. What reports and notifications must a
recognized accreditation body submit to
FDA? (§ 1.623)
E. How must a recognized accreditation
body protect against conflicts of interest?
(§ 1.624)
F. What records requirements must an
accreditation body that has been
recognized meet? (§ 1.625)
VII. Comments on Procedures for Recognition
of Accreditation Bodies Under This
Subpart
A. How do I apply to FDA for recognition
or renewal of recognition? (§ 1.630)
B. How will FDA review my application
for recognition or for renewal of
recognition and what happens once FDA
decides on my application? (§ 1.631)
C. What is the duration of recognition?
(§ 1.632)
D. How will FDA monitor recognized
accreditation bodies? (§ 1.633)
E. When will FDA revoke recognition?
(§ 1.634)
F. What if I want to voluntarily relinquish
recognition or do not want to renew
recognition? (§ 1.635)
G. How do I request reinstatement of
recognition? (§ 1.636)
PO 00000
Frm 00002
Fmt 4701
Sfmt 4700
VIII. Comments on Accreditation of ThirdParty Certification Bodies Under This
Subpart
A. Who is eligible to seek accreditation?
(§ 1.640)
B. What legal authority must a third-party
certification body have to qualify for
accreditation? (§ 1.641)
C. What competency and capacity must a
third-party certification body have to
qualify for accreditation? (§ 1.642)
D. What protections against conflicts of
interest must a third-party certification
body have to qualify for accreditation?
(§ 1.643)
E. What quality assurance procedures must
a third-party certification body have to
qualify for accreditation? (§ 1.644)
F. What records procedures must a thirdparty certification body have to qualify
for accreditation? (§ 1.645)
IX. Comments on Requirements for ThirdParty Certification Bodies That Have
Been Accredited Under This Subpart
A. How must an accredited third-party
certification body ensure its audit agents
are competent and objective? (§ 1.650)
B. How must an accredited third-party
certification body conduct a food safety
audit of an eligible entity? (§ 1.651)
C. What must an accredited third-party
certification body include in food safety
audit reports? (§ 1.652)
D. What must an accredited third-party
certification body do when issuing food
or facility certifications? (§ 1.653)
E. When must an accredited third-party
certification body monitor an eligible
entity that it has issued a food or facility
certification? (§ 1.654)
F. How must an accredited third-party
certification body monitor its own
performance? (§ 1.655)
G. What reports and notifications must an
accredited third-party certification body
submit? (§ 1.656)
H. How must an accredited third-party
certification body protect against
conflicts of interest? (§ 1.657)
I. What records requirements must a thirdparty certification body that has been
accredited meet? (§ 1.658)
X. Comments on Procedures for
Accreditation of Third-Party
Certification Bodies Under This Subpart
A. Where do I apply for accreditation or
renewal of accreditation by a recognized
accreditation body and what happens
once the recognized accreditation body
decides on my application? (§ 1.660)
B. What is the duration of accreditation by
a recognized accreditation body?
(§ 1.661)
C. How will FDA monitor accredited thirdparty certification bodies? (§ 1.662)
D. How do I request an FDA waiver or
waiver extension for the 13-month limit
for audit agents conducting regulatory
audits? (§ 1.663)
E. When would FDA withdraw
accreditation? (§ 1.664)
F. What if I want to voluntarily relinquish
accreditation or do not want to renew
accreditation? (§ 1.665)
G. How do I request reaccreditation?
(§ 1.666)
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
XI. Comments on Additional Procedures for
Direct Accreditation of Third-Party
Certification Bodies Under This Subpart
A. How do I apply to FDA for direct
accreditation or renewal of direct
accreditation? (§ 1.670)
B. How will FDA review my application
for direct accreditation or renewal of
direct accreditation and what happens
once FDA decides on my application?
(§ 1.671)
C. What is the duration of direct
accreditation? (§ 1.672)
XII. Comments on Requirements for Eligible
Entities Under This Subpart
A. How and when will FDA monitor
eligible entities? (§ 1.680)
B. How frequently must eligible entities be
recertified? (§ 1.681)
XIII. Comments on General Requirements of
This Subpart
A. How will FDA make information about
recognized accreditation bodies and
accredited third-party certification
bodies available to the public? (§ 1.690)
B. How do I request reconsideration of a
denial by FDA of an application or a
waiver request? (§ 1.691)
C. How do I request internal agency review
of a denial of an application or waiver
request upon reconsideration? (§ 1.692)
D. How do I request a regulatory hearing
on a revocation of recognition or
withdrawal of accreditation? (§ 1.693)
E. Are electronic records created under this
subpart subject to the electronic records
requirements of part 11? (§ 1.694)
F. Are the records obtained by FDA under
this subpart subject to public disclosure?
(§ 1.695)
G. May importers use reports of regulatory
audits by accredited certification bodies
for purposes of subpart L of this part?
(§ 1.698)
XIV. Editorial and Conforming Changes
XV. Executive Order 13175
XVI. Analysis of Economic Impact
XVII. Paperwork Reduction Act of 1995
XVIII. Analysis of Environmental Impact
XIX. Federalism
XX. References
Executive Summary
mstockstill on DSK4VPTVN1PROD with RULES4
Purpose and Coverage of the Final Rule
This rule is part of FDA’s
implementation of FSMA, which
intends to better protect public health
by, among other things, adopting a
modern, preventive, and risk-based
approach to food safety regulation. In
this document, we establish a program
for accreditation of third-party
certification bodies 1 to conduct food
safety audits and issue certifications of
1 As explained more fully in Response 1, in
response to comments and for clarity, this final rule
uses the term ‘‘third-party certification body’’ rather
than either the term ‘‘third-party auditor’’ or the
term, ‘‘third party auditor/certification body’’
(except that we will use the term ‘‘third-party
auditor’’ in the definitions of ‘‘accredited thirdparty certification body’’ and ‘‘third-party
certification body’’ in 21 CFR 1.600(c) and in the
preamble discussion of those definitions in section
III.A).
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
foreign food facilities and foods for
humans and animals for purposes of
sections 801(q) and 806 of the FD&C
Act. We are also codifying certain
limited exemptions to mandatory
import certification under 801(q) of the
FD&C Act (21 U.S.C. 381).
FSMA added section 808 to the FD&C
Act (21 U.S.C. 384d), which directs FDA
to establish a new program for
accreditation of third-party certification
bodies to conduct food safety audits and
to certify that eligible foreign entities
(including registered foreign food
facilities) and food produced by such
entities meet applicable FDA
requirements for purposes of sections
801(q) and 806 of the FD&C Act. This
rulemaking implements section 808 of
the FD&C Act; we will recognize
accreditation bodies to accredit thirdparty certification bodies, except for
limited circumstances in which we may
directly accredit third-party certification
bodies.
FSMA specifies two uses for the food
and facility certifications issued by
accredited third-party certification
bodies under this program. First, facility
certifications will be used by importers
to establish eligibility for VQIP under
section 806 of the FD&C Act (21 U.S.C.
384b(a)). VQIP offers participating
importers expedited review and entry of
food that is part of VQIP. One condition
of participation is importation of food
from facilities audited and certified by
third-party certification bodies
accredited under this subpart. FDA
issued draft guidance on VQIP on June
5, 2015 (80 FR 32136); the draft
guidance may be accessed at https://
www.fda.gov/downloads/Food/
GuidanceRegulation/Guidance
DocumentsRegulatoryInformation/
UCM448558.pdf.
Second, section 801(q) of the FD&C
Act gives FDA the authority to make a
risk-based determination to require, as a
condition of admissibility, that a food
imported or offered for import into the
United States be accompanied by a
certification or other assurance that the
food meets the applicable requirements
of the FD&C Act. The authority to
mandate import certification for food,
based on risk, is one of the tools we can
use to help prevent potentially harmful
food from reaching U.S. consumers.
When FDA has determined that a food
import is subject to such certification
under section 801(q) of the FD&C Act,
FDA will require, as a condition of
entry, a certification issued either by an
accredited third-party certification body
under this rule or by an agency or
representative of the government of the
country from which the food at issue
originated, as designated by FDA.
PO 00000
Frm 00003
Fmt 4701
Sfmt 4700
74571
In addition, facilities and importers
may choose to use onsite audits
conducted by third-party certification
bodies accredited under the program set
out in this rule in connection with
meeting supplier verification
requirements under FDA’s final rules for
Current Good Manufacturing Practice
and Hazard Analysis and Risk-Based
Preventive Controls for Human Food
(final human preventive controls
regulation) (80 FR55907, September 17,
2015); Current Good Manufacturing
Practice and Hazard Analysis and RiskBased Preventive Controls for Food for
Animals (final animal preventive
controls regulation) (80 FR 56169,
September 17, 2015); and the Foreign
Supplier Verification Programs (FSVP)
for Importers of Food for Humans and
Animals (published elsewhere in this
edition of the Federal Register)
(implementing sections 418 and 805 of
the FD&C Act, respectively). Under
those rules, in circumstances where an
onsite audit is the appropriate supplier
verification activity, such audit must be
conducted by a ‘‘qualified auditor.’’ The
definitions of ‘‘qualified auditor’’ in
those rules make clear that an example
of a potential qualified auditor includes,
but is not limited to, an audit agent of
a certification body that has been
accredited in accordance with
regulations in part 1, subpart M of this
chapter (i.e., this rule implementing
section 808 of the FD&C Act).
Summary of Major Provisions of the
Final Rule
This rule establishes the framework,
procedures, and requirements for
accreditation bodies and third-party
certification bodies for purposes of
section 808 of the FD&C Act. The rule
sets requirements for the legal authority,
competency, capacity, conflict of
interest safeguards, quality assurance,
and records procedures that
accreditation bodies must demonstrate
to be eligible for recognition.
Accreditation bodies also must
demonstrate capability to meet the FDA
requirements that would apply upon
recognition. Additionally, the rule
establishes requirements for the legal
authority, competency, capacity,
conflict of interest safeguards, quality
assurance, and records procedures that
third-party certification bodies must
demonstrate to be eligible for
accreditation. Third-party certification
bodies also must demonstrate capability
to meet the applicable requirements of
the rule that would apply upon
accreditation.
Pursuant to FSMA section 307 (21
U.S.C. 384d), the rule requires
accredited third-party certification
E:\FR\FM\27NOR4.SGM
27NOR4
74572
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
bodies to perform unannounced facility
audits, to notify FDA upon discovering
a condition that could cause or
contribute to a serious risk to the public
health, and to submit to FDA reports of
regulatory audits conducted for
certification purposes. The rule includes
stringent requirements to prevent
conflicts of interest from influencing the
decisions of recognized accreditation
bodies and accredited third-party
certification bodies. The rule does not,
however, establish the audit criteria that
accredited third-party certification
bodies will use in examining eligible
entities for compliance with the
applicable food safety requirements of
the FD&C Act and FDA regulations,
because those criteria appear elsewhere
in FDA regulations and the FD&C Act.
Costs and Benefits
Costs of the Third-Party final rule
include compliance costs of
accreditation bodies and certification
bodies that choose to participate in our
third-party program, and user fees
imposed by FDA on accreditation
bodies and certification bodies for
application review and monitoring of
program participants.
TABLE 1—SUMMARY USER FEE, COMPLIANCE, UNDISCOUNTED AND ANNUALIZED COSTS OF THE THIRD-PARTY (TP)
PROGRAM PER PARTICIPANT
Audited by
Certification bodies
(CBs) currently
accredited under
other programs
CBs not accredited
under any program
Number of section 801(q) Entities .......................................................................
Cost of Compliance with Program Requirements (TP Compliance Cost) ..........
Section 801(q) Compliance Cost .........................................................................
Number of section 806 Entities ...........................................................................
TP Compliance Cost ............................................................................................
Section 806 Compliance Cost .............................................................................
10
$694
$6,940
145
$694
$100,630
65
$2,569
$166,985
971
$2,569
$2,494,499
75
................................
$173,925
1,116
................................
$2,595,129
Total TP Compliance Cost—Scenario 1 ......................................................
................................
................................
$2,769,054
Number of section 801(q) Entities .......................................................................
TP Compliance Cost ............................................................................................
Section 801(q) Compliance Cost .........................................................................
Number of § 806 Entities .....................................................................................
TP Compliance Cost ............................................................................................
Section 806 Compliance Cost .............................................................................
10
$322
$3,220
459
$322
$147,798
65
$2,197
$142,805
3,068
$2,197
$6,740,396
75
................................
$146,025
3,527
................................
$6,888,194
Total TP Compliance Cost—Scenario 2 ......................................................
................................
................................
$7,034,219
Number of section 801(q) Entities .......................................................................
TP Compliance Cost ............................................................................................
Section 801(q) Compliance Cost .........................................................................
Number of section 806 Entities ...........................................................................
TP Compliance Cost ............................................................................................
Section 806 Compliance Cost .............................................................................
10
$227
$2,270
801
$227
$181,827
65
$2,102
$136,630
5,359
$2,102
$11,264,618
75
................................
$138,900
6,160
................................
$11,446,445
Total TP Compliance Cost—Scenario 3 ......................................................
................................
................................
$11,585,345
Eligible entity
Total
SCENARIO 1
SCENARIO 2
mstockstill on DSK4VPTVN1PROD with RULES4
SCENARIO 3
The costs that accreditation bodies
and certification bodies incur in
complying with the regulation are
necessarily less than the private benefits
they accrue by becoming recognized or
accredited, respectively. Through the
third-party accreditation program more
effective regulatory oversight is
achieved. FDA will recoup resources in
managing its third-party accreditation
program through user fees that FDA
intends to impose on participating
accreditation bodies and third-party
certification bodies.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
I. Introduction and Background
A. FDA Food Safety Modernization Act
FSMA (Pub. L. 111–353), signed into
law by President Obama on January 4,
2011, is intended to allow FDA to better
protect public health by helping to
ensure the safety and security of the
food supply. FSMA enables us to focus
more on preventing food safety
problems rather than relying primarily
on reacting to problems after they occur.
The law also provides new enforcement
authorities to help achieve higher rates
of compliance with risk-based,
prevention-oriented safety standards
and to better respond to and contain
PO 00000
Frm 00004
Fmt 4701
Sfmt 4700
problems when they do occur. In
addition, the law contains important
new tools to better ensure the safety of
imported foods and encourages
partnerships with State, local, tribal,
and territorial authorities and
international collaborations with foreign
regulatory counterparts. A top priority
for FDA are those FSMA-required
regulations that provide the framework
for industry’s implementation of
preventive controls and enhance our
ability to oversee their implementation
for both domestic and imported food. To
that end, we proposed the seven
foundational rules listed in table 2 and
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
74573
requested comments on all aspects of
these proposed rules.
TABLE 2—PUBLISHED FOUNDATIONAL PROPOSED RULES FOR IMPLEMENTATION OF FSMA
Title
Abbreviation
Current Good Manufacturing Practice and Hazard Analysis
and Risk-Based Preventive Controls for Human Food.
Standards for the Growing, Harvesting, Packing, and Holding
of Produce for Human Consumption.
Current Good Manufacturing Practice and Hazard Analysis
and Risk-Based Preventive Controls for Food for Animals.
Foreign Supplier Verification Programs (FSVP) for Importers
of Food for Humans and Animals.
Accreditation of Third-Party Auditors/Certification Bodies to
Conduct Food Safety Audits and to Issue Certifications.
2013 proposed human preventive controls
regulation.
2013 proposed produce safety regulation ......
Focused Mitigation Strategies To Protect Food Against Intentional Adulteration.
Sanitary Transportation of Human and Animal Food ..............
We also issued a supplemental notice
of proposed rulemaking for the rules
Publication
2013 proposed animal preventive controls
regulation.
2013 proposed FSVP regulation ....................
2013 proposed third-party certification regulation (also referred to in this document as
the proposed rule).
2013 proposed intentional adulteration regulation.
2014 proposed sanitary transportation regulation.
listed in table 3 and requested
comments on specific issues identified
78 FR 3646, January 16, 2013.
78 FR 3504, January 16, 2013.
78 FR 64736, October 29, 2013.
78 FR 45730, July 29, 2013.
78 FR 45782, July 29, 2013.
78 FR 78014, December 24,
2013.
79 FR 7006, February 5, 2014.
in each supplemental notice of
proposed rulemaking.
TABLE 3—PUBLISHED SUPPLEMENTAL NOTICES OF PROPOSED RULEMAKING FOR THE FOUNDATIONAL RULES FOR
IMPLEMENTATION OF FSMA
Title
Abbreviation
Publication
Current Good Manufacturing Practice and Hazard Analysis
and Risk-Based Preventive Controls for Human Food.
Standards for the Growing, Harvesting, Packing, and Holding
of Produce for Human Consumption.
Current Good Manufacturing Practice and Hazard Analysis
and Risk-Based Preventive Controls for Food for Animals.
FSVP for Importers of Food for Humans and Animals ............
2014 supplemental human preventive controls notice.
2014 supplemental produce safety notice ......
2014 supplemental animal preventive controls notice.
2014 supplemental FSVP notice ....................
79 FR
2014.
79 FR
2014.
79 FR
2014.
79 FR
2014.
58524, September 29,
58434, September 29,
58476, September 29,
58574, September 29,
We finalized two of the foundational
rulemakings listed in table 4 in
September 2015.
TABLE 4—PUBLISHED FOUNDATIONAL FINAL RULES FOR IMPLEMENTATION OF FSMA
Title
mstockstill on DSK4VPTVN1PROD with RULES4
Current Good Manufacturing
and Risk-Based Preventive
Current Good Manufacturing
and Risk-Based Preventive
Abbreviation
Practice and Hazard Analysis
Controls for Human Food.
Practice and Hazard Analysis
Controls for Food for Animals.
As FDA finalizes these seven
foundational rulemakings, we are
putting in place a modern, risk-based
framework for food safety that is based
on the most recent science, that focuses
efforts where the hazards are reasonably
likely to occur, and that is flexible and
practical given our current knowledge of
food safety practices. To achieve this,
FDA has engaged in a significant
amount of outreach to the stakeholder
community to find the right balance
between flexibility and accountability in
these regulations.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
Publication
final human preventive controls regulation .....
80 FR 55908, September 17,
2015.
80 FR 56170, September 17,
2015.
final animal preventive controls regulation .....
After FSMA was enacted in 2011, we
have been involved in approximately
600 stakeholder engagements on FSMA
and the proposed rules, including
public meetings, webinars, listening
sessions, farm tours, and extensive
presentations and meetings with various
stakeholder groups (Refs. 1, 2, 3). As a
result of this stakeholder dialogue, FDA
decided to issue the four supplemental
notices of proposed rulemaking to share
our current thinking on key issues and
get additional stakeholder input on
those issues. As we move forward into
the next phase of FSMA
PO 00000
Frm 00005
Fmt 4701
Sfmt 4700
implementation, we intend to continue
this dialogue and collaboration with our
stakeholders, through guidance,
education, training, and assistance, to
ensure that stakeholders understand and
engage in their respective roles in food
safety. FDA believes these seven
foundational final rules, when
implemented, will affect the paradigm
shift toward prevention that was
envisioned in FSMA and be a major step
forward for food safety that will help
protect consumers into the future.
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74574
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
B. Purpose of This Rulemaking
FSMA added section 808 to the FD&C
Act which directs FDA to establish a
new voluntary program for accreditation
of third-party certification bodies to
conduct food safety audits and to issue
food and facility certifications to eligible
foreign entities (including registered
foreign food facilities) that meet our
applicable requirements for purposes of
sections 801(q) and 806 of the FD&C
Act. This rulemaking implements
section 808 of the FD&C Act; we will
recognize accreditation bodies to
accredit third-party certification bodies,
except for limited circumstances in
which we may directly accredit thirdparty certification bodies.
FSMA specifies two uses for the food
and facility certifications issued by
accredited third-party certification
bodies under this program. First, facility
certifications will be used by importers
to establish eligibility for VQIP under
section 806 of the FD&C Act. VQIP
offers participating importers expedited
review and importation for food from
facilities audited and certified by thirdparty certification bodies accredited
under this subpart. FDA issued draft
guidance on VQIP on June 5, 2015 (80
FR 32136); the draft guidance may be
accessed at https://www.fda.gov/
downloads/Food/GuidanceRegulation/
GuidanceDocumentsRegulatory
Information/UCM448558.pdf.
Second, section 801(q) of the FD&C
Act gives FDA the authority to make a
risk-based determination to require, as a
condition of admissibility, that a food
imported or offered for import into the
United States be accompanied by a
certification or other assurance that the
food meets the applicable requirements
of the FD&C Act. The authority to
mandate import certification for food,
based on risk, is one of the tools we can
use to help prevent potentially harmful
food from reaching U.S. consumers.
When FDA has determined that a food
import is subject to such certification
under section 801(q) of the FD&C Act,
FDA will require, as a condition of
entry, a certification issued either by an
accredited third-party certification body
under this rule or by an agency or
representative of the government of the
country from which the food at issue
originated, as designated by FDA.
This final rule will help FDA ensure
the competence and independence of
third-party certification bodies who are
accredited to conduct foreign food
safety audits to examine compliance
with the applicable food safety
requirements of the FD&C Act and FDA
regulations, among other things. The
document also will help ensure the
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
validity and reliability of certifications
offered to FDA for purposes of VQIP
eligibility under section 806 of the
FD&C Act and admissibility of an
imported food subject to an FDA risk
determination under section 801(q) of
the FD&C Act.
The third-party certification program
is part of FSMA’s paradigm shift toward
a modern, preventive, and risk-based
approach to food safety regulation and
new programs to facilitate global trade
in safe food. Specifically, FSMA
requires FDA to issue new preventive
controls and produce safety standards
that apply to domestic and foreign
processors and producers. In addition,
FSMA directs FDA to issue an FSVP
regulation requiring importers to
implement FSVPs that provide adequate
assurances that their foreign suppliers
produce food that is in compliance with
processes and procedures, including
risk-based preventive controls, that
provide the same level of public health
protection as those required under
section 418 (concerning hazard analysis
and preventive controls) or 419
(concerning produce safety) of the FD&C
Act, as appropriate, and that is in
compliance with sections 402
(concerning adulteration) and 403(w)
(concerning misbranding regarding
allergen labeling) of the FD&C Act. We
emphasize that facilities and importers
are not required to use third-party
certification bodies accredited under
this rule in meeting their supplier
verification requirements under the
final human or animal preventive
controls or FSVP regulations. See
section XIII.G.
By contrast, the third-party
certification program established under
section 808 of the FD&C Act focuses on
food safety audits to certify that eligible
foreign entities and the food produced
by such entities meet applicable FDA
requirements for purposes of sections
801(q) and 806 of the FD&C Act.
Although importers must obtain facility
certifications from accredited thirdparty certification bodies under this rule
in order to be eligible for VQIP, we note
that importers seeking to satisfy a
requirement for certification as a
condition of admissibility for an article
of food under section 801(q) of the
FD&C Act may offer a certification
issued either by foreign governments
designated by FDA to issue such
certifications or by third-party
certification bodies accredited under
this rule.
Through FSMA we are transforming
our role in the global food safety system,
by building ever stronger partnerships
with our foreign regulatory counterparts
and by exploring opportunities to
PO 00000
Frm 00006
Fmt 4701
Sfmt 4700
leverage private food safety activities to
benefit of our system of public food
safety assurances. We value the role that
private audits can play in enhancing
food safety when done properly, and we
share common purpose with the food
industry in ensuring the rigor and
objectivity of those audits.
The final rule on accreditation of
third-party certification bodies reflects
the results of significant stakeholder
engagement to help ensure that the rule
achieves its public health goal, reflects
industry best practices, and strikes the
right balance between flexibility and
accountability.
C. The Proposed Rule
FDA published a proposed rule for
‘‘Accreditation of Third-Party Auditors/
Certification Bodies to Conduct Food
Safety Audits and to Issue
Certifications’’ (the proposed rule) on
July 29, 2013. The proposed rule
included eligibility requirements for
accreditation bodies to qualify for
recognition and requirements that
accreditation bodies choosing to
participate in the FDA program must
meet, once recognized. We also
proposed eligibility requirements for
third-party certification bodies to
qualify for accreditation and
requirements that third-party
certification bodies choosing to
participate in the FDA program must
meet, once accredited. We intended the
proposed requirements to ensure the
competency and independence of the
accreditation bodies and third-party
certification bodies participating in the
program.
We also proposed procedures for
recognition and accreditation, as well as
requirements relating to monitoring and
oversight of participating accreditation
bodies and third-party certification
bodies. These included procedures that
we would follow when removing a
third-party certification body or an
accreditation body from the program.
Further, we proposed requirements
relating to auditing and certification of
foreign eligible entities under the
program, and for notifying us of
conditions in an audited facility that
could cause or contribute to a serious
risk to the public health. In response to
several requests, we extended the
proposed rule comment period until
January 27, 2014.
D. Public Comments
We received over 150 comments from
accreditation bodies, certification
bodies, members of the food industry,
industry associations, foreign
governments, State governments, public
health organizations, public advocacy
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
groups, individual consumers,
consumer groups, and others. Some
submissions included signatures and
statements from multiple individuals.
Taken as a whole, the comments
address virtually every provision of the
proposed rule. In the remainder of this
document, we describe the comments
that are within the scope of this
rulemaking, respond to them, and
explain any revisions we made from the
proposed rule.
A number of comments focus on the
overarching issues of: (1) Alignment
with voluntary consensus standards; (2)
the use of private food safety schemes;
(3) the relationship between the thirdparty certification program, foreign
competent authorities, and FDA’s
international activities; and (4) the
possible implications of the lack of
qualified auditors on the third-party
certification program. We address these
comments generally below.
We received several comments on the
overarching issue of the use of voluntary
international consensus standards
issued by the International Organization
for Standardization (ISO) and the
International Electrotechnical
Commission (IEC), including the
following ISO/IEC standards: ISO/IEC
17000:2004 Conformity assessment—
Vocabulary and general principles (ISO/
IEC 17000:2004) (Ref. 4); ISO/IEC
17011:2004, Conformity assessment—
General requirements for accreditation
bodies accrediting conformity
assessment bodies (ISO/IEC 17011:2004)
(Ref. 5); ISO/IEC 17021:2011,
Conformity assessment—Requirements
for bodies providing audit and
certification of management systems
(ISO/IEC 17021:2011) (Ref. 6); ISO/IEC
17065:2012, Conformity assessment—
Requirements for bodies certifying
products, processes and services (ISO/
IEC 17065:2012) (Ref. 7); and ISO/IEC
19011:2011, Guidelines for auditing
management systems (ISO/IEC
19011:2011) (Ref. 8).
Some comments support the approach
to ISO/IEC standards that we used when
developing the proposed rule; some
comments state that the process for
developing these standards makes them
unbiased. Other comments suggest we
should place greater reliance on ISO/IEC
standards, including some comments
asserting that we should incorporate
ISO/IEC standards by reference into the
final rule. These comments encourage
us to follow the example of a proposed
rule issued by the Environmental
Protection Agency and entitled,
‘‘Formaldehyde; Third-Party
Certification Framework for the
Formaldehyde Standards for Composite
Wood Products’’ (78 FR 34795, June 10,
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
2013), which proposed to incorporate by
reference certain international
standards. These comments assert that
by placing greater reliance on ISO
standards, we could allow ISO’s broader
oversight program to complement FDA’s
management of these bodies.
Implementation of section 808 of the
FD&C Act occurs against the backdrop
of the broader Federal policies on
consensus standards and conformity
assessment under the National
Technology Transfer and Advancement
Act of 1995 (NTTAA) (Pub. L. 104–113).
The NTTAA, together with the Office of
Management and Budget (OMB)
Circular A–119, revised February 10,
1998 (63 FR 8546, February 19, 1998),
directs Federal Agencies to use
voluntary consensus standards in lieu of
government-unique standards except
where inconsistent with law or
otherwise impractical. OMB Circular
A–119 states that the use of voluntary
standards, whenever practicable and
appropriate, is intended to eliminate the
cost to government of developing its
own standards and decrease the cost of
goods procured and the burden of
complying with Agency regulation;
provide incentives and opportunities to
establish standards that serve national
needs; encourage long-term growth for
U.S. enterprises and promote efficiency
and economic competition through
harmonization of standards; and further
the policy of reliance upon the private
sector to supply government needs for
goods and services.
As directed by OMB in Circular
A–119, the National Institute of
Standards and Technology (NIST), in
the Federal Register of August 10, 2000
(65 FR 48894), issued policy guidance
on Federal conformity assessment
activities (defined as activities
concerned with determining directly or
indirectly that requirements for
products, services, systems, and
organizations are fulfilled) (15 CFR
287.2). The Federal conformity
assessment guidance is codified at 15
CFR part 287 and applies to all Federal
Agencies that set policy for, manage,
operate, or use conformity assessment
activities or results, domestically and
internationally (except for activities
conducted pursuant to treaties) and is
intended to eliminate unnecessary
duplication and complexity in
conformity assessment requirements.
(We note that OMB has announced it is
currently revising Circular A–119, and
NIST is revising the Federal conformity
assessment guidance.)
We agree with comments on the value
of promoting international consistency
and tapping into an existing framework
of consensus standards that is familiar
PO 00000
Frm 00007
Fmt 4701
Sfmt 4700
74575
to industry, which may make it easier
for accreditation bodies, third-party
certification bodies, and eligible entities
to comply with this rule. Therefore, we
are revising the rule to allow for
accreditation bodies and third-party
certification bodies to use
documentation of their conformance
with ISO/IEC standards in meeting the
program requirements under this rule,
supplemented as necessary. We are not,
however, incorporating these standards
by reference into the rule as further
discussed in our responses to comments
in sections III. to XIII., except that we
are not further responding to comments
citing specific requirements of ISO/IEC
Guide 65:1996, Conformity
assessment—Requirements for bodies
providing audit and certification of
management systems (ISO/IEC Guide
65:1996) (Ref. 9) in sections III. to XIII.,
because that standard has been
withdrawn and replaced by ISO/IEC
17065:2012 (Ref. 7) in September 2015.
Comments referring to ISO/IEC
17020:2012, Conformity assessment—
Requirements for the operation of
various types of bodies performing
inspection (ISO/IEC 17020:2012) (Ref.
10) are outside the scope of this
rulemaking, because that standard
relates to inspections and not the
auditing and certification activities that
will be performed under this rule.
Therefore, we are not responding to
comments citing to ISO/IEC 17020:2012,
Conformity assessment—Requirements
for the operation of various types of
bodies performing inspection (ISO/IEC
17020:2012) (Ref. 10) in sections III. to
XIII.
We also received several comments
on the overarching issue of using private
food safety schemes as audit criteria for
regulatory audits conducted under the
third-party certification program. Some
comments suggest that FDA should rely
on private food safety schemes,
particularly those that have been
benchmarked by the Global Food Safety
Initiative (GFSI), as the audit criteria for
regulatory audits of eligible entities
under the third-party certification
program. Other comments suggest that
FDA should establish requirements for
accreditation bodies and third-party
certification bodies that are similar to
those required by GFSI, such as GFSI
requirements relating to accreditation
under relevant ISO/IEC product
certification or management system
standards.
By way of background, a group of
international retailers established GFSI
in 2000 with the goal of reducing the
need for duplicative third-party audits
by benchmarking private food safety
schemes against a harmonized set of
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74576
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
criteria for food safety and management
systems (see 78 FR 45782 at 45788; July
29, 2013). Under current GFSI criteria,
a food safety scheme must have a
commitment with one or more
accreditation bodies for certification
bodies that operate in conformance with
either the product certification standard,
ISO/IEC Guide 65, or the management
system standard, ISO/IEC 17021:2006
(supplemented by ISO/TS 22003). GFSI
describes these standards as having
similar requirements for how a
certification body must operate—e.g., in
addressing issues of preventing conflict
of interest, managing customer
information, properly qualifying
personnel, auditor calibration, and
many other aspects involved with the
certification process. However, as GFSI
noted in a 2011 White Paper (Ref. 11),
there is a distinct difference between the
two. ISO 17021/ISO 22003 is not
product specific. ISO/IEC Guide 65, on
the other hand, is concerned with
verifying that particular products or
services meet specified requirements.
The type and scope of GFSI
benchmarked scheme selected,
determines the accreditation standard
which applies. The majority of GFSI
recognized schemes fall under ISO/IEC
Guide 65 accreditation requirements,
whereas only two currently recognized
schemes are management system
schemes accredited to ISO 17021/ISO
22003.
Comments suggesting that we should
rely on GFSI-benchmarked food safety
schemes or other private food safety
schemes as the criteria for certification
under the third-party program are
outside the scope of this rulemaking.
This rule establishes the framework for
the third-party certification program,
and not the food safety standards that
accredited third-party certification
bodies will use to determine an eligible
entity’s compliance with the applicable
food safety requirements of the FD&C
Act and FDA regulations. We are
however responding to relevant
comments that address audit quality
and auditor competency, consistency,
and capacity, including comments
referencing GFSI’s work in these areas.
Other overarching comments ask how
the FSMA third-party certification
program relates to the roles of foreign
competent authorities and to FDA’s
international activities. Some comments
assert that competent authorities should
be allowed to participate in the thirdparty certification program purely by
administrative procedures without a
formal review process. Other comments
suggest that government agencies with
both regulatory and trade promotion
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
missions face inherent conflicts of
interest.
Some comments recommend that we
should establish a different structure for
accrediting third-party certification
bodies that already have been approved
by a foreign government accreditation
body. Other comments suggest that FDA
should reserve the role of accreditation
body or third-party certification body
for a national competent authority that
requests it. The comments argue that the
responsibility for monitoring the safety
of food exports should remain with the
national competent authorities in each
country.
Some comments ask whether a
national competent authority has a role
in auditing and certification activities
occurring in the country, including in
countries where an FDA foreign office is
located. Other comments ask whether
the competent authority may perform
other activities in the third-party
certification program, such as
authentication of audit information
before it is submitted to FDA. Still other
comments suggest that FDA require
accredited third-party certification
bodies to review correspondence
between an audited eligible entity and
the competent authorities in the country
where the eligible entity is located.
Section 808 of the FD&C Act
expressly provides for both public and
private accredited third-party
certification bodies. Public accreditation
bodies and third-party certification
bodies, as well as private accreditation
bodies and third-party certification
bodies that meet the eligibility
requirements for recognition and
accreditation under section 808 of the
FD&C Act and this rule are equally
eligible to participate in the third-party
certification program. This includes
government accreditation bodies and
certification bodies in countries where
FDA has a foreign office, as well as
government agencies with the dual
missions of food safety and trade
promotion. We believe that both public
and private third-party certification
bodies and accreditation bodies are
capable of exhibiting the competency,
capacity, and impartiality necessary to
meet the letter and spirit of the law and
this regulation.
By becoming an accredited third-party
certification body or a recognized
accreditation body, a competent
authority for food safety or a foreign
accreditation body would establish a
role in the third-party certification
program. Only if competent authorities
are accredited under this rule, may they
issue food and facility certifications
under section 808 of the FD&C Act. (We
note, however, that FDA may require
PO 00000
Frm 00008
Fmt 4701
Sfmt 4700
certifications from competent
authorities under section 801(q) of the
FD&C Act for foods that FDA
determines meet the criteria set forth in
that section (see 801(q)(3)(A) of the
FD&C Act), regardless of whether the
competent authorities are accredited.)
We acknowledge that the third-party
certification program that is the subject
of this rule is narrowly tailored and only
a small piece of the much larger
modernized, prevention-oriented food
safety system we are establishing under
FSMA. Broader FSMA activities are
outside the scope of this rulemaking, as
are matters covered by FDA’s
information sharing arrangements with
foreign competent authorities.
We received other comments on the
overarching issue of how the third-party
certification program fits into FDA’s
international activities. Some comments
assert that, for countries with a systems
recognition agreement with FDA, there
should be no need for a (direct or
indirect) role for FDA in monitoring
accredited third-party certification
bodies. Other comments encourage us to
recognize their national food safety
system as equivalent to that of the
United States.
The systems recognition initiative is a
food safety regulatory cooperation
program that allows FDA to take into
account the role of food safety systems
of exporting countries in our risk-based
decisionmaking. We are using systems
recognition as a tool to determine when
we can rely on the implementation of
science-based food safety programs by
foreign regulatory authorities and take
action based on information provided
by such authorities.
We note that a competent authority
with whom FDA has a systems
recognition agreement must apply for
recognition to make accreditation
decisions and apply for accreditation to
issue certifications under section 808 of
the FD&C Act. If the competent
authority applies for recognition or
direct accreditation by FDA (assuming
that the statutory criteria have been met
for FDA to begin direct accreditation),
FDA’s review will be informed by the
data, experiences, and insights into the
foreign system that FDA gained through
the systems recognition review. Except
as described above, systems recognition
activities are outside the scope of this
rulemaking, as are equivalency
determinations.
We also received several overarching
comments noting that the lack of
qualified food safety auditors is a
problem in many countries. Some
comments suggest that we may face
similar problems with the availability of
accredited third-party certification
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
bodies in our program. The comments
assert that we should prioritize the
review of applications from foreign
countries with significant volumes of
exports to the United States because of
the cost and inconvenience to foreign
suppliers and the likely trade disruption
that would result if the only accredited
third-party certification bodies were
located in other countries. Some
comments predict that rapid expansion
in the field of food safety auditing may
result in shortcuts in auditing. Other
comments contend that because of the
limited availability of qualified auditors
we should adjust the timeframes for
accredited third-party certification
bodies to submit information to FDA
under the regulations. The comments
specifically request that we lengthen the
45-day timeframe for submitting
regulatory audit reports.
We acknowledge the concerns about
cost, inconvenience, and disruption
resulting from auditor capacity issues.
We are encouraging broad program
participation to minimize the likelihood
that capacity issues might emerge,
because certifications issued by
accredited third-party certification
bodies under this program are intended
to facilitate trade. The certifications are
used in meeting the eligibility
requirements of VQIP for expedited
entry of food under section 806 of the
FD&C Act and in satisfying a condition
of admissibility for a food subject an
FDA determination under section 801(q)
of the FD&C Act.
Revisions have been made to this rule
made in response to comments, such as
allowing accreditation bodies and thirdparty certification bodies to use
documentation of their conformance
with ISO/IEC standards in support of
their applications. We also are
modifying our ‘‘first in, first out’’
approach to processing applications, as
comments request, to allow for
prioritizing specific applications and
requests based on program needs. We
are unable to accommodate the request
to lengthen the timeframe for
submission of regulatory audit reports to
FDA, because the 45-day deadline for
submission is established in section
808(c)(3)(A) of the FD&C Act. Audit
protocols and other requirements of the
rule are designed to prevent audit agents
(auditors) and third-party certification
bodies from taking shortcuts that would
jeopardize audit results.
Some comments addressed the Model
Accreditation Standards that FDA is
required to develop under section
808(b)(2) of the FD&C Act for use in
qualifying third-party certification
bodies for accreditation. Some of these
comments suggest various criteria to be
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
included in the model standards. Other
comments suggest the proposed rule
was ambiguous with respect to the form
of, and manner by which, FDA will
establish the Model Accreditation
Standards.
While the substance of the Model
Accreditation Standards is outside the
scope of this rulemaking, we note that
on July 24, 2015, FDA published a draft
guidance on Model Accreditation
Standards. The draft guidance can be
accessed at: https://www.fda.gov/Food/
GuidanceRegulation/Guidancev
DocumentsRegulatoryInformation/
ucm455328.htm. Additionally, a notice
was published in the Federal Register
(80 FR 44137, July 24, 2015) of the
availability of the draft guidance and of
the opening of a docket for public
comments on the document. As
explained in the draft guidance, section
808(b)(2) of the FD&C Act requires FDA
to develop Model Accreditation
Standards that recognized accreditation
bodies shall use to qualify third-party
certification bodies for accreditation,
and in so doing, to look to existing
standards for certification bodies (as of
the date of enactment of FSMA) to avoid
unnecessary duplication of efforts and
costs. The draft guidance contains FDA
recommendations on third-party
certification body qualifications,
including recommendations based on
relevant provisions in the proposed
rule. This final rule will serve as a
framework for the Model Accreditation
Standards final guidance, which will
include more detailed recommendations
on third-party certification body
qualifications.
Some comments respond to our
request for input on the question about
the value of, and possible need for, FDA
to establish a program for use of
accredited third-party certification
bodies to conduct domestic food safety
audits (78 FR 45782 at 45823). We
received comments on all sides,
expressing various views. We are taking
these comments under advisement at
this time, as the focus of this final rule
is on establishing and implementing the
third-party certification program set
forth in section 808 of the FD&C Act.
Other comments addressed the
substance of VQIP, import certification,
laboratory accreditation, and provisions
in the proposed FSVP rule and/or other
FMSA rules that are outside the scope
of this rulemaking; accordingly we will
not be responding to those comments
here. Other comments that fall outside
the scope of this rulemaking, and to
which we will therefore not be
responding, include comments on the
value of a universal, mandatory food
safety system; comments advocating for
PO 00000
Frm 00009
Fmt 4701
Sfmt 4700
74577
policies promoting locally grown
produce; comments addressing the
information technology infrastructure
needs of the third-party certification
program; comments suggesting the value
of student interns to the food safety
system; and comments on factors
beyond the use of third-party audits that
FDA should consider in setting
inspection priorities.
We also received a few comments
concerning the rulemaking process.
Comments suggest that we devise a new
process for regularly updating the rule;
they state that FDA has cumbersome
requirements for modifying rules. FDA’s
current rulemaking process is consistent
with FDA’s obligations under the
Administrative Procedure Act (5 U.S.C.
551–559).
II. Legal Authority
Section 307 of FSMA, Accreditation
of Third-Party Auditors, amends the
FD&C Act to create a new provision,
section 808, under the same name.
Section 808(b)(1)(A) of the FD&C Act
requires us to establish a system, within
2 years of the enactment of FSMA, for
the recognition of accreditation bodies
that accredit third-party certification
bodies to conduct food safety audits and
to issue certifications for eligible foreign
food entities and their products for
purposes of sections 801(q) and 806 of
the FD&C Act.
Section 808(c)(5)(C) of the FD&C Act
directs us to issue implementing
regulations for section 808 of the FD&C
Act. The regulations must require audits
to be unannounced and must contain
protections against conflicts of interest
between accredited third-party
certification bodies (and their audit
agents) and the entities they audit or
certify, including requirements on
timing and public disclosure of fees and
appropriate limits on financial
affiliations (21 U.S.C. 384d(c)(5)(C)(i),
(ii), and (iii)).
This final rule establishes regulations
implementing section 808 of the FD&C
Act. The authority for the requirements
in this rule comes primarily from
section 808 of the FD&C Act. However,
FDA also derives authority for this final
rule from other sections of the FD&C
Act, including section 701(a) of the
FD&C Act (21 U.S.C. 371(a)), which
authorizes us to issue regulations for the
efficient enforcement of the FD&C Act.
The regulations in this final rule ensure
the competency and independence of
recognized accreditation bodies and of
accredited third-party certification
bodies, which will help ensure the
validity and reliability of certifications
and other information resulting from the
food safety audits conducted by
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74578
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
accredited third-party certification
bodies. These features of the final rule
are essential to the operation of the
third-party program. This rule also is
consistent with section 404 of FSMA (21
U.S.C. 2252), which states that nothing
in FSMA should be construed in a
manner that is inconsistent with the
agreement establishing the World Trade
Organization or any other treaty or
international agreement to which the
United States is a party.
This rule establishes requirements for
accreditation bodies and third-party
certification bodies seeking recognition
and accreditation, respectively. These
requirements will help ensure that any
accreditation bodies that we recognize,
and any certification bodies that are
accredited, are capable of meeting all of
the requirements of this program. This
includes requirements, for example, for
legal authority and competency and
capacity. It also includes provisions for
the direct accreditation of third-party
certification bodies by FDA in
accordance with section 808(b)(1)(A)(ii)
of the FD&C Act. This rule also
establishes requirements for
accreditation bodies that have been
recognized, and third-party certification
bodies that have been accredited. This
includes requirements designed to
decrease the potential for conflicts of
interest in accordance with section
808(c)(5)(C)(ii) of the FD&C Act.
Additionally, this rule establishes
requirements for eligible entities that
want to be certified under this program.
This includes requirements for onsite
audits by FDA for the purpose of
monitoring in accordance with section
808(f)(3) of the FD&C Act. Finally, this
rule establishes general requirements
related to the operation of this program.
These include requirements for
requesting a regulatory hearing on
revocation of recognition or withdrawal
of accreditation.
Some of the requirements under this
final rule are also established, in part,
under the authority in sections 806 and
801(q) of the FD&C Act. Section 806 of
the FD&C Act describes a voluntary
program to provide for the expedited
review and importation of food offered
for importation from certified facilities
(VQIP). Section 801(q) of the FD&C Act
gives FDA authority to require
certifications for imported food in
certain situations. This final rule does
not set up the framework for
participation in the program described
under section 806 of the FD&C Act, nor
does it describe the circumstances
under which FDA might require
certification under section 801(q) of the
FD&C Act. However, this rule does
describe circumstances under which
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
FDA might refuse to consider a
certification issued under this program
in determining the admissibility of an
article of food for which the certification
was offered under section 801(q) of the
FD&C Act, or in determining eligibility
for participation in VQIP under section
806 of the FD&C Act. Additionally, this
rule creates limited exemptions from the
certification requirements of section
801(q) of the FD&C Act for certain
alcoholic beverages, including certain
raw materials and ingredients that are
used to manufacture/process alcoholic
beverages. The exemptions are being
promulgated consistent with section 116
of FSMA (21 U.S.C. 2206). Section
116(a) of FSMA states that, except as
provided by certain listed sections in
FSMA, nothing in FSMA, or the
amendments made by FSMA, will be
construed to apply to a facility that: (1)
Under the Federal Alcohol
Administration Act (27 U.S.C. 201 et
seq.) or chapter 51 of subtitle E of the
Internal Revenue Code of 1986 (26
U.S.C. 5001 et seq.) is required to obtain
a permit or to register with the Secretary
of the Treasury as a condition of doing
business in the United States and (2)
under section 415 of the FD&C Act (21
U.S.C. 350d) is required to register as a
facility because such facility is engaged
in manufacturing, processing, packing,
or holding one or more alcoholic
beverages (with respect to the activities
of such facility that relate to the
manufacturing, processing, packing, or
holding of alcoholic beverages). This
rule also creates exemptions from the
certification requirements of section
801(q) of the FD&C Act for products
subject to the requirements of the U.S.
Department of Agriculture (USDA)
under the Federal Meat Inspection Act
(FMIA) (21 U.S.C. 601 et seq.), the
Poultry Products Inspection Act (PPIA)
(21 U.S.C. 451 et seq.), or the Egg
Products Inspection Act (EPIA) (21
U.S.C. 1031 et seq.) at the time of
importation. We conclude that this
provision is consistent with section 403
of FSMA, entitled ‘‘Rule of
Construction,’’ which states that nothing
in FSMA shall be construed to alter or
limit the jurisdiction of the Secretary of
the Department of Agriculture.
III. Comments on What Definitions
Apply to This Subpart (§ 1.600)
We proposed to codify definitions of
several terms used in the third-party
certification regulations. We received
several comments on this section. As
discussed in the following paragraphs,
we have revised many of the proposed
definitions in response to comments as
well as on our own initiative. Where we
disagree with comments or decline a
PO 00000
Frm 00010
Fmt 4701
Sfmt 4700
suggested revision, we offer an
explanation in response. Some
definitions were finalized as proposed.
The definitions for terms used in the
third-party certification regulations are
codified in 21 CFR 1.600.
A. Definitions, Generally
(Comment 1) Several comments
encourage us to more closely align the
definitions in § 1.600 with international
standards to promote consistency and
common understanding of the rule. The
comments explain that the terms and
definitions used in section 808 of the
FD&C Act and in the proposed rule
convey a different meaning for
accreditation bodies, certification
bodies, and the standards community.
To that end, some comments encourage
us to avoid using the term ‘‘third-party
auditor’’ synonymously with
‘‘certification body,’’ to be consistent
with international standards, which use
the term ‘‘certification body’’ (e.g., ISO/
IEC 17065:2012 (Ref.7).
Similarly, some comments indicate
that, the language of the statute
notwithstanding, it is not correct to use
the term ‘‘third-party auditor’’ when
describing the activities of a ‘‘thirdparty certification body.’’ The comments
explain that auditors are individuals
contracted or employed by certification
bodies to conduct audits, and they urge
us to clarify the rule by substituting
‘‘certification body’’ for ‘‘third-party
auditor.’’
(Response 1) We agree that alignment
with the terminology used in
international standards is preferable,
wherever possible. Congress recognized
the value of international standards in
accreditation and certification, having
instructed us in section 808(b)(2) of the
FD&C Act to look to existing standards
in developing our model accreditation
standards to avoid unnecessary
duplication of efforts and costs. We
believe it is particularly useful to rely
on definitions and terminology from
international consensus standards when
possible where, as here, the rule is
establishing a voluntary program with
an international focus. In addition, we
agree that, notwithstanding the use of
the term ‘‘third-party auditor’’ in the
statute, the use of the term ‘‘third-party
certification body’’ instead of the term
‘‘third-party auditor’’ provides some
clarity for purposes of referring to
bodies that employ or contract
individuals to perform audits.
Therefore, in response to the
comments suggesting the term ‘‘thirdparty auditor’’ is confusing and
inconsistent with international
standards, we are using the term ‘‘thirdparty certification body’’ in the
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
remainder of the preamble and in the
codified of this final rule, except in the
definitions of ‘‘Accredited third-party
certification body’’ and ‘‘Third-party
certification body’’ in § 1.600(c) and in
the preamble discussion of those
definitions.
On our own initiative, we are
including the descriptor ‘‘third-party’’
before ‘‘certification body’’ throughout
this final rule. We did not use that
descriptor in the proposed rule when
referring to a third-party auditor/
certification body once accredited. We
are doing so now in order that the term
accurately reflects that, under this
subpart, only third-party certification
bodies are eligible for accreditation. We
are making corresponding changes to
the term ‘‘accredited auditor/
certification body;’’ and in this final rule
we will instead use the term,
‘‘accredited third-party certification
body.’’
Accordingly, we have revised the
proposed definitions of ‘‘accreditation,’’
‘‘accreditation body,’’ ‘‘accredited
auditor/certification body,’’ ‘‘audit,’’
‘‘audit agent,’’ ‘‘certification body,’’
‘‘direct accreditation,’’ ‘‘eligible entity,’’
‘‘facility certification,’’ ‘‘food
certification,’’ ‘‘recognized accreditation
body,’’ ‘‘relinquishment,’’ and ‘‘selfassessment,’’ to replace the term ‘‘thirdparty auditor’’ with the term ‘‘thirdparty certification body,’’ or ‘‘third-party
certification bodies,’’ and to remove
‘‘auditor/’’ from in the term ‘‘third-party
auditor/certification body’’ or ‘‘thirdparty auditors/certification bodies’’ that
was used in the proposed rule.
On our own initiative, we added a
sentence to the definition of ‘‘accredited
third-party certification body’’ in § 1.600
of this final rule to explain that the term
has the same meaning as ‘‘accredited
third-party auditor’’ as defined in
section 808(a)(4) of the FD&C Act.
Similarly, we added language to the
definition of ‘‘third-party certification
body’’ in § 1.600 of this final rule
explaining that the term has the same
meaning as ‘‘third-party auditor’’ as
defined in section 808(a)(3) of the FD&C
Act.
(Comment 2) Some comments
encourage us to make the definitions in
this rule consistent with the definitions
in other FSMA proposed rules, such as
the 2013 proposed FSVP regulation, the
2013 proposed human preventive
controls regulation, the 2013 proposed
animal preventive controls regulation,
and the 2012 proposed produce safety
regulation, where feasible.
(Response 2) We agree with the
comments on the overarching goal of
alignment across regulations and
accepted suggested revisions, where
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
feasible and appropriate. However, it is
not always possible to develop uniform
definitions due to the distinct statutory
requirements and the framework of each
program. In such cases where it was not
feasible or appropriate, we declined the
suggested revisions from comments. We
discuss such comments and our
responses under each relevant term.
B. Assessment
We did not define ‘‘assessment’’ in
the proposed rule.
(Comment 3) Some comments
recommend adding a definition of
‘‘assessment’’ based on ISO/IEC
17011:2004 (Ref. 5), clause 3.7, which
describes the process for evaluating
certification bodies. The comments
explain that defining such evaluations
as ‘‘audits,’’ as we had proposed, is
inconsistent with international
standards. The comments suggest
consulting with other ISO/IEC standards
for relevant terminology.
(Response 3) We agree that the term
‘‘assessment’’ should be used, in part, to
refer to the activity undertaken to assess
the competency and capacity of a thirdparty certification body under the rule.
We reviewed ISO/IEC 17011:2004 (Ref.
5) (clause 3.7 and NOTE) and ISO/IEC
17000:2004 (Ref. 4), ISO/IEC 17040:2005
Conformity assessment—General
requirements for peer assessment of
conformity assessment bodies and
accreditation bodies (ISO/IEC
17040:2005) (Ref. 12), and an
International Accreditation Forum (IAF)
document entitled, ‘‘IAF Endorsed
Normative Documents’’ (Ref. 13).
After considering the comments and
reviewing the referenced documents, we
developed a definition of ‘‘assessment’’
that describes, with respect to
accreditation bodies, the activity
undertaken by FDA to evaluate the
competency and capacity of the
accreditation body under the applicable
requirements of this rule. With respect
to certification bodies, ‘‘assessment’’
describes the activity undertaken by a
recognized accreditation body (or, in the
case of direct accreditation, FDA) to
evaluate the competency and capacity of
a certification body under the applicable
requirements of this rule. We also made
corresponding changes to the definition
of ‘‘audit’’ from proposed § 1.600(c) by
removing clauses (1) and (2).
C. Audit
We proposed a definition of ‘‘audit’’
describing the examination of
accreditation bodies, third-party
certification bodies, and eligible
entities. We proposed to define an audit
of an accreditation body as an
examination by FDA of the accreditation
PO 00000
Frm 00011
Fmt 4701
Sfmt 4700
74579
body’s authority, qualifications,
resources, policies, procedures, and
performance, as well as of its capability
to meet the requirements of the
proposed rule. We proposed to define
an audit of a third-party certification
body as an examination by a recognized
accreditation body (or, by FDA, for
direct accreditation) of the third-party
certification body’s authority,
qualifications, resources, policies,
procedures, and performance, as well as
of its capability to meet the
requirements of the proposed rule. We
proposed to define an audit of an
eligible entity as an examination by an
accredited third-party certification body
of the eligible entity to assess the entity,
its facility, system(s), and food using
audit criteria for consultative or
regulatory audits, and, for consultative
audits, also including an assessment of
compliance with applicable industry
standards and practices.
We received some comments on the
proposed definition of ‘‘audit,’’ and the
related definitions of ‘‘consultative
audit’’ and ‘‘regulatory audit.’’
Comments specific to the definition of
‘‘consultative audit’’ are discussed in
section III.E., and comments on the
definition of ‘‘regulatory audit’’ are
discussed in section III.L. As described
in Response 3, we also removed clauses
(1) and (2) from the proposed definition
of ‘‘audit’’ because those evaluations are
‘‘assessments’’ as the term is defined in
§ 1.600(c).
On our own initiative, we are revising
the definition of ‘‘audit’’ to clarify that
an audit conducted under this subpart
is not an inspection under section 704
of the FD&C Act (21 U.S.C. 374).
(Comment 4) Several comments
encourage us to align our definition of
audit with relevant international
standards, and some comments request
that we use the definition of ‘‘audit’’
from the Codex ‘‘Principles for Food
Import and Export Inspection and
Certification’’ (CAC/GL 20–1995) (Ref.
14), which defines ‘‘audit’’ as a
‘‘systematic and functionally
independent examination to determine
whether activities and related results
comply with planned objectives.’’
(Response 4) We agree with the
general principle of creating consistency
with international standards and have
revised the definition of ‘‘audit’’ in
§ 1.600(c) accordingly. Rather than
describing the determination of whether
activities comply with ‘‘planned
objectives’’ that appears in the Codex
definition of ‘‘audit’’ (Ref. 14), we
inserted a brief description of the
objectives of consultative and regulatory
audits from the definitions in section
808(a)(5) and (7) of the FD&C Act (i.e.,
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74580
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
the examination of an eligible entity
under this rule).
(Comment 5) Some comments
encourage us to remove the proposed
definition of ‘‘audit’’ in § 1.600(c) and
substitute the FSVP definition of
‘‘audit’’ instead, to promote consistency
and a common understanding of
terminology.
(Response 5) We disagree. We believe
that it is more important for the
definition in this rule to reflect
international standards that are
generally well known to the parties
subject to this rule than it is for the
definition to mirror the definition in
FSVP, which has different applicability.
FSVP applies to importers; this rule
applies to accreditation bodies, thirdparty certification bodies, and eligible
entities. Therefore, we are rejecting the
suggestion to use the FSVP definition of
‘‘audit’’ as the definition of ‘‘audit’’ in
§ 1.600(c).
(Comment 6) We received some
comments on the definition of ‘‘audit’’
regarding its relationship to the related
definitions of ‘‘consultative audit’’ and
‘‘regulatory audit’’ in § 1.600(c). Some
comments recommend that we revise
the definition of ‘‘audit’’ to mean only
regulatory audits, and not consultative
audits, asserting that is how the word
‘‘audit’’ is used in the statute. These
comments contend that the statute must
be interpreted in light of the fact that
section 808 of the FD&C Act is directed
to food and facility certifications, which
are only accomplished through
regulatory audits. Other comments ask
us to clarify that the services of an
accredited third-party certification body
that fall short of the definition of an
‘‘audit’’ (e.g., informal consulting,
continuous improvement programs, and
limited purpose audits) under this rule,
are not subject to the requirements of
the rule.
(Response 6) We decline the
suggestion to interpret section 808 of the
FD&C Act in a manner that would
equate ‘‘audit’’ with ‘‘regulatory audit.’’
Section 808 of the FD&C Act defines
two types of audits used under the
program, consultative audits and
regulatory audits, and contains
requirements relating to each. (See, e.g.,
section 808(a)(5), (7), and (c)(3)(A) of the
FD&C Act). In addition, section
808(c)(4)(B) of the FD&C Act expressly
allows an accredited third-party
certification body or an audit agent of
such auditor to perform consultative
and regulatory audits of eligible entities.
To the extent that other comments
suggest creating a list of exceptions from
the definition of ‘‘audit’’ in the codified
for this rule, we decline to do so. To the
extent that these comments were
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
seeking clarification of the definition of
‘‘consultative audit’’ in § 1.600(c), and
what types of activities might fall
outside of that definition as well as
outside of this program, please see the
discussion in Response 9 in section
III.E.
(Comment 7) Some comments express
confusion about the criteria that
accredited third-party certification
bodies will be using in conducting
audits under subpart M and ask us to
more clearly describe the ‘‘applicable
requirements’’ against which
compliance will be evaluated. Some
comments are concerned that eligible
entities might be audited against
requirements that do not apply to their
operations. For example, some
comments note that firms subject to the
final animal preventive controls
regulation should not be assessed for
compliance with the allergen cross
contamination requirements of the final
human preventive controls regulation.
Other comments ask us to clarify
whether the ‘‘applicable requirements’’
are limited to requirements that appear
in the FD&C Act or FDA regulations, or
both.
(Response 7) During regulatory and
consultative audits, accredited thirdparty certification bodies will examine
compliance with applicable food safety
requirements of the FD&C Act and FDA
regulations within the scope of the
audit. In consultative audits, the thirdparty certification bodies also may be
conducting an examination to determine
conformance with applicable industry
standards and practices.
The applicable requirements that
accredited third-party certification
bodies and their audit agents will use
relate to the food safety standards under
the FD&C Act, such as the adulterated
food provisions in section 402 of the
FD&C Act and the provisions on the
misbranding of food allergens in section
403(w) of the FD&C Act. The applicable
requirements of the FD&C Act and FDA
regulations would depend on the type of
eligible entity being audited. To use the
example given by one of the comments,
an eligible entity that is subject to the
requirements of the final animal
preventive controls regulation, but not
the final human preventive controls
regulation, would not be subject to an
audit examining its practices relating to
cross-contamination by food allergens
under the final human preventive
controls regulation because those are
not ‘‘applicable food safety
requirements’’ for such an entity.
To help clarify this rule for eligible
entities, third-party certification bodies,
and accreditation bodies who may be
interested in participating in the
PO 00000
Frm 00012
Fmt 4701
Sfmt 4700
program and who may not yet be
familiar with U.S. laws and regulations,
we are using the phrase ‘‘applicable
food safety requirements of the FD&C
Act and FDA regulations’’ in place of
the phrase ‘‘applicable requirements’’ in
the definition of ‘‘audit’’ in § 1.600(c)
and elsewhere throughout the rule
where we are discussing the
requirements that will be used in
auditing eligible entities.2
D. Audit Agent
We proposed to define an ‘‘audit
agent’’ as an individual who is an
employee or other agent of an accredited
third-party certification body who,
although not individually accredited, is
qualified to conduct food safety audits
on behalf of an accredited third-party
certification body. Under the proposed
rule we also defined an audit agent to
include a contractor of the accredited
third-party certification body.
(Comment 8) Some comments express
concern about our proposal to allow a
contractor of an accredited third-party
certification body to serve as an audit
agent, asserting that ‘‘[w]ith each step
that is further removed in this process,
institutional control is lost
exponentially.’’ The comments point
out that a subcontractor conducted the
audit and gave a passing audit score to
a cantaloupe farm and packing facility
that used ‘‘improper and unsafe
processing equipment’’ and
subsequently was linked to a deadly
outbreak caused by Listeria
monocytogenes. Other comments
mentioning the incident cite to an
article in Bloomberg News explaining
that auditors often outsource to
independent contractors over whom
they do not have direct management
control (Ref. 15). Still other comments
offer the cantaloupe outbreak as an
example of why auditors must be
competent and accountable for their
activities.
(Response 8) We understand that
third-party certification bodies currently
work with individual auditors under
many different types of arrangements.
We acknowledge concerns raised by
comments about recent outbreaks at
some domestic facilities that had
received satisfactory scores in food
safety audits. Further, we agree with the
comments on the importance of an
accredited third-party certification body
exercising adequate control over an
audit agent conducting audits on its
2 Although we have elected to cite to both the
FD&C Act and FDA regulations in this definition,
we otherwise will follow the conventional practice
of using the words ‘‘applicable requirements’’ to
refer the applicable requirements of the FD&C Act
and FDA regulations.
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
behalf. We believe that principle is
equally true whether the audit agent is
an employee or a contract auditor.
International standards, such as ISO/
IEC 17021:2011 (Ref. 6), specifically
allow accredited third-party
certification bodies to use contractors to
perform audits if certain conditions are
met. Among other conditions, contract
auditors must meet the same level of
qualifications (e.g., knowledge, skills,
and experience) and the same
requirements for impartiality and
objectivity as do the auditors the thirdparty certification body employs. The
third-party certification body must
exercise adequate control and oversight
over a contractor such that the thirdparty certification body accepts the
result of the contractor’s audit as its
own.
When we proposed to define ‘‘audit
agent’’ to include a contractor, we were
contemplating arrangements such as
those described in ISO/IEC 17021:2011
(Ref. 6) that involve a direct relationship
between the accredited third-party
certification body and its auditors. We
are revising the definition of ‘‘audit
agent’’ to clarify that we are excluding
subcontractors and other types of
outsourcing arrangements; we have
concluded that such arrangements fail
to provide the degree of control and
oversight necessary for an accredited
third-party certification body to ensure
that its audit agents are competent and
objective. An accredited third-party
certification body exercises direct
supervision over the activities of its
employees, and has a direct relationship
with a contractor; but the relationship
between the third-party certification
body and a subcontractor or other type
of outsourced staff is attenuated—the
third-party certification body may not
even choose such persons and may not
have any direct authority over them. We
do not believe such diminished
oversight is appropriate, given the
important role of audit agents in this
program.
By revising the definition of ‘‘audit
agent’’ we are not preventing an
accredited third-party certification body
from subcontracting for services in areas
other than the conduct of audits. For
example, an accredited third-party
certification body may use
subcontractors or other outsourcing
arrangements to deliver annual training
to its audit agents under § 1.650 or may
use subcontractors or other outsourcing
arrangements to investigate and decide
on appeals of adverse regulatory audit
results under § 1.651. However, we are
limiting the role of ‘‘audit agent’’ to
employees and contractors of the
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
accredited third-party certification
body.
E. Consultative Audit
We proposed to define a ‘‘consultative
audit’’ as an audit of an eligible entity:
(1) To determine whether such entity is
in compliance with applicable
requirements of the FD&C Act and
industry standards and practices and (2)
the results of which are for internal
purposes only and cannot be used to
determine eligibility for a food or
facility certification issued under this
subpart or in meeting the requirements
for an onsite audit of a foreign supplier
under subpart L of this part.
(Comment 9) We received several
comments on the definition of
‘‘consultative audit.’’ Many comments
express concern that the definition of
‘‘consultative audit’’ is overly broad and
that some of the requirements that
would apply to consultative audits
under the proposed rule might create a
disincentive to using accredited thirdparty certification bodies. Some
comments urge FDA to remove all
requirements associated with
consultative audits from the rule. Other
comments identify two requirements of
particular concern: (1) Proposed § 1.656,
requiring an accredited third-party
certification body conducting a
consultative audit or regulatory audit
under the rule to notify FDA
immediately upon discovering a
condition that could cause or contribute
to a serious risk to public health (the
notification requirement) and (2)
proposed § 1.652, requiring an
accredited third-party certification body
to provide FDA access to a consultative
audit report when the criteria for
records access under section 414 of the
FD&C Act (21 U.S.C. 350c) are met (the
records access requirement). The
comments explain that many firms use
certification bodies (and/or their
consulting divisions) to help establish,
maintain, and improve their food safety
practices. For example, some firms use
certification bodies (and/or their
consulting divisions) to help in
identifying root causes and remediating
food safety problems. Comments also
note that certification bodies (and/or
their consulting divisions) provide
informal counseling, perform
preliminary evaluations, limited
purpose audits, and activities in support
of firms’ continuous improvement
programs.
Comments express concern that if
these types of activities are subject to
notification, records access, and other
requirements of the rule, firms located
outside the United States might not use
accredited third-party certification
PO 00000
Frm 00013
Fmt 4701
Sfmt 4700
74581
bodies, instead choosing unaccredited
third-party certification bodies to avoid
the requirements of this rule. The
comments assert that unaccredited
third-party certification bodies are less
likely to have qualified auditors and
their independence and objectivity is
less certain, than third-party
certification bodies that have been
evaluated and issued accreditation.
Comments also argue that the
definition of ‘‘consultative audit,’’
which states that the results of such an
audit are ‘‘for internal purposes only,’’
is inconsistent with the requirements for
notification and records access that
would apply to consultative audits
under the proposed rule. Other
comments ask us to clarify that audits
conducted for external purposes—for
example, an audit for purposes of
compliance with FSVP—do not satisfy
the definition of a consultative audit
because consultative audits are for
internal purposes only.
Some comments suggest that the
proposed definition of ‘‘consultative
audit,’’ taken together with the proposed
definitions of ‘‘food safety audit’’ and
‘‘regulatory audit,’’ could preclude
third-party certification bodies from
conducting any audits that are outside
the scope of subpart M, once accredited.
Based on that interpretation, the
comments predict that few if any thirdparty certification bodies would want to
participate in the program.
Many of the comments that express
concern about disincentives also suggest
that Congress intended the third-party
program to be much narrower than our
proposed definition of ‘‘consultative
audit’’ would suggest. These comments
suggest that the FSMA third-party
certification program was intended to be
focused on regulatory audits and the
issuance of certifications to be used for
two limited purposes: i.e., in
establishing an importer’s eligibility for
VQIP and in satisfying a condition of
admissibility for a food subject to an
FDA safety determination under section
801(q) of the FD&C Act. These
comments argue further that Congress
inserted the term ‘‘consultative audit’’
in the statute to be used only in
reference to the conflicts of interest
provisions in section 808(c)(4)(C) and
(c)(5) of the FD&C Act; therefore, a
broad interpretation of ‘‘consultative
audit’’ is inconsistent with
Congressional intent. The comments
urge us to construe the term
‘‘consultative audit’’ as narrowly as
possible.
(Response 9) We recognize that food
firms use accredited third-party
certification bodies (and their
consulting divisions) in various
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74582
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
capacities that serve the ultimate goal of
improving food safety. We do not want,
nor do we believe Congress intended,
for our third-party certification program
to create disincentives for food firms
seeking to use accredited third-party
certification bodies for various purposes
to improve food safety practices in their
operations. Nevertheless, we decline the
request to remove all requirements
relating to consultative audits from this
final rule. Section 808(c)(5)(C) of the
FD&C Act directs us to issue
implementing regulations for section
808 of the FD&C Act, which includes
some specific provisions relating to
consultative audits (e.g., section
808(c)(3)(A) and (C) on consultative
audit reports and section 808 (c)(4)(C) of
the FD&C Act on audit agents
performing regulatory audits of eligible
entities of which they performed
consultative or regulatory audits within
the preceding 13 months). We have,
however, revised the definition of
‘‘consultative audit’’ as explained below
and have made other revisions to the
rule to clarify the scope of such audits
and help mitigate possible disincentives
to conduct consultative audits, while
fulfilling the letter and spirit of the law.
With regard to the comments
expressing concerns about an overly
broad interpretation of ‘‘consultative
audit,’’ we remind readers that the
statute endows both regulatory and
consultative audits with certain
characteristics. For example, section
808(a)(6) of the FD&C Act indicates that
an eligible entity must choose to be
audited by an accredited third-party
certification body, and section
808(c)(5)(C)(i) of the FD&C Act states
that audits under this program must be
unannounced. We understand these
provisions to mean that, at the time the
audit services are arranged, an eligible
entity must specifically request from an
accredited third-party certification body
a food safety audit under this rule—that
is the only way the accredited thirdparty certification body would know
that the eligible entity is requesting an
unannounced subpart M audit to
determine compliance with the
applicable food safety requirements of
the FD&C Act and FDA regulations.
Further, the eligible entity would need
to specify whether it is seeking a
regulatory or consultative audit. (In
addition to determining whether the
eligible entity is in compliance with the
food safety requirements of the FD&C
Act, consultative audits under section
808 of the FD&C Act also determine
whether the eligible entity is in
compliance with applicable industry
standards and practices). Audits that fall
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
outside the purview of this rule—for
example, audits that are conducted by
third-party certification bodies that are
not accredited under this program,
audits that determine compliance with
standards other than the food safety
requirements of the FD&C Act and FDA
regulations (e.g., audits that determine
compliance with private standards),
audits that are announced, and audits
conducted solely for the purposes of
supplier verification under the final
human or animal preventive controls
regulations or the final FSVP
regulations—are not covered by, or
subject to, the requirements of this rule.
It is impossible to describe or predict
all of the audit scenarios that may occur.
We emphasize that an accredited thirdparty certification body can continue to
offer auditing and certification services
that are outside the scope of this rule,
such as on-site supplier verification
audits under the final human or animal
food preventive controls regulations or
the final FSVP regulation. Such audits
would not be subject to the
requirements of this rule, including the
reporting and notification requirements.
In response to comments, we revised
the proposed definition of ‘‘consultative
audit’’ to clarify that it is an audit
conducted in preparation for a
regulatory audit under the third-party
certification program. A consultative
audit would thus be a pre-examination
or pre-assessment type of activity
imbued with certain characteristics. We
further clarify the characteristics of a
consultative audit, as well as of a
regulatory audit (the results of which
can form the basis for issuance of
certification under the rule), in the
definition of ‘‘food safety audit’’
discussed in section III.J.
F. Eligible Entity
We proposed to define an ‘‘eligible
entity’’ as a foreign entity that chooses
to be subject to a food safety audit by
an accredited third-party certification
body. We further proposed that eligible
entities include foreign facilities subject
to the registration requirements in FDA
regulations.
(Comment 10) We received several
comments on the definition of ‘‘eligible
entity.’’ Some comments request that we
provide examples of specific types of
entities that satisfy the definition. Some
comments offer examples of ‘‘eligible
entities,’’ including orchards or farms,
packing houses, processing plants, and
storage facilities. Other comments
suggest we add ‘‘and foreign farms’’ to
the end of the definition, to clarify that
such entities are eligible to receive
audits under subpart M. Some
comments encourage us to adjust the
PO 00000
Frm 00014
Fmt 4701
Sfmt 4700
definition of ‘‘eligible entity’’ to make it
mandatory for foreign food facilities to
undergo food safety audits by accredited
third-party certification bodies.
(Response 10) The proposed
definition of ‘‘eligible entity’’ was based
on the statutory definition, which
includes facilities subject to the
registration requirements in section 415
of the FD&C Act that choose to be
audited under the program. At our own
initiative we are revising the definition
of ‘‘eligible entity’’ in the codified to
more accurately track the statute, and
we decline the suggestion to add
specific examples, such as orchards or
farms, that are not included in the
statutory definition of ‘‘eligible entity.’’
However, as explained in Response 12
we are revising the definition of
‘‘facility’’ in § 1.600(c) to clarify that
entities that grow, harvest, or raise
animals for food for consumption in the
United States are facilities that are
eligible for auditing and certification
under this subpart.
We disagree with the comment
suggesting that we should make audits
under this program mandatory for all
foreign food firms by modifying the
definition of ‘‘eligible entity.’’ The
statute clearly indicates that
participation in this program is
intended to be voluntary, and only
entities that choose to be audited under
the program are subject to its
requirements (see section 808(a)(6) of
the FD&C Act).
(Comment 11) In the proposed rule,
we specifically asked for comment on
whether to allow for food or facility
certification to be issued to a producer
group, offering as an example the
criteria for groups under the National
Organic Program (NOP)—i.e., having
multiple sites operating under a single
management system and whose farms
are ‘‘uniform in most ways.’’ Several
comments responded to this inquiry in
relation to the definition of ‘‘eligible
entity.’’
Comments in support of certification
of a group (e.g., a cooperative being
audited as a single eligible entity) note
that some producers are very small and
might find it difficult on their own to
obtain third-party certification, but
taken as a group the task would likely
be more manageable. Other comments
note that treating multiples sites with a
single management system as a single
eligible entity could be particularly
helpful in sectors or regions where there
is a scarcity of accredited third-party
certification bodies. Some comments
argue in support of groups functioning
as a single eligible entity as long as the
central management system functions
effectively, providing oversight to the
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
members. Comments also note that
some multisite sampling protocols have
been developed by international
organizations, such as ISO.
Other comments encourage us to
ensure that cooperatives are subject to
this rule, so that all the links in a foreign
supply chain are appropriately
inspected, and so that they are subject
to any applicable regulations before
their product is exported to the United
States.
Comments not in support of
cooperatives being classified as eligible
entities note that food safety practices
and conditions are site-specific and can
vary significantly even if the individual
farms are located in the same geographic
area (for example, due to soil
composition, agricultural water runoff,
or the manner in which the land was
used in the past). They also note that
organic production standards and
scientifically-based food safety
standards are not the same, so what
works for the NOP may not be
appropriate here
Some comments encourage us to
provide guidance on the acceptable
parameters of a cooperative. Some
comments encourage us to consider
guidance available from other sources
beyond the NOP, such as the
International Federation of Organic
Agriculture Movements.
(Response 11) We decline to revise
the definition of eligible entities to
include a group. We acknowledge that
some very small producers might be
daunted by the prospect of working
individually with an accredited thirdparty certification body, and there
would be obvious economies in banding
together with other very small
producers to gain certification. We also
acknowledge that some sets of
producers do currently function as a
unit under a centralized management
system, and that group certification may
make it easier for entities to access
accredited third-party certification
bodies in areas or regions where they
may be scarce. Nevertheless, after
reviewing the NOP, the International
Federation of Organic Agricultural
Movements, the Canada Organic Office
Operation Manual, the USDA
Agricultural Marketing Service pilot
program on group certification, and
other recommended sources, we
conclude that it would not be
appropriate to allow groups to be
certified under this program. Group
certification raises a myriad of
complicated issues such as establishing
who may act as a group, determining the
requisites of a central management
system, and delineating the minimum
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
requirements for accredited third-party
certification body audits of a group.
With regard to the comments
contending that certifications from
individual eligible entities that might
otherwise act as a group would create
redundant and unnecessary paperwork
for FDA, we will take that sort of
information into account as we gain
experience with the program. Finally,
with regard to the comments
encouraging us to define ‘‘eligible
entity’’ to include groups to ensure that
all their members are examined for
compliance with applicable food safety
regulations before their food is exported
to the United States, we note that this
rule does not create audit obligations for
all foreign suppliers or for all importers.
The third-party certification program
created by this rule is a voluntary
program for eligible entities who wish to
participate.
G. Facility
We proposed to define ‘‘facility’’ as
any structure, or structures of an eligible
entity under one ownership at one
general physical location, or, in the case
of a mobile facility, traveling to multiple
locations, which manufactures/
processes, packs, or holds food for
consumption in the United States. The
definition went on to state that: (1)
Transport vehicles are not facilities if
they hold food only in the usual course
of business as carriers; (2) a facility may
consist of one or more contiguous
structures, and a single building may
house more than one distinct facility if
the facilities are under separate
ownership; (3) the private residence of
an individual is not a facility; and (4)
non-bottled water drinking water
collection and distribution
establishments and their structures are
not facilities.
On our own initiative, we are
clarifying that facilities for the purposes
of this subpart are not limited to
facilities required to be registered under
Subpart H.
(Comment 12) Some comments
encourage us to align the proposed
definition of ‘‘facility’’ to the definition
of ‘‘facility’’ in the human and animal
preventive controls, produce safety, and
FSVP regulations, to promote
consistency and common understanding
of the rules.
(Response 12) As previously noted,
we agree with the comments on the
importance of consistency across
regulations, where feasible and
appropriate. We reviewed the
definitions of ‘‘facility’’ in the final
FSVP and final human preventive
controls regulations, and found those
definitions to be too narrow in light of
PO 00000
Frm 00015
Fmt 4701
Sfmt 4700
74583
the purpose of this rule to establish a
voluntary program for certification of
foods and facilities and the broad
definition of ‘‘eligible entity’’ in section
808(a)(6) of the FD&C Act. Of our own
initiative, in order to preserve the
option for broad participation in the
third-party program, we are expressly
including in the definition of ‘‘facility’’
those entities that grow, harvest, or raise
animals for food for consumption in the
United States.
H. Facility Certification and Food
Certification
We proposed to define ‘‘facility
certification’’ as an attestation, issued
for purposes of section 806 of the FD&C
Act by an accredited third-party
certification body, after conducting a
regulatory audit and any other activities
necessary to establish that a facility
meets the applicable requirements of the
FD&C Act. We proposed to define ‘‘food
certification’’ as an attestation, issued
for purposes of section 801(q) of the
FD&C Act by an accredited third-party
certification body, after conducting a
regulatory audit and any other activities
necessary to establish that a food meets
the applicable requirements of the FD&C
Act.
(Comment 13) We received some
comments on the definitions of ‘‘facility
certification’’ and ‘‘food certification.’’
Some of these comments raise group
certification issues which we address
above, in connection with the definition
of ‘‘foreign cooperative.’’ Some
comments state that ‘‘food certification’’
is improper terminology, because it
implies a product certification model,
whereas audits of eligible entities—
particularly in the produce sector—
generally assess processes and/or
management systems.
(Response 13) The term ‘‘food
certification’’ appears in the statute and
is specifically discussed in the statute as
a type of certification that may be used
in meeting a condition of admissibility
under section 801(q) of the FD&C Act.
Under section 808(c)(2)(C) of the FD&C
Act, food certifications may only issue
upon conduct of a regulatory audit. In
light of the statutory language, we
decline to revise the term ‘‘food
certification’’ in response to the
comments on this rule.
We also note that section 801(q)(1) of
the FD&C Act allows for FDA to accept
‘‘a listing of certified facilities that
manufacture, process, pack, or hold
food, or other assurances deemed
appropriate by FDA’’ to satisfy the
condition of admissibility. Of our own
initiative, in light of this statutory
language, we are clarifying in the
definition of ‘‘facility certification’’ that
E:\FR\FM\27NOR4.SGM
27NOR4
74584
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
mstockstill on DSK4VPTVN1PROD with RULES4
a facility certification may be issued for
purposes of 801(q) of the FD&C Act.
I. Food
In proposed § 1.600(b), we stated
unless otherwise defined in § 1.600(c) of
the proposed rule, definitions of terms
in section 201 of the FD&C Act would
apply to terms used in this subpart.
Section 201 of the FD&C Act defines
‘‘food’’ as ‘‘(1) articles used for food or
drink for man or other animals, (2)
chewing gum, and (3) articles used for
components of any such article.’’
Proposed § 1.600(c) did not define the
term ‘‘food.’’
(Comment 14) Some comments
request that we define ‘‘food’’ consistent
with how it was defined in the FSVP
proposed rule for consistency and to
indicate that producers of food contact
substances are eligible entities.
(Response 14) The proposed
definition of ‘‘food’’ under § 1.600
would include pesticides when they
meet the definition of ‘‘food’’ under
section 201 of the FD&C Act. By
contrast, the FSVP rule’s proposed
definition of food explicitly does not
include pesticides, as defined in 7
U.S.C. 136(u), consistent with the
definition of ‘‘food’’ used in the
rulemaking on the Prior Notice of
Imported Food Under the Public Health
Security and Bioterrorism Preparedness
Act of 2002 (prior notice rule). FDA
received comments during that
rulemaking questioning the
applicability of the rule to pesticides, so
FDA clarified that ‘‘food’’ for the
purposes of that rule did not include
pesticides.
The final FSVP regulation, which is
publishing elsewhere in this issue of the
Federal Register, retains the exclusion
of pesticides from the definition of
‘‘food.’’
In response to comments suggesting
revision of the definition of ‘‘food’’ in
this rule to be consistent with the final
FSVP regulation, we considered the
purposes that certifications serve under
this program and the nature of
comments we received on the thirdparty proposed rule, including general
comments requesting alignment across
the FSMA rules and comments
specifically requesting that we use the
FSVP definition of ‘‘food.’’
Certifications issued by accredited
third-party certification bodies may be
used in establishing an importer’s
eligibility to participate in VQIP and in
satisfying a condition of admissibility
for an imported food that we determine
poses a safety risk under section 801(q)
of the FD&C Act.
While certifications may be useful in
addressing pesticide contamination of
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
food (e.g., pesticide levels in food that
exceed established tolerances), we have
not identified a need for certifications to
address pesticides as articles of food,
nor do we anticipate a role for food
safety audits in pesticide manufacturing
facilities. Accordingly, we are revising
the final rule by adding to § 1.600(c) a
definition of ‘‘food’’ that excludes
pesticides.
We also agree with the comment that
producers of food contact substances
could be eligible entities under this rule
and that food contact substances should
be considered food for the purposes of
this rule. Third-party food safety audits
and certifications for food contact
substances could potentially be useful
given the possibility of migration of
harmful food contact substances into
food or contamination of food contact
materials that directly contact food.
Accordingly, we are revising the
proposed definition of ‘‘food’’ to
exclude pesticides and retain ‘‘food
contact substances’’ in the definition of
‘‘food’’ in this final rule, consistent with
the definition of ‘‘food’’ in the final
FSVP regulation.
J. Food Safety Audit
We proposed to define ‘‘food safety
audit’’ as a regulatory audit or a
consultative audit.
(Comment 15) We received a few
comments on the definition of ‘‘food
safety audit.’’ Some comments request
that we remove consultative audits from
the definition of ‘‘food safety audit,’’
asserting that consultative audits should
not be subject to the reporting and
notification requirements associated
with ‘‘food safety audits.’’ Other
comments say we should replace the
term ‘‘food safety audit’’ with
‘‘regulatory audit,’’ as a matter of
statutory construction and sound policy.
Finally, some comments suggest that we
delete the definition of ‘‘food safety
audit’’ altogether.
(Response 15) We are retaining the
definition of ‘‘food safety audit’’ as a
useful definition to describe regulatory
and consultative audits that fall under
the requirements of this rule. As
described in Response 9, we have
revised the definition of ‘‘consultative
audit’’ to clarify that it is an audit
conducted in preparation for a
regulatory audit under the third-party
certification program. Although an audit
meeting that definition would be subject
to certain reporting and notification
requirements, there are many types of
audits/arrangements that would not fall
within the definition of ‘‘consultative
audit’’ or ‘‘regulatory audit,’’ and would
therefore not be subject to the
requirements of this rule, including the
PO 00000
Frm 00016
Fmt 4701
Sfmt 4700
reporting and notification requirements.
Therefore, including consultative audits
in the definition of ‘‘food safety audit’’
will not prevent eligible entities from
using accredited third-party certification
bodies for auditing arrangements that
fall outside of the scope of this rule and
do not trigger the requirements of this
rule. To further address comments’
concerns, we are modifying the
definition of ‘‘food safety audit’’ to
provide clarification regarding what
types of audits/activities would fall
outside of the scope of this rule.
Specifically, we clarify that a food safety
audit must be declared by an eligible
entity at the time of audit planning and
must be conducted on an unannounced
basis consistent with sections 808(b)(6)
and 808(c)(5)(C) of the FD&C Act.
K. Foreign Cooperative
We proposed to define ‘‘foreign
cooperative’’ as an entity that aggregates
food from growers or processors that is
intended for export to the United States.
On our own initiative, we are
replacing the phrase ‘‘entity that
aggregates’’ with ‘‘autonomous
association of persons, identified as
members, who are united through a
jointly owned enterprise to aggregate’’
for clarification purposes.
(Comment 16) Some comments
suggest that we add a definition for
‘‘consolidator.’’ The comments contrast
consolidators with cooperatives and
argue that consolidators act essentially
as brokers that purchase products from
several sources and then export the total
set to the United States. According to
these comments, consolidators do not
own or manage the individual sites and
generally do not have control over or
even knowledge of the processing
procedures.
(Response 16) We agree with the
comment that an entity without a single
management system that exercises
control over the manner in which
individual sites meet the applicable
food safety requirements of the FD&C
Act and FDA regulations would not be
an eligible entity. However, we disagree
that adding a definition of
‘‘consolidator’’ would be helpful
because whether an entity is a
‘‘consolidator’’ has no bearing on the
requirements of this rule.
(Comment 17) Some comments point
out that while the proposed rule
indicates a foreign cooperative could be
an accreditation body or a third-party
certification body, in their countries the
government is the accreditation body.
Also, in some places the government
authorizes certain parties to conduct
audit activities and those parties are
under the control and supervision of the
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
mstockstill on DSK4VPTVN1PROD with RULES4
government. Accordingly, the comments
suggest that we indicate in which
countries and in which cases a foreign
cooperative could be an accreditation
body or a third-party certification body.
Other comments recommend more
detail on how cooperatives are defined,
and how they would conform to FDA
requirements for third-party
certification bodies.
(Response 17) We currently are not in
a position to be able to determine which
countries or which foreign cooperatives
may be adequately qualified to become
accredited under the third-party
certification program. We note that
section 808 of the FD&C Act expressly
allows foreign cooperatives to serve as
accredited third-party certification
bodies if they are adequately qualified
and independent of the eligible entities
they audit or certify under the thirdparty certification program. Therefore,
we are not categorically excluding
foreign cooperatives from the thirdparty certification program, nor are we
making any categorical decisions on
whether governmental accreditation
bodies have conflicts that would
preclude them from accrediting such
foreign cooperatives under the program.
L. Regulatory Audit
We proposed to define a ‘‘regulatory
audit’’ as an audit of an eligible entity
to determine whether such entity is in
compliance with the provisions of the
FD&C Act and the results of which are
used in determining eligibility for food
certification under section 801(q) of the
FD&C Act or facility certification under
section 806 of the FD&C Act, and may
be used by an importer in meeting the
requirements for an onsite audit of a
foreign supplier under the FSVP
program.
(Comment 18) Some comments
request that we clarify the definition of
‘‘regulatory audit.’’
(Response 18) The comments
requesting clarification failed to
mention specific characteristics in the
definition needing clarification and did
not offer suggestions for clarification.
Therefore, we decline to modify the
definition based on these comments.
However, on our own initiative we have
revised the definition of ‘‘regulatory
audit’’ by removing the clause ‘‘, and
may be used by an importer in meeting
the requirements for an onsite audit of
a foreign supplier under subpart L of
this part’’ that does not appear in the
statute. We did this in part to avoid
confusion. We emphasize that an audit
conducted for the purposes of FSVP
would not need to be conducted by a
third-party certification body under this
subpart. See section XIII.G. Nor are
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
facilities required to use third-party
certification bodies accredited under
this rule in meeting their supplier
verification requirements under the
final human or animal preventive
controls regulations. On our own
initiative, we are revising the definition
of ‘‘regulatory audit’’ to clarify that the
results of a regulatory audit may be used
to determine eligibility for any
certifications that may be used for
purposes of section 801(q) or section
806 of the FD&C Act.
M. Self-Assessment
We proposed to define ‘‘selfassessment’’ as a systematic assessment
conducted by an accreditation body or
by a third-party certification body to
determine whether it meets the
applicable requirements of this subpart.
We received no adverse comments
about our proposed definition.
However, on our own initiative, we are
revising the definition of ‘‘selfassessment’’ to improve clarity and to
specify what is required of a recognized
accreditation body and an accredited
third-party certification body when
performing these evaluations.
N. Third-Party Auditor
We proposed to define a ‘‘third-party
auditor’’ as a foreign government,
agency of a foreign government, foreign
cooperative, or any other third-party
that is eligible to be considered for
accreditation to conduct food safety
audits and to certify that eligible entities
meet the applicable requirements of the
FD&C Act. We further proposed that a
third-party auditor may be a single
individual or an organization and may
use audit agents to conduct food safety
audits. Finally, we proposed that ‘‘thirdparty auditor’’ has the same meaning as
‘‘certification body’’ as that term was
defined in the proposed rule.
(Comment 19) As described in
Comment 1, we received several
comments urging us to align our
definitions and terminology with
international standards. Some
comments state that the term ‘‘thirdparty auditor,’’ the language of the
statute notwithstanding, is not correct
terminology to use interchangeably with
‘‘third-party certification body.’’
(Response 19) As discussed
previously, we agree that it is beneficial
to use terminology in this rule that is
consistent with terminology used in
international standards when feasible
and appropriate. Therefore, we are
deleting the definition of ‘‘third-party
auditor’’ in the final rule and will use
the term ‘‘third-party certification body’’
in this rule except that we will use the
term ‘‘third-party auditor’’ in the
PO 00000
Frm 00017
Fmt 4701
Sfmt 4700
74585
definitions of ‘‘Accredited third-party
certification body’’ and ‘‘Third-party
certification body’’ in § 1.600(c) and in
the preamble discussion of those
definitions in section III.A. We are
clarifying in the definition of ‘‘thirdparty certification body’’ in § 1.600(c)
that the term has the same meaning as
‘‘third-party auditor’’ as defined in
section 808(a)(3) of the FD&C Act.
IV. Comments on Who Is Subject to
This Subpart (§ 1.601)
We proposed in § 1.601 that this rule
would apply to those accreditation
bodies, third-party certification bodies,
and eligible entities that seek to
participate in this voluntary third-party
certification program. We proposed two
limited exemptions from section 801(q)
of the FD&C Act: One related to
alcoholic beverages from an eligible
entity that is a facility that meets certain
conditions, and another related to
certain food constituting not more than
5 percent of the overall sales of a facility
meeting the conditions of the first
exemption.
A. Limiting the Scope of the Rule to
Regulatory Audits and Certifications
Under proposed § 1.601(b), we
proposed that subpart M would apply to
third-party certification bodies seeking
accreditation to conduct food safety
audits and issue certifications for
purposes of sections 801(q) and 806 of
the FD&C Act.
(Comment 20) Some comments
suggest we modify the language in
§ 1.601(b) regarding third-party
certification bodies seeking
accreditation to clarify that
requirements of the rule apply only to
imported foods that are subject to a
condition of admissibility under section
801(q) of the FD&C Act and imported
foods offered by an importer seeking to
establish eligibility to participate in
VQIP. In this view, the requirements of
the rule (e.g., the notification
requirements) should not apply to
audits other than regulatory audits that
are conducted for certification purposes.
(Response 20) We decline to make the
suggested revisions to § 1.601(b) because
§ 1.601(b)(2) already describes the two
types of certifications that may be
issued by accredited third-party
certification bodies under the final rule
and the types of audits that they would
conduct under this program (i.e., food
safety audits, which include both
consultative and regulatory audits).
Audits conducted by third-party
certification bodies that are outside of
the scope of this program, and eligible
entities receiving audits outside of the
scope of this program, would not be
E:\FR\FM\27NOR4.SGM
27NOR4
74586
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
mstockstill on DSK4VPTVN1PROD with RULES4
subject to the requirements of this final
rule. With respect to the suggestion that
the final rule should apply only to
regulatory audits, and therefore not to
consultative audits, we note, as
previously discussed, that section 808 of
the FD&C Act specifically defines
‘‘consultative audit’’ and contains
requirements for the conduct of both
regulatory and consultative audits (see,
e.g., section 808(a)(5) and (c)(4)(B) of the
FD&C Act). Therefore, this final rule
establishes requirements for
consultative audits that are consistent
with the provisions on consultative
audits in the statute.
B. Exemption for Alcoholic Beverages
Under proposed § 1.601(d), we
proposed to exempt from the
certification requirements under section
801(q) of the FD&C Act alcoholic
beverages that are imported from an
eligible entity that is a facility that
meets the following two conditions:
• Under the Federal Alcohol
Administration Act or chapter 51 of
subtitle E of the Internal Revenue Code
of 1986, the facility is a foreign facility
of a type that, if it were a domestic
facility, would require obtaining a
permit from, registering with, or
obtaining approval of a notice or
application from the Secretary of the
Treasury as a condition of doing
business in the United States; and
• Under section 415 of the Federal
Food, Drug, and Cosmetic Act, the
facility is required to register as a
facility because it is engaged in
manufacturing/processing one or more
alcoholic beverages.
We also proposed that the
certification requirements under section
801(q) of the FD&C Act would not apply
to food other than alcoholic beverages
that is imported from a facility
described in § 1.601(d)(1) provided that
such food:
(i) Is in prepackaged form that
prevents any direct human contact with
such food; and
(ii) Constitutes not more than 5
percent of the overall sales of the
facility, as determined by the Secretary
of the Treasury.
We tentatively concluded that these
provisions were consistent with the
provisions on alcohol-related facilities
in section 116 of FSMA.
(Comment 21) Some comments
support the proposed exemption of
imported beverage alcohol products, but
encourage us to clarify and amplify the
exemption to cover the raw materials
and ingredients (e.g., grapes, grains,
hops, flavors) used to produce alcoholic
beverages. The comments assert that the
requested exemption would provide for
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
consistency between domestic and
foreign facilities and would be
consistent with Congressional intent
regarding section 116 of FSMA. The
comments assert that the expanded
exemption would be consistent with the
regulations on preventive controls for
human food. The comments urge us to
consult their comments on the FSVP
proposed rule.
(Response 21) As requested, we
consulted comments submitted on
proposed § 1.501(e) in the FSVP
proposed rule, requesting an exemption
from the FSVP requirements for the
importation of the raw materials and
ingredients (e.g., grapes, grains, hops,
flavors) used to produce alcoholic
beverages, and asserting that such an
exemption would be consistent with
Congressional intent regarding section
116 of FSMA.
We considered the comments’ request
in light of the risk-based public health
principles generally underlying FSMA
and have concluded that Congress did
not intend for FSMA’s core
requirements to apply to the
manufacture/processing, packing, and
holding of alcoholic beverages. Congress
may have made such a conclusion in
light of the potential antimicrobial
function of the alcohol content in such
beverages and the concurrent regulation
of alcoholic beverage-related facilities
by both FDA and the Alcohol and
Tobacco Tax and Trade Bureau. In light
of this context, we have concluded that
section 116 of FSMA should be
interpreted to mean that the
manufacturing, processing, packing, or
holding of alcoholic beverages at most
alcohol-related facilities should not be
subject to this rule.
We believe the same rationale
supports the comments’ request.
Accordingly, and consistent with the
final FSVP regulation, we are expanding
the exemption from certification under
section 801(q) of the FD&C Act in
§ 1.601(d) to cover raw materials or
other ingredients that are used to
manufacture/process, pack or hold
alcoholic beverages by an importer
required to be registered under section
415 of the FD&C Act, when such
facilities are exempt from the preventive
controls regulations under 21 CFR
117.5(i).
Also in this final rule, we are
replacing the term ‘‘food other than
alcoholic beverages,’’ to describe the
applicability of the exemption, with the
term ‘‘food that is not an alcoholic
beverage.’’
C. USDA Regulated Products
(Comment 22) Some comments
suggest we explicitly exempt products
PO 00000
Frm 00018
Fmt 4701
Sfmt 4700
under USDA jurisdiction from the
requirements of this rule.
(Response 22) We agree that an
exemption to 801(q) is appropriate with
respect to meat, poultry, and egg
products regulated by USDA at the time
of importation. The final rule adds a
new § 1.601(d)(2) which states that any
certification under 801(q) does not
apply to meat, poultry, and egg products
that at the time of importation are
subject to the requirements of the USDA
under FMIA (21 U.S.C. 601 et seq.),
PPIA (21 U.S.C. 451 et seq.), or EPIA (21
U.S.C. 1031 et seq.). We conclude that
this provision is consistent with section
403 of FSMA, entitled ‘‘Rule of
Construction,’’ which states that nothing
in FSMA shall be construed to alter or
limit the jurisdiction of the Secretary of
the Department of Agriculture. For
many decades, USDA has exercised
authority and responsibility over the
import of such meat, poultry, and egg
products, and has detailed regulations
and procedures implementing this
authority. In light of USDA’s role with
respect to the importation of these
products, and also in light of section
403 of FSMA, we believe that Congress
did not intend for an FDA
determination under section 801(q) of
the FD&C Act to apply to meat, poultry,
and egg products that at the time of
importation are subject to USDA
requirements under the MPIA, PPIA,
and EPIA, respectively. We therefore
conclude that final § 1.601(d)(2) is
consistent with Congress’s intent in
promulgating section 403 of FSMA.
With respect to the third-party
program, we note that the program
establishes a voluntary system of
certification by accredited third-party
certification bodies that food and
facilities meet applicable requirements
of the FD&C Act and FDA regulations.
Certifications issued under this program
will not be used to facilitate entry of
meat, poultry, and egg products that are
regulated by USDA at the time of
importation, as defined above.
V. Comments on Recognition of
Accreditation Bodies Under This
Subpart
A. Who is eligible to seek recognition?
(§ 1.610)
Proposed § 1.610 states that an
accreditation body would be eligible for
recognition if it could demonstrate that
it meets the requirements related to
legal authority, competency, capacity,
conflicts of interest, quality assurance,
and records in §§ 1.611 through 1.615.
In our discussion of this section in the
preamble of the proposed rule we stated
our tentative conclusions that key
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
elements of ISO/IEC 17011:2004 (Ref. 5)
would form a basis for our
requirements, and that documented
conformance to that standard would be
relevant in demonstrating that an
accreditation body is qualified for
recognition.
(Comment 23) Some comments
recommend that we require
accreditation bodies to be signatories to
IAF multilateral recognition agreements
(IAF–MLAs) (which requires
signatories, among other things, to
conform to ISO/IEC 17011:2004) as a
condition of recognition, and some
contend it should be the sole criterion.
Comments in favor of including
signatory status as a requirement note
that the process of becoming a signatory
involves a thorough peer-review
process, which helps ensure quality
outcomes (e.g., signatories have to
demonstrate conformance to ISO/IEC
17011:2004 as part of the peer review
process). Comments note other aspects
of IAF–MLA signatory status that would
be beneficial to the program, such as
periodic reevaluation by peer
signatories to ensure continued
compliance. These comments argue that
when a foreign government is the
accreditation body, it may be difficult
for FDA to regulate a peer agency, so
reliance on IAF–MLA signatory status
would be helpful, in part because it
would give an independent organization
(IAF) a role in managing the
accreditation body.
Some comments discourage us from
requiring IAF–MLA signatory status as a
condition of recognition. Some
comments suggest that we consider
signatory status as a factor in favor of
recognition, noting many of the same
advantages touted by proponents of
requiring signatory status, but suggest
that we not make IAF–MLA signatory
status a condition of program
participation.
Other comments explain that it would
be premature to make IAF signatory
status the sole requirement. The
comments note that at the time of these
comments the IAF–MLA does not yet
include subscopes for specific food
safety standards or schemes. Still other
comments recommend that FDA study
the issues surrounding signatory status
further before making it a requirement,
pointing out that some countries may
not have signatory IAF–MLA members
representing them.
Some comments cite to third-party
food safety audit programs administered
by other governments, noting those
programs do not require IAF–MLA
status as a condition for program
participation. These comments argue
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
that it is more important to require
conformance to ISO/IEC 17011:2004.
(Response 23) The comments
uniformly agree on the value of an
accreditation body’s conformance to
ISO/IEC 17011:2004 in establishing its
qualifications for recognition. As
discussed in section I.D., we agree that
an accreditation body may use its
documented conformance to ISO/IEC
17011:2004 to support its eligibility for
recognition under this rule,
supplemented as necessary (for
example, to demonstrate capability to
meet FDA requirements for reporting
and notification under § 1.623, if
recognized). We also agree that
additional documentation relating to
IAF–MLA signatory status may be
useful in supporting an accreditation
body’s application for recognition under
this program. However, we disagree
with comments suggesting that we
require IAF–MLA signatory status as the
sole criterion or one of several criteria
for recognition to accredit third-party
certification bodies to conduct food
safety audits and to certify that eligible
entities meet the applicable food safety
requirements of the FD&C Act and FDA
regulations at this time. We currently
lack (and the comments did not
provide) adequate information to
conclude that IAF–MLA signatory status
should be the sole factual basis or one
of several criteria for determining
whether an accreditation body can
fulfill the roles and responsibilities of a
recognized accreditation body under
this subpart. Further, we also want to
allow accreditation bodies that are not
signatories to participate in the program
if they meet the statutory and regulatory
criteria.
(Comment 24) As explained in section
I.D., several comments support FDA’s
reliance on ISO/IEC 17011:2004 (Ref. 5)
in developing the proposed rule. Other
comments suggest FDA should place
greater reliance on ISO/IEC 17011:2004
(Ref. 5), including some comments
recommending that we incorporate the
standard by reference into the rule.
(Response 24) We agree with
comments on the value of promoting
international consistency and tapping
into an existing framework that is
familiar to accreditation bodies, thirdparty certification bodies, and the food
industry. Accordingly, in § 1.610 we are
adding new language to state that an
accreditation body may use
documentation of conformance with
ISO/IEC 17011:2004 (Ref. 5),
supplemented as necessary, to
demonstrate that it is eligible for
recognition. This new language may
make it easier for accreditation bodies
that already conform to ISO/IEC
PO 00000
Frm 00019
Fmt 4701
Sfmt 4700
74587
17011:2004 (Ref. 5) to apply for the
program. We are also making
conforming changes to §§ 1.622(d) and
1.623(b), 1.640(a), and 1.655(e).
We decline to incorporate ISO/IEC
17011:2004 (Ref. 5) by reference as the
sole criterion or one of several criteria
for recognition, because the standard
contains some provisions that are
inconsistent with section 808 of the
FD&C Act or impractical for use in our
program. For example, ISO/IEC
17011:2004 (Ref. 5), clause 4.3.7, allows
an accreditation body to have ‘‘related
bodies’’ that provide conformity
assessment services (e.g., auditing and
certification) in areas the accreditation
body accredits. (A ‘‘related body’’ is
linked to the accreditation body by
common ownership or contractual
arrangement, under clause 4.3.7 NOTE
1.) The only safeguards that a related
body is expressly required to meet are
as follows: (1) It must have different top
management than the accreditation
body’s top management; (2) different
personnel from those involved in the
accreditation decisionmaking processes;
(3) no possibility to influence the
outcome of an assessment for
accreditation; and (4) distinctly different
names, logos, and symbols. While
clause 4.3.7 of ISO/IEC 17011 (Ref. 5)
speaks to issues of common
management and control of the
accreditation body and its related body,
the standard does not expressly prohibit
the accreditation body from accrediting
its related body with which it shares
common ownership or financial
interests. For example, an accreditation
body that provides financial support
(directly or indirectly) to a related body
could be viewed as lacking the
impartiality necessary to make an
objective decision about whether the
related body it supports is appropriately
qualified. The impartiality provisions in
ISO/IEC 17011:2004 (Ref. 5) are
impractical for our purposes because
they fail to address the range of possible
conflicts associated with shared
financial interests and ownership
between a recognized accreditation
body and a ‘‘related’’ third-party
certification body under this rule. To
help ensure the credibility of our
program, § 1.624 requires a recognized
accreditation body to implement a
program to ensure that the accreditation
body and its officers, employees, and
other agents involved in accreditation
activities do not own or have a financial
interest in a third-party certification
body seeking its accreditation.
Accordingly, it would be inappropriate
for us to rely on the conflict of interest
safeguards contained in ISO/IEC
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74588
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
17011:2004 (Ref. 5), in the third-party
certification program we are
establishing.
For the foregoing reasons, we decline
the suggestion to incorporate ISO/IEC
17011:2004 (Ref. 5) by reference into
this rule.
(Comment 25) Several comments
express concern about our proposal to
allow both public and private
accreditation bodies to seek recognition.
Some comments discourage us from
allowing private entities to be
accreditation bodies because of the
concern that allowing for private
accreditation bodies may cause conflicts
of interest. Similarly, some comments
contend that accreditation bodies must
uphold public confidence and perform
their duties objectively, which is the
purview of governmental entities.
Other comments take a contrary view,
suggesting that some government
agencies have missions that may
undermine the objectivity and
independence required of a recognized
accreditation body. Some comments
encourage us to consider which
government agency/ministry in a given
country may be eligible for recognition,
and to solicit input from stakeholders as
to which agencies/ministries are best
positioned to perform this function.
Still other comments assert that
private and government entities are
sufficiently different such that we
should establish different conflict of
interest provisions and requirements for
each.
(Response 25) Comments on both
sides of this issue express concern that
any accreditation body we recognize
must be independent and objective in
the performance of its duties. We share
that concern. However, none of the
comments offered substantiation that
would lead us to bar public or private
accreditation bodies, as a class, from
seeking recognition because of conflicts
of interest inherent in the class.
Section 808 of the FD&C Act defines
an ‘‘accreditation body’’ as an authority
that accredits third-party certification
bodies and makes no distinction
between public and private
accreditation bodies. We have
concluded that both public and private
accreditation bodies are potentially
capable of exhibiting the impartiality
necessary for recognition under this
rule. Therefore in light of the broad
definition of ‘‘accreditation body’’ and
to maximize the opportunities for
qualified accreditation bodies to
participate in the program, FDA does
not consider it to be appropriate to limit
the program to only certain types of
accreditation bodies.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
With respect to the comments that
suggest we apply different conflict of
interest requirements to different types
of accreditation bodies, none of these
comments offered an adequate
explanation to justify different
requirements for public and private
accreditation bodies. Again, we note
that section 808 of the FD&C Act does
not make distinctions for different types
of accreditation bodies.
(Comment 26) Some comments
request that we provide additional
explanation regarding how an
accreditation body that does not have
experience accrediting third-party
certification bodies for food safety
scopes would become eligible for
recognition under this program.
(Response 26) An accreditation body
of the type described in the comments’
hypothetical might face practical
difficulties in providing adequate
substantiation demonstrating that it
meets the requirements described in
§ 1.610. However, we will consider each
application on its own merits and do
not foreclose the possibility for such an
accreditation body to make the showing
necessary to be granted recognition
under this rule.
B. What legal authority must an
accreditation body have to qualify for
recognition? (§ 1.611)
We proposed to require an
accreditation body seeking recognition
to demonstrate that it has adequate legal
authority (as a governmental entity or
through contractual rights) to assess a
third-party certification body for
accreditation, including authority to
review records and conduct
performance assessments (e.g., authority
to witness the performance of a
statistically significant number of
employees and other agents conducting
assessments). We proposed to require
that the accreditation body have
adequate authority to remove or modify
an accreditation status, once granted.
We also proposed to require the
accreditation body to demonstrate that it
would be capable of exercising the legal
authority necessary to meet the program
requirements, if we granted recognition.
On our own initiative, in § 1.611(a)(2)
we replaced, ‘‘personnel and other
agents,’’ with, ‘‘audit agents, or the
third-party certification body in the case
of a third-party certification body that is
an individual’’ for clarity and
consistency with section 808(a)(4) of the
FD&C Act. We have also made
corresponding changes throughout this
subpart.
(Comment 27) Some comments
provide support for this provision, and
others encourage us to ensure that a
PO 00000
Frm 00020
Fmt 4701
Sfmt 4700
private accreditation body seeking
recognition could have adequate legal
authority to operate.
(Response 27) We agree with the
comment urging us to ensure that a
private accreditation body could have
the necessary authority to act as a
recognized accreditation body under
this rule. As noted previously, we see
no inherent reason why private entities
could not theoretically meet the
eligibility requirements for accreditation
bodies under this rule. Therefore, we are
revising § 1.611(a) and (b) to clarify that
an accreditation body can be a legal
entity with contractual rights. By the
words ‘‘legal entity,’’ we mean that the
accreditation body must be duly
authorized to operate as an accreditation
body by governmental authorities
responsible for such authorizations in
any country or countries in which the
accreditation body seeks to perform
accreditation of third-party certification
bodies under this rule.
(Comment 28) Some comments ask us
to clarify what we mean by ‘‘statistically
significant’’ as used in § 1.611(a)(2) and
elsewhere in the proposed rule to
provide adequate confidence in the
results of an analysis of the sample. The
comments encourage us to abandon the
phrase ‘‘statistically significant’’ in favor
of the language of ISO/IEC 17011:2004
(Ref. 5), which requires an accreditation
body to witness the performance of a
representative number of third-party
certification body staff.
(Response 28) We understand from
the comments that a body of knowledge
and experience has developed among
accreditation bodies conforming to ISO/
IEC 17011: 2004 (Ref. 5) on the meaning
of ‘‘representative’’ numbers of
observations and that no similar body of
knowledge or experience exists on the
meaning of ‘‘statistically significant’’
numbers of observations in this context.
Accordingly, we are revising § 1.611 to
require observations of a ‘‘representative
sample’’ of audit agents and food safety
audits. We are making similar revisions
to other sections of the rule that require
onsite observations.
For purposes of an accreditation
body’s observations of a third-party
certification body under this rule, what
constitutes a ‘‘representative sample’’
will be decided on a case-by-case basis,
depending on various factors. These
factors include the scope of
accreditation, whether the third-party
certification body is an individual who
will conduct audits and make
certification decisions, or whether the
third-party certification body uses
agents to conduct audits and, if so,
whether such agents are centrally
managed, conducting similar types of
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
audits, under a single set of operating
procedures or whether the agents are
managed from various locations,
perform different types of audits, or
follow different procedures such that
these various locations, activities, or
practices must be observed to ensure
that the sample is sufficiently
representative. A representative sample
also must provide adequate confidence
in the results of an analysis of the
sample.
mstockstill on DSK4VPTVN1PROD with RULES4
C. What competency and capacity must
an accreditation body have to qualify
for recognition? (§ 1.612)
We proposed to require an
accreditation body seeking recognition
to demonstrate that it has the resources
required to adequately implement its
accreditation program, including
adequate numbers of qualified
employees and other agents, adequate
financial resources for its operations,
and the capability to meet the resource
demands of a recognized accreditation
body, in the event the accreditation
body is recognized.
(Comment 29) We received some
comments on this provision, which also
support the proposed rule’s requirement
that accreditation bodies demonstrate
their competence and capacity based on
the requirements of ISO/IEC 17011:2004
(Ref. 5). However, these comments
disagree with our statement in the
preamble that liability coverage
requirements should not apply to this
rule. The comments argue that we
should include a requirement for
accreditation bodies to carry liability
coverage, noting that it is one of the
requirements in ISO/IEC 17011:2004
(Ref. 5) and describing it as especially
important because of the risks
associated with food safety.
(Response 29) We agree with the
comments that liability insurance may
be useful in demonstrating the adequacy
of an accreditation body’s resources, for
example, under ISO/IEC 17011:2004
(Ref. 5); however, FDA lacks experience
in evaluating the adequacy of liability
coverage for accreditation activities and
we do not believe it would be
appropriate for FDA to make recognition
decisions primarily on this basis. We
believe an accreditation body can
demonstrate that it is adequately
resourced in a number of different ways,
including providing documentation of
liability coverage as part of the
information submitted to help to
demonstrate that accreditation body is
adequately resourced.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
D. What protections against conflict of
interest must an accreditation body
have to qualify for recognition? (§ 1.613)
Proposed § 1.613 requires
accreditation bodies to demonstrate that
they have written measures to protect
against conflicts of interest with thirdparty certification bodies and the
capability to meet the rule’s other
conflict of interest requirements.
On our own initiative, we are
clarifying that the scope of conflict of
interest provisions in § 1.613(a) is
limited to individuals involved in
accreditation, auditing, and certification
activities and not, for example,
employees involved in purely
administrative functions, such as
payroll, or in positions that support
administrative functions, such as
computer technicians. Therefore,
§ 1.613(a) of this rule applies to interests
between the officers, employees, and
other agents of the accreditation body
that are involved in accreditation
activities and the officers, employees,
and other agents of the third-party
certification body involved in auditing
and certification activities. We are
making corresponding changes in the
subsequent provisions for recognized
accreditation bodies under § 1.624(a).
(Comment 30) Some comments take
issue with our decision not to include
the requirements of clause 4.3.2 of ISO/
IEC 17011:2004 (Ref. 5), which requires
the accreditation body to have
documented and implemented a
structure relating to conflicts of interest
that provides for effective involvement
by interested parties with balanced
representation ensured.
(Response 30) We decline to require
that recognized accreditation bodies
establish and implement a structure for
involving interested parties in matters
relating to the conflict of interest
requirements for recognized
accreditation bodies. It would be
administratively burdensome for FDA to
establish a mechanism for monitoring
the activities of interested parties that
the accreditation body elects to involve
to comply with such requirements. In
our third-party certification program,
impartiality will be protected by the
conflict of interest provisions for
accreditation bodies in § 1.624, the
appeals provisions in § 1.620(d), and
FDA’s oversight activities.
E. What quality assurance procedures
must an accreditation body have to
qualify for recognition? (§ 1.614)
Proposed § 1.614 requires
accreditation bodies to implement a
written quality assurance program and
PO 00000
Frm 00021
Fmt 4701
Sfmt 4700
74589
have the capability to meet the rule’s
other quality assurance requirements.
(Comment 31) Some comments
encourage FDA to more closely align
§ 1.614 with established international
standards on quality assurance
programs. Some ask us to rely on the
relevant provisions in ISO/IEC
17011:2004 (Ref. 5) in particular.
(Response 31) We agree with the
comments and as described in section
I.D., we are revising § 1.610 to allow
accreditation bodies to use their
demonstrated conformance to ISO/IEC
17011:2004 (Ref. 5), supplemented as
necessary, in meeting the requirements
for recognition.
(Comment 32) Some comments ask us
to clarify the language in § 1.614(a)(1)
and (2) regarding food safety problems
and corrective actions.
(Response 32) We agree and have
revised § 1.614(a)(1) and (2) to clarify
that an accreditation body must
demonstrate that it has procedures to
identify deficiencies and procedures to
execute corrective actions for such
deficiencies, using language that better
aligns with international standards (see,
e.g., clause 5.5 in ISO/IEC 17011:2004
(Ref. 5)).
F. What records procedures must an
accreditation body have to qualify for
recognition? (§ 1.615)
Proposed § 1.615 would require
accreditation bodies seeking recognition
to demonstrate that they have developed
and implemented adequate written
procedures for establishing, controlling,
and retaining records and to
demonstrate the capability to meet the
program’s records, reporting, and
notification requirements, if recognized.
(Comment 33) Some comments voice
general concerns about confidentiality.
Others state their concern with how
confidentiality of third-party
certification body records would be
preserved when third-party certification
bodies must share information with
recognized accreditation bodies and
FDA. Noting that such information can
be sensitive in nature and sometimes
includes confidential business
information, these comments urge us to
place certain limits—i.e., only
information related to food safety would
be collected during audits of third-party
certification bodies and such
information would be shared only with
the recognized accreditation body and
FDA. Some comments suggest FDA
require strict protective measures for
information handled by third-party
certification bodies and accreditation
bodies, because the release of an eligible
entity’s confidential business
information could have detrimental
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74590
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
effects on U.S. businesses and their
foreign suppliers. These comments
suggest the use of confidentiality
protections such as ‘‘confidential
disclosure agreements’’ so that the audit
climate remains conducive to robust
scrutiny and open dialogue.
Some comments also express concern
with the proposed use of electronic
records, because of the opportunity for
sensitive electronic information to be
compromised. Such comments
recommend that the final rule include
requirements for both third-party
certification bodies and accreditation
bodies to ensure that electronic records
remain secure in transit and during
storage.
(Response 33) We decline the
suggestions to require confidential
disclosure agreements between
recognized accreditation bodies and
third-party certification bodies under
our program and to establish data
protection requirements for electronic
records and communications of
recognized accreditation bodies and
accredited third-party certification
bodies. We understand that many
accreditation bodies and third-party
certification bodies have contractual
agreements regarding confidentiality
and disclosure by those parties. We
expect accreditation bodies that become
recognized under our program may elect
to establish contracts that incorporate
language on information sharing with
FDA for third-party certification bodies
seeking accreditation under this
program. For such accreditation bodies,
how they choose to accomplish this—
e.g., whether by establishing a separate
confidentiality agreement or through
revision of current contract language or
creation of a new contract addendum—
is a decision best made by the parties to
those contracts. Accreditation bodies
and third-party certification bodies will
have common interests in safeguarding
the electronic records they store and
transmit to each other; therefore, we
have no reason to believe that any
separate agreements will lack adequate
protections for confidentiality of
information, including information
stored and shared among the parties
electronically.
This rule focuses on confidentiality
and disclosure with respect to
information shared with FDA. As
explained in section XIII.F., FDA will
protect the confidentiality of
information accessed by or submitted to
the Agency in accordance with § 1.695
of this subpart. With respect to the
storage of electronic records and
electronic transmission of information
by FDA, we note that we are working
the FDA IT security professionals in
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
establishing the electronic portal for the
third-party certification program to
apply adequate and appropriate controls
to ensure the confidentiality and
integrity of data submitted to FDA
through the portal.
(Comment 34) In the proposed rule
preamble discussion of this section we
stated that, ‘‘[a]ccreditation bodies
applying for recognition must
demonstrate their capacity, if
recognized, to grant us access to
confidential information, including
information contained in records,
without prior written consent of the
third-party certification body involved.
Having access to records relating to
accreditation activities (including
confidential information) under this
subpart is necessary to ensure the rigor,
credibility, and independence of the
program.’’ Some comments take issue
with this point, arguing that
accreditation bodies would not be able
to grant such access—they would only
be able to grant access to confidential
information with prior written consent.
That is, the accreditation body would
first need to make arrangements for FDA
access to confidential records with the
third-party certification bodies it
accredits and the eligible entities
certified by those third-party
certification bodies. Comments that
express doubt about private sector
foreign accreditation bodies actually
granting FDA access to confidential
records contend that such access is
particularly unlikely without the prior
written consent of the third-party
certification body whose records are
sought.
(Response 34) We agree with the
comments that the contracts
accreditation bodies currently use with
their third-party certification body
clients do not contemplate the program
we are establishing. As comments
suggest, we would expect that
confidentiality provisions in standard
contracts would need to be revised such
that, in signing a contract for
accreditation under the FDA program,
the third-party certification body would
be giving the accreditation body its prior
consent to perform any reporting or
notification necessary for the recognized
accreditation body to fulfill its
obligations under the rule. Indeed, we
expect that accreditation bodies seeking
recognition will demonstrate their
ability to comply with the reporting and
notification provisions of this rule by
providing us examples of standard
contract language that has been suitably
revised as comments describe.
PO 00000
Frm 00022
Fmt 4701
Sfmt 4700
VI. Comments on Requirements for
Recognized Accreditation Bodies Under
This Subpart
A. How must a recognized accreditation
body evaluate third-party certification
bodies seeking accreditation? (§ 1.620)
Proposed § 1.620 would establish the
criteria and procedures that a
recognized accreditation body must use
in assessing third-party certification
bodies for accreditation. Paragraph (a)
broadly addresses the different
requirements for foreign governments
and foreign cooperatives or other third
parties. Paragraph (b) requires the
accreditation body to require third-party
certification bodies to satisfy the rule’s
reporting and notification requirements.
Paragraph (c) requires the accreditation
body to maintain certain records, such
as those related to withdrawal or
suspension of a third-party certification
body. Paragraph (d) requires an
accreditation body to have written
procedures for handling appeals from
third-party certification bodies, and
requires certain minimal appeal
procedures.
On our own initiative, we are revising
§ 1.620(a)(2) and (3) to apply to
accredited third-party certification
bodies that are comprised of a single
individual, as applicable. We are also
removing, ‘‘and any requirements
specified in FDA model accreditation
standards regarding qualifications for
accreditation, including legal authority,
competency, capacity, conflicts of
interest, quality assurance, and records’’
to follow good guidance practice. We
are making corresponding changes to
§§ 1.620(a)(1), 1.640(b), and 1.640(c).
We are also revising § 1.620(c) to specify
that recognized accreditation bodies
must also include the date of the action
in their records relating to any denial of
accreditation or the withdrawal,
suspension, or reduction in scope of
accreditation of a third-party
certification body. In addition, we are
revising § 1.620(d) to clarify that the
recognized accreditation body must
notify any third-party certification body
of an adverse decision associated with
its accreditation under the subpart,
including denial of accreditation or the
withdrawal, suspension, or reduction in
the scope of its accreditation.
(Comment 35) In paragraph (a)(3) of
this proposed section we stated that a
recognized accreditation body must
observe ‘‘a statistically significant
number of onsite audits’’ conducted by
the third-party certification body
seeking accreditation. Some comments
request clarification of what we meant
by ‘‘statistically significant,’’ so that
accreditation bodies would know what
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
would be an adequate number of audits
to observe to provide adequate
confidence in the results of an analysis
of such observations. The comments
suggest that we should explain the
criteria for determining the number of
witness audits to be conducted under
proposed § 1.620 and ask whether sitespecific issues such as geographic
factors should be considered. Other
comments encourage us to abandon the
phrase ‘‘statistically significant’’ in favor
of the language of ISO/IEC 17011:2004
(Ref. 5), which requires an accreditation
body to witness the performance of a
representative number of third-party
certification body staff.
(Response 35) We have removed the
phrase ‘‘statistically significant’’ in
§ 1.620(a)(3) and inserted the phrase
‘‘representative sample.’’ We explain in
Response 28 that comments presented
compelling arguments that a significant
body of knowledge and experience has
developed around the meaning of a
‘‘representative’’ number of observations
under ISO/IEC 17011:2004 (Ref. 5) to
achieve an adequate level of confidence
in the results. We have revised
§ 1.620(a)(3) accordingly. Site-specific
issues may be relevant in determining
the representative number of witness
assessments to conduct, for example,
where audit agents are located in remote
offices or where food safety audits are
managed by remote offices. The
accrediting body, either a recognized
accreditation body or FDA in the case of
direct accreditation, will be best
positioned to determine whether
geographic issues are relevant for
purposes of § 1.620(a)(3).
(Comment 36) Some comments ask us
to revise § 1.620(d)(2) to clarify that the
individuals used to hear appeals of
adverse decisions by a recognized
accreditation body could be individuals
external to the accreditation body.
(Response 36) We agree with the
comments and have revised this
provision to clarify that individuals
used to hear appeals may be external to
the accreditation body, as well as a
similar provision applying to appeals by
eligible entities of adverse decisions by
an accredited third-party certification
body. We have also revised this
provision to use language similar to
language that is used in § 16.42(b),
which describes the characteristics of a
presiding officer that may be used for
FDA regulatory hearings.
(Comment 37) In the preamble to the
proposed rule we stated that we were
not proposing to review the decisions of
recognized accreditation bodies nor
were we proposing to hear appeals from
third-party certification bodies
aggrieved by an accreditation body’s
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
decision(s). We sought comment on
these matters. In response, some
comments state their understanding that
FDA would retain the authority to
challenge a recognized accreditation
body’s decisions, because we have
authority over the entire program.
(Response 37) We agree with
comments that our oversight extends to
any accreditation body or third-party
certification body participating in the
program, including the authority to
withdraw accreditation from a thirdparty certification body even if the
accreditation was granted by a
recognized accreditation body.
However, FDA does not intend to serve
as an appellate body for aggrieved thirdparty certification bodies, as this would
be unworkable and unnecessary.
Withdrawing the accreditation of a
third-party certification body to remove
it from our program is quite different
than, for example, overturning an
accreditation body’s decision to deny
accreditation to a third-party
certification body in the first place. Our
program is designed to ensure the
competency and independence of
accreditation bodies. As part of this
program, FDA will be recognizing
accreditation bodies to make
accreditation decisions based on a
determination that the accreditation
body is qualified to do so. FDA
involvement in accreditation decisions
would defeat the purpose of the
program. Additionally, FDA retains the
authority to revoke the recognition of
accreditation bodies for good cause
under § 1.634(a)(4) for failure to comply
with this rule. For all of these reasons,
FDA declines to codify a process to
review appeals challenging recognized
accreditation body decisions under this
program.
(Comment 38) Several comments
encourage us to expand on the
requirement to use ‘‘independent’’
person(s) to hear an appeal of an
adverse accreditation body decision.
Some comments suggest that we clarify
that an independent person is one who
was not involved in the decision that is
the subject of the appeal. A few
comments suggest we further require the
accreditation body to use person(s) who
are external to the organization.
(Response 38) We agree with the
suggestions to clarify § 1.620(d)(2) and
are revising it to align with the
impartiality provisions in 21 CFR part
16, which contains the regulations for
regulatory hearings that we will
generally apply under § 1.693 to an
appeal of a revocation or withdrawal.
Under the part 16 regulations, the
person presiding over the hearing must
be free from bias or prejudice and must
PO 00000
Frm 00023
Fmt 4701
Sfmt 4700
74591
not have participated in the action that
is the subject of the hearing or be
subordinate to a person who
participated in the action. We believe
that the credibility of the third-party
certification program will be enhanced
by requiring recognized accreditation
bodies to afford similar protections
when considering appeals by
certification bodies under this rule.
While we decline the suggestion to
require the use of external parties in
deciding appeals, we note that a
recognized accreditation body has
flexibility to use an external party under
§ 1.620(d)(2).
B. How must a recognized accreditation
body monitor the performance of thirdparty certification bodies it accredited?
(§ 1.621)
We proposed to require a recognized
accreditation body to conduct an annual
evaluation of each of its accredited
certification bodies that includes a
review of the certification body’s selfassessments, its regulatory audit reports,
notifications to FDA, and any other
information reasonably available. We
requested comment on whether the
information we proposed to require
would provide a solid basis for an
evaluation. We asked stakeholders
whether we should include a
requirement in § 1.621 for onsite
monitoring of accredited certification
bodies and, if so, whether we should
require the accreditation body to
observe or visit the certification body’s
headquarters.
(Comment 39) We received several
comments on the annual assessment
requirements of proposed § 1.621. Some
comments agree with the requirement
for an annual assessment. Some
comments mention a Government
Accountability Office (GAO) report
entitled, ‘‘FDA Can Better Oversee Food
Imports by Assessing and Leveraging
Other Countries’ Oversight Resources’’
(GAO 12–933) and dated September
2012, which notes ongoing challenges
with ensuring the competency of third
parties to consistently apply standards
and argues that annual assessments
would improve certification body
reliability and competency. Some of
these comments state they would even
support more frequent certification body
evaluations.
In contrast, some comments argue that
annual assessments would be
burdensome. Comments variously focus
on the burden on accreditation bodies,
certification bodies, and eligible
entities. Some comments disapprove of
the cumulative burden of all the
assessments (e.g., self-assessments and
monitoring assessments) required
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74592
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
throughout the rule. Some comments
suggest biennial assessments, and note
that such a requirement would be
consistent with ISO/IEC 17011:2004
(Ref. 5). Still others argue that when the
accreditation body or certification body
is a government entity we should allow
for flexibility around the timing of
assessments.
(Response 39) We agree with
comments that express the view that
annual assessments of certification
bodies will help build confidence in the
third-party certification program.
Annual assessments will help
accreditation bodies ensure certification
bodies’ continued compliance with the
program requirements and quickly
identify and address any deficiencies
with a certification body before a
situation escalates.
We also acknowledge the concerns
about the efforts needed to comply with
the monitoring and self-assessment
requirements of the rule. Section 1.621
is part of a set of proposed monitoring
and self-assessment requirements
intended to work together in helping to
ensure that the recognized accreditation
bodies and accredited third-party
certification bodies maintain
compliance with the rule’s
requirements. The certification body
self-assessment in § 1.655 is intended to
serve, in part, as information for use in
the accreditation body monitoring in
§ 1.621, the results of which we intend
the accreditation body to use in its selfassessment under § 1.622. We do not
intend for the assessments to require
duplicative efforts, with each section
requiring a discrete set of activities with
no opportunity to use the results of one
set of activities when performing
another. As explained in the preamble
to the proposed rule, the accreditation
body assessments of certification bodies
will not only help ensure that the
certification bodies continue to comply
with our requirements, but also can help
the accreditation body identify trends
and any deficiencies in its own
performance. The proposed monitoring
and self-assessment activities are an
essential part of the program’s safety
net.
With respect to § 1.621, in particular,
we believe this section will be far less
burdensome in practice than some of
the comments anticipate, because of the
convergence between the ISO/IEC
standards and this rule. The activities
required by § 1.621 are similar in
substance to surveillance activities
under ISO/IEC 17011:2004 (Ref. 5),
which includes review of audit reports,
results of internal quality control, and
management review records identified
in clause 3.18 NOTE, and thus are likely
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
to be activities many accreditation
bodies already perform. In light of the
foregoing, we have concluded that
requiring accreditation bodies to
perform annual evaluations of each
certification body they accredit under
the program is not unduly burdensome.
We disagree with comments suggesting
that monitoring should be more frequent
than once a year, because requiring
assessments to be performed and
reported twice each year, for example,
would result in a nearly continuous
cycle of assessments and reports.
Semiannual assessments are likely to
produce limited data sets that would be
less helpful for evaluation purposes
than would larger data sets, such as
compilations of 12 months of data,
which allow for tracking and trending
performance over time. Requiring
assessments to be performed more
frequently than once a year also risks
creating significant disruption of the
operations of accredited third-party
certification bodies and eligible entities
and might have the unintended effect of
serving as a disincentive to participation
in the program. For these reasons, we
have determined that an annual
monitoring requirement is appropriate
to verify the overall effectiveness of the
accredited third-party certification
body’s operations and performance in
activities relevant to the third-party
certification program and the validity of
its certification decisions. Accordingly,
we are not revising the annual
certification body monitoring
requirements we proposed in § 1.621.
(Comment 40) We received some
comments on proposed § 1.621(b)
specifically, which would require an
accreditation body to consider any other
‘‘reasonably available’’ information
relevant to a determination of whether
a certification body is in compliance
with this rule. Comments encourage us
to set limits around assessments
conducted in the wake of an incident,
noting that a problem involving one
certification/type of product should not
involve review of all certifications/
products. These comments did not want
an incident in one sector (e.g., human
food) to unnecessarily jeopardize an
accreditation in a separate sector (e.g.,
animal food). Some comments express
concern that proposed § 1.621(b) would
require an accreditation body to review
every certificate issued by a certification
body if one of the eligible entities it
certified was placed on FDA import
alert.
(Response 40) We decline the
suggestions to narrow the scope of
proposed § 1.621(b) or to direct how
recognized accreditation bodies should
consider other ‘‘reasonably available’’
PO 00000
Frm 00024
Fmt 4701
Sfmt 4700
relevant information, because it will
depend on the facts of a particular
situation. In the wake of incidents, we
expect the accreditation body to take
appropriate steps to determine whether
the certification body is in compliance
with this subpart. Such steps may
include a review of certifications for
product areas other than the subject of
the incident if the accreditation body
deems it needed to assess the
certification body’s compliance. We
reiterate, as we explained in the
preamble to the proposed rule, we do
not expect a recognized accreditation
body launch investigations of each
certification body it accredited absent
cause, but we do expect the
accreditation body to actively monitor
public information about their
certification bodies and not ignore
public information about problems that
might be associated with a certification
body it accredited.
(Comment 41) In response to our
preamble questions about whether to
require observations and certification
body headquarters visits in § 1.621,
some comments state that observations
are a useful tool and should be required.
Similarly, some comments support a
requirement for visiting the key location
of the certification body. Some
comments state that the accreditation
body should visit any location of the
accredited third-party certification body
where the certification body manages its
staff or agents conducting audits under
this program, which the comments note
may not be the certification body’s
headquarters. Other comments agree
that onsite visits can be a useful tool,
but encourage the use of remote
assessments in certain circumstances
(e.g., after the certification body has
successfully completed a set number of
accreditation cycles).
Some comments suggest that we
follow the requirements of relevant ISO/
IEC standards in establishing
requirements for observations and site
visits under § 1.621. Some comments
express concern about the cumulative
burden of the monitoring and selfassessments we proposed to require of
accreditation bodies and certification
bodies. A few comments express
concern we might impose duplicative
requirements for observations under
§§ 1.621 and 1.622(b). Some comments
request guidance on how an eligible
entity would be selected as a site for an
observation.
(Response 41) We agree with the
comments that state that observations
are useful and should be required as
part of accredited third-party
certification body monitoring. Likewise,
we agree with the comments that state
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
a recognized accreditation body should
visit any location of the certification
body where the certification body
manages its staff or agents conducting
audits under this program, if different
than the certification body’s
headquarters, to get a better
understanding of how different
locations operate. While we
acknowledge that some accreditation
bodies may be successfully using remote
assessments in certain circumstances
(e.g., after the certification body has
successfully completed a set number of
accreditation cycles), we decline the
suggestion to allow for remote
assessments in this rulemaking.
In establishing requirements in
§ 1.621 for observations and accredited
third-party certification body visits, we
considered comments’ concerns that
such requirements might be duplicative
of the observation requirements in
§ 1.622(b), might pose practical
difficulties in arranging to observe
audits, and might pose difficulties if a
certification body had several ‘‘key’’
locations. We also considered
comments’ concerns about the
cumulative burden of the monitoring
and self-assessment requirements of the
rule and the comments that urge us to
align the requirements of § 1.621 with
the relevant international standards.
Accordingly, in the final rule we are
combining all of the paragraphs in
proposed § 1.621 into new § 1.621(a),
and we are adding a new paragraph (b)
that requires the accreditation body to
perform a representative sample of
onsite observations of regulatory audits
conducted by each accredited thirdparty certification body, as explained in
Response 28, and visit the certification
body’s headquarters (or other
certification body location if its audit
agents are managed by the certification
body at a location other than its
headquarters). The observed audits and
site visits must be performed by no later
than 12 months after the certification
body’s initial accreditation and again
every 2 years thereafter for the duration
of its accreditation, including renewals.
The requirements for the frequency of
observed audits and site visits under
§ 1.621(b) are similar to the intervals for
surveillance onsite assessments in one
of the options under clause 7.11.3 of
ISO/IEC 17011:2004 (Ref. 5). We are also
requiring the accreditation body to
consider information from activities
conducted under paragraph (b) in the
annual performance report of the
accredited third-party certification
body.
We also are making a corresponding
revision to § 1.622(b) to clarify that the
accreditation body should consider the
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
results of onsite observations and site
visits conducted under § 1.621(b) as part
of its self-assessment under § 1.622.
C. How must a recognized accreditation
body monitor its own performance?
(§ 1.622)
Proposed § 1.622 would require
recognized accreditation bodies to
conduct self-assessments on an annual
basis, and as required under proposed
§ 1.664(g) (following FDA withdrawal of
accreditation of a certification body it
accredited). Under the proposed rule,
the accreditation body’s self-assessment
would include evaluating the
performance of its officers, employees,
or other agents; observing regulatory
audits by a statistically significant
number of certification bodies it
accredited under this program, and
creating a written report of results.
(Comment 42) Some comments
encourage a broader self-assessment.
They contend that, in addition to
requiring that accreditation bodies
assess the consistency of their
performance and their compliance with
conflict of interest provisions, we
should also require accreditation bodies
to compare their performance against
competitors, compare the certification
bodies they accredit to other
certification bodies, and look at industry
best practices and benchmarks to set
improvement objectives.
(Response 42) The self-assessments
are intended to help the accreditation
body determine whether it is in
compliance with the requirements of
this rule. While the report elements
suggested by comments might be useful
for an accreditation body to consider,
we do not believe those elements are
necessary to a determination of
compliance with the rule. Therefore, we
decline to revise the rule in response to
these comments.
(Comment 43) Some comments
question whether the requirements for
accreditation body self-assessment
would fit the government-to-government
model. Other comments suggest that the
different nature of private operators and
public administration warrant different
requirements for each. The comments
further contend that the workload
associated with the program would be
significant for any government agency;
therefore, the time limits and
frequencies of reporting should be more
flexible in the case of government
agencies.
(Response 43) FDA uses selfassessment tools in various governmentto-government programs. As one
comment notes, we require State
governments to conduct annual selfassessments for their work under the
PO 00000
Frm 00025
Fmt 4701
Sfmt 4700
74593
Manufactured Food Regulatory Program
Standards (MFRPS) and the Animal
Feed Regulatory Program Standards. We
also require a foreign government
seeking a systems-recognition agreement
with FDA to begin the process by
completing the International
Comparability Assessment Tool, which
is a self-assessment tool that we
developed based on the approach of the
MFRPS self-assessment. Our experience
in using self-assessment tools with
foreign and State governments suggests
to us that self-assessments would be
feasible and appropriate in the context
of this program as well.
We decline the suggestion to afford
more flexibility in deadlines for
government agencies serving as
recognized accreditation bodies than we
afford to other recognized accreditation
bodies. Section 808 of the FD&C Act
makes no distinction between public
and private accreditation bodies, and
the proposed rule would place the same
workload burden on private
accreditation bodies as it would on
public accreditation bodies. The
comments fail to explain why the
differences in nature of public and
private accreditation bodies justify
flexible deadlines for governmental
accreditation bodies but not private
accreditation bodies.
(Comment 44) Some comments
suggest that accreditation body selfassessments under proposed § 1.622
should be done in concert with its
monitoring of certification bodies under
proposed § 1.621, because it would be
more efficient and would reduce the
burden on eligible entities that were
observed during regulatory audits. Other
comments question the need for
accreditation body self-assessments to
include requirements for observations,
because they read our preamble
discussion of proposed § 1.621 as a
signal that we would be requiring
accreditation bodies to conduct annual
onsite observations of each certification
body under that provision.
