Accreditation of Third-Party Auditors/Certification Bodies to Conduct Food Safety Audits and to Issue Certifications, 45781-45839 [2013-17994]
Download as PDF
<![CDATA[
Vol. 78
Monday,
No. 145
July 29, 2013
Part IV
Department of Health and Human Services
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Food and Drug Administration
21 CFR Part 1 and 16
Accreditation of Third-Party Auditors/Certification Bodies to Conduct Food
Safety Audits and to Issue Certifications; Proposed Rule
VerDate Mar<15>2010
19:57 Jul 26, 2013
Jkt 229001
PO 00000
Frm 00001
Fmt 4717
Sfmt 4717
E:\FR\FM\29JYP4.SGM
29JYP4
45782
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
Written Submissions
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Food and Drug Administration
21 CFR Parts 1 and 16
[Docket No. FDA–2011–N–0146]
RIN 0910–AG66
Accreditation of Third-Party Auditors/
Certification Bodies to Conduct Food
Safety Audits and to Issue
Certifications
AGENCY:
Food and Drug Administration,
HHS.
ACTION:
Proposed rule.
The Food and Drug
Administration (FDA) is amending its
regulations to provide for accreditation
of third-party auditors/certification
bodies to conduct food safety audits of
foreign food entities, including
registered foreign food facilities, and to
issue food and facility certifications,
under the FDA Food Safety
Modernization Act (FSMA). Use of
accredited third-party auditors/
certification bodies and food and facility
certifications will help FDA prevent
potentially harmful food from reaching
U.S. consumers and thereby improve
the safety of the U.S. food supply. FDA
also expects that these regulations will
increase efficiency by reducing the
number of redundant food safety audits.
DATES: Submit either electronic or
written comments on the proposed rule
by November 26, 2013.
ADDRESSES: You may submit comments,
identified by Docket No. FDA–2011–N–
0146 and/or Regulatory Information
Number (RIN) 0910–AG66, by any of the
following methods.
SUMMARY:
Electronic Submissions
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Submit electronic comments in the
following way:
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
VerDate Mar<15>2010
19:57 Jul 26, 2013
Jkt 229001
Submit written submissions in the
following ways:
• Mail/Hand delivery/Courier (for
paper or CD–ROM submissions):
Division of Dockets Management (HFA–
305), Food and Drug Administration,
5630 Fishers Lane, Rm. 1061, Rockville,
MD 20852.
Instructions: All submissions received
must include the Agency name and
Docket No. FDA–2011–N–0146 and/or
RIN 0910–AG66 for this rulemaking. All
comments received may be posted
without change to https://
www.regulations.gov, including any
personal information provided. For
additional information on submitting
comments, see the ‘‘Comments’’ heading
of the SUPPLEMENTARY INFORMATION
section of this document.
Docket: For access to the docket to
read background documents or
comments received, go to https://
www.regulations.gov and insert the
docket number, found in brackets in the
heading of this document, into the
‘‘Search’’ box and follow the prompts
and/or go to the Division of Dockets
Management, 5630 Fishers Lane, Rm.
1061, Rockville, MD 20852.
FOR FURTHER INFORMATION CONTACT:
Charlotte A. Christin, Office of the
Commissioner, Office of Policy, Food
and Drug Administration, 10903 New
Hampshire Ave., Bldg. 32, Rm. 4234,
Silver Spring, MD 20993, 240–402–
3708.
SUPPLEMENTARY INFORMATION:
Executive Summary
Purpose of the Proposed Rule
This proposed rule, if finalized, will
help FDA ensure the competence and
independence of third-party auditors/
certification bodies who conduct foreign
food safety audits. It also will help
ensure the reliability of food and facility
certifications issued by third-party
auditors/certification bodies that FDA
will use in making certain decisions
relating to imported food (including pet
food and animal feed). These
certifications include, for example, food
PO 00000
Frm 00002
Fmt 4701
Sfmt 4702
certifications required by FDA as a
condition of granting admission to a
food determined to pose a safety risk.
Having comprehensive oversight of a
credible and reliable program for thirdparty audits and certifications of foreign
food facilities will help FDA prevent
potentially harmful food from reaching
U.S. consumers and thereby improve
the safety of the U.S. food supply. We
believe that a trusted program for
foreign food safety audits and food and
facility certifications—with clear
requirements, standards, and
procedures and operated under
government oversight—will be
appealing to accreditation bodies,
auditors/certification bodies, and
foreign food facilities. Widespread
participation and broad acceptance of
audits and certifications under the FDA
program will help increase efficiency
and reduce costs, by eliminating
redundant auditing to assess foreign
suppliers’ compliance with the Federal
Food, Drug, and Cosmetic Act (the
FD&C Act).
FSMA adds section 808 to the FD&C
Act (21 U.S.C. 384d), which directs us
to establish a new program for
accreditation of third-party auditors 1
conducting food safety audits and
issuing food and facility certifications to
eligible foreign entities (including
registered foreign food facilities) that
meet our applicable requirements.
Under this provision, we will recognize
accreditation bodies to accredit thirdparty auditors/certification bodies,
except for limited circumstances in
which we may directly accredit
auditors/certification bodies to
participate in the accredited third-party
audits and certification program.
1 Section 808 of the FD&C Act uses the term
‘‘auditor’’ to describe an entity that conducts audits
and issues certifications. We propose to use the
term ‘‘auditor/certification body,’’ which adds the
words ‘‘certification body’’ to better comport with
the terminology used by the food industry and the
international standards community when
describing organizations that not only conduct
audits but also issue certifications based on audit
results. We will use the statutory term only when
referring to the requirements of section 808 of the
FD&C Act.
E:\FR\FM\29JYP4.SGM
29JYP4
We will use certifications issued by
accredited third-party auditors/
certification bodies in deciding whether
to admit certain imported food into the
United States that FDA has determined
poses a food safety risk and in deciding
whether an importer is eligible to
participate in a program for expedited
review and entry of food imports. We
will exercise oversight of the accredited
third-party audits and certification
program and can remove an
accreditation body or an auditor/
certification body for good cause, by
revoking recognition of the accreditation
body or by withdrawing accreditation of
the third-party auditor/certification
body.
We must issue implementing
regulations that include measures to
protect against conflicts of interest and
must issue model accreditation
standards that third-party auditors/
certification bodies must meet to qualify
for accreditation.2 The statute directs us
2 We will issue draft model accreditation
standards to specify the qualifications for
accreditation, such as the minimum requirements
for education and experience for third-party
auditors/certification bodies (and their audit agents)
to qualify for accreditation. We will open a public
docket to accept comments on the draft standards
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
to look to existing standards for
guidance when developing these model
accreditation standards.
Summary of the Major Provisions of the
Proposed Rule
This proposal contains eligibility
requirements for accreditation bodies to
qualify for recognition and requirements
that accreditation bodies choosing to
participate in the FDA program must
meet, once recognized. It also contains
eligibility requirements for third-party
auditors/certification bodies to qualify
for accreditation and requirements that
third-party auditors/certification bodies
choosing to participate in the FDA
program must meet, once accredited.
These requirements will ensure the
competence and independence of the
accreditation bodies and third-party
auditors/certification bodies
participating in the program for
accredited third-party audits and
certification that is established under
this subpart.
This proposal contains procedures for
recognition and accreditation, as well as
requirements relating to monitoring and
and plan to take necessary procedural steps to
finalize the model standards.
PO 00000
Frm 00003
Fmt 4701
Sfmt 4702
45783
oversight of participating accreditation
bodies and auditors/certification bodies.
These include procedures that we will
follow when removing an auditor/
certification body or an accreditation
body from the program. The proposed
rule contains requirements relating to
auditing and certification of foreign food
facilities under the program and for
notifying us of conditions in an audited
facility that could cause or contribute to
a serious risk to the public health. The
proposed requirements for monitoring,
oversight, and notification are needed to
give us, consumers, and other
stakeholders confidence in the program
and in the accredited third-party
auditors/certification bodies and
recognized accreditation bodies who
participate.
The proposal also implements the
authority granted by Congress in section
801(q) of the FD&C Act (21 U.S.C.
381(q)) to make a risk-based
determination to require, as a condition
of admissibility, that a food imported or
offered for import into the United States
be accompanied by a certification or
other assurance that the food meets the
applicable requirements of the FD&C
Act. This clear authority to require
E:\FR\FM\29JYP4.SGM
29JYP4
EP29JY13.008</GPH>
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
45784
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
import certification for food, based on
risk, is one of the tools we can use to
help prevent potentially harmful food
from reaching consumers.
In addition, this document proposes
requirements for accredited third-party
auditors/certification bodies to follow
when issuing facility certifications that
will be used by importers to establish
eligibility for the Voluntary Qualified
Importer Program (VQIP) under section
806 of the FD&C Act (21 U.S.C. 384b(a)).
The VQIP program offers participating
importers expedited review and entry of
food from facilities audited and certified
by third-party auditors/certification
bodies accredited under this subpart.
Costs and Benefits
We summarize the annualized costs
(over a 10-year time period discounted
at both 3 percent and 7 percent) of the
third-party proposed rule in Table 1. We
are unable to estimate quantitatively the
benefits of the proposed rule. Although
this proposed rule would not itself
establish safety requirements for
imported food, it would benefit the
public health by helping to ensure that
imported food is produced in
compliance with applicable
requirements of the FD&C Act.
The Preliminary Regulatory Impact
Analyses for the proposed rules on
Current Good Manufacturing Practice
and Hazard Analysis and Risk-Based
Preventive Controls for Human Food
(Preventive Controls) 3 and the
Standards for the Growing, Harvesting,
Packing, and Holding of Produce for
Human Consumption (Produce Safety) 4
consider and analyze the number of
illnesses and deaths that those proposed
regulations are aimed at reducing. The
greater the compliance with the
Preventive Controls and Produce Safety
proposed regulations, the greater the
reduction in illnesses and deaths and
associated costs expected.
This proposed rule would be an
important mechanism for improving
and ensuring compliance with the
Preventive Controls and Produce Safety
proposed regulations as they would
apply to imported food. For this reason,
we account for its public health benefits
in the economic analyses for those
proposed rules and other applicable
food safety regulations, instead of in the
analysis for this proposed rule.
TABLE 1—SUMMARY OF ANNUALIZED COSTS OF THE PROPOSED RULE
Third party accreditation costs
3 Percent
7 Percent
Third Party Accreditation Costs for All Participants ........................................................................................
Third Party Accreditation Costs for FDA .........................................................................................................
$55,548,432
17,063,089
$56,756,016
17,640,083
Total Costs ...............................................................................................................................................
72,611,521
74,396,099
I. Introduction
Each year, about 48 million
Americans (1 in 6) get sick, 128,000 are
hospitalized, and 3,000 die from foodborne diseases, according to recent
estimates from the Centers for Disease
Control and Prevention (CDC). CDC
food-borne illness outbreak data also
show that an increased number of
outbreaks due to imported foods were
reported during the most recent years of
surveillance. During 2005–2010, 39
outbreaks with 2,348 illnesses were
reported where the implicated food was
imported into the United States,
representing 1.5 percent of reported
outbreaks during that time. Of the 39
import-associated outbreaks, more were
reported in 2009 and 2010 (n=6 and 8
outbreaks, respectively) than were
reported in each of the years between
2005 and 2008. A greater percentage of
the import-related outbreaks were
multistate outbreaks as compared to the
overall percentage of multistate
outbreaks reported (Ref. 1).5
President Obama signed FSMA (Pub.
L.111–353) into law on January 4, 2011.
FSMA enables us to better protect
public health by helping to ensure the
safety and security of the U.S. food
supply. The Web page describing our
FSMA implementation activities is at
https://www.fda.gov/fsma.
Among other things, FSMA gave us
important new tools to better ensure the
safety of imported foods, which
constitute approximately 15 percent of
the U.S. food supply (including 80
percent of our seafood, 50 percent of our
fresh fruit, and 20 percent of our
vegetables). We place high priority on
ensuring the accountability of importers
to verify the safety of food produced
overseas and to establish a new program
for third-party auditing and certification
of regulated foreign food firms. (By way
of background, third-party audits are
conducted by an entity independent of
the audited firm or those who buy its
products. Second-party audits are
conducted by buyers for their suppliers
and contractors or by one division
within a firm of another division within
the same firm. First-party audits are
internal audits a firm conducts itself.
This proposed regulation relates only to
third-party audits.)
In this document, we propose
requirements for third-party auditors/
certification bodies choosing to become
accredited to conduct food safety audits
and to issue food and facility
certifications to eligible foreign entities
under this FDA program.
The preamble that follows provides
background on the following: (1) The
FSMA requirement to establish an
accredited third-party auditing and
3 The Preventive Controls proposed rule was
published in the Federal Register on January 16,
2013 (78 FR 3646).
4 The Produce Safety proposed rule was
published in the Federal Register on January 16,
2013 (78 FR 3503).
5 The CDC abstract on Foodborne Disease
Outbreaks Associated with Food Imported Into the
United States, 2005–2010 (Ref. 1) discussed 23
reported outbreaks with 1,994 illnesses associated
with imported foods. These data were updated for
a presentation at the International Conference on
Emerging Infectious Diseases, to reflect the numbers
discussed in this proposed rule.
Table of Contents
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
I. Introduction
II. Background
A. Legal Authority
B. FDA Initiatives on Third Parties
C. FDA’s Use of Certifications for Food
D. External Recommendations on ThirdParty Certification for Food
E. FDA Standards for Assessing
Capabilities of Food Safety Systems
F. U.S. Government Policies on Consensus
Standards and Conformity Assessment
G. Industry Practices on Benchmarking
Standards and Third-Party Audits and
Certification for Food and Food Facilities
III. FSMA Imports Public Meeting and
Stakeholder Input
IV. Purpose and Description of the Proposed
Rule
A. Proposed Revisions to Part 1, New
Subpart
B. Proposed Revisions to Part 16
V. Analysis of Environmental Impact
VI. Federalism
VII. Comments
VIII. References
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
PO 00000
Frm 00004
Fmt 4701
Sfmt 4702
E:\FR\FM\29JYP4.SGM
29JYP4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
certification program for food and
related FSMA provisions, (2) other
initiatives on third parties, (3) use of
food certifications, (4) recommendations
from external stakeholders on thirdparty certifications for food, (5)
standards for assessing programs for
oversight of food safety, (6) U.S.
government policies on consensus
standards and conformity assessment,
and (7) industry programs for
benchmarking standards and for
auditing and certification for food
facilities and their food. We seek
comments on all aspects of this
proposal.
II. Background
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
A. Legal Authority
1. Accreditation of Third-Party
Auditors/Certification Bodies
Section 307 of FSMA, Accreditation
of Third-Party Auditors, amends the
FD&C Act (21 U.S.C. 384d) to create a
new provision, section 808, under the
same name. Section 808(b)(1)(A) of the
FD&C Act requires us to establish a
system, within 2 years of enactment, for
the recognition of accreditation bodies
that accredit third-party auditors to
conduct food safety audits and to issue
certifications for eligible foreign food
entities and their products.
Section 808(b)(1)(A)(ii) of the FD&C
Act further authorizes us to directly
accredit third-party auditors if we have
not identified and recognized an
accreditation body that meets the
requirements of the section within 2
years after establishing the system for
recognition. If those conditions are met,
we may begin to directly accredit thirdparty auditors.
Section 808(c)(5)(C) of the FD&C Act
directs us to issue implementing
regulations for section 808 not later than
18 months after enactment (i.e., by July
4, 2012). The regulations must require
audits to be unannounced and must
contain protections against conflicts of
interest between accredited auditors
(and their audit agents) and the entities
they audit or certify, including
requirements on timing and public
disclosure of fees and appropriate limits
on financial affiliations. (21 U.S.C.
384d(c)(5)(C)(ii) and (c)(5)(C)(iii)). In
addition, the regulations must require
audits to be unannounced (21 U.S.C.
384d(c)(5)(C)(i)).
Section 808(b)(2) of the FD&C Act
contains an additional requirement to
develop model accreditation standards
to qualify third-party auditors for
accreditation under this FDA program.
The statute describes the model
accreditation standards in terms of
requirements an auditor must meet to
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
qualify for accreditation. We are
including in this proposed rule a
framework for the model accreditation
standards. We currently are developing
the Model Accreditation Standards
document, which elaborates on the
framework and details the qualifications
required for accreditation. We are
considering existing international
standards and particularly the work of
the International Organization for
Standardization Committee on
conformity assessment (ISO/CASCO).
For example, we are considering
minimum requirements for education
and experience of auditors/certification
bodies. We plan to issue draft model
standards for public comment, before
finalizing them.
2. Voluntary Qualified Importer
Program
Facility certifications (as described in
sections 806(a) and 808(c)(2) of the
FD&C Act) will be used by FDA to help
determine whether a facility is eligible
to be a facility from which food may be
offered for import under VQIP. The
criteria and procedures for VQIP
participation are outside the scope of
this rulemaking. FDA plans to issue
guidance on VQIP and will solicit
public comment on VQIP at that time.
3. Authority To Require Import
Certifications for Food
Food certifications (as described in
sections 801(q) and 808(c)(2) of the
FD&C Act) will be required to meet a
condition for admitting a food into the
United States under section 801(a) of
the FD&C Act, where necessary based
on our determination of the risk of the
food. Specifically, section 801(q) of the
FD&C Act gives us express authority to
require such certification based on a
determination that includes the
following factors:
• The known safety risks associated
with the food;
• The known food safety risks
associated with the country, territory, or
region of origin (area of origin) of the
food;
• A finding we make, supported by
scientific, risk-based evidence, that:
Æ The food safety programs, systems,
and standards in the area of origin of the
food are inadequate to ensure that the
article of food is as safe as a similar
article of food that is manufactured,
processed, packed, or held in the United
States, in accordance with the
requirements of the FD&C Act; and
Æ The certification would assist us in
determining whether to refuse or admit
the article of food into the United States;
and
PO 00000
Frm 00005
Fmt 4701
Sfmt 4702
45785
• Information submitted to us, under
section 801(q)(7) of the FD&C Act,
regarding improvements to a food safety
program, system, or standard we
previously found inadequate and
demonstrating that those controls are
adequate to ensure that an article of
food is as safe as a similar article of food
that is manufactured, processed,
packed, or held in the United States
under the requirements of the FD&C
Act.
In addition to giving FDA authority to
require food certifications, section
801(q) of the FD&C Act grants FDA
authority to require, alternatively, ‘‘such
other assurance’’ as FDA determines
appropriate, that the food complies with
applicable requirements of the FD&C
Act. When making a determination on
whether mandatory certification is
appropriate, we will consider the
statutory factors in light of the specific
circumstances involved and will
evaluate various types of relevant
information/evidence. We intend to
exercise our authority under section
801(q) of the FD&C Act judiciously and
in conjunction with our array of other
available enforcement tools.
Section 801(q)(3) of the FD&C Act
states the food certifications or other
assurances used for purposes of section
801(a) of the FD&C Act may be issued
by third-party auditors accredited under
section 808 of the FD&C Act or by the
government of the country from which
such food originated, if we so designate
(21 U.S.C. 381(q)(3)). The certifications
or other assurances may take the form
of shipment-specific certificates, a
listing of certified facilities that
manufacture, process, pack, or hold
such food, or in such other form as we
may specify.
Section 801(q) of the FD&C Act
became effective upon enactment of
FSMA in 2011 and is expressly linked
to the accreditation of third-party
auditors/certification bodies that is the
subject of this proposed rule.
4. Compliance With International
Agreements
FSMA section 404 (21 U.S.C. 2252)
states that nothing in the statute should
be construed in a manner ‘‘inconsistent
with’’ the agreement establishing the
World Trade Organization (WTO) or any
other treaty or international agreement
to which the United States is a party.
FSMA was notified to the WTO on
February 14, 2011 (G/SPS/N/USA/2156)
(Ref. 2), to provide information on the
FD&C Act to WTO members. The
notification included an electronic
mailbox link to receive comments from
members. Several comments have been
received via the mailbox. The comments
E:\FR\FM\29JYP4.SGM
29JYP4
45786
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
note a high degree of interest in FSMA
implementation, particularly with
respect to how implementation will
impact developing countries.
Third-party certification for food is
recognized as increasingly important for
developing nations to gain market
access for their products. Several
international development agencies are
focusing efforts in this area. The United
Nations Industrial Development
Organization, for example, is supporting
the development of conformity
assessment bodies and accreditation
bodies in several developing nations
(Ref. 3). The U.S. Agency for
International Development has offered
its assistance and support for
developing nation governments to take
a more proactive role in accreditation
services, standards development, and
institutional infrastructure to assist and
protect their nationals operating in
international food markets (Ref. 4).
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
5. Other Provisions of the Federal Food,
Drug, and Cosmetic Act
The authority for this proposed rule
also derives from section 701(a) of the
FD&C Act (21 U.S.C. 371(a)), which
authorizes us to issue regulations for the
efficient enforcement of the FD&C Act.
Regulations for ensuring the
competency and independence of
recognized accreditation bodies and of
accredited third-party auditors/
certification bodies will help assure us
of the validity and reliability of
certifications and other information
resulting from the food safety audits
they conduct. We will accept
certifications issued by accredited thirdparty auditors/certification bodies for
the two purposes identified in section
808 of the FD&C Act: To establish
eligibility for VQIP participation; and to
meet a condition of admissibility for
imported food subject to a mandatory
certification requirement. We also can
use information from such audits for
other related purposes in enforcing the
FD&C Act. For example, we propose to
allow importers to use reports of
regulatory audits conducted by
accredited third-party auditors/
certification bodies in meeting any
requirements for onsite audits of foreign
suppliers, under the proposed rule
entitled, ‘‘Foreign Supplier Verification
Programs for Importers of Food for
Humans and Animals’’ (FSVP),
published elsewhere in this issue of the
Federal Register.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
B. FDA Initiatives on Third Parties
1. Notice Requesting Comments on
Third-Party Certification for Food and
Feed
In the Federal Register of April 2,
2008 (73 FR 17989), we issued a notice
(2008 notice) requesting comments on
the benefits, obstacles, and availability
of third-party certification programs for
food and animal feed. At the time, an
increasing number of retailers and food
services providers had begun to ask
their foreign and domestic suppliers to
become certified to their buyers’
requirements for safety and quality.
Suppliers (such as producers,
comanufacturers, and repackers) also
were increasingly looking to third-party
certification programs as a means to
verify compliance with U.S. regulatory
requirements, even without
requirements from buyers.
In the 2008 notice, we asked
questions about existing certification
programs and criteria, as well as
obstacles and incentives for
participating in these voluntary
programs. We received approximately
70 comments in response. The
comments generally supported the use
of third-party certification programs and
suggested that our acknowledgment of
such programs would provide
additional incentives for participation.
Further discussion of the comments on
the 2008 notice is available in the
‘‘Background’’ section of the
subsequently issued draft ‘‘Guidance for
Industry on Voluntary Third-Party
Certification Programs for Foods and
Feeds’’ and is described in section
II.B.2.
2. FDA Guidance on Third-Party
Certification for Food and Feed
In the Federal Register of July 10,
2008 (73 FR 39704), we announced the
availability of the draft ‘‘Guidance for
Industry on Voluntary Third-Party
Certification Programs for Foods and
Feeds.’’ The draft guidance describes
the general attributes of a voluntary
third-party certification program needed
to help ensure that certification is a
reliable verification that food from
certified establishment meets applicable
requirements.
We finalized the guidance in January
2009, announcing its availability in the
Federal Register of January 16, 2009 (74
FR 3058) (2009 Guidance) (Ref. 5). The
2009 Guidance describes the general
attributes we believe a third-party
certification program should have to
give us confidence in the reliability of
its certifications. It also explains our
vision, prior to FSMA enactment, of
how we might use such voluntary third-
PO 00000
Frm 00006
Fmt 4701
Sfmt 4702
party certifications to assist in
determining inspection, field exam, and
sampling priorities, as well as in making
admissibility decisions for imported
food. We intend to withdraw the 2009
Guidance upon publication of a final
rule for accredited third-party
certification.
3. Pilot Project on Third-Party
Certification for Aquacultured Shrimp
In the Federal Register of July 10,
2008 (73 FR 39705), we published a
notice inviting third-party certification
bodies to participate in a pilot of
voluntary third-party certification of
aquacultured shrimp (shrimp pilot). The
goal of the shrimp pilot was to gain
knowledge and experience with thirdparty certification to assist us in
evaluating the utility and feasibility of
using third-party certification programs
as part of our oversight of foreign food
firms.
The pilot data indicate that having the
appropriate FDA infrastructure,
including logistical and resource
support, will be critical to the success
of any full-scale accredited third-party
certification program (Ref. 6). The role
we played in the shrimp pilot was
analogous to the role traditionally
played by an accreditation body,
monitoring the performance of
certification bodies. The pilot
demonstrated to us that direct
accreditation, in which we ourselves
accredit and provide direct oversight of
a potentially unlimited number of thirdparty certification bodies, would be
costly and administratively
burdensome, though direct accreditation
may be appropriate in limited
circumstances, as will be discussed in
section IV.A.8.
4. FDA Third-Party Program for
Mammography
In developing this proposed rule, we
reviewed other Agency third-party
programs, including the FDA program,
required by the Mammography Quality
Standards Act of 1992 (Pub. L. 102–539)
(as amended), to approve accreditation
bodies to evaluate and accredit
mammography facilities based upon
quality standards. Only facilities that
are accredited by, or undergoing
accreditation by, an accreditation body
we approved, may receive our
certificates (or the certificates of a State
certifying agency we approved) to
legally perform mammography (Ref. 7).
C. FDA’s Use of Certifications for Food
For years, we have used certification
as a tool for verifying that imported
foods comply with our food safety
requirements and reducing the need for
E:\FR\FM\29JYP4.SGM
29JYP4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
us to sample at entry. Since the late
1980s, for example, the Export
Inspection Council of the Indian
Ministry of Commerce has sampled,
analyzed, and issued certificates of
conformance for lots of black pepper
exported directly to the United States.
Indian black pepper shipments
accompanied by such certifications are
not subject to detention without
physical examination under FDA Import
Alert 28–02 (Ref. 8). Under Memoranda
of Understanding (MOUs) with several
foreign governments, we rely upon
certifications that caseins and
caseinates, and mixtures thereof, to be
exported to the United States are in
compliance with our requirements,
which are intended to minimize the
need for us to extensively sample
certified products (Ref. 9). These are but
a few examples of the ways we rely on
certifications as a means to help assure
that an article of food complies with our
requirements and to minimize the need
for extensive sampling at entry.
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
D. External Recommendations on ThirdParty Certification for Food
In September 2012, the Government
Accountability Office (GAO) issued a
report discussing possible challenges
associated with establishing and
administering the accredited third-party
certification program, including:
offering incentives to encourage
participation; meeting challenges
associated with creating a new program;
addressing stakeholder concerns; and
conducting oversight of the program,
once established (Ref. 10). We believe
this proposed rule addresses the
relevant challenges identified by GAO.
In June 2010, a committee of experts
convened by the Institute of Medicine
and the National Research Council
(IOM/NRC committee) released a report
examining gaps in public health
protection afforded by the farm-to-table
food safety system under our purview
and identifying opportunities to fill
those gaps (Ref. 11). The IOM/NRC
committee concluded that we need to
address barriers to improving the
efficiency of inspections by, among
other things, exploring third-party
auditing of food facilities as an
alternative model for measuring
compliance. The IOM/NRC committee’s
report specifically recommended that
we consider the implications of
accepting inspection data from thirdparty auditors inspecting facilities for
compliance with food safety regulatory
requirements. The IOM/NRC report also
stated that, if we use this approach, we
should set minimum standards for such
auditors and audits, with oversight and
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
implementation being assigned to an
accreditation and standards body.
E. FDA Standards for Assessing
Capabilities of Food Safety Systems
In developing the framework for
recognition of accreditation bodies and
accreditation of third-party auditors
required by section 808 of the FD&C
Act, we looked at our existing standards
for assessing the capabilities of food
safety systems at the State level, through
the Manufactured Foods Regulatory
Program Standards (MFRPS) (Ref. 12).
The MFRPS establish a uniform
foundation for the design and
management of high-quality State
regulatory programs for food
manufacturers, focusing on ten key
areas: (1) Regulatory foundation; (2)
inspector training program; (3) riskbased inspection program; (4) audits of
the inspection program; (5) protocols for
food-related illnesses, outbreaks, and
response; (6) compliance and
enforcement program; (7) industry and
other stakeholder relations; (8) program
resources; (9) program assessment; and
(10) laboratory support.
We also considered a FDA-New
Zealand pilot project for assessing food
safety systems, authority, oversight and
monitoring that was discussed at a
public hearing in March 2011 (Ref. 13).
We found particularly useful the draft
FDA International Comparability
Assessment Tool (ICAT) used in
reviewing New Zealand’s food safety
regulatory system to determine if it
provides a similar set of protections to
that of FDA (Ref. 14). Following the
successful completion of the New
Zealand comparability pilot, in late
2012 FDA launched a bilateral pilot
project with the Canadian Food
Inspection Agency (CFIA) on systems
recognition (previously known as
comparability), sharing FDA’s draft
ICAT as a guide for the systems
recognition process. FDA and CFIA
currently are finalizing their respective
systems recognition reviews.
F. U.S. Government Policies on
Consensus Standards and Conformity
Assessment
Implementation of section 808 of the
FD&C Act occurs against the backdrop
of the broader Federal policies on
consensus standards and conformity
assessment under the National
Technology Transfer and Advancement
Act of 1995 (NTTAA) (Public Law 104–
113).
The NTTAA, together with the Office
of Management and Budget (OMB)
Circular A–119, revised February 10,
1998 (Ref. 15), directs Federal Agencies
to use voluntary consensus standards in
PO 00000
Frm 00007
Fmt 4701
Sfmt 4702
45787
lieu of government-unique standards
except where inconsistent with law or
otherwise impractical. OMB Circular A–
119 states that the use of voluntary
standards, whenever practicable and
appropriate, is intended to eliminate the
cost to government of developing its
own standards and decrease the cost of
goods procured and the burden of
complying with Agency regulation;
provide incentives and opportunities to
establish standards that serve national
needs; encourage long-term growth for
U.S. enterprises and promote efficiency
and economic competition through
harmonization of standards; and further
the policy of reliance upon the private
sector to supply government needs for
goods and services.
In addition, the U.S. Government has
issued a National Standards Policy and
Federal guidance on conformity
assessment activities (which are defined
as activities concerned with
determining directly or indirectly that
requirements for products, services,
systems, and organizations are fulfilled)
(15 CFR 287.2).
As directed by OMB in Circular A–
119 (Ref. 15), the National Institute of
Standards and Technology (NIST), in
the Federal Register of August 10, 2000
(65 FR 48894), issued policy guidance
on Federal conformity assessment
activities (Federal conformity
assessment guidance) (codified at 15
CFR part 287). The guidance applies to
all Federal Agencies that set policy for,
manage, operate, or use conformity
assessment activities or results,
domestically and internationally (except
for activities conducted pursuant to
treaties) and is intended to eliminate
unnecessary duplication and
complexity in conformity assessment
requirements. (We note that OMB has
announced it is currently revising
Circular A–119, and NIST is revising the
Federal conformity assessment guidance
(Ref. 16)).
The current Federal conformity
assessment guidance provides for
Federal Agencies to use, where
appropriate, relevant guides or
standards for conformity assessment 6
practices from domestic and
international standardizing bodies such
as the Codex Alimentarius Commission
(Codex),7 the International Organization
6 ISO/IEC 17000:2004, Conformity assessment—
Vocabulary and general principles (Ref. 17) defines
‘‘conformity assessment’’ as ‘‘demonstration that
specified requirements relating to a product,
process, systems, person or body are fulfilled.
7 The Codex Alimentarius Commission,
established by Food and Agriculture Organization
of the United Nations (FAO) and the World Health
Organization (WHO) in 1963 develops harmonized
E:\FR\FM\29JYP4.SGM
Continued
29JYP4
45788
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
for Standardization (ISO)/International
Electrotechnical Commission (IEC),8
and the American National Standards
Institute (ANSI). The guidance also
notes that each Agency retains the
responsibility, and authority, to select
the conformity assessment activities and
procedures (e.g., guides and standards)
that will best meet its legislative
mandates and programmatic objectives
(15 CFR part 287).
In developing this proposed rule, we
considered several voluntary consensus
standards, specifically ISO/IEC 17000:
2004, Conformity assessment—
Vocabulary and general principles (Ref.
17) and ISO/IEC 17011: 2004,
Conformity assessment—General
requirements for accreditation bodies
accrediting conformity assessment
bodies (Ref. 18), which contains the
following major elements: (1) Legal
responsibility, structure, and
impartiality; (2) management systems,
including records, internal audits,
nonconformities, and corrective actions;
(3) personnel associated with the
accreditation body, personnel associated
with the accreditation process, and
monitoring performance assessments of
accreditation personnel; (4) the
accreditation process; and (5) and roles
and responsibilities of the accreditation
body and the certification body. We will
address elements of ISO/IEC 17011:
2004 that are relevant to this rule in our
discussion of the proposed requirements
for accreditation bodies in section
IV.A.2 through IV.A.4.
In addition, we considered other ISO/
IEC 17021: 2011, Conformity
assessment—Requirements for bodies
providing audit and certification of
management systems (Ref. 19), which
contains similar requirements for bodies
auditing management systems: (1) Legal
matters and contractual matters; (2)
impartiality; (3) structural requirements;
(4) resource requirements, including
competence of management and
personnel; (5) monitoring and
surveillance; (6) internal audits; and (7)
records.
We also considered ISO/IEC Guide 65:
1996, General requirements for bodies
operating product certification systems
international food standards, guidelines and codes
of practice to protect the health of the consumers
and ensure fair trade practices in the food trade.
The Commission also promotes coordination of all
food standards work undertaken by international
governmental and non-governmental organizations.
See, https://www.codexalimentarius.org/codexhome/en/.
8 ISO is a voluntary, consensus, standards
developer with standards covering many aspects of
technology and business, including food safety. See,
https://www.iso.org/iso/home/about.htm.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
(Ref. 20).9 ISO also has issued the 22000
series of standards for food safety
management systems, including ISO/TS
22003: 2007, Food safety management
systems—Requirements for bodies
providing audit and certification of food
safety management systems (Ref. 21).10
These standards are among the
relevant information we used in
developing this proposed rule. We do
not propose to incorporate these
standards by reference into our
regulations, because they contain
additional requirements that are not
relevant to our program and might
unnecessarily create disincentives to
participation. A copy of each of these
ISO standards has been placed in the
docket for this rulemaking and is made
available at the Division of Dockets
Management at address listed in the
ADDRESSES section of this document.
The standards also are available
electronically by purchase from ISO, at
https://www.iso.org.
As described more fully in section III,
we developed this proposed rule having
received information and input from a
broad range of stakeholders that
included public and private members of
the standards community. We met with
representatives of other U.S.
Government agencies and foreign
governments and participated in
listening sessions requested by
stakeholders wishing to share their
views on section 808 of the FD&C Act.
We believe the proposal aligns with
the NTTAA, the National Standards
Policy, and current versions of OMB
Circular A–119 (Ref. 15) and the Federal
conformity assessment guidance (15
CFR part 287), in relying upon the
principles of voluntary consensus
standards currently used globally and
domestically by the food industry, the
international standards community, and
conformity assessment bodies.
Under the guidance at 15 CFR
287.4(b), we seek comment on the
rationale for the conformity assessment
decisions we have made in developing
this proposal. In particular, we seek
comment on whether the voluntary
consensus standards we cite are the
appropriate standards upon which to
base this rulemaking. If alternative
standards are suggested, we request that
copies of any such standards be
submitted along with the comment(s).
9 Subsequently, ISO/IEC Guide 65:1994 (Ref. 20)
was updated and incorporated into ISO/IEC 17065.
10 This series includes standards the food
industry uses in establishing and maintaining its
food safety management systems and also the
standards that auditors/certification bodies use in
assessing those systems.
PO 00000
Frm 00008
Fmt 4701
Sfmt 4702
G. Industry Practices on Benchmarking
Standards and Third-Party Audits and
Certification for Food and Food
Facilities
As a result of consolidation within the
food industry and the globalization of
the marketplace, coupled with some
high-profile food safety incidents, many
food retailers and food service providers
began to require their suppliers to be
audited against their standards (more
commonly known as ‘‘buyer
requirements’’) (Ref. 11). Some of these
supplier audits were conducted by
auditors/certification bodies employed
by, or acting as agents of, buyers. Other
auditors were third parties, independent
of both buyers and suppliers.
As buyers increasingly relied on
audits to assess compliance with their
safety requirements, more and more
suppliers began to face multiple food
safety audits. The proliferation of
buyers’ requirements created
inefficiencies that ultimately spurred
several efforts to harmonize audits.
These include the Global Food Safety
Initiative (GFSI), which was established
in 2000 by a group of international
retailers (Ref. 22). GFSI benchmarks
food safety schemes 11 against a
harmonized set of key elements for food
safety and management systems. GFSI’s
benchmarking guidance (Ref. 23), and
indeed many of the food safety schemes
it benchmarks, use Codex as their
foundational standards.
GFSI’s benchmarking assesses a
scheme’s food safety standards and the
governance and management structure
of the food safety scheme owner, such
as technical competence, safeguards
against conflicts of interest, and
procedures for accreditation bodies to
oversee the certification bodies that
audit and issue certifications under the
food safety scheme (Ref. 23). For
example, the U.S.-based American
National Standards Institute (ANSI)
currently provides accreditation
services for three GFSI-benchmarked
food safety schemes: The Food
Marketing Institute’s Safe Quality Food
Initiative scheme, the British Retail
Consortium scheme, and the Global
GAP scheme (Ref. 24). As is discussed
in the Preliminary Regulatory Impact
Analysis (Ref. 25) for this proposed rule,
dozens of accreditation bodies
worldwide accredit certification bodies
to conduct food safety audits. Both large
and small suppliers are increasingly
relying on third-party audits and
certification as a means to ensure
11 A food safety scheme generally includes the
food safety standard against which a food facility
is assessed and the management system associated
with the standard.
E:\FR\FM\29JYP4.SGM
29JYP4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
market access for their food products. In
addition, domestic and foreign suppliers
(such as producers, comanufacturers, or
repackers) are increasingly looking to
third-party certification programs to
assist them in verifying that their
facilities and food meet applicable food
safety standards, whether private food
safety schemes such as those
benchmarked by GFSI or public
standards such as the FD&C Act
requirements, which are the relevant
standards for purposes of the FDA
accredited third-party audit and
certification program. The Federal
Government recognizes that rigorous
voluntary certification programs can
provide assurance that products meet
U.S. requirements. Currently, private
food and facility certifications are
frequently used but can result in
duplicate audits and certifications.
Under this proposal, FDA will oversee
a certification program that will, we
believe, create efficiencies by reducing
the number of redundant food safety
audits and by allowing us to better
target resources for verifying
compliance with applicable
requirements.
III. FSMA Imports Public Meeting and
Stakeholder Input
Since enactment of FSMA, we have
reached out to stakeholders in the food
industry, the international community,
standards organizations, accreditation
and certification bodies, consumer
groups, government agencies, and other
interested parties to gain input and
perspective on how best to implement
FSMA. Among those activities, on
March 29, 2011, we held a public
meeting with stakeholders to discuss the
implementation of the FSMA import
safety provisions, including section 808
of the FD&C Act on accredited thirdparty certification. For additional
information about this public meeting,
including the agenda, transcripts, and
an archived webcast, see https://www.
fda.gov/Food/FoodSafety/FSMA/
ucm249257.htm.
In conjunction with the public
meeting, we opened a public docket,
with notice in the Federal Register of
March 14, 2011 (76 FR 13643), soliciting
comments on implementation of section
808 of the FD&C Act and other import
provisions added or amended by FSMA.
We received several comments on
accredited third-party certification, from
a variety of stakeholders including a
foreign authority (1); trade associations
(11); auditors/certification bodies and a
laboratory (4); consumer groups (3);
other non-profits (1); and an individual
(1). Some common themes emerged,
including comments on using existing
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
systems as a model; considering impacts
on small and medium-sized businesses;
requiring notification of conditions that
could cause or contribute to a serious
risk to public health; ensuring auditor
competency; and preventing conflicts of
interest. This docket (FDA–2011–N–
0146) is available electronically at
https://www.regulations.gov, or at the
Division of Dockets Management (see
ADDRESSES).
In addition to attending the public
meeting, several stakeholders requested
meetings to discuss their current
programs and to share their views and
recommendations for implementing
section 808 of the FD&C Act. These
stakeholders represented a broad range
of interests, including consumer groups,
trade associations, auditors/certification
bodies and laboratories. We also met
with representatives of foreign
governments, as part of ongoing
outreach and collaboration with foreign
regulatory partners. Topics for these
meetings included the statutory
requirements for accreditation of thirdparty auditors, including FDA’s
authority to directly accredit third-party
auditors/certification bodies; 12
voluntary consensus standards and
industry practices on accreditation,
auditing, and certification; and
international considerations.
Additionally, we note that FDA
representatives have been invited to
attend meetings, hosted by stakeholders,
which included discussions of thirdparty audits and certifications.
The input and perspectives gained
through each of these interactions
helped shape this proposed rule. We
have identified some common themes
from these interactions. Most
stakeholders expressed significant
concerns regarding existing capacity of
third-party food safety auditors/
certification bodies and, for some
stakeholders, the degree of competency
demonstrated by the available cadre of
auditors/certification bodies. We
recognize that the credibility of the new
third-party program rests largely on the
quality of the auditing and certification
work performed by accredited thirdparty auditors/certification bodies and
have attempted to address those
concerns in this rulemaking.
In other areas, stakeholders’ interests
diverged. For example, consumer
groups expressed a strong interest in
transparency of the program, including
12 The docket for this rulemaking contains, as
background material, a letter from Caroline Smith
DeWaal of the Center for Science in the Public
Interest, which was received after the docket for the
public meeting closed and before issuance of this
proposed rule. The letter offers an analysis of FDA’s
authority for direct accreditation.
PO 00000
Frm 00009
Fmt 4701
Sfmt 4702
45789
public disclosure of audit reports.
Current industry practice is to maintain
the confidentiality of audit reports
except to the extent that the audited
firm waives confidentiality or where
otherwise required by law. Industry also
has expressed concern about the
statutory requirement for accredited
auditors to notify us of conditions in an
audited firm that could cause or
contribute to a serious risk to the public
health. Some in industry have taken the
position that stringent disclosure and
transparency requirements may
dissuade food firms from using thirdparty auditors/certification bodies
accredited under our program.
As an initial matter, we note that we
are bound to implement FSMA as
enacted and to comply with all other
applicable disclosure laws (e.g., the
Freedom of Information Act (FOIA))
(5 U.S.C. 552). Within that legal
framework, we have balanced the
following competing public interests: (1)
Providing as much information to the
public as possible about audits of
foreign food entities and the
performance of accredited auditors/
certification bodies, so that individuals
may assess the performance and
credibility of the accredited third-party
audits and certification program; (2)
protecting the proprietary interests of
food entities related to their trade
secrets and confidential commercial
information to the extent allowable by
statute, as well concerns about public
release of sensitive information that
would not otherwise be publicly
available; and (3) protecting the public
health by being able to attract sufficient
numbers of foreign food entities, thirdparty auditors/certification bodies, and
accreditation bodies to make the
program cost-effective and otherwise
successful.
To gain credibility with consumers
and address industry views on sensitive
information, this proposed rule seeks to
balance disclosure and confidentiality
concerns. It reflects our views on how
best to strike the balance between these
and other competing interests. We
believe this proposal reflects the intent
of section 808 of the FD&C Act and the
purpose of the law, offering a practical,
flexible, and effective approach to the
accredited third-party audits and
certification program. We seek comment
on the framework this proposed rule
would create for recognition of
accreditation bodies and accreditation
of third-party auditors/certification
bodies, how it aligns with existing
voluntary industry programs, and what
expectations consumers have for the
ability of this program to help us ensure
the safety of imported food.
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
45790
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
In addition, we invite comments on
possible effects of the creation of an
FDA program for accredited third-party
audits and certification. We are
particularly interested in receiving
comments and data on the availability
of competent auditors/certification
bodies to participate in our program or
about the likelihood of entities being
able to scale-up their capacity to
participate in our program and to serve
demand outside the scope of our
program. We understand from public
comments and stakeholder meetings
that industry and the conformity
assessment community have concerns
about access to sufficient numbers of
qualified third-party auditors/
certification bodies under current
conditions. We also understand that
some industry leaders have developed
various strategies and plans for
increasing auditor capacity. We request
comments and information on the
progress of these efforts and the impact
the establishment of our program will
have on accelerating these efforts. Given
that this program is for food and facility
certifications only for purposes of
mandatory certification and VQIP
eligibility under sections 801(q) and 806
of the FD&C Act (respectively), what
effect, if any, do stakeholders anticipate
this program will have on current
capacity issues?
We also request stakeholder input on
any possible trade impacts of the
program, once established. What effect
might this program have on the existing
issues with auditor capacity? Will it
affect foreign or domestic food firms’
ability to provide certifications to their
customers? If so, are foreign and
domestic firms likely to be affected in
the same manner and to the same
degree? If not, what are the likely
impacts to each? Are there particular
types of food firms or food products, or
certain areas of the world in which
capacity issues are more likely to be
prevalent and to what degree? Are there
other factors impacting the availability
of competent auditors? Are there any
solutions or approaches that might be
practical and appropriate for FDA, as a
regulatory Agency, to use in addressing
auditor capacity issues within the
accredited third-party audits and
certification program?
We encourage stakeholders to
consider and comment on this proposed
rule and the various interests at stake in
this rulemaking, with recommendations
about the proper balance of competing
interests.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
IV. Purpose and Description of the
Proposed Rule
In section 808 of the FD&C Act,
Congress directed us to establish an
accredited third-party audits and
certification program that leverages the
work of existing private sector audit
programs and efforts, while requiring
measures to better ensure audit rigor
and objectivity. We believe this
proposed rule, coupled with our
oversight of the program, will help
ensure the competence and
independence of third-party auditors/
certification bodies who conduct foreign
food safety audits. It also will help
ensure the reliability of certifications
issued by third-party auditors/
certification bodies that we may use in
making certain decisions relating to
imported food.
Having comprehensive oversight of a
credible and reliable program for thirdparty audits and certifications of foreign
food facilities will help us prevent
potentially harmful food from reaching
U.S. consumers and thereby improve
the safety of the U.S. food supply. As
explained previously, we believe this
new program will draw a significant
number of participants and will be
broadly accepted by industry. Currently,
buyers seeking to import regulated
product from a foreign food facility
often require food safety audits that are
conducted under varying audit criteria.
By establishing a trusted program for
third-party audits and certification of
foreign food facilities that operates
under public oversight, we expect that
the number of redundant food safety
audits performed to assess compliance
with the FD&C Act will be reduced,
which, in turn, will increase efficiency
and reduce costs to industry. Our
estimates relating to reductions in
redundant audits are addressed more
fully in the Preliminary Regulatory
Impact Analysis (Ref. 25).
More broadly, we think that by
capitalizing on private sector food safety
efforts and linking them to the public
assurance system, accredited third-party
certification can help transform the way
we ensure the safety of globally traded
food that is consumed in the United
States. In our vision of the future, we do
not see third-party audits replacing
public oversight, but rather helping us
ensure that we make the best, most
efficient use of both public and private
resources to produce a safe food supply.
We are proposing requirements that
would apply to several different types of
entities—i.e., accreditation bodies,
third-party auditors/certification bodies,
and eligible entities—and an option for
importers as well. We are organizing
PO 00000
Frm 00010
Fmt 4701
Sfmt 4702
this proposed rule by those categories,
with specific requirements for
accreditation bodies (proposed §§ 1.610
through 1.636), third-party auditors/
certification bodies (proposed §§ 1.640
through 1.672), eligible entities
(proposed §§ 1.680 and 1.681), and
importers (proposed § 1.698). Provisions
of general applicability appear in
proposed §§ 1.600 and 1.601
(definitions and scope), § 1.690
(publicly available information),
§§ 1.691 through 1.693 (challenges to
FDA decisions).
Accordingly, we are proposing to
amend our regulations in parts 1 and 16
(21 CFR parts 1 and 16) to implement
FSMA section 307, which adds section
808 to the FD&C Act and is codified at
21 U.S.C. 384d. We are proposing to add
new subpart M to part 1 and to amend
existing part 16 (21 CFR part 16) as
follows:
A. Proposed Revisions to Part 1, New
Subpart
1. Definitions and Scope
a. What definitions apply to this
subpart? (Proposed § 1.600). Proposed
§ 1.600 contains definitions of several
terms used in this rule. Where possible,
we propose to rely on existing statutory
and regulatory definitions. Where
necessary to provide clarity to this rule,
we have developed some additional
definitions that align with existing law
and regulations, as well as current
practices of the international
community, accreditation and
certification bodies, and the food
industry.
Proposed § 1.600(a) and (b) state that
definitions contained in section 201 of
the FD&C Act (21 U.S.C. 321) will apply
to this rule, except as those terms are
otherwise defined in paragraph (c).
Because ‘‘food’’ is defined in section
201(f) of the FD&C Act, but not in
proposed § 1.600(c), the definition of
‘‘food’’ that we propose to apply to this
rule is the definition of ‘‘food’’
appearing in section 201(f). Examples of
‘‘food’’ under this proposed definition
would include, but not be limited to,
fruits, vegetables, fish, dairy products,
eggs, raw agricultural commodities for
use as food or components of food,
animal feed (including pet food), food
and feed ingredients and additives
(including substances that migrate into
food from packaging and other articles
that contact food), dietary supplements
and dietary ingredients, infant formula,
beverages (including bottled water), live
food animals, bakery goods, snack
foods, candy, and canned food. (See,
e.g., 21 CFR 1.377. See also the
discussion of proposed § 1.601(d)
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
regarding a limited exemption for
alcoholic beverages and prepackaged
foods from certain facilities.)
‘‘Accreditation’’ means a
determination by a recognized
accreditation body, or by FDA in the
case of direct accreditation, that a thirdparty auditor/certification body is
competent to perform the activities
required of an accredited auditor/
certification body for the purposes of
this rule. In developing this definition,
we considered international standards
on accreditation, including ISO/IEC
17011:2004 (Ref. 18), which defines
accreditation as an attestation
‘‘conveying formal demonstration’’ of a
conformity assessment body’s
competence to carry out specific
conformity assessment tasks.
‘‘Accreditation body’’ means an
authority that performs accreditation of
third-party auditors/certification bodies.
This definition is already in use in
section 808(a) of the FD&C Act and is
consistent with international standards,
such as ISO/IEC 17011:2004 (Ref. 18),
which defines ‘‘accreditation body’’ as
an ‘‘authoritative body’’ that conducts
accreditation.
‘‘Accredited auditor/certification
body’’ means a third-party auditor/
certification body that a recognized
accreditation body (or, in the case of
direct accreditation, FDA) has
determined meets the applicable
requirements of this subpart and is
authorized to conduct food safety audits
and to issue food or facility
certifications to eligible entities. This
definition reflects the statutory
definitions of ‘‘accredited third party
auditor’’ and ‘‘third party auditor’’ and
a common understanding of the
activities to be performed under this
program.
‘‘Audit’’ means:
1. With respect to an accreditation
body, the systematic, independent, and
documented examination (through
observation, investigation, and records
review) by FDA to assess the
accreditation body’s authority,
qualifications (including its expertise
and training programs), and resources;
its procedures for quality assurance,
conflicts of interest, and records; its
performance in accreditation activities;
and its capability to meet the applicable
requirements of this subpart.
2. With respect to a third-party
auditor/certification body, the
systematic, independent, and
documented examination (through
observation, investigation, and records
review) by a recognized accreditation
body (or, in the case of direct
accreditation, FDA) to assess the thirdparty auditor’s/certification body’s
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
authority, qualifications (including its
expertise and training programs), and
resources; its procedures for quality
assurance, conflicts of interest, and
records; its performance in auditing and
certification activities; and its capability
to meet the applicable requirements of
this subpart; and
3. With respect to an eligible entity,
the systematic, independent, and
documented examination (through
observation, investigation, records
review, and as appropriate, sampling
and laboratory analysis) by an
accredited auditor/certification body to
assess the entity, its facility, system(s),
and food for the purpose of determining
whether the food or facility of the
eligible entity is in compliance with the
FD&C Act (which includes, where
applicable, an assessment of the entity’s
preventative controls, sanitation,
monitoring, verification, corrective
actions, and recalls) and, for
consultative audits, also includes an
assessment of compliance with
applicable industry standards and
practices.
The term describes the nature and
scope of activities involved in the
various types of audits and assessments
that will be conducted under this
program. We incorporated relevant
language from the definitions of
consultative audit and regulatory audit
in section 808(a)(5) and (a)(7) of the
FD&C Act and language specific to the
requirements used in audits and
assessments of accreditation bodies,
third-party auditors/certification bodies,
and eligible entities.
We considered our 2009 guidance
(Ref. 5) and the descriptions of audit
activities under our MFRPS (Ref. 12).
We also examined usage in international
standards, such as the Codex Principles
for Food Import and Export Certification
(CAC/GL 20–1995) (Ref. 26), which
define ‘‘audit’’ as a ‘‘systematic and
functionally independent examination
to determine whether activities and
related results comply with planned
objectives.’’ Additionally, we looked at
ISO/IEC 17000:2004 (Ref. 17), which
defines ‘‘audit’’ as a ‘‘systematic,
independent, documented process for
obtaining records, statements of fact or
other relevant information and assessing
them objectively to determine the extent
to which specified requirements are
fulfilled.’’
‘‘Audit agent’’ means an individual
who is an employee or other agent of an
accredited auditor/certification body
who, although not individually
accredited, is qualified to conduct food
safety audits on behalf of an accredited
auditor/certification body. An audit
PO 00000
Frm 00011
Fmt 4701
Sfmt 4702
45791
agent includes a contractor of the
accredited auditor/certification body.
The term is based on section 808(a)(1)
of the FD&C Act, which defines ‘‘audit
agent’’ as an employee or agent of an
accredited auditor[/certification body]
who is qualified to conduct food safety
audits on its behalf. In the definition,
we clarify that contractors who are
authorized to act for, and under the
direction of, the accredited auditor/
certification body are allowed to serve
as an audit agents.
‘‘Certification body’’ means a foreign
government, agency of a foreign
government, foreign cooperative, or any
other third party that is eligible to be
considered for accreditation to conduct
food safety audits and to certify that
eligible entities meet the requirements
of the FD&C Act. A certification body
may be a single individual or an
organization. A certification body may
use audit agents to conduct food safety
audits. Certification Body has the same
meaning as Third-Party Auditor as that
term is defined in section 808 of the
FD&C Act and in this subpart.
This definition emphasizes the role of
‘‘third-party auditors,’’ under section
808 of the FD&C Act, in issuing facility
certifications that importers must use to
establish eligibility for VQIP
participation and food certifications that
may be required to satisfy a condition of
admissibility for an imported food we
determine poses a safety risk under
section 801(q) of the FD&C Act.
In developing the definition of
‘‘certification body,’’ we looked at the
definition of ‘‘third-party auditor’’ in
section 808(a)(3) of the FD&C Act, as
well as terminology used by the
international community and the food
industry. For example, ISO/IEC
17000:2004 (Ref. 17) explains that a
‘‘certification system’’ is a conformity
assessment system that includes
‘‘selection, determination, review and
finally certification as the attestation
activity’. See also, ISO/IEC Guide
65:1996 (Ref. 20) and ISO/IEC 17021:
2011 (Ref. 19). The term ‘‘certification
body’’ also is used by those in the food
industry who currently rely on audits
and certifications as part of their
business practices. We believe this
proposed language more clearly
explains the role of accredited auditors/
certification bodies and the
requirements for issuance of
certification under this program.
‘‘Consultative audit’’ means an audit
of an eligible entity:
1. To determine whether such entity
is in compliance with applicable
requirements of the FD&C Act and
industry standards and practices; and
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
45792
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
2. The results of which are for internal
purposes only and cannot be used to
determine eligibility for a food or
facility certification issued under this
subpart or in meeting the requirements
for an onsite audit of a foreign supplier
under subpart L of this part.
This reflects the definition of
‘‘consultative audit’’ in section 808(a)(5)
of the FD&C Act and emphasizes that
the results of a consultative audit cannot
be used in lieu of a regulatory audit to
meet the criteria for issuance of food or
facility certification under section
808(c)(2)(C) of the FD&C Act. It also
incorporates language from proposed
§ 1.698, which would allow only reports
of regulatory audits to be used by
importers in meeting proposed
verification requirements under the
Foreign Supplier Verification Rule
(FSVP) (to be codified in 21 CFR, part
1, subpart L).
‘‘Direct accreditation’’ means
accreditation of a third-party auditor/
certification body by FDA and is a term
used in section 808(b)(1)(A)(ii) of the
FD&C Act when describing FDA
accreditation of third-party auditors/
certification bodies, without the
involvement of a recognized
accreditation body. The distinction
between direct accreditation and
accreditation by an FDA-recognized
accreditation body is relevant for some
provisions of this rule. For example,
under proposed § 1.656(b), a directly
accredited auditor/certification body
must send its annual self-assessment
reports to FDA, while an auditor/
certification body accredited by a
recognized accreditation body must
submit its annual self-assessment
reports to the accreditation body, who is
responsible for monitoring and ensuring
its accredited auditors/certification
bodies take timely and effective
corrective actions, where necessary.
FDA will access the accredited auditor/
certification body self-assessments in
monitoring recognized accreditation
bodies and in conducting the periodic
monitoring required by section 808(f)(2)
of the FD&C Act. This definition will
help accredited auditors/certification
bodies determine which requirements
apply to them.
‘‘Eligible entity’’ means a foreign
entity that chooses to be subject to a
food safety audit by an accredited
auditor/certification body. Eligible
entities include foreign facilities subject
to the registration requirements of 21
CFR part 1, subpart H. The definition of
‘‘eligible entity’’ corresponds to section
808(a)(6) of the FD&C Act, which
defines ‘‘eligible entity’’ as including
(and thus not limited to) foreign
facilities subject to the registration
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
requirements of section 415 of the FD&C
Act (21 U.S.C. 350d).
We seek comment on whether to
provide examples of specific types of
entities that may meet the definition of
eligible entity. For example, are foreign
cooperatives 13 that aggregate product,
such as fruits or vegetables, the types of
entities that should be able to seek
audits and certification under this
program? We note that the National
Organic Program (NOP) administered by
the U.S. Department of Agriculture’s
(USDA’s) Agricultural Marketing
Service (AMS), allows producers who
are located in geographic proximity,
who are organized under a single
management and marketing system and
whose farms are ‘‘uniform in most
ways’’ to be certified as a group (Ref.
27).14 We seek comment on whether
these NOP criteria are relevant in
determining whether a foreign
cooperative is an ‘‘eligible entity’’ under
this proposed rule, Are there other types
of foreign entities or facilities that
should be eligible to seek audits and
certification under the FDA program?
‘‘Facility’’ means any structure, or
structures of an eligible entity under one
ownership at one general physical
location, or, in the case of a mobile
facility, traveling to multiple locations,
that manufactures/processes, packs, or
holds food for consumption in the
United States. Transport vehicles are
not facilities if they hold food only in
the usual course of business as carriers.
A facility may consist of one or more
contiguous structures, and a single
building may house more than one
distinct facility if the facilities are under
separate ownership. The private
residence of an individual is not a
facility. Non-bottled water drinking
water collection and distribution
establishments and their structures are
not facilities. This same definition of
‘‘facility’’ appears in subpart H (21 CFR
1.227(b)(2)).
‘‘Facility certification’’ means an
attestation, issued for purposes of
section 806 of the FD&C Act by an
accredited auditor/certification body,
after conducting a regulatory audit and
any other activities necessary to
establish that a facility meets the
13 Under section 808 of the FD&C Act, foreign
cooperatives are among the types of groups that are
eligible to seek accreditation as third-party auditors,
provided that they meet the standards and
requirements for accreditation (e.g., for conflicts of
interest).