(Response 44) We agree that selfassessments under § 1.622 can be done
in concert with monitoring under
§ 1.621. As described in Response 39,
we do not intend the self-assessment
and monitoring requirements of the rule
to be duplicative. Having added
requirements for observations and
certification body site visits to
certification body monitoring
requirements in the final rule, we are
revising § 1.622(b) to clarify that
accreditation bodies may consider the
results of any observations or visits
conducted under § 1.621(b) in its selfassessments.
E:\FR\FM\27NOR4.SGM
27NOR4
74594
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
mstockstill on DSK4VPTVN1PROD with RULES4
(Comment 45) Comments also suggest
that international standards could
provide guidance on improving the
efficiency and effectiveness of an
accreditation body’s self-assessment.
Some comments specifically suggest
that FDA could rely on the internal
audits and management reviews that are
required under ISO/IEC 17011:2004
(Ref. 5) instead of requiring its own selfassessments.
(Response 45) We agree that
documentation of internal audits and
management reviews required under
ISO/IEC 17011:2004 (Ref. 5) could be
useful to help demonstrate compliance
with the requirement for selfassessments under this program. We
have revised § 1.622(d) and made a
conforming change to § 1.623(b) to
specifically allow a recognized
accreditation body to use reports of
internal audits and management reviews
prepared for conformance with ISO/IEC
17011:2004 (Ref. 5), supplemented as
necessary, to demonstrate compliance
with the accreditation body selfassessment requirements of § 1.622.
D. What reports and notifications must
a recognized accreditation body submit
to FDA? (§ 1.623)
Proposed § 1.623 would require
recognized accreditation bodies to
submit to FDA reports of its selfassessments and annual re-assessments
of certification bodies within 45 days of
completing the assessment. The
proposed rule also would require
notification to FDA of matters affecting
recognition and accreditation status;
notice of denials of accreditation and
any significant change that would affect
how the accreditation body complies
with this rule would be required within
30 days, while immediate notification
would be required for other matters
(e.g., grant or withdrawing
accreditation). Under the proposed rule
the reports and notifications would have
to be submitted electronically and in
English.
On our own initiative, we are revising
§ 1.623(c)(1)(i) and (d)(1)(i) to require
the recognized accreditation body to
provide FDA the email address of any
third-party certification body that was
granted or denied accreditation
(respectively) under our program.
Having the email address will facilitate
FDA’s communications with such thirdparty certification bodies. We also are
revising § 1.623(c)(1)(iv) on our own
initiative to specify that a recognized
accreditation body must also notify FDA
of the expiration date of accreditation
upon granting accreditation to a thirdparty certification body under this
subpart.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
(Comment 46) Some comments ask
whether FDA intends to provide
feedback in response to self-assessment
reports.
(Response 46) While FDA will not be
providing formal responses to the selfassessment reports, we will use the
information in the reports in our
oversight of the third-party certification
program and will address any specific
items of concern we identify in an
accreditation body-self-assessment
report directly with the accreditation
body.
(Comment 47) We received several
comments related to our proposal to
require all reports and notifications to
be submitted in English. Some
comments agree that both the
notifications and the reports should be
submitted in English. Some comments
agree that notifications should be in
English, but suggested that reports of
self-assessments and re-assessments of
certification bodies could remain in
their native language, and if FDA had
any questions about such reports the
accreditation body could furnish
English translations.
Some comments note the difficulty
and others the expense for recognized
accreditation bodies in countries that do
not officially or routinely conduct
business in English. Some comments
request a longer period of time (e.g., up
to 4 months) to submit documents that
must be translated into English. Other
comments note that if we require
documents to be in English, and the
translations are not done well, the
documents may be difficult to
understand.
Some comments propose alternative
solutions, including comments that
suggest that FDA explore technical
translation and recognition software,
which in combination with
standardized report/notification
templates, might facilitate submission in
languages other than English. Other
comments suggest that if reports and
notifications are submitted in languages
other than English, the recognized
accreditation body should be
responsible for all translation costs.
Some comments ask whether
supporting documents that accompany
reports also would have to be in
English. Other comments inquire
whether there is any flexibility in the
language requirement for governmental
accreditation bodies that do not
maintain their records in English.
(Response 47) We decline the
suggestion to remove the requirement to
submit reports and notifications in
English. While allowing submissions in
multiple languages might be helpful to
some interested parties, the
PO 00000
Frm 00026
Fmt 4701
Sfmt 4700
accreditation body reports and
notifications required by § 1.623 are
essential to our oversight and
management of the third-party
certification program and the programs
that rely on certifications issued by
accredited third-party certification
bodies, and thus, must be in English in
order for FDA to properly review and
evaluate. Some comments ask to have
up to 4 months to prepare an English
translation of a submission under
proposed § 1.623. Such delays would be
unworkable. For example, we cannot
afford delays in translating an
accreditation body’s notification of
withdrawal of accreditation, or an
accreditation body’s notification that a
certification body has issued a food or
facility certification without meeting the
requirements of this rule. We are
requiring immediate notification of
these and other matters under § 1.623(c)
because of the implications for the
program and possibly for our acceptance
of certifications issued by the
certification body. Unless the
notification is submitted in English, our
actions will be delayed until the
information is translated. Although the
annual certification body monitoring
reports and the accreditation body selfassessments reports are not required to
be submitted until 45 days after
completion under § 1.623(a) and (b)(i)
(and 60 days following certification
body withdrawal for self-assessment
reports submitted under § 1.623(b)(ii)),
we will use these reports to identify
areas where FDA may need to promptly
engage with an accreditation body or a
certification body to address apparent
misunderstandings or confusion about
our program requirements. We plan to
use these reports to identify emerging
issues that need intervention. Therefore
any additional time allotted for
translation purposes would delay and
possibly hinder our ability to use these
reports for program evaluation and
management.
(Comment) 48) Some comments
address the proposed timeframes for
submitting reports and notifications,
and suggest that instead of requiring
reports within 45 days of completing the
assessment/re-assessment, we should
require submission every 6 months or
annually.
(Response 48) We disagree with
comments suggesting that we modify
the timeframe for submission of reports
of annual self-assessments and annual
certification body monitoring reports
from 45 days after completion to every
6 months or every year. We are
concerned that the information could be
outdated and our ability to use the
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
reports for early intervention would be
significantly diminished.
(Comment 49) Some comments
contend that the volume of reports and
notifications we proposed to require
would be burdensome to FDA to review
and maintain. They suggest that instead
we require recognized accreditation
bodies and their certification bodies to
maintain reports of self-assessment/reassessment, and provide prompt access
to FDA upon request.
(Response 49) We disagree. We are
establishing an electronic portal for
submission of applications, reports,
notifications, and other information
under this rule and an electronic
repository of this information, which
will allow us to access and use the
information as needed. Therefore, we
decline to revise § 1.623 is response to
these comments.
(Comment 50) Some comments ask if
all reports and notifications submitted
to FDA will be subject to the Freedom
of information Act (FOIA) or if these
submissions will be considered
confidential information with
reasonable protections from disclosure.
Other comments suggest the importance
of striking the appropriate balance
between disclosure and confidentiality
and note the following statements in
ISO/IEC 17021:2011 (Ref. 6), clause
4.1.3 and NOTE: ‘‘Principles for
inspiring confidence include:
Impartiality, competence, responsibility,
openness, confidentiality, and
responsiveness to complaints . . . An
appropriate balance between the
principles of openness and
confidentiality, including
responsiveness to complaints, is
necessary in order to demonstrate
integrity and credibility to all users of
certification.’’
(Response 51) We agree with
comments suggesting the importance of
striking the appropriate balance
between providing transparency to the
public and maintaining the
confidentiality of any trade secrets and
confidential commercial information
included in the applications, reports,
notifications, and other information
submitted to FDA. We are guided in this
effort by FOIA as well as laws that
protect trade secrets and confidential
commercial information from
disclosure. In response to comments, we
are adding new § 1.695 on public
disclosure, which is discussed in
section XIII.F.
(Comment 51) Some comments urge
us to eliminate or reduce the proposed
reporting requirements in proposed
§ 1.623(a) and (b), for various reasons.
Some of these comments suggest that we
should only require regular submission
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
of a report or other document that
shows the third-party certification
bodies are maintaining their
accreditation. Other comments
recommend that when a certification
body is first accredited, it should submit
translated accreditation documents
within 3 to 4 months of the
accreditation body’s decision. Then, as
long as the accreditation is unchanged,
it should not be necessary for the
accreditation body to submit its—
assessment reports under § 1.623(a).
Some comments suggest it should not
be necessary for accreditation bodies to
submit their self-assessment reports
under § 1.623(b) if there is no significant
change in their recognition. Other
comments assert that signatories to IAF
MLAs should not have to submit selfassessment reports to FDA, because IAF
monitors accreditation bodies for
continued compliance with ISO/IEC
17011:2004 (Ref. 5).
(Response 51) We disagree. As
described in Response 47, the reports of
annual certification body monitoring
and accreditation body self-assessments
are essential to our oversight and
management of the third-party
certification program and the programs
that rely on certifications issued by
accredited third-party certification
bodies. We are not requiring accredited
third-party certification bodies to
submit their self-assessments to FDA
(except for directly accredited thirdparty certification bodies); therefore, the
reports that we receive of the recognized
accreditation bodies’ assessments of
accredited third-party certification
bodies are a fundamental piece of the
monitoring system we are establishing,
as are the self-assessment reports
submitted by accreditation bodies we
have recognized. Reducing or
eliminating either of these reporting
requirements would hinder our ability
to properly oversee the program.
(Comment 52) We received some
requests for clarification regarding
required content of the accreditation
self-assessment reports and reports of
certification body annual monitoring.
Some comments request that FDA either
suggest a format for the reports, provide
an opportunity for accreditation bodies
to propose a format, or at least indicate
the minimum required elements.
(Response 52) We believe we
provided minimum requirements on the
content of these reports in this rule and
plan to provide additional information
on the format and submission of these
reports on our Web site.
(Comment 53) Comments suggest that
to be consistent with ISO/IEC
17011:2004 (Ref. 5), a recognized
accreditation body only would need to
PO 00000
Frm 00027
Fmt 4701
Sfmt 4700
74595
notify FDA of the approval, suspension,
or withdrawal of accreditation of a
third-party certification body, as well as
any changes in its scope of the
accreditation scope or reduction of
authorization. The comments assert that
the notification should not need to
include such details as the address and
name of third-party certification body
employees under § 1.624(c)(1).
(Response 53) We agree that
submission of the information described
in the comment and required by clause
8 of ISO/IEC 17011:2004 (Ref. 5) is
necessary for our program management
and oversight. For example, it will help
us verify the identity of any certification
body before taking an action to affect its
status in the program based on a
notification submitted under § 1.623.
However, the notifications required
under § 1.623(c)(3) and (d) are also
necessary for our program management
and oversight. Under § 1.623(c)(3), a
recognized accreditation body would
have to notify FDA if one of its
accredited third-party certification
bodies issued a food or facility
certification without complying with
the requirements of this rule. This
notification will allow FDA to refuse to
accept those improperly issued
certifications and to coordinate with the
accreditation body in determining
appropriate next steps. Having
information on a denial of accreditation
under § 1.623(d) will allow FDA to
monitor accreditation activities across
the program, including any repeat
denials of a third-party certification
body.
With respect to providing the names
of the audit agents of the accredited
third-party certification body, we note
that section 808(b)(1)(B) of the FD&C
Act requires a recognized accreditation
body to submit to FDA a list of all thirdparty certification bodies it accredited
under the program and the audit agents
of such accredited certification bodies.
The list of audit agents we proposed to
require a recognized accreditation body
to submit under § 1.623(c)(1)(iii) is
necessary for verification of compliance
with the conflict of interest
requirements by audit agents under
section 808(c)(5)(A)(iii) and (B) of the
FD&C Act and by proposed § 1.657,
among other things. With respect to the
proposed requirement to provide the
address and name of one or more of the
officers of the accredited third-party
certification body, this information will
be helpful in communicating with the
accredited third-party certification
body.
For the foregoing reasons, we decline
the suggestion to eliminate the
requirements for the recognized
E:\FR\FM\27NOR4.SGM
27NOR4
74596
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
mstockstill on DSK4VPTVN1PROD with RULES4
accreditation body to provide FDA the
name of one or more officers of the
accredited third-party certification body
under § 1.623(c)(1)(ii) and a list of audit
agents of the accredited third-party
certification body under
§ 1.623(c)(1)(iii).
E. How must a recognized accreditation
body protect against conflicts of
interest? (§ 1.624)
Proposed § 1.624 would require a
recognized accreditation body to take
certain steps to safeguard against
conflicts of interest, including the
requirement to implement a written
conflict of interest program. The
accreditation body would be prohibited
from owning, having a financial interest
in, or managing/controlling a
certification body. Under the proposed
rule, accreditation body employees
would be unable to accept money, gifts
or other items of value from the
certification body, though we did
exempt meals of de minimis value
onsite where the assessment occurs. We
also proposed to require that a
recognized accreditation body maintain
on its Web site a list of certification
bodies it accredited under this program,
the duration and scope of accreditation,
and the date on which the certification
bodies paid their fee or reimbursement
associated accreditation. We sought
comment on alternative approaches for
public disclosure of payments.
On our own initiative, we are adding
new provision § 1.624(b) to clarify when
a recognized accreditation body can
accept the payment of fees for its
services so that the payment is not
considered a conflict of interest for
purposes of § 1.624(a).
(Comment 54) Some comments agree
that a recognized accreditation body
should be required to have a written
program to protect against conflict of
interest. Comments suggest that the
written plans should include assurances
of independence and safeguards to
address any possibility of conflicts.
Some comments state FDA should
require accreditation bodies to make
their conflict of interest policies public.
(Response 54) We agree with
comments about the importance of a
recognized accreditation body having a
written program to safeguard against
conflicts of interest that meets the
requirements of this rule. While a
recognized accreditation body may
choose to make its conflicts of interest
program publicly available, we are not
imposing that as a program requirement
because we do not believe it is
necessary to ensure that accreditation
bodies safeguard against conflicts of
interest.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
(Comment 55) We received several
comments related to allowing
certification bodies to provide onsite
meals of de minimis value to
accreditation body representatives
conducting an audit. Several comments
agree with the general concept of
allowing meals of de minimis value.
Some supporting comments state that
allowing such meals would expedite the
assessment, and could be necessary if
the certification body is distant from
meal service providers. With respect to
the question of what constitutes ‘‘de
minimis’’ value for these purposes,
some comments endorse the idea of
defining de minimis value in
accordance with U.S. Government
employee limits on accepting gifts or
gratuities. Others simply encourage us
to define it in some way that ensures
consistency and clarity. Some
comments state that we should not set
a fixed amount for the de minimis
value, because costs vary in different
locations.
Some comments disagree with the
proposal to allow meals of de minimis
value, and contend that the financial
relationship between the accreditation
body and the certification body should
be strictly limited to the fee paid for the
accreditation audit/services.
(Response 55) We agree with the
comments that suggest that allowing the
certification body to provide meals of a
de minimis value during an assessment
and at the site where the assessment is
being conducted might help facilitate
the assessment, particularly for remote
sites. We also agree with comments that
state we should not set a fixed amount
for the de minimis value because costs
vary in different locations.
We disagree with comments
suggesting that by providing meals of a
de minimis value, a certification body
might influence the outcome of an
accreditation body assessment,
particularly if the only allowable meals
are ones of minimal value that are
provided during the course of an
activity and with the purpose of
facilitating timeliness and efficiency.
FDA follows a similar approach for
investigators conducting foreign
inspections—that is, FDA investigators
performing foreign inspections are
allowed to accept lunches (of little cost)
provided by the firm during the course
of a foreign inspection. We also note
that the U.S. government allows its
employees to accept meals, within per
diem limits, when on official business
in a foreign country, as an exception to
the prohibition on the acceptance of
gifts or gratuities from outside sources
(5 CFR 2635.204(i)(1)), though we
believe the FDA’s practices for foreign
PO 00000
Frm 00028
Fmt 4701
Sfmt 4700
inspections serve as a better model
because foreign inspections are more
analogous to foreign assessments than
are the range of activities that covered
by the general requirements applicable
to all U.S. government employees on
official business in foreign countries.
Accordingly, in light of the comments
received and analogous FDA guidelines,
we have concluded that it is reasonable
and appropriate to limit the meal
exception in § 1.624(a)(3)(ii) to only
lunches of de minimis value provided
during the course of an assessment, on
site at the premises where the
assessment is being conducted, and only
if necessary to facilitate the efficient
conduct of the assessment. We believe
these revisions help to address concerns
regarding the threats to impartiality,
while accommodating the practical
considerations that apply to foreign
assessments.
We offer the following additional
input to recognized accreditation bodies
seeking guidance on the application of
§ 1.624(a)(3)(ii). In considering whether
a meal is allowable under this
provision, we recommend that the
assessor first consider whether
accepting the lunch is necessary to
facilitate the efficient conduct of the
assessment. We recommend the assessor
consider: (1) Whether the circumstances
surrounding the travel would allow the
assessor to pack a lunch to bring on site;
(2) Whether the meal is being provided
during the midday or early afternoon. A
lunch provided in the midst of an
assessment is different than a lunch or
other meal provided at the completion
of the audit; (3) Whether the site of the
assessment is in close proximity to a
retail food establishment, or is at a
remote location far from a retail food
establishment; (4) What is the estimated
value (or cost) of the lunch in light of
the costs associated with the area where
the assessment is being conducted; and
(5) other similar considerations.
For assessors seeking additional
guidance on determining what
constitutes a ‘‘de minimis’’ amount for
purposes of complying with
§ 1.624(a)(3)(ii), we offer the following
guidance that is based on the
requirements applicable to U.S.
government employees who accept
certain meals while on official travel in
foreign countries. Such employees must
deduct from the per diem the value of
that meal, calculated using a two-step
process.
First, the individual must determine
the per diem applicable to the foreign
area where the lunch was provided, as
specified in the U.S. Department of
State’s Maximum Per Diem Allowances
for Foreign Areas, Per Diem Supplement
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
Section 925 to the Standardized
Regulations (GC,FA) available from the
Superintendent of Documents, U.S.
Government Printing Office,
Washington, DC 20402, and available on
the Department of State Web site at
https://aoprals.state.gov/Web920/per_
diem.asp. (Foreign per diem rates are
established monthly by the Department
of State’s Office of Allowances as
maximum U.S. dollar rates for
reimbursement of U.S. Government
civilians traveling on official business in
foreign areas.)
Second, the individual must
determine the appropriate allocation for
the meal within the daily per diem rate
which is broken down into Lodging and
M&IE (Meals & Incidental Expenses)
that are reported separately in Appendix
B of the Federal Travel Regulation and
available on the Department of State’s
Web site at https://aoprals.state.gov/
content.asp?content_id=114&menu_
id=78.
(Comment 56) Our proposal to require
accreditation bodies to maintain a Web
site listing of certification bodies, and
information about each, drew several
comments. Most comments agree with
the Web site listing in principle. Some
comments encourage us to require
additional information in the Web site
listing, such as requiring accreditation
bodies to include in their Web site
listing those certification bodies whose
accreditations have been suspended or
revoked. Some comments advise that
the ‘‘scope’’ information required on the
Web site should be specific (e.g.,
whether the accreditation is for human
food, animal food, or for specific rules).
Additionally, many comments
address the proposed requirement to
include fee information in the Web site
listing. Some comments suggest that we
require recognized accreditation bodies
to specify what is included in the fee
payment and what costs are
reimbursable. We also received
comments arguing that requiring
payment schedules to be posted online
is not sufficient to ensure that potential
conflicts of interest will be identified;
they suggested we require accreditation
bodies to submit payment schedule
information directly to FDA.
Some comments disagree with the
proposed requirement to require the
Web site posting of payment schedules
contending, among other things, that
such information is proprietary. Some
suggest that, instead, FDA should
require accreditation bodies to keep
records of payments which would be
available to FDA if we have reason to
examine them. Others suggest it would
be sufficient for the financial payment
information to be maintained such that
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
FDA could review it during the
recognition/renewal process. Still other
comments seek clarification as to
whether we would be requiring, in
addition to the date of payment, the
dollar value of payment. These
comments are not in favor of such a
requirement; they state such payment
details constitute sensitive information
and argue that FDA should instead
require the amount of payment to be in
the records required under § 1.625.
(Response 56) We agree with
comments that state that an
accreditation body’s Web site posting
under § 1.624(c), finalized as § 1.624(d),
must include specific information about
the scope(s) of accreditation, for
example by relevant part of 21 CFR or
by a designation, such as ‘‘part 123’’ or
‘‘Seafood HACCP’’ (Hazard Analysis
Critical Control Point). We also are
revising final § 1.624(d) to state that an
accreditation body’s Web site must
identify a certification body whose
accreditation was suspended,
withdrawn, or reduced in scope,
because we believe that this information
would be important to eligible entities
seeking information on accredited
certification bodies. The suspension or
withdrawal information must be
maintained on the Web site for 4 years
(the maximum duration of an
accreditation under the rule) or until the
suspension is lifted or the certification
body is reaccredited by that
accreditation body, whichever occurs
first.
In the interest of transparency, we are
maintaining the requirement for
accreditation bodies to post information
on the timing of fee payments and direct
reimbursements by certification bodies.
This posting requirement is similar to
the posting requirements that apply to
certification bodies under § 1.657(d) and
will help build confidence in the
impartiality of accreditation body
accreditation decisions. We are not
requiring posting of the amount of fees
or reimbursement paid, because we do
not think it is necessary to help build
confidence in the impartiality of
accreditation body accreditation
decisions. We agree with the suggestion
to specifically require fee payment
records to be maintained and are
revising § 1.625 accordingly.
(Comment 57) Some comments
contend that § 1.624 is seriously flawed
because it is inconsistent with ‘‘the
latest science on the issue’’ and a 2009
Institute of Medicine (IOM) Report,
‘‘Conflicts of Interest in Medical
Research, Education, and Practice.’’
They encourage FDA to evaluate the
most recent scientific research on
conflicts of interest and consult with
PO 00000
Frm 00029
Fmt 4701
Sfmt 4700
74597
leading academicians involved in such
work. They contend that the fact of
payment by the certification body to the
accreditation body creates a conflict of
interest that cannot be avoided so we
should aim our regulation to minimize
it. They recommend that we prohibit
any financial relationship between the
accreditation body and a certification
body it audits for at least 1 year before
accreditation was sought and 1 year
after the last accreditation expires or
was denied.
(Response 57) While we agree with
the comments’ suggestion to remain
vigilant in ensuring that our conflict of
interest protections represent current
best practices, we disagree with the
assertion that § 1.624 is seriously flawed
and have concluded that the suggested
revision would be infeasible and
impractical. Third-party certification
bodies currently accredited for food
safety auditing by accreditation bodies
that become recognized by FDA would
have to apply to another recognized
accreditation body to join our program
if the comments’ suggestion were
adopted. This would create a
disincentive to participation by
experienced third-party certification
bodies and would pose difficulties
when the availability of recognized
accreditation bodies is limited.
In response to comments citing the
2009 IOM report on financial conflicts
of interest between medical researchers
and medical products companies, we
note that it identified some conflict of
interest issues that also are relevant to
our third-party certification program,
such as the need to disclose payments
from industry and to place limits on
meals and gifts. However, the
differences between the context of
medical research and practice and the
context of our third-party certification
program pose difficulties in identifying
practical implications of the analysis for
our purposes—i.e., the analysis of data
suggesting that the acceptance of meals
and gifts and other relationships may
influence physicians to prescribe a
company’s medicines. Nor are the IOM
recommendations readily adaptable to
conflicts of interest in the third-party
certification program. The ‘‘best
practices’’ we employ must be suitable
for the third-party certification program
and may differ from the state of the art
best practices for conflict of interests in
medical research. For example, the
recommendations to place limits on the
use of drug samples for patients who
lack financial access to medications and
to prohibit the claiming of authorship
for ghost-written publications are not
applicable to this program. For the
foregoing reasons, we decline the
E:\FR\FM\27NOR4.SGM
27NOR4
74598
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
mstockstill on DSK4VPTVN1PROD with RULES4
suggestion to prohibit any financial
relationship, such as the payment of
fees, between a recognized accreditation
body and a certification body for at least
1 year before seeking accreditation and
1 year after the last accreditation expires
or is denied.
(Comment 58) Some comments reject
the notion that there could be effective
protections against conflict of interest.
Such comments consider third-party
food safety audits to possess inherent
shortcomings and believe that FDA
itself should conduct any food safety
inspections required by FSMA.
(Response 58) We disagree with the
notion that it is not possible to
effectively protect against conflicts of
interest. Currently, accreditation bodies
and certification bodies operate under a
number of private schemes successfully,
with reasonably effective protections
against conflicts of interest. We note
that the primary regulatory functions of
the third-party certification program are
to facilitate participation in VQIP and to
provide certifications for the purposes
of section 801(q) of the FD&C Act. At
this time, we do not intend for private
third-parties to conduct food safety
inspections required by FSMA.
F. What records requirements must an
accreditation body that has been
recognized meet? (§ 1.625)
Proposed § 1.625 identifies specific
types of documents a recognized
accreditation body would be required to
establish, control, and maintain to
document compliance with applicable
requirements (including applications for
accreditation and for renewal;
regulatory audit reports and supporting
information from its accredited
auditors/certification bodies; reports
and notifications required under
proposed § 1.623, along with any
supporting information). The recognized
accreditation body would be required to
provide FDA access to such records.
The rule also proposed to require
records to be maintained electronically
and in English for 5 years.
In the proposed rule we
acknowledged that the contracts
between accreditation bodies and
certification bodies frequently include
confidentiality provisions that might
otherwise prevent disclosure of certain
records to FDA without prior approval
of the certification body. We noted that
any such contract provisions would
need to be changed to allow the
accreditation body to furnish FDA with
the records identified in this section.
On our own initiative, we are
including fee payment records as
another type of record that an
accreditation body that has been
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
recognized must maintain under
§ 1.625(a)(8).
(Comment 59) Several comments
disagree with the proposed requirement
for records to be maintained in English.
Some comments, while noting their
support for submission of reports and
notifications in English under proposed
§ 1.623, disagree with our proposal to
require that records maintained by the
accreditation body be kept in English as
well. Some comments, noting the cost of
translating all records, request that we
allow records to be maintained in the
language of the country. They propose
we could require the accreditation body
to provide the records in English upon
our request within a reasonable time;
some suggest a reasonable time might be
a week, depending on the volume of
records requested. Other comments
argue that the food industry is global
and in recognition of that fact FDA
should accept records in other
languages. Some comments suggest that
we allow three or four additional
widely-used languages.
(Response 59) We agree with the
recommendation to allow records held
by the accreditation body to be
maintained in a language other than
English, coupled with a requirement
that, upon FDA request, the
accreditation body must provide an
English translation of the records within
a reasonable time.
The records required by § 1.625 are
necessary to document the accreditation
body’s accreditation activities, and we
expect to request access to the
accreditation body’s records as
necessary to verify the accreditation
body’s continuing compliance with the
requirements of this rule, such as when
we are considering whether to renew its
recognition. The accreditation body
records also will be useful in helping to
verify the compliance of certification
bodies it accredited under the program.
However, the records required by
§ 1.625 are generally distinguishable
from the reports and notifications that
must be directly submitted to us under
§ 1.623, which we are requiring to be
submitted to FDA in English because
the reports and notifications submitted
directly to us are time sensitive in
nature and essential to our management
and oversight of the third-party
certification program. For example,
under § 1.623(c) we are requiring
immediate notification, in English, of an
accreditation body’s withdrawal of
accreditation from a certification body.
We cannot afford delays in translating
this information, because of its
implications for the program and
possibly for our acceptance of
certifications issued by the certification
PO 00000
Frm 00030
Fmt 4701
Sfmt 4700
body. Unless the notification is
submitted in English, our actions will be
delayed until the information is
translated.
By contrast, the records required
under § 1.625 typically contain
information that is less time sensitive;
therefore, reasonable delays for
translation purposes will not
compromise our ability to manage or
oversee the program. Accordingly, we
are revising § 1.625 to allow other
accreditation body records to be
maintained and submitted to FDA in
languages other than English, provided
that an English language translation of
such records is provided within a
reasonable time thereafter. The
circumstances surrounding each request
will differ; therefore, we decline to set
a specific (numerical) deadline for
submission of the translation.
(Comment 60) We received several
comments expressing confidentiality
concerns. Some comments note that
documents that are part of an audit
process may contain critical business
information that warrants some level of
proprietary protection.
(Response 60) We acknowledge
comments’ concerns and note that we
are including § 1.695 on public
disclosure in section XIII.F. The new
section explains that records obtained
by FDA under this subpart are subject
to the disclosure requirements under 21
CFR part 20.
(Comment 61) With regard to the
proposed requirement that records must
be maintained electronically, some
comments discourage us from requiring
compliance with 21 CFR part 11, which
are regulations setting certain electronic
records criteria. Comments contend that
imposing part 11 requirements would be
disproportionate to the need under this
rule without an appreciable
improvement in food safety and would
create a tremendous and costly burden.
They encourage FDA to explicitly
exclude records under this rule from
part 11. Comments propose that instead
of imposing part 11 requirements, we
require documentation of the chain of
custody by requiring records to be
signed and dated when created or
modified.
(Response 61) We acknowledge
comments’ concerns and note that we
are establishing § 1.694 on electronic
records in section XIII.E. This new
section will generally exempt records
that are established or maintained to
satisfy the requirements of this subpart
from the requirements of part 11.
(Comment 61) Some comments
express concern that our proposed
record keeping requirement was too
broad; and others express concern about
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
how we might use our authority to
request records. Some comments
request clarification of our proposed
requirement that accreditation bodies’
records include any supporting
information for the reports and
notifications required under § 1.623.
Other comments suggest that our
records requests should be narrower
when the recognized accreditation body
is a foreign government than a records
request to a recognized, nonprofit
accreditation body. Still other
comments encourage us to clarify the
circumstances under which FDA staff
could request records and to include a
method for an accreditation body to
object to an FDA records request.
(Response 62) The records we are
requiring an accreditation body to
maintain under § 1.625 are necessary to
document the accreditation body’s
accreditation activities and its
compliance with the requirements of
this rule. We expect to request access to
the accreditation body’s records in
verifying an accreditation body’s
continuing compliance with the
requirements of this rule. While the
details of each records request will vary
depending on its circumstances, we will
tailor our records requests under § 1.625
as narrowly as possible to reach
program-related records and exclude
records that are irrelevant or
insignificant to this program. For
example, the information an
accreditation body reports under § 1.623
may prompt us to request the
underlying record to supplement the
report as needed. Or, when an
accreditation body is requesting renewal
of its recognition, we may request
records to supplement information
provided in the application.
Therefore, we believe it is
unnecessary to develop administrative
procedures for accreditation body
challenges to FDA records requests. We
recommend accreditation bodies to fully
consider the program requirements
before deciding to pursue recognition
under the voluntary third-party
certification program.
(Comment 63) We proposed that if
FDA requests records electronically, the
recognized accreditation body provide
the requested records within 10 days.
Some comments contend that 10 days is
insufficient time, and instead request a
period of 3 months.
(Response 63) We believe that 10 days
is ample time for accreditation bodies to
electronically submit any requested
records they are already required to
maintain under this subpart. We note
that we are revising the final rule to
allow accreditation bodies to maintain
and submit records in languages other
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
than English, provided that they
electronically submit an English
translation within a reasonable time
thereafter. By allowing records to be
submitted in a language other than
English, accreditation bodies should be
able to provide requested records
electronically within 10 days.
VII. Comments on Procedures for
Recognition of Accreditation Bodies
Under This Subpart
A. How do I apply to FDA for
recognition or renewal of recognition?
(§ 1.630)
We proposed to establish procedures
for accreditation bodies to follow when
applying to FDA for recognition or for
renewal of recognition. We proposed
that the accreditation body must submit
a signed application, accompanied by
any supporting documents,
electronically and in English,
demonstrating that it meets the
eligibility requirements in proposed
§ 1.610. We also proposed to require an
applicant to provide any translation or
interpretation services we need to
process the application.
(Comment 64) Some comments assert
that the proposed rule does not
differentiate adequately between foreign
governments and private entities that
are serving as accreditation bodies and
suggest that we provide a separate path
for recognition of foreign government
accreditation bodies that prioritizes
their applications over those submitted
by private accreditation bodies. The
comments recommend that we draft
additional rules to specifically cover
recognition of foreign government
accreditation bodies and/or direct
accreditation of foreign government
certification bodies.
(Response 64) We disagree with the
recommendation to create a bifurcated
system for recognition, because the line
between governmental and private
accreditation bodies is not always clear.
Private accreditation bodies comprise
approximately one third of the 72
accreditation bodies that accredit food
safety certification bodies around the
world, according to a report prepared by
the Research Triangle Institute (RTI)
(Ref. 16). In the report, RTI found that
the distribution of accreditation bodies
by private versus government agency is
as follows: 24 private accreditation
bodies, 38 governmental accreditation
bodies, and 10 accreditation bodies with
unknown private or government agency
status. RTI found that the vast majority
of the private accreditation bodies were
non-profit entities. Many of the private
accreditation bodies identified by RTI
operate under government sanction or
PO 00000
Frm 00031
Fmt 4701
Sfmt 4700
74599
in quasi-governmental roles. For
example, the American National
Standards Institute (ANSI) is a private,
non-profit accreditation body that serves
as the official U.S. representative to ISO
(Ref. 17); the United Kingdom
Accreditation Services is appointed as
the national accreditation body for the
United Kingdom, though it is
independent of the government (Ref.
18); and the Danish Accreditation and
Metrology Fund is a self-described
‘‘business fund’’ that is appointed by the
Danish Safety Technology Authority as
the national accreditation body for
Denmark (Ref. 19). Additionally, we
note that section 808 of the FD&C Act
makes no distinction in the
requirements or process for recognizing
public or private accreditation bodies.
Furthermore, we do not believe it
practical to engage in additional
rulemaking for foreign government
accreditation bodies and certification
applications, as the comments suggest.
(Comment 65) Some comments ask us
to accept applications in other
languages common to the major
production areas exporting product to
the United States. These comments
assert that due to the global nature of
produce supply chains allowing
applications in other languages would
encourage supply chain participation in
third-party auditing programs as a tool
to improve food safety. These comments
suggest that we could develop a phased
process where we only accept English
applications initially, but increase
flexibility to accept applications/
renewal documents in other languages
as the program builds up.
(Response 65) We acknowledge that
accepting applications for recognition in
languages other than English might be
beneficial to some interested parties.
However, requiring applications for
recognition to be submitted in English
will help us make well-informed and
timely decisions. Further, FDA does not
have the resources to translate or review
documentation in other languages and
generally requires documents submitted
in other languages to be translated to
English. Therefore, we decline the
suggestion to develop long-term plans
for accepting applications for
recognition in languages other than
English.
(Comment 66) Some comments ask
what costs are associated with getting
recognized as an accreditation body.
(Response 66) Pursuant to section
808(c)(8) of the FD&C Act, we issued
proposed regulations to establish a
reimbursement (user fee) program to
assess fees and require reimbursement
for the work performed to establish and
administer the third-party certification
E:\FR\FM\27NOR4.SGM
27NOR4
74600
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
mstockstill on DSK4VPTVN1PROD with RULES4
program. The proposed rule provides
details on how user fees would be
computed (80 FR 43987, July 24, 2015).
B. How will FDA review my application
for recognition or for renewal of
recognition and what happens once
FDA decides on my application?
(§ 1.631)
We proposed to establish procedures
for reviewing and deciding on
applications for recognition and for
renewal of recognition. We proposed to
order the application queue on a first in,
first out basis and to only place
complete applications in the queue.
On our own initiative, we are revising
paragraph (a) to clarify that FDA will
review submitted applications for
completeness and will notify applicants
of any identified deficiencies. We also
are revising paragraph (b) to clarify that
FDA’s evaluation of any completed
recognition or renewal application may
include an onsite assessment of the
accreditation body. In addition, we are
redesignating proposed paragraph (e) as
part of paragraph (b) for clarity.
On our own initiative we are adding
new paragraphs (e) through (h) to
§ 1.631 to explain what happens when
an accreditation body’s renewal
application is denied. We are adding
provisions to clarify what the applicant
must do, the manner in which FDA will
notify accredited third-party
certification bodies and the public of the
denial, the effect of denial of an
application for renewal of recognition
on accredited third-party certification
bodies, and the effect of denial of an
application for renewal of recognition
on food or facility certifications issued
to eligible entities.
(Comment 67) Some comments ask us
to clarify how we will recognize an
accreditation body. Some comments ask
that we clearly and comprehensively lay
out the conditions and requirements
governing the application for
recognition, to ensure transparency,
certainty, and predictability of the
procedures and criteria governing
recognition. Some comments
specifically recommend that we use the
IAF/ILAC/International Laboratory
Accreditation Cooperation (ILAC) (Aseries) documents as the foundation
upon which to base our process for
recognition of accreditation bodies.
(Response 67) This rule establishes
the framework for the third-party
certification program and generally
describes procedures involved in the
submission and processing of
applications for recognition and will be
supplemented by additional
instructions. For example, we are
developing an electronic portal that
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
accreditation bodies will use in
submitting their applications for
recognition, and we will be issuing
directions for using the portal. We also
are developing internal operational
procedures for recognition of
accreditation bodies and will consult
the IAF/ILAC (A-series) documents in
considering the types of materials that
may be useful to accreditation bodies
and other stakeholders interested in
learning more about our program.
(Comment 68) Some comments
express concern that we are limiting
ourselves to a ‘‘first in, first out’’ review
process that gives us no discretion to
recognize foreign governments before
we consider other applications from
private accreditation bodies that apply.
These comments recommend that we
use guidance to industry or internal
management documents, rather than
this rule, to describe how we will
establish the queue of applications for
review.
(Response 68) For the reasons
described in Response 64, we decline
the suggestion to prioritize applications
submitted by government accreditation
bodies over applications submitted by
private accreditation bodies. However,
we are modifying the first in, first out
approach to application review in
proposed § 1.631(a) to allow FDA to
prioritize an application for review
based on program needs. We will
consider the suggestion to use an
internal management document to
establish our procedures for reviewing
applications for recognition as part of
our operational planning.
(Comment 69) We received several
comments on the timeliness of
application review and decisionmaking.
Some comments assert that our
application review process must be
comprehensive but also expedient.
Some comments ask that our
communications with applicants be
timely. Other comments ask us to
establish review timeframes by which
accreditation bodies and other
interested parties may expect a response
to applications, asserting this will foster
enhanced confidence and transparency
with the review process. Some
comments suggest that we review and
act upon an accurately completed
recognition application within 90 days
and a completed recognition renewal
application within 45 days.
(Response 69) We agree with the
comments suggesting that our
application review must be
comprehensive and as expedient as
possible. We decline the suggestion to
establish review timelines in this rule
because we lack the experience and data
that would allow us to reasonably
PO 00000
Frm 00032
Fmt 4701
Sfmt 4700
estimate review timeframes. We also
recognize that each review will differ
depending on the circumstances, and
we expect to become more efficient in
application review as we gain
experience in the program.
(Comment 70) Some comments
express concern about the length of time
it will take us to recognize and notify an
applicant of any deficiencies in the
application. These comments also assert
that requiring applicants with
deficiencies to resubmit their
applications and sending them to the
bottom of the review list would make
for significant delays in the recognition
and renewal processes.
(Response 70) FDA agrees that an
application for recognition should be
checked for completeness promptly
after submission. The Agency intends to
notify the submitter in a timely manner
if the submission is not complete. FDA
anticipates that this completeness
determination could generally be made
within 15 business days, because this is
not a decision on the merits of the
application. However, given the
competing demands on Agency
resources, including staff available to
conduct review, the Agency declines to
add a time restriction in the final rule
for notifying an applicant of deficiencies
that cause its application to be
considered incomplete and thus not
ready for processing.
(Comment 71) Some comments assert
that we should include a mechanism for
stakeholders to provide feedback to the
Agency concerning the capacity and
functioning of accreditation bodies and
auditors/certification bodies because
stakeholders have firsthand experience
with such entities. These comments
suggest that we modify § 1.631(b) to
specify that FDA will also ‘‘solicit and
consider information provided by
stakeholders, including importers and
foreign suppliers subject to the
accreditation body’s jurisdiction, to
assist in the recognition or renewal
application review process.’’
(Response 71) To the extent the
comments suggest that the Agency’s
review and decisionmaking process on
recognition applications should include
a solicitation of comments from the
public we disagree, as this would create
unnecessary delay in the recognition
process. FDA believes that the
information it gains through the
application process will be sufficient to
make a recognition determination, and
that this process and subsequent
monitoring by FDA ensures robust
oversight of the program. Nevertheless,
stakeholders are always free to share
with FDA any information relevant to
the Agency’s food safety programs. We
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
mstockstill on DSK4VPTVN1PROD with RULES4
note that information shared with FDA
is subject to the information disclosure
regulations in part 20, as stated in
§ 1.695.
(Comment 72) Some comments note
that there are no circumstances or
conditions in the proposed rule that
allow for an accreditation body to
question or object to an FDA action or
request if they believe it is not
reasonable or relevant to the recognition
and performance of the accreditation
body.
(Response 72) We do not expect to
make requests or actions of an
accreditation body that are not relevant
to the requirements of the third-party
certification program. FDA’s evaluation
of accreditation bodies, as expressed in
§§ 1.631(b), 1.633(a), and 1.634(a), is
premised on the accreditation body’s
compliance with the applicable
requirements of this rule.
We note that in this rulemaking, FDA
has established a number of
mechanisms to address challenges to
FDA’s decisions, including § 1.691 (for
requests for reconsideration of the
denial of an application for recognition,
renewal, or reinstatement of
recognition); § 1.692 (for internal
Agency review of the denial of an
accreditation body application upon
reconsideration); and § 1.693 (for
regulatory hearings on revocation of
recognition).
We recommend accreditation bodies
to fully consider the program
requirements before deciding to pursue
recognition under the voluntary thirdparty certification program.
(Comment 73) Some comments ask
that we provide training and education
documents regarding the application
process as quickly as possible to ensure
that accreditation bodies are clear on the
process and its requirements. These
comments assert that training and
education would minimize the need for
second reviews due to inaccurate or
incomplete applications.
(Response 73) As indicated in
Response 67, we are developing
additional instructions for applications
for recognition that will be useful to
accreditation bodies interested in
pursuing recognition.
C. What is the duration of recognition?
(§ 1.632)
We proposed to grant recognition to
an accreditation body for up to 5 years,
though we will determine the length of
recognition on a case-by-case basis.
(Comment 74) Some comments
support our proposal to recognize
accreditation bodies for a duration of up
to 5 years, with shorter durations
awarded early in the program for
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
accreditation bodies with little
experience in accrediting third-party
certification bodies.
(Response 74) We agree with
comments suggesting that the duration
of recognition may vary depending on a
number of factors, including the
accreditation body’s history (or lack of
history) in accrediting certification
bodies. We believe the proposal allows
FDA to consider such factors.
(Comment 75) Some comments
express concern that we are not
proposing a fixed duration of
recognition and ask us to establish a
specific time limit of 5 years. These
comments assert that having a
standardized duration of recognition for
all accreditation bodies is
administratively more viable for FDA to
plan its resource needs and would
provide consistency across the industry.
Additionally, these comments assert
that 5 years is a reasonable duration
given the other reporting and
monitoring requirements built into the
system.
(Response 75) We acknowledge the
advantages that certainty provides and,
where appropriate, the Agency will
grant recognition for the maximum
duration of 5 years. However, as noted
in our previous response, we also
recognize it may be appropriate for the
duration of recognition to vary
depending on a number of factors.
Where, for example, an accreditation
body has little or no experience in
accrediting food safety certification
bodies, we may decide the initial grant
of recognition should be less than 5
years.
(Comment 76) Some comments
suggest that the duration of recognition
for an accreditation body should be 4
years to be consistent with the duration
proposed for accreditation of
certification bodies in § 1.661. Other
comments request clarification about
the difference in durations proposed for
recognition of accreditation bodies and
accreditation of certification bodies.
(Response 76) We decline the
suggestion to shorten the maximum
duration of accreditation body
recognition to 4 years and note that the
comments suggesting it should be the
same maximum duration as third-party
certification body accreditation offered
no information that would provide an
adequate basis for shortening
recognition such that an accreditation
body could be recognized for no longer
than a certification body’s accreditation.
Further, as stated in the proposed rule,
we noted that other government
programs such as the Substance Abuse
and Mental Health Services
Administration program for accredited
PO 00000
Frm 00033
Fmt 4701
Sfmt 4700
74601
programs that use opioid agonist
treatment medications approves
accreditation bodies for up to 5 years
(42 CFR 8.3). Under the FDA
mammography program, we may
approve accreditation bodies for terms
up to 7 years (21 CFR 900.3(g)). As
stated previously, FDA may establish a
period of recognition of less than 5 years
if appropriate for a particular applicant.
(Comment 77) Some comments assert
that accreditation bodies that maintain
their IAF signatory status should not be
limited to a 5-year duration.
(Response 77) We decline the
suggestion, noting that the comment
lacks information demonstrating that a
longer term of recognition is warranted
for an accreditation body that is an IAF
signatory.
D. How will FDA monitor recognized
accreditation bodies? (§ 1.633)
We proposed to establish the
frequency and manner for formal
evaluations of recognized accreditation
bodies. Specifically, we proposed to
evaluate each recognized accreditation
body by at least 4 years after the date of
recognition of an accreditation body
granted a 5-year term of recognition and
by no later than the mid-term point for
an accreditation body granted a term of
recognition of less than 5 years.
Proposed § 1.633 also notes that FDA
may conduct additional assessments of
recognized accreditation bodies at any
time.
(Comment 78) While the comments
generally support FDA performance
assessments of recognized accreditation
bodies, the comments express a wide
range of views on how frequently such
assessments should occur. Some
comments support the proposed
reevaluation frequency for recognized
accreditation bodies. Some comments
assert that we need to have a more
suitable monitoring mechanism. Other
comments suggest we incorporate a
random, unannounced performance
review for recognized accreditation
bodies as a supplement to the proposed
frequency. Some comments take a
contrary view, asking us to clarify in the
final rule the circumstances under
which we may perform additional
performance assessments of recognized
accreditation bodies. These comments
assert that FDA’s ability to conduct
additional audits, assessments, and
investigations without the requirement
to justify such actions creates the
potential for a confrontational
relationship and lack of trust. The
comments question whether, without
such clarification, any refusal by an
accreditation body to grant FDA access
or information would trigger revocation
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74602
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
of their recognition. Still other
comments request clarification on the
frequency of audits that will be
conducted on accreditation bodies.
(Response 78) Monitoring assessments
of accreditation bodies are one of
several tools we will use for program
oversight. Section 1.633(a) implements
section 808(f) of the FD&C Act, which
states that FDA must reevaluate a
recognized accreditation body
periodically, or at least once every 4
years, and take any other measures FDA
deems necessary to ensure compliance.
We anticipate that information gleaned
from other monitoring tools, such as an
accreditation body’s self-assessment,
may prompt additional performance
assessments in certain instances.
Although we decline to specifically
codify random, unannounced
performance reviews as a supplement to
the proposed frequency as suggested by
the comment, we note that under
§ 1.633(a) FDA may conduct additional
assessments of recognized accreditation
bodies, including unannounced
assessments, at any time as it deems
appropriate. We need to retain
flexibility to conduct additional audits,
assessments and investigations to
support the credibility of the program.
With respect to the request to clarify
whether any refusal to grant FDA access
or information for a performance
assessment would trigger revocation,
under section § 1.634(a), refusal to allow
FDA to conduct an assessment to ensure
the accreditation body’s continued
compliance with the requirements of
this subpart is grounds for revocation.
(Comment 79) Some comments assert
that we should provide additional detail
on our monitoring procedures under
§ 1.633(b). Some comments express
concern about the ambiguity of the term
‘‘statistically significant’’ as well as the
scope of onsite assessments and onsite
audits for performance evaluation
purposes. These comments assert that
we must provide clear guidance to
industry as to what we expect would be
involved in such onsite assessments and
make this guidance available for public
comment. Other comments specifically
request that we outline the procedures
under which we will conduct audits on
accreditation bodies and third-party
certification bodies and specify a
timeframe for when we will issue the
results of the audits. Still other
comments assert that we must provide
guidance on how an eligible entity
might be selected for an audit/
inspection that relates to an
accreditation body’s reassessment of a
certification body.
(Response 79) The objective of an
assessment under § 1.633 will be to
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
determine an accreditation body’s
compliance with the requirements of
this rule. When planning an assessment,
we will establish the time period of
activities covered by the assessment and
may request records of an accreditation
body under § 1.625. We also will
develop plans for any locations to be
visited, which may include the
accreditation body’s headquarters and
any other locations where employees
and other agents who conduct activities
under this program are managed.
In conducting the assessment, we may
review records, such as records relating
to conflicts of interest and may
interview officers, employees, and other
agents of the accreditation body. We
also may observe regulatory audits by
certification bodies the accreditation
body has accredited. For the reasons
explained in Response 28, we have
removed the phrase, ‘‘statistically
significant’’ and revised the sentence to
explain that we may observe a
‘‘representative sample’’ of certification
body regulatory audits when conducting
an assessment of its accreditation body.
We will decide what constitutes a
‘‘representative sample’’ for purposes of
§ 1.633 on a case-by-case basis, based on
factors such as how many certification
bodies the accreditation body has
accredited under the program, the scope
of accreditation of the certification
bodies accredited by the accreditation
body, how many years the accreditation
body has been in the program, how
many prior assessments of the
accreditation body we have performed,
and the length of time since any prior
assessments.
(Comment 80) Some comments ask
that we inform recognized accreditation
bodies prior to doing onsite assessments
of accredited certification bodies and
eligible entities as part of our
performance evaluations.
(Response 80) In planning an
assessment with onsite observations of
certification bodies or an audit of
certified eligible entities, we will
consider whether to provide notice to
the accreditation body and/or invite the
accreditation body to be present. In
some circumstances we may determine
that it would be necessary or
appropriate to conduct the assessment
or audit without notice to the
accreditation body.
(Comment 81) Some comments assert
that to carry out performance
evaluations for the purpose of
monitoring recognized accreditation
bodies, we must have an agreement
directly with the certification bodies or
request that recognized accreditation
bodies include these requirements in
PO 00000
Frm 00034
Fmt 4701
Sfmt 4700
their agreements with certification
bodies they have accredited.
(Response 81) We disagree that we
must have an agreement directly in
place with each accredited certification
body for us to carry out performance
evaluations, as § 1.633(b) states that
FDA may include onsite assessments of
a representative sample of third-party
certification bodies the recognized
accreditation body accredited and onsite
audits of a representative sample of
eligible entities certified by such thirdparty certification bodies under this
subpart. We recommend that third-party
certification bodies fully consider the
program requirements before deciding
to pursue accreditation under this
voluntary third-party certification
program. We also encourage recognized
accreditation bodies to include language
in their standard contracts with thirdparty certification bodies they accredit
under this program that acknowledges
FDA’s ability to conduct such
evaluations.
(Comment 82) Some comments ask
who will cover the costs of audits on
recognized accreditation bodies.
(Response 82) As discussed in
Response 66, we are proposing in a
separate rulemaking (80 FR 43987) the
costs of FDA monitoring of recognized
accreditation bodies will be covered by
user fees that we will establish by
regulation.
E. When will FDA revoke recognition?
(§ 1.634)
Proposed § 1.634 establishes the
criteria and procedures for revocation of
recognition of an accreditation body,
including requests for records and
notifications. It describes several
circumstances that warrant revocation
of recognition and describes the effects
(if any) of revocation on accreditations
and certifications occurring prior to the
revocation.
On our own initiative, we are revising
§ 1.634(c)(2) to require the accreditation
body to notify FDA of the name and
contact information of the custodian
who will maintain the records required
by § 1.625 instead of just providing us
with a location to increase flexibility.
We are making corresponding changes
to §§ 1.635(a), 1.664(e)(2), and 1.665(a).
We also are revising paragraphs (d)
through (f) to clarify the manner of
FDA’s notice to affected third-party
certification bodies and the public of the
revocation, as well as the effect of such
revocation on the accredited third-party
certification bodies and certifications
they issued prior to issuance of the
revocation of recognition.
(Comment 83) Some comments
recommend that when an accreditation
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
body’s recognition is revoked, the
information on the Web site includes
the cause or causes of the revocation.
(Response 83) We agree and will
include on the FDA Web site a brief
description of the grounds whenever
revoking the recognition of an
accreditation body.
(Comment 84) Some comments agree
that providing the certification body 1
year to transition and become accredited
with another accreditation body is a
reasonable concept, but express
concerns that in many countries a
limited number of accreditation bodies
may make meeting that timeframe
difficult. They also note that although
audited entities’ certifications may
remain in effect until its expiration, it
may be difficult for them to maintain
their certifications beyond that date due
to lack of accreditation bodies, or there
may be instances in which their
certification is set to expire in weeks or
months following the revocation. These
comments note a similar concern about
the impact of a lack of capacity on
scheduling certification audits should
the certification body have to be
reaccredited within 1 year. Comments
recommend that FDA address this issue
by performing an assessment of
accreditation capacity in key production
regions around the world and using that
information as a baseline to inform
timeframes on re-accreditation of thirdparty certification bodies. Other
comments suggest that either FDA be
required to renew the recognition of the
recently revoked accreditation body or
recognize a new accreditation body in
time for any affected accredited
certification body to comply, or FDA
would be required to solicit applications
for a new accreditation body after an
accreditation body’s recognition is
revoked. Comments also recommend
that certifications issued by a
certification body accredited by the
accreditation body whose recognition
was revoked remain in effect for 1 year
from the date of the revocation of the
accreditation body in order to reduce
the likelihood of a lapse in certification
of eligible facilities.
(Response 84) We acknowledge that
revocation of the recognition of an
accreditation body may present
difficulties for the certification bodies
accredited by the accreditation body
(and for the eligible entities those
certification bodies certified),
particularly in countries that have a
single national accrediting authority. In
such circumstances, we intend to work
with recognized accreditation bodies
and the certification bodies to identify
opportunities and challenges. We
believe 1 year is sufficient time for a
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
certification body to be reaccredited in
such circumstances. The requirement
for an eligible entity to become
recertified after a certificate terminates
by expiration is based on section 808(d)
of the FD&C Act, which requires an
eligible entity to apply for annual
recertification. In light of the foregoing,
we are declining the requests to extend
the deadlines for reaccreditation and for
recertification in the case of revocation
of recognition of an accreditation body.
(Comment 85) Some comments
request FDA provide specific provisions
to address potential questions that may
arise if recognition of an accreditation
body is revoked, with particular
emphasis on the validity of certificates
or other documentation already issued
when revocation occurs.
(Response 85) Section 1.634(d)
specifically describes the impact of
revocation of recognition of an
accreditation body on the certification
bodies that it accredited under this
program, including that a certification
body’s accreditation will remain in
effect if it provides a self-assessment to
FDA within 60 days of issuance of the
revocation and it is accredited by
another recognized accreditation body
or FDA no later than 1 year after the
revocation or the original date of
expiration of the accreditation,
whichever comes first. Section 1.634(e)
explains that in the case of revocation
of an accreditation body’s recognition, a
food or facility certification issued by a
certification body accredited by the
accreditation body prior to the
revocation of its recognition will remain
in effect until the certification
terminates by expiration.
(Comment 86) Some comments
request that FDA clarify how individual
holders of certifications would be made
aware of the revocation of recognition.
For example, they ask if FDA would
contact certification holders directly or
if the certification holder would be
required to monitor the recognition
status of the accreditation and
certification bodies.
(Response 86) We will provide notice
on the FDA Web site when we revoke
the recognition of an accreditation body.
We also will notify certification bodies
that have been accredited by the
accreditation body that has had its
recognition revoked through the
electronic portal we are establishing.
Because revocation of recognition will
not affect the duration of previously
issued certificates, we will not directly
contact eligible entities to inform them
of the revocation. If the revocation of
recognition results in the withdrawal of
accreditation of a certification body,
FDA will provide notice of such
PO 00000
Frm 00035
Fmt 4701
Sfmt 4700
74603
withdrawal on our Web site as provided
in § 1.664(h).
(Comment 87) Some comments
recommend that FDA refer to the
provisions in ISO/IEC 17011:2004 and
ISO/IEC 17021:2011 to inform the
provisions revocation of recognition in
§ 1.634 and withdrawal of accreditation
in § 1.664 and to distinguish those
actions from reduction in scope of
recognition and accreditation and to
establish the specific grounds and
effects for those actions.
(Response 87) Neither of the ISO/IEC
standards cited in the comments relate
to revocation of recognition of an
accreditation body; however, we
reviewed ISO/IEC 17011:2004 (Ref. 5)
for terminology, procedures, and
grounds that might have relevance for
revocation of recognition in § 1.634. We
decline the suggestion to consider ISO/
IEC 17021:2012 (Ref. 6), which applies
to certification bodies, for purposes of
this analysis as it is inapplicable.
Having reviewed ISO/IEC 17011:2004,
we note that ISO/IEC 17011:2004 (Ref.
5) gives an accreditation body the
flexibility to establish its own
procedures for suspension, withdrawal,
or reduction of the scope of an
accreditation as explained in clause
7.13.1 and NOTE. FDA’s procedures for
revocation of recognition are thus not
inconsistent with the ISO standards in
this respect. Regarding the grounds for
withdrawal of accreditation, ISO/IEC
17011:2004 (Ref. 5), clause 7.13,
provides that an accreditation body
must make decisions to suspend and/or
withdraw accreditation when an
accredited conformity assessment body
(i.e., third-party certification body) has
persistently failed to meet the
requirements of accreditation or to abide
by the rules for accreditation. The
standard for revocation of recognition
under this program is established by
section 808(b)(1)(C) of the FD&C Act,
which requires FDA to ‘‘promptly
revoke the recognition of any
accreditation body found not to be in
compliance with the requirements of
this section,’’ which is the standard that
is used in proposed § 1.634. Therefore,
we cannot incorporate this standard for
withdrawal for purposes of this
program.
(Comment 88) Some comments
suggest FDA revise § 1.634(a)(3) and (4)
to provide that FDA can make a
decision to revoke recognition or
withdraw accreditation only when it has
objective evidence to demonstrate that
the recognized accreditation body
committed fraud or submitted material
with significant false statements,
demonstrated a significant bias or
significant lack of objectivity when
E:\FR\FM\27NOR4.SGM
27NOR4
74604
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
conducting activities, or significantly
failed to adequately support one or more
decisions to grant accreditation.
(Response 88) We disagree. Section
808(b)(1)(C) requires FDA to promptly
revoke the recognition of any recognized
accreditation body found not to be in
compliance with section 808 of the
FD&C Act, which establishes the thirdparty program. This program is a system
of assurances that begins with the
recognition of qualified accreditation
bodies, which in turn accredit
certification bodies to make judgments
about the compliance of eligible entities
and the food they produce with the
applicable food safety requirements of
the FD&C Act and FDA regulations.
FDA’s ability to have swift recourse
when a recognized accreditation fails to
comply with the requirements of the
third-party program is essential.
Limiting FDA’s ability to revoke the
recognition of accreditation bodies to
instances of ‘‘significant’’ fraud, bias, or
lack of competence as the comment
suggests would render the program
unreliable to provide the assurance of
food safety intended by this section.
F. What if I want to voluntarily
relinquish recognition or do not want to
renew recognition? (§ 1.635)
Proposed § 1.635 describes the
procedures that an accreditation body
must follow when it intends to
relinquish its recognition.
FDA received comments in support of
the proposed procedures for voluntary
relinquishment of recognition. FDA
received no adverse comments on this
section. On our own initiative, we are
revising the voluntary relinquishment
provisions in § 1.635 to also address
situations where a recognized
accreditation body decides it does not
want to renew its recognition once it
expires. In addition we are including
procedures for the certification bodies to
follow after their accreditation bodies’
recognitions are relinquished or not
renewed.
mstockstill on DSK4VPTVN1PROD with RULES4
G. How do I request reinstatement of
recognition? (§ 1.636)
Proposed § 1.636 describes the
procedures that an accreditation body
would have to follow when seeking
reinstatement of its recognition.
FDA received comments in support of
the proposed procedures for
reinstatement of recognition. FDA
received no adverse comments on this
section and is not making any
substantive changes to this section in
this final rule.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
VIII. Comments on Accreditation of
Third-Party Certification Bodies Under
This Subpart
A. Who is eligible to seek accreditation?
(§ 1.640)
Proposed § 1.640 states that a foreign
government, agency of a foreign
government, foreign cooperative, or
other third-party would be eligible for
accreditation from a recognized
accreditation body (or, where direct
accreditation is appropriate, FDA) to
conduct food safety audits and issue
food and facility certifications under the
program. Proposed § 1.640(b) is based
on section 808(c)(1)(A) of the FD&C Act
and would require a foreign
government/agency seeking
accreditation to demonstrate that its
food safety programs, systems, and
standards would meet the requirements
of proposed §§ 1.641 to 1.645, as
specified in FDA’s model standards on
qualifications for accreditation,
including legal authority, competency,
capacity, conflicts of interest, quality
assurance, and records. Proposed
§ 1.640(c) is based on section
808(c)(1)(B) of the FD&C Act and would
require a foreign cooperative or other
third-party certification body seeking
accreditation to demonstrate that the
training and qualifications of its audit
agents and the internal systems used by
the certification body would meet the
requirements of proposed §§ 1.641 to
1.645, as specified in FDA’s model
standards on qualifications for
accreditation, including legal authority,
competency, capacity, conflicts of
interest, quality assurance, and records.
At our own initiative, we revised
§ 1.640(c) to apply to accredited thirdparty certification bodies that are
comprised of a single individual, as
applicable.
(Comment 89) Some comments
suggest that FDA should require thirdparty certification bodies conducting
regulatory audits to be accredited to
either: (1) ISO 17021:2011 (Ref. 6), with
the complementary requirements of
ISO/TS 22003:2007, Food safety
management systems—Requirements for
bodies providing audit and certification
of food safety management systems (Ref.
20) or (2) ISO 17065:2012 (Ref. 7), with
conformance to ISO 17021:2011 (Ref. 6)
and ISO 22000:2005, Food safety
management systems—Requirements for
any organization in the food chain (Ref.
21).
Other comments suggest that ISO/IEC
17000:2004 (Ref. 4) and ISO/IEC
17021:2011 (Ref. 6) provide a common
framework for managing the
effectiveness of third-party certification
activities and recommend incorporating
PO 00000
Frm 00036
Fmt 4701
Sfmt 4700
the standards by reference into the final
rule. The comments assert that FDA’s
proposed rule, by failing to incorporate
by reference the ISO standards, appears
to unnecessarily establish a unique
standard in contravention of the
NTTAA and OMB Circular A–119 (63
FR 8546) without adequate justification.
The comments include recommended
revisions to § 1.640. Other comments
note that ISO/IEC Guide 65:1996 (Ref. 9)
will be phased out by September 2015;
therefore, the wording in the final rule
should be changed to reflect the
successor standard, ISO/IEC 17065:2012
(Ref. 7). Some comments express
concern about the additional costs to
exporters from third-party audits and
private interests over and above official
systems.
(Response 89) As explained in section
I.D., we have revised the rule to allow
a third-party certification body to offer
documentation of conformance to ISO/
IEC 17021:2011 (Ref. 6) or ISO/IEC
17065:2013 (Ref. 7) in support of its
application for accreditation,
supplemented as necessary. However,
we decline the suggestion to incorporate
the standards by reference into this rule.
ISO/IEC ISO 17021:2011 (Ref. 6) and
ISO/IEC 17065:2012 (Ref. 7), the
successor to ISO Guide 65:1996 (Ref. 9),
contain requirements that are
inconsistent with section 808 of the
FD&C Act and impractical for our
program. For example, ISO/IEC
17021:2011 (Ref. 6), clause 5.2.6,
prohibits a certification body, including
a governmental certification body, from
providing internal audits to its certified
clients. Under this same clause, a
certification body that has provided
internal auditing services to a client
must wait for 2 years before conducting
an audit for certification purposes.
Clause 5.2.5 of the standard also
prohibits the certification body from
offering or providing any management
systems consultancy (defined as
participation in designing,
implementing, or maintaining a
management system). We note that ISO/
IEC 17065:2012 (Ref. 7), clause 4
contains similar requirements, e.g., in
clauses 4.2.6 and 4.2.10 NOTE 1, as the
requirements of clauses 5.2.5 and 5.2.6
of ISO/IEC 17011:2004 (Ref. 5).
The requirements of our third-party
program are markedly different, because
section 808 of the FD&C Act expressly
allows an accredited third-party
certification body to conduct both
regulatory audits for certification
purposes and consultative audits for
internal purposes. Further, section
808(c)(4)(C) of the FD&C Act allows an
accredited certification body to use the
same audit agent in auditing the same
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
eligible entity, subject only to a
limitation (that FDA may waive) on
using the agent for a regulatory audit
when the agent had conducted a
consultative audit of the eligible entity
in the preceding 13 months.
As another example, we note that
ISO/IEC 17021:2011, clauses 6.2.1 to
6.2.3 (Ref. 6), require a certification
body to establish an external committee
for safeguarding impartiality that
includes representation of key interests,
such as audited firms. Clause 5.3.2 of
the standard requires the certification
body to demonstrate to the external
committee that commercial, financial, or
other pressures do not compromise its
impartiality. Under clause 6.2.2(c), the
committee has the right to take
‘‘independent action’’ if the top
management of the certification body
‘‘does not respect the advice of this
committee.’’ ISO/IEC 17065:2012 (Ref.
7), clause 5, contains similar
requirements—e.g., clause 5.2.1 NOTE 1
(committee) and 5.2.3 (right to take
independent action).
It would be inappropriate and
impractical for FDA to require an
accredited third-party certification body
to assemble a committee representing
interests outside those of this program,
and would be impractical for FDA to
properly manage the program under
such circumstances. We also are
concerned about the disincentive these
requirements of ISO/IEC 17011:2004
(Ref. 5) and ISO/IEC 17065:2012 (Ref. 7)
might create, for example, for foreign
competent authorities who have their
own processes for stakeholder
engagement.
Based on our review of the standard
and explained in the examples provided
above, we have determined that ISO/IEC
17011:2004 (Ref. 5) and ISO/IEC
17065:2012 (Ref. 7) are inconsistent
with section 808 of the FD&C Act and
impractical for purposes of this program
and therefore deny the suggestion to
incorporate by reference into this rule.
With respect to the suggestion to
incorporate ISO/IEC 17000:2004 (Ref. 4)
into this rule, we note that this standard
uses terminology that is inconsistent
with section 808 of the FD&C Act. We
are concerned that incorporating the
terms used in ISO/IEC 17000:2004 (Ref.
4) in this rule would create unnecessary
confusion as to how the rule relates to
the statute. For example, clause 7.5 of
the standard uses the term
‘‘recognition’’ for the
‘‘acknowledgement of the validity of a
conformity assessment result provided
by another person or body,’’ while
recognition is used in section 808 of the
FD&C Act when describing FDA’s
determination that an accreditation
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
body meets the requirements of this
rule.
Based on our review of the standard
and explained in the example provided
above, we have determined that ISO/IEC
17000:2004 (Ref. 4) is inappropriate for
incorporation by reference into this rule.
Although we decline to incorporate
the standards mentioned in the
comments, we are revising § 1.640 to
allow a third-party certification body to
offer documentation of its conformance
to ISO/IEC 17021:2011 (Ref. 6) or ISO/
IEC 17065: 2013 (Ref. 7), supplemented
as necessary, in support of its
application for accreditation under the
final rule. We conclude that this will
serve to promote international
consistency and allow third-party
certification bodies to use a framework
that is familiar to them when it can be
used to meet the requirements of this
rule.
(Comment 90) Some comments
suggest the rule should impose different
requirements on foreign government
certification bodies and on other thirdparty certification bodies (i.e., foreign
cooperatives and other third-party
certification bodies), because of the
different nature of private operators and
public administration.
(Response 90) Under section 808(a)(3)
of the FD&C Act third-party certification
bodies include Foreign government
certification bodies, foreign
cooperatives, and other third-party
certification bodies. Section 808 of the
FD&C Act for the most part does not
distinguish between public and private
certification bodies and states that both
are subject to the same model
accreditation standards discussed in
808(b)(2). The only difference in
treatment of public and private
certification bodies is set forth in
section 808(c)(1) of the FD&C Act,
describing what elements of oversight
be assessed for accreditation. This
difference is reflected in the eligibility
criteria set forth in § 1.640(b) and (c). In
all other areas, we decline the
suggestion to impose different
requirements on foreign government
certification bodies and other thirdparty certification bodies.
(Comment 91) Some comments
express skepticism about private
auditing companies. Some comments
note that foreign cooperatives have
rarely if ever been engaged in true
accredited third-party auditing/
certification activities and are thus
unproven in that role.
(Response 91) As stated above, section
808 of the FD&C Act expressly provides
for both public and private accredited
third-party certification bodies. FDA
believes the system of oversight
PO 00000
Frm 00037
Fmt 4701
Sfmt 4700
74605
established under this rulemaking will
be sufficient to ensure the reliability of
private certification bodies that are able
to participate in the program. Foreign
cooperatives are specifically listed in
section 808 of the FD&C Act as a third
party that could be a certification body,
and must meet the same rigorous
criteria to qualify for accreditation.
B. What legal authority must a thirdparty certification body have to qualify
for accreditation? (§ 1.641)
Proposed § 1.641 would require thirdparty certification bodies to demonstrate
that they have adequate legal authority,
which may include authority
established by contract or as a
government entity to evaluate eligible
entities for compliance with the
applicable requirements of the FD&C
Act and FDA regulations.
FDA received no adverse comments
specific to this section. However, as
discussed in Response 27, we have
revised § 1.641 to specify that a thirdparty certification body has to be a legal
entity.
C. What competency and capacity must
a third-party certification body have to
qualify for accreditation? (§ 1.642)
Proposed § 1.642 would require a
third-party certification body to
demonstrate it has adequate resources to
fully implement its auditing and
certification program and the capacity to
implement the requirements of this
program, if accredited.
(Comment 92) Some comments
suggest that we require certification
bodies to be bonded, to cover any
Agency costs should the firm go
bankrupt.
(Response 92) We decline the
suggestion to require certification bodies
to be bonded to cover any Agency costs
if a certification body goes bankrupt.
This requirement is unnecessary
because the program is designed to
operate using user fees. Additionally,
§ 1.642 of the final rule requires a thirdparty certification body to demonstrate
that it has adequate resources to fully
implement its auditing and certification
program.
(Comment 93) Some comments
recommend that we clearly define the
necessary competencies of certification
body staff and auditors. Some comments
suggest that we require auditors to have
at least 1 year of work experience in
testing and assessing the conditions for
food safety of certain food
manufacturer(s) and to have attended at
least 20 audits for management systems
using hazards analysis and critical
control point requirements.
E:\FR\FM\27NOR4.SGM
27NOR4
74606
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
mstockstill on DSK4VPTVN1PROD with RULES4
(Response 93) Section 1.640 of this
rule establishes the eligibility
requirements for third-party
certification bodies seeking to
participate in the third-party
certification program. Specific
recommendations on qualifications such
as the years and types of work
experience in food safety and in
conducting audits will be contained in
FDA’s Model Accreditation Standards
final guidance, as explained in section
I.D.
(Comment 94) Some comments
emphasize the importance of having
certification bodies accredited to the
specific areas in which they will be
conducting audits and issuing
certifications. The comment explains
that accredited auditors/certification
bodies auditing pet food facilities must
be adequately qualified and
knowledgeable in pet food
requirements. The comments express
concern that human food standards
might be misapplied to a facility
producing raw materials, ingredients or
finished food for pet food (e.g., crosscontact for allergens, ingredients
destined for further processing).
(Response 94) A recognized
accreditation body assessing a
certification body for accreditation (or
FDA under direct accreditation) must
ensure that the certification body is
qualified to conduct audits under the
food safety requirements of the FD&C
Act and FDA regulations that apply to
the scope of accreditation sought.
Therefore, a third-party certification
body that is accredited to conduct
audits under part 117 would not be
accredited to perform audits under 21
CFR part 507, unless the accrediting
body has assessed the certification
body’s qualifications and accredited it
to perform audits under part 507 as
well.
D. What protections against conflict
interest must a third-party certification
body have to qualify for accreditation?
(§ 1.643)
Proposed § 1.643 would require thirdparty certification bodies to have
established programs to safeguard
against conflicts of interest that might
compromise their objectivity and
independence.
On our own initiative, we are
clarifying in § 1.643(a) that the conflict
of interest provisions of this section
apply to officers, employees, and other
agents that are involved in auditing and
certification activities, as relevant. We
are making corresponding changes in
the subsequent provisions for accredited
third-party certification bodies under
§ 1.657(a) and (c).
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
(Comment 95) Some comments
recommend that FDA ensure that
auditors are competent and accountable
and that there are adequate protections
against conflicts of interest, with
maximum transparency related to
auditors’ activities. The comments
support requirements for documented
safeguards against conflicts of interest to
help ensure that decisions are accurate
and unbiased and that auditors are
independent.
(Response 95) We agree and are
requiring third-party certification bodies
seeking accreditation to demonstrate
they have written conflict of interest
measures and that they have the
capacity to meet the requirements of the
final rule, if accredited.
E. What quality assurance procedures
must a third-party certification body
have to qualify for accreditation?
(§ 1.644)
Proposed § 1.644 would require a
third-party certification body to have a
written program for monitoring and
assessing its performance, identifying
deficiencies in its program or
performance and quickly executing
corrective actions.
FDA received no adverse comments
specific to this section. However, as
discussed in Response 32, we revised
§ 1.644(a) to clarify that a certification
body must demonstrate that it has
procedures to identify deficiencies and
procedures to execute corrective actions
for such deficiencies, which would
better align with international standards
(see, e.g., clause 5.5 in ISO/IEC
17011:2004 (Ref. 5)).
F. What records procedures must a
third-party certification body have to
qualify for accreditation? (§ 1.645)
Proposed § 1.645 would require a
third-party certification body to have
developed and implemented written
procedures to establish, control, and
retain the records. Such records are
necessary to provide the recognized
accreditation body (or FDA under direct
accreditation) an adequate basis for
assessing the certification body for
accreditation under this program.
We received no adverse comments
specific to § 1.645 and are making no
substantive revisions to this section.
PO 00000
Frm 00038
Fmt 4701
Sfmt 4700
IX. Comments on Requirements for
Third-Party Certification Bodies That
Have Been Accredited Under This
Subpart
A. How must an accredited third-party
certification body ensure its audit
agents are competent and objective?
(§ 1.650)
Proposed § 1.650 would require an
accredited third-party certification body
that uses audit agents to ensure that
each audit agent meets certain
requirements for competency and
objectivity under the final rule. Under
paragraph (a), the audit agent would
need to have knowledge and experience
relevant to determining an eligible
entity’s compliance with the applicable
food safety requirements of the FD&C
Act and FDA regulations and, for
consultative audits, conformance with
industry standards and practices. The
accredited certification body would
have to determine the audit agent’s
competency to conduct food safety
audits in part by observing a
representative number of audits
performed by the audit agent. The audit
agent would have to complete annual
food safety training under the accredited
third-party certification body’s training
plan, comply with the conflict of
interest requirements for audit agents,
and agree to notify its certification body
immediately upon discovering, during a
food safety audit, any condition that
could cause or contribute to a serious
risk to the public health.
Under proposed § 1.650(b), the
accredited third-party certification body
would have to assign an audit agent
qualified to conduct the food safety
audit, based on the scope and purpose
of the audit and the type of facility, its
processes, and food. Proposed § 1.650(c)
would prevent an accredited third-party
certification body from using an audit
agent to conduct a regulatory audit of an
eligible entity if the agent had
conducted a regulatory or consultative
audit of the same eligible entity during
the preceding 13 months, except FDA
could waive the 13-month limitation for
an accredited certification body that
could demonstrate insufficient access to
accredited third-party certification
bodies in the country or region where
the eligible entity is located.
Of our own initiative, we are revising
§ 1.650(a) to apply to accredited thirdparty certification bodies that are
comprised of a single individual, as
applicable. Section 808(a)(3) of the
FD&C Act specifically allows an
accredited third-party certification body
to be an individual, which would not
fall within the definition of ‘‘audit
agent’’ in the statute or this rule.
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
Therefore, as part of establishing
eligibility under § 1.640, an individual
seeking accreditation must fulfill the
requirements of § 1.650(a)(1) to become
accredited under this rule and, once
accredited, must comply with the
annual food safety training requirements
of § 1.650(a)(3). Pursuant to
§ 1.650(a)(4), an accredited third-party
certification body also must comply
with the conflict of interest provisions
applicable to audit agents under
§ 1.657(a)(3).
We note that a recognized
accreditation body that is assessing an
individual seeking accreditation under
this program also must assess the
individual’s knowledge and experience
under § 1.650(a)(1) for the scope of
accreditation requested and must
consider the results of such assessment
in determining the individual’s
eligibility for accreditation under
§ 1.640. The onsite observations of an
individual seeking accreditation that are
performed under § 1.620(a)(3) must be
sufficient to determine competency
consistent with § 1.650(a)(2).
(Comment 96) Some comments
strongly support the proposed
requirements of § 1.650, which would
require an accredited certification body
to ensure that the audit agents it uses
have the knowledge and experience,
within the scope of its accreditation, to
examine facilities, processes, and foods
for compliance with the FD&C Act and
FDA regulations. The comments assert
that audits are only as good as the
education, training, and experience of
the auditor. Other comments
recommend that food safety audits
under this rule should be performed by
individuals that have training
equivalent to FDA investigator training
standards.
(Response 96) We agree with
comments emphasizing the importance
of ensuring that audit agents an
accredited third-party certification body
uses to conduct audits under the
program are appropriately qualified
within the scope of the third-party
certification body’s accreditation.
Proposed § 1.650 would comprise the
elements of a comprehensive
assessment that an accredited thirdparty certification body would need to
perform for each audit agent it would
use to conduct a food safety audit under
this rule. We further agree with
comments suggesting that an auditor
determined by a third-party certification
body to be competent to conduct audits
under private food safety schemes must
nonetheless be assessed by the
accredited third-party certification body
for competency to conduct audits using
the applicable food safety requirements
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
of the FD&C Act and FDA regulations as
the audit criteria. Therefore, under
§ 1.650(a), an audit agent would need to
demonstrate substantive knowledge of
the applicable food safety requirements
of the FD&C Act and FDA regulations
relevant to the scope and purpose of the
food safety audits the agent would
conduct under the program. We do not
agree to go so far as to require that all
audit agents or individuals accredited as
third-party certification bodies must
have training equivalent to FDA
investigator training standards, as we
acknowledge that some investigator
training would not be necessary to
conduct audits under this program (e.g.,
evidence collection for enforcement
purposes). Such a requirement would
impose unnecessary costs and might
serve as a disincentive to participation
in the program.
(Comment 97) Some comments
specifically endorse proposed
§ 1.650(a)(2), which would require each
audit agent to be observed conducting
audits to examine compliance with the
FD&C Act in a representative number of
facilities and foods. Other comments
recommend that an accredited thirdparty certification body should observe
an audit agent before the agent begins to
conduct food safety audits of a different
type of food, followed by random,
periodic spot audits to confirm that the
audit agent is applying the audit criteria
consistently. The comments interpret
proposed § 1.650(a)(2) to mean that the
accredited third-party certification
bodies would be required to
‘‘continually witness’’ each audit agent
they use.
(Response 97) We agree that
observations of audit agents under
proposed § 1.650(a)(2) are essential in
determining the competency of audit
agents. We are revising proposed
§ 1.650(a)(2) to require the observation
of a representative ‘‘sample’’ of audits,
instead of a representative ‘‘number’’ of
audits, because the focus of this
provision was not intended to be on the
number of audits the audit agents would
be expected to conducted. Rather, we
intend for the accredited third-party
certification body to observe a sample of
audits that are representative of the
range of audits the audit agent might be
assigned.
In determining what would constitute
a ‘‘representative sample’’ for purposes
of final § 1.650(a)(2), the accredited
third-party certification body should
consider the various types of food
facilities that might be audited and the
range of FDA regulations that would
apply to such facilities. An accredited
third-party certification body would
need to observe the audit agent
PO 00000
Frm 00039
Fmt 4701
Sfmt 4700
74607
conducting a number of audits across
the range of facilities identified by the
certification body, and the range of FDA
regulations that would apply to those
facilities, such that, taken together, the
observed audits would be adequately
representative of the facilities,
processes, and foods the audit agent
may be assigned to conduct. Generally,
the more complex the regulations or the
more complex the processes used by the
facility, the greater the sample size
should be, to help ensure the audit
agent can apply the audit criteria
consistently and reliably in various
situations. The accredited third-party
certification also should gather
sufficient information to provide
confidence in its determination of the
audit agent’s competency to conduct
audits under this rule.
Contrary to the interpretation
suggested by some comments, proposed
§ 1.650(a)(2) would not require an
accredited third-party certification body
to ‘‘continually witness’’ each of its
audit agents. Such an approach is not
practical, efficient, or necessary.
However, we are clarifying in
§ 1.650(a)(2) that before an audit agent is
used to conduct food safety audits
under this rule the audit agent must be
observed by the accredited third-party
certification body and found to be
competent to conduct food safety audits
relevant to the audits they will be
assigned to perform under this program.
Such observations also must be
performed whenever an audit agent will
be assigned to perform food safety
audits to determine compliance with
additional food safety requirements
under the FD&C Act and FDA
regulations beyond what the
certification body has previously
observed.
Under this approach, once an
accredited third-party certification body
has determined an audit agent’s
competency and objectivity under
§ 1.650, the audit agent can be assigned
to conduct audits for which they are
qualified under § 1.650(a)(1) and (2),
subject to requirements such as the
annual training requirements in
§ 1.650(a)(3) and the accredited thirdparty certification body’s selfassessment under § 1.655. Although we
decline to require periodic observations
of audit agents, once the accredited
certification body has determined the
competency of its audit agents under
§ 1.650(a)(2), we acknowledge the value
of such observations in verifying audit
agent competency and the rigor of the
certification body’s program for
evaluating its audit agents.
(Comment) 98) Some comments
recommend that we include
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74608
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
requirements focusing on the
performance of individual audit agents
because, the comments assert, many
audit complaints arise from individual
auditor conduct and focusing on
individual performance may help create
more consistency in the process.
(Response 98) We agree, and have
received similar input from other
stakeholders during our public
meetings. The comments and other
stakeholder input underscore the
importance of the requirements for an
accredited third-party certification body
to observe a representative sample of
audits conducted by each audit agent
under § 1.650(a)(2), to ensure that any
audit agent it assigns to an audit is
appropriately qualified under § 1.650(b),
and to assess the performance of its
audit agents and the consistency of
performance across all its audit agents
as part of the certification body’s selfassessment under § 1.655.
(Comment 99) Some comments
support the proposed requirement for
annual food safety training under
proposed § 1.650(a)(3), noting the
importance of ensuring that audit agents
have up-to-date training in areas
relevant to their audit activities. The
comments also suggest that FDA should
communicate to training institutions
any general audit agent training needs
FDA identifies through its program
management and oversight. Other
comments recommend that the annual
training requirement should relate to
relevant food safety provisions of the
FD&C Act and FDA regulations.
(Response 99) We agree and are
revising § 1.650(a)(3) to clarify that an
audit agent, or an individual accredited
as a third-party certification body, must
have annual food safety training that is
relevant to activities conducted under
this program. FDA works with a number
of Alliances and other organizations to
ensure training needs for regulatory
requirements are met. For instance,
having identified the need to train
regulators and industry in the new
FSMA preventive controls rules, FDA is
working in collaboration with the Food
Safety Preventive Controls Alliance
(FSPCA) to develop training materials
and establish training and technical
assistance programs for the preventive
controls rules. The Alliance includes
members from FDA, state food
protection agencies, the food industry,
and academia and is funded by a grant
to the Illinois Institute of Technology’s
Institute for Food Safety and Health. For
more information about the FSPCA, see
e.g., https://www.iit.edu/ifsh/alliance/
.https://www.iit.edu/ifsh/alliance/.
(Comment 100) Some comments
suggest that in addition to the
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
requirements of the proposed rule, we
should require conformance to ISO/IEC
19011:2011 (Ref. 8) on auditor
competency.
(Response 100) FDA’s
recommendations on auditor
competency, among other things, will be
contained in FDA’s Model Accreditation
Standards. As noted in section I.D.,
comments that address matters covered
by FDA’s Model Accreditation
Standards are outside the scope of this
rulemaking.
The issuance of the Model
Accreditation Standards draft guidance
was announced through publication of a
notice of availability in the Federal
Register of July 24, 2015. We plan to
finalize the Model Accreditation
Standards after receiving public
comments on the draft guidance.
(Comment 101) Some comments note
that the audit agent’s education,
training, and experience must be
specific to the industry or industries
being audited. Some comments, for
example, recommend that audit agents
who examine eligible entities for
compliance with food additive
requirements should have industry
experience with food additives and
relevant knowledge, experience or
training in auditing these types of
facilities and processes.
(Response 101) We agree that a
certification body must consider an
audit agent’s competency whenever
assigning the audit agent to a specific
audit. Therefore, § 1.650(b) requires the
accredited third-party certification body
to ensure that an audit agent it assigns
to a specific audit is appropriately
qualified, based on the audit scope and
purpose, the specific type of facility,
processes, and foods the audit agent
would be required to examine, and the
food safety requirements of the FD&C
Act and FDA regulations that would
apply.
We note that an accredited third-party
certification body that is an individual
would be determined during the
accreditation process to be
appropriately qualified to conduct
audits within the scope of its
accreditation.
(Comment 102) Some comments agree
with proposed § 1.650(c) and assert that
it is needed to protect against conflicts
of interest. Some comments assert that,
under current practices, auditors in
many countries frequently conduct
consecutive audits at the same premises.
Other comments suggest that the 13month limit is unnecessary because
adequate mechanisms already exist to
manage conflicts of interest and
objectivity in ISO/IEC standards. Still
other comments express concern that
PO 00000
Frm 00040
Fmt 4701
Sfmt 4700
the proposed limit of 13 months would
be too short to avoid a conflict of
interest. These comments contend a
short interval between consultative
audits and regulatory audits that are
conducted by the same audit agent
could create the appearance that the
audit agent is auditing the results of the
prior consultation. Other comments
assert we should impose a 2-year limit,
rather than a 13-month limit on audit
agents conducting regulatory audits of
the same eligible entity.
(Response 102) We disagree with
comments opposed to proposed
§ 1.650(c). Proposed § 1.650(c) would
implement the requirements of section
808(c)(4)(C) of the FD&C Act, which
limits an accredited third-party
certification body’s ability to use an
audit agent to conduct a regulatory audit
of an eligible entity if the agent
conducted a consultative or regulatory
audit for the same eligible entity in the
preceding 13 months, unless FDA
waives the limitation under criteria
described in the statute. While we
recognize this requirement may differ
from some international standards, it
balances the concern of an audit agent
auditing their own prior results if the
subsequent audit happens too soon with
auditor capacity concerns through a
waiver provision. Under proposed
§ 1.663, FDA would issue waivers where
we determine there is insufficient access
to in the country or region where the
eligible entity is located.
We note that the proposed rule was
unclear with respect to whether the
showing of insufficient access to
support a waiver was based on a lack of
certification bodies or individual audit
agents in a country or region, and have
therefore clarified in the final rule that
the showing of insufficient access
necessary for FDA to grant a waiver
request is based on lack of audit agents
(or in cases where individuals are
accredited as third-party certification
bodies, those individuals). Although we
are finalizing additional conflict of
interest requirements in § 1.657 of this
rule, these provisions do not implement
the 13-month limit in section 808(c)(4)
of the FD&C Act. Section § 1.650(c)
complements the requirements in
§ 1.657 to provide additional conflict of
interest protections. Note that though
this response uses the term ‘‘audit
agent’’ this provision also applies to
accredited third-party certification
bodies that are individuals.
(Comment 103) Several comments
assert that proposed § 1.650(c) and the
waiver process FDA proposes to
establish would be impractical. The
comments note that there is currently a
significant shortage of experienced food
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
safety auditors around the world.
Describing it as a ‘‘capacity’’ issue, the
comments suggest that implementation
of the FSMA rules will further
exacerbate the problem. Some
comments suggest that proposed
§ 1.650(c) would be impractical for
small countries due to auditor capacity
issues.
(Response 103) We acknowledge the
concerns about the possible shortage of
skilled food safety auditors to meet
current global demand and are aware of
efforts by GFSI, the food industry,
scheme owners, and third-party food
safety certification bodies to address
auditor capacity, as described in section
I.D. We also understand that FSMA
implementation is likely to create
further demand for auditors.
Nonetheless, as explained in Response
102, we are required by section
808(c)(4)(C) of the FD&C Act to limit an
accredited third-party certification
body’s ability to use an audit agent; we
have clarified in the final rule that the
showing of insufficient access necessary
for FDA to grant a waiver request is
based on lack of audit agents (or in cases
where individuals are accredited as
third-party certification bodies, those
individuals).
We disagree with comments
suggesting that the waiver process we
propose would be impractical. We are
developing an IT portal that includes
the capability for accepting electronic
submissions of requests and electronic
issuance of waivers, which will help
facilitate the submission of waiver
requests by accredited third-party
certification bodies and FDA’s
processing of such requests.
(Comment 104) Some comments
contend that the proposal to require
accredited third-party certification
bodies to show insufficient accredited
third-party certification body resources
to obtain an FDA waiver of proposed
§ 1.650(c) would be unnecessarily
burdensome because the proposed
conflict of interest requirements
adequately protect against concerns
about ‘‘industry capture.’’ Some
comments recommend that FDA
research global food safety auditor
capacity and proactively issue waivers
of proposed § 1.650(c), absent waiver
request(s). Still other comments suggest
that eligible entities should be able to
seek waivers of the 13-month limit on
behalf of an accredited third-party
certification body.
(Response 104) Under section
808(c)(4)(C) of the FD&C Act, the 13month limit on audit agents conducting
regulatory audits may be waived if FDA
determines there is insufficient access to
audit agents in a country or region.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
While acknowledging capacity concerns
raised in comments, we decline the
suggestion that FDA should gather
information to support waivers absent a
request for a waiver under section
808(c)(4)(C)(ii) of the FD&C Act. We
believe gathering such information
would not be the best use of our limited
resources, and that third-party
certification bodies would be better
positioned to inform FDA of audit agent
capacity issues in their country or
region of operation. Moreover, the final
rule clarifies that accredited third-party
certification bodies must demonstrate
that there is insufficient access to audit
agents in the country or region where
the eligible entity is located in order to
obtain a waiver. Because the 13-month
limit is on individual audit agents, and
not third-party certification bodies, this
limitation is likely to be less
burdensome than anticipated by the
comments.
We decline the suggestion to allow
eligible entities to request a waiver of
proposed § 1.650(c) on behalf of an
accredited third-party certification
body, because we believe the accredited
third-party certification body will be
better suited to assess auditor capacity
on a national or regional basis. Periodic
rotation of audit agents is intended to
help ensure that audits remain objective
and do not become compromised by
familiarity. The requirement to ensure
an audit agent’s objectivity is placed on
the accredited third-party certification
body, not an eligible entity, under
proposed § 1.650(a). Further, given that
the accredited third-party certification
body would ultimately need to agree to
conduct an audit for an eligible entity,
requiring the accredited third-party
certification body to request the waiver
would ensure that they are willing to
accept the request for a food safety audit
in the first place. In light of the
foregoing, we have concluded that it is
the accredited third-party certification
body, not the eligible entity, who should
seek a waiver of the 13-month limit in
proposed § 1.650(c).
We disagree with comments
suggesting waiver requests will be
unduly burdensome or time-consuming
for accredited third-party certification
bodies. The IT portal we are developing
for the third-party certification program
includes the capability for accepting
electronic submissions of requests and
electronic issuance of waivers, which
we believe will help minimize the
administrative burden on certification
bodies and FDA.
PO 00000
Frm 00041
Fmt 4701
Sfmt 4700
74609
B. How must an accredited third-party
certification body conduct a food safety
audit of an eligible entity? (§ 1.651)
Proposed § 1.651 would establish
requirements for planning and
conducting consultative and regulatory
audits in a manner that fulfills the
purposes of section 808 of the FD&C
Act. Under paragraph (a) on audit
planning, the accredited third-party
certification body would require the
eligible entity to identify whether it was
seeking a consultative or regulatory
audit subject to the requirements of this
subpart under the third-party
certification program. The eligible entity
would indicate the scope and purpose
of the requested audit and, in the case
of a regulatory audit, would indicate the
type of certification sought. The
accredited third-party certification body
would also require the eligible entity to
provide a 30-day operating schedule for
the facility that would provide
information relevant to scope and
purpose of the audit. The accredited
third-party certification body would
then consider whether the requested
audit is within the scope of its
accreditation.
Proposed § 1.651(b) would require the
accredited third-party certification body
to ensure it would have adequate
authority to conduct the requested
audit, including authority to: (1)
Conduct an unannounced audit; (2)
access any area of the facility or any of
its records relevant to the scope of the
audit; (3) use an accredited laboratory in
accordance with section 422 of the
FD&C Act, (21 U.S.C. 350k), where FDA
requires sampling and analysis; (4)
notify FDA immediately upon
discovering, during a consultative or
regulatory audit, a condition that could
cause or contribute to a serious risk to
the public health; (5) prepare audit
reports that would contain certain
elements and, for regulatory audits, that
would be submitted to FDA; and (6)
allow FDA and its recognized
accreditation body to observe any food
safety audit under the program.
Proposed § 1.651(c) would require an
unannounced audit to be conducted in
a manner consistent with its scope and
purpose and would include records
review as well as an onsite examination
of the facility, process(es), and food to
determine compliance with the
applicable food safety requirements of
the FD&C Act and FDA regulations, and
for consultative audits, conformance
with include industry standards and
practices. Proposed § 1.651(c) would
require the audit agent to document
observations and corrective actions and,
where appropriate, would include
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74610
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
environmental or product sampling and
analysis using validated methodologies
and a laboratory accredited in
accordance with the requirements of
section 422 of the FD&C Act.
At our own initiative, we are
removing the requirement to use a
laboratory consistent with section 422 of
the FD&C Act and inserting a
requirement in § 1.651(b)(3) to use a
laboratory accredited under ISO/IEC
17025:2005 or another laboratory
accreditation standard that provides at
least a similar level of assurance in the
validity and reliability of sampling
methodologies, analytical
methodologies, and analytical results.
On our own initiative, we are also
revising § 1.651(c)(1) to clarify that the
audit must be focused on determining
whether the facility, its process(es), and
food are in compliance with the
applicable food safety requirements of
the FD&C Act and FDA regulations, and
for consultative audits, also includes
conformance with applicable industry
standards and practices. Based on
comments received on § 1.653 and for
the reasons described in Comment/
Response 112 in section IX.C., we are
revising § 1.651(c)(3) to clarify that an
accredited third-party certification body
(or its audit agent, where applicable)
that identifies a deficiency requiring
corrective action may verify the
effectiveness of a corrective action once
implemented by the eligible entity but
must not recommend or provide input
to the eligible entity in identifying,
selecting, or implementing the
corrective action.
(Comment 105) Some comments
suggest that we should incorporate ISO/
IEC 19011:2011 (Ref. 8), which contains
guidelines on auditing management
systems, by reference into the rule.
(Response 105) We disagree, because
ISO/IEC 19011:2011 (Ref. 8) is
inconsistent with the requirements of
section 808 of the FD&C Act and this
rule. For example, ISO/IEC 19011:2011
(Ref. 8) is premised on announced
audits that are scheduled with the
client, as described in clauses 6.2.2, and
6.2.3 of the standard; however, section
808(c)(5)(C)(i) of the FD&C Act requires
audits conducted under this rule to be
unannounced. As another example,
clause 6.4.9 of ISO/IEC 19011:2011 (Ref.
8) suggests that an audit team should
attempt to resolve any ‘‘diverging
opinions’’ between the team and the
audited entity regarding the audit
conclusions, such as the extent of
conformity with audit criteria (clause
6.4.8), during the closing meeting. We
acknowledge that differences of
opinions regarding audit conclusions
are likely to occur between eligible
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
entities and accredited third-party
certification bodies or audit agents.
However, the credibility of our program
rests in large part on the independence
and objectivity of accredited third-party
certification bodies and audit agents.
This rule is intended to help ensure
they are free from the influence of the
eligible entities and any appearance that
their judgment is compromised by
eligible entities. Audit conclusions
regarding an eligible entity’s compliance
with the applicable food safety
requirements of the FD&C Act and FDA
regulations are the purview of the
accredited third-party certification body
and any audit agents it uses. The
appropriate mechanism for an eligible
entity seeking to challenge adverse
decisions would be the accredited thirdparty certification body’s appeals
process.
For the foregoing reasons, we decline
to incorporate ISO/IEC 19011:2011 (Ref.
8) by reference into this rule.
(Comment 106) Some comments
assert the guidelines for management
systems auditing in ISO/IEC 19011:2011
(Ref. 8) would provide a useful guide for
audits conducted under the program.
Other comments suggest the audit
agents should be conducting food safety
audits using a quality systems approach.
Citing the production of food additives
as an example, these comments note
that while it would be preferable to
conduct an audit while a food additive
is being produced it is not always
feasible. The comments suggest that as
long as the audit focuses on quality
systems it should not be necessary for
production of the food additive to occur
during the audit.
(Response 106) As explained in
Response 105, some elements of ISO/
IEC 19011:2011 (Ref. 8) are inconsistent
with the requirements of section 808 of
the FD&C Act and this rule, thereby
limiting its applicability for food safety
audits conducted under this rule. We
agree, however, with the general
principle that a ‘‘systems’’ approach to
food safety audits with a correctly
identified scope and purpose, using
appropriate audit criteria, and properly
executed by a competent audit agent (or
individual accredited as third-party
certification body), should be sufficient
to cover the food within the audited
system(s) of the facility, without
requiring direct observation of each type
of food produced. We note that it is
essential that the scope of the audit
covers the appropriate physical
locations, activities, and processes that
are part of the management system to be
audited, and information collected
during the audit must be relevant to the
audit scope, purpose, and criteria,
PO 00000
Frm 00042
Fmt 4701
Sfmt 4700
including information relating to
interfaces between functions, activities,
and processes of the food safety system.
We use the term ‘‘systems audits’’
generally, acknowledging that
‘‘management systems’’ audits, ‘‘product
certification’’ audits, and ‘‘quality
systems’’ audits have specific meanings
in some contexts, such as ISO/IEC
standards, but may have different
meanings in different contexts. To the
extent that the comments referencing a
‘‘quality systems’’ approach are
suggesting that food safety audits should
be conducted using a ‘‘systems
auditing’’ approach, we agree.
Accordingly, we are revising
§ 1.651(c)(1) to better align with the
language of section 808 of the FD&C Act
and this rule, as well as ‘‘systems’’
auditing principles.
Our goal is to ensure the rigor of the
food safety audits conducted under our
program, which will be accomplished
through compliance with the
requirements of this rule. It is intended
to help ensure that food safety audits are
conducted by competent audit agents
(or individuals accredited as a thirdparty certification bodies), in
accordance with a properly defined
audit scope and purpose, using the
applicable audit criteria required by this
rule. As such, any food safety audit
conducted under the rule should
provide the information necessary for
the accredited third-party certification
body to make a determination on
compliance with the applicable food
safety requirements of the FD&C Act
and FDA regulations. Whether or not a
particular audit does, in fact, provide
such information, with an appropriate
level of confidence, is dependent on a
number of factors, among them:
1. At the time that the food safety
audit is procured, the eligible entity
must declare the scope and purpose of
the audit consistent with the
requirements of this rule (and any
additional criteria established in VQIP
guidance for facility certifications for
use in that program or, for certifications
to be used for purposes of section 801(q)
of the FD&C Act any additional criteria
that may be established by FDA relating
to the safety determination).
2. The accredited third-party
certification body must assign an audit
agent that is competent to perform the
audit (or, for an accredited third-party
certification body that is an individual,
such audit must be within the scope of
accreditation).
3. The audit agent (or individual
accredited as a third-party certification
body) must:
a. Develop and successfully execute
an audit plan that includes a records
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
review, which may be scheduled, and a
subsequent onsite facility examination
performed on an unannounced basis
within a 30-day window of time
according to the facility’s operating
schedule for the requested audit
purpose and scope and using the
appropriate audit criteria; and
b. during the audit collect and verify
information that is relevant to the audit
purpose, scope, and criteria and that
will form the basis for the audit findings
and conclusions.
We note that this rule establishes the
requirements for the third-party
certification program but does not
establish requirements relating to the
use of these certifications for purposes
of sections 801(q) and 806 of the FD&C
Act. To that end, we urge an eligible
entity seeking a regulatory audit for
certification to be used for VQIP
purposes or for purposes of satisfying a
requirement for certification under
section 801(q) to ensure that the scope
of the regulatory audit it procures, and
any food and facility certifications that
are issued as a result, will be sufficient
to meet FDA requirements under
sections 801(q) and 806 of the FD&C
Act.
Under section 806 of the FD&C Act,
FDA will require facility certifications
issued by accredited third-party
certification bodies under section 808 as
a condition of an importer’s eligibility
for VQIP. We encourage eligible entities,
importers, and accredited third-party
certification bodies to consult the VQIP
guidance, when finalized, to ensure the
proper scope has been established for
any regulatory audit conducted to
obtain facility certification for VQIP
purposes.
Any requirement for certification to
satisfy a condition of admissibility
under section 801(q) of the FD&C Act
would be based on an FDA safety
determination relating to specific
circumstances, as described in section
801(q)(2). An eligible entity seeking
certification from an accredited thirdparty certification body to meet the
admissibility requirements under
section 801(q) of the FD&C Act must
ensure the proper scope has been
established for the regulatory audit it
procures to address the circumstances
behind the 801(q) determination.
(Comment 107) Some comments
assert that the audit requirements in
proposed § 1.651 are overly detailed and
inflexible, contending that accreditation
bodies have their own requirements for
good auditing practices. The comments
also suggest that proposed § 1.651,
would be problematic to implement and
cite as an example the proposed
requirement for unannounced audits,
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
which the comments say would be
inconsistent with the requirements
associated with planned audits that
apply in other programs.
(Response 107) We understand that
some of the requirements in proposed
§ 1.651 differ from the audit protocols
currently used in conducting many
third-party audits of food facilities. The
comments do not identify the good
auditing practices they assert
accreditation bodies already require
certification bodies to use; however, we
are not incorporating ISO/IEC
17021:2011, ISO/IEC 17065:2012, or
ISO/IEC 19011:2011 by reference into
this rule for the reasons explained in
section I.D. We are unable to identify a
voluntary consensus standard that
would encompass the audit practices
required by section 808 of the FD&C Act
(e.g., unannounced audits and
notification of conditions that could
cause or contribute to a serious risk to
public health) as well as other practices
the statute allows (e.g., audit agents
conducting both consultative and
regulatory audits). In the absence of
existing standards that would
adequately address the food safety audit
requirements of section 808 of the FD&C
Act, § 1.651 offers accredited third-party
certification bodies and audit agents the
requirements needed to conduct food
safety audits in the manner the statute
contemplates and requires.
The comment asserting that proposed
§ 1.651, would be problematic to
implement cited as an example the
proposed requirement for unannounced
audits in § 1.651(c)(1). We acknowledge
that most audits are scheduled, and a
program involving unannounced audits
will require changes in the current usual
practices of accredited third-party
certification bodies and eligible entities.
However, section 808(c)(5)(C)(i) of the
FD&C Act specifically requires audits
performed under this rule to be
unannounced. As described in Response
106, proposed § 1.651(c)(1) was
designed to provide flexibility to
accredited third-party certification
bodies and eligible entities, while
fulfilling this statutory requirement.
Without additional examples or other
details in the comments to explain why
the other audit protocols in
proposed§ 1.651(a) would be
problematic to implement, we decline to
revise § 1.651(a)(2) to (4) in response to
the comments.
(Comment 108) In addition to
comments described in section III.E.
regarding the impracticality of
unannounced audits, some comments
contend that unannounced audits
would be impractical and inefficient for
any food safety audit (e.g., regulatory
PO 00000
Frm 00043
Fmt 4701
Sfmt 4700
74611
audits) conducted under this rule. Other
comments express concern about
implementing unannounced audits at
farms that may be geographically
isolated, while offering support for
unannounced audits in principle.
Other comments note that
unannounced audits are conducted for
operations participating in the Leafy
Greens Marketing Agreements (LGMAs)
in California and Arizona and in the
California Cantaloupe Marketing Order
(CCMO), asserting it is feasible to
conduct audits of seasonal operations
during harvest activities, observing
practices and programs in the field and
facility. Some comments suggest that
unannounced audits provide a more
realistic view of the entity’s compliance
status than planned audits do.
Some comments endorse the
approach of a planned records review
prior to an unscheduled site audit
occurring at any point during a 30-day
operating window. Other comments ask
us to clarify in the final rule which parts
of a food safety audit may be performed
on a scheduled basis and which parts
must be performed on an unannounced
basis within a 30-day window.
(Response 108) We decline to revise
our approach to unannounced audits
under § 1.651, as section 808(c)(5)(C)(i)
of the FD&C Act explicitly requires that
audits be unannounced. We are,
however, adding language to
§ 1.651(c)(1) to clarify that the records
review portion of a food safety audit
may be scheduled with an eligible entity
and, through revisions to § 1.651(c)(2),
are requiring the records review to occur
before the onsite facility examination
portion of the audit, consistent with the
description in the preamble to the
proposed rule (78 FR 45782 at 45811 to
45812). We are retaining the
requirement in § 1.651(c)(1) to conduct
an unannounced audit through an
unscheduled onsite facility examination
at any time during the 30-day timeframe
identified pursuant to § 1.651(a)(1)(ii).
As discussed in the preamble to the
proposed rule (78 FR 45782 at 45811),
when developing the audit protocols to
implement the statutory requirement for
unannounced audits, we considered the
British Retail Consortium (BRC) Global
Standard for Food Safety (Ref. 22)
unannounced audit option to help us
ensure that our approach to
unannounced audits would be practical
and feasible to implement. The BRC
unannounced audit option provides for
a ‘‘Good Manufacturing Practices-type
audit’’ to be unannounced, while a
separate records review could occur
during a planned visit. We have
concluded that it is reasonable and
appropriate to interpret the statutory
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74612
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
requirement for unannounced audits to
allow a record review to be conducted
during a planned visit to the eligible
entity, provided that the onsite audit is
conducted on an unannounced basis. In
addition, as discussed previously, we
have revised § 1.651(c)(2) to require that
the records review must precede the
onsite examination to facilitate the
facility visit.
We agree with comments suggesting
that unannounced audits are feasible
and note, for example, that another
GFSI-benchmarked scheme, the Safe
Quality Food Code in July 2014 began
implementing an unannounced audit
component, wherein unannounced
audits are mandatory for every third
audit (Ref. 23). Additionally, while we
appreciate the concern expressed by
comments regarding the implementation
of unannounced audits at farms that
may be geographically isolated, we
believe the examples cited by comments
of unannounced audits of participants
that are performed at least once each
year under the LGMA and the CCMO
are persuasive in demonstrating the
feasibility of unannounced audits for
primary production. Moreover, the
requirements for audits specified in the
statute and our experiences planning
foreign inspections lead us to believe
that the requirement for a 30-day
operating window will assist in
preventing logistic problems associated
with unannounced audits in
geographically isolated areas. For the
foregoing reasons, we have concluded
that the unannounced audit protocol in
§ 1.651(a)(1) is practical and efficient to
implement, while meeting the
requirements of section 808(c)(5)(C)(i) of
the FD&C Act.
(Comment 109) Some comments
suggest that FDA increase the window
of time between the records review,
which informs the audit planning, and
the unannounced site audit, which
examines the facility, its process(es),
and food for compliance with the
applicable food safety requirements of
the FD&C Act and FDA regulations. To
maximize the element of surprise while
ensuring the relevance of the records
review to the conduct of the site audit,
the comments suggest we should
expand the timeframe to allow the audit
agent to conduct the site audit any time
during a 90-day period.
(Response 109) Food safety audits
conducted under this program,
particularly regulatory audits for
certification purposes, often are time
sensitive in nature, because they are
necessary for issuance of certifications
that are used facilitate trade.
Establishing a lengthy window of time
during which an unannounced audit
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
could occur could have significant
implications, for example, where
certification is used in satisfying a
condition of admissibility for a food
subject an FDA safety determination
under section 801(q) of the FD&C Act.
A lengthy window of time for an
unannounced audit to be conducted
also could hinder participation in the
VQIP program under section 806 of the
FD&C Act, which requires an importer
to provide facility certification as a
condition of participation. In light of the
foregoing, we do not believe it would be
reasonable to extend the length of time
between records review and the site
audit from 30 to 90 days.
C. What must an accredited third-party
certification body include in food safety
audit reports? (§ 1.652)
Proposed § 1.652 would implement
section 808(c)(3)(A) of the FD&C Act,
which authorizes FDA to establish the
requirements for audit reports that an
accredited third-party certification body
would need to prepare as a condition of
its accreditation. The statute specifies
that such report of an audit must
include: (1) The identity of the persons
at the eligible entity responsible for
compliance with food safety
requirements; (2) the dates and scope of
the audit; and (3) any other information
FDA requires that relates to or may
influence an assessment of compliance.
Proposed § 1.652(a) would specify the
form of consultative audit reports,
which would include: The name,
address, and unique facility identifier
(UFI) of the facility subject to audit; the
name, address, and UFI of the eligible
entity (if it differs from the facility); the
contact information for the person(s)
responsible for food safety compliance
at the facility; the dates and scope of the
consultative audit; and any
deficiency(ies) observed during the
audit that require corrective action(s)
and the date on which such corrective
action(s) were completed. Proposed
§ 1.652(a) would require that a
consultative audit report be prepared by
no later than 45 days after completing
the audit and would require preparing
the report in English and maintaining it
as a record under proposed § 1.658.
Proposed § 1.652(b) would specify the
form of regulatory audit reports, which
would include: (1) The name, address,
and UFI of the facility subject to audit;
(2) the FDA food facility registration
number (where applicable); (3) the
name, address, and UFI of the eligible
entity (if it differs from the facility); (4)
the contact information for the person(s)
responsible for food safety compliance
at the facility; (5) the dates and scope of
the regulatory audit; (6) the process(es)
PO 00000
Frm 00044
Fmt 4701
Sfmt 4700
and food(s) observed during the audit;
(7) whether sampling and laboratory
analysis is used in the facility; (8) recent
food recalls; (9) recent significant
changes at the facility; and (10) any food
or facility certifications recently issued
to the entity. With respect to
deficiencies and corrective actions,
proposed § 1.652(b) would require the
accredited third-party certification body
to include in the regulatory audit report
any deficiency(ies) observed during the
audit that meet FDA’s Class I and Class
II recall standards—i.e., the
deficiency(ies) present(s) a reasonable
probability that the use of or exposure
to the violative product will cause
serious adverse health consequences or
death; or may cause temporary or
medically reversible adverse health
consequences or where the probability
of serious adverse health consequences
is remote, and the corrective action plan
for any identified deficiency unless the
corrective action was implemented
immediately and verified onsite by the
accredited third-party certification
body. Proposed § 1.652(b) also would
require that a regulatory audit report be
submitted to FDA electronically, in
English, by no later than 45 days after
completing the audit.
Under proposed § 1.652(c), an
accredited third-party certification body
would have to submit to FDA an audit
report for any regulatory audit it
conducts, regardless of whether the
certification body issued a certification
based on the results of the regulatory
audit. Proposed § 1.652(d) would
require an accredited third-party
certification body to implement written
procedures for receiving and addressing
challenges from eligible entities
contesting adverse regulatory audit
results and would require them to
maintain records of such challenges
under proposed § 1.658.
On our initiative, we revised
paragraphs (a) and (b) of § 1.652 to
clarify that an accredited third-party
certification body must provide a copy
of a consultative audit report or
regulatory audit report (respectively) to
the eligible entity. We also on our own
initiative added a requirement for the
accredited third-party certification body
to include in the audit report the FDA
Establishment Identifier (FEI) of the
facility audited and the FEI of the
eligible entity, if different than the FEI
for the audited facility to help verify the
identity of the facility and eligible entity
based on information contained in
FDA’s database of FEIs. Further, we
aligned the elements of the consultative
audit report and regulatory audit report;
for example, we redesignated proposed
paragraph (a)(5) as (a)(6) and added a
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
new paragraph (a)(5) to require that the
consultative audit report include the
processes and foods observed during the
consultative audit. Additionally, on our
own initiative we revised § 1.652(d) to
clarify that an accredited third-party
certification body must notify an
eligible entity of a denial of
certification.
(Comment 110) Several comments
raise concerns regarding the
requirements that would apply to
consultative audit reports under
proposed § 1.652(a). The comments
assert that because consultative audits
are specifically intended to be for
internal purposes, FDA should delete
proposed § 1.652(a) and should not
propose any requirements for
consultative audit reports. Other
comments suggest that we remove the
proposed requirement to prepare a
consultative audit report no later than
45 days after conducting the audit,
asserting the deadline is infeasible. Still
other comments suggested we should
allow consultative audit reports to be
prepared and maintained in languages
other than English.
Some comments interpret proposed
§ 1.652(a) to require consultative audit
reports to be submitted to FDA. Other
comments urge us to emphasize to
industry that proposed § 1.652(a) would
only require accredited third-party
certification bodies to maintain
consultative audit reports in their
records and not submit them to FDA,
and that FDA could only access
consultative audit reports in
circumstances meeting the serious
adverse health conditions or death to
humans or animals (SAHCODHA)
standard for records access under
section 414 of the FD&C Act. Other
comments note that the proposed rule
was silent on the protection of
proprietary information in audit reports.
(Response 110) We disagree with
comments suggesting that because
consultative audits are for internal
purposes only, FDA is precluded from
imposing any requirements for
consultative audit reports prepared by
accredited third-party certification
bodies under this rule. Section
808(c)(3)(A) of the FD&C Act requires
certain elements to be included in
reports for all food safety audits. This
includes both consultative audits and
regulatory audits, which are the two
types of audits described in section
808(c)(4)(B) of the FD&C Act. Section
808(c)(3)(A) sets a 45-day deadline for
the preparation of all audit reports,
including consultative audit reports,
and sets a separate requirement that the
audit reports for regulatory audits be
submitted. Section 808(c)(3)(A) of the
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
FD&C Act also gives FDA discretion to
designate the form and manner of audit
reports and to require accredited thirdparty certification bodies to include in
audit reports other information that
relates to or may influence an
assessment of compliance with the
FD&C Act. In light of these statutory
provisions, we decline the suggestions
to delete proposed § 1.652(a) or to
remove the proposed 45-day deadline
for preparation of a consultative audit
report.
We are, however, removing the
proposed requirement in § 1.652(a) that
consultative audit reports would need to
be prepared and maintained in English
in the accredited third-party
certification body’s records. As
explained in Response 59, we are
removing the proposed requirements for
recognized accreditation bodies and
accredited third-party certification
bodies to create and maintain records
that do not need to be submitted to
FDA, outside of a specific request,
under this rule in English.
We disagree with comments
suggesting that § 1.652(a) should require
accredited third-party certification
bodies to submit consultative audit
reports to FDA. We note that section
808(c)(3)(A) only requires the
submission of regulatory audit reports.
Because consultative audits are for
internal purposes, we consider it
appropriate to require the maintenance
of these reports, but not the submission
of the reports. Under section
808(c)(3)(C) of the FD&C Act, we could
only access consultative audit reports in
circumstances meeting the standard for
records access under section 414 of the
FD&C Act.
With respect to protection of
proprietary information in consultative
audit reports submitted to or obtained
by FDA, we note that the final rule
includes new provision § 1.695, which
addresses disclosure and the protection
of trade secrets and confidential
commercial information under
applicable law.
(Comment 111) Some comments
support our proposal to require that
consultative audit reports under
proposed § 1.652(a)(2) and regulatory
audit reports under proposed
§ 1.652(b)(1)(i) and (b)(2) include UFIs
for audited facilities and for eligible
entities (where different from audited
facilities). In the preamble to the
proposed rule (78 FR 45782 at 45812),
we solicited comment on whether a UFI
should comprise a Data Universal
Numbering System (DUNS®) number
and Global Positioning System (GPS)
coordinates for an audited facility and
PO 00000
Frm 00045
Fmt 4701
Sfmt 4700
74613
for the eligible entity (if different from
the audited facility).
Some comments support using
DUNS® numbers in UFIs for eligible
entities and audited facilities, asserting
that approximately 230 million
establishments around the world have
DUNS® numbers. The comments assert
that DUNS® numbers are easy to obtain
and free to the establishment.
Comments also emphasize that the use
of DUNS® numbers would be
particularly helpful under the thirdparty certification rule, because the
numbers help to determine corporate
‘‘families’’—e.g., related establishments.
Other comments oppose using
DUNS® numbers as UFIs, contending
that DUNS® numbers are not widely
used outside the United States and
frequently have errors. Some of these
comments propose alternatives to
DUNS® numbers, including: GPS
coordinates, FDA’s food facility
registration numbers, or the U.S.
Internal Revenue Service taxpayer
identification numbers which comments
suggest foreign companies can request
from U.S. Customs and Border
Protection.
(Response 111) We received valuable
input in response to our solicitation of
comments on UFIs for audited facilities
and eligible entities. Having a UFI for
eligible entities (and audited facilities if
different) would be useful to FDA in
identifying an eligible entity that does
not already have a numerical identifier
in one of FDA’s databases. For example,
farms generally are not required to
register with FDA under section 415 of
the FD&C Act, so they would not have
an FDA Food Facility Registration
Number, unless they conduct activities
for which such registration is required,
and some eligible entities may not have
been assigned an FDA Facility
Establishment Identifier.
We note that FDA currently is
considering whether to require UFIs for
regulated establishments, such as
facilities as defined in 21 CFR 1.227,
and the types of numbering systems that
might be used for UFIs. Under this final
rule, an accredited third-party
certification body will be required to
include a UFI for an audited facility and
for an eligible entity (if different from
the audited facility) in a consultative
audit report under § 1.652(a)(1)(i) and
(a)(2), and a regulatory audit report
under § 1.652(b)(1)(i) and (b)(2), if FDA
designates a UFI system.
(Comment 112) Some comments focus
on proposed § 1.652(a)(5), which would
require a consultative audit report to
include any deficiencies observed that
require corrective action, the corrective
action plan, and the date corrective
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74614
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
actions were completed. Some
comments ask us to clarify what
information about deficiencies should
be included in consultative audit
reports. The comments distinguish
between FDA investigators who collect
physical evidence during inspections
and third-party certification bodies who
typically observe process(es), review
records, and cite nonconformity to
standards—e.g., ‘‘Canning retort time
did not meet x temperature for y time
of the scheduled process.’’ Other
comments ask FDA to clarify that the
eligible entity, not the audit agent,
would be responsible for corrective
actions, including analyzing the cause
of the nonconformity and developing
corrective actions to address the
nonconformity. These comments
support the proposed requirement to
require documentation and verification
of corrective actions, whether through
document review or onsite audits.
(Response 112) As the comments
suggest, third-party certification bodies
commonly describe their audit findings
in terms of conformity or nonconformity
with audit criteria, such as a GFSIbenchmarked food safety scheme or the
ISO/TS 22003:2013 series of food safety
standards (Ref. 24). Under section 808 of
the FD&C Act, accredited third-party
certification bodies examine eligible
entities and their foods for compliance
with the applicable food safety
requirements of the FD&C Act and FDA
regulations and, for consultative audits,
also assess conformity with applicable
industry standards and practices.
Under proposed § 1.652(a)(5), a
consultative audit report would identify
any deficiencies observed by audit
agent, which we intended would
encompass any deficiency that relates to
or may influence the accredited thirdparty certification body’s determination
of whether the eligible entity is in
compliance with the applicable food
safety requirements of the FD&C Act
and FDA regulations. We were not
proposing to require that consultative
audit reports include information on an
observation solely related to a
nonconformity with industry standards
or practices that FDA does not
implement or enforce. An observation
relating to both a nonconformity with an
industry standard or practice and a
deficiency that relates to or may
influence a compliance determination
would need to be included in the audit
report as a deficiency under proposed
§ 1.652(a)(5). In response to comments,
we are revising § 1.652(a)(5),
renumbered as § 1.652(a)(6), to clarify
that a consultative audit report must
include any deficiency that relates to or
may influence a determination of
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
compliance with the applicable food
safety requirements of the FD&C Act
and FDA regulations and information on
the corrective action(s) to address such
deficiency.
We agree with comments
distinguishing between the roles of
eligible entities (who must identify and
implement effective corrective actions)
and accredited third-party certification
bodies and their audit agents (who
identify deficiencies and verify that
effective corrective actions have been
implemented). After identifying
deficiencies that will require corrective
action, accredited third-party
certification bodies and their audit
agents must maintain their impartiality
by allowing eligible entities to select the
appropriate corrective actions to
employ. To recommend or suggest
corrective actions to eligible entities
during consultative or regulatory audits
would undermine the objectivity of the
third-party certification bodies or audit
agents in performing their critical task
of verifying the effectiveness of the
corrective actions once implemented.
To address this concern, we have
elected to revise § 1.651(c)(3) as
described in section IX.B., because we
believe this issue is better addressed as
part of the protocols for audits
conducted under subpart M.
(Comment 113) Some comments
assert that proposed § 1.652(b) is
unnecessary, because many of the
elements of regulatory audit reports that
we propose already are commonly
included in audit reports. The
comments contend that listing specific
elements to be included in a regulatory
audit report would be too prescriptive
and would stifle creativity. Other
comments suggest that proposed
§ 1.652(b) is overly broad, and the
comments object to the elements of the
audit reports. Some comments assert
that reporting of recent recalls is
unnecessary because this is information
already in FDA’s possession. Still other
comments note that documents that are
routinely part of an audit process may
contain critical business information.
These comments suggest that FDA
should consider a ‘‘tiered’’ approach, by
requiring only summary reports on
audit results to be submitted to FDA,
not proprietary information.
Other comments support proposed
§ 1.652(b) and the data elements we
proposed to require in regulatory audit
reports. Some of these comments seek
additional information on the form and
manner of submitting this information
to FDA. The comments also ask whether
the regulatory audit reports will be
publicly released.
PO 00000
Frm 00046
Fmt 4701
Sfmt 4700
(Response 113) We disagree with
comments suggesting that proposed
§ 1.652(b) is unnecessary because the
information we proposed to require in
regulatory audit reports already is
included in the audit reports prepared
by third-party certification bodies.
Although many of the elements required
to be included in the reports under this
rule are currently being included in
audit reports prepared by third-party
certification bodies, it is important that
we require the elements included in this
final rule because they are essential to
the preparation of audit reports that are
consistent with the purpose of this
program.
We disagree with the comments
asserting that proposed § 1.652(b) is
overly broad and the comments
contending that the provision is overly
prescriptive. Section 808(c)(3)(A) of the
FD&C Act requires that audit reports
include the dates and scope of the audit
and the identity of the persons at the
audited eligible entity responsible for
compliance with food safety
requirements. Section 808(c)(3)(A) of
the FD&C Act also gives FDA discretion
to require that audit reports include
other information that relates to or may
influence an assessment of compliance
with the FD&C Act. Under proposed
§ 1.652(b), a regulatory audit report
would include the elements required by
the statute, as well as the following
information: Identifying information for
the eligible entity (and for the facility,
if different from the eligible entity); the
food(s) and process(es) observed; any
deficiencies observed during the audit
that relate to an FDA Class I or Class II
recall situation; and the corrective
action plan for such deficiencies. We
also proposed to require the regulatory
audit report to indicate whether any
sampling and laboratory analysis is used
in the facility and whether in the 2 years
preceding the audit the entity: Issued a
food safety-related recall; made
significant changes in the facility, its
process(es), or products; or was issued
any food or facility certifications.
As to the elements of the regulatory
audit report in proposed § 1.652, we
note that paragraphs (b)(1) and (2)
provide identifying information for the
eligible entity (and the facility audited,
if different than the eligible entity) and
paragraphs (b)(3) and (5) contain the
elements required by section
808(c)(3)(A) of the FD&C Act. We agree
with comments asserting that it is not be
necessary to include information in
regulatory audit reports that is already
in FDA records; therefore, we are
removing the proposed requirements in
§ 1.652(b)(9) and (11) to report
information on food-safety related
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
recalls conducted by the eligible entity
and food and facility certifications
issued to the eligible entity in the 2
years preceding the audit. We are
retaining the other elements of the
regulatory audit report under proposed
§ 1.652(b)(4), (6) to (8), and (10)—i.e.,
whether the facility uses sampling and
laboratory analysis, whether the entity
has made significant changes to the
facility, its process(es), or products
during the 2 years preceding the audit;
the foods and process(es) that were
observed, as well as any deficiencies
related to a Class I or Class II recall
situation and the corrective action plans
for deficiencies—because they are
related to or influential to a
determination of compliance with the
applicable food safety standards of the
FD&C Act and FDA regulations.
As discussed in Response 67, we
intend to provide additional
instructions relating to the form and
manner of submitting information to
FDA. We also acknowledge comments’
concerns about the protection of
proprietary information in regulatory
audit reports submitted to FDA.
Information submitted to FDA is subject
to public disclosure and under part 20,
and we are including new § 1.695 on
public disclosure in section XIII.F of
this final rule.
(Comment 114) Some comments
contend that the submission of
regulatory audit reports under proposed
§ 1.652 would ‘‘empower’’ accredited
third-party certification bodies as ‘‘de
facto’’ regulatory authorities.
(Response 114) We disagree. Nothing
in section 808 of the FD&C Act or in the
proposed rule would empower
accredited third-party certification
bodies to implement or enforce the
FD&C Act or FDA regulations. Further,
section 808(h) of the FD&C Act clearly
states that audits performed under this
section shall not be considered
inspections under section 704 of the
FD&C Act, which governs FDA
inspections.
(Comment 115) Some comments
assert that regulatory audit reports
should be submitted to FDA only when
there are questions about product safety.
Some comments suggest that proposed
§ 1.652(b) could be onerous because it
would require regulatory audit reports
to be submitted to FDA in English by no
later than 45 days after the audit was
completed. The comments assert that a
lack of auditor capacity in countries that
export food to the United States could
make it difficult for accredited thirdparty certification bodies to meet the 45day deadline and suggest that FDA
should consider adjusting the deadline
for regulatory audit report submission in
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
light of factors such as auditor capacity
and the needs of seasonal producers.
Other comments support the proposed
45-day deadline for audit report
submission, noting that many audit
reports currently take more than 45 days
to complete, some taking nearly a year
to be issued. Still other comments focus
on the proposed requirement in
§ 1.652(b) to submit regulatory audit
reports in English, urging us to accept
reports in various languages, including
Spanish.
(Response 115) Section 808(c)(3)(A) of
the FD&C Act requires as a condition of
accreditation that regulatory audit
reports to be submitted to FDA within
45 days after conducting the audit.
Accordingly, we decline the suggestion
to limit the submission of regulatory
audit reports to circumstances where
there are questions about product safety.
We also decline to extend the statutory
45-day deadline for submission of a
regulatory audit report.
We believe that allowing regulatory
audit reports to be submitted in
languages other than English, as some
comments suggest, would create
unnecessary obstacles to our program
management and oversight. For
example, we may review a regulatory
audit report to assist us in deciding
whether to accept a certification or to
reject the certification after determining
that is not valid or reliable. If we were
to allow regulatory audit reports to be
submitted in languages other than
English, we might have to wait weeks
for a translation. Such a delay would
postpone our decision on whether to
accept or refuse the certification and
might have negative effects on the flow
of trade.
(Comment 116) Some comments
oppose a proposal to use DUNS®
numbers in UFIs for audited facilities
and eligible entities that would be
required to be submitted to FDA in
regulatory audit reports under proposed
§ 1.652(b)(1)(i) and (b)(2). The
comments suggest that using DUNS ®
numbers in UFIs would create a
monopoly for Dun and Bradstreet (D&B)
and give D&B an unfair competitive
advantage. The comments also express
concern that establishments will face
increased pressure to buy other D&B
products. Other comments suggest that
DUNS ® numbers are not used outside
the United States because, for example,
DUNS® numbers require data such as
street names, telephone numbers and
other data points that small producers
located outside the United States might
not have. Instead, these comments
suggest, FDA should use GPS latitude
and longitude coordinates as UFIs.
PO 00000
Frm 00047
Fmt 4701
Sfmt 4700
74615
Some other comments express
support for UFI requirements that
would include the use of DUNS®
numbers in UFIs for audited facilities
and eligible entities. The comments
assert that because DUNS® numbers are
widely used, it would be reasonable for
FDA to require DUNS® numbers to be
used in UFIs under the third-party
certification program.
(Response 116) As explained in
Response 111, FDA currently is
considering whether to require
regulated establishments to have UFIs
and, if so, whether DUNS® numbers
should be included in UFIs. As
explained previously, under this final
rule, an accredited third-party
certification body will be required to
include a UFI for an audited facility and
for an eligible entity (if different from
the audited facility) in a regulatory audit
report under § 1.652(b)(1)(i) and (b)(2), if
FDA designates a UFI system.
(Comment 117) Some comments agree
with proposed § 1.652(b)(4), which
would require regulatory audit reports
to include information on the
process(es) and food(s) observed during
the audit. Some comments request
clarification of what process(es) and
food(s) would need to be observed in a
facility with several processes, and
other comments ask what information
FDA is seeking about the process(es)
that were observed during a regulatory
audit.
(Response 117) As explained in
Response 106, we do not believe that
direct observation of each type of food
produced under a management system
is necessary when an audit covers the
appropriate physical locations,
activities, and processes that are part of
the management system to be audited,
and information collected during the
audit must be relevant to the audit
scope, purpose, and criteria, including
information relating to interfaces
between functions, activities, and
processes of the management system.
Therefore, information on the
process(es) and food(s) observed by the
audit agent (or accredited third-party
certification body that is an individual)
is useful in light of the scope of the
audit and the management system(s)
audited.
(Comment 118) Some comments
endorse proposed § 1.652(b)(8), which
would require the regulatory audit
report to include information on
whether sampling and analysis is used
at the facility being audited. Of the
comments that support proposed
§ 1.652(b)(8), some would further
require regulatory audit reports to
include reporting of sampling and
analytical results of sampling by the
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74616
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
eligible entity. Others suggest including
analytical results relating to any
deficiencies observed during an audit
and the effectiveness of corrective
actions taken to address the deficiency.
(Response 118) We agree that it is
useful for FDA to have information on
whether an eligible entity uses sampling
and analysis as a tool for verifying the
effectiveness of its controls. Section
1.652 does not require sampling or
analysis on a routine basis; however,
analytical reports must be included in
regulatory audit reports if the
certification body finds them to be
relevant to the any elements of an audit
report, such as a verification of
corrective actions or in support of a
decision not to certify. We note that
sampling or analytical reports that are
collected as part of a regulatory audit
must be maintained as required under
§ 1.658(a)(3).
(Comment 119) Some comments
support proposed § 1.652(b)(9), which
would require information on recent
recalls to be included in regulatory
audit reports. Other comments suggest
that requiring recall information to be
included in a regulatory audit report
might lead to questions about the
validity of a certification that the
accredited third-party certification body
might issue based on the results of its
regulatory audit of the eligible entity.
Some other comments suggest that
requiring an accredited third-party
certification body to include
information on recent recalls in a
regulatory audit report would be
duplicative, because FDA should
already have information on any recalls
of regulated product exported to the
United States, and recalls of product
that was not exported to the United
States would not be relevant to the
regulatory audit report.
(Response 119) We agree with
comments suggesting that it would be
duplicative to require accredited thirdparty certification bodies to include
information on recent recalls in
regulatory audit reports and are
removing proposed § 1.652(b)(9) in the
final rule.
(Comment 120) Some comments ask
for clarification on proposed
§ 1.652(b)(11), which would require
information on recent certifications to
be included in regulatory audit reports.
The comments ask whether a
certification issued outside of the thirdparty certification program should be
included in a regulatory audit report
and if so, should the report identify the
standards under which the certification
was issued.
(Response 120) Requiring information
on certifications issued under the third-
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
party certification program would be
duplicative because certifications
previously issued by the accredited
third-party certification body under the
program already would have been
submitted to FDA. Further, we see no
benefit to requiring the submission of
information on certifications issued
outside of this program. Accordingly,
we are removing proposed § 1.652(b)(11)
from the final rule.
(Comment 121) Some comments urge
us to create a clear mechanism for
eligible entities to appeal adverse audit
results.
(Response 121) Under proposed
§ 1.652(d) an accredited third-party
certification body would have to
implement written procedures for
receiving, evaluating, and deciding on
eligible entity challenges to adverse
regulatory audit results. We believe this
section provides a clear mechanism for
eligible entities to be able to appeal
adverse regulatory audit results. As
explained in Response 36, we are
clarifying that persons presiding over
such appeals may be internal or external
to the accredited third-party
certification body.
D. What must an accredited third-party
certification body do when issuing food
or facility certifications? (§ 1.653)
The proposed rule describes the
activities that an accredited third-party
certification body would have to
perform when issuing food and facility
certifications. Proposed § 1.653 would
require the certification body to have
conducted a regulatory audit under
proposed § 1.651 and to conduct any
other activities necessary to determine
compliance under the applicable food
safety requirements of the FD&C Act
and FDA regulations.
No certificate could be issued until
the eligible entity took corrective
actions to address any deficiencies
reported under proposed § 1.652(b)(6),
and the corrective actions were verified
by the accredited third-party
certification body. The verification
would need to occur onsite, unless the
deficiency was a minor issue. A single
audit could result in food and facility
certifications or multiple food
certifications only if the regulatory audit
requirements were met as to each.
Where a certification body uses audit
agents, the certification body, not the
audit agent, would make the
determination whether to issue
certification. However, the statute
allows for individuals to be accredited
as certification bodies; in that
circumstance, the same individual
would conduct the audit and also
determine whether to issue certification.
PO 00000
Frm 00048
Fmt 4701
Sfmt 4700
On our own initiative, we are revising
§ 1.653(a)(3) to replace the phrase
‘‘assessment made during’’ with ‘‘the
data and other information’’ to clarify
what an accredited third-party
certification body must consider when
determining whether an eligible entity
is in compliance with the applicable
food safety requirements of the FD&C
Act and FDA regulations.
On our own initiative, we are making
a number of revisions § 1.653(b). We are
revising paragraph (b)(1) to clarify that
the accredited third-party certification
body may issue a food or facility
certification under this subpart for a
term of up to 12 months. Throughout
paragraph (b)(2) we are specifying that
the food or facility certification must
contain information about regulatory
audits. At our own initiative, we are
revising § 1.653(b)(2)(ii) and (iii) to
require accredited third-party
certification bodies to provide the FEI of
the audited facility and the FEI of the
eligible entity, if different from the
audited facility, and we revised
§ 1.653(b)(2) (iv) to require accredited
third-party certification bodies to assign
numbers to certifications they issue
under the program. We are revising
paragraph (b)(3) to clarify that FDA may
refuse to accept any certification for
purposes of section 801(q) or 806 of the
FD&C Act if we determine that the
certification is not valid or reliable. We
are also adding new subparagraph
(b)(3)(iii) to specify that if the
certification was issued without reliable
demonstration that the requirements of
paragraph (a) were met, we may
determine that the certification is not
valid or reliable.
(Comment 122) Some comments
contend that proposed § 1.653(a)(2)
would require accredited third-party
certification bodies to perform onsite
verifications of corrective actions in
situations where other methods of
verification would be adequate. The
comments assert that, by requiring
onsite verification for any corrective
action (other than an action taken to
address recordkeeping deficiencies), the
proposed rule would impose undue
costs on eligible entities and would
exacerbate issues of auditor capacity.
The comments suggest that we allow
for remote verification of corrective
actions through photographs, live webcam transmissions, and any other means
that would provide evidence that
corrective action has been taken and the
eligible entity is in compliance with the
FD&C Act. The comments suggest that
FDA may, in its discretion, require
onsite visits to confirm that corrective
actions were taken in extraordinary
situations where efforts short of onsite
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
observation would be insufficient to
protect the public, such as in Class I
recall situations. Some comments urge
us to follow the requirements of ISO/IEC
17021:2011 (Ref. 6) for verification of
corrective actions.
(Response 122) We agree that onsite
verification of corrective actions would
not be necessary to address every
deficiency identified in a regulatory
audit report under proposed
§ 1.652(b)(6). ISO/IEC 17021:2011 (Ref.
6) (clauses 9.1.12–9.1.13) describes a
range of activities—from document
review to onsite verification to
additional full audits—that a third-party
certification body may use verifying the
effectiveness of corrective actions.
Remote verification may be appropriate
where it would provide an adequate
basis for the accredited third-party
certification body to determine that the
eligible entity had implemented
effective corrective action(s) to address
the identified deficiency or deficiencies.
Accordingly, we are revising
§ 1.653(a)(2) to expand the methods of
verification an accredited third-party
certification body may use to verify
corrective actions for deficiencies
identified in § 1.652(b)(6), except that
corrective actions in a facility that was
the subject of a notification under
§ 1.656(c) must be verified onsite.
(Comment 123) Some comments urge
FDA to establish qualifications for the
individuals accredited third-party
certification bodies would use to make
certification decisions. The comments
suggest that an accredited third-party
certification body should use a panel of
experts with appropriate industry or
regulatory experience to make
certification decisions on behalf of the
body. Other comments urge FDA to
identify the criteria an accredited thirdparty certification body should use in
determining whether to issue
certification under section 808 of the
FD&C Act.
(Response 123) We agree with the
comments suggesting that individuals
involved in compliance determinations
and certification decisions under
section 808 of the FD&C Act must be
appropriately qualified for those
responsibilities. We agree that decisions
on certification should be made by
individuals other than audit agents who
conducted the regulatory audits that
would form the basis for the decisions
on certification, except individuals
accredited as third-party certification
bodies may perform regulatory audits
and issue certifications based on the
results of regulatory audits they
performed. An assessment for
accreditation of a third-party
certification body under § 1.642 would
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
focus not only on its competency and
capacity for auditing food facilities but
also on its capacity to review audit
results to determine compliance with
applicable food safety requirements for
purposes of certification. While an
accredited third-party certification body
may wish to use a panel of experts for
certification decisions, it is not
necessary under this rule.
(Comment 124) Some comments
suggest that certifications issued under
section 808 of the FD&C Act should
clearly delineate the scope of products
and processes covered by the
certification.
(Response 124) Proposed
§ 1.653(b)(2)(iv) and (vi) would require
the certification to include both the
scope of the audit and the scope of the
food or facility certification. We believe
the concern about the scope of products
and processes covered by the food or
facility certification is adequately
addressed by the proposed rule, and we
are retaining these provisions in the
final rule.
E. When must an accredited third-party
certification body monitor an eligible
entity that it has issued a food or facility
certification? (§ 1.654)
Proposed § 1.654 would require an
accredited third-party certification body
to conduct monitoring of an eligible
entity if the certification body has
reason to believe that an eligible entity
to which it issued a certification may no
longer be in compliance with the FD&C
Act.
(Comment 125) Comments endorsing
proposed § 1.654 suggest that FDA
establish criteria for the ‘‘reason to
believe’’ standard—that is, the
circumstances FDA believes would
trigger a requirement for an accredited
third-party certification body to monitor
an eligible entity. The comment further
suggests that FDA should make these
criteria available for public comment.
(Response 125) FDA declines to
codify specific criteria that would
trigger the need for an accredited thirdparty certification body to conduct
monitoring of an eligible entity to
determine whether the entity is still in
compliance with applicable
requirements, as such criteria would be
fact-specific and FDA cannot
contemplate all situations that would
require such monitoring. FDA envisions
that the circumstances that might trigger
monitoring under § 1.654 are ones that
may affect the eligible entity’s capability
to continue to comply with the
applicable food safety requirements of
the FD&C Act and FDA regulations,
such as: (1) Significant changes to the
audited facility, such as capital
PO 00000
Frm 00049
Fmt 4701
Sfmt 4700
74617
improvements; (2) major changes to the
eligible entity’s management system and
processes; or (3) changes to the scope of
operations, such as changes in
manufacturing processes, that may
affect the compliance status of an
eligible entity.
(Comment 126) Other comments urge
FDA to require an accredited third-party
certification body to notify an eligible
entity immediately upon determining
that monitoring of the eligible entity
prior to recertification would be
necessary.
(Response 126) We decline the
suggestion to require notification of an
eligible entity prior to monitoring under
§ 1.654, as we believe it is more
appropriate for the accredited thirdparty certification body to decide based
on the circumstances whether it should
alert an eligible entity it has certified
that monitoring is necessary or conduct
unannounced monitoring activities. An
accredited third-party certification body
may choose to notify an eligible entity
before conducting monitoring activities
that are unrelated to the eligible entity’s
annual audit for recertification
purposes, which must be conducted on
an unannounced basis pursuant to
§ 1.651(c)(1).
F. How must an accredited third-party
certification body monitor its own
performance? (§ 1.655)
Proposed § 1.655 would require an
accredited third-party certification body
to conduct self-assessments annually
and in the case of revocation of the
recognition of its accreditation body and
prepare a report of the results of each
self-assessment.
On our own initiative, we are revising
§ 1.655(a)(1) to clarify that as part of the
self-assessment, an accredited thirdparty certification body must evaluate
the performance of its audit agents in
examining facilities, process(es), and
food using the applicable food safety
requirements of the FD&C Act and FDA
regulations, which will conform with
other changes being made to the final
rule.
(Comment 127) Some comments
support the proposal to require
accredited third-party certification
bodies to conduct self-assessments.
Other comments recommend that FDA
should be more explicit in the
requirements for self-assessments.
(Response 127) We decline the
suggestion to be more explicit in the
requirements for self-assessments, as the
requirements in § 1.655 include
sufficient details for conducting selfassessments. Comments did not provide
adequate justification for adding
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74618
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
additional elements to the selfassessment.
(Comment 128) Some comments
request that accredited governmental
certification bodies be allowed to
conduct self-assessments at a frequency
different than other accredited thirdparty certification bodies.
(Response 128) We decline to create
different timeframes for self-assessments
for governmental versus private
certifications bodies. As explained in
Response 39, § 1.655 is part of a set of
proposed monitoring and selfassessment requirements intended to
work together in helping to ensure that
the recognized accreditation bodies and
accredited third-party certification
bodies maintain compliance with the
rule’s requirements. The certification
body self-assessment in § 1.655 is
intended to serve, in part, as
information for use in the annual
accreditation body monitoring in
§ 1.621, the results of which we intend
the accreditation body to use in its
annual self-assessment under § 1.622.
This system of assessments takes place
on an annual basis and is an essential
part of the program’s safety net.
Allowing different timeframes for
assessments by different participants
would undermine the credibility of the
program and create undue
administrative complexity. We believe
this section will be far less burdensome
in practice than some of the commenters
may have anticipated. We note that to
address general concerns about the
burden of these requirements, similar to
other sections of the final rule, FDA is
adding a new § 1.655(e) to allow an
accredited third-party certification body
to use documentation of its
conformance to ISO/IEC 17021:2011 or
ISO/IEC 17065:2012, supplemented as
necessary, to meet the requirements of
this section.
(Comment 129) Some comments
assert that accredited third-party
certification bodies should not be
required to be prepare self-assessment
reports in English under proposed
§ 1.655(d).
(Response 129) In response to
comments and consistent with revisions
made elsewhere in the final rule, we are
removing the English language
requirement in § 1.655(d) for selfassessment reports prepared by thirdparty certification bodies accredited by
a recognized accreditation body.
However, we are now including a
requirement in § 1.656(b) of submission
in English for self-assessment reports
prepared by third-party certification
bodies directly accredited by FDA and
self-assessments submitted to FDA as a
result of an FDA request for cause or
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
due to the termination of an
accreditation body’s recognition due to
denial of renewal, revocation, or
relinquishment/failure to renew under
§ 1.631(f)(1)(i), 1.634(d)(1)(i), or
1.635(c)(1)(i), respectively.
G. What reports and notifications must
an accredited third-party certification
body submit? (§ 1.656)
Proposed § 1.656 would establish
requirements for various reports and
notifications that accredited third-party
certification bodies would have to
submit to FDA and, as appropriate,
recognized accreditation bodies.
Proposed § 1.656(a) would establish the
requirements for submission of
regulatory audit reports, and proposed
§ 1.656(b) would establish the
requirements for submission of reports
of accredited third-party certification
body self-assessments.
Proposed § 1.656(c) would require an
accredited third-party certification body
to immediately notify us, in English, of
a condition that could cause or
contribute to a serious risk to the public
health (notifiable condition) that the
certification body (or its audit agent)
discovered while conducting a
regulatory or consultative audit of an
eligible entity. In the preamble
discussion of proposed § 1.656(c) (78 FR
45782 at 45815), we solicited examples
of conditions that might and might not
meet the standard in section
808(c)(4)(A) of the FD&C Act for
notifying FDA. We asked for input on
whether the FDA Class I and Class II
recall standards, taken together, might
adequately address any condition
covered by section 808(c)(4)(A) of the
FD&C Act.
Proposed § 1.656(d) would require an
accredited third-party certification body
to immediately notify us electronically,
in English, upon withdrawing or
suspending the food or facility
certification of an eligible entity.
Proposed § 1.656(e)(1) would require an
accredited third-party certification body
that notified FDA under proposed
§ 1.656(c) also to notify the eligible
entity where the condition was
discovered. Proposed § 1.656(e)(2)
would require the accredited third-party
certification body to notify its
accreditation body (or, in the case of
direct accreditation, to us)
electronically, in English, within 30
days after making any significant change
that may affect its compliance with the
requirements of §§ 1.640 through 1.658.
On our own initiative we are revising
§ 1.656(c)(1) and (2) to clarify if a
condition that could cause or contribute
to a serious public risk to the public
health is discovered, that in addition to
PO 00000
Frm 00050
Fmt 4701
Sfmt 4700
the name of the eligible entity and/or
facility, an accredited third-party
certification body must also provide the
physical address, unique facility
identifier (if designated by FDA), and
the registration number under subpart H
of this part (where applicable).
(Comment 130) Some comments
support proposed § 1.656(a), which
would require submission of regulatory
audit reports to FDA, but would not
require reports of consultative audits to
be submitted. Other comments interpret
the proposed rule as requiring
submission of consultative audit reports
to FDA and the reporting of laboratory
analytical results under section 422 of
the FD&C Act.
(Response 130) Under section
808(c)(3)(A) of the FD&C Act, an
accredited third-party certification body
or an audit agent of a third-party
certification body, where applicable,
‘‘shall prepare, and, in the case of a
regulatory audit, submit, the audit
report for each audit conducted . . .’’
Based on the statutory language, it is
clear that Congress only desired reports
of regulatory audits to be submitted to
FDA. We also note that section
808(c)(3)(C) of the FD&C Act limits the
ability for FDA to access the results of
consultative audits to circumstances
described in the records access standard
of section 414 of the FD&C Act. Some
comments incorrectly interpreted the
proposed rule to require the submission
of the certification bodies’ laboratory
records and results. We are only
requiring maintenance of such records
and results under § 1.658.
(Comment 131) Some comments
contend that we are interpreting the
notification standard in section
808(c)(4)(A) of the FD&C Act too
broadly, because the statute only
requires accredited third-party
certification bodies to notify FDA of
notifiable conditions discovered during
a regulatory audit. The comments assert
that Congress did not intend us to
require notification of conditions found
during consultative audits, because
those audits are for internal purposes;
therefore, we should revise proposed
§ 1.656(c) to remove the reference to a
consultative audit. Other comments
assert that notifications submitted for
conditions found during a consultative
audit could overwhelm FDA with data
that could make it difficult to identify
the most serious risks to public health.
Still other comments support our
proposal to require notification of
conditions found during consultative
and regulatory audits.
Some comments describe a range of
activities that generally may be referred
to as consultative audits and suggest
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
that requiring notification to FDA of
conditions found during these types of
consultative audits may have
unintended consequences. The
comments note the important role of
third-party audits (and consultative
audits, in particular) in assisting the
food industry identify and fix internal
problems and drive continuous
improvements. The comments suggest
that requiring notification during
consultative audits might create
disincentives for firms who might
otherwise use accredited third-party
certification bodies to perform
consultative audits and for third-party
certification bodies who might
otherwise be interested in participating
in the program.
(Response 131) We decline the
suggestion to limit § 1.656(c) to require
notification only of conditions found
during a regulatory audit, because
section 808(c)(4)(A) and (B) of the FD&C
Act require notification based on
conditions found ‘‘at any time during an
audit’’ and identifies ‘‘audits’’ as both
consultative and regulatory audits.
Although we decline to limit
§ 1.656(c) as the comment suggests we
believe that many of the concerns about
notification during a consultative audit
are mitigated by revisions that clarify
the scope of the consultative audits that
are, and are not, covered by the rule (see
Sections III.E and III.J). Under the final
rule, an accredited third-party
certification body would only be
required to notify FDA of a condition
that could cause or contribute to a
serious risk to the public health if the
condition was discovered during an
audit that an eligible entity has
specifically declared to be a regulatory
audit for certification purposes or a
consultative audit in preparation for a
regulatory audit under this rule.
(Comment 132) Several comments
contend that ‘‘serious risk to the public
health’’ has the same meaning as
‘‘serious adverse health conditions or
death to humans or animals’’
(SAHCODHA) as that phrase is used
throughout the FD&C Act. Specifically,
the comments assert that FDA should
only require accredited third-party
certification bodies to notify FDA of
conditions that pose a risk of
SAHCODHA, as that standard is
interpreted for purposes of the
Reportable Food Registry (RFR) under
section 417 of the FD&C Act (21 U.S.C.
350f).
The comments reject our tentative
conclusion that the range of conditions
that require notification under section
808(c)(4)(A) of the FD&C Act is broader
than SAHCODHA, because the statute
describes notifiable conditions as ones
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
that ‘‘could’’ cause or contribute to a
serious risk to public health. In response
to our request for input, the comments
specifically reject an interpretation of
‘‘serious risk to the public health’’ that
might include, for example, conditions
that pose a risk of temporary or
medically reversible adverse health
consequences or where the probability
of adverse health consequences is
remote. Some comments suggest that
accredited third-party certification
bodies and audit agents would be more
readily able to identify conditions that
pose a SAHCODHA risk but would find
it more difficult to identify other
conditions that would need to be
notified to FDA under proposed
§ 1.656(c). Other comments support our
tentative conclusion that a ‘‘condition
that could cause or contribute to a
serious risk to the public health’’ is
broader than a condition relating to a
SAHCODHA risk.
(Response 132) We disagree with
comments suggesting that the phrase
‘‘serious risk to public health’’ in
section 808(c)(4)(A) of the FD&C Act
should be interpreted as a risk of
SAHCODHA. We note that Congress
chose to incorporate SAHCODHA in
section 808(c)(6)(A) to describe outbreak
situations that would lead to
withdrawal of accreditation, but did not
use SAHCODHA in describing the
conditions that must be notified to FDA
under section 808(c)(4)(A) of the FD&C
Act. Additionally, Congress chose to
incorporate SAHCODHA in other
sections of FSMA, such as in provisions
on suspension of registration in section
102(b) amending section 415 of the
FD&C Act. In light of the foregoing, we
believe that Congress intended for a
‘‘serious risk to the public health’’ to be
distinct from a risk of SAHCODHA and,
therefore, reject the suggestion that
accredited third-party certification
bodies would only need to notify FDA
of conditions that pose a risk of
SAHCODHA under proposed § 1.656(c).
We conclude that notifiable conditions
include not only those that present a
risk of SAHCODHA, but also other
conditions that ‘‘could cause or
contribute to a serious risk to the public
health.’’
Although it is difficult to predict the
range of conditions or circumstances
that accredited third-party certification
bodies and audit agents might
encounter, we offer some factors that
may be useful in identifying whether a
condition would need to be notified
under § 1.656(c), such as whether the
condition relates to incoming
ingredients that will be subject to
control within the facility, or an area of
the facility where pre-production
PO 00000
Frm 00051
Fmt 4701
Sfmt 4700
74619
materials are held; whether the
condition relates to the post-processing
environment or where finished product
is held prior to distribution; and
whether the condition relates to food,
process(es), or areas of the facility
associated with food that is destined for
export to the United States, and not if
it relates solely to food, process(es), or
areas of the facility associated with food
for consumption other than in the
United States.
(Comment 133) Some comments urge
us to revise proposed § 1.656(c) to
incorporate the limitations on reporting
that apply to the RFR under section
417(d)(2) of the FD&C Act, such that
notification would only be submitted if
food adulterated as a result of the
notifiable condition had left the control
of the eligible entity. The comments
assert it would be reasonable for FDA to
interpret section 808(c)(4)(A) of the
FD&C Act such that an accredited thirdparty certification body would not need
to alert FDA immediately upon
discovering a notifiable condition if the
eligible entity reworked adulterated
product or destroyed it before the
adulterated food was transferred to
another person. Other comments suggest
that proposed § 1.656(c) is redundant
because such conditions are subject to
RFR reporting.
(Response 133) We decline the
suggestion to revise § 1.656(c) to
incorporate an exception similar to
section 417(d) of the FD&C Act as there
is no exception to the notification
requirement in section 808(c)(4) as there
is in section 417(d). Further, we believe
the notification requirement in section
808(c)(4) serves not only to inform FDA
of potential risks to the public, but also
enhances credibility of the program by
giving FDA, accredited certification
bodies, and recognized accreditation
bodies information that may be relevant
to our oversight of the food safety and
third-party programs. We believe that
given the statutory language and goals of
the third-party certification program, it
is appropriate for the notification
requirement in this rule to have
different requirements and exceptions
than other notification provisions in the
FD&C Act.
As such, we also disagree with
comments suggesting the obligation of a
responsible party to submit a report to
FDA through the RFR makes proposed
§ 1.656(c) redundant. Among other
things, RFR requirements only apply to
facilities that are required to register
with FDA under section 415 of the
FD&C Act. An eligible entity that is a
farm, for example, would not be subject
to RFR requirements. Additionally, as
discussed previously, the reporting
E:\FR\FM\27NOR4.SGM
27NOR4
74620
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
mstockstill on DSK4VPTVN1PROD with RULES4
requirement under this rule contains no
exception for circumstances when the
food adulterated as a result of the
notifiable condition has not left the
control of the eligible entity. In light of
the foregoing, we are retaining § 1.656(c)
without the revisions suggested by the
comments.
(Comment 134) Some comments urge
us to revise proposed § 1.656(e)(1) to
allow for concurrent notification of FDA
and the eligible entity where the
notifiable condition was discovered.
(Response 134) We agree and are
adding to § 1.656(e)(1) a provision that
allows, where feasible and reliable, for
the accredited third-party certification
body to contemporaneously notify its
recognized accreditation body and/or
the eligible entity when notifying FDA.
We note that this provision does not
affect the obligation for the accredited
third-party certification body to notify
FDA immediately of a notifiable
condition under § 1.656(c).
H. How must an accredited third-party
certification body protect against
conflicts of interest? (§ 1.657)
Proposed § 1.657 sets out the elements
of a conflict of interest program that an
accredited third-party certification body
would be required to have. Proposed
§ 1.657(a) would require the accredited
third-party certification body to have a
written program that covers the
certification body itself and any of its
officers, employees, or other agents (e.g.,
audit agents) conducting audits or
certification activities under this
program. Proposed § 1.657(b) would
address the requirement, in section
808(c)(5)(C) of the FD&C Act, to issue
implementing regulations that include a
structure to decrease the potential for
conflicts of interest, including timing
and public disclosure, for fees paid by
eligible entities to accredited third-party
certification bodies. Proposed § 1.657(c)
would impute to an accredited thirdparty certification body’s officer,
employee, or other agent the financial
interests of his or her spouse and minor
children, if any. Proposed § 1.657(d)
would require an accredited third-party
certification body to maintain on its
Web site an up-to-date list of eligible
entities to which it issued certifications
under this subpart, the duration and
scope of each such certifications, and
the date on which the eligible entity
paid any fee or reimbursement under
proposed § 1.657(c).
On our own initiative, we are revising
the accredited third-party certification
body conflict of interest provisions in
§ 1.657(a)(1) to clarify that the
certification body, its officers,
employees, and other agents involved in
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
auditing and certification activities
cannot own, operate, have a financial
interest in, manage, or otherwise control
an eligible entity to be certified. We also
are redesignating proposed paragraphs
(a)(2) to (4) as (a)(3) to (5) and adding
a new paragraph (a)(2) to conform to
section 808(c)(5)(A)(i) of the FD&C Act.
Additionally, we are revising
redesignated § 1.657(a)(3) to add
financial interests, management, or
control to the proposed list of
prohibited interests for audit agents.
(Comment 135) Some comments
support proposed § 1.657, asserting that
it strikes the right balance between
ensuring rigorous protections against
conflicts of interest and protection of
trade secrets and confidential
commercial information. Other
comments oppose the third-party
certification program that is the subject
of this rulemaking because private
auditors are inherently conflicted and
food safety inspections should be
conducted only by FDA.
Other comments suggest various
additional conflict of interest
restrictions that should be placed, such
as requiring an individual audit agent or
an individual accredited as a third-party
certification body to divest of all
interests in FDA-regulated food firms;
prohibiting such individual from
conducting a regulatory audit of an
eligible entity where the individual
previously conducted a consultative
audit or where the individual was
previously employed; and prohibiting
the individual from accepting an offer of
employment from an audited eligible
entity for 1 year following an audit. Still
other comments urge FDA to prohibit
meals or beverages from being provided
during an audit or to define the de
minimis value of meals and beverages
that may be provided onsite during an
audit.
(Response 135) We believe the
accredited third-party certification
program that Congress directed us to
establish under section 808 of the FD&C
Act will provide a valuable complement
to FDA inspections and will allow us to
leverage rigorous, independent thirdparty audits in helping to ensure the
safety of the U.S. food supply. We
disagree with comments contending that
third-party certification programs are so
inherently conflicted that such a
program is not worthwhile.
We believe the conflict of interest
restrictions for accredited third-party
certification bodies and for their audit
agents that are established by section
808 of the FD&C Act for public and
private third-party certification bodies,
as implemented by this rule, provide the
safeguards necessary for a credible
PO 00000
Frm 00052
Fmt 4701
Sfmt 4700
third-party certification program.
Accordingly, we decline suggestions to
revise § 1.657 to place additional
conflict of interest limitations that
would be impractical and unnecessary,
such as requiring: (1) Requiring full
divestment by audit agents of interests
in any FDA-regulated food firm; (2)
prohibiting an individual who
conducted a consultative audit of an
eligible entity from ever conducting a
regulatory audit of the same eligible
entity; (3) prohibiting an individual who
audited an eligible entity from accepting
an offer of employment from the eligible
entity for 1 year following the audit; and
(4) prohibiting an individual conducting
an audit from accepting a beverage or a
meal of de minimis value that is
provided onsite during audit.
We disagree with comments
suggesting that by providing meals of a
de minimis value, an eligible entity or
facility might influence the outcome of
an audit by an accredited third-party
certification body, particularly if the
only allowable meals are ones of
minimal value that are provided during
the course of an activity and with the
purpose of facilitating timeliness and
efficiency. As explained in Response 55,
FDA follows a similar approach for
investigators conducting foreign
inspections—that is, FDA investigators
performing foreign inspections are
allowed to accept lunches (of little cost)
provided by firms during the course of
foreign inspections. We also note that
the U.S. government allows its
employees to accept meals, within per
diem limits, when on official business
in a foreign country, as an exception to
the prohibition on the acceptance of
gifts or gratuities from outside sources
(5 CFR 2635.204(i)(1)), though we
believe the FDA’s practices for foreign
inspections serve as a better model
because foreign inspections are more
analogous to foreign audits than are the
range of activities that covered by the
general requirements applicable to all
U.S. government employees on official
business in foreign countries.
Accordingly, in light of the comments
received and analogous FDA guidelines,
we have concluded that it is reasonable
and appropriate to limit the meal
exception in § 1.657(a)(4)(ii) to only
lunches of de minimis value provided
during the course of an audit, on site at
the premises where the assessment is
being conducted, and only if necessary
to facilitate the efficient conduct of the
audit. We believe these revisions help to
address concerns regarding the threats
to impartiality, while accommodating
the practical considerations that apply
to foreign audits.
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
Consistent with our guidance to
recognized accreditation bodies under
Response 55, we offer the following
additional input to accredited thirdparty bodies seeking guidance on the
application of § 1.657(a)(4)(ii). In
considering whether a meal is allowable
under this provision, we recommend
first considering whether accepting the
lunch is necessary to facilitate the
efficient conduct of the audit. We
recommend considering: (1) Whether
the circumstances surrounding the
travel would allow a lunch to be packed
bring on site; (2) Whether the meal is
being provided during the midday or
early afternoon. A lunch provided in the
midst of an audit is different than a
lunch or other meal provided at the
completion of the audit; (3) Whether the
site of the audit is in close proximity to
a retail food establishment, or is at a
remote location far from a retail food
establishment; (4) What is the estimated
value (or cost) of the lunch in light of
the costs associated with the area where
the audit is being conducted; and (5)
other similar considerations.
For accredited third-party
certification bodies or audit agents
seeking additional guidance on
determining what constitutes a ‘‘de
minimis’’ amount for purposes of
complying with § 1.624(a)(3)(ii), we
offer the following guidance that is
based on the requirements applicable to
U.S. government employees who accept
certain meals while on official travel in
foreign countries. Such employees must
deduct from the per diem the value of
that meal, calculated using a two-step
process.
First, the individual must determine
the per diem applicable to the foreign
area where the meal was provided, as
specified in the U.S. Department of
State’s Maximum Per Diem Allowances
for Foreign Areas, Per Diem Supplement
Section 925 to the Standardized
Regulations (GC,FA) available from the
Superintendent of Documents, U.S.
Government Printing Office,
Washington, DC 20402, and available on
the Department of State Web site at
https://aoprals.state.gov/Web920/per_
diem.asp. (Foreign per diem rates are
established monthly by the Department
of State’s Office of Allowances as
maximum U.S. dollar rates for
reimbursement of U.S. Government
civilians traveling on official business in
foreign areas.)
Second, the individual must
determine the appropriate allocation for
the meal within the daily per diem rate
which is broken down into Lodging and
M&IE that are reported separately in
Appendix B of the Federal Travel
Regulation and available on the
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
Department of State’s Web site at
https://aoprals.state.gov/content.asp
?content_id=114&menu_id=78.
Accordingly, under § 1.657(a)(4)(ii),
an accredited third-party certification
body that is an individual or an audit
agent of an accredited third-party
certification body who is conducting a
food safety audit of an eligible entity
may accept lunch provided during an
audit and on the premises where the
audit is conducted, if necessary to
facilitate the efficient conduct of the
audit.
(Comment 136) Some comments raise
concerns about possible conflicts of
interests. Some comments urge us to
attach additional controls to the
accreditation of foreign cooperatives to
prevent them from auditing and
certifying their members’ facilities and
food. Other comments recommend we
further consider the difficulties
involved with foreign governments
demonstrating impartiality of their
processes in auditing and certifying
facilities owned by the foreign
government.
(Response 136) We note that under
proposed § 1.657, foreign cooperatives
accredited as third-party certification
bodies would not be able to audit or
certify their members’ facilities or foods
under the program, because of their
shared financial interests.
We decline the suggestion to develop
special sets of controls for one or more
types of third-party certification bodies
eligible to be considered for
accreditation under section 808 of the
FD&C Act. We note that the conflict of
interest requirements in section
808(c)(5) of the FD&C Act apply equally
to the foreign governments, agencies of
foreign governments, foreign
cooperatives, and other third-parties.
That is, a foreign government
accreditation body that is recognized by
FDA under this program may accredit
government auditors (i.e., the competent
authority for food safety) from the same
nation, provided that the conflict of
interest requirements in § 1.657 are met.
Consistent with the approach taken in
the statute, we believe that this
comprehensive, rigorous set of conflict
of interest requirements make it
unnecessary for us to create a different
or special controls for certain types of
certification bodies.
(Comment 137) Some comments
support the proposal to require
accredited third-party certification
bodies to maintain up-to-date lists of
eligible entities to which food or facility
certification were issued, together with
the duration and scope of each such
certification. The comments suggest that
having this information readily
PO 00000
Frm 00053
Fmt 4701
Sfmt 4700
74621
available would be helpful to importers
seeking to participate in VQIP and those
seeking to import food that is subject to
import certification under section 801(q)
of the FD&C Act.
Other comments suggest that
requiring an accredited third-party
certification body to maintain a list of
certified eligible entities on its Web site,
together with the dates each eligible
entity paid certification fees, could
create an unfair competition. The
comments contend that the statute does
not require disclosure of the date of
payment of fees and seek clarification
on the basis for disclosing the timing of
fee payments. Other comments suggest
that information on payment of fees
should remain confidential between the
accredited third-party certification body
and the eligible entities it audited and
suggest the information could be made
available to FDA on request. Still other
comments contend that FDA should
only have access to information on fee
payments by eligible entities upon a
showing of cause.
(Response 137) We agree with
comments suggesting that Web site
listings of eligible entities to which food
or facility certification were issued will
be helpful to importers. We disagree
that such information would create
unfair competition, and the comment
did not provide an explanation as to
why this would be the case. To the
contrary, publicizing this information
will increase transparency and
accountability of the program. We are
not proposing to require disclosure of
the amount of fees paid by eligible
entities, because we are concerned that
publicizing the amounts of fee payments
may lead to certification bodies using
this information to gain a competitive
advantage by offering audits at discount
rates. However, we believe proposed
§ 1.657(c) meets the requirement of
section 808(c)(5)(C)(ii) of the FD&C Act
to provide information on the timing of
fee payments and will help build
confidence in the third-party
certification program by providing
assurances that payments are not related
to the results of regulatory audits. We
decline to adopt the alternative
approach suggested by comments—i.e.,
such information should be disclosed to
FDA only when needed to investigate
problems if they occur, and publicly
released only if disclosure would
improve public health—as inadequate to
satisfy the requirements of section
808(c)(5)(C)(ii) of the FD&C Act. In light
of the foregoing, we are retaining
§ 1.657(c), redesignated as § 1.657(d), as
proposed.
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74622
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
I. What records requirements must a
third-party certification body that has
been accredited meet? (§ 1.658)
Proposed § 1.658 would require
accredited third-party certification
bodies to maintain the following
documents and data electronically, in
English, for 4 years, to document
compliance with the rule: (1) Requests
for regulatory audits; (2) audit reports
and other documents resulting from a
consultative or regulatory audit; (3) any
notification of a condition under
proposed § 1.650(a)(5) or by the
accredited third-party certification body
to FDA under proposed § 1.656(c); (4)
any food or facility certification issued
under this program; (5) any challenge to
an adverse regulatory audit decision and
its disposition; (6) any monitoring it
conducted of a certified eligible entity;
(7) the auditor’s/certification body’s
self-assessments and corrective actions;
and (8) any significant change to the
auditing and certification program that
might affect compliance with this rule.
On our own initiative, we are
requiring under § 1.658(a)(3) the
maintenance of any laboratory testing
records and results and documentation
demonstrating that such laboratory is
accredited in accordance with
§ 1.651(b)(3).
(Comment 138) Some comments
recommend that we allow accredited
third-party certification bodies to
maintain their records in languages
other than English, coupled with a
requirement to provide an English
language translation upon FDA request.
Some comments suggest that we should
allow for flexibility in the timeline for
submission of translated records in the
regulations, rather than establishing a
specific deadline, because the
circumstances of each records request
will dictate what would be
appropriate—e.g., where there is a recall
involving a certified facility, then the
timeframe for providing translations
should be very stringent, but where
records are requested for routine
verification purposes, the accredited
third-party certification body should
have more time to comply. Other
comments note that a minimum of 5
business days would be required for
English language translations of records.
(Response 138) We agree that records
should not be required to be maintained
in English, for the same reasons as we
explained in Response 64 (regarding the
records of recognized accreditation
bodies) and are revising § 1.658
accordingly. We further agree with
comments suggesting that we should
have a flexible, rather than a fixed
timeline for providing English language
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
translations of requested records to FDA
and are requiring translations to be
provided within a reasonable time after
an FDA request.
(Comment 139) Some comments urge
us ensure that § 1.658 fully incorporates
the limitation on access to reports and
documents relating to consultative
audits in section 808(c)(3)(C) of the
FD&C Act.
(Response 139) Section 808(c)(3)(C) of
the FD&C Act states that reports or other
documents resulting from a consultative
audit are accessible to us only under
circumstances that meet the
requirements for records access under
section 414 of the FD&C Act. Proposed
§ 1.658(a)(1) utilizes the language of
section 808(c)(3)(C) of the FD&C Act in
describing the types of records of
consultative audits that an accredited
third-party certification body must
maintain, and proposed § 1.658(b) states
that those records must be made
available to FDA in accordance with 21
CFR part 1, subpart J, which implements
section 414 of the FD&C Act. Therefore,
the requirements in § 1.658 do fully
incorporate the limitation on access to
reports and documents relating to
consultative audits as specified in
section 808(c)(3)(C) of the FD&C Act.
(Comment 140) Some comments urge
us to ensure that trade secrets and
confidential commercial information
contained in any records submitted to
FDA would be adequately protected.
The comments note that the proposed
rule does not contain language on the
protection of trade secrets, such as the
language in 21 CFR parts 120 and 123
indicating that HACCP plans are trade
secrets exempt from disclosure. Other
comments suggest that FDA should
consider examining accredited thirdparty certification body records without
taking custody of them. The comments
further suggest that FDA should
establish an administrative process for
requesting records from accredited
third-party certification bodies
participating in the program.
Some comments urge us to clarify that
we will not be applying the records
access and submission requirements of
subpart M to audits that are not
conducted under the rule or to records
of the audited food facilities.
(Response 140) We acknowledge
concerns about protecting proprietary
information and are adding § 1.695 to
address disclosure issues (see Section
XIII.F).
We decline the suggestion to review
records of accredited third-party
certification bodies without taking
custody of the records, because such an
approach would be inconsistent with
the records provisions in section
PO 00000
Frm 00054
Fmt 4701
Sfmt 4700
808(c)(3)(B) of the FD&C Act and would
undermine the credibility of the
program. We also decline the suggestion
to establish separate administrative
processes for handling records requests
that might include, for example,
procedures for challenges to records
requests and appealing adverse
decisions on records requests.
Establishing and administering a
process for FDA records requests would
hinder our program oversight and
would be overly burdensome. We note
that in this rulemaking, FDA has
established a number of mechanisms to
address challenges to FDA’s decisions,
including § 1.691 (for requests for
reconsideration of the denial of an
application of waiver request); § 1.692
(for internal agency review of the denial
of an application or waiver request upon
reconsideration); and § 1.693 (for
regulatory hearings on withdrawal of
accreditation).
We recommend third-party
certification bodies to fully consider the
program requirements before deciding
to pursue recognition under the
voluntary third-party certification
program. Once accredited a certification
body may voluntarily relinquish its
accreditation under § 1.665.
We note that the records maintenance
and access requirements of subpart M
apply only to records relating to an
accreditation of a third-party
certification body under this rule and to
the audits and certification activities
conducted under this program. Records
of audits or certifications issued by an
accredited third-party certification body
for any other purpose outside of the
scope of the program under subpart M
are not covered by § 1.658. We also note
that the rule does not affect the records
maintenance and access requirements
that apply to facilities under subpart J
of this part.
X. Comments on Procedures for
Accreditation of Third-Party
Certification Bodies Under This
Subpart
A. Where do I apply for accreditation or
renewal of accreditation by a recognized
accreditation body and what happens
once the recognized accreditation body
decides on my application? (§ 1.660)
Proposed § 1.660 states that auditors/
certification bodies must apply directly
to a recognized accreditation body for
accreditation (except for circumstances
meeting the requirements of § 1.670 for
direct accreditation).
On our own initiative, we are adding
new provisions (b) through (d) to § 1.660
to explain what happens when a thirdparty certification body’s renewal
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
application is denied. We are adding
provisions to clarify what the applicant
must do, the effect of denial of an
application for renewal of accreditation
on food or facility certifications issued
to eligible entities, and how FDA will
notify the public.
(Comment 141) Some comments
propose that we include a time limit for
recognized accreditation bodies to issue
an accreditation decision. They argue a
time limit would set measurable
standards for the process and would
also help ensure an adequate supply of
accredited auditors/certification bodies.
Comments suggest the timeframe be 90
days. Some comments suggest the
timeframe could be stipulated in the
Model Accreditation Standards.
(Response 141) We acknowledge the
interest in having timely accreditation
decisions. However, the comments
failed to provide an adequate basis to
support a decision to impose a 90-day
deadline for decisions on accreditation.
No other information available to FDA
provides an adequate basis for us to
establish such a deadline, nor do we
think it would be appropriate to do so
at this time. We expect that the time
required to perform various actions in
the program will be longer in the early
days of the program than it will when
FDA, the accreditation bodies, and the
third-party certification bodies gain
experience with the program.
We decline to revise these regulations
to impose a deadline for accreditation
decisions, but may consider addressing
the issue of deadlines for accreditation
decisions in guidance, if we later
determine it would be appropriate. We
are mindful that section 808(c)(1)(C) of
the FD&C Act requires revocation of
recognition for failure to comply with
the applicable requirements of the FD&C
Act and FDA regulations. We would not
want an accreditation body to take
shortcuts in accreditation assessments
to ensure that it could meet a regulatory
deadline for its accreditation decisions
out of concern for revocation for failure
to comply with the deadline. The final
rule reflects our view that the rigor of
the accreditation assessment is essential
in helping to ensure the credibility and
success of the third-party certification
program.
(Comment 142) Some comments ask
whether the processes for accreditation
are the same for governmental and
private bodies.
(Response 142) Section 808(c)(1)(A)
and (B) of the FD&C Act establishes
different requirements for public
certification bodies and for private
certification bodies by specifying
different criteria for the assessment of
foreign governments/agencies than it
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
does for foreign cooperatives and other
private third-party certification bodies
seeking accreditation. However, the
statute makes no distinction between
public and private certification bodies
in procedural matters for accreditation.
Therefore, we are establishing a single
set of accreditation procedures in this
rule that apply to both public and
private third-party certification bodies.
(Comment 143) Some comments ask
how a third-party certification body
could apply for accreditation under this
program.
(Response 143) Third-party
certification bodies seeking to apply for
accreditation under our program may
wish to review § 1.660 of this final rule,
which describes the general procedures
for applying for accreditation from a
recognized accreditation body, as well
as the eligibility requirements for
certification bodies seeking
accreditation in §§ 1.640 through 1.645.
We will post on the FDA Web site a list
of all recognized accreditation bodies
and will include a description of the
scope of recognition of each.
As provided in § 1.670(a)(3), FDA will
announce on our Web site if we
determine that the conditions for direct
accreditation by FDA in section
808(b)(1)(A)(ii) of the FD&C Act have
been met. We will accept applications
for direct accreditation or renewal of
direct accreditation only if we
determine that we have not identified
and recognized an accreditation body to
meet the requirements of section 808 of
the FD&C Act within 2 years after
establishing the program. Unless and
until FDA makes such a determination,
third-party certification bodies must
apply for accreditation from an
accreditation body that FDA has
recognized.
(Comment 144) Some comments
suggest that third-party certification
bodies who receive an adverse decision
on accreditation from a recognized
accreditation body should have access
to a competent, independent person
outside the recognized accreditation
body to whom they could appeal.
Other comments contend that we
have the authority to challenge the
decisions of an accreditation body.
(Response 144) As explained in
Response 36, we are revising
§ 1.620(d)(2) to require a recognized
accreditation body must use competent
persons, who may be external to the
accreditation body, for investigating and
deciding on certification body
challenges to an adverse accreditation
body decision. Such competent persons
must meet the following criteria: (1) Are
free from bias or prejudice; (2) did not
participate in the accreditation decision
PO 00000
Frm 00055
Fmt 4701
Sfmt 4700
74623
being appealed; and (3) are not
subordinate to a person who
participated in such accreditation
decision. Although we are not requiring
the accreditation body to use an external
party for certification body appeals, we
believe the enhanced requirements of
§ 1.620(d)(2) will be adequate to ensure
any person the accreditation body
would select for investigating and
deciding on appeals—whether internal
or external—would be objective and
independent.
With respect to comments suggesting
that we should exercise our authority
over recognized accreditation bodies to
challenge their accreditation decisions,
we note that the enhanced requirements
in § 1.620(d) align with the impartiality
provisions in part 16, which contains
the regulations for FDA regulatory
hearings that we will generally apply
under § 1.693 to an appeal of a
revocation or withdrawal. We also note
that FDA retains the authority to revoke
the recognition of accreditation bodies
for good cause under § 1.634(a)(4) for
failure to comply with this rule. For
these reasons, we decline to establish a
process appealing recognized
accreditation body decisions to FDA.
B. What is the duration of accreditation
by a recognized accreditation body?
(§ 1.661)
Proposed § 1.661 states that the
accreditation of a third-party
certification body may be granted for a
period up to 4 years.
(Comment 145) Most comments agree
with our proposed maximum 4-year
accreditation timeframe. In this regard,
some comments state they are
comfortable with this length of time as
long as accreditation bodies annually
review the accreditation. Some
comments contend that instead of
allowing accreditation to last ‘‘up to 4
years,’’ we should establish a definite
duration period and it should be 5
years. These comments contend that
would align the duration of
accreditation with the duration of
recognition. They also argue that having
a definite duration period would be
more viable administratively.
(Response 145) We agree with the
comments supporting our proposal to
allow accreditation to be issued for a
term of up to 4 years. The comments
suggesting accreditation should be
granted for 5 years offered no
information that would provide an
adequate basis for extending
accreditation such that a third-party
certification body could be accredited
for as long as a recognized accreditation
body. We note that the rigor and
credibility of the program rests, in part,
E:\FR\FM\27NOR4.SGM
27NOR4
74624
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
mstockstill on DSK4VPTVN1PROD with RULES4
on the extent of oversight of accredited
third-party certification bodies. Through
the renewal process, recognized
accreditation bodies (and FDA, for
directly accredited third-party
certification bodies) look closely at all
aspects of a certification body’s and
performance and have the opportunity
to decide anew whether the certification
body meets the eligibility requirements.
With respect to comments suggesting
that we establish a definite duration of
accreditation that would apply to any
third-party certification body accredited
under the program, we acknowledge the
advantages that certainty provides and,
where appropriate, we expect that
recognized accreditation bodies will
issue accreditation for the maximum
duration of 4 years. Where, for example,
a certification body has little or no
experience conducting audits assessing
the safety of food, a recognized
accreditation body (or FDA under direct
accreditation) may decide the initial
grant of accreditation should be less
than 4 years. A recognized accreditation
body (or FDA under direct
accreditation) will make its own
decision on whether to approve a thirdparty’s application for accreditation and
has the flexibility to issue accreditation
for a duration it believes appropriate, up
to a 4-year maximum established by this
rule.
C. How will FDA monitor accredited
third-party certification bodies?
(§ 1.662)
We proposed in § 1.662 to monitor
directly accredited certification bodies
annually; we proposed to evaluate
certification bodies accredited by a
recognized accreditation body by not
later than 3 years after the date of
accreditation for a 4-year accreditation
term or by no later than the mid-term
point of a less-than-4-year accreditation
term. We proposed to review a variety
of records and information such as
assessments by a recognized
accreditation body, information
regarding the auditor’s/certification
body’s qualifications, and information
obtained during onsite observations. We
proposed to conduct our evaluation
through onsite observations of
performance during a food safety audit
of an eligible entity or through
document review.
(Comment 146) Some comments
advocate for more clarity on the
frequency and methods by which we’ll
be providing oversight of accredited
third-party certification bodies. Some
comments question whether we have
sufficient resources to conduct onsite
observation at any specific frequency.
They advise that we further explain how
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
we are going to provide oversight and
how compliance will be reported.
(Response 146) Monitoring
assessments of accredited third-party
certification bodies are one of several
tools we will use for program oversight.
Section 1.662(a) implements section
808(f) of the FD&C Act, which states
that FDA must evaluate an accredited
third-party certification body
periodically, or at least once every 4
years, and take any other measures FDA
deems necessary to ensure compliance.
We anticipate that information gleaned
from other monitoring tools, such as the
accreditation body’s annual assessment
of the certification body, will also aid in
program oversight and may perform
additional assessments of certification
bodies in certain instances.
The objective of an assessment under
§ 1.662 will be to determine the
accredited third-party certification
body’s compliance with the
requirements of this rule. FDA may
conduct an assessment through a site
visit of the third-party certification
body’s headquarters, onsite observation
of an accredited third-party body’s
performance during a food safety audit,
document review, or a combination of
these activities. We will develop plans
for assessing accredited third-party
certification bodies based on risk and
informed by data and other information
available to FDA regarding their
programs and performance in our
program. The starting point for each
assessment will be document review,
and any additional assessment activities
(e.g., site visits or onsite observations)
will be conducted where circumstances
may warrant or for spot-checks of
randomly selected third-party
certification bodies. When planning an
assessment, we will establish the time
period of activities covered by the
assessment. We may request records of
the certification body under § 1.658. We
also may develop plans for any site
visits or onsite observations, including
locations to be visited. As part of the
assessment, we may review records
relating to conflicts of interest, and
interview officers, employees, and audit
agents, and other agents who participate
in decisions on issuance of certification
under this program. We are revising this
section to explicitly state that FDA may
visit the certification body’s
headquarters or other locations where
audit agents are managed.
(Comment 147) Some comments
propose alternative schedules for FDA
monitoring of accredited third-party
certification bodies. Some comments
propose that if we revise the final rule
to establish a fixed, 5-year duration for
accreditation, we should monitor
PO 00000
Frm 00056
Fmt 4701
Sfmt 4700
accredited third-party certification
bodies not later than 4 years after the
date of accreditation. Other comments
state that we should conduct our own
assessments of certification bodies
accredited by recognized accreditation
bodies every 3 years. Still other
comments ask who will cover the costs
of such assessments.
(Response 147) As explained in
Response 145, we decline the suggestion
to lengthen the maximum duration of
accreditation from 4 years to 5 years. We
will use annual performance
assessments by recognized accreditation
bodies and information submitted to
FDA as part of our ongoing monitoring
of accredited third-party certification
bodies. The FDA monitoring assessment
under § 1.662 will occur at least once
every 4 years and may occur more
frequently depending on circumstances,
including available resources. We are
proposing that costs for FDA monitoring
will be included in the user fees that are
assessed under section 808(c)(8) of the
FD&C Act to recover FDA’s costs in
administering the program (80 FR
43987).
(Comment 148) Some comments
propose that FDA monitoring of
accredited third-party certification
bodies should periodically focus on
compliance with food additive
requirements.
(Response 148) Our monitoring will
be tailored to the scope of accreditation
under which the accredited third-party
certification body may conduct food
safety audits under this program. We
will prioritize our monitoring activities
to ensure compliance with the
requirements of section 808(f)(2) based
on factors such as our risk-based
program priorities.
(Comment 149) Some comments
suggest that, in addition to conducting
onsite observations of accredited
certification bodies when conducting a
food safety audits, we could also do so
when the recognized accreditation body
assesses the auditor/certification body.
(Response 149) We agree and will do
so as appropriate and as circumstances
allow.
(Comment 150) Comments suggest
that when FDA selects an accredited
certification body for onsite observation,
we should notify it 2 months in
advance, to allow time to make the
arrangements.
(Response 150) At this time, we have
no basis for determining that we would
be able to provide 2 months’ notice
prior to each certification body onsite
observation; therefore, we decline the
suggestion. We note that we may begin
working with an accredited third-party
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
mstockstill on DSK4VPTVN1PROD with RULES4
certification body well before we
perform onsite observations, as feasible.
D. How do I request an FDA waiver or
waiver extension for the 13-month limit
for audit agents conducting regulatory
audits? (§ 1.663)
Proposed § 1.663 would allow
accredited third-party certification
bodies to seek an FDA waiver of the
limit on audit agents conducting
regulatory audits of an eligible entity
where they conducted a regulatory or
consultative audit in the preceding 13
months. Under section 808(c)(4)(C)(ii) of
the FD&C Act, we may waive the limit,
which appears in § 1.650(c), where there
is insufficient access to accredited
certification bodies in the country or
region where an eligible entity is
located.
Of our own initiative, we are
clarifying in the final rule that the
showing of insufficient access is based
on lack of audit agents (or in case where
accredited third-party certification
bodies are comprised of an individual,
that individual), consistent with
changes made to § 1.650 (see Section
IX.A).
(Comment 151) Some comments note
that capacity issues are currently
problematic, even in regions with highly
developed third-party food safety
auditing systems, and are likely to
increase once the FSMA rules are
implemented. Some comments contend
that we should allow the request for the
waiver to come from other affected
parties in addition to accredited
certification bodies. In particular,
comments suggest we should allow the
requests to come from a foreign supplier
and/or the importer. Some comments
estimate that, with the increased
demand from FSMA for audit services,
it will take time for capacity to expand
sufficiently to satisfy the increased
demand. Accordingly, they urge us to
act expeditiously on waiver and waiver
extension requests. Other comments
express concern that FDA will be
overwhelmed with waiver requests and
urge FDA to develop a process for
expedited issuance of waivers.
(Response 151) We acknowledge the
concerns and are aware capacity is an
issue the food industry and certification
bodies currently face. However, we
decline the suggestion to allow
importers and foreign suppliers to seek
waivers on behalf of an accredited
certification body, because we believe
the certification body is better
positioned to determine its own
capacity than an importer or foreign
supplier would be. Further, it would
ultimately be the certification body’s
choice regarding whether to take on
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
additional auditing work. If an
accredited third-party certification body
concluded it needed a waiver to be able
to perform a particular audit, the
certification body would be motivated
to seek a waiver.
We agree with the comments
suggesting it will take time to build
adequate food safety auditing capacity
around the world and will be prepared
to act on waiver requests as
expeditiously as possible. It is difficult
to estimate the amount of the time
required to process waiver requests,
because the program has not launched.
We anticipate that we will be able to
process most waiver requests within 15
business days, as permitted by resources
and other program activities. In
response to comments suggesting that
we should prioritize certain types of
waiver requests, we have modified the
first-in, first-out rule of § 1.663(d) to
allow specific waiver requests to be
prioritized based on program needs.
We also note that as we gain
experience with the program and with
information offered in support of waiver
requests, we expect to be able to process
waiver requests more quickly and may
reevaluate whether FDA has adequate
information to support issuance of a
waiver for a particular country or
region.
E. When would FDA withdraw
accreditation? (§ 1.664)
Proposed § 1.664 would establish the
conditions under which we could
withdraw accreditation from a thirdparty certification body, regardless of
whether it was directly accredited or
accredited by a recognized accreditation
body. This section would implement
section 808(c)(6)(A) of the FD&C Act,
which requires us to withdraw
accreditation in certain outbreak
situations, whenever we find that an
accredited third-party certification body
is no longer meeting the requirements
for accreditation, or following a refusal
to allow U.S. officials to conduct audits
and investigations to ensure compliance
with these requirements. The statute
directs us to withdraw accreditation if a
food or facility certified by an
accredited third-party certification body
under our program is linked to an
outbreak of foodborne illness that has a
reasonable probability of causing
serious adverse health consequences or
death in human or animals. There is an
exception if we conduct an investigation
of the material facts of the outbreak,
review the steps and actions taken by
the third-party certification body, and
determine that the accredited thirdparty certification body satisfied the
PO 00000
Frm 00057
Fmt 4701
Sfmt 4700
74625
requirements for issuance of
certification under this rule.
Section 808(c)(6)(B) of the FD&C Act
allows us to withdraw accreditation
from an accredited third-party
certification body whose accrediting
body had its recognition revoked, if we
determine there is good cause for
withdrawal. This statutory provision is
reflected in proposed § 1.664(c), which
also provides two examples of
circumstances we believe provide good
cause for withdrawal, including bias or
lack of objectivity and performance
calling into question the validity or
reliability of its food safety audits and
certifications.
In proposed § 1.664(d) we provide for
records access when considering
possible withdrawal of accreditation. In
proposed § 1.664(e) we provide for
notice of withdrawal of accreditation
and describe the processes to challenge
such withdrawal.
Proposed § 1.664(f) describes the
effect of withdrawal on eligible entities.
Proposed § 1.664(g)(1) explains that
FDA will notify the recognized
accreditation body that accredited the
third-party certification body whose
accreditation was withdrawn by FDA.
Proposed § 1.664(g)(2) explains that
FDA may revoke recognition of an
accreditation body whenever FDA
determines there is good cause for
revocation under proposed § 1.634.
Proposed § 1.664(h) provides for public
notice of withdrawal of accreditation on
FDA’s Web site.
At our own initiative, we revised
proposed § 1.664(c) on discretionary
withdrawal of accreditation to allow for
partial withdrawal of accreditation. For
example, if FDA reviews a selfassessment submitted by an accredited
third-party certification body following
revocation of its accreditation body’s
recognition and determines the thirdparty certification body has failed to
perform food safety audits consistent
with this rule in some but not all areas
for which it is accredited, FDA may
partially withdraw the third-party
certification body’s accreditation as to
those areas in which it has failed to
comply with this rule.
(Comment 152) Some comments
contend that FDA’s interpretation of the
statutory mandatory withdrawal
provisions in section 808(c)(6)(A) of the
FD&C Act is overly strict. The
comments focus specifically on
mandatory withdrawal when an eligible
entity that was issued certification by an
accredited third-party certification body
is linked to a foodborne illness outbreak
that meets the SAHCODHA standard.
The comments argue that one adverse
event does not necessarily mean the
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74626
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
third-party certification body should
lose its accreditation, emphasizing that
a single certification body might
conduct hundreds of audits in various
regions of the world and in diverse
product areas. The comments propose
that we limit mandatory withdrawal
following an SAHCODHA outbreak to
the country, region, type of food product
and process involved in the event.
Some comments agree that, as
described in proposed § 1.664(f),
certifications issued by a third-party
certification body prior to withdrawal of
its accreditation should remain in effect
until they expire. Other comments
assert that withdrawal of accreditation
might result in unfairly revoking a
significant number of certifications at
tremendous cost, adversely affect other
eligible entities that depend on the
certification body and its certifications,
and disrupt the marketplace. Still other
comments request greater detail on the
withdrawal procedures.
(Response 152) We believe the
concerns about mandatory withdrawal
of accreditation in the outbreak
situation described above or similar
situations are satisfactorily in addressed
in § 1.664(b), codifying section
808(c)(6)(C) of the FD&C Act, which
allows FDA to waive mandatory
withdrawal if FDA investigates the
material facts of the outbreak, reviews
the steps and actions taken by the
certification body, and determines that
the certification body satisfied the
criteria for issuance of certification
under this subpart.
Regarding the comments expressing
concerns about the possible adverse
effects of withdrawal of accreditation on
certifications issued by the certification
body to other eligible entities, we note
that § 1.664(f) states that certifications
issued by an accredited third-party
certification body prior to withdrawal of
accreditation by FDA will remain in
effect until they expire, except that FDA
may refuse to consider a certification
under sections 801(q) or 806 of the
FD&C Act if FDA has reason to believe
such certification is not valid or reliable.
The comments seeking additional
detail on our withdrawal procedures did
not specify what areas of § 1.664
required further explanation. We believe
the procedures described in § 1.664 offer
sufficient detail for interested parties to
understand the standards for
withdrawal of accreditation by FDA and
the processes involved.
(Comment 153) Some comments
suggest that a recognized accreditation
body, not FDA, should withdraw
accreditation from a certification body it
accredited, except for certification
bodies directly accredited by FDA.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
Other comments urge us to include a
requirement, in § 1.634(a), for FDA to
consult with the appropriate
accreditation body before withdrawal of
an accreditation it had issued. The
comments argue that consultation
would facilitate coordination with the
recognized accreditation body and
would complement § 1.664(c), which
addresses discretionary withdrawal of
accreditation in the event we revoke our
recognition of the accrediting
accreditation body. Other comments
recommend that we meet with the
certification body’s accrediting body
when considering possible withdrawal
of accreditation and that we allow for a
formal appeal process.
(Response 153) We disagree with the
comment asserting that only
accreditation bodies may withdraw
accreditations of certification bodies
they have accredited, as FDA is
mandated under section 808(c)(6) of the
FD&C Act to withdraw accreditation of
a certification body under the
conditions set forth in the section,
subject to the waiver provision in
808(c)(6)(C). We note that a third-party
certification body whose accreditation
was withdrawn by FDA may appeal the
action by requesting a regulatory
hearing under § 1.693. We further note
that a recognized accreditation body has
far broader authority to suspend,
withdraw, reduce, or otherwise dispose
of an accreditation it issued, than FDA
does under section 808(c)(6) of the
FD&C Act. Even in circumstances that
meet the statutory criteria for
withdrawal of accreditation, FDA
believes it generally would not need to
initiate withdrawal unless the
recognized accreditation body failed to
withdraw the certification body’s
accreditation in a timely manner.
We agree that in some cases,
consultation with a certification body’s
accrediting body before withdrawal
could have advantages to FDA and the
accreditation body, if circumstances
allow. Decisions on whether to consult
with the certification body’s accrediting
body prior to withdrawal will be made
on a case-by-case basis. Consultation
might not be appropriate if, for example,
the facts that support withdrawal of the
third-party certification body’s
accreditation also support revocation of
the accreditation body’s recognition.
(Comment 154) Some comments ask
how individual holders of food or
facility certificates would be made
aware of the withdrawal of accreditation
of the third-party certification body that
issued the certificate. Other comments
recommended that FDA post on its Web
site not only that fact that a certification
body’s accreditation has been
PO 00000
Frm 00058
Fmt 4701
Sfmt 4700
withdrawn, but also the reason for the
withdrawal.
(Response 154) If we withdraw
accreditation of any third-party
certification body, whether accredited
by a recognized accreditation body or by
FDA through direct accreditation, we
will post information regarding the
withdrawal, including a description of
the basis for the action, on the FDA Web
site pursuant to § 1.664(h). We do not
intend to contact each eligible entity
that was issued a certification by the
third-party certification body because,
as indicated in Response 152,
certifications issued to eligible entities
prior to withdrawal of accreditation will
remain in effect until they expire,
except where FDA has reason to believe
the certification is not valid or reliable
and on that basis may refuse to consider
the certification under sections 801(q) or
806 of the FD&C Act.
(Comment 155) Some comments
recommend we use ISO\IEC 17011:2004
as the reference document for the
requirements of this section.
(Response 155) We decline the
suggestion, because the grounds for
withdrawal under section 808(c)(6) of
the FD&C Act are much broader than
those described in ISO/IEC 17011:2004
(Ref. 5). For example, under section
808(c)(6)(A)(i) and (C) of the FD&C Act
FDA may withdraw accreditation of a
certification body if a food or facility it
certified under our program is linked to
an outbreak of foodborne illness that has
a reasonable probability of causing
SAHCODHA, unless FDA determines
the certification body satisfied the
requirements for issuance of such
certification. In such an outbreak
situation, the statute contemplates that
withdrawal of accreditation would
occur after a single—albeit significant—
failure by the certification body. By
contrast ISO/IEC 17011:2004 allows for
withdrawal of accreditation only when
a certification body persistently fails to
meet the requirements of accreditation
or abide by the rules of accreditation.
We note that by declining to revise
§ 1.664 based on the comments, we are
not suggesting that FDA will withdraw
accreditation when the Agency
identifies a single incident or mistake by
a certification body, except where
required by the statute. Any decision to
withdraw accreditation will be based on
the facts and circumstances of the
situation and following due
consideration by FDA.
(Comment 156) Some comments state
that in a case where FDA withdraws an
accredited certification body, the
accreditation body should make an
investigation and analysis and submit
the analysis result to FDA within 3
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
months after the analysis report has
been established.
(Response 156) We disagree. This rule
does not require that the accreditation
body make a full investigation and
analysis and submit the analysis result
to FDA within 3 months. Section
1.664(g) requires the accreditation body
to perform a self-assessment and report
the results of the self-assessment to FDA
within 60 days. FDA may revoke the
recognition of an accreditation body
whenever FDA determines there is good
cause for revocation of recognition
under § 1.634. These procedures will
help ensure that accreditation bodies
remain in compliance with the
requirements of the third-party program.
F. What if I want to voluntarily
relinquish accreditation or do not want
to renew accreditation? (§ 1.665)
Proposed § 1.665 offers a mechanism
for an accredited third-party
certification body to voluntarily
relinquish its accreditation before it
terminates by expiration.
Although we received no adverse
comments on this section, we received
comments on other sections of the rule
that led us to identify a gap in
procedural requirements when an
accredited certification body decides to
allow its accreditation to expire without
renewing it. At our own initiative, we
are revising the voluntary
relinquishment provisions in § 1.665 to
also address situations where a
certification body decides it does not
want to renew its accreditation once it
expires.
mstockstill on DSK4VPTVN1PROD with RULES4
G. How do I request reaccreditation?
(Proposed § 1.666)
Proposed § 1.666 describes the
procedures a certification body must
follow when seeking to be reaccredited
after its accreditation was withdrawn by
FDA or after voluntarily relinquishing
its accreditation.
FDA received no adverse comments
on this section. On our own initiative
we are revising paragraph (a)(2)(i) to
conform to the changes in § 1.634(d) to
clarify that the third-party certification
body has to become accredited by
another accreditation body or by FDA
through direct accreditation no later
than 1 year after the withdrawal or
accreditation, or the original date of
expiration of the accreditation,
whichever comes first.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
XI. Comments on Additional
Procedures for Direct Accreditation of
Third-Party Certification Bodies Under
This Subpart
A. How do I apply to FDA for direct
accreditation or renewal of direct
accreditation? (§ 1.670)
Section 808(b)(1)(A)(ii) of the FD&C
Act allows us to directly accredit thirdparty auditors/certification bodies if we
have not identified and recognized an
accreditation body to meet the
requirements of section 808 within 2
years after establishing this program. We
proposed circumstances and procedures
that would apply for direct accreditation
and renewal of direct accreditation.
(Comment 157) Some comments
assert that the statute anticipates a
bifurcated system for direct
accreditation of certification bodies,
because the standards for review for
accreditation of foreign governments are
distinct from those of the private
auditing entities under section 808(c)(1)
of the FD&C Act. The comments ask that
we draft additional rules to specifically
cover direct accreditation of foreign
governments, asserting that we should
provide a separate path for direct
accreditation of foreign governments
that prioritizes their applications based
on, among other things, the language in
section 808(c)(1) of the FD&C Act. Some
comments ask whether the same
eligibility requirements and procedures
are required of both governmental and
private bodies applying for direct
accreditation.
(Response 157) We disagree with the
suggestion to create a bifurcated system.
We acknowledge that section 808(c)(1)
of the FD&C Act contains different
requirements for foreign governments/
agencies than it does for foreign
cooperatives and other private thirdparty certification bodies seeking
accreditation. However, we do not
interpret this language as suggesting a
preference for public certification
bodies over private certification bodies.
We believe sections 808(c)(1)(A) and
(B) of the FD&C Act are tailored to
reflect the objectives and scope of each
type of assessment, which would vary
because of the differences between
public and private certification bodies.
While governments typically are both
auditors/inspectors and owners of food
safety schemes, private certification
bodies usually are not scheme owners,
because of concerns about possible
conflicts of interest associated with
serving in dual roles. Therefore, a
private certification body would not be
assessed for its food safety program or
standards; it would be assessed for the
training and qualifications of its
PO 00000
Frm 00059
Fmt 4701
Sfmt 4700
74627
auditors and its internal management
system. In light of the foregoing, we
decline the suggestion to interpret
sections 808(c)(1)(A) and (B) of the
FD&C Act as supporting provisions for
direct accreditation that would
prioritize the applications of foreign
governments/agencies over applications
from private third-party certification
bodies.
(Comment 158) Some comments
suggest that FDA should not serve as an
accreditation body for third-party
certification bodies because it would
open the door for other countries with
less capability to do the same. The
comments contend that FDA and its
foreign regulatory partners need to
provide the oversight of the industry,
but should not be accreditation bodies.
(Response 158) We disagree. Section
808 of the FD&C Act contemplates that
FDA can provide proper oversight of the
program, while directly accrediting
third-party certification bodies. We are
unable to comment on what effects, if
any, this would have on the actions of
other countries. However, we emphasize
that FDA will not perform direct
accreditation unless the circumstances
of section 808(b)(1)(A)(ii) of the FD&C
Act are met—that is, if FDA has not
identified and recognized an
accreditation body to meet the
requirements of section 808 of the FD&C
Act within 2 years after establishing this
program.
(Comment 159) Some comments ask
that we wait for more than 2 years after
the program is established to accept
applications for direct accreditation, to
allow enough time for accreditation
bodies applying for recognition to
satisfy all the necessary requirements.
Other comments assert that we should
not directly accredit certification bodies
in a country if we have already
recognized an accreditation body in that
country. Some comments ask us to
clarify when, under what conditions,
and how we would choose to directly
accredit a certification body.
(Response 159) Under section
808(b)(1)(A)(ii) of the FD&C Act, 2 years
after establishing the program is the
earliest date that FDA may begin to
directly accredit third-party certification
bodies. Further, we may only do so if
we determine that we have not
identified and recognized an
accreditation body to meet the
requirements of section 808 of the FD&C
Act 2 years after establishing the
program. In the proposed rule, we
provided examples of how we may
make this determination, such
identifying a type of expertise or
geographic location for which a
recognized accreditation body is
E:\FR\FM\27NOR4.SGM
27NOR4
74628
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
mstockstill on DSK4VPTVN1PROD with RULES4
lacking, and stated that we will only
accept applications for direct
accreditation and renewal applications
that are within the scope of the
determination. FDA declines to limit
itself to a time period longer than 2
years before it can consider direct
accreditation as any decision to directly
accredit will depend on the
circumstances the needs of the program,
as determined by FDA under § 1.670(a).
(Comment 160) Some comments
express concern that we will not have
the capacity to undertake the
responsibility of directly accrediting
certification bodies.
(Response 160) Section 808(c)(8) of
the FD&C Act requires FDA to create a
user fee program to section 808 of the
FD&C Act. FDA is in the process of
establishing this program by rulemaking
(80 FR 43987). For more information
about the costs of this program, please
see the regulatory analysis of this final
rule.
(Comment 161) Some comments ask if
we will have a contract agreement with
directly accredited certification bodies.
These comments assert that if we do, the
contract should specify that we have the
capacity to access confidential
information without prior written
consent of the certification body. The
contract should also specify that having
access to records relating to
accreditation activities under this
subpart is necessary to ensure the rigor,
credibility, and independence of the
program.
(Response 161) Under § 1.671(d), FDA
will list any conditions associated with
the accreditation in the issuance and
may establish an agreement with the
certification body at that time. With
respect to access to records, a thirdparty certification body that is directly
accredited by FDA must comply with
the records maintenance and access
requirements of § 1.658. Records
obtained by FDA will be subject to the
disclosure requirements of § 1.695.
B. How will FDA review my application
for direct accreditation or renewal of
direct accreditation and what happens
once FDA decides on my application?
(§ 1.671)
Proposed § 1.671 describes a process
for reviewing and deciding on
applications for direct accreditation and
renewal that is consistent with the
procedures for reviewing and deciding
on applications under other provisions
in this rule.
On our own initiative we are revising
paragraph (a) to clarify that FDA will
review submitted applications for
completeness and notify applicants of
any deficiencies. We also are adding
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
new paragraphs (e) through (h) to
§ 1.671 to explain what happens when
a directly accredited certification body’s
renewal application is denied. We are
adding provisions to clarify what the
applicant must do, the effect of denial
of an application for renewal of direct
accreditation on food or facility
certifications issued to eligible entities,
and how FDA will notify the public.
(Comment 162) Some comments
express concern that we are limiting
ourselves to a ‘‘first in, first out’’ review
process that gives us no discretion to
accredit foreign governments before we
consider other applications from private
third-party entities that apply.
Some comments ask that we consider
prioritizing approval of applications for
direct accreditation on areas and regions
where it is most needed to benefit our
food safety mandates.
Some comments assert that priority
for review of applications for direct
accreditation should be for countries
without an accreditation body or in
circumstances where it is not
economically feasible for a national
accreditation body to expand its scope
to include a certain single certification
body.
(Response 162) As indicated Response
25, we intend to treat public and private
certification bodies equally under this
program, as both public and private
certification bodies are capable of
meeting the requirements of the
program. Additionally, because we will
only be accepting applications for direct
accreditation in limited circumstances
as discussed in Responses 158 and 159,
all applications for direct accreditation
will need to be able to demonstrate that
there is a need for direct accreditation
based on a determination made by FDA
under § 1.670(a)(1). We note that we
have revised § 1.671(a) to allow FDA to
prioritize specific direct accreditation
applications to meet the needs of the
program.
(Comment 163) Some comments
assert that our application review
process must be comprehensive but also
expedient. Some comments ask that our
communications with applicants be
timely.
Some comments express concern
about the length of time it will take us
to recognize and notify an applicant of
any deficiencies in the application.
These comments also assert that
requiring applicants with deficiencies to
resubmit their applications and sending
it to the bottom of the review list would
make for significant delays in the direct
accreditation and renewal of direct
accreditation application process.
(Response 163) We understand the
concern expressed by comments with
PO 00000
Frm 00060
Fmt 4701
Sfmt 4700
regard to timeliness. Although we
decline to set specific deadlines for this
review, FDA anticipates that a
completeness determination could
generally be made within 15 business
days, because this is not a decision on
the merits of the application.
Nonetheless, the time needed to identify
deficiencies in any particular individual
application will depend on a number of
factors, including the quality of the
submission, the availability of
resources, and other competing
priorities at the time the application is
submitted. With respect to the concerns
about requiring incomplete applications
to be resubmitted and added to the
bottom of the review list, we note that
from our experience gained from the
third-party certification pilot for
aquacultured shrimp, extensive
followup was needed with many of the
applicants in order to gain sufficient
information for a complete application.
With this in mind, we are processing
only complete applications so that we
are not delaying others that have
correctly prepared complete
applications. Further, we are
establishing an electronic portal for
submission of applications, reports,
notifications, and other information
under this rule and an electronic
repository of this information, which
will allow us to communicate with
applicants as needed.
C. What is the duration of direct
accreditation? (§ 1.672)
We proposed that direct accreditation
of a third-party certification body may
be granted for a period up to 4 years. We
tentatively concluded that 4 years is an
appropriate duration for an
accreditation because we believe the
rigor and credibility of this program
rests, in part, on the oversight of
accredited certification bodies to
conduct audits and to certify eligible
foreign entities. We requested comment
on this tentative conclusion.
(Comment 164) Some comments ask
that we establish a specific fixed
duration of 5 years for direct
accreditation before renewal is required.
These comments also ask that the
duration for recognition of accreditation
bodies and accreditation of third-party
certifications bodies also be fixed at 5
years and assert that having a
standardized accreditation term for all
parties in the third-party program would
be more administratively viable for us.
(Response 164) For the reasons we
explained in Response 145 we decline
to establish a fixed duration of
accreditation and also decline to
establish a standard term of 5 years for
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
accreditation for all parties in the thirdparty program.
XII. Comments on Requirements for
Eligible Entities Under This Subpart
mstockstill on DSK4VPTVN1PROD with RULES4
A. How and when will FDA monitor
eligible entities? (§ 1.680)
Proposed § 1.680 would allow FDA to
conduct onsite audits of eligible entities
that have received certification from an
accredited certification body at any
time, with or without the accredited
third-party certification body present. It
also proposed that a food safety audit by
an accredited certification body is not
considered an inspection under section
704 of the FD&C Act. For clarification
purposes at our own initiative, we are
revising the second sentence of
§ 1.680(a) to add, ‘‘[w]here FDA
determines necessary or appropriate,’’
before ‘‘the audit may be conducted
with or without the accredited
certification body or the recognized
accreditation body (where applicable)
present.’’
(Comment 165) Some comments
address the timing of FDA’s audits of
eligible entities. Some comments
encourage FDA to conduct audits of
eligible entities regularly, particularly in
the first years of the program, to ensure
compliance with the program and to
verify that certification is appropriate.
Some comments encourage FDA to
conduct random as well as targeted
audits of eligible entities. For example,
the comments suggest that if FDA
withdraws the accreditation of a
certification body, the Agency should
conduct onsite audits of a sample of the
eligible entities to which the withdrawn
certification body issued certifications.
(Response 165) We agree that robust
government oversight of the third-party
program will be vital to its success and
periodic audits of eligible entities will
be conducted consistent with our riskbased priorities and resources.
(Comment 166) Some comments
discuss the substance of FDA’s audits of
eligible entities. Some of these
comments encourage FDA to ensure that
eligible entities implement corrective
actions when deficiencies are identified.
Some comments recommend that
company data on tests of both products
and the environment be made available
to FDA auditors, and argue that without
access to such data, FDA auditors would
not be able to perform a thorough audit.
Comments also maintain that, during an
audit, FDA should be able to access
results of the eligible entity’s testing of
both products and the environment.
(Response 166) We currently are
developing internal operational
procedures for the third-party
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
certification program and will make
these procedures public. As part of this
process, we are developing protocols for
FDA audits of eligible entities.
(Comment 167) Some comments argue
that unannounced audits of eligible
entities by FDA that have been certified
by an accredited third-party certification
body would likely result in incomplete
audits and urge the agency to consider
contacting the eligible entity to schedule
such audits. Comments state that
scheduled audits would be more
efficient and less burdensome for both
eligible entities and FDA because
eligible entities would have a better
understanding of what is needed during
the audit and which employees should
be present.
(Response 167) Section 808(c)(5)(C) of
the FD&C Act directs FDA to
promulgate regulations requiring that
‘‘audits performed under this section be
unannounced.’’ Section 808(f)(3) of the
FD&C Act allows FDA to, at any time,
conduct an onsite audit of any eligible
entity certified by an accredited thirdparty certification body to ensure
compliance with the requirements of
section 808. Given this statutory
language, we are clarifying in § 1.680
that an FDA audit conducted under this
section will be conducted on an
unannounced basis and may be
preceded by a request for a 30-day
operating schedule. We note that it may
not be appropriate at all times to
precede audits for a 30-day operating
schedule, such as in the case of a forcause audit.
(Comment 168) Some comments state
that when FDA has questions about
eligible entities, it should notify the
accreditation bodies and certification
bodies to conduct a joint audit.
(Response 168) It is unclear what the
comment means by conducting a joint
audit, but § 1.680 would allow for the
certification body and accreditation
body to be present during the FDA audit
when FDA determines it is necessary
and appropriate.
(Comment 169) Some comments argue
that the monitoring of eligible entities
should be conducted by the competent
authority of the exporting country,
particularly where a systems recognition
agreement is in place or where there is
a robust national food control system in
place.
(Response 169) We intend to
coordinate as appropriate with our
foreign regulatory counterparts;
however, section 808(f)(3) of the FD&C
Act specifically directs FDA to conduct
onsite audits of eligible entities to
ensure compliance with the
requirements of section 808 of the FD&C
Act. We believe onsite audits of certified
PO 00000
Frm 00061
Fmt 4701
Sfmt 4700
74629
eligible entities are an important
component of the robust oversight
essential to the success of the thirdparty program. Without the ability to
conduct onsite audits of a certified
eligible entity, FDA would not be able
to directly ascertain whether the
certification body and/or its
accreditation body are in fact making
accurate determinations of compliance
with FDA requirements. Such oversight
is necessary to maintain confidence in
the certifications issued by accredited
certification bodies under this program.
(Comment 170) Some comments ask
FDA to clarify why an onsite audit of an
eligible entity is not considered an
inspection under section 704 of the
FD&C Act, particularly since the
purpose of the audit is to determine if
the entity is in compliance with the
FD&C Act and since an FDA inspection
may be used to meet the verification
requirements under the proposed FSVP
regulation. Other comments endorse
FDA’s decision not to consider a food
safety audit under this program an
inspection under section 704 of the
FD&C Act.
(Response 170) Section 808(h)(1) of
the FD&C Act explicitly states that
audits under the third-party certification
program ‘‘shall not’’ be considered
inspections under section 704. The
inspections done under section 704 of
the FD&C Act, unlike audits conducted
under section 808(f)(3), are not
conducted for the purpose of ensuring
compliance with section 808 of the
FD&C Act. The objective of an audit
under § 1.680(a) extends beyond the
eligible entity—through its audit of the
eligible entity FDA is gathering
information to use in its monitoring of
the accredited certification body that
audited the entity and the recognized
accreditation body that accredited
certification body that audited the
eligible entity. We note that an audit
under section 808(f)(3) is not a ‘‘food
safety audit’’ under this subpart. As
noted previously, the audits conducted
under section 808(f)(3) are done
specifically to ensure compliance with
section 808 of the FD&C Act. As
discussed in section III.C., we are
clarifying that an audit conducted under
this subpart is not an inspection under
section 704 under the FD&C Act.
Accordingly, we are removing
§ 1.680(b).
B. How frequently must eligible entities
be recertified? (§ 1.681)
Proposed § 1.681 stated that an
eligible entity seeking to maintain its
facility certification must seek
recertification prior to expiration of its
certification. It also proposed that under
E:\FR\FM\27NOR4.SGM
27NOR4
74630
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
section 801(q)(4)(A) of the FD&C Act,
FDA could require, at any time we deem
appropriate, that an eligible entity
renew a food certification.
We received no comments on this
proposed section. However, to clarify
certain matters, we are amending this
section on our own initiative. We are
adding to first sentence the words,
‘‘food or’’ before ‘‘facility certification’’
because the maximum duration of
certifications under section 808(d) of the
FD&C Act applies to both food and
facility certifications. Additionally, we
are revising this section to state that
FDA can require an eligible entity to
apply for recertification of both food
and facility certifications at any time
that FDA deems appropriate.
XIII. Comments on General
Requirements of This Subpart
mstockstill on DSK4VPTVN1PROD with RULES4
A. How will FDA make information
about recognized accreditation bodies
and accredited third-party certification
bodies available to the public? (§ 1.690)
We proposed to post on our Web site
a registry of recognized accreditation
bodies and of accredited third-party
certification bodies, including the name
and contact information for each. The
registry may provide information on
certification bodies accredited by
recognized accreditation bodies through
links to the Web sites of such
accreditation bodies. We requested
comment on our proposed public
registry.
(Comment 171) Some comments
support our proposal to place a registry
of recognized accreditation bodies and
accredited certification bodies on our
Web site and to provide links to the
Web sites of recognized accreditation
bodies. Some comments assert that such
a web-based resource where members of
the industry and public could access
standards associated with accreditation/
certification and a list of accreditation
and certification bodies is a meaningful
demonstration of FDA oversight. Some
comments ask that this list be updated
regularly so that it stays accurate. These
comments also ask that we provide
appropriate indexing and filtering
functions so that the registry is easily
searchable and stakeholders can
conveniently and reliably find and use
this information.
(Response 171) FDA agrees that the
online registry will be a valuable tool.
We intend for it to be updated regularly.
We also intend for it to have indexing
and filtering functions which will make
searches more efficient and productive.
(Comment 172) Some comments ask
that we not include the name(s) of audit
agent(s) on our Web site or otherwise
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
publicly disclose such information
could disrupt the marketplace for thirdparty certification services
Some comments assert that access to
detailed, specific, and sensitive
information is not necessary to gain
credibility with consumers. These
comments refer us to industry models
that provide detailed information on the
requirements of their program and posts
a list of members in good standing along
with a list of companies who have been
decertified is an example of credible,
balanced information that is actionable
by consumers (i.e., California Leafy
Green Products Handler Marketing
Agreement).
(Response 172) To clarify, we do not
intend to disclose the names of audit
agents on our Web site. We will be
providing the business name and
business contact information for each
recognized accreditation body. The
business name and business contact
information for each accredited thirdparty certification body may be listed on
our Web site or may be provided by link
to Web sites of their accreditation
bodies. The Web site will contain
program information as well and may be
similar to the industry models
recommended by some comments.
(Comment 173) Some comments seek
maximum transparency, asserting that
we must also post on our Web site the
audit reports, self-assessments, and
notifications prepared by the third-party
certification bodies and submitted to
FDA. The comments contend that
making this information public would
increase program transparency and help
to ensure that imported products do not
receive an unfair competitive advantage
over products available domestically.
Other comments suggest that we
allow accreditation bodies and thirdparty certification bodies to submit
redacted versions of these documents,
where confidential information is
blacked out, so that these documents
can also be made publicly available
without compromising confidential
information. These comments assert that
making public these reports, selfassessments, and notifications would
improve self-assessments, reduce the
Agency’s burden of responding to FOIA
requests, and allow independent
analysis to complement the Agency’s
evaluation. Thus, comments ask us to
specify in § 1.690 that we will also place
on our Web site the reports and
notifications submitted pursuant to
§§ 1.623 and 1.656 and that we will
allow a recognized accreditation body
and accredited auditors/certification
body to submit a redacted version of the
report or notification that is intended to
be made publicly available.
PO 00000
Frm 00062
Fmt 4701
Sfmt 4700
(Response 173) Generally, we do not
intend to post redacted versions of
reports on our Web site. Information
submitted to the Agency, including
reports and notifications submitted
pursuant to §§ 1.623 and 1.656, becomes
an Agency record. We have added a new
§ 1.695 to the final rule to clarify that
records under this subpart are subject to
part 20; part 20 provides protections for
trade secrets and confidential
commercial information (CCI) from
public disclosure (see, e.g., § 20.61).
(Comment 173) Some comments ask
us to take action to ensure that thirdparty certification bodies act with
maximum transparency and to ensure
adequate protections against conflicts of
interest. Some comments ask that we
post on our Web site information
concerning the scope of the recognized
accreditation body recognition and
accredited certification body
accreditation, duration of accreditation,
payments made to those accreditation
bodies and certification bodies, and
whether accreditation has been
withdrawn or suspended. Some
comments assert that requiring
recognized accreditation bodies and
accredited certification bodies to make
this information available on their own
Web sites does not ensure that all
potential conflicts of interest will be
identified, and suggest that we require
that this information be submitted
directly to us as well.
(Response 174) FDA agrees that it
would be helpful to include on our Web
site information concerning the scope of
accreditation services that each
recognized accreditation body is
recognized for, and the scope of
accreditation for each accredited
certification body is accredited for. We
also agree it would be useful and
increase transparency to include the
duration of recognition for each
accreditation body, and the duration of
accreditation for each certification body.
Scope and duration information will
make the site more practically useful
and will increase transparency.
Therefore, we intend to include this
information on our Web site and we are
revising § 1.690 to reflect this. In
addition, we are revising this section to
state that FDA will post on its Web site
a list of accreditation bodies for which
it has denied renewal of recognition, for
which FDA has revoked recognition,
and that have relinquished their
recognition or have allowed their
recognition to expire. Further, FDA will
place on its Web site a list of
certification bodies whose renewal of
accreditation has been denied, for
which FDA has withdrawn
accreditation, and that have
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
relinquished their accreditations or have
allowed their accreditations to expire.
Finally, FDA will place on its Web site
determinations under § 1.670(a)(1) and
modifications of such determinations
under § 1.670(a)(2). This additional
information will help ensure maximum
transparency under the program.
With regard to information on dates of
payment, we have determined there is
little additional value to posting such
information on the FDA Web site, and
it would create an additional
administrative burden; we do not
believe the value exceeds the burden. In
our view, conflict of interest and
transparency concerns are sufficiently
satisfied by making information on
dates of payment publicly available
online via the Web sites of recognized
accreditation bodies (see § 1.624(c)) and
accredited certification bodies (see
§ 1.657(d)).
(Comment 175) Some comments
request clarification concerning whether
and what information we collect
pursuant to this program will be made
available to importers and the public.
Some comments question the extent and
format of the audit data that will be
shared, and what might be held
confidential. These comments assert
that businesses have a need to protect
proprietary information (e.g., sales lists,
supplier lists, equipment designs and
specific information about product
attributes), and any sharing of such
information might compromise their
ability to carry out business functions or
to maintain competitive advantage.
Some comments inquire about the
extent and formats of audit data we
intend to make public, what might be
held confidential, and whether we will
take steps to protect information
provided by certification bodies from
FOIA requests.
Some comments express concern
about our ability to develop and
maintain a dynamic system that will be
able to collect, update, and present
audit data to consumers, and assert that
it is important for industry to gain a
better understanding of what type of
audit data we will require.
Some comments suggest that we look
to USDA’s Food Safety and Inspection
Service (FSIS) Public Health
Information System for insight into how
to develop a database system that seeks
to define the boundary between
increasing public access to data and
addressing confidentiality concerns by
companies. Some comments note that
the FSIS program is the result of several
years of effort to establish a mechanism
for public access to data that can lead
to research and analysis that improves
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
public health while protecting the
proprietary rights of the establishments.
(Response 175) As discussed
previously, newly added § 1.695
clarifies that records under this subpart
are subject to part 20; part 20 provides
protections for trade secrets and
confidential commercial information
from public disclosure (see, e.g.,
§ 20.61).
FDA will provide periodic updates on
program activities through our Web site,
and our disclosures will be consistent
with our statutory obligations to protect
trade secrets and CCI from disclosure.
With regard to the expressed concern
about FDA’s ability to develop and
maintain an adequate data system to
collect, update, and present audit data
to consumers, we are aware of the size
and importance of this undertaking and
are diligently pursuing an effective
system. We appreciate the suggestion to
review the FSIS database system and
intend to do so.
(Comment 176) Some comments
encourage us to develop communication
strategies to help consumers view the
data in audit reports within the context
of food production; specifically, to set
proper program expectations and to
provide proper context for consumers to
understand what the data means. These
comments assert that it is important to
provide a frame of reference so that
consumers have a basis for
understanding what the audit data
means and can then proceed to make
informed decisions. The comments note
that audits and certifications are not
declarations or guarantees that products
are safe, and that FDA and the industry
need to feature this reality in
communications strategies aimed to
assist consumer groups and consumers
in using any audit data that might be
available for review.
(Response 176) As noted above, we do
intend to share updates on program
activities with the public; we will work
to properly contextualize the data in our
communications about and presentation
of the information. As noted in
Response 173, FDA does not generally
intend to make audit reports public.
(Comment 177) Some comments
assert that we must clearly describe how
compliance with the program will be
reported to the public.
(Response 177) As noted above, we
intend to provide periodic updates on
program activities through our Web site.
Where appropriate, these updates may
include aggregated program data.
Additional information about program
updates will be shared as we implement
this program. Further, as noted in
response to Comment 86, FDA will post
information on its Web site regarding
PO 00000
Frm 00063
Fmt 4701
Sfmt 4700
74631
accreditation bodies that have had their
recognition revoked, accreditation
bodies for which FDA fails to renew
recognition, certification bodies that
have had their accreditation withdrawn,
and certification bodies whose renewal
of accreditation has been denied.
B. How do I request reconsideration of
a denial by FDA of an application or a
waiver request? (§ 1.691)
We proposed procedures for
accreditation bodies and certification
bodies to seek reconsideration of a
denial of an application or a waiver
request. We also proposed that after
completing our review and evaluation of
the request for reconsideration, we will
notify the requestor, in writing, of our
decision to grant or deny the application
or waiver request upon reconsideration.
On our own initiative, we are revising
§ 1.691(c) to specify that a request for
reconsideration or a waiver request
must be submitted electronically. We
are making corresponding changes to
§ 1.692(b).
(Comment 178) Some comments
suggest that we provide an opportunity
for interested stakeholders, in addition
to the accreditation body or third-party
certification body seeking
reconsideration, to provide information
to us that will inform our
decisionmaking on any reconsideration
request.
(Response 178) We decline to adopt
comments’ suggestion to allow for
others beyond the accreditation body or
third-party certification body seeking
reconsideration to engage in this
process. Our reconsideration of a denial
is not a public process nor do we wish
to make it one. Applications often
contain confidential information not
appropriate for public comment. We
note that information shared with FDA
is subject to the information disclosure
regulations in part 20, as stated in
§ 1.695.
(Comment 179) Some comments ask
us to specify that we will notify the
requestor of our decision within 20
business days after receiving a request
for reconsideration. These comments
assert that the open-ended timeframe for
our review of reconsideration request
may place an undue burden on the party
seeking reconsideration.
(Response 179) FDA agrees that a
request for reconsideration should be
reviewed in a timely fashion. FDA
would anticipate that this review will
generally be made within 30 business
days. However, given the conflicting
demands on Agency resources at
various times, the Agency declines to
add this time restriction to § 1.691.
E:\FR\FM\27NOR4.SGM
27NOR4
74632
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
C. How do I request internal agency
review of a denial of an application or
waiver request upon reconsideration?
(§ 1.692)
E. Are electronic records created under
this subpart subject to the electronic
records requirements of part 11?
(§ 1.694)
We proposed that the requestor who
received a denial upon reconsideration
under § 1.691 may seek internal Agency
review of such denial under 21 CFR
10.75(c)(1).
(Comment 180) Some comments
suggest that we provide an opportunity
for interested stakeholders to provide
information to us that will inform our
decisionmaking on any such
reconsideration request.
(Response 180) As with the parallel
suggestion in the context of a request for
reconsideration, we decline to adopt
comments’ suggestion. The Agency’s
review of a denial is not a public
process nor do we wish to make it one.
As noted previously, applications often
contain confidential information not
appropriate for public comment. We
note that information shared with FDA
is subject to the information disclosure
regulations in part 20, as stated in
§ 1.695.
We did not specify requirements for
the retention of electronic records in the
proposed rule. However, as discussed in
relation to § 1.625, we received several
comments regarding the potential
application of the requirements for
electronic records in part 11 to records
under this subpart; several comments
ask that we not apply the part 11
requirements here.
We agree that it would be
unnecessarily burdensome to require
that records under the third-party
program comply with the requirements
in part 11. Therefore, we are adding
§ 1.694 to the final rule which states that
records that are established or
maintained to satisfy the requirements
of this subpart and that meet the
definition of electronic records in
§ 11.3(b)(6) are exempt from the
requirements of part 11. We further
specify that records that satisfy the
requirements of this subpart, but those
that also are required under other
applicable statutory provisions or
regulations, remain subject to part 11 to
the extent that they are not separately
exempted. Consistent with these
provisions, we are making a conforming
change in part 11 to specify in § 11.1(m)
that part 11 does not apply to records
that meet the definition of electronic
records in § 11.3(b)(6) required to be
established or maintained under this
subpart, and that records that satisfy the
requirements of this subpart, but that
also are required under other statutory
provisions or regulations, remain
subject to part 11 to the extent that they
are not separately exempted.
mstockstill on DSK4VPTVN1PROD with RULES4
D. How do I request a regulatory hearing
on a revocation of a recognition or
withdrawal of accreditation? (§ 1.693)
We proposed procedures that would
be used for challenges to revocation of
recognition or withdrawal of
accreditation.
On our own initiative, we revised
§ 1.693(f) to include the standard for
denial of a request for a regulatory
hearing under 21 CFR 16.26(a).
(Comment 181) Some comments
suggest that we provide an opportunity
for interested stakeholders, in addition
to the accreditation body or third-party
certification body seeking a regulatory
hearing, to provide information to us
that will inform our decisionmaking
during a regulatory hearing.
(Response 181) Again, we decline to
adopt comments’ suggestion to allow for
others beyond the accreditation body or
third-party certification body seeking to
challenge an FDA decision to engage in
this process. For purposes of this final
rule, we are not making the regulatory
hearing a public process because issues
pertaining to revocation and withdrawal
generally contain confidential or
sensitive information. We note that
information shared with FDA is subject
to the information disclosure
regulations in part 20, as stated in
§ 1.695. We are amending proposed
§ 1.693(g)(3), redesignated as
§ 1.693(g)(2), to state that § 16.60(a)
(public process) is inapplicable to
hearings under this rule.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
F. Are the records required by this
subpart subject to public disclosure?
(§ 1.695)
In the proposed rule, we did not
specify requirements regarding the
public disclosure of records created and
retained under this subpart. However, as
discussed previously in the preamble,
several comments express concerns
about whether notifications, records,
and reports required by this rule would
be protected from public disclosure. The
comments state that notifications,
records, and reports will often contain
commercially sensitive information.
Some comments ask that the regulations
specify that such information under this
program have the same level of
protection from public disclosure under
FOIA as juice and seafood HACCP
records.
PO 00000
Frm 00064
Fmt 4701
Sfmt 4700
Information submitted to the Agency,
including reports and notifications
submitted pursuant to §§ 1.623 and
1.656, becomes an Agency record. We
note we have added a new § 1.695 to the
final rule to clarify that records under
this subpart are subject to part 20; part
20 provides protections for trade secrets
and CCI from public disclosure (see,
e.g., § 20.61).
G. May importers use reports of
regulatory audits by accredited
certification bodies for purposes of
subpart L of this part? (§ 1.698)
We proposed that an importer as
defined in § 1.500 of this part may use
a regulatory audit of an eligible entity,
documented in a regulatory audit report,
in meeting the requirements for an
onsite audit of a foreign supplier under
subpart L of this part.
(Comment 182) Some comments agree
with FDA’s proposal to allow importers
to use regulatory audit reports of foreign
suppliers, conducted for VQIP or import
certification purposes, in meeting the
verification requirements under the
proposed FSVP program. These
comments state that the use of
regulatory audits by accredited thirdparty certification bodies should not be
required under FSVP. The comments
assert that importers should be free to
choose how best to meet the verification
requirements. Some comments
misunderstood proposed § 1.698 to
require the use of accredited third-party
certification bodies for FSVP purposes.
(Response 182) To clarify that the use
of an accredited third-party certification
body for FSVP purposes is not required
by this rule, we are removing this
provision. This rule establishes the
framework and procedures for
participation in the accredited thirdparty certification program for purposes
of sections 808 of the FD&C Act and
does not create substantive
requirements for the FSVP program.
However, regulatory audits may be used
to meet supplier verification
requirements under FDA’s final
preventive controls regulations and
FSVP regulations if they comport with
those requirements.
XIV. Editorial and Conforming Changes
The revised regulatory text includes
several changes that we have made to
clarify requirements and to improve
readability. The revised regulatory text
also includes several conforming
changes that we have made when a
change to one provision affects other
provisions. We summarize the principal
editorial and conforming changes in
table 5. We also made very minor
editorial corrections, such as inserting a
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
missing end parenthesis symbol; those
changes are not included in this chart.
TABLE 5—PRINCIPAL EDITORIAL AND CONFORMING CHANGES
Designation in the revised
regulatory text
(section)
Revision
Throughout part 1, subpart M ..........
Throughout part 1, subpart M ..........
Throughout part 1, subpart M ..........
Throughout part 1, subpart M ..........
Throughout part 1, subpart M ..........
Throughout part 1, subpart M ..........
Throughout part 1, subpart M ..........
Throughout part 1, subpart M ..........
Throughout part 1, subpart M ..........
§ 1.600(c) .........................................
§ 1.600(c) .........................................
§ 1.600(c) .........................................
§ 1.600(c) .........................................
§ 1.600(c) .........................................
§ 1.600(c) .........................................
§ 1.601(a) .........................................
§ 1.601(b)(2) .....................................
§ 1.601(c) .........................................
§ 1.601(d) .........................................
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.601(d)(1)(i) .................................
§ 1.601(d)(1)(ii) .................................
§ 1.601(d)(1)(ii) .................................
§ 1.610 .............................................
VerDate Sep<11>2014
19:45 Nov 25, 2015
Explanation
Where applicable, substituted the term ‘‘assessment’’, or its derivations, for the terms ‘‘audit’’ or ‘‘review’’, or their derivations, when
describing an FDA evaluation of an accreditation body and when
describing an evaluation of a third-party certification body performed by a recognized accreditation body or by FDA.
Where applicable, substituted ‘‘evaluate’’, or its derivations, for ‘‘assess’’ or ‘‘determine’’, or their derivations, when describing the nature of activities involved in an ‘‘assessment’’ (as defined in this
rule) of an accreditation body or a third-party certification body.
Where applicable, substituted ‘‘examine’’, or its derivations, for
‘‘audit’’, ‘‘assess’’, ‘‘determine’’, or ‘‘evaluate’’, or their derivations,
when describing the nature of activities involved in an ‘‘audit,’’ as
defined in this rule, of an eligible entity.
Where applicable, revised to refer to ‘‘audit agent’’ rather than
‘‘agent’’ when describing individuals who conduct audits for accredited third-party certification bodies. Use ‘‘agent(s) used to conduct
audits’’ rather than, ‘‘audit agent(s)’’ when referring to individuals
who conduct audits for a third-party certification body prior to its
accreditation under this program.
Revised to refer to ‘‘competency’’ rather than ‘‘competence’’ ..............
Where appropriate, revised to refer to ‘‘recognized accreditation bodies’’ rather than ‘‘accreditation bodies’’.
Where appropriate, revised to refer to ‘‘accredited third-party certification bodies’’ rather than ‘‘third-party certification bodies’’.
Where appropriate, rephrased ‘‘[i]f FDA has reason to believe that a
food certification issued for purposes of section 801(q) of the
FD&C Act is not valid or reliable, FDA may refuse to consider the
certification in determining the admissibility of the article of food for
which the certification was offered.’’
Replaced ‘‘personnel’’ with ‘‘employees’’ ..............................................
Deleted ‘‘, including the model accreditation standards’’ from the definition of ‘‘accreditation’’.
Revised the definition of ‘‘accredited third party certification body’’ to
replace ‘‘is authorized’’ with ‘‘is accredited’’.
Revised the definition of ‘‘eligible entity’’ to replace ‘‘subject to the
registration requirements of’’ with ‘‘required to be registered under’’.
Revised the definition of ‘‘facility certification’’ to replace ‘‘establish
that a facility meets’’ with ‘‘establish whether a facility complies
with’’.
Revised the definition of ‘‘food certification’’ to replace ‘‘establish that
a food meets’’ with ‘‘establish whether a food of an eligible entity
complies with’’.
Revised the definition of ‘‘relinquishment’’ to state that relinquishment
occurs prior to the expiration of recognition or accreditation for accreditation bodies and certification bodies, respectively.
Changed ‘‘for conducting food safety audits and for issuing food and
facility certifications to eligible entities’’ to ‘‘to conduct food safety
audits and to issue food and facility certifications’’.
Changed ‘‘Issuing food and facility certifications’’ to ‘‘Issuing certifications’’.
Changed ‘‘or in meeting the eligibility requirements’’ to ‘‘or issuing a
facility certification for meeting the eligibility requirements’’.
Replaced ‘‘except as provided in paragraph (d) of this section’’ with
‘‘under this subpart’’.
Redesignated paragraphs (1), (1)(i), (1)(ii), (2), (2)(i), and (2)(ii) as
paragraphs (1)(i), (1)(i)(A), (1)(i)(B), (1)(ii), (1)(ii)(A), and (1)(ii)(B).
Changed ‘‘[t]he certification of food under section 801(q)’’ to ‘‘[a]ny
certification required under section 801(q)’’.
Changed ‘‘[c]ertification of food under section 801(q)’’ to ‘‘Any certification required under section 801(q)’’.
Changed ‘‘food other than alcoholic beverages that is from a facility’’
to ‘‘food that is not an alcoholic beverage that is received and distributed by a facility’’.
Section heading changed from ‘‘[w]ho is eligible for recognition,’’ to
‘‘[w]ho is eligible to seek recognition;’’
Text changed from ‘‘eligible for recognition’’ to ‘‘eligible to seek recognition.’’
Jkt 238001
PO 00000
Frm 00065
Fmt 4701
Sfmt 4700
E:\FR\FM\27NOR4.SGM
Conforming change.
Conforming change.
Conforming change.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Conforming change.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Correction.
Editorial change.
Conforming change.
Conforming change.
Improve clarity.
Improve clarity.
27NOR4
74633
74634
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
TABLE 5—PRINCIPAL EDITORIAL AND CONFORMING CHANGES—Continued
Designation in the revised
regulatory text
(section)
Revision
§ 1.611(a) .........................................
§ 1.611(a)(2) .....................................
§§ 1.611(b),
1.612(b),
1.613(b),
1.614(b), 1.615(b), 1.623(d)(2),
1.630(b),
1.631(b),
1.641(b),
1.642(b), and 1.645(b).
§ 1.612(b) .........................................
§ 1.615(a) .........................................
§ 1.615(b) .........................................
§ 1.620(a)(2) .....................................
§ 1.620(d) .........................................
§ 1.621 .............................................
§ 1.621(a) .........................................
§ 1.622(a) .........................................
§ 1.622(a)(1) .....................................
§ 1.622(a)(2) .....................................
§ 1.622(c)(1) .....................................
§ 1.622(c)(2) .....................................
§ 1.622(c)(3) .....................................
§ 1.622(d) .........................................
§ 1.622(d)(2) .....................................
§ 1.623(b) .........................................
§ 1.623(c)(1) .....................................
§ 1.623(d)(1)(iv) ................................
§ 1.624(a) .........................................
§ 1.624(b)
§ 1.624(c).
redesignated
as
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.624(d) .........................................
§ 1.625 title and paragraphs (a), (b),
and (c).
§ 1.625(a)(2) .....................................
§ 1.630(c) .........................................
VerDate Sep<11>2014
19:45 Nov 25, 2015
Explanation
Changed ‘‘through’’ to ‘‘as a legal entity with’’ ......................................
Removed ‘‘such’’ from between ‘‘perform’’ and ‘‘assessments.’’
Changed ‘‘its capability to audit’’ to ‘‘its capability to conduct audits.’’
Replaced ‘‘personnel and other agents,’’ with ‘‘its agents, (or the
third-party certification body in the case of a third-party certification
body that is an individual, such individual)’’.
In sentences referencing requirements for recognized accreditation
bodies or accredited third-party certification bodies, replaced specific references to other sections of this rule with ‘‘the applicable
[* * *] requirements of this subpart’’.
Changed ‘‘capability to meet the* * *’’ to ‘‘capability to meet the applicable’’.
Added ‘‘pertaining to this subpart’’ between ‘‘legal obligations’’ and
‘‘and to provide’’.
Replaced ‘‘[i]s capable of meeting,’’ with ‘‘The capability to meet’’ ......
Removed ‘‘that aggregates the products of growers or processor
[sic],’’ after ‘‘foreign cooperative’’.
Replaced ‘‘including,’’ with, ‘‘and include’’ ............................................
Last word of section heading changed from ‘‘accredits’’ to ‘‘accredited’’.
At the end of the previously undesignated paragraph which is now
paragraph (a), moved ‘‘recognized accreditation body . . . with this
subpart’’.
Added ‘‘compliance with this subpart, including’’ at the end of the
opening phrase.
Replaced ‘‘or other agents in activities under this subpart and the degree of consistency among such performances,’’ with ‘‘or other
agents involved in accreditation activities and the degree of consistency in conducting accreditation activities’’.
Added ‘‘involved in accreditation activities,’’ between ‘‘other agents,’’
and ‘‘with the conflict of interest requirements’’.
Changed ‘‘area(s) needing improvement,’’ to ‘‘area(s) where deficiencies exist’’.
Changed ‘‘implement effective correction action(s) to address those
area(s)’’ to ‘‘implement corrective action(s) that effectively address
those deficiencies’’.
Inserted ‘‘any’’ between ‘‘records of,’’ and ‘‘such corrective action(s)’’
Changed ‘‘includes:’’ to ‘‘includes the following elements.’’ .................
Added ‘‘involved in accreditation activities,’’ between, ‘‘other agents,’’
and ‘‘complied with the conflict of interest requirements’’.
Created subparagraphs by inserting, ‘‘(i)’’ before ‘‘a report of the results of an annual self-assessment’’ and ‘‘(ii)’’ before ‘‘for a recognized accreditation body subject to § 1.664(g)((1);’’
Removed ‘‘must submit’’ from between ‘‘§ 1.664(g)(1),’’ and ‘‘a report
of such self-assessment;’’
Changed ‘‘to FDA within 2 months’’ to ‘‘to FDA within 60 days of the
third party certification body’s withdrawal.’’
Added ‘‘(including expanding the scope of),’’ between ‘‘[g]ranting,’’
and ‘‘accreditation’’.
Added ‘‘scope and,’’ between ‘‘the’’ and ‘‘basis for such denial’’ .........
Changed from ‘‘other agents)’’ to ‘‘other agents involved in accreditation activities)’’.
Rephrased ‘‘[t]he financial interests of the spouses and children
younger than 18 years of age of officers, personnel, and other
agents of a recognized accreditation body will be considered the financial interests of such officers, personnel, and other agents of
the accreditation body’’.
Changed ‘‘and date(s) on each the accredited’’ to ‘‘and the date(s)
on which the accredited’’.
Changed from ‘‘A recognized accreditation body,’’ to ‘‘An accreditation body that has been recognized’’.
Added ‘‘expand or’’ after ‘‘withdraw, or’’ ...............................................
Changed from ‘‘needed by FDA to process the application’’ to
‘‘needed by FDA during processing of the application’’.
Jkt 238001
PO 00000
Frm 00066
Fmt 4701
Sfmt 4700
E:\FR\FM\27NOR4.SGM
Improve clarity.
Conforming change.
Improve clarity.
Clarify that only the applicable assessment and monitoring requirements apply.
Improve clarity.
Editorial change.
Conforming change.
Editorial change.
Editorial change.
Improve clarity.
Improve clarity.
To clarify that the relevant activities under this subpart are accreditation activities.
Conforming change.
Improve clarity.
Improve clarity.
Improve clarity.
Conforming change.
Conforming change.
Improve clarity.
Improve clarity.
Improve clarity.
Conforming change.
Improve clarity.
Editorial change.
To clarify that the duties with respect to records as required
under this subpart adhere to
any accreditation body that has
been recognized, including accreditation bodies that are no
longer recognized.
Improve clarity.
Improve clarity.
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
TABLE 5—PRINCIPAL EDITORIAL AND CONFORMING CHANGES—Continued
Designation in the revised
regulatory text
(section)
Revision
§ 1.630(d) .........................................
§ 1.631 heading ...............................
§ 1.631(a) .........................................
§ 1.631(b) .........................................
§ 1.631(c) .........................................
§ 1.631(d) .........................................
§ 1.632 .............................................
§ 1.633(a) .........................................
§ 1.633(a) .........................................
§ 1.633(b) .........................................
§ 1.634(a) .........................................
§ 1.634(a)(2)(ii) .................................
§ 1.634(a)(2)(iii) ................................
§ 1.634(c)(1) .....................................
§ 1.634(d)(1) .....................................
§ 1.634(d)(1)(i) .................................
§ 1.634(d)(1)(ii) .................................
§ 1.634(d)(2) .....................................
§ 1.635 heading ...............................
§ 1.636(a) .........................................
§ 1.640 heading ...............................
§ 1.641(a) .........................................
§ 1.642(a)(1) .....................................
§ 1.641(a)(2) .....................................
§ 1.643(a) .........................................
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.644(a)(1) .....................................
§ 1.644(a)(2) .....................................
§ 1.650 heading ...............................
VerDate Sep<11>2014
19:45 Nov 25, 2015
Explanation
Changed from ‘‘signed by the applicant or by any individual authorized’’ to ‘‘signed by an individual authorized’’.
Changed heading from ‘‘How will FDA review applications for recognition and renewal of recognition?’’ to ‘‘How will FDA review my
application for recognition or renewal of recognition and what happens once FDA decides on my application?’’
Added ‘‘an accreditation body’s’’ after FDA will review, deleted ‘‘a’’ ....
Inserted ‘‘regarding’’ before ‘‘whether the application has been approved or denied.’’
Changed to state that the FDA will notify an applicant that its recognition or renewal application has been approved through
issuance of recognition that will list any limitations associated with
the recognition.
Changed to state that the FDA will notify an applicant that its recognition or renewal application has been denied through issuance
of a denial of recognition that will state the basis for such denial
and provide the procedures for requesting reconsideration of the
application under § 1.691.
Added ‘‘from the date of recognition’’ to the end of the sentence .......
Removed ‘‘periodically’’ .........................................................................
Rephrased ‘‘date of accreditation for a 5-year term of recognition, or
by no later than mid-term point for recognition granted for less than
5 years.’’
Rephrased ‘‘These may be conducted at any time, with or without
the accreditation body or auditor/certification body present’’.
Inserted ‘‘found not to be in compliance with the requirements of this
subpart, including’’ after ‘‘of an accreditation body’’.
Changed ‘‘problem with the accreditation body’’ to ‘‘deficiency’’ ..........
Inserted ‘‘to do so’’ after ‘‘[d]irected’’ ....................................................
Changed ‘‘Upon revocation, FDA will notify that accreditation body,
electronically, in English, stating * * *’’.
Removed ‘‘electronically and in English’’ ..............................................
Rephrased from ‘‘[n]o later than 2 months after the revocation’’ to
‘‘[n]o later than 60 days after the date of issuance of the revocation’’.
Added ‘‘or the original date of the expiration of the accreditation,
whichever comes first’’ after ‘‘revocation’’.
Changed from ‘‘a recognized’’ to, ‘‘another recognized’’
Added ‘‘(c)’’ after ‘‘1.664’’ ......................................................................
Changed heading from ‘‘How do I voluntarily relinquish recognition?’’
to ‘‘What if I want to voluntarily relinquish recognition or do not
want to renew recognition?’’
Removed ‘‘or may be required to submit such application after a determination in a regulatory hearing under § 1.693’’.
Changed heading from, ‘‘Who is eligible for accreditation?’’ to, ‘‘Who
is eligible to seek accreditation?’’
Changed ‘‘or through contractual rights’’ to ‘‘or as a legal entity with
contractual rights’’ and added ‘‘and conformance with applicable’’
before ‘‘industry standards and practices’’.
Changed ‘‘industry standards and practices and to issue’’ to ‘‘conformance with applicable industry standards and practices and
issuance of’’.
Changed ‘‘of the eligible entity’’ to ‘‘of an eligible entity’’ .....................
Removed ‘‘such as witnessing the performance of a statistically significant number of personnel and other agents conducting audits of
food facilities.’’
Replaced ‘‘certification body (and its officers, personnel, and other
agents) and eligible entities (and their owners and operators) seeking assessment and certification from,’’
Rephrased ‘‘[i]dentify areas in its auditing and certification program or
performance that need improvement’’ to ‘‘[i]dentify deficiencies in
its auditing and certification program or performance’’.
Rephrased from ‘‘Quickly execute corrective actions when problems
are found’’ to ‘‘[q]uickly execute corrective actions that effectively
address any identified deficiencies’’.
Changed heading from ‘‘How must an accredited auditor/third-party
certification body ensure its audit agents are competent and objective’’, to ‘‘How must an accredited third-party certification body ensure competency and objectivity?’’
Jkt 238001
PO 00000
Frm 00067
Fmt 4701
Sfmt 4700
E:\FR\FM\27NOR4.SGM
Improve clarity.
Improve clarity.
Improve clarity.
Editorial change.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Conforming change.
Improve clarity.
Conforming change.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
27NOR4
74635
74636
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
TABLE 5—PRINCIPAL EDITORIAL AND CONFORMING CHANGES—Continued
Designation in the revised
regulatory text
(section)
Revision
§ 1.650(a)(3) .....................................
Throughout §§ 1.651 and 1.652 ......
§ 1.651(a)(1)(i) .................................
§ 1.651(b)(1) .....................................
§ 1.651(b)(2) .....................................
§ 1.651(b)(5) .....................................
§ 1.651(b)(5)(i)
§ 1.651(b)(5)).
(previously
§ 1.651(b)(5) .....................................
§ 1.651(b)(6) .....................................
§ 1.651(c)(2) .....................................
§ 1.651(c)(3) .....................................
§ 1.651(c)(4) .....................................
Throughout §§ 1.652, 1.653 .............
§ 1.652(a) .........................................
§ 1.652(b)(1) .....................................
§ 1.652(b)(6)(i) and (ii) .....................
§ 1.652(b)(8) .....................................
§ 1.653 heading ...............................
§ 1.653(a)(1) .....................................
§ 1.653(a)(2) .....................................
§ 1.654 heading ...............................
§ 1.654 .............................................
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.655(a) .........................................
§§ 1.655(a)(1),
1.655(a)(2),
1.655(a)(3), 1.655(d)(2), 1.657(a),
1.657(a)(1), 1.657(c).
§§ 1.655(a)(1), 1.655(a)(2) ...............
§ 1.655(a)(5) .....................................
§ 1.655(c)(1) .....................................
VerDate Sep<11>2014
19:45 Nov 25, 2015
Explanation
Changed from ‘‘[p]articipates in annual food safety under the accredited auditor’s/certification body’s training plan,’’ to ‘‘[c]ompletes annual food safety training that is relevant to activities conducted
under this subpart’’.
Where appropriate, added ‘‘eligible’’ before ‘‘entity’’ and ‘‘food safety’’
before ‘‘audit’’.
Inserted ‘‘subject to the requirements of this subpart’’ after ‘‘be conducted as a consultative or regulatory audit’’.
Changed from ‘‘[c]onduct an unannounced audit to verify whether the
activities and results’’ to ‘‘[c]onduct an unannounced audit to determine whether the facility, process(es), and food’’.
Removed ‘‘and, where appropriate, to issue food and facility certifications’’ from end of phrase.
Inserted ‘‘audits conducted under this subpart as follows’’ after
‘‘[p]repare reports of’’.
Inserted ‘‘For’’ before ‘‘consultative audits,’’ .........................................
Inserted ‘‘maintain such records, subject to FDA access in accordance with section 414 of the FD&C Act.’’
Created (i) and (ii) to more easily distinguish between the different
requirements for consultative and regulatory audits.
Inserted ‘‘under this subpart’’ after ‘‘food safety audit’’ ........................
Changed ‘‘to establish compliance with the FD&C Act’’ to ‘‘to determine compliance with the applicable food safety requirements of
the FD&C Act and FDA regulations, and, for consultative audits,
also includes conformance with applicable industry standards and
practices’’.
Rephrased ‘‘entity would be likely to remain in compliance with the
applicable requirements of the FD&C Act for at least 12 months
following the audit, provided that the facility and its process(es) are
properly maintained and implemented.’’
Removed ‘‘assessment’’ and added ‘‘other data and information from
the examination, including information on’’.
Removed ‘‘of the accredited auditor/certification body.’’
Where appropriate, inserted, ‘‘regulatory’’ before, ‘‘audit’’ ....................
Reformatted requirements in § 1.652(a)(1) through (6) to more closely align with formatting of § 1.652(b)(1) through (6);.
Inserted ‘‘subject to FDA access in accordance with the requirements
of section 414 of the FD&C Act.’’
Replaced ‘‘audited facility’’ with ‘‘site or location where the regulatory
audit was conducted’’.
Inserted ‘‘to humans or animals’’ after ‘‘serious adverse health consequences or death’’.
Rephrased from ‘‘is used in the facility’’ to ‘‘is performed in or used
by the facility’’.
Changed heading from ‘‘What must accredited auditor/certification
body do when issuing food or facility certifications?’’ to ‘‘What must
an accredited third-party certification body do when issuing food or
facility certifications?’’
Changed ‘‘(or an audit agent’’ to ‘‘(or, where applicable, an audit
agent’’.
Changed ‘‘to establish compliance’’ to ‘‘to determine compliance.’’
Changed ‘‘an observation’’ to ‘‘a deficiency’’ ........................................
Rephrased language in heading from ‘‘eligible entity with a food or
facility certification’’ to ‘‘eligible entity that it has issued a food or
facility certification’’.
Added ‘‘with such requirements’’ after ‘‘compliance’’ ...........................
Changed ‘‘if it determines the eligible entity is no longer’’ to ‘‘if it withdraws or suspends a food or facility certification because it determines that the entity is no longer.’’
Changed ‘‘must annually, and as required under § 1.631(f)(1)(i) or
upon FDA request made for cause, conduct a self-assessment that
includes evaluation of:’’
Added ‘‘involved in auditing and certification activities,’’ after ‘‘other
agents’’.
Removed ‘‘under this subpart’’ ..............................................................
Inserted ‘‘of’’ between ‘‘determination’’ and ‘‘whether’’ .........................
Replaced ‘‘area(s) needing improvement’’ with, ‘‘deficiencies in complying with the requirements of this subpart’’.
Jkt 238001
PO 00000
Frm 00068
Fmt 4701
Sfmt 4700
E:\FR\FM\27NOR4.SGM
Improve clarity.
Improve clarity.
Improve clarity.
Conforming change.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Editorial change.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Editorial change.
Improve clarity.
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
TABLE 5—PRINCIPAL EDITORIAL AND CONFORMING CHANGES—Continued
Designation in the revised
regulatory text
(section)
Revision
§ 1.655(c)(2) .....................................
§ 1.656(b) .........................................
§ 1.656(c) .........................................
§ 1.657(a)(3)
redesignated
§ 1.657(a)(4).
as
§ 1.657(a)(4)
redesignated
as
§ 1.657(a)(5).
§ 1.657(a)(4)(i) redesignated as
§ 1.657(a)(5)(i).
§ 1.657(c) .........................................
§ 1.658 heading ...............................
§ 1.658(a) .........................................
§ 1.658(a)(1) .....................................
§§ 1.658(a)(1), 1.658(a)(3) ...............
§ 1.658(a)(4) .....................................
§ 1.658(a)(5)–(a)(9) redesignated as
§ 1.658(a)(5)–(a)(8).
§ 1.658(a)(8)
redesignated
as
§ 1.658(a)(7).
§ 1.658(a)(9)
redesignated
as
§ 1.658(a)(8).
§ 1.658(b) .........................................
§ 1.660 heading ...............................
§ 1.661 .............................................
§ 1.662(a) .........................................
§ 1.662(b)(4) .....................................
§ 1.663(d) .........................................
§ 1.663(e) .........................................
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.663(f) ..........................................
§ 1.663(f) ..........................................
§ 1.664(a)(1) .....................................
§ 1.664(a)(2) .....................................
§ 1.664(b)(2) .....................................
§ 1.664(c)(2) .....................................
VerDate Sep<11>2014
19:45 Nov 25, 2015
Explanation
Rephrased from ‘‘effective corrective action(s) to address those
area(s)’’ to ‘‘corrective action(s) that effectively address the identified deficiencies’’.
Modified submission timeframe from 2 months to 60 days ..................
Rephrased ‘‘when any of its audit agents or the accredited auditor/
third-party certification body itself, discovers any condition found
during a regulatory or consultative audit of an eligible entity, which’’.
Added ‘‘accredited third-party certification body’s’’ after ‘‘[p]rohibiting
an’’.
Changed ‘‘other agent of the accredited auditor/certification body
from accepting any money, gift, gratuity, or item of value’’ to ‘‘other
agent involving in auditing and certification activities from accepting
any money, gift, gratuity, or other item of value.’’
Changed reference from ‘‘(a)(3)’’ to ‘‘(a)(4)’’ .........................................
Improve clarity.
Conforming change.
Improve clarity.
Improve clarity.
Editorial change.
Changed from ‘‘accreditation’’ to, ‘‘auditing and certification’’ ..............
Correction.
Added ‘‘accredited third-party certification body’s’’ before ‘‘officers’’ ...
Changed ‘‘other agents of an accredited auditor/certification body’’ to
‘‘other agents involving in auditing and certification activities.’’
Changed heading to ‘‘What records requirements must an accredited
auditor/certification body that has been accredited meet?’’
Rephrased from ‘‘certification body must maintain electronically for 4
years records’’ to ‘‘certification body that has been accredited must
maintain electronically for 4 years records created during its period
of accreditation’’.
Removed ‘‘laboratory testing records and results (as applicable) ........
Rephrased from ‘‘and corrective actions’’ to ‘‘verification of any corrective action(s) taken’’.
Replaced ‘‘under § 1.650(a)(5) or by the accredited auditor/certification body to FDA under § 1.656(e)’’ with ‘‘in accordance with
§ 1.650(a)(5)’’.
Removed paragraph (a)(5) ...................................................................
Improve clarity.
Rephrased from, ‘‘taken as a result’’ to ‘‘taken to address any deficiencies identified during a self-assessment’’.
Changed ‘‘the auditing or certification program’’ to ‘‘its auditing or
certification program’’.
Changed from ‘‘FDA in accordance with the requirements of subpart
J of this chapter’’ to ‘‘FDA in accordance with section 414 of the
FD&C Act’’.
Changed heading to ‘‘Where do I apply for accreditation or renewal
of accreditation by a recognized accreditation body and what happens once the recognized accreditation body decides on my application?’’
Added ‘‘by a recognized accreditation body’’ at end of header ...........
Rephrased ‘‘comply with the requirements of §§ 1.640 to 1.658 and
whether there are deficiencies in the performance of the accredited
auditor/certification body that, if not corrected, would warrant withdrawal of its accreditation under this subpart.’’
Rephrased from ‘‘regarding the accredited auditor’s/certification
body’s authority, qualifications (including the expertise and training
of its audit agents), conflict of interest program, internal quality assurance program, and monitoring by its accreditation body (or, in
the case of direct accreditation, FDA);’’
Rephrased from ‘‘submission was completed’’ to ‘‘completed submission is received’’.
Removed ‘‘in writing’’ and ‘‘Such notification may be made electronically.’’
Replaced ‘‘conditions’’ with ‘‘limitations’’ ...............................................
Replaced ‘‘notification’’ with ‘‘issuance of the waiver’’ and ‘‘issuance
of a denial of a waiver request’’ as appropriate.
Replaced ‘‘conditions’’ with ‘‘limitations.’’
Added ‘‘or chemical or physical hazard’’ ..............................................
Changed ‘‘meets the requirements’’ to ‘‘complies with the applicable
requirements’’.
Replaced ‘‘steps’’ with ‘‘relevant audit records’’ ...................................
Replaced ‘‘to justify the food or facility certification’’ with ‘‘in support
of its decision to certify’’.
Deleted ‘‘food or facility’’ .......................................................................
Jkt 238001
PO 00000
Frm 00069
Fmt 4701
Sfmt 4700
E:\FR\FM\27NOR4.SGM
Improve clarity.
Improve clarity.
Conforming change.
Improve clarity.
Conforming change.
Conforming change.
Improve clarity.
Improve clarity.
Correction.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Conforming change.
Improve clarity.
Improve clarity.
Correction.
Improve clarity.
Improve clarity.
For flexibility.
27NOR4
74637
74638
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
TABLE 5—PRINCIPAL EDITORIAL AND CONFORMING CHANGES—Continued
Designation in the revised
regulatory text
(section)
Revision
§ 1.664(e)(1) .....................................
§ 1.664(e)(1) .....................................
§ 1.664(e)(2) .....................................
§ 1.664(g)(1) .....................................
§ 1.664(g)(2) .....................................
§ 1.664(h) .........................................
§ 1.664(h) .........................................
§ 1.665 heading ...............................
§ 1.665(a) .........................................
§ 1.665(b) .........................................
§ 1.666(a)(1) .....................................
§ 1.666(a)(2)(i) .................................
§ 1.670(a)(3) .....................................
§ 1.670(b)(1) .....................................
§ 1.670(b)(2) .....................................
§ 1.670(b)(3) .....................................
§ 1.671 heading ...............................
§ 1.671(b) .........................................
§ 1.671(c) previously (c) and (d) ......
§ 1.671(e) .........................................
§ 1.681 .............................................
§ 1.691(a) and (b) ............................
§ 1.691(c) .........................................
§ 1.691(d) .........................................
§ 1.692(a) .........................................
§ 1.692(d) .........................................
§ 1.692(e) .........................................
§ 1.693 .............................................
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.693(a) .........................................
§ 1.693(b) .........................................
VerDate Sep<11>2014
19:45 Nov 25, 2015
Explanation
Added ‘‘of its accreditation through issuance of a withdrawal that will
state’’.
Deleted, ‘‘electronically, in English’’ ......................................................
Added ‘‘issuance of the’’ between ‘‘date of’’ and withdrawal’’ ..............
Replaced ‘‘bodies’’ with ‘‘body it accredited’’ ........................................
Added ‘‘by FDA.’’
Changed ‘‘2 months’’ to ‘‘60 days.’’
Removed ‘‘electronically and in English.’’
Replaced ‘‘such’’ with ‘‘an’’ ...................................................................
Replaced ‘‘and the status of recognition and food and facility certifications’’ in the heading with ‘‘accreditation’’.
Replaced ‘‘under this subpart’’ with ‘‘and provide a description of the
basis for withdrawal’’.
Changed heading from ‘‘How do I voluntarily relinquish accreditation?
to ‘‘what if I want to voluntarily relinquish accreditation or do not
want to renew?’’
Changed ‘‘2 months’’ to ‘‘60 days’’ .......................................................
Added ‘‘The accreditation body must establish and maintain records
of such notification under § 1.625(a).’’
Replaced ‘‘requirements for accreditation’’ with ‘‘applicable requirements of this subpart’’.
Replaced ‘‘a’’ with ‘‘another’’ and ‘‘not’’ with ‘‘no’’ ................................
Added ‘‘(a)(1) of this section, as described in paragraph (a)(2)’’ .........
Revised to specify provision ‘‘(a)(1)’’ ....................................................
Added subsection title ‘‘Submission’’ ....................................................
Added subsection title ‘‘Signature’’ .......................................................
Changed title from ‘‘How will FDA review applications for direct accreditation and for renewal of direct accreditation?’’ to ‘‘How will
FDA review my application for direct accreditation or for renewal of
direct accreditation and what happens once FDA decides on my
application?’’
Reorganized the provision: Moved original (f) under (b) ......................
Redesignated as (c) to state that FDA will notify an applicant that its
direct accreditation or renewal application has been approved
through issuance of direct accreditation that will list any limitations
associated with the accreditation.
Redesignated (e) to (d) .........................................................................
Replaced ‘‘denies’’ with ‘‘issues a denial’’
Added ‘‘for direct accreditation or for renewal of direct accreditation.’’
Replaced ‘‘notification’’ with ‘‘issuance of the denial of direct accreditation.’’
Deleted ‘‘address and’’
Combined (a) and (b) ............................................................................
Replaced ‘‘seek’’ with ‘‘apply for’’
Replaced ‘‘decision’’ with ‘‘the issuance of such denial’’ ......................
Replaced ‘‘it describes’’ with ‘‘described in the notice’’ ........................
Deleted ‘‘in writing’’ ...............................................................................
Rephrased ‘‘of its decision to grant the application or waiver request
upon reconsideration, or its decision to deny the application or
waiver request upon reconsideration.’’
Replaced ‘‘FDA issued’’ to ‘‘of issuance of’’ .........................................
Deleted ‘‘electronically’’ .........................................................................
Added phrases ‘‘through issuance of an application or waiver request
upon reconsideration’’ and ‘‘application or waiver request upon reconsideration through issuance of a denial of.’’
Replaced ‘‘Affirmation’’ with ‘‘Issuance’’ ...............................................
Replaced ‘‘FDA issued’’ and ‘‘written notice’’ with ‘‘issuance of’’ .........
Rephrased ‘‘the accreditation body or an individual authorized to act
on its behalf’’ to ‘‘an individual authorized to act on the accreditation body’s behalf’’.
Rephrased ‘‘the auditor/certification body or an individual authorized
to act on its behalf’’ to ‘‘an individual authorized to act on the thirdparty certification body’s behalf’’.
Jkt 238001
PO 00000
Frm 00070
Fmt 4701
Sfmt 4700
E:\FR\FM\27NOR4.SGM
Improve clarity.
Conforming change.
Improve clarity.
Improve clarity.
Editorial change.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Clarification.
Improve clarity.
Editorial changes.
Correction.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Improve clarity.
Editorial change.
Improve clarity.
Editorial change.
Improve clarity.
Improve clarity.
For consistency and to improve
clarity.
Improve clarity.
Improve clarity.
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
XV. Executive Order 13175
In accordance with Executive Order
13175, FDA has consulted with tribal
government officials. A Tribal Summary
Impact Statement has been prepared
that includes a summary of Tribal
officials’ concerns and how FDA has
addressed them (Ref. 26). Persons with
access to the Internet may obtain the
Tribal Summary Impact Statement at
https://www.regulations.gov. Copies of
the Tribal Summary Impact Statement
also may be obtained by contacting the
person listed under FOR FURTHER
INFORMATION CONTACT.
mstockstill on DSK4VPTVN1PROD with RULES4
XVI. Analysis of Economic Impact
FDA has examined the impacts of the
final rule under Executive Order 12866,
Executive Order 13563, the Regulatory
Flexibility Act (5 U.S.C. 601–612), and
the Unfunded Mandates Reform Act of
1995 (Pub. L. 104–4). Executive Orders
12866 and 13563 direct Agencies to
assess all costs and benefits of available
regulatory alternatives and, when
regulation is necessary, to select
regulatory approaches that maximize
net benefits (including potential
economic, environmental, public health
and safety, and other advantages;
distributive impacts; and equity). The
Agency believes that this final rule is a
significant regulatory action under
Executive Order 12866.
The Regulatory Flexibility Act
requires Agencies to analyze regulatory
options that would minimize any
significant impact of a rule on small
entities. Because the Third-Party
program will be used primarily on
voluntary basis where private
enterprises determine that the benefits
of participating in our program
outweighs their associated user fee and
compliance costs, the Agency certifies
that the final rule will not have a
significant economic impact on a
substantial number of small entities.
Section 202(a) of the Unfunded
Mandates Reform Act of 1995 requires
that Agencies prepare a written
statement, which includes an
assessment of anticipated costs and
benefits, before proposing ‘‘any rule that
includes any Federal mandate that may
result in the expenditure by State, local,
and tribal governments, in the aggregate,
or by the private sector, of $100,000,000
or more (adjusted annually for inflation)
in any one year.’’ The current threshold
after adjustment for inflation is $144
million, using the most current (2014)
Implicit Price Deflator for the Gross
Domestic Product. FDA does not expect
this final rule to result in any 1-year
expenditure that would meet or exceed
this amount. Annualized cost of the
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
Third-Party final rule is estimated at
approximately $2.8 to $11.6 million,
depending on the scenario.
XVII. Paperwork Reduction Act of 1995
This final rule contains information
collection provisions that are subject to
review by OMB under the Paperwork
Reduction Act of 1995 (44 U.S.C. 3501–
3520). The title, description, and
respondent description of the
information collection provisions are
shown in the following paragraphs with
an estimate of the annual reporting and
recordkeeping burdens. Included in the
estimate is the time for reviewing
instructions, searching existing data
sources, gathering and maintaining the
data needed, and completing and
reviewing each collection of
information.
Title: Accreditation of Third-Party
Certification Bodies to Conduct Food
Safety Audits and Issue Certifications
(Third-Party final rule)
Description: FDA is amending its
regulations to provide for accreditation
of third-party certification bodies (CBs)
to conduct food safety audits of eligible
foreign food entities, including foreign
food facilities, and to issue food and
facility certifications, pursuant to the
FDA Food Safety Modernization Act.
Use of accredited third-party CBs and
food and facility certifications will help
us prevent potentially harmful food
from reaching U.S. consumers and
thereby improve the safety of the U.S.
food supply. We also expect that these
regulations will increase efficiency by
reducing the number of redundant
audits to assess compliance with
applicable food safety requirements of
the FD&C Act and FDA regulations.
Description of respondents: The
coverage of the Third-Party final rule
includes eligible entities seeking audits,
certification, and/or recertification by
accredited CBs participating in our
program, accreditation bodies (ABs)
seeking to comply with the recognition
requirements of the Third-Party final
rule, and CBs seeking to comply with
the accreditation requirements of the
Third-Party final rule (including those
accredited by recognized ABs and those
directly-accredited by FDA). An eligible
entity is a foreign entity in the import
supply chain of food for consumption in
the United States that chooses to be
subject to a food safety audit conducted
by an accredited third-party certification
body.
Based on FDA Operational and
Administration System for Import
Support database information, we
estimate that there are 200,692 foreign
food and feed exporters that offer their
food and feed for import into the United
PO 00000
Frm 00071
Fmt 4701
Sfmt 4700
74639
States. These foreign food and feed
exporters include 129,757 food and feed
production facilities and 70,935 farms.
A proportion of these foreign food and
feed exporters may offer food subject to
mandatory certification requirements
under section 801(q) of the FD&C Act.
In that case, the eligible entities must
either comply with the Third-Party final
rule in order to obtain certification from
a CB accredited under the third-party
program to continue exporting their
food products into the United States, or
a foreign government designated by
FDA, or lose their access to U.S.
markets. In the economic analysis of the
Third-Party final rule, we assume that in
any given year 75 foreign food and feed
exporters will be subject to section
801(q) of the FD&C Act.
In addition to the entities subject to
§ 801(q), some food exporters will seek
certificates to participate in VQIP under
section 806 of the FD&C Act. We
consider three different scenarios for the
participation rate of VQIP importers and
their associated foreign suppliers in a
10-year period: (1) Constant number of
VQIP importers in every year, (2)
increasing participation over time,
peaking at 20 percent of all importers of
perishable products by the fifth year,
with stagnant growth in subsequent
years, (3) increasing participation over
time, peaking at 40 percent of all
importers of perishable products by the
10th year of the program.
The VQIP draft guidance document
caps the acceptance of applications by
importers for VQIP at 200 for the initial
year of the program. Under Scenario 1,
we consider 200 importers participating
in each of first 10 years of VQIP (see
table 6). Average number of foreign
suppliers per importers is
approximately 5.58; therefore, under
Scenario 1, we expect that 200
importers and approximately 1,116
foreign suppliers (200 importers × 5.58
foreign supplier per importer) will be
participating in VQIP every year for a
10-year period (see tables 6 and 7).
According to FDA’s Office of
Regulatory Affairs Reporting Analysis
and Decision Support System database,
the number of importers of perishable
products is approximately 2,759. These
importers would have an incentive to
participate in VQIP in order to expedite
entry of their perishable food products
into the United States. Under Scenario
2, we consider 200 importers
participating in the initial year of VQIP
and increasing steadily until the fifth
year of the program until 552 importers
(20 percent × 2,759 importers of
perishable products) are participating in
the program. For years 6 through 10, we
consider 3 percent increase in
E:\FR\FM\27NOR4.SGM
27NOR4
74640
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
participation of new importers in VQIP
(see table 6). Multiplying the number of
importers by the number of foreign
suppliers per importers (5.58), we
expect that the number of foreign
supplies participating in VQIP, under
Scenario 2, would increase from 1,116
to 3,527 in a 10-year period (see table
7).
Under Scenario 3, we consider the
number of importers will increase from
200 in the initial year of VQIP to 1,104
importers (40 percent × 2,759 importers
of perishable products) in the 10th year
of the program. Tables 6 and 7 include
the number of importers and their
associated foreign suppliers for scenario
3. Table 9 includes total number of
eligible entities in the Third-Party final
rule based on the three considered
scenarios in the 10th year of the
program.
The economic analysis of the ThirdParty final rule estimates compliance
costs under the assumption that
expected efficiency gains, and foreign
food suppliers’ incentive to maintain
continued importation of their food to
the United States would lead all foreign
suppliers subject to section 801(q) of the
FD&C Act, and foreign suppliers who
choose to use third-party food safety
audits to satisfy requirements of FDA’s
VQIP, to become eligible entities and
seek food safety audits under the ThirdParty final rule.
Considering the demand for food
safety audits under the Third-Party
program by foreign suppliers subject to
section 801(q) of the FD&C Act and
those wanting to participate in VQIP, we
expect that some of the ABs and CBs
operating globally will also have an
incentive to participate and comply
with the Third-Party final rule. Under
the three different scenarios discussed
above, we have estimated that 11 to 25
ABs will accredit CBs that will conduct
food safety audits of foreign eligible
entities that offer food or feed for import
to the United States. We also estimate
that approximately 91 to 207 CBs will
be accredited by the potential 11 to 25
AB applicants; these CBs will comply
with the Third-Party final rule in order
to participate in the program. In
addition, we expect that one CB will
apply and participate in the third-party
program via direct accreditation by FDA
under the Third-Party final rule (see
table 9).
TABLE 6—POTENTIAL NUMBER OF IMPORTERS PARTICIPATING IN VQIP IN ITS INITIAL 10 YEARS
Year
Scenario
1
2
3
4
5
6
7
8
200
200
200
200
288
300
200
376
400
200
464
500
200
552
600
200
562
700
200
579
800
200
596
900
1 .......................................................................
2 .......................................................................
3 .......................................................................
9
10
200
614
1,000
200
632
1,104
TABLE 7—POTENTIAL NUMBER OF FOREIGN SUPPLIERS (SECTION 806 OF THE FD&C ACT) PARTICIPATING IN VQIP IN ITS
INITIAL 10 YEARS
Year
Scenario
1
1 .......................................................................
2 .......................................................................
3 .......................................................................
2
1,116
1,116
1,116
3
1,116
1,607
1,674
4
1,116
2,098
2,232
5
1,116
2,589
2,790
1,116
3,080
3,348
6
7
1,116
3,136
3,906
8
1,116
3,231
4,464
9
1,116
3,326
5,022
10
1,116
3,426
5,580
1,116
3,527
6,160
TABLE 8—NUMBER OF RESPONDENTS IN THE THIRD-PARTY FINAL RULE
Eligible entities
Scenario 1
Scenario 2
Scenario 3
Section 801(q) of FD&C Act ........................................................................................................
Section 806 of FD&C Act ............................................................................................................
75
1,116
75
3,527
75
6,160
Total eligible entities .............................................................................................................
1,191
3,602
6,235
TABLE 9—NUMBER OF RESPONDENTS TO THE THIRD-PARTY FINAL RULE
Number of ABs/CBs
Status of ABs/CBs
Scenario 1
Scenario 2
Scenario 3
11
91
1
17
140
1
25
207
1
Total CBs accredited ............................................................................................................
mstockstill on DSK4VPTVN1PROD with RULES4
ABs seeking recognition ..............................................................................................................
CBs seeking accreditation by recognized ABs ...........................................................................
CBs seeking accreditation by FDA ..............................................................................................
92
141
208
Information Collection Burden
Estimate: We estimate the burden for
this information collection as follows:
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
Recordkeeping Burden
In summary, under Scenario 1, total
one-time recordkeeping burden by 11
recognized ABs and 92 CBs accredited
under the third-party program is
PO 00000
Frm 00072
Fmt 4701
Sfmt 4700
estimated at 25,792 hours (see table 10).
Total annual recordkeeping burden by
11 recognized ABs and 92 CBs
accredited under the third-party
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
program is estimated at 2,673 hours (see
table 13).
Under Scenario 2, total one-time
recordkeeping burden by 17 recognized
ABs and 141 CBs accredited under the
third-party program is estimated at
41,640 hours (see table 11). Total annual
recordkeeping burden by 17 recognized
ABs and 141 CBs accredited under the
third-party program s is estimated at
4,553 hours (see table 14).
Under Scenario 3, total one-time
recordkeeping burden by 25 recognized
ABs and 208 CBs accredited under the
third-party program is estimated at
58,570 hours (see table 12). Total annual
recordkeeping burden by 25 recognized
ABs and 208 CBs accredited under the
74641
third-party program is estimated at
6,253 hours (see table 15).
For the purpose of this analysis we
assume that all ABs that apply for
recognition in the program become
recognized and all CBs that apply for
accreditation are accredited.
TABLE 10—SCENARIO 1, ESTIMATED ONE-TIME RECORDKEEPING BURDEN
Number of
recordkeepers
Number of
records per recordkeeper
Total one-time
records
Average
burden per
recordkeeping
(in hours)
§ 1.615 ................................................................................
§ 1.645 ................................................................................
§ 1.624(d) ...........................................................................
§ 1.657(d) ...........................................................................
Contract modification .........................................................
§ 1.651 ................................................................................
§ 1.653(b)(2) .......................................................................
11
92
11
92
11
92
92
1
1
1
1
8.27
48
1
11
92
11
92
91
4,416
92
2
2
160
160
2
2
1
22
184
1,760
14,720
182
8,832
92
Total One-Time Recordkeeping Burden .....................
........................
..........................
........................
........................
25,792
21 CFR Part 1, subpart M
Total hours
Note: There are no operations and maintenance costs associated with one-time recordkeeping burden.
TABLE 11—SCENARIO 2, ESTIMATED ONE-TIME RECORDKEEPING BURDEN
Number of
recordkeepers
Number of
records per recordkeeper
Total one-time
records
Average
burden per
recordkeeping
(in hours)
§ 1.615 ................................................................................
§ 1.645 ................................................................................
§ 1.624(d) ...........................................................................
§ 1.657(d) ...........................................................................
Contract modification .........................................................
§ 1.651 ................................................................................
§ 1.653(b)(2) .......................................................................
17
141
17
141
17
141
141
1
1
1
1
8.23
55.4
1
17
141
17
141
140
7,811
141
2
2
160
160
2
2
1
34
282
2,720
22,560
280
15,623
141
Total One-Time Recordkeeping Burden .....................
........................
..........................
........................
........................
41,640
21 CFR Part 1, subpart M
Total hours
Note: There are no operations and maintenance costs associated with one-time recordkeeping burden.
TABLE 12—SCENARIO 3, ESTIMATED ONE-TIME RECORDKEEPING BURDEN
Number of
recordkeepers
Number of
records per recordkeeper
Total one-time
records
Average
burden per
recordkeeping
(in hours)
§ 1.615 ................................................................................
§ 1.645 ................................................................................
§ 1.624(d) ...........................................................................
§ 1.657(d) ...........................................................................
Contract modification .........................................................
§ 1.651 ................................................................................
§ 1.653(b)(2) .......................................................................
25
208
25
208
25
208
208
1
1
1
1
8.79
48.5
1
25
208
25
208
220
10,088
208
2
2
160
160
2
2
1
50
416
4,000
33,280
440
20,176
208
Total One-Time Recordkeeping Burden .....................
........................
..........................
........................
........................