14 Per USDA, grower group certifications have
historically been used for the certification of
cooperatives located in geographical proximity,
whose crops are marketed collectively. Primary
crops produced by grower groups include coffee,
cocoa, tea, spices, and tropical fruits (Ref. 27).
PO 00000
Frm 00012
Fmt 4701
Sfmt 4702
applicable requirements of the FD&C
Act.
‘‘Food certification’’ means an
attestation, issued for purposes of
section 801(q) of the FD&C Act by an
accredited auditor/certification body,
after conducting a regulatory audit and
any other activities necessary to
establish that a food meets the
applicable requirements of the FD&C
Act.
These definitions reflect the
requirements for, and purpose of,
certification as described in section
808(c)(2)(B) and (c)(2)(C) of the FD&C
Act, referencing sections 801(q) (food
certification) and 806 (facility
certification) of the FD&C Act. Food and
facility certifications are the two types
of certifications authorized by section
808 of the FD&C Act. Further, the food
and facility certification definitions
emphasize that certification is an
attestation 15 by the accredited thirdparty auditor/certification body that it
has: (1) Conducted a regulatory audit
(and any other activities necessary to
establish compliance); (2) verified that
the specified criteria have been met; and
(3) determined, based on the results of
those activities, that food or facility
certification under this program is
appropriate.
Codex CAC/GL 20–1995 (Ref. 26)
defines ‘‘certification’’ as the procedure
by which certification bodies provide
‘‘written or equivalent assurance that
foods or food control systems conform
to requirements.’’ ISO/IEC 17000:2004
(Ref. 17) describes certification as an
‘‘attestation’’ related to products,
processes, systems, or persons.16
We seek comment on our proposed
definitions of ‘‘facility certification’’ and
‘‘food certification’’ and on whether the
scope of these definitions is sufficiently
broad to fulfill the objectives of section
808 of the FD&C Act. In addition, we
seek comment on whether to allow
groups meeting the NOP criteria (i.e.,
having multiple sites operating under a
single management system and whose
15 We propose to use the word ‘‘attestation’’ in
§ 1.600 to characterize the nature of the statement
that certification represents. This is the term used
in ISO/IEC 17000:2004 (Ref. 20) and also is the term
we use when characterizing the nature of our export
certifications (Ref. 28). We believe that ‘‘attestation’’
is similar to ‘‘assurance,’’ which is the term used
in Codex CAC/GL 20–1995 (Ref. 27).
16 We are not defining ‘‘facility certification’’ or
‘‘food certification’’ as an ‘‘approval’’ by an
accredited auditor/certification body or by (or on
behalf of) FDA, nor do we intend for it to be
interpreted as such. Among other reasons, we do
not have preapproval authority for food, except for
certain additives that are required by law to have
our approval prior to marketing. Moreover, neither
Codex CAC/GL 20–1995 (Ref. 27), nor ISO/IEC
17000:2004 (Ref. 20) uses the term ‘‘approval’’ in
defining ‘‘certification.’’
E:\FR\FM\29JYP4.SGM
29JYP4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
farms are ‘‘uniform in most ways,’’ to be
issued (group) food certifications,
facility certifications, or both.
‘‘Food safety audit’’ means a
regulatory audit or a consultative audit
by an accredited auditor/certification
body under this program. This term is
used throughout section 808 of the
FD&C Act, including in the definitions
of ‘‘audit agent,’’ ‘‘third-party auditor,’’
and ‘‘accredited third-party auditor.’’
The definition of ‘‘third-party auditor’’
in section 808(a)(3) of the FD&C Act in
particular, mentions regulatory and
consultative audits in the context of
food safety audits. Therefore, we used
45793
the definitions of ‘‘consultative audit’’
and ‘‘regulatory audit’’ contained in
section 808(a)(5) and (a)(7) of the FD&C
Act in developing a definition of ‘‘food
safety audit.’’
Table 1 describes consultative audits
and regulatory audits and the
distinctions between them.
TABLE 1—TYPES AND CHARACTERISTICS OF FOOD SAFETY AUDITS UNDER THE PROPOSED RULE
Purpose
Regulatory Audit ............................
For certification and report may
be used under FSVP.
Consultative Audit ..........................
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Type of audit
Internal purposes ..........................
‘‘Foreign cooperative’’ means an
entity that aggregates food from growers
or processors that is intended for export
to the United States. Section 808 of the
FD&C Act does not provide a definition
of ‘‘foreign cooperative,’’ so we relied
upon the statutory description of foreign
cooperatives in section 808(c)(1)(B) of
the FD&C Act.
‘‘Recognized accreditation body’’
means an accreditation body that FDA
has determined meets the applicable
requirements and is authorized to
accredit third-party auditors/
certification bodies under this program.
This definition is based in part on the
definition of accreditation body in
section 808 of the FD&C Act and
incorporates the concept of
‘‘recognition’’ that also appears there.
The term ‘‘recognition’’ is also used in
section 422 of the FD&C Act (21 U.S.C.
350k), as amended by FSMA, to
describe the status we will accord to a
laboratory accreditation body that
accredits laboratories for purposes of
food testing under the FD&C Act.
We also use the term ‘‘recognition’’ in
the 2009 guidance (Ref. 5) and in other
FDA programs. In the 2009 guidance,
which predates FSMA, we mentioned
the possible future ‘‘recognition’’ of one
or more third-party certification
programs. Though FSMA directs us to
structure our third-party program
differently than we envisioned in 2009,
the concept of ‘‘recognition’’ by FDA is
similar.
‘‘Regulatory audit’’ is defined in the
statute and means an audit of an eligible
entity:
1. To determine whether such entity
is in compliance with the provisions of
the FD&C Act; and
2. The results of which are used in
determining eligibility for food
certification under section 801(q) of the
FD&C Act or facility certification under
section 806 of the FD&C Act. This
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
Report submitted to FDA?
Records access by FDA?
Yes ................................................
Submitted no later than 45 days
after the audit.
No .................................................
FDA may request submission at
any time.
definition includes language from
proposed § 1.698, which would allow an
importer to use a regulatory audit report
in meeting proposed requirements for
verification of a foreign supplier under
subpart L of this part.
‘‘Relinquishment’’ means:
1. With respect to an accreditation
body, a decision to cede voluntarily its
authority to accredit third-party
auditors/certification bodies as a
recognized accreditation body; and
2. With respect to a third-party
auditor/certification body, a decision to
cede voluntarily its authority to conduct
food safety audits and to issue food and
facility certifications to eligible entities.
We included a definition of
‘‘relinquishment’’ in this proposed rule
because we recognize that an
accreditation body, once recognized, or
a third-party auditor/certification body,
once accredited, may decide to leave the
program and would need a process to
voluntarily exit the program.
Relinquishment differs from revocation
of recognition and withdrawal of
accreditation, as it occurs on the
initiative of the accreditation body or
third-party auditor/certification body
and not as a result of our finding good
cause to remove its recognition or
accreditation status. Analogous
language on relinquishment of
accreditation appears in our
mammography regulations in 21 CFR
900.3.
‘‘Self-assessment’’ means a systematic
assessment conducted by an
accreditation body to determine
whether it meets the recognition
requirements in §§ 1.610 through 1.625,
or by a third-party auditor/certification
body to determine whether it meets the
accreditation requirements in §§ 1.640
through 1.658. ‘‘Self-assessment’’ is
defined in this proposed rule in a
manner consistent with its use in our
MFRPS for State food regulatory
PO 00000
Frm 00013
Fmt 4701
Sfmt 4702
FDA access under section 414 of
the FD&C Act.
programs (Ref. 12). The MFRPS require
States to conduct periodic selfassessments of their manufactured food
regulatory programs against each of the
10 program standards. These selfassessments are designed to identify the
strengths and weaknesses of the State
program by determining the level of
conformance with the program
standards and are independently
verified through an audit. The results of
the initial self-assessments are used to
develop an improvement plan, and
subsequent self-assessments are used to
track the State’s progress toward
meeting and maintaining conformance
with the MFRPS.
The concept of self-assessment is used
in international consensus standards as
well. For example, ISO/IEC Guide
65:1996 (Ref. 20) requires a certification
body to conduct periodic internal audits
to verify that its quality system is
implemented and effective, that
corrective actions are taken in a timely
and appropriate manner, and that
records of such reviews are maintained.
Both ISO/IEC 17011:2004 (Ref. 18) and
ISO/IEC 17021:2011 (Ref. 19) require
internal audits as well. Self-assessments
are a valuable component of a
continuous improvement process under
our standards and the voluntary
consensus standards described in this
preamble.
‘‘Third-Party Auditor’’ means a
foreign government, agency of a foreign
government, foreign cooperative, or any
other third party that is eligible to be
considered for accreditation to conduct
food safety audits and to certify that
eligible entities meet the applicable
requirements of the FD&C Act. A thirdparty auditor may be a single individual
or an organization. A third-party auditor
may use audit agents to conduct food
safety audits. Third-Party Auditor has
the same meaning as Certification Body
as that term is defined in this subpart.
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
45794
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
The definition of ‘‘third-party auditor’’
is based on section 808 of the FD&C Act
and clarifies our role in direct
accreditation and the relationship
between audits and certifications under
section 808 of the FD&C Act. For the
reasons explained in the preamble
discussion of the definition of
‘‘certification body,’’ ‘‘third-party
auditor’’ will have the same meaning as
‘‘certification body’’ for purposes of this
rule.
b. Who is subject to this subpart?
(Proposed § 1.601). This proposed rule
would apply to those accreditation
bodies, third-party auditors/certification
bodies, and eligible entities that seek to
participate in our program for thirdparty food safety audits and
certification. Participating is voluntary;
however any accreditation body wishing
to accredit third-party auditors/
certification bodies under our program
would have to comply with the
applicable requirements of the final
rule. Under the FDA program, any thirdparty auditor/certification body wishing
to conduct food safety audits and issue
food and facility certifications and any
eligible entity that seeks a food safety
audit or food or facility certification
would have to comply with the
applicable requirements of the final
rule.17
This proposed rule would codify a
limited exemption created by section
116 of FSMA (21 U.S.C. 2206)
applicable to certification of food under
section 801(q) of the FD&C Act. Section
116(a) of FSMA states that, except as
provided by certain listed sections in
the FSMA, nothing in FSMA, or the
amendments made by FSMA, will be
construed to apply to a facility that (1)
under the Federal Alcohol
Administration Act (27 U.S.C. 201 et
seq.) or chapter 51 of subtitle E of the
Internal Revenue Code of 1986 (26
U.S.C. 5001 et seq.) is required to obtain
a permit or to register with the Secretary
of the Treasury as a condition of doing
business in the United States; and (2)
under section 415 of the FD&C Act is
required to register as a facility because
such facility is engaged in
manufacturing, processing, packing, or
holding one or more alcoholic beverages
(with respect to the activities of such
facility that relate to the manufacturing,
processing, packing, or holding of
alcoholic beverages).
Section 116(b) of FSMA provides that
section 116(a) does not apply to a
facility engaged in the receipt and
17 The terms, ‘‘third-party auditor/certification
body,’’ ‘‘consultative audit,’’ ‘‘regulatory audit,’’
‘‘food certification,’’ ‘‘facility certification,’’ and
‘‘eligible entity’’ are defined under this proposed
rule.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
distribution of any non-alcohol food,
except that section 116(a) does apply to
a facility described in section 116(a) that
receives and distributes non-alcohol
food, provided such food is received
and distributed (1) in a prepackaged
form that prevents any direct human
contact with such food, and (2) in
amounts that constitute not more than 5
percent of the overall sales of such
facility, as determined by the Secretary
of the Treasury.
Section 116(c) of FSMA provides that,
except as provided in section 116(a) and
(b), section 116 cannot be construed to
exempt any food, other than alcoholic
beverages, as defined in section 214 of
the Federal Alcohol Administration Act
(27 U.S.C. 214), from the requirements
of FSMA (including amendments made
by FSMA).
The Preventive Controls proposed
rule includes provisions implementing
the exemptions provided in section 116
of FSMA to establish by regulation the
reach of the exemptions. As discussed
in the preamble to the Preventive
Controls proposed rule, FDA tentatively
concludes the following regarding the
reach of the exemptions for the
purposes of that rule:
• The phrase ‘‘obtain a permit or
register’’ should be interpreted broadly,
to include not only facilities that must
obtain what is technically named a
‘‘permit’’ or must ‘‘register’’ with
Treasury, but also those facilities that
must adhere to functionally similar
requirements as a condition of doing
business in the United States, namely,
by submitting a notice or application to
Treasury and obtaining Treasury
approval of that notice or application.
• The exemption would apply not
only to domestic facilities that are
required to secure a permit, registration,
or approval from Treasury under the
relevant statutes, but also to foreign
facilities of a type that would require
such a permit, registration, or approval
if they were domestic facilities.
• Activities related to alcoholic
beverages (including the manufacturing,
processing, packing, or holding of
alcoholic beverages) at facilities within
the scope of section 116(a) of FSMA
would not be subject to section 418 of
the FD&C Act. Activities related to foods
other than alcoholic beverages
(including the receiving, manufacturing,
processing, packing, holding, and
distributing of such foods) would be
subject to section 418 even if those
activities occur at facilities that are
otherwise within the scope of section
116(a) (unless they qualify for another
exemption or are in prepackaged form
and constitute 5 percent or less of the
facility’s overall sales). (For clarity, we
PO 00000
Frm 00014
Fmt 4701
Sfmt 4702
use the term ‘‘food other than alcoholic
beverages’’ rather than ‘‘non-alcohol
food’’ in the Preventive Controls
proposed rule and in this document.)
• Section 418 of the FD&C Act does
not apply to the manufacturing,
processing, packing, or holding of food
other than alcoholic beverages to the
extent that it is physically inseparable
from the manufacturing, processing,
packing, or holding of alcoholic
beverages.
Section 116 of FSMA is premised in
part upon status as a facility required to
register under section 415 of the FD&C
Act (section 116(a)(2) of FSMA). As
provided in section 808, eligible entities
include foreign facilities registered
under section 415 of the FD&C Act.
Therefore, to implement the
exemption in section 116 of FSMA,
under proposed § 1.601(d)(1),
certification of food under section
801(q) of the FD&C Act would not apply
with respect to alcoholic beverages from
an eligible entity that is a facility that
meets the following two conditions:
• Under the Federal Alcohol
Administration Act or chapter 51 of
subtitle E of the Internal Revenue Code
of 1986 (26 U.S.C. 5001 et seq.), the
facility is a foreign facility of a type that,
if it were a domestic facility, would
require obtaining a permit from,
registering with, or obtaining approval
of a notice or application from the
Secretary of the Treasury as a condition
of doing business in the United States;
and
• Under section 415 of the FD&C Act,
the facility is required to register as a
facility because it is engaged in
manufacturing/processing one or more
alcoholic beverages.
Proposed § 1.601(d)(2) specifies that
certification of food under section
801(q) of the FD&C Act also would not
apply with respect to food other than
alcoholic beverages from a facility
described in paragraph (d)(2), provided
such food:
• Is in prepackaged form that
prevents any direct human contact with
such food; and
• Constitutes not more than 5 percent
of the overall sales of the facility, as
determined by the Secretary of the
Treasury.
This exemption does not apply to
facility certification required by section
806 of the FD&C Act.
We request comment on our proposed
exemption of alcoholic beverages and
food other than alcoholic beverages
under the conditions specified in
proposed § 1.601(d).
As described in the ‘‘Summary of
Major Provisions of the Proposed Rule,’’
this rule would apply only to entities
E:\FR\FM\29JYP4.SGM
29JYP4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
that voluntarily participate in our
accredited third-party audits and
certification program, which would be
the following: (1) Accreditation bodies
seeking recognition, or recognized,
under this program; (2) third-party
auditors/certification bodies (including
their audit agents) that seek
accreditation, or are accredited under
this program; and (3) eligible entities
that seek food safety audits from, or that
are audited or certified by, accredited
auditors/certification bodies under this
program, except for an eligible entity
that meets the criteria for exemption
under section 116 of FSMA.
We invite comment on the scope of
this proposed rule, including comments
on its anticipated effects on
accreditation bodies and third-party
auditors/certification bodies already
performing these activities, or that may
be interested in doing so. We also seek
comment on its anticipated effect on
foreign food facilities and other eligible
entities that are currently audited by
third-party auditors/certification bodies.
2. Recognition of Accreditation Bodies
This rule would establish the
following: (1) The eligibility
requirements for an accreditation body
45795
to be authorized (‘‘recognized’’) by FDA
to accredit third-party auditors/
certification bodies under the accredited
third-party audits and certification
program; (2) requirements on recognized
accreditation bodies for activities
conducted under our program; and (3)
procedures FDA and accreditation
bodies will follow relating to
recognition, including application,
renewal, revocation, voluntary
relinquishment, and reinstatement of
recognition.
TABLE 2—PROPOSED REQUIREMENTS FOR ACCREDITATION BODIES
Proposed rule
section
Title
Recognition of accreditation bodies under this subpart
1.610
1.611
1.612
1.613
1.614
1.615
.............
.............
.............
.............
.............
.............
Who is eligible for recognition?
What legal authority must an accreditation body have to qualify for recognition?
What competency and capacity must an accreditation body have to qualify for recognition?
What protections against conflicts of interest must an accreditation body have to qualify for recognition?
What quality assurance procedures must an accreditation body have to qualify for recognition?
What records procedures must an accreditation body have to qualify for recognition?
Requirements for recognized accreditation bodies under this subpart
1.620
1.621
1.622
1.623
1.624
1.625
.............
.............
.............
.............
.............
.............
How must a recognized accreditation body assess third-party auditors/certification bodies seeking accreditation?
How must a recognized accreditation body monitor the performance of auditors/certification bodies it accredits?
How must a recognized accreditation body monitor its own performance?
What reports and notifications must a recognized accreditation body submit to FDA?
How must a recognized accreditation body protect against conflicts of interest?
What records requirements must a recognized accreditation body meet?
Procedures for recognition of accreditation bodies under this subpart
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
1.630
1.631
1.632
1.633
1.634
1.635
1.636
.............
.............
.............
.............
.............
.............
.............
How do I apply to FDA for recognition or renewal of recognition?
How will FDA review applications for recognition and for renewal of recognition?
What is the duration of recognition?
How will FDA monitor recognized accreditation bodies?
When will FDA revoke recognition?
How do I voluntarily relinquish recognition?
How do I request reinstatement of recognition?
Section 808 of the FD&C Act directs
us to establish a system for recognition
of accreditation bodies to accredit thirdparty auditors/certification bodies and
generally describes the roles and
responsibilities of recognized
accreditation bodies under the
accredited third-party audits and
certification program. The statute
requires each recognized accreditation
body to: (1) Ensure that third-party
auditors/certification bodies (and audit
agents) meet FDA’s model accreditation
standards; (2) perform such reviews and
audits necessary to determine that a
third-party auditor/certification body
meets the statutory requirements for
accreditation; 18 (3) require a third-party
18 See section 808(c)(1)(A) and (c)(1)(B) of the
FD&C Act.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
auditor/certification body to agree to
issue certifications in a form required by
FDA, as a condition of accreditation;
and (4) submit to FDA a list of all thirdparty auditors/certification bodies it
accredited (and the audit agents of
each).
a. Who is eligible for recognition?
(Proposed § 1.610). This proposed rule
would establish eligibility requirements
an accreditation body would have to
meet to qualify for recognition by FDA
under the accredited third-party audits
and certification program. Proposed
§ 1.610 states that an accreditation body
is eligible for recognition if it can
demonstrate that it meets requirements
relating to legal authority, competency,
capacity, conflicts of interest, quality
PO 00000
Frm 00015
Fmt 4701
Sfmt 4702
assurance, and records in proposed
§§ 1.611 through 1.615.
In developing this proposed rule, we
considered eligibility requirements that
would help us ensure that accreditation
bodies seeking recognition—whether
public or private, newly formed or long
standing—are sufficiently qualified to
accredit third-party auditors/
certification bodies under our program.
We considered the approach taken by
NIST in its National Voluntary
Conformity Assessment Systems
Evaluation (NVCASE) Program, which is
a voluntary program to evaluate and
recognize organizations which support
conformity assessment activities (Ref.
28). The NVCASE program handbook
states that ISO/IEC 17011:2004 (Ref. 18)
provides that the basic general criteria
E:\FR\FM\29JYP4.SGM
29JYP4
45796
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
that an accreditor of certification bodies
must satisfy for NVCASE recognition
(Ref. 28). We have tentatively concluded
that key elements of ISO/IEC 17011:
2004 (Ref. 18) provide an appropriate
basis for these requirements.19 We also
considered our 2009 FDA guidance (Ref.
5),20 which states that conformance to
ISO/IEC 17011:2004 (Ref. 18) helps
provide assurance of the reliability and
competence of accreditation bodies.
We also considered current food
industry practices. For example, GFSI
requires food safety scheme owners to
use accreditation bodies that comply
with ISO/IEC 17011:2004 (Ref. 18) for
GFSI-benchmarked food safety schemes
(Ref. 29). In stakeholder meetings, some
stakeholders have suggested that FDA
consider requiring accreditation bodies
participating in the accredited thirdparty audits and certification program to
be signatories to a multilateral
recognition agreement of the
International Accreditation Forum
(IAF). IAF is an organization for
accreditors of conformity assessment
bodies and is a counterpart to
International Laboratory Accreditation
Cooperation (ILAC), for laboratory
accreditation bodies.21 The IAF
multilateral recognition arrangement
(IAF–MLA) (Ref. 30) requires signatories
to conform to ISO/IEC 17011:2004,
among other things.
Unlike our established history with
ILAC and ILAC signatories, our food
and feed programs lack similar
experience with the IAF. We have found
few examples of Federal agencies that
require accreditation bodies for
conformity assessment bodies to be
signatories to the IAF–MLA (for
accreditation of product and
management system certification) and
that use signatory status as the sole
criterion for accreditation bodies. For
example, the Department of Health and
Human Services is not requiring
19 ISO/IEC 17011:2004 contains requirements that
are not applicable to our program (e.g., liability
arrangements). While an accreditation body would
not need to conform to ISO/IEC 17011:2004 to
qualify for recognition under our program, an
accreditation body that satisfies the requirements of
ISO/IEC 17011:2004 could use that in
demonstrating it meets the recognition
requirements in this rule.
20 We intend to withdraw the 2009 Guidance
upon publication of a final rule for accredited thirdparty audits and certification under section 808 of
the FD&C Act.
21 The ILAC is an international body, established
in 1977, to help ensure the competency,
independence, rigor, and objectivity of
accreditation bodies that accredit laboratories
against international standards. The ILAC-mutual
recognition agreement requires signatories to
conduct their activities in accordance with ISO/IEC
17011:2004. FDA laboratory programs have worked
with ILAC and other ILAC signatories for many
years.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
approved accreditors in its Health
Information Technology certification
program (45 CFR part 170) to be
signatories to the IAF–MLA, although
signatory status could be provided in
support of an applicant’s request for
approval. By contrast, the
Environmental Protection Agency’s
WaterSense program (Ref. 31) requires
product accreditors to be signatories to
the IAF–MLA (Ref. 30). The WaterSense
program is not a regulatory program;
rather, it is a partnership program.
We do not have adequate information
at this time to propose to require
accreditation bodies participating in the
accredited third-party audits and
certification regulatory program to be
IAF–MLA signatories—whether as the
sole requirement for recognition under
§ 1.610 or as one of several factors in
support of recognition. We have,
however, tentatively concluded that
documented conformance to ISO/IEC
17011:2004 (Ref. 18) would be relevant
in demonstrating that an accreditation
body is qualified for recognition. We
invite comments and examples (in
particular, examples from regulatory
programs) in support of, or opposition
to, using an accreditation body’s status
as a signatory to an IAF MLA as the sole
criterion for recognition or as a factor
weighing in favor of an application for
recognition under the accredited thirdparty audits and certification program.
b. What legal authority must an
accreditation body have to qualify for
recognition? (Proposed § 1.611). This
proposed rule would require
accreditation bodies seeking recognition
to demonstrate they have sufficient legal
authority to adequately assess thirdparty auditors/certification bodies for
accreditation and in conducting
oversight of them, once accredited.
Proposed § 1.611 would allow both
governmental bodies, with accreditation
authority inherent in their roles as
public officials, and private bodies, who
have authority under contracts with
third-party auditors/certification bodies,
to qualify for recognition if they have
the sufficient authority to conduct
accreditation activities. This includes
adequate authority to access records; to
conduct onsite performance
assessments, reassessments, and
surveillance; and to grant, modify, and
remove accreditation status.
ISO/IEC 17011:2004 (Ref. 18) contains
similar requirements for bodies
accrediting third-party auditors/
certification bodies for product and
management system certification.
Clause 4.1 requires accreditation bodies
to be registered legal entities and
explains that governmental
accreditation bodies are considered
PO 00000
Frm 00016
Fmt 4701
Sfmt 4702
legal entities because of their
governmental status. Clause 4.2.2 states
that accreditation bodies must have the
authority and responsibility to decide
on granting, maintaining, extending,
reducing, suspending, and withdrawing
accreditation.22
Proposed § 1.611(b) would require an
accreditation body to demonstrate that it
has the adequate legal authority to meet
the requirements for a recognized
accreditation body in proposed §§ 1.611
through 1.615, including assessing
third-party auditors/certification bodies
for accreditation, monitoring accredited
auditors/certification bodies, perform
self-assessments, submitting reports and
notifications to FDA, implementing
procedures to protect against conflicts of
interest, establishing and maintaining
records, and following the applicable
procedural requirements of our
program.
We are not proposing to require a
newly recognized accreditation body to
wait a certain period of time before
beginning to conduct accreditation
activities under our program. Its
accreditation authority goes into effect
at the moment of recognition. Therefore,
we believe that an accreditation body
seeking recognition must demonstrate
its capacity to fulfill the roles and
responsibilities of recognition, if
granted. We believe that an
accreditation body could meet this
requirement by providing
documentation of its authority to
perform activities required by proposed
§§ 1.611 through 1.615. We expect this
documentation to be provided primarily
in the form of standard language for
contracts with eligible entities under the
FDA accredited third-party audits and
certification program. However, we will
accept other types of documents (e.g.,
Standard Operating Procedures) that can
(individually or as part of a set of
documents) demonstrate that the
accreditation body has adequate legal
authority to conduct the activities
required by proposed § 1.611 through
1.615.
We invite comment on our proposal
to require accreditation bodies to have
demonstrable evidence to support a
conclusion that they would have
adequate legal authority to meet our
requirements (e.g., authority to
withdraw accreditation for cause), if
recognized. We also seek examples of
other types of evidence that might
22 ISO/IEC 17011:2004 also contains requirements
relating to documentation of the roles and
responsibilities of accreditation body management
and personnel involved in accreditation activities.
Matters such as these will be more fully explained
in the Model Accreditation Standards we plan to
issue.
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
demonstrate the scope of an applicant’s
legal authority. For comments opposing
this requirement, we request comment
on what, if any, requirements we should
put in place to ensure that an
accreditation body applying to us for
recognition would be equipped, upon
recognition, to perform the obligations
required under the program.
c. What competency and capacity
must an accreditation body have to
qualify for recognition? (Proposed
§ 1.612). This rule would require
accreditation bodies seeking recognition
to demonstrate adequate resources to
fully implement its accreditation
program. Under proposed § 1.612, an
accreditation body must have adequate
numbers of personnel or other agents
with relevant knowledge, skills, and
experience to adequately assess and
monitor third-party auditors/
certification bodies. The accreditation
body also would have to show it has
adequate financial resources for its
operations. In the guidance, we will
explain the types of expertise and
training we expect to see when
reviewing accreditation body records
and conducting onsite performance
assessments. We also will explain the
types of documentation that might be
used to demonstrate financial viability.
ISO/IEC 17011: 2004, clause 6.1 (Ref.
18) requires accreditation bodies to have
a sufficient number of competent
personnel (internal and external) with
the educational background, technical
qualifications, training, skills, and
experience necessary for the
accreditation body’s activities. Clause
4.5.2 requires accreditation bodies to
demonstrate they have financial
resource required for accreditation
activities.23
Under proposed § 1.612(b) an
accreditation body seeking to qualify for
recognition must demonstrate that it has
the capability to adequately assess thirdparty auditors/certification bodies
seeking accreditation and to monitor
accredited auditors/certification bodies
through performance assessments. It
also must be capable of submitting
reports and notifications to FDA in the
manner we propose and to follow the
procedural requirements under our
program. As previously explained, an
accreditation body will be authorized to
begin accreditation activities under our
program immediately upon recognition.
Therefore, we need to have adequate
assurance of its ability to meet the
competency and capacity requirements
23 ISO/IEC 17011:2004 contains some
requirements that are not applicable to our program.
For example, it contains requirements relating to
liability coverage.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
of a recognized accreditation body when
deciding whether to grant recognition.
d. What protections against conflicts
of interest must an accreditation body
have to qualify for recognition?
(Proposed § 1.613). This proposed rule
would require accreditation bodies to
have established programs to safeguard
against conflicts of interest that might
compromise their objectivity and
independence from third-party auditors/
certification bodies. Proposed § 1.613
would require accreditation bodies
seeking recognition to have written
measures to safeguard against financial
conflicts of interest between the
accreditation body (and its officers,
personnel, and other agents) and thirdparty auditors/certification bodies (and
their officers, personnel, and other
agents). Without these conflict of
interest requirements, we believe it
would be difficult for an accreditation
body to demonstrate adequate
independence in accrediting auditors/
certification bodies, as required under
our accredited third-party auditing and
certification program.
ISO/IEC 17011: 2004, clause 4.3.4
(Ref. 18) requires accreditation bodies to
ensure that personnel and committees
that could influence the accreditation
process act objectively and be free from
any undue commercial pressures that
could compromise impartiality.24
Under proposed § 1.613(b), an
accreditation body seeking recognition
must demonstrate the capability to meet
the conflict of interest requirements that
would apply under § 1.624, upon
recognition. This measure is necessary
to help ensure that any accreditation
activities conducted after recognition
would be considered objective and
independent under our program.
e. What quality assurance procedures
must an accreditation body have to
qualify for recognition? (Proposed
§ 1.614). This proposed rule would
require accreditation bodies seeking
recognition to have written quality
assurance procedures in place. Proposed
§ 1.614(a) requires an accreditation body
seeking recognition to have a program
for monitoring and assessing the
performance of its officers, personnel,
and other agents and for assessing the
effectiveness of its accreditation
program. The program must include
procedures for identifying areas for
improvement and quickly executing
corrective actions.
24 ISO/IEC 17011 contains additional
requirements relating to opportunities for
involvement by interested parties and the manner
in which the accreditation body presents its
services. Such matters are beyond the scope of our
program.
PO 00000
Frm 00017
Fmt 4701
Sfmt 4702
45797
ISO/IEC 17011 (Ref. 18) requires
accreditation bodies to establish
procedures for internal audits (clause
5.7.1) and to identify nonconformities in
its operations (clause 5.5), opportunities
for improvement, and preventive
actions to address root causes (clause
5.6). Clause 5.8 requires periodic
management reviews.
Proposed § 1.614(b) requires the
accreditation body to demonstrate it has
the capability to meet the quality
assurance requirements of § 1.622, for
performing annual self-assessments
against our requirements and reporting
the results of such self-assessments. The
guidance we plan to issue will discuss
the elements of an effective quality
assurance program for accreditation
bodies.
f. What records procedures must an
accreditation body have to qualify for
recognition? (Proposed § 1.615). This
proposed rule would require
accreditation bodies seeking recognition
to have written records procedures in
place. Under proposed § 1.615(a), an
accreditation body would have to
demonstrate that it has written
procedures for establishing, controlling,
and retaining records on its
accreditation program and activities.
While we are not proposing that an
accreditation body must have retained
records for a specified period of time
prior to its recognition, we believe it is
necessary for an accreditation body to
have maintained records for such length
of time to allow us to adequately assess
its program and performance to
determine whether it is qualified for
recognition. The accreditation body also
must maintain records as required by its
existing legal obligations. Our guidance
will explain these recordkeeping,
document control, and retention
requirements.
Clause 5.4.1 of ISO/1EC 17011: 2004
(Ref. 18) requires accreditation bodies to
establish procedures for identification,
collection, filing, storage, maintenance,
and disposal of records. Under clause
5.4.2, records procedures must require
records to be retained for a period
consistent with the accreditation body’s
contractual and legal obligations. The
accreditation body must have
procedures to control internal and
external documents relating to its
activities, under clause 5.3.25
Proposed § 1.615(b) would require an
accreditation body seeking recognition
to demonstrate its capability to meet the
requirements of a recognized
accreditation body. This would include,
25 Requiring accreditation bodies to exert control
over external documents relating to its accreditation
activities would be inconsistent with our program.
E:\FR\FM\29JYP4.SGM
29JYP4
45798
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
for example, capacity for maintaining
records for 5 years, which is the
maximum length for which recognition
could be granted. It also requires
recognized accreditation bodies to give
us access to records on activities
conducted under our program. Clause
4.4 of ISO/IEC 17011: 2004 (Ref. 18)
requires accreditation bodies to have
adequate arrangements to maintain the
confidentiality of information obtained
through its accreditation activities.
Confidential information about a thirdparty auditor/certification bodies must
not be disclosed without the written
consent of the auditor/certification body
unless the law requires the information
to be disclosed without such consent.
Accreditation bodies applying for
recognition must demonstrate their
capacity, if recognized, to grant us
access to confidential information,
including information contained in
records, without prior written consent
of the auditor/certification body
involved. Having access to records
relating to accreditation activities
(including confidential information)
under this subpart is necessary to
ensure the rigor, credibility, and
independence of the program.
3. Requirements for Recognized
Accreditation Bodies
TABLE 3—PROPOSED REQUIREMENTS FOR ACCREDITATION BODIES RECOGNIZED BY FDA
Proposed
Rule Section
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
1.620
1.621
1.622
1.623
1.624
1.625
.............
.............
.............
.............
.............
.............
Title
How must a recognized accreditation body assess third-party auditors/certification bodies seeking accreditation?
How must a recognized accreditation body monitor the performance of auditors/certification bodies it accredits?
How must a recognized accreditation body monitor its own performance?
What reports and notifications must a recognized accreditation body submit to FDA?
How must a recognized accreditation body protect against conflicts of interest?
What records requirements must a recognized accreditation body meet?
Proposed §§ 1.620 through 1.625
contain the requirements that a
recognized accreditation body would
have to meet when conducting activities
under our program.
a. How must a recognized
accreditation body assess third-party
auditors/certification bodies seeking
accreditation? (Proposed § 1.620). This
proposed rule would establish criteria
and procedures a recognized
accreditation body must use in assessing
third-party auditors/certification bodies
for accreditation.
Proposed § 1.620(a)(1) requires a
recognized accreditation body to assess
foreign governments/agencies by
evaluating the food safety programs,
systems, and standards of the
government/agency to determine that
the government/agency meets the
eligibility requirements for accreditation
under § 1.640(b), except where the
criteria for direct accreditation in
proposed § 1.670(a) are met.26 Proposed
§ 1.620(a)(2) requires a recognized
accreditation body to assess the internal
systems and the training and
qualifications of audit agents used by a
foreign cooperative or other third party
to determine that the cooperative/party
meets the eligibility requirements for
accreditation under § 1.640(c).
Proposed § 1.620(a)(1) and (a)(2) are
based on section 808(c)(1) to (c)(3) of the
FD&C Act, which distinguishes between
the assessments of foreign governments/
agencies and the assessments for foreign
26 Under section 808(b)(1)(A)(ii) of the FD&C Act,
we may begin to directly accredit third-party
auditors/certification bodies if we have not
identified and recognized an accreditation body to
meet the requirements of the section within 2 years
after establishing the system.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
cooperatives/other third parties seeking
accreditation. They also require a
recognized accreditation body to assess
any third-party auditor/certification
body under the model accreditation
standards we must issue under section
808(b)(2) of the FD&C Act. The model
accreditation standards will specify the
authority, competency, capacity,
impartiality, quality assurance, and
records that a third-party auditor/
certification body must have to qualify
for accreditation under our program.
Proposed § 1.620(a)(3) requires
recognized accreditation bodies to
observe a statistically significant
number 27 of onsite food safety audits by
a third-party auditor/certification body
(or its audit agents) seeking
accreditation. Correspondingly, ISO/IEC
17011: 2004, clause 7.7.3 (Ref. 18)
requires an accreditation body’s
assessment team to witness the
performance of a representative number
of staff to provide assurance of the
auditor’s/certification body’s
competency.
Proposed § 1.620(b) requires a
recognized accreditation body to impose
three conditions on any accreditation
under this program as follows:
• The third-party auditor/certification
body must comply with the audit
27 Generally speaking, we consider ‘‘statistical
significance’’ to be an interpretation of statistical
data indicating that an occurrence was likely the
result of a causative factor and not simply a chance
result. With observations of a statistically
significant number of accredited auditors/
certification bodies, recognized accreditation bodies
will be able to exert an appropriate degree of
oversight of its accredited auditors/certification
bodies, using the data to help determine whether
its accreditation program and activities are
functioning appropriately.
PO 00000
Frm 00018
Fmt 4701
Sfmt 4702
reporting requirements contained in
proposed § 1.656, which is drawn from
section 808(c)(3) of the FD&C Act
(which makes it a condition of
accreditation to prepare consultative
audit reports within 45 days after
conducting an audit and, for regulatory
audits, to submit an audit report within
45 days after conducting an audit).
• The third-party auditor/certification
body must agree to submit electronic
certifications to FDA, where appropriate
based on the results of a regulatory
audit. Under section 808(c)(2)(A) of the
FD&C Act, we have tentatively
concluded that submission of electronic
certification (as opposed to paper
certification) is appropriate for the
following reasons:
Æ It would be too time-consuming
and resource intensive to review paperbased facility certifications and might
result delays that would frustrate the
purpose of the VQIP program for
expedited review and entry of products;
and
Æ Requiring submission and manual
review of paper food and facility
certifications would undermine to our
efforts to use robust, integrated
databases to replace manual review,
analysis, and reporting of data.
• A third-party auditor/certification
body would have to comply with the
requirement in section 808(c)(4)(A) of
the FD&C Act to notify us immediately
upon discovering, during a food safety
audit, a condition that could cause or
contribute to a serious risk to the public
health, as a condition of its
accreditation. Having timely notification
of such risks directly affects our ability
to respond rapidly to protect the public
health. We believe this notification
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
requirement is of such a critical nature
that, we are proposing to require
compliance as a condition of
accreditation. We seek comment on our
tentative conclusion to require
compliance with section 808(c)(4)(A) of
the FD&C Act a condition of
accreditation.
Proposed § 1.620(c) requires
recognized accreditation bodies to
maintain records relating to its
accreditation activities under the
program. These include records on any
denial of accreditation and on any
withdrawal, suspension, or decision to
reduce the scope of an accreditation for
cause.28 Such records must include the
name and contact information for such
certification body, the scope of
accreditation denied, withdrawn,
suspended, or reduced, and the basis for
the action. Having access to records on
denials of accreditation and actions
taken due to nonconformities will help
us in assessing the performance of the
recognized accreditation body and also
will allow us to determine whether
poorly performing third-party auditors/
certification bodies are attempting to
‘‘shop’’ for favorable accreditation
decisions elsewhere. Both are important
for our oversight of the program.
In proposed § 1.620(d), we require
recognized accreditation bodies to have
written procedures in place to consider
appeals from third-party auditors/
certification bodies to adverse
accreditation decisions. The written
procedures must offer protections
similar to those afforded by FDA under
proposed §§ 1.692 and 1.693 and
include requirements to make the
appeals procedures publicly available,
have the appeal investigated and
decided upon by people different than
those involved in the subject matter of
the appeal, notify the auditor/
certification body of the final decision
on the appeal, and maintain records on
the appeal, the final decision, and the
basis for the decision. This provision is
analogous to clause 7.10.2 of ISO/IEC
17011:2004 (Ref. 18), which requires
accreditation bodies to establish similar
procedures for handling appeals by
auditors/certification bodies. We
emphasize that we are not proposing to
review a decision by a recognized
accreditation body to deny, withdraw,
suspend, or reduce an accreditation, nor
do we propose to consider appeals from
third-party auditors/certification bodies
28 Denial, withdrawal, suspension, and reduction
in scope of accreditation differ from voluntary
relinquishment of accreditation under proposed
§ 1.665, which is an action taken on the initiative
of the auditor/certification body and is not based on
a finding of nonconformity by its accreditation
body.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
to such actions by recognized
accreditation bodies. We have
considered the language of section 808
of the FD&C Act and tentatively
concluded that it does not require us to
review such decisions. We believe our
proposal is appropriate and consistent
with international standards that
identify these as matters between the
recognized accreditation body and the
third-party auditor/certification body
affected by the decision. Comments
suggesting alternatives should provide
the following: (1) A detailed legal
rationale for us to review and decide on
a challenge to an accreditation decision
of a recognized accreditation body,
including the authority to compel a
recognized accreditation body to grant
an accreditation and to conduct the
ongoing monitoring of the auditor/
certification body required under this
FDA program; (2) a description of the
procedures FDA should follow,
including whether to compile an
administrative record based on
documents from the accreditation body
and the third-party auditor/certification
body, whether to accept new evidence
or conduct its own investigation, and
whether to conduct a public hearing;
and (3) a prioritization of FDA’s
program activities as between, for
example, monitoring the performance of
accredited auditors/certification bodies
under section 808(f) of the FD&C Act
and determining whether a recognized
accreditation body correctly denied an
application for accreditation.
b. How must a recognized
accreditation body monitor the
performance of auditors/certification
bodies it accredits? (Proposed § 1.621).
This proposed rule describes the type
and frequency of monitoring a
recognized accreditation body would
have to perform for third-party auditors/
certification bodies it accredits under
our program.
Proposed § 1.621 requires a
recognized accreditation body to
annually evaluate each of its accredited
auditors/certification bodies to
determine whether it is complying with
the applicable provisions of this rule.
For each such auditor/certification
body, the accreditation body must
review its self-assessments (including
information on compliance with the
conflict of interest requirements under
§ 1.657); its regulatory audit reports and
notifications to FDA (and supporting
documents for each), and any other
information reasonably available to the
accreditation body regarding the
compliance history of eligible entities
the accredited auditor/certification body
certified or that would otherwise be
PO 00000
Frm 00019
Fmt 4701
Sfmt 4702
45799
relevant in determining its compliance
with this rule.
The monitoring requirements we
propose are consistent with section
808(f)(2) of the FD&C Act, which
requires us to evaluate each accredited
auditor/certification body by reviewing
its regulatory audit reports and the
compliance history (as available) of
eligible entities it certified, and to take
any other necessary measures. We
believe these elements are equally
important for recognized accreditation
bodies to use when monitoring
accredited auditors/certification bodies
under our program. We believe that the
conflict of interest disclosures and
public health notifications are of such
importance to the reliability and
credibility of the program that
recognized accreditation bodies should
review them as well. To provide
flexibility to a recognized accreditation
body that is aware of additional
information relevant to its evaluation,
and consistent with the last clause in
section 808(f)(2) of the FD&C Act, we
propose to allow the accreditation body
to rely on other information relevant to
its evaluation. We note that
accreditation bodies need only consider
information that is ‘‘reasonably
available’’ to them. We do not expect an
accreditation body to launch an
investigation of each auditor/
certification body it accredited, absent
cause; however, we expect that
accreditation bodies will actively
monitor for public information about
their accredited auditors/certification
bodies and will not ignore public
information about problems associated
with one or more of this accredited
auditors/certification bodies.
ISO/IEC 17011:2004, clause 7.11.3
(Ref. 18) requires accreditation bodies to
plan for reassessment and surveillance
of each accredited auditor/certification
body at frequencies between 1 and 5
years, depending on the nature of
reassessment and surveillance
performed. In general, clause 7.11.3
requires these monitoring activities to
occur every 2 years.
We have tentatively concluded that
the assessments under proposed § 1.621
should be performed on an annual basis
because formal reviews at that
frequency, throughout the duration of
an accreditation, will help the
accreditation body determine whether
the auditor/certification body continues
to meet the applicable program
requirements and the conditions of its
accreditation. Not only will these
assessments help ensure that accredited
auditors/certification bodies
individually comply with our
requirements, but also can be used by
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
45800
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
the recognized accreditation body to
identify trends and any deficiencies in
its own performance or program.
We seek comment on our proposal
and on whether the information we
describe in § 1.621 will provide an
appropriate basis for recognized
accreditation bodies to use in evaluating
auditors/certification bodies they
accredited. Should we require
recognized accreditation bodies to
conduct witness audits or visits to the
headquarters of each auditor/
certification body it accredits under the
program, or a subset thereof? For
comments recommending other
methods of performance assessment, we
are interested in information on the
potential costs and benefits associated
with these alternatives.
c. How must a recognized
accreditation body monitor its own
performance? (Proposed § 1.622). This
proposed rule would require recognized
accreditation bodies conduct selfassessments on an annual basis and as
required under proposed § 1.664(g)
(following FDA withdrawal of
accreditation of a third-party auditor/
certification body it accredited).
Proposed § 1.622(a) requires a
recognized accreditation body to
evaluate the performance of its officers,
employees, and other agents;
compliance with applicable conflict of
interest requirements; and any other
aspects FDA requests, to determine
whether the accreditation body meets
our program requirements. Proposed
§ 1.622(b) requires a recognized
accreditation body to observe onsite
regulatory audits conducted by a
statistically significant number of its
accredited auditors/certification
bodies.29
Based on these assessments, proposed
§ 1.622(c) requires recognized
accreditation bodies implement
corrective actions to address any area
needing improvement that was
identified through its self-assessment.
The requirements in proposed
§ 1.622(a), (b), and (c) build on proposed
§ 1.614, which requires accreditation
bodies to have quality assurance
programs to qualify for recognition.
Proposed § 1.622(d) requires the
accreditation body to prepare a written
report of the findings of its selfassessment, including: (1) A statement
disclosing the extent to which the
accreditation body, and its officers,
employees, and other agents, complied
with the conflict of interest
29 As described in footnote 26, we generally
interpret statistically significant numbers as those
indicating that an occurrence was likely the result
of a causative factor and not a chance result.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
requirements in § 1.624 and other
applicable requirements; and (2)
identifying any corrective actions taken
to address identified deficiencies. The
timelines for a recognized accreditation
body to submit its self-assessment
reports to FDA appear in proposed
§ 1.623(b).
ISO/IEC 17011: 2004, clause 6.3.1
(Ref. 18) requires accreditation bodies to
establish procedures for monitoring the
performance of its personnel. Clauses
5.5 and 5.6 require accreditation bodies
to establish procedures to identify
nonconformities in its operations and
any opportunities for improvement and
to record the results of any corrective or
preventive actions taken.
d. What reports and notifications
must a recognized accreditation body
submit to FDA? (Proposed § 1.623). This
proposed rule would require recognized
accreditation bodies to submit to FDA
reports of its self-assessments and
monitoring, as well as notice of matters
affecting recognition and accreditation
status. The reports and notifications
described in proposed § 1.623 would
have to be submitted electronically and
in English.
Here and other places in this
proposed rule, we suggest that any
information for FDA be submitted in
English. For applications or requests to
FDA, we also propose to require that
any translation or interpretation services
necessary for us to process the
application or request be made available
by the submitter. We invite comment on
our proposal to require submissions in
English and to require translation or
interpretation services as necessary. For
comments in opposition, we seek input
on how FDA might address translation
and interpretation issues in a manner
that is not overly burdensome or
infeasible for the Agency and for
submitters. How can FDA mitigate
indirect effects on others submitting
applications or requests? For example,
is there a limit on the amount of time
or resources FDA should spend
translating and processing an
application submitted in a foreign
language? Are there other factors we
should consider in deciding whether to
require submissions in English and
translation and interpretation services
where necessary?
Proposed § 1.623(a) requires
recognized accreditation bodies to
submit reports of their annual
assessments of accredited auditors/
certification bodies under proposed
§ 1.621 within 45 days of completion of
the assessment. The report must include
updated lists of any audit agents used
by such auditors/certification bodies.
We believe that the results of such
PO 00000
Frm 00020
Fmt 4701
Sfmt 4702
assessments will help us evaluate the
performance of recognized accreditation
bodies in reassessing their accredited
auditors/certification bodies. The results
also will help us perform our own
monitoring of each accredited auditor/
certification body. For example, having
data about trends in performance
deficiencies that the recognized
accreditation body identified in its
assessments, and the corrective actions
that were implemented to address such
deficiencies, gives us useful information
on the accredited auditor/certification
body and offers insight into how the
recognized accreditation body oversees
its accredited auditors/certification
bodies.
Proposed § 1.623(b) requires
recognized accreditation bodies to
submit reports of their self-assessments
under proposed § 1.622. These too will
be useful to us in overseeing the
recognized accreditation bodies. Annual
self-assessments would have to be
submitted within 45 days after
completing the self-assessment. In
establishing this timeframe, we
considered the statutory requirement
that accredited auditors/certification
bodies submit reports of regulatory
audits within 45 days after completing
the audit. We tentatively concluded that
the reports of formal assessments under
§ 1.621 and self-assessments under
§ 1.622, though different in nature from
regulatory audits, are similarly
important to our ability to ensure the
rigor and credibility of the accredited
third-party audits and certification
program and thus should be submitted
to us under a similar deadline.
Additionally, proposed § 1.623(b)
provides that reports from selfassessments required by proposed
§ 1.664(g)(1) (following withdrawal of
accreditation of a third-party auditor/
certification body) would have to be
submitted to FDA within 2 months after
the date of withdrawal.
Proposed § 1.623(c) requires
recognized accreditation bodies to
immediately notify us when they grant
accreditation to an auditor/certification
body or when they withdraw, suspend,
or reduce the scope of an accreditation
under our program. Immediate notice is
essential so that we can take timely
action to begin to accept certifications
from newly accredited auditors/
certification bodies and to refuse to
accept certifications from auditors/
certification bodies no longer authorized
to issue them. For each such
notification, an accreditation body must
provide contact information for the
auditor/certification body, the name(s)
of one or more of its officers, and the
scope of accreditation. For withdrawal,
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
suspension, or reduction in scope, the
recognized accreditation body must
specify the basis for the decision and
must update any other previously
submitted information about the
auditor/certification body. A recognized
accreditation body also must
immediately notify us if it has
determined that an accredited auditor/
certification body failed to comply with
the requirements for issuance of a food
or facility certification under § 1.653
and must include the basis for the
determination and update any other
information previously submitted about
the auditor/certification body. Each type
of notification must be made
electronically and in English.
This information is essential to our
oversight and management of the
accredited third-party audits and
certification program and the programs
that rely on certifications issued by
accredited third-party auditors/
certification bodies. For example,
section 808(c)(6)(A)(ii) of the FD&C Act
requires us to withdraw accreditation
from a certification body if we
determine that the certification body no
longer meets the requirements for
accreditation. Having information on
the reason(s) for withdrawal,
suspension, or reduction in scope of an
accreditation will help us in
determining whether and how to
conduct such evaluation. (Concerns
regarding the performance of an
accredited auditor/certification body are
of a different nature than, for example,
suspension of accreditation for failure to
make timely fee payments.) Without
information on the reason an
accreditation was withdrawn,
suspended, or reduced, we believe we
will need to automatically consider
withdrawal of accreditation whenever
an accreditation is withdrawn,
suspended, or reduced.
We request comment on our tentative
conclusion that our oversight of the
program will be enhanced by timely
notice of accreditations, withdrawals,
suspensions, and reductions in scope of
accreditation by a recognized
accreditation body, and of violations of
proposed § 1.653.
In proposed § 1.623(d)(1), we require
a recognized accreditation body to
notify us within 30 days after denying
accreditation to an auditor/certification
body (in whole or in part) and including
the basis for such denial. Proposed
§ 1.623(d)(1) is based on the
requirement in proposed § 1.620(c),
which requires recognized accreditation
bodies to maintain records on any
denial of accreditation under this
program. We are not proposing to
prohibit accreditation of an auditor/
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
certification body previously denied
accreditation, if the auditor/certification
body is subject to a separate, full
assessment and found to have
adequately addressed the problems that
led to the denial.
Proposed § 1.623(d)(2) requires
recognized accreditation bodies to
notify FDA within 30 days after making
any significant change that would affect
the manner in which it complies with
the recognition requirements in §§ 1.610
to 1.625 and include an explanation for
the purpose of the change. For example,
the merger of two accreditation bodies,
or the contracting out of assessment
services at an accreditation body that
previously employed in-house
assessors, would be the types of changes
that should be notified to us. The intent
of this proposed requirement is to help
ensure that we obtain timely notice of
any changes that could affect the basis
upon which we recognized the
accreditation body. We are not seeking
prior notice, nor are we suggesting that
we have a role in approving or denying
such change. We are, however, required
by section 808(b)(1)(C) of the FD&C Act
to revoke recognition of any
accreditation body found not to be in
compliance with section 808 of the
FD&C Act. A significant change that
prevents or undermines the
accreditation body’s compliance with
this rule may result in revocation of
recognition under proposed § 1.636.
e. How must a recognized
accreditation body protect against
conflicts of interest? (Proposed § 1.624).
This proposed rule would require a
recognized accreditation body to take
certain steps to safeguard against
conflicts of interest, including the
requirement to implement a written
conflict of interest program.
Section 808 of the FD&C Act requires
us to establish the accredited third-party
audits and certification program
through, in large part, recognition of
accreditation bodies to themselves
accredit third-party auditors/
certification bodies. Various
stakeholders have expressed concern
about possible conflicts of interest
between the accreditation bodies and
the third-party auditors/certification
bodies seeking to participate in the
program we implement. We believe that
the credibility of the program will rest,
in part, on whether we establish
effective measures to protect against
conflicts of interest among the program
participants.
We considered ISO/IEC 17011:2004
(Ref. 18), which requires that all
accreditation body personnel and
committees that could influence the
accreditation act objectively and be free
PO 00000
Frm 00021
Fmt 4701
Sfmt 4702
45801
from any undue commercial, financial,
and other pressures that could
compromise impartiality.
We believe that, in keeping with the
purpose of section 808 of the FD&C Act,
recognized accreditation bodies should
be held to conflict of interest provisions
of similar rigor to those placed on
accredited third-party auditors/
certification bodies under section
808(c)(5) of the FD&C Act and this
proposed rule. Failure to have
documented safeguards against conflicts
of interest between a recognized
accreditation body and the third-party
auditor/certification body seeking its
accreditation could undermine the
system at its foundation by introducing
the possibility of bias into the system.
We believe that nothing short of
rigorous safeguards will offer the
transparency and credibility we believe
necessary for our oversight of, and
consumer confidence in, this accredited
third-party audits and certification
program.
Proposed § 1.624(a)(1) addresses
conflicts involving ownership,
management, or control of, or financial
interests in, an auditor/certification
body (including its officers, personnel,
or other agents) or any affiliate, parent,
or subsidiary of the auditor/certification
body. We believe proposed § 1.624(a)(1)
aligns with the requirement in section
808(c)(5)(A)(i) of the FD&C Act, which
prevents an accredited third-party
certification body from being owned,
managed, or controlled by any person
that owns or operates an eligible entity
to be certified by such certification
body. It also aligns with the
requirement, in section 808(c)(5)(B)(i) of
the FD&C Act, that an audit agent of an
accredited third-party certification body
not own or operate an eligible entity to
be audited by such agent.
Proposed § 1.624(a)(2) prohibits
officers, employees, or other agents of a
recognized accreditation body from
accepting any monies, gifts, gratuities,
or items of value other than the payment
of fees for accreditation services,
reimbursement of direct costs associated
with accreditation, and onsite meals, of
a de minimis value, provided during an
audit or assessment. We believe this is
consistent with the requirements in
section 808(c)(5)(A)(ii) and (c)(5)(B)(ii)
of the FD&C Act, which requires an
accredited auditor/certification body
and its audit agents to have procedures
to safeguard against financial conflicts
of interest between any officer,
employee, or audit agent and any
eligible entity to be audited or certified.
We have tentatively concluded that
onsite meals of a de minimis nature are
not gifts, gratuities, or items of value
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
45802
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
likely to influence the outcome of an
audit or assessment, nor do we think
they are likely to undermine the
credibility of the program. Onsite meals
may help expedite audits and
assessments, because the accreditation
body’s assessors would not have to
leave the premises for meals. We seek
comment on whether to define de
minimis value according to the limits
established for U.S. Government
employees for accepting gifts or
gratuities.
Proposed § 1.624(b) imputes the
financial interests of immediate family
members to an officer, employee, or
other agent of a recognized accreditation
body. This proposed requirement is
based on the approach we
recommended in the 2009 Guidance
with respect to conflicts of accredited
certification bodies (Ref. 5). We believe
that imposing a similar requirement on
the immediate family of the officers,
employees, or other agents of a
recognized accreditation body will help
to ensure the credibility of the
accredited third-party audits and
certification program at every level.
Proposed § 1.624(c) requires
transparency in the payment of fees or
reimbursement of direct costs by an
accredited auditor/certification body to
a recognized accreditation body. We
have considered the types of disclosures
that are necessary to help ensure the
credibility of the program (and are
consistent with existing disclosure
laws). We recognize the amount or
manner of payment by a third-party
auditor/certification body for
accreditation services may give rise to
questions about whether the payment
might affect the outcome of the
accreditation process. Where, for
example, a third-party auditor/
certification body makes multiple
payments to an accreditation body or
makes payments under a different
schedule than the accreditation body’s
usual practice, this may spur questions
about whether those payments are
linked to a favorable outcome for the
third-party auditor/certification body.
We have tentatively concluded that,
to maintain confidence in the program
through transparency, recognized
accreditation bodies disclose the timing
of payments and reimbursement they
receive from auditors/certification
bodies, to the extent that such
disclosures are consistent with existing
law. While we do not believe that
information on timing of payment of
fees would be protected from disclosure
under existing disclosure laws, we seek
comment on this matter.
Proposed § 1.624(c) also requires
recognized accreditation bodies to
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
maintain on their Web sites an up-todate list of each auditor/certification
body accredited under this program,
including the scope and duration of
such each accreditation and date(s) on
which the auditor/certification body
paid any fee or reimbursement
associated with such accreditation.
Information on the timing of payments
to recognized accreditation bodies for
accreditation services is useful because
it allows for analysis of such data in the
aggregate. Unusual patterns in payments
by one or more auditors/certification
bodies may trigger a closer evaluation
by us to determine whether the
independence and objectivity of the
recognized accreditation body may have
been compromised by such payments.
Requiring the recognized accreditation
body to make information on the timing
of payments available on its Web site
creates transparency, thereby lending to
the credibility of the program.
We seek comment on the tentative
conclusions identified here, namely that
we should require recognized
accreditation bodies to: (1) Have a
written program to safeguard against
conflicts of interest; (2) include the
interest of any affiliate, parent, or
subsidiary of a third-party auditor/
certification body within the scope of
interests covered by the accreditation
body’s conflict of interest program; (3)
impute the interests of immediate
family members of an officer, employee,
or other agent to such officer, employee,
or other agent; and (4) maintain on its
Web site a list of its accredited auditors/
certification bodies, including duration
and scope of each such accreditation,
and information about the timing of
payments by each such auditor/
certification body. For interested parties
recommending alternative approaches
regarding public disclosure of
payments, we request that such
comments be accompanied by any
examples or other information to
describe or support the recommended
approaches.
We also seek comment on whether
there are conflicts other than financial
interests of recognized accreditation
bodies that should be addressed in these
regulations. For any comment
recommending that we address other
types of conflicts, we are seeking
recommended measures to address such
conflicts, any documents or references
that are available to support the
recommendation, and input on whether
similar measures should apply to
accredited auditors/certification bodies
under this program.
f. What records requirements must a
recognized accreditation body meet?
(Proposed § 1.625). This proposed rule
PO 00000
Frm 00022
Fmt 4701
Sfmt 4702
identifies specific types of documents a
recognized accreditation body would be
required to establish, control, and
maintain to document compliance with
applicable requirements. The
recognized accreditation body also
would be required to provide FDA
access to such records.
The records required by proposed
§ 1.625 include documents and data
relating to the following: (1)
Applications for accreditation and for
renewal; (2) decisions to grant, deny, or
suspend accreditation, or to reduce the
scope of an accreditation; (3) challenges
to adverse accreditation decisions; (4)
monitoring of accredited auditors/
certification bodies; (5) the accreditation
body’s self-assessments and corrective
actions (which includes information on
compliance with conflict of interest
requirements under proposed § 1.624);
(6) significant changes to the
accreditation program that might affect
compliance with this rule; (7) regulatory
audit reports and supporting
information from its accredited
auditors/certification bodies; and (8)
any other reports or notifications
submitted under § 1.623. Proposed
§ 1.625 requires such records to be
maintained, electronically and in
English, for a period of 5 years.
Requiring recognized accreditation
bodies to maintain records in English is
necessary to allow FDA to conduct
timely and rigorous oversight of the
accreditation bodies the Agency
recognizes. We believe these are the
types of records that accreditation
bodies currently maintain and that such
records are routinely maintained by
accreditation bodies for a minimum of
5 years. In addition, by requiring
recognized accreditation bodies to
maintain their records for at least 5
years, it will help us ensure that we
have an adequate basis for monitoring
its performance and determining
whether to renew recognition, which
may be granted for a period of up to 5
years.
Proposed § 1.625(b) requires a
recognized accreditation body to make
such records available to us for
inspection and copying upon the
written request of an authorized FDA
representative or, if requested by us
electronically, to submit them
electronically, in English, no later than
10 business days after the date of the
request. Proposed § 1.625(c) prohibits a
recognized accreditation body from
preventing or interfering with our access
to its accredited auditors/certification
bodies and the records of the auditors/
certification bodies.
We have tentatively concluded that
the records identified and the records
E:\FR\FM\29JYP4.SGM
29JYP4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
maintenance and access requirements in
proposed § 1.625 are necessary for us to
adequately monitor recognized
accreditation bodies, as directed by
section 808(f) of the FD&C Act. We
understand that accreditation bodies
frequently include confidentiality
provisions in standard contracts with
third-party auditors/certification bodies.
Many of those contract provisions may,
in the past, have prevented disclosure of
these records to us. If so, the
requirements of proposed § 1.625,
would require revisions to such
contracts (and perhaps other
documents) establishing and limiting
the scope of an accreditation body’s
authority to grant us records access. We
believe that such access is necessary for
us to conduct the monitoring required
45803
by section 808(f) of the FD&C Act and
to otherwise exercise adequate oversight
of the accredited third-party audits and
certification program. We seek comment
on this tentative conclusion and on the
specific requirements we propose in this
section.
4. Procedures for Recognition of
Accreditation Bodies
TABLE 4—PROPOSED PROCEDURES FOR ACCREDITATION BODIES
Proposed rule
section
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
1.630
1.631
1.632
1.633
1.634
1.635
1.636
.............
.............
.............
.............
.............
.............
.............
Title
How do I apply to FDA for recognition or renewal of recognition?
How will FDA review applications for recognition and for renewal of recognition?
What is the duration of recognition?
How will FDA monitor recognized accreditation bodies?
When will FDA revoke recognition?
How do I voluntarily relinquish recognition?
How do I request reinstatement of recognition?
a. How do I apply to FDA for
recognition or renewal of recognition?
(Proposed § 1.630). This proposed rule
would establish procedures for
accreditation bodies to follow when
applying to FDA for recognition or for
renewal of recognition. Under proposed
§ 1.630(a) (initial application) and
§ 1.630(b) (renewal), the applicant must
demonstrate that it meets the eligibility
requirements for recognition in
proposed § 1.610. Applications for
recognition and for renewal are subject
to the same requirements for the form
and manner of submission under
proposed § 1.630(c) and (d). The
accreditation body must submit a signed
application, accompanied by any
supporting documents, electronically
and in English. We also propose to
require an applicant to provide any
translation or interpretation services we
need to process the application. This
may include providing translators or
interpreters for FDA staff conducting
onsite audits or assessments of the
applicant.
We tentatively conclude that the
application procedures in proposed
§ 1.630 are reasonable requirements for
accreditation bodies to meet. We believe
that an accreditation body having the
competency and capacity to qualify for
recognition under the criteria in
proposed § 1.610 would be similarly
capable of meeting the application
requirements in proposed § 1.630.
Requirements for electronic, English
language communications are necessary
for us to make well-informed and timely
decisions on applications and to
conduct appropriate oversight of
accreditation bodies, once recognized.
We seek comment on these conclusions
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
and the proposed requirements of
§ 1.630.
b. How will FDA review applications
for recognition and for renewal of
recognition? (Proposed § 1.631). This
proposed rule would establish the
procedures we will follow in reviewing
and deciding on applications for
recognition and for renewal of
recognition. Under proposed § 1.631(a),
we will create an application queue,
organized by the date on which each
such application submission is
complete. In the interest of fairness, we
are proposing to order the queue on a
first in, first out basis. We will inform
applicants of deficiencies in application
documentation. To encourage
applicants to supply any missing
information promptly, we will not place
an application in the queue until it is
complete. Allowing incomplete
applications in the queue might block
applications that are ready for review,
but were submitted later in time.
We will inform an applicant once its
application has been placed in the
queue. We will review each recognition
or renewal application to determine
whether the applicant meets the
eligibility requirements of proposed
§ 1.630(a) and (b). We anticipate that
initial applications for recognition will
require lengthier review times than
renewal applications will. We will
communicate anticipated processing
periods to applicants. We are not,
however, proposing to include specific
timeframes for review, for the following
reasons: (1) It is difficult to project the
amount of resources that will be
available for application review, as the
program is authorized to be funded by
user fees under section 808(c)(8) of the
PO 00000
Frm 00023
Fmt 4701
Sfmt 4702
FD&C Act; and (2) we expect to become
more efficient in processing
applications as we gain experience but
currently lack data to reasonably
estimate the effect of efficiency gains on
review times.
Proposed § 1.631(b), (c), and (d)
describe the basis on which we will
decide whether to approve a recognition
or renewal application and explains that
we will notify the applicant of our
decision in writing. We may send the
notice electronically.
If we approve an application, the
notice will include any conditions we
may impose on the recognition. (For
example, we may adjust the date that an
accreditation body’s annual selfassessment would be due, if the
anniversary date of its recognition
would otherwise require the selfassessment to be submitted on a
weekend.) If we deny a recognition or
renewal application, we will explain the
reason for our denial and will give the
address and procedures for requesting
that we reconsider.
Proposed § 1.631(e) applies only to
applications for renewal of recognition
and allows us to extend the length of an
existing recognition to complete our
review of the renewal application. We
can extend the recognition until a
specific date or may extend the
recognition for as long as necessary for
us to decide on the application.
c. What is the duration of recognition?
(Proposed § 1.632). This proposed rule
would allow us to grant recognition to
an accreditation body for up to 5 years,
though we will determine the length of
recognition on a case-by-case basis.
In deciding that 5 years is the
maximum appropriate length of
recognition, we considered approaches
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
45804
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
taken in other government programs.
Another DHHS operating division, the
Substance Abuse and Mental Health
Services Administration (SAMHSA),
approves accreditation bodies to
accredit programs that use opioid
agonist treatment medications.
SAMHSA may approve an accreditation
body for a period not to exceed 5 years
(42 CFR 8.3). Under the FDA
mammography program, we may
approve accreditation bodies for terms
of up to 7 years (21 CFR 900.3(g)).
We are proposing to recognize
accreditation bodies for a period of up
to 5 years, based in part on these
examples. We do not expect to grant
every recognition at the maximum
duration. We believe that shorter terms
of recognition may be appropriate in the
early years of the program or for
accreditation bodies with fewer years of
experience accrediting auditors/
certification bodies for food safety
auditing and certification. As we gain
experience with the program, we may
revisit this matter.
We seek comment on proposed
§ 1.632 and the factors we considered in
developing it. We do not claim to have
compiled an exhaustive list of
government programs for approving
accreditation bodies and are interested
in comments offering other examples
that are relevant to the type of program
we are establishing. To the extent that
an alternative term of recognition is
suggested, we seek any information that
can be provided in support of such
alternative.
d. How will FDA monitor recognized
accreditation bodies? (Proposed
§ 1.633). This proposed rule would
establish the frequency and manner for
our formal evaluations of recognized
accreditation bodies. Proposed § 1.633
builds on the self-assessment
requirements of proposed § 1.622,
which are submitted to us under
proposed § 1.623. Section 808(f)(1) of
the FD&C Act requires us to reevaluate
a recognized accreditation body at least
once every 4 years to determine its
compliance with applicable FDA
requirements.
Proposed § 1.633(a) describes the
timeframes in which we will conduct
reevaluations: At least 4 years after the
date of accreditation for an accreditation
body recognized for a 5-year term, and
the mid-term point for recognitions
granted for less than 5 years. These
represent the maximum times that may
elapse before we conduct a formal
reevaluation of a recognized
accreditation body. We lack data to set
a more definitive schedule for
reevaluations but may be able to do so
as we gain experience under the
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
program. Proposed § 1.633(a) explains
that we may perform additional
performance evaluations of recognized
accreditation bodies at any time.
Proposed § 1.633(b) describes the
types of information we may gather as
part of a performance evaluation.
Section 808(f)(3) of the FD&C Act gives
us authority to conduct onsite audits of
eligible entities that have been issued
certification by an accredited auditor/
certification body at any time, with or
without the accredited auditor/
certification body present, and section
808(f)(4) gives us authority to take any
other measures we deem necessary.
Proposed § 1.633(b) explains that we
may conduct onsite audits of eligible
entities certified by the accreditation
body’s accredited auditors/certification
bodies, as indicators of the effectiveness
of the recognized accreditation body’s
performance, including its assessments
and decisionmaking. These assessments
and audits may be conducted at any
time, with or without the accredited
auditor/certification body present. We
believe it is necessary for us to have the
option to conduct onsite audits of
certified eligible entities outside the
presence of a recognized accreditation
body with an interest in the outcome of
FDA’s evaluation. Therefore, proposed
§ 1.633(b) allows us to conduct onsite
assessments of accredited auditors/
certification bodies at any time, with or
without the recognized accreditation
body present. We believe that such spot
checks are useful in testing the program
and ensuring compliance, which is the
purpose of section 808(f) of the FD&C
Act.
e. When will FDA revoke recognition?
(Proposed § 1.634). This proposed rule
would establish the criteria and
procedures for revocation of recognition
of an accreditation body. It also
describes the effects (if any) of
revocation on accreditations and
certifications occurring prior to the
revocation. Section 808(b)(1)(C) of the
FD&C Act requires us to revoke the
recognition of an accreditation body for
failure to comply with section 808 of the
FD&C Act and the implementing
regulations in this subpart.
Proposed § 1.634 describes several
circumstances that we believe each
warrant revocation of recognition:
Under proposed § 1.634(a)(1), we will
revoke recognition of any accreditation
body that refuses to grant us access to
records or to conduct audits,
assessments, or investigations necessary
to ensure the recognized accreditation
body’s continued compliance. Denial of
access to perform our oversight
functions would prevent us from
meeting our statutory responsibilities
PO 00000
Frm 00024
Fmt 4701
Sfmt 4702
for monitoring recognized accreditation
bodies under section 808(f)(1) of the
FD&C Act.
We will revoke recognition under
proposed § 1.634(a)(2)(i) for failure to
take timely and necessary corrective
action after we withdraw accreditation
of one of its accredited auditors/
certification bodies for unjustifiably
certifying a facility or food that was
linked to an outbreak with a reasonable
probability of causing serious adverse
health consequences or death in
humans or animals. When we withdraw
the accreditation of an auditor/
certification body, we believe its
accreditor should promptly conduct an
internal review to identify whether any
problems in its accreditation program or
performance may have caused or
contributed to the circumstances
leading to withdrawal and to effectively
address any problems found. For
example, we expect such an
accreditation body to review its
monitoring program to determine
whether it should conduct more
frequent onsite assessments of the
auditors/certification bodies it
accredited under our program.
We also will revoke recognition under
proposed § 1.634(a)(2)(ii) for failure to
take timely and necessary corrective
action when the results of the
accreditation body’s self-assessment or
the self-assessments or monitoring of
one or more of its accredited auditors/
certification bodies identify a significant
problem with the accreditation body’s
performance. This provision focuses on
significant problems the accreditation
body knew or should have known it
needed to address through prompt and
effective corrective actions. For
example, we believe it appropriate to
revoke the recognition of an
accreditation body that ignores obvious,
significant problems in its performance
yet chooses to take no corrective action
to address the problems.
In addition, we will revoke
recognition under proposed
§ 1.634(a)(2)(iii) when a recognized
accreditation body fails to promptly
implement corrective actions we direct
to bring the accreditation body into
compliance. This provision is based on
the requirement of section 808(b)(1)(C)
of the FD&C Act to promptly revoke the
recognition of an accreditation body
found not to be in compliance with
section 808 of the FD&C Act.
Proposed § 1.634(a)(3) allows us to
revoke recognition when we determine
that a recognized accreditation body has
committed fraud or submitted material
false statements to us. Fraud and
falsehood undermine the credibility of
the program and our ability to rely on
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
the certifications issued by auditors/
certification bodies it accredited.
Proposed § 1.634(a)(4) describes
circumstances that we believe warrant
revocation but do not fit into the
categories in proposed § 1.634(a)(1),
(a)(2), and (a)(3), such as a lack of
objectivity (demonstrated bias) in its
activities or failure to adequately
support one or more of its accreditation
decisions. There may be unforeseen
circumstances that we determine
provide good cause for revocation of
recognition for failure to comply with
applicable requirements. Proposed
§ 1.634(a)(4) gives accreditation bodies
notice of our intention to revoke
recognition where we find good cause.
Proposed § 1.634(b) specifies that we
may request records from the
accreditation body or one or more of its
accredited auditors/certification bodies
to assist us in deciding whether to
revoke recognition.
Proposed § 1.634(c)(1) establishes the
procedures for us to notify the
accreditation body of revocation of
recognition and its opportunity to
challenge the revocation in an informal
hearing conducted under part 16 of our
regulations. Part 16 hearings are used
for, among other things, approval,
reapproval, or withdrawal of approval of
mammography accreditation bodies
under 21 CFR 900.7. We believe part 16
hearings provide adequate process for
accreditation bodies subject to
revocation of recognition under this
proposed rule. The notice of revocation
also will identify the procedures for
requesting reinstatement of recognition
under proposed § 1.634(c)(1). Regardless
of whether the accreditation body
challenges its revocation or seeks
reinstatement, under proposed
§ 1.634(c)(2), it must notify us of the
location where the records required by
proposed § 1.625 will be maintained.
Proposed § 1.634(d) addresses the
possible effects of revocation of
recognition on an auditor/certification
body accredited prior to the revocation.
Under proposed § 1.634(d)(1), FDA
would notify any auditor/certification
body accredited by an accreditation
body whose recognition was revoked.
The auditor’s/certification body’s
accreditation will remain in effect
provided that it conducts a selfassessment under proposed § 1.655 and
reports its results to FDA within 2
months of the revocation under
proposed § 1.656(b). We believe the
accredited auditor/certification body
that complies with these requirements
should not face adverse consequences
when its accreditation body fails to meet
its obligations as a recognized
accreditation body. Requiring the
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
accredited auditor/certification body to
verify that it is in compliance with the
applicable requirements through selfassessment and reporting would help
provide confidence that the auditor’s/
certification body’s program is under
control during the time it is
transitioning from one accreditation
body to another. The auditor/
certification body would have 1 year
after the revocation of its accreditation
body’s recognition to become
reaccredited, under proposed
§ 1.634(d)(1)(ii). We believe this gives
the auditor/certification body sufficient
time to find a new recognized
accreditation body and to go through its
accreditation process, but would not
allow a prolonged period of auditing
and certification activity without the
immediate oversight of an accrediting
body. Proposed § 1.634(d)(2) explains
that FDA may withdraw accreditation of
an auditor/certification body whenever
FDA finds good cause under proposed
§ 1.664. Where an accredited auditor/
certification body fails to comply with
the requirements of proposed
§ 1.634(d)(1)(i) or (d)(1)(ii), we may
withdraw the accreditation for cause
under proposed § 1.664. Our decision to
withdraw accreditation will be based on
the circumstances associated with the
auditor/certification body. Revocation of
the recognition of its accrediting body
does not, by itself, provide cause for
withdrawal of the accreditation of an
auditor/certification body that is in
compliance with this rule. If evidence
from a revocation proceeding reveals
problems with the auditor/certification
body, then we may pursue withdrawal
of accreditation under proposed § 1.664
based on evidence associated with the
auditor/certification body—not because
of the revocation of recognition of its
accrediting body.
Under proposed § 1.634(e),
certifications issued by an auditor/
certification accredited by an
accreditation body whose recognition is
subsequently revoked will remain in
effect until the certifications terminate
by expiration. We believe that eligible
entities should not face adverse
consequences solely because of the
failure of an accreditation body selected
by its auditor/certification body.
However, we retain the authority, under
section 801(q) of the FD&C Act, to refuse
to accept a food certification, offered for
admissibility purposes, if we reasonably
believe the certification is not valid or
reliable. Revocation of the recognition of
its accrediting body does not, by itself,
provide the basis for refusing a
certification under section 801(q) of the
FD&C Act. We will look to
PO 00000
Frm 00025
Fmt 4701
Sfmt 4702
45805
circumstances bearing on the issuance
of a food certification to an eligible
entity and submission by an accredited
auditor/certification body in
determining its validity or reliability.
For example, if an investigation of fraud
by an accreditation body also reveals
evidence of fraud by the eligible entity
or by the auditor/certification body, we
may determine that the food
certification is not valid or reliable.
Proposed § 1.634(f) explains that we
will provide notice on our public Web
site when we revoke the recognition of
an accreditation body. We believe that
public notice of matters such as
revocation are necessary to help ensure
the credibility of the program.
We solicit comment on our tentative
conclusions regarding possible grounds
for revocation, particularly revocation
for cause. We seek examples that
commenters believe do or do not
represent good cause for revocation. We
also solicit input on our proposal to use
the informal hearing procedures set out
in part 16 for challenges to a revocation
decision.
f. How do I voluntarily relinquish
recognition? (Proposed § 1.635). This
proposed rule would offer an
accreditation body a mechanism for
voluntarily relinquishing its recognition
before it terminates by expiration.
Relinquishment on the initiative of the
accreditation body is distinct from FDA
revocation of recognition for good cause.
Proposed § 1.635 describes the
procedures that an accreditation body
must follow when it intends to
relinquish its recognition. Current
mammography regulations in 21 CFR
900.3 offer accreditation bodies the
opportunity to voluntarily relinquish
their authority to grant accreditation.
We believe that accreditation bodies
operating under our accredited thirdparty audits and certification program
should likewise have the option to
voluntarily relinquish their recognition.
We are proposing certain procedural
requirements—similar to those in the
mammography regulations—that
accreditation bodies must follow in
relinquishing recognition. We believe
these procedures are necessary to ensure
an orderly transition for auditors/
certification bodies accredited by an
accreditation body that is relinquishing
its recognition and for us to make
necessary adjustments in the program,
such as preparing to review selfassessments from any auditor/
certification body accredited by such
accreditation body. Proposed § 1.635(a)
requires accreditation bodies to notify
us at least 6 months before relinquishing
recognition. The notifications must be
submitted electronically and in English.
E:\FR\FM\29JYP4.SGM
29JYP4
45806
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
It is essential that we have the ability to
maintain adequate oversight of the
program, and particularly accredited
auditors/certifications bodies that will
no longer be under the oversight of a
recognized accreditation body.
Therefore, we are proposing to require
an accreditation body relinquishing its
recognition to identify the location
where the records required by proposed
§ 1.625 will be maintained.
The decision to relinquish recognition
is made solely by the accreditation
body, without FDA involvement.
Therefore, in relinquishing recognition
under proposed § 1.635(a), the
accreditation body would waive its
rights to appeal, because there is no
FDA action to serve as the basis for
appeal.
Proposed § 1.635(b) requires the
accreditation body to notify any thirdparty auditor/accreditation body,
currently accredited, of the date on
which it intends to relinquish
recognition. An accredited auditor/
certification body needs timely notice of
its accreditation body’s intent to
relinquish recognition so that the
auditor/certification body can begin to
seek accreditation from another
recognized accreditation body.
Proposed § 1.635(c) explains that an
accreditation granted by a recognized
accreditation body prior to
relinquishing its recognition will remain
in effect until it expires, except where
we determine there is good cause for
withdrawal under proposed § 1.664. In
general, we believe an accredited
auditor/certification body should not
face adverse consequences from its
accreditation body’s decision to
withdraw from our program and upon
expiration of its accreditation would
apply for accreditation from a different
accreditation body under proposed
§ 1.660. If however we determine that
there are grounds for us to withdraw the
accreditation of the auditor/certification
body, the auditor/certification body
would have to seek reaccreditation
under proposed § 1.666.
Proposed § 1.635(d) explains that an
accreditation granted by an
accreditation body that voluntarily
relinquished recognition will not affect
certifications issued by auditors/
certification bodies accredited prior to
its voluntary relinquishment, except
that we may refuse to consider such
certification in determining the
admissibility of an article of food under
section 801(q) of the FD&C Act if we
determine the certification is not valid
or reliable. Such certifications generally
will remain in effect until they
terminate by expiration. In considering
the impact of relinquishment of
recognition on certifications, we were
mindful that eligible entities would not
have input into the accreditation body’s
decision to relinquish recognition and
that voluntary relinquishment likely
would have no bearing on the
performance of its accredited auditors/
certification bodies and the validity or
reliability of certifications they issue.
Proposed § 1.635(e) states that we will
provide notice on our public Web site
of the voluntary relinquishment of
recognition by an accreditation body. To
provide notice to program participants
and to provide certainty to the markets,
we also will post information on the
status of accreditations and
certifications as described under
proposed § 1.635(c) and (d).
g. How do I request reinstatement of
recognition? (Proposed § 1.636). This
proposed rule describes the procedures
that an accreditation body would have
to follow when seeking reinstatement of
its recognition. Under proposed
§ 1.636(a), an accreditation body that
has had its recognition revoked may
seek reinstatement by submitting a new
application for recognition if it did not
seek a regulatory hearing on the merits
of the revocation of its recognition
under proposed § 1.634 or if required to
do so by a decision following a
regulatory hearing. Proposed § 1.636(b)
requires such application to be
supported by evidence demonstrating
that the grounds for revocation have
been resolved and are unlikely to recur.
We believe that a new application
would be an appropriate requirement
for an accreditation body that had been
previously shown not to be in
compliance with the requirements of
this rule, and any conditions we
imposed on its recognition. We seek
comment on this tentative conclusion
and on the requirements we propose in
§ 1.636 for reinstatement of recognition.
5. Accreditation of Third-Party
Auditors/Certification Bodies
This proposed rule would establish:
(1) The eligibility requirements for an
auditor/certification body to be
authorized (‘‘accredited’’) by a
recognized accreditation body or by
FDA (‘‘direct accreditation’’) under the
accredited third-party audits and
certification program; (2) requirements
for accredited auditors/certification
bodies, including auditing, reporting,
certification, and assessments; and (3)
procedures FDA and third-party
auditors/certification bodies will follow
under the program.
TABLE 5—PROPOSED REQUIREMENTS FOR THIRD-PARTY AUDITORS/CERTIFICATION BODIES
Proposed rule
section
Title
Accreditation of third-party auditors/certification bodies under this subpart
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
1.640
1.641
1.642
1.643
1.644
1.645
.............
.............
.............
.............
.............
.............
Who is eligible to seek accreditation?
What legal authority must a third-party auditor/certification body have to qualify for accreditation?
What competency and capacity must a third-party auditor/certification body have to qualify for accreditation?
What protections against conflict of interest must a third-party auditor/certification body have to qualify for accreditation?
What quality assurance procedures must a third-party auditor/certification body have to qualify for accreditation?
What records procedures must a third-party auditor/certification body have to qualify for accreditation?
Requirements for accredited auditors/certification bodies under this subpart
1.650
1.651
1.652
1.653
1.654
1.655
1.656
1.657
.............
.............
.............
.............
.............
.............
.............
.............
VerDate Mar<15>2010
How must an accredited auditor/certification body ensure its audit agents are competent and objective?
How must an accredited auditor/certification body conduct a food safety audit of an eligible entity?
What must an accredited auditor/certification body include in food safety audit reports?
What must an accredited auditor/certification body do when issuing food or facility certification?
When must an accredited auditor/certification body monitor an eligible entity with food or facility certification?
How must an accredited auditor/certification body monitor its own performance?
What reports and notifications must an accredited auditor/certification body submit?
How must an accredited auditor/certification body protect against conflicts of interest?
19:00 Jul 26, 2013
Jkt 229001
PO 00000
Frm 00026
Fmt 4701
Sfmt 4702
E:\FR\FM\29JYP4.SGM
29JYP4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
45807
TABLE 5—PROPOSED REQUIREMENTS FOR THIRD-PARTY AUDITORS/CERTIFICATION BODIES—Continued
Proposed rule
section
1.658 .............
Title
What records requirements must an accredited auditor/certification body meet?
Procedures for accreditation of third-party auditors/certification bodies under this subpart
1.660
1.661
1.662
1.663
1.664
1.665
1.666
.............
.............
.............
.............
.............
.............
.............
Where do I apply for accreditation or renewal of accreditation from a recognized accreditation body?
What is the duration of accreditation?
How will FDA monitor accredited auditors/certification bodies?
How do I request an FDA waiver or waiver extension for the 13-month limit for audit agents conducting regulatory audits?
When can FDA withdraw accreditation?
How do I voluntarily relinquish accreditation?
How do I request reaccreditation?
Additional procedures for direct accreditation of third-party auditors/certification bodies under this subpart
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
1.670 .............
1.671 .............
1.672 .............
How do I apply to FDA for direct accreditation or renewal of direct accreditation?
How will FDA review applications for direct accreditation and for renewal of direct accreditation?
What is the duration of direct accreditation?
Section 808 of the FD&C Act directs
us to establish a voluntary program for
accreditation of third-party auditors/
certification bodies to conduct food
safety audits and to issue certifications
to eligible foreign entities. Sections
808(b)(2) and (c)(5)(C) of the FD&C Act
require us to issue model accreditation
standards to qualify third-party
auditors/certification bodies as
accredited auditors/certification bodies
and to issue implementing regulations
for the program.
The statute requires accredited
auditors/certification bodies to: (1) Issue
a written (and, as appropriate,
electronic) food or facility certification
after conducting a regulatory audit and
such other activities necessary to
determine compliance with the FD&C
Act; (2) submit regulatory audit reports
within 45 days; (3) complete reports of
consultative audits within 45 days; (4)
maintain onsite audit reports and other
audit documents in its records; (5)
immediately notify us of a condition
that could cause or contribute to a
serious risk to the public health; (6)
prevent an audit agent from conducting
a regulatory audit of an eligible entity
for which the agent conducted a
consultative or regulatory audit within
the preceding 13 months, unless waived
by FDA; and (7) comply with conflict of
interest requirements.
a. Who is eligible for accreditation?
(Proposed § 1.640). This proposed rule
would establish the eligibility
requirements for a third-party auditor/
certification body to be qualified for
accreditation by a recognized
accreditation body or for direct
accreditation by FDA. Under section
808(a)(3) of the FD&C Act, a third-party
auditor can be a foreign government, an
agency of a foreign government, a
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
foreign cooperative, or any other third
party, as FDA determines appropriate
according to the Agency model
accreditation standards. Section
808(c)(1)(A) of the FD&C Act requires a
foreign government/agency seeking
accreditation to demonstrate that its
food safety programs, systems, and
standards are capable of adequately
ensuring that eligible entities or foods it
certified meet applicable FDA
requirements for food manufactured,
processed, packed, or held for import
into the United States. Section
808(c)(1)(B) of the FD&C Act requires a
foreign cooperative or other third party
seeking accreditation to demonstrate
that each eligible entity it certified has
systems and standards in use to ensure
that the entity or food meets the
applicable requirements of the FD&C
Act. The statute requires us to issue
model accreditation standards under
section 808(b)(2) of the FD&C Act to
qualify third-party auditors/certification
bodies for accreditation.30
Proposed § 1.640(a) aligns with the
definition of third-party auditor in
section 808(a)(3) of the FD&C Act,
describing the types of organizations
that may be eligible for accreditation
under our program: Foreign
governments and agencies of foreign
governments, foreign cooperatives, and
other third parties. Proposed § 1.640(b)
reflects the requirements of section
808(b) and (c)(1)(A) of the FD&C Act,
stating that a foreign government or
agency of a foreign government is
30 Section 808(b)(2) of the FD&C Act directs us to
include requirements for regulatory audit reports in
the model accreditation standards. Because such
reports are prepared by accredited third-party
auditors/certification bodies, we have included
requirements for regulatory audit reports in the
proposed requirements for accredited auditors/
certification bodies in this subpart.
PO 00000
Frm 00027
Fmt 4701
Sfmt 4702
eligible for accreditation if it meets the
requirements of §§ 1.641 through 1.645,
as specified in FDA model standards on
qualifications for accreditation,
including legal authority, competency,
capacity, conflicts of interest, quality
assurance, and records. We believe the
scope of the review of a foreign
government/agency’s food safety
programs, systems, and standards for
accreditation purposes should focus on
the program, systems, and standards
relevant to the scope of accreditation
sought. Under proposed § 1.640(c), a
foreign cooperative or other third party
is eligible for accreditation if it can
demonstrate that the training and
qualifications of its audit agents and its
internal systems and standards meet the
requirements of §§ 1.641 through 1.645,
as explained in FDA model standards
on qualifications for accreditation,
including legal authority, competency,
capacity, conflicts of interest, quality
assurance, and records.
These proposed eligibility
requirements build on the language in
section 808 of the FD&C Act, using the
approach we described in our 2009
guidance on voluntary certification for
food and feed (Ref. 5), which contained
recommendations relating to authority,
competency, capacity, conflicts of
interest, quality assurance, and
recordkeeping. We also considered the
FDA MFRPS (Ref. 12) and draft ICAT
(Ref. 14) for similar standards that could
help assure the maximum degree of
consistency across domestic and
international foods programs. Looking
externally, we considered the GFSI
Guidance version 6 (Ref. 23), which
requires food safety scheme owners to
use third-party auditors/certification
bodies that comply with either ISO/IEC
Guide 65:1996 (Ref. 20) for product
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
45808
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
certification or ISO/IEC 17021:2006
(revised in 2011) (Ref. 19) coupled with
ISO TS 22003:2007 (Ref. 21) for
management systems certification.
b. What legal authority must a thirdparty auditor/certification body have to
qualify for accreditation? (Proposed
§ 1.641). This proposed rule would
require third-party auditors/certification
bodies seeking accreditation to
demonstrate that they have sufficient
legal authority, which may include
authority established by contract, to
adequately audit food facilities and to
certify them for compliance with food
safety requirements, once accredited.
Proposed § 1.641(a) would allow
governmental bodies, with auditing and
certification authority inherent in their
roles as public officials, and private
bodies, who have authority under
contracts with food facilities, to qualify
for accreditation if they have sufficient
authority to conduct auditing and
certification activities. This includes
adequate authority to access records;
conduct onsite audits; and to grant,
suspend or withdraw certification.
Clause 4.2(d) of ISO/IEC Guide 65:1996
(Ref. 20) requires auditors/certification
bodies to be legal entities. Clause 5 of
ISO/IEC 22003:2007 (Ref. 21), by cross
reference to ISO/IEC 17021:2011 (Ref.
19), clause 5, requires auditors/
certification bodies to be legal entities,
or defined parts of a legal entity that can
be held legally responsible for its
certification activities. Clause 5.1.3
requires auditors/certification bodies to
retain authority for their certification
decisions, including granting,
maintaining, renewing, extending,
reducing, suspending, and withdrawing
certification.
Proposed § 1.641(b) would require a
third-party auditor/certification body to
demonstrate that it has adequate legal
authority to meet the requirements for
an accredited auditor/certification body
in proposed §§ 1.650 through 1.658,
including conducting food safety audits
using FDA requirements and industry
standards and practices as audit criteria,
preparing audit reports, issuing
certifications, submitting reports and
notification to us, implementing
procedures to protect against conflicts of
interest, maintaining records,
conducting monitoring when necessary,
and following the procedural
requirements of our program.
Consistent with our procedures for
recognition of accreditation bodies, we
are not proposing to require a newly
accredited auditor/certification body to
wait a certain length of time before
beginning to conduct foods safety audits
and issue certifications under our
program. Its certification authority goes
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
into effect at the moment of
accreditation. Therefore, we believe a
third-party auditor seeking accreditation
must demonstrate its capacity to fulfill
the roles and responsibilities of an
accredited auditor/certification body, if
granted.
We seek comment on this tentative
conclusion and our proposal to require
third-party auditors/certification bodies
to have demonstrable evidence to
support a conclusion that they would be
capable of meeting our requirements, if
accredited. For comments opposing this
requirement, we seek comment on what,
if any, requirements we should put in
place to ensure that a third-party
auditor/certification body seeking
accreditation would be equipped, upon
accreditation, to perform the obligations
required under the program.
c. What competency and capacity
must a third-party auditor/certification
body have to qualify for accreditation?
(Proposed § 1.642). This proposed rule
would require third-party auditors/
certification bodies seeking
accreditation to demonstrate adequate
resources to fully implement their
auditing and certification programs.
Under proposed § 1.642(a), a third-party
auditor/certification body must have
adequate numbers of personnel and
other agents with relevant knowledge,
skills, and experience to effectively
audit for compliance with applicable
FDA requirements and industry
standards and practices and to issue
valid and reliable certifications. The
third-party auditor/certification body
would have to show it has adequate
financial resources for its operations. In
the model accreditation standards, we
will explain the types of expertise and
training we expect third-party auditors/
certification bodies to demonstrate. We
also will explain the types of
documentation that might be used to
demonstrate financial viability.
Standards associated with auditor
competency are critical to international
standards for certification bodies and
are an area of focus for GFSI and other
stakeholders. Audit agents and other
personnel that lack the necessary
knowledge, skills, and abilities will be
unable to perform credible audits and
may result in flawed certification
decisions. ISO/IEC 17021:2011 (Ref. 19),
clauses 7.2.1 and 7.2.2, requires
certification bodies to have personnel
with sufficient competence to manage
their audit and certification work and to
employ, or have access to, sufficient
numbers of auditors and technical
experts to cover the volume and types
of its activities.
Under proposed § 1.642(b), a thirdparty auditor/certification body seeking
PO 00000
Frm 00028
Fmt 4701
Sfmt 4702
to qualify for recognition must
demonstrate that it has the competency
and capacity to adequately audit eligible
foreign entities to determine if they are
in compliance with applicable FDA
requirements and, for consultative
audits, industry standards and practices.
It also must be capable of making
certification decisions that are valid and
reliable, submitting reports and
notifications to FDA in the manner we
propose, and following the procedural
requirements of our program. As
previously explained, a third-party
auditor/certification body will be
authorized to begin auditing and
certification under our program
immediately upon accreditation.
Therefore, it needs to sufficiently
demonstrate its ability to meet the
competency and capacity requirements
of an accredited auditor/certification
body in its application for accreditation.
d. What protections against conflicts
of interest must a third-party auditor/
certification body have to qualify for
accreditation? (Proposed § 1.643). This
proposed rule would require third-party
auditors/certification bodies to have
established programs to safeguard
against conflicts of interest that might
compromise their objectivity and
independence from food facilities they
audit and certify. Proposed § 1.643(a)
would require accreditation bodies
seeking recognition to have written
measures to safeguard against financial
conflicts of interest between the thirdparty auditor/certification body (and its
officers, personnel, and other agents)
and food facilities (and owners and
operators). Without these conflict of
interest requirements, we believe it
would be difficult for a third-party
auditor/certification body to
demonstrate it has adequate
independence, as a third party, in
auditing and certifying food facilities.
The model accreditation standards will
describe appropriate measures to protect
against conflicts of interest.
ISO/IEC 17021: 2011 (Ref. 19), clause
4.2.2, recognizes that payment for
certification services can be a potential
threat to impartiality. Clause 5.2.2
requires auditors/certification bodies to
identify, analyze, and document the
possibilities for conflicts of interest and
how it eliminates or minimizes such
threats.
Under proposed § 1.643(b), a thirdparty auditor/certification body seeking
accreditation must demonstrate its
capability to meet the conflict of interest
requirements that would apply under
§ 1.657, upon accreditation. This
measure is necessary to help ensure that
any auditing and certification activities
conducted after accreditation would be
E:\FR\FM\29JYP4.SGM
29JYP4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
considered objective and independent
under our program.
e. What quality assurance procedures
must a third-party auditor/certification
body have to qualify for accreditation?
(Proposed § 1.644). This proposed rule
would require third-party auditors/
certification bodies seeking
accreditation to have quality assurance
procedures in place. Proposed § 1.614(a)
requires a third-party auditor/
certification body seeking accreditation
to have a written program for
monitoring and assessing the
performance of its officers, personnel,
and other agents. The program must
include procedures for identifying areas
for improvement and quickly executing
corrective actions. The model
accreditation standards will describe
types of quality assurance measures that
may be used to qualify for accreditation.
We considered both international and
domestic standards in developing
proposed § 1.644. ISO/IEC Guide 65:
1996 (Ref. 20), clause 4.7.1, requires
auditors/certification bodies to conduct
periodic internal audits to verify that
their quality systems are implemented
and effective, to take timely and
appropriate corrective actions, and to
document results. The MFPRS (Ref. 12),
which apply domestically, also include
requirements for quality assurance/
internal audit programs that involve
assessment, corrective action, and
continuous improvement.
Proposed § 1.644(b) requires the thirdparty auditor/certification body to
demonstrate it has the capability to meet
the quality assurance requirements of
§ 1.655, for performing annual self-
assessments against our requirements
and reporting the results of such selfassessments.
f. What records procedures must a
third-party auditor/certification body
have to qualify for accreditation?
(Proposed § 1.645). This proposed rule
would require third-party auditors/
certification bodies seeking
accreditation to have written records
procedures in place. Under proposed
§ 1.645(a), a third-party auditor/
certification body would have to
demonstrate that it has written
procedures for establishing, controlling,
and retaining records on its auditing
and certification program and activities.
While we are not proposing that a thirdparty auditor/certification body must
have retained records for a specified
period of time prior to its accreditation,
we believe it is necessary for a thirdparty auditor/certification body to have
maintained records for such length of
time to allow for its program and
performance to be adequately assessed
in determining whether it is qualified
for accreditation. The third-party
auditor/certification body also must
maintain records as required by its
existing legal obligations. The model
accreditation standards will explain
these recordkeeping, document control,
and retention requirements.
In developing proposed § 1.645(a), we
considered the records requirements in
ISO/IEC 17021:2011 (Ref. 19), clause
9.9.1, which requires auditors/
certification bodies to maintain records
on audits and other certification
activities for all clients, including all
organizations submitting applications
45809
and all organizations audited, certified,
or with suspended or withdrawn
certifications. Clause 9.9.4 requires
auditors/certification bodies to have
documented records policies and
procedures for retaining records for the
current cycle and an additional
certification cycle, noting that records
may need to be retained for a longer
period, where required by law.
Proposed § 1.645(b) would require a
third-party auditor/certification body
seeking accreditation to demonstrate its
capability to meet the requirements of
an accredited auditor/certification body,
if accredited. This would include, for
example, capacity for maintaining
records for 4 years, which is the
maximum length for which
accreditation could be granted. It also
requires accredited auditors/
certification bodies to give us routine
access to records of regulatory audits
and, for consultative audits, access to
records in specific circumstances. We
realize that existing third-party
auditors/certification bodies might need
to modify the confidentiality provisions
in their standard contracts with food
facilities. Third-party auditors/
certification bodies applying for
accreditation under this voluntary
program must demonstrate their
capacity to grant us access to relevant
records, upon accreditation, because
records are necessary to ensure the
rigor, credibility, and independence of
the accredited third-party audits and
certification program.
6. Requirements for Accredited
Auditors/Certification Bodies
TABLE 6—PROPOSED REQUIREMENTS FOR THIRD-PARTY AUDITORS/CERTIFICATION BODIES ACCREDITED BY RECOGNIZED
ACCREDITATION BODIES OR BY FDA
Proposed rule
section
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
1.650
1.651
1.652
1.653
1.654
1.655
1.656
1.657
1.658
.............
.............
.............
.............
.............
.............
.............
.............
.............
Title
How must an accredited auditor/certification body ensure its audit agents are competent and objective?
How must an accredited auditor/certification body conduct a food safety audit of an eligible entity?
What must an accredited auditor/certification body include in food safety audit reports?
What must an accredited auditor/certification body do when issuing food or facility certifications?
When must an accredited auditor/certification body monitor an eligible entity with food or facility certification?
How must an accredited auditor/certification body monitor its own performance?
What reports and notifications must an accredited auditor/certification body submit?
How must an accredited auditor/certification body protect against conflicts of interest?
What records requirements must an accredited auditor/certification body meet?
a. How must an accredited auditor/
certification body ensure its audit
agents are competent and objective?
(Proposed § 1.650). This proposed rule
would require an accredited auditor/
certification body to ensure that any
audit agents it uses are competent and
objective. (Where an accredited auditor/
certification body is an individual, the
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
determination of whether such auditor/
certification body is competent and
objective will be made as part of the
accreditation decision.)
Proposed § 1.650(a)(1) and (a)(2)
require an accredited auditor/
certification body to use audit agents
that have knowledge and experience to
conduct food safety audits within the
PO 00000
Frm 00029
Fmt 4701
Sfmt 4702
scope of its accreditation. We believe
that competency and independence
cannot be demonstrated solely by
records or by an interview. We have
tentatively concluded that a
determination of competency must be
based in part on observations of the
audit agent conducting food safety
audits that use the requirements of the
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
45810
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
FD&C Act as the standard against which
eligible entities are audited.
We recognize that many audit agents
currently are being assessed for their
performance in conducting audits under
private food safety schemes. However,
section 808(a)(7) of the FD&C Act
clearly states that regulatory audits
performed under this system must
assess firms for compliance with the
FD&C Act and the results of such audits
are to be used to determine whether
certification may be issued. Even
consultative audits for internal purposes
must include assessments of compliance
with the FD&C Act, although they also
include audits on industry standards
and practices. For these reasons, we are
proposing to require that audit agents be
qualified through observation of audits
assessing compliance with the FD&C
Act.
ISO/IEC Guide 65:1996 (Ref. 20),
clauses 5.1.1 and 5.2.1, require auditors/
certification bodies to establish
minimum criteria for competence to
ensure that personnel are competent for
the functions they perform and that
auditors’/certification bodies’
evaluations and certifications are
carried out effectively and uniformly.
ISO/IEC 17021:2011 (Ref. 19), clause
7.1.3, requires auditors/certification
bodies to have documented processes
for initial competency evaluations and
ongoing monitoring of personnel
performance and competency. Clauses
7.2.11 and 7.2.12 state that the
documented monitoring procedures for
auditors/certification bodies must
include onsite observation at a
frequency based on need determined
from all monitoring information
available (e.g., review of audit reports
and client feedback).
Proposed § 1.650(a)(3) requires audit
agents to participate in annual food
safety training. ISO/IEC 17021:2011
(Ref. 19), clause 7.2.8, requires auditors/
certification bodies to identify training
needs and to offer or provide access to
specific training to ensure competency
of its auditors, technical experts, and
personnel. The FDA MFRPS (Ref. 12),
Standard Two, requires each State
inspector to receive 36 contact hours of
classroom training and participate in at
least two joint or audit inspections with
a qualified trainer, every 3 years.
Proposed § 1.650(a)(4) requires the
accredited auditor/certification body to
ensure that its audit agents have no
conflicts of interest with the eligible
entity to be audited and is in
compliance with the conflicts of interest
requirements of § 1.657. Section
808(c)(5)(B) of the FD&C Act prohibits
audit agents from owning or operating
an eligible entity to be audited by such
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
agent. Accredited certification bodies
also are required to have procedures to
ensure against using any of its officers
or employees that has a financial
conflict of interest regarding an eligible
entity to be certified by the certification
body under section 808(c)(5)(A) of the
FD&C Act. We believe that proposed
paragraph (a)(4) is an appropriate way to
implement these requirements.
The language in proposed
§ 1.650(a)(4) also is consistent with
existing international standards,
including ISO/IEC Guide 65:1996 (Ref.
20), clause 5.2.2, which requires
personnel to agree to comply with the
auditor’s/certification body’s conflict of
interest rules and to declare any prior or
present association with a supplier or
designer of products they are to be
assigned to audit or certify. ISO/IEC
17021:2011 (Ref. 19), clause 5.2.12,
states that certification body personnel
who could influence certification
activities must act impartially and must
not allow commercial, financial, or
other pressures to compromise
impartiality.
Proposed § 1.650(a)(5) requires audit
agents to agree to notify their
certification bodies immediately upon
discovering, during a food safety audit,
any condition that could cause or
contribute to a serious risk to the public
health, cross-referencing proposed
§ 1.656(c), which requires the accredited
auditor/certification body to
immediately notify FDA of such
condition. Proposed § 1.650(a)(5)
reflects the language of section
808(c)(4)(A) and (c)(4)(B) of the FD&C
Act, which require notification based on
conditions found during an audit and
identifies ‘‘audits’’ as both consultative
and regulatory audits. To ensure that
roles and responsibilities of the audit
agent and accredited auditor/
certification body are clearly delineated,
proposed § 1.650(a)(3) places the audit
agent under an obligation to report to its
auditor/certification body immediately
upon discovering a notifiable condition.
(Having been informed by its agent, the
accredited auditor/certification body
must immediately notify FDA, under
proposed § 1.656(c).)
ISO/IEC Guide 65: 1996 (Ref. 20),
clause 5.2.2, requires auditor/
certification body personnel to sign a
contract or other commitment by which
they agree to comply with the
certification body rules, which often
include confidentiality requirements.
The legal obligation to alert FDA, as a
regulator, of a notifiable condition is a
new requirement. Voluntary notification
is not a common practice of third-party
auditors/certification bodies. We believe
the statutory notification requirement is
PO 00000
Frm 00030
Fmt 4701
Sfmt 4702
of such importance to our program that
an individual serving as an audit agent
should agree to notify its accredited
auditor/certification body upon finding
any condition meeting the notification
criteria of section 808(c)(4)(A) of the
FD&C Act. We believe this will help
ensure that audit agents and accredited
auditors/certification bodies are aware
of the notification requirements for food
safety audits conducted under the FDA
program.
Proposed § 1.650(b) contains
additional requirements that the
accredited auditor/certification body
must meet before assigning any
individual acting as its audit agent to
conduct an audit of a particular eligible
entity. This requirement is intended to
ensure that each food safety audit
assigned to an audit agent is conducted
by a qualified audit agent. Put another
way, in order to meet proposed
§ 1.650(b), an accredited third-party
certification body would have to ensure
not only that a food safety audit is
within the scope of its accreditation but
also that the audit is within the scope
of qualifications of any audit agent the
certification body assigns to conduct it.
Clauses 7.1.1 and 7.1.2 of ISO/IEC
17021: 2011 (Ref. 19) require auditors/
certification bodies to ensure that their
personnel have appropriate relevant
knowledge and set competence criteria
of required knowledge and skills
necessary to effectively perform audit
and certification tasks to achieve the
intended results. Clause 7.2.7 requires
the auditor/certification body to use
auditors and technical experts only for
those certification activities (including
audits) where they have demonstrated
competence. Similarly, ISO/IEC Guide
65:1996 (Ref. 20), clause 5.1.1, requires
auditors’/certification bodies’ personnel
to be competent for the functions they
perform.
Proposed § 1.650(c) imposes
additional statutory restrictions on audit
agents conducting regulatory audits.
Under section 808(c)(4)(C) of the FD&C
Act, an audit agent may not conduct a
regulatory audit of an eligible entity if
such agent conducted a consultative or
regulatory audit for the same eligible
entity in the preceding 13 months
(except that such limitation may be
waived under proposed § 1.663 if the
accredited auditor/certification body
demonstrates there is insufficient access
to accredited certification bodies in the
country or region where the eligible
entity is located.)
We seek comment on the
requirements we propose to ensure that
audit agents as competent and objective
and on any other requirements
necessary to achieve this objective. In
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
particular, we seek input on whether we
should place other requirements or
limitations to help ensure auditor
competency. Any recommendations that
are based on common industry
standards or practices should be so
identified.
b. How must an accredited auditor/
certification body conduct a food safety
audit of an eligible entity? (Proposed
§ 1.651). This proposed rule would
establish requirements for the conduct
of consultative and regulatory audits by
accredited auditors/certification bodies.
Proposed § 1.651 implements section
808(c)(3) of the FD&C Act regarding
audit reports and sets out requirements
we believe are necessary for planning
and conducting audits in a manner that
fulfills the purposes of section 808 of
the FD&C Act, including ensuring that
audits are of sufficient rigor to allow us
to rely on the certifications that issue
based on the results of such audits.
Proposed § 1.651(a) requires
accredited auditors/certification bodies
to obtain basic information from the
eligible entity about the type and nature
of the requested audit, which will allow
the accredited auditor/certification body
to determine whether: (1) The requested
audit is within the scope of its
accreditation and which of its audit
agents would be qualified to conduct
the audit; (2) whether any conflicts of
interest prevent it from conducting an
audit; or (3) whether any other
limitations apply, such as the 13-month
limit described in proposed § 1.650(c).
ISO/IEC Guide 65:1996 (Ref. 20), clause
8.2.1, is similar, requiring auditors/
certification bodies to ensure that their
clients complete a signed application
that describes the scope of the desired
certification and to provide information
on the products to be certified, the
certification system, and the
certification standards, if known. The
information we propose to require
under § 1.651(a) is essential for ensuring
that the accredited auditor/certification
body (and any audit agent assigned) has
the appropriate qualifications to
conduct the food safety audit.
Proposed § 1.651(a) also requires the
auditor/certification body to obtain the
eligible entity’s operating schedule for a
30-day window, including information
relevant to the scope and purposes of
the audit. This information will help
accredited auditors/certification bodies
in meeting the requirements of section
808(c)(5)(C)(i) of the FD&C Act for
‘‘unannounced’’ food safety audits.
Having the facility’s operating schedule
for a certain period of time will allow
the auditor/certification body to
determine when to appear at the facility
to conduct a food safety audit under
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
proposed § 1.651(b). ISO/IEC
17021:2011 (Ref. 19) has several
provisions on audit planning, such as
clause 9.1.2.1, which requires them to
establish an audit plan for each audit.
The requirement to provide a
production schedule to enable audit
planning also is a feature of the British
Retail Consortium’s Global Standard for
Food Safety (BRC scheme) (Ref. 32). In
advance of an audit, a facility subject to
audit under the BRC scheme (Ref. 32)
may be asked to provide, among other
things, a production schedule and
typical shift pattern to allow planning to
cover relevant processes.31
Proposed § 1.651(b) would require
accredited auditors/certification bodies
to develop contracts or other
arrangements granting them adequate
authority to conduct unannounced
audits, access records and any area in
the facility relevant to the scope of the
audit, use an accredited laboratory for
analytical results, notify FDA of a
condition that could cause or contribute
to a serious risk to the public health,
prepare and submit audit reports, as
appropriate, and allow FDA to observe
any food safety audit it conducts. This
provision is intended to help ensure
that the auditor/certification body has
such access to areas within the facility
and records maintained by the eligible
entity as is necessary to conduct a
rigorous food safety audit. Proposed
§ 1.651(b) also ensures that that auditor/
certification body has authority to use a
laboratory accredited under section 422
of the FD&C Act to perform analytical
work, and authority to provide any
reports and the notifications that must
be submitted to us under this subpart.
Under clause 8.6.1(d)(2) of ISO/IEC
17021:2011 (Ref. 19), auditors/
certification bodies must require
prospective clients to make all
necessary arrangements for the conduct
of the audits, including for examining
records and access to all processes,
areas, records, and personnel. An
application for certification must
include a statement that the applicant
agrees to supply any information
needed for evaluation of the products to
be certified, under clause 8.2.1(b) of
ISO/IEC Guide 65:1996 (Ref. 20).
Proposed § 1.651(c) addresses the
protocols for food safety audits under
this rule. The audit must be conducted
in a manner consistent with the
identified scope and purpose of the
audit, on an unannounced basis as
31 Section III, Part I, Clause 7.2 states that a
certification body may request ‘‘production
schedules, to allow audits to cover relevant
processes, for example night-time manufacture or
where production processes are not carried out each
day’’ and ‘‘typical shift patterns.’’
PO 00000
Frm 00031
Fmt 4701
Sfmt 4702
45811
required by section 808(c)(5)(C)(i) of the
FD&C Act, and must be sufficiently
rigorous to give confidence in the
reliability and validity of the audit
outcomes.
ISO/IEC 17021:2011 (Ref. 19), clause
9.1.9.5.1, requires that information
relevant to the audit objectives, scope,
and criteria be collected by appropriate
sampling and verified to become audit
evidence. Information may be collected
through observation, records review,
and interviews. Under clause 9.1.9.6,
audit findings, summarizing conformity
and detailing nonconformity and its
supporting audit evidence must be
recorded and reported to enable an
informed certification decision.
Proposed § 1.651(c) requires the
facility audit portion of the food safety
audit to be conducted at an appropriate
time within the 30 days covered by the
operating schedule provided by the
eligible entity under proposed
§ 1.651(a)(1)(ii).
Though most private food safety audit
standards rely on announced audits, the
BRC scheme (Ref. 32) has protocols for
both announced and unannounced
audits.32 An unannounced audit under
the BRC scheme may be conducted in 2
parts, with the ‘‘Good Manufacturing
Practices-type audit’’ unannounced and
occurring prior to a records review,
which may be a planned visit.
We considered several factors in
developing the audit protocols in
proposed § 1.651(c), including the 2-part
BRC unannounced audit protocol. We
have tentatively concluded that it is
reasonable and appropriate to interpret
the ‘‘unannounced audit’’ requirement
of section 808(c)(5)(C)(i) of the FD&C
Act to apply to the onsite facility
assessment portion of a food safety
audit. We have further concluded that
an accredited auditor/certification body,
equipped with a 30-day facility
operating schedule, would have
adequate opportunity to plan and
conduct an unannounced facility audit.
We anticipate that an eligible entity
seeking a food safety audit would sign
a contract with an accredited auditor/
certification body at eligible entity (e.g.,
its headquarters), where some or all of
the relevant records of the entity would
be maintained. We think it is
appropriate and efficient to allow an
auditor/certification body to review
records maintained at the eligible entity
on the same day that the contract is
signed, even though the signing of the
contract is a planned event.
32 The BRC scheme (Ref. 32) only allows facilities
that have achieved sufficiently high scores on
announced audits to be audited under the
unannounced protocol.
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
45812
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
We propose to sequence our audit
protocol different than that of the BRC,
in that we would allow the planned
records review to occur prior to the
unannounced onsite facility audit. We
believe it will be important for
accredited auditors/certification bodies
to gather information about the facility
before going onsite to audit it.
(Unannounced audits under the BRC
scheme occur only after an announced
audit has been conducted, which allows
the auditors/certification bodies to
become familiar with the facility and its
records before conducting an
unannounced audit.) Accredited
auditors/certification bodies operating
under the FDA program would have a
limited opportunity, if any, to gain
knowledge about a facility prior to
conducting an unannounced audit. For
this reason, we believe that accredited
auditors/certification bodies under the
FDA program should sequence the
unannounced audit differently than the
2-part BRC unannounced audit. We
propose to require accredited auditors/
certification bodies to first review an
eligible entity’s management systems
(e.g., records) before conducting an
onsite food safety audit at the facility.
We believe that the requirement for
unannounced audits will help provide
confidence in our program. It helps
ensure that food facilities will remain
‘‘audit ready.’’ It also reinforces the
independence of the accredited auditor/
certification body.
We seek comment on our proposed
approach for ‘‘unannounced’’ audits,
including whether it is feasible and
appropriate. We also request
information on current industry practice
on arranging audits—e.g., does industry
commonly provide an auditor/
certification body information about its
operating schedule? If not, what other
means are used to ensure that the
auditor/certification body visits a
facility at the appropriate time to
conduct the requested activities? For
comments suggesting other approaches,
we request information on the practical
implications of the recommended
alternate approach(es).
c. What must an accredited auditor/
certification body include in food safety
audit reports? (Proposed § 1.652). This
proposed rule would implement the
audit reporting requirements of section
808 of the FD&C Act and describes the
elements of consultative and regulatory
audit reports that we believe would be
appropriate.
As required by section 808(c)(3) of the
FD&C Act, proposed § 1.652(a) requires
a report of a consultative audit be
prepared not later than 45 days after the
audit was completed. Proposed
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
§ 1.652(a) also sets requirements for the
content of reports of consultative audits,
based on the content required by section
808(c)(3)(A)(i) through (c)(3)(A)(iv) of
the FD&C Act: (1) The identity of the
persons at the eligible entity responsible
for compliance with food safety
requirements; (2) the dates and scope of
the audit; and (3) any other information
we require that relates to or may
influence an assessment of compliance
with the FD&C Act.
ISO/IEC 17021:2011 (Ref. 19), clause
9.1.10.2, requires audit reports to
provide an accurate, concise, and clear
record of the audit to allow for informed
certification decisions and include or
refer to the name and address of the
client, the type of audit, the audit scope,
the dates and places where audit
activities were conducted, audit
findings, evidence, and conclusions,
consistent with the requirements of the
type of audit, and any unresolved
issues, if defined.
Under proposed § 1.652(a)(1) and
(a)(2), we propose to require that the
following identifying information for
the facility and the eligible entity (if it
differs from the facility) that chooses to
participate in the voluntary third-party
certification program be included in the
consultative audit report: Name,
address, and a unique facility identifier
(UFI), as required by FDA.
We are proposing to require this
information to help ensure that we have
comprehensive, accurate, and up-to-date
on eligible entities and audited facilities
that chose to participate in the program,
which will allow us to conduct efficient
and effective oversight of the program.
Firm name and address alone may not
provide sufficient information to allow
us to correctly identify an eligible
foreign entity, such as a farm that is not
subject to the FDA facility registration
requirements and that may be located in
a remote area in the foreign country. An
UFI could help us with eligible entities
and facilities that would otherwise be
difficult to identify or locate.
After considering the types of
information available, we have
tentatively concluded that an UFI
should include two elements: (1) A
common business identifier, and (2)
information on the firm’s geographic
location. For the business identifier, we
believe the Data Universal Numbering
System (D–U–N–S®) numbers system is
appropriate because it is a commonly
used international business entity
listing system under which a company
can obtain, at no charge, a unique
identification number for its business.
D–U–N–S® numbers are distinct, sitespecific, 9-digit numbers that would
allow us to identify and verify certain
PO 00000
Frm 00032
Fmt 4701
Sfmt 4702
business information, e.g., its trade
names, the name of each corporate
officer and director, and additional
ownership information that may be
useful in determining possible conflicts
of interest between eligible entities and
accredited auditors/certification
bodies.33 The use of D–U–N–S®
numbers, as a unique numerical
identification system, is less prone to
mistake or ambiguity than the use of an
eligible entity’s or facility’s name and
address. Similarly, geographic
information, such as Global Positioning
System (GPS) coordinates, would
identify precisely where a facility or
eligible entity (if different) is located.
We believe this is a necessary element
of a UFI, particularly for facilities such
as farms that are not required to register
with us under §§ 1.225 through 1.243
and that may be difficult to locate by
street address. We expect that
accredited auditors/certification bodies
that are qualified to participate in our
program likely would already own GPS
units or would be adequately resourced
to purchase them.