58,570
21 CFR Part 1, subpart M
Total hours
Note: There are no operations and maintenance costs associated with one-time recordkeeping burden.
mstockstill on DSK4VPTVN1PROD with RULES4
TABLE 13—SCENARIO 1, ESTIMATED ANNUAL RECORDKEEPING BURDEN
Number of
recordkeepers
21 CFR Part 1, subpart M
Number of
records per recordkeeper
Total one-time
records
§ 1.625 ................................................................................
11
397
4,367
§ 1.624(c) ...........................................................................
11
1
11
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
PO 00000
Frm 00073
Fmt 4701
Sfmt 4700
E:\FR\FM\27NOR4.SGM
27NOR4
Average
burden per
recordkeeping
(in hours)
0.025
(15 minutes)
8
Total hours
1,092
88
74642
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
TABLE 13—SCENARIO 1, ESTIMATED ANNUAL RECORDKEEPING BURDEN—Continued
Number of
recordkeepers
21 CFR Part 1, subpart M
Number of
records per recordkeeper
Average
burden per
recordkeeping
(in hours)
Total one-time
records
§ 1.657(d) ...........................................................................
§ 1.652 ................................................................................
92
92
1
48
92
4,416
§ 1.653(b)(2) .......................................................................
92
48
4,416
§ 1.656(c) ...........................................................................
92
0.25
Total Annual Recordkeeping Burden .........................
........................
..........................
Total hours
736
367
23
8
0.083
(5 minutes)
0.083
(5 minutes)
1
........................
........................
2,673
367
23
Note: There are no operations and maintenance costs associated with one-time recordkeeping burden.
TABLE 14—SCENARIO 2, ESTIMATED ANNUAL RECORDKEEPING BURDEN
Number of
recordkeepers
21 CFR Part 1, subpart M
Number of
records per recordkeeper
Average
burden per
recordkeeping
(in hours)
Total one-time
records
§ 1.625 ................................................................................
17
456
7,752
§ 1.624(c) ...........................................................................
§ 1.657(d) ...........................................................................
§ 1.652 ................................................................................
17
141
141
1
1
55.4
17
141
7,811
§ 1.653(b)(2) .......................................................................
141
55.4
7,811
§ 1.656(c) ...........................................................................
141
0.25
35
0.25
(15 minutes)
8
8
0.083
(5 minutes)
0.083
(5 minutes)
1
Total Annual Recordkeeping Burden .........................
........................
..........................
........................
........................
Total hours
1,938
136
1,128
648
648
35
4,533
Note: There are no operations and maintenance costs associated with one-time recordkeeping burden.
TABLE 15—SCENARIO 3, ESTIMATED ANNUAL RECORDKEEPING BURDEN
Number of
recordkeepers
21 CFR Part 1, subpart M
Number of
records per recordkeeper
426
Average
burden per
recordkeeping
(in hours)
Total one-time
records
§ 1.625 ................................................................................
25
§ 1.624(c) ...........................................................................
§ 1.657(d) ...........................................................................
§ 1.652 ................................................................................
25
208
208
1
1
48.5
25
208
10,088
§ 1.653(b)(2) .......................................................................
208
48.5
10,088
§ 1.656(c) ...........................................................................
208
0
Total Annual Recordkeeping Burden .........................
........................
..........................
10,650
52
0.25
(15 minutes)
8
8
0.083
(5 minutes)
0.083
(5 minutes)
1
........................
........................
Total hours
2,663
200
1,664
837
837
52
6,253
mstockstill on DSK4VPTVN1PROD with RULES4
Note: There are no operations and maintenance costs associated with one-time recordkeeping burden.
Sections 1.615 and 1.645 of the ThirdParty final rule require that at the time
an AB submits an application for
recognition (under § 1.630 of the ThirdParty final rule) or a CB submits an
application for direct accreditation
(under § 1.660, or where applicable
under § 1.670), the AB or CB must
demonstrate that it has implemented
written procedures to adequately
establish, control, and maintain records
for the period of time necessary to meet
its contractual and legal obligations
pertaining to the third-party program.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
Currently, ABs maintain recordkeeping
protocols relating to their operations;
however, we expect that ABs will
review their recordkeeping protocols
and, if necessary, modify them to meet
the requirements of § 1.615 of the ThirdParty final rule before submitting
applications for recognition. We believe
that the records requirements for ABs in
§ 1.615 and CBs in § 1.645 would
constitute a new one-time burden for
the 11 to 25 ABs in each of the three
considered scenario, and 92 to 208 CBs
respectively. We expect that it would
PO 00000
Frm 00074
Fmt 4701
Sfmt 4700
take no more than 2 hours for an AB or
a CB to modify its recordkeeping
protocol to comply with the written
recordkeeping requirements described
in §§ 1.615 and 1.645 of the Third-Party
final rule (see tables 10 to 12).
Therefore, under Scenario 1, we
estimate that it would take 22 hours (2
hours/AB × 11 ABs) for ABs to comply
with § 1.615 (34 hours under Scenario 2,
and 50 hours under Scenario 3) (see
tables 10 to 12). We estimate 184 hours
(2 hours/CB × 92 CBs) for CBs to comply
with § 1.645 of the Third-Party final rule
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
(282 hours under Scenario 2, and 416
hours under Scenario 3) (see tables 10
to 12).
Section 1.625 of the Third-Party final
rule requires that an AB that has been
recognized maintain records
documenting requests by CBs for
accreditation from the AB (per § 1.660),
challenges to adverse accreditation
decisions (§ 1.620(c)), monitoring
activities of its accredited CBs (§ 1.621),
self-assessments and corrective actions
(§ 1.622), copies of regulatory audit
reports submitted by its accredited CBs
(§ 1.656), and copies of records of
reports or notifications made to us, as
required by § 1.623. A recognized AB’s
requirements for reporting and
notifications per § 1.623 of the ThirdParty final rule include submission of
results of its annual performance
assessment of each of its accredited CBs
(§ 1.623(a)) and the results of its selfassessment (§ 1.623(b)) (see tables 20 to
22). A recognized AB also must notify
us immediately upon granting,
withdrawing, suspending, reducing the
scope of accreditation of a CB or upon
its determination that a CB it accredited
issued a food or facility certification in
violation of subpart M, pursuant to
§ 1.623(c) of the Third-Party final rule.
Additionally, a recognized AB must
notify us within 30 days after making
significant changes to its operations that
would affect the manner in which it
complies with the Third-Party final rule
(§ 1.623(d)).
Under current practice, ABs maintain
records documenting requests by CBs
for accreditation, monitoring activities
of CBs they have accredited, and selfassessments and corrective actions. The
records currently maintained by ABs are
similar to those that would be required
of a recognized AB under § 1.623 of the
Third-Party final rule. However, CBs do
not currently send copies of audit
reports of their clients (food facilities) to
their ABs. Therefore, an AB’s
maintenance of records pertaining to
regulatory audit reports submitted by
CBs they have accredited is considered
as a new recordkeeping burden for
recognized ABs. We expect that it
would take no more than 15 minutes
(0.25 hour) for a recognized AB to file
a regulatory audit report submitted by
its accredited CBs. Under Scenario 1, we
estimate the burden for 11 recognized
ABs to maintain regulatory audit reports
that were submitted to them by their
accredited CBs. We estimate that
following the implementation of the
Third-Party final rule, under Scenario 1,
each recognized AB will accredit
approximately 8.27 CBs under the
program (average of 10-year period)
(8.23 CBs/AB under Scenario 2; 8.79
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
CBs/AB under Scenario 3). In addition,
under Scenario 1, we estimate that each
CB accredited under the third-party
program, on average, will conduct
regulatory audits on approximately 48
eligible entities a year (average of 10year period) (55.4 foreign suppliers per
CB under Scenario 2; 48.5 foreign
suppliers per CB under Scenario 3).
Under Scenario 1, we expect that each
recognized AB will receive, on average,
397 regulatory audit reports (48
regulatory audit reports/CB × 8.27 CBs/
AB) from its CBs annually resulting in
a total of 4,367 records per year (397
audit reports/AB × 11 ABs). Under
Scenario 2, we expect that each
recognized AB will receive, on average,
456 regulatory audit reports (55.4
regulatory audit reports/CB × 8.23 CBs/
AB) from its CBs annually resulting in
a total of 7,752 records per year (456
audit reports/AB × 17 ABs). Under
Scenario 3, we expect that each
recognized AB will receive, on average,
426 regulatory audit reports (48.5
regulatory audit reports/CB × 8.79 CBs/
AB) from its CBs annually resulting in
a total of 10,650 records per year (426
audit reports/AB × 25 ABs). Total
annual burden of recordkeeping
requirement for recognized AB under
§ 1.625 of the Third-Party final rule is
estimated at 1,092 hours (4,367 records
× 0.25 hours/record) under Scenario 1
(1,938 hours under Scenario 2; 2,663
hours under Scenario 3) (see tables 13
to 15).
Section 1.624(d) of the Third-Party
final rule requires each recognized AB
maintain on its Web site an up-to-date
list of CBs it has accredited under the
Third-Party final rule and for each CB
identify the duration and scope of
accreditation and date(s) on which the
CB paid the AB any fee or
reimbursement associated with such
accreditation. Recognized ABs must also
include information about changes in
accreditation status of third-party
certification bodies. Our review of AB
Web sites found that none of the ABs
reviewed publish all the information
that is required by § 1.620(d) of the
Third-Party final rule on their Web sites.
We estimate that each AB, on average,
would initially spend approximately
160 hours to update its Web page to
conform with this section of the ThirdParty final rule. Under Scenario 1, the
one-time burden of conforming to
§ 1.624(d) of the Third-Party final rule
by 11 recognized ABs is estimated at
approximately 1,760 hours (11 ABs ×
160 hours/AB) (see table 10). Under
Scenario 2, the one-time burden of
conforming to § 1.624(d) of the ThirdParty final rule by 17 recognized ABs is
PO 00000
Frm 00075
Fmt 4701
Sfmt 4700
74643
estimated at approximately 2,720 hours
(17 ABs × 160 hours/AB) (see table 11).
Under Scenario 3, the one-time burden
of conforming to § 1.624(d) of the ThirdParty final rule by 25 recognized ABs is
estimated at approximately 4,000 hours
(25 ABs × 160 hours/AB) (see table 12).
In addition, we estimate that each
recognized AB would spend 8 hours
annually, following the initial year, to
update information as required by
§ 1.624(d) of the Third-Party final rule.
Under Scenario 1, the annual hourly
burden for 11 recognized ABs to update
their Web pages to conform to
disclosure of information requirement
per § 1.624(d) of the Third-Party final
rule is estimated at 88 hours (8 hours/
AB × 11 ABs) (136 hours under Scenario
2; 200 hours under Scenario 3) (see
tables 13 to 15).
Similarly, § 1.657(d) of the ThirdParty final rule requires a CB accredited
in compliance with the Third-Party final
rule to maintain on its Web site an upto-date list of eligible entities which it
has issued certifications under this
subpart. For each such eligible entity
the Web site also must identify the
duration and scope of the certification
and date(s) on which the eligible entity
paid the CB accredited under the thirdparty program any fee or reimbursement
associated with such audit or
certification. In the Third-Party final
Regulatory Impact Analysis, we estimate
that following the implementation of the
Third-Party final rule and VQIP draft
guidance, there will be approximately
91 CBs accredited by recognized ABs
and 1 directly-accredited CB under
Scenario 1 (140 CBs and one directlyaccredited CB under Scenario 2; 207
CBs and 1 directly-accredited CB under
Scenario 3). Under Scenario 1, the onetime recordkeeping burden of 92 CBs
accredited under the third-party
program to comply with § 1.657(d) of
the Third-Party final rule is estimated at
14,720 hours (160 hours/CB × 92 CBs)
(22,560 hours under Scenario 2; 33,280
hours under Scenario 3) (see tables 10
to 12). In addition, we estimate that
each CB would spend 8 hours annually,
following the initial year, to update
information as required by § 1.657(d) of
the Third-Party final rule. Under
Scenario 1, annual hourly burden for 92
CBs accredited under the third-party
program to update their Web pages to
conform to disclosure of information
requirement per § 1.657(d) of the ThirdParty final rule is estimated at 736 hours
(8 hours/CB × 92 CBs) (1,128 hours
under Scenario 2; 1,664 hours under
Scenario 3) (see tables 13 to 15).
There are certain provisions within
the Third-Party final rule that may
require ABs to modify their contracts
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74644
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
with their CBs in order to comply with
the Third-Party final rule. Therefore, it
is expected that recognized ABs will
modify their contracts with their
accredited CBs to be able to conduct
activities such as conducting
unannounced audits of their accredited
CBs’ facilities. Minor modifications or
addenda to contracts with standard
language provided by provisions in the
Third-Party final rule would consist of
no more than 1 hour by an AB executive
and 1 hour by a legal counsel
representing the AB. As we discussed,
following the implementation of the
Third-Party final rule, we expect that
each recognized AB will accredit
approximately 8.27 CBs (8.23 CBs/AB
under Scenario 2; 8.79 CBs/AB under
Scenario 3). Therefore, under Scenario
1, a total of 91 contracts (8.27 contracts/
AB × 11 ABs) (140 contracts under
Scenario 2; 220 contracts under
Scenario 3) are expected to be modified
to reflect changes in contractual
obligations between each recognized AB
and its accredited CBs under the ThirdParty final rule (see tables 10 to 12). The
one-time burden of initial modification
of 91 contracts between 11 recognized
ABs and their respective accredited CBs
is approximately 182 hours (91
contracts × 2 hours/contract) (280 hours
under Scenario 2; 440 hours under
Scenario 3) (see tables 10 to 12).
Similarly, CBs accredited by
recognized ABs would need to modify
or create new contracts with their client
eligible entities in order to gain access
to any records and any area of the
facility, its process(es), and food of the
eligible entity relevant to the scope and
purpose of audit being performed by the
CB (§ 1.651). Considering that each of
the expected 92 CBs accredited under
the third-party program, under Scenario
1, will each have approximately 48
client eligible entities, we expect that
approximately 4,416 contracts (48
contracts/CB × 92 CBs) between CBs
accredited under the third-party
program and eligible entities will be
modified (7,811 contracts scenario 2;
10,088 contracts under Scenario 3) (see
tables 10 to 12). Under Scenario 1, the
one-time burden of initial modification
of 4,416 contracts between 92 CBs
accredited under the third-party
program and their respective client
eligible entities is approximately 8,832
hours (4,416 contracts × 2 hours/
contract) (15,623 hours under Scenario
2; 20,176 hours under Scenario 3) (see
tables 10 to 12).
Section 1.652 of the Third-Party final
rule requires that CBs accredited under
the third-party program include certain
information in reports of food safety
audits. We believe that some
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
information such as the FDA food
facility registration number (where
applicable) of the facility subject to the
audit are currently not included in food
safety audits conducted by CBs
accredited under other programs.
Although this information may not be
required as part of the Third-Party
program, we have conservatively
included the burden of providing such
information in this analysis. We expect
that it would take about 5 minutes
(0.083 hour), on average, by a CB
accredited under the third-party
program to include additional
information, as required in § 1.652, in
reports of food safety audits. Therefore,
at a minimum, under Scenario 1, each
CB accredited under the third-party
program must modify a regulatory audit
report for each of its 48 eligible entities
(55.4 eligible entities per CB in Scenario
2; 48.5 eligible entities per CB in
Scenario 3) every year. Under Scenario
1, total annual records of 92 CBs
accredited under the third-party
program modifying regulatory audit
reports of their client eligible entities is
estimated at 4,416 records (92 CBs × 48
eligible entities/CB × 1 record/eligible
entity) (7,811 records under Scenario 2;
10,088 records under Scenario 3).
Annual recordkeeping burden of CBs
accredited under the third-party
program, per § 1.652 of the Third-Party
final rule, is estimated at 367 hours
(4,416 records × 0.083 hour/record) for
Scenario 1 (648 hours for Scenario 2;
837 hours for Scenario 3) (see tables 13
to 15).
Accredited third-party CBs will incur
additional recordkeeping costs
associated with modifying existing
certification templates to meet the
requirements of § 1.653(b)(2). For
example, we are requiring accredited
CBs to provide a certification number
that follows an FDA numeric
designation. We have included the
burden of providing such information in
this analysis because we know that CBs
currently do not use an FDA designation
in numbering their certificates. To the
extent that any of the elements in
§ 1.653(b)(2) are already included in
current certificates issued by some CBs,
such as the date(s) and scope of the
audit, the recordkeeping burden may be
overestimated. We expect that it will
take no more than 1 hour, on average,
to change the design of certifications
issued by CBs accredited under the
third-party program. Under Scenario 1,
we estimate a one-time recordkeeping
burden of modifying the design of the
certifications of 92 CBs accredited under
the third-party program at 92 hours (92
CBs × 1 hour/CB) (141 hours under
PO 00000
Frm 00076
Fmt 4701
Sfmt 4700
Scenario 2; 208 hours under Scenario 3)
(see tables 16 to 18).
We expect that the burden to fill
additional information on a certification
that is issued is 5 minutes (0.083 hour).
Therefore, under Scenario 1, the annual
burden of § 1.653(b)(2) is estimated at
367 hours (92 CBs × 1 certificate/entity
× 48 entities/CB × 0.083 hour/certificate)
(see table 19). Under Scenario 2, the
annual burden of § 1.653(b)(2) is
estimated at 648 hours (141 CBs × 1
certificate/entity × 55.4 entities/CB ×
0.083 hour/certificate) (see table 20).
Finally, under Scenario 3, the annual
burden of § 1.653(b)(2) is estimated at
837 hours (208 CBs × 1 certificate/entity
× 48.5 entities/CB × 0.083 hour/
certificate) (see table 21).
Section 1.656(c) of the Third-Party
final rule requires that CBs accredited
under the third-party program report to
us any condition, found during a
regulatory or consultative audit of an
eligible entity, which could cause or
contribute to a serious risk to the public
health. We believe that these
occurrences are rare and may occur
once every 4 years, or 0.25 times per
year. Reporting serious hazard
conditions would consist of the onsite
audit agent of a CB accredited under the
third-party program to document the
event as a record and to immediately
submit the record to us. Therefore,
under Scenario 1, the annual number of
records prepared by 92 CBs accredited
under the third-party program is
estimated at 23 (0.25 records/CB × 92
CBs) (35 records under Scenario 2; 52
records under Scenario 3). It is expected
that a CB accredited under the thirdparty program would take no more than
1 hour to prepare such record
(notification). Under Scenario 1, annual
burden of preparation of records per
§ 1.656(c) of the Third-Party final rule
by 92 CBs accredited under the thirdparty program is estimated at 23 hours
(23 records × 1 hour/record; see table
13) (35 hours for Scenario 2, and 52
hours for Scenario 3; see tables 14 to
15).
We also acknowledge that an
accreditation body seeking to challenge
a denial of its application for
recognition, renewal of recognition, or
reinstatement of recognition will incur
costs in compiling information to
support its request for reconsideration
under § 1.691 or its request for internal
Agency review under § 1.692. A thirdparty certification body seeking to
challenge a denial of its application for
direct accreditation, renewal of direct
accreditation, or reaccreditation as a
directly accredited third-party
certification body will incur costs in
compiling information to support its
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
request for reconsideration under
§ 1.691 or its request for internal Agency
review under § 1.692, as will any
accredited third-party certification body
seeking to challenge a denial of its
request for a waiver of the conflict of
interest requirement of § 1.650(b) or a
waiver extension. We anticipate that
most accreditation bodies and thirdparty certification bodies who seek to
participate in our program will carefully
consider the program requirements
before applying to, or joining, the
program or before submitting a waiver
request. We anticipate the submission of
challenges under § 1.691 or § 1.692 to be
an infrequent event, and one that most
program participants will not encounter.
Therefore, we are not calculating costs
associated with the compiling of
information to support a request for
reconsideration under § 1.691 or a
request for internal agency review under
§ 1.692 by an accreditation body seeking
to challenge a denial of its application
for recognition, renewal of recognition,
or reinstatement of recognition; by an
third-party certification body seeking to
challenge a denial of its application for
direct accreditation, renewal of direct
accreditation, or reaccreditation as a
directly accredited third-party
certification body; or by an accredited
third-party certification body seeking to
challenge a denial of its request for a
waiver of the conflict of interest
requirement of § 1.650(b) or a waiver
extension.
74645
Reporting Burden
In summary, under Scenario 1, total
one-time reporting burden by 11
recognized ABs and 92 CBs accredited
under the third-party program is
estimated at 960 hours (see table 16).
Under Scenario 2, total one-time
reporting burden by 17 recognized ABs
and 141 CBs accredited under the thirdparty program is estimated at 1,440
hours (see table 17). Under Scenario 3,
total one-time reporting burden by 25
recognized ABs and 208 CBs accredited
under the third-party program is
estimated at 2,080 hours (see table 18).
Total annual reporting burden, under
Scenarios 1 to 3 is estimated between
3,466 and 7,919 hours (see tables 19 to
21).
TABLE 16—SCENARIO 1, ESTIMATED ONE-TIME REPORTING BURDEN
Number of
recordkeepers
21 CFR Part 1, subpart M
Number of
records per
recordkeeper
Total one-time
records
Average
burden per
recordkeeping
(in hours)
Total hours
§ 1.630 ..................................................................................
§ 1.670(a–b) .........................................................................
11
1
1
1
11
1
80
80
880
80
Total One-Time Reporting Burden ...............................
........................
........................
........................
........................
960
Note: There are no operations and maintenance costs associated with one-time reporting burden.
TABLE 17—SCENARIO 2, ESTIMATED ONE-TIME REPORTING BURDEN
Number of
recordkeepers
21 CFR Part 1, subpart M
Number of
records per
recordkeeper
Total one-time
records
Average
burden per
recordkeeping
(in hours)
Total hours
§ 1.630 ..................................................................................
§ 1.670(a–b) .........................................................................
17
1
1
1
17
1
80
80
1,360
80
Total One-Time Reporting Burden ...............................
........................
........................
........................
........................
1,440
Note: There are no operations and maintenance costs associated with one-time reporting burden.
TABLE 18—SCENARIO 3, ESTIMATED ONE-TIME REPORTING BURDEN
Number of
recordkeepers
21 CFR Part 1, subpart M
Number of
records per
recordkeeper
Total one-time
records
Average
burden per
recordkeeping
(in hours)
Total hours
§ 1.630 ..................................................................................
§ 1.670(a–b) .........................................................................
25
1
1
1
25
1
80
80
2,000
80
Total One-Time Reporting Burden ...............................
........................
........................
........................
........................
2,080
Note: There are no operations and maintenance costs associated with one-time reporting burden.
TABLE 19—SCENARIO 1, ESTIMATED ANNUAL REPORTING BURDEN
Number of
recordkeepers
Number of
records per recordkeeper
Total one-time
records
§ 1.634 ................................................................................
§ 1.673 ................................................................................
§ 1.623(a) ...........................................................................
11
1
11
1
1
8.27
11
1
91
§ 1.623(b) ...........................................................................
11
1
11
mstockstill on DSK4VPTVN1PROD with RULES4
21 CFR Part 1, subpart M
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
PO 00000
Frm 00077
Fmt 4701
Sfmt 4700
E:\FR\FM\27NOR4.SGM
27NOR4
Average
burden per
recordkeeping
(in hours)
8
10
0.25
(15 minutes)
0.25
(15 minutes)
Total hours
88
10
23
3
74646
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
TABLE 19—SCENARIO 1, ESTIMATED ANNUAL REPORTING BURDEN—Continued
Number of
recordkeepers
21 CFR Part 1, subpart M
Number of
records per recordkeeper
Average
burden per
recordkeeping
(in hours)
Total one-time
records
§ 1.653(b)(1) .......................................................................
92
48
4,416
§ 1.656(a) 1
.........................................................................
91
48
4,368
§ 1.656(a) 2 .........................................................................
91
48
4,368
§ 1.656(a) 3 .........................................................................
1
48
48
§ 1.656(b) 4 .........................................................................
91
1
91
§ 1.656(b) 5 .........................................................................
1
1
1
§ 1.656(c) ...........................................................................
92
0.25
23
§ 1.656(e) 6 .........................................................................
92
0.25
23
§ 1.656(e) 7 .........................................................................
91
0.25
23
Total Annual Reporting Burden ..................................
........................
..........................
........................
Total hours
0.25
(15 minutes)
0.25
(15 minutes)
0.25
(15 minutes)
0.25
(15 minutes)
0.25
(15 minutes)
0.25
(15 minutes)
0.25
(15 minutes)
0.25
(15 minutes)
0.25
(15 minutes)
1,104
........................
3,446
1,092
1,092
12
23
1
6
6
6
Note: There are no operations and maintenance costs associated with annual reporting burden.
1 Annual reporting of regulatory audit reports by CBs accredited by recognized ABs to their accrediting ABs.
2 Annual reporting of regulatory audit reports by CBs accredited by recognized ABs to the FDA.
3 Annual reporting of regulatory audit reports by directly accredited CBs to the FDA.
4 Annual reporting of self-assessment by accredited CBs to their recognized ABs.
5 Annual reporting of self-assessment by directly-accredited CBs to the FDA.
6 Annual reporting of serious risk to public health by CBs accredited under the third-party program to eligible entities.
7 Annual reporting of serious risk to public health by accredited CBs to their recognized ABs.
TABLE 20—SCENARIO 2, ESTIMATED ANNUAL REPORTING BURDEN
Number of
recordkeepers
21 CFR Part 1, subpart M
Number of
records per
recordkeeper
§ 1.634 ................................................................................
§ 1.673 ................................................................................
§ 1.623(a) ...........................................................................
17
1
17
1
1
8.23
§ 1.623(b) ...........................................................................
17
Average
burden per
recordkeeping
(in hours)
Total one-time
records
17
1
140
1
(15
17
(15
§ 1.653(b)(1) .......................................................................
141
55.4
7,811
(15
§ 1.656(a) 1 .........................................................................
140
55.4
7,756
(15
§ 1.656(a) 2 .........................................................................
140
55.4
7,756
(15
§ 1.656(a) 3 .........................................................................
1
55.4
55
(15
§ 1.656(b) 4 .........................................................................
140
1
140
(15
§ 1.656(b) 5 .........................................................................
1
1
1
(15
§ 1.656(c) ...........................................................................
141
0.25
35
(15
§ 1.656(e) 6 .........................................................................
141
0.25
35
(15
§ 1.656(e) 7 .........................................................................
140
0.25
35
mstockstill on DSK4VPTVN1PROD with RULES4
(15
Total Annual Reporting Burden ..................................
........................
..........................
........................
........................
Note: There are no operations and maintenance costs associated with annual reporting burden.
1 Annual reporting of regulatory audit reports by CBs accredited by recognized ABs to their accrediting ABs.
2 Annual reporting of regulatory audit reports by CBs accredited by recognized ABs to the FDA.
3 Annual reporting of regulatory audit reports by directly-accredited CBs to the FDA.
4 Annual reporting of self-assessment by CBs to their recognized ABs.
5 Annual reporting of self-assessment by directly-accredited CBs to the FDA.
6 Annual reporting of serious risk to public health by CBs accredited under the third-party program to eligible entities.
7 Annual reporting of serious risk to public health by CBs to their recognized ABs.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
PO 00000
Frm 00078
Fmt 4701
Sfmt 4700
E:\FR\FM\27NOR4.SGM
8
10
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
27NOR4
Total hours
136
10
35
4
1,953
1,939
1,939
14
35
1
9
9
9
6,093
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
74647
TABLE 21—SCENARIO 3, ESTIMATED ANNUAL REPORTING BURDEN
Number of
recordkeepers
Number of
records per recordkeeper
§ 1.634 ................................................................................
§ 1.673 ................................................................................
§ 1.623(a) ...........................................................................
25
1
25
1
1
8.79
25
1
220
§ 1.623(b) ...........................................................................
25
1
Average burden per recordkeeping
(in hours)
Total one-time
records
21 CFR Part 1, subpart M
(15
25
(15
§ 1.653(b)(1) .......................................................................
208
48.5
10,088
(15
§ 1.656(a) 1 .........................................................................
207
48.5
10,040
(15
§ 1.656(a) 2 .........................................................................
207
48.5
10,040
(15
§ 1.656(a) 3 .........................................................................
1
55.4
55
(15
§ 1.656(b) 4 .........................................................................
207
1
207
(15
§ 1.656(b) 5 .........................................................................
1
1
1
(15
§ 1.656(c) ...........................................................................
208
0.25
52
(15
§ 1.656(e) 6 .........................................................................
208
0.25
52
(15
§ 1.656(e) 7 .........................................................................
207
0.25
52
(15
Total Annual Reporting Burden ..................................
........................
..........................
........................
8
10
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
0.25
minutes)
........................
Total hours
200
10
55
6
2,522
2,510
2,510
14
52
1
13
13
13
7,919
mstockstill on DSK4VPTVN1PROD with RULES4
Note: There are no operations and maintenance costs associated with annual reporting burden.
1 Annual reporting of regulatory audit reports by CBs accredited by recognized ABs to their accrediting ABs.
2 Annual reporting of regulatory audit reports by CBs accredited by recognized ABs to the FDA.
3 Annual reporting of regulatory audit reports by directly-accredited CBs to the FDA.
4 Annual reporting of self-assessment by CBs to their recognized ABs.
5 Annual reporting of self-assessment by directly-accredited CBs to the FDA.
6 Annual reporting of serious risk to public health by CBs accredited under the third-party program to eligible entities.
7 Annual reporting of serious risk to public health by CBs to their recognized ABs.
Section 1.630 of the Third-Party final
rule allows for any AB to apply for
recognition. Under Scenario 1, we
estimate that approximately 11 ABs
would apply for recognition. We
estimate that it will take 80 personhours to compile all the relevant
information and complete the
application for recognition. The initial
application for recognition is a one-time
burden for each AB that applies. Under
Scenario 1, the one-time initial
application burden for 11 ABs is
estimated at 880 hours (11 applications
× 80 hours/application) (see table 16).
The one-time initial application burden
for 17 ABs, under Scenario 2 (25 ABs
under Scenario 3), is estimated at 1,360
hours (2,000 hours under Scenario 3)
(see tables 17 and 18). The duration of
recognition for a recognized AB will not
exceed 5 years per § 1.632 of the ThirdParty final rule. Therefore, it is expected
that each of the recognized ABs would
apply to renew its recognition every 5
years per § 1.634 of the Third-Party final
rule. We expect that applications for
renewal of recognition will take
significantly less time to prepare. We
use 50 percent of the amount of effort
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
to prepare and submit an application for
renewal of recognition. Therefore, it is
expected that, on average, each
recognized AB will spend 40 hours
every 5 years (after the initial
application) to complete and submit an
application for renewal of its
recognition, or approximately 8 hours
per year (40 hours ÷ 5 years) for each
AB. Therefore, the annual burden of
completing the renewal of recognition
application by 11 ABs, under Scenario
1, is 88 hours (11 applications × 8
hours/application) per year (136 hours
per year for 17 ABs under Scenario 2;
200 per hour for each of 25 ABs under
Scenario 3) (see tables 19 to 21).
Similarly, § 1.670(a) and (b) of the
Third-Party final rule allows for CBs to
apply to us for direct accreditation,
when the criteria for direct accreditation
are met. We estimate that approximately
one CB would apply for direct
accreditation. It is expected that the
application for direct accreditation
would require the same amount of effort
as does an AB’s application for
recognition. Hence, we estimate that the
initial application for direct
accreditation would take 80-person
PO 00000
Frm 00079
Fmt 4701
Sfmt 4700
hours. The one-time initial application
burden for 1 CB, for each scenario, is
estimated at 80 hours (1 application ×
80 hours/application) (see tables 16 to
18). The duration of accreditation for a
directly-accredited CB will not exceed 4
years, per § 1.671 of the Third-Party
final rule. Therefore, it is expected that
each of the expected directly-accredited
CBs would apply to renew its
accreditation every 4 years, per § 1.673
of the Third-Party final rule. We expect
that directly accredited CBs use 50
percent amount of effort, or 40 personhours, for their initial application for
direct accreditation, yielding an average
of 10 hours per year. Therefore, the
annual burden of completing the
application for renewal by 1 directlyaccredited CB is 10 hours (1 application
× 10 hours/application) per year (see
tables 19 to 21).
For the purposes of the Third-Party
final economic and PRA analyses, we
have estimated costs assuming that,
during the application process, affected
entities will do their paperwork
properly and completely the first time.
If we assumed a less consistent
outcome, one that would result in
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74648
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
recognition denials, the initial burden
might increase.
Section 1.623(a) of the Third-Party
final rule requires that recognized ABs
annually conduct comprehensive
assessments of the performance of CBs
they have accredited and submit the
results of the assessments to us within
45 days of their completion. We expect
that it would take no more than 15
minutes (0.25 hour) for a recognized AB
to electronically submit the assessment
of each its accredited CBs. Following
the implementation of the Third-Party
final rule and VQIP draft guidance, we
expect, on average, each recognized AB
would accredit approximately 8.27 CBs
(8.23 CBs under Scenario 2; 8.79 under
Scenario 3). Therefore, under Scenario
1, each recognized AB would submit, on
average, approximately 91 copies of
assessments of performance of their
accredited CBs (8.27 assessments/AB ×
11 ABs) (140 assessments under
Scenario 2; 220 under Scenario 3).
Under Scenario 1, annual reporting of
91 assessments by 11 recognized ABs is
estimated at 23 hours (91 submission of
assessments × 0.25 hour/submission)
(35 hours under Scenario 2; 55 hours
under Scenario 3) (see tables 19 to 21).
Section 1.623(b) of the Third-Party
final rule requires that recognized ABs
annually conduct a self-assessment and
submit the assessments within 45 days
of their completion. We expect that it
would take no more than 15 minutes for
an AB to electronically submit a copy of
its self-assessment. Under Scenario 1,
annual reporting of 11 self-assessments
by 11 recognized ABs is estimated at 3
hours (11 submission of selfassessments × 0.25 hour/submission) (4
hours under Scenario 2; 6 hours under
Scenario 3) (see tables 10 to 21).
Section 1.656(a) of the Third-Party
final rule requires that a CB accredited
under the third-party program must
submit the regulatory audit reports it
conducts to us and to the AB that
granted its accreditation (where
applicable) within 45 days after
completing such audit. In the ThirdParty final economic analysis, we
estimate that following the
implementation of the Third-Party final
rule, there will be 11 recognized ABs
that accredit 91 CBs (17 recognized ABs
and 140 accredited CBs under Scenario
2; 25 recognized ABs and 207 accredited
CBs under Scenario 3), and we will
directly accredit one CB. In addition, we
estimated that each CB accredited under
the third-party program, on average,
conducts food safety audits and certifies
48 eligible entities under Scenario 1
(55.4 eligible entities/CB under Scenario
2; 48.5 eligible entities/CB under
Scenario 3). Therefore, under Scenario
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
1, CBs accredited by recognized ABs
will annually submit 4,368 regulatory
audit reports (91 CBs × 48 reports/CB)
to their accrediting ABs and 4,368
reports to us (see table 19). Similarly,
under Scenarios 2 and 3, CBs accredited
by recognized ABs will annually submit
7,756 and 10,040 regulatory audit
reports to their accrediting ABs and the
FDA, respectively (see tables 20 and 21).
Under Scenario 1, the directlyaccredited CB will annually submit 48
regulatory audit reports (1 CB × 48
reports/CB) (see table 19). The number
of eligible entities per directlyaccredited CB increases to 55.4 in
Scenario 2. We assume that the number
of eligible entities per directlyaccredited CBs remains the same for
Scenario 3. We expect that it would take
no more than 15 minutes (0.25 hour) for
a CB accredited under the third-party
program to electronically submit a copy
of the regulatory report it conducts to us
and to its AB (where applicable).
Under Scenario 1, annual reporting
burden for CBs accredited by recognized
ABs is estimated at 1,092 hours (4,368
reports × 0.25 hours/report) for
submitting copies of regulatory audit
reports they have conducted to their
accrediting ABs and 1,092 hours for
submitting the same records to us (see
table 19). Under Scenario 2, annual
reporting burden for CBs accredited by
recognized ABs is estimated at 1,939
hours (7,756 reports × 0.25 hours/report)
for submitting copies of regulatory audit
reports they have conducted to their
accrediting ABs and 1,939 hours for
submitting the same records to us (see
table 20). Similarly, under Scenario 3,
annual reporting burden for CBs
accredited by recognized ABs is
estimated at 2,510 hours (10,040 reports
× 0.25 hours/report) for submitting
copies of regulatory audit reports they
have conducted to their accrediting ABs
and 2,510 hours for submitting the same
records to us (see table 21). Under
Scenario 1, annual burden for
submission of regulatory audit reports
by directly-accredited CBs is estimated
at 12 hours (48 reports × 0.25 hours/
report) (14 hours for Scenarios 2 and 3)
(see tables 19 to 21).
Section 1.656(b) of the Third-Party
final rule requires CBs accredited under
the third-party program to submit
reports of their annual self-assessments
electronically to their ABs, or in the
case of direct accreditation to us, within
45 days of the anniversary date of their
accreditation under subpart M. We
expect that it would take no more than
15 minutes (0.25 hour) for a CB
accredited under the third-party
program to electronically send a copy of
its annual self-assessment to its AB or
PO 00000
Frm 00080
Fmt 4701
Sfmt 4700
us (as applicable). Under Scenario 1, the
annual burden for CBs accredited by
recognized ABs is estimated at 23 hours
(91 self-assessments × 0.25 hour/selfassessment; see table 19) (35 hours
under Scenario 2 and 52 hours under
Scenario 3; see tables 20 and 21).
Annual burden for submission of selfassessments by one directly-accredited
CB is estimated at 0.25 hour (1 selfassessment × 0.25 hour/self-assessment;
see tables 19 to 21) (rounded to 1 hour).
As we discussed, § 1.656(c) of the
Third-Party final rule requires that a CB
accredited under the third-party
program report to us any condition,
found during a regulatory or
consultative audit of an eligible entity,
which could cause or contribute to a
serious risk to the public health. In the
Recordkeeping Burden section above,
we estimated that such events are
expected to occur once every 4 years, or
0.25 per year. We expect that it would
take no more than 15 minutes (0.25
hour) for a CB accredited under the
third-party program to electronically
send a copy of its notification to us.
Therefore, under Scenario 1, the total
number of notifications sent to us on an
annual basis per § 1.656(c) of the ThirdParty final rule is estimated at 23 (92
CBs × 0.25 records/CB) (35 notifications
under Scenario 2; 52 notifications under
Scenario 3). Under Scenario 1, annual
burden for submitting a notification
under § 1.656(c) of the Third-Party final
rule to us by CBs accredited under the
third-party program is estimated at 6
hours (23 records × 0.25 hour/record) (9
hours under Scenario 2; 13 hours under
Scenario 3) (see tables 19 to 21).
Following reporting under § 1.656(c),
a CB accredited under the third-party
program is required under § 1.656(e) of
the Third-Party final rule to
immediately notify the eligible entity
and its accrediting AB of any conditions
identified during the audit which
triggered the reporting requirement per
§ 1.656(c) of the Third-Party final rule.
Under Scenario 1, total number of
notification sent to eligible entities by
141 CBs accredited under the thirdparty program is estimated at 23 (92 CBs
× 0.25 records/CB) (35 notifications
under Scenario 2; 52 notifications under
Scenario 3) while the number of
notifications sent to recognized ABs by
their accredited CBs is estimated at 23
(91 CBs × 0.25 records/CB) (35 under
Scenario 2; 52 under Scenario 3). Under
Scenario 1, annual burden of submitting
a notification under § 1.656(e) of the
Third-Party final rule to affected eligible
entities and ABs by accredited CBs is
estimated at 6 hours (9 hours under
Scenario 2; 13 hours under Scenario 3)
(see tables 19 to 21).
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
XVIII. Analysis of Environmental
Impact
We have determined under 21 CFR
25.30(j) that this action is of a type that
does not individually or cumulatively
have a significant effect on the human
environment. Therefore, neither an
environmental assessment nor an
environmental impact statement is
required.
XIX. Federalism
We have analyzed the final rule in
accordance with the principles set forth
in Executive Order 13132. We have
determined that the rule does not
contain policies that have substantial
direct effects on the States, on the
relationship between the National
Government and the States, or on the
distribution of power and
responsibilities among the various
levels of government. Accordingly, we
conclude that the rule does not contain
policies that have federalism
implications as defined in the Executive
Order and, consequently, a federalism
summary impact statement is not
required.
mstockstill on DSK4VPTVN1PROD with RULES4
XX. References
The following references have been
placed on display in the Division of
Dockets Management (see ADDRESSES)
and may be seen by interested persons
between 9 a.m. and 4 p.m., Monday
through Friday, and are available
electronically at https://
www.regulations.gov. We have verified
the Web site addresses, but we are not
responsible for any subsequent changes
to Web sites after this document
publishes in the Federal Register.
1. FDA, ‘‘Transcript: FSMA Proposed Rules
on Foreign Supplier Verification
Programs and the Accreditation of ThirdParty Auditors/Certification Bodies,
Public Meeting, Day One, September 19,
2013.’’ Available in Docket No. FDA–
2011–N–0143.
2. FDA, ‘‘Transcript: FSMA Proposed Rules
on Foreign Supplier Verification
Programs and the Accreditation of ThirdParty Auditors/Certification Bodies,
Public Meeting, Day Two, September 20,
2013.’’ Available in Docket No. FDA–
2011–N–0143.
3. FDA, ‘‘FDA Office of Foods and Veterinary
Medicine Memorandum to the Division
of Dockets Management on FDA Records
of Outreach Sessions,’’ November 21,
2013. Available in Docket No. FDA–
2011–N–0920.
4. International Organization for
Standardization/International
Electrotechnical Commission, ‘‘ISO/IEC
17000:2004 Conformity Assessment—
Vocabulary and General Principles.’’
Copies are available from the
International Organization for
Standardization, 1, rue de Varembe, Case
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
postale 56, CH–1211 Geneve 20,
Switzerland, or on the Internet at
https://www.iso.org/iso/catalogue_detail.
htm?csnumber=29316 or may be
examined at the Division of Dockets
Management (see ADDRESSES) (Ref.
Docket No. FDA–2011–N–0146 and/or
RIN 0910–AG66).
5. International Organization for
Standardization/International
Electrotechnical Commission, ISO/IEC
‘‘17011:2004 Conformity Assessment—
General Requirements for Accreditation
Bodies Accrediting Conformity
Assessment Bodies.’’ Copies are
available from the International
Organization for Standardization, 1, rue
de Varembe, Case postale 56, CH–1211
Geneve 20, Switzerland, or on the
Internet at
https://www.iso.org/iso/home/store/
catalogue_tc/catalogue_detail.htm
?csnumber=29332 or may be examined at
the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA–2011–
N–0146 and/or RIN 0910–AG66).
6. International Organization for
Standardization/International
Electrotechnical Commission, ‘‘ISO/IEC
17021:2011 Conformity Assessment—
Requirements for Bodies Providing Audit
and Certification of Management
Systems.’’ Copies are available from the
International Organization for
Standardization, 1, rue de Varembe, Case
postale 56, CH–1211 Geneve 20,
Switzerland, or on the Internet at
https://www.iso.org/iso/home/store/
publication_item.htm?pid=PUB100353
or may be examined at the Division of
Dockets Management (see ADDRESSES)
(Ref. Docket No. FDA–2011–N–0146
and/or RIN 0910–AG66).
7. International Organization for
Standardization/International
Electrotechnical Commission, ‘‘ISO/IEC
17065:2012 Conformity Assessment—
Requirements for Bodies Certifying
Products, Processes and Services.’’
Copies are available from the
International Organization for
Standardization, 1, rue de Varembe, Case
postale 56, CH–1211 Geneve 20,
Switzerland, or on the Internet at
https://www.iso.org/iso/home/store/
catalogue_tc/catalogue_detail.htm
?csnumber=46568 or may be examined at
the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA–2011–
N–0146 and/or RIN 0910–AG66).
8. International Organization for
Standardization, ISO 19011:2011
Guidelines for Auditing Management
Systems.’’ Copies are available from the
International Organization for
Standardization, 1, rue de Varembe, Case
postale 56, CH–1211 Geneve 20,
Switzerland, or on the Internet at
https://www.iso.org/iso/home/store/
catalogue_tc/catalogue_detail.htm
?csnumber=50675 or may be examined at
the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA–2011–
N–0146 and/or RIN 0910–AG66).
9. International Organization for
Standardization/International
PO 00000
Frm 00081
Fmt 4701
Sfmt 4700
74649
Electrotechnical Commission, ‘‘ISO/IEC
Guide 65:1996 General Requirements for
Bodies Operating Product Certification
Systems.’’ Copies are available from the
International Organization for
Standardization, 1, rue de Varembe, Case
postale 56, CH–1211 Geneve 20,
Switzerland, or on the Internet at
https://www.iso.org/iso/catalogue_detail.
htm?csnumber=26796 or may be
examined at the Division of Dockets
Management (see ADDRESSES) (Ref.
Docket No. FDA–2011–N–0146 and/or
RIN 0910–AG66).
10. International Organization for
Standardization/International
Electrotechnical Commission, ‘‘ISO/IEC
17020:2012 Conformity Assessment—
Requirements for the Operation of
Various Types of Bodies Performing
Inspection.’’ Copies are available from
the International Organization for
Standardization, 1, rue de Varembe, Case
postale 56, CH–1211 Geneve 20,
Switzerland, or on the Internet at
https://www.iso.org/iso/home/store/
catalogue_tc/catalogue_detail.htm
?csnumber=52994 or may be examined at
the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA–2011–
N–0146 and/or RIN 0910–AG66).
11. Global Food Safety Initiative, ‘‘Enhancing
Food Safety Through Third-Party
Certification,’’ March 2011.
12. International Organization for
Standardization/International
Electrotechnical Commission, ‘‘ISO/IEC
17040:2005 Conformity Assessment—
General Requirements for Peer
Assessment of Conformity Assessment
Bodies and Accreditation Bodies.’’
Copies are available from the
International Organization for
Standardization, 1, rue de Varembe, Case
postale 56, CH–1211 Geneve 20,
Switzerland, or on the Internet at
https://www.iso.org/iso/home/store/
catalogue_tc/catalogue_detail.htm
?csnumber=31815 or may be examined at
the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA–2011–
N–0146 and/or RIN 0910–AG66).
13. International Accreditation Forum, ‘‘IAF
Endorsed Normative Documents, Issue 4
(IAF PR 4:2007),’’
https://www.iaf.nu/upFiles/197878.IAF–
PR4–2007_Endorsed_NormDocs_Issue_
4_Pub.pdf. Accessed on October 26,
2015.
14. Codex Alimentarius Commission,
‘‘Principles for Food Import and Export
Inspection and Certification (CAC/GL
20–1995).’’
https://www.codexalimentarius.org/
input/download/standards/37/CXG_
020e.pdf. Accessed on October 26, 2015.
15. Armour, S., Lippert, J., and Smith, M.,
‘‘Food Sickens Millions as CompanyPaid Checks Find It Safe,’’ Bloomberg
Business, October 11, 2012.
https://www.bloomberg.com/news/
articles/2012–10–11/food-sickensmillions-as-industry-paid-inspectorsfind-it-safe. Accessed on October 26,
2015.
16. Zheng, Y., Muth, M.M., Kosa, K.,
‘‘Economic Analysis of Third-Party Food
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74650
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
Safety Certification of Imported Food,’’
RTI International, June 2012.
17. American National Standards Institute,
‘‘About ANSI,’’ https://www.ansi.org/
about_ansi/overview/overview.aspx
?menuid=1. Accessed on May 6, 2015.
18. United Kingdom Accreditation Service,
‘‘About UKAS,’’ https://www.ukas.com/
about/. Accessed on October 26, 2015.
19. Danish Accreditation Fund, ‘‘DANAK
Home’’ https://english.danak.dk/.
Accessed on May 4, 2015.
20. International Organization for Standards,
‘‘ISO/TS 22003:2007 Food Safety
Management Systems—Requirements for
Bodies Providing Audit and Certification
of Food Safety Management Systems.’’
Copies are available from the
International Organization for
Standardization, 1, rue de Varembe, Case
postale 56, CH–1211 Geneve 20,
Switzerland, or on the Internet at https://
www.iso.org/iso/home/store/catalogue_
tc/catalogue_detail.htm?csnumber=
39834 or may be examined at the
Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA–2011–
N–0146 and/or RIN 0910–AG66).
21. International Organization for
Standardization/International
Electrotechnical Commission, ‘‘ISO
22000:2005 Food Safety Management
Systems—Requirements for Any
Organization in the Food Chain.’’ Copies
are available from the International
Organization for Standardization, 1, rue
de Varembe, Case postale 56, CH–1211
Geneve 20, Switzerland, or on the
Internet at https://www.iso.org/iso/home/
store/catalogue_tc/catalogue_detail.htm
?csnumber=35466 or may be examined at
the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA–2011–
N–0146 and/or RIN 0910–AG66).
22. British Retail Consortium, ‘‘Global
Standard for Food Safety, Issue 6,’’ 2012.
Copies are available from the British
Retail Consortium, Second Floor, 21
Dartmouth Street, London SW1H 9BP, or
may be examined at the Division of
Dockets Management (see ADDRESSES)
(Ref. Docket No. FDA–2011–N–0146
and/or RIN 0910–AG66).
23. Safe Quality Food Institute, ‘‘SQF Code,
Edition 7.2: A HACCP-Based Supplier
Assurance Code for the Food Industry,’’
July 2014. https://www.sqfi.com/wpcontent/uploads/SQF-Code_Ed-7.2July.pdf. Accessed on October 27, 2015.
24. International Organization for
Standardization, ‘‘ISO/TS 22003:2013
Food Safety Management Systems—
Requirements for Bodies Providing Audit
and Certification of Food Safety
Management Systems.’’ Copies are
available from the International
Organization for Standardization, 1, rue
de Varembe, Case postale 56, CH–1211
Geneve 20, Switzerland, or on the
Internet at https://www.iso.org/iso/home/
store/catalogue_tc/catalogue_detail.htm
?csnumber=60605 or may be examined at
the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA–2011–
N–0146 and/or RIN 0910–AG66).
25. FDA, ‘‘Tribal Summary Impact Statement:
Final Rule on Accreditation of Third-
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
Party Certification Bodies to Conduct
Food Safety Audits and to Issue,’’ Docket
No. FDA–2011–N–0146.
List of Subjects
21 CFR Part 1
Cosmetics, Drugs, Exports, Food
labeling, Imports, Labeling, Reporting
and recordkeeping requirements.
21 CFR Part 11
Administrative practice and
procedure, Computer technology,
Reporting and recordkeeping
requirements.
21 CFR Part 16
Administrative practice and
procedure.
Therefore, under the Federal Food,
Drug, and Cosmetic Act and under
authority delegated to the Commissioner
of Food and Drugs, 21 CFR parts 1, 11,
and 16 are amended as follows:
PART 1—GENERAL ENFORCEMENT
REGULATIONS
1. The authority citation for 21 CFR
part 1 is revised to read as follows:
■
Authority: 15 U.S.C. 1333, 1453, 1454,
1455, 4402; 19 U.S.C. 1490, 1491; 21 U.S.C.
321, 331, 332, 333, 334, 335a, 343, 350c,
350d, 350j, 352, 355, 360b, 360ccc, 360ccc–
1, 360ccc–2, 362, 371, 374, 381, 382, 384a,
384b, 384d, 387, 387a, 387c, 393; 42 U.S.C.
216, 241, 243, 262, 264, 271.
2. Add subpart M, consisting of
§§ 1.600 through 1.695, to read as
follows:
■
Subpart M—Accreditation of Third-Party
Certification Bodies To Conduct Food
Safety Audits and To Issue Certifications
Sec.
1.600 What definitions apply to this
subpart?
1.601 Who is subject to this subpart?
Recognition of Accreditation Bodies Under
This Subpart
1.610 Who is eligible to seek recognition?
1.611 What legal authority must an
accreditation body have to qualify for
recognition?
1.612 What competency and capacity must
an accreditation body have to qualify for
recognition?
1.613 What protections against conflicts of
interest must an accreditation body have
to qualify for recognition?
1.614 What quality assurance procedures
must an accreditation body have to
qualify for recognition?
1.615 What records procedures must an
accreditation body have to qualify for
recognition?
Requirements for Accreditation Bodies That
Have Been Recognized Under This Subpart
1.620 How must a recognized accreditation
body evaluate third-party certification
bodies seeking accreditation?
PO 00000
Frm 00082
Fmt 4701
Sfmt 4700
1.621 How must a recognized accreditation
body monitor the performance of thirdparty certification bodies it accredited?
1.622 How must a recognized accreditation
body monitor its own performance?
1.623 What reports and notifications must a
recognized accreditation body submit to
FDA?
1.624 How must a recognized accreditation
body protect against conflicts of interest?
1.625 What records requirements must an
accreditation body that has been
recognized meet?
Procedures for Recognition of Accreditation
Bodies Under This Subpart
1.630 How do I apply to FDA for
recognition or renewal of recognition?
1.631 How will FDA review my application
for recognition or renewal of recognition
and what happens once FDA decides on
my application?
1.632 What is the duration of recognition?
1.633 How will FDA monitor recognized
accreditation bodies?
1.634 When will FDA revoke recognition?
1.635 What if I want to voluntarily
relinquish recognition or do not want to
renew recognition?
1.636 How do I request reinstatement of
recognition?
Accreditation of Third-Party Certification
Bodies Under This Subpart
1.640 Who is eligible to seek accreditation?
1.641 What legal authority must a thirdparty certification body have to qualify
for accreditation?
1.642 What competency and capacity must
a third-party certification body have to
qualify for accreditation?
1.643 What protections against conflicts of
interest must a third-party certification
body have to qualify for accreditation?
1.644 What quality assurance procedures
must a third-party certification body
have to qualify for accreditation?
1.645 What records procedures must a
third-party certification body have to
qualify for accreditation?
Requirements for Third-Party Certification
Bodies That Have Been Accredited Under
This Subpart
1.650 How must an accredited third-party
certification body ensure its audit agents
are competent and objective?
1.651 How must an accredited third-party
certification body conduct a food safety
audit of an eligible entity?
1.652 What must an accredited third-party
certification body include in food safety
audit reports?
1.653 What must an accredited third-party
certification body do when issuing food
or facility certifications?
1.654 When must an accredited third-party
certification body monitor an eligible
entity that it has issued a food or facility
certification?
1.655 How must an accredited third-party
certification body monitor its own
performance?
1.656 What reports and notifications must
an accredited third-party certification
body submit?
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
1.657 How must an accredited third-party
certification body protect against
conflicts of interest?
1.658 What records requirements must a
third-party certification body that has
been accredited meet?
Subpart M—Accreditation of ThirdParty Certification Bodies To Conduct
Food Safety Audits and To Issue
Certifications
Procedures for Accreditation of Third-Party
Certification Bodies Under This Subpart
(a) The FD&C Act means the Federal
Food, Drug, and Cosmetic Act.
(b) Except as otherwise defined in
paragraph (c) of this section, the
definitions of terms in section 201 of the
FD&C Act apply when the terms are
used in this subpart.
(c) In addition, for the purposes of
this subpart:
Accreditation means a determination
by a recognized accreditation body (or,
in the case of direct accreditation, by
FDA) that a third-party certification
body meets the applicable requirements
of this subpart.
Accreditation body means an
authority that performs accreditation of
third-party certification bodies.
Accredited third-party certification
body means a third-party certification
body that a recognized accreditation
body (or, in the case of direct
accreditation, FDA) has determined
meets the applicable requirements of
this subpart and is accredited to
conduct food safety audits and to issue
food or facility certifications to eligible
entities. An accredited third-party
certification body has the same meaning
as accredited third-party auditor as
defined in section 808(a)(4) of the FD&C
Act.
Assessment means:
(i) With respect to an accreditation
body, an evaluation by FDA of the
competency and capacity of the
accreditation body under the applicable
requirements of this subpart for the
defined scope of recognition. An
assessment of the competency and
capacity of the accreditation body
involves evaluating the competency and
capacity of the operations of the
accreditation body that are relevant to
decisions on recognition and, if
recognized, an evaluation of its
performance and the validity of its
accreditation decisions under the
applicable requirements of this subpart.
(ii) With respect to a third-party
certification body, an evaluation by a
recognized accreditation body (or, in the
case of direct accreditation, FDA) of the
competency and capacity of a thirdparty certification body under the
applicable requirements of this subpart
for the defined scope of accreditation.
An assessment of the competency and
capacity of the third-party certification
body involves evaluating the
competency and capacity of the
operations of the third-party
1.660 Where do I apply for accreditation or
renewal of accreditation by a recognized
accreditation body and what happens
once the recognized accreditation body
decides on my application?
1.661 What is the duration of accreditation
by a recognized accreditation body?
1.662 How will FDA monitor accredited
third-party certification bodies?
1.663 How do I request an FDA waiver or
waiver extension for the 13-month limit
for audit agents conducting regulatory
audits?
1.664 When would FDA withdraw
accreditation?
1.665 What if I want to voluntarily
relinquish accreditation or do not want
to renew accreditation?
1.666 How do I request reaccreditation?
Additional Procedures for Direct
Accreditation of Third-Party Certification
Bodies Under This Subpart
1.670 How do I apply to FDA for direct
accreditation or renewal of direct
accreditation?
1.671 How will FDA review my application
for direct accreditation or renewal of
direct accreditation and what happens
once FDA decides on my application?
1.672 What is the duration of direct
accreditation?
Requirements for Eligible Entities Under
This Subpart
1.680 How and when will FDA monitor
eligible entities?
1.681 How frequently must eligible entities
be recertified?
mstockstill on DSK4VPTVN1PROD with RULES4
General Requirements of This Subpart
1.690 How will FDA make information
about recognized accreditation bodies
and accredited third-party certification
bodies available to the public?
1.691 How do I request reconsideration of
a denial by FDA of an application or a
waiver request?
1.692 How do I request internal agency
review of a denial of an application or
waiver request upon reconsideration?
1.693 How do I request a regulatory hearing
on a revocation of recognition or
withdrawal of accreditation?
1.694 Are electronic records created under
this subpart subject to the electronic
records requirements of part 11 of this
chapter?
1.695 Are the records obtained by FDA
under this subpart subject to public
disclosure?
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
§ 1.600 What definitions apply to this
subpart?
PO 00000
Frm 00083
Fmt 4701
Sfmt 4700
74651
certification body that are relevant to
decisions on accreditation and, if
accredited, an evaluation of its
performance and the validity of its audit
results and certification decisions under
the applicable requirements of this
subpart.
Audit means the systematic and
functionally independent examination
of an eligible entity under this subpart
by an accredited third-party certification
body or by FDA. An audit conducted
under this subpart is not considered an
inspection under section 704 of the
FD&C Act.
Audit agent means an individual who
is an employee or other agent of an
accredited third-party certification body
who, although not individually
accredited, is qualified to conduct food
safety audits on behalf of an accredited
third-party certification body. An audit
agent includes a contractor of the
accredited third-party certification body
but excludes subcontractors or other
agents under outsourcing arrangements
for conducting food safety audits
without direct control by the accredited
third-party certification body.
Consultative audit means an audit of
an eligible entity:
(i) To determine whether such entity
is in compliance with the applicable
food safety requirements of the FD&C
Act, FDA regulations, and industry
standards and practices;
(ii) The results of which are for
internal purposes only; and
(iii) That is conducted in preparation
for a regulatory audit; only the results of
a regulatory audit may form the basis for
issuance of a food or facility
certification under this subpart.
Direct accreditation means
accreditation of a third-party
certification body by FDA.
Eligible entity means a foreign entity
in the import supply chain of food for
consumption in the United States that
chooses to be subject to a food safety
audit under this subpart conducted by
an accredited third-party certification
body. Eligible entities include foreign
facilities required to be registered under
subpart H of this part.
Facility means any structure, or
structures of an eligible entity under one
ownership at one general physical
location, or, in the case of a mobile
facility, traveling to multiple locations,
that manufactures/processes, packs,
holds, grows, harvests, or raises animals
for food for consumption in the United
States. Transport vehicles are not
facilities if they hold food only in the
usual course of business as carriers. A
facility may consist of one or more
contiguous structures, and a single
building may house more than one
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74652
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
distinct facility if the facilities are under
separate ownership. The private
residence of an individual is not a
facility. Non-bottled water drinking
water collection and distribution
establishments and their structures are
not facilities. Facilities for the purposes
of this subpart are not limited to
facilities required to be registered under
subpart H of this part.
Facility certification means an
attestation, issued for purposes of
section 801(q) or 806 of the FD&C Act
by an accredited third-party certification
body, after conducting a regulatory
audit and any other activities necessary
to establish whether a facility complies
with the applicable food safety
requirements of the FD&C Act and FDA
regulations.
Food has the meaning given in section
201(f) of the FD&C Act, except that food
does not include pesticides (as defined
in 7 U.S.C. 136(u)).
Food certification means an
attestation, issued for purposes of
section 801(q) of the FD&C Act by an
accredited third-party certification
body, after conducting a regulatory
audit and any other activities necessary
to establish whether a food of an eligible
entity complies with the applicable food
safety requirements of the FD&C Act
and FDA regulations.
Food safety audit means a regulatory
audit or a consultative audit that is
conducted to determine compliance
with the applicable food safety
requirements of the FD&C Act, FDA
regulations, and for consultative audits,
also includes conformance with
industry standards and practices. An
eligible entity must declare that an audit
is to be conducted as a regulatory audit
or consultative audit at the time of audit
planning and the audit will be
conducted on an unannounced basis
under this subpart.
Foreign cooperative means an
autonomous association of persons,
identified as members, who are united
through a jointly owned enterprise to
aggregate food from member growers or
processors that is intended for export to
the United States.
Recognized accreditation body means
an accreditation body that FDA has
determined meets the applicable
requirements of this subpart and is
authorized to accredit third-party
certification bodies under this subpart.
Regulatory audit means an audit of an
eligible entity:
(i) To determine whether such entity
is in compliance with the applicable
food safety requirements of the FD&C
Act and FDA regulations; and
(ii) The results of which are used in
determining eligibility for certification
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
under section 801(q) or under section
806 of the FD&C Act.
Relinquishment means:
(i) With respect to an accreditation
body, a decision to cede voluntarily its
authority to accredit third-party
certification bodies as a recognized
accreditation body prior to expiration of
its recognition under this subpart; and
(ii) With respect to a third-party
certification body, a decision to cede
voluntarily its authority to conduct food
safety audits and to issue food and
facility certifications to eligible entities
as an accredited third-party certification
body prior to expiration of its
accreditation under this subpart.
Self-assessment means an evaluation
conducted by a recognized accreditation
body or by an accredited third-party
certification body of its competency and
capacity under the applicable
requirements of this subpart for the
defined scope of recognition or
accreditation. For recognized
accreditation bodies this involves
evaluating the competency and capacity
of the entire operations of the
accreditation body and the validity of its
accreditation decisions under the
applicable requirements of this subpart.
For accredited third-party certification
bodies this involves evaluating the
competency and capacity of the entire
operations of the third-party
certification body and the validity of its
audit results under the applicable
requirements of this subpart.
Third-party certification body has the
same meaning as third-party auditor as
that term is defined in section 808(a)(3)
of the FD&C Act and means a foreign
government, agency of a foreign
government, foreign cooperative, or any
other third party that is eligible to be
considered for accreditation to conduct
food safety audits and to certify that
eligible entities meet the applicable food
safety requirements of the FD&C Act
and FDA regulations. A third-party
certification body may be a single
individual or an organization. Once
accredited, a third-party certification
body may use audit agents to conduct
food safety audits.
§ 1.601
Who is subject to this subpart?
(a) Accreditation bodies. Any
accreditation body seeking recognition
from FDA to accredit third-party
certification bodies to conduct food
safety audits and to issue food and
facility certifications under this subpart.
(b) Third-party certification bodies.
Any third-party certification body
seeking accreditation from a recognized
accreditation body or direct
accreditation by FDA for:
(1) Conducting food safety audits; and
PO 00000
Frm 00084
Fmt 4701
Sfmt 4700
(2) Issuing certifications that may be
used in satisfying a condition of
admissibility of an article of food under
section 801(q) of the FD&C Act; or
issuing a facility certification for
meeting the eligibility requirements for
the Voluntary Qualified Importer
Program under section 806 of the FD&C
Act.
(c) Eligible entities. Any eligible entity
seeking a food safety audit or a food or
facility certification from an accredited
third-party certification body under this
subpart.
(d) Limited exemptions from section
801(q) of the FD&C Act—(1) Alcoholic
beverages. (i) Any certification required
under section 801(q) of the FD&C Act
does not apply with respect to alcoholic
beverages from an eligible entity that is
a facility that meets the following two
conditions:
(A) Under the Federal Alcohol
Administration Act (27 U.S.C. 201 et
seq.) or chapter 51 of subtitle E of the
Internal Revenue Code of 1986 (26
U.S.C. 5001 et seq.), the facility is a
foreign facility of a type that, if it were
a domestic facility, would require
obtaining a permit from, registering
with, or obtaining approval of a notice
or application from the Secretary of the
Treasury as a condition of doing
business in the United States; and
(B) Under section 415 of the FD&C
Act, the facility is required to register as
a facility because it is engaged in
manufacturing/processing one or more
alcoholic beverages.
(ii) Any certification required under
section 801(q) of the FD&C Act does not
apply with respect to food that is not an
alcoholic beverage that is received and
distributed by a facility described in
paragraph (d)(1)(i) of this section,
provided such food:
(A) Is received and distributed in
prepackaged form that prevents any
direct human contact with such food;
and
(B) Constitutes not more than 5
percent of the overall sales of the
facility, as determined by the Secretary
of the Treasury.
(iii) Any certification required under
section 801(q) of the FD&C Act does not
apply with respect to raw materials or
other ingredients that are imported for
use in alcoholic beverages provided
that:
(A) The imported raw materials or
other ingredients are used in the
manufacturing/processing, packing, or
holding of alcoholic beverages;
(B) Such manufacturing/processing,
packing, or holding is performed by the
importer;
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
(C) The importer is required to
register under section 415 of the Federal
Food, Drug, and Cosmetic Act; and
(D) The importer is exempt from the
regulations in part 117 of this chapter in
accordance with § 117.5(i).
(2) Certain meat, poultry, and egg
products. Any certification required
under section 801(q) of the FD&C Act
does not apply with respect to:
(i) Meat food products that at the time
of importation are subject to the
requirements of the United States
Department of Agriculture (USDA)
under the Federal Meat Inspection Act
(21 U.S.C. 601 et seq.);
(ii) Poultry products that at the time
of importation are subject to the
requirements of the USDA under the
Poultry Products Inspection Act (21
U.S.C. 451 et seq.); and
(iii) Egg products that at the time of
importation are subject to the
requirements of the USDA under the
Egg Products Inspection Act (21 U.S.C.
1031 et seq.).
Recognition of Accreditation Bodies
Under This Subpart
§ 1.610 Who is eligible to seek
recognition?
An accreditation body is eligible to
seek recognition by FDA if it can
demonstrate that it meets the
requirements of §§ 1.611 through 1.615.
The accreditation body may use
documentation of conformance with
International Organization for
Standardization/International
Electrotechnical Commission (ISO/IEC)
17011:2004, supplemented as necessary,
in meeting the applicable requirements
of this subpart.
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.611 What legal authority must an
accreditation body have to qualify for
recognition?
(a) An accreditation body seeking
recognition must demonstrate that it has
the authority (as a governmental entity
or as a legal entity with contractual
rights) to perform assessments of a
third-party certification body as are
necessary to determine its capability to
conduct audits and certify food facilities
and food, including authority to:
(1) Review any relevant records;
(2) Conduct onsite assessments of the
performance of third-party certification
bodies, such as by witnessing the
performance of a representative sample
of its agents (or, in the case of a thirdparty certification body that is an
individual, such individual) conducting
a representative sample of audits;
(3) Perform any reassessments or
surveillance necessary to monitor
compliance of accredited third-party
certification bodies; and
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
(4) Suspend, withdraw, or reduce the
scope of accreditation for failure to
comply with the requirements of
accreditation.
(b) An accreditation body seeking
recognition must demonstrate that it is
capable of exerting the authority (as a
governmental entity or as a legal entity
with contractual rights) necessary to
meet the applicable requirements of this
subpart, if recognized.
§ 1.612 What competency and capacity
must an accreditation body have to qualify
for recognition?
An accreditation body seeking
recognition must demonstrate that it
has:
(a) The resources required to
adequately implement its accreditation
program, including:
(1) Adequate numbers of employees
and other agents with relevant
knowledge, skills, and experience to
effectively evaluate the qualifications of
third-party certification bodies seeking
accreditation and to effectively monitor
the performance of accredited thirdparty certification bodies; and
(2) Adequate financial resources for
its operations; and
(b) The capability to meet the
applicable assessment and monitoring
requirements, the reporting and
notification requirements, and the
procedures of this subpart, if
recognized.
§ 1.613 What protections against conflicts
of interest must an accreditation body have
to qualify for recognition?
An accreditation body must
demonstrate that it has:
(a) Implemented written measures to
protect against conflicts of interest
between the accreditation body (and its
officers, employees, and other agents
involved in accreditation activities) and
any third-party certification body (and
its officers, employees, and other agents
involved in auditing and certification
activities) seeking accreditation from, or
accredited by, such accreditation body;
and
(b) The capability to meet the
applicable conflict of interest
requirements of this subpart, if
recognized.
§ 1.614 What quality assurance
procedures must an accreditation body
have to qualify for recognition?
An accreditation body seeking
recognition must demonstrate that it
has:
(a) Implemented a written program for
monitoring and evaluating the
performance of its officers, employees,
and other agents and its accreditation
program, including procedures to:
PO 00000
Frm 00085
Fmt 4701
Sfmt 4700
74653
(1) Identify areas in its accreditation
program or performance where
deficiencies exist; and
(2) Quickly execute corrective actions
that effectively address deficiencies
when identified; and
(b) The capability to meet the
applicable quality assurance
requirements of this subpart, if
recognized.
§ 1.615 What records procedures must an
accreditation body have to qualify for
recognition?
An accreditation body seeking
recognition must demonstrate that it
has:
(a) Implemented written procedures
to establish, control, and retain records
(including documents and data) for the
period of time necessary to meet its
contractual and legal obligations
pertaining to this subpart and to provide
an adequate basis for evaluating its
program and performance; and
(b) The capability to meet the
applicable reporting and notification
requirements of this subpart, if
recognized.
Requirements for Accreditation Bodies
That Have Been Recognized Under This
Subpart
§ 1.620 How must a recognized
accreditation body evaluate third-party
certification bodies seeking accreditation?
(a) Prior to accrediting a third-party
certification body under this subpart, a
recognized accreditation body must
perform, at a minimum, the following:
(1) In the case of a foreign government
or an agency of a foreign government,
such reviews and audits of the
government’s or agency’s food safety
programs, systems, and standards as are
necessary to determine that it meets the
eligibility requirements of § 1.640(b).
(2) In the case of a foreign cooperative
or any other third-party seeking
accreditation as a third-party
certification body, such reviews and
audits of the training and qualifications
of agents conducting audits for such
cooperative or other third party (or in
the case of a third-party certification
body that is an individual, such
individual) and such reviews of internal
systems and any other investigation of
the cooperative or other third party
necessary to determine that it meets the
eligibility requirements of § 1.640(c).
(3) In conducting a review and audit
under paragraph (a)(1) or (2) of this
section, an observation of a
representative sample of onsite audits
examining compliance with the
applicable food safety requirements of
the FD&C Act and FDA regulations as
conducted by the third-party
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74654
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
certification body or its agents (or, in the
case of a third-party certification body
that is an individual, such individual).
(b) A recognized accreditation body
must require a third-party certification
body, as a condition of accreditation
under this subpart, to comply with the
reports and notification requirements of
§§ 1.652 and 1.656 and to agree to
submit to FDA, electronically and in
English, any food or facility
certifications it issues for purposes of
sections 801(q) or 806 of the FD&C Act.
(c) A recognized accreditation body
must maintain records on any denial of
accreditation (in whole or in part) and
on any withdrawal, suspension, or
reduction in scope of accreditation of a
third-party certification body under this
subpart. The records must include the
name and contact information for the
third-party certification body; the date
of the action; the scope of accreditation
denied, withdrawn, suspended, or
reduced; and the basis for such action.
(d) A recognized accreditation body
must notify any third-party certification
body of an adverse decision associated
with its accreditation under this
subpart, including denial of
accreditation or the withdrawal,
suspension, or reduction in the scope of
its accreditation. The recognized
accreditation body must establish and
implement written procedures for
receiving and addressing appeals from
any third-party certification body
challenging such an adverse decision
and for investigating and deciding on
appeals in a fair and meaningful
manner. The appeals procedures must
provide similar protections to those
offered by FDA under §§ 1.692 and
1.693, and include requirements to:
(1) Make the appeals procedures
publicly available;
(2) Use competent persons, who may
or may not be external to the recognized
accreditation body, who are free from
bias or prejudice and have not
participated in the accreditation
decision or be subordinate to a person
who has participated in the
accreditation decision to investigate and
decide appeals;
(3) Advise third-party certification
bodies of the final decisions on their
appeals; and
(4) Maintain records under § 1.625 of
appeals, final decisions on appeals, and
the bases for such decisions.
§ 1.621 How must a recognized
accreditation body monitor the performance
of third-party certification bodies it
accredited?
(a) A recognized accreditation body
must annually conduct a comprehensive
assessment of the performance of each
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
third-party certification body it
accredited under this subpart by
reviewing the accredited third-party
certification body’s self-assessments
(including information on compliance
with the conflict of interest
requirements of §§ 1.643 and 1.657); its
regulatory audit reports and
notifications submitted to FDA under
§ 1.656; and any other information
reasonably available to the recognized
accreditation body regarding the
compliance history of eligible entities
the accredited third-party certification
body certified under this subpart; or that
is otherwise relevant to a determination
whether the accredited third-party
certification body is in compliance with
this subpart.
(b) No later than 1 year after the initial
date of accreditation of the third-party
certification body and every 2 years
thereafter for duration of its
accreditation under this subpart, a
recognized accreditation body must
conduct onsite observations of a
representative sample of regulatory
audits performed by the third-party
certification body (or its audit agents)
(or, in the case of a third-party
certification body that is an individual,
such individual) accredited under this
subpart and must visit the accredited
third-party certification body’s
headquarters (or other location that
manages audit agents conducting food
safety audits under this subpart, if
different than its headquarters). The
recognized accreditation body will
consider the results of such observations
and visits in the annual assessment of
the accredited third-party certification
body required by paragraph (a) of this
section.
(b) As a means to evaluate the
recognized accreditation body’s
performance, the self-assessment must
include onsite observation of regulatory
audits of a representative sample of
third-party certification bodies it
accredited under this subpart. In
meeting this requirement, the
recognized accreditation body may use
the results of onsite observations
performed under § 1.621(b).
(c) Based on the evaluations
conducted under paragraphs (a) and (b)
of this section, the recognized
accreditation body must:
(1) Identify any area(s) where
deficiencies exist;
(2) Quickly implement corrective
action(s) that effectively address those
deficiencies; and
(3) Establish and maintain records of
any such corrective action(s) under
§ 1.625.
(d) The recognized accreditation body
must prepare, and as required by
§ 1.623(b) submit, a written report of the
results of its self-assessment that
includes the following elements.
Documentation of conformance to ISO/
IEC 17011:2004 may be used,
supplemented as necessary, in meeting
the requirements of this paragraph.
(1) A description of any corrective
actions taken under paragraph (c) of this
section;
(2) A statement disclosing the extent
to which the recognized accreditation
body, and its officers, employees, and
other agents involved in accreditation
activities, complied with the conflict of
interest requirements in § 1.624; and
(3) A statement attesting to the extent
to which the recognized accreditation
body complied with applicable
requirements of this subpart.
§ 1.622 How must a recognized
accreditation body monitor its own
performance?
§ 1.623 What reports and notifications
must a recognized accreditation body
submit to FDA?
(a) A recognized accreditation body
must annually, and as required under
§ 1.664(g), conduct a self-assessment
that includes evaluation of compliance
with this subpart, including:
(1) The performance of its officers,
employees, or other agents involved in
accreditation activities and the degree of
consistency in conducting accreditation
activities;
(2) The compliance of the recognized
accreditation body and its officers,
employees, and other agents involved in
accreditation activities, with the conflict
of interest requirements of § 1.624; and
(3) If requested by FDA, any other
aspects of its performance relevant to a
determination whether the recognized
accreditation body is in compliance
with this subpart.
(a) Reporting results of assessments of
accredited third-party certification body
performance. A recognized
accreditation body must submit to FDA
electronically, in English, a report of the
results of any assessment conducted
under § 1.621, no later than 45 days
after completing such assessment. The
report must include an up-to-date list of
any audit agents used by the accredited
third-party certification body to conduct
food safety audits under this subpart.
(b) Reporting results of recognized
accreditation body self-assessments. A
recognized accreditation body must
submit to FDA electronically, in
English:
(1) A report of the results of an annual
self-assessment required under § 1.622,
no later than 45 days after completing
such self-assessment; and
PO 00000
Frm 00086
Fmt 4701
Sfmt 4700
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
(2) For a recognized accreditation
body subject to § 1.664(g)(1), a report of
such self-assessment to FDA within 60
days of the third-party certification
body’s withdrawal. A recognized
accreditation body may use a report
prepared for conformance to ISO/IEC
17011:2004, supplemented as necessary,
in meeting the requirements this
section.
(c) Immediate notification to FDA. A
recognized accreditation body must
notify FDA electronically, in English,
immediately upon:
(1) Granting (including expanding the
scope of) accreditation to a third-party
certification body under this subpart,
and include:
(i) The name, address, telephone
number, and email address of the
accredited third-party certification
body;
(ii) The name of one or more officers
of the accredited third-party
certification body;
(iii) A list of the accredited third-party
certification body’s audit agents; and
(iv) The scope of accreditation, the
date on which it was granted, and its
expiration date.
(2) Withdrawing, suspending, or
reducing the scope of an accreditation
under this subpart, and include:
(i) The basis for such action; and
(ii) Any additional changes to
accreditation information previously
submitted to FDA under paragraph
(c)(1) of this section.
(3) Determining that a third-party
certification body it accredited failed to
comply with § 1.653 in issuing a food or
facility certification under this subpart,
and include:
(i) The basis for such determination;
and
(ii) Any changes to accreditation
information previously submitted to
FDA under paragraph (c)(1) of this
section.
(d) Other notification to FDA. A
recognized accreditation body must
notify FDA electronically, in English,
within 30 days after:
(1) Denying accreditation (in whole or
in part) under this subpart and include:
(i) The name, address, telephone
number, and email address of the thirdparty certification body;
(ii) The name of one or more officers
of the third-party certification body;
(iii) The scope of accreditation
requested; and
(iv) The scope and basis for such
denial.
(2) Making any significant change that
would affect the manner in which it
complies with the applicable
requirements of this subpart and
include:
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
(i) A description of the change; and
(ii) An explanation for the purpose of
the change.
§ 1.624 How must a recognized
accreditation body protect against conflicts
of interest?
(a) A recognized accreditation body
must implement a written program to
protect against conflicts of interest
between the recognized accreditation
body (and its officers, employees, and
other agents involved in accreditation
activities) and any third-party
certification body (and its officers,
employees, and other agents involved in
auditing and certification activities)
seeking accreditation from, or
accredited by, such recognized
accreditation body, including the
following:
(1) Ensuring that the recognized
accreditation body (and its officers,
employees, or other agents involved in
accreditation activities) does not own or
have a financial interest in, manage, or
otherwise control the third-party
certification body (or any affiliate,
parent, or subsidiary); and
(2) Prohibiting officers, employees, or
other agents involved in accreditation
activities of the recognized accreditation
body from accepting any money, gift,
gratuity, or item of value from the thirdparty certification body.
(3) The items specified in paragraph
(a)(2) of this section do not include:
(i) Money representing payment of
fees for accreditation services and
reimbursement of direct costs associated
with an onsite assessment of the thirdparty certification body; or
(ii) Lunch of de minimis value
provided during the course of an
assessment and on the premises where
the assessment is conducted, if
necessary to facilitate the efficient
conduct of the assessment.
(b) A recognized accreditation body
may accept the payment of fees for
accreditation services and the
reimbursement of direct costs associated
with assessment of a certification body
only after the date on which the report
of such assessment was completed or
the date of which the accreditation was
issued, whichever comes later. Such
payment is not considered a conflict of
interest for purposes of paragraph (a) of
this section.
(c) The financial interests of the
spouses and children younger than 18
years of age of a recognized
accreditation body’s officers, employees,
and other agents involved in
accreditation activities will be
considered the financial interests of
such officers, employees, and other
PO 00000
Frm 00087
Fmt 4701
Sfmt 4700
74655
agents involved in accreditation
activities.
(d) A recognized accreditation body
must maintain on its Web site an up-todate list of the third-party certification
bodies it accredited under this subpart
and must identify the duration and
scope of each accreditation and the
date(s) on which the accredited thirdparty certification body paid any fee or
reimbursement associated with such
accreditation. If the accreditation of a
certification body is suspended,
withdrawn, or reduced in scope, this list
must also include the date of
suspension, withdrawal, or reduction in
scope and maintain that information for
the duration of accreditation or until the
suspension is lifted, the certification
body is reaccredited, or the scope of
accreditation is reinstated, whichever
comes first.
§ 1.625 What records requirements must
an accreditation body that has been
recognized meet?
(a) An accreditation body that has
been recognized must maintain
electronically for 5 years records created
while it is recognized (including
documents and data) demonstrating its
compliance with this subpart, including
records relating to:
(1) Applications for accreditation and
renewal of accreditation under § 1.660;
(2) Decisions to grant, deny, suspend,
withdraw, or expand or reduce the
scope of an accreditation;
(3) Challenges to adverse
accreditation decisions under § 1.620(c);
(4) Its monitoring of accredited thirdparty certification bodies under § 1.621;
(5) Self-assessments and corrective
actions under § 1.622;
(6) Regulatory audit reports, including
any supporting information, that an
accredited third-party certification body
may have submitted;
(7) Any reports or notifications to
FDA under § 1.623, including any
supporting information; and
(8) Records of fee payments and
reimbursement of direct costs.
(b) An accreditation body that has
been recognized must make records
required by paragraph (a) of this section
available for inspection and copying
promptly upon written request of an
authorized FDA officer or employee at
the place of business of the
accreditation body or at a reasonably
accessible location. If the records
required by paragraph (a) of this section
are requested by FDA electronically, the
records must be submitted to FDA
electronically not later than 10 business
days after the date of the request.
Additionally, if the requested records
are maintained in a language other than
E:\FR\FM\27NOR4.SGM
27NOR4
74656
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
English, the accreditation body must
electronically submit an English
translation within a reasonable time.
(c) An accreditation body that has
been recognized must not prevent or
interfere with FDA’s access to its
accredited third-party certification
bodies and the accredited third-party
certification body records required by
§ 1.658.
Procedures for Recognition of
Accreditation Bodies Under This
Subpart
§ 1.630 How do I apply to FDA for
recognition or renewal of recognition?
(a) Applicant for recognition. An
accreditation body seeking recognition
must submit an application
demonstrating that it meets the
eligibility requirements in § 1.610.
(b) Applicant for renewal of
recognition. An accreditation body
seeking renewal of its accreditation
must submit a renewal application
demonstrating that it continues to meet
the requirements of this subpart.
(c) Submission. Recognition and
renewal applications and any
documents provided as part of the
application process must be submitted
electronically, in English. An applicant
must provide any translation and
interpretation services needed by FDA
during the processing of the application,
including during onsite assessments of
the applicant by FDA.
(d) Signature. Recognition and
renewal applications must be signed in
the manner designated by FDA, by an
individual authorized to act on behalf of
the applicant for purposes of seeking
recognition or renewal of recognition.
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.631 How will FDA review my
application for recognition or renewal of
recognition and what happens once FDA
decides on my application?
(a) Review of recognition or renewal
application. FDA will examine an
accreditation body’s recognition or
renewal application for completeness
and notify the applicant of any
deficiencies. FDA will review an
accreditation body’s recognition or
renewal application on a first in, first
out basis according to the date on which
the completed application was
submitted; however, FDA may prioritize
the review of specific applications to
meet the needs of the program.
(b) Evaluation of recognition or
renewal. FDA will evaluate any
completed recognition or renewal
application to determine whether the
applicant meets the applicable
requirements of this subpart. Such
evaluation may include an onsite
assessment of the accreditation body.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
FDA will notify the applicant, in
writing, regarding whether the
application has been approved or
denied. FDA may make such
notification electronically. If FDA does
not reach a final decision on a renewal
application before an accreditation
body’s recognition terminates by
expiration, FDA may extend such
recognition for a specified period of
time or until the Agency reaches a final
decision on the renewal application.
(c) Issuance of recognition. FDA will
notify an applicant that its recognition
or renewal application has been
approved through issuance of
recognition that will list any limitations
associated with the recognition.
(d) Issuance of denial of recognition
or renewal application. FDA will notify
an applicant that its recognition or
renewal application has been denied
through issuance of a denial of
recognition or denial of a renewal
application that will state the basis for
such denial and provide the procedures
for requesting reconsideration of the
application under § 1.691.
(e) Notice of records custodian after
denial of an application for renewal of
recognition. An applicant whose
renewal application was denied must
notify FDA electronically, in English,
within 10 business days of the date of
issuance of a denial of a renewal
application, of the name and contact
information of the custodian who will
maintain the records required by
§ 1.625(a) and make them available to
FDA as required by § 1.625(b). The
contact information for the custodian
must include, at a minimum, an email
address and the physical address where
the records required by § 1.625(a) will
be located.
(f) Effect of denial of an application
for renewal of recognition of an
accreditation body on accredited thirdparty certification bodies. (1) FDA will
issue a notice of the denial of a
recognition renewal to any third-party
certification bodies accredited by the
accreditation body whose renewal
application was denied. The third-party
certification body’s accreditation will
remain in effect so long as the thirdparty certification body:
(i) No later than 60 days after FDA’s
issuance of the notice of the denial of
recognition renewal, conducts a selfassessment under § 1.655 and reports
the results of the self-assessment to FDA
under § 1.656(b); and
(ii) No later than 1 year after issuance
of the notice of denial of recognition
renewal or the original date of the
expiration of the accreditation,
whichever comes first, becomes
accredited by another recognized
PO 00000
Frm 00088
Fmt 4701
Sfmt 4700
accreditation body or by FDA through
direct accreditation.
(2) FDA may withdraw the
accreditation of a third-party
certification body whenever FDA
determines there is good cause for
withdrawal of accreditation under
§ 1.664(c).
(g) Effect of denial of an application
for renewal of recognition of an
accreditation body on food or facility
certifications issued to eligible entities.
A food or facility certification issued by
a third-party certification body
accredited by a recognized accreditation
body prior to issuance of a denial of the
renewal application will remain in
effect until the certification expires. If
FDA has reason to believe that a
certification issued for purposes of
section 801(q) or 806 of the FD&C Act
is not valid or reliable, FDA may refuse
to consider the certification in
determining the admissibility of the
article of food for which the certification
was offered or in determining the
importer’s eligibility for participation in
the voluntary qualified importer
program (VQIP).
(h) Public notice of denial of an
application for renewal of recognition of
an accreditation body. FDA will provide
notice on the Web site described in
§ 1.690 of the date of issuance of a
denial of a renewal application and will
describe the basis for the denial.
§ 1.632 What is the duration of
recognition?
FDA may grant recognition of an
accreditation body for a period not to
exceed 5 years from the date of
recognition.
§ 1.633 How will FDA monitor recognized
accreditation bodies?
(a) FDA will evaluate the performance
of each recognized accreditation body to
determine its compliance with the
applicable requirements of this subpart.
Such assessment must occur by at least
4 years after the date of recognition for
a 5-year recognition period, or by no
later than the mid-term point for a
recognition period of less than 5 years.
FDA may conduct additional
assessments of a recognized
accreditation body at any time.
(b) An FDA assessment of a
recognized accreditation body may
include onsite assessments of a
representative sample of third-party
certification bodies the recognized
accreditation body accredited and onsite
audits of a representative sample of
eligible entities certified by such thirdparty certification bodies under this
subpart. These may be conducted at any
time and, as FDA determines necessary
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
or appropriate, may occur without the
recognized accreditation body or, in the
case of an audit of an eligible entity, the
accredited third-party certification body
present.
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.634
When will FDA revoke recognition?
(a) Grounds for revocation of
recognition. FDA will revoke the
recognition of an accreditation body
found not to be in compliance with the
requirements of this subpart, including
for any one or more of the following:
(1) Refusal by the accreditation body
to allow FDA to access records required
by § 1.625, or to conduct an assessment
or investigation of the accreditation
body or of a third-party certification
body it accredited to ensure the
accreditation body’s continued
compliance with the requirements of
this subpart.
(2) Failure to take timely and
necessary corrective action when:
(i) The accreditation of a third-party
certification body it accredited is
withdrawn by FDA under § 1.664(a);
(ii) A significant deficiency is
identified through self-assessment
under § 1.622, monitoring under § 1.621,
or self-assessment by one or more of its
accredited third-party certification
bodies under § 1.655; or
(iii) Directed to do so by FDA to
ensure compliance with this subpart.
(3) A determination by FDA that the
accreditation body has committed fraud
or has submitted material false
statements to the Agency.
(4) A determination by FDA that there
is otherwise good cause for revocation,
including:
(i) Demonstrated bias or lack of
objectivity when conducting activities
under this subpart; or
(ii) Failure to adequately support one
or more decisions to grant accreditation
under this subpart.
(b) Records request associated with
revocation. To assist in determining
whether revocation is warranted under
paragraph (a) of this section, FDA may
request records of the accreditation
body required by § 1.625 or the records,
required by § 1.658, of one or more of
the third-party certification bodies it
accredited under this subpart.
(c) Issuance of revocation of
recognition. (1) FDA will notify an
accreditation body that its recognition
has been revoked through issuance of a
revocation that will state the grounds for
revocation, the procedures for
requesting a regulatory hearing under
§ 1.693 on the revocation, and the
procedures for requesting reinstatement
of recognition under § 1.636.
(2) Within 10 business days of the
date of issuance of the revocation, the
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
accreditation body must notify FDA
electronically, in English, of the name of
the custodian who will maintain the
records and make them available to FDA
as required by § 1.625. The contact
information for the custodian must
provide, at a minimum, an email
address and the physical address where
the records will be located.
(d) Effect of revocation of recognition
of an accreditation body on accredited
third-party certification bodies. (1) FDA
will issue a notice of the revocation of
recognition to any accredited third-party
certification body accredited by the
accreditation body whose recognition
was revoked. The third-party
certification body’s accreditation will
remain in effect if the third-party
certification body:
(i) No later than 60 days after FDA’s
issuance of the notice of revocation,
conducts a self-assessment under
§ 1.655 and reports the results of the
self-assessment to FDA under § 1.656(b);
and
(ii) No later than 1 year after issuance
of the notice of the revocation, or the
original date of expiration of the
accreditation, whichever comes first,
becomes accredited by another
recognized accreditation body or by
FDA through direct accreditation.
(2) FDA may withdraw the
accreditation of a third-party
certification body whenever FDA
determines there is good cause for
withdrawal of accreditation under
§ 1.664(c).
(e) Effect of revocation of recognition
of an accreditation body on food or
facility certifications issued to eligible
entities. A food or facility certification
issued by a third-party certification
body accredited by a recognized
accreditation body prior to issuance of
the revocation of recognition will
remain in effect until the certificate
terminates by expiration. If FDA has
reason to believe that a certification
issued for purposes of section 801(q) or
806 of the FD&C Act is not valid or
reliable, FDA may refuse to consider the
certification in determining the
admissibility of the article of food for
which the certification was offered or in
determining the importer’s eligibility for
participation in VQIP.
(f) Public notice of revocation of
recognition. FDA will provide notice on
the Web site described in § 1.690 of the
issuance of the revocation of recognition
of an accreditation body and will
describe the basis for revocation.
PO 00000
Frm 00089
Fmt 4701
Sfmt 4700
74657
§ 1.635 What if I want to voluntarily
relinquish recognition or do not want to
renew recognition?
(a) Notice to FDA of intent to
relinquish or not to renew recognition.
A recognized accreditation body must
notify FDA electronically, in English, at
least 60 days before voluntarily
relinquishing recognition or before
allowing recognition to expire without
seeking renewal. The recognized
accreditation body must provide the
name and contact information of the
custodian who will maintain the records
required under § 1.625(a) after the date
of relinquishment or the date
recognition expires, as applicable, and
make them available to FDA as required
by § 1.625(b). The contact information
for the custodian must include, at a
minimum, an email address and the
physical address where the records
required by § 1.625(a) will be located.
(b) Notice to accredited third-party
certification bodies of intent to
relinquish or not to renew recognition.
No later than 15 business days after
notifying FDA under paragraph (a) of
this section, the recognized
accreditation body must notify any
currently accredited third-party
certification body that it intends to
relinquish recognition or to allow its
recognition to expire, specifying the
date on which relinquishment or
expiration will occur. The recognized
accreditation body must establish and
maintain records of such notification
under § 1.625.
(c)(1) Effect of voluntary
relinquishment or expiration of
recognition on third-party certification
bodies. The accreditation of a thirdparty certification body issued prior to
the relinquishment or expiration of its
accreditation body’s recognition will
remain in effect, so long as the thirdparty certification body:
(i) No later than 60 days after the date
of relinquishment or the date of
expiration of the recognition, conducts
a self-assessment under § 1.655 and
reports the results of the self-assessment
to FDA under § 1.656(b); and
(ii) No later than 1 year after the date
of relinquishment or the date of
expiration of recognition, or the original
date of the expiration of the
accreditation, whichever comes first,
becomes accredited by another
recognized accreditation body or by
FDA through direct accreditation.
(2) FDA may withdraw the
accreditation of a third-party
certification body whenever FDA
determines there is good cause for
withdrawal of accreditation under
§ 1.664(c).
E:\FR\FM\27NOR4.SGM
27NOR4
74658
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
(d) Effect of voluntary relinquishment
or expiration of recognition of an
accreditation body on food or facility
certifications issued to eligible entities.
A food or facility certification issued by
a third-party certification body
accredited by a recognized accreditation
body prior to relinquishment or
expiration of its recognition will remain
in effect until the certification expires.
If FDA has reason to believe that a
certification issued for purposes of
section 801(q) or 806 of the FD&C Act
is not valid or reliable, FDA may refuse
to consider the certification in
determining the admissibility of the
article of food for which the certification
was offered or in determining the
importer’s eligibility for participation in
VQIP.
(e) Public notice of voluntary
relinquishment or expiration of
recognition. FDA will provide notice on
the Web site described in § 1.690 of the
voluntary relinquishment or expiration
of recognition of an accreditation body
under this subpart.
§ 1.636 How do I request reinstatement of
recognition?
(a) Application following revocation.
An accreditation body that has had its
recognition revoked may seek
reinstatement by submitting a new
application for recognition under
§ 1.630. The accreditation body must
submit evidence that the grounds for
revocation have been resolved,
including evidence addressing the cause
or conditions that were the basis for
revocation and identifying measures
that have been implemented to help
ensure that such cause(s) or condition(s)
are unlikely to recur.
(b) Application following
relinquishment. An accreditation body
that previously relinquished its
recognition under § 1.635 may seek
recognition by submitting a new
application for recognition under
§ 1.630.
Accreditation of Third-Party
Certification Bodies Under This
Subpart
17065: 2012, supplemented as
necessary, in meeting the applicable
requirements of this subpart.
(b) A foreign government or an agency
of a foreign government is eligible for
accreditation if it can demonstrate that
its food safety programs, systems, and
standards meet the requirements of
§§ 1.641 through 1.645.
(c) A foreign cooperative or other
third party is eligible for accreditation if
it can demonstrate that the training and
qualifications of its agents used to
conduct audits (or, in the case of a thirdparty certification body that is an
individual, such individual) and its
internal systems and standards meet the
requirements of §§ 1.641 through 1.645.
§ 1.641 What legal authority must a thirdparty certification body have to qualify for
accreditation?
(a) A third-party certification body
seeking accreditation from a recognized
accreditation body or from FDA must
demonstrate that it has the authority (as
a governmental entity or as a legal entity
with contractual rights) to perform such
examinations of facilities, their
process(es), and food(s) as are necessary
to determine compliance with the
applicable food safety requirements of
the FD&C Act and FDA regulations, and
conformance with applicable industry
standards and practices and to issue
certifications where appropriate based
on a review of the findings of such
examinations. This includes authority
to:
(1) Review any relevant records;
(2) Conduct onsite audits of an
eligible entity; and
(3) Suspend or withdraw certification
for failure to comply with applicable
requirements.
(b) A third-party certification body
seeking accreditation must demonstrate
that it is capable of exerting the
authority (as a governmental entity or as
legal entity with contractual rights)
necessary to meet the applicable
requirements of accreditation under this
subpart if accredited.
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.640 Who is eligible to seek
accreditation?
§ 1.642 What competency and capacity
must a third-party certification body have to
qualify for accreditation?
(a) A foreign government, agency of a
foreign government, foreign cooperative,
or any other third party may seek
accreditation from a recognized
accreditation body (or, where direct
accreditation is appropriate, FDA) to
conduct food safety audits and to issue
food and facility certifications to eligible
entities under this subpart. An
accredited third-party certification body
may use documentation of conformance
with ISO/IEC 17021: 2011 or ISO/IEC
A third-party certification body
seeking accreditation must demonstrate
that it has:
(a) The resources necessary to fully
implement its certification program,
including:
(1) Adequate numbers of employees
and other agents with relevant
knowledge, skills, and experience to
effectively examine for compliance with
applicable FDA food safety
requirements of the FD&C Act and FDA
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
PO 00000
Frm 00090
Fmt 4701
Sfmt 4700
regulations, conformance with
applicable industry standards and
practices, and issuance of valid and
reliable certifications; and
(2) Adequate financial resources for
its operations; and
(b) The competency and capacity to
meet the applicable requirements of this
subpart, if accredited.
§ 1.643 What protections against conflicts
of interest must a third-party certification
body have to qualify for accreditation?
A third-party certification body must
demonstrate that it has:
(a) Implemented written measures to
protect against conflicts of interest
between the third-party certification
body (and its officers, employees, and
other agents involved in auditing and
certification activities) and clients
seeking examinations or certification
from, or audited or certified by, such
third-party certification body; and
(b) The capability to meet the conflict
of interest requirements in § 1.657, if
accredited.
§ 1.644 What quality assurance
procedures must a third-party certification
body have to qualify for accreditation?
A third-party certification body
seeking accreditation must demonstrate
that it has:
(a) Implemented a written program for
monitoring and evaluating the
performance of its officers, employees,
and other agents involved in auditing
and certification activities, including
procedures to:
(1) Identify deficiencies in its auditing
and certification program or
performance; and
(2) Quickly execute corrective actions
that effectively address any identified
deficiencies; and
(b) The capability to meet the quality
assurance requirements of § 1.655, if
accredited.
§ 1.645 What records procedures must a
third-party certification body have to qualify
for accreditation?
A third-party certification body
seeking accreditation must demonstrate
that it:
(a) Implemented written procedures
to establish, control, and retain records
(including documents and data) for a
period of time necessary to meet its
contractual and legal obligations and to
provide an adequate basis for evaluating
its program and performance; and
(b) Is capable of meeting the reporting,
notification, and records requirements
of this subpart, if accredited.
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
Requirements for Third-Party
Certification Bodies That Have Been
Accredited Under This Subpart
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.650 How must an accredited third-party
certification body ensure its audit agents
are competent and objective?
(a) An accredited third-party
certification body that uses audit agents
to conduct food safety audits must
ensure that each such audit agent meets
the following requirements with respect
to the scope of its accreditation under
this subpart. If the accredited thirdparty certification body is an individual,
that individual is also subject to the
following requirements, as applicable:
(1) Has relevant knowledge and
experience that provides an adequate
basis for the audit agent to evaluate
compliance with applicable food safety
requirements of the FD&C Act and FDA
regulations and, for consultative audits,
also includes conformance with
applicable industry standards and
practices;
(2) Has been determined by the
accredited third-party certification
body, through observations of a
representative sample of audits, to be
competent to conduct food safety audits
under this subpart relevant to the audits
they will be assigned to perform;
(3) Has completed annual food safety
training that is relevant to activities
conducted under this subpart;
(4) Is in compliance with the conflict
of interest requirements of § 1.657 and
has no other conflicts of interest with
the eligible entity to be audited that
might impair the audit agent’s
objectivity; and
(5) Agrees to notify its accredited
third-party certification body
immediately upon discovering, during a
food safety audit, any condition that
could cause or contribute to a serious
risk to the public health.
(b) In assigning an audit agent to
conduct a food safety audit at a
particular eligible entity, an accredited
third-party certification body must
determine that the audit agent is
qualified to conduct such audit under
the criteria established in paragraph (a)
of this section and based on the scope
and purpose of the audit and the type
of facility, its process(es), and food.
(c) An accredited third-party
certification body cannot use an audit
agent to conduct a regulatory audit at an
eligible entity if such audit agent
conducted a consultative audit or
regulatory audit for the same eligible
entity in the preceding 13 months,
except that such limitation may be
waived if the accredited third-party
certification body demonstrates to FDA,
under § 1.663, there is insufficient
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
access to audit agents in the country or
region where the eligible entity is
located. If the accredited third-party
certification body is an individual, that
individual is also subject to such
limitations.
§ 1.651 How must an accredited third-party
certification body conduct a food safety
audit of an eligible entity?
(a) Audit planning. Before beginning
to conduct a food safety audit under this
subpart, an accredited third-party
certification body must:
(1) Require the eligible entity seeking
a food safety audit to:
(i) Identify the scope and purpose of
the food safety audit, including the
facility, process(es), or food to be
audited; whether the food safety audit is
to be conducted as a consultative or
regulatory audit subject to the
requirements of this subpart, and if a
regulatory audit, the type(s) of
certification(s) sought; and
(ii) Provide a 30-day operating
schedule for such facility that includes
information relevant to the scope and
purpose of the audit; and
(2) Determine whether the requested
audit is within its scope of
accreditation.
(b) Authority to audit. In arranging a
food safety audit with an eligible entity
under this subpart, an accredited thirdparty certification body must ensure it
has authority, whether contractual or
otherwise, to:
(1) Conduct an unannounced audit to
determine whether the facility,
process(es), and food of the eligible
entity (within the scope of the audit)
comply with the applicable food safety
requirements of the FD&C Act and FDA
regulations and, for consultative audits,
also includes conformance with
applicable industry standards and
practices;
(2) Access any records and any area
of the facility, process(es), and food of
the eligible entity relevant to the scope
and purpose of such audit;
(3) When, for a regulatory audit,
sampling and analysis is conducted, the
accredited third-party certification body
must use a laboratory that is accredited
in accordance with:
(i) ISO/IEC 17025:2005; or
(ii) Another laboratory accreditation
standard that provides at least a similar
level of assurance in the validity and
reliability of sampling methodologies,
analytical methodologies, and analytical
results.
(4) Notify FDA immediately if, at any
time during a food safety audit, the
accredited third-party certification body
(or its audit agent, where applicable)
discovers a condition that could cause
PO 00000
Frm 00091
Fmt 4701
Sfmt 4700
74659
or contribute to a serious risk to the
public health and provide information
required by § 1.656(c);
(5) Prepare reports of audits
conducted under this subpart as
follows:
(i) For consultative audits, prepare
reports that contain the elements
specified in § 1.652(a) and maintain
such records, subject to FDA access in
accordance with section 414 of the
FD&C Act; and
(ii) For regulatory audits, prepare
reports that contain the elements
specified in § 1.652(b) and submit them
to FDA and to its recognized
accreditation body (where applicable)
under § 1.656(a); and
(6) Allow FDA and the recognized
accreditation body that accredited such
third-party certification body, if any, to
observe any food safety audit conducted
under this subpart for purposes of
evaluating the accredited third-party
certification body’s performance under
§§ 1.621 and 1.662 or, where
appropriate, the recognized
accreditation body’s performance under
§§ 1.622 and 1.633.
(c) Audit protocols. An accredited
third-party certification body (or its
audit agent, where applicable) must
conduct a food safety audit in a manner
consistent with the identified scope and
purpose of the audit and within the
scope of its accreditation.
(1) With the exception of records
review, which may be scheduled, the
audit must be conducted without
announcement during the 30-day
timeframe identified under paragraph
(a)(1)(ii) of this section and must be
focused on determining whether the
facility, its process(es), and food are in
compliance with applicable food safety
requirements of the FD&C Act and FDA
regulations, and, for consultative audits,
also includes conformance with
applicable industry standards and
practices that are within the scope of the
audit.
(2) The audit must include records
review prior to the onsite examination;
an onsite examination of the facility, its
process(es), and the food that results
from such process(es); and where
appropriate or when required by FDA,
environmental or product sampling and
analysis. When, for a regulatory audit,
sampling and analysis is conducted, the
accredited third-party certification body
must use a laboratory that is accredited
in accordance with paragraph (b)(3) of
this section. The audit may include any
other activities necessary to determine
compliance with applicable food safety
requirements of the FD&C Act and FDA
regulations, and, for consultative audits,
also includes conformance with
E:\FR\FM\27NOR4.SGM
27NOR4
74660
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
applicable industry standards and
practices.
(3) The audit must be sufficiently
rigorous to allow the accredited thirdparty certification body to determine
whether the eligible entity is in
compliance with the applicable food
safety requirements of the FD&C Act
and FDA regulations, and for
consultative audits, also includes
conformance with applicable industry
standards and practices, at the time of
the audit; and for a regulatory audit,
whether the eligible entity, given its
food safety system and practices would
be likely to remain in compliance with
the applicable food safety requirements
of the FD&C Act and FDA regulations
for the duration of any certification
issued under this subpart. An accredited
third-party certification body (or its
audit agent, where applicable) that
identifies a deficiency requiring
corrective action may verify the
effectiveness of a corrective action once
implemented by the eligible entity but
must not recommend or provide input
to the eligible entity in identifying,
selecting, or implementing the
corrective action.
(4) Audit observations and other data
and information from the examination,
including information on corrective
actions, must be documented and must
be used to support the findings
contained in the audit report required
by § 1.652 and maintained as a record
under § 1.658.
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.652 What must an accredited thirdparty certification body include in food
safety audit reports?
(a) Consultative audits. An accredited
third-party certification body must
prepare a report of a consultative audit
not later than 45 days after completing
such audit and must provide a copy of
such report to the eligible entity and
must maintain such report under
§ 1.658, subject to FDA access in
accordance with the requirements of
section 414 of the FD&C Act. A
consultative audit report must include:
(1) The identity of the site or location
where the consultative audit was
conducted, including:
(i) The name, address and the FDA
Establishment Identifier of the facility
subject to the consultative audit and a
unique facility identifier, if designated
by FDA; and
(ii) Where applicable, the FDA
registration number assigned to the
facility under subpart H of this part;
(2) The identity of the eligible entity,
if different from the facility, including
the name, address, the FDA
Establishment Identifier and unique
facility identifier, if designated by FDA,
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
and, where applicable, registration
number under subpart H of this part;
(3) The name(s) and telephone
number(s) of the person(s) responsible
for compliance with the applicable food
safety requirements of the FD&C Act
and FDA regulations
(4) The dates and scope of the
consultative audit;
(5) The process(es) and food(s)
observed during such consultative
audit; and
(6) Any deficiencies observed that
relate to or may influence a
determination of compliance with the
applicable food safety requirements of
the FD&C Act and FDA regulations that
require corrective action, the corrective
action plan, and the date on which such
corrective actions were completed. Such
consultative audit report must be
maintained as a record under § 1.658
and must be made available to FDA in
accordance with section 414 of the
FD&C Act.
(b) Regulatory audits. An accredited
third-party certification body must, no
later than 45 days after completing a
regulatory audit, prepare and submit
electronically, in English, to FDA and to
its recognized accreditation body (or, in
the case of direct accreditation, only to
FDA) and must provide to the eligible
entity a report of such regulatory audit
that includes the following information:
(1) The identity of the site or location
where the regulatory audit was
conducted, including:
(i) The name, address, and FDA
Establishment Identifier of the facility
subject to the regulatory audit and a
unique facility identifier, if designated
by FDA; and
(ii) Where applicable, the FDA
registration number assigned to the
facility under subpart H of this part;
(2) The identity of the eligible entity,
if different from the facility, including
the name, address, FDA Establishment
Identifier, and unique facility identifier,
if designated by FDA, and, where
applicable, registration number under
subpart H of this part;
(3) The dates and scope of the
regulatory audit;
(4) The process(es) and food(s)
observed during such regulatory audit;
(5) The name(s) and telephone
number(s) of the person(s) responsible
for the facility’s compliance with the
applicable food safety requirements of
the FD&C Act and FDA regulations;
(6) Any deficiencies observed during
the regulatory audit that present a
reasonable probability that the use of or
exposure to a violative product:
(i) Will cause serious adverse health
consequences or death to humans and
animals; or
PO 00000
Frm 00092
Fmt 4701
Sfmt 4700
(ii) May cause temporary or medically
reversible adverse health consequences
or where the probability of serious
adverse health consequences or death to
humans or animals is remote;
(7) The corrective action plan for
addressing each deficiency identified
under paragraph (b)(6) of this section,
unless corrective action was
implemented immediately and verified
onsite by the accredited third-party
certification body (or its audit agent,
where applicable);
(8) Whether any sampling and
laboratory analysis (e.g., under a
microbiological sampling plan) is
performed in or used by the facility; and
(9) Whether the eligible entity has
made significant changes to the facility,
its process(es), or food products during
the 2 years preceding the regulatory
audit.
(c) Submission of regulatory audit
report. An accredited third-party
certification body must submit a
completed regulatory audit report as
required by paragraph (b) of this section,
regardless of whether the certification
body issued a food or facility
certification to the eligible entity.
(d) Notice and appeals of adverse
regulatory audit results. An accredited
third-party certification body must
notify an eligible entity of a denial of
certification and must establish and
implement written procedures for
receiving and addressing appeals from
eligible entities challenging such
adverse regulatory audit results and for
investigating and deciding on appeals in
a fair and meaningful manner. The
appeals procedures must provide
similar protections to those offered by
FDA under §§ 1.692 and 1.693,
including requirements to:
(1) Make the appeals procedures
publicly available;
(2) Use competent persons, who may
or may not be external to the accredited
third-party certification body, who are
free from bias or prejudice and have not
participated in the certification decision
or be subordinate to a person who has
participated in the certification
decision, to investigate and decide
appeals;
(3) Advise the eligible entity of the
final decision on its appeal; and
(4) Maintain records under § 1.658 of
the appeal, the final decision, and the
basis for such decision.
§ 1.653 What must an accredited thirdparty certification body do when issuing
food or facility certifications?
(a) Basis for issuance of a food or
facility certification. (1) Prior to issuing
a food or facility certification to an
eligible entity, an accredited third-party
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
certification body (or, where applicable,
an audit agent on its behalf) must
complete a regulatory audit that meets
the requirements of § 1.651 and any
other activities that may be necessary to
determine compliance with the
applicable food safety requirements of
the FD&C Act and FDA regulations.
(2) If, as a result of an observation
during a regulatory audit, an eligible
entity must implement a corrective
action plan to address a deficiency, an
accredited third-party certification body
may not issue a food or facility
certification to such entity until after the
accredited third-party certification body
verifies that eligible entity has
implemented the corrective action plan
through methods that reliably verify the
corrective action was taken and as a
result the identified deficiency is
unlikely to recur, except onsite
verification is required for corrective
actions required to address deficiencies
that are the subject of a notification
under § 1.656(c).
(3) An accredited third-party
certification body must consider each
observation and the data and other
information from a regulatory audit and
other activities conducted under § 1.651
to determine whether the entity was in
compliance with the applicable food
safety requirements of the FD&C Act
and FDA regulations at the time of the
audit and whether the eligible entity,
given its food safety system and
practices, would be likely to remain in
compliance for the duration of any
certification issued under this subpart.
(4) A single regulatory audit may
result in issuance of one or more food
or facility certifications under this
subpart, provided that the requirements
of issuance are met as to each such
certification.
(5) Where an accredited third-party
certification body uses an audit agent to
conduct a regulatory audit of an eligible
entity under this subpart, the accredited
third-party certification body (and not
the audit agent) must make the
determination whether to issue a food or
facility certification based on the results
of such regulatory audit.
(b) Issuance of a food or facility
certification and submission to FDA. (1)
Any food or facility certification issued
under this subpart must be submitted to
FDA electronically and in English. The
accredited third-party certification body
may issue a food or facility certification
under this subpart for a term of up to
12 months.
(2) A food or facility certification
must contain, at a minimum, the
following elements:
(i) The name and address of the
accredited third-party certification body
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
and the scope and date of its
accreditation under this subpart;
(ii) The name, address, FDA
Establishment Identifier, and unique
facility identifier, if designated by FDA,
of the eligible entity to which the food
or facility certification was issued;
(iii) The name, address, FDA
Establishment Identifier, and unique
facility identifier, if designated by FDA,
of the facility where the regulatory audit
was conducted, if different than the
eligible entity;
(iv) The scope and date(s) of the
regulatory audit and the certification
number;
(v) The name of the audit agent(s)
(where applicable) conducting the
regulatory audit; and
(vi) The scope of the food or facility
certification, date of issuance, and date
of expiration.
(3) FDA may refuse to accept any
certification for purposes of section
801(q) or 806 of the FD&C Act, if FDA
determines, that such food or facility
certification is not valid or reliable
because, for example:
(i) The certification is offered in
support of the admissibility of a food
that was not within the scope of the
certification;
(ii) The certification was issued by an
accredited third-party certification body
acting outside the scope of its
accreditation under this subpart; or
(iii) The certification was issued
without reliable demonstration that the
requirements of paragraph (a) of this
section were met.
§ 1.654 When must an accredited thirdparty certification body monitor an eligible
entity that it has issued a food or facility
certification?
If an accredited third-party
certification body has reason to believe
that an eligible entity to which it issued
a food or facility certification may no
longer be in compliance with the
applicable food safety requirements of
the FD&C Act and FDA regulations, the
accredited third-party certification body
must conduct any monitoring (including
an onsite audit) of such eligible entity
necessary to determine whether the
entity is in compliance with such
requirements. The accredited thirdparty certification body must
immediately notify FDA, under
§ 1.656(d), if it withdraws or suspends
a food or facility certification because it
determines that the entity is no longer
in compliance with the applicable food
safety requirements of the FD&C Act
and FDA regulations. The accredited
third-party certification body must
maintain records of such monitoring
under § 1.658.
PO 00000
Frm 00093
Fmt 4701
Sfmt 4700
74661
§ 1.655 How must an accredited third-party
certification body monitor its own
performance?
(a) An accredited third-party
certification body must annually, upon
FDA request made for cause, or as
required under § 1.631(f)(1)(i),
§ 1.634(d)(1)(i), or § 1.635(c)(1)(i),
conduct a self-assessment that includes
evaluation of compliance with this
subpart, including:
(1) The performance of its officers,
employees, or other agents involved in
auditing and certification activities,
including the performance of audit
agents in examining facilities,
process(es), and food using the
applicable food safety requirements of
the FD&C Act and FDA regulations;
(2) The degree of consistency among
its officers, employees, or other agents
involved in auditing and certification
activities, including evaluating whether
its audit agents interpreted audit
protocols in a consistent manner;
(3) The compliance of the accredited
third-party certification body and its
officers, employees, and other agents
involved in auditing and certification
activities, with the conflict of interest
requirements of § 1.657;
(4) Actions taken in response to the
results of any assessments conducted by
FDA or, where applicable, the
recognized accreditation body under
§ 1.621; and
(5) As requested by FDA, any other
aspects of its performance relevant to a
determination of whether the accredited
third-party certification body is in
compliance with this subpart.
(b) As a means to assess its
performance, the accredited third-party
certification body may evaluate the
compliance of one or more of eligible
entities to which a food or facility
certification was issued under this
subpart.
(c) Based on the assessments and
evaluations conducted under
paragraphs (a) and (b) of this section,
the accredited third-party certification
body must:
(1) Identify any deficiencies in
complying with the requirements of this
subpart;
(2) Quickly implement corrective
action(s) that effectively address the
identified deficiencies; and
(3) Under § 1.658, establish and
maintain records of such corrective
action(s).
(d) The accredited third-party
certification body must prepare a
written report of the results of its selfassessment that includes:
(1) A description of any corrective
action(s) taken under paragraph (c) of
this section;
E:\FR\FM\27NOR4.SGM
27NOR4
74662
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
(2) A statement disclosing the extent
to which the accredited third-party
certification body, and its officers,
employees, and other agents involved in
auditing and certification activities,
complied with the conflict of interest
requirements in § 1.657; and
(3) A statement attesting to the extent
to which the accredited third-party
certification body complied with the
applicable requirements of this subpart.
(e) An accredited third-party
certification body may use a report,
supplemented as necessary, on its
conformance to ISO/IEC 17021: 2011 or
ISO/IEC 17065: 2012 in meeting the
requirements of this section.
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.656 What reports and notifications
must an accredited third-party certification
body submit?
(a) Reporting results of regulatory
audits. An accredited third-party
certification body must submit a
regulatory audit report, as described in
§ 1.652(b), electronically, in English, to
FDA and to the recognized accreditation
body that granted its accreditation
(where applicable), no later than 45
days after completing such audit.
(b) Reporting results of accredited
third-party certification body selfassessments. An accredited third-party
certification body must submit the
report of its annual self-assessment
required by § 1.655 electronically to its
recognized accreditation body (or, in the
case of direct accreditation,
electronically and in English, to FDA),
within 45 days of the anniversary date
of its accreditation under this subpart.
For an accredited third-party
certification body subject to an FDA
request for cause, or § 1.631(f)(1)(i),
§ 1.634(d)(1)(i), or § 1.635(c)(1)(i), the
report of its self-assessment must be
submitted to FDA electronically, in
English, within 60 days of the FDA
request, denial of renewal, revocation,
or relinquishment of recognition of the
accreditation body that granted its
accreditation. Such report must include
an up-to-date list of any audit agents it
uses to conduct audits under this
subpart.
(c) Notification to FDA of a serious
risk to public health. An accredited
third-party certification body must
immediately notify FDA electronically,
in English, if during a regulatory or
consultative audit, any of its audit
agents or the accredited third-party
certification body itself discovers a
condition that could cause or contribute
to a serious risk to the public health,
providing the following information:
(1) The name, physical address, and
unique facility identifier, if designated
by FDA, of the eligible entity subject to
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
the audit, and, where applicable, the
registration number under subpart H of
this part;
(2) The name, physical address, and
unique facility identifier, if designated
by FDA, of the facility where the
condition was discovered (if different
from that of the eligible entity) and,
where applicable, the registration
number assigned to the facility under
subpart H of this part; and
(3) The condition for which
notification is submitted.
(d) Immediate notification to FDA of
withdrawal or suspension of a food or
facility certification. An accredited
third-party certification body must
notify FDA electronically, in English,
immediately upon withdrawing or
suspending any food or facility
certification of an eligible entity and the
basis for such action.
(e) Notification to its recognized
accreditation body or an eligible entity.
(1) After notifying FDA under paragraph
(c) of this section, an accredited thirdparty certification body must
immediately notify the eligible entity of
such condition and must immediately
thereafter notify the recognized
accreditation body that granted its
accreditation, except for third-party
certification bodies directly accredited
by FDA. Where feasible and reliable, the
accredited third-party certification body
may contemporaneously notify its
recognized accreditation body and/or
the eligible entity when notifying FDA.
(2) An accredited third-party
certification body must notify its
recognized accreditation body (or, in the
case of direct accreditation, FDA)
electronically, in English, within 30
days after making any significant change
that would affect the manner in which
it complies with the requirements of
this subpart and must include with such
notification the following information:
(i) A description of the change; and
(ii) An explanation for the purpose of
the change.
§ 1.657 How must an accredited third-party
certification body protect against conflicts
of interest?
(a) An accredited third-party
certification body must implement a
written program to protect against
conflicts of interest between the
accredited third-party certification body
(and its officers, employees, and other
agents involved in auditing and
certification activities) and an eligible
entity seeking a food safety audit or food
or facility certification from, or audited
or certified by, such accredited thirdparty certification body, including the
following:
PO 00000
Frm 00094
Fmt 4701
Sfmt 4700
(1) Ensuring that the accredited thirdparty certification body and its officers,
employees, or other agents involved in
auditing and certification activities do
not own, operate, have a financial
interest in, manage, or otherwise control
an eligible entity to be certified, or any
affiliate, parent, or subsidiary of the
entity;
(2) Ensuring that the accredited thirdparty certification body and, its officers,
employees, or other agents involved in
auditing and certification activities are
not owned, managed, or controlled by
any person that owns or operates an
eligible entity to be certified;
(3) Ensuring that an audit agent of the
accredited third-party certification body
does not own, operate, have a financial
interest in, manage, or otherwise control
an eligible entity or any affiliate, parent,
or subsidiary of the entity that is subject
to a consultative or regulatory audit by
the audit agent; and
(4) Prohibiting an accredited thirdparty certification body’s officer,
employee, or other agent involved in
auditing and certification activities from
accepting any money, gift, gratuity, or
other item of value from the eligible
entity to be audited or certified under
this subpart.
(5) The items specified in paragraph
(a)(4) of this section do not include:
(i) Money representing payment of
fees for auditing and certification
services and reimbursement of direct
costs associated with an onsite audit by
the third-party certification body; or
(ii) Lunch of de minimis value
provided during the course of an audit
and on the premises where the audit is
conducted, if necessary to facilitate the
efficient conduct of the audit.
(b) An accredited third-party
certification body may accept the
payment of fees for auditing and
certification services and the
reimbursement of direct costs associated
with an audit of an eligible entity only
after the date on which the report of
such audit was completed or the date a
food or facility certification was issued,
whichever is later. Such payment is not
considered a conflict of interest for
purposes of paragraph (a) of this section.
(c) The financial interests of the
spouses and children younger than 18
years of age of accredited third-party
certification body’s officers, employees,
and other agents involved in auditing
and certification activities will be
considered the financial interests of
such officers, employees, and other
agents involved in auditing and
certification activities.
(d) An accredited third-party
certification body must maintain on its
Web site an up-to-date list of the eligible
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
entities to which it has issued food or
facility certifications under this subpart.
For each such eligible entity, the Web
site also must identify the duration and
scope of the food or facility certification
and date(s) on which the eligible entity
paid the accredited third-party
certification body any fee or
reimbursement associated with such
audit or certification.
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.658 What records requirements must a
third-party certification body that has been
accredited meet?
(a) A third-party certification body
that has been accredited must maintain
electronically for 4 years records created
during its period of accreditation
(including documents and data) that
document compliance with this subpart,
including:
(1) Any audit report and other
documents resulting from a consultative
audit conducted under this subpart,
including the audit agent’s observations,
correspondence with the eligible entity,
verification of any corrective action(s)
taken to address deficiencies identified
during the audit;
(2) Any request for a regulatory audit
from an eligible entity;
(3) Any audit report and other
documents resulting from a regulatory
audit conducted under this subpart,
including the audit agent’s observations,
correspondence with the eligible entity,
verification of any corrective action(s)
taken to address deficiencies identified
during the audit, and, when sampling
and analysis is conducted, laboratory
testing records and results from a
laboratory that is accredited in
accordance with § 1.651(b)(3), and
documentation demonstrating such
laboratory is accredited in accordance
with § 1.651(b)(3);
(4) Any notification submitted by an
audit agent to the accredited third-party
certification body in accordance with
§ 1.650(a)(5);
(5) Any challenge to an adverse
regulatory audit decision and the
disposition of the challenge;
(6) Any monitoring it conducted of an
eligible entity to which food or facility
certification was issued;
(7) Its self-assessments and corrective
actions taken to address any
deficiencies identified during a selfassessment; and
(8) Significant changes to its auditing
or certification program that might affect
compliance with this subpart.
(b) An accredited third-party
certification body must make the
records of a consultative audit required
by paragraph (a)(1) of this section
available to FDA in accordance with
section 414 of the FD&C Act.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
(c) An accredited third-party
certification body must make the
records required by paragraphs (a)(2)
through (8) of this section available for
inspection and copying promptly upon
written request of an authorized FDA
officer or employee at the place of
business of the accredited third-party
certification body or at a reasonably
accessible location. If such records are
requested by FDA electronically, the
records must be submitted
electronically not later than 10 business
days after the date of the request.
Additionally, if the records are
maintained in a language other than
English, an accredited third-party
certification body must electronically
submit an English translation within a
reasonable time.
Procedures for Accreditation of ThirdParty Certification Bodies Under This
Subpart
§ 1.660 Where do I apply for accreditation
or renewal of accreditation by a recognized
accreditation body and what happens once
the recognized accreditation body decides
on my application?
(a) Submission of accreditation or
renewal application to a recognized
accreditation body. A third-party
certification body seeking accreditation
must submit its request for accreditation
or renewal of accreditation by a
recognized accreditation body identified
on the Web site described in § 1.690.
(b) Notice of records custodian after
denial of application for renewal of
accreditation. An applicant whose
renewal application was denied by a
recognized accreditation body must
notify FDA electronically, in English,
within 10 business days of the date of
issuance of a denial of accreditation or
denial of the renewal application, of the
name and contact information of the
custodian who will maintain the records
required by § 1.658(a) and make them
available to FDA as required by
§ 1.658(b) and (c). The contact
information for the custodian must
include, at a minimum, an email
address and the physical address where
the records required by § 1.658(a) will
be located.
(c) Effect of denial of an application
for renewal of accreditation on food or
facility certifications issued to eligible
entities. A food or facility certification
issued by an accredited third-party
certification body prior to issuance of
the denial of its renewal application l
will remain in effect until the
certification expires. If FDA has reason
to believe that a certification issued for
purposes of section 801(q) or 806 of the
FD&C Act is not valid or reliable, FDA
may refuse to consider the certification
PO 00000
Frm 00095
Fmt 4701
Sfmt 4700
74663
in determining the admissibility of the
article of food for which the certification
was offered or in determining the
importer’s eligibility for participation in
VQIP.
(d) Public notice of denial of an
application for renewal of accreditation.
FDA will provide notice on the Web site
described in § 1.690 of the date of
issuance of a denial of renewal of
accreditation of a third-party
certification body that had previous
been accredited.
§ 1.661 What is the duration of
accreditation by a recognized accreditation
body?
A recognized accreditation body may
grant accreditation to a third-party
certification body under this subpart for
a period not to exceed 4 years.
§ 1.662 How will FDA monitor accredited
third-party certification bodies?
(a) FDA will periodically evaluate the
performance of each accredited thirdparty certification body to determine
whether the accredited third-party
certification body continues to comply
with the applicable requirements of this
subpart and whether there are
deficiencies in the performance of the
accredited third-party certification body
that, if not corrected, would warrant
withdrawal of its accreditation under
§ 1.664. FDA will evaluate each directly
accredited third-party certification body
annually. For a third-party certification
body accredited by a recognized
accreditation body, FDA will evaluate
an accredited third-party certification
body not later than 3 years after the date
of accreditation for a 4-year term of
accreditation, or by no later than the
mid-term point for accreditation granted
for less than 4 years. FDA may conduct
additional performance assessments of
an accredited third-party certification
body at any time.
(b) In evaluating the performance of
an accredited third-party certification
body under paragraph (a) of this section,
FDA may review any one or more of the
following:
(1) Regulatory audit reports and food
and facility certifications;
(2) The accredited third-party
certification body’s self-assessments
under § 1.655;
(3) Reports of assessments by a
recognized accreditation body under
§ 1.621;
(4) Documents and other information
relevant to a determination of the
accredited third-party certification
body’s compliance with the applicable
requirements of this subpart; and
(5) Information obtained by FDA,
including during inspections, audits,
E:\FR\FM\27NOR4.SGM
27NOR4
74664
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
onsite observations, or investigations, of
one or more eligible entities to which a
food or facility certification was issued
by such accredited third-party
certification body.
(c) FDA may conduct its evaluation of
an accredited third-party certification
body through a site visit to an
accredited third-party certification
body’s headquarters (or other location
that manages audit agents conducting
food safety audits under this subpart, if
different than its headquarters), through
onsite observation of an accredited third
party certification body’s performance
during a food safety audit of an eligible
entity, or through document review.
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.663 How do I request an FDA waiver or
waiver extension for the 13-month limit for
audit agents conducting regulatory audits?
(a) An accredited third-party
certification body may submit a request
to FDA to waive the requirements of
§ 1.650(c) preventing an audit agent
from conducting a regulatory audit of an
eligible entity if the audit agent (or, in
the case that the third-party certification
body is an individual, the third-party
certification body) has conducted a food
safety audit of such entity during the
previous 13 months. The accredited
third-party certification body seeking a
waiver or waiver extension must
demonstrate there is insufficient access
to audit agents and any third-party
certification bodies that are comprised
of an individual in the country or region
where the eligible entity is located.
(b) Requests for a waiver or waiver
extension and all documents provided
in support of the request must be
submitted to FDA electronically, in
English. The requestor must provide
such translation and interpretation
services as are needed by FDA to
process the request.
(c) The request must be signed by the
requestor or by any individual
authorized to act on behalf of the
requestor for purposes of seeking such
waiver or waiver extension.
(d) FDA will review requests for
waivers and waiver extensions on a first
in, first out basis according to the date
on which the completed submission is
received; however, FDA may prioritize
the review of specific requests to meet
the needs of the program. FDA will
evaluate any completed waiver request
to determine whether the criteria for
waiver have been met.
(e) FDA will notify the requestor
whether the request for a waiver or
waiver extension is approved or denied.
(f) If FDA approves the request,
issuance of the waiver will state the
duration of the waiver and list any
limitations associated with it. If FDA
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
denies the request, the issuance of a
denial of a waiver request will state the
basis for denial and will provide the
address and procedures for requesting
reconsideration of the request under
§ 1.691.
(g) Unless FDA notifies a requestor
that its waiver request has been
approved, an accredited third-party
certification body must not use the audit
agent to conduct a regulatory audit of
such eligible entity until the 13-month
limit in § 1.650(c) has elapsed.
§ 1.664 When would FDA withdraw
accreditation?
(a) Mandatory withdrawal. FDA will
withdraw accreditation from a thirdparty certification body:
(1) Except as provided in paragraph
(b) of this section, if the food or facility
certified under this subpart is linked to
an outbreak of foodborne illness or
chemical or physical hazard that has a
reasonable probability of causing
serious adverse health consequences or
death in humans or animals;
(2) Following an evaluation and
finding by FDA that the third-party
certification body no longer complies
with the applicable requirements of this
subpart; or
(3) Following its refusal to allow FDA
to access records under § 1.658 or to
conduct an audit, assessment, or
investigation necessary to ensure
continued compliance with this subpart.
(b) Exception. FDA may waive
mandatory withdrawal under paragraph
(a)(1) of this section, if FDA:
(1) Conducts an investigation of the
material facts related to the outbreak of
human or animal illness;
(2) Reviews the relevant audit records
and the actions taken by the accredited
third-party certification body in support
of its decision to certify; and
(3) Determines that the accredited
third-party certification body satisfied
the requirements for issuance of
certification under this subpart.
(c) Discretionary withdrawal. FDA
may withdraw accreditation, in whole
or in part, from a third-party
certification body when such third-party
certification body is accredited by an
accreditation body for which
recognition is revoked under § 1.634, if
FDA determines there is good cause for
withdrawal, including:
(1) Demonstrated bias or lack of
objectivity when conducting activities
under this subpart; or
(2) Performance that calls into
question the validity or reliability of its
food safety audits or certifications.
(d) Records access. FDA may request
records of the accredited third-party
certification body under § 1.658 and,
PO 00000
Frm 00096
Fmt 4701
Sfmt 4700
where applicable, may request records
under § 1.625 of an accreditation body
that has been recognized under § 1.625,
when considering withdrawal under
paragraph (a)(1), (a)(2), or (c) of this
section.
(e) Notice to the third-party
certification body of withdrawal of
accreditation. (1) FDA will notify a
third-party certification body of the
withdrawal of its accreditation through
issuance of a withdrawal that will state
the grounds for withdrawal, the
procedures for requesting a regulatory
hearing under § 1.693 on the
withdrawal, and the procedures for
requesting reaccreditation under
§ 1.666.
(2) Within 10 business days of the
date of issuance of the withdrawal, the
third-party certification body must
notify FDA electronically, in English, of
the name of the custodian who will
maintain the records required by
§ 1.658, and provide contact information
for the custodian, which will at least
include an email address, and the street
address where the records will be
located.
(f) Effect of withdrawal of
accreditation on eligible entities. A food
or facility certification issued by a thirdparty certification body prior to
withdrawal will remain in effect until
the certification terminates by
expiration. If FDA has reason to believe
that a certification issued for purposes
of section 801(q) or 806 of the FD&C Act
is not valid or reliable, FDA may refuse
to consider the certification in
determining the admissibility of the
article of food for which the certification
was offered or in determining the
importer’s eligibility for participation in
VQIP.
(g) Effect of withdrawal of
accreditation on recognized
accreditation bodies. (1) FDA will notify
a recognized accreditation body if the
accreditation of a third-party
certification body it accredited is
withdrawn by FDA. Such accreditation
body’s recognition will remain in effect
if, no later than 60 days after
withdrawal, the accreditation body
conducts a self-assessment under
§ 1.622 and reports the results of the
self-assessment to FDA as required by
§ 1.623(b).
(2) FDA may revoke the recognition of
an accreditation body whenever FDA
determines there is good cause for
revocation of recognition under § 1.634.
(h) Public notice of withdrawal
accreditation. FDA will provide notice
on the Web site described in § 1.690 of
its withdrawal of accreditation of a
third-party certification body and
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
§ 1.666
provide a description of the basis for
withdrawal.
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.665 What if I want to voluntarily
relinquish accreditation or do not want to
renew accreditation?
(a) Notice to FDA of intent to
relinquish or not to renew accreditation.
A third-party certification body must
notify FDA electronically, in English, at
least 60 days before voluntarily
relinquishing accreditation or before
allowing accreditation to expire without
seeking renewal. The certification body
must provide the name and contact
information of the custodian who will
maintain the records required under
§ 1.658(a) after the date of
relinquishment or the date accreditation
expires, as applicable, and make them
available to FDA as required by
§ 1.658(b) and (c). The contact
information for the custodian must
include, at a minimum, an email
address and the physical address where
the records required by § 1.658(a) will
be located.
(b) Notice to recognized accreditation
body and eligible entities of intent to
relinquish or not to renew accreditation.
No later than 15 business days after
notifying FDA under paragraph (a) of
this section, the certification body must
notify its recognized accreditation body
and any eligible entity with current
certifications that it intends to
relinquish accreditation or to allow its
accreditation to expire, specifying the
date on which relinquishment or
expiration will occur. The recognized
accreditation body must establish and
maintain records of such notification
under § 1.625(a).
(c) Effect of voluntary relinquishment
or expiration of accreditation on food or
facility certifications issued to eligible
entities. A food or facility certification
issued by a third-party certification
body prior to relinquishment or
expiration of its accreditation will
remain in effect until the certification
expires. If FDA has reason to believe
that a certification issued for purposes
of section 801(q) or 806 of the FD&C Act
is not valid or reliable, FDA may refuse
to consider the certification in
determining the admissibility of the
article of food for which the certification
was offered or in determining the
importer’s eligibility for participation in
VQIP.
(d) Public notice of voluntary
relinquishment or expiration of
accreditation. FDA will provide notice
on the Web site described in § 1.690 of
the voluntary relinquishment or
expiration of accreditation of a
certification body under this subpart.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
How do I request reaccreditation?
(a) Application following withdrawal.
FDA will reinstate the accreditation of
a third-party certification body for
which it has withdrawn accreditation:
(1) If, in the case of direct
accreditation, FDA determines, based on
evidence presented by the third-party
certification body, that the third-party
certification body satisfies the
applicable requirements of this subpart
and adequate grounds for withdrawal no
longer exist; or
(2) In the case of a third-party
certification body accredited by an
accreditation body for which
recognition has been revoked under
§ 1.634:
(i) If the third-party certification body
becomes accredited by another
recognized accreditation body or by
FDA through direct accreditation no
later than 1 year after withdrawal of
accreditation, or the original date of the
expiration of accreditation, whichever
comes first; or
(ii) Under such conditions as FDA
may impose in withdrawing
accreditation.
(b) Application following voluntary
relinquishment. A third-party
certification body that previously
relinquished its accreditation under
§ 1.665 may seek accreditation by
submitting a new application for
accreditation under § 1.660 or, where
applicable, § 1.670.
Additional Procedures for Direct
Accreditation of Third-Party
Certification Bodies Under This
Subpart
§ 1.670 How do I apply to FDA for direct
accreditation or renewal of direct
accreditation?
(a) Eligibility. (1) FDA will accept
applications from third-party
certification bodies for direct
accreditation or renewal of direct
accreditation only if FDA determines
that it has not identified and recognized
an accreditation body to meet the
requirements of section 808 of the FD&C
Act within 2 years after establishing the
accredited third-party audits and
certification program. Such FDA
determination may apply, as
appropriate, to specific types of thirdparty certification bodies, types of
expertise, or geographic location; or
through identification by FDA of any
requirements of section 808 of the FD&C
Act not otherwise met by previously
recognized accreditation bodies. FDA
will only accept applications for direct
accreditation and renewal applications
that are within the scope of the
determination.
PO 00000
Frm 00097
Fmt 4701
Sfmt 4700
74665
(2) FDA may revoke or modify a
determination under paragraph (a)(1) of
this section if FDA subsequently
identifies and recognizes an
accreditation body that affects such
determination.
(3) FDA will provide notice on the
Web site described in § 1.690 of a
determination under paragraph (a)(1) of
this section and of a revocation or
modification of the determination under
paragraph (a)(1) of this section, as
described in paragraph (a)(2) of this
section.
(b) Application for direct
accreditation or renewal of direct
accreditation. (1) A third-party
certification body seeking direct
accreditation or renewal of direct
accreditation must submit an
application to FDA, demonstrating that
it is within the scope of the
determination issued under paragraph
(a)(1) of this section, and it meets the
eligibility requirements of § 1.640.
(2) Applications and all documents
provided as part of the application
process must be submitted
electronically, in English. An applicant
must provide such translation and
interpretation services as are needed by
FDA to process the application,
including during an onsite audit of the
applicant.
(3) The application must be signed in
the manner designated by FDA by an
individual authorized to act on behalf of
the applicant for purposes of seeking or
renewing direct accreditation.
§ 1.671 How will FDA review my
application for direct accreditation or
renewal of direct accreditation and what
happens once FDA decides on my
application?
(a) Review of a direct accreditation or
renewal application. FDA will examine
a third-party certification body’s direct
accreditation or renewal application for
completeness and notify the applicant
of any deficiencies. FDA will review
applications for direct accreditation and
for renewal of direct accreditation on a
first in, first out basis according to the
date the completed submission is
received; however, FDA may prioritize
the review of specific applications to
meet the needs of the program.
(b) Evaluation of a direct
accreditation or renewal application.
FDA will evaluate any completed
application to determine whether the
applicant meets the requirements for
direct accreditation under this subpart.
If FDA does not reach a final decision
on a renewal application before the
expiration of the direct accreditation,
FDA may extend the duration of such
direct accreditation for a specified
E:\FR\FM\27NOR4.SGM
27NOR4
mstockstill on DSK4VPTVN1PROD with RULES4
74666
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
period of time or until the Agency
reaches a final decision on the renewal
application.
(c) Notice of approval or denial. FDA
will notify the applicant that its direct
accreditation or renewal application has
been approved through issuance of or
denied.
(d) Issuance of direct accreditation. If
an application has been approved, the
issuance of the direct accreditation that
will list any limitations associated with
the accreditation.
(e) Issuance of denial of direct
accreditation. If FDA issues a denial of
direct accreditation or denial of a
renewal application, the issuance of the
denial of direct accreditation will state
the basis for such denial and provide
the procedures for requesting
reconsideration of the application under
§ 1.691.
(f) Notice of records custodian after
denial of application for renewal of
direct accreditation. An applicant
whose renewal application was denied
must notify FDA electronically, in
English, within 10 business days of the
date of issuance of a denial of a renewal
application, of the name and contact
information of the custodian who will
maintain the records required by
§ 1.658(a) and make them available to
FDA as required by § 1.658(b) and (c).
The contact information for the
custodian must include, at a minimum,
an email address and the physical
address where the records required by
§ 1.658(b) will be located.
(g) Effect of denial of renewal of direct
accreditation on food or facility
certifications issued to eligible entities.
A food or facility certification issued by
an accredited third-party certification
body prior to issuance of the denial of
its renewal application will remain in
effect until the certification expires. If
FDA has reason to believe that a
certification issued for purposes of
section 801(q) or 806 of the FD&C Act
is not valid or reliable, FDA may refuse
to consider the certification in
determining the admissibility of the
article of food for which the certification
was offered or in determining the
importer’s eligibility for participation in
VQIP.
(h) Public notice of denial of renewal
of direct accreditation. FDA will
provide notice on the Web site
described in § 1.690 of the issuance of
a denial of renewal application for
direct accreditation under this subpart.
§ 1.672 What is the duration of direct
accreditation?
FDA will grant direct accreditation of
a third-party certification body for a
period not to exceed 4 years.
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
Requirements for Eligible Entities
Under This Subpart
§ 1.691 How do I request reconsideration
of a denial by FDA of an application or a
waiver request?
§ 1.680 How and when will FDA monitor
eligible entities?
(a) An accreditation body may seek
reconsideration of the denial of an
application for recognition, renewal of
recognition, or reinstatement of
recognition no later than 10 business
days after the date of the issuance of
such denial.
(b) A third-party certification body
may seek reconsideration of the denial
of an application for direct
accreditation, renewal of direct
accreditation, reaccreditation of directly
accredited third-party certification
body, a request for a waiver of the
conflict of interest requirement in
§ 1.650(b), or a waiver extension no later
than 10 business days after the date of
the issuance of such denial.
(c) A request to reconsider an
application or waiver request under
paragraph (a) or (b) of this section must
be signed by the requestor or by an
individual authorized to act on its
behalf in submitting the request for
reconsideration. The request must be
submitted electronically in English and
must comply with the procedures
described in the notice.
(d) After completing its review and
evaluation of the request for
reconsideration, FDA will notify the
requestor through the issuance of the
recognition, direct accreditation, or
waiver upon reconsideration or through
the issuance of a denial of the
application or waiver request under
paragraph (a) or (b) of this section upon
reconsideration.
FDA may, at any time, conduct an
onsite audit of an eligible entity that has
received food or facility certification
from an accredited third-party
certification body under this subpart.
Where FDA determines necessary or
appropriate, the unannounced audit
may be conducted with or without the
accredited third-party certification body
or the recognized accreditation body
(where applicable) present. An FDA
audit conducted under this section will
be conducted on an unannounced basis
and may be preceded by a request for a
30-day operating schedule.
§ 1.681 How frequently must eligible
entities be recertified?
An eligible entity seeking
recertification of a food or facility
certification under this subpart must
apply for recertification prior to the
expiration of its certification. For
certifications used in meeting the
requirements of section 801(q) or 806 of
the FD&C Act, FDA may require an
eligible entity to apply for recertification
at any time FDA determines appropriate
under such section.
General Requirements of This Subpart
§ 1.690 How will FDA make information
about recognized accreditation bodies and
accredited third-party certification bodies
available to the public?
FDA will place on its Web site a
registry of recognized accreditation
bodies and accredited third-party
certification bodies, including the name,
contact information, and scope and
duration of recognition or accreditation.
The registry may provide information
on third-party certification bodies
accredited by recognized accreditation
bodies through links to the Web sites of
such recognized accreditation bodies.
FDA will also place on its Web site a list
of accreditation bodies for which it has
denied renewal of recognition, for
which FDA has revoked recognition,
and that have relinquished their
recognition or have allowed their
recognition to expire. FDA will also
place in its Web site a list of
certification bodies whose renewal of
accreditation has been denied, for
which FDA has withdrawn
accreditation, and that have
relinquished their accreditations or have
allowed their accreditations to expire.
FDA will place on its Web site
determinations under § 1.670(a)(1) and
modifications of such determinations
under § 1.670(a)(2).
PO 00000
Frm 00098
Fmt 4701
Sfmt 4700
§ 1.692 How do I request internal agency
review of a denial of an application or
waiver request upon reconsideration?
(a) No later than 10 business days
after the date of issuance of a denial of
an application or waiver request upon
reconsideration under § 1.691, the
requestor may seek internal agency
review of such denial under
§ 10.75(c)(1) of this chapter.
(b) The request for internal agency
review under paragraph (a) of this
section must be signed by the requestor
or by an individual authorized to act on
its behalf in submitting the request for
internal review. The request must be
submitted electronically in English to
the address specified in the denial upon
reconsideration and must comply with
procedures it describes.
(c) Under § 10.75(d) of this chapter,
internal agency review of such denial
must be based on the information in the
administrative file, which will include
any supporting information submitted
under § 1.691(c).
E:\FR\FM\27NOR4.SGM
27NOR4
Federal Register / Vol. 80, No. 228 / Friday, November 27, 2015 / Rules and Regulations
(d) After completing the review and
evaluation of the administrative file,
FDA will notify the requestor of its
decision to overturn the denial and
grant the application or waiver request
through issuance of an application or
waiver request upon reconsideration or
to affirm the denial of the application or
waiver request upon reconsideration
through issuance of a denial of an
application or waiver request upon
reconsideration.
(e) Issuance by FDA of a denial of an
application or waiver request upon
reconsideration constitutes final agency
action under 5 U.S.C. 702.
mstockstill on DSK4VPTVN1PROD with RULES4
§ 1.693 How do I request a regulatory
hearing on a revocation of recognition or
withdrawal of accreditation?
(a) Request for hearing on revocation.
No later than 10 business days after the
date of issuance of a revocation of
recognition of an accreditation body
under § 1.634, an individual authorized
to act on the accreditation body’s behalf
may submit a request for a regulatory
hearing on the revocation under part 16
of this chapter. The issuance of
revocation issued under § 1.634 will
contain all of the elements required by
§ 16.22 of this chapter and will thereby
constitute the notice of an opportunity
for hearing under part 16 of this chapter.
(b) Request for hearing on withdrawal.
No later than 10 business days after the
date of issuance of a withdrawal of
accreditation of a third-party
certification body under § 1.664, an
individual authorized to act on the
third-party certification body’s behalf
may submit a request for a regulatory
hearing on the withdrawal under part 16
of this chapter. The issuance of
withdrawal under § 1.664 will contain
all of the elements required by § 16.22
of this chapter and will thereby
constitute the notice of opportunity of
hearing under part 16 of this chapter.
(c) Submission of request for
regulatory hearing. The request for a
regulatory hearing under paragraph (a)
or (b) of this section must be submitted
with a written appeal that responds to
the basis for the FDA decision, as
described in the issuance of revocation
or withdrawal, as appropriate, and
includes any supporting information
upon which the requestor is relying.
The request, appeal, and supporting
information must be submitted in
English to the address specified in the
notice and must comply with the
procedures it describes.
(d) Effect of submission of request on
FDA decision. The submission of a
request for a regulatory hearing under
VerDate Sep<11>2014
19:45 Nov 25, 2015
Jkt 238001
paragraph (a) or (b) of this section will
not operate to delay or stay the effect of
a decision by FDA to revoke recognition
of an accreditation body or to withdraw
accreditation of a third-party
certification body unless FDA
determines that a delay or a stay is in
the public interest.
(e) Presiding officer. The presiding
officer for a regulatory hearing for a
revocation or withdrawal under this
subpart will be designated after a
request for a regulatory hearing is
submitted to FDA.
(f) Denial of a request for regulatory
hearing. The presiding officer may deny
a request for regulatory hearing for a
revocation or withdrawal under
§ 16.26(a) of this chapter when no
genuine or substantial issue of fact has
been raised.
(g) Conduct of regulatory hearing. (1)
If the presiding officer grants a request
for a regulatory hearing for a revocation
or withdrawal, the hearing will be held
within 10 business days after the date
the request was filed or, if applicable,
within a timeframe agreed upon in
writing by requestor, the presiding
officer, and FDA.
(2) The presiding officer must conduct
the regulatory hearing for revocation or
withdrawal under part 16 of this
chapter, except that, under § 16.5(b) of
this chapter, such procedures apply
only to the extent that the procedures
are supplementary and do not conflict
with the procedures specified for
regulatory hearings under this subpart.
Accordingly, the following requirements
of part 16 are inapplicable to regulatory
hearings under this subpart: § 16.22
(Initiation of a regulatory hearing);
§ 16.24(e) (timing) and (f) (contents of
notice); § 16.40 (Commissioner);
§ 16.60(a) (public process); § 16.95(b)
(administrative decision and record for
decision); and § 16.119 (Reconsideration
and stay of action).
(3) A decision by the presiding officer
to affirm the revocation of recognition or
the withdrawal of accreditation is
considered a final agency action under
5 U.S.C. 702.
§ 1.694 Are electronic records created
under this subpart subject to the electronic
records requirements of part 11 of this
chapter?
Records that are established or
maintained to satisfy the requirements
of this subpart and that meet the
definition of electronic records in
§ 11.3(b)(6) of this chapter are exempt
from the requirements of part 11 of this
chapter. Records that satisfy the
requirements of this subpart, but that
PO 00000
Frm 00099
Fmt 4701
Sfmt 9990
74667
also are required under other applicable
statutory provisions or regulations,
remain subject to part 11 of this chapter.
§ 1.695 Are the records obtained by FDA
under this subpart subject to public
disclosure?
Records obtained by FDA under this
subpart are subject to the disclosure
requirements under part 20 of this
chapter.
PART 11—ELECTRONIC RECORDS;
ELECTRONIC SIGNATURES
3. The authority citation for 21 CFR
part 11 continues to read as follows:
■
Authority: 21 U.S.C. 321–393; 42 U.S.C.
262.
4. In § 11.1, add paragraph (m) to read
as follows:
■
§ 11.1
Scope.
*
*
*
*
*
(m) This part does not apply to
records required to be established or
maintained by subpart M of part 1 of
this chapter. Records that satisfy the
requirements of subpart M of part 1 of
this chapter, but that also are required
under other applicable statutory
provisions or regulations, remain
subject to this part.
PART 16—REGULATORY HEARING
BEFORE THE FOOD AND DRUG
ADMINISTRATION
5. The authority citation for 21 CFR
part 16 continues to read as follows:
■
Authority: 15 U.S.C. 1451–1461; 21 U.S.C.
141–149, 321–394, 467f, 679, 821, 1034; 28
U.S.C. 2112; 42 U.S.C. 201–262, 263b, 364.
6. In § 16.1(b)(2), add the following
entry in numerical order to read as
follows:
■
§ 16.1
Scope.
*
*
*
*
*
(b) * * *
(2) * * *
§§ 1.634 and 1.664, relating to
revocation of recognition of an
accreditation body and withdrawal of
accreditation of third-party certification
bodies that conduct food safety audits of
eligible entities in the food import
supply chain and issue food and facility
certifications.
*
*
*
*
*
Dated: October 30, 2015.
Leslie Kux,
Associate Commissioner for Policy.
[FR Doc. 2015–28160 Filed 11–13–15; 8:45 am]
BILLING CODE 4164–01–P
E:\FR\FM\27NOR4.SGM
27NOR4
]]>Agencies
[Federal Register Volume 80, Number 228 (Friday, November 27, 2015)]
[Rules and Regulations]
[Pages 74569-74667]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-28160]
[[Page 74569]]
Vol. 80
Friday,
No. 228
November 27, 2015
Part IV
Department of Health and Human Services
-----------------------------------------------------------------------
Food and Drug Administration
-----------------------------------------------------------------------
21 CFR Parts 1, 11, and 16
Accreditation of Third-Party Certification Bodies To Conduct Food
Safety Audits and To Issue Certifications; Final Rule
��Federal Register / Vol. 80 , No. 228 / Friday, November 27, 2015 /
Rules and Regulations��
[[Page 74570]]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Food and Drug Administration
21 CFR Parts 1, 11, and 16
[Docket No. FDA-2011-N-0146]
RIN 0910-AG66
Accreditation of Third-Party Certification Bodies To Conduct Food
Safety Audits and To Issue Certifications
AGENCY: Food and Drug Administration, HHS.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Food and Drug Administration (FDA or we) is adopting
regulations to provide for accreditation of third-party certification
bodies to conduct food safety audits of foreign food entities,
including registered foreign food facilities, and to issue food and
facility certifications, under the FDA Food Safety Modernization Act
(FSMA). These certifications will be required for participation in the
voluntary qualified importer program (VQIP) established under the
Federal Food, Drug, and Cosmetic Act (FD&C Act). In addition, when the
Agency has determined that an imported food is subject to certification
under FSMA, the Agency may require a certification under this rule as a
condition for admitting the food into the United States. FDA also
expects that these regulations will increase efficiency by reducing the
number of redundant food safety audits.
DATES: This rule is effective January 26, 2016.
FOR FURTHER INFORMATION CONTACT: Charlotte A. Christin, Office of Foods
and Veterinary Medicine, Food and Drug Administration, 10903 New
Hampshire Ave., Silver Spring, MD 20993, 301-796-7526.
SUPPLEMENTARY INFORMATION:
Table of Contents
Executive Summary
I. Introduction and Background
A. FDA Food Safety Modernization Act
B. Purpose of This Rulemaking
C. The Proposed Rule
D. Public Comments
II. Legal Authority
III. Comments on What Definitions Apply to This Subpart (Sec.
1.600)
A. Definitions, Generally
B. Assessment
C. Audit
D. Audit Agent
E. Consultative Audit
F. Eligible Entity
G. Facility
H. Facility Certification and Food Certification
I. Food
J. Food Safety Audit
K. Foreign Cooperative
L. Regulatory Audit
M. Self-Assessment
N. Third-Party Auditor
IV. Comments on Who Is Subject to This Subpart (Sec. 1.601)
A. Limiting the Scope of the Rule to Regulatory Audits and
Certifications
B. Exemption for Alcoholic Beverages
C. USDA Regulated Products
V. Comments on Recognition of Accreditation Bodies Under This
Subpart
A. Who is eligible to seek recognition? (Sec. 1.610)
B. What legal authority must an accreditation body have to
qualify for recognition? (Sec. 1.611)
C. What competency and capacity must an accreditation body have
to qualify for recognition? (Sec. 1.612)
D. What protections against conflicts of interest must an
accreditation body have to qualify for recognition? (Sec. 1.613)
E. What quality assurance procedures must an accreditation body
have to qualify for recognition? (Sec. 1.614)
F. What records procedures must an accreditation body have to
qualify for recognition? (Sec. 1.615)
VI. Comments on Requirements for Accreditation Bodies That Have Been
Recognized Under This Subpart
A. How must a recognized accreditation body evaluate third-party
certification bodies seeking accreditation? (Sec. 1.620)
B. How must a recognized accreditation body monitor the
performance of third-party certification bodies it accredited?
(Sec. 1.621)
C. How must a recognized accreditation body monitor its own
performance? (Sec. 1.622)
D. What reports and notifications must a recognized
accreditation body submit to FDA? (Sec. 1.623)
E. How must a recognized accreditation body protect against
conflicts of interest? (Sec. 1.624)
F. What records requirements must an accreditation body that has
been recognized meet? (Sec. 1.625)
VII. Comments on Procedures for Recognition of Accreditation Bodies
Under This Subpart
A. How do I apply to FDA for recognition or renewal of
recognition? (Sec. 1.630)
B. How will FDA review my application for recognition or for
renewal of recognition and what happens once FDA decides on my
application? (Sec. 1.631)
C. What is the duration of recognition? (Sec. 1.632)
D. How will FDA monitor recognized accreditation bodies? (Sec.
1.633)
E. When will FDA revoke recognition? (Sec. 1.634)
F. What if I want to voluntarily relinquish recognition or do
not want to renew recognition? (Sec. 1.635)
G. How do I request reinstatement of recognition? (Sec. 1.636)
VIII. Comments on Accreditation of Third-Party Certification Bodies
Under This Subpart
A. Who is eligible to seek accreditation? (Sec. 1.640)
B. What legal authority must a third-party certification body
have to qualify for accreditation? (Sec. 1.641)
C. What competency and capacity must a third-party certification
body have to qualify for accreditation? (Sec. 1.642)
D. What protections against conflicts of interest must a third-
party certification body have to qualify for accreditation? (Sec.
1.643)
E. What quality assurance procedures must a third-party
certification body have to qualify for accreditation? (Sec. 1.644)
F. What records procedures must a third-party certification body
have to qualify for accreditation? (Sec. 1.645)
IX. Comments on Requirements for Third-Party Certification Bodies
That Have Been Accredited Under This Subpart
A. How must an accredited third-party certification body ensure
its audit agents are competent and objective? (Sec. 1.650)
B. How must an accredited third-party certification body conduct
a food safety audit of an eligible entity? (Sec. 1.651)
C. What must an accredited third-party certification body
include in food safety audit reports? (Sec. 1.652)
D. What must an accredited third-party certification body do
when issuing food or facility certifications? (Sec. 1.653)
E. When must an accredited third-party certification body
monitor an eligible entity that it has issued a food or facility
certification? (Sec. 1.654)
F. How must an accredited third-party certification body monitor
its own performance? (Sec. 1.655)
G. What reports and notifications must an accredited third-party
certification body submit? (Sec. 1.656)
H. How must an accredited third-party certification body protect
against conflicts of interest? (Sec. 1.657)
I. What records requirements must a third-party certification
body that has been accredited meet? (Sec. 1.658)
X. Comments on Procedures for Accreditation of Third-Party
Certification Bodies Under This Subpart
A. Where do I apply for accreditation or renewal of
accreditation by a recognized accreditation body and what happens
once the recognized accreditation body decides on my application?
(Sec. 1.660)
B. What is the duration of accreditation by a recognized
accreditation body? (Sec. 1.661)
C. How will FDA monitor accredited third-party certification
bodies? (Sec. 1.662)
D. How do I request an FDA waiver or waiver extension for the
13-month limit for audit agents conducting regulatory audits? (Sec.
1.663)
E. When would FDA withdraw accreditation? (Sec. 1.664)
F. What if I want to voluntarily relinquish accreditation or do
not want to renew accreditation? (Sec. 1.665)
G. How do I request reaccreditation? (Sec. 1.666)
[[Page 74571]]
XI. Comments on Additional Procedures for Direct Accreditation of
Third-Party Certification Bodies Under This Subpart
A. How do I apply to FDA for direct accreditation or renewal of
direct accreditation? (Sec. 1.670)
B. How will FDA review my application for direct accreditation
or renewal of direct accreditation and what happens once FDA decides
on my application? (Sec. 1.671)
C. What is the duration of direct accreditation? (Sec. 1.672)
XII. Comments on Requirements for Eligible Entities Under This
Subpart
A. How and when will FDA monitor eligible entities? (Sec.
1.680)
B. How frequently must eligible entities be recertified? (Sec.
1.681)
XIII. Comments on General Requirements of This Subpart
A. How will FDA make information about recognized accreditation
bodies and accredited third-party certification bodies available to
the public? (Sec. 1.690)
B. How do I request reconsideration of a denial by FDA of an
application or a waiver request? (Sec. 1.691)
C. How do I request internal agency review of a denial of an
application or waiver request upon reconsideration? (Sec. 1.692)
D. How do I request a regulatory hearing on a revocation of
recognition or withdrawal of accreditation? (Sec. 1.693)
E. Are electronic records created under this subpart subject to
the electronic records requirements of part 11? (Sec. 1.694)
F. Are the records obtained by FDA under this subpart subject to
public disclosure? (Sec. 1.695)
G. May importers use reports of regulatory audits by accredited
certification bodies for purposes of subpart L of this part? (Sec.
1.698)
XIV. Editorial and Conforming Changes
XV. Executive Order 13175
XVI. Analysis of Economic Impact
XVII. Paperwork Reduction Act of 1995
XVIII. Analysis of Environmental Impact
XIX. Federalism
XX. References
Executive Summary
Purpose and Coverage of the Final Rule
This rule is part of FDA's implementation of FSMA, which intends to
better protect public health by, among other things, adopting a modern,
preventive, and risk-based approach to food safety regulation. In this
document, we establish a program for accreditation of third-party
certification bodies \1\ to conduct food safety audits and issue
certifications of foreign food facilities and foods for humans and
animals for purposes of sections 801(q) and 806 of the FD&C Act. We are
also codifying certain limited exemptions to mandatory import
certification under 801(q) of the FD&C Act (21 U.S.C. 381).
---------------------------------------------------------------------------
\1\ As explained more fully in Response 1, in response to
comments and for clarity, this final rule uses the term ``third-
party certification body'' rather than either the term ``third-party
auditor'' or the term, ``third party auditor/certification body''
(except that we will use the term ``third-party auditor'' in the
definitions of ``accredited third-party certification body'' and
``third-party certification body'' in 21 CFR 1.600(c) and in the
preamble discussion of those definitions in section III.A).
---------------------------------------------------------------------------
FSMA added section 808 to the FD&C Act (21 U.S.C. 384d), which
directs FDA to establish a new program for accreditation of third-party
certification bodies to conduct food safety audits and to certify that
eligible foreign entities (including registered foreign food
facilities) and food produced by such entities meet applicable FDA
requirements for purposes of sections 801(q) and 806 of the FD&C Act.
This rulemaking implements section 808 of the FD&C Act; we will
recognize accreditation bodies to accredit third-party certification
bodies, except for limited circumstances in which we may directly
accredit third-party certification bodies.
FSMA specifies two uses for the food and facility certifications
issued by accredited third-party certification bodies under this
program. First, facility certifications will be used by importers to
establish eligibility for VQIP under section 806 of the FD&C Act (21
U.S.C. 384b(a)). VQIP offers participating importers expedited review
and entry of food that is part of VQIP. One condition of participation
is importation of food from facilities audited and certified by third-
party certification bodies accredited under this subpart. FDA issued
draft guidance on VQIP on June 5, 2015 (80 FR 32136); the draft
guidance may be accessed at https://www.fda.gov/downloads/Food/GuidanceRegulation/GuidanceDocumentsRegulatoryInformation/UCM448558.pdf.
Second, section 801(q) of the FD&C Act gives FDA the authority to
make a risk-based determination to require, as a condition of
admissibility, that a food imported or offered for import into the
United States be accompanied by a certification or other assurance that
the food meets the applicable requirements of the FD&C Act. The
authority to mandate import certification for food, based on risk, is
one of the tools we can use to help prevent potentially harmful food
from reaching U.S. consumers. When FDA has determined that a food
import is subject to such certification under section 801(q) of the
FD&C Act, FDA will require, as a condition of entry, a certification
issued either by an accredited third-party certification body under
this rule or by an agency or representative of the government of the
country from which the food at issue originated, as designated by FDA.
In addition, facilities and importers may choose to use onsite
audits conducted by third-party certification bodies accredited under
the program set out in this rule in connection with meeting supplier
verification requirements under FDA's final rules for Current Good
Manufacturing Practice and Hazard Analysis and Risk-Based Preventive
Controls for Human Food (final human preventive controls regulation)
(80 FR55907, September 17, 2015); Current Good Manufacturing Practice
and Hazard Analysis and Risk-Based Preventive Controls for Food for
Animals (final animal preventive controls regulation) (80 FR 56169,
September 17, 2015); and the Foreign Supplier Verification Programs
(FSVP) for Importers of Food for Humans and Animals (published
elsewhere in this edition of the Federal Register) (implementing
sections 418 and 805 of the FD&C Act, respectively). Under those rules,
in circumstances where an onsite audit is the appropriate supplier
verification activity, such audit must be conducted by a ``qualified
auditor.'' The definitions of ``qualified auditor'' in those rules make
clear that an example of a potential qualified auditor includes, but is
not limited to, an audit agent of a certification body that has been
accredited in accordance with regulations in part 1, subpart M of this
chapter (i.e., this rule implementing section 808 of the FD&C Act).
Summary of Major Provisions of the Final Rule
This rule establishes the framework, procedures, and requirements
for accreditation bodies and third-party certification bodies for
purposes of section 808 of the FD&C Act. The rule sets requirements for
the legal authority, competency, capacity, conflict of interest
safeguards, quality assurance, and records procedures that
accreditation bodies must demonstrate to be eligible for recognition.
Accreditation bodies also must demonstrate capability to meet the FDA
requirements that would apply upon recognition. Additionally, the rule
establishes requirements for the legal authority, competency, capacity,
conflict of interest safeguards, quality assurance, and records
procedures that third-party certification bodies must demonstrate to be
eligible for accreditation. Third-party certification bodies also must
demonstrate capability to meet the applicable requirements of the rule
that would apply upon accreditation.
Pursuant to FSMA section 307 (21 U.S.C. 384d), the rule requires
accredited third-party certification
[[Page 74572]]
bodies to perform unannounced facility audits, to notify FDA upon
discovering a condition that could cause or contribute to a serious
risk to the public health, and to submit to FDA reports of regulatory
audits conducted for certification purposes. The rule includes
stringent requirements to prevent conflicts of interest from
influencing the decisions of recognized accreditation bodies and
accredited third-party certification bodies. The rule does not,
however, establish the audit criteria that accredited third-party
certification bodies will use in examining eligible entities for
compliance with the applicable food safety requirements of the FD&C Act
and FDA regulations, because those criteria appear elsewhere in FDA
regulations and the FD&C Act.
Costs and Benefits
Costs of the Third-Party final rule include compliance costs of
accreditation bodies and certification bodies that choose to
participate in our third-party program, and user fees imposed by FDA on
accreditation bodies and certification bodies for application review
and monitoring of program participants.
Table 1--Summary User Fee, Compliance, Undiscounted and Annualized Costs of the Third-Party (TP) Program per
Participant
----------------------------------------------------------------------------------------------------------------
Audited by
----------------------------------------
Certification
Eligible entity bodies (CBs) Total
currently CBs not accredited
accredited under under any program
other programs
----------------------------------------------------------------------------------------------------------------
SCENARIO 1
----------------------------------------------------------------------------------------------------------------
Number of section 801(q) Entities................... 10 65 75
Cost of Compliance with Program Requirements (TP $694 $2,569 ..................
Compliance Cost)...................................
Section 801(q) Compliance Cost...................... $6,940 $166,985 $173,925
Number of section 806 Entities...................... 145 971 1,116
TP Compliance Cost.................................. $694 $2,569 ..................
Section 806 Compliance Cost......................... $100,630 $2,494,499 $2,595,129
-----------------------------------------------------------
Total TP Compliance Cost--Scenario 1............ .................. .................. $2,769,054
----------------------------------------------------------------------------------------------------------------
SCENARIO 2
----------------------------------------------------------------------------------------------------------------
Number of section 801(q) Entities................... 10 65 75
TP Compliance Cost.................................. $322 $2,197 ..................
Section 801(q) Compliance Cost...................... $3,220 $142,805 $146,025
Number of Sec. 806 Entities....................... 459 3,068 3,527
TP Compliance Cost.................................. $322 $2,197 ..................
Section 806 Compliance Cost......................... $147,798 $6,740,396 $6,888,194
-----------------------------------------------------------
Total TP Compliance Cost--Scenario 2............ .................. .................. $7,034,219
----------------------------------------------------------------------------------------------------------------
SCENARIO 3
----------------------------------------------------------------------------------------------------------------
Number of section 801(q) Entities................... 10 65 75
TP Compliance Cost.................................. $227 $2,102 ..................
Section 801(q) Compliance Cost...................... $2,270 $136,630 $138,900
Number of section 806 Entities...................... 801 5,359 6,160
TP Compliance Cost.................................. $227 $2,102 ..................
Section 806 Compliance Cost......................... $181,827 $11,264,618 $11,446,445
-----------------------------------------------------------
Total TP Compliance Cost--Scenario 3............ .................. .................. $11,585,345
----------------------------------------------------------------------------------------------------------------
The costs that accreditation bodies and certification bodies incur
in complying with the regulation are necessarily less than the private
benefits they accrue by becoming recognized or accredited,
respectively. Through the third-party accreditation program more
effective regulatory oversight is achieved. FDA will recoup resources
in managing its third-party accreditation program through user fees
that FDA intends to impose on participating accreditation bodies and
third-party certification bodies.
I. Introduction and Background
A. FDA Food Safety Modernization Act
FSMA (Pub. L. 111-353), signed into law by President Obama on
January 4, 2011, is intended to allow FDA to better protect public
health by helping to ensure the safety and security of the food supply.
FSMA enables us to focus more on preventing food safety problems rather
than relying primarily on reacting to problems after they occur. The
law also provides new enforcement authorities to help achieve higher
rates of compliance with risk-based, prevention-oriented safety
standards and to better respond to and contain problems when they do
occur. In addition, the law contains important new tools to better
ensure the safety of imported foods and encourages partnerships with
State, local, tribal, and territorial authorities and international
collaborations with foreign regulatory counterparts. A top priority for
FDA are those FSMA-required regulations that provide the framework for
industry's implementation of preventive controls and enhance our
ability to oversee their implementation for both domestic and imported
food. To that end, we proposed the seven foundational rules listed in
table 2 and
[[Page 74573]]
requested comments on all aspects of these proposed rules.
Table 2--Published Foundational Proposed Rules for Implementation of FSMA
----------------------------------------------------------------------------------------------------------------
Title Abbreviation Publication
----------------------------------------------------------------------------------------------------------------
Current Good Manufacturing Practice 2013 proposed human 78 FR 3646, January 16, 2013.
and Hazard Analysis and Risk-Based preventive controls
Preventive Controls for Human Food. regulation.
Standards for the Growing, 2013 proposed produce 78 FR 3504, January 16, 2013.
Harvesting, Packing, and Holding of safety regulation.
Produce for Human Consumption.
Current Good Manufacturing Practice 2013 proposed animal 78 FR 64736, October 29, 2013.
and Hazard Analysis and Risk-Based preventive controls
Preventive Controls for Food for regulation.
Animals.
Foreign Supplier Verification 2013 proposed FSVP 78 FR 45730, July 29, 2013.
Programs (FSVP) for Importers of regulation.
Food for Humans and Animals.
Accreditation of Third-Party Auditors/ 2013 proposed third- 78 FR 45782, July 29, 2013.
Certification Bodies to Conduct Food party certification
Safety Audits and to Issue regulation (also
Certifications. referred to in this
document as the
proposed rule).
Focused Mitigation Strategies To 2013 proposed 78 FR 78014, December 24, 2013.
Protect Food Against Intentional intentional
Adulteration. adulteration
regulation.
Sanitary Transportation of Human and 2014 proposed sanitary 79 FR 7006, February 5, 2014.
Animal Food. transportation
regulation.
----------------------------------------------------------------------------------------------------------------
We also issued a supplemental notice of proposed rulemaking for the
rules listed in table 3 and requested comments on specific issues
identified in each supplemental notice of proposed rulemaking.
Table 3--Published Supplemental Notices of Proposed Rulemaking for the Foundational Rules for Implementation of
FSMA
----------------------------------------------------------------------------------------------------------------
Title Abbreviation Publication
----------------------------------------------------------------------------------------------------------------
Current Good Manufacturing Practice 2014 supplemental human 79 FR 58524, September 29, 2014.
and Hazard Analysis and Risk-Based preventive controls
Preventive Controls for Human Food. notice.
Standards for the Growing, 2014 supplemental 79 FR 58434, September 29, 2014.
Harvesting, Packing, and Holding of produce safety notice.
Produce for Human Consumption.
Current Good Manufacturing Practice 2014 supplemental 79 FR 58476, September 29, 2014.
and Hazard Analysis and Risk-Based animal preventive
Preventive Controls for Food for controls notice.
Animals.
FSVP for Importers of Food for Humans 2014 supplemental FSVP 79 FR 58574, September 29, 2014.
and Animals. notice.
----------------------------------------------------------------------------------------------------------------
We finalized two of the foundational rulemakings listed in table 4
in September 2015.
Table 4--Published Foundational Final Rules for Implementation of FSMA
----------------------------------------------------------------------------------------------------------------
Title Abbreviation Publication
----------------------------------------------------------------------------------------------------------------
Current Good Manufacturing Practice final human preventive 80 FR 55908, September 17, 2015.
and Hazard Analysis and Risk-Based controls regulation.
Preventive Controls for Human Food.
Current Good Manufacturing Practice final animal preventive 80 FR 56170, September 17, 2015.
and Hazard Analysis and Risk-Based controls regulation.
Preventive Controls for Food for
Animals.
----------------------------------------------------------------------------------------------------------------
As FDA finalizes these seven foundational rulemakings, we are
putting in place a modern, risk-based framework for food safety that is
based on the most recent science, that focuses efforts where the
hazards are reasonably likely to occur, and that is flexible and
practical given our current knowledge of food safety practices. To
achieve this, FDA has engaged in a significant amount of outreach to
the stakeholder community to find the right balance between flexibility
and accountability in these regulations.
After FSMA was enacted in 2011, we have been involved in
approximately 600 stakeholder engagements on FSMA and the proposed
rules, including public meetings, webinars, listening sessions, farm
tours, and extensive presentations and meetings with various
stakeholder groups (Refs. 1, 2, 3). As a result of this stakeholder
dialogue, FDA decided to issue the four supplemental notices of
proposed rulemaking to share our current thinking on key issues and get
additional stakeholder input on those issues. As we move forward into
the next phase of FSMA implementation, we intend to continue this
dialogue and collaboration with our stakeholders, through guidance,
education, training, and assistance, to ensure that stakeholders
understand and engage in their respective roles in food safety. FDA
believes these seven foundational final rules, when implemented, will
affect the paradigm shift toward prevention that was envisioned in FSMA
and be a major step forward for food safety that will help protect
consumers into the future.
[[Page 74574]]
B. Purpose of This Rulemaking
FSMA added section 808 to the FD&C Act which directs FDA to
establish a new voluntary program for accreditation of third-party
certification bodies to conduct food safety audits and to issue food
and facility certifications to eligible foreign entities (including
registered foreign food facilities) that meet our applicable
requirements for purposes of sections 801(q) and 806 of the FD&C Act.
This rulemaking implements section 808 of the FD&C Act; we will
recognize accreditation bodies to accredit third-party certification
bodies, except for limited circumstances in which we may directly
accredit third-party certification bodies.
FSMA specifies two uses for the food and facility certifications
issued by accredited third-party certification bodies under this
program. First, facility certifications will be used by importers to
establish eligibility for VQIP under section 806 of the FD&C Act. VQIP
offers participating importers expedited review and importation for
food from facilities audited and certified by third-party certification
bodies accredited under this subpart. FDA issued draft guidance on VQIP
on June 5, 2015 (80 FR 32136); the draft guidance may be accessed at
https://www.fda.gov/downloads/Food/GuidanceRegulation/GuidanceDocumentsRegulatoryInformation/UCM448558.pdf.
Second, section 801(q) of the FD&C Act gives FDA the authority to
make a risk-based determination to require, as a condition of
admissibility, that a food imported or offered for import into the
United States be accompanied by a certification or other assurance that
the food meets the applicable requirements of the FD&C Act. The
authority to mandate import certification for food, based on risk, is
one of the tools we can use to help prevent potentially harmful food
from reaching U.S. consumers. When FDA has determined that a food
import is subject to such certification under section 801(q) of the
FD&C Act, FDA will require, as a condition of entry, a certification
issued either by an accredited third-party certification body under
this rule or by an agency or representative of the government of the
country from which the food at issue originated, as designated by FDA.
This final rule will help FDA ensure the competence and
independence of third-party certification bodies who are accredited to
conduct foreign food safety audits to examine compliance with the
applicable food safety requirements of the FD&C Act and FDA
regulations, among other things. The document also will help ensure the
validity and reliability of certifications offered to FDA for purposes
of VQIP eligibility under section 806 of the FD&C Act and admissibility
of an imported food subject to an FDA risk determination under section
801(q) of the FD&C Act.
The third-party certification program is part of FSMA's paradigm
shift toward a modern, preventive, and risk-based approach to food
safety regulation and new programs to facilitate global trade in safe
food. Specifically, FSMA requires FDA to issue new preventive controls
and produce safety standards that apply to domestic and foreign
processors and producers. In addition, FSMA directs FDA to issue an
FSVP regulation requiring importers to implement FSVPs that provide
adequate assurances that their foreign suppliers produce food that is
in compliance with processes and procedures, including risk-based
preventive controls, that provide the same level of public health
protection as those required under section 418 (concerning hazard
analysis and preventive controls) or 419 (concerning produce safety) of
the FD&C Act, as appropriate, and that is in compliance with sections
402 (concerning adulteration) and 403(w) (concerning misbranding
regarding allergen labeling) of the FD&C Act. We emphasize that
facilities and importers are not required to use third-party
certification bodies accredited under this rule in meeting their
supplier verification requirements under the final human or animal
preventive controls or FSVP regulations. See section XIII.G.
By contrast, the third-party certification program established
under section 808 of the FD&C Act focuses on food safety audits to
certify that eligible foreign entities and the food produced by such
entities meet applicable FDA requirements for purposes of sections
801(q) and 806 of the FD&C Act. Although importers must obtain facility
certifications from accredited third-party certification bodies under
this rule in order to be eligible for VQIP, we note that importers
seeking to satisfy a requirement for certification as a condition of
admissibility for an article of food under section 801(q) of the FD&C
Act may offer a certification issued either by foreign governments
designated by FDA to issue such certifications or by third-party
certification bodies accredited under this rule.
Through FSMA we are transforming our role in the global food safety
system, by building ever stronger partnerships with our foreign
regulatory counterparts and by exploring opportunities to leverage
private food safety activities to benefit of our system of public food
safety assurances. We value the role that private audits can play in
enhancing food safety when done properly, and we share common purpose
with the food industry in ensuring the rigor and objectivity of those
audits.
The final rule on accreditation of third-party certification bodies
reflects the results of significant stakeholder engagement to help
ensure that the rule achieves its public health goal, reflects industry
best practices, and strikes the right balance between flexibility and
accountability.
C. The Proposed Rule
FDA published a proposed rule for ``Accreditation of Third-Party
Auditors/Certification Bodies to Conduct Food Safety Audits and to
Issue Certifications'' (the proposed rule) on July 29, 2013. The
proposed rule included eligibility requirements for accreditation
bodies to qualify for recognition and requirements that accreditation
bodies choosing to participate in the FDA program must meet, once
recognized. We also proposed eligibility requirements for third-party
certification bodies to qualify for accreditation and requirements that
third-party certification bodies choosing to participate in the FDA
program must meet, once accredited. We intended the proposed
requirements to ensure the competency and independence of the
accreditation bodies and third-party certification bodies participating
in the program.
We also proposed procedures for recognition and accreditation, as
well as requirements relating to monitoring and oversight of
participating accreditation bodies and third-party certification
bodies. These included procedures that we would follow when removing a
third-party certification body or an accreditation body from the
program. Further, we proposed requirements relating to auditing and
certification of foreign eligible entities under the program, and for
notifying us of conditions in an audited facility that could cause or
contribute to a serious risk to the public health. In response to
several requests, we extended the proposed rule comment period until
January 27, 2014.
D. Public Comments
We received over 150 comments from accreditation bodies,
certification bodies, members of the food industry, industry
associations, foreign governments, State governments, public health
organizations, public advocacy
[[Page 74575]]
groups, individual consumers, consumer groups, and others. Some
submissions included signatures and statements from multiple
individuals. Taken as a whole, the comments address virtually every
provision of the proposed rule. In the remainder of this document, we
describe the comments that are within the scope of this rulemaking,
respond to them, and explain any revisions we made from the proposed
rule.
A number of comments focus on the overarching issues of: (1)
Alignment with voluntary consensus standards; (2) the use of private
food safety schemes; (3) the relationship between the third-party
certification program, foreign competent authorities, and FDA's
international activities; and (4) the possible implications of the lack
of qualified auditors on the third-party certification program. We
address these comments generally below.
We received several comments on the overarching issue of the use of
voluntary international consensus standards issued by the International
Organization for Standardization (ISO) and the International
Electrotechnical Commission (IEC), including the following ISO/IEC
standards: ISO/IEC 17000:2004 Conformity assessment--Vocabulary and
general principles (ISO/IEC 17000:2004) (Ref. 4); ISO/IEC 17011:2004,
Conformity assessment--General requirements for accreditation bodies
accrediting conformity assessment bodies (ISO/IEC 17011:2004) (Ref. 5);
ISO/IEC 17021:2011, Conformity assessment--Requirements for bodies
providing audit and certification of management systems (ISO/IEC
17021:2011) (Ref. 6); ISO/IEC 17065:2012, Conformity assessment--
Requirements for bodies certifying products, processes and services
(ISO/IEC 17065:2012) (Ref. 7); and ISO/IEC 19011:2011, Guidelines for
auditing management systems (ISO/IEC 19011:2011) (Ref. 8).
Some comments support the approach to ISO/IEC standards that we
used when developing the proposed rule; some comments state that the
process for developing these standards makes them unbiased. Other
comments suggest we should place greater reliance on ISO/IEC standards,
including some comments asserting that we should incorporate ISO/IEC
standards by reference into the final rule. These comments encourage us
to follow the example of a proposed rule issued by the Environmental
Protection Agency and entitled, ``Formaldehyde; Third-Party
Certification Framework for the Formaldehyde Standards for Composite
Wood Products'' (78 FR 34795, June 10, 2013), which proposed to
incorporate by reference certain international standards. These
comments assert that by placing greater reliance on ISO standards, we
could allow ISO's broader oversight program to complement FDA's
management of these bodies.
Implementation of section 808 of the FD&C Act occurs against the
backdrop of the broader Federal policies on consensus standards and
conformity assessment under the National Technology Transfer and
Advancement Act of 1995 (NTTAA) (Pub. L. 104-113). The NTTAA, together
with the Office of Management and Budget (OMB) Circular A-119, revised
February 10, 1998 (63 FR 8546, February 19, 1998), directs Federal
Agencies to use voluntary consensus standards in lieu of government-
unique standards except where inconsistent with law or otherwise
impractical. OMB Circular A-119 states that the use of voluntary
standards, whenever practicable and appropriate, is intended to
eliminate the cost to government of developing its own standards and
decrease the cost of goods procured and the burden of complying with
Agency regulation; provide incentives and opportunities to establish
standards that serve national needs; encourage long-term growth for
U.S. enterprises and promote efficiency and economic competition
through harmonization of standards; and further the policy of reliance
upon the private sector to supply government needs for goods and
services.
As directed by OMB in Circular A-119, the National Institute of
Standards and Technology (NIST), in the Federal Register of August 10,
2000 (65 FR 48894), issued policy guidance on Federal conformity
assessment activities (defined as activities concerned with determining
directly or indirectly that requirements for products, services,
systems, and organizations are fulfilled) (15 CFR 287.2). The Federal
conformity assessment guidance is codified at 15 CFR part 287 and
applies to all Federal Agencies that set policy for, manage, operate,
or use conformity assessment activities or results, domestically and
internationally (except for activities conducted pursuant to treaties)
and is intended to eliminate unnecessary duplication and complexity in
conformity assessment requirements. (We note that OMB has announced it
is currently revising Circular A-119, and NIST is revising the Federal
conformity assessment guidance.)
We agree with comments on the value of promoting international
consistency and tapping into an existing framework of consensus
standards that is familiar to industry, which may make it easier for
accreditation bodies, third-party certification bodies, and eligible
entities to comply with this rule. Therefore, we are revising the rule
to allow for accreditation bodies and third-party certification bodies
to use documentation of their conformance with ISO/IEC standards in
meeting the program requirements under this rule, supplemented as
necessary. We are not, however, incorporating these standards by
reference into the rule as further discussed in our responses to
comments in sections III. to XIII., except that we are not further
responding to comments citing specific requirements of ISO/IEC Guide
65:1996, Conformity assessment--Requirements for bodies providing audit
and certification of management systems (ISO/IEC Guide 65:1996) (Ref.
9) in sections III. to XIII., because that standard has been withdrawn
and replaced by ISO/IEC 17065:2012 (Ref. 7) in September 2015. Comments
referring to ISO/IEC 17020:2012, Conformity assessment--Requirements
for the operation of various types of bodies performing inspection
(ISO/IEC 17020:2012) (Ref. 10) are outside the scope of this
rulemaking, because that standard relates to inspections and not the
auditing and certification activities that will be performed under this
rule. Therefore, we are not responding to comments citing to ISO/IEC
17020:2012, Conformity assessment--Requirements for the operation of
various types of bodies performing inspection (ISO/IEC 17020:2012)
(Ref. 10) in sections III. to XIII.
We also received several comments on the overarching issue of using
private food safety schemes as audit criteria for regulatory audits
conducted under the third-party certification program. Some comments
suggest that FDA should rely on private food safety schemes,
particularly those that have been benchmarked by the Global Food Safety
Initiative (GFSI), as the audit criteria for regulatory audits of
eligible entities under the third-party certification program. Other
comments suggest that FDA should establish requirements for
accreditation bodies and third-party certification bodies that are
similar to those required by GFSI, such as GFSI requirements relating
to accreditation under relevant ISO/IEC product certification or
management system standards.
By way of background, a group of international retailers
established GFSI in 2000 with the goal of reducing the need for
duplicative third-party audits by benchmarking private food safety
schemes against a harmonized set of
[[Page 74576]]
criteria for food safety and management systems (see 78 FR 45782 at
45788; July 29, 2013). Under current GFSI criteria, a food safety
scheme must have a commitment with one or more accreditation bodies for
certification bodies that operate in conformance with either the
product certification standard, ISO/IEC Guide 65, or the management
system standard, ISO/IEC 17021:2006 (supplemented by ISO/TS 22003).
GFSI describes these standards as having similar requirements for how a
certification body must operate--e.g., in addressing issues of
preventing conflict of interest, managing customer information,
properly qualifying personnel, auditor calibration, and many other
aspects involved with the certification process. However, as GFSI noted
in a 2011 White Paper (Ref. 11), there is a distinct difference between
the two. ISO 17021/ISO 22003 is not product specific. ISO/IEC Guide 65,
on the other hand, is concerned with verifying that particular products
or services meet specified requirements. The type and scope of GFSI
benchmarked scheme selected, determines the accreditation standard
which applies. The majority of GFSI recognized schemes fall under ISO/
IEC Guide 65 accreditation requirements, whereas only two currently
recognized schemes are management system schemes accredited to ISO
17021/ISO 22003.
Comments suggesting that we should rely on GFSI-benchmarked food
safety schemes or other private food safety schemes as the criteria for
certification under the third-party program are outside the scope of
this rulemaking. This rule establishes the framework for the third-
party certification program, and not the food safety standards that
accredited third-party certification bodies will use to determine an
eligible entity's compliance with the applicable food safety
requirements of the FD&C Act and FDA regulations. We are however
responding to relevant comments that address audit quality and auditor
competency, consistency, and capacity, including comments referencing
GFSI's work in these areas.
Other overarching comments ask how the FSMA third-party
certification program relates to the roles of foreign competent
authorities and to FDA's international activities. Some comments assert
that competent authorities should be allowed to participate in the
third-party certification program purely by administrative procedures
without a formal review process. Other comments suggest that government
agencies with both regulatory and trade promotion missions face
inherent conflicts of interest.
Some comments recommend that we should establish a different
structure for accrediting third-party certification bodies that already
have been approved by a foreign government accreditation body. Other
comments suggest that FDA should reserve the role of accreditation body
or third-party certification body for a national competent authority
that requests it. The comments argue that the responsibility for
monitoring the safety of food exports should remain with the national
competent authorities in each country.
Some comments ask whether a national competent authority has a role
in auditing and certification activities occurring in the country,
including in countries where an FDA foreign office is located. Other
comments ask whether the competent authority may perform other
activities in the third-party certification program, such as
authentication of audit information before it is submitted to FDA.
Still other comments suggest that FDA require accredited third-party
certification bodies to review correspondence between an audited
eligible entity and the competent authorities in the country where the
eligible entity is located.
Section 808 of the FD&C Act expressly provides for both public and
private accredited third-party certification bodies. Public
accreditation bodies and third-party certification bodies, as well as
private accreditation bodies and third-party certification bodies that
meet the eligibility requirements for recognition and accreditation
under section 808 of the FD&C Act and this rule are equally eligible to
participate in the third-party certification program. This includes
government accreditation bodies and certification bodies in countries
where FDA has a foreign office, as well as government agencies with the
dual missions of food safety and trade promotion. We believe that both
public and private third-party certification bodies and accreditation
bodies are capable of exhibiting the competency, capacity, and
impartiality necessary to meet the letter and spirit of the law and
this regulation.
By becoming an accredited third-party certification body or a
recognized accreditation body, a competent authority for food safety or
a foreign accreditation body would establish a role in the third-party
certification program. Only if competent authorities are accredited
under this rule, may they issue food and facility certifications under
section 808 of the FD&C Act. (We note, however, that FDA may require
certifications from competent authorities under section 801(q) of the
FD&C Act for foods that FDA determines meet the criteria set forth in
that section (see 801(q)(3)(A) of the FD&C Act), regardless of whether
the competent authorities are accredited.) We acknowledge that the
third-party certification program that is the subject of this rule is
narrowly tailored and only a small piece of the much larger modernized,
prevention-oriented food safety system we are establishing under FSMA.
Broader FSMA activities are outside the scope of this rulemaking, as
are matters covered by FDA's information sharing arrangements with
foreign competent authorities.
We received other comments on the overarching issue of how the
third-party certification program fits into FDA's international
activities. Some comments assert that, for countries with a systems
recognition agreement with FDA, there should be no need for a (direct
or indirect) role for FDA in monitoring accredited third-party
certification bodies. Other comments encourage us to recognize their
national food safety system as equivalent to that of the United States.
The systems recognition initiative is a food safety regulatory
cooperation program that allows FDA to take into account the role of
food safety systems of exporting countries in our risk-based
decisionmaking. We are using systems recognition as a tool to determine
when we can rely on the implementation of science-based food safety
programs by foreign regulatory authorities and take action based on
information provided by such authorities.
We note that a competent authority with whom FDA has a systems
recognition agreement must apply for recognition to make accreditation
decisions and apply for accreditation to issue certifications under
section 808 of the FD&C Act. If the competent authority applies for
recognition or direct accreditation by FDA (assuming that the statutory
criteria have been met for FDA to begin direct accreditation), FDA's
review will be informed by the data, experiences, and insights into the
foreign system that FDA gained through the systems recognition review.
Except as described above, systems recognition activities are outside
the scope of this rulemaking, as are equivalency determinations.
We also received several overarching comments noting that the lack
of qualified food safety auditors is a problem in many countries. Some
comments suggest that we may face similar problems with the
availability of accredited third-party certification
[[Page 74577]]
bodies in our program. The comments assert that we should prioritize
the review of applications from foreign countries with significant
volumes of exports to the United States because of the cost and
inconvenience to foreign suppliers and the likely trade disruption that
would result if the only accredited third-party certification bodies
were located in other countries. Some comments predict that rapid
expansion in the field of food safety auditing may result in shortcuts
in auditing. Other comments contend that because of the limited
availability of qualified auditors we should adjust the timeframes for
accredited third-party certification bodies to submit information to
FDA under the regulations. The comments specifically request that we
lengthen the 45-day timeframe for submitting regulatory audit reports.
We acknowledge the concerns about cost, inconvenience, and
disruption resulting from auditor capacity issues. We are encouraging
broad program participation to minimize the likelihood that capacity
issues might emerge, because certifications issued by accredited third-
party certification bodies under this program are intended to
facilitate trade. The certifications are used in meeting the
eligibility requirements of VQIP for expedited entry of food under
section 806 of the FD&C Act and in satisfying a condition of
admissibility for a food subject an FDA determination under section
801(q) of the FD&C Act.
Revisions have been made to this rule made in response to comments,
such as allowing accreditation bodies and third-party certification
bodies to use documentation of their conformance with ISO/IEC standards
in support of their applications. We also are modifying our ``first in,
first out'' approach to processing applications, as comments request,
to allow for prioritizing specific applications and requests based on
program needs. We are unable to accommodate the request to lengthen the
timeframe for submission of regulatory audit reports to FDA, because
the 45-day deadline for submission is established in section
808(c)(3)(A) of the FD&C Act. Audit protocols and other requirements of
the rule are designed to prevent audit agents (auditors) and third-
party certification bodies from taking shortcuts that would jeopardize
audit results.
Some comments addressed the Model Accreditation Standards that FDA
is required to develop under section 808(b)(2) of the FD&C Act for use
in qualifying third-party certification bodies for accreditation. Some
of these comments suggest various criteria to be included in the model
standards. Other comments suggest the proposed rule was ambiguous with
respect to the form of, and manner by which, FDA will establish the
Model Accreditation Standards.
While the substance of the Model Accreditation Standards is outside
the scope of this rulemaking, we note that on July 24, 2015, FDA
published a draft guidance on Model Accreditation Standards. The draft
guidance can be accessed at: https://www.fda.gov/Food/GuidanceRegulation/GuidancevDocumentsRegulatoryInformation/ucm455328.htm. Additionally, a notice was published in the Federal
Register (80 FR 44137, July 24, 2015) of the availability of the draft
guidance and of the opening of a docket for public comments on the
document. As explained in the draft guidance, section 808(b)(2) of the
FD&C Act requires FDA to develop Model Accreditation Standards that
recognized accreditation bodies shall use to qualify third-party
certification bodies for accreditation, and in so doing, to look to
existing standards for certification bodies (as of the date of
enactment of FSMA) to avoid unnecessary duplication of efforts and
costs. The draft guidance contains FDA recommendations on third-party
certification body qualifications, including recommendations based on
relevant provisions in the proposed rule. This final rule will serve as
a framework for the Model Accreditation Standards final guidance, which
will include more detailed recommendations on third-party certification
body qualifications.
Some comments respond to our request for input on the question
about the value of, and possible need for, FDA to establish a program
for use of accredited third-party certification bodies to conduct
domestic food safety audits (78 FR 45782 at 45823). We received
comments on all sides, expressing various views. We are taking these
comments under advisement at this time, as the focus of this final rule
is on establishing and implementing the third-party certification
program set forth in section 808 of the FD&C Act.
Other comments addressed the substance of VQIP, import
certification, laboratory accreditation, and provisions in the proposed
FSVP rule and/or other FMSA rules that are outside the scope of this
rulemaking; accordingly we will not be responding to those comments
here. Other comments that fall outside the scope of this rulemaking,
and to which we will therefore not be responding, include comments on
the value of a universal, mandatory food safety system; comments
advocating for policies promoting locally grown produce; comments
addressing the information technology infrastructure needs of the
third-party certification program; comments suggesting the value of
student interns to the food safety system; and comments on factors
beyond the use of third-party audits that FDA should consider in
setting inspection priorities.
We also received a few comments concerning the rulemaking process.
Comments suggest that we devise a new process for regularly updating
the rule; they state that FDA has cumbersome requirements for modifying
rules. FDA's current rulemaking process is consistent with FDA's
obligations under the Administrative Procedure Act (5 U.S.C. 551-559).
II. Legal Authority
Section 307 of FSMA, Accreditation of Third-Party Auditors, amends
the FD&C Act to create a new provision, section 808, under the same
name. Section 808(b)(1)(A) of the FD&C Act requires us to establish a
system, within 2 years of the enactment of FSMA, for the recognition of
accreditation bodies that accredit third-party certification bodies to
conduct food safety audits and to issue certifications for eligible
foreign food entities and their products for purposes of sections
801(q) and 806 of the FD&C Act.
Section 808(c)(5)(C) of the FD&C Act directs us to issue
implementing regulations for section 808 of the FD&C Act. The
regulations must require audits to be unannounced and must contain
protections against conflicts of interest between accredited third-
party certification bodies (and their audit agents) and the entities
they audit or certify, including requirements on timing and public
disclosure of fees and appropriate limits on financial affiliations (21
U.S.C. 384d(c)(5)(C)(i), (ii), and (iii)).
This final rule establishes regulations implementing section 808 of
the FD&C Act. The authority for the requirements in this rule comes
primarily from section 808 of the FD&C Act. However, FDA also derives
authority for this final rule from other sections of the FD&C Act,
including section 701(a) of the FD&C Act (21 U.S.C. 371(a)), which
authorizes us to issue regulations for the efficient enforcement of the
FD&C Act. The regulations in this final rule ensure the competency and
independence of recognized accreditation bodies and of accredited
third-party certification bodies, which will help ensure the validity
and reliability of certifications and other information resulting from
the food safety audits conducted by
[[Page 74578]]
accredited third-party certification bodies. These features of the
final rule are essential to the operation of the third-party program.
This rule also is consistent with section 404 of FSMA (21 U.S.C. 2252),
which states that nothing in FSMA should be construed in a manner that
is inconsistent with the agreement establishing the World Trade
Organization or any other treaty or international agreement to which
the United States is a party.
This rule establishes requirements for accreditation bodies and
third-party certification bodies seeking recognition and accreditation,
respectively. These requirements will help ensure that any
accreditation bodies that we recognize, and any certification bodies
that are accredited, are capable of meeting all of the requirements of
this program. This includes requirements, for example, for legal
authority and competency and capacity. It also includes provisions for
the direct accreditation of third-party certification bodies by FDA in
accordance with section 808(b)(1)(A)(ii) of the FD&C Act. This rule
also establishes requirements for accreditation bodies that have been
recognized, and third-party certification bodies that have been
accredited. This includes requirements designed to decrease the
potential for conflicts of interest in accordance with section
808(c)(5)(C)(ii) of the FD&C Act. Additionally, this rule establishes
requirements for eligible entities that want to be certified under this
program. This includes requirements for onsite audits by FDA for the
purpose of monitoring in accordance with section 808(f)(3) of the FD&C
Act. Finally, this rule establishes general requirements related to the
operation of this program. These include requirements for requesting a
regulatory hearing on revocation of recognition or withdrawal of
accreditation.
Some of the requirements under this final rule are also
established, in part, under the authority in sections 806 and 801(q) of
the FD&C Act. Section 806 of the FD&C Act describes a voluntary program
to provide for the expedited review and importation of food offered for
importation from certified facilities (VQIP). Section 801(q) of the
FD&C Act gives FDA authority to require certifications for imported
food in certain situations. This final rule does not set up the
framework for participation in the program described under section 806
of the FD&C Act, nor does it describe the circumstances under which FDA
might require certification under section 801(q) of the FD&C Act.
However, this rule does describe circumstances under which FDA might
refuse to consider a certification issued under this program in
determining the admissibility of an article of food for which the
certification was offered under section 801(q) of the FD&C Act, or in
determining eligibility for participation in VQIP under section 806 of
the FD&C Act. Additionally, this rule creates limited exemptions from
the certification requirements of section 801(q) of the FD&C Act for
certain alcoholic beverages, including certain raw materials and
ingredients that are used to manufacture/process alcoholic beverages.
The exemptions are being promulgated consistent with section 116 of
FSMA (21 U.S.C. 2206). Section 116(a) of FSMA states that, except as
provided by certain listed sections in FSMA, nothing in FSMA, or the
amendments made by FSMA, will be construed to apply to a facility that:
(1) Under the Federal Alcohol Administration Act (27 U.S.C. 201 et
seq.) or chapter 51 of subtitle E of the Internal Revenue Code of 1986
(26 U.S.C. 5001 et seq.) is required to obtain a permit or to register
with the Secretary of the Treasury as a condition of doing business in
the United States and (2) under section 415 of the FD&C Act (21 U.S.C.
350d) is required to register as a facility because such facility is
engaged in manufacturing, processing, packing, or holding one or more
alcoholic beverages (with respect to the activities of such facility
that relate to the manufacturing, processing, packing, or holding of
alcoholic beverages). This rule also creates exemptions from the
certification requirements of section 801(q) of the FD&C Act for
products subject to the requirements of the U.S. Department of
Agriculture (USDA) under the Federal Meat Inspection Act (FMIA) (21
U.S.C. 601 et seq.), the Poultry Products Inspection Act (PPIA) (21
U.S.C. 451 et seq.), or the Egg Products Inspection Act (EPIA) (21
U.S.C. 1031 et seq.) at the time of importation. We conclude that this
provision is consistent with section 403 of FSMA, entitled ``Rule of
Construction,'' which states that nothing in FSMA shall be construed to
alter or limit the jurisdiction of the Secretary of the Department of
Agriculture.
III. Comments on What Definitions Apply to This Subpart (Sec. 1.600)
We proposed to codify definitions of several terms used in the
third-party certification regulations. We received several comments on
this section. As discussed in the following paragraphs, we have revised
many of the proposed definitions in response to comments as well as on
our own initiative. Where we disagree with comments or decline a
suggested revision, we offer an explanation in response. Some
definitions were finalized as proposed.
The definitions for terms used in the third-party certification
regulations are codified in 21 CFR 1.600.
A. Definitions, Generally
(Comment 1) Several comments encourage us to more closely align the
definitions in Sec. 1.600 with international standards to promote
consistency and common understanding of the rule. The comments explain
that the terms and definitions used in section 808 of the FD&C Act and
in the proposed rule convey a different meaning for accreditation
bodies, certification bodies, and the standards community. To that end,
some comments encourage us to avoid using the term ``third-party
auditor'' synonymously with ``certification body,'' to be consistent
with international standards, which use the term ``certification body''
(e.g., ISO/IEC 17065:2012 (Ref.7).
Similarly, some comments indicate that, the language of the statute
notwithstanding, it is not correct to use the term ``third-party
auditor'' when describing the activities of a ``third-party
certification body.'' The comments explain that auditors are
individuals contracted or employed by certification bodies to conduct
audits, and they urge us to clarify the rule by substituting
``certification body'' for ``third-party auditor.''
(Response 1) We agree that alignment with the terminology used in
international standards is preferable, wherever possible. Congress
recognized the value of international standards in accreditation and
certification, having instructed us in section 808(b)(2) of the FD&C
Act to look to existing standards in developing our model accreditation
standards to avoid unnecessary duplication of efforts and costs. We
believe it is particularly useful to rely on definitions and
terminology from international consensus standards when possible where,
as here, the rule is establishing a voluntary program with an
international focus. In addition, we agree that, notwithstanding the
use of the term ``third-party auditor'' in the statute, the use of the
term ``third-party certification body'' instead of the term ``third-
party auditor'' provides some clarity for purposes of referring to
bodies that employ or contract individuals to perform audits.
Therefore, in response to the comments suggesting the term ``third-
party auditor'' is confusing and inconsistent with international
standards, we are using the term ``third-party certification body'' in
the
[[Page 74579]]
remainder of the preamble and in the codified of this final rule,
except in the definitions of ``Accredited third-party certification
body'' and ``Third-party certification body'' in Sec. 1.600(c) and in
the preamble discussion of those definitions.
On our own initiative, we are including the descriptor ``third-
party'' before ``certification body'' throughout this final rule. We
did not use that descriptor in the proposed rule when referring to a
third-party auditor/certification body once accredited. We are doing so
now in order that the term accurately reflects that, under this
subpart, only third-party certification bodies are eligible for
accreditation. We are making corresponding changes to the term
``accredited auditor/certification body;'' and in this final rule we
will instead use the term, ``accredited third-party certification
body.''
Accordingly, we have revised the proposed definitions of
``accreditation,'' ``accreditation body,'' ``accredited auditor/
certification body,'' ``audit,'' ``audit agent,'' ``certification
body,'' ``direct accreditation,'' ``eligible entity,'' ``facility
certification,'' ``food certification,'' ``recognized accreditation
body,'' ``relinquishment,'' and ``self-assessment,'' to replace the
term ``third-party auditor'' with the term ``third-party certification
body,'' or ``third-party certification bodies,'' and to remove
``auditor/'' from in the term ``third-party auditor/certification
body'' or ``third-party auditors/certification bodies'' that was used
in the proposed rule.
On our own initiative, we added a sentence to the definition of
``accredited third-party certification body'' in Sec. 1.600 of this
final rule to explain that the term has the same meaning as
``accredited third-party auditor'' as defined in section 808(a)(4) of
the FD&C Act. Similarly, we added language to the definition of
``third-party certification body'' in Sec. 1.600 of this final rule
explaining that the term has the same meaning as ``third-party
auditor'' as defined in section 808(a)(3) of the FD&C Act.
(Comment 2) Some comments encourage us to make the definitions in
this rule consistent with the definitions in other FSMA proposed rules,
such as the 2013 proposed FSVP regulation, the 2013 proposed human
preventive controls regulation, the 2013 proposed animal preventive
controls regulation, and the 2012 proposed produce safety regulation,
where feasible.
(Response 2) We agree with the comments on the overarching goal of
alignment across regulations and accepted suggested revisions, where
feasible and appropriate. However, it is not always possible to develop
uniform definitions due to the distinct statutory requirements and the
framework of each program. In such cases where it was not feasible or
appropriate, we declined the suggested revisions from comments. We
discuss such comments and our responses under each relevant term.
B. Assessment
We did not define ``assessment'' in the proposed rule.
(Comment 3) Some comments recommend adding a definition of
``assessment'' based on ISO/IEC 17011:2004 (Ref. 5), clause 3.7, which
describes the process for evaluating certification bodies. The comments
explain that defining such evaluations as ``audits,'' as we had
proposed, is inconsistent with international standards. The comments
suggest consulting with other ISO/IEC standards for relevant
terminology.
(Response 3) We agree that the term ``assessment'' should be used,
in part, to refer to the activity undertaken to assess the competency
and capacity of a third-party certification body under the rule. We
reviewed ISO/IEC 17011:2004 (Ref. 5) (clause 3.7 and NOTE) and ISO/IEC
17000:2004 (Ref. 4), ISO/IEC 17040:2005 Conformity assessment--General
requirements for peer assessment of conformity assessment bodies and
accreditation bodies (ISO/IEC 17040:2005) (Ref. 12), and an
International Accreditation Forum (IAF) document entitled, ``IAF
Endorsed Normative Documents'' (Ref. 13).
After considering the comments and reviewing the referenced
documents, we developed a definition of ``assessment'' that describes,
with respect to accreditation bodies, the activity undertaken by FDA to
evaluate the competency and capacity of the accreditation body under
the applicable requirements of this rule. With respect to certification
bodies, ``assessment'' describes the activity undertaken by a
recognized accreditation body (or, in the case of direct accreditation,
FDA) to evaluate the competency and capacity of a certification body
under the applicable requirements of this rule. We also made
corresponding changes to the definition of ``audit'' from proposed
Sec. 1.600(c) by removing clauses (1) and (2).
C. Audit
We proposed a definition of ``audit'' describing the examination of
accreditation bodies, third-party certification bodies, and eligible
entities. We proposed to define an audit of an accreditation body as an
examination by FDA of the accreditation body's authority,
qualifications, resources, policies, procedures, and performance, as
well as of its capability to meet the requirements of the proposed
rule. We proposed to define an audit of a third-party certification
body as an examination by a recognized accreditation body (or, by FDA,
for direct accreditation) of the third-party certification body's
authority, qualifications, resources, policies, procedures, and
performance, as well as of its capability to meet the requirements of
the proposed rule. We proposed to define an audit of an eligible entity
as an examination by an accredited third-party certification body of
the eligible entity to assess the entity, its facility, system(s), and
food using audit criteria for consultative or regulatory audits, and,
for consultative audits, also including an assessment of compliance
with applicable industry standards and practices.
We received some comments on the proposed definition of ``audit,''
and the related definitions of ``consultative audit'' and ``regulatory
audit.'' Comments specific to the definition of ``consultative audit''
are discussed in section III.E., and comments on the definition of
``regulatory audit'' are discussed in section III.L. As described in
Response 3, we also removed clauses (1) and (2) from the proposed
definition of ``audit'' because those evaluations are ``assessments''
as the term is defined in Sec. 1.600(c).
On our own initiative, we are revising the definition of ``audit''
to clarify that an audit conducted under this subpart is not an
inspection under section 704 of the FD&C Act (21 U.S.C. 374).
(Comment 4) Several comments encourage us to align our definition
of audit with relevant international standards, and some comments
request that we use the definition of ``audit'' from the Codex
``Principles for Food Import and Export Inspection and Certification''
(CAC/GL 20-1995) (Ref. 14), which defines ``audit'' as a ``systematic
and functionally independent examination to determine whether
activities and related results comply with planned objectives.''
(Response 4) We agree with the general principle of creating
consistency with international standards and have revised the
definition of ``audit'' in Sec. 1.600(c) accordingly. Rather than
describing the determination of whether activities comply with
``planned objectives'' that appears in the Codex definition of
``audit'' (Ref. 14), we inserted a brief description of the objectives
of consultative and regulatory audits from the definitions in section
808(a)(5) and (7) of the FD&C Act (i.e.,
[[Page 74580]]
the examination of an eligible entity under this rule).
(Comment 5) Some comments encourage us to remove the proposed
definition of ``audit'' in Sec. 1.600(c) and substitute the FSVP
definition of ``audit'' instead, to promote consistency and a common
understanding of terminology.
(Response 5) We disagree. We believe that it is more important for
the definition in this rule to reflect international standards that are
generally well known to the parties subject to this rule than it is for
the definition to mirror the definition in FSVP, which has different
applicability. FSVP applies to importers; this rule applies to
accreditation bodies, third-party certification bodies, and eligible
entities. Therefore, we are rejecting the suggestion to use the FSVP
definition of ``audit'' as the definition of ``audit'' in Sec.
1.600(c).
(Comment 6) We received some comments on the definition of
``audit'' regarding its relationship to the related definitions of
``consultative audit'' and ``regulatory audit'' in Sec. 1.600(c). Some
comments recommend that we revise the definition of ``audit'' to mean
only regulatory audits, and not consultative audits, asserting that is
how the word ``audit'' is used in the statute. These comments contend
that the statute must be interpreted in light of the fact that section
808 of the FD&C Act is directed to food and facility certifications,
which are only accomplished through regulatory audits. Other comments
ask us to clarify that the services of an accredited third-party
certification body that fall short of the definition of an ``audit''
(e.g., informal consulting, continuous improvement programs, and
limited purpose audits) under this rule, are not subject to the
requirements of the rule.
(Response 6) We decline the suggestion to interpret section 808 of
the FD&C Act in a manner that would equate ``audit'' with ``regulatory
audit.'' Section 808 of the FD&C Act defines two types of audits used
under the program, consultative audits and regulatory audits, and
contains requirements relating to each. (See, e.g., section 808(a)(5),
(7), and (c)(3)(A) of the FD&C Act). In addition, section 808(c)(4)(B)
of the FD&C Act expressly allows an accredited third-party
certification body or an audit agent of such auditor to perform
consultative and regulatory audits of eligible entities.
To the extent that other comments suggest creating a list of
exceptions from the definition of ``audit'' in the codified for this
rule, we decline to do so. To the extent that these comments were
seeking clarification of the definition of ``consultative audit'' in
Sec. 1.600(c), and what types of activities might fall outside of that
definition as well as outside of this program, please see the
discussion in Response 9 in section III.E.
(Comment 7) Some comments express confusion about the criteria that
accredited third-party certification bodies will be using in conducting
audits under subpart M and ask us to more clearly describe the
``applicable requirements'' against which compliance will be evaluated.
Some comments are concerned that eligible entities might be audited
against requirements that do not apply to their operations. For
example, some comments note that firms subject to the final animal
preventive controls regulation should not be assessed for compliance
with the allergen cross contamination requirements of the final human
preventive controls regulation. Other comments ask us to clarify
whether the ``applicable requirements'' are limited to requirements
that appear in the FD&C Act or FDA regulations, or both.
(Response 7) During regulatory and consultative audits, accredited
third-party certification bodies will examine compliance with
applicable food safety requirements of the FD&C Act and FDA regulations
within the scope of the audit. In consultative audits, the third-party
certification bodies also may be conducting an examination to determine
conformance with applicable industry standards and practices.
The applicable requirements that accredited third-party
certification bodies and their audit agents will use relate to the food
safety standards under the FD&C Act, such as the adulterated food
provisions in section 402 of the FD&C Act and the provisions on the
misbranding of food allergens in section 403(w) of the FD&C Act. The
applicable requirements of the FD&C Act and FDA regulations would
depend on the type of eligible entity being audited. To use the example
given by one of the comments, an eligible entity that is subject to the
requirements of the final animal preventive controls regulation, but
not the final human preventive controls regulation, would not be
subject to an audit examining its practices relating to cross-
contamination by food allergens under the final human preventive
controls regulation because those are not ``applicable food safety
requirements'' for such an entity.
To help clarify this rule for eligible entities, third-party
certification bodies, and accreditation bodies who may be interested in
participating in the program and who may not yet be familiar with U.S.
laws and regulations, we are using the phrase ``applicable food safety
requirements of the FD&C Act and FDA regulations'' in place of the
phrase ``applicable requirements'' in the definition of ``audit'' in
Sec. 1.600(c) and elsewhere throughout the rule where we are
discussing the requirements that will be used in auditing eligible
entities.\2\
---------------------------------------------------------------------------
\2\ Although we have elected to cite to both the FD&C Act and
FDA regulations in this definition, we otherwise will follow the
conventional practice of using the words ``applicable requirements''
to refer the applicable requirements of the FD&C Act and FDA
regulations.
---------------------------------------------------------------------------
D. Audit Agent
We proposed to define an ``audit agent'' as an individual who is an
employee or other agent of an accredited third-party certification body
who, although not individually accredited, is qualified to conduct food
safety audits on behalf of an accredited third-party certification
body. Under the proposed rule we also defined an audit agent to include
a contractor of the accredited third-party certification body.
(Comment 8) Some comments express concern about our proposal to
allow a contractor of an accredited third-party certification body to
serve as an audit agent, asserting that ``[w]ith each step that is
further removed in this process, institutional control is lost
exponentially.'' The comments point out that a subcontractor conducted
the audit and gave a passing audit score to a cantaloupe farm and
packing facility that used ``improper and unsafe processing equipment''
and subsequently was linked to a deadly outbreak caused by Listeria
monocytogenes. Other comments mentioning the incident cite to an
article in Bloomberg News explaining that auditors often outsource to
independent contractors over whom they do not have direct management
control (Ref. 15). Still other comments offer the cantaloupe outbreak
as an example of why auditors must be competent and accountable for
their activities.
(Response 8) We understand that third-party certification bodies
currently work with individual auditors under many different types of
arrangements. We acknowledge concerns raised by comments about recent
outbreaks at some domestic facilities that had received satisfactory
scores in food safety audits. Further, we agree with the comments on
the importance of an accredited third-party certification body
exercising adequate control over an audit agent conducting audits on
its
[[Page 74581]]
behalf. We believe that principle is equally true whether the audit
agent is an employee or a contract auditor.
International standards, such as ISO/IEC 17021:2011 (Ref. 6),
specifically allow accredited third-party certification bodies to use
contractors to perform audits if certain conditions are met. Among
other conditions, contract auditors must meet the same level of
qualifications (e.g., knowledge, skills, and experience) and the same
requirements for impartiality and objectivity as do the auditors the
third-party certification body employs. The third-party certification
body must exercise adequate control and oversight over a contractor
such that the third-party certification body accepts the result of the
contractor's audit as its own.
When we proposed to define ``audit agent'' to include a contractor,
we were contemplating arrangements such as those described in ISO/IEC
17021:2011 (Ref. 6) that involve a direct relationship between the
accredited third-party certification body and its auditors. We are
revising the definition of ``audit agent'' to clarify that we are
excluding subcontractors and other types of outsourcing arrangements;
we have concluded that such arrangements fail to provide the degree of
control and oversight necessary for an accredited third-party
certification body to ensure that its audit agents are competent and
objective. An accredited third-party certification body exercises
direct supervision over the activities of its employees, and has a
direct relationship with a contractor; but the relationship between the
third-party certification body and a subcontractor or other type of
outsourced staff is attenuated--the third-party certification body may
not even choose such persons and may not have any direct authority over
them. We do not believe such diminished oversight is appropriate, given
the important role of audit agents in this program.
By revising the definition of ``audit agent'' we are not preventing
an accredited third-party certification body from subcontracting for
services in areas other than the conduct of audits. For example, an
accredited third-party certification body may use subcontractors or
other outsourcing arrangements to deliver annual training to its audit
agents under Sec. 1.650 or may use subcontractors or other outsourcing
arrangements to investigate and decide on appeals of adverse regulatory
audit results under Sec. 1.651. However, we are limiting the role of
``audit agent'' to employees and contractors of the accredited third-
party certification body.
E. Consultative Audit
We proposed to define a ``consultative audit'' as an audit of an
eligible entity: (1) To determine whether such entity is in compliance
with applicable requirements of the FD&C Act and industry standards and
practices and (2) the results of which are for internal purposes only
and cannot be used to determine eligibility for a food or facility
certification issued under this subpart or in meeting the requirements
for an onsite audit of a foreign supplier under subpart L of this part.
(Comment 9) We received several comments on the definition of
``consultative audit.'' Many comments express concern that the
definition of ``consultative audit'' is overly broad and that some of
the requirements that would apply to consultative audits under the
proposed rule might create a disincentive to using accredited third-
party certification bodies. Some comments urge FDA to remove all
requirements associated with consultative audits from the rule. Other
comments identify two requirements of particular concern: (1) Proposed
Sec. 1.656, requiring an accredited third-party certification body
conducting a consultative audit or regulatory audit under the rule to
notify FDA immediately upon discovering a condition that could cause or
contribute to a serious risk to public health (the notification
requirement) and (2) proposed Sec. 1.652, requiring an accredited
third-party certification body to provide FDA access to a consultative
audit report when the criteria for records access under section 414 of
the FD&C Act (21 U.S.C. 350c) are met (the records access requirement).
The comments explain that many firms use certification bodies (and/or
their consulting divisions) to help establish, maintain, and improve
their food safety practices. For example, some firms use certification
bodies (and/or their consulting divisions) to help in identifying root
causes and remediating food safety problems. Comments also note that
certification bodies (and/or their consulting divisions) provide
informal counseling, perform preliminary evaluations, limited purpose
audits, and activities in support of firms' continuous improvement
programs.
Comments express concern that if these types of activities are
subject to notification, records access, and other requirements of the
rule, firms located outside the United States might not use accredited
third-party certification bodies, instead choosing unaccredited third-
party certification bodies to avoid the requirements of this rule. The
comments assert that unaccredited third-party certification bodies are
less likely to have qualified auditors and their independence and
objectivity is less certain, than third-party certification bodies that
have been evaluated and issued accreditation.
Comments also argue that the definition of ``consultative audit,''
which states that the results of such an audit are ``for internal
purposes only,'' is inconsistent with the requirements for notification
and records access that would apply to consultative audits under the
proposed rule. Other comments ask us to clarify that audits conducted
for external purposes--for example, an audit for purposes of compliance
with FSVP--do not satisfy the definition of a consultative audit
because consultative audits are for internal purposes only.
Some comments suggest that the proposed definition of
``consultative audit,'' taken together with the proposed definitions of
``food safety audit'' and ``regulatory audit,'' could preclude third-
party certification bodies from conducting any audits that are outside
the scope of subpart M, once accredited. Based on that interpretation,
the comments predict that few if any third-party certification bodies
would want to participate in the program.
Many of the comments that express concern about disincentives also
suggest that Congress intended the third-party program to be much
narrower than our proposed definition of ``consultative audit'' would
suggest. These comments suggest that the FSMA third-party certification
program was intended to be focused on regulatory audits and the
issuance of certifications to be used for two limited purposes: i.e.,
in establishing an importer's eligibility for VQIP and in satisfying a
condition of admissibility for a food subject to an FDA safety
determination under section 801(q) of the FD&C Act. These comments
argue further that Congress inserted the term ``consultative audit'' in
the statute to be used only in reference to the conflicts of interest
provisions in section 808(c)(4)(C) and (c)(5) of the FD&C Act;
therefore, a broad interpretation of ``consultative audit'' is
inconsistent with Congressional intent. The comments urge us to
construe the term ``consultative audit'' as narrowly as possible.
(Response 9) We recognize that food firms use accredited third-
party certification bodies (and their consulting divisions) in various
[[Page 74582]]
capacities that serve the ultimate goal of improving food safety. We do
not want, nor do we believe Congress intended, for our third-party
certification program to create disincentives for food firms seeking to
use accredited third-party certification bodies for various purposes to
improve food safety practices in their operations. Nevertheless, we
decline the request to remove all requirements relating to consultative
audits from this final rule. Section 808(c)(5)(C) of the FD&C Act
directs us to issue implementing regulations for section 808 of the
FD&C Act, which includes some specific provisions relating to
consultative audits (e.g., section 808(c)(3)(A) and (C) on consultative
audit reports and section 808 (c)(4)(C) of the FD&C Act on audit agents
performing regulatory audits of eligible entities of which they
performed consultative or regulatory audits within the preceding 13
months). We have, however, revised the definition of ``consultative
audit'' as explained below and have made other revisions to the rule to
clarify the scope of such audits and help mitigate possible
disincentives to conduct consultative audits, while fulfilling the
letter and spirit of the law.
With regard to the comments expressing concerns about an overly
broad interpretation of ``consultative audit,'' we remind readers that
the statute endows both regulatory and consultative audits with certain
characteristics. For example, section 808(a)(6) of the FD&C Act
indicates that an eligible entity must choose to be audited by an
accredited third-party certification body, and section 808(c)(5)(C)(i)
of the FD&C Act states that audits under this program must be
unannounced. We understand these provisions to mean that, at the time
the audit services are arranged, an eligible entity must specifically
request from an accredited third-party certification body a food safety
audit under this rule--that is the only way the accredited third-party
certification body would know that the eligible entity is requesting an
unannounced subpart M audit to determine compliance with the applicable
food safety requirements of the FD&C Act and FDA regulations. Further,
the eligible entity would need to specify whether it is seeking a
regulatory or consultative audit. (In addition to determining whether
the eligible entity is in compliance with the food safety requirements
of the FD&C Act, consultative audits under section 808 of the FD&C Act
also determine whether the eligible entity is in compliance with
applicable industry standards and practices). Audits that fall outside
the purview of this rule--for example, audits that are conducted by
third-party certification bodies that are not accredited under this
program, audits that determine compliance with standards other than the
food safety requirements of the FD&C Act and FDA regulations (e.g.,
audits that determine compliance with private standards), audits that
are announced, and audits conducted solely for the purposes of supplier
verification under the final human or animal preventive controls
regulations or the final FSVP regulations--are not covered by, or
subject to, the requirements of this rule.
It is impossible to describe or predict all of the audit scenarios
that may occur. We emphasize that an accredited third-party
certification body can continue to offer auditing and certification
services that are outside the scope of this rule, such as on-site
supplier verification audits under the final human or animal food
preventive controls regulations or the final FSVP regulation. Such
audits would not be subject to the requirements of this rule, including
the reporting and notification requirements.
In response to comments, we revised the proposed definition of
``consultative audit'' to clarify that it is an audit conducted in
preparation for a regulatory audit under the third-party certification
program. A consultative audit would thus be a pre-examination or pre-
assessment type of activity imbued with certain characteristics. We
further clarify the characteristics of a consultative audit, as well as
of a regulatory audit (the results of which can form the basis for
issuance of certification under the rule), in the definition of ``food
safety audit'' discussed in section III.J.
F. Eligible Entity
We proposed to define an ``eligible entity'' as a foreign entity
that chooses to be subject to a food safety audit by an accredited
third-party certification body. We further proposed that eligible
entities include foreign facilities subject to the registration
requirements in FDA regulations.
(Comment 10) We received several comments on the definition of
``eligible entity.'' Some comments request that we provide examples of
specific types of entities that satisfy the definition. Some comments
offer examples of ``eligible entities,'' including orchards or farms,
packing houses, processing plants, and storage facilities. Other
comments suggest we add ``and foreign farms'' to the end of the
definition, to clarify that such entities are eligible to receive
audits under subpart M. Some comments encourage us to adjust the
definition of ``eligible entity'' to make it mandatory for foreign food
facilities to undergo food safety audits by accredited third-party
certification bodies.
(Response 10) The proposed definition of ``eligible entity'' was
based on the statutory definition, which includes facilities subject to
the registration requirements in section 415 of the FD&C Act that
choose to be audited under the program. At our own initiative we are
revising the definition of ``eligible entity'' in the codified to more
accurately track the statute, and we decline the suggestion to add
specific examples, such as orchards or farms, that are not included in
the statutory definition of ``eligible entity.'' However, as explained
in Response 12 we are revising the definition of ``facility'' in Sec.
1.600(c) to clarify that entities that grow, harvest, or raise animals
for food for consumption in the United States are facilities that are
eligible for auditing and certification under this subpart.
We disagree with the comment suggesting that we should make audits
under this program mandatory for all foreign food firms by modifying
the definition of ``eligible entity.'' The statute clearly indicates
that participation in this program is intended to be voluntary, and
only entities that choose to be audited under the program are subject
to its requirements (see section 808(a)(6) of the FD&C Act).
(Comment 11) In the proposed rule, we specifically asked for
comment on whether to allow for food or facility certification to be
issued to a producer group, offering as an example the criteria for
groups under the National Organic Program (NOP)--i.e., having multiple
sites operating under a single management system and whose farms are
``uniform in most ways.'' Several comments responded to this inquiry in
relation to the definition of ``eligible entity.''
Comments in support of certification of a group (e.g., a
cooperative being audited as a single eligible entity) note that some
producers are very small and might find it difficult on their own to
obtain third-party certification, but taken as a group the task would
likely be more manageable. Other comments note that treating multiples
sites with a single management system as a single eligible entity could
be particularly helpful in sectors or regions where there is a scarcity
of accredited third-party certification bodies. Some comments argue in
support of groups functioning as a single eligible entity as long as
the central management system functions effectively, providing
oversight to the
[[Page 74583]]
members. Comments also note that some multisite sampling protocols have
been developed by international organizations, such as ISO.
Other comments encourage us to ensure that cooperatives are subject
to this rule, so that all the links in a foreign supply chain are
appropriately inspected, and so that they are subject to any applicable
regulations before their product is exported to the United States.
Comments not in support of cooperatives being classified as
eligible entities note that food safety practices and conditions are
site-specific and can vary significantly even if the individual farms
are located in the same geographic area (for example, due to soil
composition, agricultural water runoff, or the manner in which the land
was used in the past). They also note that organic production standards
and scientifically-based food safety standards are not the same, so
what works for the NOP may not be appropriate here
Some comments encourage us to provide guidance on the acceptable
parameters of a cooperative. Some comments encourage us to consider
guidance available from other sources beyond the NOP, such as the
International Federation of Organic Agriculture Movements.
(Response 11) We decline to revise the definition of eligible
entities to include a group. We acknowledge that some very small
producers might be daunted by the prospect of working individually with
an accredited third-party certification body, and there would be
obvious economies in banding together with other very small producers
to gain certification. We also acknowledge that some sets of producers
do currently function as a unit under a centralized management system,
and that group certification may make it easier for entities to access
accredited third-party certification bodies in areas or regions where
they may be scarce. Nevertheless, after reviewing the NOP, the
International Federation of Organic Agricultural Movements, the Canada
Organic Office Operation Manual, the USDA Agricultural Marketing
Service pilot program on group certification, and other recommended
sources, we conclude that it would not be appropriate to allow groups
to be certified under this program. Group certification raises a myriad
of complicated issues such as establishing who may act as a group,
determining the requisites of a central management system, and
delineating the minimum requirements for accredited third-party
certification body audits of a group.
With regard to the comments contending that certifications from
individual eligible entities that might otherwise act as a group would
create redundant and unnecessary paperwork for FDA, we will take that
sort of information into account as we gain experience with the
program. Finally, with regard to the comments encouraging us to define
``eligible entity'' to include groups to ensure that all their members
are examined for compliance with applicable food safety regulations
before their food is exported to the United States, we note that this
rule does not create audit obligations for all foreign suppliers or for
all importers. The third-party certification program created by this
rule is a voluntary program for eligible entities who wish to
participate.
G. Facility
We proposed to define ``facility'' as any structure, or structures
of an eligible entity under one ownership at one general physical
location, or, in the case of a mobile facility, traveling to multiple
locations, which manufactures/processes, packs, or holds food for
consumption in the United States. The definition went on to state that:
(1) Transport vehicles are not facilities if they hold food only in the
usual course of business as carriers; (2) a facility may consist of one
or more contiguous structures, and a single building may house more
than one distinct facility if the facilities are under separate
ownership; (3) the private residence of an individual is not a
facility; and (4) non-bottled water drinking water collection and
distribution establishments and their structures are not facilities.
On our own initiative, we are clarifying that facilities for the
purposes of this subpart are not limited to facilities required to be
registered under Subpart H.
(Comment 12) Some comments encourage us to align the proposed
definition of ``facility'' to the definition of ``facility'' in the
human and animal preventive controls, produce safety, and FSVP
regulations, to promote consistency and common understanding of the
rules.
(Response 12) As previously noted, we agree with the comments on
the importance of consistency across regulations, where feasible and
appropriate. We reviewed the definitions of ``facility'' in the final
FSVP and final human preventive controls regulations, and found those
definitions to be too narrow in light of the purpose of this rule to
establish a voluntary program for certification of foods and facilities
and the broad definition of ``eligible entity'' in section 808(a)(6) of
the FD&C Act. Of our own initiative, in order to preserve the option
for broad participation in the third-party program, we are expressly
including in the definition of ``facility'' those entities that grow,
harvest, or raise animals for food for consumption in the United
States.
H. Facility Certification and Food Certification
We proposed to define ``facility certification'' as an attestation,
issued for purposes of section 806 of the FD&C Act by an accredited
third-party certification body, after conducting a regulatory audit and
any other activities necessary to establish that a facility meets the
applicable requirements of the FD&C Act. We proposed to define ``food
certification'' as an attestation, issued for purposes of section
801(q) of the FD&C Act by an accredited third-party certification body,
after conducting a regulatory audit and any other activities necessary
to establish that a food meets the applicable requirements of the FD&C
Act.
(Comment 13) We received some comments on the definitions of
``facility certification'' and ``food certification.'' Some of these
comments raise group certification issues which we address above, in
connection with the definition of ``foreign cooperative.'' Some
comments state that ``food certification'' is improper terminology,
because it implies a product certification model, whereas audits of
eligible entities--particularly in the produce sector--generally assess
processes and/or management systems.
(Response 13) The term ``food certification'' appears in the
statute and is specifically discussed in the statute as a type of
certification that may be used in meeting a condition of admissibility
under section 801(q) of the FD&C Act. Under section 808(c)(2)(C) of the
FD&C Act, food certifications may only issue upon conduct of a
regulatory audit. In light of the statutory language, we decline to
revise the term ``food certification'' in response to the comments on
this rule.
We also note that section 801(q)(1) of the FD&C Act allows for FDA
to accept ``a listing of certified facilities that manufacture,
process, pack, or hold food, or other assurances deemed appropriate by
FDA'' to satisfy the condition of admissibility. Of our own initiative,
in light of this statutory language, we are clarifying in the
definition of ``facility certification'' that
[[Page 74584]]
a facility certification may be issued for purposes of 801(q) of the
FD&C Act.
I. Food
In proposed Sec. 1.600(b), we stated unless otherwise defined in
Sec. 1.600(c) of the proposed rule, definitions of terms in section
201 of the FD&C Act would apply to terms used in this subpart. Section
201 of the FD&C Act defines ``food'' as ``(1) articles used for food or
drink for man or other animals, (2) chewing gum, and (3) articles used
for components of any such article.'' Proposed Sec. 1.600(c) did not
define the term ``food.''
(Comment 14) Some comments request that we define ``food''
consistent with how it was defined in the FSVP proposed rule for
consistency and to indicate that producers of food contact substances
are eligible entities.
(Response 14) The proposed definition of ``food'' under Sec. 1.600
would include pesticides when they meet the definition of ``food''
under section 201 of the FD&C Act. By contrast, the FSVP rule's
proposed definition of food explicitly does not include pesticides, as
defined in 7 U.S.C. 136(u), consistent with the definition of ``food''
used in the rulemaking on the Prior Notice of Imported Food Under the
Public Health Security and Bioterrorism Preparedness Act of 2002 (prior
notice rule). FDA received comments during that rulemaking questioning
the applicability of the rule to pesticides, so FDA clarified that
``food'' for the purposes of that rule did not include pesticides.
The final FSVP regulation, which is publishing elsewhere in this
issue of the Federal Register, retains the exclusion of pesticides from
the definition of ``food.''
In response to comments suggesting revision of the definition of
``food'' in this rule to be consistent with the final FSVP regulation,
we considered the purposes that certifications serve under this program
and the nature of comments we received on the third-party proposed
rule, including general comments requesting alignment across the FSMA
rules and comments specifically requesting that we use the FSVP
definition of ``food.'' Certifications issued by accredited third-party
certification bodies may be used in establishing an importer's
eligibility to participate in VQIP and in satisfying a condition of
admissibility for an imported food that we determine poses a safety
risk under section 801(q) of the FD&C Act.
While certifications may be useful in addressing pesticide
contamination of food (e.g., pesticide levels in food that exceed
established tolerances), we have not identified a need for
certifications to address pesticides as articles of food, nor do we
anticipate a role for food safety audits in pesticide manufacturing
facilities. Accordingly, we are revising the final rule by adding to
Sec. 1.600(c) a definition of ``food'' that excludes pesticides.
We also agree with the comment that producers of food contact
substances could be eligible entities under this rule and that food
contact substances should be considered food for the purposes of this
rule. Third-party food safety audits and certifications for food
contact substances could potentially be useful given the possibility of
migration of harmful food contact substances into food or contamination
of food contact materials that directly contact food. Accordingly, we
are revising the proposed definition of ``food'' to exclude pesticides
and retain ``food contact substances'' in the definition of ``food'' in
this final rule, consistent with the definition of ``food'' in the
final FSVP regulation.
J. Food Safety Audit
We proposed to define ``food safety audit'' as a regulatory audit
or a consultative audit.
(Comment 15) We received a few comments on the definition of ``food
safety audit.'' Some comments request that we remove consultative
audits from the definition of ``food safety audit,'' asserting that
consultative audits should not be subject to the reporting and
notification requirements associated with ``food safety audits.'' Other
comments say we should replace the term ``food safety audit'' with
``regulatory audit,'' as a matter of statutory construction and sound
policy. Finally, some comments suggest that we delete the definition of
``food safety audit'' altogether.
(Response 15) We are retaining the definition of ``food safety
audit'' as a useful definition to describe regulatory and consultative
audits that fall under the requirements of this rule. As described in
Response 9, we have revised the definition of ``consultative audit'' to
clarify that it is an audit conducted in preparation for a regulatory
audit under the third-party certification program. Although an audit
meeting that definition would be subject to certain reporting and
notification requirements, there are many types of audits/arrangements
that would not fall within the definition of ``consultative audit'' or
``regulatory audit,'' and would therefore not be subject to the
requirements of this rule, including the reporting and notification
requirements. Therefore, including consultative audits in the
definition of ``food safety audit'' will not prevent eligible entities
from using accredited third-party certification bodies for auditing
arrangements that fall outside of the scope of this rule and do not
trigger the requirements of this rule. To further address comments'
concerns, we are modifying the definition of ``food safety audit'' to
provide clarification regarding what types of audits/activities would
fall outside of the scope of this rule. Specifically, we clarify that a
food safety audit must be declared by an eligible entity at the time of
audit planning and must be conducted on an unannounced basis consistent
with sections 808(b)(6) and 808(c)(5)(C) of the FD&C Act.
K. Foreign Cooperative
We proposed to define ``foreign cooperative'' as an entity that
aggregates food from growers or processors that is intended for export
to the United States.
On our own initiative, we are replacing the phrase ``entity that
aggregates'' with ``autonomous association of persons, identified as
members, who are united through a jointly owned enterprise to
aggregate'' for clarification purposes.
(Comment 16) Some comments suggest that we add a definition for
``consolidator.'' The comments contrast consolidators with cooperatives
and argue that consolidators act essentially as brokers that purchase
products from several sources and then export the total set to the
United States. According to these comments, consolidators do not own or
manage the individual sites and generally do not have control over or
even knowledge of the processing procedures.
(Response 16) We agree with the comment that an entity without a
single management system that exercises control over the manner in
which individual sites meet the applicable food safety requirements of
the FD&C Act and FDA regulations would not be an eligible entity.
However, we disagree that adding a definition of ``consolidator'' would
be helpful because whether an entity is a ``consolidator'' has no
bearing on the requirements of this rule.
(Comment 17) Some comments point out that while the proposed rule
indicates a foreign cooperative could be an accreditation body or a
third-party certification body, in their countries the government is
the accreditation body. Also, in some places the government authorizes
certain parties to conduct audit activities and those parties are under
the control and supervision of the
[[Page 74585]]
government. Accordingly, the comments suggest that we indicate in which
countries and in which cases a foreign cooperative could be an
accreditation body or a third-party certification body. Other comments
recommend more detail on how cooperatives are defined, and how they
would conform to FDA requirements for third-party certification bodies.
(Response 17) We currently are not in a position to be able to
determine which countries or which foreign cooperatives may be
adequately qualified to become accredited under the third-party
certification program. We note that section 808 of the FD&C Act
expressly allows foreign cooperatives to serve as accredited third-
party certification bodies if they are adequately qualified and
independent of the eligible entities they audit or certify under the
third-party certification program. Therefore, we are not categorically
excluding foreign cooperatives from the third-party certification
program, nor are we making any categorical decisions on whether
governmental accreditation bodies have conflicts that would preclude
them from accrediting such foreign cooperatives under the program.
L. Regulatory Audit
We proposed to define a ``regulatory audit'' as an audit of an
eligible entity to determine whether such entity is in compliance with
the provisions of the FD&C Act and the results of which are used in
determining eligibility for food certification under section 801(q) of
the FD&C Act or facility certification under section 806 of the FD&C
Act, and may be used by an importer in meeting the requirements for an
onsite audit of a foreign supplier under the FSVP program.
(Comment 18) Some comments request that we clarify the definition
of ``regulatory audit.''
(Response 18) The comments requesting clarification failed to
mention specific characteristics in the definition needing
clarification and did not offer suggestions for clarification.
Therefore, we decline to modify the definition based on these comments.
However, on our own initiative we have revised the definition of
``regulatory audit'' by removing the clause ``, and may be used by an
importer in meeting the requirements for an onsite audit of a foreign
supplier under subpart L of this part'' that does not appear in the
statute. We did this in part to avoid confusion. We emphasize that an
audit conducted for the purposes of FSVP would not need to be conducted
by a third-party certification body under this subpart. See section
XIII.G. Nor are facilities required to use third-party certification
bodies accredited under this rule in meeting their supplier
verification requirements under the final human or animal preventive
controls regulations. On our own initiative, we are revising the
definition of ``regulatory audit'' to clarify that the results of a
regulatory audit may be used to determine eligibility for any
certifications that may be used for purposes of section 801(q) or
section 806 of the FD&C Act.
M. Self-Assessment
We proposed to define ``self-assessment'' as a systematic
assessment conducted by an accreditation body or by a third-party
certification body to determine whether it meets the applicable
requirements of this subpart.
We received no adverse comments about our proposed definition.
However, on our own initiative, we are revising the definition of
``self-assessment'' to improve clarity and to specify what is required
of a recognized accreditation body and an accredited third-party
certification body when performing these evaluations.
N. Third-Party Auditor
We proposed to define a ``third-party auditor'' as a foreign
government, agency of a foreign government, foreign cooperative, or any
other third-party that is eligible to be considered for accreditation
to conduct food safety audits and to certify that eligible entities
meet the applicable requirements of the FD&C Act. We further proposed
that a third-party auditor may be a single individual or an
organization and may use audit agents to conduct food safety audits.
Finally, we proposed that ``third-party auditor'' has the same meaning
as ``certification body'' as that term was defined in the proposed
rule.
(Comment 19) As described in Comment 1, we received several
comments urging us to align our definitions and terminology with
international standards. Some comments state that the term ``third-
party auditor,'' the language of the statute notwithstanding, is not
correct terminology to use interchangeably with ``third-party
certification body.''
(Response 19) As discussed previously, we agree that it is
beneficial to use terminology in this rule that is consistent with
terminology used in international standards when feasible and
appropriate. Therefore, we are deleting the definition of ``third-party
auditor'' in the final rule and will use the term ``third-party
certification body'' in this rule except that we will use the term
``third-party auditor'' in the definitions of ``Accredited third-party
certification body'' and ``Third-party certification body'' in Sec.
1.600(c) and in the preamble discussion of those definitions in section
III.A. We are clarifying in the definition of ``third-party
certification body'' in Sec. 1.600(c) that the term has the same
meaning as ``third-party auditor'' as defined in section 808(a)(3) of
the FD&C Act.
IV. Comments on Who Is Subject to This Subpart (Sec. 1.601)
We proposed in Sec. 1.601 that this rule would apply to those
accreditation bodies, third-party certification bodies, and eligible
entities that seek to participate in this voluntary third-party
certification program. We proposed two limited exemptions from section
801(q) of the FD&C Act: One related to alcoholic beverages from an
eligible entity that is a facility that meets certain conditions, and
another related to certain food constituting not more than 5 percent of
the overall sales of a facility meeting the conditions of the first
exemption.
A. Limiting the Scope of the Rule to Regulatory Audits and
Certifications
Under proposed Sec. 1.601(b), we proposed that subpart M would
apply to third-party certification bodies seeking accreditation to
conduct food safety audits and issue certifications for purposes of
sections 801(q) and 806 of the FD&C Act.
(Comment 20) Some comments suggest we modify the language in Sec.
1.601(b) regarding third-party certification bodies seeking
accreditation to clarify that requirements of the rule apply only to
imported foods that are subject to a condition of admissibility under
section 801(q) of the FD&C Act and imported foods offered by an
importer seeking to establish eligibility to participate in VQIP. In
this view, the requirements of the rule (e.g., the notification
requirements) should not apply to audits other than regulatory audits
that are conducted for certification purposes.
(Response 20) We decline to make the suggested revisions to Sec.
1.601(b) because Sec. 1.601(b)(2) already describes the two types of
certifications that may be issued by accredited third-party
certification bodies under the final rule and the types of audits that
they would conduct under this program (i.e., food safety audits, which
include both consultative and regulatory audits). Audits conducted by
third-party certification bodies that are outside of the scope of this
program, and eligible entities receiving audits outside of the scope of
this program, would not be
[[Page 74586]]
subject to the requirements of this final rule. With respect to the
suggestion that the final rule should apply only to regulatory audits,
and therefore not to consultative audits, we note, as previously
discussed, that section 808 of the FD&C Act specifically defines
``consultative audit'' and contains requirements for the conduct of
both regulatory and consultative audits (see, e.g., section 808(a)(5)
and (c)(4)(B) of the FD&C Act). Therefore, this final rule establishes
requirements for consultative audits that are consistent with the
provisions on consultative audits in the statute.
B. Exemption for Alcoholic Beverages
Under proposed Sec. 1.601(d), we proposed to exempt from the
certification requirements under section 801(q) of the FD&C Act
alcoholic beverages that are imported from an eligible entity that is a
facility that meets the following two conditions:
Under the Federal Alcohol Administration Act or chapter 51
of subtitle E of the Internal Revenue Code of 1986, the facility is a
foreign facility of a type that, if it were a domestic facility, would
require obtaining a permit from, registering with, or obtaining
approval of a notice or application from the Secretary of the Treasury
as a condition of doing business in the United States; and
Under section 415 of the Federal Food, Drug, and Cosmetic
Act, the facility is required to register as a facility because it is
engaged in manufacturing/processing one or more alcoholic beverages.
We also proposed that the certification requirements under section
801(q) of the FD&C Act would not apply to food other than alcoholic
beverages that is imported from a facility described in Sec.
1.601(d)(1) provided that such food:
(i) Is in prepackaged form that prevents any direct human contact
with such food; and
(ii) Constitutes not more than 5 percent of the overall sales of
the facility, as determined by the Secretary of the Treasury.
We tentatively concluded that these provisions were consistent with
the provisions on alcohol-related facilities in section 116 of FSMA.
(Comment 21) Some comments support the proposed exemption of
imported beverage alcohol products, but encourage us to clarify and
amplify the exemption to cover the raw materials and ingredients (e.g.,
grapes, grains, hops, flavors) used to produce alcoholic beverages. The
comments assert that the requested exemption would provide for
consistency between domestic and foreign facilities and would be
consistent with Congressional intent regarding section 116 of FSMA. The
comments assert that the expanded exemption would be consistent with
the regulations on preventive controls for human food. The comments
urge us to consult their comments on the FSVP proposed rule.
(Response 21) As requested, we consulted comments submitted on
proposed Sec. 1.501(e) in the FSVP proposed rule, requesting an
exemption from the FSVP requirements for the importation of the raw
materials and ingredients (e.g., grapes, grains, hops, flavors) used to
produce alcoholic beverages, and asserting that such an exemption would
be consistent with Congressional intent regarding section 116 of FSMA.
We considered the comments' request in light of the risk-based
public health principles generally underlying FSMA and have concluded
that Congress did not intend for FSMA's core requirements to apply to
the manufacture/processing, packing, and holding of alcoholic
beverages. Congress may have made such a conclusion in light of the
potential antimicrobial function of the alcohol content in such
beverages and the concurrent regulation of alcoholic beverage-related
facilities by both FDA and the Alcohol and Tobacco Tax and Trade
Bureau. In light of this context, we have concluded that section 116 of
FSMA should be interpreted to mean that the manufacturing, processing,
packing, or holding of alcoholic beverages at most alcohol-related
facilities should not be subject to this rule.
We believe the same rationale supports the comments' request.
Accordingly, and consistent with the final FSVP regulation, we are
expanding the exemption from certification under section 801(q) of the
FD&C Act in Sec. 1.601(d) to cover raw materials or other ingredients
that are used to manufacture/process, pack or hold alcoholic beverages
by an importer required to be registered under section 415 of the FD&C
Act, when such facilities are exempt from the preventive controls
regulations under 21 CFR 117.5(i).
Also in this final rule, we are replacing the term ``food other
than alcoholic beverages,'' to describe the applicability of the
exemption, with the term ``food that is not an alcoholic beverage.''
C. USDA Regulated Products
(Comment 22) Some comments suggest we explicitly exempt products
under USDA jurisdiction from the requirements of this rule.
(Response 22) We agree that an exemption to 801(q) is appropriate
with respect to meat, poultry, and egg products regulated by USDA at
the time of importation. The final rule adds a new Sec. 1.601(d)(2)
which states that any certification under 801(q) does not apply to
meat, poultry, and egg products that at the time of importation are
subject to the requirements of the USDA under FMIA (21 U.S.C. 601 et
seq.), PPIA (21 U.S.C. 451 et seq.), or EPIA (21 U.S.C. 1031 et seq.).
We conclude that this provision is consistent with section 403 of FSMA,
entitled ``Rule of Construction,'' which states that nothing in FSMA
shall be construed to alter or limit the jurisdiction of the Secretary
of the Department of Agriculture. For many decades, USDA has exercised
authority and responsibility over the import of such meat, poultry, and
egg products, and has detailed regulations and procedures implementing
this authority. In light of USDA's role with respect to the importation
of these products, and also in light of section 403 of FSMA, we believe
that Congress did not intend for an FDA determination under section
801(q) of the FD&C Act to apply to meat, poultry, and egg products that
at the time of importation are subject to USDA requirements under the
MPIA, PPIA, and EPIA, respectively. We therefore conclude that final
Sec. 1.601(d)(2) is consistent with Congress's intent in promulgating
section 403 of FSMA.
With respect to the third-party program, we note that the program
establishes a voluntary system of certification by accredited third-
party certification bodies that food and facilities meet applicable
requirements of the FD&C Act and FDA regulations. Certifications issued
under this program will not be used to facilitate entry of meat,
poultry, and egg products that are regulated by USDA at the time of
importation, as defined above.
V. Comments on Recognition of Accreditation Bodies Under This Subpart
A. Who is eligible to seek recognition? (Sec. 1.610)
Proposed Sec. 1.610 states that an accreditation body would be
eligible for recognition if it could demonstrate that it meets the
requirements related to legal authority, competency, capacity,
conflicts of interest, quality assurance, and records in Sec. Sec.
1.611 through 1.615. In our discussion of this section in the preamble
of the proposed rule we stated our tentative conclusions that key
[[Page 74587]]
elements of ISO/IEC 17011:2004 (Ref. 5) would form a basis for our
requirements, and that documented conformance to that standard would be
relevant in demonstrating that an accreditation body is qualified for
recognition.
(Comment 23) Some comments recommend that we require accreditation
bodies to be signatories to IAF multilateral recognition agreements
(IAF-MLAs) (which requires signatories, among other things, to conform
to ISO/IEC 17011:2004) as a condition of recognition, and some contend
it should be the sole criterion. Comments in favor of including
signatory status as a requirement note that the process of becoming a
signatory involves a thorough peer-review process, which helps ensure
quality outcomes (e.g., signatories have to demonstrate conformance to
ISO/IEC 17011:2004 as part of the peer review process). Comments note
other aspects of IAF-MLA signatory status that would be beneficial to
the program, such as periodic reevaluation by peer signatories to
ensure continued compliance. These comments argue that when a foreign
government is the accreditation body, it may be difficult for FDA to
regulate a peer agency, so reliance on IAF-MLA signatory status would
be helpful, in part because it would give an independent organization
(IAF) a role in managing the accreditation body.
Some comments discourage us from requiring IAF-MLA signatory status
as a condition of recognition. Some comments suggest that we consider
signatory status as a factor in favor of recognition, noting many of
the same advantages touted by proponents of requiring signatory status,
but suggest that we not make IAF-MLA signatory status a condition of
program participation.
Other comments explain that it would be premature to make IAF
signatory status the sole requirement. The comments note that at the
time of these comments the IAF-MLA does not yet include subscopes for
specific food safety standards or schemes. Still other comments
recommend that FDA study the issues surrounding signatory status
further before making it a requirement, pointing out that some
countries may not have signatory IAF-MLA members representing them.
Some comments cite to third-party food safety audit programs
administered by other governments, noting those programs do not require
IAF-MLA status as a condition for program participation. These comments
argue that it is more important to require conformance to ISO/IEC
17011:2004.
(Response 23) The comments uniformly agree on the value of an
accreditation body's conformance to ISO/IEC 17011:2004 in establishing
its qualifications for recognition. As discussed in section I.D., we
agree that an accreditation body may use its documented conformance to
ISO/IEC 17011:2004 to support its eligibility for recognition under
this rule, supplemented as necessary (for example, to demonstrate
capability to meet FDA requirements for reporting and notification
under Sec. 1.623, if recognized). We also agree that additional
documentation relating to IAF-MLA signatory status may be useful in
supporting an accreditation body's application for recognition under
this program. However, we disagree with comments suggesting that we
require IAF-MLA signatory status as the sole criterion or one of
several criteria for recognition to accredit third-party certification
bodies to conduct food safety audits and to certify that eligible
entities meet the applicable food safety requirements of the FD&C Act
and FDA regulations at this time. We currently lack (and the comments
did not provide) adequate information to conclude that IAF-MLA
signatory status should be the sole factual basis or one of several
criteria for determining whether an accreditation body can fulfill the
roles and responsibilities of a recognized accreditation body under
this subpart. Further, we also want to allow accreditation bodies that
are not signatories to participate in the program if they meet the
statutory and regulatory criteria.
(Comment 24) As explained in section I.D., several comments support
FDA's reliance on ISO/IEC 17011:2004 (Ref. 5) in developing the
proposed rule. Other comments suggest FDA should place greater reliance
on ISO/IEC 17011:2004 (Ref. 5), including some comments recommending
that we incorporate the standard by reference into the rule.
(Response 24) We agree with comments on the value of promoting
international consistency and tapping into an existing framework that
is familiar to accreditation bodies, third-party certification bodies,
and the food industry. Accordingly, in Sec. 1.610 we are adding new
language to state that an accreditation body may use documentation of
conformance with ISO/IEC 17011:2004 (Ref. 5), supplemented as
necessary, to demonstrate that it is eligible for recognition. This new
language may make it easier for accreditation bodies that already
conform to ISO/IEC 17011:2004 (Ref. 5) to apply for the program. We are
also making conforming changes to Sec. Sec. 1.622(d) and 1.623(b),
1.640(a), and 1.655(e).
We decline to incorporate ISO/IEC 17011:2004 (Ref. 5) by reference
as the sole criterion or one of several criteria for recognition,
because the standard contains some provisions that are inconsistent
with section 808 of the FD&C Act or impractical for use in our program.
For example, ISO/IEC 17011:2004 (Ref. 5), clause 4.3.7, allows an
accreditation body to have ``related bodies'' that provide conformity
assessment services (e.g., auditing and certification) in areas the
accreditation body accredits. (A ``related body'' is linked to the
accreditation body by common ownership or contractual arrangement,
under clause 4.3.7 NOTE 1.) The only safeguards that a related body is
expressly required to meet are as follows: (1) It must have different
top management than the accreditation body's top management; (2)
different personnel from those involved in the accreditation
decisionmaking processes; (3) no possibility to influence the outcome
of an assessment for accreditation; and (4) distinctly different names,
logos, and symbols. While clause 4.3.7 of ISO/IEC 17011 (Ref. 5) speaks
to issues of common management and control of the accreditation body
and its related body, the standard does not expressly prohibit the
accreditation body from accrediting its related body with which it
shares common ownership or financial interests. For example, an
accreditation body that provides financial support (directly or
indirectly) to a related body could be viewed as lacking the
impartiality necessary to make an objective decision about whether the
related body it supports is appropriately qualified. The impartiality
provisions in ISO/IEC 17011:2004 (Ref. 5) are impractical for our
purposes because they fail to address the range of possible conflicts
associated with shared financial interests and ownership between a
recognized accreditation body and a ``related'' third-party
certification body under this rule. To help ensure the credibility of
our program, Sec. 1.624 requires a recognized accreditation body to
implement a program to ensure that the accreditation body and its
officers, employees, and other agents involved in accreditation
activities do not own or have a financial interest in a third-party
certification body seeking its accreditation. Accordingly, it would be
inappropriate for us to rely on the conflict of interest safeguards
contained in ISO/IEC
[[Page 74588]]
17011:2004 (Ref. 5), in the third-party certification program we are
establishing.
For the foregoing reasons, we decline the suggestion to incorporate
ISO/IEC 17011:2004 (Ref. 5) by reference into this rule.
(Comment 25) Several comments express concern about our proposal to
allow both public and private accreditation bodies to seek recognition.
Some comments discourage us from allowing private entities to be
accreditation bodies because of the concern that allowing for private
accreditation bodies may cause conflicts of interest. Similarly, some
comments contend that accreditation bodies must uphold public
confidence and perform their duties objectively, which is the purview
of governmental entities.
Other comments take a contrary view, suggesting that some
government agencies have missions that may undermine the objectivity
and independence required of a recognized accreditation body. Some
comments encourage us to consider which government agency/ministry in a
given country may be eligible for recognition, and to solicit input
from stakeholders as to which agencies/ministries are best positioned
to perform this function.
Still other comments assert that private and government entities
are sufficiently different such that we should establish different
conflict of interest provisions and requirements for each.
(Response 25) Comments on both sides of this issue express concern
that any accreditation body we recognize must be independent and
objective in the performance of its duties. We share that concern.
However, none of the comments offered substantiation that would lead us
to bar public or private accreditation bodies, as a class, from seeking
recognition because of conflicts of interest inherent in the class.
Section 808 of the FD&C Act defines an ``accreditation body'' as an
authority that accredits third-party certification bodies and makes no
distinction between public and private accreditation bodies. We have
concluded that both public and private accreditation bodies are
potentially capable of exhibiting the impartiality necessary for
recognition under this rule. Therefore in light of the broad definition
of ``accreditation body'' and to maximize the opportunities for
qualified accreditation bodies to participate in the program, FDA does
not consider it to be appropriate to limit the program to only certain
types of accreditation bodies.
With respect to the comments that suggest we apply different
conflict of interest requirements to different types of accreditation
bodies, none of these comments offered an adequate explanation to
justify different requirements for public and private accreditation
bodies. Again, we note that section 808 of the FD&C Act does not make
distinctions for different types of accreditation bodies.
(Comment 26) Some comments request that we provide additional
explanation regarding how an accreditation body that does not have
experience accrediting third-party certification bodies for food safety
scopes would become eligible for recognition under this program.
(Response 26) An accreditation body of the type described in the
comments' hypothetical might face practical difficulties in providing
adequate substantiation demonstrating that it meets the requirements
described in Sec. 1.610. However, we will consider each application on
its own merits and do not foreclose the possibility for such an
accreditation body to make the showing necessary to be granted
recognition under this rule.
B. What legal authority must an accreditation body have to qualify for
recognition? (Sec. 1.611)
We proposed to require an accreditation body seeking recognition to
demonstrate that it has adequate legal authority (as a governmental
entity or through contractual rights) to assess a third-party
certification body for accreditation, including authority to review
records and conduct performance assessments (e.g., authority to witness
the performance of a statistically significant number of employees and
other agents conducting assessments). We proposed to require that the
accreditation body have adequate authority to remove or modify an
accreditation status, once granted. We also proposed to require the
accreditation body to demonstrate that it would be capable of
exercising the legal authority necessary to meet the program
requirements, if we granted recognition.
On our own initiative, in Sec. 1.611(a)(2) we replaced,
``personnel and other agents,'' with, ``audit agents, or the third-
party certification body in the case of a third-party certification
body that is an individual'' for clarity and consistency with section
808(a)(4) of the FD&C Act. We have also made corresponding changes
throughout this subpart.
(Comment 27) Some comments provide support for this provision, and
others encourage us to ensure that a private accreditation body seeking
recognition could have adequate legal authority to operate.
(Response 27) We agree with the comment urging us to ensure that a
private accreditation body could have the necessary authority to act as
a recognized accreditation body under this rule. As noted previously,
we see no inherent reason why private entities could not theoretically
meet the eligibility requirements for accreditation bodies under this
rule. Therefore, we are revising Sec. 1.611(a) and (b) to clarify that
an accreditation body can be a legal entity with contractual rights. By
the words ``legal entity,'' we mean that the accreditation body must be
duly authorized to operate as an accreditation body by governmental
authorities responsible for such authorizations in any country or
countries in which the accreditation body seeks to perform
accreditation of third-party certification bodies under this rule.
(Comment 28) Some comments ask us to clarify what we mean by
``statistically significant'' as used in Sec. 1.611(a)(2) and
elsewhere in the proposed rule to provide adequate confidence in the
results of an analysis of the sample. The comments encourage us to
abandon the phrase ``statistically significant'' in favor of the
language of ISO/IEC 17011:2004 (Ref. 5), which requires an
accreditation body to witness the performance of a representative
number of third-party certification body staff.
(Response 28) We understand from the comments that a body of
knowledge and experience has developed among accreditation bodies
conforming to ISO/IEC 17011: 2004 (Ref. 5) on the meaning of
``representative'' numbers of observations and that no similar body of
knowledge or experience exists on the meaning of ``statistically
significant'' numbers of observations in this context. Accordingly, we
are revising Sec. 1.611 to require observations of a ``representative
sample'' of audit agents and food safety audits. We are making similar
revisions to other sections of the rule that require onsite
observations.
For purposes of an accreditation body's observations of a third-
party certification body under this rule, what constitutes a
``representative sample'' will be decided on a case-by-case basis,
depending on various factors. These factors include the scope of
accreditation, whether the third-party certification body is an
individual who will conduct audits and make certification decisions, or
whether the third-party certification body uses agents to conduct
audits and, if so, whether such agents are centrally managed,
conducting similar types of
[[Page 74589]]
audits, under a single set of operating procedures or whether the
agents are managed from various locations, perform different types of
audits, or follow different procedures such that these various
locations, activities, or practices must be observed to ensure that the
sample is sufficiently representative. A representative sample also
must provide adequate confidence in the results of an analysis of the
sample.
C. What competency and capacity must an accreditation body have to
qualify for recognition? (Sec. 1.612)
We proposed to require an accreditation body seeking recognition to
demonstrate that it has the resources required to adequately implement
its accreditation program, including adequate numbers of qualified
employees and other agents, adequate financial resources for its
operations, and the capability to meet the resource demands of a
recognized accreditation body, in the event the accreditation body is
recognized.
(Comment 29) We received some comments on this provision, which
also support the proposed rule's requirement that accreditation bodies
demonstrate their competence and capacity based on the requirements of
ISO/IEC 17011:2004 (Ref. 5). However, these comments disagree with our
statement in the preamble that liability coverage requirements should
not apply to this rule. The comments argue that we should include a
requirement for accreditation bodies to carry liability coverage,
noting that it is one of the requirements in ISO/IEC 17011:2004 (Ref.
5) and describing it as especially important because of the risks
associated with food safety.
(Response 29) We agree with the comments that liability insurance
may be useful in demonstrating the adequacy of an accreditation body's
resources, for example, under ISO/IEC 17011:2004 (Ref. 5); however, FDA
lacks experience in evaluating the adequacy of liability coverage for
accreditation activities and we do not believe it would be appropriate
for FDA to make recognition decisions primarily on this basis. We
believe an accreditation body can demonstrate that it is adequately
resourced in a number of different ways, including providing
documentation of liability coverage as part of the information
submitted to help to demonstrate that accreditation body is adequately
resourced.
D. What protections against conflict of interest must an accreditation
body have to qualify for recognition? (Sec. 1.613)
Proposed Sec. 1.613 requires accreditation bodies to demonstrate
that they have written measures to protect against conflicts of
interest with third-party certification bodies and the capability to
meet the rule's other conflict of interest requirements.
On our own initiative, we are clarifying that the scope of conflict
of interest provisions in Sec. 1.613(a) is limited to individuals
involved in accreditation, auditing, and certification activities and
not, for example, employees involved in purely administrative
functions, such as payroll, or in positions that support administrative
functions, such as computer technicians. Therefore, Sec. 1.613(a) of
this rule applies to interests between the officers, employees, and
other agents of the accreditation body that are involved in
accreditation activities and the officers, employees, and other agents
of the third-party certification body involved in auditing and
certification activities. We are making corresponding changes in the
subsequent provisions for recognized accreditation bodies under Sec.
1.624(a).
(Comment 30) Some comments take issue with our decision not to
include the requirements of clause 4.3.2 of ISO/IEC 17011:2004 (Ref.
5), which requires the accreditation body to have documented and
implemented a structure relating to conflicts of interest that provides
for effective involvement by interested parties with balanced
representation ensured.
(Response 30) We decline to require that recognized accreditation
bodies establish and implement a structure for involving interested
parties in matters relating to the conflict of interest requirements
for recognized accreditation bodies. It would be administratively
burdensome for FDA to establish a mechanism for monitoring the
activities of interested parties that the accreditation body elects to
involve to comply with such requirements. In our third-party
certification program, impartiality will be protected by the conflict
of interest provisions for accreditation bodies in Sec. 1.624, the
appeals provisions in Sec. 1.620(d), and FDA's oversight activities.
E. What quality assurance procedures must an accreditation body have to
qualify for recognition? (Sec. 1.614)
Proposed Sec. 1.614 requires accreditation bodies to implement a
written quality assurance program and have the capability to meet the
rule's other quality assurance requirements.
(Comment 31) Some comments encourage FDA to more closely align
Sec. 1.614 with established international standards on quality
assurance programs. Some ask us to rely on the relevant provisions in
ISO/IEC 17011:2004 (Ref. 5) in particular.
(Response 31) We agree with the comments and as described in
section I.D., we are revising Sec. 1.610 to allow accreditation bodies
to use their demonstrated conformance to ISO/IEC 17011:2004 (Ref. 5),
supplemented as necessary, in meeting the requirements for recognition.
(Comment 32) Some comments ask us to clarify the language in Sec.
1.614(a)(1) and (2) regarding food safety problems and corrective
actions.
(Response 32) We agree and have revised Sec. 1.614(a)(1) and (2)
to clarify that an accreditation body must demonstrate that it has
procedures to identify deficiencies and procedures to execute
corrective actions for such deficiencies, using language that better
aligns with international standards (see, e.g., clause 5.5 in ISO/IEC
17011:2004 (Ref. 5)).
F. What records procedures must an accreditation body have to qualify
for recognition? (Sec. 1.615)
Proposed Sec. 1.615 would require accreditation bodies seeking
recognition to demonstrate that they have developed and implemented
adequate written procedures for establishing, controlling, and
retaining records and to demonstrate the capability to meet the
program's records, reporting, and notification requirements, if
recognized.
(Comment 33) Some comments voice general concerns about
confidentiality. Others state their concern with how confidentiality of
third-party certification body records would be preserved when third-
party certification bodies must share information with recognized
accreditation bodies and FDA. Noting that such information can be
sensitive in nature and sometimes includes confidential business
information, these comments urge us to place certain limits--i.e., only
information related to food safety would be collected during audits of
third-party certification bodies and such information would be shared
only with the recognized accreditation body and FDA. Some comments
suggest FDA require strict protective measures for information handled
by third-party certification bodies and accreditation bodies, because
the release of an eligible entity's confidential business information
could have detrimental
[[Page 74590]]
effects on U.S. businesses and their foreign suppliers. These comments
suggest the use of confidentiality protections such as ``confidential
disclosure agreements'' so that the audit climate remains conducive to
robust scrutiny and open dialogue.
Some comments also express concern with the proposed use of
electronic records, because of the opportunity for sensitive electronic
information to be compromised. Such comments recommend that the final
rule include requirements for both third-party certification bodies and
accreditation bodies to ensure that electronic records remain secure in
transit and during storage.
(Response 33) We decline the suggestions to require confidential
disclosure agreements between recognized accreditation bodies and
third-party certification bodies under our program and to establish
data protection requirements for electronic records and communications
of recognized accreditation bodies and accredited third-party
certification bodies. We understand that many accreditation bodies and
third-party certification bodies have contractual agreements regarding
confidentiality and disclosure by those parties. We expect
accreditation bodies that become recognized under our program may elect
to establish contracts that incorporate language on information sharing
with FDA for third-party certification bodies seeking accreditation
under this program. For such accreditation bodies, how they choose to
accomplish this--e.g., whether by establishing a separate
confidentiality agreement or through revision of current contract
language or creation of a new contract addendum--is a decision best
made by the parties to those contracts. Accreditation bodies and third-
party certification bodies will have common interests in safeguarding
the electronic records they store and transmit to each other;
therefore, we have no reason to believe that any separate agreements
will lack adequate protections for confidentiality of information,
including information stored and shared among the parties
electronically.
This rule focuses on confidentiality and disclosure with respect to
information shared with FDA. As explained in section XIII.F., FDA will
protect the confidentiality of information accessed by or submitted to
the Agency in accordance with Sec. 1.695 of this subpart. With respect
to the storage of electronic records and electronic transmission of
information by FDA, we note that we are working the FDA IT security
professionals in establishing the electronic portal for the third-party
certification program to apply adequate and appropriate controls to
ensure the confidentiality and integrity of data submitted to FDA
through the portal.
(Comment 34) In the proposed rule preamble discussion of this
section we stated that, ``[a]ccreditation bodies applying for
recognition must demonstrate their capacity, if recognized, to grant us
access to confidential information, including information contained in
records, without prior written consent of the third-party certification
body involved. Having access to records relating to accreditation
activities (including confidential information) under this subpart is
necessary to ensure the rigor, credibility, and independence of the
program.'' Some comments take issue with this point, arguing that
accreditation bodies would not be able to grant such access--they would
only be able to grant access to confidential information with prior
written consent. That is, the accreditation body would first need to
make arrangements for FDA access to confidential records with the
third-party certification bodies it accredits and the eligible entities
certified by those third-party certification bodies. Comments that
express doubt about private sector foreign accreditation bodies
actually granting FDA access to confidential records contend that such
access is particularly unlikely without the prior written consent of
the third-party certification body whose records are sought.
(Response 34) We agree with the comments that the contracts
accreditation bodies currently use with their third-party certification
body clients do not contemplate the program we are establishing. As
comments suggest, we would expect that confidentiality provisions in
standard contracts would need to be revised such that, in signing a
contract for accreditation under the FDA program, the third-party
certification body would be giving the accreditation body its prior
consent to perform any reporting or notification necessary for the
recognized accreditation body to fulfill its obligations under the
rule. Indeed, we expect that accreditation bodies seeking recognition
will demonstrate their ability to comply with the reporting and
notification provisions of this rule by providing us examples of
standard contract language that has been suitably revised as comments
describe.
VI. Comments on Requirements for Recognized Accreditation Bodies Under
This Subpart
A. How must a recognized accreditation body evaluate third-party
certification bodies seeking accreditation? (Sec. 1.620)
Proposed Sec. 1.620 would establish the criteria and procedures
that a recognized accreditation body must use in assessing third-party
certification bodies for accreditation. Paragraph (a) broadly addresses
the different requirements for foreign governments and foreign
cooperatives or other third parties. Paragraph (b) requires the
accreditation body to require third-party certification bodies to
satisfy the rule's reporting and notification requirements. Paragraph
(c) requires the accreditation body to maintain certain records, such
as those related to withdrawal or suspension of a third-party
certification body. Paragraph (d) requires an accreditation body to
have written procedures for handling appeals from third-party
certification bodies, and requires certain minimal appeal procedures.
On our own initiative, we are revising Sec. 1.620(a)(2) and (3) to
apply to accredited third-party certification bodies that are comprised
of a single individual, as applicable. We are also removing, ``and any
requirements specified in FDA model accreditation standards regarding
qualifications for accreditation, including legal authority,
competency, capacity, conflicts of interest, quality assurance, and
records'' to follow good guidance practice. We are making corresponding
changes to Sec. Sec. 1.620(a)(1), 1.640(b), and 1.640(c). We are also
revising Sec. 1.620(c) to specify that recognized accreditation bodies
must also include the date of the action in their records relating to
any denial of accreditation or the withdrawal, suspension, or reduction
in scope of accreditation of a third-party certification body. In
addition, we are revising Sec. 1.620(d) to clarify that the recognized
accreditation body must notify any third-party certification body of an
adverse decision associated with its accreditation under the subpart,
including denial of accreditation or the withdrawal, suspension, or
reduction in the scope of its accreditation.
(Comment 35) In paragraph (a)(3) of this proposed section we stated
that a recognized accreditation body must observe ``a statistically
significant number of onsite audits'' conducted by the third-party
certification body seeking accreditation. Some comments request
clarification of what we meant by ``statistically significant,'' so
that accreditation bodies would know what
[[Page 74591]]
would be an adequate number of audits to observe to provide adequate
confidence in the results of an analysis of such observations. The
comments suggest that we should explain the criteria for determining
the number of witness audits to be conducted under proposed Sec. 1.620
and ask whether site-specific issues such as geographic factors should
be considered. Other comments encourage us to abandon the phrase
``statistically significant'' in favor of the language of ISO/IEC
17011:2004 (Ref. 5), which requires an accreditation body to witness
the performance of a representative number of third-party certification
body staff.
(Response 35) We have removed the phrase ``statistically
significant'' in Sec. 1.620(a)(3) and inserted the phrase
``representative sample.'' We explain in Response 28 that comments
presented compelling arguments that a significant body of knowledge and
experience has developed around the meaning of a ``representative''
number of observations under ISO/IEC 17011:2004 (Ref. 5) to achieve an
adequate level of confidence in the results. We have revised Sec.
1.620(a)(3) accordingly. Site-specific issues may be relevant in
determining the representative number of witness assessments to
conduct, for example, where audit agents are located in remote offices
or where food safety audits are managed by remote offices. The
accrediting body, either a recognized accreditation body or FDA in the
case of direct accreditation, will be best positioned to determine
whether geographic issues are relevant for purposes of Sec.
1.620(a)(3).
(Comment 36) Some comments ask us to revise Sec. 1.620(d)(2) to
clarify that the individuals used to hear appeals of adverse decisions
by a recognized accreditation body could be individuals external to the
accreditation body.
(Response 36) We agree with the comments and have revised this
provision to clarify that individuals used to hear appeals may be
external to the accreditation body, as well as a similar provision
applying to appeals by eligible entities of adverse decisions by an
accredited third-party certification body. We have also revised this
provision to use language similar to language that is used in Sec.
16.42(b), which describes the characteristics of a presiding officer
that may be used for FDA regulatory hearings.
(Comment 37) In the preamble to the proposed rule we stated that we
were not proposing to review the decisions of recognized accreditation
bodies nor were we proposing to hear appeals from third-party
certification bodies aggrieved by an accreditation body's decision(s).
We sought comment on these matters. In response, some comments state
their understanding that FDA would retain the authority to challenge a
recognized accreditation body's decisions, because we have authority
over the entire program.
(Response 37) We agree with comments that our oversight extends to
any accreditation body or third-party certification body participating
in the program, including the authority to withdraw accreditation from
a third-party certification body even if the accreditation was granted
by a recognized accreditation body. However, FDA does not intend to
serve as an appellate body for aggrieved third-party certification
bodies, as this would be unworkable and unnecessary. Withdrawing the
accreditation of a third-party certification body to remove it from our
program is quite different than, for example, overturning an
accreditation body's decision to deny accreditation to a third-party
certification body in the first place. Our program is designed to
ensure the competency and independence of accreditation bodies. As part
of this program, FDA will be recognizing accreditation bodies to make
accreditation decisions based on a determination that the accreditation
body is qualified to do so. FDA involvement in accreditation decisions
would defeat the purpose of the program. Additionally, FDA retains the
authority to revoke the recognition of accreditation bodies for good
cause under Sec. 1.634(a)(4) for failure to comply with this rule. For
all of these reasons, FDA declines to codify a process to review
appeals challenging recognized accreditation body decisions under this
program.
(Comment 38) Several comments encourage us to expand on the
requirement to use ``independent'' person(s) to hear an appeal of an
adverse accreditation body decision. Some comments suggest that we
clarify that an independent person is one who was not involved in the
decision that is the subject of the appeal. A few comments suggest we
further require the accreditation body to use person(s) who are
external to the organization.
(Response 38) We agree with the suggestions to clarify Sec.
1.620(d)(2) and are revising it to align with the impartiality
provisions in 21 CFR part 16, which contains the regulations for
regulatory hearings that we will generally apply under Sec. 1.693 to
an appeal of a revocation or withdrawal. Under the part 16 regulations,
the person presiding over the hearing must be free from bias or
prejudice and must not have participated in the action that is the
subject of the hearing or be subordinate to a person who participated
in the action. We believe that the credibility of the third-party
certification program will be enhanced by requiring recognized
accreditation bodies to afford similar protections when considering
appeals by certification bodies under this rule. While we decline the
suggestion to require the use of external parties in deciding appeals,
we note that a recognized accreditation body has flexibility to use an
external party under Sec. 1.620(d)(2).
B. How must a recognized accreditation body monitor the performance of
third-party certification bodies it accredited? (Sec. 1.621)
We proposed to require a recognized accreditation body to conduct
an annual evaluation of each of its accredited certification bodies
that includes a review of the certification body's self-assessments,
its regulatory audit reports, notifications to FDA, and any other
information reasonably available. We requested comment on whether the
information we proposed to require would provide a solid basis for an
evaluation. We asked stakeholders whether we should include a
requirement in Sec. 1.621 for onsite monitoring of accredited
certification bodies and, if so, whether we should require the
accreditation body to observe or visit the certification body's
headquarters.
(Comment 39) We received several comments on the annual assessment
requirements of proposed Sec. 1.621. Some comments agree with the
requirement for an annual assessment. Some comments mention a
Government Accountability Office (GAO) report entitled, ``FDA Can
Better Oversee Food Imports by Assessing and Leveraging Other
Countries' Oversight Resources'' (GAO 12-933) and dated September 2012,
which notes ongoing challenges with ensuring the competency of third
parties to consistently apply standards and argues that annual
assessments would improve certification body reliability and
competency. Some of these comments state they would even support more
frequent certification body evaluations.
In contrast, some comments argue that annual assessments would be
burdensome. Comments variously focus on the burden on accreditation
bodies, certification bodies, and eligible entities. Some comments
disapprove of the cumulative burden of all the assessments (e.g., self-
assessments and monitoring assessments) required
[[Page 74592]]
throughout the rule. Some comments suggest biennial assessments, and
note that such a requirement would be consistent with ISO/IEC
17011:2004 (Ref. 5). Still others argue that when the accreditation
body or certification body is a government entity we should allow for
flexibility around the timing of assessments.
(Response 39) We agree with comments that express the view that
annual assessments of certification bodies will help build confidence
in the third-party certification program. Annual assessments will help
accreditation bodies ensure certification bodies' continued compliance
with the program requirements and quickly identify and address any
deficiencies with a certification body before a situation escalates.
We also acknowledge the concerns about the efforts needed to comply
with the monitoring and self-assessment requirements of the rule.
Section 1.621 is part of a set of proposed monitoring and self-
assessment requirements intended to work together in helping to ensure
that the recognized accreditation bodies and accredited third-party
certification bodies maintain compliance with the rule's requirements.
The certification body self-assessment in Sec. 1.655 is intended to
serve, in part, as information for use in the accreditation body
monitoring in Sec. 1.621, the results of which we intend the
accreditation body to use in its self-assessment under Sec. 1.622. We
do not intend for the assessments to require duplicative efforts, with
each section requiring a discrete set of activities with no opportunity
to use the results of one set of activities when performing another. As
explained in the preamble to the proposed rule, the accreditation body
assessments of certification bodies will not only help ensure that the
certification bodies continue to comply with our requirements, but also
can help the accreditation body identify trends and any deficiencies in
its own performance. The proposed monitoring and self-assessment
activities are an essential part of the program's safety net.