Proposed § 1.652(a)(3) and (a)(4)
requires reports of consultative audits to
include the contact information for the
person(s) responsible for food safety
compliance, the dates and scope of the
consultative audit, both of which are
statutory requirements.
Proposed § 1.652(a)(5) requires
information on any deficiencies
observed during the audit that require
corrective action and the date on which
such corrective actions were completed.
ISO/IEC 17021:2011 (Ref. 19), clause
9.1.11, states that [audit/]certification
bodies must require their clients to
analyze the cause of nonconformities
and the corrective actions to address
such nonconformities within a defined
time. [Auditors/]certification bodies
must verify and document the
effectiveness of the corrective actions
based on document review or, where
necessary, onsite verification or
additional audits under clauses 9.1.12
and 9.1.13. Proposed § 1.652(a)(5)
would require such documentation be
included in the consultative audit
report.
Proposed § 1.652(b) requires an
accredited auditor/certification body to
prepare a report of a regulatory audit
and submit it to us electronically, in
English, within 45 days after conducting
such audit, as mandated by section
808(c)(3) of the FD&C Act. We have
33 D–U–N–S® numbers are assigned by Dun &
Bradstreet and maintained in their database of
D–U–N–S® numbers. If the D–U–N–S® Number for
a location has not been assigned, a business may
obtain one for no cost directly from Dun &
Bradstreet (https://www.dnb.com).
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
tentatively concluded that electronic
submission of regulatory audit reports,
written in English, will help ensure we
have ready access to information needed
for monitoring and oversight of the
program. Proposed § 1.652(b) also
requires auditors/certification bodies
accredited by recognized accreditation
bodies to submit each regulatory audit
report to the accrediting body in the
same timeframe and manner as it is
submitted to us. We believe that this
information is important to recognized
accreditation bodies in conducting
monitoring and oversight of the
auditors/certification bodies they
accredit, including monitoring required
by proposed § 1.621, and in assessing its
own performance of accreditation
activities under proposed § 1.622.
The report of a regulatory audit must
contain all of the data elements required
for reports of consultative audits under
proposed § 1.652(a). Proposed § 1.652(b)
requires that regulatory audit reports
contain the following additional data
elements: (1) The FDA registration
number assigned to the facility, where
applicable; (2) the process(es), food(s),
and facility observed during the audit;
and (3) information on sampling and
laboratory analysis, recent food recalls,
recent significant changes at the facility,
and any food or facility certifications
recently issued to the entity. We discuss
each of these additional data elements.
FDA Registration Number: Having an
audited facility’s FDA registration
number, where required, will allow us
to verify (and to correct, where
necessary) registration information in
our database. This will help us in
overseeing this program and in riskbased planning for FDA foreign
inspections.
Process(es) and food(s) observed
during a regulatory audit: In proposed
§ 1.652(b)(4) we require a description of
the process(es) and food(s) observed
during the audit, because we believe
that, otherwise, the description of the
scope of the audit may not provide
sufficient information to allow the
accredited auditor/certification body, its
recognized accreditation body, or us to
determine whether the certification
matches the scope of the audit stated
and, furthermore, whether the stated
scope of the audit matches the scope of
auditor’s/certification body’s
accreditation. In sum, the description of
the process(es) and food(s) subject to
regulatory audit help to verify the
validity of any food or facility
certifications issued as a result of the
regulatory audit.
Sampling and analysis: Proposed
§ 1.652(b)(8) requires information on
whether the entity uses sampling and
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
laboratory analysis (e.g., under a
microbiological sampling plan) as part
of the facility’s preventive control plan.
We are not proposing to require the
accredited auditor/certification body to
include the results of such sampling and
analysis in the regulatory audit report.
Information on whether a facility uses
sampling and laboratory analysis helps
identify how the facility has chosen to
verify its preventive controls.
Recalls during the preceding 2 years:
Proposed § 1.652(b)(9) requires
information on whether the entity
issued a food-safety related recall of an
article of food from the facility during
the 2 years preceding the audit and, if
so, any such article(s) recalled and the
reason(s) for the recall(s). We believe
this is an important element of a
regulatory audit for certification
purposes, because it may be relevant in
helping us to determine whether to
accept a certification or other assurance
by an accredited auditor/certification
body for purposes of admitting a food
into the United States under section
801(q) of the FD&C Act. Recent food
safety-related recalls might call into
question the reliability of any food
certifications issued to the facility.
Recall information also may be relevant
to the risk factors used to determine
VQIP eligibility.
Recent significant changes: Proposed
§ 1.652(b)(10) requires submission of
information regarding whether, during
the 2 years preceding the audit, the
entity made a significant change in the
activities conducted at the facility, if
such change creates a reasonable
potential for a new hazard or a
significant increase in a previously
identified hazard. For example, a new
hazard might arise if a facility began to
process a different type of commodity or
began to package an existing product in
a different way (e.g., going from a
canned product to a vacuum-packed
ready-to-eat product).
We developed this criterion based on
the language in section 418(i) of the
FD&C Act, regarding conditions that
trigger a requirement to reanalyze
hazards under section 418(b) of the
FD&C Act (21 U.S.C. 350g(b) and (i)), as
described in the Preventive Controls
proposed rule. While the types of
facilities that may be audited are not
limited to facilities subject to the
proposed preventive controls
regulations, we nonetheless believe the
language set out in the statute sets the
appropriate boundaries for proposed
§ 1.652(b)(9). We have tentatively
concluded that the type of information
that has relevance for reanalysis of
hazards in a facility under the
Preventive Controls proposed rule is the
PO 00000
Frm 00033
Fmt 4701
Sfmt 4702
45813
same type of information that has
relevance for the conduct of a regulatory
audit of a facility under this rule. We
invite comment on this tentative
conclusion. For comments that oppose
this criterion, we seek comment on
whether any other information on
facility changes has relevance for our
oversight and, if so, we seek alternative
language for proposed § 1.652(b)(9).
Prior certifications: Proposed
§ 1.652(b)(11) requires regulatory audit
reports to contain information on any
food or facility certifications issued to
the entity during the 2 years preceding
the audit, where available. The
information must include the scope and
duration of each such certification. This
information is a helpful in verifying
certifications submitted to us by
importers for purposes of VQIP
eligibility or as required to accompany
food for which certification is a
condition of admission under section
801(q) of the FD&C Act. It also verifies
the activities of an accredited auditor/
certification body under this program,
which should be documented in the
records of the accredited auditor/
certification body under proposed
§ 1.658.
Proposed § 1.652(c) explains that an
accredited auditor/certification body
must submit a report, as required by
paragraph (b), for each regulatory audit
it conducts, regardless of whether
certification issued as a result. This
requirement is consistent with section
808(c)(3)(A) of the FD&C Act, which
requires all regulatory audit reports to
be submitted. That statutory provision is
not limited to reports of regulatory
audits where certifications were issued.
Proposed § 1.652(d) requires
accredited certification bodies to
implement written procedures for
receiving and addressing challenges
from eligible entities contesting adverse
regulatory audit results and requires
them to maintain records of such
challenges under § 1.658. ISO/IEC
17021:2011 (Ref. 19) requires auditors/
certification bodies to have a
documented process to receive,
evaluate, and make decisions on
complaints relating to certification
activities under clause 9.8.4., as well as
a documented process for handling
appeals under clause 9.7.1.
d. What must accredited auditor/
certification body do when issuing food
or facility certifications? (Proposed
§ 1.653). This proposed rule describes
the activities that an accredited auditor/
certification body would have to
perform when issuing food and facility
certifications. It is based on the language
in section 808(c)(2)(C) (requiring a
regulatory audit and such other
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
45814
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
necessary activities) and (c)(5)(C)(i)
(requiring unannounced audits) of the
FD&C Act.
Proposed § 1.653(a) specifies that the
certification body must have conducted
a regulatory audit meeting the
requirements of proposed § 1.651,
including verification of corrective
actions and using an accredited
laboratory, subject to the requirements
of the laboratory accreditation program
we implement under that provision (21
U.S.C. 350k).
ISO/IEC 17021:2011 (Ref. 19) requires
auditors/certification bodies to use
certain information in considering
certification decisions: Audit reports;
comments on nonconformities and
corrective actions (if any); verified
application information; and the audit
agent’s recommendation on
certification, including any conditions
or observations. The auditor’s/
certification body’s decision must be
based on an evaluation of the audit
findings and conclusions and any other
relevant information, such as public
information and the client’s comments
on the audit report.
Proposed § 1.653(b) sets out the
requirements for issuance of
certification. As with other submissions
under this rule, we propose to require
certifications to be submitted
electronically and in English. Proposed
paragraph (b)(2) describes the minimum
elements of a certification: Identifying
information for the accredited auditor/
certification body, the eligible entity to
which certification was issued
(including its unique facility identifier),
and the facility (if different from the
eligible entity); the scope and date(s) of
the regulatory audit and the name of the
audit agent conducting it, where
applicable; and the scope of the
certification, its date of issuance, and its
date of expiration. These are the
minimum elements we believe
necessary for us to link the certification
to an importer in the VQIP program
under section 806 of the FD&C Act or
to a food subject to mandatory
certification under section 801(q) of the
FD&C Act. Moreover, these data
elements will help us determine
whether the certification is valid and
reliable or should be refused under
section 801(q)(4)(B) of the FD&C Act.
e. When must an accredited auditor/
certification body monitor an eligible
entity with food or facility certification?
(Proposed § 1.654). This proposed rule
would require accredited auditors/
certification bodies to monitor eligible
entities in certain circumstances. Under
proposed § 1.654, an accredited auditor/
certification body is required to conduct
monitoring of an eligible entity if the
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
auditor/certification body has reason to
believe that an eligible entity to which
it issued a certification may no longer be
in compliance with the FD&C Act.
In developing proposed § 1.654, we
considered international standards. ISO/
IEC Guide 65: 1996 (Ref. 20), clause
13.1, requires auditors/certification
bodies to have documented procedures
for surveillance under applicable
criteria. Under clause 13.2, auditors/
certification bodies must determine
whether changes, such as a client’s
intended changes in manufacturing
processes, require further investigation.
ISO/IEC 17021:2011 (Ref. 19), clause
9.3, requires auditors/certification
bodies to develop their surveillance
activities so that representative areas
and functions are regularly monitored.
Surveillance may include onsite audits.
While we are not proposing to require
regular surveillance of certified eligible
entities, we believe requiring an
accredited auditor/certification body to
conduct monitoring when it has ‘‘reason
to believe’’ that the entity is no longer
in compliance with the FD&C Act
strikes an appropriate balance.
Proposed § 1.654 requires the
accredited auditor/certification body to
immediately notify us under proposed
§ 1.656(d) if it determines that the entity
to which it issued certification is out of
compliance with the FD&C Act. We
believe that such notification is
necessary to ensure the protection of the
public health and to maintain the
credibility of the program, particularly
in light of the use of such certifications:
To allow admission of a food subject to
mandatory certification based on a
determination of safety risk, under
section 801(q) of the FD&C Act, and to
allow importers to participate in a
program giving them expedited review
and entry of product from a certified
facility, under section 806 of the FD&C
Act.
f. How must an accredited auditor/
certification body monitor its own
performance? (Proposed § 1.655). This
proposed rule would require accredited
auditors/certification bodies to conduct
self-assessments annually and following
revocation of the recognition of its
accreditation body. Proposed § 1.655(a)
requires an accredited auditor/
certification body prepare a report of the
results of each self-assessment. The
report must address the performance of
its officers, employees, or other agents
in activities under this subpart. For
audit agents in particular, the accredited
auditor/certification body must report
on whether its audit agents, during food
safety audits, focused on the elements of
production, manufacturing, processing,
packing, and holding of food that pose
PO 00000
Frm 00034
Fmt 4701
Sfmt 4702
the most significant risks to human and/
or animal health.
Under proposed § 1.655(a), the selfassessment report must evaluate the
degree of consistency among its officers,
employees, or other agents in
performing activities under this subpart.
(With audit agents, this is frequently
called ‘‘auditor correlation.’’) In
addition, the report must assess
compliance with the conflict of interest
requirements of § 1.657, actions taken
based on assessments by FDA or its
recognized accreditation body, and must
address any other aspects of
performance relevant to a determination
of compliance, if requested by FDA.
Proposed § 1.655(b) states that, in
conducting its self-assessment, an
accredited auditor/certification body
may assess the compliance of one or
more of the eligible entities it certified,
as a means to evaluate its performance.
Under proposed § 1.655(c), the auditor/
certification body must quickly execute
appropriate corrective actions when
problems are identified during a selfassessment under paragraphs (a) or (b)
and must maintain records documenting
the completion of such actions under
proposed § 1.658. In addition, proposed
§ 1.655(d) describes the contents of the
written reports of its self-assessments,
including describing any corrective
actions taken based on its selfassessments and stating the extent of its
compliance with conflict of interest
requirements and other applicable
requirements of this rule.
ISO/IEC Guide 65:1996 (Ref. 20),
clause 4.7.1, requires auditors/
certification bodies to conduct periodic
internal audits covering all of its
procedures and to ensure that personnel
responsible for the area audited are
informed of the audit outcome, timely
and appropriate corrective actions are
taken, and audit results are
documented. Additionally, clause 4.7.2
requires the management with executive
responsibility to review its quality
systems at sufficiently short intervals to
ensure its continuing suitability and
effectiveness.
The FDA MFRPS (Ref. 12) have
elements requiring States to conduct
periodic self-assessments of its
manufactured food regulatory program
against the criteria we established.
These self-assessments are designed to
identify the strengths and weaknesses of
the State program by determining the
level of conformance with the program
standards and are independently
verified through an audit. Records
documenting the results of the selfassessment must be maintained. We
have tentatively concluded that selfassessments would serve a similarly
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
important role for accredited auditors/
certification bodies under our
accredited third-party audits and
certification program.
g. What reports and notifications must
an accredited auditor/certification body
submit? (Proposed § 1.656). This
proposed rule would establish
requirements for various reports and
notifications that accredited auditors/
certification bodies would have to
submit to FDA. Proposed § 1.656(a)
requires accredited auditors/
certification bodies to submit regulatory
audit reports no later than 45 days after
completing such audit. This
requirement is based on section
808(c)(3)(A) of the FD&C Act, which
requires submission of regulatory audit
reports as a condition of accreditation.
The regulatory audit report must be
submitted electronically, in English,
contain the information required by
proposed § 1.652(b). The requirement
for electronic submissions, in English
language, is required consistently
throughout this rule, for the reasons
explained in section IV.3.c and IV.3.d.
Under proposed § 1.656(b), an
accredited auditor/certification body
must submit its annual self-assessment
report to its accreditation body (or, in
the case of direct accreditation, to us) no
later than 45 days after the anniversary
date of its accreditation under this
program and, for reports required
following revocation of its accreditation
body’s recognition, within 2 months of
the revocation. The self-assessment
report, which is required by § 1.655,
must be submitted electronically, in
English, and must include an up-to-date
list of any audit agents the certification
body uses to conduct audits under this
subpart. As explained in the discussion
of proposed § 1.621, we believe that the
results of such assessments will be
helpful to us in performing our
monitoring of not only the accredited
auditor/certification body itself, but also
the recognized accreditation body that
accredited it, where applicable.
Monitoring of recognized accreditation
bodies and accredited third-party
auditors/certification bodies is required
by section 808(f)(2) of the FD&C Act.
Having information about deficiencies
the accredited auditor/certification body
identified in its own performance and
program, together with the corrective
actions that were implemented to
address such deficiencies helps us target
our monitoring activities. Moreover, the
results of self-assessments across a
number of accredited auditors/
certification bodies will help us identify
trends in program performance and may
offer an early signal of potential issues
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
for the Agency to address at the program
level.
Proposed § 1.656(c) requires an
accredited auditor/certification body to
immediately notify us when any audit
agent or the auditor/certification body
itself, discovers during an audit any
condition that could cause or contribute
to a serious risk to the public health.
This notification is required by section
808(c)(4) of the FD&C Act, which
identifies certain information that must
be contained in the notification.
Based on that requirement and the
authority granted to us to issue
regulations for the efficient enforcement
of its authority, under section 701(a) of
the FD&C Act, proposed § 1.656(c)
requires such notification to include the
following: (1) The name and address of
the facility where the condition was
discovered; (2) the FDA registration
number assigned to the facility, where
applicable; (3) the name and address of
the eligible entity, if different from that
of the facility; and (4) the condition that
could cause or contribute to a serious
risk to the public health and for which
notification is required.
Information on the identity of the
entity and the notifiable condition is
required by section 808(c)(4) of the
FD&C Act. The other data elements we
propose to require are essential for us to
take immediate and necessary steps to
protect the public health. In the event
that the facility where the condition was
discovered is different than the eligible
entity, or is at a different location, we
need to know the name and address of
the facility so that we can interact
directly with the facility. Knowing the
facility’s FDA registration number
(where required) helps us quickly
assemble relevant information we
possess, including information from our
foreign regulatory partners. The data
elements required for notification under
§ 1.656(c)(1), (c)(2), and (c)(3) offer the
minimum information we believe
necessary to allow the Agency to
determine the appropriate course of
action with respect to the situation.
We note that section 808 of the FD&C
Act does not define ‘‘serious risk to the
public health,’’ nor does it give
examples of ‘‘condition[s] that could
cause or contribute to a serious risk to
the public health.’’ The statutory
description of notifiable conditions—as
ones that ‘‘could’’ cause or contribute to
a serious risk to public health—suggests
to us that the scope of this provision is
broad. In developing these proposed
implementing regulations, we looked for
the precise phrase, ‘‘cause or contribute
to a serious risk to the public health’’
elsewhere in the FD&C Act, but did not
find it there (21 U.S.C. 301 et seq.). In
PO 00000
Frm 00035
Fmt 4701
Sfmt 4702
45815
considering section 808 of the FD&C Act
as a whole, we noted that the provision
giving us access to records associated
with consultative audits crossreferences section 414 of the FD&C Act
(21 U.S.C. 350c). Section 414 of the
FD&C Act, among other things, gives us
access to records if we have a reasonable
belief that an article of food, and any
other article of food that we reasonably
believe is likely to be affected in a
similar manner, is adulterated and
presents a threat of serious adverse
health consequences or death to humans
or animals (SAHCODHA) (21 U.S.C.
350c(a)). Although Congress chose to
incorporate SAHCODHA by referencing
section 414 of the FD&C Act as authority
for us to access records of consultative
audits under section 808(c)(3)(C) of the
FD&C Act, Congress did not use the
SAHCODHA standard in describing the
types of conditions that could cause or
contribute to a serious risk to the public
health and that must be reported to FDA
under section 808(c)(4)(A) of the FD&C
Act. We believe Congress intended the
standard for notification to be a different
standard than SAHCODHA.
We invite comment from interested
parties interpreting the notification
standard in section 808(c)(4)(A) of the
FD&C Act and providing examples of
circumstances that stakeholders believe
do and do not rise to the level of a
‘‘condition that could cause or
contribute to a serious risk to the public
health.’’ We are particularly interested
in receiving input on whether our
existing Class I and Class II recall
standards (Ref. 33), taken together,
might adequately address any condition
covered by section 808(c)(4)(A) of the
FD&C Act. An FDA Class I recall occurs
in a situation in which there is a
reasonable probability that the use of or
exposure to a violative product will
cause serious adverse health
consequences or death. An FDA Class II
recall occurs in a situation in which use
of or exposure to a violative product
may cause temporary or medically
reversible adverse health consequences
or where the probability of serious
adverse health consequences is remote.
We also note that international
standards for [auditors/]certification
bodies have exceptions to
confidentiality agreements where
disclosure is required by law. For
example, ISO/IEC Guide 17021:2011
(Ref. 19), clause 8.5.3, requires an
auditor/certification body that is
required by law to release confidential
information to a third party, to notify
the client before providing such
information to a third party, ‘‘unless
regulated by law.’’ Based on section
808(c)(4)(A) of the FD&C Act, which
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
45816
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
requires that the accredited third-party
certification body ‘‘immediately’’ notify
us, proposed § 1.656(c) requires an
accredited auditor/certification body to
notify us of a serious risk to public
health prior to notifying its client, the
eligible entity. We recommend that
accredited auditors/certification bodies
include a provision explaining this
notification requirement in their
contracts with eligible entities. We
believe this will help ensure that
eligible entities are aware of the
notification requirement and will help
emphasize to the accredited auditors/
certification bodies their obligation to
notify FDA of such condition.
Proposed § 1.656(d) requires an
accredited auditor/certification body to
immediately notify us electronically, in
English, upon withdrawing or
suspending the food or facility
certification of an eligible entity. The
notice must describe the basis for
withdrawal or suspension. We believe
immediate notification of suspension or
withdrawal of certifications is necessary
because of how we use these
certifications: As a condition of granting
admission to a food subject to an risk
determination under section 801(q) of
the FD&C Act and as a criteria for an
importer’s eligibility to participate in
VQIP under section 806 of the FD&C
Act. We realize that certification bodies
currently withdraw and suspend
certifications for a number of reasons,
some of which relate to payment of fees
and others relate to food safety matters.
Therefore, having information on the
fact that a certification has been
withdrawn or suspended, as well as the
reason(s) for the action, allows us to
determine the effect of suspension or
withdrawal on our use of the
certifications under sections 801(a) and
806 of the FD&C Act. Depending on the
reasons for suspension or withdrawal of
certification, we may conduct an
inspection or take other action.
Under proposed § 1.656(e)(1), an
accredited auditor/certification body
that notifies us under proposed
§ 1.656(c) must immediately thereafter
notify the eligible entity where the
condition was discovered. Proposed
§ 1.656(e)(2) requires an accredited
auditor/certification body to notify its
accreditation body (or, in the case of
direct accreditation, to us)
electronically, in English, within 30
days after making any significant change
that may affect its compliance with the
requirements of §§ 1.640 through 1.658.
The notice must describe the purpose of
the change and an explanation for
whether and how the change might
affect its accreditation under this
program. In that proposed § 1.640
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
requires auditors/certification bodies to
maintain compliance with the
requirements of this rule as a condition
of their accreditation, this notification is
necessary for our program oversight. We
will use this information in monitoring
the certification body as required by
section 808(f)(2) of the FD&C Act and
may use the notification (or the failure
to notify under proposed § 1.656(e)(2))
in determining whether to withdraw
accreditation under section 808(c)(6) of
the FD&C Act.
h. How must an accredited auditor/
certification body protect against
conflicts of interest? (Proposed § 1.657).
This proposed rule would require
accredited auditors/certification bodies
to have procedures to ensure against
financial conflicts of interest and to
make annual financial disclosure
statements available to us, as required
by section 808(c)(5)(A) and (c)(5)(B) of
the FD&C Act. Additionally, section
808(c)(5)(C) of the FD&C Act directs us
to issue implementing regulations
including requirements for
unannounced audits, a structure to
decrease the potential for conflicts of
interest (including requirements for
timing and public disclosure of fee
payments), and appropriate limits on
financial affiliations between
certification bodies (and their audit
agents) and eligible entities to be
certified.
Proposed § 1.657 sets out the elements
of a conflict of interest program we
believe are appropriate to implement
this mandate and to ensure the
objectivity and independence of
accredited auditors/certification bodies
necessary for to maintain the credibility
of the program. Proposed § 1.657(a)
requires the accredited auditor/
certification body to have written
program that covers the certification
body itself and any of its officers,
employees, or other agents (e.g., audit
agents) conducting audits or
certification activities under this
program.
Based in large part on section
808(c)(5)(A)(i) of the FD&C Act,
proposed § 1.657(a)(1) prohibits an
accredited auditor/certification body
and its officers, personnel, and other
agents (except for audit agents subject to
paragraph (a)(2)) from owning,
controlling, managing, or otherwise
having a financial interest in an eligible
entity, or an affiliate, parent, or
subsidiary of such entity, to be certified
by the auditor/certification body . The
effect of the language in proposed
§ 1.657(a)(1) would be to prevent a
foreign food firm with its own audit
team from conducting regulatory audits
and issuing certifications for its own
PO 00000
Frm 00036
Fmt 4701
Sfmt 4702
facilities, processes, or products (i.e.,
first-party audits) or for an affiliate or
for its parent or subsidiary (i.e., secondparty audits). Given the multinational
nature and multiple corporate interests
of many food companies, we have
tentatively concluded it is important to
extend the conflict of interest safeguards
in proposed § 1.657 to subsidiaries,
affiliates, and parent organizations. We
seek comment on this tentative
conclusion.
Proposed § 1.657(a)(2) prohibits an
audit agent of an accredited auditor/
certification body from conducting a
food safety audit of an eligible entity, or
an affiliate, parent, or subsidiary of such
entity, that the agent owns or operates.
This provision is largely based on the
section 808(c)(5)(B)(i) of the FD&C Act,
which prohibits an audit agent from
owning or operating an eligible entity to
be audited by the agent, coupled with
language covering financial interests
associated with an affiliate, parent, or
subsidiary of the eligible entity, for the
reasons previously described.
To be clear, proposed § 1.657(a)(2)
does not go so far as to prohibit audit
agents from having any financial
interest in any food company; rather, it
prevents an audit agent from conducting
a consultative or regulatory audit of an
eligible entity or an affiliate, parent, or
subsidiary of such entity, owned or
operated by such agent. We believe that
requiring any audit agent conducting
audits under this program to divest all
interests in FDA-regulated food firms
might unnecessarily limit the pool of
qualified audit agents.
We seek comment on these tentative
conclusions and on the approach we
propose in § 1.657(a)(2), including
whether this approach might
unnecessarily limit the availability of
competent audit agents to conduct
audits under this program and whether
removing the restriction relating to
interests in affiliates, parents, or
subsidiaries might create, or create the
appearance of, bias.
Proposed § 1.657(a)(3) prohibits
officers, employees, or other agents of
an accredited auditor/certification body
from accepting any gift, gratuity, or item
of value from the entity subject to audit.
A gift, gratuity, or item of value would
not include meals of a de minimis value
provided on the premises where the
audit or assessment is being conducted,
recognizing that some facilities may be
remotely located and allowing onsite
meals is appropriate in the interest of
efficiency. We seek comment on
whether to interpret de minimis value
according to the limits for gifts or items
of value applicable to U.S. Government
employees. Proposed § 1.657(a)(3) also
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
allows for authorized officials,
employees, or agents to accept payments
of fees for the audit and certification, as
described in proposed § 1.657(b).
Proposed § 1.657(b) addresses the
requirement, in section 808(c)(5)(C) of
the FD&C Act, to issue implementing
regulations that include a structure to
decrease the potential for conflicts of
interest, including timing and public
disclosure, for fees paid by eligible
entities to accredited third-party
certification bodies. After considering
this statutory provision, we have
tentatively concluded that an
appropriate structure to decrease the
potential for conflicts of interests
between an eligible entity and an
accredited auditor/certification body
would be one in which there was public
disclosure of the point at which the
entity paid fees for audit and
certification services. Proposed
§ 1.657(b) provides that that payment of
such fees does not constitute a covered
financial conflict of interest.
Proposed § 1.657(c) imputes to an
officer, employee, or other agent of an
accredited auditor/certification body the
financial interests of his or her spouse
and minor children, if any. This
proposed requirement is based on the
approach we recommended in the 2009
Guidance that no auditor acting for the
[auditor/]certification body (or spouse
or minor children) should have any
significant ownership or other financial
interest regarding any product of the
type it certifies (Ref. 5). As another
example, FDA regulations on conflicts
of interest of experts serving on panels
for unapproved new animal drugs
imputes the financial interests and
arrangements of an expert’s spouse and
minor children to the expert him- or
herself (21 CFR 516.141(g)).
We believe that imposing a similar
requirement on the immediate family of
the officers, employees, or other agents
of an accredited auditor/certification
body will help to ensure the credibility
of the accredited third-party audits and
certification program at every level. We
seek comment on this tentative
conclusion.
Proposed § 1.657(d) requires
accredited certification bodies to
maintain on their Web sites an up-todate list of eligible entities to which
they issued certifications under this
subpart, the duration and scope of each
such certifications, and the date on
which the eligible entity paid any fee or
reimbursement under proposed
§ 1.657(c). Information on timing of fee
payments is required by section
808(b)(5)(C)(iii) of the FD&C Act and is
necessary, we believe, in the interest of
transparency.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
We seek comment on the tentative
conclusions identified here—namely,
we should require accredited
certification bodies to: (1) Have a
written program to safeguard against
conflicts of interest; (2) include the
interest of any affiliate, parent, or
subsidiary of a certification body within
the scope of interests covered by its
conflict of interest program; (3) impute
the interests of immediate family
members of an officer, employee, or
other agent to such officer, employee, or
other agent; and (4) to maintain on its
Web site a list of its certified eligible
entities, including duration and scope of
each such certification, and disclosure
of the date(s) on which an eligible entity
paid the accredited auditor/certification
body any fee or reimbursement
associated with an audit or certification
under this program.
i. What records requirements must an
accredited auditor/certification body
meet? (Proposed § 1.658). This proposed
rule would establish requirements for
accredited auditors/certification bodies
to establish, control, and retain records
relating to their auditing and
certification activities under our
program.
Proposed § 1.658 requires accredited
auditors/certification bodies to maintain
certain documents and data
electronically, in English, for 4 years, to
document compliance with this rule.34
These records include: (1) Requests for
regulatory audits; (2) audit reports and
other documents resulting from a
consultative or regulatory audit; (3) any
notification of a condition under
proposed § 1.650(a)(5) or by the
accredited auditor/certification body to
FDA under proposed§ 1.656(c); (4) any
food or facility certification issued
under this program; (5) any challenge to
an adverse regulatory audit decision and
its disposition; (6) any monitoring it
conducted of a certified eligible entity;
(7) the auditor’s/certification body’s
self-assessments and corrective actions;
and (8) any significant change to the
auditing and certification program that
might affect compliance with this rule.
Maintenance of records on requests
for regulatory audits under proposed
§ 1.658(a)(1) is one means to verify the
adequacy of audit planning under
34 We are proposing records be maintained for 4
years, which aligns with the maximum length of
time for which accreditation may be granted. This
will be particularly useful in decisionmaking on an
application to renew accreditation, because the
accrediting body will have access to data and
information on activities conducted at any time
during its current accreditation. We used a similar
rationale in proposing to require recognized
accreditation bodies to maintain their records for 5
years, which is the maximum length of time for
which recognition may be granted.
PO 00000
Frm 00037
Fmt 4701
Sfmt 4702
45817
proposed § 1.651(a). Records associated
with audits, certifications, challenges to
auditor/certification body decisions,
internal reviews, significant changes,
and monitoring (also known as
surveillance) of eligible entities are
among the records commonly required
to be maintained by international
standards. We believe it appropriate to
require maintenance of similar records
for purposes of this rule.
We propose to require accredited
auditors/certification bodies choosing to
participate in this program to maintain
their program records in English. We
believe this English-language records
requirement is necessary for our
oversight based on, among other things,
our experience with the shrimp pilot
(Ref. 6). During the pilot project, we
faced costly delays and logistical
hurdles in attempting to assess thirdparty [auditors/]certification bodies,
because we needed English-language
translations of their records to be able to
conduct performance audits. Based on
that experience, we believe that having
real-time access to English-language
records is necessary for conducting
efficient and effective assessments to the
fullest extent of our authority.
We solicit comment on the Englishlanguage records requirement in
proposed § 1.658 and on whether other
approaches might be similarly efficient
and effective. For example, should we
allow an accredited auditor/certification
body to maintain its records in a
language other than English, if the
auditor/certification body would be
required to make an English translation
of its records available ‘‘promptly’’ upon
a written FDA request? What should
‘‘promptly’’ mean in this context (e.g., 2
business days of the written request)?
Would such an approach be as efficient
and effective as the proposed Englishlanguage records requirement would be?
For comments offering other
approaches, we request a detailed
description of the alternative, an
analysis of the impacts of the alternative
on our ability to ensure the compliance
of accredited auditors/certification
bodies with applicable FDA
requirements.
Based on section 808(c)(3)(B) of the
FD&C Act, proposed § 1.658(b) and (c)
require an accredited auditor/
certification body to provide FDA access
to records upon request of an officer or
employee we designate, except that
reports or other documents of a
consultative audit must be made
available to us only in accordance with
the requirements of subpart J (records
access under section 414 of the FD&C
Act). Proposed § 1.658(b) reflects section
808(c)(3)(C) of the FD&C Act, which
E:\FR\FM\29JYP4.SGM
29JYP4
45818
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
states that reports or other documents
resulting from a consultative audit are
accessible to us only under
circumstances that meet the threshold
for records access under section 414 of
the FD&C Act (21 U.S.C. 350c). Based on
these statutory requirements, we can
access such documents from
consultative audits in either of the
following circumstances: If we have a
reasonable belief that an article of food,
and any other article of food that we
reasonably believe is likely to be
affected in a similar manner, is
adulterated and presents a threat of
SAHCODHA; or if we believe that there
is a reasonable probability that the use
of or exposure to an article of food, and
any other article of food that we
reasonably believe is likely to be
affected in a similar manner, will cause
SAHCODHA, as described in § 1.361 of
this part.
We have tentatively concluded that
the records identified and the records
maintenance and access requirements in
proposed § 1.658 are necessary to
monitor and evaluate accredited
certification bodies, as directed by
section 808(f)(2) of the FD&C Act. We
believe it is reasonable to require
accredited auditors/certification bodies
to maintain such records for the
maximum length of accreditation, 4
years. We acknowledge that the
requirements of proposed § 1.658 may
require revisions to contracts and
perhaps other documents establishing
and limiting the scope of an auditor’s/
certification body’s authority with
respect to granting records access. We
nonetheless have tentatively concluded
that such access is necessary to help
ensure the credibility of the program.
We seek comment on this tentative
conclusion and on the specific records
requirements we propose.
7. Procedures for Accreditation of
Third-Party Auditors/Certification
Bodies
TABLE 7—PROPOSED PROCEDURES FOR THIRD-PARTY AUDITORS/CERTIFICATION BODIES
Proposed rule
section
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
1.660
1.661
1.662
1.663
1.664
1.665
1.666
.............
.............
.............
.............
.............
.............
.............
Title
Where do I apply for accreditation or renewal of accreditation by a recognized accreditation body?
What is the duration of accreditation?
How will FDA monitor accredited auditors/certification bodies?
How do I request an FDA waiver or waiver extension for the 13-month limit for audit agents conducting regulatory audits?
When can FDA withdraw accreditation?
How do I voluntarily relinquish accreditation?
How do I request reaccreditation?
a. Where do I apply to obtain
accreditation from a recognized
accreditation body? (Proposed § 1.660).
This proposed rule explains where
interested third-party auditors/
certification bodies could apply for
accreditation under our accredited
third-party audits and certification
program.
Proposed § 1.660 informs third-party
auditors/certification bodies that they
must apply directly to a recognized
accreditation body for accreditation,
except for those circumstances meeting
the requirements of proposed § 1.670 for
direct accreditation.
b. What is the duration of
accreditation? (Proposed § 1.661).
Proposed § 1.661 states that
accreditation of a third-party auditor/
certification body may be granted for a
period up to 4 years. This applies both
to accreditations granted by recognized
accreditation bodies and to direct
accreditations that we grant under
proposed § 1.672. We have tentatively
concluded that 4 years is an appropriate
duration for an accreditation, because
we believe the rigor and credibility of
this new program rests, in part, on the
extent of oversight of accredited thirdparty auditors/certification bodies to
conduct audits and to certify eligible
foreign entities.
The process for renewal of
accreditation provides an opportunity
for recognized accreditation bodies (and
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
us, for directly accredited auditors/
certification bodies) to look closely at all
aspects of the auditor’s/certification
body’s program and performance and to
decide anew whether the auditor/
certification body meets the eligibility
requirements.
We note proposed § 1.661 set the
duration of accreditation in the new
accredited third-party auditor/
certification body program for a shorter
period than the duration of
accreditation we allow in the
mammography program under 21 CFR
part 900, which is a time-tested
program. As we and the recognized
accreditation bodies participating in the
accredited third-party audits and
certification program for food gain
experience with the program, we may
revisit this matter. For these reasons, we
have tentatively concluded that
accreditation should be granted for a
period of no longer than 4 years. We
seek comment on this tentative
conclusion.
c. How will FDA monitor accredited
auditors/certification bodies? (Proposed
§ 1.662). This proposed rule would
establish requirements for our
evaluation of the performance of
accredited auditors/certification bodies,
based on section 808(f)(2) of the FD&C
Act, which requires us to monitor
accredited auditors/certification bodies
periodically, or at least once every 4
years.
PO 00000
Frm 00038
Fmt 4701
Sfmt 4702
The statute makes no distinction
between the frequency of our
monitoring necessary for auditors/
certification bodies accredited by
recognized accreditation bodies and for
auditors/certification bodies that we
directly accredit. However, we are
proposing, in § 1.621, to require a
recognized accreditation body to
conduct annual assessments of the
performance of each third-party auditor/
certification body it accredited under
this program. Under proposed § 1.662(a)
we will perform our own performance
evaluations of auditors/certification
bodies accredited by recognized
accreditation bodies at least once every
3 years for auditors/certifications bodies
accredited for 4 year terms, and at the
mid-term point for auditors/certification
bodies accredited for less than 4 years.
Proposed § 1.662(a) also establishes
requirements for our monitoring of
directly accredited auditors/certification
bodies. In these circumstances, we act
in the role of a recognized accreditation
body and will perform annual
monitoring. Not only would annual
monitoring by us provide oversight
similar to the annual monitoring
requirements of proposed § 1.621, but
also it would satisfy the monitoring
requirement of section 808(f)(2) of the
FD&C Act with respect to monitoring of
directly accredited auditors/certification
bodies.
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
Proposed § 1.662(b) identifies the
types of information we may review in
conducting our evaluations of
accredited auditors/certification bodies.
Proposed § 1.662(c) makes clear that we
can conduct our evaluation of an
auditor/certification body through
onsite observations of performance
during the conduct of food safety audits
and through document review.
For both directly accredited auditors/
certification bodies and those accredited
by recognized accreditation bodies, we
will evaluate performance based on
whether the auditor/certification body
continues to comply with the
requirements of §§ 1.640 through 1.658
and whether there are performance
deficiencies that would warrant
withdrawal of accreditation under this
rule. We seek comment on whether the
criteria in proposed § 1.662(a) and (b)
are appropriate for evaluating accredited
auditors/certification bodies under this
program. Additionally, we seek
recommendations for possible
approaches we might use to monitor
performance, such as conducting our
inspections of a certain number of
eligible entities, shortly after the
accredited auditor/certification body
conducted a food safety audit of an
eligible entity. For each such
recommendation, we seek comment on
the how the approach might affect: (1)
The incentives for auditors/certification
bodies to seek accreditation under our
program, and (2) the degree of oversight
needed to meet the objectives of section
808 of the FD&C Act.
d. How do I request a waiver or waiver
extension for the 13-month limit for
audit agents conducting regulatory
audits? (Proposed § 1.663). This
proposed rule would allow accredited
auditors/certification bodies to seek an
FDA waiver of the limit on audit agents
conducting regulatory audits of an
eligible entity where they conducted a
regulatory or consultative audit in the
preceding 13 months. Under section
808(c)(4)(C)(ii) of the FD&C Act, we may
waive the limit, which appears in
proposed § 1.650(c), where there is
insufficient access to accredited
certification bodies in the country or
region where an eligible entity is
located. Proposed § 1.663(a) establishes
the requirements for a waiver or waiver
extension and proposed § 1.663(b) to (f)
describes the procedural requirements
for a waiver or waiver extension request,
including electronic submission, in
English. Under proposed § 1.663(g), we
explain that an accredited auditor/
certification body should not use an
audit agent subject to the 13-month
limit in proposed § 1.650 unless we
have granted the request or the 13-
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
month limit has elapsed. The
procedural requirements in proposed
§ 1.663 mirror the procedural
requirements for other applications
submitted to us.
e. When can FDA withdraw
accreditation? (Proposed § 1.664). This
proposed rule would establish the
conditions under which we could
withdraw accreditation from an auditor/
certification body, regardless of whether
it was directly accredited or accredited
by a recognized accreditation body.
Proposed § 1.664(a) describes criteria
for mandatory withdrawal that reflect
section 808(c)(6)(A) of the FD&C Act,
which requires us to withdraw
accreditation in certain outbreak
situations, whenever we find that an
accredited auditor/certification body is
no longer meeting the requirements for
accreditation, or following a refusal to
allow U.S. officials to conduct audits
and investigations to ensure compliance
with these requirements. The statute
directs us to withdraw accreditation if a
food or facility certified by an
accredited auditor/certification body
under our program is linked to an
outbreak of foodborne illness that has a
reasonable probability of causing
serious adverse health consequences or
death in human or animals, except
under section 808(c)(6)(C) of the FD&C
Act, if we conduct an investigation of
the material facts of the outbreak,
review the steps and actions taken by
the auditor/certification body, and
determine that the accredited auditor/
certification body satisfied the
requirements for issuance of
certification under this rule. The
exception is set out in proposed
§ 1.664(b).
Section 808(c)(6)(B) of the FD&C Act
allows us to withdraw accreditation
from an accredited auditor/certification
body whose accrediting body had its
recognition revoked, if we determine
there is good cause for withdrawal. This
statutory provision is reflected in
§ 1.664(c), which also provides two
examples of circumstances we believe
provide good cause for withdrawal,
including bias or lack of objectivity and
performance calling into question the
validity or reliability of its food safety
audits and certifications.
In proposed § 1.664(d) we provide for
records access when considering
possible withdrawal of accreditation. In
proposed § 1.664(e) we provide for
notice of withdrawal of accreditation
and describe the processes to challenge
such withdrawal.
Proposed § 1.665(f) describes the
effect of withdrawal on eligible entities.
In general, a food or facility certification
issued by an accredited auditor/
PO 00000
Frm 00039
Fmt 4701
Sfmt 4702
45819
certification prior to withdrawal of
accreditation will remain in effect until
it terminates by expiration, except if we
have reason to believe a certification
issued for purposes of section 801(q) of
the FD&C Act is not valid or reliable, we
can refuse to accept the certification.
Proposed § 1.664(g)(1) explains that
FDA will notify the recognized
accreditation body that accredited the
third-party auditor/certification body
whose accreditation was withdrawn by
FDA. In such circumstances, proposed
§ 1.664(g)(1) requires the recognized
accreditation body to conduct a selfassessment, as described in § 1.622, and
report the results of such selfassessment to FDA within 2 months
after withdrawal, as required by
§ 1.623(b). Proposed § 1.664(g)(2)
explains that FDA may revoke
recognition of an accreditation body
whenever FDA determines there is good
cause for revocation under proposed
§ 1.634.
Proposed § 1.664(h) provides for
public notice of withdrawal of
accreditation on FDA’s Web site. We
believe this information is necessary in
the interest of transparency.
f. How do I voluntarily relinquish
accreditation? (Proposed § 1.665). This
proposed rule would allow accredited
auditors/certification bodies to
voluntarily relinquish their
accreditations before they expire and
without having them withdrawn by
FDA.
Proposed § 1.665 offers the
mechanism for voluntarily
relinquishment before it terminates by
expiration. Relinquishment on the
initiative of the auditor/certification
body is distinct from withdrawal of
accreditation for cause.
The mammography regulations in 21
CFR 900.3 offer accreditation bodies the
opportunity to voluntarily relinquish
their authority to grant accreditation.
We believe that auditors/certification
bodies operating under our accredited
third-party audits and certification
program should have the option to
voluntarily relinquish their
accreditation for their business reasons.
We are proposing certain procedural
requirements—similar to those
contained in the mammography
regulations—which auditors/
certification bodies must follow in
relinquishing accreditation. We believe
these measures are necessary to ensure
an orderly transition for eligible entities
certified by the auditor/certification
body that is relinquishing its
accreditation, and for us to make the
necessary adjustments in the program.
Proposed § 1.665(a) requires auditors/
certification bodies to notify us and to
E:\FR\FM\29JYP4.SGM
29JYP4
45820
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
notify their accreditation body (where
applicable) at least 6 months before
relinquishing accreditation. We propose
to require such notifications to be
submitted electronically and in English.
To ensure that we have the ability to
maintain adequate oversight of the
program, including through access the
records of the auditor/certification body,
the notice required under proposed
§ 1.665(a) must identify the location
where the records required by proposed
§ 1.658 will be maintained.
The decision to relinquish
accreditation is made solely by the
third-party auditor/certification body,
without FDA involvement. Therefore, in
relinquishing accreditation under
proposed § 1.665(a), the auditor/
certification body would waive its rights
to appeal, because there is no FDA
action to serve as the basis for appeal.
Proposed § 1.665(b) requires the
accreditation body to notify any eligible
entity to which it issued a food or
facility certification no later than 15
business days after notifying FDA of its
intent to voluntarily relinquish
accreditation.
Proposed § 1.665(c) describes the
effects of relinquishment of
accreditation on certification issued by
an auditor/certification body prior to
relinquishing its accreditation. In
considering the impact of
relinquishment on eligible entities, we
were mindful that such entities would
likely have little, if any, opportunity to
provide input on a decision by its
auditor/certification body whether or
not to relinquish accreditation. We
believe that, under most circumstances,
the fact that an auditor/certification
body decided to relinquish its
accreditation is likely to have no bearing
on the validity or reliability of
certifications it issued. Therefore, we
have tentatively concluded that the
certification of an eligible entity whose
auditor/certification body voluntarily
relinquished its accreditation under
proposed § 1.665 will remain in effect
(subject to recertification under
proposed § 1.681), except that we may
refuse to consider a certification issued
for purposes of section 801(q) of the
FD&C Act, if we have reason to believe
the certification is not valid or reliable.
Proposed § 1.665(d) provides for
public notice on our Web site of the
voluntary relinquishment of
accreditation by an auditor/certification
body.
g. How do I request reaccreditation?
(Proposed § 1.666). This proposed rule
would allow a third-party auditor/
certification body to become
reaccredited after withdrawal or
relinquishment of its accreditation.
Section 808(c)(7) of the FD&C Act
requires us to establish procedures to
reinstate the accreditation of an auditor/
certification body for which we have
withdrawn accreditation. Under
proposed § 1.666(a), we will reinstate
accreditation if the auditor/certification
body can demonstrate that the grounds
for withdrawal no longer exist, or if the
withdrawal was prompted by the
revocation of recognition of its
accreditation body and the auditor/
certification body finds a new
recognized accreditation body, becomes
directly accredited, or otherwise meets
conditions we impose in the
withdrawal. Under proposed § 1.666(b),
an auditor/certification body that
voluntarily relinquished its
accreditation may become reaccredited
by submitting a new application for
accreditation under proposed § 1.660 or
§ 1.670 (where the criteria for direct
accreditation are met).
8. Additional Procedures for Direct
Accreditation of a Third-Party Auditors/
Certification Bodies
TABLE 8—ADDITIONAL PROCEDURES PROPOSED FOR DIRECT ACCREDITATION OF THIRD-PARTY AUDITORS/CERTIFICATION
BODIES
Proposed rule
section
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
1.670 .............
1.671 .............
1.672 .............
Title
How do I apply to FDA for direct accreditation or renewal of direct accreditation?
How will FDA review applications for direct accreditation and for renewal of direct accreditation?
What is the duration of direct accreditation?
a. How do I apply to FDA for direct
accreditation or renewal of direct
accreditation? (Proposed § 1.670). This
proposed rule describes the
circumstances and procedures that
would apply for direct accreditation and
renewal of direct accreditation.
Proposed § 1.670 describes the
conditions under which we will accept
applications for direct accreditation,
reflecting the statutory language in
section 808(b)(1)(A)(ii) of the FD&C Act,
which allows us to directly accredit
auditors/certification bodies if we have
not identified and recognized an
accreditation body to meet the
requirements of section 808 of the FD&C
Act within 2 years after establishing our
program. Proposed § 1.670(a)(1)
identifies certain circumstances and
criteria that we have tentatively
concluded are relevant for determining
whether we have not identified and
recognized an accreditation body to
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
meet the requirements of section 808 of
the FD&C Act. Proposed § 1.670(a)(2)
specifies conditions under which we
may revoke or modify such a
determination. Proposed § 1.670(a)(3)
provides for public notice of such
determination or its revocation or
revision.
Proposed § 1.670(b) sets out the
procedures for applying for direct
accreditation or renewal of direct
accreditation. This mirrors the
procedures for applications established
elsewhere under this rule.
b. How will FDA review applications
for direct accreditation and for renewal
of direct accreditation? (Proposed
§ 1.671). This proposed rule would
establish procedures for processing
applications for direct accreditation and
for renewal of direct accreditation.
Proposed § 1.671 describes a process
for reviewing and deciding on
applications for direct accreditation and
PO 00000
Frm 00040
Fmt 4701
Sfmt 4702
renewal that is consistent with the
procedures for reviewing and deciding
on applications under other provisions
in this rule. For example, we propose to
establish a queue for direct accreditation
and renewal applications based on the
date on which an application was
completed, and we will review
applications on a first in, first out basis.
We will inform applicants of
deficiencies in application
documentation. To encourage
applicants to supply any missing
information promptly, we will not place
an application in the queue until it is
complete. Allowing incomplete
applications in the queue might block
applications that are ready for review,
but were submitted later in time.
We will inform an applicant once its
application has been placed in the
queue. We will review each application
for direct accreditation or renewal of
direct accreditation to determine
E:\FR\FM\29JYP4.SGM
29JYP4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
whether the applicant meets the
eligibility requirements of proposed
§ 1.640. We will communicate
anticipated processing periods to
applicants. We are not proposing to
include specific timeframes for review
in the regulation, for the following
reasons: (1) It is difficult to project, at
this time, the amount of resources that
will be available to us for this program,
which under section 808(c)(8) of the
FD&C Act, is funded through user fees
established by regulation; and (2) we
anticipate that, as we gain experience in
reviewing applications and in overall
administration of the program, we will
become more efficient in processing
applications but currently lack data that
would allow us to reasonably estimate
the effect of efficiency gains on review
times.
Under proposed § 1.671(c), (d), and
(e), we will notify an applicant, in
writing, whether the application has
been approved or denied. If approved,
the notice will describe any conditions
imposed on the direct accreditation. If
denied, the notice will state the basis for
the denial and will describe procedures
for requesting reconsideration of the
decision. We believe this provision
offers necessary protections for
applicants. We seek comment on the
process and procedures required by
proposed § 1.671.
c. What is the duration of direct
accreditation? (Proposed § 1.672). This
proposed rule would establish the
duration of accreditation.
Proposed § 1.672 states that direct
accreditation of a third-party auditor/
certification body may be granted for a
period up to 4 years. Similarly,
proposed § 1.661 allows a recognized
accreditation body to grant accreditation
for a period of up to 4 years. We have
tentatively concluded that 4 years is an
appropriate duration for an
accreditation—whether granted by a
recognized accreditation body or by
us—because we believe the rigor and
credibility of this new program rests, in
part, on the extent of oversight of
45821
accredited third-party auditors/
certification bodies to conduct audits
and to certify eligible foreign entities.
The process for renewal of accreditation
provides an opportunity for us to look
closely at all aspects of the auditor’s/
certification body’s program and
performance and to decide anew
whether the auditor/certification body
meets the eligibility requirements for
accreditation.
We are proposing to set the duration
of accreditation under this new program
for a shorter period than the duration of
accreditation we allow under 21 CFR
part 900, which is the mammography
program established several years ago.
As we gain experience with accredited
auditors/certification bodies in the food
and feed programs, we may revisit this
matter. For these reasons, we have
tentatively concluded that accreditation
should be granted for a period of no
longer than 4 years. We seek comment
on this tentative conclusion.
9. Requirements for Eligible Entities
TABLE 9—PROPOSED REQUIREMENTS FOR ELIGIBLE ENTITIES
Proposed rule
section
1.680 .............
1.681 .............
Title
How and when will FDA monitor eligible entities?
How frequently must eligible entities be recertified?
a. How and when will FDA monitor
eligible entities? (Proposed § 1.680).
This proposed rule would provide for
FDA monitoring of eligible entities that
choose to be audited under our program.
Proposed § 1.680(a) states that we may
conduct an onsite audit of an eligible
entity that has received certification
under this program, as allowed under
section 808(f)(3) of the FD&C Act, which
specifies that we may conduct an onsite
audit of a certified entity at any time,
with or without the accredited auditor/
certification body present. Proposed
§ 1.680(b) reflects section 808(h)(1) of
the FD&C Act, explaining that a food
safety audit conducted under this
program is not considered an inspection
under section 704 of the FD&C Act.
b. How frequently must eligible
entities be recertified? (Proposed
§ 1.681). This proposed rule would
require eligible entities to be recertified
annually.
Section 808(d) of the FD&C Act
requires eligible entities to apply for
annual certification for food required to
have certification under section 801(q)
of the FD&C Act or for its facility, if it
intends the certification to be used by
an importer in establishing eligibility to
participate in VQIP under section 806 of
the FD&C Act. This statutory
requirement is reflected in proposed
§ 1.681(a). Proposed § 1.681(b) states
that FDA may require renewal of a food
certification at any time FDA
determines appropriate under section
801(q)(4)(A) of the FD&C Act.
10. General Requirements
TABLE 10—PROPOSED GENERAL REQUIREMENTS
Title
1.690 .............
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Proposed rule
section
How will FDA make information about recognized accreditation bodies and accredited auditors/certification bodies available to
the public?
How do I request reconsideration of a denial by FDA of an application or a waiver request?
How do I request internal agency review of a denial of an application or waiver request upon reconsideration?
How do I request a regulatory hearing on a revocation of recognition or withdrawal of accreditation?
1.691 .............
1.692 .............
1.693 .............
a. How will FDA make information
about recognized accreditation bodies
and accredited auditors/certification
bodies available to the public?
(Proposed § 1.690). This proposed rule
explains how and where we would
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
make information on the accredited
third-party audits and certification
program public. Section 808(g) of the
FD&C Act requires us to establish a
publicly available registry of recognized
accreditation bodies and accredited
PO 00000
Frm 00041
Fmt 4701
Sfmt 4702
auditors/certification bodies, including
their names and contact information.
Proposed § 1.690 provides that we
will post on our Web site a registry of
recognized accreditation bodies and of
accredited auditors/certification bodies
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
45822
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
and explains that we may meet the
obligation with respect to accredited
auditors/certification bodies by
establishing links on our Web site to the
Web sites of recognized accreditation
bodies, who are required to maintain
this information for auditors/
certification bodies they accredit under
this program. As appropriate based on
available resources, we may use such
links in the interest of minimizing the
administrative burden on us and in
acknowledgement that some
accreditation bodies currently maintain
such information on their Web sites. We
are seeking comment on our proposed
public registry.
b. How do I request reconsideration of
a denial by FDA of an application or a
waiver request? (Proposed § 1.691). This
proposed rule would establish
procedures for an applicant or requestor
to seek reconsideration of a denial.
Under proposed § 1.691, accreditation
bodies and certification bodies may ask
us to reconsider an application or
waiver request we previously denied.
The types of applications and requests
that may be reconsidered are: (1) Denial
of an application for recognition or for
renewal of recognition; (2) denial of an
application submitted to reinstate
recognition; or (3) denial of a request for
a waiver of the 13-month limit on audit
agents or for a waiver extension; (4)
denial of an application for direct
accreditation or for renewal of direct
accreditation; and (5) denial of an
application for reaccreditation.
The procedures described in proposed
§ 1.691 require submission of the
request for reconsideration within 10
business days of the date of such
decision, in accordance with the
procedures described in the notice of
denial, including requirements relating
to submission of supporting
information. Within a reasonable time
after completing its review and
evaluation of the request for
reconsideration and the supporting
information (if any) submitted, we will
notify the requestor, in writing, of our
decision to grant the application or
waiver request upon reconsideration, or
our decision to deny upon
reconsideration the application or
waiver request.
c. How do I request internal Agency
review of a denial of an application or
waiver request upon reconsideration?
(Proposed § 1.692). This proposed rule
would offer additional process for
applicants or requestors whose request
for reconsideration was denied.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
Proposed § 1.692 states that the
requestor who received a denial upon
reconsideration may seek internal
Agency review of such denial under 21
CFR 10.75(c)(1), which is a currently
established process for review but
different than the initial review process
under proposed § 1.691. The request for
internal Agency review must be
submitted within 10 business days of
the date of denial upon reconsideration,
in accordance with procedures
described in the denial upon
reconsideration and must be signed by
the accreditation body or certification
body, as appropriate, or by an
individual authorized to act on its
behalf. Internal Agency review of the
denial upon reconsideration must be
based on the information in the
administrative file, which will include
any supporting information submitted
under proposed § 1.691(c). Within a
reasonable time after completing the
review and evaluation of the
administrative file, we will notify the
requestor, in writing, of our decision to
overturn the denial and grant the
application or waiver request or to
affirm the denial. Affirmation of a
denial constitutes final Agency action
for purposes of 5 U.S.C. 702.
d. How do I request a regulatory
hearing on a revocation of recognition
or withdrawal of accreditation?
(Proposed § 1.693). This proposed rule
explains the procedures that would be
used for challenges to revocation of
recognition or withdrawal of
accreditation.
Under proposed § 1.693(a) an
accreditation body whose recognition
was revoked (or an individual
authorized to act on its behalf) may
submit a request for a regulatory
hearing, under part 16, on the
revocation. The request must be
submitted within 10 business days of
the date of revocation. Similarly, under
proposed § 1.693(b) a certification body
whose accreditation was withdrawn by
FDA may submit a request for a part 16
regulatory hearing on the withdrawal.
Such request must be submitted within
10 business days of the date of
withdrawal. Written notices of
revocation and of withdrawal will
contain all of the elements required by
§ 16.22 of this chapter and will thereby
constitute the notice of an opportunity
for hearing under part 16 of this chapter.
Under proposed § 1.693(c), the
request for a regulatory hearing under
paragraph (a) or (b) of this section must
be submitted with a written appeal that
responds to the bases for our decision
PO 00000
Frm 00042
Fmt 4701
Sfmt 4702
described in the written notice of
revocation or withdrawal, as
appropriate, together with any
supporting information upon which the
requestor is relying. The request, appeal,
and supporting information must be
submitted in accordance with the
procedures described in the notice.
Proposed § 1.693 makes clear that the
submission of a request for a regulatory
hearing under this subpart will not
operate to delay or stay the effect of our
decision to revoke recognition of an
accreditation body or to withdraw
accreditation of a certification body
unless we determine that delay or a stay
is in the public interest.
Under proposed § 1.693(e) and (f), the
presiding officer for a regulatory hearing
under this subpart will be designated
after a request for a regulatory hearing
is submitted to us. The presiding officer
may deny a request for regulatory
hearing under this subpart pursuant to
§ 16.26(a) of this chapter.
Proposed § 1.693(g) states that if a
hearing request is granted, the hearing
will be held within 10 business days
after the date the request was filed or,
if applicable, within a time frame agreed
upon in writing by requestor and the
presiding officer. The presiding officer
may require that a hearing conducted
under this subpart be completed within
1 business day, as appropriate.
The presiding officer must conduct
the hearing under part 16 of this
chapter, except that, under § 16.5(b) of
this chapter, the procedures for a
regulatory hearing described in part 16
of this chapter apply only to the extent
that such procedures are supplementary
and not in conflict with the procedures
specified for the conduct of regulatory
hearings under this subpart. Based on
§ 16.5(b), the following requirements of
part 16 of this chapter are inapplicable
to regulatory hearings conducted under
this subpart: The requirements of
§ 16.22 (Initiation of a regulatory
hearing), § 16.24(e) (Timing) and (f)
(Contents of notice), § 16.40
(Commissioner), § 16.95(b)
(Administrative decision and record for
decision), and § 16.119 (Reconsideration
and stay of action).
Proposed § 1.693(g)(4) states that a
decision by the presiding officer to
affirm the revocation of recognition or
the withdrawal of accreditation that
served as the basis for the request for a
regulatory hearing is considered a final
Agency action for purposes of 5 U.S.C.
702.
11. Audits for Other Purposes
E:\FR\FM\29JYP4.SGM
29JYP4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
45823
TABLE 11—PROPOSED USE OF REGULATORY AUDIT REPORTS UNDER SUBPART L
Title
1.698 .............