With respect to Sec. 1.621, in particular, we believe this section
will be far less burdensome in practice than some of the comments
anticipate, because of the convergence between the ISO/IEC standards
and this rule. The activities required by Sec. 1.621 are similar in
substance to surveillance activities under ISO/IEC 17011:2004 (Ref. 5),
which includes review of audit reports, results of internal quality
control, and management review records identified in clause 3.18 NOTE,
and thus are likely to be activities many accreditation bodies already
perform. In light of the foregoing, we have concluded that requiring
accreditation bodies to perform annual evaluations of each
certification body they accredit under the program is not unduly
burdensome. We disagree with comments suggesting that monitoring should
be more frequent than once a year, because requiring assessments to be
performed and reported twice each year, for example, would result in a
nearly continuous cycle of assessments and reports. Semiannual
assessments are likely to produce limited data sets that would be less
helpful for evaluation purposes than would larger data sets, such as
compilations of 12 months of data, which allow for tracking and
trending performance over time. Requiring assessments to be performed
more frequently than once a year also risks creating significant
disruption of the operations of accredited third-party certification
bodies and eligible entities and might have the unintended effect of
serving as a disincentive to participation in the program. For these
reasons, we have determined that an annual monitoring requirement is
appropriate to verify the overall effectiveness of the accredited
third-party certification body's operations and performance in
activities relevant to the third-party certification program and the
validity of its certification decisions. Accordingly, we are not
revising the annual certification body monitoring requirements we
proposed in Sec. 1.621.
(Comment 40) We received some comments on proposed Sec. 1.621(b)
specifically, which would require an accreditation body to consider any
other ``reasonably available'' information relevant to a determination
of whether a certification body is in compliance with this rule.
Comments encourage us to set limits around assessments conducted in the
wake of an incident, noting that a problem involving one certification/
type of product should not involve review of all certifications/
products. These comments did not want an incident in one sector (e.g.,
human food) to unnecessarily jeopardize an accreditation in a separate
sector (e.g., animal food). Some comments express concern that proposed
Sec. 1.621(b) would require an accreditation body to review every
certificate issued by a certification body if one of the eligible
entities it certified was placed on FDA import alert.
(Response 40) We decline the suggestions to narrow the scope of
proposed Sec. 1.621(b) or to direct how recognized accreditation
bodies should consider other ``reasonably available'' relevant
information, because it will depend on the facts of a particular
situation. In the wake of incidents, we expect the accreditation body
to take appropriate steps to determine whether the certification body
is in compliance with this subpart. Such steps may include a review of
certifications for product areas other than the subject of the incident
if the accreditation body deems it needed to assess the certification
body's compliance. We reiterate, as we explained in the preamble to the
proposed rule, we do not expect a recognized accreditation body launch
investigations of each certification body it accredited absent cause,
but we do expect the accreditation body to actively monitor public
information about their certification bodies and not ignore public
information about problems that might be associated with a
certification body it accredited.
(Comment 41) In response to our preamble questions about whether to
require observations and certification body headquarters visits in
Sec. 1.621, some comments state that observations are a useful tool
and should be required. Similarly, some comments support a requirement
for visiting the key location of the certification body. Some comments
state that the accreditation body should visit any location of the
accredited third-party certification body where the certification body
manages its staff or agents conducting audits under this program, which
the comments note may not be the certification body's headquarters.
Other comments agree that onsite visits can be a useful tool, but
encourage the use of remote assessments in certain circumstances (e.g.,
after the certification body has successfully completed a set number of
accreditation cycles).
Some comments suggest that we follow the requirements of relevant
ISO/IEC standards in establishing requirements for observations and
site visits under Sec. 1.621. Some comments express concern about the
cumulative burden of the monitoring and self-assessments we proposed to
require of accreditation bodies and certification bodies. A few
comments express concern we might impose duplicative requirements for
observations under Sec. Sec. 1.621 and 1.622(b). Some comments request
guidance on how an eligible entity would be selected as a site for an
observation.
(Response 41) We agree with the comments that state that
observations are useful and should be required as part of accredited
third-party certification body monitoring. Likewise, we agree with the
comments that state
[[Page 74593]]
a recognized accreditation body should visit any location of the
certification body where the certification body manages its staff or
agents conducting audits under this program, if different than the
certification body's headquarters, to get a better understanding of how
different locations operate. While we acknowledge that some
accreditation bodies may be successfully using remote assessments in
certain circumstances (e.g., after the certification body has
successfully completed a set number of accreditation cycles), we
decline the suggestion to allow for remote assessments in this
rulemaking.
In establishing requirements in Sec. 1.621 for observations and
accredited third-party certification body visits, we considered
comments' concerns that such requirements might be duplicative of the
observation requirements in Sec. 1.622(b), might pose practical
difficulties in arranging to observe audits, and might pose
difficulties if a certification body had several ``key'' locations. We
also considered comments' concerns about the cumulative burden of the
monitoring and self-assessment requirements of the rule and the
comments that urge us to align the requirements of Sec. 1.621 with the
relevant international standards.
Accordingly, in the final rule we are combining all of the
paragraphs in proposed Sec. 1.621 into new Sec. 1.621(a), and we are
adding a new paragraph (b) that requires the accreditation body to
perform a representative sample of onsite observations of regulatory
audits conducted by each accredited third-party certification body, as
explained in Response 28, and visit the certification body's
headquarters (or other certification body location if its audit agents
are managed by the certification body at a location other than its
headquarters). The observed audits and site visits must be performed by
no later than 12 months after the certification body's initial
accreditation and again every 2 years thereafter for the duration of
its accreditation, including renewals. The requirements for the
frequency of observed audits and site visits under Sec. 1.621(b) are
similar to the intervals for surveillance onsite assessments in one of
the options under clause 7.11.3 of ISO/IEC 17011:2004 (Ref. 5). We are
also requiring the accreditation body to consider information from
activities conducted under paragraph (b) in the annual performance
report of the accredited third-party certification body.
We also are making a corresponding revision to Sec. 1.622(b) to
clarify that the accreditation body should consider the results of
onsite observations and site visits conducted under Sec. 1.621(b) as
part of its self-assessment under Sec. 1.622.
C. How must a recognized accreditation body monitor its own
performance? (Sec. 1.622)
Proposed Sec. 1.622 would require recognized accreditation bodies
to conduct self-assessments on an annual basis, and as required under
proposed Sec. 1.664(g) (following FDA withdrawal of accreditation of a
certification body it accredited). Under the proposed rule, the
accreditation body's self-assessment would include evaluating the
performance of its officers, employees, or other agents; observing
regulatory audits by a statistically significant number of
certification bodies it accredited under this program, and creating a
written report of results.
(Comment 42) Some comments encourage a broader self-assessment.
They contend that, in addition to requiring that accreditation bodies
assess the consistency of their performance and their compliance with
conflict of interest provisions, we should also require accreditation
bodies to compare their performance against competitors, compare the
certification bodies they accredit to other certification bodies, and
look at industry best practices and benchmarks to set improvement
objectives.
(Response 42) The self-assessments are intended to help the
accreditation body determine whether it is in compliance with the
requirements of this rule. While the report elements suggested by
comments might be useful for an accreditation body to consider, we do
not believe those elements are necessary to a determination of
compliance with the rule. Therefore, we decline to revise the rule in
response to these comments.
(Comment 43) Some comments question whether the requirements for
accreditation body self-assessment would fit the government-to-
government model. Other comments suggest that the different nature of
private operators and public administration warrant different
requirements for each. The comments further contend that the workload
associated with the program would be significant for any government
agency; therefore, the time limits and frequencies of reporting should
be more flexible in the case of government agencies.
(Response 43) FDA uses self-assessment tools in various government-
to-government programs. As one comment notes, we require State
governments to conduct annual self-assessments for their work under the
Manufactured Food Regulatory Program Standards (MFRPS) and the Animal
Feed Regulatory Program Standards. We also require a foreign government
seeking a systems-recognition agreement with FDA to begin the process
by completing the International Comparability Assessment Tool, which is
a self-assessment tool that we developed based on the approach of the
MFRPS self-assessment. Our experience in using self-assessment tools
with foreign and State governments suggests to us that self-assessments
would be feasible and appropriate in the context of this program as
well.
We decline the suggestion to afford more flexibility in deadlines
for government agencies serving as recognized accreditation bodies than
we afford to other recognized accreditation bodies. Section 808 of the
FD&C Act makes no distinction between public and private accreditation
bodies, and the proposed rule would place the same workload burden on
private accreditation bodies as it would on public accreditation
bodies. The comments fail to explain why the differences in nature of
public and private accreditation bodies justify flexible deadlines for
governmental accreditation bodies but not private accreditation bodies.
(Comment 44) Some comments suggest that accreditation body self-
assessments under proposed Sec. 1.622 should be done in concert with
its monitoring of certification bodies under proposed Sec. 1.621,
because it would be more efficient and would reduce the burden on
eligible entities that were observed during regulatory audits. Other
comments question the need for accreditation body self-assessments to
include requirements for observations, because they read our preamble
discussion of proposed Sec. 1.621 as a signal that we would be
requiring accreditation bodies to conduct annual onsite observations of
each certification body under that provision.
(Response 44) We agree that self-assessments under Sec. 1.622 can
be done in concert with monitoring under Sec. 1.621. As described in
Response 39, we do not intend the self-assessment and monitoring
requirements of the rule to be duplicative. Having added requirements
for observations and certification body site visits to certification
body monitoring requirements in the final rule, we are revising Sec.
1.622(b) to clarify that accreditation bodies may consider the results
of any observations or visits conducted under Sec. 1.621(b) in its
self-assessments.
[[Page 74594]]
(Comment 45) Comments also suggest that international standards
could provide guidance on improving the efficiency and effectiveness of
an accreditation body's self-assessment. Some comments specifically
suggest that FDA could rely on the internal audits and management
reviews that are required under ISO/IEC 17011:2004 (Ref. 5) instead of
requiring its own self-assessments.
(Response 45) We agree that documentation of internal audits and
management reviews required under ISO/IEC 17011:2004 (Ref. 5) could be
useful to help demonstrate compliance with the requirement for self-
assessments under this program. We have revised Sec. 1.622(d) and made
a conforming change to Sec. 1.623(b) to specifically allow a
recognized accreditation body to use reports of internal audits and
management reviews prepared for conformance with ISO/IEC 17011:2004
(Ref. 5), supplemented as necessary, to demonstrate compliance with the
accreditation body self-assessment requirements of Sec. 1.622.
D. What reports and notifications must a recognized accreditation body
submit to FDA? (Sec. 1.623)
Proposed Sec. 1.623 would require recognized accreditation bodies
to submit to FDA reports of its self-assessments and annual re-
assessments of certification bodies within 45 days of completing the
assessment. The proposed rule also would require notification to FDA of
matters affecting recognition and accreditation status; notice of
denials of accreditation and any significant change that would affect
how the accreditation body complies with this rule would be required
within 30 days, while immediate notification would be required for
other matters (e.g., grant or withdrawing accreditation). Under the
proposed rule the reports and notifications would have to be submitted
electronically and in English.
On our own initiative, we are revising Sec. 1.623(c)(1)(i) and
(d)(1)(i) to require the recognized accreditation body to provide FDA
the email address of any third-party certification body that was
granted or denied accreditation (respectively) under our program.
Having the email address will facilitate FDA's communications with such
third-party certification bodies. We also are revising Sec.
1.623(c)(1)(iv) on our own initiative to specify that a recognized
accreditation body must also notify FDA of the expiration date of
accreditation upon granting accreditation to a third-party
certification body under this subpart.
(Comment 46) Some comments ask whether FDA intends to provide
feedback in response to self-assessment reports.
(Response 46) While FDA will not be providing formal responses to
the self-assessment reports, we will use the information in the reports
in our oversight of the third-party certification program and will
address any specific items of concern we identify in an accreditation
body-self-assessment report directly with the accreditation body.
(Comment 47) We received several comments related to our proposal
to require all reports and notifications to be submitted in English.
Some comments agree that both the notifications and the reports should
be submitted in English. Some comments agree that notifications should
be in English, but suggested that reports of self-assessments and re-
assessments of certification bodies could remain in their native
language, and if FDA had any questions about such reports the
accreditation body could furnish English translations.
Some comments note the difficulty and others the expense for
recognized accreditation bodies in countries that do not officially or
routinely conduct business in English. Some comments request a longer
period of time (e.g., up to 4 months) to submit documents that must be
translated into English. Other comments note that if we require
documents to be in English, and the translations are not done well, the
documents may be difficult to understand.
Some comments propose alternative solutions, including comments
that suggest that FDA explore technical translation and recognition
software, which in combination with standardized report/notification
templates, might facilitate submission in languages other than English.
Other comments suggest that if reports and notifications are submitted
in languages other than English, the recognized accreditation body
should be responsible for all translation costs.
Some comments ask whether supporting documents that accompany
reports also would have to be in English. Other comments inquire
whether there is any flexibility in the language requirement for
governmental accreditation bodies that do not maintain their records in
English.
(Response 47) We decline the suggestion to remove the requirement
to submit reports and notifications in English. While allowing
submissions in multiple languages might be helpful to some interested
parties, the accreditation body reports and notifications required by
Sec. 1.623 are essential to our oversight and management of the third-
party certification program and the programs that rely on
certifications issued by accredited third-party certification bodies,
and thus, must be in English in order for FDA to properly review and
evaluate. Some comments ask to have up to 4 months to prepare an
English translation of a submission under proposed Sec. 1.623. Such
delays would be unworkable. For example, we cannot afford delays in
translating an accreditation body's notification of withdrawal of
accreditation, or an accreditation body's notification that a
certification body has issued a food or facility certification without
meeting the requirements of this rule. We are requiring immediate
notification of these and other matters under Sec. 1.623(c) because of
the implications for the program and possibly for our acceptance of
certifications issued by the certification body. Unless the
notification is submitted in English, our actions will be delayed until
the information is translated. Although the annual certification body
monitoring reports and the accreditation body self-assessments reports
are not required to be submitted until 45 days after completion under
Sec. 1.623(a) and (b)(i) (and 60 days following certification body
withdrawal for self-assessment reports submitted under Sec.
1.623(b)(ii)), we will use these reports to identify areas where FDA
may need to promptly engage with an accreditation body or a
certification body to address apparent misunderstandings or confusion
about our program requirements. We plan to use these reports to
identify emerging issues that need intervention. Therefore any
additional time allotted for translation purposes would delay and
possibly hinder our ability to use these reports for program evaluation
and management.
(Comment) 48) Some comments address the proposed timeframes for
submitting reports and notifications, and suggest that instead of
requiring reports within 45 days of completing the assessment/re-
assessment, we should require submission every 6 months or annually.
(Response 48) We disagree with comments suggesting that we modify
the timeframe for submission of reports of annual self-assessments and
annual certification body monitoring reports from 45 days after
completion to every 6 months or every year. We are concerned that the
information could be outdated and our ability to use the
[[Page 74595]]
reports for early intervention would be significantly diminished.
(Comment 49) Some comments contend that the volume of reports and
notifications we proposed to require would be burdensome to FDA to
review and maintain. They suggest that instead we require recognized
accreditation bodies and their certification bodies to maintain reports
of self-assessment/re-assessment, and provide prompt access to FDA upon
request.
(Response 49) We disagree. We are establishing an electronic portal
for submission of applications, reports, notifications, and other
information under this rule and an electronic repository of this
information, which will allow us to access and use the information as
needed. Therefore, we decline to revise Sec. 1.623 is response to
these comments.
(Comment 50) Some comments ask if all reports and notifications
submitted to FDA will be subject to the Freedom of information Act
(FOIA) or if these submissions will be considered confidential
information with reasonable protections from disclosure. Other comments
suggest the importance of striking the appropriate balance between
disclosure and confidentiality and note the following statements in
ISO/IEC 17021:2011 (Ref. 6), clause 4.1.3 and NOTE: ``Principles for
inspiring confidence include: Impartiality, competence, responsibility,
openness, confidentiality, and responsiveness to complaints . . . An
appropriate balance between the principles of openness and
confidentiality, including responsiveness to complaints, is necessary
in order to demonstrate integrity and credibility to all users of
certification.''
(Response 51) We agree with comments suggesting the importance of
striking the appropriate balance between providing transparency to the
public and maintaining the confidentiality of any trade secrets and
confidential commercial information included in the applications,
reports, notifications, and other information submitted to FDA. We are
guided in this effort by FOIA as well as laws that protect trade
secrets and confidential commercial information from disclosure. In
response to comments, we are adding new Sec. 1.695 on public
disclosure, which is discussed in section XIII.F.
(Comment 51) Some comments urge us to eliminate or reduce the
proposed reporting requirements in proposed Sec. 1.623(a) and (b), for
various reasons. Some of these comments suggest that we should only
require regular submission of a report or other document that shows the
third-party certification bodies are maintaining their accreditation.
Other comments recommend that when a certification body is first
accredited, it should submit translated accreditation documents within
3 to 4 months of the accreditation body's decision. Then, as long as
the accreditation is unchanged, it should not be necessary for the
accreditation body to submit its--assessment reports under Sec.
1.623(a).
Some comments suggest it should not be necessary for accreditation
bodies to submit their self-assessment reports under Sec. 1.623(b) if
there is no significant change in their recognition. Other comments
assert that signatories to IAF MLAs should not have to submit self-
assessment reports to FDA, because IAF monitors accreditation bodies
for continued compliance with ISO/IEC 17011:2004 (Ref. 5).
(Response 51) We disagree. As described in Response 47, the reports
of annual certification body monitoring and accreditation body self-
assessments are essential to our oversight and management of the third-
party certification program and the programs that rely on
certifications issued by accredited third-party certification bodies.
We are not requiring accredited third-party certification bodies to
submit their self-assessments to FDA (except for directly accredited
third-party certification bodies); therefore, the reports that we
receive of the recognized accreditation bodies' assessments of
accredited third-party certification bodies are a fundamental piece of
the monitoring system we are establishing, as are the self-assessment
reports submitted by accreditation bodies we have recognized. Reducing
or eliminating either of these reporting requirements would hinder our
ability to properly oversee the program.
(Comment 52) We received some requests for clarification regarding
required content of the accreditation self-assessment reports and
reports of certification body annual monitoring. Some comments request
that FDA either suggest a format for the reports, provide an
opportunity for accreditation bodies to propose a format, or at least
indicate the minimum required elements.
(Response 52) We believe we provided minimum requirements on the
content of these reports in this rule and plan to provide additional
information on the format and submission of these reports on our Web
site.
(Comment 53) Comments suggest that to be consistent with ISO/IEC
17011:2004 (Ref. 5), a recognized accreditation body only would need to
notify FDA of the approval, suspension, or withdrawal of accreditation
of a third-party certification body, as well as any changes in its
scope of the accreditation scope or reduction of authorization. The
comments assert that the notification should not need to include such
details as the address and name of third-party certification body
employees under Sec. 1.624(c)(1).
(Response 53) We agree that submission of the information described
in the comment and required by clause 8 of ISO/IEC 17011:2004 (Ref. 5)
is necessary for our program management and oversight. For example, it
will help us verify the identity of any certification body before
taking an action to affect its status in the program based on a
notification submitted under Sec. 1.623. However, the notifications
required under Sec. 1.623(c)(3) and (d) are also necessary for our
program management and oversight. Under Sec. 1.623(c)(3), a recognized
accreditation body would have to notify FDA if one of its accredited
third-party certification bodies issued a food or facility
certification without complying with the requirements of this rule.
This notification will allow FDA to refuse to accept those improperly
issued certifications and to coordinate with the accreditation body in
determining appropriate next steps. Having information on a denial of
accreditation under Sec. 1.623(d) will allow FDA to monitor
accreditation activities across the program, including any repeat
denials of a third-party certification body.
With respect to providing the names of the audit agents of the
accredited third-party certification body, we note that section
808(b)(1)(B) of the FD&C Act requires a recognized accreditation body
to submit to FDA a list of all third-party certification bodies it
accredited under the program and the audit agents of such accredited
certification bodies. The list of audit agents we proposed to require a
recognized accreditation body to submit under Sec. 1.623(c)(1)(iii) is
necessary for verification of compliance with the conflict of interest
requirements by audit agents under section 808(c)(5)(A)(iii) and (B) of
the FD&C Act and by proposed Sec. 1.657, among other things. With
respect to the proposed requirement to provide the address and name of
one or more of the officers of the accredited third-party certification
body, this information will be helpful in communicating with the
accredited third-party certification body.
For the foregoing reasons, we decline the suggestion to eliminate
the requirements for the recognized
[[Page 74596]]
accreditation body to provide FDA the name of one or more officers of
the accredited third-party certification body under Sec.
1.623(c)(1)(ii) and a list of audit agents of the accredited third-
party certification body under Sec. 1.623(c)(1)(iii).
E. How must a recognized accreditation body protect against conflicts
of interest? (Sec. 1.624)
Proposed Sec. 1.624 would require a recognized accreditation body
to take certain steps to safeguard against conflicts of interest,
including the requirement to implement a written conflict of interest
program. The accreditation body would be prohibited from owning, having
a financial interest in, or managing/controlling a certification body.
Under the proposed rule, accreditation body employees would be unable
to accept money, gifts or other items of value from the certification
body, though we did exempt meals of de minimis value onsite where the
assessment occurs. We also proposed to require that a recognized
accreditation body maintain on its Web site a list of certification
bodies it accredited under this program, the duration and scope of
accreditation, and the date on which the certification bodies paid
their fee or reimbursement associated accreditation. We sought comment
on alternative approaches for public disclosure of payments.
On our own initiative, we are adding new provision Sec. 1.624(b)
to clarify when a recognized accreditation body can accept the payment
of fees for its services so that the payment is not considered a
conflict of interest for purposes of Sec. 1.624(a).
(Comment 54) Some comments agree that a recognized accreditation
body should be required to have a written program to protect against
conflict of interest. Comments suggest that the written plans should
include assurances of independence and safeguards to address any
possibility of conflicts. Some comments state FDA should require
accreditation bodies to make their conflict of interest policies
public.
(Response 54) We agree with comments about the importance of a
recognized accreditation body having a written program to safeguard
against conflicts of interest that meets the requirements of this rule.
While a recognized accreditation body may choose to make its conflicts
of interest program publicly available, we are not imposing that as a
program requirement because we do not believe it is necessary to ensure
that accreditation bodies safeguard against conflicts of interest.
(Comment 55) We received several comments related to allowing
certification bodies to provide onsite meals of de minimis value to
accreditation body representatives conducting an audit. Several
comments agree with the general concept of allowing meals of de minimis
value. Some supporting comments state that allowing such meals would
expedite the assessment, and could be necessary if the certification
body is distant from meal service providers. With respect to the
question of what constitutes ``de minimis'' value for these purposes,
some comments endorse the idea of defining de minimis value in
accordance with U.S. Government employee limits on accepting gifts or
gratuities. Others simply encourage us to define it in some way that
ensures consistency and clarity. Some comments state that we should not
set a fixed amount for the de minimis value, because costs vary in
different locations.
Some comments disagree with the proposal to allow meals of de
minimis value, and contend that the financial relationship between the
accreditation body and the certification body should be strictly
limited to the fee paid for the accreditation audit/services.
(Response 55) We agree with the comments that suggest that allowing
the certification body to provide meals of a de minimis value during an
assessment and at the site where the assessment is being conducted
might help facilitate the assessment, particularly for remote sites. We
also agree with comments that state we should not set a fixed amount
for the de minimis value because costs vary in different locations.
We disagree with comments suggesting that by providing meals of a
de minimis value, a certification body might influence the outcome of
an accreditation body assessment, particularly if the only allowable
meals are ones of minimal value that are provided during the course of
an activity and with the purpose of facilitating timeliness and
efficiency. FDA follows a similar approach for investigators conducting
foreign inspections--that is, FDA investigators performing foreign
inspections are allowed to accept lunches (of little cost) provided by
the firm during the course of a foreign inspection. We also note that
the U.S. government allows its employees to accept meals, within per
diem limits, when on official business in a foreign country, as an
exception to the prohibition on the acceptance of gifts or gratuities
from outside sources (5 CFR 2635.204(i)(1)), though we believe the
FDA's practices for foreign inspections serve as a better model because
foreign inspections are more analogous to foreign assessments than are
the range of activities that covered by the general requirements
applicable to all U.S. government employees on official business in
foreign countries. Accordingly, in light of the comments received and
analogous FDA guidelines, we have concluded that it is reasonable and
appropriate to limit the meal exception in Sec. 1.624(a)(3)(ii) to
only lunches of de minimis value provided during the course of an
assessment, on site at the premises where the assessment is being
conducted, and only if necessary to facilitate the efficient conduct of
the assessment. We believe these revisions help to address concerns
regarding the threats to impartiality, while accommodating the
practical considerations that apply to foreign assessments.
We offer the following additional input to recognized accreditation
bodies seeking guidance on the application of Sec. 1.624(a)(3)(ii). In
considering whether a meal is allowable under this provision, we
recommend that the assessor first consider whether accepting the lunch
is necessary to facilitate the efficient conduct of the assessment. We
recommend the assessor consider: (1) Whether the circumstances
surrounding the travel would allow the assessor to pack a lunch to
bring on site; (2) Whether the meal is being provided during the midday
or early afternoon. A lunch provided in the midst of an assessment is
different than a lunch or other meal provided at the completion of the
audit; (3) Whether the site of the assessment is in close proximity to
a retail food establishment, or is at a remote location far from a
retail food establishment; (4) What is the estimated value (or cost) of
the lunch in light of the costs associated with the area where the
assessment is being conducted; and (5) other similar considerations.
For assessors seeking additional guidance on determining what
constitutes a ``de minimis'' amount for purposes of complying with
Sec. 1.624(a)(3)(ii), we offer the following guidance that is based on
the requirements applicable to U.S. government employees who accept
certain meals while on official travel in foreign countries. Such
employees must deduct from the per diem the value of that meal,
calculated using a two-step process.
First, the individual must determine the per diem applicable to the
foreign area where the lunch was provided, as specified in the U.S.
Department of State's Maximum Per Diem Allowances for Foreign Areas,
Per Diem Supplement
[[Page 74597]]
Section 925 to the Standardized Regulations (GC,FA) available from the
Superintendent of Documents, U.S. Government Printing Office,
Washington, DC 20402, and available on the Department of State Web site
at https://aoprals.state.gov/Web920/per_diem.asp. (Foreign per diem
rates are established monthly by the Department of State's Office of
Allowances as maximum U.S. dollar rates for reimbursement of U.S.
Government civilians traveling on official business in foreign areas.)
Second, the individual must determine the appropriate allocation
for the meal within the daily per diem rate which is broken down into
Lodging and M&IE (Meals & Incidental Expenses) that are reported
separately in Appendix B of the Federal Travel Regulation and available
on the Department of State's Web site at https://aoprals.state.gov/content.asp?content_id=114&menu_id=78.
(Comment 56) Our proposal to require accreditation bodies to
maintain a Web site listing of certification bodies, and information
about each, drew several comments. Most comments agree with the Web
site listing in principle. Some comments encourage us to require
additional information in the Web site listing, such as requiring
accreditation bodies to include in their Web site listing those
certification bodies whose accreditations have been suspended or
revoked. Some comments advise that the ``scope'' information required
on the Web site should be specific (e.g., whether the accreditation is
for human food, animal food, or for specific rules).
Additionally, many comments address the proposed requirement to
include fee information in the Web site listing. Some comments suggest
that we require recognized accreditation bodies to specify what is
included in the fee payment and what costs are reimbursable. We also
received comments arguing that requiring payment schedules to be posted
online is not sufficient to ensure that potential conflicts of interest
will be identified; they suggested we require accreditation bodies to
submit payment schedule information directly to FDA.
Some comments disagree with the proposed requirement to require the
Web site posting of payment schedules contending, among other things,
that such information is proprietary. Some suggest that, instead, FDA
should require accreditation bodies to keep records of payments which
would be available to FDA if we have reason to examine them. Others
suggest it would be sufficient for the financial payment information to
be maintained such that FDA could review it during the recognition/
renewal process. Still other comments seek clarification as to whether
we would be requiring, in addition to the date of payment, the dollar
value of payment. These comments are not in favor of such a
requirement; they state such payment details constitute sensitive
information and argue that FDA should instead require the amount of
payment to be in the records required under Sec. 1.625.
(Response 56) We agree with comments that state that an
accreditation body's Web site posting under Sec. 1.624(c), finalized
as Sec. 1.624(d), must include specific information about the scope(s)
of accreditation, for example by relevant part of 21 CFR or by a
designation, such as ``part 123'' or ``Seafood HACCP'' (Hazard Analysis
Critical Control Point). We also are revising final Sec. 1.624(d) to
state that an accreditation body's Web site must identify a
certification body whose accreditation was suspended, withdrawn, or
reduced in scope, because we believe that this information would be
important to eligible entities seeking information on accredited
certification bodies. The suspension or withdrawal information must be
maintained on the Web site for 4 years (the maximum duration of an
accreditation under the rule) or until the suspension is lifted or the
certification body is reaccredited by that accreditation body,
whichever occurs first.
In the interest of transparency, we are maintaining the requirement
for accreditation bodies to post information on the timing of fee
payments and direct reimbursements by certification bodies. This
posting requirement is similar to the posting requirements that apply
to certification bodies under Sec. 1.657(d) and will help build
confidence in the impartiality of accreditation body accreditation
decisions. We are not requiring posting of the amount of fees or
reimbursement paid, because we do not think it is necessary to help
build confidence in the impartiality of accreditation body
accreditation decisions. We agree with the suggestion to specifically
require fee payment records to be maintained and are revising Sec.
1.625 accordingly.
(Comment 57) Some comments contend that Sec. 1.624 is seriously
flawed because it is inconsistent with ``the latest science on the
issue'' and a 2009 Institute of Medicine (IOM) Report, ``Conflicts of
Interest in Medical Research, Education, and Practice.'' They encourage
FDA to evaluate the most recent scientific research on conflicts of
interest and consult with leading academicians involved in such work.
They contend that the fact of payment by the certification body to the
accreditation body creates a conflict of interest that cannot be
avoided so we should aim our regulation to minimize it. They recommend
that we prohibit any financial relationship between the accreditation
body and a certification body it audits for at least 1 year before
accreditation was sought and 1 year after the last accreditation
expires or was denied.
(Response 57) While we agree with the comments' suggestion to
remain vigilant in ensuring that our conflict of interest protections
represent current best practices, we disagree with the assertion that
Sec. 1.624 is seriously flawed and have concluded that the suggested
revision would be infeasible and impractical. Third-party certification
bodies currently accredited for food safety auditing by accreditation
bodies that become recognized by FDA would have to apply to another
recognized accreditation body to join our program if the comments'
suggestion were adopted. This would create a disincentive to
participation by experienced third-party certification bodies and would
pose difficulties when the availability of recognized accreditation
bodies is limited.
In response to comments citing the 2009 IOM report on financial
conflicts of interest between medical researchers and medical products
companies, we note that it identified some conflict of interest issues
that also are relevant to our third-party certification program, such
as the need to disclose payments from industry and to place limits on
meals and gifts. However, the differences between the context of
medical research and practice and the context of our third-party
certification program pose difficulties in identifying practical
implications of the analysis for our purposes--i.e., the analysis of
data suggesting that the acceptance of meals and gifts and other
relationships may influence physicians to prescribe a company's
medicines. Nor are the IOM recommendations readily adaptable to
conflicts of interest in the third-party certification program. The
``best practices'' we employ must be suitable for the third-party
certification program and may differ from the state of the art best
practices for conflict of interests in medical research. For example,
the recommendations to place limits on the use of drug samples for
patients who lack financial access to medications and to prohibit the
claiming of authorship for ghost-written publications are not
applicable to this program. For the foregoing reasons, we decline the
[[Page 74598]]
suggestion to prohibit any financial relationship, such as the payment
of fees, between a recognized accreditation body and a certification
body for at least 1 year before seeking accreditation and 1 year after
the last accreditation expires or is denied.
(Comment 58) Some comments reject the notion that there could be
effective protections against conflict of interest. Such comments
consider third-party food safety audits to possess inherent
shortcomings and believe that FDA itself should conduct any food safety
inspections required by FSMA.
(Response 58) We disagree with the notion that it is not possible
to effectively protect against conflicts of interest. Currently,
accreditation bodies and certification bodies operate under a number of
private schemes successfully, with reasonably effective protections
against conflicts of interest. We note that the primary regulatory
functions of the third-party certification program are to facilitate
participation in VQIP and to provide certifications for the purposes of
section 801(q) of the FD&C Act. At this time, we do not intend for
private third-parties to conduct food safety inspections required by
FSMA.
F. What records requirements must an accreditation body that has been
recognized meet? (Sec. 1.625)
Proposed Sec. 1.625 identifies specific types of documents a
recognized accreditation body would be required to establish, control,
and maintain to document compliance with applicable requirements
(including applications for accreditation and for renewal; regulatory
audit reports and supporting information from its accredited auditors/
certification bodies; reports and notifications required under proposed
Sec. 1.623, along with any supporting information). The recognized
accreditation body would be required to provide FDA access to such
records. The rule also proposed to require records to be maintained
electronically and in English for 5 years.
In the proposed rule we acknowledged that the contracts between
accreditation bodies and certification bodies frequently include
confidentiality provisions that might otherwise prevent disclosure of
certain records to FDA without prior approval of the certification
body. We noted that any such contract provisions would need to be
changed to allow the accreditation body to furnish FDA with the records
identified in this section.
On our own initiative, we are including fee payment records as
another type of record that an accreditation body that has been
recognized must maintain under Sec. 1.625(a)(8).
(Comment 59) Several comments disagree with the proposed
requirement for records to be maintained in English. Some comments,
while noting their support for submission of reports and notifications
in English under proposed Sec. 1.623, disagree with our proposal to
require that records maintained by the accreditation body be kept in
English as well. Some comments, noting the cost of translating all
records, request that we allow records to be maintained in the language
of the country. They propose we could require the accreditation body to
provide the records in English upon our request within a reasonable
time; some suggest a reasonable time might be a week, depending on the
volume of records requested. Other comments argue that the food
industry is global and in recognition of that fact FDA should accept
records in other languages. Some comments suggest that we allow three
or four additional widely-used languages.
(Response 59) We agree with the recommendation to allow records
held by the accreditation body to be maintained in a language other
than English, coupled with a requirement that, upon FDA request, the
accreditation body must provide an English translation of the records
within a reasonable time.
The records required by Sec. 1.625 are necessary to document the
accreditation body's accreditation activities, and we expect to request
access to the accreditation body's records as necessary to verify the
accreditation body's continuing compliance with the requirements of
this rule, such as when we are considering whether to renew its
recognition. The accreditation body records also will be useful in
helping to verify the compliance of certification bodies it accredited
under the program. However, the records required by Sec. 1.625 are
generally distinguishable from the reports and notifications that must
be directly submitted to us under Sec. 1.623, which we are requiring
to be submitted to FDA in English because the reports and notifications
submitted directly to us are time sensitive in nature and essential to
our management and oversight of the third-party certification program.
For example, under Sec. 1.623(c) we are requiring immediate
notification, in English, of an accreditation body's withdrawal of
accreditation from a certification body. We cannot afford delays in
translating this information, because of its implications for the
program and possibly for our acceptance of certifications issued by the
certification body. Unless the notification is submitted in English,
our actions will be delayed until the information is translated.
By contrast, the records required under Sec. 1.625 typically
contain information that is less time sensitive; therefore, reasonable
delays for translation purposes will not compromise our ability to
manage or oversee the program. Accordingly, we are revising Sec. 1.625
to allow other accreditation body records to be maintained and
submitted to FDA in languages other than English, provided that an
English language translation of such records is provided within a
reasonable time thereafter. The circumstances surrounding each request
will differ; therefore, we decline to set a specific (numerical)
deadline for submission of the translation.
(Comment 60) We received several comments expressing
confidentiality concerns. Some comments note that documents that are
part of an audit process may contain critical business information that
warrants some level of proprietary protection.
(Response 60) We acknowledge comments' concerns and note that we
are including Sec. 1.695 on public disclosure in section XIII.F. The
new section explains that records obtained by FDA under this subpart
are subject to the disclosure requirements under 21 CFR part 20.
(Comment 61) With regard to the proposed requirement that records
must be maintained electronically, some comments discourage us from
requiring compliance with 21 CFR part 11, which are regulations setting
certain electronic records criteria. Comments contend that imposing
part 11 requirements would be disproportionate to the need under this
rule without an appreciable improvement in food safety and would create
a tremendous and costly burden. They encourage FDA to explicitly
exclude records under this rule from part 11. Comments propose that
instead of imposing part 11 requirements, we require documentation of
the chain of custody by requiring records to be signed and dated when
created or modified.
(Response 61) We acknowledge comments' concerns and note that we
are establishing Sec. 1.694 on electronic records in section XIII.E.
This new section will generally exempt records that are established or
maintained to satisfy the requirements of this subpart from the
requirements of part 11.
(Comment 61) Some comments express concern that our proposed record
keeping requirement was too broad; and others express concern about
[[Page 74599]]
how we might use our authority to request records. Some comments
request clarification of our proposed requirement that accreditation
bodies' records include any supporting information for the reports and
notifications required under Sec. 1.623. Other comments suggest that
our records requests should be narrower when the recognized
accreditation body is a foreign government than a records request to a
recognized, nonprofit accreditation body. Still other comments
encourage us to clarify the circumstances under which FDA staff could
request records and to include a method for an accreditation body to
object to an FDA records request.
(Response 62) The records we are requiring an accreditation body to
maintain under Sec. 1.625 are necessary to document the accreditation
body's accreditation activities and its compliance with the
requirements of this rule. We expect to request access to the
accreditation body's records in verifying an accreditation body's
continuing compliance with the requirements of this rule. While the
details of each records request will vary depending on its
circumstances, we will tailor our records requests under Sec. 1.625 as
narrowly as possible to reach program-related records and exclude
records that are irrelevant or insignificant to this program. For
example, the information an accreditation body reports under Sec.
1.623 may prompt us to request the underlying record to supplement the
report as needed. Or, when an accreditation body is requesting renewal
of its recognition, we may request records to supplement information
provided in the application.
Therefore, we believe it is unnecessary to develop administrative
procedures for accreditation body challenges to FDA records requests.
We recommend accreditation bodies to fully consider the program
requirements before deciding to pursue recognition under the voluntary
third-party certification program.
(Comment 63) We proposed that if FDA requests records
electronically, the recognized accreditation body provide the requested
records within 10 days. Some comments contend that 10 days is
insufficient time, and instead request a period of 3 months.
(Response 63) We believe that 10 days is ample time for
accreditation bodies to electronically submit any requested records
they are already required to maintain under this subpart. We note that
we are revising the final rule to allow accreditation bodies to
maintain and submit records in languages other than English, provided
that they electronically submit an English translation within a
reasonable time thereafter. By allowing records to be submitted in a
language other than English, accreditation bodies should be able to
provide requested records electronically within 10 days.
VII. Comments on Procedures for Recognition of Accreditation Bodies
Under This Subpart
A. How do I apply to FDA for recognition or renewal of recognition?
(Sec. 1.630)
We proposed to establish procedures for accreditation bodies to
follow when applying to FDA for recognition or for renewal of
recognition. We proposed that the accreditation body must submit a
signed application, accompanied by any supporting documents,
electronically and in English, demonstrating that it meets the
eligibility requirements in proposed Sec. 1.610. We also proposed to
require an applicant to provide any translation or interpretation
services we need to process the application.
(Comment 64) Some comments assert that the proposed rule does not
differentiate adequately between foreign governments and private
entities that are serving as accreditation bodies and suggest that we
provide a separate path for recognition of foreign government
accreditation bodies that prioritizes their applications over those
submitted by private accreditation bodies. The comments recommend that
we draft additional rules to specifically cover recognition of foreign
government accreditation bodies and/or direct accreditation of foreign
government certification bodies.
(Response 64) We disagree with the recommendation to create a
bifurcated system for recognition, because the line between
governmental and private accreditation bodies is not always clear.
Private accreditation bodies comprise approximately one third of the 72
accreditation bodies that accredit food safety certification bodies
around the world, according to a report prepared by the Research
Triangle Institute (RTI) (Ref. 16). In the report, RTI found that the
distribution of accreditation bodies by private versus government
agency is as follows: 24 private accreditation bodies, 38 governmental
accreditation bodies, and 10 accreditation bodies with unknown private
or government agency status. RTI found that the vast majority of the
private accreditation bodies were non-profit entities. Many of the
private accreditation bodies identified by RTI operate under government
sanction or in quasi-governmental roles. For example, the American
National Standards Institute (ANSI) is a private, non-profit
accreditation body that serves as the official U.S. representative to
ISO (Ref. 17); the United Kingdom Accreditation Services is appointed
as the national accreditation body for the United Kingdom, though it is
independent of the government (Ref. 18); and the Danish Accreditation
and Metrology Fund is a self-described ``business fund'' that is
appointed by the Danish Safety Technology Authority as the national
accreditation body for Denmark (Ref. 19). Additionally, we note that
section 808 of the FD&C Act makes no distinction in the requirements or
process for recognizing public or private accreditation bodies.
Furthermore, we do not believe it practical to engage in additional
rulemaking for foreign government accreditation bodies and
certification applications, as the comments suggest.
(Comment 65) Some comments ask us to accept applications in other
languages common to the major production areas exporting product to the
United States. These comments assert that due to the global nature of
produce supply chains allowing applications in other languages would
encourage supply chain participation in third-party auditing programs
as a tool to improve food safety. These comments suggest that we could
develop a phased process where we only accept English applications
initially, but increase flexibility to accept applications/renewal
documents in other languages as the program builds up.
(Response 65) We acknowledge that accepting applications for
recognition in languages other than English might be beneficial to some
interested parties. However, requiring applications for recognition to
be submitted in English will help us make well-informed and timely
decisions. Further, FDA does not have the resources to translate or
review documentation in other languages and generally requires
documents submitted in other languages to be translated to English.
Therefore, we decline the suggestion to develop long-term plans for
accepting applications for recognition in languages other than English.
(Comment 66) Some comments ask what costs are associated with
getting recognized as an accreditation body.
(Response 66) Pursuant to section 808(c)(8) of the FD&C Act, we
issued proposed regulations to establish a reimbursement (user fee)
program to assess fees and require reimbursement for the work performed
to establish and administer the third-party certification
[[Page 74600]]
program. The proposed rule provides details on how user fees would be
computed (80 FR 43987, July 24, 2015).
B. How will FDA review my application for recognition or for renewal of
recognition and what happens once FDA decides on my application? (Sec.
1.631)
We proposed to establish procedures for reviewing and deciding on
applications for recognition and for renewal of recognition. We
proposed to order the application queue on a first in, first out basis
and to only place complete applications in the queue.
On our own initiative, we are revising paragraph (a) to clarify
that FDA will review submitted applications for completeness and will
notify applicants of any identified deficiencies. We also are revising
paragraph (b) to clarify that FDA's evaluation of any completed
recognition or renewal application may include an onsite assessment of
the accreditation body. In addition, we are redesignating proposed
paragraph (e) as part of paragraph (b) for clarity.
On our own initiative we are adding new paragraphs (e) through (h)
to Sec. 1.631 to explain what happens when an accreditation body's
renewal application is denied. We are adding provisions to clarify what
the applicant must do, the manner in which FDA will notify accredited
third-party certification bodies and the public of the denial, the
effect of denial of an application for renewal of recognition on
accredited third-party certification bodies, and the effect of denial
of an application for renewal of recognition on food or facility
certifications issued to eligible entities.
(Comment 67) Some comments ask us to clarify how we will recognize
an accreditation body. Some comments ask that we clearly and
comprehensively lay out the conditions and requirements governing the
application for recognition, to ensure transparency, certainty, and
predictability of the procedures and criteria governing recognition.
Some comments specifically recommend that we use the IAF/ILAC/
International Laboratory Accreditation Cooperation (ILAC) (A-series)
documents as the foundation upon which to base our process for
recognition of accreditation bodies.
(Response 67) This rule establishes the framework for the third-
party certification program and generally describes procedures involved
in the submission and processing of applications for recognition and
will be supplemented by additional instructions. For example, we are
developing an electronic portal that accreditation bodies will use in
submitting their applications for recognition, and we will be issuing
directions for using the portal. We also are developing internal
operational procedures for recognition of accreditation bodies and will
consult the IAF/ILAC (A-series) documents in considering the types of
materials that may be useful to accreditation bodies and other
stakeholders interested in learning more about our program.
(Comment 68) Some comments express concern that we are limiting
ourselves to a ``first in, first out'' review process that gives us no
discretion to recognize foreign governments before we consider other
applications from private accreditation bodies that apply. These
comments recommend that we use guidance to industry or internal
management documents, rather than this rule, to describe how we will
establish the queue of applications for review.
(Response 68) For the reasons described in Response 64, we decline
the suggestion to prioritize applications submitted by government
accreditation bodies over applications submitted by private
accreditation bodies. However, we are modifying the first in, first out
approach to application review in proposed Sec. 1.631(a) to allow FDA
to prioritize an application for review based on program needs. We will
consider the suggestion to use an internal management document to
establish our procedures for reviewing applications for recognition as
part of our operational planning.
(Comment 69) We received several comments on the timeliness of
application review and decisionmaking. Some comments assert that our
application review process must be comprehensive but also expedient.
Some comments ask that our communications with applicants be timely.
Other comments ask us to establish review timeframes by which
accreditation bodies and other interested parties may expect a response
to applications, asserting this will foster enhanced confidence and
transparency with the review process. Some comments suggest that we
review and act upon an accurately completed recognition application
within 90 days and a completed recognition renewal application within
45 days.
(Response 69) We agree with the comments suggesting that our
application review must be comprehensive and as expedient as possible.
We decline the suggestion to establish review timelines in this rule
because we lack the experience and data that would allow us to
reasonably estimate review timeframes. We also recognize that each
review will differ depending on the circumstances, and we expect to
become more efficient in application review as we gain experience in
the program.
(Comment 70) Some comments express concern about the length of time
it will take us to recognize and notify an applicant of any
deficiencies in the application. These comments also assert that
requiring applicants with deficiencies to resubmit their applications
and sending them to the bottom of the review list would make for
significant delays in the recognition and renewal processes.
(Response 70) FDA agrees that an application for recognition should
be checked for completeness promptly after submission. The Agency
intends to notify the submitter in a timely manner if the submission is
not complete. FDA anticipates that this completeness determination
could generally be made within 15 business days, because this is not a
decision on the merits of the application. However, given the competing
demands on Agency resources, including staff available to conduct
review, the Agency declines to add a time restriction in the final rule
for notifying an applicant of deficiencies that cause its application
to be considered incomplete and thus not ready for processing.
(Comment 71) Some comments assert that we should include a
mechanism for stakeholders to provide feedback to the Agency concerning
the capacity and functioning of accreditation bodies and auditors/
certification bodies because stakeholders have firsthand experience
with such entities. These comments suggest that we modify Sec.
1.631(b) to specify that FDA will also ``solicit and consider
information provided by stakeholders, including importers and foreign
suppliers subject to the accreditation body's jurisdiction, to assist
in the recognition or renewal application review process.''
(Response 71) To the extent the comments suggest that the Agency's
review and decisionmaking process on recognition applications should
include a solicitation of comments from the public we disagree, as this
would create unnecessary delay in the recognition process. FDA believes
that the information it gains through the application process will be
sufficient to make a recognition determination, and that this process
and subsequent monitoring by FDA ensures robust oversight of the
program. Nevertheless, stakeholders are always free to share with FDA
any information relevant to the Agency's food safety programs. We
[[Page 74601]]
note that information shared with FDA is subject to the information
disclosure regulations in part 20, as stated in Sec. 1.695.
(Comment 72) Some comments note that there are no circumstances or
conditions in the proposed rule that allow for an accreditation body to
question or object to an FDA action or request if they believe it is
not reasonable or relevant to the recognition and performance of the
accreditation body.
(Response 72) We do not expect to make requests or actions of an
accreditation body that are not relevant to the requirements of the
third-party certification program. FDA's evaluation of accreditation
bodies, as expressed in Sec. Sec. 1.631(b), 1.633(a), and 1.634(a), is
premised on the accreditation body's compliance with the applicable
requirements of this rule.
We note that in this rulemaking, FDA has established a number of
mechanisms to address challenges to FDA's decisions, including Sec.
1.691 (for requests for reconsideration of the denial of an application
for recognition, renewal, or reinstatement of recognition); Sec. 1.692
(for internal Agency review of the denial of an accreditation body
application upon reconsideration); and Sec. 1.693 (for regulatory
hearings on revocation of recognition).
We recommend accreditation bodies to fully consider the program
requirements before deciding to pursue recognition under the voluntary
third-party certification program.
(Comment 73) Some comments ask that we provide training and
education documents regarding the application process as quickly as
possible to ensure that accreditation bodies are clear on the process
and its requirements. These comments assert that training and education
would minimize the need for second reviews due to inaccurate or
incomplete applications.
(Response 73) As indicated in Response 67, we are developing
additional instructions for applications for recognition that will be
useful to accreditation bodies interested in pursuing recognition.
C. What is the duration of recognition? (Sec. 1.632)
We proposed to grant recognition to an accreditation body for up to
5 years, though we will determine the length of recognition on a case-
by-case basis.
(Comment 74) Some comments support our proposal to recognize
accreditation bodies for a duration of up to 5 years, with shorter
durations awarded early in the program for accreditation bodies with
little experience in accrediting third-party certification bodies.
(Response 74) We agree with comments suggesting that the duration
of recognition may vary depending on a number of factors, including the
accreditation body's history (or lack of history) in accrediting
certification bodies. We believe the proposal allows FDA to consider
such factors.
(Comment 75) Some comments express concern that we are not
proposing a fixed duration of recognition and ask us to establish a
specific time limit of 5 years. These comments assert that having a
standardized duration of recognition for all accreditation bodies is
administratively more viable for FDA to plan its resource needs and
would provide consistency across the industry. Additionally, these
comments assert that 5 years is a reasonable duration given the other
reporting and monitoring requirements built into the system.
(Response 75) We acknowledge the advantages that certainty provides
and, where appropriate, the Agency will grant recognition for the
maximum duration of 5 years. However, as noted in our previous
response, we also recognize it may be appropriate for the duration of
recognition to vary depending on a number of factors. Where, for
example, an accreditation body has little or no experience in
accrediting food safety certification bodies, we may decide the initial
grant of recognition should be less than 5 years.
(Comment 76) Some comments suggest that the duration of recognition
for an accreditation body should be 4 years to be consistent with the
duration proposed for accreditation of certification bodies in Sec.
1.661. Other comments request clarification about the difference in
durations proposed for recognition of accreditation bodies and
accreditation of certification bodies.
(Response 76) We decline the suggestion to shorten the maximum
duration of accreditation body recognition to 4 years and note that the
comments suggesting it should be the same maximum duration as third-
party certification body accreditation offered no information that
would provide an adequate basis for shortening recognition such that an
accreditation body could be recognized for no longer than a
certification body's accreditation. Further, as stated in the proposed
rule, we noted that other government programs such as the Substance
Abuse and Mental Health Services Administration program for accredited
programs that use opioid agonist treatment medications approves
accreditation bodies for up to 5 years (42 CFR 8.3). Under the FDA
mammography program, we may approve accreditation bodies for terms up
to 7 years (21 CFR 900.3(g)). As stated previously, FDA may establish a
period of recognition of less than 5 years if appropriate for a
particular applicant.
(Comment 77) Some comments assert that accreditation bodies that
maintain their IAF signatory status should not be limited to a 5-year
duration.
(Response 77) We decline the suggestion, noting that the comment
lacks information demonstrating that a longer term of recognition is
warranted for an accreditation body that is an IAF signatory.
D. How will FDA monitor recognized accreditation bodies? (Sec. 1.633)
We proposed to establish the frequency and manner for formal
evaluations of recognized accreditation bodies. Specifically, we
proposed to evaluate each recognized accreditation body by at least 4
years after the date of recognition of an accreditation body granted a
5-year term of recognition and by no later than the mid-term point for
an accreditation body granted a term of recognition of less than 5
years. Proposed Sec. 1.633 also notes that FDA may conduct additional
assessments of recognized accreditation bodies at any time.
(Comment 78) While the comments generally support FDA performance
assessments of recognized accreditation bodies, the comments express a
wide range of views on how frequently such assessments should occur.
Some comments support the proposed reevaluation frequency for
recognized accreditation bodies. Some comments assert that we need to
have a more suitable monitoring mechanism. Other comments suggest we
incorporate a random, unannounced performance review for recognized
accreditation bodies as a supplement to the proposed frequency. Some
comments take a contrary view, asking us to clarify in the final rule
the circumstances under which we may perform additional performance
assessments of recognized accreditation bodies. These comments assert
that FDA's ability to conduct additional audits, assessments, and
investigations without the requirement to justify such actions creates
the potential for a confrontational relationship and lack of trust. The
comments question whether, without such clarification, any refusal by
an accreditation body to grant FDA access or information would trigger
revocation
[[Page 74602]]
of their recognition. Still other comments request clarification on the
frequency of audits that will be conducted on accreditation bodies.
(Response 78) Monitoring assessments of accreditation bodies are
one of several tools we will use for program oversight. Section
1.633(a) implements section 808(f) of the FD&C Act, which states that
FDA must reevaluate a recognized accreditation body periodically, or at
least once every 4 years, and take any other measures FDA deems
necessary to ensure compliance. We anticipate that information gleaned
from other monitoring tools, such as an accreditation body's self-
assessment, may prompt additional performance assessments in certain
instances. Although we decline to specifically codify random,
unannounced performance reviews as a supplement to the proposed
frequency as suggested by the comment, we note that under Sec.
1.633(a) FDA may conduct additional assessments of recognized
accreditation bodies, including unannounced assessments, at any time as
it deems appropriate. We need to retain flexibility to conduct
additional audits, assessments and investigations to support the
credibility of the program.
With respect to the request to clarify whether any refusal to grant
FDA access or information for a performance assessment would trigger
revocation, under section Sec. 1.634(a), refusal to allow FDA to
conduct an assessment to ensure the accreditation body's continued
compliance with the requirements of this subpart is grounds for
revocation.
(Comment 79) Some comments assert that we should provide additional
detail on our monitoring procedures under Sec. 1.633(b). Some comments
express concern about the ambiguity of the term ``statistically
significant'' as well as the scope of onsite assessments and onsite
audits for performance evaluation purposes. These comments assert that
we must provide clear guidance to industry as to what we expect would
be involved in such onsite assessments and make this guidance available
for public comment. Other comments specifically request that we outline
the procedures under which we will conduct audits on accreditation
bodies and third-party certification bodies and specify a timeframe for
when we will issue the results of the audits. Still other comments
assert that we must provide guidance on how an eligible entity might be
selected for an audit/inspection that relates to an accreditation
body's reassessment of a certification body.
(Response 79) The objective of an assessment under Sec. 1.633 will
be to determine an accreditation body's compliance with the
requirements of this rule. When planning an assessment, we will
establish the time period of activities covered by the assessment and
may request records of an accreditation body under Sec. 1.625. We also
will develop plans for any locations to be visited, which may include
the accreditation body's headquarters and any other locations where
employees and other agents who conduct activities under this program
are managed.
In conducting the assessment, we may review records, such as
records relating to conflicts of interest and may interview officers,
employees, and other agents of the accreditation body. We also may
observe regulatory audits by certification bodies the accreditation
body has accredited. For the reasons explained in Response 28, we have
removed the phrase, ``statistically significant'' and revised the
sentence to explain that we may observe a ``representative sample'' of
certification body regulatory audits when conducting an assessment of
its accreditation body. We will decide what constitutes a
``representative sample'' for purposes of Sec. 1.633 on a case-by-case
basis, based on factors such as how many certification bodies the
accreditation body has accredited under the program, the scope of
accreditation of the certification bodies accredited by the
accreditation body, how many years the accreditation body has been in
the program, how many prior assessments of the accreditation body we
have performed, and the length of time since any prior assessments.
(Comment 80) Some comments ask that we inform recognized
accreditation bodies prior to doing onsite assessments of accredited
certification bodies and eligible entities as part of our performance
evaluations.
(Response 80) In planning an assessment with onsite observations of
certification bodies or an audit of certified eligible entities, we
will consider whether to provide notice to the accreditation body and/
or invite the accreditation body to be present. In some circumstances
we may determine that it would be necessary or appropriate to conduct
the assessment or audit without notice to the accreditation body.
(Comment 81) Some comments assert that to carry out performance
evaluations for the purpose of monitoring recognized accreditation
bodies, we must have an agreement directly with the certification
bodies or request that recognized accreditation bodies include these
requirements in their agreements with certification bodies they have
accredited.
(Response 81) We disagree that we must have an agreement directly
in place with each accredited certification body for us to carry out
performance evaluations, as Sec. 1.633(b) states that FDA may include
onsite assessments of a representative sample of third-party
certification bodies the recognized accreditation body accredited and
onsite audits of a representative sample of eligible entities certified
by such third-party certification bodies under this subpart. We
recommend that third-party certification bodies fully consider the
program requirements before deciding to pursue accreditation under this
voluntary third-party certification program. We also encourage
recognized accreditation bodies to include language in their standard
contracts with third-party certification bodies they accredit under
this program that acknowledges FDA's ability to conduct such
evaluations.
(Comment 82) Some comments ask who will cover the costs of audits
on recognized accreditation bodies.
(Response 82) As discussed in Response 66, we are proposing in a
separate rulemaking (80 FR 43987) the costs of FDA monitoring of
recognized accreditation bodies will be covered by user fees that we
will establish by regulation.
E. When will FDA revoke recognition? (Sec. 1.634)
Proposed Sec. 1.634 establishes the criteria and procedures for
revocation of recognition of an accreditation body, including requests
for records and notifications. It describes several circumstances that
warrant revocation of recognition and describes the effects (if any) of
revocation on accreditations and certifications occurring prior to the
revocation.
On our own initiative, we are revising Sec. 1.634(c)(2) to require
the accreditation body to notify FDA of the name and contact
information of the custodian who will maintain the records required by
Sec. 1.625 instead of just providing us with a location to increase
flexibility. We are making corresponding changes to Sec. Sec.
1.635(a), 1.664(e)(2), and 1.665(a). We also are revising paragraphs
(d) through (f) to clarify the manner of FDA's notice to affected
third-party certification bodies and the public of the revocation, as
well as the effect of such revocation on the accredited third-party
certification bodies and certifications they issued prior to issuance
of the revocation of recognition.
(Comment 83) Some comments recommend that when an accreditation
[[Page 74603]]
body's recognition is revoked, the information on the Web site includes
the cause or causes of the revocation.
(Response 83) We agree and will include on the FDA Web site a brief
description of the grounds whenever revoking the recognition of an
accreditation body.
(Comment 84) Some comments agree that providing the certification
body 1 year to transition and become accredited with another
accreditation body is a reasonable concept, but express concerns that
in many countries a limited number of accreditation bodies may make
meeting that timeframe difficult. They also note that although audited
entities' certifications may remain in effect until its expiration, it
may be difficult for them to maintain their certifications beyond that
date due to lack of accreditation bodies, or there may be instances in
which their certification is set to expire in weeks or months following
the revocation. These comments note a similar concern about the impact
of a lack of capacity on scheduling certification audits should the
certification body have to be reaccredited within 1 year. Comments
recommend that FDA address this issue by performing an assessment of
accreditation capacity in key production regions around the world and
using that information as a baseline to inform timeframes on re-
accreditation of third-party certification bodies. Other comments
suggest that either FDA be required to renew the recognition of the
recently revoked accreditation body or recognize a new accreditation
body in time for any affected accredited certification body to comply,
or FDA would be required to solicit applications for a new
accreditation body after an accreditation body's recognition is
revoked. Comments also recommend that certifications issued by a
certification body accredited by the accreditation body whose
recognition was revoked remain in effect for 1 year from the date of
the revocation of the accreditation body in order to reduce the
likelihood of a lapse in certification of eligible facilities.
(Response 84) We acknowledge that revocation of the recognition of
an accreditation body may present difficulties for the certification
bodies accredited by the accreditation body (and for the eligible
entities those certification bodies certified), particularly in
countries that have a single national accrediting authority. In such
circumstances, we intend to work with recognized accreditation bodies
and the certification bodies to identify opportunities and challenges.
We believe 1 year is sufficient time for a certification body to be
reaccredited in such circumstances. The requirement for an eligible
entity to become recertified after a certificate terminates by
expiration is based on section 808(d) of the FD&C Act, which requires
an eligible entity to apply for annual recertification. In light of the
foregoing, we are declining the requests to extend the deadlines for
reaccreditation and for recertification in the case of revocation of
recognition of an accreditation body.
(Comment 85) Some comments request FDA provide specific provisions
to address potential questions that may arise if recognition of an
accreditation body is revoked, with particular emphasis on the validity
of certificates or other documentation already issued when revocation
occurs.
(Response 85) Section 1.634(d) specifically describes the impact of
revocation of recognition of an accreditation body on the certification
bodies that it accredited under this program, including that a
certification body's accreditation will remain in effect if it provides
a self-assessment to FDA within 60 days of issuance of the revocation
and it is accredited by another recognized accreditation body or FDA no
later than 1 year after the revocation or the original date of
expiration of the accreditation, whichever comes first. Section
1.634(e) explains that in the case of revocation of an accreditation
body's recognition, a food or facility certification issued by a
certification body accredited by the accreditation body prior to the
revocation of its recognition will remain in effect until the
certification terminates by expiration.
(Comment 86) Some comments request that FDA clarify how individual
holders of certifications would be made aware of the revocation of
recognition. For example, they ask if FDA would contact certification
holders directly or if the certification holder would be required to
monitor the recognition status of the accreditation and certification
bodies.
(Response 86) We will provide notice on the FDA Web site when we
revoke the recognition of an accreditation body. We also will notify
certification bodies that have been accredited by the accreditation
body that has had its recognition revoked through the electronic portal
we are establishing. Because revocation of recognition will not affect
the duration of previously issued certificates, we will not directly
contact eligible entities to inform them of the revocation. If the
revocation of recognition results in the withdrawal of accreditation of
a certification body, FDA will provide notice of such withdrawal on our
Web site as provided in Sec. 1.664(h).
(Comment 87) Some comments recommend that FDA refer to the
provisions in ISO/IEC 17011:2004 and ISO/IEC 17021:2011 to inform the
provisions revocation of recognition in Sec. 1.634 and withdrawal of
accreditation in Sec. 1.664 and to distinguish those actions from
reduction in scope of recognition and accreditation and to establish
the specific grounds and effects for those actions.
(Response 87) Neither of the ISO/IEC standards cited in the
comments relate to revocation of recognition of an accreditation body;
however, we reviewed ISO/IEC 17011:2004 (Ref. 5) for terminology,
procedures, and grounds that might have relevance for revocation of
recognition in Sec. 1.634. We decline the suggestion to consider ISO/
IEC 17021:2012 (Ref. 6), which applies to certification bodies, for
purposes of this analysis as it is inapplicable.
Having reviewed ISO/IEC 17011:2004, we note that ISO/IEC 17011:2004
(Ref. 5) gives an accreditation body the flexibility to establish its
own procedures for suspension, withdrawal, or reduction of the scope of
an accreditation as explained in clause 7.13.1 and NOTE. FDA's
procedures for revocation of recognition are thus not inconsistent with
the ISO standards in this respect. Regarding the grounds for withdrawal
of accreditation, ISO/IEC 17011:2004 (Ref. 5), clause 7.13, provides
that an accreditation body must make decisions to suspend and/or
withdraw accreditation when an accredited conformity assessment body
(i.e., third-party certification body) has persistently failed to meet
the requirements of accreditation or to abide by the rules for
accreditation. The standard for revocation of recognition under this
program is established by section 808(b)(1)(C) of the FD&C Act, which
requires FDA to ``promptly revoke the recognition of any accreditation
body found not to be in compliance with the requirements of this
section,'' which is the standard that is used in proposed Sec. 1.634.
Therefore, we cannot incorporate this standard for withdrawal for
purposes of this program.
(Comment 88) Some comments suggest FDA revise Sec. 1.634(a)(3) and
(4) to provide that FDA can make a decision to revoke recognition or
withdraw accreditation only when it has objective evidence to
demonstrate that the recognized accreditation body committed fraud or
submitted material with significant false statements, demonstrated a
significant bias or significant lack of objectivity when
[[Page 74604]]
conducting activities, or significantly failed to adequately support
one or more decisions to grant accreditation.
(Response 88) We disagree. Section 808(b)(1)(C) requires FDA to
promptly revoke the recognition of any recognized accreditation body
found not to be in compliance with section 808 of the FD&C Act, which
establishes the third-party program. This program is a system of
assurances that begins with the recognition of qualified accreditation
bodies, which in turn accredit certification bodies to make judgments
about the compliance of eligible entities and the food they produce
with the applicable food safety requirements of the FD&C Act and FDA
regulations. FDA's ability to have swift recourse when a recognized
accreditation fails to comply with the requirements of the third-party
program is essential. Limiting FDA's ability to revoke the recognition
of accreditation bodies to instances of ``significant'' fraud, bias, or
lack of competence as the comment suggests would render the program
unreliable to provide the assurance of food safety intended by this
section.
F. What if I want to voluntarily relinquish recognition or do not want
to renew recognition? (Sec. 1.635)
Proposed Sec. 1.635 describes the procedures that an accreditation
body must follow when it intends to relinquish its recognition.
FDA received comments in support of the proposed procedures for
voluntary relinquishment of recognition. FDA received no adverse
comments on this section. On our own initiative, we are revising the
voluntary relinquishment provisions in Sec. 1.635 to also address
situations where a recognized accreditation body decides it does not
want to renew its recognition once it expires. In addition we are
including procedures for the certification bodies to follow after their
accreditation bodies' recognitions are relinquished or not renewed.
G. How do I request reinstatement of recognition? (Sec. 1.636)
Proposed Sec. 1.636 describes the procedures that an accreditation
body would have to follow when seeking reinstatement of its
recognition.
FDA received comments in support of the proposed procedures for
reinstatement of recognition. FDA received no adverse comments on this
section and is not making any substantive changes to this section in
this final rule.
VIII. Comments on Accreditation of Third-Party Certification Bodies
Under This Subpart
A. Who is eligible to seek accreditation? (Sec. 1.640)
Proposed Sec. 1.640 states that a foreign government, agency of a
foreign government, foreign cooperative, or other third-party would be
eligible for accreditation from a recognized accreditation body (or,
where direct accreditation is appropriate, FDA) to conduct food safety
audits and issue food and facility certifications under the program.
Proposed Sec. 1.640(b) is based on section 808(c)(1)(A) of the FD&C
Act and would require a foreign government/agency seeking accreditation
to demonstrate that its food safety programs, systems, and standards
would meet the requirements of proposed Sec. Sec. 1.641 to 1.645, as
specified in FDA's model standards on qualifications for accreditation,
including legal authority, competency, capacity, conflicts of interest,
quality assurance, and records. Proposed Sec. 1.640(c) is based on
section 808(c)(1)(B) of the FD&C Act and would require a foreign
cooperative or other third-party certification body seeking
accreditation to demonstrate that the training and qualifications of
its audit agents and the internal systems used by the certification
body would meet the requirements of proposed Sec. Sec. 1.641 to 1.645,
as specified in FDA's model standards on qualifications for
accreditation, including legal authority, competency, capacity,
conflicts of interest, quality assurance, and records.
At our own initiative, we revised Sec. 1.640(c) to apply to
accredited third-party certification bodies that are comprised of a
single individual, as applicable.
(Comment 89) Some comments suggest that FDA should require third-
party certification bodies conducting regulatory audits to be
accredited to either: (1) ISO 17021:2011 (Ref. 6), with the
complementary requirements of ISO/TS 22003:2007, Food safety management
systems--Requirements for bodies providing audit and certification of
food safety management systems (Ref. 20) or (2) ISO 17065:2012 (Ref.
7), with conformance to ISO 17021:2011 (Ref. 6) and ISO 22000:2005,
Food safety management systems--Requirements for any organization in
the food chain (Ref. 21).
Other comments suggest that ISO/IEC 17000:2004 (Ref. 4) and ISO/IEC
17021:2011 (Ref. 6) provide a common framework for managing the
effectiveness of third-party certification activities and recommend
incorporating the standards by reference into the final rule. The
comments assert that FDA's proposed rule, by failing to incorporate by
reference the ISO standards, appears to unnecessarily establish a
unique standard in contravention of the NTTAA and OMB Circular A-119
(63 FR 8546) without adequate justification. The comments include
recommended revisions to Sec. 1.640. Other comments note that ISO/IEC
Guide 65:1996 (Ref. 9) will be phased out by September 2015; therefore,
the wording in the final rule should be changed to reflect the
successor standard, ISO/IEC 17065:2012 (Ref. 7). Some comments express
concern about the additional costs to exporters from third-party audits
and private interests over and above official systems.
(Response 89) As explained in section I.D., we have revised the
rule to allow a third-party certification body to offer documentation
of conformance to ISO/IEC 17021:2011 (Ref. 6) or ISO/IEC 17065:2013
(Ref. 7) in support of its application for accreditation, supplemented
as necessary. However, we decline the suggestion to incorporate the
standards by reference into this rule.
ISO/IEC ISO 17021:2011 (Ref. 6) and ISO/IEC 17065:2012 (Ref. 7),
the successor to ISO Guide 65:1996 (Ref. 9), contain requirements that
are inconsistent with section 808 of the FD&C Act and impractical for
our program. For example, ISO/IEC 17021:2011 (Ref. 6), clause 5.2.6,
prohibits a certification body, including a governmental certification
body, from providing internal audits to its certified clients. Under
this same clause, a certification body that has provided internal
auditing services to a client must wait for 2 years before conducting
an audit for certification purposes. Clause 5.2.5 of the standard also
prohibits the certification body from offering or providing any
management systems consultancy (defined as participation in designing,
implementing, or maintaining a management system). We note that ISO/IEC
17065:2012 (Ref. 7), clause 4 contains similar requirements, e.g., in
clauses 4.2.6 and 4.2.10 NOTE 1, as the requirements of clauses 5.2.5
and 5.2.6 of ISO/IEC 17011:2004 (Ref. 5).
The requirements of our third-party program are markedly different,
because section 808 of the FD&C Act expressly allows an accredited
third-party certification body to conduct both regulatory audits for
certification purposes and consultative audits for internal purposes.
Further, section 808(c)(4)(C) of the FD&C Act allows an accredited
certification body to use the same audit agent in auditing the same
[[Page 74605]]
eligible entity, subject only to a limitation (that FDA may waive) on
using the agent for a regulatory audit when the agent had conducted a
consultative audit of the eligible entity in the preceding 13 months.
As another example, we note that ISO/IEC 17021:2011, clauses 6.2.1
to 6.2.3 (Ref. 6), require a certification body to establish an
external committee for safeguarding impartiality that includes
representation of key interests, such as audited firms. Clause 5.3.2 of
the standard requires the certification body to demonstrate to the
external committee that commercial, financial, or other pressures do
not compromise its impartiality. Under clause 6.2.2(c), the committee
has the right to take ``independent action'' if the top management of
the certification body ``does not respect the advice of this
committee.'' ISO/IEC 17065:2012 (Ref. 7), clause 5, contains similar
requirements--e.g., clause 5.2.1 NOTE 1 (committee) and 5.2.3 (right to
take independent action).
It would be inappropriate and impractical for FDA to require an
accredited third-party certification body to assemble a committee
representing interests outside those of this program, and would be
impractical for FDA to properly manage the program under such
circumstances. We also are concerned about the disincentive these
requirements of ISO/IEC 17011:2004 (Ref. 5) and ISO/IEC 17065:2012
(Ref. 7) might create, for example, for foreign competent authorities
who have their own processes for stakeholder engagement.
Based on our review of the standard and explained in the examples
provided above, we have determined that ISO/IEC 17011:2004 (Ref. 5) and
ISO/IEC 17065:2012 (Ref. 7) are inconsistent with section 808 of the
FD&C Act and impractical for purposes of this program and therefore
deny the suggestion to incorporate by reference into this rule.
With respect to the suggestion to incorporate ISO/IEC 17000:2004
(Ref. 4) into this rule, we note that this standard uses terminology
that is inconsistent with section 808 of the FD&C Act. We are concerned
that incorporating the terms used in ISO/IEC 17000:2004 (Ref. 4) in
this rule would create unnecessary confusion as to how the rule relates
to the statute. For example, clause 7.5 of the standard uses the term
``recognition'' for the ``acknowledgement of the validity of a
conformity assessment result provided by another person or body,''
while recognition is used in section 808 of the FD&C Act when
describing FDA's determination that an accreditation body meets the
requirements of this rule.
Based on our review of the standard and explained in the example
provided above, we have determined that ISO/IEC 17000:2004 (Ref. 4) is
inappropriate for incorporation by reference into this rule.
Although we decline to incorporate the standards mentioned in the
comments, we are revising Sec. 1.640 to allow a third-party
certification body to offer documentation of its conformance to ISO/IEC
17021:2011 (Ref. 6) or ISO/IEC 17065: 2013 (Ref. 7), supplemented as
necessary, in support of its application for accreditation under the
final rule. We conclude that this will serve to promote international
consistency and allow third-party certification bodies to use a
framework that is familiar to them when it can be used to meet the
requirements of this rule.
(Comment 90) Some comments suggest the rule should impose different
requirements on foreign government certification bodies and on other
third-party certification bodies (i.e., foreign cooperatives and other
third-party certification bodies), because of the different nature of
private operators and public administration.
(Response 90) Under section 808(a)(3) of the FD&C Act third-party
certification bodies include Foreign government certification bodies,
foreign cooperatives, and other third-party certification bodies.
Section 808 of the FD&C Act for the most part does not distinguish
between public and private certification bodies and states that both
are subject to the same model accreditation standards discussed in
808(b)(2). The only difference in treatment of public and private
certification bodies is set forth in section 808(c)(1) of the FD&C Act,
describing what elements of oversight be assessed for accreditation.
This difference is reflected in the eligibility criteria set forth in
Sec. 1.640(b) and (c). In all other areas, we decline the suggestion
to impose different requirements on foreign government certification
bodies and other third-party certification bodies.
(Comment 91) Some comments express skepticism about private
auditing companies. Some comments note that foreign cooperatives have
rarely if ever been engaged in true accredited third-party auditing/
certification activities and are thus unproven in that role.
(Response 91) As stated above, section 808 of the FD&C Act
expressly provides for both public and private accredited third-party
certification bodies. FDA believes the system of oversight established
under this rulemaking will be sufficient to ensure the reliability of
private certification bodies that are able to participate in the
program. Foreign cooperatives are specifically listed in section 808 of
the FD&C Act as a third party that could be a certification body, and
must meet the same rigorous criteria to qualify for accreditation.
B. What legal authority must a third-party certification body have to
qualify for accreditation? (Sec. 1.641)
Proposed Sec. 1.641 would require third-party certification bodies
to demonstrate that they have adequate legal authority, which may
include authority established by contract or as a government entity to
evaluate eligible entities for compliance with the applicable
requirements of the FD&C Act and FDA regulations.
FDA received no adverse comments specific to this section. However,
as discussed in Response 27, we have revised Sec. 1.641 to specify
that a third-party certification body has to be a legal entity.
C. What competency and capacity must a third-party certification body
have to qualify for accreditation? (Sec. 1.642)
Proposed Sec. 1.642 would require a third-party certification body
to demonstrate it has adequate resources to fully implement its
auditing and certification program and the capacity to implement the
requirements of this program, if accredited.
(Comment 92) Some comments suggest that we require certification
bodies to be bonded, to cover any Agency costs should the firm go
bankrupt.
(Response 92) We decline the suggestion to require certification
bodies to be bonded to cover any Agency costs if a certification body
goes bankrupt. This requirement is unnecessary because the program is
designed to operate using user fees. Additionally, Sec. 1.642 of the
final rule requires a third-party certification body to demonstrate
that it has adequate resources to fully implement its auditing and
certification program.
(Comment 93) Some comments recommend that we clearly define the
necessary competencies of certification body staff and auditors. Some
comments suggest that we require auditors to have at least 1 year of
work experience in testing and assessing the conditions for food safety
of certain food manufacturer(s) and to have attended at least 20 audits
for management systems using hazards analysis and critical control
point requirements.
[[Page 74606]]
(Response 93) Section 1.640 of this rule establishes the
eligibility requirements for third-party certification bodies seeking
to participate in the third-party certification program. Specific
recommendations on qualifications such as the years and types of work
experience in food safety and in conducting audits will be contained in
FDA's Model Accreditation Standards final guidance, as explained in
section I.D.
(Comment 94) Some comments emphasize the importance of having
certification bodies accredited to the specific areas in which they
will be conducting audits and issuing certifications. The comment
explains that accredited auditors/certification bodies auditing pet
food facilities must be adequately qualified and knowledgeable in pet
food requirements. The comments express concern that human food
standards might be misapplied to a facility producing raw materials,
ingredients or finished food for pet food (e.g., cross-contact for
allergens, ingredients destined for further processing).
(Response 94) A recognized accreditation body assessing a
certification body for accreditation (or FDA under direct
accreditation) must ensure that the certification body is qualified to
conduct audits under the food safety requirements of the FD&C Act and
FDA regulations that apply to the scope of accreditation sought.
Therefore, a third-party certification body that is accredited to
conduct audits under part 117 would not be accredited to perform audits
under 21 CFR part 507, unless the accrediting body has assessed the
certification body's qualifications and accredited it to perform audits
under part 507 as well.
D. What protections against conflict interest must a third-party
certification body have to qualify for accreditation? (Sec. 1.643)
Proposed Sec. 1.643 would require third-party certification bodies
to have established programs to safeguard against conflicts of interest
that might compromise their objectivity and independence.
On our own initiative, we are clarifying in Sec. 1.643(a) that the
conflict of interest provisions of this section apply to officers,
employees, and other agents that are involved in auditing and
certification activities, as relevant. We are making corresponding
changes in the subsequent provisions for accredited third-party
certification bodies under Sec. 1.657(a) and (c).
(Comment 95) Some comments recommend that FDA ensure that auditors
are competent and accountable and that there are adequate protections
against conflicts of interest, with maximum transparency related to
auditors' activities. The comments support requirements for documented
safeguards against conflicts of interest to help ensure that decisions
are accurate and unbiased and that auditors are independent.
(Response 95) We agree and are requiring third-party certification
bodies seeking accreditation to demonstrate they have written conflict
of interest measures and that they have the capacity to meet the
requirements of the final rule, if accredited.
E. What quality assurance procedures must a third-party certification
body have to qualify for accreditation? (Sec. 1.644)
Proposed Sec. 1.644 would require a third-party certification body
to have a written program for monitoring and assessing its performance,
identifying deficiencies in its program or performance and quickly
executing corrective actions.
FDA received no adverse comments specific to this section. However,
as discussed in Response 32, we revised Sec. 1.644(a) to clarify that
a certification body must demonstrate that it has procedures to
identify deficiencies and procedures to execute corrective actions for
such deficiencies, which would better align with international
standards (see, e.g., clause 5.5 in ISO/IEC 17011:2004 (Ref. 5)).
F. What records procedures must a third-party certification body have
to qualify for accreditation? (Sec. 1.645)
Proposed Sec. 1.645 would require a third-party certification body
to have developed and implemented written procedures to establish,
control, and retain the records. Such records are necessary to provide
the recognized accreditation body (or FDA under direct accreditation)
an adequate basis for assessing the certification body for
accreditation under this program.
We received no adverse comments specific to Sec. 1.645 and are
making no substantive revisions to this section.
IX. Comments on Requirements for Third-Party Certification Bodies That
Have Been Accredited Under This Subpart
A. How must an accredited third-party certification body ensure its
audit agents are competent and objective? (Sec. 1.650)
Proposed Sec. 1.650 would require an accredited third-party
certification body that uses audit agents to ensure that each audit
agent meets certain requirements for competency and objectivity under
the final rule. Under paragraph (a), the audit agent would need to have
knowledge and experience relevant to determining an eligible entity's
compliance with the applicable food safety requirements of the FD&C Act
and FDA regulations and, for consultative audits, conformance with
industry standards and practices. The accredited certification body
would have to determine the audit agent's competency to conduct food
safety audits in part by observing a representative number of audits
performed by the audit agent. The audit agent would have to complete
annual food safety training under the accredited third-party
certification body's training plan, comply with the conflict of
interest requirements for audit agents, and agree to notify its
certification body immediately upon discovering, during a food safety
audit, any condition that could cause or contribute to a serious risk
to the public health.
Under proposed Sec. 1.650(b), the accredited third-party
certification body would have to assign an audit agent qualified to
conduct the food safety audit, based on the scope and purpose of the
audit and the type of facility, its processes, and food. Proposed Sec.
1.650(c) would prevent an accredited third-party certification body
from using an audit agent to conduct a regulatory audit of an eligible
entity if the agent had conducted a regulatory or consultative audit of
the same eligible entity during the preceding 13 months, except FDA
could waive the 13-month limitation for an accredited certification
body that could demonstrate insufficient access to accredited third-
party certification bodies in the country or region where the eligible
entity is located.
Of our own initiative, we are revising Sec. 1.650(a) to apply to
accredited third-party certification bodies that are comprised of a
single individual, as applicable. Section 808(a)(3) of the FD&C Act
specifically allows an accredited third-party certification body to be
an individual, which would not fall within the definition of ``audit
agent'' in the statute or this rule.
[[Page 74607]]
Therefore, as part of establishing eligibility under Sec. 1.640, an
individual seeking accreditation must fulfill the requirements of Sec.
1.650(a)(1) to become accredited under this rule and, once accredited,
must comply with the annual food safety training requirements of Sec.
1.650(a)(3). Pursuant to Sec. 1.650(a)(4), an accredited third-party
certification body also must comply with the conflict of interest
provisions applicable to audit agents under Sec. 1.657(a)(3).
We note that a recognized accreditation body that is assessing an
individual seeking accreditation under this program also must assess
the individual's knowledge and experience under Sec. 1.650(a)(1) for
the scope of accreditation requested and must consider the results of
such assessment in determining the individual's eligibility for
accreditation under Sec. 1.640. The onsite observations of an
individual seeking accreditation that are performed under Sec.
1.620(a)(3) must be sufficient to determine competency consistent with
Sec. 1.650(a)(2).
(Comment 96) Some comments strongly support the proposed
requirements of Sec. 1.650, which would require an accredited
certification body to ensure that the audit agents it uses have the
knowledge and experience, within the scope of its accreditation, to
examine facilities, processes, and foods for compliance with the FD&C
Act and FDA regulations. The comments assert that audits are only as
good as the education, training, and experience of the auditor. Other
comments recommend that food safety audits under this rule should be
performed by individuals that have training equivalent to FDA
investigator training standards.
(Response 96) We agree with comments emphasizing the importance of
ensuring that audit agents an accredited third-party certification body
uses to conduct audits under the program are appropriately qualified
within the scope of the third-party certification body's accreditation.
Proposed Sec. 1.650 would comprise the elements of a comprehensive
assessment that an accredited third-party certification body would need
to perform for each audit agent it would use to conduct a food safety
audit under this rule. We further agree with comments suggesting that
an auditor determined by a third-party certification body to be
competent to conduct audits under private food safety schemes must
nonetheless be assessed by the accredited third-party certification
body for competency to conduct audits using the applicable food safety
requirements of the FD&C Act and FDA regulations as the audit criteria.
Therefore, under Sec. 1.650(a), an audit agent would need to
demonstrate substantive knowledge of the applicable food safety
requirements of the FD&C Act and FDA regulations relevant to the scope
and purpose of the food safety audits the agent would conduct under the
program. We do not agree to go so far as to require that all audit
agents or individuals accredited as third-party certification bodies
must have training equivalent to FDA investigator training standards,
as we acknowledge that some investigator training would not be
necessary to conduct audits under this program (e.g., evidence
collection for enforcement purposes). Such a requirement would impose
unnecessary costs and might serve as a disincentive to participation in
the program.
(Comment 97) Some comments specifically endorse proposed Sec.
1.650(a)(2), which would require each audit agent to be observed
conducting audits to examine compliance with the FD&C Act in a
representative number of facilities and foods. Other comments recommend
that an accredited third-party certification body should observe an
audit agent before the agent begins to conduct food safety audits of a
different type of food, followed by random, periodic spot audits to
confirm that the audit agent is applying the audit criteria
consistently. The comments interpret proposed Sec. 1.650(a)(2) to mean
that the accredited third-party certification bodies would be required
to ``continually witness'' each audit agent they use.
(Response 97) We agree that observations of audit agents under
proposed Sec. 1.650(a)(2) are essential in determining the competency
of audit agents. We are revising proposed Sec. 1.650(a)(2) to require
the observation of a representative ``sample'' of audits, instead of a
representative ``number'' of audits, because the focus of this
provision was not intended to be on the number of audits the audit
agents would be expected to conducted. Rather, we intend for the
accredited third-party certification body to observe a sample of audits
that are representative of the range of audits the audit agent might be
assigned.
In determining what would constitute a ``representative sample''
for purposes of final Sec. 1.650(a)(2), the accredited third-party
certification body should consider the various types of food facilities
that might be audited and the range of FDA regulations that would apply
to such facilities. An accredited third-party certification body would
need to observe the audit agent conducting a number of audits across
the range of facilities identified by the certification body, and the
range of FDA regulations that would apply to those facilities, such
that, taken together, the observed audits would be adequately
representative of the facilities, processes, and foods the audit agent
may be assigned to conduct. Generally, the more complex the regulations
or the more complex the processes used by the facility, the greater the
sample size should be, to help ensure the audit agent can apply the
audit criteria consistently and reliably in various situations. The
accredited third-party certification also should gather sufficient
information to provide confidence in its determination of the audit
agent's competency to conduct audits under this rule.
Contrary to the interpretation suggested by some comments, proposed
Sec. 1.650(a)(2) would not require an accredited third-party
certification body to ``continually witness'' each of its audit agents.
Such an approach is not practical, efficient, or necessary. However, we
are clarifying in Sec. 1.650(a)(2) that before an audit agent is used
to conduct food safety audits under this rule the audit agent must be
observed by the accredited third-party certification body and found to
be competent to conduct food safety audits relevant to the audits they
will be assigned to perform under this program. Such observations also
must be performed whenever an audit agent will be assigned to perform
food safety audits to determine compliance with additional food safety
requirements under the FD&C Act and FDA regulations beyond what the
certification body has previously observed.
Under this approach, once an accredited third-party certification
body has determined an audit agent's competency and objectivity under
Sec. 1.650, the audit agent can be assigned to conduct audits for
which they are qualified under Sec. 1.650(a)(1) and (2), subject to
requirements such as the annual training requirements in Sec.
1.650(a)(3) and the accredited third-party certification body's self-
assessment under Sec. 1.655. Although we decline to require periodic
observations of audit agents, once the accredited certification body
has determined the competency of its audit agents under Sec.
1.650(a)(2), we acknowledge the value of such observations in verifying
audit agent competency and the rigor of the certification body's
program for evaluating its audit agents.
(Comment) 98) Some comments recommend that we include
[[Page 74608]]
requirements focusing on the performance of individual audit agents
because, the comments assert, many audit complaints arise from
individual auditor conduct and focusing on individual performance may
help create more consistency in the process.
(Response 98) We agree, and have received similar input from other
stakeholders during our public meetings. The comments and other
stakeholder input underscore the importance of the requirements for an
accredited third-party certification body to observe a representative
sample of audits conducted by each audit agent under Sec. 1.650(a)(2),
to ensure that any audit agent it assigns to an audit is appropriately
qualified under Sec. 1.650(b), and to assess the performance of its
audit agents and the consistency of performance across all its audit
agents as part of the certification body's self-assessment under Sec.
1.655.
(Comment 99) Some comments support the proposed requirement for
annual food safety training under proposed Sec. 1.650(a)(3), noting
the importance of ensuring that audit agents have up-to-date training
in areas relevant to their audit activities. The comments also suggest
that FDA should communicate to training institutions any general audit
agent training needs FDA identifies through its program management and
oversight. Other comments recommend that the annual training
requirement should relate to relevant food safety provisions of the
FD&C Act and FDA regulations.
(Response 99) We agree and are revising Sec. 1.650(a)(3) to
clarify that an audit agent, or an individual accredited as a third-
party certification body, must have annual food safety training that is
relevant to activities conducted under this program. FDA works with a
number of Alliances and other organizations to ensure training needs
for regulatory requirements are met. For instance, having identified
the need to train regulators and industry in the new FSMA preventive
controls rules, FDA is working in collaboration with the Food Safety
Preventive Controls Alliance (FSPCA) to develop training materials and
establish training and technical assistance programs for the preventive
controls rules. The Alliance includes members from FDA, state food
protection agencies, the food industry, and academia and is funded by a
grant to the Illinois Institute of Technology's Institute for Food
Safety and Health. For more information about the FSPCA, see e.g.,
https://www.iit.edu/ifsh/alliance/.https://www.iit.edu/ifsh/alliance/.
(Comment 100) Some comments suggest that in addition to the
requirements of the proposed rule, we should require conformance to
ISO/IEC 19011:2011 (Ref. 8) on auditor competency.
(Response 100) FDA's recommendations on auditor competency, among
other things, will be contained in FDA's Model Accreditation Standards.
As noted in section I.D., comments that address matters covered by
FDA's Model Accreditation Standards are outside the scope of this
rulemaking.
The issuance of the Model Accreditation Standards draft guidance
was announced through publication of a notice of availability in the
Federal Register of July 24, 2015. We plan to finalize the Model
Accreditation Standards after receiving public comments on the draft
guidance.
(Comment 101) Some comments note that the audit agent's education,
training, and experience must be specific to the industry or industries
being audited. Some comments, for example, recommend that audit agents
who examine eligible entities for compliance with food additive
requirements should have industry experience with food additives and
relevant knowledge, experience or training in auditing these types of
facilities and processes.
(Response 101) We agree that a certification body must consider an
audit agent's competency whenever assigning the audit agent to a
specific audit. Therefore, Sec. 1.650(b) requires the accredited
third-party certification body to ensure that an audit agent it assigns
to a specific audit is appropriately qualified, based on the audit
scope and purpose, the specific type of facility, processes, and foods
the audit agent would be required to examine, and the food safety
requirements of the FD&C Act and FDA regulations that would apply.
We note that an accredited third-party certification body that is
an individual would be determined during the accreditation process to
be appropriately qualified to conduct audits within the scope of its
accreditation.
(Comment 102) Some comments agree with proposed Sec. 1.650(c) and
assert that it is needed to protect against conflicts of interest. Some
comments assert that, under current practices, auditors in many
countries frequently conduct consecutive audits at the same premises.
Other comments suggest that the 13-month limit is unnecessary because
adequate mechanisms already exist to manage conflicts of interest and
objectivity in ISO/IEC standards. Still other comments express concern
that the proposed limit of 13 months would be too short to avoid a
conflict of interest. These comments contend a short interval between
consultative audits and regulatory audits that are conducted by the
same audit agent could create the appearance that the audit agent is
auditing the results of the prior consultation. Other comments assert
we should impose a 2-year limit, rather than a 13-month limit on audit
agents conducting regulatory audits of the same eligible entity.
(Response 102) We disagree with comments opposed to proposed Sec.
1.650(c). Proposed Sec. 1.650(c) would implement the requirements of
section 808(c)(4)(C) of the FD&C Act, which limits an accredited third-
party certification body's ability to use an audit agent to conduct a
regulatory audit of an eligible entity if the agent conducted a
consultative or regulatory audit for the same eligible entity in the
preceding 13 months, unless FDA waives the limitation under criteria
described in the statute. While we recognize this requirement may
differ from some international standards, it balances the concern of an
audit agent auditing their own prior results if the subsequent audit
happens too soon with auditor capacity concerns through a waiver
provision. Under proposed Sec. 1.663, FDA would issue waivers where we
determine there is insufficient access to in the country or region
where the eligible entity is located.
We note that the proposed rule was unclear with respect to whether
the showing of insufficient access to support a waiver was based on a
lack of certification bodies or individual audit agents in a country or
region, and have therefore clarified in the final rule that the showing
of insufficient access necessary for FDA to grant a waiver request is
based on lack of audit agents (or in cases where individuals are
accredited as third-party certification bodies, those individuals).
Although we are finalizing additional conflict of interest requirements
in Sec. 1.657 of this rule, these provisions do not implement the 13-
month limit in section 808(c)(4) of the FD&C Act. Section Sec.
1.650(c) complements the requirements in Sec. 1.657 to provide
additional conflict of interest protections. Note that though this
response uses the term ``audit agent'' this provision also applies to
accredited third-party certification bodies that are individuals.
(Comment 103) Several comments assert that proposed Sec. 1.650(c)
and the waiver process FDA proposes to establish would be impractical.
The comments note that there is currently a significant shortage of
experienced food
[[Page 74609]]
safety auditors around the world. Describing it as a ``capacity''
issue, the comments suggest that implementation of the FSMA rules will
further exacerbate the problem. Some comments suggest that proposed
Sec. 1.650(c) would be impractical for small countries due to auditor
capacity issues.
(Response 103) We acknowledge the concerns about the possible
shortage of skilled food safety auditors to meet current global demand
and are aware of efforts by GFSI, the food industry, scheme owners, and
third-party food safety certification bodies to address auditor
capacity, as described in section I.D. We also understand that FSMA
implementation is likely to create further demand for auditors.
Nonetheless, as explained in Response 102, we are required by section
808(c)(4)(C) of the FD&C Act to limit an accredited third-party
certification body's ability to use an audit agent; we have clarified
in the final rule that the showing of insufficient access necessary for
FDA to grant a waiver request is based on lack of audit agents (or in
cases where individuals are accredited as third-party certification
bodies, those individuals).
We disagree with comments suggesting that the waiver process we
propose would be impractical. We are developing an IT portal that
includes the capability for accepting electronic submissions of
requests and electronic issuance of waivers, which will help facilitate
the submission of waiver requests by accredited third-party
certification bodies and FDA's processing of such requests.
(Comment 104) Some comments contend that the proposal to require
accredited third-party certification bodies to show insufficient
accredited third-party certification body resources to obtain an FDA
waiver of proposed Sec. 1.650(c) would be unnecessarily burdensome
because the proposed conflict of interest requirements adequately
protect against concerns about ``industry capture.'' Some comments
recommend that FDA research global food safety auditor capacity and
proactively issue waivers of proposed Sec. 1.650(c), absent waiver
request(s). Still other comments suggest that eligible entities should
be able to seek waivers of the 13-month limit on behalf of an
accredited third-party certification body.
(Response 104) Under section 808(c)(4)(C) of the FD&C Act, the 13-
month limit on audit agents conducting regulatory audits may be waived
if FDA determines there is insufficient access to audit agents in a
country or region. While acknowledging capacity concerns raised in
comments, we decline the suggestion that FDA should gather information
to support waivers absent a request for a waiver under section
808(c)(4)(C)(ii) of the FD&C Act. We believe gathering such information
would not be the best use of our limited resources, and that third-
party certification bodies would be better positioned to inform FDA of
audit agent capacity issues in their country or region of operation.
Moreover, the final rule clarifies that accredited third-party
certification bodies must demonstrate that there is insufficient access
to audit agents in the country or region where the eligible entity is
located in order to obtain a waiver. Because the 13-month limit is on
individual audit agents, and not third-party certification bodies, this
limitation is likely to be less burdensome than anticipated by the
comments.
We decline the suggestion to allow eligible entities to request a
waiver of proposed Sec. 1.650(c) on behalf of an accredited third-
party certification body, because we believe the accredited third-party
certification body will be better suited to assess auditor capacity on
a national or regional basis. Periodic rotation of audit agents is
intended to help ensure that audits remain objective and do not become
compromised by familiarity. The requirement to ensure an audit agent's
objectivity is placed on the accredited third-party certification body,
not an eligible entity, under proposed Sec. 1.650(a). Further, given
that the accredited third-party certification body would ultimately
need to agree to conduct an audit for an eligible entity, requiring the
accredited third-party certification body to request the waiver would
ensure that they are willing to accept the request for a food safety
audit in the first place. In light of the foregoing, we have concluded
that it is the accredited third-party certification body, not the
eligible entity, who should seek a waiver of the 13-month limit in
proposed Sec. 1.650(c).
We disagree with comments suggesting waiver requests will be unduly
burdensome or time-consuming for accredited third-party certification
bodies. The IT portal we are developing for the third-party
certification program includes the capability for accepting electronic
submissions of requests and electronic issuance of waivers, which we
believe will help minimize the administrative burden on certification
bodies and FDA.
B. How must an accredited third-party certification body conduct a food
safety audit of an eligible entity? (Sec. 1.651)
Proposed Sec. 1.651 would establish requirements for planning and
conducting consultative and regulatory audits in a manner that fulfills
the purposes of section 808 of the FD&C Act. Under paragraph (a) on
audit planning, the accredited third-party certification body would
require the eligible entity to identify whether it was seeking a
consultative or regulatory audit subject to the requirements of this
subpart under the third-party certification program. The eligible
entity would indicate the scope and purpose of the requested audit and,
in the case of a regulatory audit, would indicate the type of
certification sought. The accredited third-party certification body
would also require the eligible entity to provide a 30-day operating
schedule for the facility that would provide information relevant to
scope and purpose of the audit. The accredited third-party
certification body would then consider whether the requested audit is
within the scope of its accreditation.
Proposed Sec. 1.651(b) would require the accredited third-party
certification body to ensure it would have adequate authority to
conduct the requested audit, including authority to: (1) Conduct an
unannounced audit; (2) access any area of the facility or any of its
records relevant to the scope of the audit; (3) use an accredited
laboratory in accordance with section 422 of the FD&C Act, (21 U.S.C.
350k), where FDA requires sampling and analysis; (4) notify FDA
immediately upon discovering, during a consultative or regulatory
audit, a condition that could cause or contribute to a serious risk to
the public health; (5) prepare audit reports that would contain certain
elements and, for regulatory audits, that would be submitted to FDA;
and (6) allow FDA and its recognized accreditation body to observe any
food safety audit under the program.
Proposed Sec. 1.651(c) would require an unannounced audit to be
conducted in a manner consistent with its scope and purpose and would
include records review as well as an onsite examination of the
facility, process(es), and food to determine compliance with the
applicable food safety requirements of the FD&C Act and FDA
regulations, and for consultative audits, conformance with include
industry standards and practices. Proposed Sec. 1.651(c) would require
the audit agent to document observations and corrective actions and,
where appropriate, would include
[[Page 74610]]
environmental or product sampling and analysis using validated
methodologies and a laboratory accredited in accordance with the
requirements of section 422 of the FD&C Act.
At our own initiative, we are removing the requirement to use a
laboratory consistent with section 422 of the FD&C Act and inserting a
requirement in Sec. 1.651(b)(3) to use a laboratory accredited under
ISO/IEC 17025:2005 or another laboratory accreditation standard that
provides at least a similar level of assurance in the validity and
reliability of sampling methodologies, analytical methodologies, and
analytical results.
On our own initiative, we are also revising Sec. 1.651(c)(1) to
clarify that the audit must be focused on determining whether the
facility, its process(es), and food are in compliance with the
applicable food safety requirements of the FD&C Act and FDA
regulations, and for consultative audits, also includes conformance
with applicable industry standards and practices. Based on comments
received on Sec. 1.653 and for the reasons described in Comment/
Response 112 in section IX.C., we are revising Sec. 1.651(c)(3) to
clarify that an accredited third-party certification body (or its audit
agent, where applicable) that identifies a deficiency requiring
corrective action may verify the effectiveness of a corrective action
once implemented by the eligible entity but must not recommend or
provide input to the eligible entity in identifying, selecting, or
implementing the corrective action.
(Comment 105) Some comments suggest that we should incorporate ISO/
IEC 19011:2011 (Ref. 8), which contains guidelines on auditing
management systems, by reference into the rule.
(Response 105) We disagree, because ISO/IEC 19011:2011 (Ref. 8) is
inconsistent with the requirements of section 808 of the FD&C Act and
this rule. For example, ISO/IEC 19011:2011 (Ref. 8) is premised on
announced audits that are scheduled with the client, as described in
clauses 6.2.2, and 6.2.3 of the standard; however, section
808(c)(5)(C)(i) of the FD&C Act requires audits conducted under this
rule to be unannounced. As another example, clause 6.4.9 of ISO/IEC
19011:2011 (Ref. 8) suggests that an audit team should attempt to
resolve any ``diverging opinions'' between the team and the audited
entity regarding the audit conclusions, such as the extent of
conformity with audit criteria (clause 6.4.8), during the closing
meeting. We acknowledge that differences of opinions regarding audit
conclusions are likely to occur between eligible entities and
accredited third-party certification bodies or audit agents. However,
the credibility of our program rests in large part on the independence
and objectivity of accredited third-party certification bodies and
audit agents. This rule is intended to help ensure they are free from
the influence of the eligible entities and any appearance that their
judgment is compromised by eligible entities. Audit conclusions
regarding an eligible entity's compliance with the applicable food
safety requirements of the FD&C Act and FDA regulations are the purview
of the accredited third-party certification body and any audit agents
it uses. The appropriate mechanism for an eligible entity seeking to
challenge adverse decisions would be the accredited third-party
certification body's appeals process.
For the foregoing reasons, we decline to incorporate ISO/IEC
19011:2011 (Ref. 8) by reference into this rule.
(Comment 106) Some comments assert the guidelines for management
systems auditing in ISO/IEC 19011:2011 (Ref. 8) would provide a useful
guide for audits conducted under the program. Other comments suggest
the audit agents should be conducting food safety audits using a
quality systems approach. Citing the production of food additives as an
example, these comments note that while it would be preferable to
conduct an audit while a food additive is being produced it is not
always feasible. The comments suggest that as long as the audit focuses
on quality systems it should not be necessary for production of the
food additive to occur during the audit.
(Response 106) As explained in Response 105, some elements of ISO/
IEC 19011:2011 (Ref. 8) are inconsistent with the requirements of
section 808 of the FD&C Act and this rule, thereby limiting its
applicability for food safety audits conducted under this rule. We
agree, however, with the general principle that a ``systems'' approach
to food safety audits with a correctly identified scope and purpose,
using appropriate audit criteria, and properly executed by a competent
audit agent (or individual accredited as third-party certification
body), should be sufficient to cover the food within the audited
system(s) of the facility, without requiring direct observation of each
type of food produced. We note that it is essential that the scope of
the audit covers the appropriate physical locations, activities, and
processes that are part of the management system to be audited, and
information collected during the audit must be relevant to the audit
scope, purpose, and criteria, including information relating to
interfaces between functions, activities, and processes of the food
safety system.
We use the term ``systems audits'' generally, acknowledging that
``management systems'' audits, ``product certification'' audits, and
``quality systems'' audits have specific meanings in some contexts,
such as ISO/IEC standards, but may have different meanings in different
contexts. To the extent that the comments referencing a ``quality
systems'' approach are suggesting that food safety audits should be
conducted using a ``systems auditing'' approach, we agree. Accordingly,
we are revising Sec. 1.651(c)(1) to better align with the language of
section 808 of the FD&C Act and this rule, as well as ``systems''
auditing principles.
Our goal is to ensure the rigor of the food safety audits conducted
under our program, which will be accomplished through compliance with
the requirements of this rule. It is intended to help ensure that food
safety audits are conducted by competent audit agents (or individuals
accredited as a third-party certification bodies), in accordance with a
properly defined audit scope and purpose, using the applicable audit
criteria required by this rule. As such, any food safety audit
conducted under the rule should provide the information necessary for
the accredited third-party certification body to make a determination
on compliance with the applicable food safety requirements of the FD&C
Act and FDA regulations. Whether or not a particular audit does, in
fact, provide such information, with an appropriate level of
confidence, is dependent on a number of factors, among them:
1. At the time that the food safety audit is procured, the eligible
entity must declare the scope and purpose of the audit consistent with
the requirements of this rule (and any additional criteria established
in VQIP guidance for facility certifications for use in that program
or, for certifications to be used for purposes of section 801(q) of the
FD&C Act any additional criteria that may be established by FDA
relating to the safety determination).
2. The accredited third-party certification body must assign an
audit agent that is competent to perform the audit (or, for an
accredited third-party certification body that is an individual, such
audit must be within the scope of accreditation).
3. The audit agent (or individual accredited as a third-party
certification body) must:
a. Develop and successfully execute an audit plan that includes a
records
[[Page 74611]]
review, which may be scheduled, and a subsequent onsite facility
examination performed on an unannounced basis within a 30-day window of
time according to the facility's operating schedule for the requested
audit purpose and scope and using the appropriate audit criteria; and
b. during the audit collect and verify information that is relevant
to the audit purpose, scope, and criteria and that will form the basis
for the audit findings and conclusions.
We note that this rule establishes the requirements for the third-
party certification program but does not establish requirements
relating to the use of these certifications for purposes of sections
801(q) and 806 of the FD&C Act. To that end, we urge an eligible entity
seeking a regulatory audit for certification to be used for VQIP
purposes or for purposes of satisfying a requirement for certification
under section 801(q) to ensure that the scope of the regulatory audit
it procures, and any food and facility certifications that are issued
as a result, will be sufficient to meet FDA requirements under sections
801(q) and 806 of the FD&C Act.
Under section 806 of the FD&C Act, FDA will require facility
certifications issued by accredited third-party certification bodies
under section 808 as a condition of an importer's eligibility for VQIP.
We encourage eligible entities, importers, and accredited third-party
certification bodies to consult the VQIP guidance, when finalized, to
ensure the proper scope has been established for any regulatory audit
conducted to obtain facility certification for VQIP purposes.
Any requirement for certification to satisfy a condition of
admissibility under section 801(q) of the FD&C Act would be based on an
FDA safety determination relating to specific circumstances, as
described in section 801(q)(2). An eligible entity seeking
certification from an accredited third-party certification body to meet
the admissibility requirements under section 801(q) of the FD&C Act
must ensure the proper scope has been established for the regulatory
audit it procures to address the circumstances behind the 801(q)
determination.
(Comment 107) Some comments assert that the audit requirements in
proposed Sec. 1.651 are overly detailed and inflexible, contending
that accreditation bodies have their own requirements for good auditing
practices. The comments also suggest that proposed Sec. 1.651, would
be problematic to implement and cite as an example the proposed
requirement for unannounced audits, which the comments say would be
inconsistent with the requirements associated with planned audits that
apply in other programs.
(Response 107) We understand that some of the requirements in
proposed Sec. 1.651 differ from the audit protocols currently used in
conducting many third-party audits of food facilities. The comments do
not identify the good auditing practices they assert accreditation
bodies already require certification bodies to use; however, we are not
incorporating ISO/IEC 17021:2011, ISO/IEC 17065:2012, or ISO/IEC
19011:2011 by reference into this rule for the reasons explained in
section I.D. We are unable to identify a voluntary consensus standard
that would encompass the audit practices required by section 808 of the
FD&C Act (e.g., unannounced audits and notification of conditions that
could cause or contribute to a serious risk to public health) as well
as other practices the statute allows (e.g., audit agents conducting
both consultative and regulatory audits). In the absence of existing
standards that would adequately address the food safety audit
requirements of section 808 of the FD&C Act, Sec. 1.651 offers
accredited third-party certification bodies and audit agents the
requirements needed to conduct food safety audits in the manner the
statute contemplates and requires.
The comment asserting that proposed Sec. 1.651, would be
problematic to implement cited as an example the proposed requirement
for unannounced audits in Sec. 1.651(c)(1). We acknowledge that most
audits are scheduled, and a program involving unannounced audits will
require changes in the current usual practices of accredited third-
party certification bodies and eligible entities. However, section
808(c)(5)(C)(i) of the FD&C Act specifically requires audits performed
under this rule to be unannounced. As described in Response 106,
proposed Sec. 1.651(c)(1) was designed to provide flexibility to
accredited third-party certification bodies and eligible entities,
while fulfilling this statutory requirement. Without additional
examples or other details in the comments to explain why the other
audit protocols in proposedSec. 1.651(a) would be problematic to
implement, we decline to revise Sec. 1.651(a)(2) to (4) in response to
the comments.
(Comment 108) In addition to comments described in section III.E.
regarding the impracticality of unannounced audits, some comments
contend that unannounced audits would be impractical and inefficient
for any food safety audit (e.g., regulatory audits) conducted under
this rule. Other comments express concern about implementing
unannounced audits at farms that may be geographically isolated, while
offering support for unannounced audits in principle.
Other comments note that unannounced audits are conducted for
operations participating in the Leafy Greens Marketing Agreements
(LGMAs) in California and Arizona and in the California Cantaloupe
Marketing Order (CCMO), asserting it is feasible to conduct audits of
seasonal operations during harvest activities, observing practices and
programs in the field and facility. Some comments suggest that
unannounced audits provide a more realistic view of the entity's
compliance status than planned audits do.
Some comments endorse the approach of a planned records review
prior to an unscheduled site audit occurring at any point during a 30-
day operating window. Other comments ask us to clarify in the final
rule which parts of a food safety audit may be performed on a scheduled
basis and which parts must be performed on an unannounced basis within
a 30-day window.
(Response 108) We decline to revise our approach to unannounced
audits under Sec. 1.651, as section 808(c)(5)(C)(i) of the FD&C Act
explicitly requires that audits be unannounced. We are, however, adding
language to Sec. 1.651(c)(1) to clarify that the records review
portion of a food safety audit may be scheduled with an eligible entity
and, through revisions to Sec. 1.651(c)(2), are requiring the records
review to occur before the onsite facility examination portion of the
audit, consistent with the description in the preamble to the proposed
rule (78 FR 45782 at 45811 to 45812). We are retaining the requirement
in Sec. 1.651(c)(1) to conduct an unannounced audit through an
unscheduled onsite facility examination at any time during the 30-day
timeframe identified pursuant to Sec. 1.651(a)(1)(ii).
As discussed in the preamble to the proposed rule (78 FR 45782 at
45811), when developing the audit protocols to implement the statutory
requirement for unannounced audits, we considered the British Retail
Consortium (BRC) Global Standard for Food Safety (Ref. 22) unannounced
audit option to help us ensure that our approach to unannounced audits
would be practical and feasible to implement. The BRC unannounced audit
option provides for a ``Good Manufacturing Practices-type audit'' to be
unannounced, while a separate records review could occur during a
planned visit. We have concluded that it is reasonable and appropriate
to interpret the statutory
[[Page 74612]]
requirement for unannounced audits to allow a record review to be
conducted during a planned visit to the eligible entity, provided that
the onsite audit is conducted on an unannounced basis. In addition, as
discussed previously, we have revised Sec. 1.651(c)(2) to require that
the records review must precede the onsite examination to facilitate
the facility visit.
We agree with comments suggesting that unannounced audits are
feasible and note, for example, that another GFSI-benchmarked scheme,
the Safe Quality Food Code in July 2014 began implementing an
unannounced audit component, wherein unannounced audits are mandatory
for every third audit (Ref. 23). Additionally, while we appreciate the
concern expressed by comments regarding the implementation of
unannounced audits at farms that may be geographically isolated, we
believe the examples cited by comments of unannounced audits of
participants that are performed at least once each year under the LGMA
and the CCMO are persuasive in demonstrating the feasibility of
unannounced audits for primary production. Moreover, the requirements
for audits specified in the statute and our experiences planning
foreign inspections lead us to believe that the requirement for a 30-
day operating window will assist in preventing logistic problems
associated with unannounced audits in geographically isolated areas.
For the foregoing reasons, we have concluded that the unannounced audit
protocol in Sec. 1.651(a)(1) is practical and efficient to implement,
while meeting the requirements of section 808(c)(5)(C)(i) of the FD&C
Act.
(Comment 109) Some comments suggest that FDA increase the window of
time between the records review, which informs the audit planning, and
the unannounced site audit, which examines the facility, its
process(es), and food for compliance with the applicable food safety
requirements of the FD&C Act and FDA regulations. To maximize the
element of surprise while ensuring the relevance of the records review
to the conduct of the site audit, the comments suggest we should expand
the timeframe to allow the audit agent to conduct the site audit any
time during a 90-day period.
(Response 109) Food safety audits conducted under this program,
particularly regulatory audits for certification purposes, often are
time sensitive in nature, because they are necessary for issuance of
certifications that are used facilitate trade. Establishing a lengthy
window of time during which an unannounced audit could occur could have
significant implications, for example, where certification is used in
satisfying a condition of admissibility for a food subject an FDA
safety determination under section 801(q) of the FD&C Act. A lengthy
window of time for an unannounced audit to be conducted also could
hinder participation in the VQIP program under section 806 of the FD&C
Act, which requires an importer to provide facility certification as a
condition of participation. In light of the foregoing, we do not
believe it would be reasonable to extend the length of time between
records review and the site audit from 30 to 90 days.
C. What must an accredited third-party certification body include in
food safety audit reports? (Sec. 1.652)
Proposed Sec. 1.652 would implement section 808(c)(3)(A) of the
FD&C Act, which authorizes FDA to establish the requirements for audit
reports that an accredited third-party certification body would need to
prepare as a condition of its accreditation. The statute specifies that
such report of an audit must include: (1) The identity of the persons
at the eligible entity responsible for compliance with food safety
requirements; (2) the dates and scope of the audit; and (3) any other
information FDA requires that relates to or may influence an assessment
of compliance.
Proposed Sec. 1.652(a) would specify the form of consultative
audit reports, which would include: The name, address, and unique
facility identifier (UFI) of the facility subject to audit; the name,
address, and UFI of the eligible entity (if it differs from the
facility); the contact information for the person(s) responsible for
food safety compliance at the facility; the dates and scope of the
consultative audit; and any deficiency(ies) observed during the audit
that require corrective action(s) and the date on which such corrective
action(s) were completed. Proposed Sec. 1.652(a) would require that a
consultative audit report be prepared by no later than 45 days after
completing the audit and would require preparing the report in English
and maintaining it as a record under proposed Sec. 1.658.
Proposed Sec. 1.652(b) would specify the form of regulatory audit
reports, which would include: (1) The name, address, and UFI of the
facility subject to audit; (2) the FDA food facility registration
number (where applicable); (3) the name, address, and UFI of the
eligible entity (if it differs from the facility); (4) the contact
information for the person(s) responsible for food safety compliance at
the facility; (5) the dates and scope of the regulatory audit; (6) the
process(es) and food(s) observed during the audit; (7) whether sampling
and laboratory analysis is used in the facility; (8) recent food
recalls; (9) recent significant changes at the facility; and (10) any
food or facility certifications recently issued to the entity. With
respect to deficiencies and corrective actions, proposed Sec. 1.652(b)
would require the accredited third-party certification body to include
in the regulatory audit report any deficiency(ies) observed during the
audit that meet FDA's Class I and Class II recall standards--i.e., the
deficiency(ies) present(s) a reasonable probability that the use of or
exposure to the violative product will cause serious adverse health
consequences or death; or may cause temporary or medically reversible
adverse health consequences or where the probability of serious adverse
health consequences is remote, and the corrective action plan for any
identified deficiency unless the corrective action was implemented
immediately and verified onsite by the accredited third-party
certification body. Proposed Sec. 1.652(b) also would require that a
regulatory audit report be submitted to FDA electronically, in English,
by no later than 45 days after completing the audit.
Under proposed Sec. 1.652(c), an accredited third-party
certification body would have to submit to FDA an audit report for any
regulatory audit it conducts, regardless of whether the certification
body issued a certification based on the results of the regulatory
audit. Proposed Sec. 1.652(d) would require an accredited third-party
certification body to implement written procedures for receiving and
addressing challenges from eligible entities contesting adverse
regulatory audit results and would require them to maintain records of
such challenges under proposed Sec. 1.658.
On our initiative, we revised paragraphs (a) and (b) of Sec. 1.652
to clarify that an accredited third-party certification body must
provide a copy of a consultative audit report or regulatory audit
report (respectively) to the eligible entity. We also on our own
initiative added a requirement for the accredited third-party
certification body to include in the audit report the FDA Establishment
Identifier (FEI) of the facility audited and the FEI of the eligible
entity, if different than the FEI for the audited facility to help
verify the identity of the facility and eligible entity based on
information contained in FDA's database of FEIs. Further, we aligned
the elements of the consultative audit report and regulatory audit
report; for example, we redesignated proposed paragraph (a)(5) as
(a)(6) and added a
[[Page 74613]]
new paragraph (a)(5) to require that the consultative audit report
include the processes and foods observed during the consultative audit.
Additionally, on our own initiative we revised Sec. 1.652(d) to
clarify that an accredited third-party certification body must notify
an eligible entity of a denial of certification.
(Comment 110) Several comments raise concerns regarding the
requirements that would apply to consultative audit reports under
proposed Sec. 1.652(a). The comments assert that because consultative
audits are specifically intended to be for internal purposes, FDA
should delete proposed Sec. 1.652(a) and should not propose any
requirements for consultative audit reports. Other comments suggest
that we remove the proposed requirement to prepare a consultative audit
report no later than 45 days after conducting the audit, asserting the
deadline is infeasible. Still other comments suggested we should allow
consultative audit reports to be prepared and maintained in languages
other than English.
Some comments interpret proposed Sec. 1.652(a) to require
consultative audit reports to be submitted to FDA. Other comments urge
us to emphasize to industry that proposed Sec. 1.652(a) would only
require accredited third-party certification bodies to maintain
consultative audit reports in their records and not submit them to FDA,
and that FDA could only access consultative audit reports in
circumstances meeting the serious adverse health conditions or death to
humans or animals (SAHCODHA) standard for records access under section
414 of the FD&C Act. Other comments note that the proposed rule was
silent on the protection of proprietary information in audit reports.
(Response 110) We disagree with comments suggesting that because
consultative audits are for internal purposes only, FDA is precluded
from imposing any requirements for consultative audit reports prepared
by accredited third-party certification bodies under this rule. Section
808(c)(3)(A) of the FD&C Act requires certain elements to be included
in reports for all food safety audits. This includes both consultative
audits and regulatory audits, which are the two types of audits
described in section 808(c)(4)(B) of the FD&C Act. Section 808(c)(3)(A)
sets a 45-day deadline for the preparation of all audit reports,
including consultative audit reports, and sets a separate requirement
that the audit reports for regulatory audits be submitted. Section
808(c)(3)(A) of the FD&C Act also gives FDA discretion to designate the
form and manner of audit reports and to require accredited third-party
certification bodies to include in audit reports other information that
relates to or may influence an assessment of compliance with the FD&C
Act. In light of these statutory provisions, we decline the suggestions
to delete proposed Sec. 1.652(a) or to remove the proposed 45-day
deadline for preparation of a consultative audit report.
We are, however, removing the proposed requirement in Sec.
1.652(a) that consultative audit reports would need to be prepared and
maintained in English in the accredited third-party certification
body's records. As explained in Response 59, we are removing the
proposed requirements for recognized accreditation bodies and
accredited third-party certification bodies to create and maintain
records that do not need to be submitted to FDA, outside of a specific
request, under this rule in English.
We disagree with comments suggesting that Sec. 1.652(a) should
require accredited third-party certification bodies to submit
consultative audit reports to FDA. We note that section 808(c)(3)(A)
only requires the submission of regulatory audit reports. Because
consultative audits are for internal purposes, we consider it
appropriate to require the maintenance of these reports, but not the
submission of the reports. Under section 808(c)(3)(C) of the FD&C Act,
we could only access consultative audit reports in circumstances
meeting the standard for records access under section 414 of the FD&C
Act.
With respect to protection of proprietary information in
consultative audit reports submitted to or obtained by FDA, we note
that the final rule includes new provision Sec. 1.695, which addresses
disclosure and the protection of trade secrets and confidential
commercial information under applicable law.
(Comment 111) Some comments support our proposal to require that
consultative audit reports under proposed Sec. 1.652(a)(2) and
regulatory audit reports under proposed Sec. 1.652(b)(1)(i) and (b)(2)
include UFIs for audited facilities and for eligible entities (where
different from audited facilities). In the preamble to the proposed
rule (78 FR 45782 at 45812), we solicited comment on whether a UFI
should comprise a Data Universal Numbering System (DUNS[supreg]) number
and Global Positioning System (GPS) coordinates for an audited facility
and for the eligible entity (if different from the audited facility).
Some comments support using DUNS[supreg] numbers in UFIs for
eligible entities and audited facilities, asserting that approximately
230 million establishments around the world have DUNS[supreg] numbers.
The comments assert that DUNS[supreg] numbers are easy to obtain and
free to the establishment. Comments also emphasize that the use of
DUNS[supreg] numbers would be particularly helpful under the third-
party certification rule, because the numbers help to determine
corporate ``families''--e.g., related establishments.
Other comments oppose using DUNS[supreg] numbers as UFIs,
contending that DUNS[supreg] numbers are not widely used outside the
United States and frequently have errors. Some of these comments
propose alternatives to DUNS[supreg] numbers, including: GPS
coordinates, FDA's food facility registration numbers, or the U.S.
Internal Revenue Service taxpayer identification numbers which comments
suggest foreign companies can request from U.S. Customs and Border
Protection.
(Response 111) We received valuable input in response to our
solicitation of comments on UFIs for audited facilities and eligible
entities. Having a UFI for eligible entities (and audited facilities if
different) would be useful to FDA in identifying an eligible entity
that does not already have a numerical identifier in one of FDA's
databases. For example, farms generally are not required to register
with FDA under section 415 of the FD&C Act, so they would not have an
FDA Food Facility Registration Number, unless they conduct activities
for which such registration is required, and some eligible entities may
not have been assigned an FDA Facility Establishment Identifier.
We note that FDA currently is considering whether to require UFIs
for regulated establishments, such as facilities as defined in 21 CFR
1.227, and the types of numbering systems that might be used for UFIs.
Under this final rule, an accredited third-party certification body
will be required to include a UFI for an audited facility and for an
eligible entity (if different from the audited facility) in a
consultative audit report under Sec. 1.652(a)(1)(i) and (a)(2), and a
regulatory audit report under Sec. 1.652(b)(1)(i) and (b)(2), if FDA
designates a UFI system.
(Comment 112) Some comments focus on proposed Sec. 1.652(a)(5),
which would require a consultative audit report to include any
deficiencies observed that require corrective action, the corrective
action plan, and the date corrective
[[Page 74614]]
actions were completed. Some comments ask us to clarify what
information about deficiencies should be included in consultative audit
reports. The comments distinguish between FDA investigators who collect
physical evidence during inspections and third-party certification
bodies who typically observe process(es), review records, and cite
nonconformity to standards--e.g., ``Canning retort time did not meet x
temperature for y time of the scheduled process.'' Other comments ask
FDA to clarify that the eligible entity, not the audit agent, would be
responsible for corrective actions, including analyzing the cause of
the nonconformity and developing corrective actions to address the
nonconformity. These comments support the proposed requirement to
require documentation and verification of corrective actions, whether
through document review or onsite audits.
(Response 112) As the comments suggest, third-party certification
bodies commonly describe their audit findings in terms of conformity or
nonconformity with audit criteria, such as a GFSI-benchmarked food
safety scheme or the ISO/TS 22003:2013 series of food safety standards
(Ref. 24). Under section 808 of the FD&C Act, accredited third-party
certification bodies examine eligible entities and their foods for
compliance with the applicable food safety requirements of the FD&C Act
and FDA regulations and, for consultative audits, also assess
conformity with applicable industry standards and practices.
Under proposed Sec. 1.652(a)(5), a consultative audit report would
identify any deficiencies observed by audit agent, which we intended
would encompass any deficiency that relates to or may influence the
accredited third-party certification body's determination of whether
the eligible entity is in compliance with the applicable food safety
requirements of the FD&C Act and FDA regulations. We were not proposing
to require that consultative audit reports include information on an
observation solely related to a nonconformity with industry standards
or practices that FDA does not implement or enforce. An observation
relating to both a nonconformity with an industry standard or practice
and a deficiency that relates to or may influence a compliance
determination would need to be included in the audit report as a
deficiency under proposed Sec. 1.652(a)(5). In response to comments,
we are revising Sec. 1.652(a)(5), renumbered as Sec. 1.652(a)(6), to
clarify that a consultative audit report must include any deficiency
that relates to or may influence a determination of compliance with the
applicable food safety requirements of the FD&C Act and FDA regulations
and information on the corrective action(s) to address such deficiency.
We agree with comments distinguishing between the roles of eligible
entities (who must identify and implement effective corrective actions)
and accredited third-party certification bodies and their audit agents
(who identify deficiencies and verify that effective corrective actions
have been implemented). After identifying deficiencies that will
require corrective action, accredited third-party certification bodies
and their audit agents must maintain their impartiality by allowing
eligible entities to select the appropriate corrective actions to
employ. To recommend or suggest corrective actions to eligible entities
during consultative or regulatory audits would undermine the
objectivity of the third-party certification bodies or audit agents in
performing their critical task of verifying the effectiveness of the
corrective actions once implemented. To address this concern, we have
elected to revise Sec. 1.651(c)(3) as described in section IX.B.,
because we believe this issue is better addressed as part of the
protocols for audits conducted under subpart M.
(Comment 113) Some comments assert that proposed Sec. 1.652(b) is
unnecessary, because many of the elements of regulatory audit reports
that we propose already are commonly included in audit reports. The
comments contend that listing specific elements to be included in a
regulatory audit report would be too prescriptive and would stifle
creativity. Other comments suggest that proposed Sec. 1.652(b) is
overly broad, and the comments object to the elements of the audit
reports. Some comments assert that reporting of recent recalls is
unnecessary because this is information already in FDA's possession.
Still other comments note that documents that are routinely part of an
audit process may contain critical business information. These comments
suggest that FDA should consider a ``tiered'' approach, by requiring
only summary reports on audit results to be submitted to FDA, not
proprietary information.
Other comments support proposed Sec. 1.652(b) and the data
elements we proposed to require in regulatory audit reports. Some of
these comments seek additional information on the form and manner of
submitting this information to FDA. The comments also ask whether the
regulatory audit reports will be publicly released.
(Response 113) We disagree with comments suggesting that proposed
Sec. 1.652(b) is unnecessary because the information we proposed to
require in regulatory audit reports already is included in the audit
reports prepared by third-party certification bodies. Although many of
the elements required to be included in the reports under this rule are
currently being included in audit reports prepared by third-party
certification bodies, it is important that we require the elements
included in this final rule because they are essential to the
preparation of audit reports that are consistent with the purpose of
this program.
We disagree with the comments asserting that proposed Sec.
1.652(b) is overly broad and the comments contending that the provision
is overly prescriptive. Section 808(c)(3)(A) of the FD&C Act requires
that audit reports include the dates and scope of the audit and the
identity of the persons at the audited eligible entity responsible for
compliance with food safety requirements. Section 808(c)(3)(A) of the
FD&C Act also gives FDA discretion to require that audit reports
include other information that relates to or may influence an
assessment of compliance with the FD&C Act. Under proposed Sec.
1.652(b), a regulatory audit report would include the elements required
by the statute, as well as the following information: Identifying
information for the eligible entity (and for the facility, if different
from the eligible entity); the food(s) and process(es) observed; any
deficiencies observed during the audit that relate to an FDA Class I or
Class II recall situation; and the corrective action plan for such
deficiencies. We also proposed to require the regulatory audit report
to indicate whether any sampling and laboratory analysis is used in the
facility and whether in the 2 years preceding the audit the entity:
Issued a food safety-related recall; made significant changes in the
facility, its process(es), or products; or was issued any food or
facility certifications.
As to the elements of the regulatory audit report in proposed Sec.
1.652, we note that paragraphs (b)(1) and (2) provide identifying
information for the eligible entity (and the facility audited, if
different than the eligible entity) and paragraphs (b)(3) and (5)
contain the elements required by section 808(c)(3)(A) of the FD&C Act.
We agree with comments asserting that it is not be necessary to include
information in regulatory audit reports that is already in FDA records;
therefore, we are removing the proposed requirements in Sec.
1.652(b)(9) and (11) to report information on food-safety related
[[Page 74615]]
recalls conducted by the eligible entity and food and facility
certifications issued to the eligible entity in the 2 years preceding
the audit. We are retaining the other elements of the regulatory audit
report under proposed Sec. 1.652(b)(4), (6) to (8), and (10)--i.e.,
whether the facility uses sampling and laboratory analysis, whether the
entity has made significant changes to the facility, its process(es),
or products during the 2 years preceding the audit; the foods and
process(es) that were observed, as well as any deficiencies related to
a Class I or Class II recall situation and the corrective action plans
for deficiencies--because they are related to or influential to a
determination of compliance with the applicable food safety standards
of the FD&C Act and FDA regulations.
As discussed in Response 67, we intend to provide additional
instructions relating to the form and manner of submitting information
to FDA. We also acknowledge comments' concerns about the protection of
proprietary information in regulatory audit reports submitted to FDA.
Information submitted to FDA is subject to public disclosure and under
part 20, and we are including new Sec. 1.695 on public disclosure in
section XIII.F of this final rule.
(Comment 114) Some comments contend that the submission of
regulatory audit reports under proposed Sec. 1.652 would ``empower''
accredited third-party certification bodies as ``de facto'' regulatory
authorities.
(Response 114) We disagree. Nothing in section 808 of the FD&C Act
or in the proposed rule would empower accredited third-party
certification bodies to implement or enforce the FD&C Act or FDA
regulations. Further, section 808(h) of the FD&C Act clearly states
that audits performed under this section shall not be considered
inspections under section 704 of the FD&C Act, which governs FDA
inspections.
(Comment 115) Some comments assert that regulatory audit reports
should be submitted to FDA only when there are questions about product
safety. Some comments suggest that proposed Sec. 1.652(b) could be
onerous because it would require regulatory audit reports to be
submitted to FDA in English by no later than 45 days after the audit
was completed. The comments assert that a lack of auditor capacity in
countries that export food to the United States could make it difficult
for accredited third-party certification bodies to meet the 45-day
deadline and suggest that FDA should consider adjusting the deadline
for regulatory audit report submission in light of factors such as
auditor capacity and the needs of seasonal producers. Other comments
support the proposed 45-day deadline for audit report submission,
noting that many audit reports currently take more than 45 days to
complete, some taking nearly a year to be issued. Still other comments
focus on the proposed requirement in Sec. 1.652(b) to submit
regulatory audit reports in English, urging us to accept reports in
various languages, including Spanish.
(Response 115) Section 808(c)(3)(A) of the FD&C Act requires as a
condition of accreditation that regulatory audit reports to be
submitted to FDA within 45 days after conducting the audit.
Accordingly, we decline the suggestion to limit the submission of
regulatory audit reports to circumstances where there are questions
about product safety. We also decline to extend the statutory 45-day
deadline for submission of a regulatory audit report.
We believe that allowing regulatory audit reports to be submitted
in languages other than English, as some comments suggest, would create
unnecessary obstacles to our program management and oversight. For
example, we may review a regulatory audit report to assist us in
deciding whether to accept a certification or to reject the
certification after determining that is not valid or reliable. If we
were to allow regulatory audit reports to be submitted in languages
other than English, we might have to wait weeks for a translation. Such
a delay would postpone our decision on whether to accept or refuse the
certification and might have negative effects on the flow of trade.
(Comment 116) Some comments oppose a proposal to use DUNS[supreg]
numbers in UFIs for audited facilities and eligible entities that would
be required to be submitted to FDA in regulatory audit reports under
proposed Sec. 1.652(b)(1)(i) and (b)(2). The comments suggest that
using DUNS [supreg] numbers in UFIs would create a monopoly for Dun and
Bradstreet (D&B) and give D&B an unfair competitive advantage. The
comments also express concern that establishments will face increased
pressure to buy other D&B products. Other comments suggest that DUNS
[supreg] numbers are not used outside the United States because, for
example, DUNS[supreg] numbers require data such as street names,
telephone numbers and other data points that small producers located
outside the United States might not have. Instead, these comments
suggest, FDA should use GPS latitude and longitude coordinates as UFIs.
Some other comments express support for UFI requirements that would
include the use of DUNS[supreg] numbers in UFIs for audited facilities
and eligible entities. The comments assert that because DUNS[supreg]
numbers are widely used, it would be reasonable for FDA to require
DUNS[supreg] numbers to be used in UFIs under the third-party
certification program.
(Response 116) As explained in Response 111, FDA currently is
considering whether to require regulated establishments to have UFIs
and, if so, whether DUNS[supreg] numbers should be included in UFIs. As
explained previously, under this final rule, an accredited third-party
certification body will be required to include a UFI for an audited
facility and for an eligible entity (if different from the audited
facility) in a regulatory audit report under Sec. 1.652(b)(1)(i) and
(b)(2), if FDA designates a UFI system.
(Comment 117) Some comments agree with proposed Sec. 1.652(b)(4),
which would require regulatory audit reports to include information on
the process(es) and food(s) observed during the audit. Some comments
request clarification of what process(es) and food(s) would need to be
observed in a facility with several processes, and other comments ask
what information FDA is seeking about the process(es) that were
observed during a regulatory audit.
(Response 117) As explained in Response 106, we do not believe that
direct observation of each type of food produced under a management
system is necessary when an audit covers the appropriate physical
locations, activities, and processes that are part of the management
system to be audited, and information collected during the audit must
be relevant to the audit scope, purpose, and criteria, including
information relating to interfaces between functions, activities, and
processes of the management system. Therefore, information on the
process(es) and food(s) observed by the audit agent (or accredited
third-party certification body that is an individual) is useful in
light of the scope of the audit and the management system(s) audited.
(Comment 118) Some comments endorse proposed Sec. 1.652(b)(8),
which would require the regulatory audit report to include information
on whether sampling and analysis is used at the facility being audited.
Of the comments that support proposed Sec. 1.652(b)(8), some would
further require regulatory audit reports to include reporting of
sampling and analytical results of sampling by the
[[Page 74616]]
eligible entity. Others suggest including analytical results relating
to any deficiencies observed during an audit and the effectiveness of
corrective actions taken to address the deficiency.
(Response 118) We agree that it is useful for FDA to have
information on whether an eligible entity uses sampling and analysis as
a tool for verifying the effectiveness of its controls. Section 1.652
does not require sampling or analysis on a routine basis; however,
analytical reports must be included in regulatory audit reports if the
certification body finds them to be relevant to the any elements of an
audit report, such as a verification of corrective actions or in
support of a decision not to certify. We note that sampling or
analytical reports that are collected as part of a regulatory audit
must be maintained as required under Sec. 1.658(a)(3).
(Comment 119) Some comments support proposed Sec. 1.652(b)(9),
which would require information on recent recalls to be included in
regulatory audit reports. Other comments suggest that requiring recall
information to be included in a regulatory audit report might lead to
questions about the validity of a certification that the accredited
third-party certification body might issue based on the results of its
regulatory audit of the eligible entity. Some other comments suggest
that requiring an accredited third-party certification body to include
information on recent recalls in a regulatory audit report would be
duplicative, because FDA should already have information on any recalls
of regulated product exported to the United States, and recalls of
product that was not exported to the United States would not be
relevant to the regulatory audit report.
(Response 119) We agree with comments suggesting that it would be
duplicative to require accredited third-party certification bodies to
include information on recent recalls in regulatory audit reports and
are removing proposed Sec. 1.652(b)(9) in the final rule.
(Comment 120) Some comments ask for clarification on proposed Sec.
1.652(b)(11), which would require information on recent certifications
to be included in regulatory audit reports. The comments ask whether a
certification issued outside of the third-party certification program
should be included in a regulatory audit report and if so, should the
report identify the standards under which the certification was issued.
(Response 120) Requiring information on certifications issued under
the third-party certification program would be duplicative because
certifications previously issued by the accredited third-party
certification body under the program already would have been submitted
to FDA. Further, we see no benefit to requiring the submission of
information on certifications issued outside of this program.
Accordingly, we are removing proposed Sec. 1.652(b)(11) from the final
rule.
(Comment 121) Some comments urge us to create a clear mechanism for
eligible entities to appeal adverse audit results.
(Response 121) Under proposed Sec. 1.652(d) an accredited third-
party certification body would have to implement written procedures for
receiving, evaluating, and deciding on eligible entity challenges to
adverse regulatory audit results. We believe this section provides a
clear mechanism for eligible entities to be able to appeal adverse
regulatory audit results. As explained in Response 36, we are
clarifying that persons presiding over such appeals may be internal or
external to the accredited third-party certification body.
D. What must an accredited third-party certification body do when
issuing food or facility certifications? (Sec. 1.653)
The proposed rule describes the activities that an accredited
third-party certification body would have to perform when issuing food
and facility certifications. Proposed Sec. 1.653 would require the
certification body to have conducted a regulatory audit under proposed
Sec. 1.651 and to conduct any other activities necessary to determine
compliance under the applicable food safety requirements of the FD&C
Act and FDA regulations.
No certificate could be issued until the eligible entity took
corrective actions to address any deficiencies reported under proposed
Sec. 1.652(b)(6), and the corrective actions were verified by the
accredited third-party certification body. The verification would need
to occur onsite, unless the deficiency was a minor issue. A single
audit could result in food and facility certifications or multiple food
certifications only if the regulatory audit requirements were met as to
each.
Where a certification body uses audit agents, the certification
body, not the audit agent, would make the determination whether to
issue certification. However, the statute allows for individuals to be
accredited as certification bodies; in that circumstance, the same
individual would conduct the audit and also determine whether to issue
certification.
On our own initiative, we are revising Sec. 1.653(a)(3) to replace
the phrase ``assessment made during'' with ``the data and other
information'' to clarify what an accredited third-party certification
body must consider when determining whether an eligible entity is in
compliance with the applicable food safety requirements of the FD&C Act
and FDA regulations.
On our own initiative, we are making a number of revisions Sec.
1.653(b). We are revising paragraph (b)(1) to clarify that the
accredited third-party certification body may issue a food or facility
certification under this subpart for a term of up to 12 months.
Throughout paragraph (b)(2) we are specifying that the food or facility
certification must contain information about regulatory audits. At our
own initiative, we are revising Sec. 1.653(b)(2)(ii) and (iii) to
require accredited third-party certification bodies to provide the FEI
of the audited facility and the FEI of the eligible entity, if
different from the audited facility, and we revised Sec. 1.653(b)(2)
(iv) to require accredited third-party certification bodies to assign
numbers to certifications they issue under the program. We are revising
paragraph (b)(3) to clarify that FDA may refuse to accept any
certification for purposes of section 801(q) or 806 of the FD&C Act if
we determine that the certification is not valid or reliable. We are
also adding new subparagraph (b)(3)(iii) to specify that if the
certification was issued without reliable demonstration that the
requirements of paragraph (a) were met, we may determine that the
certification is not valid or reliable.
(Comment 122) Some comments contend that proposed Sec. 1.653(a)(2)
would require accredited third-party certification bodies to perform
onsite verifications of corrective actions in situations where other
methods of verification would be adequate. The comments assert that, by
requiring onsite verification for any corrective action (other than an
action taken to address recordkeeping deficiencies), the proposed rule
would impose undue costs on eligible entities and would exacerbate
issues of auditor capacity.
The comments suggest that we allow for remote verification of
corrective actions through photographs, live web-cam transmissions, and
any other means that would provide evidence that corrective action has
been taken and the eligible entity is in compliance with the FD&C Act.
The comments suggest that FDA may, in its discretion, require onsite
visits to confirm that corrective actions were taken in extraordinary
situations where efforts short of onsite
[[Page 74617]]
observation would be insufficient to protect the public, such as in
Class I recall situations. Some comments urge us to follow the
requirements of ISO/IEC 17021:2011 (Ref. 6) for verification of
corrective actions.