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Proposed rule
section
May importers use reports of regulatory audits by accredited auditors/certification bodies for purposes of subpart L of this part?
May importers use reports of
regulatory audits by accredited
auditors/certification bodies for
purposes of subpart L of this part?
(Proposed § 1.698). This proposed rule
would allow importers to use certain
information from accredited auditors/
certification bodies in meeting the
Foreign Supplier Verification Program
(FSVP) requirements.
Proposed § 1.698 allows an importer,
as defined in the proposed regulations
for the FSVP published elsewhere in
this edition of the Federal Register, to
use a report of a regulatory audit of a
foreign supplier (which is an eligible
entity), in meeting the verification
requirements under the proposed FSVP
regulations.
The FSVP proposed rule would
require importers to verify that hazards
identified as reasonably likely to occur
are being adequately controlled. Onsite
auditing may be used under the FSVP
proposed rule. While the FSVP
proposed rule would not require use of
accredited auditors/certification bodies,
we believe accredited auditor/
certification body program we are
establishing under section 808 of the
FD&C Act will help ensure the rigor and
objectivity of audits performed by
auditors/certification bodies accredited
under our program.
Proposed § 1.698 allows an importer
required (or having the option) to
perform onsite auditing of its foreign
supplier to comply with the FSVP
proposed rule to use the results of a
regulatory audit in meeting such
requirement. The regulatory audit report
of the foreign supplier would be the
documentation of such verification
activity. (We have tentatively concluded
that the report of a consultative audit
would not be appropriate
documentation for purposes of the
proposed FSVP rule. Among other
things, consultative audits are defined
as being conducted for internal
purposes only and are conducted
against industry standards as well as the
requirements of the FD&C Act.)
We see significant value in having the
food industry use competent and
impartial auditors/certification bodies to
conduct food safety audits of their
facilities and are aware that many
leaders in the food industry are working
to assure those objectives are achieved.
We believe that the accredited third-
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
party audits and certification program
we are establishing to implement
section 808 of the FD&C Act offers a
credible system to help ensure that the
audits conducted by auditors/
certification bodies accredited under
our program and the certifications they
issue based on the results of those
audits are valid and reliable not only to
us, but also to companies throughout
the supply chain of the audited facility.
We further believe that our
involvement, as the regulator
responsible with oversight of these
facilities, offers an added level of
assurance to consumers in the validity
of these third-party audits—a
confidence they otherwise might not
gain from private audit systems.
It is our intent that the program we
establish for foreign food safety audits
be solidly grounded in the key
principles set out in the statute and in
the international standards and best
practices that are currently used by
leaders at the forefront of efforts to
ensure auditor competency and
objectivity. We realize that the same
principles and standards that are
features of a rigorous and credible
program for audits of foreign firms
would likewise hold great merit for
audits of domestic food facilities.
We seek comment on the value of,
and need for, a program established and
administered by FDA for the use of
accredited auditors/certification bodies
to conduct domestic food safety audits.
We seek input on whether accreditation
bodies, auditors/certification bodies,
and domestic food facilities might be
interested in such a program and the
incentives we might offer to encourage
participation.
B. Proposed Revisions to Part 16
We are proposing a conforming
change to the section of the CFR that
describes procedures for regulatory
hearings that would add revocation of
recognition of an accreditation body and
withdrawal of accreditation of a thirdparty auditor/certification body to the
list of actions for which a hearing under
this part may be held. The affected
section in title 21 of the CFR is 16.1.
V. Analysis of Environmental Impact
We have carefully considered the
potential environmental effects of this
action. We have concluded, under 21
PO 00000
Frm 00043
Fmt 4701
Sfmt 4702
CFR 25.30(h), that this action is of a
type that does not individually or
cumulatively have a significant effect on
the human environment. Therefore,
neither an environmental assessment
nor an environmental impact statement
is required (Ref. 34).
VI. Federalism
We have analyzed this proposed rule
in accordance with the principles set
forth in Executive Order 13132. We
have determined that the proposed rule
does not contain policies that have
substantial direct effects on the States,
on the relationship between the
National Government and the States, or
on the distribution of power and
responsibilities among the various
levels of government. Accordingly, we
have concluded that the proposed rule
does not contain policies that have
federalism implications as defined in
the Executive order and, consequently,
a federalism summary impact statement
is not required.
VII. Comments
Interested persons may submit either
electronic comments regarding this
document to https://www.regulations.gov
or written comments to the Division of
Dockets Management (see ADDRESSES). It
is only necessary to send one set of
comments. Identify comments with the
docket number found in brackets in the
heading of this document. Received
comments may be seen in the Division
of Dockets Management between 9 a.m.
and 4 p.m., Monday through Friday, and
will be posted to the docket at https://
www.regulations.gov.
VIII. References
The following references have been
placed on display in the Division of
Dockets Management (see ADDRESSES)
and may be seen by interested persons
between 9 a.m. and 4 p.m., Monday
through Friday. (FDA has verified all
the Web site addresses in this
References section, but FDA is not
responsible for any subsequent changes
to the Web sites after this document
publishes in the Federal Register).
1. Centers for Disease Control and
Prevention. ‘‘CDC research shows
outbreaks linked to imported foods
increasing.’’ https://www.cdc.gov/media/
releases/2012/p0314_foodborne.html.
Accessed April 23, 2013.
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
45824
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
2. ‘‘Notification to the World Trade
Organization (G/SPS/N/USA/2156).’’
Food and Drug Administration, 2011.
https://docs.wto.org/imrd/directdoc.asp?
DDFDocuments/t/G/SPS/
NUSA2156.DOC.
3. International Organization for
Standardization/CASCO. ‘‘Building
Trust: The Conformity Assessment
Toolbox,’’ 2009. https://www.iso.org/iso/
casco_building-trust.pdf. Accessed April
23, 2013.
4. U.S. Agency for International
Development. ‘‘The Relationship of
Third-Party Certification (TPC) to
Sanitary/Phytosanitary (SPS) Measures
and the International Agri-Food Trade:
Final Report,’’ 2005. https://cs3.msu.edu/
d/pubs/The%20Relationship%20of%20
TPC%20to%20SPS%20Measures—Final
%20Report%20+%20Annexes.pdf.
Accessed April 23, 2013.
5. ‘‘Guidance for Industry—Voluntary ThirdParty Certification Program for Foods
and Feeds,’’ 2009. Food and Drug
Administration. https://www.fda.gov/
regulatoryinformation/guidances/
ucm125431.html.
6. ‘‘Assessment of the Third-Party
Certification Program for Aquacultured
Shrimp,’’ 2011. Food and Drug
Administration. https://www.fda.gov/
Food/GuidanceRegulation/Guidance
DocumentsRegulatoryInformation/
Seafood/ucm265934.htm.
7. ‘‘Mammography Quality Standards Act
and Program, Facility Certification and
Inspection (MQSA).’’ Food and Drug
Administration. https://www.fda.gov/
Radiation-EmittingProducts/
MammographyQualityStandardsActand
Program/AbouttheMammography
Program/default.htm. Accessed on April
23, 2013. Last Modified 2012.
8. ‘‘Import Alert 28–20 Detention Without
Physical Examination of Indian Pepper.’’
https://www.accessdata.fda.gov/cms_ia/
importalert_90.html. Accessed April 23,
2013. Last Modified 2011.
9. ‘‘Memorandum of Understanding Between
the Food and Drug Administration,
Department of Health and Human
Services, United States of America and
the Ministry of Agriculture of the
Republic of France Covering Caseins,
Caseinates, and Mixtures Thereof
Exported to the United States of
America.’’ Food and Drug
Administration. https://www.fda.gov/
InternationalPrograms/Agreements/
MemorandaofUnderstanding/
ucm107563.htm. Accessed on April 23,
2013. Last Modified 1987. ‘‘Cooperative
Arrangement with the Department of
Agriculture, Fisheries, and Food of
Ireland Concerning Certification
Requirements for Caseins, Caseinates,
and Mixtures Thereof Exported from
Ireland to the United States of America.’’
Food and Drug Administration. https://
www.fda.gov/InternationalPrograms/
Agreements/Memorandaof
Understanding/ucm107596.htm.
Accessed on April 23, 2013. Last
Modified 2010. ‘‘Memorandum of
Understanding Between the Food and
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
Drug Administration and the Royal
Norwegian Ministry of Agriculture
Covering Rennet Casein Exported to the
United States of America.’’ Food and
Drug Administration. https://www.fda.
gov/InternationalPrograms/Agreements/
MemorandaofUnderstanding/
ucm107618.htm. Accessed on April 23,
2013. Last Modified 1982.
10. Government Accountability Office. ‘‘Food
Safety: FDA Can Better Oversee Food
Imports by Assessing and Leveraging
Other Countries’ Oversight Resources
(GAO–12–933),’’ 2012. https://www.gao.
gov/assets/650/649010.pdf.
11. National Academies Press. ‘‘Enhancing
Food Safety: The Role of the Food and
Drug Administration,’’ 2010. https://www.
iom.edu/Reports/2010/Enhancing-FoodSafety-The-Role-of-the-Food-and-DrugAdministration.aspx.
12. ‘‘Manufactured Foods Regulatory
Program Standards.’’ Food and Drug
Administration. https://www.fda.gov/
downloads/RegulatoryInformation/
Guidances/UCM125448.pdf. Accessed
on April 23, 2013. Last Modified 2007.
13. ‘‘Ensuring the Safety of Imported Foods
and Animal Feed: Comparability of Food
Safety Systems and Import Practices of
Foreign Countries; Notice of Public
Hearing; Request for Comments, 2011.’’
Food and Drug Administration. https://
www.fda.gov/Food/NewsEvents/Work
shopsMeetingsConferences/ucm
243781.htm. Accessed on April 23, 2013.
14. ‘‘Draft International Comparability
Assessment Tool, 2010.’’ Food and Drug
Administration. https://www.fda.gov/
downloads/Food/International
InteragencyCoordination/
UCM331177.pdf. Accessed on April 23,
2013.
15. ‘‘Circular A–119 Federal Participation in
the Development and Use of Voluntary
Consensus Standards and in Conformity
Assessment Activities, 1998.’’ Office of
Management and Budget. https://www.
whitehouse.gov/omb/circulars_a119.
Accessed on April 23, 2013.
16. ‘‘Federal Participation in the
Development and Use of Voluntary
Consensus Standards and in Conformity
Assessment Activities; Request for
Information and Notice of Public
Workshop, 2012.’’ Office of Management
and Budget. https://www.regulations.gov/
#!documentDetail;D=OMB-2012-00030001. Accessed on April 23, 2013.
17. ‘‘ISO/IEC 17000:2004 Conformity
assessment—Vocabulary and General
Principles.’’ International Organization
for Standardization/International
Electrotechnical Commission. Accessed
on April 23, 2013. Copies are available
from the International Organization for
Standardization, 1, rue de Varembe, Case
postale 56, CH–1211 Geneve 20,
Switzerland, or on the Internet at
https://www.iso.org/iso/catalogue_detail.
htm?csnumber=29316 or may be
examined at the Division of Dockets
Management (see ADDRESSES) (Ref.
Docket No. FDA–2011–N–0146 and/or
RIN 0910–AG66).
18. ‘‘ISO/IEC 17011:2004 Conformity
assessment—General requirements for
PO 00000
Frm 00044
Fmt 4701
Sfmt 4702
accreditation bodies accrediting
conformity assessment bodies.’’
International Organization for
Standardization/International
Electrotechnical Commission. Accessed
on April 23, 2013. Copies are available
from the International Organization for
Standardization, 1, rue de Varembe, Case
postale 56, CH–1211 Geneve 20,
Switzerland, or on the Internet at
https://www.iso.org/iso/home/store/
catalogue_tc/catalogue_detail.htm?
csnumber=29332 or may be examined at
the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA–2011–
N–0146 and/or RIN 0910–AG66).
19. ‘‘ISO/IEC 17021: 2006/2011 Conformity
assessment—Requirements for bodies
providing audit and certification of
management systems.’’ International
Organization for Standardization/
International Electrotechnical
Commission. Accessed on April 23,
2013. Last Modified 2011. Copies are
available from the International
Organization for Standardization, 1, rue
de Varembe, Case postale 56, CH–1211
Geneve 20, Switzerland, or on the
Internet at https://www.iso.org/iso/home/
store/catalogue_tc/catalogue_detail.htm?
csnumber=46568 or may be examined at
the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA–2011–
N–0146 and/or RIN 0910–AG66).
20. ‘‘ISO/IEC Guide 65:1996 General
requirements for bodies operating
product certification systems.’’
International Organization for
Standardization/International
Electrotechnical Commission. Accessed
on February 27, 2013. Copies are
available from the International
Electrotechnical Commission, 3, rue de
Varembe, P.O. Box 131, CH–1211 Geneva
20—Switzerland, or on the Internet at
https://webstore.iec.ch/webstore/
webstore.nsf/Artnum_PK/40140, or may
be examined at the Division of Dockets
Management (see ADDRESSES) (Ref.
Docket No. FDA–2011–N–0146 and/or
RIN 0910–AG66). ‘‘ISO/IEC 17065:2012
Conformity assessment—Requirements
for bodies certifying products, processes
and services.’’ International Organization
for Standardization/International
Electrotechnical Commission. Accessed
on April 23, 2013. Copies are available
from the International Organization for
Standardization, 1, rue de Varembe, Case
postale 56, CH–1211 Geneve 20,
Switzerland, or on the Internet at
https://www.iso.org/iso/home/store/
catalogue_tc/catalogue_detail.htm?
csnumber=46568 or may be examined at
the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA–2011–
N–0146 and/or RIN 0910–AG66).
21. ‘‘ISO/TS 22003:2007 Food safety
management systems—Requirements for
bodies providing audit and certification
of food safety management systems.’’
International Organization for
Standardization/International
Electrotechnical Commission. Accessed
on April 23, 2013. Copies are available
from the International Organization for
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
Standardization, 1, rue de Varembe, Case
postale 56, CH–1211 Geneve 20,
Switzerland, or on the Internet at
https://www.iso.org/iso/home/store/
cataloguetc/catalogue_detail.htm?cs
number=39834 or may be examined at
the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA–2011–
N–0146 and/or RIN 0910–AG66).
22. ‘‘Enhancing Food Safety Through ThirdParty Certification.’’ Global Food Safety
Initiative. https://www.mygfsi.com/
technical-resources/global-regulatoryaffairs-working-group.html. Accessed on
April 23, 2013. Last Modified 2011.
23. ‘‘GFSI Guidance Document Sixth Edition,
Version 6.2.’’ Global Food Safety
Initiative. https://www.mygfsi.com/
gfsifiles/GFSI_Guidance_Document_
Sixth_Edition_Version_6.2.pdf. Accessed
on April 23, 2013. Last Modified 2012.
24. ‘‘Accreditation Services,’’ 2013. American
National Standards Institute. https://
www.ansica.org/wwwversion2/outside/
PROsectorprograms.asp?menuID=1.
Accessed on April 23, 2013.
25. Food and Drug Administration. Analysis
to examine the impacts of the proposed
rules for the Foreign Supplier
Verification Program and the
Accreditation of Third-Party Auditors/
Certification Bodies to Conduct Food
Safety Audits and to Issue Certifications
under Executive Order 12866, Executive
Order 13563, the Regulatory Flexibility
Act (5 U.S.C. 601–612), the Unfunded
Mandates Reform Act of 1995 (Pub. L.
104–4), and the Paperwork Reduction
Act of 1995 (44 U.S.C. 3501–3520), 2013.
https://www.fda.gov/AboutFDA/Reports
ManualsForms/Reports/Economic
Analyses/default.htm. Accessed on July
22, 2013.
26. Codex Alimentarius Commission.
Principles for Food Import and Export
Inspection and Certification (CAC/GL
20–1995). www.codexalimentarius.org/
input/download/standards/37/
CXG_020e.pdf. Accessed on April 23,
2013.
27. ‘‘Policy Memorandum, Certification of
Grower Groups,’’ 2011. U.S. Department
of Agriculture Agricultural Marketing
Service National Organic Program.
https://www.ams.usda.gov/AMSv1.0/get
file?dDocName=STELPRDC5088955.
Accessed on April 23, 2013.
28. ‘‘NVCASE Program Handbook:
Procedures for Obtaining NIST
Recognition as an Accreditor (NISTIR
6440),’’ 2004. National Institute for
Standards and Technology. https://
gsi.nist.gov/global/docs/NVCASE_
Handbook.pdf. Accessed on April 23,
2013.
29. ‘‘GFSI Requirements on the Application
of ISO/IEC 17011:2004,’’ 2009. Global
Food Safety Initiative. https://www.my
gfsi.com/gfsifiles/GFSI_ISO_17011_
Requirements_190209_Final_IAF.pdf.
Accessed April 23, 2013.
30. ‘‘Multilateral Recognition Arrangement
Documents (ML Series).’’ International
Accreditation Forum. https://www.iaf.nu/
articles/MRA_Documents/39. Accessed
April 23, 2013.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
31. ‘‘Letter to Interested Parties re: Draft
WaterSense® Program,’’ 2007.
Environmental Protection Agency.
https://www.epa.gov/watersense/docs/
cert_scheme_cover_letter508.pdf.
Accessed on April 23, 2013.
‘‘WaterSense® Program, Product
Certification System, Version 2.0,’’ 2011.
Environmental Protection Agency.
https://www.epa.gov/watersense/docs/
cert_system_508.pdf. Accessed on April
23, 2013.
32. ‘‘Global Standard for Food Safety, Issue
6,’’ 2012. British Retail Consortium.
Copies are available from the British
Retail Consortium, Second Floor, 21
Dartmouth Street, London SW1H 9BP, or
on the Internet at https://www.brcglobal
standards.com/GlobalStandards/
Standards/Food.aspx or may be
examined at the Division of Dockets
Management (see ADDRESSES) (Ref.
Docket No. FDA–2011–N–0146 and/or
RIN 0910–AG66).
33. ‘‘Recalls Background and Definitions.’’
Food and Drug Administration. https://
www.fda.gov/Safety/Recalls/Industry
Guidance/ucm129337.htm. Accessed on
April 23, 2013. Last Modified 2009.
34. McCarthy, A. and Food and Drug
Administration. ‘‘Memorandum:
Establishment of regulation to accredit
third-party auditors and laboratories as
required by the Food Safety
Modernization Act of 2011.’’
List of Subjects
21 CFR Part 1
Cosmetics, Drugs, Exports, Food
labeling, Imports, Labeling, Reporting
and recordkeeping requirements.
21 CFR Part 16
Administrative practice and
procedure.
Therefore, under the Federal Food,
Drug, and Cosmetic Act and under
authority delegated to the Commissioner
of Food and Drugs, it is proposed that
21 CFR parts 1 and 16 be amended as
follows:
PART 1—GENERAL ENFORCEMENT
REGULATIONS
1. The authority citation for 21 CFR
part 1 is revised to read as follows:
■
Authority: 15 U.S.C. 1453, 1454, 1455; 19
U.S.C. 1490, 1491; 21 U.S.C. 321, 331, 332,
333, 334, 335a, 343, 350c, 350d, 350k, 352,
355, 360b, 362, 371, 374, 381, 382, 384a,
384b, 384d, 393, 42 U.S.C. 216, 241, 243, 262,
264.
2. Add subpart M, consisting of
§§ 1.600 through 1.698, to read as
follows:
■
Subpart M—Accredited Third-Party Food
Safety Audits and Food or Facility
Certification
1.600 What definitions apply to this
subpart?
1.601 Who is subject to this subpart?
PO 00000
Frm 00045
Fmt 4701
Sfmt 4702
45825
Recognition of Accreditation Bodies Under
This Subpart
1.610 Who is eligible for recognition?
1.611 What legal authority must an
accreditation body have to qualify for
recognition?
1.612 What competency and capacity must
an accreditation body have to qualify for
recognition?
1.613 What protections against conflicts of
interest must an accreditation body have
to qualify for recognition?
1.614 What quality assurance procedures
must an accreditation body have to
qualify for recognition?
1.615 What records procedures must an
accreditation body have to qualify for
recognition?
Requirements for Recognized Accreditation
Bodies Under This Subpart
1.620 How must a recognized accreditation
body assess third-party auditors/
certification bodies seeking
accreditation?
1.621 How must a recognized accreditation
body monitor the performance of thirdparty auditors/certification bodies it
accredits?
1.622 How must a recognized accreditation
body monitor its own performance?
1.623 What reports and notifications must
a recognized accreditation body submit
to FDA?
1.624 How must a recognized accreditation
body protect against conflicts of interest?
1.625 What records requirements must a
recognized accreditation body meet?
Procedures for Recognition of Accreditation
Bodies Under This Subpart
1.630 How do I apply to FDA for
recognition or renewal of recognition?
1.631 How will FDA review applications
for recognition and for renewal of
recognition?
1.632 What is the duration of recognition?
1.633 How will FDA monitor recognized
accreditation bodies?
1.634 When will FDA revoke recognition?
1.635 How do I voluntarily relinquish
recognition?
1.636 How do I request reinstatement of
recognition?
Accreditation of Third-Party Auditors/
Certification Bodies Under This Subpart
1.640 Who is eligible for accreditation?
1.641 What legal authority must a thirdparty auditor/certification body have to
qualify for accreditation?
1.642 What competency and capacity must
a third-party auditor/certification body
have to qualify for accreditation?
1.643 What protections against conflicts of
interest must a third-party auditor/
certification body have to qualify for
accreditation?
1.644 What quality assurance procedures
must a third-party auditor/certification
body have to qualify for accreditation?
1.645 What records procedures must a
third-party auditor/certification body
have to qualify for accreditation?
E:\FR\FM\29JYP4.SGM
29JYP4
45826
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
Requirements for Accredited Auditors/
Certification Bodies Under This Subpart
1.650 How must an accredited auditor/
certification body ensure its audit agents
are competent and objective?
1.651 How must an accredited auditor/
certification body conduct a food safety
audit of an eligible entity?
1.652 What must an accredited auditor/
certification body include in food safety
audit reports?
1.653 What must an accredited auditor/
certification body do when issuing food
or facility certifications?
1.654 When must an accredited auditor/
certification body monitor an eligible
entity with food or facility certification?
1.655 How must an accredited auditor/
certification body monitor its own
performance?
1.656 What reports and notifications must
an accredited auditor/certification body
submit?
1.657 How must an accredited auditor/
certification body protect against
conflicts of interest?
1.658 What records requirements must an
accredited auditor/certification body
meet?
Procedures for Accreditation of Third-Party
Auditors/Certification Bodies Under This
Subpart
1.660 Where do I apply for accreditation or
renewal of accreditation by a recognized
accreditation body?
1.661 What is the duration of
accreditation?
1.662 How will FDA monitor accredited
auditors/certification bodies?
1.663 How do I request an FDA waiver or
waiver extension for the 13-month limit
for audit agents conducting regulatory
audits?
1.664 When can FDA withdraw
accreditation?
1.665 How do I voluntarily relinquish
accreditation?
1.666 How do I request reaccreditation?
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Additional Procedures for Direct
Accreditation of Third-Party Auditors/
Certification Bodies Under This Subpart
1.670 How do I apply to FDA for direct
accreditation or renewal of direct
accreditation?
1.671 How will FDA review applications
for direct accreditation and for renewal
of direct accreditation?
1.672 What is the duration of direct
accreditation?
Requirements for Eligible Entities Under
This Subpart
1.680 How and when will FDA monitor
eligible entities?
1.681 How frequently must eligible entities
be recertified?
General Requirements of This Subpart
1.690 How will FDA make information
about recognized accreditation bodies
and accredited auditors/certification
bodies available to the public?
1.691 How do I request reconsideration of
a denial by FDA of an application or a
waiver request?
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
1.692 How do I request internal agency
review of a denial of an application or
waiver request upon reconsideration?
1.693 How do I request a regulatory
hearing on a revocation of recognition or
withdrawal of accreditation?
Audits for Other Purposes
1.698 May importers use reports of
regulatory audits by accredited auditors/
certification bodies for purposes of
subpart L of this part?
Subpart M—Accredited Third-Party
Food Safety Audits and Food or
Facility Certification
Authority: 15 U.S.C. 1453, 1454, 1455; 19
U.S.C. 1490, 1491; 21 U.S.C. 321, 331, 332,
333, 334, 335a, 343, 350c, 350d, 350k, 352,
355, 360b, 362, 371, 374, 381, 382, 384a,
384b, 384d, 393, 42 U.S.C. 216, 241, 243, 262,
264.
§ 1.600 What definitions apply to this
subpart?
(a) The FD&C Act means the Federal
Food, Drug, and Cosmetic Act.
(b) Except as otherwise defined in
paragraph (c) of this section, the
definitions of terms in section 201 of the
FD&C Act apply when the terms are
used in this subpart.
(c) In addition, for the purposes of
this subpart:
Accreditation means a determination
by a recognized accreditation body (or,
in the case of direct accreditation, by
FDA) that a third-party auditor/
certification body meets the applicable
requirements of this subpart, including
the model accreditation standards.
Accreditation body means an
authority that performs accreditation of
third-party auditors/certification bodies.
Accredited auditor/certification body
means a third-party auditor/certification
body that a recognized accreditation
body (or, in the case of direct
accreditation, FDA) has determined
meets the applicable requirements of
this subpart and is authorized to
conduct food safety audits and to issue
food or facility certifications to eligible
entities.
Audit means:
(1) With respect to an accreditation
body, the systematic, independent, and
documented examination (through
observation, investigation, and records
review) by FDA to assess the
accreditation body’s authority,
qualifications (including its expertise
and training program), and resources; its
procedures for quality assurance,
conflicts of interest, and records; its
performance in accreditation activities;
and its capability to meet the applicable
requirements of this subpart.
(2) With respect to a third-party
auditor/certification body, the
PO 00000
Frm 00046
Fmt 4701
Sfmt 4702
systematic, independent, and
documented examination (through
observation, investigation, and records
review) by a recognized accreditation
body (or, in the case of direct
accreditation, by FDA) to assess the
third-party auditor’s/certification body’s
authority, qualifications (including its
expertise and training program), and
resources; its procedures for quality
assurance, conflicts of interest, and
records; its performance in auditing and
certification activities; and its capability
to meet the applicable requirements of
this subpart; and
(3) With respect to an eligible entity,
the systematic, independent, and
documented examination (through
observation, investigation, records
review, and as appropriate, sampling
and laboratory analysis) by an
accredited auditor/certification body to
assess the entity, its facility, system(s),
and food using audit criteria for
consultative or regulatory audits,
including compliance with any
applicable requirements for preventative
controls, sanitation, monitoring,
verification, corrective actions, and
recalls, and, for consultative audits, also
includes an assessment of compliance
with applicable industry standards and
practices.
Audit agent means an individual who
is an employee or other agent of an
accredited auditor/certification body
who, although not individually
accredited, is qualified to conduct food
safety audits on behalf of an accredited
auditor/certification body. An audit
agent includes a contractor of the
accredited auditor/certification body.
Certification body means a foreign
government, agency of a foreign
government, foreign cooperative, or any
other third party that is eligible to be
considered for accreditation to conduct
food safety audits and to certify that
eligible entities meet applicable
requirements of the FD&C Act. A
certification body may be a single
individual or an organization. A
certification body may use audit agents
to conduct food safety audits.
Certification body has the same meaning
as Third-party auditor as that term is
defined in section 808 of the FD&C Act
and in this subpart.
Consultative audit means an audit of
an eligible entity:
(1) To determine whether such entity
is in compliance with applicable
requirements of the FD&C Act and
industry standards and practices; and
(2) The results of which are for
internal purposes only and cannot be
used to determine eligibility for a food
or facility certification issued under this
subpart or in meeting the requirements
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
for an onsite audit of a foreign supplier
under subpart L of this part.
Direct accreditation means
accreditation of a third-party auditor/
certification body by FDA.
Eligible entity means a foreign entity
that chooses to be subject to a food
safety audit by an accredited auditor/
certification body. Eligible entities
include foreign facilities subject to the
registration requirements of subpart H of
this part.
Facility means any structure, or
structures of an eligible entity under one
ownership at one general physical
location, or, in the case of a mobile
facility, traveling to multiple locations,
that manufactures/processes, packs, or
holds food for consumption in the
United States. Transport vehicles are
not facilities if they hold food only in
the usual course of business as carriers.
A facility may consist of one or more
contiguous structures, and a single
building may house more than one
distinct facility if the facilities are under
separate ownership. The private
residence of an individual is not a
facility. Non-bottled water drinking
water collection and distribution
establishments and their structures are
not facilities.
Facility certification means an
attestation, issued for purposes of
section 806 of the FD&C Act by an
accredited auditor/certification body,
after conducting a regulatory audit and
any other activities necessary to
establish that a facility meets the
applicable requirements of the FD&C
Act.
Food certification means an
attestation, issued for purposes of
section 801(q) of the FD&C Act by an
accredited auditor/certification body,
after conducting a regulatory audit and
any other activities necessary to
establish that a food meets the
applicable requirements of the FD&C
Act.
Food safety audit means a regulatory
audit or a consultative audit.
Foreign cooperative means an entity
that aggregates food from growers or
processors that is intended for export to
the United States.
Recognized accreditation body means
an accreditation body that FDA has
determined meets the applicable
requirements of this subpart and is
authorized to accredit third-party
auditors/certification bodies under this
subpart.
Regulatory audit means an audit of an
eligible entity:
(1) To determine whether such entity
is in compliance with the provisions of
the FD&C Act; and
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
45827
(2) The results of which are used in
determining eligibility for food
certification under section 801(q) of the
FD&C Act or facility certification under
section 806 of the FD&C Act, and may
be used by an importer in meeting the
requirements for an onsite audit of a
foreign supplier under subpart L of this
part.
Relinquishment means:
(1) With respect to an accreditation
body, a decision to cede voluntarily its
authority to accredit third-party
auditors/certification bodies as a
recognized accreditation body; and
(2) With respect to a third-party
auditor/certification body, a decision to
cede voluntarily its authority to conduct
food safety audits and to issue food and
facility certifications to eligible entities.
Self-assessment means a systematic
assessment conducted by an
accreditation body or by a third-party
auditor/certification body to determine
whether it meets the applicable
requirements of this subpart.
Third-party auditor means a foreign
government, agency of a foreign
government, foreign cooperative, or any
other third party that is eligible to be
considered for accreditation to conduct
food safety audits and to certify that
eligible entities meet the applicable
requirements of the FD&C Act. A thirdparty auditor may be a single individual
or an organization. A third-party auditor
may use audit agents to conduct food
safety audits. Third-party auditor has
the same meaning as Certification body
as that term is defined in this subpart.
(d) Limited exemptions from section
801(q) of the FD&C Act. (1) The
certification of food under section
801(q) of the FD&C Act does not apply
with respect to alcoholic beverages from
an eligible entity that is a facility that
meets the following two conditions:
(i) Under the Federal Alcohol
Administration Act (27 U.S.C. 201 et
seq.) or chapter 51 of subtitle E of the
Internal Revenue Code of 1986 (26
U.S.C. 5001 et seq.), the facility is a
foreign facility of a type that, if it were
a domestic facility, would require
obtaining a permit from, registering
with, or obtaining approval of a notice
or application from the Secretary of the
Treasury as a condition of doing
business in the United States; and
(ii) Under section 415 of the FD&C
Act, the facility is required to register as
a facility because it is engaged in
manufacturing/processing one or more
alcoholic beverages.
(2) Certification of food under section
801(q) of the FD&C Act does not apply
with respect to food other than alcoholic
beverages that is from a facility
described in paragraph (d)(1) of this
section, provided such food:
(i) Is in prepackaged form that
prevents any direct human contact with
such food; and
(ii) Constitutes not more than 5
percent of the overall sales of the
facility, as determined by the Secretary
of the Treasury.
§ 1.601
§ 1.610
Who is subject to this subpart?
(a) Accreditation bodies. Any
accreditation body seeking recognition
from FDA to accredit third-party
auditor/certification bodies for
conducting food safety audits and for
issuing food and facility certifications to
eligible entities.
(b) Third-party auditors/certification
bodies. Any third-party auditor/
certification body seeking accreditation
from a recognized accreditation body or
direct accreditation by FDA for:
(1) Conducting food safety audits; and
(2) Issuing food and facility
certifications that may be used in
satisfying a condition of admissibility of
an article of food under section 801(q)
of the FD&C Act; or in meeting the
eligibility requirements for the
Voluntary Qualified Importer Program
under section 806 of the FD&C Act.
(c) Eligible entities. Any eligible entity
seeking a food safety audit or a food or
facility certification from an accredited
auditor/certification body, except as
provided in paragraph (d) of this
section.
PO 00000
Frm 00047
Fmt 4701
Sfmt 4702
Recognition of Accreditation Bodies
Under This Subpart
Who is eligible for recognition?
An accreditation body is eligible for
recognition by FDA if it can
demonstrate that it meets the
requirements of §§ 1.611 to 1.615.
§ 1.611 What legal authority must an
accreditation body have to qualify for
recognition?
(a) An accreditation body seeking
recognition must demonstrate that it has
the authority (as a governmental entity
or through contractual rights) to perform
such assessments of a third-party
auditor/certification body as are
necessary to determine its capability to
audit and certify food facilities and
food, including authority to:
(1) Review any relevant records;
(2) Conduct onsite assessments of the
performance of third-party auditors/
certification bodies, such as by
witnessing the performance of a
statistically significant number of
personnel and other agents conducting
assessments;
(3) Perform any reassessments or
surveillance necessary to monitor
E:\FR\FM\29JYP4.SGM
29JYP4
45828
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
compliance of accredited auditors/
certification bodies; and
(4) Suspend, withdraw, or reduce the
scope of accreditation for failure to
comply with the requirements of
accreditation.
(b) An accreditation body seeking
recognition must demonstrate that it is
capable of exerting any authority
necessary to meet the requirements of
recognition in §§ 1.620 to 1.625 and the
procedures in §§ 1.630, 1.635, and
1.636, if recognized.
§ 1.612 What competency and capacity
must an accreditation body have to qualify
for recognition?
An accreditation body seeking
recognition must demonstrate that it
has:
(a) The resources required to
adequately implement its accreditation
program, including:
(1) Adequate numbers of personnel
and other agents with relevant
knowledge, skills, and experience to
effectively assess the qualifications of
third-party auditors/certification bodies
seeking accreditation and to effectively
monitor the performance of third-party
auditors/certification bodies; and
(2) Adequate financial resources for
its operations; and
(b) The capability to meet the
assessment and monitoring
requirements of §§ 1.620 and 1.621, the
reporting and notification requirements
of § 1.623, and the procedures in
§§ 1.630, 1.631, 1.635, and 1.636, if
recognized.
§ 1.613 What protections against conflicts
of interest must an accreditation body have
to qualify for recognition?
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
An accreditation body must
demonstrate that it has:
(a) Implemented written measures to
protect against conflicts of interest
between the accreditation body (and its
officers, personnel, and other agents)
and third-party auditors/certification
bodies (and their officers, personnel,
and other agents) seeking accreditation
from, or accredited by, such
accreditation body; and
(b) The capability to meet the conflict
of interest requirements in § 1.624, if
recognized.
§ 1.614 What quality assurance
procedures must an accreditation body
have to qualify for recognition?
An accreditation body seeking
recognition must demonstrate that it
has:
(a) Implemented a written program for
monitoring and assessing the
performance of its officers, personnel
and other agents and its accreditation
program, including procedures to:
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
(1) Identify areas in its accreditation
program or performance that need
improvement; and
(2) Quickly execute appropriate
corrective actions when problems are
found; and
(b) The capability to meet the quality
assurance requirements of § 1.622, if
recognized.
§ 1.615 What records procedures must an
accreditation body have to qualify for
recognition?
An accreditation body seeking
recognition must demonstrate that it
has:
(a) Implemented written procedures
to establish, control, and retain records
(including documents and data) for the
period of time necessary to meet its
contractual and legal obligations and to
provide an adequate basis for assessing
its program and performance; and
(b) Is capable of meeting the reporting
and notification requirements of § 1.623
and the records requirements of § 1.625,
if recognized.
Requirements for Recognized
Accreditation Bodies Under This
Subpart
§ 1.620 How must a recognized
accreditation body assess third-party
auditors/certification bodies seeking
accreditation?
(a) Prior to accrediting a third-party
auditor/certification body under this
subpart, a recognized accreditation body
must perform, at a minimum, the
following:
(1) In the case of a foreign government
or an agency of a foreign government,
such reviews and audits of its food
safety programs, systems, and standards
as are necessary to determine that it
meets the eligibility requirements of
§ 1.640(b) and any requirements
specified in FDA model accreditation
standards regarding qualifications for
accreditation, including legal authority,
competency, capacity, conflicts of
interest, quality assurance, and records.
(2) In the case of a foreign cooperative
that aggregates the products of growers
or processor or any other third-party
seeking accreditation as a third-party
auditor/certification body, such reviews
and audits of the training and
qualifications of audit agents used by
such cooperative or other third party
and such reviews of internal systems
and any other investigation of the
cooperative or other third party
necessary to determine that it meets the
eligibility requirements of § 1.640(c) and
any requirements specified in FDA
model accreditation standards regarding
qualifications for accreditation,
including legal authority, competency,
PO 00000
Frm 00048
Fmt 4701
Sfmt 4702
capacity, conflicts of interest, quality
assurance, and records.
(3) In conducting a review and audit
under paragraph (a)(1) or (a)(2) of this
section, observe a statistically
significant number of onsite audits
conducted by the third-party auditor/
certification body (or its audit agents) to
assess compliance with the applicable
requirements of the FD&C Act.
(b) A recognized accreditation body
must require a third-party auditor/
certification body, as a condition of
accreditation under this subpart, to
comply with the reports and notification
requirements of §§ 1.652 and 1.656 and
to agree to submit electronic food and
facility certifications, in English, to FDA
for purposes of sections 801(q) and 806
of the FD&C Act.
(c) A recognized accreditation body
must maintain records on any denial of
accreditation (in whole or in part) and
on any withdrawal, suspension, or
reduction in scope of accreditation of a
third-party auditor/certification body
under this subpart. The records must
include the name and contact
information for the third-party auditor/
certification body; the scope of
accreditation denied, withdrawn,
suspended, or reduced; and the basis for
such action.
(d) A recognized accreditation body
must implement written procedures for
receiving and addressing appeals from
any third-party auditor/certification
body challenging an adverse decision
associated with accreditation under this
subpart and for investigating and
deciding on appeals in a fair and
meaningful manner. The appeals
procedures must provide similar
protections to those offered by FDA
under §§ 1.692 and 1.693, including
requirements to:
(1) Make the appeals procedures
publicly available;
(2) Use competent, independent
persons to investigate and decide
appeals;
(3) Advise third-party auditors/
certification bodies of the final
decisions on their appeals; and
(4) Maintain records under § 1.625 of
appeals, final decisions on appeals, and
the bases for such decisions.
§ 1.621 How must a recognized
accreditation body monitor the performance
of third-party auditors/certification bodies it
accredits?
A recognized accreditation body must
annually conduct a comprehensive
assessment of the performance of each
auditor/certification body it accredited
under this subpart by reviewing the
auditor’s/certification body’s selfassessments (including information on
E:\FR\FM\29JYP4.SGM
29JYP4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
compliance with the conflict of interest
requirements of §§ 1.643 and 1.657); its
regulatory audit reports and
notifications submitted to FDA under
§ 1.656; and any other information
reasonably available to the accreditation
body:
(a) Regarding the compliance history
of eligible entities it certified; or
(b) That is otherwise relevant to a
determination whether the accredited
auditor/certification body is in
compliance with this subpart.
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
§ 1.622 How must a recognized
accreditation body monitor its own
performance?
(a) A recognized accreditation body
must annually, and as required under
§ 1.664(g), conduct a self-assessment
that includes evaluation of:
(1) The performance of its officers,
personnel, or other agents in activities
under this subpart and the degree of
consistency among such performances;
(2) The compliance of the
accreditation body and its officers,
personnel, and other agents, with the
conflict of interest requirements of
§ 1.624; and
(3) If requested by FDA, any other
aspects of its performance relevant to a
determination whether the accreditation
body is in compliance with this subpart.
(b) As a means to evaluate the
accreditation body’s performance, the
self-assessment must include onsite
observation of regulatory audits by a
statistically significant number of thirdparty auditors/certification bodies it
accredited under this subpart.
(c) Based on the evaluations
conducted under paragraphs (a) and (b)
of this section, the accreditation body
must:
(1) Identify any area(s) needing
improvement;
(2) Quickly implement effective
corrective action(s) to address those
area(s); and
(3) Establish and maintain records of
such corrective action(s) under § 1.625.
(d) The accreditation body must
prepare, and as required by § 1.623(b)
submit, a written report of the results of
its self-assessment that includes:
(1) A description of any corrective
actions taken under paragraph (c) of this
section;
(2) A statement disclosing the extent
to which the accreditation body, and its
officers, personnel, and other agents,
complied with the conflict of interest
requirements in § 1.624; and
(3) A statement attesting to the extent
to which the accreditation body
complied with applicable requirements
of this subpart.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
§ 1.623 What reports and notifications
must a recognized accreditation body
submit to FDA?
(a) Reporting results of assessments of
certification body performance. A
recognized accreditation body must
submit to FDA electronically, in
English, a report of the results of any
assessment conducted under § 1.621, no
later than 45 days after completing such
assessment. The report must include an
up-to-date list of any audit agent used
by the accredited auditor/certification
body to conduct food safety audits
under this subpart.
(b) Reporting results of accreditation
body self-assessments. A recognized
accreditation body must submit to FDA
electronically, in English, a report of the
results of an annual self-assessment
required under § 1.622, no later than 45
days after completing such selfassessment and, for a recognized
accreditation body subject to
§ 1.664(g)(1), must submit a report of
such self-assessment to FDA within 2
months.
(c) Immediate notification to FDA. A
recognized accreditation body must
notify FDA electronically, in English,
immediately upon:
(1) Granting accreditation to an
auditor/certification body under this
subpart, and include:
(i) The name, address, and telephone
number of the auditor/certification
body;
(ii) The name of one or more officers
of the auditor/certification body;
(iii) A list of the auditor’s/certification
body’s audit agents; and
(iv) The scope of accreditation and the
date on which it was granted.
(2) Withdrawing, suspending, or
reducing the scope of an accreditation
under this subpart, and include:
(i) The basis for such action; and
(ii) Any additional changes to
accreditation information previously
submitted to FDA under paragraph
(c)(1) of this section.
(3) Determining that an auditor/
certification body it accredited failed to
comply with § 1.653 in issuing a food or
facility certification under this subpart,
and include:
(i) The basis for such determination;
and
(ii) Any changes to accreditation
information previously submitted to
FDA under paragraph (c)(1) of this
section.
(d) Other notification to FDA. A
recognized accreditation body must
notify FDA electronically, in English,
within 30 days after:
(1) Denying accreditation (in whole or
in part) under this subpart and include:
PO 00000
Frm 00049
Fmt 4701
Sfmt 4702
45829
(i) The name, address, and telephone
number of the auditor/certification
body;
(ii) The name of one or more officers
of the auditor/certification body;
(iii) The scope of accreditation
requested; and
(iv) The basis for such denial.
(2) Making any significant change that
would affect the manner in which it
complies with the requirements in
§§ 1.610 to 1.625 and include:
(i) A description of the change; and
(ii) An explanation for the purpose of
the change.
§ 1.624 How must a recognized
accreditation body protect against conflicts
of interest?
(a) A recognized accreditation body
must implement a written program to
protect against conflicts of interest
between the accreditation body (and its
officers, personnel, and other agents)
and a third-party auditor/certification
body (and its officers, personnel, and
other agents) seeking accreditation from,
or accredited by, such accreditation
body, including the following:
(1) Ensuring that the accreditation
body (and its officers, personnel, or
other agents) do not own or have a
financial interest in, manage, or
otherwise control the third-party
auditor/certification body (or any
affiliate, parent, or subsidiary); and
(2) Prohibiting officers, personnel, or
other agents of the accreditation body
from accepting any money, gift, gratuity,
or item of value from the third-party
auditor/certification body.
(3) The items specified in paragraph
(a)(2) of this section do not include:
(i) Money representing payment of
fees for accreditation services and
reimbursement of direct costs associated
with an onsite audit or assessment of
the third-party auditor/certification
body; or
(ii) Meals, of de minimis value,
provided on the premises where the
audit or assessment is conducted.
(b) The financial interests of the
spouses and children younger than 18
years of age of officers, personnel, and
other agents of a recognized
accreditation body will be considered
the financial interests of such officers,
personnel, and other agents of the
accreditation body.
(c) A recognized accreditation body
must maintain on its Web site an up-todate list of the auditors/certification
bodies it accredited under this subpart
and must identify the duration and
scope of each accreditation and date(s)
on each the accredited auditor/
certification body paid any fee or
reimbursement associated with such
accreditation.
E:\FR\FM\29JYP4.SGM
29JYP4
45830
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
§ 1.625 What records requirements must a
recognized accreditation body meet?
(a) A recognized accreditation body
must maintain electronically for 5 years
records (including documents and data),
in English, demonstrating its
compliance with this subpart, including
records relating to:
(1) Applications for accreditation and
renewal of accreditation under § 1.660;
(2) Decisions to grant, deny, suspend,
withdraw, or reduce the scope of an
accreditation;
(3) Challenges to adverse
accreditation decisions under § 1.620(c);
(4) Its monitoring of accredited
auditors/certification bodies under
§ 1.621;
(5) Self-assessments and corrective
actions under § 1.622;
(6) Regulatory audit reports, including
any supporting information, that an
accredited auditor/certification body
may have submitted; and
(7) Any reports or notifications to
FDA under § 1.623, including any
supporting information.
(b) A recognized accreditation body
must make records required by
paragraph (a) of this section available
for inspection and copying promptly
upon written request of an authorized
FDA officer or employee at the place of
business of the accreditation body or at
a reasonably accessible location. If the
records required by paragraph (a) of this
section are requested by FDA
electronically, the records must be
submitted to FDA electronically, in
English, not later than 10 business days
after the date of the request.
(c) A recognized accreditation body
must not prevent or interfere with
FDA’s access to its accredited auditors/
certification bodies and the auditor/
certification body records required by
§ 1.658.
Procedures for Recognition of
Accreditation Bodies Under This
Subpart
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Jkt 229001
(a) FDA will review a recognition or
renewal application on a first in, first
out basis according to the date on which
the application was submitted in
complete form.
(b) FDA will evaluate any completed
recognition or renewal application to
determine whether the applicant meets
the eligibility requirements in § 1.610
and will notify the applicant, in writing,
whether the application has been
approved or denied. FDA may make
such notification electronically.
(c) When FDA notifies an applicant
that its recognition or renewal
application has been approved, the
notification will list any conditions
associated with the recognition.
(d) If FDA denies a recognition or
renewal application, the notification
will state the basis for such denial and
will provide the address and procedures
for requesting reconsideration of the
application under § 1.691.
(e) If FDA does not reach a final
decision on a renewal application before
an accreditation body’s recognition
terminates by expiration, FDA may
extend such recognition for a specified
period of time or until the agency
reaches a final decision on the renewal
application.
FDA may grant recognition of an
accreditation body for a period not to
exceed 5 years.
(a) Applicant for recognition. An
accreditation body seeking recognition
must submit an application
demonstrating that it meets the
eligibility requirements in § 1.610.
(b) Applicant for renewal of
recognition. An accreditation body
seeking renewal of its accreditation
must submit a renewal application
demonstrating that it continues to meet
the eligibility requirements in § 1.610.
(c) Submission. Recognition and
renewal applications and any
documents provided as part of the
application process must be submitted
19:00 Jul 26, 2013
§ 1.631 How will FDA review applications
for recognition and for renewal of
recognition?
§ 1.632 What is the duration of
recognition?
§ 1.630 How do I apply to FDA for
recognition or renewal of recognition?
VerDate Mar<15>2010
electronically, in English. An applicant
must provide any translation and
interpretation services needed by FDA
to process the application, including
during onsite audits or assessments of
the applicant by FDA.
(d) Signature. Recognition and
renewal applications must be signed by
the applicant or by any individual
authorized to act on behalf of the
applicant for purposes of seeking
recognition or renewal of recognition.
§ 1.633 How will FDA monitor recognized
accreditation bodies?
(a) FDA will periodically evaluate the
performance of each recognized
accreditation body to determine its
compliance with the applicable
requirements of this subpart. Such
evaluation must occur by at least 4 years
after the date of accreditation for a 5year term of recognition, or by no later
than mid-term point for recognition
granted for less than 5 years. FDA may
conduct additional performance
evaluations of a recognized
accreditation body at any time.
PO 00000
Frm 00050
Fmt 4701
Sfmt 4702
(b) An FDA performance evaluation
may include onsite assessments of
statistically significant numbers of
auditors/certification bodies the
recognized accreditation body
accredited and onsite audits of eligible
entities such auditors/certification
bodies certified. These may be
conducted at any time, with or without
the accreditation body or auditor/
certification body present.
§ 1.634
When will FDA revoke recognition?
(a) Grounds for revocation of
recognition. FDA will revoke the
recognition of an accreditation body for
any one or more of the following:
(1) Refusal to allow FDA to access
records required by § 1.625, or to
conduct an audit, assessment, or
investigation of the accreditation body
or of a third-party auditor/certification
body it accredited to ensure the
accreditation body’s continued
compliance with the requirements of
this subpart.
(2) Failure to take timely and
necessary corrective action when:
(i) The accreditation of an auditor/
certification body it accredited is
withdrawn by FDA under § 1.664(a);
(ii) A significant problem with the
accreditation body is identified through
self-assessment under § 1.622,
monitoring under § 1.621, or selfassessment by one or more of its
accredited auditors/certification bodies
under § 1.655; or
(iii) Directed by FDA to ensure
compliance with this subpart.
(3) A determination by FDA that the
accreditation body has committed fraud
or has submitted material false
statements to the agency.
(4) A determination by FDA that there
is otherwise good cause for revocation,
including:
(i) Demonstrated bias or lack of
objectivity when conducting activities
under this subpart; or
(ii) Failure to adequately support one
or more decisions to grant accreditation
under this subpart.
(b) Records request associated with
revocation. To assist in determining
whether revocation is warranted under
paragraph (a) of this section, FDA may
request records of the accreditation
body required by § 1.625 or the records,
required by § 1.658, of one or more of
the auditors/certification bodies it
accredited under this subpart.
(c) Notice to the accreditation body of
revocation of recognition. (1) Upon
revocation, FDA will notify the
accreditation body electronically, in
English, stating the grounds for
revocation, the procedures for
requesting a regulatory hearing under
E:\FR\FM\29JYP4.SGM
29JYP4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
§ 1.693 on the revocation, and the
procedures for requesting reinstatement
of recognition under § 1.636.
(2) Within 10 business days of the
date of revocation, the accreditation
body must notify FDA electronically, in
English, of the location where the
records required by § 1.625 will be
maintained.
(d) Effect of revocation of recognition
on accredited auditors/certification
bodies. (1) FDA will notify an accredited
auditor/certification body, electronically
and in English, if the recognition of its
accreditation body is revoked. Such
auditor’s/certification body’s
accreditation will remain in effect if the
auditor/certification body:
(i) No later than 2 months after the
revocation, conducts a self-assessment
under § 1.655 and reports the results of
the self-assessment to FDA under
§ 1.656(b); and
(ii) No later than 1 year after the
revocation, becomes accredited by a
recognized accreditation body or by
FDA through direct accreditation.
(2) FDA may withdraw the
accreditation of a third-party auditor/
certification body whenever FDA
determines there is good cause for
withdrawal of accreditation under
§ 1.664.
(e) Effect of revocation of recognition
on food or facility certifications issued
to eligible entities. A food or facility
certification issued by an auditor/
certification body accredited by an
accreditation body prior to revocation of
recognition will remain in effect until
the certificate terminates by expiration.
If FDA has reason to believe that a food
certification issued for purposes of
section 801(q) of the FD&C Act is not
valid or reliable, FDA may refuse to
consider the certification in determining
the admissibility of the article of food
for which the certification was offered.
(f) Public notice of revocation and the
status of accreditations and food and
facility certifications. FDA will provide
notice on the Web site described in
§ 1.690 of the revocation of recognition
of an accreditation body under this
subpart.
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
§ 1.635 How do I voluntarily relinquish
recognition?
(a) An accreditation body that decides
to relinquish recognition before it
terminates by expiration must notify
FDA electronically, in English, at least
6 months before relinquishing such
authority and must identify the location
where the records required by § 1.625
will be maintained. An accreditation
body waives the right to a hearing when
relinquishing its recognition under this
subpart.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
(b) No later than 15 business days
after notifying FDA, the accreditation
body must notify any third-party
auditor/accreditation body currently
accredited that it intends to relinquish
its recognition, specify the date on
which it will occur. The accreditation
body must establish and maintain
records of such notification under
§ 1.625.
(c) An accreditation granted by an
accreditation body prior to
relinquishing its recognition will remain
in effect, subject to reaccreditation
under § 1.665, except where FDA
determines that there is good cause for
withdrawal of accreditation under
§ 1.664.
(d) A food certification issued by such
accredited auditor/certification body
will remain in effect until it terminates
by expiration, unless FDA requires
renewal of the certification under
section 801(q)(4)(A) of the FD&C Act
prior to its expiration. If FDA has reason
to believe that a certification issued for
purposes of section 801(q) of the FD&C
Act is not valid or reliable, FDA may
refuse to consider the certification in
determining the admissibility of the
article of food for which the certification
was offered.
(e) FDA will provide notice on the
Web site described in § 1.690 of the
voluntary relinquishment of recognition
of an accreditation body. The notice will
describe the effect, if any, on any thirdparty auditor/certification body it
accredited and on any food or facility
certifications such auditor/certification
body issued under this subpart.
§ 1.636 How do I request reinstatement of
recognition?
(a) Application following revocation.
An accreditation body that has had its
recognition revoked may seek
reinstatement by submitting a new
application for recognition under
§ 1.630, or may be required to submit
such application after a determination
in a regulatory hearing under § 1.693
that revocation was appropriate. The
accreditation body must submit
evidence that the grounds for revocation
have been resolved, including evidence
addressing the cause or conditions that
were the basis for revocation and
identifying measures that have been
implemented to help ensure that such
cause(s) or condition(s) are unlikely to
recur.
(b) Application following
relinquishment. An accreditation body
that previously relinquished its
recognition under § 1.635 may seek
recognition by submitting a new
application for recognition under
§ 1.630.
PO 00000
Frm 00051
Fmt 4701
Sfmt 4702
45831
Accreditation of Third-Party Auditors/
Certification Bodies Under This
Subpart
§ 1.640
Who is eligible for accreditation?
(a) A foreign government, agency of a
foreign government, foreign cooperative,
or any other third party may seek
accreditation from a recognized
accreditation body (or, where direct
accreditation is appropriate, FDA) to
conduct food safety audits and to issue
food and facility certifications to eligible
entities under this subpart.
(b) A foreign government or an agency
of a foreign government is eligible for
accreditation if it can demonstrate that
its food safety programs, systems, and
standards meet the requirements of
§§ 1.641 to 1.645, as specified in FDA
model standards on qualifications for
accreditation, including legal authority,
competency, capacity, conflicts of
interest, quality assurance, and records.
(c) A foreign cooperative or other
third party is eligible for accreditation if
it can demonstrate that the training and
qualifications of its audit agents and its
internal systems and standards meet the
requirements of §§ 1.641 to 1.645, as
specified in FDA model standards on
qualifications for accreditation,
including legal authority, competency,
capacity, conflicts of interest, quality
assurance, and records.
§ 1.641 What legal authority must a thirdparty auditor/certification body have to
qualify for accreditation?
(a) A third-party auditor/certification
body seeking accreditation from a
recognized accreditation body or from
FDA must demonstrate that it has the
authority (as a governmental entity or
through contractual rights) to perform
such assessments of facilities, their
process(es), and food(s) as are necessary
to determine compliance with the FD&C
Act and with industry standards and
practices and to issue certifications
where appropriate based on a review of
the findings of such assessments. This
includes authority to:
(1) Review any relevant records;
(2) Conduct onsite audits of the
eligible entity, such as witnessing the
performance of a statistically significant
number of personnel and other agents
conducting audits of food facilities; and
(3) Suspend or withdraw certification
for failure to comply with applicable
requirements.
(b) A third-party auditor/certification
body seeking accreditation must
demonstrate that it is capable of exerting
any authority necessary to meet the
requirements of accreditation in
§§ 1.650 to 1.658 and the procedures in
§§ 1.660, 1.663, 1.665, 1.666, and 1.670,
if accredited.
E:\FR\FM\29JYP4.SGM
29JYP4
45832
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
§ 1.642 What competency and capacity
must a third-party auditor/certification body
have to qualify for accreditation?
§ 1.645 What records procedures must a
third-party auditor/certification body have
to qualify for accreditation?
A third-party auditor/certification
body seeking accreditation must
demonstrate that it has:
(a) The resources necessary to fully
implement its audit and certification
program, including:
(1) Adequate numbers of personnel
and other agents with relevant
knowledge, skills, and experience to
effectively audit and assess compliance
with applicable FDA requirements and
industry standards and practices and to
issue valid and reliable certifications;
and
(2) Adequate financial resources for
its operations; and
(b) The competency and capacity to
meet the requirements of §§ 1.650 to
1.658 and the procedures in §§ 1.660,
1.663, 1.665, 1.666, and 1.670, if
accredited.
A third-party auditor/certification
body seeking accreditation must
demonstrate that it:
(a) Implemented written procedures
to establish, control, and retain records
(including documents and data) for a
period of time necessary to meet its
contractual and legal obligations and to
provide an adequate basis for assessing
its program and performance; and
(b) Is capable of meeting the reporting
and notification requirements of § 1.656
and the records requirements of § 1.658,
if accredited.
§ 1.643 What protections against conflicts
of interest must a third-party auditor/
certification body have to qualify for
accreditation?
A third-party auditor/certification
body must demonstrate that it has:
(a) Implemented written measures to
protect against conflicts of interest
between the auditor/certification body
(and its officers, personnel, and other
agents) and eligible entities (and their
owners and operators) seeking
assessment and certification from, or
assessed and certified by, such auditor/
certification body; and
(b) The capability to meet the conflict
of interest requirements in § 1.657, if
accredited.
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
§ 1.644 What quality assurance
procedures must a third-party auditor/
certification body have to qualify for
accreditation?
A third-party auditor/certification
body seeking accreditation must
demonstrate that it has:
(a) Implemented a written program for
monitoring and assessing the
performance of its officers, personnel,
and other agents involved in auditing
and certification activities, including
procedures to:
(1) Identify areas in its auditing and
certification program or performance
that need improvement; and
(2) Quickly execute appropriate
corrective actions when problems are
found; and
(b) The capability to meet the quality
assurance requirements of § 1.655, if
accredited.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
Requirements for Accredited Auditors/
Certification Bodies Under This
Subpart
§ 1.650 How must an accredited auditor/
certification body ensure its audit agents
are competent and objective?
(a) An accredited auditor/certification
body that uses audit agents to conduct
food safety audits must ensure that each
such agent meets the following
requirements with respect to the scope
of its accreditation under this subpart:
(1) Has relevant knowledge and
experience that provides an adequate
basis for the agent to assess compliance
with the FD&C Act and, for consultative
audits, industry standards and practices;
(2) Has been determined by the
accredited auditor/certification body,
through observations of a representative
number of audits, to be competent to
conduct food safety audits under this
subpart;
(3) Participates in annual food safety
training under the accredited auditor’s/
certification body’s training plan;
(4) Is in compliance with the conflict
of interest requirements of § 1.657 and
has no other conflicts of interest with
the eligible entity to be audited that
might impair the agent’s objectivity; and
(5) Agrees to notify its accredited
auditor/certification body immediately
upon discovering, during a food safety
audit, any condition that could cause or
contribute to a serious risk to the public
health.