(Response 122) We agree that onsite verification of corrective
actions would not be necessary to address every deficiency identified
in a regulatory audit report under proposed Sec. 1.652(b)(6). ISO/IEC
17021:2011 (Ref. 6) (clauses 9.1.12-9.1.13) describes a range of
activities--from document review to onsite verification to additional
full audits--that a third-party certification body may use verifying
the effectiveness of corrective actions. Remote verification may be
appropriate where it would provide an adequate basis for the accredited
third-party certification body to determine that the eligible entity
had implemented effective corrective action(s) to address the
identified deficiency or deficiencies. Accordingly, we are revising
Sec. 1.653(a)(2) to expand the methods of verification an accredited
third-party certification body may use to verify corrective actions for
deficiencies identified in Sec. 1.652(b)(6), except that corrective
actions in a facility that was the subject of a notification under
Sec. 1.656(c) must be verified onsite.
(Comment 123) Some comments urge FDA to establish qualifications
for the individuals accredited third-party certification bodies would
use to make certification decisions. The comments suggest that an
accredited third-party certification body should use a panel of experts
with appropriate industry or regulatory experience to make
certification decisions on behalf of the body. Other comments urge FDA
to identify the criteria an accredited third-party certification body
should use in determining whether to issue certification under section
808 of the FD&C Act.
(Response 123) We agree with the comments suggesting that
individuals involved in compliance determinations and certification
decisions under section 808 of the FD&C Act must be appropriately
qualified for those responsibilities. We agree that decisions on
certification should be made by individuals other than audit agents who
conducted the regulatory audits that would form the basis for the
decisions on certification, except individuals accredited as third-
party certification bodies may perform regulatory audits and issue
certifications based on the results of regulatory audits they
performed. An assessment for accreditation of a third-party
certification body under Sec. 1.642 would focus not only on its
competency and capacity for auditing food facilities but also on its
capacity to review audit results to determine compliance with
applicable food safety requirements for purposes of certification.
While an accredited third-party certification body may wish to use a
panel of experts for certification decisions, it is not necessary under
this rule.
(Comment 124) Some comments suggest that certifications issued
under section 808 of the FD&C Act should clearly delineate the scope of
products and processes covered by the certification.
(Response 124) Proposed Sec. 1.653(b)(2)(iv) and (vi) would
require the certification to include both the scope of the audit and
the scope of the food or facility certification. We believe the concern
about the scope of products and processes covered by the food or
facility certification is adequately addressed by the proposed rule,
and we are retaining these provisions in the final rule.
E. When must an accredited third-party certification body monitor an
eligible entity that it has issued a food or facility certification?
(Sec. 1.654)
Proposed Sec. 1.654 would require an accredited third-party
certification body to conduct monitoring of an eligible entity if the
certification body has reason to believe that an eligible entity to
which it issued a certification may no longer be in compliance with the
FD&C Act.
(Comment 125) Comments endorsing proposed Sec. 1.654 suggest that
FDA establish criteria for the ``reason to believe'' standard--that is,
the circumstances FDA believes would trigger a requirement for an
accredited third-party certification body to monitor an eligible
entity. The comment further suggests that FDA should make these
criteria available for public comment.
(Response 125) FDA declines to codify specific criteria that would
trigger the need for an accredited third-party certification body to
conduct monitoring of an eligible entity to determine whether the
entity is still in compliance with applicable requirements, as such
criteria would be fact-specific and FDA cannot contemplate all
situations that would require such monitoring. FDA envisions that the
circumstances that might trigger monitoring under Sec. 1.654 are ones
that may affect the eligible entity's capability to continue to comply
with the applicable food safety requirements of the FD&C Act and FDA
regulations, such as: (1) Significant changes to the audited facility,
such as capital improvements; (2) major changes to the eligible
entity's management system and processes; or (3) changes to the scope
of operations, such as changes in manufacturing processes, that may
affect the compliance status of an eligible entity.
(Comment 126) Other comments urge FDA to require an accredited
third-party certification body to notify an eligible entity immediately
upon determining that monitoring of the eligible entity prior to
recertification would be necessary.
(Response 126) We decline the suggestion to require notification of
an eligible entity prior to monitoring under Sec. 1.654, as we believe
it is more appropriate for the accredited third-party certification
body to decide based on the circumstances whether it should alert an
eligible entity it has certified that monitoring is necessary or
conduct unannounced monitoring activities. An accredited third-party
certification body may choose to notify an eligible entity before
conducting monitoring activities that are unrelated to the eligible
entity's annual audit for recertification purposes, which must be
conducted on an unannounced basis pursuant to Sec. 1.651(c)(1).
F. How must an accredited third-party certification body monitor its
own performance? (Sec. 1.655)
Proposed Sec. 1.655 would require an accredited third-party
certification body to conduct self-assessments annually and in the case
of revocation of the recognition of its accreditation body and prepare
a report of the results of each self-assessment.
On our own initiative, we are revising Sec. 1.655(a)(1) to clarify
that as part of the self-assessment, an accredited third-party
certification body must evaluate the performance of its audit agents in
examining facilities, process(es), and food using the applicable food
safety requirements of the FD&C Act and FDA regulations, which will
conform with other changes being made to the final rule.
(Comment 127) Some comments support the proposal to require
accredited third-party certification bodies to conduct self-
assessments. Other comments recommend that FDA should be more explicit
in the requirements for self-assessments.
(Response 127) We decline the suggestion to be more explicit in the
requirements for self-assessments, as the requirements in Sec. 1.655
include sufficient details for conducting self-assessments. Comments
did not provide adequate justification for adding
[[Page 74618]]
additional elements to the self-assessment.
(Comment 128) Some comments request that accredited governmental
certification bodies be allowed to conduct self-assessments at a
frequency different than other accredited third-party certification
bodies.
(Response 128) We decline to create different timeframes for self-
assessments for governmental versus private certifications bodies. As
explained in Response 39, Sec. 1.655 is part of a set of proposed
monitoring and self-assessment requirements intended to work together
in helping to ensure that the recognized accreditation bodies and
accredited third-party certification bodies maintain compliance with
the rule's requirements. The certification body self-assessment in
Sec. 1.655 is intended to serve, in part, as information for use in
the annual accreditation body monitoring in Sec. 1.621, the results of
which we intend the accreditation body to use in its annual self-
assessment under Sec. 1.622. This system of assessments takes place on
an annual basis and is an essential part of the program's safety net.
Allowing different timeframes for assessments by different participants
would undermine the credibility of the program and create undue
administrative complexity. We believe this section will be far less
burdensome in practice than some of the commenters may have
anticipated. We note that to address general concerns about the burden
of these requirements, similar to other sections of the final rule, FDA
is adding a new Sec. 1.655(e) to allow an accredited third-party
certification body to use documentation of its conformance to ISO/IEC
17021:2011 or ISO/IEC 17065:2012, supplemented as necessary, to meet
the requirements of this section.
(Comment 129) Some comments assert that accredited third-party
certification bodies should not be required to be prepare self-
assessment reports in English under proposed Sec. 1.655(d).
(Response 129) In response to comments and consistent with
revisions made elsewhere in the final rule, we are removing the English
language requirement in Sec. 1.655(d) for self-assessment reports
prepared by third-party certification bodies accredited by a recognized
accreditation body. However, we are now including a requirement in
Sec. 1.656(b) of submission in English for self-assessment reports
prepared by third-party certification bodies directly accredited by FDA
and self-assessments submitted to FDA as a result of an FDA request for
cause or due to the termination of an accreditation body's recognition
due to denial of renewal, revocation, or relinquishment/failure to
renew under Sec. 1.631(f)(1)(i), 1.634(d)(1)(i), or 1.635(c)(1)(i),
respectively.
G. What reports and notifications must an accredited third-party
certification body submit? (Sec. 1.656)
Proposed Sec. 1.656 would establish requirements for various
reports and notifications that accredited third-party certification
bodies would have to submit to FDA and, as appropriate, recognized
accreditation bodies. Proposed Sec. 1.656(a) would establish the
requirements for submission of regulatory audit reports, and proposed
Sec. 1.656(b) would establish the requirements for submission of
reports of accredited third-party certification body self-assessments.
Proposed Sec. 1.656(c) would require an accredited third-party
certification body to immediately notify us, in English, of a condition
that could cause or contribute to a serious risk to the public health
(notifiable condition) that the certification body (or its audit agent)
discovered while conducting a regulatory or consultative audit of an
eligible entity. In the preamble discussion of proposed Sec. 1.656(c)
(78 FR 45782 at 45815), we solicited examples of conditions that might
and might not meet the standard in section 808(c)(4)(A) of the FD&C Act
for notifying FDA. We asked for input on whether the FDA Class I and
Class II recall standards, taken together, might adequately address any
condition covered by section 808(c)(4)(A) of the FD&C Act.
Proposed Sec. 1.656(d) would require an accredited third-party
certification body to immediately notify us electronically, in English,
upon withdrawing or suspending the food or facility certification of an
eligible entity. Proposed Sec. 1.656(e)(1) would require an accredited
third-party certification body that notified FDA under proposed Sec.
1.656(c) also to notify the eligible entity where the condition was
discovered. Proposed Sec. 1.656(e)(2) would require the accredited
third-party certification body to notify its accreditation body (or, in
the case of direct accreditation, to us) electronically, in English,
within 30 days after making any significant change that may affect its
compliance with the requirements of Sec. Sec. 1.640 through 1.658.
On our own initiative we are revising Sec. 1.656(c)(1) and (2) to
clarify if a condition that could cause or contribute to a serious
public risk to the public health is discovered, that in addition to the
name of the eligible entity and/or facility, an accredited third-party
certification body must also provide the physical address, unique
facility identifier (if designated by FDA), and the registration number
under subpart H of this part (where applicable).
(Comment 130) Some comments support proposed Sec. 1.656(a), which
would require submission of regulatory audit reports to FDA, but would
not require reports of consultative audits to be submitted. Other
comments interpret the proposed rule as requiring submission of
consultative audit reports to FDA and the reporting of laboratory
analytical results under section 422 of the FD&C Act.
(Response 130) Under section 808(c)(3)(A) of the FD&C Act, an
accredited third-party certification body or an audit agent of a third-
party certification body, where applicable, ``shall prepare, and, in
the case of a regulatory audit, submit, the audit report for each audit
conducted . . .'' Based on the statutory language, it is clear that
Congress only desired reports of regulatory audits to be submitted to
FDA. We also note that section 808(c)(3)(C) of the FD&C Act limits the
ability for FDA to access the results of consultative audits to
circumstances described in the records access standard of section 414
of the FD&C Act. Some comments incorrectly interpreted the proposed
rule to require the submission of the certification bodies' laboratory
records and results. We are only requiring maintenance of such records
and results under Sec. 1.658.
(Comment 131) Some comments contend that we are interpreting the
notification standard in section 808(c)(4)(A) of the FD&C Act too
broadly, because the statute only requires accredited third-party
certification bodies to notify FDA of notifiable conditions discovered
during a regulatory audit. The comments assert that Congress did not
intend us to require notification of conditions found during
consultative audits, because those audits are for internal purposes;
therefore, we should revise proposed Sec. 1.656(c) to remove the
reference to a consultative audit. Other comments assert that
notifications submitted for conditions found during a consultative
audit could overwhelm FDA with data that could make it difficult to
identify the most serious risks to public health. Still other comments
support our proposal to require notification of conditions found during
consultative and regulatory audits.
Some comments describe a range of activities that generally may be
referred to as consultative audits and suggest
[[Page 74619]]
that requiring notification to FDA of conditions found during these
types of consultative audits may have unintended consequences. The
comments note the important role of third-party audits (and
consultative audits, in particular) in assisting the food industry
identify and fix internal problems and drive continuous improvements.
The comments suggest that requiring notification during consultative
audits might create disincentives for firms who might otherwise use
accredited third-party certification bodies to perform consultative
audits and for third-party certification bodies who might otherwise be
interested in participating in the program.
(Response 131) We decline the suggestion to limit Sec. 1.656(c) to
require notification only of conditions found during a regulatory
audit, because section 808(c)(4)(A) and (B) of the FD&C Act require
notification based on conditions found ``at any time during an audit''
and identifies ``audits'' as both consultative and regulatory audits.
Although we decline to limit Sec. 1.656(c) as the comment suggests
we believe that many of the concerns about notification during a
consultative audit are mitigated by revisions that clarify the scope of
the consultative audits that are, and are not, covered by the rule (see
Sections III.E and III.J). Under the final rule, an accredited third-
party certification body would only be required to notify FDA of a
condition that could cause or contribute to a serious risk to the
public health if the condition was discovered during an audit that an
eligible entity has specifically declared to be a regulatory audit for
certification purposes or a consultative audit in preparation for a
regulatory audit under this rule.
(Comment 132) Several comments contend that ``serious risk to the
public health'' has the same meaning as ``serious adverse health
conditions or death to humans or animals'' (SAHCODHA) as that phrase is
used throughout the FD&C Act. Specifically, the comments assert that
FDA should only require accredited third-party certification bodies to
notify FDA of conditions that pose a risk of SAHCODHA, as that standard
is interpreted for purposes of the Reportable Food Registry (RFR) under
section 417 of the FD&C Act (21 U.S.C. 350f).
The comments reject our tentative conclusion that the range of
conditions that require notification under section 808(c)(4)(A) of the
FD&C Act is broader than SAHCODHA, because the statute describes
notifiable conditions as ones that ``could'' cause or contribute to a
serious risk to public health. In response to our request for input,
the comments specifically reject an interpretation of ``serious risk to
the public health'' that might include, for example, conditions that
pose a risk of temporary or medically reversible adverse health
consequences or where the probability of adverse health consequences is
remote. Some comments suggest that accredited third-party certification
bodies and audit agents would be more readily able to identify
conditions that pose a SAHCODHA risk but would find it more difficult
to identify other conditions that would need to be notified to FDA
under proposed Sec. 1.656(c). Other comments support our tentative
conclusion that a ``condition that could cause or contribute to a
serious risk to the public health'' is broader than a condition
relating to a SAHCODHA risk.
(Response 132) We disagree with comments suggesting that the phrase
``serious risk to public health'' in section 808(c)(4)(A) of the FD&C
Act should be interpreted as a risk of SAHCODHA. We note that Congress
chose to incorporate SAHCODHA in section 808(c)(6)(A) to describe
outbreak situations that would lead to withdrawal of accreditation, but
did not use SAHCODHA in describing the conditions that must be notified
to FDA under section 808(c)(4)(A) of the FD&C Act. Additionally,
Congress chose to incorporate SAHCODHA in other sections of FSMA, such
as in provisions on suspension of registration in section 102(b)
amending section 415 of the FD&C Act. In light of the foregoing, we
believe that Congress intended for a ``serious risk to the public
health'' to be distinct from a risk of SAHCODHA and, therefore, reject
the suggestion that accredited third-party certification bodies would
only need to notify FDA of conditions that pose a risk of SAHCODHA
under proposed Sec. 1.656(c). We conclude that notifiable conditions
include not only those that present a risk of SAHCODHA, but also other
conditions that ``could cause or contribute to a serious risk to the
public health.''
Although it is difficult to predict the range of conditions or
circumstances that accredited third-party certification bodies and
audit agents might encounter, we offer some factors that may be useful
in identifying whether a condition would need to be notified under
Sec. 1.656(c), such as whether the condition relates to incoming
ingredients that will be subject to control within the facility, or an
area of the facility where pre-production materials are held; whether
the condition relates to the post-processing environment or where
finished product is held prior to distribution; and whether the
condition relates to food, process(es), or areas of the facility
associated with food that is destined for export to the United States,
and not if it relates solely to food, process(es), or areas of the
facility associated with food for consumption other than in the United
States.
(Comment 133) Some comments urge us to revise proposed Sec.
1.656(c) to incorporate the limitations on reporting that apply to the
RFR under section 417(d)(2) of the FD&C Act, such that notification
would only be submitted if food adulterated as a result of the
notifiable condition had left the control of the eligible entity. The
comments assert it would be reasonable for FDA to interpret section
808(c)(4)(A) of the FD&C Act such that an accredited third-party
certification body would not need to alert FDA immediately upon
discovering a notifiable condition if the eligible entity reworked
adulterated product or destroyed it before the adulterated food was
transferred to another person. Other comments suggest that proposed
Sec. 1.656(c) is redundant because such conditions are subject to RFR
reporting.
(Response 133) We decline the suggestion to revise Sec. 1.656(c)
to incorporate an exception similar to section 417(d) of the FD&C Act
as there is no exception to the notification requirement in section
808(c)(4) as there is in section 417(d). Further, we believe the
notification requirement in section 808(c)(4) serves not only to inform
FDA of potential risks to the public, but also enhances credibility of
the program by giving FDA, accredited certification bodies, and
recognized accreditation bodies information that may be relevant to our
oversight of the food safety and third-party programs. We believe that
given the statutory language and goals of the third-party certification
program, it is appropriate for the notification requirement in this
rule to have different requirements and exceptions than other
notification provisions in the FD&C Act.
As such, we also disagree with comments suggesting the obligation
of a responsible party to submit a report to FDA through the RFR makes
proposed Sec. 1.656(c) redundant. Among other things, RFR requirements
only apply to facilities that are required to register with FDA under
section 415 of the FD&C Act. An eligible entity that is a farm, for
example, would not be subject to RFR requirements. Additionally, as
discussed previously, the reporting
[[Page 74620]]
requirement under this rule contains no exception for circumstances
when the food adulterated as a result of the notifiable condition has
not left the control of the eligible entity. In light of the foregoing,
we are retaining Sec. 1.656(c) without the revisions suggested by the
comments.
(Comment 134) Some comments urge us to revise proposed Sec.
1.656(e)(1) to allow for concurrent notification of FDA and the
eligible entity where the notifiable condition was discovered.
(Response 134) We agree and are adding to Sec. 1.656(e)(1) a
provision that allows, where feasible and reliable, for the accredited
third-party certification body to contemporaneously notify its
recognized accreditation body and/or the eligible entity when notifying
FDA. We note that this provision does not affect the obligation for the
accredited third-party certification body to notify FDA immediately of
a notifiable condition under Sec. 1.656(c).
H. How must an accredited third-party certification body protect
against conflicts of interest? (Sec. 1.657)
Proposed Sec. 1.657 sets out the elements of a conflict of
interest program that an accredited third-party certification body
would be required to have. Proposed Sec. 1.657(a) would require the
accredited third-party certification body to have a written program
that covers the certification body itself and any of its officers,
employees, or other agents (e.g., audit agents) conducting audits or
certification activities under this program. Proposed Sec. 1.657(b)
would address the requirement, in section 808(c)(5)(C) of the FD&C Act,
to issue implementing regulations that include a structure to decrease
the potential for conflicts of interest, including timing and public
disclosure, for fees paid by eligible entities to accredited third-
party certification bodies. Proposed Sec. 1.657(c) would impute to an
accredited third-party certification body's officer, employee, or other
agent the financial interests of his or her spouse and minor children,
if any. Proposed Sec. 1.657(d) would require an accredited third-party
certification body to maintain on its Web site an up-to-date list of
eligible entities to which it issued certifications under this subpart,
the duration and scope of each such certifications, and the date on
which the eligible entity paid any fee or reimbursement under proposed
Sec. 1.657(c).
On our own initiative, we are revising the accredited third-party
certification body conflict of interest provisions in Sec. 1.657(a)(1)
to clarify that the certification body, its officers, employees, and
other agents involved in auditing and certification activities cannot
own, operate, have a financial interest in, manage, or otherwise
control an eligible entity to be certified. We also are redesignating
proposed paragraphs (a)(2) to (4) as (a)(3) to (5) and adding a new
paragraph (a)(2) to conform to section 808(c)(5)(A)(i) of the FD&C Act.
Additionally, we are revising redesignated Sec. 1.657(a)(3) to add
financial interests, management, or control to the proposed list of
prohibited interests for audit agents.
(Comment 135) Some comments support proposed Sec. 1.657, asserting
that it strikes the right balance between ensuring rigorous protections
against conflicts of interest and protection of trade secrets and
confidential commercial information. Other comments oppose the third-
party certification program that is the subject of this rulemaking
because private auditors are inherently conflicted and food safety
inspections should be conducted only by FDA.
Other comments suggest various additional conflict of interest
restrictions that should be placed, such as requiring an individual
audit agent or an individual accredited as a third-party certification
body to divest of all interests in FDA-regulated food firms;
prohibiting such individual from conducting a regulatory audit of an
eligible entity where the individual previously conducted a
consultative audit or where the individual was previously employed; and
prohibiting the individual from accepting an offer of employment from
an audited eligible entity for 1 year following an audit. Still other
comments urge FDA to prohibit meals or beverages from being provided
during an audit or to define the de minimis value of meals and
beverages that may be provided onsite during an audit.
(Response 135) We believe the accredited third-party certification
program that Congress directed us to establish under section 808 of the
FD&C Act will provide a valuable complement to FDA inspections and will
allow us to leverage rigorous, independent third-party audits in
helping to ensure the safety of the U.S. food supply. We disagree with
comments contending that third-party certification programs are so
inherently conflicted that such a program is not worthwhile.
We believe the conflict of interest restrictions for accredited
third-party certification bodies and for their audit agents that are
established by section 808 of the FD&C Act for public and private
third-party certification bodies, as implemented by this rule, provide
the safeguards necessary for a credible third-party certification
program. Accordingly, we decline suggestions to revise Sec. 1.657 to
place additional conflict of interest limitations that would be
impractical and unnecessary, such as requiring: (1) Requiring full
divestment by audit agents of interests in any FDA-regulated food firm;
(2) prohibiting an individual who conducted a consultative audit of an
eligible entity from ever conducting a regulatory audit of the same
eligible entity; (3) prohibiting an individual who audited an eligible
entity from accepting an offer of employment from the eligible entity
for 1 year following the audit; and (4) prohibiting an individual
conducting an audit from accepting a beverage or a meal of de minimis
value that is provided onsite during audit.
We disagree with comments suggesting that by providing meals of a
de minimis value, an eligible entity or facility might influence the
outcome of an audit by an accredited third-party certification body,
particularly if the only allowable meals are ones of minimal value that
are provided during the course of an activity and with the purpose of
facilitating timeliness and efficiency. As explained in Response 55,
FDA follows a similar approach for investigators conducting foreign
inspections--that is, FDA investigators performing foreign inspections
are allowed to accept lunches (of little cost) provided by firms during
the course of foreign inspections. We also note that the U.S.
government allows its employees to accept meals, within per diem
limits, when on official business in a foreign country, as an exception
to the prohibition on the acceptance of gifts or gratuities from
outside sources (5 CFR 2635.204(i)(1)), though we believe the FDA's
practices for foreign inspections serve as a better model because
foreign inspections are more analogous to foreign audits than are the
range of activities that covered by the general requirements applicable
to all U.S. government employees on official business in foreign
countries. Accordingly, in light of the comments received and analogous
FDA guidelines, we have concluded that it is reasonable and appropriate
to limit the meal exception in Sec. 1.657(a)(4)(ii) to only lunches of
de minimis value provided during the course of an audit, on site at the
premises where the assessment is being conducted, and only if necessary
to facilitate the efficient conduct of the audit. We believe these
revisions help to address concerns regarding the threats to
impartiality, while accommodating the practical considerations that
apply to foreign audits.
[[Page 74621]]
Consistent with our guidance to recognized accreditation bodies
under Response 55, we offer the following additional input to
accredited third-party bodies seeking guidance on the application of
Sec. 1.657(a)(4)(ii). In considering whether a meal is allowable under
this provision, we recommend first considering whether accepting the
lunch is necessary to facilitate the efficient conduct of the audit. We
recommend considering: (1) Whether the circumstances surrounding the
travel would allow a lunch to be packed bring on site; (2) Whether the
meal is being provided during the midday or early afternoon. A lunch
provided in the midst of an audit is different than a lunch or other
meal provided at the completion of the audit; (3) Whether the site of
the audit is in close proximity to a retail food establishment, or is
at a remote location far from a retail food establishment; (4) What is
the estimated value (or cost) of the lunch in light of the costs
associated with the area where the audit is being conducted; and (5)
other similar considerations.
For accredited third-party certification bodies or audit agents
seeking additional guidance on determining what constitutes a ``de
minimis'' amount for purposes of complying with Sec. 1.624(a)(3)(ii),
we offer the following guidance that is based on the requirements
applicable to U.S. government employees who accept certain meals while
on official travel in foreign countries. Such employees must deduct
from the per diem the value of that meal, calculated using a two-step
process.
First, the individual must determine the per diem applicable to the
foreign area where the meal was provided, as specified in the U.S.
Department of State's Maximum Per Diem Allowances for Foreign Areas,
Per Diem Supplement Section 925 to the Standardized Regulations (GC,FA)
available from the Superintendent of Documents, U.S. Government
Printing Office, Washington, DC 20402, and available on the Department
of State Web site at https://aoprals.state.gov/Web920/per_diem.asp.
(Foreign per diem rates are established monthly by the Department of
State's Office of Allowances as maximum U.S. dollar rates for
reimbursement of U.S. Government civilians traveling on official
business in foreign areas.)
Second, the individual must determine the appropriate allocation
for the meal within the daily per diem rate which is broken down into
Lodging and M&IE that are reported separately in Appendix B of the
Federal Travel Regulation and available on the Department of State's
Web site at https://aoprals.state.gov/content.asp?content_id=114&menu_id=78.
Accordingly, under Sec. 1.657(a)(4)(ii), an accredited third-party
certification body that is an individual or an audit agent of an
accredited third-party certification body who is conducting a food
safety audit of an eligible entity may accept lunch provided during an
audit and on the premises where the audit is conducted, if necessary to
facilitate the efficient conduct of the audit.
(Comment 136) Some comments raise concerns about possible conflicts
of interests. Some comments urge us to attach additional controls to
the accreditation of foreign cooperatives to prevent them from auditing
and certifying their members' facilities and food. Other comments
recommend we further consider the difficulties involved with foreign
governments demonstrating impartiality of their processes in auditing
and certifying facilities owned by the foreign government.
(Response 136) We note that under proposed Sec. 1.657, foreign
cooperatives accredited as third-party certification bodies would not
be able to audit or certify their members' facilities or foods under
the program, because of their shared financial interests.
We decline the suggestion to develop special sets of controls for
one or more types of third-party certification bodies eligible to be
considered for accreditation under section 808 of the FD&C Act. We note
that the conflict of interest requirements in section 808(c)(5) of the
FD&C Act apply equally to the foreign governments, agencies of foreign
governments, foreign cooperatives, and other third-parties. That is, a
foreign government accreditation body that is recognized by FDA under
this program may accredit government auditors (i.e., the competent
authority for food safety) from the same nation, provided that the
conflict of interest requirements in Sec. 1.657 are met. Consistent
with the approach taken in the statute, we believe that this
comprehensive, rigorous set of conflict of interest requirements make
it unnecessary for us to create a different or special controls for
certain types of certification bodies.
(Comment 137) Some comments support the proposal to require
accredited third-party certification bodies to maintain up-to-date
lists of eligible entities to which food or facility certification were
issued, together with the duration and scope of each such
certification. The comments suggest that having this information
readily available would be helpful to importers seeking to participate
in VQIP and those seeking to import food that is subject to import
certification under section 801(q) of the FD&C Act.
Other comments suggest that requiring an accredited third-party
certification body to maintain a list of certified eligible entities on
its Web site, together with the dates each eligible entity paid
certification fees, could create an unfair competition. The comments
contend that the statute does not require disclosure of the date of
payment of fees and seek clarification on the basis for disclosing the
timing of fee payments. Other comments suggest that information on
payment of fees should remain confidential between the accredited
third-party certification body and the eligible entities it audited and
suggest the information could be made available to FDA on request.
Still other comments contend that FDA should only have access to
information on fee payments by eligible entities upon a showing of
cause.
(Response 137) We agree with comments suggesting that Web site
listings of eligible entities to which food or facility certification
were issued will be helpful to importers. We disagree that such
information would create unfair competition, and the comment did not
provide an explanation as to why this would be the case. To the
contrary, publicizing this information will increase transparency and
accountability of the program. We are not proposing to require
disclosure of the amount of fees paid by eligible entities, because we
are concerned that publicizing the amounts of fee payments may lead to
certification bodies using this information to gain a competitive
advantage by offering audits at discount rates. However, we believe
proposed Sec. 1.657(c) meets the requirement of section
808(c)(5)(C)(ii) of the FD&C Act to provide information on the timing
of fee payments and will help build confidence in the third-party
certification program by providing assurances that payments are not
related to the results of regulatory audits. We decline to adopt the
alternative approach suggested by comments--i.e., such information
should be disclosed to FDA only when needed to investigate problems if
they occur, and publicly released only if disclosure would improve
public health--as inadequate to satisfy the requirements of section
808(c)(5)(C)(ii) of the FD&C Act. In light of the foregoing, we are
retaining Sec. 1.657(c), redesignated as Sec. 1.657(d), as proposed.
[[Page 74622]]
I. What records requirements must a third-party certification body that
has been accredited meet? (Sec. 1.658)
Proposed Sec. 1.658 would require accredited third-party
certification bodies to maintain the following documents and data
electronically, in English, for 4 years, to document compliance with
the rule: (1) Requests for regulatory audits; (2) audit reports and
other documents resulting from a consultative or regulatory audit; (3)
any notification of a condition under proposed Sec. 1.650(a)(5) or by
the accredited third-party certification body to FDA under proposed
Sec. 1.656(c); (4) any food or facility certification issued under
this program; (5) any challenge to an adverse regulatory audit decision
and its disposition; (6) any monitoring it conducted of a certified
eligible entity; (7) the auditor's/certification body's self-
assessments and corrective actions; and (8) any significant change to
the auditing and certification program that might affect compliance
with this rule.
On our own initiative, we are requiring under Sec. 1.658(a)(3) the
maintenance of any laboratory testing records and results and
documentation demonstrating that such laboratory is accredited in
accordance with Sec. 1.651(b)(3).
(Comment 138) Some comments recommend that we allow accredited
third-party certification bodies to maintain their records in languages
other than English, coupled with a requirement to provide an English
language translation upon FDA request. Some comments suggest that we
should allow for flexibility in the timeline for submission of
translated records in the regulations, rather than establishing a
specific deadline, because the circumstances of each records request
will dictate what would be appropriate--e.g., where there is a recall
involving a certified facility, then the timeframe for providing
translations should be very stringent, but where records are requested
for routine verification purposes, the accredited third-party
certification body should have more time to comply. Other comments note
that a minimum of 5 business days would be required for English
language translations of records.
(Response 138) We agree that records should not be required to be
maintained in English, for the same reasons as we explained in Response
64 (regarding the records of recognized accreditation bodies) and are
revising Sec. 1.658 accordingly. We further agree with comments
suggesting that we should have a flexible, rather than a fixed timeline
for providing English language translations of requested records to FDA
and are requiring translations to be provided within a reasonable time
after an FDA request.
(Comment 139) Some comments urge us ensure that Sec. 1.658 fully
incorporates the limitation on access to reports and documents relating
to consultative audits in section 808(c)(3)(C) of the FD&C Act.
(Response 139) Section 808(c)(3)(C) of the FD&C Act states that
reports or other documents resulting from a consultative audit are
accessible to us only under circumstances that meet the requirements
for records access under section 414 of the FD&C Act. Proposed Sec.
1.658(a)(1) utilizes the language of section 808(c)(3)(C) of the FD&C
Act in describing the types of records of consultative audits that an
accredited third-party certification body must maintain, and proposed
Sec. 1.658(b) states that those records must be made available to FDA
in accordance with 21 CFR part 1, subpart J, which implements section
414 of the FD&C Act. Therefore, the requirements in Sec. 1.658 do
fully incorporate the limitation on access to reports and documents
relating to consultative audits as specified in section 808(c)(3)(C) of
the FD&C Act.
(Comment 140) Some comments urge us to ensure that trade secrets
and confidential commercial information contained in any records
submitted to FDA would be adequately protected. The comments note that
the proposed rule does not contain language on the protection of trade
secrets, such as the language in 21 CFR parts 120 and 123 indicating
that HACCP plans are trade secrets exempt from disclosure. Other
comments suggest that FDA should consider examining accredited third-
party certification body records without taking custody of them. The
comments further suggest that FDA should establish an administrative
process for requesting records from accredited third-party
certification bodies participating in the program.
Some comments urge us to clarify that we will not be applying the
records access and submission requirements of subpart M to audits that
are not conducted under the rule or to records of the audited food
facilities.
(Response 140) We acknowledge concerns about protecting proprietary
information and are adding Sec. 1.695 to address disclosure issues
(see Section XIII.F).
We decline the suggestion to review records of accredited third-
party certification bodies without taking custody of the records,
because such an approach would be inconsistent with the records
provisions in section 808(c)(3)(B) of the FD&C Act and would undermine
the credibility of the program. We also decline the suggestion to
establish separate administrative processes for handling records
requests that might include, for example, procedures for challenges to
records requests and appealing adverse decisions on records requests.
Establishing and administering a process for FDA records requests would
hinder our program oversight and would be overly burdensome. We note
that in this rulemaking, FDA has established a number of mechanisms to
address challenges to FDA's decisions, including Sec. 1.691 (for
requests for reconsideration of the denial of an application of waiver
request); Sec. 1.692 (for internal agency review of the denial of an
application or waiver request upon reconsideration); and Sec. 1.693
(for regulatory hearings on withdrawal of accreditation).
We recommend third-party certification bodies to fully consider the
program requirements before deciding to pursue recognition under the
voluntary third-party certification program. Once accredited a
certification body may voluntarily relinquish its accreditation under
Sec. 1.665.
We note that the records maintenance and access requirements of
subpart M apply only to records relating to an accreditation of a
third-party certification body under this rule and to the audits and
certification activities conducted under this program. Records of
audits or certifications issued by an accredited third-party
certification body for any other purpose outside of the scope of the
program under subpart M are not covered by Sec. 1.658. We also note
that the rule does not affect the records maintenance and access
requirements that apply to facilities under subpart J of this part.
X. Comments on Procedures for Accreditation of Third-Party
Certification Bodies Under This Subpart
A. Where do I apply for accreditation or renewal of accreditation by a
recognized accreditation body and what happens once the recognized
accreditation body decides on my application? (Sec. 1.660)
Proposed Sec. 1.660 states that auditors/certification bodies must
apply directly to a recognized accreditation body for accreditation
(except for circumstances meeting the requirements of Sec. 1.670 for
direct accreditation).
On our own initiative, we are adding new provisions (b) through (d)
to Sec. 1.660 to explain what happens when a third-party certification
body's renewal
[[Page 74623]]
application is denied. We are adding provisions to clarify what the
applicant must do, the effect of denial of an application for renewal
of accreditation on food or facility certifications issued to eligible
entities, and how FDA will notify the public.
(Comment 141) Some comments propose that we include a time limit
for recognized accreditation bodies to issue an accreditation decision.
They argue a time limit would set measurable standards for the process
and would also help ensure an adequate supply of accredited auditors/
certification bodies. Comments suggest the timeframe be 90 days. Some
comments suggest the timeframe could be stipulated in the Model
Accreditation Standards.
(Response 141) We acknowledge the interest in having timely
accreditation decisions. However, the comments failed to provide an
adequate basis to support a decision to impose a 90-day deadline for
decisions on accreditation. No other information available to FDA
provides an adequate basis for us to establish such a deadline, nor do
we think it would be appropriate to do so at this time. We expect that
the time required to perform various actions in the program will be
longer in the early days of the program than it will when FDA, the
accreditation bodies, and the third-party certification bodies gain
experience with the program.
We decline to revise these regulations to impose a deadline for
accreditation decisions, but may consider addressing the issue of
deadlines for accreditation decisions in guidance, if we later
determine it would be appropriate. We are mindful that section
808(c)(1)(C) of the FD&C Act requires revocation of recognition for
failure to comply with the applicable requirements of the FD&C Act and
FDA regulations. We would not want an accreditation body to take
shortcuts in accreditation assessments to ensure that it could meet a
regulatory deadline for its accreditation decisions out of concern for
revocation for failure to comply with the deadline. The final rule
reflects our view that the rigor of the accreditation assessment is
essential in helping to ensure the credibility and success of the
third-party certification program.
(Comment 142) Some comments ask whether the processes for
accreditation are the same for governmental and private bodies.
(Response 142) Section 808(c)(1)(A) and (B) of the FD&C Act
establishes different requirements for public certification bodies and
for private certification bodies by specifying different criteria for
the assessment of foreign governments/agencies than it does for foreign
cooperatives and other private third-party certification bodies seeking
accreditation. However, the statute makes no distinction between public
and private certification bodies in procedural matters for
accreditation. Therefore, we are establishing a single set of
accreditation procedures in this rule that apply to both public and
private third-party certification bodies.
(Comment 143) Some comments ask how a third-party certification
body could apply for accreditation under this program.
(Response 143) Third-party certification bodies seeking to apply
for accreditation under our program may wish to review Sec. 1.660 of
this final rule, which describes the general procedures for applying
for accreditation from a recognized accreditation body, as well as the
eligibility requirements for certification bodies seeking accreditation
in Sec. Sec. 1.640 through 1.645. We will post on the FDA Web site a
list of all recognized accreditation bodies and will include a
description of the scope of recognition of each.
As provided in Sec. 1.670(a)(3), FDA will announce on our Web site
if we determine that the conditions for direct accreditation by FDA in
section 808(b)(1)(A)(ii) of the FD&C Act have been met. We will accept
applications for direct accreditation or renewal of direct
accreditation only if we determine that we have not identified and
recognized an accreditation body to meet the requirements of section
808 of the FD&C Act within 2 years after establishing the program.
Unless and until FDA makes such a determination, third-party
certification bodies must apply for accreditation from an accreditation
body that FDA has recognized.
(Comment 144) Some comments suggest that third-party certification
bodies who receive an adverse decision on accreditation from a
recognized accreditation body should have access to a competent,
independent person outside the recognized accreditation body to whom
they could appeal.
Other comments contend that we have the authority to challenge the
decisions of an accreditation body.
(Response 144) As explained in Response 36, we are revising Sec.
1.620(d)(2) to require a recognized accreditation body must use
competent persons, who may be external to the accreditation body, for
investigating and deciding on certification body challenges to an
adverse accreditation body decision. Such competent persons must meet
the following criteria: (1) Are free from bias or prejudice; (2) did
not participate in the accreditation decision being appealed; and (3)
are not subordinate to a person who participated in such accreditation
decision. Although we are not requiring the accreditation body to use
an external party for certification body appeals, we believe the
enhanced requirements of Sec. 1.620(d)(2) will be adequate to ensure
any person the accreditation body would select for investigating and
deciding on appeals--whether internal or external--would be objective
and independent.
With respect to comments suggesting that we should exercise our
authority over recognized accreditation bodies to challenge their
accreditation decisions, we note that the enhanced requirements in
Sec. 1.620(d) align with the impartiality provisions in part 16, which
contains the regulations for FDA regulatory hearings that we will
generally apply under Sec. 1.693 to an appeal of a revocation or
withdrawal. We also note that FDA retains the authority to revoke the
recognition of accreditation bodies for good cause under Sec.
1.634(a)(4) for failure to comply with this rule. For these reasons, we
decline to establish a process appealing recognized accreditation body
decisions to FDA.
B. What is the duration of accreditation by a recognized accreditation
body? (Sec. 1.661)
Proposed Sec. 1.661 states that the accreditation of a third-party
certification body may be granted for a period up to 4 years.
(Comment 145) Most comments agree with our proposed maximum 4-year
accreditation timeframe. In this regard, some comments state they are
comfortable with this length of time as long as accreditation bodies
annually review the accreditation. Some comments contend that instead
of allowing accreditation to last ``up to 4 years,'' we should
establish a definite duration period and it should be 5 years. These
comments contend that would align the duration of accreditation with
the duration of recognition. They also argue that having a definite
duration period would be more viable administratively.
(Response 145) We agree with the comments supporting our proposal
to allow accreditation to be issued for a term of up to 4 years. The
comments suggesting accreditation should be granted for 5 years offered
no information that would provide an adequate basis for extending
accreditation such that a third-party certification body could be
accredited for as long as a recognized accreditation body. We note that
the rigor and credibility of the program rests, in part,
[[Page 74624]]
on the extent of oversight of accredited third-party certification
bodies. Through the renewal process, recognized accreditation bodies
(and FDA, for directly accredited third-party certification bodies)
look closely at all aspects of a certification body's and performance
and have the opportunity to decide anew whether the certification body
meets the eligibility requirements.
With respect to comments suggesting that we establish a definite
duration of accreditation that would apply to any third-party
certification body accredited under the program, we acknowledge the
advantages that certainty provides and, where appropriate, we expect
that recognized accreditation bodies will issue accreditation for the
maximum duration of 4 years. Where, for example, a certification body
has little or no experience conducting audits assessing the safety of
food, a recognized accreditation body (or FDA under direct
accreditation) may decide the initial grant of accreditation should be
less than 4 years. A recognized accreditation body (or FDA under direct
accreditation) will make its own decision on whether to approve a
third-party's application for accreditation and has the flexibility to
issue accreditation for a duration it believes appropriate, up to a 4-
year maximum established by this rule.
C. How will FDA monitor accredited third-party certification bodies?
(Sec. 1.662)
We proposed in Sec. 1.662 to monitor directly accredited
certification bodies annually; we proposed to evaluate certification
bodies accredited by a recognized accreditation body by not later than
3 years after the date of accreditation for a 4-year accreditation term
or by no later than the mid-term point of a less-than-4-year
accreditation term. We proposed to review a variety of records and
information such as assessments by a recognized accreditation body,
information regarding the auditor's/certification body's
qualifications, and information obtained during onsite observations. We
proposed to conduct our evaluation through onsite observations of
performance during a food safety audit of an eligible entity or through
document review.
(Comment 146) Some comments advocate for more clarity on the
frequency and methods by which we'll be providing oversight of
accredited third-party certification bodies. Some comments question
whether we have sufficient resources to conduct onsite observation at
any specific frequency. They advise that we further explain how we are
going to provide oversight and how compliance will be reported.
(Response 146) Monitoring assessments of accredited third-party
certification bodies are one of several tools we will use for program
oversight. Section 1.662(a) implements section 808(f) of the FD&C Act,
which states that FDA must evaluate an accredited third-party
certification body periodically, or at least once every 4 years, and
take any other measures FDA deems necessary to ensure compliance. We
anticipate that information gleaned from other monitoring tools, such
as the accreditation body's annual assessment of the certification
body, will also aid in program oversight and may perform additional
assessments of certification bodies in certain instances.
The objective of an assessment under Sec. 1.662 will be to
determine the accredited third-party certification body's compliance
with the requirements of this rule. FDA may conduct an assessment
through a site visit of the third-party certification body's
headquarters, onsite observation of an accredited third-party body's
performance during a food safety audit, document review, or a
combination of these activities. We will develop plans for assessing
accredited third-party certification bodies based on risk and informed
by data and other information available to FDA regarding their programs
and performance in our program. The starting point for each assessment
will be document review, and any additional assessment activities
(e.g., site visits or onsite observations) will be conducted where
circumstances may warrant or for spot-checks of randomly selected
third-party certification bodies. When planning an assessment, we will
establish the time period of activities covered by the assessment. We
may request records of the certification body under Sec. 1.658. We
also may develop plans for any site visits or onsite observations,
including locations to be visited. As part of the assessment, we may
review records relating to conflicts of interest, and interview
officers, employees, and audit agents, and other agents who participate
in decisions on issuance of certification under this program. We are
revising this section to explicitly state that FDA may visit the
certification body's headquarters or other locations where audit agents
are managed.
(Comment 147) Some comments propose alternative schedules for FDA
monitoring of accredited third-party certification bodies. Some
comments propose that if we revise the final rule to establish a fixed,
5-year duration for accreditation, we should monitor accredited third-
party certification bodies not later than 4 years after the date of
accreditation. Other comments state that we should conduct our own
assessments of certification bodies accredited by recognized
accreditation bodies every 3 years. Still other comments ask who will
cover the costs of such assessments.
(Response 147) As explained in Response 145, we decline the
suggestion to lengthen the maximum duration of accreditation from 4
years to 5 years. We will use annual performance assessments by
recognized accreditation bodies and information submitted to FDA as
part of our ongoing monitoring of accredited third-party certification
bodies. The FDA monitoring assessment under Sec. 1.662 will occur at
least once every 4 years and may occur more frequently depending on
circumstances, including available resources. We are proposing that
costs for FDA monitoring will be included in the user fees that are
assessed under section 808(c)(8) of the FD&C Act to recover FDA's costs
in administering the program (80 FR 43987).
(Comment 148) Some comments propose that FDA monitoring of
accredited third-party certification bodies should periodically focus
on compliance with food additive requirements.
(Response 148) Our monitoring will be tailored to the scope of
accreditation under which the accredited third-party certification body
may conduct food safety audits under this program. We will prioritize
our monitoring activities to ensure compliance with the requirements of
section 808(f)(2) based on factors such as our risk-based program
priorities.
(Comment 149) Some comments suggest that, in addition to conducting
onsite observations of accredited certification bodies when conducting
a food safety audits, we could also do so when the recognized
accreditation body assesses the auditor/certification body.
(Response 149) We agree and will do so as appropriate and as
circumstances allow.
(Comment 150) Comments suggest that when FDA selects an accredited
certification body for onsite observation, we should notify it 2 months
in advance, to allow time to make the arrangements.
(Response 150) At this time, we have no basis for determining that
we would be able to provide 2 months' notice prior to each
certification body onsite observation; therefore, we decline the
suggestion. We note that we may begin working with an accredited third-
party
[[Page 74625]]
certification body well before we perform onsite observations, as
feasible.
D. How do I request an FDA waiver or waiver extension for the 13-month
limit for audit agents conducting regulatory audits? (Sec. 1.663)
Proposed Sec. 1.663 would allow accredited third-party
certification bodies to seek an FDA waiver of the limit on audit agents
conducting regulatory audits of an eligible entity where they conducted
a regulatory or consultative audit in the preceding 13 months. Under
section 808(c)(4)(C)(ii) of the FD&C Act, we may waive the limit, which
appears in Sec. 1.650(c), where there is insufficient access to
accredited certification bodies in the country or region where an
eligible entity is located.
Of our own initiative, we are clarifying in the final rule that the
showing of insufficient access is based on lack of audit agents (or in
case where accredited third-party certification bodies are comprised of
an individual, that individual), consistent with changes made to Sec.
1.650 (see Section IX.A).
(Comment 151) Some comments note that capacity issues are currently
problematic, even in regions with highly developed third-party food
safety auditing systems, and are likely to increase once the FSMA rules
are implemented. Some comments contend that we should allow the request
for the waiver to come from other affected parties in addition to
accredited certification bodies. In particular, comments suggest we
should allow the requests to come from a foreign supplier and/or the
importer. Some comments estimate that, with the increased demand from
FSMA for audit services, it will take time for capacity to expand
sufficiently to satisfy the increased demand. Accordingly, they urge us
to act expeditiously on waiver and waiver extension requests. Other
comments express concern that FDA will be overwhelmed with waiver
requests and urge FDA to develop a process for expedited issuance of
waivers.
(Response 151) We acknowledge the concerns and are aware capacity
is an issue the food industry and certification bodies currently face.
However, we decline the suggestion to allow importers and foreign
suppliers to seek waivers on behalf of an accredited certification
body, because we believe the certification body is better positioned to
determine its own capacity than an importer or foreign supplier would
be. Further, it would ultimately be the certification body's choice
regarding whether to take on additional auditing work. If an accredited
third-party certification body concluded it needed a waiver to be able
to perform a particular audit, the certification body would be
motivated to seek a waiver.
We agree with the comments suggesting it will take time to build
adequate food safety auditing capacity around the world and will be
prepared to act on waiver requests as expeditiously as possible. It is
difficult to estimate the amount of the time required to process waiver
requests, because the program has not launched. We anticipate that we
will be able to process most waiver requests within 15 business days,
as permitted by resources and other program activities. In response to
comments suggesting that we should prioritize certain types of waiver
requests, we have modified the first-in, first-out rule of Sec.
1.663(d) to allow specific waiver requests to be prioritized based on
program needs.
We also note that as we gain experience with the program and with
information offered in support of waiver requests, we expect to be able
to process waiver requests more quickly and may reevaluate whether FDA
has adequate information to support issuance of a waiver for a
particular country or region.
E. When would FDA withdraw accreditation? (Sec. 1.664)
Proposed Sec. 1.664 would establish the conditions under which we
could withdraw accreditation from a third-party certification body,
regardless of whether it was directly accredited or accredited by a
recognized accreditation body. This section would implement section
808(c)(6)(A) of the FD&C Act, which requires us to withdraw
accreditation in certain outbreak situations, whenever we find that an
accredited third-party certification body is no longer meeting the
requirements for accreditation, or following a refusal to allow U.S.
officials to conduct audits and investigations to ensure compliance
with these requirements. The statute directs us to withdraw
accreditation if a food or facility certified by an accredited third-
party certification body under our program is linked to an outbreak of
foodborne illness that has a reasonable probability of causing serious
adverse health consequences or death in human or animals. There is an
exception if we conduct an investigation of the material facts of the
outbreak, review the steps and actions taken by the third-party
certification body, and determine that the accredited third-party
certification body satisfied the requirements for issuance of
certification under this rule.
Section 808(c)(6)(B) of the FD&C Act allows us to withdraw
accreditation from an accredited third-party certification body whose
accrediting body had its recognition revoked, if we determine there is
good cause for withdrawal. This statutory provision is reflected in
proposed Sec. 1.664(c), which also provides two examples of
circumstances we believe provide good cause for withdrawal, including
bias or lack of objectivity and performance calling into question the
validity or reliability of its food safety audits and certifications.
In proposed Sec. 1.664(d) we provide for records access when
considering possible withdrawal of accreditation. In proposed Sec.
1.664(e) we provide for notice of withdrawal of accreditation and
describe the processes to challenge such withdrawal.
Proposed Sec. 1.664(f) describes the effect of withdrawal on
eligible entities. Proposed Sec. 1.664(g)(1) explains that FDA will
notify the recognized accreditation body that accredited the third-
party certification body whose accreditation was withdrawn by FDA.
Proposed Sec. 1.664(g)(2) explains that FDA may revoke recognition of
an accreditation body whenever FDA determines there is good cause for
revocation under proposed Sec. 1.634. Proposed Sec. 1.664(h) provides
for public notice of withdrawal of accreditation on FDA's Web site.
At our own initiative, we revised proposed Sec. 1.664(c) on
discretionary withdrawal of accreditation to allow for partial
withdrawal of accreditation. For example, if FDA reviews a self-
assessment submitted by an accredited third-party certification body
following revocation of its accreditation body's recognition and
determines the third-party certification body has failed to perform
food safety audits consistent with this rule in some but not all areas
for which it is accredited, FDA may partially withdraw the third-party
certification body's accreditation as to those areas in which it has
failed to comply with this rule.
(Comment 152) Some comments contend that FDA's interpretation of
the statutory mandatory withdrawal provisions in section 808(c)(6)(A)
of the FD&C Act is overly strict. The comments focus specifically on
mandatory withdrawal when an eligible entity that was issued
certification by an accredited third-party certification body is linked
to a foodborne illness outbreak that meets the SAHCODHA standard. The
comments argue that one adverse event does not necessarily mean the
[[Page 74626]]
third-party certification body should lose its accreditation,
emphasizing that a single certification body might conduct hundreds of
audits in various regions of the world and in diverse product areas.
The comments propose that we limit mandatory withdrawal following an
SAHCODHA outbreak to the country, region, type of food product and
process involved in the event.
Some comments agree that, as described in proposed Sec. 1.664(f),
certifications issued by a third-party certification body prior to
withdrawal of its accreditation should remain in effect until they
expire. Other comments assert that withdrawal of accreditation might
result in unfairly revoking a significant number of certifications at
tremendous cost, adversely affect other eligible entities that depend
on the certification body and its certifications, and disrupt the
marketplace. Still other comments request greater detail on the
withdrawal procedures.
(Response 152) We believe the concerns about mandatory withdrawal
of accreditation in the outbreak situation described above or similar
situations are satisfactorily in addressed in Sec. 1.664(b), codifying
section 808(c)(6)(C) of the FD&C Act, which allows FDA to waive
mandatory withdrawal if FDA investigates the material facts of the
outbreak, reviews the steps and actions taken by the certification
body, and determines that the certification body satisfied the criteria
for issuance of certification under this subpart.
Regarding the comments expressing concerns about the possible
adverse effects of withdrawal of accreditation on certifications issued
by the certification body to other eligible entities, we note that
Sec. 1.664(f) states that certifications issued by an accredited
third-party certification body prior to withdrawal of accreditation by
FDA will remain in effect until they expire, except that FDA may refuse
to consider a certification under sections 801(q) or 806 of the FD&C
Act if FDA has reason to believe such certification is not valid or
reliable.
The comments seeking additional detail on our withdrawal procedures
did not specify what areas of Sec. 1.664 required further explanation.
We believe the procedures described in Sec. 1.664 offer sufficient
detail for interested parties to understand the standards for
withdrawal of accreditation by FDA and the processes involved.
(Comment 153) Some comments suggest that a recognized accreditation
body, not FDA, should withdraw accreditation from a certification body
it accredited, except for certification bodies directly accredited by
FDA. Other comments urge us to include a requirement, in Sec.
1.634(a), for FDA to consult with the appropriate accreditation body
before withdrawal of an accreditation it had issued. The comments argue
that consultation would facilitate coordination with the recognized
accreditation body and would complement Sec. 1.664(c), which addresses
discretionary withdrawal of accreditation in the event we revoke our
recognition of the accrediting accreditation body. Other comments
recommend that we meet with the certification body's accrediting body
when considering possible withdrawal of accreditation and that we allow
for a formal appeal process.
(Response 153) We disagree with the comment asserting that only
accreditation bodies may withdraw accreditations of certification
bodies they have accredited, as FDA is mandated under section 808(c)(6)
of the FD&C Act to withdraw accreditation of a certification body under
the conditions set forth in the section, subject to the waiver
provision in 808(c)(6)(C). We note that a third-party certification
body whose accreditation was withdrawn by FDA may appeal the action by
requesting a regulatory hearing under Sec. 1.693. We further note that
a recognized accreditation body has far broader authority to suspend,
withdraw, reduce, or otherwise dispose of an accreditation it issued,
than FDA does under section 808(c)(6) of the FD&C Act. Even in
circumstances that meet the statutory criteria for withdrawal of
accreditation, FDA believes it generally would not need to initiate
withdrawal unless the recognized accreditation body failed to withdraw
the certification body's accreditation in a timely manner.
We agree that in some cases, consultation with a certification
body's accrediting body before withdrawal could have advantages to FDA
and the accreditation body, if circumstances allow. Decisions on
whether to consult with the certification body's accrediting body prior
to withdrawal will be made on a case-by-case basis. Consultation might
not be appropriate if, for example, the facts that support withdrawal
of the third-party certification body's accreditation also support
revocation of the accreditation body's recognition.
(Comment 154) Some comments ask how individual holders of food or
facility certificates would be made aware of the withdrawal of
accreditation of the third-party certification body that issued the
certificate. Other comments recommended that FDA post on its Web site
not only that fact that a certification body's accreditation has been
withdrawn, but also the reason for the withdrawal.
(Response 154) If we withdraw accreditation of any third-party
certification body, whether accredited by a recognized accreditation
body or by FDA through direct accreditation, we will post information
regarding the withdrawal, including a description of the basis for the
action, on the FDA Web site pursuant to Sec. 1.664(h). We do not
intend to contact each eligible entity that was issued a certification
by the third-party certification body because, as indicated in Response
152, certifications issued to eligible entities prior to withdrawal of
accreditation will remain in effect until they expire, except where FDA
has reason to believe the certification is not valid or reliable and on
that basis may refuse to consider the certification under sections
801(q) or 806 of the FD&C Act.
(Comment 155) Some comments recommend we use ISO\IEC 17011:2004 as
the reference document for the requirements of this section.
(Response 155) We decline the suggestion, because the grounds for
withdrawal under section 808(c)(6) of the FD&C Act are much broader
than those described in ISO/IEC 17011:2004 (Ref. 5). For example, under
section 808(c)(6)(A)(i) and (C) of the FD&C Act FDA may withdraw
accreditation of a certification body if a food or facility it
certified under our program is linked to an outbreak of foodborne
illness that has a reasonable probability of causing SAHCODHA, unless
FDA determines the certification body satisfied the requirements for
issuance of such certification. In such an outbreak situation, the
statute contemplates that withdrawal of accreditation would occur after
a single--albeit significant--failure by the certification body. By
contrast ISO/IEC 17011:2004 allows for withdrawal of accreditation only
when a certification body persistently fails to meet the requirements
of accreditation or abide by the rules of accreditation.
We note that by declining to revise Sec. 1.664 based on the
comments, we are not suggesting that FDA will withdraw accreditation
when the Agency identifies a single incident or mistake by a
certification body, except where required by the statute. Any decision
to withdraw accreditation will be based on the facts and circumstances
of the situation and following due consideration by FDA.
(Comment 156) Some comments state that in a case where FDA
withdraws an accredited certification body, the accreditation body
should make an investigation and analysis and submit the analysis
result to FDA within 3
[[Page 74627]]
months after the analysis report has been established.
(Response 156) We disagree. This rule does not require that the
accreditation body make a full investigation and analysis and submit
the analysis result to FDA within 3 months. Section 1.664(g) requires
the accreditation body to perform a self-assessment and report the
results of the self-assessment to FDA within 60 days. FDA may revoke
the recognition of an accreditation body whenever FDA determines there
is good cause for revocation of recognition under Sec. 1.634. These
procedures will help ensure that accreditation bodies remain in
compliance with the requirements of the third-party program.
F. What if I want to voluntarily relinquish accreditation or do not
want to renew accreditation? (Sec. 1.665)
Proposed Sec. 1.665 offers a mechanism for an accredited third-
party certification body to voluntarily relinquish its accreditation
before it terminates by expiration.
Although we received no adverse comments on this section, we
received comments on other sections of the rule that led us to identify
a gap in procedural requirements when an accredited certification body
decides to allow its accreditation to expire without renewing it. At
our own initiative, we are revising the voluntary relinquishment
provisions in Sec. 1.665 to also address situations where a
certification body decides it does not want to renew its accreditation
once it expires.
G. How do I request reaccreditation? (Proposed Sec. 1.666)
Proposed Sec. 1.666 describes the procedures a certification body
must follow when seeking to be reaccredited after its accreditation was
withdrawn by FDA or after voluntarily relinquishing its accreditation.
FDA received no adverse comments on this section. On our own
initiative we are revising paragraph (a)(2)(i) to conform to the
changes in Sec. 1.634(d) to clarify that the third-party certification
body has to become accredited by another accreditation body or by FDA
through direct accreditation no later than 1 year after the withdrawal
or accreditation, or the original date of expiration of the
accreditation, whichever comes first.
XI. Comments on Additional Procedures for Direct Accreditation of
Third-Party Certification Bodies Under This Subpart
A. How do I apply to FDA for direct accreditation or renewal of direct
accreditation? (Sec. 1.670)
Section 808(b)(1)(A)(ii) of the FD&C Act allows us to directly
accredit third-party auditors/certification bodies if we have not
identified and recognized an accreditation body to meet the
requirements of section 808 within 2 years after establishing this
program. We proposed circumstances and procedures that would apply for
direct accreditation and renewal of direct accreditation.
(Comment 157) Some comments assert that the statute anticipates a
bifurcated system for direct accreditation of certification bodies,
because the standards for review for accreditation of foreign
governments are distinct from those of the private auditing entities
under section 808(c)(1) of the FD&C Act. The comments ask that we draft
additional rules to specifically cover direct accreditation of foreign
governments, asserting that we should provide a separate path for
direct accreditation of foreign governments that prioritizes their
applications based on, among other things, the language in section
808(c)(1) of the FD&C Act. Some comments ask whether the same
eligibility requirements and procedures are required of both
governmental and private bodies applying for direct accreditation.
(Response 157) We disagree with the suggestion to create a
bifurcated system. We acknowledge that section 808(c)(1) of the FD&C
Act contains different requirements for foreign governments/agencies
than it does for foreign cooperatives and other private third-party
certification bodies seeking accreditation. However, we do not
interpret this language as suggesting a preference for public
certification bodies over private certification bodies.
We believe sections 808(c)(1)(A) and (B) of the FD&C Act are
tailored to reflect the objectives and scope of each type of
assessment, which would vary because of the differences between public
and private certification bodies. While governments typically are both
auditors/inspectors and owners of food safety schemes, private
certification bodies usually are not scheme owners, because of concerns
about possible conflicts of interest associated with serving in dual
roles. Therefore, a private certification body would not be assessed
for its food safety program or standards; it would be assessed for the
training and qualifications of its auditors and its internal management
system. In light of the foregoing, we decline the suggestion to
interpret sections 808(c)(1)(A) and (B) of the FD&C Act as supporting
provisions for direct accreditation that would prioritize the
applications of foreign governments/agencies over applications from
private third-party certification bodies.
(Comment 158) Some comments suggest that FDA should not serve as an
accreditation body for third-party certification bodies because it
would open the door for other countries with less capability to do the
same. The comments contend that FDA and its foreign regulatory partners
need to provide the oversight of the industry, but should not be
accreditation bodies.
(Response 158) We disagree. Section 808 of the FD&C Act
contemplates that FDA can provide proper oversight of the program,
while directly accrediting third-party certification bodies. We are
unable to comment on what effects, if any, this would have on the
actions of other countries. However, we emphasize that FDA will not
perform direct accreditation unless the circumstances of section
808(b)(1)(A)(ii) of the FD&C Act are met--that is, if FDA has not
identified and recognized an accreditation body to meet the
requirements of section 808 of the FD&C Act within 2 years after
establishing this program.
(Comment 159) Some comments ask that we wait for more than 2 years
after the program is established to accept applications for direct
accreditation, to allow enough time for accreditation bodies applying
for recognition to satisfy all the necessary requirements. Other
comments assert that we should not directly accredit certification
bodies in a country if we have already recognized an accreditation body
in that country. Some comments ask us to clarify when, under what
conditions, and how we would choose to directly accredit a
certification body.
(Response 159) Under section 808(b)(1)(A)(ii) of the FD&C Act, 2
years after establishing the program is the earliest date that FDA may
begin to directly accredit third-party certification bodies. Further,
we may only do so if we determine that we have not identified and
recognized an accreditation body to meet the requirements of section
808 of the FD&C Act 2 years after establishing the program. In the
proposed rule, we provided examples of how we may make this
determination, such identifying a type of expertise or geographic
location for which a recognized accreditation body is
[[Page 74628]]
lacking, and stated that we will only accept applications for direct
accreditation and renewal applications that are within the scope of the
determination. FDA declines to limit itself to a time period longer
than 2 years before it can consider direct accreditation as any
decision to directly accredit will depend on the circumstances the
needs of the program, as determined by FDA under Sec. 1.670(a).
(Comment 160) Some comments express concern that we will not have
the capacity to undertake the responsibility of directly accrediting
certification bodies.
(Response 160) Section 808(c)(8) of the FD&C Act requires FDA to
create a user fee program to section 808 of the FD&C Act. FDA is in the
process of establishing this program by rulemaking (80 FR 43987). For
more information about the costs of this program, please see the
regulatory analysis of this final rule.
(Comment 161) Some comments ask if we will have a contract
agreement with directly accredited certification bodies. These comments
assert that if we do, the contract should specify that we have the
capacity to access confidential information without prior written
consent of the certification body. The contract should also specify
that having access to records relating to accreditation activities
under this subpart is necessary to ensure the rigor, credibility, and
independence of the program.
(Response 161) Under Sec. 1.671(d), FDA will list any conditions
associated with the accreditation in the issuance and may establish an
agreement with the certification body at that time. With respect to
access to records, a third-party certification body that is directly
accredited by FDA must comply with the records maintenance and access
requirements of Sec. 1.658. Records obtained by FDA will be subject to
the disclosure requirements of Sec. 1.695.
B. How will FDA review my application for direct accreditation or
renewal of direct accreditation and what happens once FDA decides on my
application? (Sec. 1.671)
Proposed Sec. 1.671 describes a process for reviewing and deciding
on applications for direct accreditation and renewal that is consistent
with the procedures for reviewing and deciding on applications under
other provisions in this rule.
On our own initiative we are revising paragraph (a) to clarify that
FDA will review submitted applications for completeness and notify
applicants of any deficiencies. We also are adding new paragraphs (e)
through (h) to Sec. 1.671 to explain what happens when a directly
accredited certification body's renewal application is denied. We are
adding provisions to clarify what the applicant must do, the effect of
denial of an application for renewal of direct accreditation on food or
facility certifications issued to eligible entities, and how FDA will
notify the public.
(Comment 162) Some comments express concern that we are limiting
ourselves to a ``first in, first out'' review process that gives us no
discretion to accredit foreign governments before we consider other
applications from private third-party entities that apply.
Some comments ask that we consider prioritizing approval of
applications for direct accreditation on areas and regions where it is
most needed to benefit our food safety mandates.
Some comments assert that priority for review of applications for
direct accreditation should be for countries without an accreditation
body or in circumstances where it is not economically feasible for a
national accreditation body to expand its scope to include a certain
single certification body.
(Response 162) As indicated Response 25, we intend to treat public
and private certification bodies equally under this program, as both
public and private certification bodies are capable of meeting the
requirements of the program. Additionally, because we will only be
accepting applications for direct accreditation in limited
circumstances as discussed in Responses 158 and 159, all applications
for direct accreditation will need to be able to demonstrate that there
is a need for direct accreditation based on a determination made by FDA
under Sec. 1.670(a)(1). We note that we have revised Sec. 1.671(a) to
allow FDA to prioritize specific direct accreditation applications to
meet the needs of the program.
(Comment 163) Some comments assert that our application review
process must be comprehensive but also expedient. Some comments ask
that our communications with applicants be timely.
Some comments express concern about the length of time it will take
us to recognize and notify an applicant of any deficiencies in the
application. These comments also assert that requiring applicants with
deficiencies to resubmit their applications and sending it to the
bottom of the review list would make for significant delays in the
direct accreditation and renewal of direct accreditation application
process.
(Response 163) We understand the concern expressed by comments with
regard to timeliness. Although we decline to set specific deadlines for
this review, FDA anticipates that a completeness determination could
generally be made within 15 business days, because this is not a
decision on the merits of the application. Nonetheless, the time needed
to identify deficiencies in any particular individual application will
depend on a number of factors, including the quality of the submission,
the availability of resources, and other competing priorities at the
time the application is submitted. With respect to the concerns about
requiring incomplete applications to be resubmitted and added to the
bottom of the review list, we note that from our experience gained from
the third-party certification pilot for aquacultured shrimp, extensive
followup was needed with many of the applicants in order to gain
sufficient information for a complete application. With this in mind,
we are processing only complete applications so that we are not
delaying others that have correctly prepared complete applications.
Further, we are establishing an electronic portal for submission of
applications, reports, notifications, and other information under this
rule and an electronic repository of this information, which will allow
us to communicate with applicants as needed.
C. What is the duration of direct accreditation? (Sec. 1.672)
We proposed that direct accreditation of a third-party
certification body may be granted for a period up to 4 years. We
tentatively concluded that 4 years is an appropriate duration for an
accreditation because we believe the rigor and credibility of this
program rests, in part, on the oversight of accredited certification
bodies to conduct audits and to certify eligible foreign entities. We
requested comment on this tentative conclusion.
(Comment 164) Some comments ask that we establish a specific fixed
duration of 5 years for direct accreditation before renewal is
required. These comments also ask that the duration for recognition of
accreditation bodies and accreditation of third-party certifications
bodies also be fixed at 5 years and assert that having a standardized
accreditation term for all parties in the third-party program would be
more administratively viable for us.
(Response 164) For the reasons we explained in Response 145 we
decline to establish a fixed duration of accreditation and also decline
to establish a standard term of 5 years for
[[Page 74629]]
accreditation for all parties in the third-party program.
XII. Comments on Requirements for Eligible Entities Under This Subpart
A. How and when will FDA monitor eligible entities? (Sec. 1.680)
Proposed Sec. 1.680 would allow FDA to conduct onsite audits of
eligible entities that have received certification from an accredited
certification body at any time, with or without the accredited third-
party certification body present. It also proposed that a food safety
audit by an accredited certification body is not considered an
inspection under section 704 of the FD&C Act. For clarification
purposes at our own initiative, we are revising the second sentence of
Sec. 1.680(a) to add, ``[w]here FDA determines necessary or
appropriate,'' before ``the audit may be conducted with or without the
accredited certification body or the recognized accreditation body
(where applicable) present.''
(Comment 165) Some comments address the timing of FDA's audits of
eligible entities. Some comments encourage FDA to conduct audits of
eligible entities regularly, particularly in the first years of the
program, to ensure compliance with the program and to verify that
certification is appropriate. Some comments encourage FDA to conduct
random as well as targeted audits of eligible entities. For example,
the comments suggest that if FDA withdraws the accreditation of a
certification body, the Agency should conduct onsite audits of a sample
of the eligible entities to which the withdrawn certification body
issued certifications.
(Response 165) We agree that robust government oversight of the
third-party program will be vital to its success and periodic audits of
eligible entities will be conducted consistent with our risk-based
priorities and resources.
(Comment 166) Some comments discuss the substance of FDA's audits
of eligible entities. Some of these comments encourage FDA to ensure
that eligible entities implement corrective actions when deficiencies
are identified. Some comments recommend that company data on tests of
both products and the environment be made available to FDA auditors,
and argue that without access to such data, FDA auditors would not be
able to perform a thorough audit. Comments also maintain that, during
an audit, FDA should be able to access results of the eligible entity's
testing of both products and the environment.
(Response 166) We currently are developing internal operational
procedures for the third-party certification program and will make
these procedures public. As part of this process, we are developing
protocols for FDA audits of eligible entities.
(Comment 167) Some comments argue that unannounced audits of
eligible entities by FDA that have been certified by an accredited
third-party certification body would likely result in incomplete audits
and urge the agency to consider contacting the eligible entity to
schedule such audits. Comments state that scheduled audits would be
more efficient and less burdensome for both eligible entities and FDA
because eligible entities would have a better understanding of what is
needed during the audit and which employees should be present.
(Response 167) Section 808(c)(5)(C) of the FD&C Act directs FDA to
promulgate regulations requiring that ``audits performed under this
section be unannounced.'' Section 808(f)(3) of the FD&C Act allows FDA
to, at any time, conduct an onsite audit of any eligible entity
certified by an accredited third-party certification body to ensure
compliance with the requirements of section 808. Given this statutory
language, we are clarifying in Sec. 1.680 that an FDA audit conducted
under this section will be conducted on an unannounced basis and may be
preceded by a request for a 30-day operating schedule. We note that it
may not be appropriate at all times to precede audits for a 30-day
operating schedule, such as in the case of a for-cause audit.
(Comment 168) Some comments state that when FDA has questions about
eligible entities, it should notify the accreditation bodies and
certification bodies to conduct a joint audit.
(Response 168) It is unclear what the comment means by conducting a
joint audit, but Sec. 1.680 would allow for the certification body and
accreditation body to be present during the FDA audit when FDA
determines it is necessary and appropriate.
(Comment 169) Some comments argue that the monitoring of eligible
entities should be conducted by the competent authority of the
exporting country, particularly where a systems recognition agreement
is in place or where there is a robust national food control system in
place.
(Response 169) We intend to coordinate as appropriate with our
foreign regulatory counterparts; however, section 808(f)(3) of the FD&C
Act specifically directs FDA to conduct onsite audits of eligible
entities to ensure compliance with the requirements of section 808 of
the FD&C Act. We believe onsite audits of certified eligible entities
are an important component of the robust oversight essential to the
success of the third-party program. Without the ability to conduct
onsite audits of a certified eligible entity, FDA would not be able to
directly ascertain whether the certification body and/or its
accreditation body are in fact making accurate determinations of
compliance with FDA requirements. Such oversight is necessary to
maintain confidence in the certifications issued by accredited
certification bodies under this program.
(Comment 170) Some comments ask FDA to clarify why an onsite audit
of an eligible entity is not considered an inspection under section 704
of the FD&C Act, particularly since the purpose of the audit is to
determine if the entity is in compliance with the FD&C Act and since an
FDA inspection may be used to meet the verification requirements under
the proposed FSVP regulation. Other comments endorse FDA's decision not
to consider a food safety audit under this program an inspection under
section 704 of the FD&C Act.
(Response 170) Section 808(h)(1) of the FD&C Act explicitly states
that audits under the third-party certification program ``shall not''
be considered inspections under section 704. The inspections done under
section 704 of the FD&C Act, unlike audits conducted under section
808(f)(3), are not conducted for the purpose of ensuring compliance
with section 808 of the FD&C Act. The objective of an audit under Sec.
1.680(a) extends beyond the eligible entity--through its audit of the
eligible entity FDA is gathering information to use in its monitoring
of the accredited certification body that audited the entity and the
recognized accreditation body that accredited certification body that
audited the eligible entity. We note that an audit under section
808(f)(3) is not a ``food safety audit'' under this subpart. As noted
previously, the audits conducted under section 808(f)(3) are done
specifically to ensure compliance with section 808 of the FD&C Act. As
discussed in section III.C., we are clarifying that an audit conducted
under this subpart is not an inspection under section 704 under the
FD&C Act. Accordingly, we are removing Sec. 1.680(b).
B. How frequently must eligible entities be recertified? (Sec. 1.681)
Proposed Sec. 1.681 stated that an eligible entity seeking to
maintain its facility certification must seek recertification prior to
expiration of its certification. It also proposed that under
[[Page 74630]]
section 801(q)(4)(A) of the FD&C Act, FDA could require, at any time we
deem appropriate, that an eligible entity renew a food certification.
We received no comments on this proposed section. However, to
clarify certain matters, we are amending this section on our own
initiative. We are adding to first sentence the words, ``food or''
before ``facility certification'' because the maximum duration of
certifications under section 808(d) of the FD&C Act applies to both
food and facility certifications. Additionally, we are revising this
section to state that FDA can require an eligible entity to apply for
recertification of both food and facility certifications at any time
that FDA deems appropriate.
XIII. Comments on General Requirements of This Subpart
A. How will FDA make information about recognized accreditation bodies
and accredited third-party certification bodies available to the
public? (Sec. 1.690)
We proposed to post on our Web site a registry of recognized
accreditation bodies and of accredited third-party certification
bodies, including the name and contact information for each. The
registry may provide information on certification bodies accredited by
recognized accreditation bodies through links to the Web sites of such
accreditation bodies. We requested comment on our proposed public
registry.
(Comment 171) Some comments support our proposal to place a
registry of recognized accreditation bodies and accredited
certification bodies on our Web site and to provide links to the Web
sites of recognized accreditation bodies. Some comments assert that
such a web-based resource where members of the industry and public
could access standards associated with accreditation/certification and
a list of accreditation and certification bodies is a meaningful
demonstration of FDA oversight. Some comments ask that this list be
updated regularly so that it stays accurate. These comments also ask
that we provide appropriate indexing and filtering functions so that
the registry is easily searchable and stakeholders can conveniently and
reliably find and use this information.
(Response 171) FDA agrees that the online registry will be a
valuable tool. We intend for it to be updated regularly. We also intend
for it to have indexing and filtering functions which will make
searches more efficient and productive.
(Comment 172) Some comments ask that we not include the name(s) of
audit agent(s) on our Web site or otherwise publicly disclose such
information could disrupt the marketplace for third-party certification
services
Some comments assert that access to detailed, specific, and
sensitive information is not necessary to gain credibility with
consumers. These comments refer us to industry models that provide
detailed information on the requirements of their program and posts a
list of members in good standing along with a list of companies who
have been decertified is an example of credible, balanced information
that is actionable by consumers (i.e., California Leafy Green Products
Handler Marketing Agreement).
(Response 172) To clarify, we do not intend to disclose the names
of audit agents on our Web site. We will be providing the business name
and business contact information for each recognized accreditation
body. The business name and business contact information for each
accredited third-party certification body may be listed on our Web site
or may be provided by link to Web sites of their accreditation bodies.
The Web site will contain program information as well and may be
similar to the industry models recommended by some comments.
(Comment 173) Some comments seek maximum transparency, asserting
that we must also post on our Web site the audit reports, self-
assessments, and notifications prepared by the third-party
certification bodies and submitted to FDA. The comments contend that
making this information public would increase program transparency and
help to ensure that imported products do not receive an unfair
competitive advantage over products available domestically.
Other comments suggest that we allow accreditation bodies and
third-party certification bodies to submit redacted versions of these
documents, where confidential information is blacked out, so that these
documents can also be made publicly available without compromising
confidential information. These comments assert that making public
these reports, self-assessments, and notifications would improve self-
assessments, reduce the Agency's burden of responding to FOIA requests,
and allow independent analysis to complement the Agency's evaluation.
Thus, comments ask us to specify in Sec. 1.690 that we will also place
on our Web site the reports and notifications submitted pursuant to
Sec. Sec. 1.623 and 1.656 and that we will allow a recognized
accreditation body and accredited auditors/certification body to submit
a redacted version of the report or notification that is intended to be
made publicly available.
(Response 173) Generally, we do not intend to post redacted
versions of reports on our Web site. Information submitted to the
Agency, including reports and notifications submitted pursuant to
Sec. Sec. 1.623 and 1.656, becomes an Agency record. We have added a
new Sec. 1.695 to the final rule to clarify that records under this
subpart are subject to part 20; part 20 provides protections for trade
secrets and confidential commercial information (CCI) from public
disclosure (see, e.g., Sec. 20.61).
(Comment 173) Some comments ask us to take action to ensure that
third-party certification bodies act with maximum transparency and to
ensure adequate protections against conflicts of interest. Some
comments ask that we post on our Web site information concerning the
scope of the recognized accreditation body recognition and accredited
certification body accreditation, duration of accreditation, payments
made to those accreditation bodies and certification bodies, and
whether accreditation has been withdrawn or suspended. Some comments
assert that requiring recognized accreditation bodies and accredited
certification bodies to make this information available on their own
Web sites does not ensure that all potential conflicts of interest will
be identified, and suggest that we require that this information be
submitted directly to us as well.
(Response 174) FDA agrees that it would be helpful to include on
our Web site information concerning the scope of accreditation services
that each recognized accreditation body is recognized for, and the
scope of accreditation for each accredited certification body is
accredited for. We also agree it would be useful and increase
transparency to include the duration of recognition for each
accreditation body, and the duration of accreditation for each
certification body. Scope and duration information will make the site
more practically useful and will increase transparency. Therefore, we
intend to include this information on our Web site and we are revising
Sec. 1.690 to reflect this. In addition, we are revising this section
to state that FDA will post on its Web site a list of accreditation
bodies for which it has denied renewal of recognition, for which FDA
has revoked recognition, and that have relinquished their recognition
or have allowed their recognition to expire. Further, FDA will place on
its Web site a list of certification bodies whose renewal of
accreditation has been denied, for which FDA has withdrawn
accreditation, and that have
[[Page 74631]]
relinquished their accreditations or have allowed their accreditations
to expire. Finally, FDA will place on its Web site determinations under
Sec. 1.670(a)(1) and modifications of such determinations under Sec.
1.670(a)(2). This additional information will help ensure maximum
transparency under the program.
With regard to information on dates of payment, we have determined
there is little additional value to posting such information on the FDA
Web site, and it would create an additional administrative burden; we
do not believe the value exceeds the burden. In our view, conflict of
interest and transparency concerns are sufficiently satisfied by making
information on dates of payment publicly available online via the Web
sites of recognized accreditation bodies (see Sec. 1.624(c)) and
accredited certification bodies (see Sec. 1.657(d)).
(Comment 175) Some comments request clarification concerning
whether and what information we collect pursuant to this program will
be made available to importers and the public. Some comments question
the extent and format of the audit data that will be shared, and what
might be held confidential. These comments assert that businesses have
a need to protect proprietary information (e.g., sales lists, supplier
lists, equipment designs and specific information about product
attributes), and any sharing of such information might compromise their
ability to carry out business functions or to maintain competitive
advantage. Some comments inquire about the extent and formats of audit
data we intend to make public, what might be held confidential, and
whether we will take steps to protect information provided by
certification bodies from FOIA requests.
Some comments express concern about our ability to develop and
maintain a dynamic system that will be able to collect, update, and
present audit data to consumers, and assert that it is important for
industry to gain a better understanding of what type of audit data we
will require.
Some comments suggest that we look to USDA's Food Safety and
Inspection Service (FSIS) Public Health Information System for insight
into how to develop a database system that seeks to define the boundary
between increasing public access to data and addressing confidentiality
concerns by companies. Some comments note that the FSIS program is the
result of several years of effort to establish a mechanism for public
access to data that can lead to research and analysis that improves
public health while protecting the proprietary rights of the
establishments.
(Response 175) As discussed previously, newly added Sec. 1.695
clarifies that records under this subpart are subject to part 20; part
20 provides protections for trade secrets and confidential commercial
information from public disclosure (see, e.g., Sec. 20.61).
FDA will provide periodic updates on program activities through our
Web site, and our disclosures will be consistent with our statutory
obligations to protect trade secrets and CCI from disclosure. With
regard to the expressed concern about FDA's ability to develop and
maintain an adequate data system to collect, update, and present audit
data to consumers, we are aware of the size and importance of this
undertaking and are diligently pursuing an effective system. We
appreciate the suggestion to review the FSIS database system and intend
to do so.
(Comment 176) Some comments encourage us to develop communication
strategies to help consumers view the data in audit reports within the
context of food production; specifically, to set proper program
expectations and to provide proper context for consumers to understand
what the data means. These comments assert that it is important to
provide a frame of reference so that consumers have a basis for
understanding what the audit data means and can then proceed to make
informed decisions. The comments note that audits and certifications
are not declarations or guarantees that products are safe, and that FDA
and the industry need to feature this reality in communications
strategies aimed to assist consumer groups and consumers in using any
audit data that might be available for review.
(Response 176) As noted above, we do intend to share updates on
program activities with the public; we will work to properly
contextualize the data in our communications about and presentation of
the information. As noted in Response 173, FDA does not generally
intend to make audit reports public.
(Comment 177) Some comments assert that we must clearly describe
how compliance with the program will be reported to the public.
(Response 177) As noted above, we intend to provide periodic
updates on program activities through our Web site. Where appropriate,
these updates may include aggregated program data. Additional
information about program updates will be shared as we implement this
program. Further, as noted in response to Comment 86, FDA will post
information on its Web site regarding accreditation bodies that have
had their recognition revoked, accreditation bodies for which FDA fails
to renew recognition, certification bodies that have had their
accreditation withdrawn, and certification bodies whose renewal of
accreditation has been denied.
B. How do I request reconsideration of a denial by FDA of an
application or a waiver request? (Sec. 1.691)
We proposed procedures for accreditation bodies and certification
bodies to seek reconsideration of a denial of an application or a
waiver request. We also proposed that after completing our review and
evaluation of the request for reconsideration, we will notify the
requestor, in writing, of our decision to grant or deny the application
or waiver request upon reconsideration.
On our own initiative, we are revising Sec. 1.691(c) to specify
that a request for reconsideration or a waiver request must be
submitted electronically. We are making corresponding changes to Sec.
1.692(b).
(Comment 178) Some comments suggest that we provide an opportunity
for interested stakeholders, in addition to the accreditation body or
third-party certification body seeking reconsideration, to provide
information to us that will inform our decisionmaking on any
reconsideration request.
(Response 178) We decline to adopt comments' suggestion to allow
for others beyond the accreditation body or third-party certification
body seeking reconsideration to engage in this process. Our
reconsideration of a denial is not a public process nor do we wish to
make it one. Applications often contain confidential information not
appropriate for public comment. We note that information shared with
FDA is subject to the information disclosure regulations in part 20, as
stated in Sec. 1.695.
(Comment 179) Some comments ask us to specify that we will notify
the requestor of our decision within 20 business days after receiving a
request for reconsideration. These comments assert that the open-ended
timeframe for our review of reconsideration request may place an undue
burden on the party seeking reconsideration.
(Response 179) FDA agrees that a request for reconsideration should
be reviewed in a timely fashion. FDA would anticipate that this review
will generally be made within 30 business days. However, given the
conflicting demands on Agency resources at various times, the Agency
declines to add this time restriction to Sec. 1.691.
[[Page 74632]]
C. How do I request internal agency review of a denial of an
application or waiver request upon reconsideration? (Sec. 1.692)
We proposed that the requestor who received a denial upon
reconsideration under Sec. 1.691 may seek internal Agency review of
such denial under 21 CFR 10.75(c)(1).
(Comment 180) Some comments suggest that we provide an opportunity
for interested stakeholders to provide information to us that will
inform our decisionmaking on any such reconsideration request.
(Response 180) As with the parallel suggestion in the context of a
request for reconsideration, we decline to adopt comments' suggestion.
The Agency's review of a denial is not a public process nor do we wish
to make it one. As noted previously, applications often contain
confidential information not appropriate for public comment. We note
that information shared with FDA is subject to the information
disclosure regulations in part 20, as stated in Sec. 1.695.
D. How do I request a regulatory hearing on a revocation of a
recognition or withdrawal of accreditation? (Sec. 1.693)
We proposed procedures that would be used for challenges to
revocation of recognition or withdrawal of accreditation.
On our own initiative, we revised Sec. 1.693(f) to include the
standard for denial of a request for a regulatory hearing under 21 CFR
16.26(a).
(Comment 181) Some comments suggest that we provide an opportunity
for interested stakeholders, in addition to the accreditation body or
third-party certification body seeking a regulatory hearing, to provide
information to us that will inform our decisionmaking during a
regulatory hearing.
(Response 181) Again, we decline to adopt comments' suggestion to
allow for others beyond the accreditation body or third-party
certification body seeking to challenge an FDA decision to engage in
this process. For purposes of this final rule, we are not making the
regulatory hearing a public process because issues pertaining to
revocation and withdrawal generally contain confidential or sensitive
information. We note that information shared with FDA is subject to the
information disclosure regulations in part 20, as stated in Sec.
1.695. We are amending proposed Sec. 1.693(g)(3), redesignated as
Sec. 1.693(g)(2), to state that Sec. 16.60(a) (public process) is
inapplicable to hearings under this rule.
E. Are electronic records created under this subpart subject to the
electronic records requirements of part 11? (Sec. 1.694)
We did not specify requirements for the retention of electronic
records in the proposed rule. However, as discussed in relation to
Sec. 1.625, we received several comments regarding the potential
application of the requirements for electronic records in part 11 to
records under this subpart; several comments ask that we not apply the
part 11 requirements here.
We agree that it would be unnecessarily burdensome to require that
records under the third-party program comply with the requirements in
part 11. Therefore, we are adding Sec. 1.694 to the final rule which
states that records that are established or maintained to satisfy the
requirements of this subpart and that meet the definition of electronic
records in Sec. 11.3(b)(6) are exempt from the requirements of part
11. We further specify that records that satisfy the requirements of
this subpart, but those that also are required under other applicable
statutory provisions or regulations, remain subject to part 11 to the
extent that they are not separately exempted. Consistent with these
provisions, we are making a conforming change in part 11 to specify in
Sec. 11.1(m) that part 11 does not apply to records that meet the
definition of electronic records in Sec. 11.3(b)(6) required to be
established or maintained under this subpart, and that records that
satisfy the requirements of this subpart, but that also are required
under other statutory provisions or regulations, remain subject to part
11 to the extent that they are not separately exempted.
F. Are the records required by this subpart subject to public
disclosure? (Sec. 1.695)
In the proposed rule, we did not specify requirements regarding the
public disclosure of records created and retained under this subpart.
However, as discussed previously in the preamble, several comments
express concerns about whether notifications, records, and reports
required by this rule would be protected from public disclosure. The
comments state that notifications, records, and reports will often
contain commercially sensitive information. Some comments ask that the
regulations specify that such information under this program have the
same level of protection from public disclosure under FOIA as juice and
seafood HACCP records.
Information submitted to the Agency, including reports and
notifications submitted pursuant to Sec. Sec. 1.623 and 1.656, becomes
an Agency record. We note we have added a new Sec. 1.695 to the final
rule to clarify that records under this subpart are subject to part 20;
part 20 provides protections for trade secrets and CCI from public
disclosure (see, e.g., Sec. 20.61).
G. May importers use reports of regulatory audits by accredited
certification bodies for purposes of subpart L of this part? (Sec.
1.698)
We proposed that an importer as defined in Sec. 1.500 of this part
may use a regulatory audit of an eligible entity, documented in a
regulatory audit report, in meeting the requirements for an onsite
audit of a foreign supplier under subpart L of this part.
(Comment 182) Some comments agree with FDA's proposal to allow
importers to use regulatory audit reports of foreign suppliers,
conducted for VQIP or import certification purposes, in meeting the
verification requirements under the proposed FSVP program. These
comments state that the use of regulatory audits by accredited third-
party certification bodies should not be required under FSVP. The
comments assert that importers should be free to choose how best to
meet the verification requirements. Some comments misunderstood
proposed Sec. 1.698 to require the use of accredited third-party
certification bodies for FSVP purposes.
(Response 182) To clarify that the use of an accredited third-party
certification body for FSVP purposes is not required by this rule, we
are removing this provision. This rule establishes the framework and
procedures for participation in the accredited third-party
certification program for purposes of sections 808 of the FD&C Act and
does not create substantive requirements for the FSVP program. However,
regulatory audits may be used to meet supplier verification
requirements under FDA's final preventive controls regulations and FSVP
regulations if they comport with those requirements.
XIV. Editorial and Conforming Changes
The revised regulatory text includes several changes that we have
made to clarify requirements and to improve readability. The revised
regulatory text also includes several conforming changes that we have
made when a change to one provision affects other provisions. We
summarize the principal editorial and conforming changes in table 5. We
also made very minor editorial corrections, such as inserting a
[[Page 74633]]
missing end parenthesis symbol; those changes are not included in this
chart.
Table 5--Principal Editorial and Conforming Changes
----------------------------------------------------------------------------------------------------------------
Designation in the revised regulatory
text (section) Revision Explanation
----------------------------------------------------------------------------------------------------------------
Throughout part 1, subpart M............ Where applicable, substituted the term Conforming change.
``assessment'', or its derivations, for
the terms ``audit'' or ``review'', or
their derivations, when describing an FDA
evaluation of an accreditation body and
when describing an evaluation of a third-
party certification body performed by a
recognized accreditation body or by FDA.
Throughout part 1, subpart M............ Where applicable, substituted Conforming change.
``evaluate'', or its derivations, for
``assess'' or ``determine'', or their
derivations, when describing the nature
of activities involved in an
``assessment'' (as defined in this rule)
of an accreditation body or a third-party
certification body.
Throughout part 1, subpart M............ Where applicable, substituted ``examine'', Conforming change.
or its derivations, for ``audit'',
``assess'', ``determine'', or
``evaluate'', or their derivations, when
describing the nature of activities
involved in an ``audit,'' as defined in
this rule, of an eligible entity.
Throughout part 1, subpart M............ Where applicable, revised to refer to Improve clarity.
``audit agent'' rather than ``agent''
when describing individuals who conduct
audits for accredited third-party
certification bodies. Use ``agent(s) used
to conduct audits'' rather than, ``audit
agent(s)'' when referring to individuals
who conduct audits for a third-party
certification body prior to its
accreditation under this program.
Throughout part 1, subpart M............ Revised to refer to ``competency'' rather Improve clarity.
than ``competence''.
Throughout part 1, subpart M............ Where appropriate, revised to refer to Improve clarity.
``recognized accreditation bodies''
rather than ``accreditation bodies''.
Throughout part 1, subpart M............ Where appropriate, revised to refer to Improve clarity.
``accredited third-party certification
bodies'' rather than ``third-party
certification bodies''.
Throughout part 1, subpart M............ Where appropriate, rephrased ``[i]f FDA Improve clarity.
has reason to believe that a food
certification issued for purposes of
section 801(q) of the FD&C Act is not
valid or reliable, FDA may refuse to
consider the certification in determining
the admissibility of the article of food
for which the certification was
offered.''
Throughout part 1, subpart M............ Replaced ``personnel'' with ``employees''. Improve clarity.
Sec. 1.600(c)......................... Deleted ``, including the model Conforming change.
accreditation standards'' from the
definition of ``accreditation''.
Sec. 1.600(c)......................... Revised the definition of ``accredited Improve clarity.
third party certification body'' to
replace ``is authorized'' with ``is
accredited''.
Sec. 1.600(c)......................... Revised the definition of ``eligible Improve clarity.
entity'' to replace ``subject to the
registration requirements of'' with
``required to be registered under''.
Sec. 1.600(c)......................... Revised the definition of ``facility Improve clarity.
certification'' to replace ``establish
that a facility meets'' with ``establish
whether a facility complies with''.
Sec. 1.600(c)......................... Revised the definition of ``food Improve clarity.
certification'' to replace ``establish
that a food meets'' with ``establish
whether a food of an eligible entity
complies with''.
Sec. 1.600(c)......................... Revised the definition of Improve clarity.
``relinquishment'' to state that
relinquishment occurs prior to the
expiration of recognition or
accreditation for accreditation bodies
and certification bodies, respectively.
Sec. 1.601(a)......................... Changed ``for conducting food safety Improve clarity.
audits and for issuing food and facility
certifications to eligible entities'' to
``to conduct food safety audits and to
issue food and facility certifications''.
Sec. 1.601(b)(2)...................... Changed ``Issuing food and facility Improve clarity.
certifications'' to ``Issuing
certifications''.
Changed ``or in meeting the eligibility
requirements'' to ``or issuing a facility
certification for meeting the eligibility
requirements''.
Sec. 1.601(c)......................... Replaced ``except as provided in paragraph Correction.
(d) of this section'' with ``under this
subpart''.
Sec. 1.601(d)......................... Redesignated paragraphs (1), (1)(i), Editorial change.
(1)(ii), (2), (2)(i), and (2)(ii) as
paragraphs (1)(i), (1)(i)(A), (1)(i)(B),
(1)(ii), (1)(ii)(A), and (1)(ii)(B).
Sec. 1.601(d)(1)(i)................... Changed ``[t]he certification of food Conforming change.
under section 801(q)'' to ``[a]ny
certification required under section
801(q)''.
Sec. 1.601(d)(1)(ii).................. Changed ``[c]ertification of food under Conforming change.
section 801(q)'' to ``Any certification
required under section 801(q)''.
Sec. 1.601(d)(1)(ii).................. Changed ``food other than alcoholic Improve clarity.
beverages that is from a facility'' to
``food that is not an alcoholic beverage
that is received and distributed by a
facility''.
Sec. 1.610............................ Section heading changed from ``[w]ho is Improve clarity.
eligible for recognition,'' to ``[w]ho is
eligible to seek recognition;''
Text changed from ``eligible for
recognition'' to ``eligible to seek
recognition.''.
[[Page 74634]]
Sec. 1.611(a)......................... Changed ``through'' to ``as a legal entity Improve clarity.
with''.
Removed ``such'' from between ``perform''
and ``assessments.''.
Changed ``its capability to audit'' to
``its capability to conduct audits.''.
Sec. 1.611(a)(2)...................... Replaced ``personnel and other agents,'' Conforming change.
with ``its agents, (or the third-party
certification body in the case of a third-
party certification body that is an
individual, such individual)''.
Sec. Sec. 1.611(b), 1.612(b), In sentences referencing requirements for Improve clarity.
1.613(b), 1.614(b), 1.615(b), recognized accreditation bodies or
1.623(d)(2), 1.630(b), 1.631(b), accredited third-party certification
1.641(b), 1.642(b), and 1.645(b). bodies, replaced specific references to
other sections of this rule with ``the
applicable [* * *] requirements of this
subpart''.
Sec. 1.612(b)......................... Changed ``capability to meet the* * *'' to Clarify that only the
``capability to meet the applicable''. applicable assessment and
monitoring requirements
apply.
Sec. 1.615(a)......................... Added ``pertaining to this subpart'' Improve clarity.
between ``legal obligations'' and ``and
to provide''.
Sec. 1.615(b)......................... Replaced ``[i]s capable of meeting,'' with Editorial change.
``The capability to meet''.
Sec. 1.620(a)(2)...................... Removed ``that aggregates the products of Conforming change.
growers or processor [sic],'' after
``foreign cooperative''.
Sec. 1.620(d)......................... Replaced ``including,'' with, ``and Editorial change.
include''.
Sec. 1.621............................ Last word of section heading changed from Editorial change.
``accredits'' to ``accredited''.
Sec. 1.621(a)......................... At the end of the previously undesignated Improve clarity.
paragraph which is now paragraph (a),
moved ``recognized accreditation body . .
. with this subpart''.
Sec. 1.622(a)......................... Added ``compliance with this subpart, Improve clarity.
including'' at the end of the opening
phrase.
Sec. 1.622(a)(1)...................... Replaced ``or other agents in activities To clarify that the
under this subpart and the degree of relevant activities under
consistency among such performances,'' this subpart are
with ``or other agents involved in accreditation activities.
accreditation activities and the degree
of consistency in conducting
accreditation activities''.
Sec. 1.622(a)(2)...................... Added ``involved in accreditation Conforming change.
activities,'' between ``other agents,''
and ``with the conflict of interest
requirements''.
Sec. 1.622(c)(1)...................... Changed ``area(s) needing improvement,'' Improve clarity.
to ``area(s) where deficiencies exist''.
Sec. 1.622(c)(2)...................... Changed ``implement effective correction Improve clarity.
action(s) to address those area(s)'' to
``implement corrective action(s) that
effectively address those deficiencies''.
Sec. 1.622(c)(3)...................... Inserted ``any'' between ``records of,'' Improve clarity.
and ``such corrective action(s)''.
Sec. 1.622(d)......................... Changed ``includes:'' to ``includes the Conforming change.
following elements.''.
Sec. 1.622(d)(2)...................... Added ``involved in accreditation Conforming change.
activities,'' between, ``other agents,''
and ``complied with the conflict of
interest requirements''.
Sec. 1.623(b)......................... Created subparagraphs by inserting, Improve clarity.
``(i)'' before ``a report of the results
of an annual self-assessment'' and
``(ii)'' before ``for a recognized
accreditation body subject to Sec.
1.664(g)((1);''
Removed ``must submit'' from between
``Sec. 1.664(g)(1),'' and ``a report of
such self-assessment;''.
Changed ``to FDA within 2 months'' to ``to
FDA within 60 days of the third party
certification body's withdrawal.''.
Sec. 1.623(c)(1)...................... Added ``(including expanding the scope Improve clarity.
of),'' between ``[g]ranting,'' and
``accreditation''.
Sec. 1.623(d)(1)(iv).................. Added ``scope and,'' between ``the'' and Improve clarity.
``basis for such denial''.
Sec. 1.624(a)......................... Changed from ``other agents)'' to ``other Conforming change.
agents involved in accreditation
activities)''.
Sec. 1.624(b) redesignated as Sec. Rephrased ``[t]he financial interests of Improve clarity.
1.624(c). the spouses and children younger than 18
years of age of officers, personnel, and
other agents of a recognized
accreditation body will be considered the
financial interests of such officers,
personnel, and other agents of the
accreditation body''.
Sec. 1.624(d)......................... Changed ``and date(s) on each the Editorial change.
accredited'' to ``and the date(s) on
which the accredited''.
Sec. 1.625 title and paragraphs (a), Changed from ``A recognized accreditation To clarify that the duties
(b), and (c). body,'' to ``An accreditation body that with respect to records
has been recognized''. as required under this
subpart adhere to any
accreditation body that
has been recognized,
including accreditation
bodies that are no longer
recognized.
Sec. 1.625(a)(2)...................... Added ``expand or'' after ``withdraw, or'' Improve clarity.
Sec. 1.630(c)......................... Changed from ``needed by FDA to process Improve clarity.
the application'' to ``needed by FDA
during processing of the application''.
[[Page 74635]]
Sec. 1.630(d)......................... Changed from ``signed by the applicant or Improve clarity.
by any individual authorized'' to
``signed by an individual authorized''.
Sec. 1.631 heading.................... Changed heading from ``How will FDA review Improve clarity.
applications for recognition and renewal
of recognition?'' to ``How will FDA
review my application for recognition or
renewal of recognition and what happens
once FDA decides on my application?''
Sec. 1.631(a)......................... Added ``an accreditation body's'' after Improve clarity.
FDA will review, deleted ``a''.
Sec. 1.631(b)......................... Inserted ``regarding'' before ``whether Editorial change.
the application has been approved or
denied.''
Sec. 1.631(c)......................... Changed to state that the FDA will notify Improve clarity.
an applicant that its recognition or
renewal application has been approved
through issuance of recognition that will
list any limitations associated with the
recognition.
Sec. 1.631(d)......................... Changed to state that the FDA will notify Improve clarity.
an applicant that its recognition or
renewal application has been denied
through issuance of a denial of
recognition that will state the basis for
such denial and provide the procedures
for requesting reconsideration of the
application under Sec. 1.691.
Sec. 1.632............................ Added ``from the date of recognition'' to Improve clarity.
the end of the sentence.
Sec. 1.633(a)......................... Removed ``periodically''.................. Improve clarity.
Sec. 1.633(a)......................... Rephrased ``date of accreditation for a 5- Improve clarity.
year term of recognition, or by no later
than mid-term point for recognition
granted for less than 5 years.''
Sec. 1.633(b)......................... Rephrased ``These may be conducted at any Improve clarity.
time, with or without the accreditation
body or auditor/certification body
present''.
Sec. 1.634(a)......................... Inserted ``found not to be in compliance Improve clarity.
with the requirements of this subpart,
including'' after ``of an accreditation
body''.
Sec. 1.634(a)(2)(ii).................. Changed ``problem with the accreditation Improve clarity.
body'' to ``deficiency''.
Sec. 1.634(a)(2)(iii)................. Inserted ``to do so'' after ``[d]irected'' Improve clarity.
Sec. 1.634(c)(1)...................... Changed ``Upon revocation, FDA will notify Improve clarity.
that accreditation body, electronically,
in English, stating * * *''.
Sec. 1.634(d)(1)...................... Removed ``electronically and in English''. Improve clarity.
Sec. 1.634(d)(1)(i)................... Rephrased from ``[n]o later than 2 months Improve clarity.
after the revocation'' to ``[n]o later
than 60 days after the date of issuance
of the revocation''.
Sec. 1.634(d)(1)(ii).................. Added ``or the original date of the Improve clarity.
expiration of the accreditation,
whichever comes first'' after
``revocation''.
Changed from ``a recognized'' to,
``another recognized''.
Sec. 1.634(d)(2)...................... Added ``(c)'' after ``1.664''............. Improve clarity.
Sec. 1.635 heading.................... Changed heading from ``How do I Improve clarity.
voluntarily relinquish recognition?'' to
``What if I want to voluntarily
relinquish recognition or do not want to
renew recognition?''
Sec. 1.636(a)......................... Removed ``or may be required to submit Improve clarity.
such application after a determination in
a regulatory hearing under Sec. 1.693''.
Sec. 1.640 heading.................... Changed heading from, ``Who is eligible Improve clarity.
for accreditation?'' to, ``Who is
eligible to seek accreditation?''
Sec. 1.641(a)......................... Changed ``or through contractual rights'' Conforming change.
to ``or as a legal entity with
contractual rights'' and added ``and
conformance with applicable'' before
``industry standards and practices''.
Sec. 1.642(a)(1)...................... Changed ``industry standards and practices Improve clarity.
and to issue'' to ``conformance with
applicable industry standards and
practices and issuance of''.
Sec. 1.641(a)(2)...................... Changed ``of the eligible entity'' to ``of Conforming change.
an eligible entity''.
Removed ``such as witnessing the
performance of a statistically
significant number of personnel and other
agents conducting audits of food
facilities.''.
Sec. 1.643(a)......................... Replaced ``certification body (and its Improve clarity.
officers, personnel, and other agents)
and eligible entities (and their owners
and operators) seeking assessment and
certification from,''
Sec. 1.644(a)(1)...................... Rephrased ``[i]dentify areas in its Improve clarity.
auditing and certification program or
performance that need improvement'' to
``[i]dentify deficiencies in its auditing
and certification program or
performance''.
Sec. 1.644(a)(2)...................... Rephrased from ``Quickly execute Improve clarity.
corrective actions when problems are
found'' to ``[q]uickly execute corrective
actions that effectively address any
identified deficiencies''.
Sec. 1.650 heading.................... Changed heading from ``How must an Improve clarity.
accredited auditor/third-party
certification body ensure its audit
agents are competent and objective'', to
``How must an accredited third-party
certification body ensure competency and
objectivity?''
[[Page 74636]]
Sec. 1.650(a)(3)...................... Changed from ``[p]articipates in annual Improve clarity.
food safety under the accredited
auditor's/certification body's training
plan,'' to ``[c]ompletes annual food
safety training that is relevant to
activities conducted under this subpart''.
Throughout Sec. Sec. 1.651 and 1.652. Where appropriate, added ``eligible'' Improve clarity.
before ``entity'' and ``food safety''
before ``audit''.
Sec. 1.651(a)(1)(i)................... Inserted ``subject to the requirements of Improve clarity.
this subpart'' after ``be conducted as a
consultative or regulatory audit''.
Sec. 1.651(b)(1)...................... Changed from ``[c]onduct an unannounced Conforming change.
audit to verify whether the activities
and results'' to ``[c]onduct an
unannounced audit to determine whether
the facility, process(es), and food''.
Sec. 1.651(b)(2)...................... Removed ``and, where appropriate, to issue Improve clarity.
food and facility certifications'' from
end of phrase.
Sec. 1.651(b)(5)...................... Inserted ``audits conducted under this Improve clarity.
subpart as follows'' after ``[p]repare
reports of''.
Sec. 1.651(b)(5)(i) (previously Sec. Inserted ``For'' before ``consultative Improve clarity.
1.651(b)(5)). audits,''.
Inserted ``maintain such records, subject
to FDA access in accordance with section
414 of the FD&C Act.''.
Sec. 1.651(b)(5)...................... Created (i) and (ii) to more easily Improve clarity.
distinguish between the different
requirements for consultative and
regulatory audits.
Sec. 1.651(b)(6)...................... Inserted ``under this subpart'' after Improve clarity.
``food safety audit''.
Sec. 1.651(c)(2)...................... Changed ``to establish compliance with the Improve clarity.
FD&C Act'' to ``to determine compliance
with the applicable food safety
requirements of the FD&C Act and FDA
regulations, and, for consultative
audits, also includes conformance with
applicable industry standards and
practices''.
Sec. 1.651(c)(3)...................... Rephrased ``entity would be likely to Improve clarity.
remain in compliance with the applicable
requirements of the FD&C Act for at least
12 months following the audit, provided
that the facility and its process(es) are
properly maintained and implemented.''
Sec. 1.651(c)(4)...................... Removed ``assessment'' and added ``other Improve clarity.
data and information from the
examination, including information on''.
Removed ``of the accredited auditor/
certification body.''.
Throughout Sec. Sec. 1.652, 1.653.... Where appropriate, inserted, Improve clarity.
``regulatory'' before, ``audit''.
Sec. 1.652(a)......................... Reformatted requirements in Sec. Editorial change.
1.652(a)(1) through (6) to more closely
align with formatting of Sec.
1.652(b)(1) through (6);.
Inserted ``subject to FDA access in Improve clarity.
accordance with the requirements of
section 414 of the FD&C Act.''
Sec. 1.652(b)(1)...................... Replaced ``audited facility'' with ``site Improve clarity.
or location where the regulatory audit
was conducted''.
Sec. 1.652(b)(6)(i) and (ii).......... Inserted ``to humans or animals'' after Improve clarity.
``serious adverse health consequences or
death''.
Sec. 1.652(b)(8)...................... Rephrased from ``is used in the facility'' Improve clarity.
to ``is performed in or used by the
facility''.
Sec. 1.653 heading.................... Changed heading from ``What must Improve clarity.
accredited auditor/certification body do
when issuing food or facility
certifications?'' to ``What must an
accredited third-party certification body
do when issuing food or facility
certifications?''
Sec. 1.653(a)(1)...................... Changed ``(or an audit agent'' to ``(or, Improve clarity.
where applicable, an audit agent''.
Changed ``to establish compliance'' to
``to determine compliance.''.
Sec. 1.653(a)(2)...................... Changed ``an observation'' to ``a Improve clarity.
deficiency''.
Sec. 1.654 heading.................... Rephrased language in heading from Improve clarity.
``eligible entity with a food or facility
certification'' to ``eligible entity that
it has issued a food or facility
certification''.
Sec. 1.654............................ Added ``with such requirements'' after Improve clarity.
``compliance''.
Changed ``if it determines the eligible
entity is no longer'' to ``if it
withdraws or suspends a food or facility
certification because it determines that
the entity is no longer.''.
Sec. 1.655(a)......................... Changed ``must annually, and as required Improve clarity.
under Sec. 1.631(f)(1)(i) or upon FDA
request made for cause, conduct a self-
assessment that includes evaluation of:''
Sec. Sec. 1.655(a)(1), 1.655(a)(2), Added ``involved in auditing and Improve clarity.
1.655(a)(3), 1.655(d)(2), 1.657(a), certification activities,'' after ``other
1.657(a)(1), 1.657(c). agents''.
Sec. Sec. 1.655(a)(1), 1.655(a)(2)... Removed ``under this subpart''............ Improve clarity.
Sec. 1.655(a)(5)...................... Inserted ``of'' between ``determination'' Editorial change.
and ``whether''.
Sec. 1.655(c)(1)...................... Replaced ``area(s) needing improvement'' Improve clarity.
with, ``deficiencies in complying with
the requirements of this subpart''.
[[Page 74637]]
Sec. 1.655(c)(2)...................... Rephrased from ``effective corrective Improve clarity.
action(s) to address those area(s)'' to
``corrective action(s) that effectively
address the identified deficiencies''.
Sec. 1.656(b)......................... Modified submission timeframe from 2 Conforming change.
months to 60 days.
Sec. 1.656(c)......................... Rephrased ``when any of its audit agents Improve clarity.
or the accredited auditor/third-party
certification body itself, discovers any
condition found during a regulatory or
consultative audit of an eligible entity,
which''.
Sec. 1.657(a)(3) redesignated as Sec. Added ``accredited third-party Improve clarity.
1.657(a)(4). certification body's'' after
``[p]rohibiting an''.
Changed ``other agent of the accredited
auditor/certification body from accepting
any money, gift, gratuity, or item of
value'' to ``other agent involving in
auditing and certification activities
from accepting any money, gift, gratuity,
or other item of value.''.
Sec. 1.657(a)(4) redesignated as Sec. Changed reference from ``(a)(3)'' to Editorial change.
1.657(a)(5). ``(a)(4)''.
Sec. 1.657(a)(4)(i) redesignated as Changed from ``accreditation'' to, Correction.
Sec. 1.657(a)(5)(i). ``auditing and certification''.
Sec. 1.657(c)......................... Added ``accredited third-party Improve clarity.
certification body's'' before
``officers''.
Changed ``other agents of an accredited
auditor/certification body'' to ``other
agents involving in auditing and
certification activities.''.
Sec. 1.658 heading.................... Changed heading to ``What records Improve clarity.
requirements must an accredited auditor/
certification body that has been
accredited meet?''
Sec. 1.658(a)......................... Rephrased from ``certification body must Improve clarity.
maintain electronically for 4 years
records'' to ``certification body that
has been accredited must maintain
electronically for 4 years records
created during its period of
accreditation''.
Sec. 1.658(a)(1)...................... Removed ``laboratory testing records and Conforming change.
results (as applicable).
Sec. Sec. 1.658(a)(1), 1.658(a)(3)... Rephrased from ``and corrective actions'' Improve clarity.
to ``verification of any corrective
action(s) taken''.
Sec. 1.658(a)(4)...................... Replaced ``under Sec. 1.650(a)(5) or by Conforming change.
the accredited auditor/certification body
to FDA under Sec. 1.656(e)'' with ``in
accordance with Sec. 1.650(a)(5)''.
Sec. 1.658(a)(5)-(a)(9) redesignated Removed paragraph (a)(5).................. Conforming change.
as Sec. 1.658(a)(5)-(a)(8).
Sec. 1.658(a)(8) redesignated as Sec. Rephrased from, ``taken as a result'' to Improve clarity.
1.658(a)(7). ``taken to address any deficiencies
identified during a self-assessment''.
Sec. 1.658(a)(9) redesignated as Sec. Changed ``the auditing or certification Improve clarity.
1.658(a)(8). program'' to ``its auditing or
certification program''.
Sec. 1.658(b)......................... Changed from ``FDA in accordance with the Correction.
requirements of subpart J of this
chapter'' to ``FDA in accordance with
section 414 of the FD&C Act''.
Sec. 1.660 heading.................... Changed heading to ``Where do I apply for Improve clarity.
accreditation or renewal of accreditation
by a recognized accreditation body and
what happens once the recognized
accreditation body decides on my
application?''
Sec. 1.661............................ Added ``by a recognized accreditation Improve clarity.
body'' at end of header.
Sec. 1.662(a)......................... Rephrased ``comply with the requirements Improve clarity.
of Sec. Sec. 1.640 to 1.658 and
whether there are deficiencies in the
performance of the accredited auditor/
certification body that, if not
corrected, would warrant withdrawal of
its accreditation under this subpart.''
Sec. 1.662(b)(4)...................... Rephrased from ``regarding the accredited Improve clarity.
auditor's/certification body's authority,
qualifications (including the expertise
and training of its audit agents),
conflict of interest program, internal
quality assurance program, and monitoring
by its accreditation body (or, in the
case of direct accreditation, FDA);''
Sec. 1.663(d)......................... Rephrased from ``submission was Improve clarity.
completed'' to ``completed submission is
received''.
Sec. 1.663(e)......................... Removed ``in writing'' and ``Such Conforming change.
notification may be made
electronically.''
Sec. 1.663(f)......................... Replaced ``conditions'' with Improve clarity.
``limitations''.
Sec. 1.663(f)......................... Replaced ``notification'' with ``issuance Improve clarity.
of the waiver'' and ``issuance of a
denial of a waiver request'' as
appropriate.
Replaced ``conditions'' with
``limitations.''.
Sec. 1.664(a)(1)...................... Added ``or chemical or physical hazard''.. Correction.
Sec. 1.664(a)(2)...................... Changed ``meets the requirements'' to Improve clarity.
``complies with the applicable
requirements''.
Sec. 1.664(b)(2)...................... Replaced ``steps'' with ``relevant audit Improve clarity.
records''.
Replaced ``to justify the food or facility
certification'' with ``in support of its
decision to certify''.
Sec. 1.664(c)(2)...................... Deleted ``food or facility''.............. For flexibility.
[[Page 74638]]
Sec. 1.664(e)(1)...................... Added ``of its accreditation through Improve clarity.
issuance of a withdrawal that will
state''.
Sec. 1.664(e)(1)...................... Deleted, ``electronically, in English''... Conforming change.
Sec. 1.664(e)(2)...................... Added ``issuance of the'' between ``date Improve clarity.
of'' and withdrawal''.
Sec. 1.664(g)(1)...................... Replaced ``bodies'' with ``body it Improve clarity.
accredited''.
Added ``by FDA.''.........................
Changed ``2 months'' to ``60 days.''......
Removed ``electronically and in English.''
Sec. 1.664(g)(2)...................... Replaced ``such'' with ``an''............. Editorial change.
Sec. 1.664(h)......................... Replaced ``and the status of recognition Improve clarity.
and food and facility certifications'' in
the heading with ``accreditation''.
Sec. 1.664(h)......................... Replaced ``under this subpart'' with ``and Improve clarity.
provide a description of the basis for
withdrawal''.
Sec. 1.665 heading.................... Changed heading from ``How do I Improve clarity.
voluntarily relinquish accreditation? to
``what if I want to voluntarily
relinquish accreditation or do not want
to renew?''
Sec. 1.665(a)......................... Changed ``2 months'' to ``60 days''....... Improve clarity.
Sec. 1.665(b)......................... Added ``The accreditation body must Clarification.
establish and maintain records of such
notification under Sec. 1.625(a).''
Sec. 1.666(a)(1)...................... Replaced ``requirements for Improve clarity.
accreditation'' with ``applicable
requirements of this subpart''.
Sec. 1.666(a)(2)(i)................... Replaced ``a'' with ``another'' and Editorial changes.
``not'' with ``no''.
Sec. 1.670(a)(3)...................... Added ``(a)(1) of this section, as Correction.
described in paragraph (a)(2)''.
Sec. 1.670(b)(1)...................... Revised to specify provision ``(a)(1)''... Improve clarity.
Sec. 1.670(b)(2)...................... Added subsection title ``Submission''..... Improve clarity.
Sec. 1.670(b)(3)...................... Added subsection title ``Signature''...... Improve clarity.
Sec. 1.671 heading.................... Changed title from ``How will FDA review Improve clarity.
applications for direct accreditation and
for renewal of direct accreditation?'' to
``How will FDA review my application for
direct accreditation or for renewal of
direct accreditation and what happens
once FDA decides on my application?''
Sec. 1.671(b)......................... Reorganized the provision: Moved original Improve clarity.
(f) under (b).
Sec. 1.671(c) previously (c) and (d).. Redesignated as (c) to state that FDA will Improve clarity.
notify an applicant that its direct
accreditation or renewal application has
been approved through issuance of direct
accreditation that will list any
limitations associated with the
accreditation.
Sec. 1.671(e)......................... Redesignated (e) to (d)................... Improve clarity.
Replaced ``denies'' with ``issues a
denial''.
Added ``for direct accreditation or for
renewal of direct accreditation.''.
Replaced ``notification'' with ``issuance
of the denial of direct accreditation.''.
Deleted ``address and''...................
Sec. 1.681............................ Combined (a) and (b)...................... Improve clarity.
Replaced ``seek'' with ``apply for''......
Sec. 1.691(a) and (b)................. Replaced ``decision'' with ``the issuance Improve clarity.
of such denial''.
Sec. 1.691(c)......................... Replaced ``it describes'' with ``described Editorial change.
in the notice''.
Sec. 1.691(d)......................... Deleted ``in writing''.................... Improve clarity.
Rephrased ``of its decision to grant the
application or waiver request upon
reconsideration, or its decision to deny
the application or waiver request upon
reconsideration.''.
Sec. 1.692(a)......................... Replaced ``FDA issued'' to ``of issuance Editorial change.
of''.
Sec. 1.692(d)......................... Deleted ``electronically''................ Improve clarity.
Added phrases ``through issuance of an
application or waiver request upon
reconsideration'' and ``application or
waiver request upon reconsideration
through issuance of a denial of.''.
Sec. 1.692(e)......................... Replaced ``Affirmation'' with ``Issuance'' Improve clarity.
Sec. 1.693............................ Replaced ``FDA issued'' and ``written For consistency and to
notice'' with ``issuance of''. improve clarity.
Sec. 1.693(a)......................... Rephrased ``the accreditation body or an Improve clarity.
individual authorized to act on its
behalf'' to ``an individual authorized to
act on the accreditation body's behalf''.
Sec. 1.693(b)......................... Rephrased ``the auditor/certification body Improve clarity.
or an individual authorized to act on its
behalf'' to ``an individual authorized to
act on the third-party certification
body's behalf''.
----------------------------------------------------------------------------------------------------------------
[[Page 74639]]
XV. Executive Order 13175
In accordance with Executive Order 13175, FDA has consulted with
tribal government officials. A Tribal Summary Impact Statement has been
prepared that includes a summary of Tribal officials' concerns and how
FDA has addressed them (Ref. 26). Persons with access to the Internet
may obtain the Tribal Summary Impact Statement at https://www.regulations.gov. Copies of the Tribal Summary Impact Statement also
may be obtained by contacting the person listed under FOR FURTHER
INFORMATION CONTACT.
XVI. Analysis of Economic Impact
FDA has examined the impacts of the final rule under Executive
Order 12866, Executive Order 13563, the Regulatory Flexibility Act (5
U.S.C. 601-612), and the Unfunded Mandates Reform Act of 1995 (Pub. L.
104-4). Executive Orders 12866 and 13563 direct Agencies to assess all
costs and benefits of available regulatory alternatives and, when
regulation is necessary, to select regulatory approaches that maximize
net benefits (including potential economic, environmental, public
health and safety, and other advantages; distributive impacts; and
equity). The Agency believes that this final rule is a significant
regulatory action under Executive Order 12866.
The Regulatory Flexibility Act requires Agencies to analyze
regulatory options that would minimize any significant impact of a rule
on small entities. Because the Third-Party program will be used
primarily on voluntary basis where private enterprises determine that
the benefits of participating in our program outweighs their associated
user fee and compliance costs, the Agency certifies that the final rule
will not have a significant economic impact on a substantial number of
small entities.
Section 202(a) of the Unfunded Mandates Reform Act of 1995 requires
that Agencies prepare a written statement, which includes an assessment
of anticipated costs and benefits, before proposing ``any rule that
includes any Federal mandate that may result in the expenditure by
State, local, and tribal governments, in the aggregate, or by the
private sector, of $100,000,000 or more (adjusted annually for
inflation) in any one year.'' The current threshold after adjustment
for inflation is $144 million, using the most current (2014) Implicit
Price Deflator for the Gross Domestic Product. FDA does not expect this
final rule to result in any 1-year expenditure that would meet or
exceed this amount. Annualized cost of the Third-Party final rule is
estimated at approximately $2.8 to $11.6 million, depending on the
scenario.
XVII. Paperwork Reduction Act of 1995
This final rule contains information collection provisions that are
subject to review by OMB under the Paperwork Reduction Act of 1995 (44
U.S.C. 3501-3520). The title, description, and respondent description
of the information collection provisions are shown in the following
paragraphs with an estimate of the annual reporting and recordkeeping
burdens. Included in the estimate is the time for reviewing
instructions, searching existing data sources, gathering and
maintaining the data needed, and completing and reviewing each
collection of information.
Title: Accreditation of Third-Party Certification Bodies to Conduct
Food Safety Audits and Issue Certifications (Third-Party final rule)
Description: FDA is amending its regulations to provide for
accreditation of third-party certification bodies (CBs) to conduct food
safety audits of eligible foreign food entities, including foreign food
facilities, and to issue food and facility certifications, pursuant to
the FDA Food Safety Modernization Act. Use of accredited third-party
CBs and food and facility certifications will help us prevent
potentially harmful food from reaching U.S. consumers and thereby
improve the safety of the U.S. food supply. We also expect that these
regulations will increase efficiency by reducing the number of
redundant audits to assess compliance with applicable food safety
requirements of the FD&C Act and FDA regulations.
Description of respondents: The coverage of the Third-Party final
rule includes eligible entities seeking audits, certification, and/or
recertification by accredited CBs participating in our program,
accreditation bodies (ABs) seeking to comply with the recognition
requirements of the Third-Party final rule, and CBs seeking to comply
with the accreditation requirements of the Third-Party final rule
(including those accredited by recognized ABs and those directly-
accredited by FDA). An eligible entity is a foreign entity in the
import supply chain of food for consumption in the United States that
chooses to be subject to a food safety audit conducted by an accredited
third-party certification body.
Based on FDA Operational and Administration System for Import
Support database information, we estimate that there are 200,692
foreign food and feed exporters that offer their food and feed for
import into the United States. These foreign food and feed exporters
include 129,757 food and feed production facilities and 70,935 farms. A
proportion of these foreign food and feed exporters may offer food
subject to mandatory certification requirements under section 801(q) of
the FD&C Act. In that case, the eligible entities must either comply
with the Third-Party final rule in order to obtain certification from a
CB accredited under the third-party program to continue exporting their
food products into the United States, or a foreign government
designated by FDA, or lose their access to U.S. markets. In the
economic analysis of the Third-Party final rule, we assume that in any
given year 75 foreign food and feed exporters will be subject to
section 801(q) of the FD&C Act.
In addition to the entities subject to Sec. 801(q), some food
exporters will seek certificates to participate in VQIP under section
806 of the FD&C Act. We consider three different scenarios for the
participation rate of VQIP importers and their associated foreign
suppliers in a 10-year period: (1) Constant number of VQIP importers in
every year, (2) increasing participation over time, peaking at 20
percent of all importers of perishable products by the fifth year, with
stagnant growth in subsequent years, (3) increasing participation over
time, peaking at 40 percent of all importers of perishable products by
the 10th year of the program.
The VQIP draft guidance document caps the acceptance of
applications by importers for VQIP at 200 for the initial year of the
program. Under Scenario 1, we consider 200 importers participating in
each of first 10 years of VQIP (see table 6). Average number of foreign
suppliers per importers is approximately 5.58; therefore, under
Scenario 1, we expect that 200 importers and approximately 1,116
foreign suppliers (200 importers x 5.58 foreign supplier per importer)
will be participating in VQIP every year for a 10-year period (see
tables 6 and 7).
According to FDA's Office of Regulatory Affairs Reporting Analysis
and Decision Support System database, the number of importers of
perishable products is approximately 2,759. These importers would have
an incentive to participate in VQIP in order to expedite entry of their
perishable food products into the United States. Under Scenario 2, we
consider 200 importers participating in the initial year of VQIP and
increasing steadily until the fifth year of the program until 552
importers (20 percent x 2,759 importers of perishable products) are
participating in the program. For years 6 through 10, we consider 3
percent increase in
[[Page 74640]]
participation of new importers in VQIP (see table 6). Multiplying the
number of importers by the number of foreign suppliers per importers
(5.58), we expect that the number of foreign supplies participating in
VQIP, under Scenario 2, would increase from 1,116 to 3,527 in a 10-year
period (see table 7).
Under Scenario 3, we consider the number of importers will increase
from 200 in the initial year of VQIP to 1,104 importers (40 percent x
2,759 importers of perishable products) in the 10th year of the
program. Tables 6 and 7 include the number of importers and their
associated foreign suppliers for scenario 3. Table 9 includes total
number of eligible entities in the Third-Party final rule based on the
three considered scenarios in the 10th year of the program.
The economic analysis of the Third-Party final rule estimates
compliance costs under the assumption that expected efficiency gains,
and foreign food suppliers' incentive to maintain continued importation
of their food to the United States would lead all foreign suppliers
subject to section 801(q) of the FD&C Act, and foreign suppliers who
choose to use third-party food safety audits to satisfy requirements of
FDA's VQIP, to become eligible entities and seek food safety audits
under the Third-Party final rule.
Considering the demand for food safety audits under the Third-Party
program by foreign suppliers subject to section 801(q) of the FD&C Act
and those wanting to participate in VQIP, we expect that some of the
ABs and CBs operating globally will also have an incentive to
participate and comply with the Third-Party final rule. Under the three
different scenarios discussed above, we have estimated that 11 to 25
ABs will accredit CBs that will conduct food safety audits of foreign
eligible entities that offer food or feed for import to the United
States. We also estimate that approximately 91 to 207 CBs will be
accredited by the potential 11 to 25 AB applicants; these CBs will
comply with the Third-Party final rule in order to participate in the
program. In addition, we expect that one CB will apply and participate
in the third-party program via direct accreditation by FDA under the
Third-Party final rule (see table 9).
Table 6--Potential Number of Importers Participating in VQIP in Its Initial 10 Years
--------------------------------------------------------------------------------------------------------------------------------------------------------
Year
Scenario -----------------------------------------------------------------------------------------
1 2 3 4 5 6 7 8 9 10
--------------------------------------------------------------------------------------------------------------------------------------------------------
1............................................................. 200 200 200 200 200 200 200 200 200 200
2............................................................. 200 288 376 464 552 562 579 596 614 632
3............................................................. 200 300 400 500 600 700 800 900 1,000 1,104
--------------------------------------------------------------------------------------------------------------------------------------------------------
Table 7--Potential Number of Foreign Suppliers (Section 806 of the FD&C Act) Participating in VQIP in Its Initial 10 Years
--------------------------------------------------------------------------------------------------------------------------------------------------------
Year
Scenario -----------------------------------------------------------------------------------------
1 2 3 4 5 6 7 8 9 10
--------------------------------------------------------------------------------------------------------------------------------------------------------
1............................................................. 1,116 1,116 1,116 1,116 1,116 1,116 1,116 1,116 1,116 1,116
2............................................................. 1,116 1,607 2,098 2,589 3,080 3,136 3,231 3,326 3,426 3,527
3............................................................. 1,116 1,674 2,232 2,790 3,348 3,906 4,464 5,022 5,580 6,160
--------------------------------------------------------------------------------------------------------------------------------------------------------
Table 8--Number of Respondents in the Third-Party Final Rule
----------------------------------------------------------------------------------------------------------------
Eligible entities Scenario 1 Scenario 2 Scenario 3
----------------------------------------------------------------------------------------------------------------
Section 801(q) of FD&C Act...................................... 75 75 75
Section 806 of FD&C Act......................................... 1,116 3,527 6,160
-----------------------------------------------
Total eligible entities..................................... 1,191 3,602 6,235
----------------------------------------------------------------------------------------------------------------
Table 9--Number of Respondents to the Third-Party Final Rule
----------------------------------------------------------------------------------------------------------------
Number of ABs/CBs
Status of ABs/CBs -----------------------------------------------
Scenario 1 Scenario 2 Scenario 3
----------------------------------------------------------------------------------------------------------------
ABs seeking recognition......................................... 11 17 25
CBs seeking accreditation by recognized ABs..................... 91 140 207
CBs seeking accreditation by FDA................................ 1 1 1
-----------------------------------------------
Total CBs accredited........................................ 92 141 208
----------------------------------------------------------------------------------------------------------------
Information Collection Burden Estimate: We estimate the burden for
this information collection as follows:
Recordkeeping Burden
In summary, under Scenario 1, total one-time recordkeeping burden
by 11 recognized ABs and 92 CBs accredited under the third-party
program is estimated at 25,792 hours (see table 10). Total annual
recordkeeping burden by 11 recognized ABs and 92 CBs accredited under
the third-party
[[Page 74641]]
program is estimated at 2,673 hours (see table 13).
Under Scenario 2, total one-time recordkeeping burden by 17
recognized ABs and 141 CBs accredited under the third-party program is
estimated at 41,640 hours (see table 11). Total annual recordkeeping
burden by 17 recognized ABs and 141 CBs accredited under the third-
party program s is estimated at 4,553 hours (see table 14).
Under Scenario 3, total one-time recordkeeping burden by 25
recognized ABs and 208 CBs accredited under the third-party program is
estimated at 58,570 hours (see table 12). Total annual recordkeeping
burden by 25 recognized ABs and 208 CBs accredited under the third-
party program is estimated at 6,253 hours (see table 15).
For the purpose of this analysis we assume that all ABs that apply
for recognition in the program become recognized and all CBs that apply
for accreditation are accredited.
Table 10--Scenario 1, Estimated One-Time Recordkeeping Burden
----------------------------------------------------------------------------------------------------------------
Average
Number of Number of Total one-time burden per
21 CFR Part 1, subpart M recordkeepers records per records recordkeeping Total hours
recordkeeper (in hours)
----------------------------------------------------------------------------------------------------------------
Sec. 1.615.................... 11 1 11 2 22
Sec. 1.645.................... 92 1 92 2 184
Sec. 1.624(d)................. 11 1 11 160 1,760
Sec. 1.657(d)................. 92 1 92 160 14,720
Contract modification........... 11 8.27 91 2 182
Sec. 1.651.................... 92 48 4,416 2 8,832
Sec. 1.653(b)(2).............. 92 1 92 1 92
-------------------------------------------------------------------------------
Total One-Time Recordkeeping .............. .............. .............. .............. 25,792
Burden.....................
----------------------------------------------------------------------------------------------------------------
Note: There are no operations and maintenance costs associated with one-time recordkeeping burden.
Table 11--Scenario 2, Estimated One-Time Recordkeeping Burden
----------------------------------------------------------------------------------------------------------------
Average
Number of Number of Total one-time burden per
21 CFR Part 1, subpart M recordkeepers records per records recordkeeping Total hours
recordkeeper (in hours)
----------------------------------------------------------------------------------------------------------------
Sec. 1.615.................... 17 1 17 2 34
Sec. 1.645.................... 141 1 141 2 282
Sec. 1.624(d)................. 17 1 17 160 2,720
Sec. 1.657(d)................. 141 1 141 160 22,560
Contract modification........... 17 8.23 140 2 280
Sec. 1.651.................... 141 55.4 7,811 2 15,623
Sec. 1.653(b)(2).............. 141 1 141 1 141
-------------------------------------------------------------------------------
Total One-Time Recordkeeping .............. .............. .............. .............. 41,640
Burden.....................
----------------------------------------------------------------------------------------------------------------
Note: There are no operations and maintenance costs associated with one-time recordkeeping burden.
Table 12--Scenario 3, Estimated One-Time Recordkeeping Burden
----------------------------------------------------------------------------------------------------------------
Average
Number of Number of Total one-time burden per
21 CFR Part 1, subpart M recordkeepers records per records recordkeeping Total hours
recordkeeper (in hours)
----------------------------------------------------------------------------------------------------------------
Sec. 1.615.................... 25 1 25 2 50
Sec. 1.645.................... 208 1 208 2 416
Sec. 1.624(d)................. 25 1 25 160 4,000
Sec. 1.657(d)................. 208 1 208 160 33,280
Contract modification........... 25 8.79 220 2 440
Sec. 1.651.................... 208 48.5 10,088 2 20,176
Sec. 1.653(b)(2).............. 208 1 208 1 208
-------------------------------------------------------------------------------
Total One-Time Recordkeeping .............. .............. .............. .............. 58,570
Burden.....................
----------------------------------------------------------------------------------------------------------------
Note: There are no operations and maintenance costs associated with one-time recordkeeping burden.
Table 13--Scenario 1, Estimated Annual Recordkeeping Burden
----------------------------------------------------------------------------------------------------------------
Average
Number of Number of Total one-time burden per
21 CFR Part 1, subpart M recordkeepers records per records recordkeeping Total hours
recordkeeper (in hours)
----------------------------------------------------------------------------------------------------------------
Sec. 1.625.................... 11 397 4,367 0.025 1,092
(15 minutes)
Sec. 1.624(c)................. 11 1 11 8 88
[[Page 74642]]
Sec. 1.657(d)................. 92 1 92 8 736
Sec. 1.652.................... 92 48 4,416 0.083 367
(5 minutes)
Sec. 1.653(b)(2).............. 92 48 4,416 0.083 367
(5 minutes)
Sec. 1.656(c)................. 92 0.25 23 1 23
-------------------------------------------------------------------------------
Total Annual Recordkeeping .............. .............. .............. .............. 2,673
Burden.....................
----------------------------------------------------------------------------------------------------------------
Note: There are no operations and maintenance costs associated with one-time recordkeeping burden.
Table 14--Scenario 2, Estimated Annual Recordkeeping Burden
----------------------------------------------------------------------------------------------------------------
Average
Number of Number of Total one-time burden per
21 CFR Part 1, subpart M recordkeepers records per records recordkeeping Total hours
recordkeeper (in hours)
----------------------------------------------------------------------------------------------------------------
Sec. 1.625.................... 17 456 7,752 0.25 1,938
(15 minutes)
Sec. 1.624(c)................. 17 1 17 8 136
Sec. 1.657(d)................. 141 1 141 8 1,128
Sec. 1.652.................... 141 55.4 7,811 0.083 648
(5 minutes)
Sec. 1.653(b)(2).............. 141 55.4 7,811 0.083 648
(5 minutes)
Sec. 1.656(c)................. 141 0.25 35 1 35
-------------------------------------------------------------------------------
Total Annual Recordkeeping .............. .............. .............. .............. 4,533
Burden.....................
----------------------------------------------------------------------------------------------------------------
Note: There are no operations and maintenance costs associated with one-time recordkeeping burden.
Table 15--Scenario 3, Estimated Annual Recordkeeping Burden
----------------------------------------------------------------------------------------------------------------
Average
Number of Number of Total one-time burden per
21 CFR Part 1, subpart M recordkeepers records per records recordkeeping Total hours
recordkeeper (in hours)
----------------------------------------------------------------------------------------------------------------
Sec. 1.625.................... 25 426 10,650 0.25 2,663
(15 minutes)
Sec. 1.624(c)................. 25 1 25 8 200
Sec. 1.657(d)................. 208 1 208 8 1,664
Sec. 1.652.................... 208 48.5 10,088 0.083 837
(5 minutes)
Sec. 1.653(b)(2).............. 208 48.5 10,088 0.083 837
(5 minutes)
Sec. 1.656(c)................. 208 0 52 1 52
-------------------------------------------------------------------------------
Total Annual Recordkeeping .............. .............. .............. .............. 6,253
Burden.....................
----------------------------------------------------------------------------------------------------------------
Note: There are no operations and maintenance costs associated with one-time recordkeeping burden.
Sections 1.615 and 1.645 of the Third-Party final rule require that
at the time an AB submits an application for recognition (under Sec.
1.630 of the Third-Party final rule) or a CB submits an application for
direct accreditation (under Sec. 1.660, or where applicable under
Sec. 1.670), the AB or CB must demonstrate that it has implemented
written procedures to adequately establish, control, and maintain
records for the period of time necessary to meet its contractual and
legal obligations pertaining to the third-party program. Currently, ABs
maintain recordkeeping protocols relating to their operations; however,
we expect that ABs will review their recordkeeping protocols and, if
necessary, modify them to meet the requirements of Sec. 1.615 of the
Third-Party final rule before submitting applications for recognition.
We believe that the records requirements for ABs in Sec. 1.615 and CBs
in Sec. 1.645 would constitute a new one-time burden for the 11 to 25
ABs in each of the three considered scenario, and 92 to 208 CBs
respectively. We expect that it would take no more than 2 hours for an
AB or a CB to modify its recordkeeping protocol to comply with the
written recordkeeping requirements described in Sec. Sec. 1.615 and
1.645 of the Third-Party final rule (see tables 10 to 12). Therefore,
under Scenario 1, we estimate that it would take 22 hours (2 hours/AB x
11 ABs) for ABs to comply with Sec. 1.615 (34 hours under Scenario 2,
and 50 hours under Scenario 3) (see tables 10 to 12). We estimate 184
hours (2 hours/CB x 92 CBs) for CBs to comply with Sec. 1.645 of the
Third-Party final rule
[[Page 74643]]
(282 hours under Scenario 2, and 416 hours under Scenario 3) (see
tables 10 to 12).
Section 1.625 of the Third-Party final rule requires that an AB
that has been recognized maintain records documenting requests by CBs
for accreditation from the AB (per Sec. 1.660), challenges to adverse
accreditation decisions (Sec. 1.620(c)), monitoring activities of its
accredited CBs (Sec. 1.621), self-assessments and corrective actions
(Sec. 1.622), copies of regulatory audit reports submitted by its
accredited CBs (Sec. 1.656), and copies of records of reports or
notifications made to us, as required by Sec. 1.623. A recognized AB's
requirements for reporting and notifications per Sec. 1.623 of the
Third-Party final rule include submission of results of its annual
performance assessment of each of its accredited CBs (Sec. 1.623(a))
and the results of its self-assessment (Sec. 1.623(b)) (see tables 20
to 22). A recognized AB also must notify us immediately upon granting,
withdrawing, suspending, reducing the scope of accreditation of a CB or
upon its determination that a CB it accredited issued a food or
facility certification in violation of subpart M, pursuant to Sec.
1.623(c) of the Third-Party final rule. Additionally, a recognized AB
must notify us within 30 days after making significant changes to its
operations that would affect the manner in which it complies with the
Third-Party final rule (Sec. 1.623(d)).
Under current practice, ABs maintain records documenting requests
by CBs for accreditation, monitoring activities of CBs they have
accredited, and self-assessments and corrective actions. The records
currently maintained by ABs are similar to those that would be required
of a recognized AB under Sec. 1.623 of the Third-Party final rule.
However, CBs do not currently send copies of audit reports of their
clients (food facilities) to their ABs. Therefore, an AB's maintenance
of records pertaining to regulatory audit reports submitted by CBs they
have accredited is considered as a new recordkeeping burden for
recognized ABs. We expect that it would take no more than 15 minutes
(0.25 hour) for a recognized AB to file a regulatory audit report
submitted by its accredited CBs. Under Scenario 1, we estimate the
burden for 11 recognized ABs to maintain regulatory audit reports that
were submitted to them by their accredited CBs. We estimate that
following the implementation of the Third-Party final rule, under
Scenario 1, each recognized AB will accredit approximately 8.27 CBs
under the program (average of 10-year period) (8.23 CBs/AB under
Scenario 2; 8.79 CBs/AB under Scenario 3). In addition, under Scenario
1, we estimate that each CB accredited under the third-party program,
on average, will conduct regulatory audits on approximately 48 eligible
entities a year (average of 10-year period) (55.4 foreign suppliers per
CB under Scenario 2; 48.5 foreign suppliers per CB under Scenario 3).
Under Scenario 1, we expect that each recognized AB will receive, on
average, 397 regulatory audit reports (48 regulatory audit reports/CB x
8.27 CBs/AB) from its CBs annually resulting in a total of 4,367
records per year (397 audit reports/AB x 11 ABs). Under Scenario 2, we
expect that each recognized AB will receive, on average, 456 regulatory
audit reports (55.4 regulatory audit reports/CB x 8.23 CBs/AB) from its
CBs annually resulting in a total of 7,752 records per year (456 audit
reports/AB x 17 ABs). Under Scenario 3, we expect that each recognized
AB will receive, on average, 426 regulatory audit reports (48.5
regulatory audit reports/CB x 8.79 CBs/AB) from its CBs annually
resulting in a total of 10,650 records per year (426 audit reports/AB x
25 ABs). Total annual burden of recordkeeping requirement for
recognized AB under Sec. 1.625 of the Third-Party final rule is
estimated at 1,092 hours (4,367 records x 0.25 hours/record) under
Scenario 1 (1,938 hours under Scenario 2; 2,663 hours under Scenario 3)
(see tables 13 to 15).
Section 1.624(d) of the Third-Party final rule requires each
recognized AB maintain on its Web site an up-to-date list of CBs it has
accredited under the Third-Party final rule and for each CB identify
the duration and scope of accreditation and date(s) on which the CB
paid the AB any fee or reimbursement associated with such
accreditation. Recognized ABs must also include information about
changes in accreditation status of third-party certification bodies.
Our review of AB Web sites found that none of the ABs reviewed publish
all the information that is required by Sec. 1.620(d) of the Third-
Party final rule on their Web sites. We estimate that each AB, on
average, would initially spend approximately 160 hours to update its
Web page to conform with this section of the Third-Party final rule.
Under Scenario 1, the one-time burden of conforming to Sec. 1.624(d)
of the Third-Party final rule by 11 recognized ABs is estimated at
approximately 1,760 hours (11 ABs x 160 hours/AB) (see table 10). Under
Scenario 2, the one-time burden of conforming to Sec. 1.624(d) of the
Third-Party final rule by 17 recognized ABs is estimated at
approximately 2,720 hours (17 ABs x 160 hours/AB) (see table 11). Under
Scenario 3, the one-time burden of conforming to Sec. 1.624(d) of the
Third-Party final rule by 25 recognized ABs is estimated at
approximately 4,000 hours (25 ABs x 160 hours/AB) (see table 12). In
addition, we estimate that each recognized AB would spend 8 hours
annually, following the initial year, to update information as required
by Sec. 1.624(d) of the Third-Party final rule. Under Scenario 1, the
annual hourly burden for 11 recognized ABs to update their Web pages to
conform to disclosure of information requirement per Sec. 1.624(d) of
the Third-Party final rule is estimated at 88 hours (8 hours/AB x 11
ABs) (136 hours under Scenario 2; 200 hours under Scenario 3) (see
tables 13 to 15).
Similarly, Sec. 1.657(d) of the Third-Party final rule requires a
CB accredited in compliance with the Third-Party final rule to maintain
on its Web site an up-to-date list of eligible entities which it has
issued certifications under this subpart. For each such eligible entity
the Web site also must identify the duration and scope of the
certification and date(s) on which the eligible entity paid the CB
accredited under the third-party program any fee or reimbursement
associated with such audit or certification. In the Third-Party final
Regulatory Impact Analysis, we estimate that following the
implementation of the Third-Party final rule and VQIP draft guidance,
there will be approximately 91 CBs accredited by recognized ABs and 1
directly-accredited CB under Scenario 1 (140 CBs and one directly-
accredited CB under Scenario 2; 207 CBs and 1 directly-accredited CB
under Scenario 3). Under Scenario 1, the one-time recordkeeping burden
of 92 CBs accredited under the third-party program to comply with Sec.
1.657(d) of the Third-Party final rule is estimated at 14,720 hours
(160 hours/CB x 92 CBs) (22,560 hours under Scenario 2; 33,280 hours
under Scenario 3) (see tables 10 to 12). In addition, we estimate that
each CB would spend 8 hours annually, following the initial year, to
update information as required by Sec. 1.657(d) of the Third-Party
final rule. Under Scenario 1, annual hourly burden for 92 CBs
accredited under the third-party program to update their Web pages to
conform to disclosure of information requirement per Sec. 1.657(d) of
the Third-Party final rule is estimated at 736 hours (8 hours/CB x 92
CBs) (1,128 hours under Scenario 2; 1,664 hours under Scenario 3) (see
tables 13 to 15).
There are certain provisions within the Third-Party final rule that
may require ABs to modify their contracts
[[Page 74644]]
with their CBs in order to comply with the Third-Party final rule.
Therefore, it is expected that recognized ABs will modify their
contracts with their accredited CBs to be able to conduct activities
such as conducting unannounced audits of their accredited CBs'
facilities. Minor modifications or addenda to contracts with standard
language provided by provisions in the Third-Party final rule would
consist of no more than 1 hour by an AB executive and 1 hour by a legal
counsel representing the AB. As we discussed, following the
implementation of the Third-Party final rule, we expect that each
recognized AB will accredit approximately 8.27 CBs (8.23 CBs/AB under
Scenario 2; 8.79 CBs/AB under Scenario 3). Therefore, under Scenario 1,
a total of 91 contracts (8.27 contracts/AB x 11 ABs) (140 contracts
under Scenario 2; 220 contracts under Scenario 3) are expected to be
modified to reflect changes in contractual obligations between each
recognized AB and its accredited CBs under the Third-Party final rule
(see tables 10 to 12). The one-time burden of initial modification of
91 contracts between 11 recognized ABs and their respective accredited
CBs is approximately 182 hours (91 contracts x 2 hours/contract) (280
hours under Scenario 2; 440 hours under Scenario 3) (see tables 10 to
12).
Similarly, CBs accredited by recognized ABs would need to modify or
create new contracts with their client eligible entities in order to
gain access to any records and any area of the facility, its
process(es), and food of the eligible entity relevant to the scope and
purpose of audit being performed by the CB (Sec. 1.651). Considering
that each of the expected 92 CBs accredited under the third-party
program, under Scenario 1, will each have approximately 48 client
eligible entities, we expect that approximately 4,416 contracts (48
contracts/CB x 92 CBs) between CBs accredited under the third-party
program and eligible entities will be modified (7,811 contracts
scenario 2; 10,088 contracts under Scenario 3) (see tables 10 to 12).
Under Scenario 1, the one-time burden of initial modification of 4,416
contracts between 92 CBs accredited under the third-party program and
their respective client eligible entities is approximately 8,832 hours
(4,416 contracts x 2 hours/contract) (15,623 hours under Scenario 2;
20,176 hours under Scenario 3) (see tables 10 to 12).
Section 1.652 of the Third-Party final rule requires that CBs
accredited under the third-party program include certain information in
reports of food safety audits. We believe that some information such as
the FDA food facility registration number (where applicable) of the
facility subject to the audit are currently not included in food safety
audits conducted by CBs accredited under other programs. Although this
information may not be required as part of the Third-Party program, we
have conservatively included the burden of providing such information
in this analysis. We expect that it would take about 5 minutes (0.083
hour), on average, by a CB accredited under the third-party program to
include additional information, as required in Sec. 1.652, in reports
of food safety audits. Therefore, at a minimum, under Scenario 1, each
CB accredited under the third-party program must modify a regulatory
audit report for each of its 48 eligible entities (55.4 eligible
entities per CB in Scenario 2; 48.5 eligible entities per CB in
Scenario 3) every year. Under Scenario 1, total annual records of 92
CBs accredited under the third-party program modifying regulatory audit
reports of their client eligible entities is estimated at 4,416 records
(92 CBs x 48 eligible entities/CB x 1 record/eligible entity) (7,811
records under Scenario 2; 10,088 records under Scenario 3). Annual
recordkeeping burden of CBs accredited under the third-party program,
per Sec. 1.652 of the Third-Party final rule, is estimated at 367
hours (4,416 records x 0.083 hour/record) for Scenario 1 (648 hours for
Scenario 2; 837 hours for Scenario 3) (see tables 13 to 15).
Accredited third-party CBs will incur additional recordkeeping
costs associated with modifying existing certification templates to
meet the requirements of Sec. 1.653(b)(2). For example, we are
requiring accredited CBs to provide a certification number that follows
an FDA numeric designation. We have included the burden of providing
such information in this analysis because we know that CBs currently do
not use an FDA designation in numbering their certificates. To the
extent that any of the elements in Sec. 1.653(b)(2) are already
included in current certificates issued by some CBs, such as the
date(s) and scope of the audit, the recordkeeping burden may be
overestimated. We expect that it will take no more than 1 hour, on
average, to change the design of certifications issued by CBs
accredited under the third-party program. Under Scenario 1, we estimate
a one-time recordkeeping burden of modifying the design of the
certifications of 92 CBs accredited under the third-party program at 92
hours (92 CBs x 1 hour/CB) (141 hours under Scenario 2; 208 hours under
Scenario 3) (see tables 16 to 18).
We expect that the burden to fill additional information on a
certification that is issued is 5 minutes (0.083 hour). Therefore,
under Scenario 1, the annual burden of Sec. 1.653(b)(2) is estimated
at 367 hours (92 CBs x 1 certificate/entity x 48 entities/CB x 0.083
hour/certificate) (see table 19). Under Scenario 2, the annual burden
of Sec. 1.653(b)(2) is estimated at 648 hours (141 CBs x 1
certificate/entity x 55.4 entities/CB x 0.083 hour/certificate) (see
table 20). Finally, under Scenario 3, the annual burden of Sec.
1.653(b)(2) is estimated at 837 hours (208 CBs x 1 certificate/entity x
48.5 entities/CB x 0.083 hour/certificate) (see table 21).
Section 1.656(c) of the Third-Party final rule requires that CBs
accredited under the third-party program report to us any condition,
found during a regulatory or consultative audit of an eligible entity,
which could cause or contribute to a serious risk to the public health.
We believe that these occurrences are rare and may occur once every 4
years, or 0.25 times per year. Reporting serious hazard conditions
would consist of the onsite audit agent of a CB accredited under the
third-party program to document the event as a record and to
immediately submit the record to us. Therefore, under Scenario 1, the
annual number of records prepared by 92 CBs accredited under the third-
party program is estimated at 23 (0.25 records/CB x 92 CBs) (35 records
under Scenario 2; 52 records under Scenario 3). It is expected that a
CB accredited under the third-party program would take no more than 1
hour to prepare such record (notification). Under Scenario 1, annual
burden of preparation of records per Sec. 1.656(c) of the Third-Party
final rule by 92 CBs accredited under the third-party program is
estimated at 23 hours (23 records x 1 hour/record; see table 13) (35
hours for Scenario 2, and 52 hours for Scenario 3; see tables 14 to
15).
We also acknowledge that an accreditation body seeking to challenge
a denial of its application for recognition, renewal of recognition, or
reinstatement of recognition will incur costs in compiling information
to support its request for reconsideration under Sec. 1.691 or its
request for internal Agency review under Sec. 1.692. A third-party
certification body seeking to challenge a denial of its application for
direct accreditation, renewal of direct accreditation, or
reaccreditation as a directly accredited third-party certification body
will incur costs in compiling information to support its
[[Page 74645]]
request for reconsideration under Sec. 1.691 or its request for
internal Agency review under Sec. 1.692, as will any accredited third-
party certification body seeking to challenge a denial of its request
for a waiver of the conflict of interest requirement of Sec. 1.650(b)
or a waiver extension. We anticipate that most accreditation bodies and
third-party certification bodies who seek to participate in our program
will carefully consider the program requirements before applying to, or
joining, the program or before submitting a waiver request. We
anticipate the submission of challenges under Sec. 1.691 or Sec.
1.692 to be an infrequent event, and one that most program participants
will not encounter. Therefore, we are not calculating costs associated
with the compiling of information to support a request for
reconsideration under Sec. 1.691 or a request for internal agency
review under Sec. 1.692 by an accreditation body seeking to challenge
a denial of its application for recognition, renewal of recognition, or
reinstatement of recognition; by an third-party certification body
seeking to challenge a denial of its application for direct
accreditation, renewal of direct accreditation, or reaccreditation as a
directly accredited third-party certification body; or by an accredited
third-party certification body seeking to challenge a denial of its
request for a waiver of the conflict of interest requirement of Sec.
1.650(b) or a waiver extension.
Reporting Burden
In summary, under Scenario 1, total one-time reporting burden by 11
recognized ABs and 92 CBs accredited under the third-party program is
estimated at 960 hours (see table 16). Under Scenario 2, total one-time
reporting burden by 17 recognized ABs and 141 CBs accredited under the
third-party program is estimated at 1,440 hours (see table 17). Under
Scenario 3, total one-time reporting burden by 25 recognized ABs and
208 CBs accredited under the third-party program is estimated at 2,080
hours (see table 18). Total annual reporting burden, under Scenarios 1
to 3 is estimated between 3,466 and 7,919 hours (see tables 19 to 21).
Table 16--Scenario 1, Estimated One-Time Reporting Burden
----------------------------------------------------------------------------------------------------------------
Average
Number of Number of Total one-time burden per
21 CFR Part 1, subpart M recordkeepers records per records recordkeeping Total hours
recordkeeper (in hours)
----------------------------------------------------------------------------------------------------------------
Sec. 1.630.................... 11 1 11 80 880
Sec. 1.670(a-b)............... 1 1 1 80 80
-------------------------------------------------------------------------------
Total One-Time Reporting .............. .............. .............. .............. 960
Burden.....................
----------------------------------------------------------------------------------------------------------------
Note: There are no operations and maintenance costs associated with one-time reporting burden.
Table 17--Scenario 2, Estimated One-Time Reporting Burden
----------------------------------------------------------------------------------------------------------------
Average
Number of Number of Total one-time burden per
21 CFR Part 1, subpart M recordkeepers records per records recordkeeping Total hours
recordkeeper (in hours)
----------------------------------------------------------------------------------------------------------------
Sec. 1.630.................... 17 1 17 80 1,360
Sec. 1.670(a-b)............... 1 1 1 80 80
-------------------------------------------------------------------------------
Total One-Time Reporting .............. .............. .............. .............. 1,440
Burden.....................
----------------------------------------------------------------------------------------------------------------
Note: There are no operations and maintenance costs associated with one-time reporting burden.
Table 18--Scenario 3, Estimated One-Time Reporting Burden
----------------------------------------------------------------------------------------------------------------
Average
Number of Number of Total one-time burden per
21 CFR Part 1, subpart M recordkeepers records per records recordkeeping Total hours
recordkeeper (in hours)
----------------------------------------------------------------------------------------------------------------
Sec. 1.630.................... 25 1 25 80 2,000
Sec. 1.670(a-b)............... 1 1 1 80 80
-------------------------------------------------------------------------------
Total One-Time Reporting .............. .............. .............. .............. 2,080
Burden.....................
----------------------------------------------------------------------------------------------------------------
Note: There are no operations and maintenance costs associated with one-time reporting burden.
Table 19--Scenario 1, Estimated Annual Reporting Burden
----------------------------------------------------------------------------------------------------------------
Average
Number of Number of Total one-time burden per
21 CFR Part 1, subpart M recordkeepers records per records recordkeeping Total hours
recordkeeper (in hours)
----------------------------------------------------------------------------------------------------------------
Sec. 1.634.................... 11 1 11 8 88
Sec. 1.673.................... 1 1 1 10 10
Sec. 1.623(a)................. 11 8.27 91 0.25 23
(15 minutes)
Sec. 1.623(b)................. 11 1 11 0.25 3
(15 minutes)
[[Page 74646]]
Sec. 1.653(b)(1).............. 92 48 4,416 0.25 1,104
(15 minutes)
Sec. 1.656(a) \1\............. 91 48 4,368 0.25 1,092
(15 minutes)
Sec. 1.656(a) \2\............. 91 48 4,368 0.25 1,092
(15 minutes)
Sec. 1.656(a) \3\............. 1 48 48 0.25 12
(15 minutes)
Sec. 1.656(b) \4\............. 91 1 91 0.25 23
(15 minutes)
Sec. 1.656(b) \5\............. 1 1 1 0.25 1
(15 minutes)
Sec. 1.656(c)................. 92 0.25 23 0.25 6
(15 minutes)
Sec. 1.656(e) \6\............. 92 0.25 23 0.25 6
(15 minutes)
Sec. 1.656(e) \7\............. 91 0.25 23 0.25 6
(15 minutes)
-------------------------------------------------------------------------------
Total Annual Reporting .............. .............. .............. .............. 3,446
Burden.....................
----------------------------------------------------------------------------------------------------------------
Note: There are no operations and maintenance costs associated with annual reporting burden.
\1\ Annual reporting of regulatory audit reports by CBs accredited by recognized ABs to their accrediting ABs.
\2\ Annual reporting of regulatory audit reports by CBs accredited by recognized ABs to the FDA.
\3\ Annual reporting of regulatory audit reports by directly accredited CBs to the FDA.
\4\ Annual reporting of self-assessment by accredited CBs to their recognized ABs.
\5\ Annual reporting of self-assessment by directly-accredited CBs to the FDA.
\6\ Annual reporting of serious risk to public health by CBs accredited under the third-party program to
eligible entities.
\7\ Annual reporting of serious risk to public health by accredited CBs to their recognized ABs.
Table 20--Scenario 2, Estimated Annual Reporting Burden
----------------------------------------------------------------------------------------------------------------
Average
Number of Number of Total one-time burden per
21 CFR Part 1, subpart M recordkeepers records per records recordkeeping Total hours
recordkeeper (in hours)
----------------------------------------------------------------------------------------------------------------
Sec. 1.634.................... 17 1 17 8 136
Sec. 1.673.................... 1 1 1 10 10
Sec. 1.623(a)................. 17 8.23 140 0.25 35
(15 minutes)
Sec. 1.623(b)................. 17 1 17 0.25 4
(15 minutes)
Sec. 1.653(b)(1).............. 141 55.4 7,811 0.25 1,953
(15 minutes)
Sec. 1.656(a) \1\............. 140 55.4 7,756 0.25 1,939
(15 minutes)
Sec. 1.656(a) \2\............. 140 55.4 7,756 0.25 1,939
(15 minutes)
Sec. 1.656(a) \3\............. 1 55.4 55 0.25 14
(15 minutes)
Sec. 1.656(b) \4\............. 140 1 140 0.25 35
(15 minutes)
Sec. 1.656(b) \5\............. 1 1 1 0.25 1
(15 minutes)
Sec. 1.656(c)................. 141 0.25 35 0.25 9
(15 minutes)
Sec. 1.656(e) \6\............. 141 0.25 35 0.25 9
(15 minutes)
Sec. 1.656(e) \7\............. 140 0.25 35 0.25 9
(15 minutes)
-------------------------------------------------------------------------------
Total Annual Reporting .............. .............. .............. .............. 6,093
Burden.....................
----------------------------------------------------------------------------------------------------------------
Note: There are no operations and maintenance costs associated with annual reporting burden.
\1\ Annual reporting of regulatory audit reports by CBs accredited by recognized ABs to their accrediting ABs.
\2\ Annual reporting of regulatory audit reports by CBs accredited by recognized ABs to the FDA.
\3\ Annual reporting of regulatory audit reports by directly-accredited CBs to the FDA.
\4\ Annual reporting of self-assessment by CBs to their recognized ABs.
\5\ Annual reporting of self-assessment by directly-accredited CBs to the FDA.
\6\ Annual reporting of serious risk to public health by CBs accredited under the third-party program to
eligible entities.
\7\ Annual reporting of serious risk to public health by CBs to their recognized ABs.
[[Page 74647]]
Table 21--Scenario 3, Estimated Annual Reporting Burden
----------------------------------------------------------------------------------------------------------------
Average burden
Number of Number of Total one-time per
21 CFR Part 1, subpart M recordkeepers records per records recordkeeping Total hours
recordkeeper (in hours)
----------------------------------------------------------------------------------------------------------------
Sec. 1.634.................... 25 1 25 8 200
Sec. 1.673.................... 1 1 1 10 10
Sec. 1.623(a)................. 25 8.79 220 0.25 55
(15 minutes)
Sec. 1.623(b)................. 25 1 25 0.25 6
(15 minutes)
Sec. 1.653(b)(1).............. 208 48.5 10,088 0.25 2,522
(15 minutes)
Sec. 1.656(a) \1\............. 207 48.5 10,040 0.25 2,510
(15 minutes)
Sec. 1.656(a) \2\............. 207 48.5 10,040 0.25 2,510
(15 minutes)
Sec. 1.656(a) \3\............. 1 55.4 55 0.25 14
(15 minutes)
Sec. 1.656(b) \4\............. 207 1 207 0.25 52
(15 minutes)
Sec. 1.656(b) \5\............. 1 1 1 0.25 1
(15 minutes)
Sec. 1.656(c)................. 208 0.25 52 0.25 13
(15 minutes)
Sec. 1.656(e) \6\............. 208 0.25 52 0.25 13
(15 minutes)
Sec. 1.656(e) \7\............. 207 0.25 52 0.25 13
(15 minutes)
-------------------------------------------------------------------------------
Total Annual Reporting .............. .............. .............. .............. 7,919
Burden.....................
----------------------------------------------------------------------------------------------------------------
Note: There are no operations and maintenance costs associated with annual reporting burden.
\1\ Annual reporting of regulatory audit reports by CBs accredited by recognized ABs to their accrediting ABs.
\2\ Annual reporting of regulatory audit reports by CBs accredited by recognized ABs to the FDA.
\3\ Annual reporting of regulatory audit reports by directly-accredited CBs to the FDA.
\4\ Annual reporting of self-assessment by CBs to their recognized ABs.
\5\ Annual reporting of self-assessment by directly-accredited CBs to the FDA.
\6\ Annual reporting of serious risk to public health by CBs accredited under the third-party program to
eligible entities.
\7\ Annual reporting of serious risk to public health by CBs to their recognized ABs.
Section 1.630 of the Third-Party final rule allows for any AB to
apply for recognition. Under Scenario 1, we estimate that approximately
11 ABs would apply for recognition. We estimate that it will take 80
person-hours to compile all the relevant information and complete the
application for recognition. The initial application for recognition is
a one-time burden for each AB that applies. Under Scenario 1, the one-
time initial application burden for 11 ABs is estimated at 880 hours
(11 applications x 80 hours/application) (see table 16). The one-time
initial application burden for 17 ABs, under Scenario 2 (25 ABs under
Scenario 3), is estimated at 1,360 hours (2,000 hours under Scenario 3)
(see tables 17 and 18). The duration of recognition for a recognized AB
will not exceed 5 years per Sec. 1.632 of the Third-Party final rule.
Therefore, it is expected that each of the recognized ABs would apply
to renew its recognition every 5 years per Sec. 1.634 of the Third-
Party final rule. We expect that applications for renewal of
recognition will take significantly less time to prepare. We use 50
percent of the amount of effort to prepare and submit an application
for renewal of recognition. Therefore, it is expected that, on average,
each recognized AB will spend 40 hours every 5 years (after the initial
application) to complete and submit an application for renewal of its
recognition, or approximately 8 hours per year (40 hours / 5 years) for
each AB. Therefore, the annual burden of completing the renewal of
recognition application by 11 ABs, under Scenario 1, is 88 hours (11
applications x 8 hours/application) per year (136 hours per year for 17
ABs under Scenario 2; 200 per hour for each of 25 ABs under Scenario 3)
(see tables 19 to 21).
Similarly, Sec. 1.670(a) and (b) of the Third-Party final rule
allows for CBs to apply to us for direct accreditation, when the
criteria for direct accreditation are met. We estimate that
approximately one CB would apply for direct accreditation. It is
expected that the application for direct accreditation would require
the same amount of effort as does an AB's application for recognition.
Hence, we estimate that the initial application for direct
accreditation would take 80-person hours. The one-time initial
application burden for 1 CB, for each scenario, is estimated at 80
hours (1 application x 80 hours/application) (see tables 16 to 18). The
duration of accreditation for a directly-accredited CB will not exceed
4 years, per Sec. 1.671 of the Third-Party final rule. Therefore, it
is expected that each of the expected directly-accredited CBs would
apply to renew its accreditation every 4 years, per Sec. 1.673 of the
Third-Party final rule. We expect that directly accredited CBs use 50
percent amount of effort, or 40 person-hours, for their initial
application for direct accreditation, yielding an average of 10 hours
per year. Therefore, the annual burden of completing the application
for renewal by 1 directly-accredited CB is 10 hours (1 application x 10
hours/application) per year (see tables 19 to 21).
For the purposes of the Third-Party final economic and PRA
analyses, we have estimated costs assuming that, during the application
process, affected entities will do their paperwork properly and
completely the first time. If we assumed a less consistent outcome, one
that would result in
[[Page 74648]]
recognition denials, the initial burden might increase.
Section 1.623(a) of the Third-Party final rule requires that
recognized ABs annually conduct comprehensive assessments of the
performance of CBs they have accredited and submit the results of the
assessments to us within 45 days of their completion. We expect that it
would take no more than 15 minutes (0.25 hour) for a recognized AB to
electronically submit the assessment of each its accredited CBs.
Following the implementation of the Third-Party final rule and VQIP
draft guidance, we expect, on average, each recognized AB would
accredit approximately 8.27 CBs (8.23 CBs under Scenario 2; 8.79 under
Scenario 3). Therefore, under Scenario 1, each recognized AB would
submit, on average, approximately 91 copies of assessments of
performance of their accredited CBs (8.27 assessments/AB x 11 ABs) (140
assessments under Scenario 2; 220 under Scenario 3). Under Scenario 1,
annual reporting of 91 assessments by 11 recognized ABs is estimated at
23 hours (91 submission of assessments x 0.25 hour/submission) (35
hours under Scenario 2; 55 hours under Scenario 3) (see tables 19 to
21).
Section 1.623(b) of the Third-Party final rule requires that
recognized ABs annually conduct a self-assessment and submit the
assessments within 45 days of their completion. We expect that it would
take no more than 15 minutes for an AB to electronically submit a copy
of its self-assessment. Under Scenario 1, annual reporting of 11 self-
assessments by 11 recognized ABs is estimated at 3 hours (11 submission
of self-assessments x 0.25 hour/submission) (4 hours under Scenario 2;
6 hours under Scenario 3) (see tables 10 to 21).
Section 1.656(a) of the Third-Party final rule requires that a CB
accredited under the third-party program must submit the regulatory
audit reports it conducts to us and to the AB that granted its
accreditation (where applicable) within 45 days after completing such
audit. In the Third-Party final economic analysis, we estimate that
following the implementation of the Third-Party final rule, there will
be 11 recognized ABs that accredit 91 CBs (17 recognized ABs and 140
accredited CBs under Scenario 2; 25 recognized ABs and 207 accredited
CBs under Scenario 3), and we will directly accredit one CB. In
addition, we estimated that each CB accredited under the third-party
program, on average, conducts food safety audits and certifies 48
eligible entities under Scenario 1 (55.4 eligible entities/CB under
Scenario 2; 48.5 eligible entities/CB under Scenario 3). Therefore,
under Scenario 1, CBs accredited by recognized ABs will annually submit
4,368 regulatory audit reports (91 CBs x 48 reports/CB) to their
accrediting ABs and 4,368 reports to us (see table 19). Similarly,
under Scenarios 2 and 3, CBs accredited by recognized ABs will annually
submit 7,756 and 10,040 regulatory audit reports to their accrediting
ABs and the FDA, respectively (see tables 20 and 21). Under Scenario 1,
the directly-accredited CB will annually submit 48 regulatory audit
reports (1 CB x 48 reports/CB) (see table 19). The number of eligible
entities per directly-accredited CB increases to 55.4 in Scenario 2. We
assume that the number of eligible entities per directly-accredited CBs
remains the same for Scenario 3. We expect that it would take no more
than 15 minutes (0.25 hour) for a CB accredited under the third-party
program to electronically submit a copy of the regulatory report it
conducts to us and to its AB (where applicable).
Under Scenario 1, annual reporting burden for CBs accredited by
recognized ABs is estimated at 1,092 hours (4,368 reports x 0.25 hours/
report) for submitting copies of regulatory audit reports they have
conducted to their accrediting ABs and 1,092 hours for submitting the
same records to us (see table 19). Under Scenario 2, annual reporting
burden for CBs accredited by recognized ABs is estimated at 1,939 hours
(7,756 reports x 0.25 hours/report) for submitting copies of regulatory
audit reports they have conducted to their accrediting ABs and 1,939
hours for submitting the same records to us (see table 20). Similarly,
under Scenario 3, annual reporting burden for CBs accredited by
recognized ABs is estimated at 2,510 hours (10,040 reports x 0.25
hours/report) for submitting copies of regulatory audit reports they
have conducted to their accrediting ABs and 2,510 hours for submitting
the same records to us (see table 21). Under Scenario 1, annual burden
for submission of regulatory audit reports by directly-accredited CBs
is estimated at 12 hours (48 reports x 0.25 hours/report) (14 hours for
Scenarios 2 and 3) (see tables 19 to 21).
Section 1.656(b) of the Third-Party final rule requires CBs
accredited under the third-party program to submit reports of their
annual self-assessments electronically to their ABs, or in the case of
direct accreditation to us, within 45 days of the anniversary date of
their accreditation under subpart M. We expect that it would take no
more than 15 minutes (0.25 hour) for a CB accredited under the third-
party program to electronically send a copy of its annual self-
assessment to its AB or us (as applicable). Under Scenario 1, the
annual burden for CBs accredited by recognized ABs is estimated at 23
hours (91 self-assessments x 0.25 hour/self-assessment; see table 19)
(35 hours under Scenario 2 and 52 hours under Scenario 3; see tables 20
and 21). Annual burden for submission of self-assessments by one
directly-accredited CB is estimated at 0.25 hour (1 self-assessment x
0.25 hour/self-assessment; see tables 19 to 21) (rounded to 1 hour).
As we discussed, Sec. 1.656(c) of the Third-Party final rule
requires that a CB accredited under the third-party program report to
us any condition, found during a regulatory or consultative audit of an
eligible entity, which could cause or contribute to a serious risk to
the public health. In the Recordkeeping Burden section above, we
estimated that such events are expected to occur once every 4 years, or
0.25 per year. We expect that it would take no more than 15 minutes
(0.25 hour) for a CB accredited under the third-party program to
electronically send a copy of its notification to us. Therefore, under
Scenario 1, the total number of notifications sent to us on an annual
basis per Sec. 1.656(c) of the Third-Party final rule is estimated at
23 (92 CBs x 0.25 records/CB) (35 notifications under Scenario 2; 52
notifications under Scenario 3). Under Scenario 1, annual burden for
submitting a notification under Sec. 1.656(c) of the Third-Party final
rule to us by CBs accredited under the third-party program is estimated
at 6 hours (23 records x 0.25 hour/record) (9 hours under Scenario 2;
13 hours under Scenario 3) (see tables 19 to 21).
Following reporting under Sec. 1.656(c), a CB accredited under the
third-party program is required under Sec. 1.656(e) of the Third-Party
final rule to immediately notify the eligible entity and its
accrediting AB of any conditions identified during the audit which
triggered the reporting requirement per Sec. 1.656(c) of the Third-
Party final rule. Under Scenario 1, total number of notification sent
to eligible entities by 141 CBs accredited under the third-party
program is estimated at 23 (92 CBs x 0.25 records/CB) (35 notifications
under Scenario 2; 52 notifications under Scenario 3) while the number
of notifications sent to recognized ABs by their accredited CBs is
estimated at 23 (91 CBs x 0.25 records/CB) (35 under Scenario 2; 52
under Scenario 3). Under Scenario 1, annual burden of submitting a
notification under Sec. 1.656(e) of the Third-Party final rule to
affected eligible entities and ABs by accredited CBs is estimated at 6
hours (9 hours under Scenario 2; 13 hours under Scenario 3) (see tables
19 to 21).
[[Page 74649]]
XVIII. Analysis of Environmental Impact
We have determined under 21 CFR 25.30(j) that this action is of a
type that does not individually or cumulatively have a significant
effect on the human environment. Therefore, neither an environmental
assessment nor an environmental impact statement is required.
XIX. Federalism
We have analyzed the final rule in accordance with the principles
set forth in Executive Order 13132. We have determined that the rule
does not contain policies that have substantial direct effects on the
States, on the relationship between the National Government and the
States, or on the distribution of power and responsibilities among the
various levels of government. Accordingly, we conclude that the rule
does not contain policies that have federalism implications as defined
in the Executive Order and, consequently, a federalism summary impact
statement is not required.
XX. References
The following references have been placed on display in the
Division of Dockets Management (see ADDRESSES) and may be seen by
interested persons between 9 a.m. and 4 p.m., Monday through Friday,
and are available electronically at https://www.regulations.gov. We have
verified the Web site addresses, but we are not responsible for any
subsequent changes to Web sites after this document publishes in the
Federal Register.
1. FDA, ``Transcript: FSMA Proposed Rules on Foreign Supplier
Verification Programs and the Accreditation of Third-Party Auditors/
Certification Bodies, Public Meeting, Day One, September 19, 2013.''
Available in Docket No. FDA-2011-N-0143.
2. FDA, ``Transcript: FSMA Proposed Rules on Foreign Supplier
Verification Programs and the Accreditation of Third-Party Auditors/
Certification Bodies, Public Meeting, Day Two, September 20, 2013.''
Available in Docket No. FDA-2011-N-0143.
3. FDA, ``FDA Office of Foods and Veterinary Medicine Memorandum to
the Division of Dockets Management on FDA Records of Outreach
Sessions,'' November 21, 2013. Available in Docket No. FDA-2011-N-
0920.
4. International Organization for Standardization/International
Electrotechnical Commission, ``ISO/IEC 17000:2004 Conformity
Assessment--Vocabulary and General Principles.'' Copies are
available from the International Organization for Standardization,
1, rue de Varembe, Case postale 56, CH-1211 Geneve 20, Switzerland,
or on the Internet at https://www.iso.org/iso/catalogue_detail.htm?csnumber=29316 or may be examined at the
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
5. International Organization for Standardization/International
Electrotechnical Commission, ISO/IEC ``17011:2004 Conformity
Assessment--General Requirements for Accreditation Bodies
Accrediting Conformity Assessment Bodies.'' Copies are available
from the International Organization for Standardization, 1, rue de
Varembe, Case postale 56, CH-1211 Geneve 20, Switzerland, or on the
Internet at https://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=29332 or may be examined at the
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
6. International Organization for Standardization/International
Electrotechnical Commission, ``ISO/IEC 17021:2011 Conformity
Assessment--Requirements for Bodies Providing Audit and
Certification of Management Systems.'' Copies are available from the
International Organization for Standardization, 1, rue de Varembe,
Case postale 56, CH-1211 Geneve 20, Switzerland, or on the Internet
at https://www.iso.org/iso/home/store/publication_item.htm?pid=PUB100353 or may be examined at the
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
7. International Organization for Standardization/International
Electrotechnical Commission, ``ISO/IEC 17065:2012 Conformity
Assessment--Requirements for Bodies Certifying Products, Processes
and Services.'' Copies are available from the International
Organization for Standardization, 1, rue de Varembe, Case postale
56, CH-1211 Geneve 20, Switzerland, or on the Internet at https://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=46568 or may be examined at the
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
8. International Organization for Standardization, ISO 19011:2011
Guidelines for Auditing Management Systems.'' Copies are available
from the International Organization for Standardization, 1, rue de
Varembe, Case postale 56, CH-1211 Geneve 20, Switzerland, or on the
Internet at https://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=50675 or may be examined at the
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
9. International Organization for Standardization/International
Electrotechnical Commission, ``ISO/IEC Guide 65:1996 General
Requirements for Bodies Operating Product Certification Systems.''
Copies are available from the International Organization for
Standardization, 1, rue de Varembe, Case postale 56, CH-1211 Geneve
20, Switzerland, or on the Internet at https://www.iso.org/iso/catalogue_detail.htm?csnumber=26796 or may be examined at the
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
10. International Organization for Standardization/International
Electrotechnical Commission, ``ISO/IEC 17020:2012 Conformity
Assessment--Requirements for the Operation of Various Types of
Bodies Performing Inspection.'' Copies are available from the
International Organization for Standardization, 1, rue de Varembe,
Case postale 56, CH-1211 Geneve 20, Switzerland, or on the Internet
at https://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=52994 or may be examined at the
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
11. Global Food Safety Initiative, ``Enhancing Food Safety Through
Third-Party Certification,'' March 2011.
12. International Organization for Standardization/International
Electrotechnical Commission, ``ISO/IEC 17040:2005 Conformity
Assessment--General Requirements for Peer Assessment of Conformity
Assessment Bodies and Accreditation Bodies.'' Copies are available
from the International Organization for Standardization, 1, rue de
Varembe, Case postale 56, CH-1211 Geneve 20, Switzerland, or on the
Internet at https://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=31815 or may be examined at the
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
13. International Accreditation Forum, ``IAF Endorsed Normative
Documents, Issue 4 (IAF PR 4:2007),'' https://www.iaf.nu/upFiles/197878.IAF-PR4-2007_Endorsed_NormDocs_Issue_4_Pub.pdf. Accessed on
October 26, 2015.
14. Codex Alimentarius Commission, ``Principles for Food Import and
Export Inspection and Certification (CAC/GL 20-1995).'' https://www.codexalimentarius.org/input/download/standards/37/CXG_020e.pdf.
Accessed on October 26, 2015.
15. Armour, S., Lippert, J., and Smith, M., ``Food Sickens Millions
as Company-Paid Checks Find It Safe,'' Bloomberg Business, October
11, 2012. https://www.bloomberg.com/news/articles/2012-10-11/food-sickens-millions-as-industry-paid-inspectors-find-it-safe. Accessed
on October 26, 2015.
16. Zheng, Y., Muth, M.M., Kosa, K., ``Economic Analysis of Third-
Party Food
[[Page 74650]]
Safety Certification of Imported Food,'' RTI International, June
2012.
17. American National Standards Institute, ``About ANSI,'' https://www.ansi.org/about_ansi/overview/overview.aspx?menuid=1. Accessed on
May 6, 2015.
18. United Kingdom Accreditation Service, ``About UKAS,'' https://www.ukas.com/about/. Accessed on October 26, 2015.
19. Danish Accreditation Fund, ``DANAK Home'' https://english.danak.dk/. Accessed on May 4, 2015.
20. International Organization for Standards, ``ISO/TS 22003:2007
Food Safety Management Systems--Requirements for Bodies Providing
Audit and Certification of Food Safety Management Systems.'' Copies
are available from the International Organization for
Standardization, 1, rue de Varembe, Case postale 56, CH-1211 Geneve
20, Switzerland, or on the Internet at https://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=39834 or may be
examined at the Division of Dockets Management (see ADDRESSES) (Ref.
Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66).
21. International Organization for Standardization/International
Electrotechnical Commission, ``ISO 22000:2005 Food Safety Management
Systems--Requirements for Any Organization in the Food Chain.''
Copies are available from the International Organization for
Standardization, 1, rue de Varembe, Case postale 56, CH-1211 Geneve
20, Switzerland, or on the Internet at https://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=35466 or may be
examined at the Division of Dockets Management (see ADDRESSES) (Ref.
Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66).
22. British Retail Consortium, ``Global Standard for Food Safety,
Issue 6,'' 2012. Copies are available from the British Retail
Consortium, Second Floor, 21 Dartmouth Street, London SW1H 9BP, or
may be examined at the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66).
23. Safe Quality Food Institute, ``SQF Code, Edition 7.2: A HACCP-
Based Supplier Assurance Code for the Food Industry,'' July 2014.
https://www.sqfi.com/wp-content/uploads/SQF-Code_Ed-7.2-July.pdf.
Accessed on October 27, 2015.
24. International Organization for Standardization, ``ISO/TS
22003:2013 Food Safety Management Systems--Requirements for Bodies
Providing Audit and Certification of Food Safety Management
Systems.'' Copies are available from the International Organization
for Standardization, 1, rue de Varembe, Case postale 56, CH-1211
Geneve 20, Switzerland, or on the Internet at https://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=60605 or
may be examined at the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66).
25. FDA, ``Tribal Summary Impact Statement: Final Rule on
Accreditation of Third-Party Certification Bodies to Conduct Food
Safety Audits and to Issue,'' Docket No. FDA-2011-N-0146.
List of Subjects
21 CFR Part 1
Cosmetics, Drugs, Exports, Food labeling, Imports, Labeling,
Reporting and recordkeeping requirements.
21 CFR Part 11
Administrative practice and procedure, Computer technology,
Reporting and recordkeeping requirements.
21 CFR Part 16
Administrative practice and procedure.
Therefore, under the Federal Food, Drug, and Cosmetic Act and under
authority delegated to the Commissioner of Food and Drugs, 21 CFR parts
1, 11, and 16 are amended as follows:
PART 1--GENERAL ENFORCEMENT REGULATIONS
0
1. The authority citation for 21 CFR part 1 is revised to read as
follows:
Authority: 15 U.S.C. 1333, 1453, 1454, 1455, 4402; 19 U.S.C.
1490, 1491; 21 U.S.C. 321, 331, 332, 333, 334, 335a, 343, 350c,
350d, 350j, 352, 355, 360b, 360ccc, 360ccc-1, 360ccc-2, 362, 371,
374, 381, 382, 384a, 384b, 384d, 387, 387a, 387c, 393; 42 U.S.C.
216, 241, 243, 262, 264, 271.
0
2. Add subpart M, consisting of Sec. Sec. 1.600 through 1.695, to read
as follows:
Subpart M--Accreditation of Third-Party Certification Bodies To Conduct
Food Safety Audits and To Issue Certifications
Sec.
1.600 What definitions apply to this subpart?
1.601 Who is subject to this subpart?
Recognition of Accreditation Bodies Under This Subpart
1.610 Who is eligible to seek recognition?
1.611 What legal authority must an accreditation body have to
qualify for recognition?
1.612 What competency and capacity must an accreditation body have
to qualify for recognition?
1.613 What protections against conflicts of interest must an
accreditation body have to qualify for recognition?
1.614 What quality assurance procedures must an accreditation body
have to qualify for recognition?
1.615 What records procedures must an accreditation body have to
qualify for recognition?
Requirements for Accreditation Bodies That Have Been Recognized Under
This Subpart
1.620 How must a recognized accreditation body evaluate third-party
certification bodies seeking accreditation?
1.621 How must a recognized accreditation body monitor the
performance of third-party certification bodies it accredited?
1.622 How must a recognized accreditation body monitor its own
performance?
1.623 What reports and notifications must a recognized accreditation
body submit to FDA?
1.624 How must a recognized accreditation body protect against
conflicts of interest?
1.625 What records requirements must an accreditation body that has
been recognized meet?
Procedures for Recognition of Accreditation Bodies Under This Subpart
1.630 How do I apply to FDA for recognition or renewal of
recognition?
1.631 How will FDA review my application for recognition or renewal
of recognition and what happens once FDA decides on my application?
1.632 What is the duration of recognition?
1.633 How will FDA monitor recognized accreditation bodies?
1.634 When will FDA revoke recognition?
1.635 What if I want to voluntarily relinquish recognition or do not
want to renew recognition?
1.636 How do I request reinstatement of recognition?
Accreditation of Third-Party Certification Bodies Under This Subpart
1.640 Who is eligible to seek accreditation?
1.641 What legal authority must a third-party certification body
have to qualify for accreditation?
1.642 What competency and capacity must a third-party certification
body have to qualify for accreditation?
1.643 What protections against conflicts of interest must a third-
party certification body have to qualify for accreditation?
1.644 What quality assurance procedures must a third-party
certification body have to qualify for accreditation?
1.645 What records procedures must a third-party certification body
have to qualify for accreditation?
Requirements for Third-Party Certification Bodies That Have Been
Accredited Under This Subpart
1.650 How must an accredited third-party certification body ensure
its audit agents are competent and objective?
1.651 How must an accredited third-party certification body conduct
a food safety audit of an eligible entity?
1.652 What must an accredited third-party certification body include
in food safety audit reports?
1.653 What must an accredited third-party certification body do when
issuing food or facility certifications?
1.654 When must an accredited third-party certification body monitor
an eligible entity that it has issued a food or facility
certification?
1.655 How must an accredited third-party certification body monitor
its own performance?
1.656 What reports and notifications must an accredited third-party
certification body submit?
[[Page 74651]]
1.657 How must an accredited third-party certification body protect
against conflicts of interest?
1.658 What records requirements must a third-party certification
body that has been accredited meet?
Procedures for Accreditation of Third-Party Certification Bodies Under
This Subpart
1.660 Where do I apply for accreditation or renewal of accreditation
by a recognized accreditation body and what happens once the
recognized accreditation body decides on my application?
1.661 What is the duration of accreditation by a recognized
accreditation body?
1.662 How will FDA monitor accredited third-party certification
bodies?
1.663 How do I request an FDA waiver or waiver extension for the 13-
month limit for audit agents conducting regulatory audits?
1.664 When would FDA withdraw accreditation?
1.665 What if I want to voluntarily relinquish accreditation or do
not want to renew accreditation?
1.666 How do I request reaccreditation?
Additional Procedures for Direct Accreditation of Third-Party
Certification Bodies Under This Subpart
1.670 How do I apply to FDA for direct accreditation or renewal of
direct accreditation?
1.671 How will FDA review my application for direct accreditation or
renewal of direct accreditation and what happens once FDA decides on
my application?
1.672 What is the duration of direct accreditation?
Requirements for Eligible Entities Under This Subpart
1.680 How and when will FDA monitor eligible entities?
1.681 How frequently must eligible entities be recertified?
General Requirements of This Subpart
1.690 How will FDA make information about recognized accreditation
bodies and accredited third-party certification bodies available to
the public?
1.691 How do I request reconsideration of a denial by FDA of an
application or a waiver request?
1.692 How do I request internal agency review of a denial of an
application or waiver request upon reconsideration?
1.693 How do I request a regulatory hearing on a revocation of
recognition or withdrawal of accreditation?
1.694 Are electronic records created under this subpart subject to
the electronic records requirements of part 11 of this chapter?
1.695 Are the records obtained by FDA under this subpart subject to
public disclosure?
Subpart M--Accreditation of Third-Party Certification Bodies To
Conduct Food Safety Audits and To Issue Certifications
Sec. 1.600 What definitions apply to this subpart?
(a) The FD&C Act means the Federal Food, Drug, and Cosmetic Act.
(b) Except as otherwise defined in paragraph (c) of this section,
the definitions of terms in section 201 of the FD&C Act apply when the
terms are used in this subpart.
(c) In addition, for the purposes of this subpart:
Accreditation means a determination by a recognized accreditation
body (or, in the case of direct accreditation, by FDA) that a third-
party certification body meets the applicable requirements of this
subpart.
Accreditation body means an authority that performs accreditation
of third-party certification bodies.
Accredited third-party certification body means a third-party
certification body that a recognized accreditation body (or, in the
case of direct accreditation, FDA) has determined meets the applicable
requirements of this subpart and is accredited to conduct food safety
audits and to issue food or facility certifications to eligible
entities. An accredited third-party certification body has the same
meaning as accredited third-party auditor as defined in section
808(a)(4) of the FD&C Act.
Assessment means:
(i) With respect to an accreditation body, an evaluation by FDA of
the competency and capacity of the accreditation body under the
applicable requirements of this subpart for the defined scope of
recognition. An assessment of the competency and capacity of the
accreditation body involves evaluating the competency and capacity of
the operations of the accreditation body that are relevant to decisions
on recognition and, if recognized, an evaluation of its performance and
the validity of its accreditation decisions under the applicable
requirements of this subpart.
(ii) With respect to a third-party certification body, an
evaluation by a recognized accreditation body (or, in the case of
direct accreditation, FDA) of the competency and capacity of a third-
party certification body under the applicable requirements of this
subpart for the defined scope of accreditation. An assessment of the
competency and capacity of the third-party certification body involves
evaluating the competency and capacity of the operations of the third-
party certification body that are relevant to decisions on
accreditation and, if accredited, an evaluation of its performance and
the validity of its audit results and certification decisions under the
applicable requirements of this subpart.
Audit means the systematic and functionally independent examination
of an eligible entity under this subpart by an accredited third-party
certification body or by FDA. An audit conducted under this subpart is
not considered an inspection under section 704 of the FD&C Act.
Audit agent means an individual who is an employee or other agent
of an accredited third-party certification body who, although not
individually accredited, is qualified to conduct food safety audits on
behalf of an accredited third-party certification body. An audit agent
includes a contractor of the accredited third-party certification body
but excludes subcontractors or other agents under outsourcing
arrangements for conducting food safety audits without direct control
by the accredited third-party certification body.
Consultative audit means an audit of an eligible entity:
(i) To determine whether such entity is in compliance with the
applicable food safety requirements of the FD&C Act, FDA regulations,
and industry standards and practices;
(ii) The results of which are for internal purposes only; and
(iii) That is conducted in preparation for a regulatory audit; only
the results of a regulatory audit may form the basis for issuance of a
food or facility certification under this subpart.
Direct accreditation means accreditation of a third-party
certification body by FDA.
Eligible entity means a foreign entity in the import supply chain
of food for consumption in the United States that chooses to be subject
to a food safety audit under this subpart conducted by an accredited
third-party certification body. Eligible entities include foreign
facilities required to be registered under subpart H of this part.
Facility means any structure, or structures of an eligible entity
under one ownership at one general physical location, or, in the case
of a mobile facility, traveling to multiple locations, that
manufactures/processes, packs, holds, grows, harvests, or raises
animals for food for consumption in the United States. Transport
vehicles are not facilities if they hold food only in the usual course
of business as carriers. A facility may consist of one or more
contiguous structures, and a single building may house more than one
[[Page 74652]]
distinct facility if the facilities are under separate ownership. The
private residence of an individual is not a facility. Non-bottled water
drinking water collection and distribution establishments and their
structures are not facilities. Facilities for the purposes of this
subpart are not limited to facilities required to be registered under
subpart H of this part.
Facility certification means an attestation, issued for purposes of
section 801(q) or 806 of the FD&C Act by an accredited third-party
certification body, after conducting a regulatory audit and any other
activities necessary to establish whether a facility complies with the
applicable food safety requirements of the FD&C Act and FDA
regulations.
Food has the meaning given in section 201(f) of the FD&C Act,
except that food does not include pesticides (as defined in 7 U.S.C.
136(u)).
Food certification means an attestation, issued for purposes of
section 801(q) of the FD&C Act by an accredited third-party
certification body, after conducting a regulatory audit and any other
activities necessary to establish whether a food of an eligible entity
complies with the applicable food safety requirements of the FD&C Act
and FDA regulations.
Food safety audit means a regulatory audit or a consultative audit
that is conducted to determine compliance with the applicable food
safety requirements of the FD&C Act, FDA regulations, and for
consultative audits, also includes conformance with industry standards
and practices. An eligible entity must declare that an audit is to be
conducted as a regulatory audit or consultative audit at the time of
audit planning and the audit will be conducted on an unannounced basis
under this subpart.
Foreign cooperative means an autonomous association of persons,
identified as members, who are united through a jointly owned
enterprise to aggregate food from member growers or processors that is
intended for export to the United States.
Recognized accreditation body means an accreditation body that FDA
has determined meets the applicable requirements of this subpart and is
authorized to accredit third-party certification bodies under this
subpart.
Regulatory audit means an audit of an eligible entity:
(i) To determine whether such entity is in compliance with the
applicable food safety requirements of the FD&C Act and FDA
regulations; and
(ii) The results of which are used in determining eligibility for
certification under section 801(q) or under section 806 of the FD&C
Act.
Relinquishment means:
(i) With respect to an accreditation body, a decision to cede
voluntarily its authority to accredit third-party certification bodies
as a recognized accreditation body prior to expiration of its
recognition under this subpart; and
(ii) With respect to a third-party certification body, a decision
to cede voluntarily its authority to conduct food safety audits and to
issue food and facility certifications to eligible entities as an
accredited third-party certification body prior to expiration of its
accreditation under this subpart.
Self-assessment means an evaluation conducted by a recognized
accreditation body or by an accredited third-party certification body
of its competency and capacity under the applicable requirements of
this subpart for the defined scope of recognition or accreditation. For
recognized accreditation bodies this involves evaluating the competency
and capacity of the entire operations of the accreditation body and the
validity of its accreditation decisions under the applicable
requirements of this subpart. For accredited third-party certification
bodies this involves evaluating the competency and capacity of the
entire operations of the third-party certification body and the
validity of its audit results under the applicable requirements of this
subpart.
Third-party certification body has the same meaning as third-party
auditor as that term is defined in section 808(a)(3) of the FD&C Act
and means a foreign government, agency of a foreign government, foreign
cooperative, or any other third party that is eligible to be considered
for accreditation to conduct food safety audits and to certify that
eligible entities meet the applicable food safety requirements of the
FD&C Act and FDA regulations. A third-party certification body may be a
single individual or an organization. Once accredited, a third-party
certification body may use audit agents to conduct food safety audits.
Sec. 1.601 Who is subject to this subpart?
(a) Accreditation bodies. Any accreditation body seeking
recognition from FDA to accredit third-party certification bodies to
conduct food safety audits and to issue food and facility
certifications under this subpart.
(b) Third-party certification bodies. Any third-party certification
body seeking accreditation from a recognized accreditation body or
direct accreditation by FDA for:
(1) Conducting food safety audits; and
(2) Issuing certifications that may be used in satisfying a
condition of admissibility of an article of food under section 801(q)
of the FD&C Act; or issuing a facility certification for meeting the
eligibility requirements for the Voluntary Qualified Importer Program
under section 806 of the FD&C Act.
(c) Eligible entities. Any eligible entity seeking a food safety
audit or a food or facility certification from an accredited third-
party certification body under this subpart.
(d) Limited exemptions from section 801(q) of the FD&C Act--(1)
Alcoholic beverages. (i) Any certification required under section
801(q) of the FD&C Act does not apply with respect to alcoholic
beverages from an eligible entity that is a facility that meets the
following two conditions:
(A) Under the Federal Alcohol Administration Act (27 U.S.C. 201 et
seq.) or chapter 51 of subtitle E of the Internal Revenue Code of 1986
(26 U.S.C. 5001 et seq.), the facility is a foreign facility of a type
that, if it were a domestic facility, would require obtaining a permit
from, registering with, or obtaining approval of a notice or
application from the Secretary of the Treasury as a condition of doing
business in the United States; and
(B) Under section 415 of the FD&C Act, the facility is required to
register as a facility because it is engaged in manufacturing/
processing one or more alcoholic beverages.
(ii) Any certification required under section 801(q) of the FD&C
Act does not apply with respect to food that is not an alcoholic
beverage that is received and distributed by a facility described in
paragraph (d)(1)(i) of this section, provided such food:
(A) Is received and distributed in prepackaged form that prevents
any direct human contact with such food; and
(B) Constitutes not more than 5 percent of the overall sales of the
facility, as determined by the Secretary of the Treasury.
(iii) Any certification required under section 801(q) of the FD&C
Act does not apply with respect to raw materials or other ingredients
that are imported for use in alcoholic beverages provided that:
(A) The imported raw materials or other ingredients are used in the
manufacturing/processing, packing, or holding of alcoholic beverages;
(B) Such manufacturing/processing, packing, or holding is performed
by the importer;
[[Page 74653]]
(C) The importer is required to register under section 415 of the
Federal Food, Drug, and Cosmetic Act; and
(D) The importer is exempt from the regulations in part 117 of this
chapter in accordance with Sec. 117.5(i).
(2) Certain meat, poultry, and egg products. Any certification
required under section 801(q) of the FD&C Act does not apply with
respect to:
(i) Meat food products that at the time of importation are subject
to the requirements of the United States Department of Agriculture
(USDA) under the Federal Meat Inspection Act (21 U.S.C. 601 et seq.);
(ii) Poultry products that at the time of importation are subject
to the requirements of the USDA under the Poultry Products Inspection
Act (21 U.S.C. 451 et seq.); and
(iii) Egg products that at the time of importation are subject to
the requirements of the USDA under the Egg Products Inspection Act (21
U.S.C. 1031 et seq.).
Recognition of Accreditation Bodies Under This Subpart
Sec. 1.610 Who is eligible to seek recognition?
An accreditation body is eligible to seek recognition by FDA if it
can demonstrate that it meets the requirements of Sec. Sec. 1.611
through 1.615. The accreditation body may use documentation of
conformance with International Organization for Standardization/
International Electrotechnical Commission (ISO/IEC) 17011:2004,
supplemented as necessary, in meeting the applicable requirements of
this subpart.
Sec. 1.611 What legal authority must an accreditation body have to
qualify for recognition?
(a) An accreditation body seeking recognition must demonstrate that
it has the authority (as a governmental entity or as a legal entity
with contractual rights) to perform assessments of a third-party
certification body as are necessary to determine its capability to
conduct audits and certify food facilities and food, including
authority to:
(1) Review any relevant records;
(2) Conduct onsite assessments of the performance of third-party
certification bodies, such as by witnessing the performance of a
representative sample of its agents (or, in the case of a third-party
certification body that is an individual, such individual) conducting a
representative sample of audits;
(3) Perform any reassessments or surveillance necessary to monitor
compliance of accredited third-party certification bodies; and
(4) Suspend, withdraw, or reduce the scope of accreditation for
failure to comply with the requirements of accreditation.
(b) An accreditation body seeking recognition must demonstrate that
it is capable of exerting the authority (as a governmental entity or as
a legal entity with contractual rights) necessary to meet the
applicable requirements of this subpart, if recognized.
Sec. 1.612 What competency and capacity must an accreditation body
have to qualify for recognition?
An accreditation body seeking recognition must demonstrate that it
has:
(a) The resources required to adequately implement its
accreditation program, including:
(1) Adequate numbers of employees and other agents with relevant
knowledge, skills, and experience to effectively evaluate the
qualifications of third-party certification bodies seeking
accreditation and to effectively monitor the performance of accredited
third-party certification bodies; and
(2) Adequate financial resources for its operations; and
(b) The capability to meet the applicable assessment and monitoring
requirements, the reporting and notification requirements, and the
procedures of this subpart, if recognized.
Sec. 1.613 What protections against conflicts of interest must an
accreditation body have to qualify for recognition?
An accreditation body must demonstrate that it has:
(a) Implemented written measures to protect against conflicts of
interest between the accreditation body (and its officers, employees,
and other agents involved in accreditation activities) and any third-
party certification body (and its officers, employees, and other agents
involved in auditing and certification activities) seeking
accreditation from, or accredited by, such accreditation body; and
(b) The capability to meet the applicable conflict of interest
requirements of this subpart, if recognized.
Sec. 1.614 What quality assurance procedures must an accreditation
body have to qualify for recognition?
An accreditation body seeking recognition must demonstrate that it
has:
(a) Implemented a written program for monitoring and evaluating the
performance of its officers, employees, and other agents and its
accreditation program, including procedures to:
(1) Identify areas in its accreditation program or performance
where deficiencies exist; and
(2) Quickly execute corrective actions that effectively address
deficiencies when identified; and
(b) The capability to meet the applicable quality assurance
requirements of this subpart, if recognized.
Sec. 1.615 What records procedures must an accreditation body have to
qualify for recognition?
An accreditation body seeking recognition must demonstrate that it
has:
(a) Implemented written procedures to establish, control, and
retain records (including documents and data) for the period of time
necessary to meet its contractual and legal obligations pertaining to
this subpart and to provide an adequate basis for evaluating its
program and performance; and
(b) The capability to meet the applicable reporting and
notification requirements of this subpart, if recognized.
Requirements for Accreditation Bodies That Have Been Recognized Under
This Subpart
Sec. 1.620 How must a recognized accreditation body evaluate third-
party certification bodies seeking accreditation?
(a) Prior to accrediting a third-party certification body under
this subpart, a recognized accreditation body must perform, at a
minimum, the following:
(1) In the case of a foreign government or an agency of a foreign
government, such reviews and audits of the government's or agency's
food safety programs, systems, and standards as are necessary to
determine that it meets the eligibility requirements of Sec. 1.640(b).
(2) In the case of a foreign cooperative or any other third-party
seeking accreditation as a third-party certification body, such reviews
and audits of the training and qualifications of agents conducting
audits for such cooperative or other third party (or in the case of a
third-party certification body that is an individual, such individual)
and such reviews of internal systems and any other investigation of the
cooperative or other third party necessary to determine that it meets
the eligibility requirements of Sec. 1.640(c).
(3) In conducting a review and audit under paragraph (a)(1) or (2)
of this section, an observation of a representative sample of onsite
audits examining compliance with the applicable food safety
requirements of the FD&C Act and FDA regulations as conducted by the
third-party
[[Page 74654]]
certification body or its agents (or, in the case of a third-party
certification body that is an individual, such individual).
(b) A recognized accreditation body must require a third-party
certification body, as a condition of accreditation under this subpart,
to comply with the reports and notification requirements of Sec. Sec.
1.652 and 1.656 and to agree to submit to FDA, electronically and in
English, any food or facility certifications it issues for purposes of
sections 801(q) or 806 of the FD&C Act.
(c) A recognized accreditation body must maintain records on any
denial of accreditation (in whole or in part) and on any withdrawal,
suspension, or reduction in scope of accreditation of a third-party
certification body under this subpart. The records must include the
name and contact information for the third-party certification body;
the date of the action; the scope of accreditation denied, withdrawn,
suspended, or reduced; and the basis for such action.
(d) A recognized accreditation body must notify any third-party
certification body of an adverse decision associated with its
accreditation under this subpart, including denial of accreditation or
the withdrawal, suspension, or reduction in the scope of its
accreditation. The recognized accreditation body must establish and
implement written procedures for receiving and addressing appeals from
any third-party certification body challenging such an adverse decision
and for investigating and deciding on appeals in a fair and meaningful
manner. The appeals procedures must provide similar protections to
those offered by FDA under Sec. Sec. 1.692 and 1.693, and include
requirements to:
(1) Make the appeals procedures publicly available;
(2) Use competent persons, who may or may not be external to the
recognized accreditation body, who are free from bias or prejudice and
have not participated in the accreditation decision or be subordinate
to a person who has participated in the accreditation decision to
investigate and decide appeals;
(3) Advise third-party certification bodies of the final decisions
on their appeals; and
(4) Maintain records under Sec. 1.625 of appeals, final decisions
on appeals, and the bases for such decisions.
Sec. 1.621 How must a recognized accreditation body monitor the
performance of third-party certification bodies it accredited?
(a) A recognized accreditation body must annually conduct a
comprehensive assessment of the performance of each third-party
certification body it accredited under this subpart by reviewing the
accredited third-party certification body's self-assessments (including
information on compliance with the conflict of interest requirements of
Sec. Sec. 1.643 and 1.657); its regulatory audit reports and
notifications submitted to FDA under Sec. 1.656; and any other
information reasonably available to the recognized accreditation body
regarding the compliance history of eligible entities the accredited
third-party certification body certified under this subpart; or that is
otherwise relevant to a determination whether the accredited third-
party certification body is in compliance with this subpart.
(b) No later than 1 year after the initial date of accreditation of
the third-party certification body and every 2 years thereafter for
duration of its accreditation under this subpart, a recognized
accreditation body must conduct onsite observations of a representative
sample of regulatory audits performed by the third-party certification
body (or its audit agents) (or, in the case of a third-party
certification body that is an individual, such individual) accredited
under this subpart and must visit the accredited third-party
certification body's headquarters (or other location that manages audit
agents conducting food safety audits under this subpart, if different
than its headquarters). The recognized accreditation body will consider
the results of such observations and visits in the annual assessment of
the accredited third-party certification body required by paragraph (a)
of this section.
Sec. 1.622 How must a recognized accreditation body monitor its own
performance?
(a) A recognized accreditation body must annually, and as required
under Sec. 1.664(g), conduct a self-assessment that includes
evaluation of compliance with this subpart, including:
(1) The performance of its officers, employees, or other agents
involved in accreditation activities and the degree of consistency in
conducting accreditation activities;
(2) The compliance of the recognized accreditation body and its
officers, employees, and other agents involved in accreditation
activities, with the conflict of interest requirements of Sec. 1.624;
and
(3) If requested by FDA, any other aspects of its performance
relevant to a determination whether the recognized accreditation body
is in compliance with this subpart.
(b) As a means to evaluate the recognized accreditation body's
performance, the self-assessment must include onsite observation of
regulatory audits of a representative sample of third-party
certification bodies it accredited under this subpart. In meeting this
requirement, the recognized accreditation body may use the results of
onsite observations performed under Sec. 1.621(b).
(c) Based on the evaluations conducted under paragraphs (a) and (b)
of this section, the recognized accreditation body must:
(1) Identify any area(s) where deficiencies exist;
(2) Quickly implement corrective action(s) that effectively address
those deficiencies; and
(3) Establish and maintain records of any such corrective action(s)
under Sec. 1.625.
(d) The recognized accreditation body must prepare, and as required
by Sec. 1.623(b) submit, a written report of the results of its self-
assessment that includes the following elements. Documentation of
conformance to ISO/IEC 17011:2004 may be used, supplemented as
necessary, in meeting the requirements of this paragraph.
(1) A description of any corrective actions taken under paragraph
(c) of this section;
(2) A statement disclosing the extent to which the recognized
accreditation body, and its officers, employees, and other agents
involved in accreditation activities, complied with the conflict of
interest requirements in Sec. 1.624; and
(3) A statement attesting to the extent to which the recognized
accreditation body complied with applicable requirements of this
subpart.
Sec. 1.623 What reports and notifications must a recognized
accreditation body submit to FDA?
(a) Reporting results of assessments of accredited third-party
certification body performance. A recognized accreditation body must
submit to FDA electronically, in English, a report of the results of
any assessment conducted under Sec. 1.621, no later than 45 days after
completing such assessment. The report must include an up-to-date list
of any audit agents used by the accredited third-party certification
body to conduct food safety audits under this subpart.
(b) Reporting results of recognized accreditation body self-
assessments. A recognized accreditation body must submit to FDA
electronically, in English:
(1) A report of the results of an annual self-assessment required
under Sec. 1.622, no later than 45 days after completing such self-
assessment; and
[[Page 74655]]
(2) For a recognized accreditation body subject to Sec.
1.664(g)(1), a report of such self-assessment to FDA within 60 days of
the third-party certification body's withdrawal. A recognized
accreditation body may use a report prepared for conformance to ISO/IEC
17011:2004, supplemented as necessary, in meeting the requirements this
section.
(c) Immediate notification to FDA. A recognized accreditation body
must notify FDA electronically, in English, immediately upon:
(1) Granting (including expanding the scope of) accreditation to a
third-party certification body under this subpart, and include:
(i) The name, address, telephone number, and email address of the
accredited third-party certification body;
(ii) The name of one or more officers of the accredited third-party
certification body;
(iii) A list of the accredited third-party certification body's
audit agents; and
(iv) The scope of accreditation, the date on which it was granted,
and its expiration date.
(2) Withdrawing, suspending, or reducing the scope of an
accreditation under this subpart, and include:
(i) The basis for such action; and
(ii) Any additional changes to accreditation information previously
submitted to FDA under paragraph (c)(1) of this section.
(3) Determining that a third-party certification body it accredited
failed to comply with Sec. 1.653 in issuing a food or facility
certification under this subpart, and include:
(i) The basis for such determination; and
(ii) Any changes to accreditation information previously submitted
to FDA under paragraph (c)(1) of this section.
(d) Other notification to FDA. A recognized accreditation body must
notify FDA electronically, in English, within 30 days after:
(1) Denying accreditation (in whole or in part) under this subpart
and include:
(i) The name, address, telephone number, and email address of the
third-party certification body;
(ii) The name of one or more officers of the third-party
certification body;
(iii) The scope of accreditation requested; and
(iv) The scope and basis for such denial.
(2) Making any significant change that would affect the manner in
which it complies with the applicable requirements of this subpart and
include:
(i) A description of the change; and
(ii) An explanation for the purpose of the change.
Sec. 1.624 How must a recognized accreditation body protect against
conflicts of interest?
(a) A recognized accreditation body must implement a written
program to protect against conflicts of interest between the recognized
accreditation body (and its officers, employees, and other agents
involved in accreditation activities) and any third-party certification
body (and its officers, employees, and other agents involved in
auditing and certification activities) seeking accreditation from, or
accredited by, such recognized accreditation body, including the
following:
(1) Ensuring that the recognized accreditation body (and its
officers, employees, or other agents involved in accreditation
activities) does not own or have a financial interest in, manage, or
otherwise control the third-party certification body (or any affiliate,
parent, or subsidiary); and
(2) Prohibiting officers, employees, or other agents involved in
accreditation activities of the recognized accreditation body from
accepting any money, gift, gratuity, or item of value from the third-
party certification body.
(3) The items specified in paragraph (a)(2) of this section do not
include:
(i) Money representing payment of fees for accreditation services
and reimbursement of direct costs associated with an onsite assessment
of the third-party certification body; or
(ii) Lunch of de minimis value provided during the course of an
assessment and on the premises where the assessment is conducted, if
necessary to facilitate the efficient conduct of the assessment.
(b) A recognized accreditation body may accept the payment of fees
for accreditation services and the reimbursement of direct costs
associated with assessment of a certification body only after the date
on which the report of such assessment was completed or the date of
which the accreditation was issued, whichever comes later. Such payment
is not considered a conflict of interest for purposes of paragraph (a)
of this section.
(c) The financial interests of the spouses and children younger
than 18 years of age of a recognized accreditation body's officers,
employees, and other agents involved in accreditation activities will
be considered the financial interests of such officers, employees, and
other agents involved in accreditation activities.
(d) A recognized accreditation body must maintain on its Web site
an up-to-date list of the third-party certification bodies it
accredited under this subpart and must identify the duration and scope
of each accreditation and the date(s) on which the accredited third-
party certification body paid any fee or reimbursement associated with
such accreditation. If the accreditation of a certification body is
suspended, withdrawn, or reduced in scope, this list must also include
the date of suspension, withdrawal, or reduction in scope and maintain
that information for the duration of accreditation or until the
suspension is lifted, the certification body is reaccredited, or the
scope of accreditation is reinstated, whichever comes first.
Sec. 1.625 What records requirements must an accreditation body that
has been recognized meet?
(a) An accreditation body that has been recognized must maintain
electronically for 5 years records created while it is recognized
(including documents and data) demonstrating its compliance with this
subpart, including records relating to:
(1) Applications for accreditation and renewal of accreditation
under Sec. 1.660;
(2) Decisions to grant, deny, suspend, withdraw, or expand or
reduce the scope of an accreditation;
(3) Challenges to adverse accreditation decisions under Sec.
1.620(c);
(4) Its monitoring of accredited third-party certification bodies
under Sec. 1.621;
(5) Self-assessments and corrective actions under Sec. 1.622;
(6) Regulatory audit reports, including any supporting information,
that an accredited third-party certification body may have submitted;
(7) Any reports or notifications to FDA under Sec. 1.623,
including any supporting information; and
(8) Records of fee payments and reimbursement of direct costs.
(b) An accreditation body that has been recognized must make
records required by paragraph (a) of this section available for
inspection and copying promptly upon written request of an authorized
FDA officer or employee at the place of business of the accreditation
body or at a reasonably accessible location. If the records required by
paragraph (a) of this section are requested by FDA electronically, the
records must be submitted to FDA electronically not later than 10
business days after the date of the request. Additionally, if the
requested records are maintained in a language other than
[[Page 74656]]
English, the accreditation body must electronically submit an English
translation within a reasonable time.
(c) An accreditation body that has been recognized must not prevent
or interfere with FDA's access to its accredited third-party
certification bodies and the accredited third-party certification body
records required by Sec. 1.658.
Procedures for Recognition of Accreditation Bodies Under This Subpart
Sec. 1.630 How do I apply to FDA for recognition or renewal of
recognition?
(a) Applicant for recognition. An accreditation body seeking
recognition must submit an application demonstrating that it meets the
eligibility requirements in Sec. 1.610.
(b) Applicant for renewal of recognition. An accreditation body
seeking renewal of its accreditation must submit a renewal application
demonstrating that it continues to meet the requirements of this
subpart.
(c) Submission. Recognition and renewal applications and any
documents provided as part of the application process must be submitted
electronically, in English. An applicant must provide any translation
and interpretation services needed by FDA during the processing of the
application, including during onsite assessments of the applicant by
FDA.
(d) Signature. Recognition and renewal applications must be signed
in the manner designated by FDA, by an individual authorized to act on
behalf of the applicant for purposes of seeking recognition or renewal
of recognition.
Sec. 1.631 How will FDA review my application for recognition or
renewal of recognition and what happens once FDA decides on my
application?
(a) Review of recognition or renewal application. FDA will examine
an accreditation body's recognition or renewal application for
completeness and notify the applicant of any deficiencies. FDA will
review an accreditation body's recognition or renewal application on a
first in, first out basis according to the date on which the completed
application was submitted; however, FDA may prioritize the review of
specific applications to meet the needs of the program.
(b) Evaluation of recognition or renewal. FDA will evaluate any
completed recognition or renewal application to determine whether the
applicant meets the applicable requirements of this subpart. Such
evaluation may include an onsite assessment of the accreditation body.
FDA will notify the applicant, in writing, regarding whether the
application has been approved or denied. FDA may make such notification
electronically. If FDA does not reach a final decision on a renewal
application before an accreditation body's recognition terminates by
expiration, FDA may extend such recognition for a specified period of
time or until the Agency reaches a final decision on the renewal
application.
(c) Issuance of recognition. FDA will notify an applicant that its
recognition or renewal application has been approved through issuance
of recognition that will list any limitations associated with the
recognition.
(d) Issuance of denial of recognition or renewal application. FDA
will notify an applicant that its recognition or renewal application
has been denied through issuance of a denial of recognition or denial
of a renewal application that will state the basis for such denial and
provide the procedures for requesting reconsideration of the
application under Sec. 1.691.
(e) Notice of records custodian after denial of an application for
renewal of recognition. An applicant whose renewal application was
denied must notify FDA electronically, in English, within 10 business
days of the date of issuance of a denial of a renewal application, of
the name and contact information of the custodian who will maintain the
records required by Sec. 1.625(a) and make them available to FDA as
required by Sec. 1.625(b). The contact information for the custodian
must include, at a minimum, an email address and the physical address
where the records required by Sec. 1.625(a) will be located.
(f) Effect of denial of an application for renewal of recognition
of an accreditation body on accredited third-party certification
bodies. (1) FDA will issue a notice of the denial of a recognition
renewal to any third-party certification bodies accredited by the
accreditation body whose renewal application was denied. The third-
party certification body's accreditation will remain in effect so long
as the third-party certification body:
(i) No later than 60 days after FDA's issuance of the notice of the
denial of recognition renewal, conducts a self-assessment under Sec.
1.655 and reports the results of the self-assessment to FDA under Sec.
1.656(b); and
(ii) No later than 1 year after issuance of the notice of denial of
recognition renewal or the original date of the expiration of the
accreditation, whichever comes first, becomes accredited by another
recognized accreditation body or by FDA through direct accreditation.
(2) FDA may withdraw the accreditation of a third-party
certification body whenever FDA determines there is good cause for
withdrawal of accreditation under Sec. 1.664(c).
(g) Effect of denial of an application for renewal of recognition
of an accreditation body on food or facility certifications issued to
eligible entities. A food or facility certification issued by a third-
party certification body accredited by a recognized accreditation body
prior to issuance of a denial of the renewal application will remain in
effect until the certification expires. If FDA has reason to believe
that a certification issued for purposes of section 801(q) or 806 of
the FD&C Act is not valid or reliable, FDA may refuse to consider the
certification in determining the admissibility of the article of food
for which the certification was offered or in determining the
importer's eligibility for participation in the voluntary qualified
importer program (VQIP).
(h) Public notice of denial of an application for renewal of
recognition of an accreditation body. FDA will provide notice on the
Web site described in Sec. 1.690 of the date of issuance of a denial
of a renewal application and will describe the basis for the denial.
Sec. 1.632 What is the duration of recognition?
FDA may grant recognition of an accreditation body for a period not
to exceed 5 years from the date of recognition.
Sec. 1.633 How will FDA monitor recognized accreditation bodies?
(a) FDA will evaluate the performance of each recognized
accreditation body to determine its compliance with the applicable
requirements of this subpart. Such assessment must occur by at least 4
years after the date of recognition for a 5-year recognition period, or
by no later than the mid-term point for a recognition period of less
than 5 years. FDA may conduct additional assessments of a recognized
accreditation body at any time.
(b) An FDA assessment of a recognized accreditation body may
include onsite assessments of a representative sample of third-party
certification bodies the recognized accreditation body accredited and
onsite audits of a representative sample of eligible entities certified
by such third-party certification bodies under this subpart. These may
be conducted at any time and, as FDA determines necessary
[[Page 74657]]
or appropriate, may occur without the recognized accreditation body or,
in the case of an audit of an eligible entity, the accredited third-
party certification body present.
Sec. 1.634 When will FDA revoke recognition?
(a) Grounds for revocation of recognition. FDA will revoke the
recognition of an accreditation body found not to be in compliance with
the requirements of this subpart, including for any one or more of the
following:
(1) Refusal by the accreditation body to allow FDA to access
records required by Sec. 1.625, or to conduct an assessment or
investigation of the accreditation body or of a third-party
certification body it accredited to ensure the accreditation body's
continued compliance with the requirements of this subpart.
(2) Failure to take timely and necessary corrective action when:
(i) The accreditation of a third-party certification body it
accredited is withdrawn by FDA under Sec. 1.664(a);
(ii) A significant deficiency is identified through self-assessment
under Sec. 1.622, monitoring under Sec. 1.621, or self-assessment by
one or more of its accredited third-party certification bodies under
Sec. 1.655; or
(iii) Directed to do so by FDA to ensure compliance with this
subpart.
(3) A determination by FDA that the accreditation body has
committed fraud or has submitted material false statements to the
Agency.
(4) A determination by FDA that there is otherwise good cause for
revocation, including:
(i) Demonstrated bias or lack of objectivity when conducting
activities under this subpart; or
(ii) Failure to adequately support one or more decisions to grant
accreditation under this subpart.
(b) Records request associated with revocation. To assist in
determining whether revocation is warranted under paragraph (a) of this
section, FDA may request records of the accreditation body required by
Sec. 1.625 or the records, required by Sec. 1.658, of one or more of
the third-party certification bodies it accredited under this subpart.
(c) Issuance of revocation of recognition. (1) FDA will notify an
accreditation body that its recognition has been revoked through
issuance of a revocation that will state the grounds for revocation,
the procedures for requesting a regulatory hearing under Sec. 1.693 on
the revocation, and the procedures for requesting reinstatement of
recognition under Sec. 1.636.
(2) Within 10 business days of the date of issuance of the
revocation, the accreditation body must notify FDA electronically, in
English, of the name of the custodian who will maintain the records and
make them available to FDA as required by Sec. 1.625. The contact
information for the custodian must provide, at a minimum, an email
address and the physical address where the records will be located.
(d) Effect of revocation of recognition of an accreditation body on
accredited third-party certification bodies. (1) FDA will issue a
notice of the revocation of recognition to any accredited third-party
certification body accredited by the accreditation body whose
recognition was revoked. The third-party certification body's
accreditation will remain in effect if the third-party certification
body:
(i) No later than 60 days after FDA's issuance of the notice of
revocation, conducts a self-assessment under Sec. 1.655 and reports
the results of the self-assessment to FDA under Sec. 1.656(b); and
(ii) No later than 1 year after issuance of the notice of the
revocation, or the original date of expiration of the accreditation,
whichever comes first, becomes accredited by another recognized
accreditation body or by FDA through direct accreditation.
(2) FDA may withdraw the accreditation of a third-party
certification body whenever FDA determines there is good cause for
withdrawal of accreditation under Sec. 1.664(c).
(e) Effect of revocation of recognition of an accreditation body on
food or facility certifications issued to eligible entities. A food or
facility certification issued by a third-party certification body
accredited by a recognized accreditation body prior to issuance of the
revocation of recognition will remain in effect until the certificate
terminates by expiration. If FDA has reason to believe that a
certification issued for purposes of section 801(q) or 806 of the FD&C
Act is not valid or reliable, FDA may refuse to consider the
certification in determining the admissibility of the article of food
for which the certification was offered or in determining the
importer's eligibility for participation in VQIP.
(f) Public notice of revocation of recognition. FDA will provide
notice on the Web site described in Sec. 1.690 of the issuance of the
revocation of recognition of an accreditation body and will describe
the basis for revocation.
Sec. 1.635 What if I want to voluntarily relinquish recognition or do
not want to renew recognition?
(a) Notice to FDA of intent to relinquish or not to renew
recognition. A recognized accreditation body must notify FDA
electronically, in English, at least 60 days before voluntarily
relinquishing recognition or before allowing recognition to expire
without seeking renewal. The recognized accreditation body must provide
the name and contact information of the custodian who will maintain the
records required under Sec. 1.625(a) after the date of relinquishment
or the date recognition expires, as applicable, and make them available
to FDA as required by Sec. 1.625(b). The contact information for the
custodian must include, at a minimum, an email address and the physical
address where the records required by Sec. 1.625(a) will be located.
(b) Notice to accredited third-party certification bodies of intent
to relinquish or not to renew recognition. No later than 15 business
days after notifying FDA under paragraph (a) of this section, the
recognized accreditation body must notify any currently accredited
third-party certification body that it intends to relinquish
recognition or to allow its recognition to expire, specifying the date
on which relinquishment or expiration will occur. The recognized
accreditation body must establish and maintain records of such
notification under Sec. 1.625.
(c)(1) Effect of voluntary relinquishment or expiration of
recognition on third-party certification bodies. The accreditation of a
third-party certification body issued prior to the relinquishment or
expiration of its accreditation body's recognition will remain in
effect, so long as the third-party certification body:
(i) No later than 60 days after the date of relinquishment or the
date of expiration of the recognition, conducts a self-assessment under
Sec. 1.655 and reports the results of the self-assessment to FDA under
Sec. 1.656(b); and
(ii) No later than 1 year after the date of relinquishment or the
date of expiration of recognition, or the original date of the
expiration of the accreditation, whichever comes first, becomes
accredited by another recognized accreditation body or by FDA through
direct accreditation.
(2) FDA may withdraw the accreditation of a third-party
certification body whenever FDA determines there is good cause for
withdrawal of accreditation under Sec. 1.664(c).
[[Page 74658]]
(d) Effect of voluntary relinquishment or expiration of recognition
of an accreditation body on food or facility certifications issued to
eligible entities. A food or facility certification issued by a third-
party certification body accredited by a recognized accreditation body
prior to relinquishment or expiration of its recognition will remain in
effect until the certification expires. If FDA has reason to believe
that a certification issued for purposes of section 801(q) or 806 of
the FD&C Act is not valid or reliable, FDA may refuse to consider the
certification in determining the admissibility of the article of food
for which the certification was offered or in determining the
importer's eligibility for participation in VQIP.
(e) Public notice of voluntary relinquishment or expiration of
recognition. FDA will provide notice on the Web site described in Sec.
1.690 of the voluntary relinquishment or expiration of recognition of
an accreditation body under this subpart.
Sec. 1.636 How do I request reinstatement of recognition?
(a) Application following revocation. An accreditation body that
has had its recognition revoked may seek reinstatement by submitting a
new application for recognition under Sec. 1.630. The accreditation
body must submit evidence that the grounds for revocation have been
resolved, including evidence addressing the cause or conditions that
were the basis for revocation and identifying measures that have been
implemented to help ensure that such cause(s) or condition(s) are
unlikely to recur.
(b) Application following relinquishment. An accreditation body
that previously relinquished its recognition under Sec. 1.635 may seek
recognition by submitting a new application for recognition under Sec.
1.630.
Accreditation of Third-Party Certification Bodies Under This Subpart
Sec. 1.640 Who is eligible to seek accreditation?
(a) A foreign government, agency of a foreign government, foreign
cooperative, or any other third party may seek accreditation from a
recognized accreditation body (or, where direct accreditation is
appropriate, FDA) to conduct food safety audits and to issue food and
facility certifications to eligible entities under this subpart. An
accredited third-party certification body may use documentation of
conformance with ISO/IEC 17021: 2011 or ISO/IEC 17065: 2012,
supplemented as necessary, in meeting the applicable requirements of
this subpart.
(b) A foreign government or an agency of a foreign government is
eligible for accreditation if it can demonstrate that its food safety
programs, systems, and standards meet the requirements of Sec. Sec.
1.641 through 1.645.
(c) A foreign cooperative or other third party is eligible for
accreditation if it can demonstrate that the training and
qualifications of its agents used to conduct audits (or, in the case of
a third-party certification body that is an individual, such
individual) and its internal systems and standards meet the
requirements of Sec. Sec. 1.641 through 1.645.
Sec. 1.641 What legal authority must a third-party certification body
have to qualify for accreditation?
(a) A third-party certification body seeking accreditation from a
recognized accreditation body or from FDA must demonstrate that it has
the authority (as a governmental entity or as a legal entity with
contractual rights) to perform such examinations of facilities, their
process(es), and food(s) as are necessary to determine compliance with
the applicable food safety requirements of the FD&C Act and FDA
regulations, and conformance with applicable industry standards and
practices and to issue certifications where appropriate based on a
review of the findings of such examinations. This includes authority
to:
(1) Review any relevant records;
(2) Conduct onsite audits of an eligible entity; and
(3) Suspend or withdraw certification for failure to comply with
applicable requirements.
(b) A third-party certification body seeking accreditation must
demonstrate that it is capable of exerting the authority (as a
governmental entity or as legal entity with contractual rights)
necessary to meet the applicable requirements of accreditation under
this subpart if accredited.
Sec. 1.642 What competency and capacity must a third-party
certification body have to qualify for accreditation?
A third-party certification body seeking accreditation must
demonstrate that it has:
(a) The resources necessary to fully implement its certification
program, including:
(1) Adequate numbers of employees and other agents with relevant
knowledge, skills, and experience to effectively examine for compliance
with applicable FDA food safety requirements of the FD&C Act and FDA
regulations, conformance with applicable industry standards and
practices, and issuance of valid and reliable certifications; and
(2) Adequate financial resources for its operations; and
(b) The competency and capacity to meet the applicable requirements
of this subpart, if accredited.
Sec. 1.643 What protections against conflicts of interest must a
third-party certification body have to qualify for accreditation?
A third-party certification body must demonstrate that it has:
(a) Implemented written measures to protect against conflicts of
interest between the third-party certification body (and its officers,
employees, and other agents involved in auditing and certification
activities) and clients seeking examinations or certification from, or
audited or certified by, such third-party certification body; and
(b) The capability to meet the conflict of interest requirements in
Sec. 1.657, if accredited.
Sec. 1.644 What quality assurance procedures must a third-party
certification body have to qualify for accreditation?
A third-party certification body seeking accreditation must
demonstrate that it has:
(a) Implemented a written program for monitoring and evaluating the
performance of its officers, employees, and other agents involved in
auditing and certification activities, including procedures to:
(1) Identify deficiencies in its auditing and certification program
or performance; and
(2) Quickly execute corrective actions that effectively address any
identified deficiencies; and
(b) The capability to meet the quality assurance requirements of
Sec. 1.655, if accredited.
Sec. 1.645 What records procedures must a third-party certification
body have to qualify for accreditation?
A third-party certification body seeking accreditation must
demonstrate that it:
(a) Implemented written procedures to establish, control, and
retain records (including documents and data) for a period of time
necessary to meet its contractual and legal obligations and to provide
an adequate basis for evaluating its program and performance; and
(b) Is capable of meeting the reporting, notification, and records
requirements of this subpart, if accredited.
[[Page 74659]]
Requirements for Third-Party Certification Bodies That Have Been
Accredited Under This Subpart
Sec. 1.650 How must an accredited third-party certification body
ensure its audit agents are competent and objective?
(a) An accredited third-party certification body that uses audit
agents to conduct food safety audits must ensure that each such audit
agent meets the following requirements with respect to the scope of its
accreditation under this subpart. If the accredited third-party
certification body is an individual, that individual is also subject to
the following requirements, as applicable:
(1) Has relevant knowledge and experience that provides an adequate
basis for the audit agent to evaluate compliance with applicable food
safety requirements of the FD&C Act and FDA regulations and, for
consultative audits, also includes conformance with applicable industry
standards and practices;
(2) Has been determined by the accredited third-party certification
body, through observations of a representative sample of audits, to be
competent to conduct food safety audits under this subpart relevant to
the audits they will be assigned to perform;
(3) Has completed annual food safety training that is relevant to
activities conducted under this subpart;
(4) Is in compliance with the conflict of interest requirements of
Sec. 1.657 and has no other conflicts of interest with the eligible
entity to be audited that might impair the audit agent's objectivity;
and
(5) Agrees to notify its accredited third-party certification body
immediately upon discovering, during a food safety audit, any condition
that could cause or contribute to a serious risk to the public health.
(b) In assigning an audit agent to conduct a food safety audit at a
particular eligible entity, an accredited third-party certification
body must determine that the audit agent is qualified to conduct such
audit under the criteria established in paragraph (a) of this section
and based on the scope and purpose of the audit and the type of
facility, its process(es), and food.
(c) An accredited third-party certification body cannot use an
audit agent to conduct a regulatory audit at an eligible entity if such
audit agent conducted a consultative audit or regulatory audit for the
same eligible entity in the preceding 13 months, except that such
limitation may be waived if the accredited third-party certification
body demonstrates to FDA, under Sec. 1.663, there is insufficient
access to audit agents in the country or region where the eligible
entity is located. If the accredited third-party certification body is
an individual, that individual is also subject to such limitations.
Sec. 1.651 How must an accredited third-party certification body
conduct a food safety audit of an eligible entity?
(a) Audit planning. Before beginning to conduct a food safety audit
under this subpart, an accredited third-party certification body must:
(1) Require the eligible entity seeking a food safety audit to:
(i) Identify the scope and purpose of the food safety audit,
including the facility, process(es), or food to be audited; whether the
food safety audit is to be conducted as a consultative or regulatory
audit subject to the requirements of this subpart, and if a regulatory
audit, the type(s) of certification(s) sought; and
(ii) Provide a 30-day operating schedule for such facility that
includes information relevant to the scope and purpose of the audit;
and
(2) Determine whether the requested audit is within its scope of
accreditation.
(b) Authority to audit. In arranging a food safety audit with an
eligible entity under this subpart, an accredited third-party
certification body must ensure it has authority, whether contractual or
otherwise, to:
(1) Conduct an unannounced audit to determine whether the facility,
process(es), and food of the eligible entity (within the scope of the
audit) comply with the applicable food safety requirements of the FD&C
Act and FDA regulations and, for consultative audits, also includes
conformance with applicable industry standards and practices;
(2) Access any records and any area of the facility, process(es),
and food of the eligible entity relevant to the scope and purpose of
such audit;
(3) When, for a regulatory audit, sampling and analysis is
conducted, the accredited third-party certification body must use a
laboratory that is accredited in accordance with:
(i) ISO/IEC 17025:2005; or
(ii) Another laboratory accreditation standard that provides at
least a similar level of assurance in the validity and reliability of
sampling methodologies, analytical methodologies, and analytical
results.
(4) Notify FDA immediately if, at any time during a food safety
audit, the accredited third-party certification body (or its audit
agent, where applicable) discovers a condition that could cause or
contribute to a serious risk to the public health and provide
information required by Sec. 1.656(c);
(5) Prepare reports of audits conducted under this subpart as
follows:
(i) For consultative audits, prepare reports that contain the
elements specified in Sec. 1.652(a) and maintain such records, subject
to FDA access in accordance with section 414 of the FD&C Act; and
(ii) For regulatory audits, prepare reports that contain the
elements specified in Sec. 1.652(b) and submit them to FDA and to its
recognized accreditation body (where applicable) under Sec. 1.656(a);
and
(6) Allow FDA and the recognized accreditation body that accredited
such third-party certification body, if any, to observe any food safety
audit conducted under this subpart for purposes of evaluating the
accredited third-party certification body's performance under
Sec. Sec. 1.621 and 1.662 or, where appropriate, the recognized
accreditation body's performance under Sec. Sec. 1.622 and 1.633.
(c) Audit protocols. An accredited third-party certification body
(or its audit agent, where applicable) must conduct a food safety audit
in a manner consistent with the identified scope and purpose of the
audit and within the scope of its accreditation.
(1) With the exception of records review, which may be scheduled,
the audit must be conducted without announcement during the 30-day
timeframe identified under paragraph (a)(1)(ii) of this section and
must be focused on determining whether the facility, its process(es),
and food are in compliance with applicable food safety requirements of
the FD&C Act and FDA regulations, and, for consultative audits, also
includes conformance with applicable industry standards and practices
that are within the scope of the audit.
(2) The audit must include records review prior to the onsite
examination; an onsite examination of the facility, its process(es),
and the food that results from such process(es); and where appropriate
or when required by FDA, environmental or product sampling and
analysis. When, for a regulatory audit, sampling and analysis is
conducted, the accredited third-party certification body must use a
laboratory that is accredited in accordance with paragraph (b)(3) of
this section. The audit may include any other activities necessary to
determine compliance with applicable food safety requirements of the
FD&C Act and FDA regulations, and, for consultative audits, also
includes conformance with
[[Page 74660]]
applicable industry standards and practices.
(3) The audit must be sufficiently rigorous to allow the accredited
third-party certification body to determine whether the eligible entity
is in compliance with the applicable food safety requirements of the
FD&C Act and FDA regulations, and for consultative audits, also
includes conformance with applicable industry standards and practices,
at the time of the audit; and for a regulatory audit, whether the
eligible entity, given its food safety system and practices would be
likely to remain in compliance with the applicable food safety
requirements of the FD&C Act and FDA regulations for the duration of
any certification issued under this subpart. An accredited third-party
certification body (or its audit agent, where applicable) that
identifies a deficiency requiring corrective action may verify the
effectiveness of a corrective action once implemented by the eligible
entity but must not recommend or provide input to the eligible entity
in identifying, selecting, or implementing the corrective action.
(4) Audit observations and other data and information from the
examination, including information on corrective actions, must be
documented and must be used to support the findings contained in the
audit report required by Sec. 1.652 and maintained as a record under
Sec. 1.658.
Sec. 1.652 What must an accredited third-party certification body
include in food safety audit reports?
(a) Consultative audits. An accredited third-party certification
body must prepare a report of a consultative audit not later than 45
days after completing such audit and must provide a copy of such report
to the eligible entity and must maintain such report under Sec. 1.658,
subject to FDA access in accordance with the requirements of section
414 of the FD&C Act. A consultative audit report must include:
(1) The identity of the site or location where the consultative
audit was conducted, including:
(i) The name, address and the FDA Establishment Identifier of the
facility subject to the consultative audit and a unique facility
identifier, if designated by FDA; and
(ii) Where applicable, the FDA registration number assigned to the
facility under subpart H of this part;
(2) The identity of the eligible entity, if different from the
facility, including the name, address, the FDA Establishment Identifier
and unique facility identifier, if designated by FDA, and, where
applicable, registration number under subpart H of this part;
(3) The name(s) and telephone number(s) of the person(s)
responsible for compliance with the applicable food safety requirements
of the FD&C Act and FDA regulations
(4) The dates and scope of the consultative audit;
(5) The process(es) and food(s) observed during such consultative
audit; and
(6) Any deficiencies observed that relate to or may influence a
determination of compliance with the applicable food safety
requirements of the FD&C Act and FDA regulations that require
corrective action, the corrective action plan, and the date on which
such corrective actions were completed. Such consultative audit report
must be maintained as a record under Sec. 1.658 and must be made
available to FDA in accordance with section 414 of the FD&C Act.
(b) Regulatory audits. An accredited third-party certification body
must, no later than 45 days after completing a regulatory audit,
prepare and submit electronically, in English, to FDA and to its
recognized accreditation body (or, in the case of direct accreditation,
only to FDA) and must provide to the eligible entity a report of such
regulatory audit that includes the following information:
(1) The identity of the site or location where the regulatory audit
was conducted, including:
(i) The name, address, and FDA Establishment Identifier of the
facility subject to the regulatory audit and a unique facility
identifier, if designated by FDA; and
(ii) Where applicable, the FDA registration number assigned to the
facility under subpart H of this part;
(2) The identity of the eligible entity, if different from the
facility, including the name, address, FDA Establishment Identifier,
and unique facility identifier, if designated by FDA, and, where
applicable, registration number under subpart H of this part;
(3) The dates and scope of the regulatory audit;
(4) The process(es) and food(s) observed during such regulatory
audit;
(5) The name(s) and telephone number(s) of the person(s)
responsible for the facility's compliance with the applicable food
safety requirements of the FD&C Act and FDA regulations;
(6) Any deficiencies observed during the regulatory audit that
present a reasonable probability that the use of or exposure to a
violative product:
(i) Will cause serious adverse health consequences or death to
humans and animals; or
(ii) May cause temporary or medically reversible adverse health
consequences or where the probability of serious adverse health
consequences or death to humans or animals is remote;
(7) The corrective action plan for addressing each deficiency
identified under paragraph (b)(6) of this section, unless corrective
action was implemented immediately and verified onsite by the
accredited third-party certification body (or its audit agent, where
applicable);
(8) Whether any sampling and laboratory analysis (e.g., under a
microbiological sampling plan) is performed in or used by the facility;
and
(9) Whether the eligible entity has made significant changes to the
facility, its process(es), or food products during the 2 years
preceding the regulatory audit.
(c) Submission of regulatory audit report. An accredited third-
party certification body must submit a completed regulatory audit
report as required by paragraph (b) of this section, regardless of
whether the certification body issued a food or facility certification
to the eligible entity.
(d) Notice and appeals of adverse regulatory audit results. An
accredited third-party certification body must notify an eligible
entity of a denial of certification and must establish and implement
written procedures for receiving and addressing appeals from eligible
entities challenging such adverse regulatory audit results and for
investigating and deciding on appeals in a fair and meaningful manner.
The appeals procedures must provide similar protections to those
offered by FDA under Sec. Sec. 1.692 and 1.693, including requirements
to:
(1) Make the appeals procedures publicly available;
(2) Use competent persons, who may or may not be external to the
accredited third-party certification body, who are free from bias or
prejudice and have not participated in the certification decision or be
subordinate to a person who has participated in the certification
decision, to investigate and decide appeals;
(3) Advise the eligible entity of the final decision on its appeal;
and
(4) Maintain records under Sec. 1.658 of the appeal, the final
decision, and the basis for such decision.
Sec. 1.653 What must an accredited third-party certification body do
when issuing food or facility certifications?
(a) Basis for issuance of a food or facility certification. (1)
Prior to issuing a food or facility certification to an eligible
entity, an accredited third-party
[[Page 74661]]
certification body (or, where applicable, an audit agent on its behalf)
must complete a regulatory audit that meets the requirements of Sec.
1.651 and any other activities that may be necessary to determine
compliance with the applicable food safety requirements of the FD&C Act
and FDA regulations.
(2) If, as a result of an observation during a regulatory audit, an
eligible entity must implement a corrective action plan to address a
deficiency, an accredited third-party certification body may not issue
a food or facility certification to such entity until after the
accredited third-party certification body verifies that eligible entity
has implemented the corrective action plan through methods that
reliably verify the corrective action was taken and as a result the
identified deficiency is unlikely to recur, except onsite verification
is required for corrective actions required to address deficiencies
that are the subject of a notification under Sec. 1.656(c).
(3) An accredited third-party certification body must consider each
observation and the data and other information from a regulatory audit
and other activities conducted under Sec. 1.651 to determine whether
the entity was in compliance with the applicable food safety
requirements of the FD&C Act and FDA regulations at the time of the
audit and whether the eligible entity, given its food safety system and
practices, would be likely to remain in compliance for the duration of
any certification issued under this subpart.
(4) A single regulatory audit may result in issuance of one or more
food or facility certifications under this subpart, provided that the
requirements of issuance are met as to each such certification.
(5) Where an accredited third-party certification body uses an
audit agent to conduct a regulatory audit of an eligible entity under
this subpart, the accredited third-party certification body (and not
the audit agent) must make the determination whether to issue a food or
facility certification based on the results of such regulatory audit.
(b) Issuance of a food or facility certification and submission to
FDA. (1) Any food or facility certification issued under this subpart
must be submitted to FDA electronically and in English. The accredited
third-party certification body may issue a food or facility
certification under this subpart for a term of up to 12 months.
(2) A food or facility certification must contain, at a minimum,
the following elements:
(i) The name and address of the accredited third-party
certification body and the scope and date of its accreditation under
this subpart;
(ii) The name, address, FDA Establishment Identifier, and unique
facility identifier, if designated by FDA, of the eligible entity to
which the food or facility certification was issued;
(iii) The name, address, FDA Establishment Identifier, and unique
facility identifier, if designated by FDA, of the facility where the
regulatory audit was conducted, if different than the eligible entity;
(iv) The scope and date(s) of the regulatory audit and the
certification number;
(v) The name of the audit agent(s) (where applicable) conducting
the regulatory audit; and
(vi) The scope of the food or facility certification, date of
issuance, and date of expiration.
(3) FDA may refuse to accept any certification for purposes of
section 801(q) or 806 of the FD&C Act, if FDA determines, that such
food or facility certification is not valid or reliable because, for
example:
(i) The certification is offered in support of the admissibility of
a food that was not within the scope of the certification;
(ii) The certification was issued by an accredited third-party
certification body acting outside the scope of its accreditation under
this subpart; or
(iii) The certification was issued without reliable demonstration
that the requirements of paragraph (a) of this section were met.
Sec. 1.654 When must an accredited third-party certification body
monitor an eligible entity that it has issued a food or facility
certification?
If an accredited third-party certification body has reason to
believe that an eligible entity to which it issued a food or facility
certification may no longer be in compliance with the applicable food
safety requirements of the FD&C Act and FDA regulations, the accredited
third-party certification body must conduct any monitoring (including
an onsite audit) of such eligible entity necessary to determine whether
the entity is in compliance with such requirements. The accredited
third-party certification body must immediately notify FDA, under Sec.
1.656(d), if it withdraws or suspends a food or facility certification
because it determines that the entity is no longer in compliance with
the applicable food safety requirements of the FD&C Act and FDA
regulations. The accredited third-party certification body must
maintain records of such monitoring under Sec. 1.658.
Sec. 1.655 How must an accredited third-party certification body
monitor its own performance?
(a) An accredited third-party certification body must annually,
upon FDA request made for cause, or as required under Sec.
1.631(f)(1)(i), Sec. 1.634(d)(1)(i), or Sec. 1.635(c)(1)(i), conduct
a self-assessment that includes evaluation of compliance with this
subpart, including:
(1) The performance of its officers, employees, or other agents
involved in auditing and certification activities, including the
performance of audit agents in examining facilities, process(es), and
food using the applicable food safety requirements of the FD&C Act and
FDA regulations;
(2) The degree of consistency among its officers, employees, or
other agents involved in auditing and certification activities,
including evaluating whether its audit agents interpreted audit
protocols in a consistent manner;
(3) The compliance of the accredited third-party certification body
and its officers, employees, and other agents involved in auditing and
certification activities, with the conflict of interest requirements of
Sec. 1.657;
(4) Actions taken in response to the results of any assessments
conducted by FDA or, where applicable, the recognized accreditation
body under Sec. 1.621; and
(5) As requested by FDA, any other aspects of its performance
relevant to a determination of whether the accredited third-party
certification body is in compliance with this subpart.
(b) As a means to assess its performance, the accredited third-
party certification body may evaluate the compliance of one or more of
eligible entities to which a food or facility certification was issued
under this subpart.
(c) Based on the assessments and evaluations conducted under
paragraphs (a) and (b) of this section, the accredited third-party
certification body must:
(1) Identify any deficiencies in complying with the requirements of
this subpart;
(2) Quickly implement corrective action(s) that effectively address
the identified deficiencies; and
(3) Under Sec. 1.658, establish and maintain records of such
corrective action(s).
(d) The accredited third-party certification body must prepare a
written report of the results of its self-assessment that includes:
(1) A description of any corrective action(s) taken under paragraph
(c) of this section;
[[Page 74662]]
(2) A statement disclosing the extent to which the accredited
third-party certification body, and its officers, employees, and other
agents involved in auditing and certification activities, complied with
the conflict of interest requirements in Sec. 1.657; and
(3) A statement attesting to the extent to which the accredited
third-party certification body complied with the applicable
requirements of this subpart.
(e) An accredited third-party certification body may use a report,
supplemented as necessary, on its conformance to ISO/IEC 17021: 2011 or
ISO/IEC 17065: 2012 in meeting the requirements of this section.
Sec. 1.656 What reports and notifications must an accredited third-
party certification body submit?
(a) Reporting results of regulatory audits. An accredited third-
party certification body must submit a regulatory audit report, as
described in Sec. 1.652(b), electronically, in English, to FDA and to
the recognized accreditation body that granted its accreditation (where
applicable), no later than 45 days after completing such audit.
(b) Reporting results of accredited third-party certification body
self-assessments. An accredited third-party certification body must
submit the report of its annual self-assessment required by Sec. 1.655
electronically to its recognized accreditation body (or, in the case of
direct accreditation, electronically and in English, to FDA), within 45
days of the anniversary date of its accreditation under this subpart.
For an accredited third-party certification body subject to an FDA
request for cause, or Sec. 1.631(f)(1)(i), Sec. 1.634(d)(1)(i), or
Sec. 1.635(c)(1)(i), the report of its self-assessment must be
submitted to FDA electronically, in English, within 60 days of the FDA
request, denial of renewal, revocation, or relinquishment of
recognition of the accreditation body that granted its accreditation.
Such report must include an up-to-date list of any audit agents it uses
to conduct audits under this subpart.
(c) Notification to FDA of a serious risk to public health. An
accredited third-party certification body must immediately notify FDA
electronically, in English, if during a regulatory or consultative
audit, any of its audit agents or the accredited third-party
certification body itself discovers a condition that could cause or
contribute to a serious risk to the public health, providing the
following information:
(1) The name, physical address, and unique facility identifier, if
designated by FDA, of the eligible entity subject to the audit, and,
where applicable, the registration number under subpart H of this part;
(2) The name, physical address, and unique facility identifier, if
designated by FDA, of the facility where the condition was discovered
(if different from that of the eligible entity) and, where applicable,
the registration number assigned to the facility under subpart H of
this part; and
(3) The condition for which notification is submitted.
(d) Immediate notification to FDA of withdrawal or suspension of a
food or facility certification. An accredited third-party certification
body must notify FDA electronically, in English, immediately upon
withdrawing or suspending any food or facility certification of an
eligible entity and the basis for such action.
(e) Notification to its recognized accreditation body or an
eligible entity. (1) After notifying FDA under paragraph (c) of this
section, an accredited third-party certification body must immediately
notify the eligible entity of such condition and must immediately
thereafter notify the recognized accreditation body that granted its
accreditation, except for third-party certification bodies directly
accredited by FDA. Where feasible and reliable, the accredited third-
party certification body may contemporaneously notify its recognized
accreditation body and/or the eligible entity when notifying FDA.
(2) An accredited third-party certification body must notify its
recognized accreditation body (or, in the case of direct accreditation,
FDA) electronically, in English, within 30 days after making any
significant change that would affect the manner in which it complies
with the requirements of this subpart and must include with such
notification the following information:
(i) A description of the change; and
(ii) An explanation for the purpose of the change.
Sec. 1.657 How must an accredited third-party certification body
protect against conflicts of interest?
(a) An accredited third-party certification body must implement a
written program to protect against conflicts of interest between the
accredited third-party certification body (and its officers, employees,
and other agents involved in auditing and certification activities) and
an eligible entity seeking a food safety audit or food or facility
certification from, or audited or certified by, such accredited third-
party certification body, including the following:
(1) Ensuring that the accredited third-party certification body and
its officers, employees, or other agents involved in auditing and
certification activities do not own, operate, have a financial interest
in, manage, or otherwise control an eligible entity to be certified, or
any affiliate, parent, or subsidiary of the entity;
(2) Ensuring that the accredited third-party certification body
and, its officers, employees, or other agents involved in auditing and
certification activities are not owned, managed, or controlled by any
person that owns or operates an eligible entity to be certified;
(3) Ensuring that an audit agent of the accredited third-party
certification body does not own, operate, have a financial interest in,
manage, or otherwise control an eligible entity or any affiliate,
parent, or subsidiary of the entity that is subject to a consultative
or regulatory audit by the audit agent; and
(4) Prohibiting an accredited third-party certification body's
officer, employee, or other agent involved in auditing and
certification activities from accepting any money, gift, gratuity, or
other item of value from the eligible entity to be audited or certified
under this subpart.
(5) The items specified in paragraph (a)(4) of this section do not
include:
(i) Money representing payment of fees for auditing and
certification services and reimbursement of direct costs associated
with an onsite audit by the third-party certification body; or
(ii) Lunch of de minimis value provided during the course of an
audit and on the premises where the audit is conducted, if necessary to
facilitate the efficient conduct of the audit.
(b) An accredited third-party certification body may accept the
payment of fees for auditing and certification services and the
reimbursement of direct costs associated with an audit of an eligible
entity only after the date on which the report of such audit was
completed or the date a food or facility certification was issued,
whichever is later. Such payment is not considered a conflict of
interest for purposes of paragraph (a) of this section.
(c) The financial interests of the spouses and children younger
than 18 years of age of accredited third-party certification body's
officers, employees, and other agents involved in auditing and
certification activities will be considered the financial interests of
such officers, employees, and other agents involved in auditing and
certification activities.
(d) An accredited third-party certification body must maintain on
its Web site an up-to-date list of the eligible
[[Page 74663]]
entities to which it has issued food or facility certifications under
this subpart. For each such eligible entity, the Web site also must
identify the duration and scope of the food or facility certification
and date(s) on which the eligible entity paid the accredited third-
party certification body any fee or reimbursement associated with such
audit or certification.
Sec. 1.658 What records requirements must a third-party certification
body that has been accredited meet?
(a) A third-party certification body that has been accredited must
maintain electronically for 4 years records created during its period
of accreditation (including documents and data) that document
compliance with this subpart, including:
(1) Any audit report and other documents resulting from a
consultative audit conducted under this subpart, including the audit
agent's observations, correspondence with the eligible entity,
verification of any corrective action(s) taken to address deficiencies
identified during the audit;
(2) Any request for a regulatory audit from an eligible entity;
(3) Any audit report and other documents resulting from a
regulatory audit conducted under this subpart, including the audit
agent's observations, correspondence with the eligible entity,
verification of any corrective action(s) taken to address deficiencies
identified during the audit, and, when sampling and analysis is
conducted, laboratory testing records and results from a laboratory
that is accredited in accordance with Sec. 1.651(b)(3), and
documentation demonstrating such laboratory is accredited in accordance
with Sec. 1.651(b)(3);
(4) Any notification submitted by an audit agent to the accredited
third-party certification body in accordance with Sec. 1.650(a)(5);
(5) Any challenge to an adverse regulatory audit decision and the
disposition of the challenge;
(6) Any monitoring it conducted of an eligible entity to which food
or facility certification was issued;
(7) Its self-assessments and corrective actions taken to address
any deficiencies identified during a self-assessment; and
(8) Significant changes to its auditing or certification program
that might affect compliance with this subpart.
(b) An accredited third-party certification body must make the
records of a consultative audit required by paragraph (a)(1) of this
section available to FDA in accordance with section 414 of the FD&C
Act.
(c) An accredited third-party certification body must make the
records required by paragraphs (a)(2) through (8) of this section
available for inspection and copying promptly upon written request of
an authorized FDA officer or employee at the place of business of the
accredited third-party certification body or at a reasonably accessible
location. If such records are requested by FDA electronically, the
records must be submitted electronically not later than 10 business
days after the date of the request. Additionally, if the records are
maintained in a language other than English, an accredited third-party
certification body must electronically submit an English translation
within a reasonable time.
Procedures for Accreditation of Third-Party Certification Bodies Under
This Subpart
Sec. 1.660 Where do I apply for accreditation or renewal of
accreditation by a recognized accreditation body and what happens once
the recognized accreditation body decides on my application?
(a) Submission of accreditation or renewal application to a
recognized accreditation body. A third-party certification body seeking
accreditation must submit its request for accreditation or renewal of
accreditation by a recognized accreditation body identified on the Web
site described in Sec. 1.690.
(b) Notice of records custodian after denial of application for
renewal of accreditation. An applicant whose renewal application was
denied by a recognized accreditation body must notify FDA
electronically, in English, within 10 business days of the date of
issuance of a denial of accreditation or denial of the renewal
application, of the name and contact information of the custodian who
will maintain the records required by Sec. 1.658(a) and make them
available to FDA as required by Sec. 1.658(b) and (c). The contact
information for the custodian must include, at a minimum, an email
address and the physical address where the records required by Sec.
1.658(a) will be located.
(c) Effect of denial of an application for renewal of accreditation
on food or facility certifications issued to eligible entities. A food
or facility certification issued by an accredited third-party
certification body prior to issuance of the denial of its renewal
application l will remain in effect until the certification expires. If
FDA has reason to believe that a certification issued for purposes of
section 801(q) or 806 of the FD&C Act is not valid or reliable, FDA may
refuse to consider the certification in determining the admissibility
of the article of food for which the certification was offered or in
determining the importer's eligibility for participation in VQIP.
(d) Public notice of denial of an application for renewal of
accreditation. FDA will provide notice on the Web site described in
Sec. 1.690 of the date of issuance of a denial of renewal of
accreditation of a third-party certification body that had previous
been accredited.
Sec. 1.661 What is the duration of accreditation by a recognized
accreditation body?
A recognized accreditation body may grant accreditation to a third-
party certification body under this subpart for a period not to exceed
4 years.
Sec. 1.662 How will FDA monitor accredited third-party certification
bodies?
(a) FDA will periodically evaluate the performance of each
accredited third-party certification body to determine whether the
accredited third-party certification body continues to comply with the
applicable requirements of this subpart and whether there are
deficiencies in the performance of the accredited third-party
certification body that, if not corrected, would warrant withdrawal of
its accreditation under Sec. 1.664. FDA will evaluate each directly
accredited third-party certification body annually. For a third-party
certification body accredited by a recognized accreditation body, FDA
will evaluate an accredited third-party certification body not later
than 3 years after the date of accreditation for a 4-year term of
accreditation, or by no later than the mid-term point for accreditation
granted for less than 4 years. FDA may conduct additional performance
assessments of an accredited third-party certification body at any
time.
(b) In evaluating the performance of an accredited third-party
certification body under paragraph (a) of this section, FDA may review
any one or more of the following:
(1) Regulatory audit reports and food and facility certifications;
(2) The accredited third-party certification body's self-
assessments under Sec. 1.655;
(3) Reports of assessments by a recognized accreditation body under
Sec. 1.621;
(4) Documents and other information relevant to a determination of
the accredited third-party certification body's compliance with the
applicable requirements of this subpart; and
(5) Information obtained by FDA, including during inspections,
audits,
[[Page 74664]]
onsite observations, or investigations, of one or more eligible
entities to which a food or facility certification was issued by such
accredited third-party certification body.
(c) FDA may conduct its evaluation of an accredited third-party
certification body through a site visit to an accredited third-party
certification body's headquarters (or other location that manages audit
agents conducting food safety audits under this subpart, if different
than its headquarters), through onsite observation of an accredited
third party certification body's performance during a food safety audit
of an eligible entity, or through document review.
Sec. 1.663 How do I request an FDA waiver or waiver extension for the
13-month limit for audit agents conducting regulatory audits?
(a) An accredited third-party certification body may submit a
request to FDA to waive the requirements of Sec. 1.650(c) preventing
an audit agent from conducting a regulatory audit of an eligible entity
if the audit agent (or, in the case that the third-party certification
body is an individual, the third-party certification body) has
conducted a food safety audit of such entity during the previous 13
months. The accredited third-party certification body seeking a waiver
or waiver extension must demonstrate there is insufficient access to
audit agents and any third-party certification bodies that are
comprised of an individual in the country or region where the eligible
entity is located.
(b) Requests for a waiver or waiver extension and all documents
provided in support of the request must be submitted to FDA
electronically, in English. The requestor must provide such translation
and interpretation services as are needed by FDA to process the
request.
(c) The request must be signed by the requestor or by any
individual authorized to act on behalf of the requestor for purposes of
seeking such waiver or waiver extension.
(d) FDA will review requests for waivers and waiver extensions on a
first in, first out basis according to the date on which the completed
submission is received; however, FDA may prioritize the review of
specific requests to meet the needs of the program. FDA will evaluate
any completed waiver request to determine whether the criteria for
waiver have been met.
(e) FDA will notify the requestor whether the request for a waiver
or waiver extension is approved or denied.
(f) If FDA approves the request, issuance of the waiver will state
the duration of the waiver and list any limitations associated with it.
If FDA denies the request, the issuance of a denial of a waiver request
will state the basis for denial and will provide the address and
procedures for requesting reconsideration of the request under Sec.
1.691.
(g) Unless FDA notifies a requestor that its waiver request has
been approved, an accredited third-party certification body must not
use the audit agent to conduct a regulatory audit of such eligible
entity until the 13-month limit in Sec. 1.650(c) has elapsed.
Sec. 1.664 When would FDA withdraw accreditation?
(a) Mandatory withdrawal. FDA will withdraw accreditation from a
third-party certification body:
(1) Except as provided in paragraph (b) of this section, if the
food or facility certified under this subpart is linked to an outbreak
of foodborne illness or chemical or physical hazard that has a
reasonable probability of causing serious adverse health consequences
or death in humans or animals;
(2) Following an evaluation and finding by FDA that the third-party
certification body no longer complies with the applicable requirements
of this subpart; or
(3) Following its refusal to allow FDA to access records under
Sec. 1.658 or to conduct an audit, assessment, or investigation
necessary to ensure continued compliance with this subpart.
(b) Exception. FDA may waive mandatory withdrawal under paragraph
(a)(1) of this section, if FDA:
(1) Conducts an investigation of the material facts related to the
outbreak of human or animal illness;
(2) Reviews the relevant audit records and the actions taken by the
accredited third-party certification body in support of its decision to
certify; and
(3) Determines that the accredited third-party certification body
satisfied the requirements for issuance of certification under this
subpart.
(c) Discretionary withdrawal. FDA may withdraw accreditation, in
whole or in part, from a third-party certification body when such
third-party certification body is accredited by an accreditation body
for which recognition is revoked under Sec. 1.634, if FDA determines
there is good cause for withdrawal, including:
(1) Demonstrated bias or lack of objectivity when conducting
activities under this subpart; or
(2) Performance that calls into question the validity or
reliability of its food safety audits or certifications.
(d) Records access. FDA may request records of the accredited
third-party certification body under Sec. 1.658 and, where applicable,
may request records under Sec. 1.625 of an accreditation body that has
been recognized under Sec. 1.625, when considering withdrawal under
paragraph (a)(1), (a)(2), or (c) of this section.
(e) Notice to the third-party certification body of withdrawal of
accreditation. (1) FDA will notify a third-party certification body of
the withdrawal of its accreditation through issuance of a withdrawal
that will state the grounds for withdrawal, the procedures for
requesting a regulatory hearing under Sec. 1.693 on the withdrawal,
and the procedures for requesting reaccreditation under Sec. 1.666.
(2) Within 10 business days of the date of issuance of the
withdrawal, the third-party certification body must notify FDA
electronically, in English, of the name of the custodian who will
maintain the records required by Sec. 1.658, and provide contact
information for the custodian, which will at least include an email
address, and the street address where the records will be located.
(f) Effect of withdrawal of accreditation on eligible entities. A
food or facility certification issued by a third-party certification
body prior to withdrawal will remain in effect until the certification
terminates by expiration. If FDA has reason to believe that a
certification issued for purposes of section 801(q) or 806 of the FD&C
Act is not valid or reliable, FDA may refuse to consider the
certification in determining the admissibility of the article of food
for which the certification was offered or in determining the
importer's eligibility for participation in VQIP.
(g) Effect of withdrawal of accreditation on recognized
accreditation bodies. (1) FDA will notify a recognized accreditation
body if the accreditation of a third-party certification body it
accredited is withdrawn by FDA. Such accreditation body's recognition
will remain in effect if, no later than 60 days after withdrawal, the
accreditation body conducts a self-assessment under Sec. 1.622 and
reports the results of the self-assessment to FDA as required by Sec.
1.623(b).
(2) FDA may revoke the recognition of an accreditation body
whenever FDA determines there is good cause for revocation of
recognition under Sec. 1.634.
(h) Public notice of withdrawal accreditation. FDA will provide
notice on the Web site described in Sec. 1.690 of its withdrawal of
accreditation of a third-party certification body and
[[Page 74665]]
provide a description of the basis for withdrawal.
Sec. 1.665 What if I want to voluntarily relinquish accreditation or
do not want to renew accreditation?
(a) Notice to FDA of intent to relinquish or not to renew
accreditation. A third-party certification body must notify FDA
electronically, in English, at least 60 days before voluntarily
relinquishing accreditation or before allowing accreditation to expire
without seeking renewal. The certification body must provide the name
and contact information of the custodian who will maintain the records
required under Sec. 1.658(a) after the date of relinquishment or the
date accreditation expires, as applicable, and make them available to
FDA as required by Sec. 1.658(b) and (c). The contact information for
the custodian must include, at a minimum, an email address and the
physical address where the records required by Sec. 1.658(a) will be
located.
(b) Notice to recognized accreditation body and eligible entities
of intent to relinquish or not to renew accreditation. No later than 15
business days after notifying FDA under paragraph (a) of this section,
the certification body must notify its recognized accreditation body
and any eligible entity with current certifications that it intends to
relinquish accreditation or to allow its accreditation to expire,
specifying the date on which relinquishment or expiration will occur.
The recognized accreditation body must establish and maintain records
of such notification under Sec. 1.625(a).
(c) Effect of voluntary relinquishment or expiration of
accreditation on food or facility certifications issued to eligible
entities. A food or facility certification issued by a third-party
certification body prior to relinquishment or expiration of its
accreditation will remain in effect until the certification expires. If
FDA has reason to believe that a certification issued for purposes of
section 801(q) or 806 of the FD&C Act is not valid or reliable, FDA may
refuse to consider the certification in determining the admissibility
of the article of food for which the certification was offered or in
determining the importer's eligibility for participation in VQIP.
(d) Public notice of voluntary relinquishment or expiration of
accreditation. FDA will provide notice on the Web site described in
Sec. 1.690 of the voluntary relinquishment or expiration of
accreditation of a certification body under this subpart.
Sec. 1.666 How do I request reaccreditation?
(a) Application following withdrawal. FDA will reinstate the
accreditation of a third-party certification body for which it has
withdrawn accreditation:
(1) If, in the case of direct accreditation, FDA determines, based
on evidence presented by the third-party certification body, that the
third-party certification body satisfies the applicable requirements of
this subpart and adequate grounds for withdrawal no longer exist; or
(2) In the case of a third-party certification body accredited by
an accreditation body for which recognition has been revoked under
Sec. 1.634:
(i) If the third-party certification body becomes accredited by
another recognized accreditation body or by FDA through direct
accreditation no later than 1 year after withdrawal of accreditation,
or the original date of the expiration of accreditation, whichever
comes first; or
(ii) Under such conditions as FDA may impose in withdrawing
accreditation.
(b) Application following voluntary relinquishment. A third-party
certification body that previously relinquished its accreditation under
Sec. 1.665 may seek accreditation by submitting a new application for
accreditation under Sec. 1.660 or, where applicable, Sec. 1.670.
Additional Procedures for Direct Accreditation of Third-Party
Certification Bodies Under This Subpart
Sec. 1.670 How do I apply to FDA for direct accreditation or renewal
of direct accreditation?
(a) Eligibility. (1) FDA will accept applications from third-party
certification bodies for direct accreditation or renewal of direct
accreditation only if FDA determines that it has not identified and
recognized an accreditation body to meet the requirements of section
808 of the FD&C Act within 2 years after establishing the accredited
third-party audits and certification program. Such FDA determination
may apply, as appropriate, to specific types of third-party
certification bodies, types of expertise, or geographic location; or
through identification by FDA of any requirements of section 808 of the
FD&C Act not otherwise met by previously recognized accreditation
bodies. FDA will only accept applications for direct accreditation and
renewal applications that are within the scope of the determination.
(2) FDA may revoke or modify a determination under paragraph (a)(1)
of this section if FDA subsequently identifies and recognizes an
accreditation body that affects such determination.
(3) FDA will provide notice on the Web site described in Sec.
1.690 of a determination under paragraph (a)(1) of this section and of
a revocation or modification of the determination under paragraph
(a)(1) of this section, as described in paragraph (a)(2) of this
section.
(b) Application for direct accreditation or renewal of direct
accreditation. (1) A third-party certification body seeking direct
accreditation or renewal of direct accreditation must submit an
application to FDA, demonstrating that it is within the scope of the
determination issued under paragraph (a)(1) of this section, and it
meets the eligibility requirements of Sec. 1.640.
(2) Applications and all documents provided as part of the
application process must be submitted electronically, in English. An
applicant must provide such translation and interpretation services as
are needed by FDA to process the application, including during an
onsite audit of the applicant.
(3) The application must be signed in the manner designated by FDA
by an individual authorized to act on behalf of the applicant for
purposes of seeking or renewing direct accreditation.
Sec. 1.671 How will FDA review my application for direct
accreditation or renewal of direct accreditation and what happens once
FDA decides on my application?
(a) Review of a direct accreditation or renewal application. FDA
will examine a third-party certification body's direct accreditation or
renewal application for completeness and notify the applicant of any
deficiencies. FDA will review applications for direct accreditation and
for renewal of direct accreditation on a first in, first out basis
according to the date the completed submission is received; however,
FDA may prioritize the review of specific applications to meet the
needs of the program.
(b) Evaluation of a direct accreditation or renewal application.
FDA will evaluate any completed application to determine whether the
applicant meets the requirements for direct accreditation under this
subpart. If FDA does not reach a final decision on a renewal
application before the expiration of the direct accreditation, FDA may
extend the duration of such direct accreditation for a specified
[[Page 74666]]
period of time or until the Agency reaches a final decision on the
renewal application.
(c) Notice of approval or denial. FDA will notify the applicant
that its direct accreditation or renewal application has been approved
through issuance of or denied.
(d) Issuance of direct accreditation. If an application has been
approved, the issuance of the direct accreditation that will list any
limitations associated with the accreditation.
(e) Issuance of denial of direct accreditation. If FDA issues a
denial of direct accreditation or denial of a renewal application, the
issuance of the denial of direct accreditation will state the basis for
such denial and provide the procedures for requesting reconsideration
of the application under Sec. 1.691.
(f) Notice of records custodian after denial of application for
renewal of direct accreditation. An applicant whose renewal application
was denied must notify FDA electronically, in English, within 10
business days of the date of issuance of a denial of a renewal
application, of the name and contact information of the custodian who
will maintain the records required by Sec. 1.658(a) and make them
available to FDA as required by Sec. 1.658(b) and (c). The contact
information for the custodian must include, at a minimum, an email
address and the physical address where the records required by Sec.
1.658(b) will be located.
(g) Effect of denial of renewal of direct accreditation on food or
facility certifications issued to eligible entities. A food or facility
certification issued by an accredited third-party certification body
prior to issuance of the denial of its renewal application will remain
in effect until the certification expires. If FDA has reason to believe
that a certification issued for purposes of section 801(q) or 806 of
the FD&C Act is not valid or reliable, FDA may refuse to consider the
certification in determining the admissibility of the article of food
for which the certification was offered or in determining the
importer's eligibility for participation in VQIP.
(h) Public notice of denial of renewal of direct accreditation. FDA
will provide notice on the Web site described in Sec. 1.690 of the
issuance of a denial of renewal application for direct accreditation
under this subpart.
Sec. 1.672 What is the duration of direct accreditation?
FDA will grant direct accreditation of a third-party certification
body for a period not to exceed 4 years.
Requirements for Eligible Entities Under This Subpart
Sec. 1.680 How and when will FDA monitor eligible entities?
FDA may, at any time, conduct an onsite audit of an eligible entity
that has received food or facility certification from an accredited
third-party certification body under this subpart. Where FDA determines
necessary or appropriate, the unannounced audit may be conducted with
or without the accredited third-party certification body or the
recognized accreditation body (where applicable) present. An FDA audit
conducted under this section will be conducted on an unannounced basis
and may be preceded by a request for a 30-day operating schedule.
Sec. 1.681 How frequently must eligible entities be recertified?
An eligible entity seeking recertification of a food or facility
certification under this subpart must apply for recertification prior
to the expiration of its certification. For certifications used in
meeting the requirements of section 801(q) or 806 of the FD&C Act, FDA
may require an eligible entity to apply for recertification at any time
FDA determines appropriate under such section.
General Requirements of This Subpart
Sec. 1.690 How will FDA make information about recognized
accreditation bodies and accredited third-party certification bodies
available to the public?
FDA will place on its Web site a registry of recognized
accreditation bodies and accredited third-party certification bodies,
including the name, contact information, and scope and duration of
recognition or accreditation. The registry may provide information on
third-party certification bodies accredited by recognized accreditation
bodies through links to the Web sites of such recognized accreditation
bodies. FDA will also place on its Web site a list of accreditation
bodies for which it has denied renewal of recognition, for which FDA
has revoked recognition, and that have relinquished their recognition
or have allowed their recognition to expire. FDA will also place in its
Web site a list of certification bodies whose renewal of accreditation
has been denied, for which FDA has withdrawn accreditation, and that
have relinquished their accreditations or have allowed their
accreditations to expire. FDA will place on its Web site determinations
under Sec. 1.670(a)(1) and modifications of such determinations under
Sec. 1.670(a)(2).
Sec. 1.691 How do I request reconsideration of a denial by FDA of an
application or a waiver request?
(a) An accreditation body may seek reconsideration of the denial of
an application for recognition, renewal of recognition, or
reinstatement of recognition no later than 10 business days after the
date of the issuance of such denial.
(b) A third-party certification body may seek reconsideration of
the denial of an application for direct accreditation, renewal of
direct accreditation, reaccreditation of directly accredited third-
party certification body, a request for a waiver of the conflict of
interest requirement in Sec. 1.650(b), or a waiver extension no later
than 10 business days after the date of the issuance of such denial.
(c) A request to reconsider an application or waiver request under
paragraph (a) or (b) of this section must be signed by the requestor or
by an individual authorized to act on its behalf in submitting the
request for reconsideration. The request must be submitted
electronically in English and must comply with the procedures described
in the notice.
(d) After completing its review and evaluation of the request for
reconsideration, FDA will notify the requestor through the issuance of
the recognition, direct accreditation, or waiver upon reconsideration
or through the issuance of a denial of the application or waiver
request under paragraph (a) or (b) of this section upon
reconsideration.
Sec. 1.692 How do I request internal agency review of a denial of an
application or waiver request upon reconsideration?
(a) No later than 10 business days after the date of issuance of a
denial of an application or waiver request upon reconsideration under
Sec. 1.691, the requestor may seek internal agency review of such
denial under Sec. 10.75(c)(1) of this chapter.
(b) The request for internal agency review under paragraph (a) of
this section must be signed by the requestor or by an individual
authorized to act on its behalf in submitting the request for internal
review. The request must be submitted electronically in English to the
address specified in the denial upon reconsideration and must comply
with procedures it describes.
(c) Under Sec. 10.75(d) of this chapter, internal agency review of
such denial must be based on the information in the administrative
file, which will include any supporting information submitted under
Sec. 1.691(c).
[[Page 74667]]
(d) After completing the review and evaluation of the
administrative file, FDA will notify the requestor of its decision to
overturn the denial and grant the application or waiver request through
issuance of an application or waiver request upon reconsideration or to
affirm the denial of the application or waiver request upon
reconsideration through issuance of a denial of an application or
waiver request upon reconsideration.
(e) Issuance by FDA of a denial of an application or waiver request
upon reconsideration constitutes final agency action under 5 U.S.C.
702.
Sec. 1.693 How do I request a regulatory hearing on a revocation of
recognition or withdrawal of accreditation?
(a) Request for hearing on revocation. No later than 10 business
days after the date of issuance of a revocation of recognition of an
accreditation body under Sec. 1.634, an individual authorized to act
on the accreditation body's behalf may submit a request for a
regulatory hearing on the revocation under part 16 of this chapter. The
issuance of revocation issued under Sec. 1.634 will contain all of the
elements required by Sec. 16.22 of this chapter and will thereby
constitute the notice of an opportunity for hearing under part 16 of
this chapter.
(b) Request for hearing on withdrawal. No later than 10 business
days after the date of issuance of a withdrawal of accreditation of a
third-party certification body under Sec. 1.664, an individual
authorized to act on the third-party certification body's behalf may
submit a request for a regulatory hearing on the withdrawal under part
16 of this chapter. The issuance of withdrawal under Sec. 1.664 will
contain all of the elements required by Sec. 16.22 of this chapter and
will thereby constitute the notice of opportunity of hearing under part
16 of this chapter.
(c) Submission of request for regulatory hearing. The request for a
regulatory hearing under paragraph (a) or (b) of this section must be
submitted with a written appeal that responds to the basis for the FDA
decision, as described in the issuance of revocation or withdrawal, as
appropriate, and includes any supporting information upon which the
requestor is relying. The request, appeal, and supporting information
must be submitted in English to the address specified in the notice and
must comply with the procedures it describes.
(d) Effect of submission of request on FDA decision. The submission
of a request for a regulatory hearing under paragraph (a) or (b) of
this section will not operate to delay or stay the effect of a decision
by FDA to revoke recognition of an accreditation body or to withdraw
accreditation of a third-party certification body unless FDA determines
that a delay or a stay is in the public interest.
(e) Presiding officer. The presiding officer for a regulatory
hearing for a revocation or withdrawal under this subpart will be
designated after a request for a regulatory hearing is submitted to
FDA.
(f) Denial of a request for regulatory hearing. The presiding
officer may deny a request for regulatory hearing for a revocation or
withdrawal under Sec. 16.26(a) of this chapter when no genuine or
substantial issue of fact has been raised.
(g) Conduct of regulatory hearing. (1) If the presiding officer
grants a request for a regulatory hearing for a revocation or
withdrawal, the hearing will be held within 10 business days after the
date the request was filed or, if applicable, within a timeframe agreed
upon in writing by requestor, the presiding officer, and FDA.
(2) The presiding officer must conduct the regulatory hearing for
revocation or withdrawal under part 16 of this chapter, except that,
under Sec. 16.5(b) of this chapter, such procedures apply only to the
extent that the procedures are supplementary and do not conflict with
the procedures specified for regulatory hearings under this subpart.
Accordingly, the following requirements of part 16 are inapplicable to
regulatory hearings under this subpart: Sec. 16.22 (Initiation of a
regulatory hearing); Sec. 16.24(e) (timing) and (f) (contents of
notice); Sec. 16.40 (Commissioner); Sec. 16.60(a) (public process);
Sec. 16.95(b) (administrative decision and record for decision); and
Sec. 16.119 (Reconsideration and stay of action).
(3) A decision by the presiding officer to affirm the revocation of
recognition or the withdrawal of accreditation is considered a final
agency action under 5 U.S.C. 702.
Sec. 1.694 Are electronic records created under this subpart subject
to the electronic records requirements of part 11 of this chapter?
Records that are established or maintained to satisfy the
requirements of this subpart and that meet the definition of electronic
records in Sec. 11.3(b)(6) of this chapter are exempt from the
requirements of part 11 of this chapter. Records that satisfy the
requirements of this subpart, but that also are required under other
applicable statutory provisions or regulations, remain subject to part
11 of this chapter.
Sec. 1.695 Are the records obtained by FDA under this subpart subject
to public disclosure?
Records obtained by FDA under this subpart are subject to the
disclosure requirements under part 20 of this chapter.
PART 11--ELECTRONIC RECORDS; ELECTRONIC SIGNATURES
0
3. The authority citation for 21 CFR part 11 continues to read as
follows:
Authority: 21 U.S.C. 321-393; 42 U.S.C. 262.
0
4. In Sec. 11.1, add paragraph (m) to read as follows:
Sec. 11.1 Scope.
* * * * *
(m) This part does not apply to records required to be established
or maintained by subpart M of part 1 of this chapter. Records that
satisfy the requirements of subpart M of part 1 of this chapter, but
that also are required under other applicable statutory provisions or
regulations, remain subject to this part.
PART 16--REGULATORY HEARING BEFORE THE FOOD AND DRUG ADMINISTRATION
0
5. The authority citation for 21 CFR part 16 continues to read as
follows:
Authority: 15 U.S.C. 1451-1461; 21 U.S.C. 141-149, 321-394,
467f, 679, 821, 1034; 28 U.S.C. 2112; 42 U.S.C. 201-262, 263b, 364.
0
6. In Sec. 16.1(b)(2), add the following entry in numerical order to
read as follows:
Sec. 16.1 Scope.
* * * * *
(b) * * *
(2) * * *
Sec. Sec. 1.634 and 1.664, relating to revocation of recognition
of an accreditation body and withdrawal of accreditation of third-party
certification bodies that conduct food safety audits of eligible
entities in the food import supply chain and issue food and facility
certifications.
* * * * *
Dated: October 30, 2015.
Leslie Kux,
Associate Commissioner for Policy.
[FR Doc. 2015-28160 Filed 11-13-15; 8:45 am]
BILLING CODE 4164-01-P