(b) In assigning an audit agent to
conduct a food safety audit at a
particular eligible entity, an accredited
auditor/certification body must
determine that the agent is qualified to
conduct such audit under the criteria
established in paragraph (a) of this
section and based on the scope and
purpose of the audit and the type of
facility, its process(es), and food.
(c) An accredited auditor/certification
body cannot use an audit agent to
conduct a regulatory audit at an eligible
entity if such agent conducted a
PO 00000
Frm 00052
Fmt 4701
Sfmt 4702
consultative audit or regulatory audit for
the same eligible entity in the preceding
13 months, except that such limitation
may be waived if the accredited auditor/
certification body demonstrates to FDA,
under § 1.663, there is insufficient
access to accredited auditors/
certification bodies in the country or
region where the eligible entity is
located or in the country of export.
§ 1.651 How must an accredited auditor/
certification body conduct a food safety
audit of an eligible entity?
(a) Audit planning. Before beginning
to conduct a food safety audit under this
subpart, an accredited auditor/
certification body must:
(1) Require the entity seeking an audit
to:
(i) Identify the scope and purpose of
the food safety audit, including the
facility, process(es), or food to be
audited; whether the audit is to be
conducted as a consultative or
regulatory audit, and if a regulatory
audit, the type(s) of certification(s)
sought; and
(ii) Provide a 30-day operating
schedule for such facility that includes
information relevant to the scope and
purpose of the audit; and
(2) Determine whether the requested
audit is within its scope of
accreditation.
(b) Authority to audit. In arranging a
food safety audit with an eligible entity,
an accredited auditor/certification body
must ensure it has authority, whether
contractual or otherwise, to:
(1) Conduct an unannounced audit to
verify whether the activities and results
of the eligible entity (within the scope
of the audit) comply with the applicable
requirements of the FD&C Act and, for
consultative audits, industry standards
and practices;
(2) Access any records and any area
of the facility, its process(es), and food
of the eligible entity relevant to the
scope and purpose of such audit and,
where appropriate, to issue food and
facility certifications;
(3) Where FDA requires sampling and
analysis, use of validated sampling or
analytical methodologies and analysis
by a laboratory that is accredited, in
accordance with the requirements of
section 422 of the FD&C Act;
(4) Notify FDA immediately if, at any
time during a food safety audit, the
accredited auditor/certification body (or
its audit agent, where applicable)
discovers a condition that could cause
or contribute to a serious risk to the
public health and provide information
required by § 1.656(c);
(5) Prepare reports of consultative
audits that contain the elements
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
specified in § 1.652(a) and, for
regulatory audits, prepare reports that
contain the elements specified in
§ 1.652(b) and submit them to FDA and
to its accreditation body (where
applicable) under § 1.656(a); and
(6) Allow FDA and the recognized
accreditation body that accredited such
third-party auditor/certification body, if
any, to observe any food safety audit for
purposes of evaluating the accredited
auditor’s/certification body’s
performance under §§ 1.621 and 1.662
or, where appropriate, the recognized
accreditation body’s performance under
§§ 1.622 and 1.633.
(c) Audit protocols. An accredited
auditor/certification body (or its audit
agent, where applicable) must conduct a
food safety audit in a manner consistent
with the identified scope and purpose of
the audit and within the scope of its
accreditation.
(1) The audit must be conducted
without announcement during the 30day timeframe identified under
paragraph (a)(1)(ii) of this section and
must be focused on the highest food
safety risk(s) associated with the facility,
its process(es), and food within the
scope of the audit.
(2) The audit must include records
review; an onsite assessment of the
facility, its process(es), and the food that
results from such process(es); and where
appropriate, environmental or product
sampling and analysis, using validated
procedures (including sample integrity
procedures) and analysis performed by
a laboratory accredited in accordance
with the requirements of section 422 of
the FD&C Act. The audit may include
any other activities necessary to
establish compliance with the FD&C
Act.
(3) The audit must be sufficiently
rigorous to allow the accredited auditor/
certification body to determine whether
the entity is in compliance with the
FD&C Act at the time of the audit; and
for a regulatory audit, whether the entity
would be likely to remain in compliance
with the applicable requirements of the
FD&C Act for at least 12 months
following the audit, provided that the
facility and its process(es) are properly
maintained and implemented.
(4) Audit observations and
assessments, including corrective
actions, must be documented and must
be used to support the findings
contained in the audit report required
by § 1.652 and maintained as a record of
the accredited auditor/certification body
under § 1.658.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
§ 1.652 What must an accredited auditor/
certification body include in food safety
audit reports?
(a) Consultative audits. An accredited
auditor/certification body must prepare
a report of a consultative audit, in
English, not later than 45 days after
completing such audit and must
maintain such report under § 1.658. A
consultative audit report must include:
(1) The name and address of the
facility subject to audit and the name
and address of the eligible entity, if
different from the facility;
(2) A unique facility identifier, as
required by FDA, for the facility and for
the eligible entity, if different from the
facility;
(3) The names and telephone numbers
of the persons responsible for food
safety compliance at the facility;
(4) The dates and scope of the audit;
and
(5) Any deficiencies observed that
require corrective action, the corrective
action plan, and the date on which such
corrective actions were completed. Such
audit report must be maintained as a
record under § 1.658 and must be made
available to FDA under § 1.361.
(b) Regulatory audits. An accredited
auditor/certification body must, no later
than 45 days after completing a
regulatory audit, prepare and submit
electronically, in English, to FDA and to
its accreditation body (or, in the case of
direct accreditation, only to FDA) a
report of such regulatory audit that
includes the following information:
(1) The identity of the audited facility,
including:
(i) The name and address of the
facility subject to audit and a unique
facility identifier, as required by FDA;
and
(ii) Where applicable, the FDA
registration number assigned to the
facility under subpart H of this part;
(2) The identity of the eligible entity,
including the name, address, and
unique facility identifier, as required by
FDA, of the eligible entity (if different
than that of facility);
(3) The dates and scope of the
regulatory audit;
(4) The process(es) and food(s)
observed during such audit;
(5) The identity of the person(s)
responsible for the facility’s compliance
with the applicable requirements of the
FD&C Act;
(6) Any deficiencies observed during
the audit that present a reasonable
probability that the use of or exposure
to a violative product:
(i) Will cause serious adverse health
consequences or death; or
(ii) May cause temporary or medically
reversible adverse health consequences
PO 00000
Frm 00053
Fmt 4701
Sfmt 4702
45833
or where the probability of serious
adverse health consequences is remote;
(7) The corrective action plan for
addressing each deficiency identified
under paragraph (b)(6) of this section,
unless corrective action was
implemented immediately and verified
onsite by the accredited auditor/
certification body (or its audit agent);
(8) Whether any sampling and
laboratory analysis (e.g., under a
microbiological sampling plan) is used
in the facility;
(9) Whether the entity has issued a
food safety-related recall of an article of
food from the facility during the 2 years
preceding the audit and, if so, any such
article(s) recalled and the reason(s) for
the recall(s);
(10) Whether the entity has made
significant changes to the facility, its
process(es), or products during the 2
years preceding the audit; and
(11) Any food or facility certifications
issued to the entity during the 2 years
preceding the audit, including the scope
and duration of each such certification.
(c) Submission of regulatory audit
report. An accredited auditor/
certification body must submit a
completed regulatory audit report as
required by paragraph (b) of this section,
regardless of whether the food or facility
certification was issued under this
subpart.
(d) Appeals of adverse regulatory
audit results. An accredited auditor/
certification body must implement
written procedures for receiving and
addressing appeals from eligible entities
challenging adverse regulatory audit
results and for investigating and
deciding on appeals in a fair and
meaningful manner. The appeals
procedures must provide similar
protections to those offered by FDA
under §§ 1.692 and 1.693, including
requirements to:
(1) Make the appeals procedures
publicly available;
(2) Use qualified persons, different
from those involved in the subject of the
appeal, to investigate and decide on an
appeal;
(3) Advise the eligible entity of the
final decision on its appeal; and
(4) Maintain records under § 1.658 of
the appeal, the final decision, and the
basis for such decision.
§ 1.653 What must accredited auditor/
certification body do when issuing food or
facility certifications?
(a) Basis for issuance of a food or
facility certification. (1) Prior to issuing
a food or facility certification to an
eligible entity, an accredited auditor/
certification body (or an audit agent on
its behalf) must complete a regulatory
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
45834
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
audit that meets the requirements of
§ 1.651 and any other activities that may
be necessary to establish compliance
with applicable requirements of the
FD&C Act.
(2) If, as a result of an observation
during a regulatory audit, an eligible
entity must implement a corrective
action plan to address an observation,
an accredited auditor/certification body
may not issue a food or facility
certification to such entity until after the
accredited auditor/certification body
verifies that eligible entity has
implemented the corrective action plan
through onsite observation, except for
corrective actions taken to address
recordkeeping deficiencies that may be
verified through submission of records
or through assurances by the eligible
entity.
(3) An accredited auditor/certification
body must consider each observation
and assessment made during a
regulatory audit and other activities
conducted under § 1.651 to determine
whether the entity was in compliance
with the applicable requirements of the
FD&C Act at the time of the audit and
whether the entity would be likely to
remain in compliance for the duration
of a food or facility certification issued
under this subpart.
(4) A single regulatory audit may
result in issuance of one or more food
or facility certifications under this
subpart, provided that the requirements
of issuance are met as to each such
certification.
(5) Where an accredited auditor/
certification body uses an audit agent to
conduct a regulatory audit of an eligible
entity under this subpart, the accredited
auditor/certification body (and not the
audit agent) must make the
determination whether to issue a food or
facility certification based on the results
of such regulatory audit.
(b) Issuance of a food or facility
certification and submission to FDA. (1)
For purposes of submission to FDA
under this subpart, an accredited
auditor/certification body must issue a
food or facility certification
electronically and in English. The
accredited auditor/certification body
must not issue a food or facility
certification under this subpart for a
term that is longer than 12 months.
(2) A food or facility certification
must contain, at a minimum, the
following elements:
(i) The name and address of the
accredited auditor/certification body
and the scope and date of its
accreditation under this subpart;
(ii) The name, address, and unique
facility identifier, as required by FDA, of
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
the eligible entity to which the food or
facility certification was issued;
(iii) The name, address, and unique
facility identifier, as required by FDA, of
the facility where the audit was
conducted, if different than the eligible
entity;
(iv) The scope and date(s) of the audit;
(v) The name of the audit agent(s)
(where applicable) conducting the audit;
(vi) The scope of the food or facility
certification, date of issuance, and date
of expiration.
(3) FDA may refuse to accept any food
certification or other assurance for food
issued by an accredited auditor/
certification body for purposes of
section 801(q) of the FD&C Act, if FDA
determines, under section 801(q)(4)(B),
that such food certification or assurance
was not validly issued or does not
reliably demonstrate that the food is in
compliance with the applicable
requirements of the FD&C Act,
including the following:
(i) That the food certification or
assurance is offered in support of the
admissibility of a food that was not
within the scope of the certification or
assurance; and
(ii) That the food certification was
issued by an accredited auditor/
certification body acting outside the
scope of its accreditation under this
subpart.
§ 1.654 When must an accredited auditor/
certification body monitor an eligible entity
with food or facility certification?
If an accredited auditor/certification
body has reason to believe that an
eligible entity to which it issued a food
or facility certification may no longer be
in compliance with the applicable
requirements of the FD&C Act, the
accredited auditor/certification body
must conduct any monitoring (including
an onsite assessment) of such eligible
entity necessary to determine whether
the entity is in compliance. The
accredited auditor/certification body
must immediately notify FDA, under
§ 1.656(d), if it determines the entity is
no longer in compliance with the
applicable requirements of the FD&C
Act. The accredited auditor/certification
body must maintain records of such
monitoring under § 1.658.
§ 1.655 How must an accredited auditor/
certification body monitor its own
performance?
(a) An accredited auditor/certification
body must annually, and as required
under § 1.634(d)(1)(i) or upon FDA
request made for cause, conduct a selfassessment that includes evaluation of:
(1) The performance of its officers,
personnel, or other agents in activities
PO 00000
Frm 00054
Fmt 4701
Sfmt 4702
under this subpart, including assessing
whether its audit agents focused on the
most significant risks to human and/or
animal health when conducting food
safety audits of facilities involved in the
production, manufacturing, processing,
packing, or holding of food;
(2) The degree of consistency among
its officers, personnel, or other agents in
performing activities under this subpart,
including assessing whether its audit
agents interpreted audit protocols in a
consistent manner;
(3) The compliance of the accredited
auditor/certification body and its
officers, personnel, and other agents,
with the conflict of interest
requirements of § 1.657;
(4) Actions taken in response to the
results of any assessments conducted by
FDA or, where applicable, the
recognized accreditation body under
§ 1.621; and
(5) As requested by FDA, any other
aspects of its performance relevant to a
determination whether the accredited
auditor/certification body is in
compliance with this subpart.
(b) As a means to evaluate its
performance, the accredited auditor/
certification body may evaluate the
compliance of one or more of eligible
entities to which food or facility
certification was issued under this
subpart.
(c) Based on the evaluations
conducted under paragraphs (a) and (b)
of this section, the accredited auditor/
certification body must:
(1) Identify any area(s) needing
improvement;
(2) Quickly implement effective
corrective action(s) to address those
area(s); and
(3) Under § 1.658, establish and
maintain records of such corrective
action(s).
(d) The accredited auditor/
certification body must prepare a
written report, in English, of the results
of its self-assessment that includes:
(1) A description of any corrective
action(s) taken under paragraph (c) of
this section;
(2) A statement disclosing the extent
to which the accredited auditor/
certification body, and its officers,
personnel, and other agents complied
with the conflict of interest
requirements in § 1.657; and
(3) A statement attesting to the extent
to which the accredited auditor/
certification body complied with the
applicable requirements of this subpart.
§ 1.656 What reports and notifications
must an accredited auditor/certification
body submit?
(a) Reporting results of regulatory
audits. An accredited auditor/
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
certification body must submit a
regulatory audit report, as described in
§ 1.652(b), electronically, in English, to
FDA and to the accreditation body that
granted its accreditation (where
applicable), no later than 45 days after
completing such audit.
(b) Reporting results of accredited
auditor/certification body selfassessments. An accredited auditor/
certification body must submit the
report of its annual self-assessment
required by § 1.655 electronically to its
accreditation body (or, in the case of
direct accreditation, FDA), within 45
days of the anniversary date of its
accreditation under this subpart and, for
an accredited auditor/certification body
subject to § 1.634(d)(1)(i) or an FDA
request for cause, must submit the
report of its self-assessment to FDA
within 2 months. Such report must
include an up-to-date list of any audit
agents it uses to conduct audits under
this subpart.
(c) Notification to FDA of a serious
risk to public health. An accredited
auditor/certification body must
immediately notify FDA electronically,
in English, when any of its audit agents
or the accredited auditor/certification
body itself, discovers any condition,
found during a regulatory or
consultative audit of an eligible entity,
which could cause or contribute to a
serious risk to the public health,
providing the following information:
(1) The name and address of the
eligible entity subject to the audit;
(2) The name and address of the
facility where the condition was
discovered (if different from that of the
eligible entity) and, where applicable,
the FDA registration number assigned to
the facility under subpart H of this part;
and
(3) The condition for which
notification is submitted.
(d) Immediate notification to FDA of
withdrawal or suspension of food or
facility certification. An accredited
auditor/certification body must notify
FDA electronically, in English,
immediately upon withdrawing or
suspending the food or facility
certification of an eligible entity and the
basis for such action.
(e) Notification to its accreditation
body or an eligible entity. (1) After
notifying FDA under paragraph (c) of
this section, an accredited auditor/
certification body must immediately
notify the eligible entity of such
condition and must immediately
thereafter notify the accreditation body
that granted its accreditation, except for
auditors/certification bodies directly
accredited by FDA.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
(2) An accredited auditor/certification
body must notify its accreditation body
(or, in the case of direct accreditation,
FDA) electronically, in English, within
30 days after making any significant
change that would affect the manner in
which it complies with the
requirements of §§ 1.640 to 1.658, and
must include with such notification the
following information:
(i) A description of the change; and
(ii) An explanation for the purpose of
the change.
§ 1.657 How must an accredited auditor/
certification body protect against conflicts
of interest?
(a) An accredited auditor/certification
body must implement a written program
to protect against conflicts of interest
between the accredited auditor/
certification body (and its officers,
personnel, and agents) and an eligible
entity seeking a food safety audit or food
or facility certification from, or audited
or certified by, such accredited auditor/
certification body, including the
following:
(1) Ensuring that the accredited
auditor/certification body and its
officers, personnel, or agents (other than
audit agents subject to paragraph (a)(2)
of this section) do not own or have a
financial interest in, manage, or
otherwise control an eligible entity to be
certified, or any affiliate, parent, or
subsidiary of the entity;
(2) Ensuring that an audit agent of the
accredited auditor/certification body
does not own or operate an eligible
entity, or any affiliate, parent, or
subsidiary of the entity, to be subject to
consultative or regulatory audit by such
agent; and
(3) Prohibiting an officer, employee,
or other agent of the accredited auditor/
certification body from accepting any
money, gift, gratuity, or item of value
from the eligible entity to be audited or
certified under this subpart.
(4) The items specified in paragraph
(a)(3) of this section do not include:
(i) Money representing payment of
fees for accreditation services and
reimbursement of direct costs associated
with an onsite audit or assessment of
the third-party auditor/certification
body; or
(ii) Meals, of de minimis value,
provided on the premises where the
audit or assessment is conducted.
(b) An accredited auditor/certification
body may accept the payment of fees for
auditing and certification services and
the reimbursement of direct costs
associated with an audit of an eligible
entity only after the date on which the
report of such audit was completed or
the date a food or facility certification
PO 00000
Frm 00055
Fmt 4701
Sfmt 4702
45835
was issued, whichever is later. Such
payment is not considered a conflict of
interest for purposes of paragraph (a) of
this section.
(c) The financial interests of the
spouses and children younger than 18
years of age of officers, personnel, and
other agents of an accredited auditor/
certification body will be considered the
financial interests of such officers,
personnel, and other agents of the
accredited auditor/certification body for
purposes of this subpart.
(d) An accredited auditor/certification
body must maintain on its Web site an
up-to-date list of the eligible entities to
which it has issued food or facility
certifications under this subpart. For
each such eligible entity, the Web site
also must identify the duration and
scope of the food or facility certification
and date(s) on which the eligible entity
paid the accredited auditor/certification
body any fee or reimbursement
associated with such audit or
certification.
§ 1.658 What records requirements must
an accredited auditor/certification body
meet?
(a) An accredited auditor/certification
body must maintain electronically for 4
years records (including documents and
data), in English, that document
compliance with this subpart,
including:
(1) Any audit report and other
documents resulting from a consultative
audit conducted under this subpart,
including the audit agent’s observations,
laboratory testing records and results (as
applicable), correspondence with the
eligible entity, and corrective actions to
address deficiencies identified during
the audit;
(2) Any request for a regulatory audit
from an eligible entity;
(3) Any audit report and other
documents resulting from a regulatory
audit conducted under this subpart,
including the audit agent’s observations,
laboratory testing records and results (as
applicable), correspondence with the
eligible entity, and corrective actions to
address deficiencies identified during
the audit;
(4) Any notification submitted by an
audit agent to the accredited auditor/
certification body under § 1.650(a)(5) or
by the accredited auditor/certification
body to FDA under § 1.656(c);
(5) Any food or facility certification
issued under this subpart;
(6) Any challenge to an adverse
regulatory audit decision and the
disposition of the challenge;
(7) Any monitoring it conducted of an
eligible entity to which food or facility
certification was issued;
E:\FR\FM\29JYP4.SGM
29JYP4
45836
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
(8) Its self-assessments and corrective
actions taken as a result; and
(9) Significant changes to the auditing
or certification program that might affect
compliance with this subpart.
(b) An accredited auditor/certification
body must make the records of a
consultative audit required by
paragraph (a)(1) of this section available
to FDA in accordance with the
requirements of subpart J of this
chapter.
(c) An accredited auditor/certification
body must make the records required by
paragraphs (a)(2) to (a)(9) of this section
available for inspection and copying
promptly upon written request of an
authorized FDA officer or employee at
the place of business of the auditor/
certification body or at a reasonably
accessible location. If such records are
requested by FDA electronically, the
records must be submitted
electronically, in English, not later than
10 business days after the date of the
request.
Procedures for Accreditation of ThirdParty Auditors/Certification Bodies
Under This Subpart
§ 1.660 Where do I apply for accreditation
or renewal of accreditation by a recognized
accreditation body?
Except as allowed under § 1.670, a
third-party auditor/certification body
seeking accreditation must submit its
request for accreditation or renewal of
accreditation to an accreditation body
recognized by FDA under this subpart
and identified on the Web site described
in § 1.690.
§ 1.661 What is the duration of
accreditation?
A recognized accreditation body may
grant accreditation to a third-party
auditor/certification body under this
subpart for a period not to exceed 4
years.
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
§ 1.662 How will FDA monitor accredited
auditors/certification bodies?
(a) FDA will periodically evaluate the
performance of each auditor/
certification body accredited under this
subpart to determine whether the
accredited auditor/certification body
continues to comply with the
requirements of §§ 1.640 to 1.658 and
whether there are deficiencies in the
performance of the accredited auditor/
certification body that, if not corrected,
would warrant withdrawal of its
accreditation under this subpart. FDA
will evaluate each directly accredited
auditor/certification body annually.
FDA will evaluate an accredited
auditor/certification body annually
evaluated by a recognized accreditation
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
body under § 1.621 by not later than 3
years after the date of accreditation for
a 4-year term of accreditation, or by no
later than the mid-term point for
accreditation granted for less than 4
years. FDA may conduct additional
performance evaluations of an
accredited auditor/certification body at
any time.
(b) In evaluating the performance of
an accredited auditor/certification body
under paragraph (a) of this section, FDA
may review any one or more of the
following:
(1) Regulatory audit reports and food
and facility certifications;
(2) The accredited auditor’s/
certification body’s annual selfassessments under § 1.655;
(3) Reports of assessments by a
recognized accreditation body under
§ 1.621, where applicable;
(4) Documents and other information
regarding the accredited auditor’s/
certification body’s authority,
qualifications (including the expertise
and training of its audit agents), conflict
of interest program, internal quality
assurance program, and monitoring by
its accreditation body (or, in the case of
direct accreditation, FDA); and
(5) Information obtained by FDA,
including during inspections, audits,
onsite observations, or investigations, of
one or more eligible entities to which
food or facility certification was issued
by such accredited auditor/certification
body.
(c) FDA may conduct its evaluation of
an accredited auditor/certification body
through onsite observations of
performance during a food safety audit
of an eligible entity or through
document review.
§ 1.663 How do I request an FDA waiver or
waiver extension for the 13-month limit for
audit agents conducting regulatory audits?
(a) An accredited auditor/certification
body may submit a request to FDA to
waive the requirements of § 1.650(c)
preventing an audit agent from
conducting a regulatory audit of an
eligible entity if the agent has conducted
a food safety audit of such entity during
the previous 13 months. The auditor/
certification body seeking a waiver or
waiver extension must demonstrate
there is insufficient access to accredited
auditors/certification bodies in the
country or region where the eligible
entity is located.
(b) Requests for a waiver or waiver
extension and all documents provided
in support of the request must be
submitted to FDA electronically, in
English. The requestor must provide
such translation and interpretation
PO 00000
Frm 00056
Fmt 4701
Sfmt 4702
services as are needed by FDA to
process the request.
(c) The request must be signed by the
requestor or by any individual
authorized to act on behalf of the
requestor for purposes of seeking such
waiver or waiver extension.
(d) FDA will review requests for
waivers and waiver extensions on a first
in, first out basis according to the date
on which the submission was
completed. FDA will evaluate any
completed waiver request to determine
whether the criteria for waiver have
been met.
(e) FDA will notify the requestor, in
writing, whether the request for a
waiver or waiver extension is approved
or denied. Such notification may be
made electronically.
(f) If FDA approves the request, the
notification will state the duration of the
waiver and list any conditions
associated with it. If FDA denies the
request, the notification will state the
basis for denial and will provide the
address and procedures for requesting
reconsideration of the request under
§ 1.691.
(g) Unless FDA notifies a requestor
that its waiver request has been
approved, an accredited auditor/
certification body must not use the
agent to conduct a regulatory audit of
such eligible entity until the 13-month
limit in § 1.650(a) has elapsed.
§ 1.664 When can FDA withdraw
accreditation?
(a) Mandatory withdrawal. FDA will
withdraw accreditation from an auditor/
certification body:
(1) Except as provided in paragraph
(b) of this section, if the food or facility
certified under this subpart is linked to
an outbreak of foodborne illness that has
a reasonable probability of causing
serious adverse health consequences or
death in humans or animals;
(2) Following an evaluation and
finding by FDA that the auditor/
certification body no longer meets the
requirements for accreditation; or
(3) Following its refusal to allow FDA
to access records under § 1.658 or to
conduct an audit, assessment, or
investigation necessary to ensure
continued compliance with this subpart.
(b) Exception. FDA may waive
mandatory withdrawal under paragraph
(a)(1) of this section, if FDA:
(1) Conducts an investigation of the
material facts related to the outbreak of
human or animal illness;
(2) Reviews the steps or actions taken
by the accredited auditor/certification
body to justify the food or facility
certification; and
(3) Determines that the accredited
auditor/certification body satisfied the
E:\FR\FM\29JYP4.SGM
29JYP4
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
requirements for issuance of
certification under sections 801(q) or
806 of the FD&C Act, as applicable, and
under this subpart.
(c) Discretionary withdrawal. FDA
may withdraw accreditation from an
auditor/certification body when such
auditor/certification body is accredited
by an accreditation body for which
recognition is revoked under § 1.634, if
FDA determines there is good cause for
withdrawal, including:
(1) Demonstrated bias or lack of
objectivity when conducting activities
under this subpart; or
(2) Performance that calls into
question the validity or reliability of its
food safety audits and food and facility
certifications.
(d) Records access. FDA may request
records of the accredited auditor/
certification body under § 1.658 and,
where applicable, may request records
of the recognized accreditation body
under § 1.625, when considering
withdrawal under paragraphs (a)(1),
(a)(2), or (c) of this section.
(e) Notice to the auditor/certification
body of withdrawal of accreditation. (1)
FDA will notify the auditor/certification
body of the withdrawal electronically,
in English, stating the grounds for
withdrawal, the procedures for
requesting a regulatory hearing under
§ 1.693 on the withdrawal, and the
procedures for requesting
reaccreditation under § 1.666.
(2) Within 10 business days of the
date of withdrawal, the auditor/
certification body must notify FDA
electronically, in English, of the location
where the records will be maintained as
required by § 1.658.
(f) Effect of withdrawal of
accreditation on eligible entities. A food
or facility certification issued by thirdparty auditor/certification body prior to
withdrawal will remain in effect until
the certification terminates by
expiration. If FDA has reason to believe
that a food certification issued for
purposes of section 801(q) of the FD&C
Act is not valid or reliable, FDA may
refuse to consider the certification in
determining the admissibility of the
article of food for which the certification
was offered.
(g) Effect of withdrawal of
accreditation on recognized
accreditation bodies. (1) FDA will notify
a recognized accreditation body,
electronically and in English, if the
accreditation of one of its auditors/
certification bodies is withdrawn. Such
accreditation body’s recognition will
remain in effect if, no later than 2
months after withdrawal, the
accreditation body conducts a selfassessment under § 1.622 and reports
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
the results of the self-assessment to FDA
as required by § 1.623(b).
(2) FDA may revoke the recognition of
such accreditation body whenever FDA
determines there is good cause for
revocation of recognition under § 1.634.
(h) Public notice of withdrawal and
the status of recognition and food and
facility certifications. FDA will provide
notice on the Web site described in
§ 1.690 of its withdrawal of
accreditation of an auditor/certification
body under this subpart.
§ 1.665 How do I voluntarily relinquish
accreditation?
(a) An accredited auditor/certification
body that decides to relinquish
accreditation before it terminates by
expiration must notify the accreditation
body (where applicable) and must notify
FDA electronically, in English, at least
6 months before relinquishing such
authority. The notice must identify the
location where the records will be
maintained as required by § 1.658. A
third-party auditor/certification body
waives the right to a hearing when
relinquishing its accreditation under
this subpart.
(b) No later than 15 business days
after notifying FDA under paragraph (a)
of this section, the accredited auditor/
certification body must notify any
eligible entity to which it issued food or
facility certification under this subpart.
(c) A food or facility certification
issued by an accredited auditor/
certification body prior to relinquishing
its accreditation will remain in effect
until terminated by expiration. If FDA
has reason to believe that a certification
issued for purposes of section 801(q) of
the FD&C Act is not valid or reliable,
FDA may refuse to consider the
certification in determining the
admissibility of the article of food for
which the certification was offered.
(d) FDA will provide notice on the
Web site described in § 1.690 of the
voluntary relinquishment of
accreditation by an auditor/certification
body.
§ 1.666
How do I request reaccreditation?
(a) Application following withdrawal.
FDA will reinstate the accreditation of
an auditor/certification body for which
it has withdrawn accreditation:
(1) If, in the case of direct
accreditation, FDA determines, based on
evidence presented by the auditor/
certification body, that the auditor/
certification body satisfies the
requirements for accreditation and
adequate grounds for withdrawal no
longer exist; or
(2) In the case of an auditor/
certification body accredited by an
PO 00000
Frm 00057
Fmt 4701
Sfmt 4702
45837
accreditation body for which
recognition has been revoked under
§ 1.634:
(i) If the auditor/certification body
becomes accredited by a recognized
accreditation body or by FDA through
direct accreditation not later than 1 year
after withdrawal of accreditation; or
(ii) Under such conditions as FDA
may impose in withdrawing
accreditation.
(b) Application following
relinquishment. An auditor/certification
body that previously relinquished its
accreditation under § 1.665 may seek
accreditation by submitting a new
application for accreditation under
§ 1.660 or, where applicable, § 1.670.
Additional Procedures for Direct
Accreditation of Third-Party Auditors/
Certification Bodies Under This
Subpart
§ 1.670 How do I apply to FDA for direct
accreditation or renewal of direct
accreditation?
(a) Eligibility. (1) FDA will accept
applications from third-party auditors/
certification bodies for direct
accreditation or renewal of direct
accreditation only if FDA determines
that it has not identified and recognized
an accreditation body to meet the
requirements of section 808 of the FD&C
Act within 2 years after establishing the
accredited third-party audits and
certification program. Such FDA
determination may apply, as
appropriate, to specific types of auditor/
certification bodies, types of expertise,
or geographic location; or through
identification by FDA of any
requirements of section 808 of the FD&C
Act not otherwise met by previously
recognized accreditation bodies. FDA
will only accept applications for direct
accreditation and renewal applications
that are within the scope of the
determination.
(2) FDA may revoke or modify a
determination under paragraph (a)(1) of
this section if FDA subsequently
identifies and recognizes an
accreditation body that affects such
determination.
(3) FDA will provide notice on the
Web site described in § 1.690 of a
determination under paragraph (a)(1) of
this section and of a revocation or
modification of the determination under
paragraph (a)(2) of this section.
(b) Application for direct
accreditation or renewal of direct
accreditation. (1) An auditor/
certification body seeking direct
accreditation or renewal of direct
accreditation must submit an
application to FDA, demonstrating that
it is within the scope of the
E:\FR\FM\29JYP4.SGM
29JYP4
45838
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
determination issued under paragraph
(a) of this section, and it meets the
eligibility requirements of § 1.640.
(2) Applications and all documents
provided as part of the application
process must be submitted
electronically, in English. An applicant
must provide such translation and
interpretation services as are needed by
FDA to process the application,
including during an onsite audit of the
applicant.
(3) The application must be signed by
the applicant or by any individual
authorized to act on behalf of the
applicant for purposes of seeking or
renewing direct accreditation.
§ 1.671 How will FDA review applications
for direct accreditation and for renewal of
direct accreditation?
(a) FDA will review applications for
direct accreditation and for renewal of
direct accreditation on a first in, first out
basis according to the date the
submission was completed.
(b) FDA will evaluate any completed
application to determine whether the
applicant meets the requirements for
direct accreditation under this subpart.
(c) FDA will notify the applicant in
writing whether the application has
been approved or denied. FDA may
provide such notification electronically.
(d) If an application has been
approved, the notification will list any
conditions associated with the
accreditation.
(e) If FDA denies an application, the
notification will state the basis of denial
and will provide the address and
procedures for requesting
reconsideration of the application under
§ 1.691.
(f) If FDA does not reach a final
decision on a renewal application before
the expiration of its direct accreditation,
FDA may extend the duration of such
direct accreditation for a specified
period of time or until the agency
reaches a final decision on the renewal
application.
§ 1.672 What is the duration of direct
accreditation?
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
FDA will grant direct accreditation of
a third-party auditor/certification body
for a period not to exceed 4 years.
Requirements for Eligible Entities
Under This Subpart
§ 1.680 How and when will FDA monitor
eligible entities?
(a) FDA may, at any time, conduct an
onsite audit of an eligible entity that has
received food or facility certification
from an accredited auditor/certification
body under this subpart. The audit may
be conducted with or without the
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
accredited auditor/certification body or
the recognized accreditation body
(where applicable) present.
(b) A food safety audit conducted by
an accredited auditor/certification body
under this subpart is not considered an
inspection under section 704 of the
FD&C Act.
(d) After completing its review and
evaluation of the request for
reconsideration, FDA will notify the
requestor, in writing, of its decision to
grant the application or waiver request
upon reconsideration, or its decision to
deny the application or waiver request
upon reconsideration.
§ 1.681 How frequently must eligible
entities be recertified?
§ 1.692 How do I request internal agency
review of a denial of an application or
waiver request upon reconsideration?
(a) An eligible entity seeking to
maintain facility certification under this
subpart must seek recertification prior
to expiration of its certification. To
obtain recertification, the eligible entity
must demonstrate its continuing
compliance with the applicable
requirements of the FD&C Act.
(b) FDA may require an eligible entity
to renew a food certification at any time
FDA determines appropriate under
section 801(q)(4)(A) of the FD&C Act.
General Requirements of This Subpart
§ 1.690 How will FDA make information
about recognized accreditation bodies and
accredited auditors/certification bodies
available to the public?
FDA will place on its Web site a
registry of recognized accreditation
bodies and accredited auditors/
certification bodies, including the name
and contact information for each. The
registry may provide information on
auditors/certification bodies accredited
by recognized accreditation bodies
through links to the Web sites of such
accreditation bodies.
§ 1.691 How do I request reconsideration
of a denial by FDA of an application or a
waiver request?
(a) An accreditation body may seek
reconsideration of the denial of an
application for recognition, renewal of
recognition, or reinstatement of
recognition no later than 10 business
days after the date of such decision.
(b) A third-party auditor/certification
body may seek reconsideration of the
denial of an application for direct
accreditation, renewal of direct
accreditation, reinstatement of direct
accreditation, a request for a waiver of
the conflict of interest requirement in
§ 1.650(b), or a waiver extension no later
than 10 business days after the date of
such decision.
(c) A request to reconsider an
application or waiver request under
paragraph (a) or (b) of this section must
be signed by the requestor or by an
individual authorized to act on its
behalf in submitting the request for
reconsideration. The request must be
submitted in English to the address
specified in the notice of denial and
must comply with the procedures it
describes.
PO 00000
Frm 00058
Fmt 4701
Sfmt 4702
(a) No later than 10 business days
after the date FDA issued a denial of an
application or waiver request upon
reconsideration under § 1.691, the
requestor may seek internal agency
review of such denial under
§ 10.75(c)(1) of this chapter.
(b) The request for internal agency
review under paragraph (a) of this
section must be signed by the requestor
or by an individual authorized to act on
its behalf in submitting the request for
internal review. The request must be
submitted in English to the address
specified in the letter of denial upon
reconsideration and must comply with
procedures it describes.
(c) Under § 10.75(d) of this chapter,
internal agency review of such denial
must be based on the information in the
administrative file, which will include
any supporting information submitted
under § 1.691(c).
(d) After completing the review and
evaluation of the administrative file,
FDA will notify the requestor,
electronically, of its decision to overturn
the denial and grant the application or
waiver request or to affirm the denial of
the application or waiver request upon
reconsideration.
(e) Affirmation by FDA of a denial of
an application or waiver request upon
reconsideration constitutes final agency
action under 5 U.S.C. 702.
§ 1.693 How do I request a regulatory
hearing on a revocation of recognition or
withdrawal of accreditation?
(a) Request for hearing on revocation.
No later than 10 business days after the
date FDA issued a revocation of
recognition of an accreditation body
under § 1.634, the accreditation body or
an individual authorized to act on its
behalf may submit a request for a
regulatory hearing on the revocation
under part 16 of this chapter. The
written notice of revocation issued
under § 1.634 will contain all of the
elements required by § 16.22 of this
chapter and will thereby constitute the
notice of an opportunity for hearing
under part 16 of this chapter.
(b) Request for hearing on withdrawal.
No later than 10 business days after the
date FDA issued a withdrawal of
E:\FR\FM\29JYP4.SGM
29JYP4
Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 / Proposed Rules
mstockstill on DSK4VPTVN1PROD with PROPOSALS4
accreditation of a third-party auditor/
certification body under § 1.664, the
auditor/certification body or an
individual authorized to act on its
behalf may submit a request for a
regulatory hearing on the withdrawal
under part 16 of this chapter. The
written notice of withdrawal under
§ 1.664 will contain all of the elements
required by § 16.22 of this chapter and
will thereby constitute the notice of
opportunity of hearing under part 16 of
this chapter.
(c) Submission of request for
regulatory hearing. The request for a
regulatory hearing under paragraph (a)
or (b) of this section must be submitted
with a written appeal that responds to
the basis for the FDA decision, as
described in the written notice of
revocation or withdrawal, as
appropriate, and includes any
supporting information upon which the
requestor is relying. The request, appeal,
and supporting information must be
submitted in English to the address
specified in the notice and must comply
with the procedures it describes.
(d) Effect of submission of request on
FDA decision. The submission of a
request for a regulatory hearing under
paragraph (a) or (b) of this section will
not operate to delay or stay the effect of
a decision by FDA to revoke recognition
of an accreditation body or to withdraw
accreditation of an auditor/certification
body unless FDA determines that a
delay or a stay is in the public interest.
(e) Presiding officer. The presiding
officer for a regulatory hearing for a
revocation or withdrawal under this
subpart will be designated after a
request for a regulatory hearing is
submitted to FDA.
VerDate Mar<15>2010
19:00 Jul 26, 2013
Jkt 229001
(f) Denial of a request for regulatory
hearing. The presiding officer may deny
a request for regulatory hearing for a
revocation or withdrawal under
§ 16.26(a) of this chapter.
(g) Conduct of regulatory hearing. (1)
If the presiding officer grants a request
for a regulatory hearing for a revocation
or withdrawal, the hearing will be held
within 10 business days after the date
the request was filed or, if applicable,
within a timeframe agreed upon in
writing by requestor, the presiding
officer, and FDA.
(2) The presiding officer may require
that a regulatory hearing for a revocation
or withdrawal be completed within 1
business day, as appropriate.
(3) The presiding officer must conduct
the regulatory hearing for revocation or
withdrawal under part 16 of this
chapter, except that, under § 16.5 of this
chapter, such procedures apply only to
the extent that the procedures are
supplementary and do not conflict with
the procedures specified for regulatory
hearings under this subpart.
Accordingly, the following requirements
are inapplicable to regulatory hearings
under this subpart: The requirements of
§ 16.22 (Initiation of a regulatory
hearing); § 16.24(e) (timing) and (f)
(contents of notice); § 16.40
(Commissioner); § 16.95(b)
(administrative decision and record for
decision) and § 16.119 (Reconsideration
and stay of action) of this chapter.
(4) A decision by the presiding officer
to affirm the revocation of recognition or
the withdrawal of accreditation is
considered a final agency action under
5 U.S.C. 702.
PO 00000
Frm 00059
Fmt 4701
Sfmt 9990
45839
Audits for Other Purposes
§ 1.698 May importers use reports of
regulatory audits by accredited auditors/
certification bodies for purposes of subpart
L of this part?
An importer, as defined in § 1.500 of
this part, may use a regulatory audit of
an eligible entity, documented in a
regulatory audit report, in meeting
requirements for an onsite audit of a
foreign supplier under subpart L of this
part.
PART 16—REGULATORY HEARING
BEFORE THE FOOD AND DRUG
ADMINISTRATION
3. The authority citation for 21 CFR
part 16 continues to read as follows:
■
Authority: 15 U.S.C. 1451–1461; 21 U.S.C.
141–149, 321–394, 467f, 679, 821, 1034; 28
U.S.C. 2112; 42 U.S.C. 201–262, 263b, 364.
4. Section 16.1 is amended by
numerically adding the following entry
in paragraph (b)(2) to read as follows:
■
§ 16.1
Scope.
*
*
*
*
*
(b) * * *
(2) * * *
§§ 1.634 and 1.664, relating to
revocation of recognition of an
accreditation body and withdrawal of
accreditation of auditors/certification
bodies that conduct food safety audits of
eligible entities in the food import
supply chain and issue food and facility
certifications.
*
*
*
*
*
Dated: July 23, 2013.
Leslie Kux,
Assistant Commissioner for Policy.
[FR Doc. 2013–17994 Filed 7–26–13; 8:45 am]
BILLING CODE 4160–01–P
E:\FR\FM\29JYP4.SGM
29JYP4
]]>Agencies
[Federal Register Volume 78, Number 145 (Monday, July 29, 2013)]
[Proposed Rules]
[Pages 45781-45839]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-17994]
[[Page 45781]]
Vol. 78
Monday,
No. 145
July 29, 2013
Part IV
Department of Health and Human Services
-----------------------------------------------------------------------
Food and Drug Administration
-----------------------------------------------------------------------
21 CFR Part 1 and 16
Accreditation of Third-Party Auditors/Certification Bodies to Conduct
Food Safety Audits and to Issue Certifications; Proposed Rule
��Federal Register / Vol. 78, No. 145 / Monday, July 29, 2013 /
Proposed Rules��
[[Page 45782]]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Food and Drug Administration
21 CFR Parts 1 and 16
[Docket No. FDA-2011-N-0146]
RIN 0910-AG66
Accreditation of Third-Party Auditors/Certification Bodies to
Conduct Food Safety Audits and to Issue Certifications
AGENCY: Food and Drug Administration, HHS.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: The Food and Drug Administration (FDA) is amending its
regulations to provide for accreditation of third-party auditors/
certification bodies to conduct food safety audits of foreign food
entities, including registered foreign food facilities, and to issue
food and facility certifications, under the FDA Food Safety
Modernization Act (FSMA). Use of accredited third-party auditors/
certification bodies and food and facility certifications will help FDA
prevent potentially harmful food from reaching U.S. consumers and
thereby improve the safety of the U.S. food supply. FDA also expects
that these regulations will increase efficiency by reducing the number
of redundant food safety audits.
DATES: Submit either electronic or written comments on the proposed
rule by November 26, 2013.
ADDRESSES: You may submit comments, identified by Docket No. FDA-2011-
N-0146 and/or Regulatory Information Number (RIN) 0910-AG66, by any of
the following methods.
Electronic Submissions
Submit electronic comments in the following way:
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments.
Written Submissions
Submit written submissions in the following ways:
Mail/Hand delivery/Courier (for paper or CD-ROM
submissions): Division of Dockets Management (HFA-305), Food and Drug
Administration, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852.
Instructions: All submissions received must include the Agency name
and Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66 for this
rulemaking. All comments received may be posted without change to
https://www.regulations.gov, including any personal information
provided. For additional information on submitting comments, see the
``Comments'' heading of the SUPPLEMENTARY INFORMATION section of this
document.
Docket: For access to the docket to read background documents or
comments received, go to https://www.regulations.gov and insert the
docket number, found in brackets in the heading of this document, into
the ``Search'' box and follow the prompts and/or go to the Division of
Dockets Management, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852.
FOR FURTHER INFORMATION CONTACT: Charlotte A. Christin, Office of the
Commissioner, Office of Policy, Food and Drug Administration, 10903 New
Hampshire Ave., Bldg. 32, Rm. 4234, Silver Spring, MD 20993, 240-402-
3708.
SUPPLEMENTARY INFORMATION:
Executive Summary
Purpose of the Proposed Rule
This proposed rule, if finalized, will help FDA ensure the
competence and independence of third-party auditors/certification
bodies who conduct foreign food safety audits. It also will help ensure
the reliability of food and facility certifications issued by third-
party auditors/certification bodies that FDA will use in making certain
decisions relating to imported food (including pet food and animal
feed). These certifications include, for example, food certifications
required by FDA as a condition of granting admission to a food
determined to pose a safety risk. Having comprehensive oversight of a
credible and reliable program for third-party audits and certifications
of foreign food facilities will help FDA prevent potentially harmful
food from reaching U.S. consumers and thereby improve the safety of the
U.S. food supply. We believe that a trusted program for foreign food
safety audits and food and facility certifications--with clear
requirements, standards, and procedures and operated under government
oversight--will be appealing to accreditation bodies, auditors/
certification bodies, and foreign food facilities. Widespread
participation and broad acceptance of audits and certifications under
the FDA program will help increase efficiency and reduce costs, by
eliminating redundant auditing to assess foreign suppliers' compliance
with the Federal Food, Drug, and Cosmetic Act (the FD&C Act).
FSMA adds section 808 to the FD&C Act (21 U.S.C. 384d), which
directs us to establish a new program for accreditation of third-party
auditors \1\ conducting food safety audits and issuing food and
facility certifications to eligible foreign entities (including
registered foreign food facilities) that meet our applicable
requirements. Under this provision, we will recognize accreditation
bodies to accredit third-party auditors/certification bodies, except
for limited circumstances in which we may directly accredit auditors/
certification bodies to participate in the accredited third-party
audits and certification program.
---------------------------------------------------------------------------
\1\ Section 808 of the FD&C Act uses the term ``auditor'' to
describe an entity that conducts audits and issues certifications.
We propose to use the term ``auditor/certification body,'' which
adds the words ``certification body'' to better comport with the
terminology used by the food industry and the international
standards community when describing organizations that not only
conduct audits but also issue certifications based on audit results.
We will use the statutory term only when referring to the
requirements of section 808 of the FD&C Act.
---------------------------------------------------------------------------
[[Page 45783]]
[GRAPHIC] [TIFF OMITTED] TP29JY13.008
We will use certifications issued by accredited third-party
auditors/certification bodies in deciding whether to admit certain
imported food into the United States that FDA has determined poses a
food safety risk and in deciding whether an importer is eligible to
participate in a program for expedited review and entry of food
imports. We will exercise oversight of the accredited third-party
audits and certification program and can remove an accreditation body
or an auditor/certification body for good cause, by revoking
recognition of the accreditation body or by withdrawing accreditation
of the third-party auditor/certification body.
We must issue implementing regulations that include measures to
protect against conflicts of interest and must issue model
accreditation standards that third-party auditors/certification bodies
must meet to qualify for accreditation.\2\ The statute directs us to
look to existing standards for guidance when developing these model
accreditation standards.
---------------------------------------------------------------------------
\2\ We will issue draft model accreditation standards to specify
the qualifications for accreditation, such as the minimum
requirements for education and experience for third-party auditors/
certification bodies (and their audit agents) to qualify for
accreditation. We will open a public docket to accept comments on
the draft standards and plan to take necessary procedural steps to
finalize the model standards.
---------------------------------------------------------------------------
Summary of the Major Provisions of the Proposed Rule
This proposal contains eligibility requirements for accreditation
bodies to qualify for recognition and requirements that accreditation
bodies choosing to participate in the FDA program must meet, once
recognized. It also contains eligibility requirements for third-party
auditors/certification bodies to qualify for accreditation and
requirements that third-party auditors/certification bodies choosing to
participate in the FDA program must meet, once accredited. These
requirements will ensure the competence and independence of the
accreditation bodies and third-party auditors/certification bodies
participating in the program for accredited third-party audits and
certification that is established under this subpart.
This proposal contains procedures for recognition and
accreditation, as well as requirements relating to monitoring and
oversight of participating accreditation bodies and auditors/
certification bodies. These include procedures that we will follow when
removing an auditor/certification body or an accreditation body from
the program. The proposed rule contains requirements relating to
auditing and certification of foreign food facilities under the program
and for notifying us of conditions in an audited facility that could
cause or contribute to a serious risk to the public health. The
proposed requirements for monitoring, oversight, and notification are
needed to give us, consumers, and other stakeholders confidence in the
program and in the accredited third-party auditors/certification bodies
and recognized accreditation bodies who participate.
The proposal also implements the authority granted by Congress in
section 801(q) of the FD&C Act (21 U.S.C. 381(q)) to make a risk-based
determination to require, as a condition of admissibility, that a food
imported or offered for import into the United States be accompanied by
a certification or other assurance that the food meets the applicable
requirements of the FD&C Act. This clear authority to require
[[Page 45784]]
import certification for food, based on risk, is one of the tools we
can use to help prevent potentially harmful food from reaching
consumers.
In addition, this document proposes requirements for accredited
third-party auditors/certification bodies to follow when issuing
facility certifications that will be used by importers to establish
eligibility for the Voluntary Qualified Importer Program (VQIP) under
section 806 of the FD&C Act (21 U.S.C. 384b(a)). The VQIP program
offers participating importers expedited review and entry of food from
facilities audited and certified by third-party auditors/certification
bodies accredited under this subpart.
Costs and Benefits
We summarize the annualized costs (over a 10-year time period
discounted at both 3 percent and 7 percent) of the third-party proposed
rule in Table 1. We are unable to estimate quantitatively the benefits
of the proposed rule. Although this proposed rule would not itself
establish safety requirements for imported food, it would benefit the
public health by helping to ensure that imported food is produced in
compliance with applicable requirements of the FD&C Act.
The Preliminary Regulatory Impact Analyses for the proposed rules
on Current Good Manufacturing Practice and Hazard Analysis and Risk-
Based Preventive Controls for Human Food (Preventive Controls) \3\ and
the Standards for the Growing, Harvesting, Packing, and Holding of
Produce for Human Consumption (Produce Safety) \4\ consider and analyze
the number of illnesses and deaths that those proposed regulations are
aimed at reducing. The greater the compliance with the Preventive
Controls and Produce Safety proposed regulations, the greater the
reduction in illnesses and deaths and associated costs expected.
---------------------------------------------------------------------------
\3\ The Preventive Controls proposed rule was published in the
Federal Register on January 16, 2013 (78 FR 3646).
\4\ The Produce Safety proposed rule was published in the
Federal Register on January 16, 2013 (78 FR 3503).
---------------------------------------------------------------------------
This proposed rule would be an important mechanism for improving
and ensuring compliance with the Preventive Controls and Produce Safety
proposed regulations as they would apply to imported food. For this
reason, we account for its public health benefits in the economic
analyses for those proposed rules and other applicable food safety
regulations, instead of in the analysis for this proposed rule.
Table 1--Summary of Annualized Costs of the Proposed Rule
----------------------------------------------------------------------------------------------------------------
Third party accreditation costs 3 Percent 7 Percent
----------------------------------------------------------------------------------------------------------------
Third Party Accreditation Costs for All Participants........................ $55,548,432 $56,756,016
Third Party Accreditation Costs for FDA..................................... 17,063,089 17,640,083
-----------------------------------
Total Costs............................................................. 72,611,521 74,396,099
----------------------------------------------------------------------------------------------------------------
Table of Contents
I. Introduction
II. Background
A. Legal Authority
B. FDA Initiatives on Third Parties
C. FDA's Use of Certifications for Food
D. External Recommendations on Third-Party Certification for
Food
E. FDA Standards for Assessing Capabilities of Food Safety
Systems
F. U.S. Government Policies on Consensus Standards and
Conformity Assessment
G. Industry Practices on Benchmarking Standards and Third-Party
Audits and Certification for Food and Food Facilities
III. FSMA Imports Public Meeting and Stakeholder Input
IV. Purpose and Description of the Proposed Rule
A. Proposed Revisions to Part 1, New Subpart
B. Proposed Revisions to Part 16
V. Analysis of Environmental Impact
VI. Federalism
VII. Comments
VIII. References
I. Introduction
Each year, about 48 million Americans (1 in 6) get sick, 128,000
are hospitalized, and 3,000 die from food-borne diseases, according to
recent estimates from the Centers for Disease Control and Prevention
(CDC). CDC food-borne illness outbreak data also show that an increased
number of outbreaks due to imported foods were reported during the most
recent years of surveillance. During 2005-2010, 39 outbreaks with 2,348
illnesses were reported where the implicated food was imported into the
United States, representing 1.5 percent of reported outbreaks during
that time. Of the 39 import-associated outbreaks, more were reported in
2009 and 2010 (n=6 and 8 outbreaks, respectively) than were reported in
each of the years between 2005 and 2008. A greater percentage of the
import-related outbreaks were multistate outbreaks as compared to the
overall percentage of multistate outbreaks reported (Ref. 1).\5\
---------------------------------------------------------------------------
\5\ The CDC abstract on Foodborne Disease Outbreaks Associated
with Food Imported Into the United States, 2005-2010 (Ref. 1)
discussed 23 reported outbreaks with 1,994 illnesses associated with
imported foods. These data were updated for a presentation at the
International Conference on Emerging Infectious Diseases, to reflect
the numbers discussed in this proposed rule.
---------------------------------------------------------------------------
President Obama signed FSMA (Pub. L.111-353) into law on January 4,
2011. FSMA enables us to better protect public health by helping to
ensure the safety and security of the U.S. food supply. The Web page
describing our FSMA implementation activities is at https://www.fda.gov/fsma.
Among other things, FSMA gave us important new tools to better
ensure the safety of imported foods, which constitute approximately 15
percent of the U.S. food supply (including 80 percent of our seafood,
50 percent of our fresh fruit, and 20 percent of our vegetables). We
place high priority on ensuring the accountability of importers to
verify the safety of food produced overseas and to establish a new
program for third-party auditing and certification of regulated foreign
food firms. (By way of background, third-party audits are conducted by
an entity independent of the audited firm or those who buy its
products. Second-party audits are conducted by buyers for their
suppliers and contractors or by one division within a firm of another
division within the same firm. First-party audits are internal audits a
firm conducts itself. This proposed regulation relates only to third-
party audits.)
In this document, we propose requirements for third-party auditors/
certification bodies choosing to become accredited to conduct food
safety audits and to issue food and facility certifications to eligible
foreign entities under this FDA program.
The preamble that follows provides background on the following: (1)
The FSMA requirement to establish an accredited third-party auditing
and
[[Page 45785]]
certification program for food and related FSMA provisions, (2) other
initiatives on third parties, (3) use of food certifications, (4)
recommendations from external stakeholders on third-party
certifications for food, (5) standards for assessing programs for
oversight of food safety, (6) U.S. government policies on consensus
standards and conformity assessment, and (7) industry programs for
benchmarking standards and for auditing and certification for food
facilities and their food. We seek comments on all aspects of this
proposal.
II. Background
A. Legal Authority
1. Accreditation of Third-Party Auditors/Certification Bodies
Section 307 of FSMA, Accreditation of Third-Party Auditors, amends
the FD&C Act (21 U.S.C. 384d) to create a new provision, section 808,
under the same name. Section 808(b)(1)(A) of the FD&C Act requires us
to establish a system, within 2 years of enactment, for the recognition
of accreditation bodies that accredit third-party auditors to conduct
food safety audits and to issue certifications for eligible foreign
food entities and their products.
Section 808(b)(1)(A)(ii) of the FD&C Act further authorizes us to
directly accredit third-party auditors if we have not identified and
recognized an accreditation body that meets the requirements of the
section within 2 years after establishing the system for recognition.
If those conditions are met, we may begin to directly accredit third-
party auditors.
Section 808(c)(5)(C) of the FD&C Act directs us to issue
implementing regulations for section 808 not later than 18 months after
enactment (i.e., by July 4, 2012). The regulations must require audits
to be unannounced and must contain protections against conflicts of
interest between accredited auditors (and their audit agents) and the
entities they audit or certify, including requirements on timing and
public disclosure of fees and appropriate limits on financial
affiliations. (21 U.S.C. 384d(c)(5)(C)(ii) and (c)(5)(C)(iii)). In
addition, the regulations must require audits to be unannounced (21
U.S.C. 384d(c)(5)(C)(i)).
Section 808(b)(2) of the FD&C Act contains an additional
requirement to develop model accreditation standards to qualify third-
party auditors for accreditation under this FDA program. The statute
describes the model accreditation standards in terms of requirements an
auditor must meet to qualify for accreditation. We are including in
this proposed rule a framework for the model accreditation standards.
We currently are developing the Model Accreditation Standards document,
which elaborates on the framework and details the qualifications
required for accreditation. We are considering existing international
standards and particularly the work of the International Organization
for Standardization Committee on conformity assessment (ISO/CASCO). For
example, we are considering minimum requirements for education and
experience of auditors/certification bodies. We plan to issue draft
model standards for public comment, before finalizing them.
2. Voluntary Qualified Importer Program
Facility certifications (as described in sections 806(a) and
808(c)(2) of the FD&C Act) will be used by FDA to help determine
whether a facility is eligible to be a facility from which food may be
offered for import under VQIP. The criteria and procedures for VQIP
participation are outside the scope of this rulemaking. FDA plans to
issue guidance on VQIP and will solicit public comment on VQIP at that
time.
3. Authority To Require Import Certifications for Food
Food certifications (as described in sections 801(q) and 808(c)(2)
of the FD&C Act) will be required to meet a condition for admitting a
food into the United States under section 801(a) of the FD&C Act, where
necessary based on our determination of the risk of the food.
Specifically, section 801(q) of the FD&C Act gives us express authority
to require such certification based on a determination that includes
the following factors:
The known safety risks associated with the food;
The known food safety risks associated with the country,
territory, or region of origin (area of origin) of the food;
A finding we make, supported by scientific, risk-based
evidence, that:
[cir] The food safety programs, systems, and standards in the area
of origin of the food are inadequate to ensure that the article of food
is as safe as a similar article of food that is manufactured,
processed, packed, or held in the United States, in accordance with the
requirements of the FD&C Act; and
[cir] The certification would assist us in determining whether to
refuse or admit the article of food into the United States; and
Information submitted to us, under section 801(q)(7) of
the FD&C Act, regarding improvements to a food safety program, system,
or standard we previously found inadequate and demonstrating that those
controls are adequate to ensure that an article of food is as safe as a
similar article of food that is manufactured, processed, packed, or
held in the United States under the requirements of the FD&C Act.
In addition to giving FDA authority to require food certifications,
section 801(q) of the FD&C Act grants FDA authority to require,
alternatively, ``such other assurance'' as FDA determines appropriate,
that the food complies with applicable requirements of the FD&C Act.
When making a determination on whether mandatory certification is
appropriate, we will consider the statutory factors in light of the
specific circumstances involved and will evaluate various types of
relevant information/evidence. We intend to exercise our authority
under section 801(q) of the FD&C Act judiciously and in conjunction
with our array of other available enforcement tools.
Section 801(q)(3) of the FD&C Act states the food certifications or
other assurances used for purposes of section 801(a) of the FD&C Act
may be issued by third-party auditors accredited under section 808 of
the FD&C Act or by the government of the country from which such food
originated, if we so designate (21 U.S.C. 381(q)(3)). The
certifications or other assurances may take the form of shipment-
specific certificates, a listing of certified facilities that
manufacture, process, pack, or hold such food, or in such other form as
we may specify.
Section 801(q) of the FD&C Act became effective upon enactment of
FSMA in 2011 and is expressly linked to the accreditation of third-
party auditors/certification bodies that is the subject of this
proposed rule.
4. Compliance With International Agreements
FSMA section 404 (21 U.S.C. 2252) states that nothing in the
statute should be construed in a manner ``inconsistent with'' the
agreement establishing the World Trade Organization (WTO) or any other
treaty or international agreement to which the United States is a
party.
FSMA was notified to the WTO on February 14, 2011 (G/SPS/N/USA/
2156) (Ref. 2), to provide information on the FD&C Act to WTO members.
The notification included an electronic mailbox link to receive
comments from members. Several comments have been received via the
mailbox. The comments
[[Page 45786]]
note a high degree of interest in FSMA implementation, particularly
with respect to how implementation will impact developing countries.
Third-party certification for food is recognized as increasingly
important for developing nations to gain market access for their
products. Several international development agencies are focusing
efforts in this area. The United Nations Industrial Development
Organization, for example, is supporting the development of conformity
assessment bodies and accreditation bodies in several developing
nations (Ref. 3). The U.S. Agency for International Development has
offered its assistance and support for developing nation governments to
take a more proactive role in accreditation services, standards
development, and institutional infrastructure to assist and protect
their nationals operating in international food markets (Ref. 4).
5. Other Provisions of the Federal Food, Drug, and Cosmetic Act
The authority for this proposed rule also derives from section
701(a) of the FD&C Act (21 U.S.C. 371(a)), which authorizes us to issue
regulations for the efficient enforcement of the FD&C Act. Regulations
for ensuring the competency and independence of recognized
accreditation bodies and of accredited third-party auditors/
certification bodies will help assure us of the validity and
reliability of certifications and other information resulting from the
food safety audits they conduct. We will accept certifications issued
by accredited third-party auditors/certification bodies for the two
purposes identified in section 808 of the FD&C Act: To establish
eligibility for VQIP participation; and to meet a condition of
admissibility for imported food subject to a mandatory certification
requirement. We also can use information from such audits for other
related purposes in enforcing the FD&C Act. For example, we propose to
allow importers to use reports of regulatory audits conducted by
accredited third-party auditors/certification bodies in meeting any
requirements for onsite audits of foreign suppliers, under the proposed
rule entitled, ``Foreign Supplier Verification Programs for Importers
of Food for Humans and Animals'' (FSVP), published elsewhere in this
issue of the Federal Register.
B. FDA Initiatives on Third Parties
1. Notice Requesting Comments on Third-Party Certification for Food and
Feed
In the Federal Register of April 2, 2008 (73 FR 17989), we issued a
notice (2008 notice) requesting comments on the benefits, obstacles,
and availability of third-party certification programs for food and
animal feed. At the time, an increasing number of retailers and food
services providers had begun to ask their foreign and domestic
suppliers to become certified to their buyers' requirements for safety
and quality. Suppliers (such as producers, comanufacturers, and
repackers) also were increasingly looking to third-party certification
programs as a means to verify compliance with U.S. regulatory
requirements, even without requirements from buyers.
In the 2008 notice, we asked questions about existing certification
programs and criteria, as well as obstacles and incentives for
participating in these voluntary programs. We received approximately 70
comments in response. The comments generally supported the use of
third-party certification programs and suggested that our
acknowledgment of such programs would provide additional incentives for
participation. Further discussion of the comments on the 2008 notice is
available in the ``Background'' section of the subsequently issued
draft ``Guidance for Industry on Voluntary Third-Party Certification
Programs for Foods and Feeds'' and is described in section II.B.2.
2. FDA Guidance on Third-Party Certification for Food and Feed
In the Federal Register of July 10, 2008 (73 FR 39704), we
announced the availability of the draft ``Guidance for Industry on
Voluntary Third-Party Certification Programs for Foods and Feeds.'' The
draft guidance describes the general attributes of a voluntary third-
party certification program needed to help ensure that certification is
a reliable verification that food from certified establishment meets
applicable requirements.
We finalized the guidance in January 2009, announcing its
availability in the Federal Register of January 16, 2009 (74 FR 3058)
(2009 Guidance) (Ref. 5). The 2009 Guidance describes the general
attributes we believe a third-party certification program should have
to give us confidence in the reliability of its certifications. It also
explains our vision, prior to FSMA enactment, of how we might use such
voluntary third-party certifications to assist in determining
inspection, field exam, and sampling priorities, as well as in making
admissibility decisions for imported food. We intend to withdraw the
2009 Guidance upon publication of a final rule for accredited third-
party certification.
3. Pilot Project on Third-Party Certification for Aquacultured Shrimp
In the Federal Register of July 10, 2008 (73 FR 39705), we
published a notice inviting third-party certification bodies to
participate in a pilot of voluntary third-party certification of
aquacultured shrimp (shrimp pilot). The goal of the shrimp pilot was to
gain knowledge and experience with third-party certification to assist
us in evaluating the utility and feasibility of using third-party
certification programs as part of our oversight of foreign food firms.
The pilot data indicate that having the appropriate FDA
infrastructure, including logistical and resource support, will be
critical to the success of any full-scale accredited third-party
certification program (Ref. 6). The role we played in the shrimp pilot
was analogous to the role traditionally played by an accreditation
body, monitoring the performance of certification bodies. The pilot
demonstrated to us that direct accreditation, in which we ourselves
accredit and provide direct oversight of a potentially unlimited number
of third-party certification bodies, would be costly and
administratively burdensome, though direct accreditation may be
appropriate in limited circumstances, as will be discussed in section
IV.A.8.
4. FDA Third-Party Program for Mammography
In developing this proposed rule, we reviewed other Agency third-
party programs, including the FDA program, required by the Mammography
Quality Standards Act of 1992 (Pub. L. 102-539) (as amended), to
approve accreditation bodies to evaluate and accredit mammography
facilities based upon quality standards. Only facilities that are
accredited by, or undergoing accreditation by, an accreditation body we
approved, may receive our certificates (or the certificates of a State
certifying agency we approved) to legally perform mammography (Ref. 7).
C. FDA's Use of Certifications for Food
For years, we have used certification as a tool for verifying that
imported foods comply with our food safety requirements and reducing
the need for
[[Page 45787]]
us to sample at entry. Since the late 1980s, for example, the Export
Inspection Council of the Indian Ministry of Commerce has sampled,
analyzed, and issued certificates of conformance for lots of black
pepper exported directly to the United States. Indian black pepper
shipments accompanied by such certifications are not subject to
detention without physical examination under FDA Import Alert 28-02
(Ref. 8). Under Memoranda of Understanding (MOUs) with several foreign
governments, we rely upon certifications that caseins and caseinates,
and mixtures thereof, to be exported to the United States are in
compliance with our requirements, which are intended to minimize the
need for us to extensively sample certified products (Ref. 9). These
are but a few examples of the ways we rely on certifications as a means
to help assure that an article of food complies with our requirements
and to minimize the need for extensive sampling at entry.
D. External Recommendations on Third-Party Certification for Food
In September 2012, the Government Accountability Office (GAO)
issued a report discussing possible challenges associated with
establishing and administering the accredited third-party certification
program, including: offering incentives to encourage participation;
meeting challenges associated with creating a new program; addressing
stakeholder concerns; and conducting oversight of the program, once
established (Ref. 10). We believe this proposed rule addresses the
relevant challenges identified by GAO.
In June 2010, a committee of experts convened by the Institute of
Medicine and the National Research Council (IOM/NRC committee) released
a report examining gaps in public health protection afforded by the
farm-to-table food safety system under our purview and identifying
opportunities to fill those gaps (Ref. 11). The IOM/NRC committee
concluded that we need to address barriers to improving the efficiency
of inspections by, among other things, exploring third-party auditing
of food facilities as an alternative model for measuring compliance.
The IOM/NRC committee's report specifically recommended that we
consider the implications of accepting inspection data from third-party
auditors inspecting facilities for compliance with food safety
regulatory requirements. The IOM/NRC report also stated that, if we use
this approach, we should set minimum standards for such auditors and
audits, with oversight and implementation being assigned to an
accreditation and standards body.
E. FDA Standards for Assessing Capabilities of Food Safety Systems
In developing the framework for recognition of accreditation bodies
and accreditation of third-party auditors required by section 808 of
the FD&C Act, we looked at our existing standards for assessing the
capabilities of food safety systems at the State level, through the
Manufactured Foods Regulatory Program Standards (MFRPS) (Ref. 12). The
MFRPS establish a uniform foundation for the design and management of
high-quality State regulatory programs for food manufacturers, focusing
on ten key areas: (1) Regulatory foundation; (2) inspector training
program; (3) risk-based inspection program; (4) audits of the
inspection program; (5) protocols for food-related illnesses,
outbreaks, and response; (6) compliance and enforcement program; (7)
industry and other stakeholder relations; (8) program resources; (9)
program assessment; and (10) laboratory support.
We also considered a FDA-New Zealand pilot project for assessing
food safety systems, authority, oversight and monitoring that was
discussed at a public hearing in March 2011 (Ref. 13). We found
particularly useful the draft FDA International Comparability
Assessment Tool (ICAT) used in reviewing New Zealand's food safety
regulatory system to determine if it provides a similar set of
protections to that of FDA (Ref. 14). Following the successful
completion of the New Zealand comparability pilot, in late 2012 FDA
launched a bilateral pilot project with the Canadian Food Inspection
Agency (CFIA) on systems recognition (previously known as
comparability), sharing FDA's draft ICAT as a guide for the systems
recognition process. FDA and CFIA currently are finalizing their
respective systems recognition reviews.
F. U.S. Government Policies on Consensus Standards and Conformity
Assessment
Implementation of section 808 of the FD&C Act occurs against the
backdrop of the broader Federal policies on consensus standards and
conformity assessment under the National Technology Transfer and
Advancement Act of 1995 (NTTAA) (Public Law 104-113).
The NTTAA, together with the Office of Management and Budget (OMB)
Circular A-119, revised February 10, 1998 (Ref. 15), directs Federal
Agencies to use voluntary consensus standards in lieu of government-
unique standards except where inconsistent with law or otherwise
impractical. OMB Circular A-119 states that the use of voluntary
standards, whenever practicable and appropriate, is intended to
eliminate the cost to government of developing its own standards and
decrease the cost of goods procured and the burden of complying with
Agency regulation; provide incentives and opportunities to establish
standards that serve national needs; encourage long-term growth for
U.S. enterprises and promote efficiency and economic competition
through harmonization of standards; and further the policy of reliance
upon the private sector to supply government needs for goods and
services.
In addition, the U.S. Government has issued a National Standards
Policy and Federal guidance on conformity assessment activities (which
are defined as activities concerned with determining directly or
indirectly that requirements for products, services, systems, and
organizations are fulfilled) (15 CFR 287.2).
As directed by OMB in Circular A-119 (Ref. 15), the National
Institute of Standards and Technology (NIST), in the Federal Register
of August 10, 2000 (65 FR 48894), issued policy guidance on Federal
conformity assessment activities (Federal conformity assessment
guidance) (codified at 15 CFR part 287). The guidance applies to all
Federal Agencies that set policy for, manage, operate, or use
conformity assessment activities or results, domestically and
internationally (except for activities conducted pursuant to treaties)
and is intended to eliminate unnecessary duplication and complexity in
conformity assessment requirements. (We note that OMB has announced it
is currently revising Circular A-119, and NIST is revising the Federal
conformity assessment guidance (Ref. 16)).
The current Federal conformity assessment guidance provides for
Federal Agencies to use, where appropriate, relevant guides or
standards for conformity assessment \6\ practices from domestic and
international standardizing bodies such as the Codex Alimentarius
Commission (Codex),\7\ the International Organization
[[Page 45788]]
for Standardization (ISO)/International Electrotechnical Commission
(IEC),\8\ and the American National Standards Institute (ANSI). The
guidance also notes that each Agency retains the responsibility, and
authority, to select the conformity assessment activities and
procedures (e.g., guides and standards) that will best meet its
legislative mandates and programmatic objectives (15 CFR part 287).
---------------------------------------------------------------------------
\6\ ISO/IEC 17000:2004, Conformity assessment--Vocabulary and
general principles (Ref. 17) defines ``conformity assessment'' as
``demonstration that specified requirements relating to a product,
process, systems, person or body are fulfilled.
\7\ The Codex Alimentarius Commission, established by Food and
Agriculture Organization of the United Nations (FAO) and the World
Health Organization (WHO) in 1963 develops harmonized international
food standards, guidelines and codes of practice to protect the
health of the consumers and ensure fair trade practices in the food
trade. The Commission also promotes coordination of all food
standards work undertaken by international governmental and non-
governmental organizations. See, https://www.codexalimentarius.org/codex-home/en/.
\8\ ISO is a voluntary, consensus, standards developer with
standards covering many aspects of technology and business,
including food safety. See, https://www.iso.org/iso/home/about.htm.
---------------------------------------------------------------------------
In developing this proposed rule, we considered several voluntary
consensus standards, specifically ISO/IEC 17000: 2004, Conformity
assessment--Vocabulary and general principles (Ref. 17) and ISO/IEC
17011: 2004, Conformity assessment--General requirements for
accreditation bodies accrediting conformity assessment bodies (Ref.
18), which contains the following major elements: (1) Legal
responsibility, structure, and impartiality; (2) management systems,
including records, internal audits, nonconformities, and corrective
actions; (3) personnel associated with the accreditation body,
personnel associated with the accreditation process, and monitoring
performance assessments of accreditation personnel; (4) the
accreditation process; and (5) and roles and responsibilities of the
accreditation body and the certification body. We will address elements
of ISO/IEC 17011: 2004 that are relevant to this rule in our discussion
of the proposed requirements for accreditation bodies in section IV.A.2
through IV.A.4.
In addition, we considered other ISO/IEC 17021: 2011, Conformity
assessment--Requirements for bodies providing audit and certification
of management systems (Ref. 19), which contains similar requirements
for bodies auditing management systems: (1) Legal matters and
contractual matters; (2) impartiality; (3) structural requirements; (4)
resource requirements, including competence of management and
personnel; (5) monitoring and surveillance; (6) internal audits; and
(7) records.
We also considered ISO/IEC Guide 65: 1996, General requirements for
bodies operating product certification systems (Ref. 20).\9\ ISO also
has issued the 22000 series of standards for food safety management
systems, including ISO/TS 22003: 2007, Food safety management systems--
Requirements for bodies providing audit and certification of food
safety management systems (Ref. 21).\10\
---------------------------------------------------------------------------
\9\ Subsequently, ISO/IEC Guide 65:1994 (Ref. 20) was updated
and incorporated into ISO/IEC 17065.
\10\ This series includes standards the food industry uses in
establishing and maintaining its food safety management systems and
also the standards that auditors/certification bodies use in
assessing those systems.
---------------------------------------------------------------------------
These standards are among the relevant information we used in
developing this proposed rule. We do not propose to incorporate these
standards by reference into our regulations, because they contain
additional requirements that are not relevant to our program and might
unnecessarily create disincentives to participation. A copy of each of
these ISO standards has been placed in the docket for this rulemaking
and is made available at the Division of Dockets Management at address
listed in the ADDRESSES section of this document. The standards also
are available electronically by purchase from ISO, at https://www.iso.org.
As described more fully in section III, we developed this proposed
rule having received information and input from a broad range of
stakeholders that included public and private members of the standards
community. We met with representatives of other U.S. Government
agencies and foreign governments and participated in listening sessions
requested by stakeholders wishing to share their views on section 808
of the FD&C Act.
We believe the proposal aligns with the NTTAA, the National
Standards Policy, and current versions of OMB Circular A-119 (Ref. 15)
and the Federal conformity assessment guidance (15 CFR part 287), in
relying upon the principles of voluntary consensus standards currently
used globally and domestically by the food industry, the international
standards community, and conformity assessment bodies.
Under the guidance at 15 CFR 287.4(b), we seek comment on the
rationale for the conformity assessment decisions we have made in
developing this proposal. In particular, we seek comment on whether the
voluntary consensus standards we cite are the appropriate standards
upon which to base this rulemaking. If alternative standards are
suggested, we request that copies of any such standards be submitted
along with the comment(s).
G. Industry Practices on Benchmarking Standards and Third-Party Audits
and Certification for Food and Food Facilities
As a result of consolidation within the food industry and the
globalization of the marketplace, coupled with some high-profile food
safety incidents, many food retailers and food service providers began
to require their suppliers to be audited against their standards (more
commonly known as ``buyer requirements'') (Ref. 11). Some of these
supplier audits were conducted by auditors/certification bodies
employed by, or acting as agents of, buyers. Other auditors were third
parties, independent of both buyers and suppliers.
As buyers increasingly relied on audits to assess compliance with
their safety requirements, more and more suppliers began to face
multiple food safety audits. The proliferation of buyers' requirements
created inefficiencies that ultimately spurred several efforts to
harmonize audits. These include the Global Food Safety Initiative
(GFSI), which was established in 2000 by a group of international
retailers (Ref. 22). GFSI benchmarks food safety schemes \11\ against a
harmonized set of key elements for food safety and management systems.
GFSI's benchmarking guidance (Ref. 23), and indeed many of the food
safety schemes it benchmarks, use Codex as their foundational
standards.
---------------------------------------------------------------------------
\11\ A food safety scheme generally includes the food safety
standard against which a food facility is assessed and the
management system associated with the standard.
---------------------------------------------------------------------------
GFSI's benchmarking assesses a scheme's food safety standards and
the governance and management structure of the food safety scheme
owner, such as technical competence, safeguards against conflicts of
interest, and procedures for accreditation bodies to oversee the
certification bodies that audit and issue certifications under the food
safety scheme (Ref. 23). For example, the U.S.-based American National
Standards Institute (ANSI) currently provides accreditation services
for three GFSI-benchmarked food safety schemes: The Food Marketing
Institute's Safe Quality Food Initiative scheme, the British Retail
Consortium scheme, and the Global GAP scheme (Ref. 24). As is discussed
in the Preliminary Regulatory Impact Analysis (Ref. 25) for this
proposed rule, dozens of accreditation bodies worldwide accredit
certification bodies to conduct food safety audits. Both large and
small suppliers are increasingly relying on third-party audits and
certification as a means to ensure
[[Page 45789]]
market access for their food products. In addition, domestic and
foreign suppliers (such as producers, comanufacturers, or repackers)
are increasingly looking to third-party certification programs to
assist them in verifying that their facilities and food meet applicable
food safety standards, whether private food safety schemes such as
those benchmarked by GFSI or public standards such as the FD&C Act
requirements, which are the relevant standards for purposes of the FDA
accredited third-party audit and certification program. The Federal
Government recognizes that rigorous voluntary certification programs
can provide assurance that products meet U.S. requirements. Currently,
private food and facility certifications are frequently used but can
result in duplicate audits and certifications. Under this proposal, FDA
will oversee a certification program that will, we believe, create
efficiencies by reducing the number of redundant food safety audits and
by allowing us to better target resources for verifying compliance with
applicable requirements.
III. FSMA Imports Public Meeting and Stakeholder Input
Since enactment of FSMA, we have reached out to stakeholders in the
food industry, the international community, standards organizations,
accreditation and certification bodies, consumer groups, government
agencies, and other interested parties to gain input and perspective on
how best to implement FSMA. Among those activities, on March 29, 2011,
we held a public meeting with stakeholders to discuss the
implementation of the FSMA import safety provisions, including section
808 of the FD&C Act on accredited third-party certification. For
additional information about this public meeting, including the agenda,
transcripts, and an archived webcast, see https://www.fda.gov/Food/FoodSafety/FSMA/ucm249257.htm.
In conjunction with the public meeting, we opened a public docket,
with notice in the Federal Register of March 14, 2011 (76 FR 13643),
soliciting comments on implementation of section 808 of the FD&C Act
and other import provisions added or amended by FSMA. We received
several comments on accredited third-party certification, from a
variety of stakeholders including a foreign authority (1); trade
associations (11); auditors/certification bodies and a laboratory (4);
consumer groups (3); other non-profits (1); and an individual (1). Some
common themes emerged, including comments on using existing systems as
a model; considering impacts on small and medium-sized businesses;
requiring notification of conditions that could cause or contribute to
a serious risk to public health; ensuring auditor competency; and
preventing conflicts of interest. This docket (FDA-2011-N-0146) is
available electronically at https://www.regulations.gov, or at the
Division of Dockets Management (see ADDRESSES).
In addition to attending the public meeting, several stakeholders
requested meetings to discuss their current programs and to share their
views and recommendations for implementing section 808 of the FD&C Act.
These stakeholders represented a broad range of interests, including
consumer groups, trade associations, auditors/certification bodies and
laboratories. We also met with representatives of foreign governments,
as part of ongoing outreach and collaboration with foreign regulatory
partners. Topics for these meetings included the statutory requirements
for accreditation of third-party auditors, including FDA's authority to
directly accredit third-party auditors/certification bodies; \12\
voluntary consensus standards and industry practices on accreditation,
auditing, and certification; and international considerations.
Additionally, we note that FDA representatives have been invited to
attend meetings, hosted by stakeholders, which included discussions of
third-party audits and certifications.
---------------------------------------------------------------------------
\12\ The docket for this rulemaking contains, as background
material, a letter from Caroline Smith DeWaal of the Center for
Science in the Public Interest, which was received after the docket
for the public meeting closed and before issuance of this proposed
rule. The letter offers an analysis of FDA's authority for direct
accreditation.
---------------------------------------------------------------------------
The input and perspectives gained through each of these
interactions helped shape this proposed rule. We have identified some
common themes from these interactions. Most stakeholders expressed
significant concerns regarding existing capacity of third-party food
safety auditors/certification bodies and, for some stakeholders, the
degree of competency demonstrated by the available cadre of auditors/
certification bodies. We recognize that the credibility of the new
third-party program rests largely on the quality of the auditing and
certification work performed by accredited third-party auditors/
certification bodies and have attempted to address those concerns in
this rulemaking.
In other areas, stakeholders' interests diverged. For example,
consumer groups expressed a strong interest in transparency of the
program, including public disclosure of audit reports. Current industry
practice is to maintain the confidentiality of audit reports except to
the extent that the audited firm waives confidentiality or where
otherwise required by law. Industry also has expressed concern about
the statutory requirement for accredited auditors to notify us of
conditions in an audited firm that could cause or contribute to a
serious risk to the public health. Some in industry have taken the
position that stringent disclosure and transparency requirements may
dissuade food firms from using third-party auditors/certification
bodies accredited under our program.
As an initial matter, we note that we are bound to implement FSMA
as enacted and to comply with all other applicable disclosure laws
(e.g., the Freedom of Information Act (FOIA)) (5 U.S.C. 552). Within
that legal framework, we have balanced the following competing public
interests: (1) Providing as much information to the public as possible
about audits of foreign food entities and the performance of accredited
auditors/certification bodies, so that individuals may assess the
performance and credibility of the accredited third-party audits and
certification program; (2) protecting the proprietary interests of food
entities related to their trade secrets and confidential commercial
information to the extent allowable by statute, as well concerns about
public release of sensitive information that would not otherwise be
publicly available; and (3) protecting the public health by being able
to attract sufficient numbers of foreign food entities, third-party
auditors/certification bodies, and accreditation bodies to make the
program cost-effective and otherwise successful.
To gain credibility with consumers and address industry views on
sensitive information, this proposed rule seeks to balance disclosure
and confidentiality concerns. It reflects our views on how best to
strike the balance between these and other competing interests. We
believe this proposal reflects the intent of section 808 of the FD&C
Act and the purpose of the law, offering a practical, flexible, and
effective approach to the accredited third-party audits and
certification program. We seek comment on the framework this proposed
rule would create for recognition of accreditation bodies and
accreditation of third-party auditors/certification bodies, how it
aligns with existing voluntary industry programs, and what expectations
consumers have for the ability of this program to help us ensure the
safety of imported food.
[[Page 45790]]
In addition, we invite comments on possible effects of the creation
of an FDA program for accredited third-party audits and certification.
We are particularly interested in receiving comments and data on the
availability of competent auditors/certification bodies to participate
in our program or about the likelihood of entities being able to scale-
up their capacity to participate in our program and to serve demand
outside the scope of our program. We understand from public comments
and stakeholder meetings that industry and the conformity assessment
community have concerns about access to sufficient numbers of qualified
third-party auditors/certification bodies under current conditions. We
also understand that some industry leaders have developed various
strategies and plans for increasing auditor capacity. We request
comments and information on the progress of these efforts and the
impact the establishment of our program will have on accelerating these
efforts. Given that this program is for food and facility
certifications only for purposes of mandatory certification and VQIP
eligibility under sections 801(q) and 806 of the FD&C Act
(respectively), what effect, if any, do stakeholders anticipate this
program will have on current capacity issues?
We also request stakeholder input on any possible trade impacts of
the program, once established. What effect might this program have on
the existing issues with auditor capacity? Will it affect foreign or
domestic food firms' ability to provide certifications to their
customers? If so, are foreign and domestic firms likely to be affected
in the same manner and to the same degree? If not, what are the likely
impacts to each? Are there particular types of food firms or food
products, or certain areas of the world in which capacity issues are
more likely to be prevalent and to what degree? Are there other factors
impacting the availability of competent auditors? Are there any
solutions or approaches that might be practical and appropriate for
FDA, as a regulatory Agency, to use in addressing auditor capacity
issues within the accredited third-party audits and certification
program?
We encourage stakeholders to consider and comment on this proposed
rule and the various interests at stake in this rulemaking, with
recommendations about the proper balance of competing interests.
IV. Purpose and Description of the Proposed Rule
In section 808 of the FD&C Act, Congress directed us to establish
an accredited third-party audits and certification program that
leverages the work of existing private sector audit programs and
efforts, while requiring measures to better ensure audit rigor and
objectivity. We believe this proposed rule, coupled with our oversight
of the program, will help ensure the competence and independence of
third-party auditors/certification bodies who conduct foreign food
safety audits. It also will help ensure the reliability of
certifications issued by third-party auditors/certification bodies that
we may use in making certain decisions relating to imported food.
Having comprehensive oversight of a credible and reliable program
for third-party audits and certifications of foreign food facilities
will help us prevent potentially harmful food from reaching U.S.
consumers and thereby improve the safety of the U.S. food supply. As
explained previously, we believe this new program will draw a
significant number of participants and will be broadly accepted by
industry. Currently, buyers seeking to import regulated product from a
foreign food facility often require food safety audits that are
conducted under varying audit criteria. By establishing a trusted
program for third-party audits and certification of foreign food
facilities that operates under public oversight, we expect that the
number of redundant food safety audits performed to assess compliance
with the FD&C Act will be reduced, which, in turn, will increase
efficiency and reduce costs to industry. Our estimates relating to
reductions in redundant audits are addressed more fully in the
Preliminary Regulatory Impact Analysis (Ref. 25).
More broadly, we think that by capitalizing on private sector food
safety efforts and linking them to the public assurance system,
accredited third-party certification can help transform the way we
ensure the safety of globally traded food that is consumed in the
United States. In our vision of the future, we do not see third-party
audits replacing public oversight, but rather helping us ensure that we
make the best, most efficient use of both public and private resources
to produce a safe food supply.
We are proposing requirements that would apply to several different
types of entities--i.e., accreditation bodies, third-party auditors/
certification bodies, and eligible entities--and an option for
importers as well. We are organizing this proposed rule by those
categories, with specific requirements for accreditation bodies
(proposed Sec. Sec. 1.610 through 1.636), third-party auditors/
certification bodies (proposed Sec. Sec. 1.640 through 1.672),
eligible entities (proposed Sec. Sec. 1.680 and 1.681), and importers
(proposed Sec. 1.698). Provisions of general applicability appear in
proposed Sec. Sec. 1.600 and 1.601 (definitions and scope), Sec.
1.690 (publicly available information), Sec. Sec. 1.691 through 1.693
(challenges to FDA decisions).
Accordingly, we are proposing to amend our regulations in parts 1
and 16 (21 CFR parts 1 and 16) to implement FSMA section 307, which
adds section 808 to the FD&C Act and is codified at 21 U.S.C. 384d. We
are proposing to add new subpart M to part 1 and to amend existing part
16 (21 CFR part 16) as follows:
A. Proposed Revisions to Part 1, New Subpart
1. Definitions and Scope
a. What definitions apply to this subpart? (Proposed Sec. 1.600).
Proposed Sec. 1.600 contains definitions of several terms used in this
rule. Where possible, we propose to rely on existing statutory and
regulatory definitions. Where necessary to provide clarity to this
rule, we have developed some additional definitions that align with
existing law and regulations, as well as current practices of the
international community, accreditation and certification bodies, and
the food industry.
Proposed Sec. 1.600(a) and (b) state that definitions contained in
section 201 of the FD&C Act (21 U.S.C. 321) will apply to this rule,
except as those terms are otherwise defined in paragraph (c). Because
``food'' is defined in section 201(f) of the FD&C Act, but not in
proposed Sec. 1.600(c), the definition of ``food'' that we propose to
apply to this rule is the definition of ``food'' appearing in section
201(f). Examples of ``food'' under this proposed definition would
include, but not be limited to, fruits, vegetables, fish, dairy
products, eggs, raw agricultural commodities for use as food or
components of food, animal feed (including pet food), food and feed
ingredients and additives (including substances that migrate into food
from packaging and other articles that contact food), dietary
supplements and dietary ingredients, infant formula, beverages
(including bottled water), live food animals, bakery goods, snack
foods, candy, and canned food. (See, e.g., 21 CFR 1.377. See also the
discussion of proposed Sec. 1.601(d)
[[Page 45791]]
regarding a limited exemption for alcoholic beverages and prepackaged
foods from certain facilities.)
``Accreditation'' means a determination by a recognized
accreditation body, or by FDA in the case of direct accreditation, that
a third-party auditor/certification body is competent to perform the
activities required of an accredited auditor/certification body for the
purposes of this rule. In developing this definition, we considered
international standards on accreditation, including ISO/IEC 17011:2004
(Ref. 18), which defines accreditation as an attestation ``conveying
formal demonstration'' of a conformity assessment body's competence to
carry out specific conformity assessment tasks.
``Accreditation body'' means an authority that performs
accreditation of third-party auditors/certification bodies. This
definition is already in use in section 808(a) of the FD&C Act and is
consistent with international standards, such as ISO/IEC 17011:2004
(Ref. 18), which defines ``accreditation body'' as an ``authoritative
body'' that conducts accreditation.
``Accredited auditor/certification body'' means a third-party
auditor/certification body that a recognized accreditation body (or, in
the case of direct accreditation, FDA) has determined meets the
applicable requirements of this subpart and is authorized to conduct
food safety audits and to issue food or facility certifications to
eligible entities. This definition reflects the statutory definitions
of ``accredited third party auditor'' and ``third party auditor'' and a
common understanding of the activities to be performed under this
program.
``Audit'' means:
1. With respect to an accreditation body, the systematic,
independent, and documented examination (through observation,
investigation, and records review) by FDA to assess the accreditation
body's authority, qualifications (including its expertise and training
programs), and resources; its procedures for quality assurance,
conflicts of interest, and records; its performance in accreditation
activities; and its capability to meet the applicable requirements of
this subpart.
2. With respect to a third-party auditor/certification body, the
systematic, independent, and documented examination (through
observation, investigation, and records review) by a recognized
accreditation body (or, in the case of direct accreditation, FDA) to
assess the third-party auditor's/certification body's authority,
qualifications (including its expertise and training programs), and
resources; its procedures for quality assurance, conflicts of interest,
and records; its performance in auditing and certification activities;
and its capability to meet the applicable requirements of this subpart;
and
3. With respect to an eligible entity, the systematic, independent,
and documented examination (through observation, investigation, records
review, and as appropriate, sampling and laboratory analysis) by an
accredited auditor/certification body to assess the entity, its
facility, system(s), and food for the purpose of determining whether
the food or facility of the eligible entity is in compliance with the
FD&C Act (which includes, where applicable, an assessment of the
entity's preventative controls, sanitation, monitoring, verification,
corrective actions, and recalls) and, for consultative audits, also
includes an assessment of compliance with applicable industry standards
and practices.
The term describes the nature and scope of activities involved in
the various types of audits and assessments that will be conducted
under this program. We incorporated relevant language from the
definitions of consultative audit and regulatory audit in section
808(a)(5) and (a)(7) of the FD&C Act and language specific to the
requirements used in audits and assessments of accreditation bodies,
third-party auditors/certification bodies, and eligible entities.
We considered our 2009 guidance (Ref. 5) and the descriptions of
audit activities under our MFRPS (Ref. 12). We also examined usage in
international standards, such as the Codex Principles for Food Import
and Export Certification (CAC/GL 20-1995) (Ref. 26), which define
``audit'' as a ``systematic and functionally independent examination to
determine whether activities and related results comply with planned
objectives.'' Additionally, we looked at ISO/IEC 17000:2004 (Ref. 17),
which defines ``audit'' as a ``systematic, independent, documented
process for obtaining records, statements of fact or other relevant
information and assessing them objectively to determine the extent to
which specified requirements are fulfilled.''
``Audit agent'' means an individual who is an employee or other
agent of an accredited auditor/certification body who, although not
individually accredited, is qualified to conduct food safety audits on
behalf of an accredited auditor/certification body. An audit agent
includes a contractor of the accredited auditor/certification body.
The term is based on section 808(a)(1) of the FD&C Act, which
defines ``audit agent'' as an employee or agent of an accredited
auditor[/certification body] who is qualified to conduct food safety
audits on its behalf. In the definition, we clarify that contractors
who are authorized to act for, and under the direction of, the
accredited auditor/certification body are allowed to serve as an audit
agents.
``Certification body'' means a foreign government, agency of a
foreign government, foreign cooperative, or any other third party that
is eligible to be considered for accreditation to conduct food safety
audits and to certify that eligible entities meet the requirements of
the FD&C Act. A certification body may be a single individual or an
organization. A certification body may use audit agents to conduct food
safety audits. Certification Body has the same meaning as Third-Party
Auditor as that term is defined in section 808 of the FD&C Act and in
this subpart.
This definition emphasizes the role of ``third-party auditors,''
under section 808 of the FD&C Act, in issuing facility certifications
that importers must use to establish eligibility for VQIP participation
and food certifications that may be required to satisfy a condition of
admissibility for an imported food we determine poses a safety risk
under section 801(q) of the FD&C Act.
In developing the definition of ``certification body,'' we looked
at the definition of ``third-party auditor'' in section 808(a)(3) of
the FD&C Act, as well as terminology used by the international
community and the food industry. For example, ISO/IEC 17000:2004 (Ref.
17) explains that a ``certification system'' is a conformity assessment
system that includes ``selection, determination, review and finally
certification as the attestation activity'. See also, ISO/IEC Guide
65:1996 (Ref. 20) and ISO/IEC 17021: 2011 (Ref. 19). The term
``certification body'' also is used by those in the food industry who
currently rely on audits and certifications as part of their business
practices. We believe this proposed language more clearly explains the
role of accredited auditors/certification bodies and the requirements
for issuance of certification under this program.
``Consultative audit'' means an audit of an eligible entity:
1. To determine whether such entity is in compliance with
applicable requirements of the FD&C Act and industry standards and
practices; and
[[Page 45792]]
2. The results of which are for internal purposes only and cannot
be used to determine eligibility for a food or facility certification
issued under this subpart or in meeting the requirements for an onsite
audit of a foreign supplier under subpart L of this part.
This reflects the definition of ``consultative audit'' in section
808(a)(5) of the FD&C Act and emphasizes that the results of a
consultative audit cannot be used in lieu of a regulatory audit to meet
the criteria for issuance of food or facility certification under
section 808(c)(2)(C) of the FD&C Act. It also incorporates language
from proposed Sec. 1.698, which would allow only reports of regulatory
audits to be used by importers in meeting proposed verification
requirements under the Foreign Supplier Verification Rule (FSVP) (to be
codified in 21 CFR, part 1, subpart L).
``Direct accreditation'' means accreditation of a third-party
auditor/certification body by FDA and is a term used in section
808(b)(1)(A)(ii) of the FD&C Act when describing FDA accreditation of
third-party auditors/certification bodies, without the involvement of a
recognized accreditation body. The distinction between direct
accreditation and accreditation by an FDA-recognized accreditation body
is relevant for some provisions of this rule. For example, under
proposed Sec. 1.656(b), a directly accredited auditor/certification
body must send its annual self-assessment reports to FDA, while an
auditor/certification body accredited by a recognized accreditation
body must submit its annual self-assessment reports to the
accreditation body, who is responsible for monitoring and ensuring its
accredited auditors/certification bodies take timely and effective
corrective actions, where necessary. FDA will access the accredited
auditor/certification body self-assessments in monitoring recognized
accreditation bodies and in conducting the periodic monitoring required
by section 808(f)(2) of the FD&C Act. This definition will help
accredited auditors/certification bodies determine which requirements
apply to them.
``Eligible entity'' means a foreign entity that chooses to be
subject to a food safety audit by an accredited auditor/certification
body. Eligible entities include foreign facilities subject to the
registration requirements of 21 CFR part 1, subpart H. The definition
of ``eligible entity'' corresponds to section 808(a)(6) of the FD&C
Act, which defines ``eligible entity'' as including (and thus not
limited to) foreign facilities subject to the registration requirements
of section 415 of the FD&C Act (21 U.S.C. 350d).
We seek comment on whether to provide examples of specific types of
entities that may meet the definition of eligible entity. For example,
are foreign cooperatives \13\ that aggregate product, such as fruits or
vegetables, the types of entities that should be able to seek audits
and certification under this program? We note that the National Organic
Program (NOP) administered by the U.S. Department of Agriculture's
(USDA's) Agricultural Marketing Service (AMS), allows producers who are
located in geographic proximity, who are organized under a single
management and marketing system and whose farms are ``uniform in most
ways'' to be certified as a group (Ref. 27).\14\ We seek comment on
whether these NOP criteria are relevant in determining whether a
foreign cooperative is an ``eligible entity'' under this proposed rule,
Are there other types of foreign entities or facilities that should be
eligible to seek audits and certification under the FDA program?
---------------------------------------------------------------------------
\13\ Under section 808 of the FD&C Act, foreign cooperatives are
among the types of groups that are eligible to seek accreditation as
third-party auditors, provided that they meet the standards and
requirements for accreditation (e.g., for conflicts of interest).
\14\ Per USDA, grower group certifications have historically
been used for the certification of cooperatives located in
geographical proximity, whose crops are marketed collectively.
Primary crops produced by grower groups include coffee, cocoa, tea,
spices, and tropical fruits (Ref. 27).
---------------------------------------------------------------------------
``Facility'' means any structure, or structures of an eligible
entity under one ownership at one general physical location, or, in the
case of a mobile facility, traveling to multiple locations, that
manufactures/processes, packs, or holds food for consumption in the
United States. Transport vehicles are not facilities if they hold food
only in the usual course of business as carriers. A facility may
consist of one or more contiguous structures, and a single building may
house more than one distinct facility if the facilities are under
separate ownership. The private residence of an individual is not a
facility. Non-bottled water drinking water collection and distribution
establishments and their structures are not facilities. This same
definition of ``facility'' appears in subpart H (21 CFR 1.227(b)(2)).
``Facility certification'' means an attestation, issued for
purposes of section 806 of the FD&C Act by an accredited auditor/
certification body, after conducting a regulatory audit and any other
activities necessary to establish that a facility meets the applicable
requirements of the FD&C Act.
``Food certification'' means an attestation, issued for purposes of
section 801(q) of the FD&C Act by an accredited auditor/certification
body, after conducting a regulatory audit and any other activities
necessary to establish that a food meets the applicable requirements of
the FD&C Act.
These definitions reflect the requirements for, and purpose of,
certification as described in section 808(c)(2)(B) and (c)(2)(C) of the
FD&C Act, referencing sections 801(q) (food certification) and 806
(facility certification) of the FD&C Act. Food and facility
certifications are the two types of certifications authorized by
section 808 of the FD&C Act. Further, the food and facility
certification definitions emphasize that certification is an
attestation \15\ by the accredited third-party auditor/certification
body that it has: (1) Conducted a regulatory audit (and any other
activities necessary to establish compliance); (2) verified that the
specified criteria have been met; and (3) determined, based on the
results of those activities, that food or facility certification under
this program is appropriate.
---------------------------------------------------------------------------
\15\ We propose to use the word ``attestation'' in Sec. 1.600
to characterize the nature of the statement that certification
represents. This is the term used in ISO/IEC 17000:2004 (Ref. 20)
and also is the term we use when characterizing the nature of our
export certifications (Ref. 28). We believe that ``attestation'' is
similar to ``assurance,'' which is the term used in Codex CAC/GL 20-
1995 (Ref. 27).
---------------------------------------------------------------------------
Codex CAC/GL 20-1995 (Ref. 26) defines ``certification'' as the
procedure by which certification bodies provide ``written or equivalent
assurance that foods or food control systems conform to requirements.''
ISO/IEC 17000:2004 (Ref. 17) describes certification as an
``attestation'' related to products, processes, systems, or
persons.\16\
---------------------------------------------------------------------------
\16\ We are not defining ``facility certification'' or ``food
certification'' as an ``approval'' by an accredited auditor/
certification body or by (or on behalf of) FDA, nor do we intend for
it to be interpreted as such. Among other reasons, we do not have
preapproval authority for food, except for certain additives that
are required by law to have our approval prior to marketing.
Moreover, neither Codex CAC/GL 20-1995 (Ref. 27), nor ISO/IEC
17000:2004 (Ref. 20) uses the term ``approval'' in defining
``certification.''
---------------------------------------------------------------------------
We seek comment on our proposed definitions of ``facility
certification'' and ``food certification'' and on whether the scope of
these definitions is sufficiently broad to fulfill the objectives of
section 808 of the FD&C Act. In addition, we seek comment on whether to
allow groups meeting the NOP criteria (i.e., having multiple sites
operating under a single management system and whose
[[Page 45793]]
farms are ``uniform in most ways,'' to be issued (group) food
certifications, facility certifications, or both.
``Food safety audit'' means a regulatory audit or a consultative
audit by an accredited auditor/certification body under this program.
This term is used throughout section 808 of the FD&C Act, including in
the definitions of ``audit agent,'' ``third-party auditor,'' and
``accredited third-party auditor.'' The definition of ``third-party
auditor'' in section 808(a)(3) of the FD&C Act in particular, mentions
regulatory and consultative audits in the context of food safety
audits. Therefore, we used the definitions of ``consultative audit''
and ``regulatory audit'' contained in section 808(a)(5) and (a)(7) of
the FD&C Act in developing a definition of ``food safety audit.''
Table 1 describes consultative audits and regulatory audits and the
distinctions between them.
Table 1--Types and Characteristics of Food Safety Audits Under the Proposed Rule
----------------------------------------------------------------------------------------------------------------
Report submitted to
Type of audit Purpose FDA? Records access by FDA?
----------------------------------------------------------------------------------------------------------------
Regulatory Audit..................... For certification and Yes.................... FDA may request
report may be used Submitted no later than submission at any
under FSVP. 45 days after the time.
audit..
Consultative Audit................... Internal purposes...... No..................... FDA access under
section 414 of the
FD&C Act.
----------------------------------------------------------------------------------------------------------------
``Foreign cooperative'' means an entity that aggregates food from
growers or processors that is intended for export to the United States.
Section 808 of the FD&C Act does not provide a definition of ``foreign
cooperative,'' so we relied upon the statutory description of foreign
cooperatives in section 808(c)(1)(B) of the FD&C Act.
``Recognized accreditation body'' means an accreditation body that
FDA has determined meets the applicable requirements and is authorized
to accredit third-party auditors/certification bodies under this
program. This definition is based in part on the definition of
accreditation body in section 808 of the FD&C Act and incorporates the
concept of ``recognition'' that also appears there. The term
``recognition'' is also used in section 422 of the FD&C Act (21 U.S.C.
350k), as amended by FSMA, to describe the status we will accord to a
laboratory accreditation body that accredits laboratories for purposes
of food testing under the FD&C Act.
We also use the term ``recognition'' in the 2009 guidance (Ref. 5)
and in other FDA programs. In the 2009 guidance, which predates FSMA,
we mentioned the possible future ``recognition'' of one or more third-
party certification programs. Though FSMA directs us to structure our
third-party program differently than we envisioned in 2009, the concept
of ``recognition'' by FDA is similar.
``Regulatory audit'' is defined in the statute and means an audit
of an eligible entity:
1. To determine whether such entity is in compliance with the
provisions of the FD&C Act; and
2. The results of which are used in determining eligibility for
food certification under section 801(q) of the FD&C Act or facility
certification under section 806 of the FD&C Act. This definition
includes language from proposed Sec. 1.698, which would allow an
importer to use a regulatory audit report in meeting proposed
requirements for verification of a foreign supplier under subpart L of
this part.
``Relinquishment'' means:
1. With respect to an accreditation body, a decision to cede
voluntarily its authority to accredit third-party auditors/
certification bodies as a recognized accreditation body; and
2. With respect to a third-party auditor/certification body, a
decision to cede voluntarily its authority to conduct food safety
audits and to issue food and facility certifications to eligible
entities.
We included a definition of ``relinquishment'' in this proposed
rule because we recognize that an accreditation body, once recognized,
or a third-party auditor/certification body, once accredited, may
decide to leave the program and would need a process to voluntarily
exit the program. Relinquishment differs from revocation of recognition
and withdrawal of accreditation, as it occurs on the initiative of the
accreditation body or third-party auditor/certification body and not as
a result of our finding good cause to remove its recognition or
accreditation status. Analogous language on relinquishment of
accreditation appears in our mammography regulations in 21 CFR 900.3.
``Self-assessment'' means a systematic assessment conducted by an
accreditation body to determine whether it meets the recognition
requirements in Sec. Sec. 1.610 through 1.625, or by a third-party
auditor/certification body to determine whether it meets the
accreditation requirements in Sec. Sec. 1.640 through 1.658. ``Self-
assessment'' is defined in this proposed rule in a manner consistent
with its use in our MFRPS for State food regulatory programs (Ref. 12).
The MFRPS require States to conduct periodic self-assessments of their
manufactured food regulatory programs against each of the 10 program
standards. These self-assessments are designed to identify the
strengths and weaknesses of the State program by determining the level
of conformance with the program standards and are independently
verified through an audit. The results of the initial self-assessments
are used to develop an improvement plan, and subsequent self-
assessments are used to track the State's progress toward meeting and
maintaining conformance with the MFRPS.
The concept of self-assessment is used in international consensus
standards as well. For example, ISO/IEC Guide 65:1996 (Ref. 20)
requires a certification body to conduct periodic internal audits to
verify that its quality system is implemented and effective, that
corrective actions are taken in a timely and appropriate manner, and
that records of such reviews are maintained. Both ISO/IEC 17011:2004
(Ref. 18) and ISO/IEC 17021:2011 (Ref. 19) require internal audits as
well. Self-assessments are a valuable component of a continuous
improvement process under our standards and the voluntary consensus
standards described in this preamble.
``Third-Party Auditor'' means a foreign government, agency of a
foreign government, foreign cooperative, or any other third party that
is eligible to be considered for accreditation to conduct food safety
audits and to certify that eligible entities meet the applicable
requirements of the FD&C Act. A third-party auditor may be a single
individual or an organization. A third-party auditor may use audit
agents to conduct food safety audits. Third-Party Auditor has the same
meaning as Certification Body as that term is defined in this subpart.
[[Page 45794]]
The definition of ``third-party auditor'' is based on section 808 of
the FD&C Act and clarifies our role in direct accreditation and the
relationship between audits and certifications under section 808 of the
FD&C Act. For the reasons explained in the preamble discussion of the
definition of ``certification body,'' ``third-party auditor'' will have
the same meaning as ``certification body'' for purposes of this rule.
b. Who is subject to this subpart? (Proposed Sec. 1.601). This
proposed rule would apply to those accreditation bodies, third-party
auditors/certification bodies, and eligible entities that seek to
participate in our program for third-party food safety audits and
certification. Participating is voluntary; however any accreditation
body wishing to accredit third-party auditors/certification bodies
under our program would have to comply with the applicable requirements
of the final rule. Under the FDA program, any third-party auditor/
certification body wishing to conduct food safety audits and issue food
and facility certifications and any eligible entity that seeks a food
safety audit or food or facility certification would have to comply
with the applicable requirements of the final rule.\17\
---------------------------------------------------------------------------
\17\ The terms, ``third-party auditor/certification body,''
``consultative audit,'' ``regulatory audit,'' ``food
certification,'' ``facility certification,'' and ``eligible entity''
are defined under this proposed rule.
---------------------------------------------------------------------------
This proposed rule would codify a limited exemption created by
section 116 of FSMA (21 U.S.C. 2206) applicable to certification of
food under section 801(q) of the FD&C Act. Section 116(a) of FSMA
states that, except as provided by certain listed sections in the FSMA,
nothing in FSMA, or the amendments made by FSMA, will be construed to
apply to a facility that (1) under the Federal Alcohol Administration
Act (27 U.S.C. 201 et seq.) or chapter 51 of subtitle E of the Internal
Revenue Code of 1986 (26 U.S.C. 5001 et seq.) is required to obtain a
permit or to register with the Secretary of the Treasury as a condition
of doing business in the United States; and (2) under section 415 of
the FD&C Act is required to register as a facility because such
facility is engaged in manufacturing, processing, packing, or holding
one or more alcoholic beverages (with respect to the activities of such
facility that relate to the manufacturing, processing, packing, or
holding of alcoholic beverages).
Section 116(b) of FSMA provides that section 116(a) does not apply
to a facility engaged in the receipt and distribution of any non-
alcohol food, except that section 116(a) does apply to a facility
described in section 116(a) that receives and distributes non-alcohol
food, provided such food is received and distributed (1) in a
prepackaged form that prevents any direct human contact with such food,
and (2) in amounts that constitute not more than 5 percent of the
overall sales of such facility, as determined by the Secretary of the
Treasury.
Section 116(c) of FSMA provides that, except as provided in section
116(a) and (b), section 116 cannot be construed to exempt any food,
other than alcoholic beverages, as defined in section 214 of the
Federal Alcohol Administration Act (27 U.S.C. 214), from the
requirements of FSMA (including amendments made by FSMA).
The Preventive Controls proposed rule includes provisions
implementing the exemptions provided in section 116 of FSMA to
establish by regulation the reach of the exemptions. As discussed in
the preamble to the Preventive Controls proposed rule, FDA tentatively
concludes the following regarding the reach of the exemptions for the
purposes of that rule:
The phrase ``obtain a permit or register'' should be
interpreted broadly, to include not only facilities that must obtain
what is technically named a ``permit'' or must ``register'' with
Treasury, but also those facilities that must adhere to functionally
similar requirements as a condition of doing business in the United
States, namely, by submitting a notice or application to Treasury and
obtaining Treasury approval of that notice or application.
The exemption would apply not only to domestic facilities
that are required to secure a permit, registration, or approval from
Treasury under the relevant statutes, but also to foreign facilities of
a type that would require such a permit, registration, or approval if
they were domestic facilities.
Activities related to alcoholic beverages (including the
manufacturing, processing, packing, or holding of alcoholic beverages)
at facilities within the scope of section 116(a) of FSMA would not be
subject to section 418 of the FD&C Act. Activities related to foods
other than alcoholic beverages (including the receiving, manufacturing,
processing, packing, holding, and distributing of such foods) would be
subject to section 418 even if those activities occur at facilities
that are otherwise within the scope of section 116(a) (unless they
qualify for another exemption or are in prepackaged form and constitute
5 percent or less of the facility's overall sales). (For clarity, we
use the term ``food other than alcoholic beverages'' rather than ``non-
alcohol food'' in the Preventive Controls proposed rule and in this
document.)
Section 418 of the FD&C Act does not apply to the
manufacturing, processing, packing, or holding of food other than
alcoholic beverages to the extent that it is physically inseparable
from the manufacturing, processing, packing, or holding of alcoholic
beverages.
Section 116 of FSMA is premised in part upon status as a facility
required to register under section 415 of the FD&C Act (section
116(a)(2) of FSMA). As provided in section 808, eligible entities
include foreign facilities registered under section 415 of the FD&C
Act.
Therefore, to implement the exemption in section 116 of FSMA, under
proposed Sec. 1.601(d)(1), certification of food under section 801(q)
of the FD&C Act would not apply with respect to alcoholic beverages
from an eligible entity that is a facility that meets the following two
conditions:
Under the Federal Alcohol Administration Act or chapter 51
of subtitle E of the Internal Revenue Code of 1986 (26 U.S.C. 5001 et
seq.), the facility is a foreign facility of a type that, if it were a
domestic facility, would require obtaining a permit from, registering
with, or obtaining approval of a notice or application from the
Secretary of the Treasury as a condition of doing business in the
United States; and
Under section 415 of the FD&C Act, the facility is
required to register as a facility because it is engaged in
manufacturing/processing one or more alcoholic beverages.
Proposed Sec. 1.601(d)(2) specifies that certification of food
under section 801(q) of the FD&C Act also would not apply with respect
to food other than alcoholic beverages from a facility described in
paragraph (d)(2), provided such food:
Is in prepackaged form that prevents any direct human
contact with such food; and
Constitutes not more than 5 percent of the overall sales
of the facility, as determined by the Secretary of the Treasury.
This exemption does not apply to facility certification required by
section 806 of the FD&C Act.
We request comment on our proposed exemption of alcoholic beverages
and food other than alcoholic beverages under the conditions specified
in proposed Sec. 1.601(d).
As described in the ``Summary of Major Provisions of the Proposed
Rule,'' this rule would apply only to entities
[[Page 45795]]
that voluntarily participate in our accredited third-party audits and
certification program, which would be the following: (1) Accreditation
bodies seeking recognition, or recognized, under this program; (2)
third-party auditors/certification bodies (including their audit
agents) that seek accreditation, or are accredited under this program;
and (3) eligible entities that seek food safety audits from, or that
are audited or certified by, accredited auditors/certification bodies
under this program, except for an eligible entity that meets the
criteria for exemption under section 116 of FSMA.
We invite comment on the scope of this proposed rule, including
comments on its anticipated effects on accreditation bodies and third-
party auditors/certification bodies already performing these
activities, or that may be interested in doing so. We also seek comment
on its anticipated effect on foreign food facilities and other eligible
entities that are currently audited by third-party auditors/
certification bodies.
2. Recognition of Accreditation Bodies
This rule would establish the following: (1) The eligibility
requirements for an accreditation body to be authorized
(``recognized'') by FDA to accredit third-party auditors/certification
bodies under the accredited third-party audits and certification
program; (2) requirements on recognized accreditation bodies for
activities conducted under our program; and (3) procedures FDA and
accreditation bodies will follow relating to recognition, including
application, renewal, revocation, voluntary relinquishment, and
reinstatement of recognition.
Table 2--Proposed Requirements for Accreditation Bodies
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
Recognition of accreditation bodies under this subpart
------------------------------------------------------------------------
1.610.................. Who is eligible for recognition?
1.611.................. What legal authority must an accreditation body
have to qualify for recognition?
1.612.................. What competency and capacity must an
accreditation body have to qualify for
recognition?
1.613.................. What protections against conflicts of interest
must an accreditation body have to qualify for
recognition?
1.614.................. What quality assurance procedures must an
accreditation body have to qualify for
recognition?
1.615.................. What records procedures must an accreditation
body have to qualify for recognition?
------------------------------------------------------------------------
Requirements for recognized accreditation bodies under this subpart
------------------------------------------------------------------------
1.620.................. How must a recognized accreditation body assess
third-party auditors/certification bodies
seeking accreditation?
1.621.................. How must a recognized accreditation body
monitor the performance of auditors/
certification bodies it accredits?
1.622.................. How must a recognized accreditation body
monitor its own performance?
1.623.................. What reports and notifications must a
recognized accreditation body submit to FDA?
1.624.................. How must a recognized accreditation body
protect against conflicts of interest?
1.625.................. What records requirements must a recognized
accreditation body meet?
------------------------------------------------------------------------
Procedures for recognition of accreditation bodies under this subpart
------------------------------------------------------------------------
1.630.................. How do I apply to FDA for recognition or
renewal of recognition?
1.631.................. How will FDA review applications for
recognition and for renewal of recognition?
1.632.................. What is the duration of recognition?
1.633.................. How will FDA monitor recognized accreditation
bodies?
1.634.................. When will FDA revoke recognition?
1.635.................. How do I voluntarily relinquish recognition?
1.636.................. How do I request reinstatement of recognition?
------------------------------------------------------------------------
Section 808 of the FD&C Act directs us to establish a system for
recognition of accreditation bodies to accredit third-party auditors/
certification bodies and generally describes the roles and
responsibilities of recognized accreditation bodies under the
accredited third-party audits and certification program. The statute
requires each recognized accreditation body to: (1) Ensure that third-
party auditors/certification bodies (and audit agents) meet FDA's model
accreditation standards; (2) perform such reviews and audits necessary
to determine that a third-party auditor/certification body meets the
statutory requirements for accreditation; \18\ (3) require a third-
party auditor/certification body to agree to issue certifications in a
form required by FDA, as a condition of accreditation; and (4) submit
to FDA a list of all third-party auditors/certification bodies it
accredited (and the audit agents of each).
---------------------------------------------------------------------------
\18\ See section 808(c)(1)(A) and (c)(1)(B) of the FD&C Act.
---------------------------------------------------------------------------
a. Who is eligible for recognition? (Proposed Sec. 1.610). This
proposed rule would establish eligibility requirements an accreditation
body would have to meet to qualify for recognition by FDA under the
accredited third-party audits and certification program. Proposed Sec.
1.610 states that an accreditation body is eligible for recognition if
it can demonstrate that it meets requirements relating to legal
authority, competency, capacity, conflicts of interest, quality
assurance, and records in proposed Sec. Sec. 1.611 through 1.615.
In developing this proposed rule, we considered eligibility
requirements that would help us ensure that accreditation bodies
seeking recognition--whether public or private, newly formed or long
standing--are sufficiently qualified to accredit third-party auditors/
certification bodies under our program. We considered the approach
taken by NIST in its National Voluntary Conformity Assessment Systems
Evaluation (NVCASE) Program, which is a voluntary program to evaluate
and recognize organizations which support conformity assessment
activities (Ref. 28). The NVCASE program handbook states that ISO/IEC
17011:2004 (Ref. 18) provides that the basic general criteria
[[Page 45796]]
that an accreditor of certification bodies must satisfy for NVCASE
recognition (Ref. 28). We have tentatively concluded that key elements
of ISO/IEC 17011: 2004 (Ref. 18) provide an appropriate basis for these
requirements.\19\ We also considered our 2009 FDA guidance (Ref.
5),\20\ which states that conformance to ISO/IEC 17011:2004 (Ref. 18)
helps provide assurance of the reliability and competence of
accreditation bodies.
---------------------------------------------------------------------------
\19\ ISO/IEC 17011:2004 contains requirements that are not
applicable to our program (e.g., liability arrangements). While an
accreditation body would not need to conform to ISO/IEC 17011:2004
to qualify for recognition under our program, an accreditation body
that satisfies the requirements of ISO/IEC 17011:2004 could use that
in demonstrating it meets the recognition requirements in this rule.
\20\ We intend to withdraw the 2009 Guidance upon publication of
a final rule for accredited third-party audits and certification
under section 808 of the FD&C Act.
---------------------------------------------------------------------------
We also considered current food industry practices. For example,
GFSI requires food safety scheme owners to use accreditation bodies
that comply with ISO/IEC 17011:2004 (Ref. 18) for GFSI-benchmarked food
safety schemes (Ref. 29). In stakeholder meetings, some stakeholders
have suggested that FDA consider requiring accreditation bodies
participating in the accredited third-party audits and certification
program to be signatories to a multilateral recognition agreement of
the International Accreditation Forum (IAF). IAF is an organization for
accreditors of conformity assessment bodies and is a counterpart to
International Laboratory Accreditation Cooperation (ILAC), for
laboratory accreditation bodies.\21\ The IAF multilateral recognition
arrangement (IAF-MLA) (Ref. 30) requires signatories to conform to ISO/
IEC 17011:2004, among other things.
---------------------------------------------------------------------------
\21\ The ILAC is an international body, established in 1977, to
help ensure the competency, independence, rigor, and objectivity of
accreditation bodies that accredit laboratories against
international standards. The ILAC-mutual recognition agreement
requires signatories to conduct their activities in accordance with
ISO/IEC 17011:2004. FDA laboratory programs have worked with ILAC
and other ILAC signatories for many years.
---------------------------------------------------------------------------
Unlike our established history with ILAC and ILAC signatories, our
food and feed programs lack similar experience with the IAF. We have
found few examples of Federal agencies that require accreditation
bodies for conformity assessment bodies to be signatories to the IAF-
MLA (for accreditation of product and management system certification)
and that use signatory status as the sole criterion for accreditation
bodies. For example, the Department of Health and Human Services is not
requiring approved accreditors in its Health Information Technology
certification program (45 CFR part 170) to be signatories to the IAF-
MLA, although signatory status could be provided in support of an
applicant's request for approval. By contrast, the Environmental
Protection Agency's WaterSense program (Ref. 31) requires product
accreditors to be signatories to the IAF-MLA (Ref. 30). The WaterSense
program is not a regulatory program; rather, it is a partnership
program.
We do not have adequate information at this time to propose to
require accreditation bodies participating in the accredited third-
party audits and certification regulatory program to be IAF-MLA
signatories--whether as the sole requirement for recognition under
Sec. 1.610 or as one of several factors in support of recognition. We
have, however, tentatively concluded that documented conformance to
ISO/IEC 17011:2004 (Ref. 18) would be relevant in demonstrating that an
accreditation body is qualified for recognition. We invite comments and
examples (in particular, examples from regulatory programs) in support
of, or opposition to, using an accreditation body's status as a
signatory to an IAF MLA as the sole criterion for recognition or as a
factor weighing in favor of an application for recognition under the
accredited third-party audits and certification program.
b. What legal authority must an accreditation body have to qualify
for recognition? (Proposed Sec. 1.611). This proposed rule would
require accreditation bodies seeking recognition to demonstrate they
have sufficient legal authority to adequately assess third-party
auditors/certification bodies for accreditation and in conducting
oversight of them, once accredited.
Proposed Sec. 1.611 would allow both governmental bodies, with
accreditation authority inherent in their roles as public officials,
and private bodies, who have authority under contracts with third-party
auditors/certification bodies, to qualify for recognition if they have
the sufficient authority to conduct accreditation activities. This
includes adequate authority to access records; to conduct onsite
performance assessments, reassessments, and surveillance; and to grant,
modify, and remove accreditation status.
ISO/IEC 17011:2004 (Ref. 18) contains similar requirements for
bodies accrediting third-party auditors/certification bodies for
product and management system certification. Clause 4.1 requires
accreditation bodies to be registered legal entities and explains that
governmental accreditation bodies are considered legal entities because
of their governmental status. Clause 4.2.2 states that accreditation
bodies must have the authority and responsibility to decide on
granting, maintaining, extending, reducing, suspending, and withdrawing
accreditation.\22\
---------------------------------------------------------------------------
\22\ ISO/IEC 17011:2004 also contains requirements relating to
documentation of the roles and responsibilities of accreditation
body management and personnel involved in accreditation activities.
Matters such as these will be more fully explained in the Model
Accreditation Standards we plan to issue.
---------------------------------------------------------------------------
Proposed Sec. 1.611(b) would require an accreditation body to
demonstrate that it has the adequate legal authority to meet the
requirements for a recognized accreditation body in proposed Sec. Sec.
1.611 through 1.615, including assessing third-party auditors/
certification bodies for accreditation, monitoring accredited auditors/
certification bodies, perform self-assessments, submitting reports and
notifications to FDA, implementing procedures to protect against
conflicts of interest, establishing and maintaining records, and
following the applicable procedural requirements of our program.
We are not proposing to require a newly recognized accreditation
body to wait a certain period of time before beginning to conduct
accreditation activities under our program. Its accreditation authority
goes into effect at the moment of recognition. Therefore, we believe
that an accreditation body seeking recognition must demonstrate its
capacity to fulfill the roles and responsibilities of recognition, if
granted. We believe that an accreditation body could meet this
requirement by providing documentation of its authority to perform
activities required by proposed Sec. Sec. 1.611 through 1.615. We
expect this documentation to be provided primarily in the form of
standard language for contracts with eligible entities under the FDA
accredited third-party audits and certification program. However, we
will accept other types of documents (e.g., Standard Operating
Procedures) that can (individually or as part of a set of documents)
demonstrate that the accreditation body has adequate legal authority to
conduct the activities required by proposed Sec. 1.611 through 1.615.
We invite comment on our proposal to require accreditation bodies
to have demonstrable evidence to support a conclusion that they would
have adequate legal authority to meet our requirements (e.g., authority
to withdraw accreditation for cause), if recognized. We also seek
examples of other types of evidence that might
[[Page 45797]]
demonstrate the scope of an applicant's legal authority. For comments
opposing this requirement, we request comment on what, if any,
requirements we should put in place to ensure that an accreditation
body applying to us for recognition would be equipped, upon
recognition, to perform the obligations required under the program.
c. What competency and capacity must an accreditation body have to
qualify for recognition? (Proposed Sec. 1.612). This rule would
require accreditation bodies seeking recognition to demonstrate
adequate resources to fully implement its accreditation program. Under
proposed Sec. 1.612, an accreditation body must have adequate numbers
of personnel or other agents with relevant knowledge, skills, and
experience to adequately assess and monitor third-party auditors/
certification bodies. The accreditation body also would have to show it
has adequate financial resources for its operations. In the guidance,
we will explain the types of expertise and training we expect to see
when reviewing accreditation body records and conducting onsite
performance assessments. We also will explain the types of
documentation that might be used to demonstrate financial viability.
ISO/IEC 17011: 2004, clause 6.1 (Ref. 18) requires accreditation
bodies to have a sufficient number of competent personnel (internal and
external) with the educational background, technical qualifications,
training, skills, and experience necessary for the accreditation body's
activities. Clause 4.5.2 requires accreditation bodies to demonstrate
they have financial resource required for accreditation activities.\23\
---------------------------------------------------------------------------
\23\ ISO/IEC 17011:2004 contains some requirements that are not
applicable to our program. For example, it contains requirements
relating to liability coverage.
---------------------------------------------------------------------------
Under proposed Sec. 1.612(b) an accreditation body seeking to
qualify for recognition must demonstrate that it has the capability to
adequately assess third-party auditors/certification bodies seeking
accreditation and to monitor accredited auditors/certification bodies
through performance assessments. It also must be capable of submitting
reports and notifications to FDA in the manner we propose and to follow
the procedural requirements under our program. As previously explained,
an accreditation body will be authorized to begin accreditation
activities under our program immediately upon recognition. Therefore,
we need to have adequate assurance of its ability to meet the
competency and capacity requirements of a recognized accreditation body
when deciding whether to grant recognition.
d. What protections against conflicts of interest must an
accreditation body have to qualify for recognition? (Proposed Sec.
1.613). This proposed rule would require accreditation bodies to have
established programs to safeguard against conflicts of interest that
might compromise their objectivity and independence from third-party
auditors/certification bodies. Proposed Sec. 1.613 would require
accreditation bodies seeking recognition to have written measures to
safeguard against financial conflicts of interest between the
accreditation body (and its officers, personnel, and other agents) and
third-party auditors/certification bodies (and their officers,
personnel, and other agents). Without these conflict of interest
requirements, we believe it would be difficult for an accreditation
body to demonstrate adequate independence in accrediting auditors/
certification bodies, as required under our accredited third-party
auditing and certification program.
ISO/IEC 17011: 2004, clause 4.3.4 (Ref. 18) requires accreditation
bodies to ensure that personnel and committees that could influence the
accreditation process act objectively and be free from any undue
commercial pressures that could compromise impartiality.\24\
---------------------------------------------------------------------------
\24\ ISO/IEC 17011 contains additional requirements relating to
opportunities for involvement by interested parties and the manner
in which the accreditation body presents its services. Such matters
are beyond the scope of our program.
---------------------------------------------------------------------------
Under proposed Sec. 1.613(b), an accreditation body seeking
recognition must demonstrate the capability to meet the conflict of
interest requirements that would apply under Sec. 1.624, upon
recognition. This measure is necessary to help ensure that any
accreditation activities conducted after recognition would be
considered objective and independent under our program.
e. What quality assurance procedures must an accreditation body
have to qualify for recognition? (Proposed Sec. 1.614). This proposed
rule would require accreditation bodies seeking recognition to have
written quality assurance procedures in place. Proposed Sec. 1.614(a)
requires an accreditation body seeking recognition to have a program
for monitoring and assessing the performance of its officers,
personnel, and other agents and for assessing the effectiveness of its
accreditation program. The program must include procedures for
identifying areas for improvement and quickly executing corrective
actions.
ISO/IEC 17011 (Ref. 18) requires accreditation bodies to establish
procedures for internal audits (clause 5.7.1) and to identify
nonconformities in its operations (clause 5.5), opportunities for
improvement, and preventive actions to address root causes (clause
5.6). Clause 5.8 requires periodic management reviews.
Proposed Sec. 1.614(b) requires the accreditation body to
demonstrate it has the capability to meet the quality assurance
requirements of Sec. 1.622, for performing annual self-assessments
against our requirements and reporting the results of such self-
assessments. The guidance we plan to issue will discuss the elements of
an effective quality assurance program for accreditation bodies.
f. What records procedures must an accreditation body have to
qualify for recognition? (Proposed Sec. 1.615). This proposed rule
would require accreditation bodies seeking recognition to have written
records procedures in place. Under proposed Sec. 1.615(a), an
accreditation body would have to demonstrate that it has written
procedures for establishing, controlling, and retaining records on its
accreditation program and activities. While we are not proposing that
an accreditation body must have retained records for a specified period
of time prior to its recognition, we believe it is necessary for an
accreditation body to have maintained records for such length of time
to allow us to adequately assess its program and performance to
determine whether it is qualified for recognition. The accreditation
body also must maintain records as required by its existing legal
obligations. Our guidance will explain these recordkeeping, document
control, and retention requirements.
Clause 5.4.1 of ISO/1EC 17011: 2004 (Ref. 18) requires
accreditation bodies to establish procedures for identification,
collection, filing, storage, maintenance, and disposal of records.
Under clause 5.4.2, records procedures must require records to be
retained for a period consistent with the accreditation body's
contractual and legal obligations. The accreditation body must have
procedures to control internal and external documents relating to its
activities, under clause 5.3.\25\
---------------------------------------------------------------------------
\25\ Requiring accreditation bodies to exert control over
external documents relating to its accreditation activities would be
inconsistent with our program.
---------------------------------------------------------------------------
Proposed Sec. 1.615(b) would require an accreditation body seeking
recognition to demonstrate its capability to meet the requirements of a
recognized accreditation body. This would include,
[[Page 45798]]
for example, capacity for maintaining records for 5 years, which is the
maximum length for which recognition could be granted. It also requires
recognized accreditation bodies to give us access to records on
activities conducted under our program. Clause 4.4 of ISO/IEC 17011:
2004 (Ref. 18) requires accreditation bodies to have adequate
arrangements to maintain the confidentiality of information obtained
through its accreditation activities. Confidential information about a
third-party auditor/certification bodies must not be disclosed without
the written consent of the auditor/certification body unless the law
requires the information to be disclosed without such consent.
Accreditation bodies applying for recognition must demonstrate their
capacity, if recognized, to grant us access to confidential
information, including information contained in records, without prior
written consent of the auditor/certification body involved. Having
access to records relating to accreditation activities (including
confidential information) under this subpart is necessary to ensure the
rigor, credibility, and independence of the program.
3. Requirements for Recognized Accreditation Bodies
Table 3--Proposed Requirements for Accreditation Bodies Recognized by
FDA
------------------------------------------------------------------------
Proposed Rule Section Title
------------------------------------------------------------------------
1.620.................. How must a recognized accreditation body assess
third-party auditors/certification bodies
seeking accreditation?
1.621.................. How must a recognized accreditation body
monitor the performance of auditors/
certification bodies it accredits?
1.622.................. How must a recognized accreditation body
monitor its own performance?
1.623.................. What reports and notifications must a
recognized accreditation body submit to FDA?
1.624.................. How must a recognized accreditation body
protect against conflicts of interest?
1.625.................. What records requirements must a recognized
accreditation body meet?
------------------------------------------------------------------------
Proposed Sec. Sec. 1.620 through 1.625 contain the requirements
that a recognized accreditation body would have to meet when conducting
activities under our program.
a. How must a recognized accreditation body assess third-party
auditors/certification bodies seeking accreditation? (Proposed Sec.
1.620). This proposed rule would establish criteria and procedures a
recognized accreditation body must use in assessing third-party
auditors/certification bodies for accreditation.
Proposed Sec. 1.620(a)(1) requires a recognized accreditation body
to assess foreign governments/agencies by evaluating the food safety
programs, systems, and standards of the government/agency to determine
that the government/agency meets the eligibility requirements for
accreditation under Sec. 1.640(b), except where the criteria for
direct accreditation in proposed Sec. 1.670(a) are met.\26\ Proposed
Sec. 1.620(a)(2) requires a recognized accreditation body to assess
the internal systems and the training and qualifications of audit
agents used by a foreign cooperative or other third party to determine
that the cooperative/party meets the eligibility requirements for
accreditation under Sec. 1.640(c).
---------------------------------------------------------------------------
\26\ Under section 808(b)(1)(A)(ii) of the FD&C Act, we may
begin to directly accredit third-party auditors/certification bodies
if we have not identified and recognized an accreditation body to
meet the requirements of the section within 2 years after
establishing the system.
---------------------------------------------------------------------------
Proposed Sec. 1.620(a)(1) and (a)(2) are based on section
808(c)(1) to (c)(3) of the FD&C Act, which distinguishes between the
assessments of foreign governments/agencies and the assessments for
foreign cooperatives/other third parties seeking accreditation. They
also require a recognized accreditation body to assess any third-party
auditor/certification body under the model accreditation standards we
must issue under section 808(b)(2) of the FD&C Act. The model
accreditation standards will specify the authority, competency,
capacity, impartiality, quality assurance, and records that a third-
party auditor/certification body must have to qualify for accreditation
under our program.
Proposed Sec. 1.620(a)(3) requires recognized accreditation bodies
to observe a statistically significant number \27\ of onsite food
safety audits by a third-party auditor/certification body (or its audit
agents) seeking accreditation. Correspondingly, ISO/IEC 17011: 2004,
clause 7.7.3 (Ref. 18) requires an accreditation body's assessment team
to witness the performance of a representative number of staff to
provide assurance of the auditor's/certification body's competency.
---------------------------------------------------------------------------
\27\ Generally speaking, we consider ``statistical
significance'' to be an interpretation of statistical data
indicating that an occurrence was likely the result of a causative
factor and not simply a chance result. With observations of a
statistically significant number of accredited auditors/
certification bodies, recognized accreditation bodies will be able
to exert an appropriate degree of oversight of its accredited
auditors/certification bodies, using the data to help determine
whether its accreditation program and activities are functioning
appropriately.
---------------------------------------------------------------------------
Proposed Sec. 1.620(b) requires a recognized accreditation body to
impose three conditions on any accreditation under this program as
follows:
The third-party auditor/certification body must comply
with the audit reporting requirements contained in proposed Sec.
1.656, which is drawn from section 808(c)(3) of the FD&C Act (which
makes it a condition of accreditation to prepare consultative audit
reports within 45 days after conducting an audit and, for regulatory
audits, to submit an audit report within 45 days after conducting an
audit).
The third-party auditor/certification body must agree to
submit electronic certifications to FDA, where appropriate based on the
results of a regulatory audit. Under section 808(c)(2)(A) of the FD&C
Act, we have tentatively concluded that submission of electronic
certification (as opposed to paper certification) is appropriate for
the following reasons:
[cir] It would be too time-consuming and resource intensive to
review paper-based facility certifications and might result delays that
would frustrate the purpose of the VQIP program for expedited review
and entry of products; and
[cir] Requiring submission and manual review of paper food and
facility certifications would undermine to our efforts to use robust,
integrated databases to replace manual review, analysis, and reporting
of data.
A third-party auditor/certification body would have to
comply with the requirement in section 808(c)(4)(A) of the FD&C Act to
notify us immediately upon discovering, during a food safety audit, a
condition that could cause or contribute to a serious risk to the
public health, as a condition of its accreditation. Having timely
notification of such risks directly affects our ability to respond
rapidly to protect the public health. We believe this notification
[[Page 45799]]
requirement is of such a critical nature that, we are proposing to
require compliance as a condition of accreditation. We seek comment on
our tentative conclusion to require compliance with section
808(c)(4)(A) of the FD&C Act a condition of accreditation.
Proposed Sec. 1.620(c) requires recognized accreditation bodies to
maintain records relating to its accreditation activities under the
program. These include records on any denial of accreditation and on
any withdrawal, suspension, or decision to reduce the scope of an
accreditation for cause.\28\ Such records must include the name and
contact information for such certification body, the scope of
accreditation denied, withdrawn, suspended, or reduced, and the basis
for the action. Having access to records on denials of accreditation
and actions taken due to nonconformities will help us in assessing the
performance of the recognized accreditation body and also will allow us
to determine whether poorly performing third-party auditors/
certification bodies are attempting to ``shop'' for favorable
accreditation decisions elsewhere. Both are important for our oversight
of the program.
---------------------------------------------------------------------------
\28\ Denial, withdrawal, suspension, and reduction in scope of
accreditation differ from voluntary relinquishment of accreditation
under proposed Sec. 1.665, which is an action taken on the
initiative of the auditor/certification body and is not based on a
finding of nonconformity by its accreditation body.
---------------------------------------------------------------------------
In proposed Sec. 1.620(d), we require recognized accreditation
bodies to have written procedures in place to consider appeals from
third-party auditors/certification bodies to adverse accreditation
decisions. The written procedures must offer protections similar to
those afforded by FDA under proposed Sec. Sec. 1.692 and 1.693 and
include requirements to make the appeals procedures publicly available,
have the appeal investigated and decided upon by people different than
those involved in the subject matter of the appeal, notify the auditor/
certification body of the final decision on the appeal, and maintain
records on the appeal, the final decision, and the basis for the
decision. This provision is analogous to clause 7.10.2 of ISO/IEC
17011:2004 (Ref. 18), which requires accreditation bodies to establish
similar procedures for handling appeals by auditors/certification
bodies. We emphasize that we are not proposing to review a decision by
a recognized accreditation body to deny, withdraw, suspend, or reduce
an accreditation, nor do we propose to consider appeals from third-
party auditors/certification bodies to such actions by recognized
accreditation bodies. We have considered the language of section 808 of
the FD&C Act and tentatively concluded that it does not require us to
review such decisions. We believe our proposal is appropriate and
consistent with international standards that identify these as matters
between the recognized accreditation body and the third-party auditor/
certification body affected by the decision. Comments suggesting
alternatives should provide the following: (1) A detailed legal
rationale for us to review and decide on a challenge to an
accreditation decision of a recognized accreditation body, including
the authority to compel a recognized accreditation body to grant an
accreditation and to conduct the ongoing monitoring of the auditor/
certification body required under this FDA program; (2) a description
of the procedures FDA should follow, including whether to compile an
administrative record based on documents from the accreditation body
and the third-party auditor/certification body, whether to accept new
evidence or conduct its own investigation, and whether to conduct a
public hearing; and (3) a prioritization of FDA's program activities as
between, for example, monitoring the performance of accredited
auditors/certification bodies under section 808(f) of the FD&C Act and
determining whether a recognized accreditation body correctly denied an
application for accreditation.
b. How must a recognized accreditation body monitor the performance
of auditors/certification bodies it accredits? (Proposed Sec. 1.621).
This proposed rule describes the type and frequency of monitoring a
recognized accreditation body would have to perform for third-party
auditors/certification bodies it accredits under our program.
Proposed Sec. 1.621 requires a recognized accreditation body to
annually evaluate each of its accredited auditors/certification bodies
to determine whether it is complying with the applicable provisions of
this rule. For each such auditor/certification body, the accreditation
body must review its self-assessments (including information on
compliance with the conflict of interest requirements under Sec.
1.657); its regulatory audit reports and notifications to FDA (and
supporting documents for each), and any other information reasonably
available to the accreditation body regarding the compliance history of
eligible entities the accredited auditor/certification body certified
or that would otherwise be relevant in determining its compliance with
this rule.
The monitoring requirements we propose are consistent with section
808(f)(2) of the FD&C Act, which requires us to evaluate each
accredited auditor/certification body by reviewing its regulatory audit
reports and the compliance history (as available) of eligible entities
it certified, and to take any other necessary measures. We believe
these elements are equally important for recognized accreditation
bodies to use when monitoring accredited auditors/certification bodies
under our program. We believe that the conflict of interest disclosures
and public health notifications are of such importance to the
reliability and credibility of the program that recognized
accreditation bodies should review them as well. To provide flexibility
to a recognized accreditation body that is aware of additional
information relevant to its evaluation, and consistent with the last
clause in section 808(f)(2) of the FD&C Act, we propose to allow the
accreditation body to rely on other information relevant to its
evaluation. We note that accreditation bodies need only consider
information that is ``reasonably available'' to them. We do not expect
an accreditation body to launch an investigation of each auditor/
certification body it accredited, absent cause; however, we expect that
accreditation bodies will actively monitor for public information about
their accredited auditors/certification bodies and will not ignore
public information about problems associated with one or more of this
accredited auditors/certification bodies.
ISO/IEC 17011:2004, clause 7.11.3 (Ref. 18) requires accreditation
bodies to plan for reassessment and surveillance of each accredited
auditor/certification body at frequencies between 1 and 5 years,
depending on the nature of reassessment and surveillance performed. In
general, clause 7.11.3 requires these monitoring activities to occur
every 2 years.
We have tentatively concluded that the assessments under proposed
Sec. 1.621 should be performed on an annual basis because formal
reviews at that frequency, throughout the duration of an accreditation,
will help the accreditation body determine whether the auditor/
certification body continues to meet the applicable program
requirements and the conditions of its accreditation. Not only will
these assessments help ensure that accredited auditors/certification
bodies individually comply with our requirements, but also can be used
by
[[Page 45800]]
the recognized accreditation body to identify trends and any
deficiencies in its own performance or program.
We seek comment on our proposal and on whether the information we
describe in Sec. 1.621 will provide an appropriate basis for
recognized accreditation bodies to use in evaluating auditors/
certification bodies they accredited. Should we require recognized
accreditation bodies to conduct witness audits or visits to the
headquarters of each auditor/certification body it accredits under the
program, or a subset thereof? For comments recommending other methods
of performance assessment, we are interested in information on the
potential costs and benefits associated with these alternatives.
c. How must a recognized accreditation body monitor its own
performance? (Proposed Sec. 1.622). This proposed rule would require
recognized accreditation bodies conduct self-assessments on an annual
basis and as required under proposed Sec. 1.664(g) (following FDA
withdrawal of accreditation of a third-party auditor/certification body
it accredited).
Proposed Sec. 1.622(a) requires a recognized accreditation body to
evaluate the performance of its officers, employees, and other agents;
compliance with applicable conflict of interest requirements; and any
other aspects FDA requests, to determine whether the accreditation body
meets our program requirements. Proposed Sec. 1.622(b) requires a
recognized accreditation body to observe onsite regulatory audits
conducted by a statistically significant number of its accredited
auditors/certification bodies.\29\
---------------------------------------------------------------------------
\29\ As described in footnote 26, we generally interpret
statistically significant numbers as those indicating that an
occurrence was likely the result of a causative factor and not a
chance result.
---------------------------------------------------------------------------
Based on these assessments, proposed Sec. 1.622(c) requires
recognized accreditation bodies implement corrective actions to address
any area needing improvement that was identified through its self-
assessment. The requirements in proposed Sec. 1.622(a), (b), and (c)
build on proposed Sec. 1.614, which requires accreditation bodies to
have quality assurance programs to qualify for recognition.
Proposed Sec. 1.622(d) requires the accreditation body to prepare
a written report of the findings of its self-assessment, including: (1)
A statement disclosing the extent to which the accreditation body, and
its officers, employees, and other agents, complied with the conflict
of interest requirements in Sec. 1.624 and other applicable
requirements; and (2) identifying any corrective actions taken to
address identified deficiencies. The timelines for a recognized
accreditation body to submit its self-assessment reports to FDA appear
in proposed Sec. 1.623(b).
ISO/IEC 17011: 2004, clause 6.3.1 (Ref. 18) requires accreditation
bodies to establish procedures for monitoring the performance of its
personnel. Clauses 5.5 and 5.6 require accreditation bodies to
establish procedures to identify nonconformities in its operations and
any opportunities for improvement and to record the results of any
corrective or preventive actions taken.
d. What reports and notifications must a recognized accreditation
body submit to FDA? (Proposed Sec. 1.623). This proposed rule would
require recognized accreditation bodies to submit to FDA reports of its
self-assessments and monitoring, as well as notice of matters affecting
recognition and accreditation status. The reports and notifications
described in proposed Sec. 1.623 would have to be submitted
electronically and in English.
Here and other places in this proposed rule, we suggest that any
information for FDA be submitted in English. For applications or
requests to FDA, we also propose to require that any translation or
interpretation services necessary for us to process the application or
request be made available by the submitter. We invite comment on our
proposal to require submissions in English and to require translation
or interpretation services as necessary. For comments in opposition, we
seek input on how FDA might address translation and interpretation
issues in a manner that is not overly burdensome or infeasible for the
Agency and for submitters. How can FDA mitigate indirect effects on
others submitting applications or requests? For example, is there a
limit on the amount of time or resources FDA should spend translating
and processing an application submitted in a foreign language? Are
there other factors we should consider in deciding whether to require
submissions in English and translation and interpretation services
where necessary?
Proposed Sec. 1.623(a) requires recognized accreditation bodies to
submit reports of their annual assessments of accredited auditors/
certification bodies under proposed Sec. 1.621 within 45 days of
completion of the assessment. The report must include updated lists of
any audit agents used by such auditors/certification bodies. We believe
that the results of such assessments will help us evaluate the
performance of recognized accreditation bodies in reassessing their
accredited auditors/certification bodies. The results also will help us
perform our own monitoring of each accredited auditor/certification
body. For example, having data about trends in performance deficiencies
that the recognized accreditation body identified in its assessments,
and the corrective actions that were implemented to address such
deficiencies, gives us useful information on the accredited auditor/
certification body and offers insight into how the recognized
accreditation body oversees its accredited auditors/certification
bodies.
Proposed Sec. 1.623(b) requires recognized accreditation bodies to
submit reports of their self-assessments under proposed Sec. 1.622.
These too will be useful to us in overseeing the recognized
accreditation bodies. Annual self-assessments would have to be
submitted within 45 days after completing the self-assessment. In
establishing this timeframe, we considered the statutory requirement
that accredited auditors/certification bodies submit reports of
regulatory audits within 45 days after completing the audit. We
tentatively concluded that the reports of formal assessments under
Sec. 1.621 and self-assessments under Sec. 1.622, though different in
nature from regulatory audits, are similarly important to our ability
to ensure the rigor and credibility of the accredited third-party
audits and certification program and thus should be submitted to us
under a similar deadline.
Additionally, proposed Sec. 1.623(b) provides that reports from
self-assessments required by proposed Sec. 1.664(g)(1) (following
withdrawal of accreditation of a third-party auditor/certification
body) would have to be submitted to FDA within 2 months after the date
of withdrawal.
Proposed Sec. 1.623(c) requires recognized accreditation bodies to
immediately notify us when they grant accreditation to an auditor/
certification body or when they withdraw, suspend, or reduce the scope
of an accreditation under our program. Immediate notice is essential so
that we can take timely action to begin to accept certifications from
newly accredited auditors/certification bodies and to refuse to accept
certifications from auditors/certification bodies no longer authorized
to issue them. For each such notification, an accreditation body must
provide contact information for the auditor/certification body, the
name(s) of one or more of its officers, and the scope of accreditation.
For withdrawal,
[[Page 45801]]
suspension, or reduction in scope, the recognized accreditation body
must specify the basis for the decision and must update any other
previously submitted information about the auditor/certification body.
A recognized accreditation body also must immediately notify us if it
has determined that an accredited auditor/certification body failed to
comply with the requirements for issuance of a food or facility
certification under Sec. 1.653 and must include the basis for the
determination and update any other information previously submitted
about the auditor/certification body. Each type of notification must be
made electronically and in English.
This information is essential to our oversight and management of
the accredited third-party audits and certification program and the
programs that rely on certifications issued by accredited third-party
auditors/certification bodies. For example, section 808(c)(6)(A)(ii) of
the FD&C Act requires us to withdraw accreditation from a certification
body if we determine that the certification body no longer meets the
requirements for accreditation. Having information on the reason(s) for
withdrawal, suspension, or reduction in scope of an accreditation will
help us in determining whether and how to conduct such evaluation.
(Concerns regarding the performance of an accredited auditor/
certification body are of a different nature than, for example,
suspension of accreditation for failure to make timely fee payments.)
Without information on the reason an accreditation was withdrawn,
suspended, or reduced, we believe we will need to automatically
consider withdrawal of accreditation whenever an accreditation is
withdrawn, suspended, or reduced.
We request comment on our tentative conclusion that our oversight
of the program will be enhanced by timely notice of accreditations,
withdrawals, suspensions, and reductions in scope of accreditation by a
recognized accreditation body, and of violations of proposed Sec.
1.653.
In proposed Sec. 1.623(d)(1), we require a recognized
accreditation body to notify us within 30 days after denying
accreditation to an auditor/certification body (in whole or in part)
and including the basis for such denial. Proposed Sec. 1.623(d)(1) is
based on the requirement in proposed Sec. 1.620(c), which requires
recognized accreditation bodies to maintain records on any denial of
accreditation under this program. We are not proposing to prohibit
accreditation of an auditor/certification body previously denied
accreditation, if the auditor/certification body is subject to a
separate, full assessment and found to have adequately addressed the
problems that led to the denial.
Proposed Sec. 1.623(d)(2) requires recognized accreditation bodies
to notify FDA within 30 days after making any significant change that
would affect the manner in which it complies with the recognition
requirements in Sec. Sec. 1.610 to 1.625 and include an explanation
for the purpose of the change. For example, the merger of two
accreditation bodies, or the contracting out of assessment services at
an accreditation body that previously employed in-house assessors,
would be the types of changes that should be notified to us. The intent
of this proposed requirement is to help ensure that we obtain timely
notice of any changes that could affect the basis upon which we
recognized the accreditation body. We are not seeking prior notice, nor
are we suggesting that we have a role in approving or denying such
change. We are, however, required by section 808(b)(1)(C) of the FD&C
Act to revoke recognition of any accreditation body found not to be in
compliance with section 808 of the FD&C Act. A significant change that
prevents or undermines the accreditation body's compliance with this
rule may result in revocation of recognition under proposed Sec.
1.636.
e. How must a recognized accreditation body protect against
conflicts of interest? (Proposed Sec. 1.624). This proposed rule would
require a recognized accreditation body to take certain steps to
safeguard against conflicts of interest, including the requirement to
implement a written conflict of interest program.
Section 808 of the FD&C Act requires us to establish the accredited
third-party audits and certification program through, in large part,
recognition of accreditation bodies to themselves accredit third-party
auditors/certification bodies. Various stakeholders have expressed
concern about possible conflicts of interest between the accreditation
bodies and the third-party auditors/certification bodies seeking to
participate in the program we implement. We believe that the
credibility of the program will rest, in part, on whether we establish
effective measures to protect against conflicts of interest among the
program participants.
We considered ISO/IEC 17011:2004 (Ref. 18), which requires that all
accreditation body personnel and committees that could influence the
accreditation act objectively and be free from any undue commercial,
financial, and other pressures that could compromise impartiality.
We believe that, in keeping with the purpose of section 808 of the
FD&C Act, recognized accreditation bodies should be held to conflict of
interest provisions of similar rigor to those placed on accredited
third-party auditors/certification bodies under section 808(c)(5) of
the FD&C Act and this proposed rule. Failure to have documented
safeguards against conflicts of interest between a recognized
accreditation body and the third-party auditor/certification body
seeking its accreditation could undermine the system at its foundation
by introducing the possibility of bias into the system. We believe that
nothing short of rigorous safeguards will offer the transparency and
credibility we believe necessary for our oversight of, and consumer
confidence in, this accredited third-party audits and certification
program.
Proposed Sec. 1.624(a)(1) addresses conflicts involving ownership,
management, or control of, or financial interests in, an auditor/
certification body (including its officers, personnel, or other agents)
or any affiliate, parent, or subsidiary of the auditor/certification
body. We believe proposed Sec. 1.624(a)(1) aligns with the requirement
in section 808(c)(5)(A)(i) of the FD&C Act, which prevents an
accredited third-party certification body from being owned, managed, or
controlled by any person that owns or operates an eligible entity to be
certified by such certification body. It also aligns with the
requirement, in section 808(c)(5)(B)(i) of the FD&C Act, that an audit
agent of an accredited third-party certification body not own or
operate an eligible entity to be audited by such agent.
Proposed Sec. 1.624(a)(2) prohibits officers, employees, or other
agents of a recognized accreditation body from accepting any monies,
gifts, gratuities, or items of value other than the payment of fees for
accreditation services, reimbursement of direct costs associated with
accreditation, and onsite meals, of a de minimis value, provided during
an audit or assessment. We believe this is consistent with the
requirements in section 808(c)(5)(A)(ii) and (c)(5)(B)(ii) of the FD&C
Act, which requires an accredited auditor/certification body and its
audit agents to have procedures to safeguard against financial
conflicts of interest between any officer, employee, or audit agent and
any eligible entity to be audited or certified.
We have tentatively concluded that onsite meals of a de minimis
nature are not gifts, gratuities, or items of value
[[Page 45802]]
likely to influence the outcome of an audit or assessment, nor do we
think they are likely to undermine the credibility of the program.
Onsite meals may help expedite audits and assessments, because the
accreditation body's assessors would not have to leave the premises for
meals. We seek comment on whether to define de minimis value according
to the limits established for U.S. Government employees for accepting
gifts or gratuities.
Proposed Sec. 1.624(b) imputes the financial interests of
immediate family members to an officer, employee, or other agent of a
recognized accreditation body. This proposed requirement is based on
the approach we recommended in the 2009 Guidance with respect to
conflicts of accredited certification bodies (Ref. 5). We believe that
imposing a similar requirement on the immediate family of the officers,
employees, or other agents of a recognized accreditation body will help
to ensure the credibility of the accredited third-party audits and
certification program at every level.
Proposed Sec. 1.624(c) requires transparency in the payment of
fees or reimbursement of direct costs by an accredited auditor/
certification body to a recognized accreditation body. We have
considered the types of disclosures that are necessary to help ensure
the credibility of the program (and are consistent with existing
disclosure laws). We recognize the amount or manner of payment by a
third-party auditor/certification body for accreditation services may
give rise to questions about whether the payment might affect the
outcome of the accreditation process. Where, for example, a third-party
auditor/certification body makes multiple payments to an accreditation
body or makes payments under a different schedule than the
accreditation body's usual practice, this may spur questions about
whether those payments are linked to a favorable outcome for the third-
party auditor/certification body.
We have tentatively concluded that, to maintain confidence in the
program through transparency, recognized accreditation bodies disclose
the timing of payments and reimbursement they receive from auditors/
certification bodies, to the extent that such disclosures are
consistent with existing law. While we do not believe that information
on timing of payment of fees would be protected from disclosure under
existing disclosure laws, we seek comment on this matter.
Proposed Sec. 1.624(c) also requires recognized accreditation
bodies to maintain on their Web sites an up-to-date list of each
auditor/certification body accredited under this program, including the
scope and duration of such each accreditation and date(s) on which the
auditor/certification body paid any fee or reimbursement associated
with such accreditation. Information on the timing of payments to
recognized accreditation bodies for accreditation services is useful
because it allows for analysis of such data in the aggregate. Unusual
patterns in payments by one or more auditors/certification bodies may
trigger a closer evaluation by us to determine whether the independence
and objectivity of the recognized accreditation body may have been
compromised by such payments. Requiring the recognized accreditation
body to make information on the timing of payments available on its Web
site creates transparency, thereby lending to the credibility of the
program.
We seek comment on the tentative conclusions identified here,
namely that we should require recognized accreditation bodies to: (1)
Have a written program to safeguard against conflicts of interest; (2)
include the interest of any affiliate, parent, or subsidiary of a
third-party auditor/certification body within the scope of interests
covered by the accreditation body's conflict of interest program; (3)
impute the interests of immediate family members of an officer,
employee, or other agent to such officer, employee, or other agent; and
(4) maintain on its Web site a list of its accredited auditors/
certification bodies, including duration and scope of each such
accreditation, and information about the timing of payments by each
such auditor/certification body. For interested parties recommending
alternative approaches regarding public disclosure of payments, we
request that such comments be accompanied by any examples or other
information to describe or support the recommended approaches.
We also seek comment on whether there are conflicts other than
financial interests of recognized accreditation bodies that should be
addressed in these regulations. For any comment recommending that we
address other types of conflicts, we are seeking recommended measures
to address such conflicts, any documents or references that are
available to support the recommendation, and input on whether similar
measures should apply to accredited auditors/certification bodies under
this program.
f. What records requirements must a recognized accreditation body
meet? (Proposed Sec. 1.625). This proposed rule identifies specific
types of documents a recognized accreditation body would be required to
establish, control, and maintain to document compliance with applicable
requirements. The recognized accreditation body also would be required
to provide FDA access to such records.
The records required by proposed Sec. 1.625 include documents and
data relating to the following: (1) Applications for accreditation and
for renewal; (2) decisions to grant, deny, or suspend accreditation, or
to reduce the scope of an accreditation; (3) challenges to adverse
accreditation decisions; (4) monitoring of accredited auditors/
certification bodies; (5) the accreditation body's self-assessments and
corrective actions (which includes information on compliance with
conflict of interest requirements under proposed Sec. 1.624); (6)
significant changes to the accreditation program that might affect
compliance with this rule; (7) regulatory audit reports and supporting
information from its accredited auditors/certification bodies; and (8)
any other reports or notifications submitted under Sec. 1.623.
Proposed Sec. 1.625 requires such records to be maintained,
electronically and in English, for a period of 5 years. Requiring
recognized accreditation bodies to maintain records in English is
necessary to allow FDA to conduct timely and rigorous oversight of the
accreditation bodies the Agency recognizes. We believe these are the
types of records that accreditation bodies currently maintain and that
such records are routinely maintained by accreditation bodies for a
minimum of 5 years. In addition, by requiring recognized accreditation
bodies to maintain their records for at least 5 years, it will help us
ensure that we have an adequate basis for monitoring its performance
and determining whether to renew recognition, which may be granted for
a period of up to 5 years.
Proposed Sec. 1.625(b) requires a recognized accreditation body to
make such records available to us for inspection and copying upon the
written request of an authorized FDA representative or, if requested by
us electronically, to submit them electronically, in English, no later
than 10 business days after the date of the request. Proposed Sec.
1.625(c) prohibits a recognized accreditation body from preventing or
interfering with our access to its accredited auditors/certification
bodies and the records of the auditors/certification bodies.
We have tentatively concluded that the records identified and the
records
[[Page 45803]]
maintenance and access requirements in proposed Sec. 1.625 are
necessary for us to adequately monitor recognized accreditation bodies,
as directed by section 808(f) of the FD&C Act. We understand that
accreditation bodies frequently include confidentiality provisions in
standard contracts with third-party auditors/certification bodies. Many
of those contract provisions may, in the past, have prevented
disclosure of these records to us. If so, the requirements of proposed
Sec. 1.625, would require revisions to such contracts (and perhaps
other documents) establishing and limiting the scope of an
accreditation body's authority to grant us records access. We believe
that such access is necessary for us to conduct the monitoring required
by section 808(f) of the FD&C Act and to otherwise exercise adequate
oversight of the accredited third-party audits and certification
program. We seek comment on this tentative conclusion and on the
specific requirements we propose in this section.
4. Procedures for Recognition of Accreditation Bodies
Table 4--Proposed Procedures for Accreditation Bodies
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
1.630.................. How do I apply to FDA for recognition or
renewal of recognition?
1.631.................. How will FDA review applications for
recognition and for renewal of recognition?
1.632.................. What is the duration of recognition?
1.633.................. How will FDA monitor recognized accreditation
bodies?
1.634.................. When will FDA revoke recognition?
1.635.................. How do I voluntarily relinquish recognition?
1.636.................. How do I request reinstatement of recognition?
------------------------------------------------------------------------
a. How do I apply to FDA for recognition or renewal of recognition?
(Proposed Sec. 1.630). This proposed rule would establish procedures
for accreditation bodies to follow when applying to FDA for recognition
or for renewal of recognition. Under proposed Sec. 1.630(a) (initial
application) and Sec. 1.630(b) (renewal), the applicant must
demonstrate that it meets the eligibility requirements for recognition
in proposed Sec. 1.610. Applications for recognition and for renewal
are subject to the same requirements for the form and manner of
submission under proposed Sec. 1.630(c) and (d). The accreditation
body must submit a signed application, accompanied by any supporting
documents, electronically and in English. We also propose to require an
applicant to provide any translation or interpretation services we need
to process the application. This may include providing translators or
interpreters for FDA staff conducting onsite audits or assessments of
the applicant.
We tentatively conclude that the application procedures in proposed
Sec. 1.630 are reasonable requirements for accreditation bodies to
meet. We believe that an accreditation body having the competency and
capacity to qualify for recognition under the criteria in proposed
Sec. 1.610 would be similarly capable of meeting the application
requirements in proposed Sec. 1.630. Requirements for electronic,
English language communications are necessary for us to make well-
informed and timely decisions on applications and to conduct
appropriate oversight of accreditation bodies, once recognized. We seek
comment on these conclusions and the proposed requirements of Sec.
1.630.
b. How will FDA review applications for recognition and for renewal
of recognition? (Proposed Sec. 1.631). This proposed rule would
establish the procedures we will follow in reviewing and deciding on
applications for recognition and for renewal of recognition. Under
proposed Sec. 1.631(a), we will create an application queue, organized
by the date on which each such application submission is complete. In
the interest of fairness, we are proposing to order the queue on a
first in, first out basis. We will inform applicants of deficiencies in
application documentation. To encourage applicants to supply any
missing information promptly, we will not place an application in the
queue until it is complete. Allowing incomplete applications in the
queue might block applications that are ready for review, but were
submitted later in time.
We will inform an applicant once its application has been placed in
the queue. We will review each recognition or renewal application to
determine whether the applicant meets the eligibility requirements of
proposed Sec. 1.630(a) and (b). We anticipate that initial
applications for recognition will require lengthier review times than
renewal applications will. We will communicate anticipated processing
periods to applicants. We are not, however, proposing to include
specific timeframes for review, for the following reasons: (1) It is
difficult to project the amount of resources that will be available for
application review, as the program is authorized to be funded by user
fees under section 808(c)(8) of the FD&C Act; and (2) we expect to
become more efficient in processing applications as we gain experience
but currently lack data to reasonably estimate the effect of efficiency
gains on review times.
Proposed Sec. 1.631(b), (c), and (d) describe the basis on which
we will decide whether to approve a recognition or renewal application
and explains that we will notify the applicant of our decision in
writing. We may send the notice electronically.
If we approve an application, the notice will include any
conditions we may impose on the recognition. (For example, we may
adjust the date that an accreditation body's annual self-assessment
would be due, if the anniversary date of its recognition would
otherwise require the self-assessment to be submitted on a weekend.) If
we deny a recognition or renewal application, we will explain the
reason for our denial and will give the address and procedures for
requesting that we reconsider.
Proposed Sec. 1.631(e) applies only to applications for renewal of
recognition and allows us to extend the length of an existing
recognition to complete our review of the renewal application. We can
extend the recognition until a specific date or may extend the
recognition for as long as necessary for us to decide on the
application.
c. What is the duration of recognition? (Proposed Sec. 1.632).
This proposed rule would allow us to grant recognition to an
accreditation body for up to 5 years, though we will determine the
length of recognition on a case-by-case basis.
In deciding that 5 years is the maximum appropriate length of
recognition, we considered approaches
[[Page 45804]]
taken in other government programs. Another DHHS operating division,
the Substance Abuse and Mental Health Services Administration (SAMHSA),
approves accreditation bodies to accredit programs that use opioid
agonist treatment medications. SAMHSA may approve an accreditation body
for a period not to exceed 5 years (42 CFR 8.3). Under the FDA
mammography program, we may approve accreditation bodies for terms of
up to 7 years (21 CFR 900.3(g)).
We are proposing to recognize accreditation bodies for a period of
up to 5 years, based in part on these examples. We do not expect to
grant every recognition at the maximum duration. We believe that
shorter terms of recognition may be appropriate in the early years of
the program or for accreditation bodies with fewer years of experience
accrediting auditors/certification bodies for food safety auditing and
certification. As we gain experience with the program, we may revisit
this matter.
We seek comment on proposed Sec. 1.632 and the factors we
considered in developing it. We do not claim to have compiled an
exhaustive list of government programs for approving accreditation
bodies and are interested in comments offering other examples that are
relevant to the type of program we are establishing. To the extent that
an alternative term of recognition is suggested, we seek any
information that can be provided in support of such alternative.
d. How will FDA monitor recognized accreditation bodies? (Proposed
Sec. 1.633). This proposed rule would establish the frequency and
manner for our formal evaluations of recognized accreditation bodies.
Proposed Sec. 1.633 builds on the self-assessment requirements of
proposed Sec. 1.622, which are submitted to us under proposed Sec.
1.623. Section 808(f)(1) of the FD&C Act requires us to reevaluate a
recognized accreditation body at least once every 4 years to determine
its compliance with applicable FDA requirements.
Proposed Sec. 1.633(a) describes the timeframes in which we will
conduct reevaluations: At least 4 years after the date of accreditation
for an accreditation body recognized for a 5-year term, and the mid-
term point for recognitions granted for less than 5 years. These
represent the maximum times that may elapse before we conduct a formal
reevaluation of a recognized accreditation body. We lack data to set a
more definitive schedule for reevaluations but may be able to do so as
we gain experience under the program. Proposed Sec. 1.633(a) explains
that we may perform additional performance evaluations of recognized
accreditation bodies at any time.
Proposed Sec. 1.633(b) describes the types of information we may
gather as part of a performance evaluation. Section 808(f)(3) of the
FD&C Act gives us authority to conduct onsite audits of eligible
entities that have been issued certification by an accredited auditor/
certification body at any time, with or without the accredited auditor/
certification body present, and section 808(f)(4) gives us authority to
take any other measures we deem necessary. Proposed Sec. 1.633(b)
explains that we may conduct onsite audits of eligible entities
certified by the accreditation body's accredited auditors/certification
bodies, as indicators of the effectiveness of the recognized
accreditation body's performance, including its assessments and
decisionmaking. These assessments and audits may be conducted at any
time, with or without the accredited auditor/certification body
present. We believe it is necessary for us to have the option to
conduct onsite audits of certified eligible entities outside the
presence of a recognized accreditation body with an interest in the
outcome of FDA's evaluation. Therefore, proposed Sec. 1.633(b) allows
us to conduct onsite assessments of accredited auditors/certification
bodies at any time, with or without the recognized accreditation body
present. We believe that such spot checks are useful in testing the
program and ensuring compliance, which is the purpose of section 808(f)
of the FD&C Act.
e. When will FDA revoke recognition? (Proposed Sec. 1.634). This
proposed rule would establish the criteria and procedures for
revocation of recognition of an accreditation body. It also describes
the effects (if any) of revocation on accreditations and certifications
occurring prior to the revocation. Section 808(b)(1)(C) of the FD&C Act
requires us to revoke the recognition of an accreditation body for
failure to comply with section 808 of the FD&C Act and the implementing
regulations in this subpart.
Proposed Sec. 1.634 describes several circumstances that we
believe each warrant revocation of recognition:
Under proposed Sec. 1.634(a)(1), we will revoke recognition of any
accreditation body that refuses to grant us access to records or to
conduct audits, assessments, or investigations necessary to ensure the
recognized accreditation body's continued compliance. Denial of access
to perform our oversight functions would prevent us from meeting our
statutory responsibilities for monitoring recognized accreditation
bodies under section 808(f)(1) of the FD&C Act.
We will revoke recognition under proposed Sec. 1.634(a)(2)(i) for
failure to take timely and necessary corrective action after we
withdraw accreditation of one of its accredited auditors/certification
bodies for unjustifiably certifying a facility or food that was linked
to an outbreak with a reasonable probability of causing serious adverse
health consequences or death in humans or animals. When we withdraw the
accreditation of an auditor/certification body, we believe its
accreditor should promptly conduct an internal review to identify
whether any problems in its accreditation program or performance may
have caused or contributed to the circumstances leading to withdrawal
and to effectively address any problems found. For example, we expect
such an accreditation body to review its monitoring program to
determine whether it should conduct more frequent onsite assessments of
the auditors/certification bodies it accredited under our program.
We also will revoke recognition under proposed Sec.
1.634(a)(2)(ii) for failure to take timely and necessary corrective
action when the results of the accreditation body's self-assessment or
the self-assessments or monitoring of one or more of its accredited
auditors/certification bodies identify a significant problem with the
accreditation body's performance. This provision focuses on significant
problems the accreditation body knew or should have known it needed to
address through prompt and effective corrective actions. For example,
we believe it appropriate to revoke the recognition of an accreditation
body that ignores obvious, significant problems in its performance yet
chooses to take no corrective action to address the problems.
In addition, we will revoke recognition under proposed Sec.
1.634(a)(2)(iii) when a recognized accreditation body fails to promptly
implement corrective actions we direct to bring the accreditation body
into compliance. This provision is based on the requirement of section
808(b)(1)(C) of the FD&C Act to promptly revoke the recognition of an
accreditation body found not to be in compliance with section 808 of
the FD&C Act.
Proposed Sec. 1.634(a)(3) allows us to revoke recognition when we
determine that a recognized accreditation body has committed fraud or
submitted material false statements to us. Fraud and falsehood
undermine the credibility of the program and our ability to rely on
[[Page 45805]]
the certifications issued by auditors/certification bodies it
accredited.
Proposed Sec. 1.634(a)(4) describes circumstances that we believe
warrant revocation but do not fit into the categories in proposed Sec.
1.634(a)(1), (a)(2), and (a)(3), such as a lack of objectivity
(demonstrated bias) in its activities or failure to adequately support
one or more of its accreditation decisions. There may be unforeseen
circumstances that we determine provide good cause for revocation of
recognition for failure to comply with applicable requirements.
Proposed Sec. 1.634(a)(4) gives accreditation bodies notice of our
intention to revoke recognition where we find good cause.
Proposed Sec. 1.634(b) specifies that we may request records from
the accreditation body or one or more of its accredited auditors/
certification bodies to assist us in deciding whether to revoke
recognition.
Proposed Sec. 1.634(c)(1) establishes the procedures for us to
notify the accreditation body of revocation of recognition and its
opportunity to challenge the revocation in an informal hearing
conducted under part 16 of our regulations. Part 16 hearings are used
for, among other things, approval, reapproval, or withdrawal of
approval of mammography accreditation bodies under 21 CFR 900.7. We
believe part 16 hearings provide adequate process for accreditation
bodies subject to revocation of recognition under this proposed rule.
The notice of revocation also will identify the procedures for
requesting reinstatement of recognition under proposed Sec.
1.634(c)(1). Regardless of whether the accreditation body challenges
its revocation or seeks reinstatement, under proposed Sec.
1.634(c)(2), it must notify us of the location where the records
required by proposed Sec. 1.625 will be maintained.
Proposed Sec. 1.634(d) addresses the possible effects of
revocation of recognition on an auditor/certification body accredited
prior to the revocation. Under proposed Sec. 1.634(d)(1), FDA would
notify any auditor/certification body accredited by an accreditation
body whose recognition was revoked. The auditor's/certification body's
accreditation will remain in effect provided that it conducts a self-
assessment under proposed Sec. 1.655 and reports its results to FDA
within 2 months of the revocation under proposed Sec. 1.656(b). We
believe the accredited auditor/certification body that complies with
these requirements should not face adverse consequences when its
accreditation body fails to meet its obligations as a recognized
accreditation body. Requiring the accredited auditor/certification body
to verify that it is in compliance with the applicable requirements
through self-assessment and reporting would help provide confidence
that the auditor's/certification body's program is under control during
the time it is transitioning from one accreditation body to another.
The auditor/certification body would have 1 year after the revocation
of its accreditation body's recognition to become reaccredited, under
proposed Sec. 1.634(d)(1)(ii). We believe this gives the auditor/
certification body sufficient time to find a new recognized
accreditation body and to go through its accreditation process, but
would not allow a prolonged period of auditing and certification
activity without the immediate oversight of an accrediting body.
Proposed Sec. 1.634(d)(2) explains that FDA may withdraw accreditation
of an auditor/certification body whenever FDA finds good cause under
proposed Sec. 1.664. Where an accredited auditor/certification body
fails to comply with the requirements of proposed Sec. 1.634(d)(1)(i)
or (d)(1)(ii), we may withdraw the accreditation for cause under
proposed Sec. 1.664. Our decision to withdraw accreditation will be
based on the circumstances associated with the auditor/certification
body. Revocation of the recognition of its accrediting body does not,
by itself, provide cause for withdrawal of the accreditation of an
auditor/certification body that is in compliance with this rule. If
evidence from a revocation proceeding reveals problems with the
auditor/certification body, then we may pursue withdrawal of
accreditation under proposed Sec. 1.664 based on evidence associated
with the auditor/certification body--not because of the revocation of
recognition of its accrediting body.
Under proposed Sec. 1.634(e), certifications issued by an auditor/
certification accredited by an accreditation body whose recognition is
subsequently revoked will remain in effect until the certifications
terminate by expiration. We believe that eligible entities should not
face adverse consequences solely because of the failure of an
accreditation body selected by its auditor/certification body. However,
we retain the authority, under section 801(q) of the FD&C Act, to
refuse to accept a food certification, offered for admissibility
purposes, if we reasonably believe the certification is not valid or
reliable. Revocation of the recognition of its accrediting body does
not, by itself, provide the basis for refusing a certification under
section 801(q) of the FD&C Act. We will look to circumstances bearing
on the issuance of a food certification to an eligible entity and
submission by an accredited auditor/certification body in determining
its validity or reliability. For example, if an investigation of fraud
by an accreditation body also reveals evidence of fraud by the eligible
entity or by the auditor/certification body, we may determine that the
food certification is not valid or reliable.
Proposed Sec. 1.634(f) explains that we will provide notice on our
public Web site when we revoke the recognition of an accreditation
body. We believe that public notice of matters such as revocation are
necessary to help ensure the credibility of the program.
We solicit comment on our tentative conclusions regarding possible
grounds for revocation, particularly revocation for cause. We seek
examples that commenters believe do or do not represent good cause for
revocation. We also solicit input on our proposal to use the informal
hearing procedures set out in part 16 for challenges to a revocation
decision.
f. How do I voluntarily relinquish recognition? (Proposed Sec.
1.635). This proposed rule would offer an accreditation body a
mechanism for voluntarily relinquishing its recognition before it
terminates by expiration. Relinquishment on the initiative of the
accreditation body is distinct from FDA revocation of recognition for
good cause.
Proposed Sec. 1.635 describes the procedures that an accreditation
body must follow when it intends to relinquish its recognition. Current
mammography regulations in 21 CFR 900.3 offer accreditation bodies the
opportunity to voluntarily relinquish their authority to grant
accreditation. We believe that accreditation bodies operating under our
accredited third-party audits and certification program should likewise
have the option to voluntarily relinquish their recognition. We are
proposing certain procedural requirements--similar to those in the
mammography regulations--that accreditation bodies must follow in
relinquishing recognition. We believe these procedures are necessary to
ensure an orderly transition for auditors/certification bodies
accredited by an accreditation body that is relinquishing its
recognition and for us to make necessary adjustments in the program,
such as preparing to review self-assessments from any auditor/
certification body accredited by such accreditation body. Proposed
Sec. 1.635(a) requires accreditation bodies to notify us at least 6
months before relinquishing recognition. The notifications must be
submitted electronically and in English.
[[Page 45806]]
It is essential that we have the ability to maintain adequate oversight
of the program, and particularly accredited auditors/certifications
bodies that will no longer be under the oversight of a recognized
accreditation body. Therefore, we are proposing to require an
accreditation body relinquishing its recognition to identify the
location where the records required by proposed Sec. 1.625 will be
maintained.
The decision to relinquish recognition is made solely by the
accreditation body, without FDA involvement. Therefore, in
relinquishing recognition under proposed Sec. 1.635(a), the
accreditation body would waive its rights to appeal, because there is
no FDA action to serve as the basis for appeal.
Proposed Sec. 1.635(b) requires the accreditation body to notify
any third-party auditor/accreditation body, currently accredited, of
the date on which it intends to relinquish recognition. An accredited
auditor/certification body needs timely notice of its accreditation
body's intent to relinquish recognition so that the auditor/
certification body can begin to seek accreditation from another
recognized accreditation body.
Proposed Sec. 1.635(c) explains that an accreditation granted by a
recognized accreditation body prior to relinquishing its recognition
will remain in effect until it expires, except where we determine there
is good cause for withdrawal under proposed Sec. 1.664. In general, we
believe an accredited auditor/certification body should not face
adverse consequences from its accreditation body's decision to withdraw
from our program and upon expiration of its accreditation would apply
for accreditation from a different accreditation body under proposed
Sec. 1.660. If however we determine that there are grounds for us to
withdraw the accreditation of the auditor/certification body, the
auditor/certification body would have to seek reaccreditation under
proposed Sec. 1.666.
Proposed Sec. 1.635(d) explains that an accreditation granted by
an accreditation body that voluntarily relinquished recognition will
not affect certifications issued by auditors/certification bodies
accredited prior to its voluntary relinquishment, except that we may
refuse to consider such certification in determining the admissibility
of an article of food under section 801(q) of the FD&C Act if we
determine the certification is not valid or reliable. Such
certifications generally will remain in effect until they terminate by
expiration. In considering the impact of relinquishment of recognition
on certifications, we were mindful that eligible entities would not
have input into the accreditation body's decision to relinquish
recognition and that voluntary relinquishment likely would have no
bearing on the performance of its accredited auditors/certification
bodies and the validity or reliability of certifications they issue.
Proposed Sec. 1.635(e) states that we will provide notice on our
public Web site of the voluntary relinquishment of recognition by an
accreditation body. To provide notice to program participants and to
provide certainty to the markets, we also will post information on the
status of accreditations and certifications as described under proposed
Sec. 1.635(c) and (d).
g. How do I request reinstatement of recognition? (Proposed Sec.
1.636). This proposed rule describes the procedures that an
accreditation body would have to follow when seeking reinstatement of
its recognition. Under proposed Sec. 1.636(a), an accreditation body
that has had its recognition revoked may seek reinstatement by
submitting a new application for recognition if it did not seek a
regulatory hearing on the merits of the revocation of its recognition
under proposed Sec. 1.634 or if required to do so by a decision
following a regulatory hearing. Proposed Sec. 1.636(b) requires such
application to be supported by evidence demonstrating that the grounds
for revocation have been resolved and are unlikely to recur.
We believe that a new application would be an appropriate
requirement for an accreditation body that had been previously shown
not to be in compliance with the requirements of this rule, and any
conditions we imposed on its recognition. We seek comment on this
tentative conclusion and on the requirements we propose in Sec. 1.636
for reinstatement of recognition.
5. Accreditation of Third-Party Auditors/Certification Bodies
This proposed rule would establish: (1) The eligibility
requirements for an auditor/certification body to be authorized
(``accredited'') by a recognized accreditation body or by FDA (``direct
accreditation'') under the accredited third-party audits and
certification program; (2) requirements for accredited auditors/
certification bodies, including auditing, reporting, certification, and
assessments; and (3) procedures FDA and third-party auditors/
certification bodies will follow under the program.
Table 5--Proposed Requirements for Third-Party Auditors/Certification
Bodies
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
Accreditation of third-party auditors/certification bodies under this
subpart
------------------------------------------------------------------------
1.640.................. Who is eligible to seek accreditation?
1.641.................. What legal authority must a third-party auditor/
certification body have to qualify for
accreditation?
1.642.................. What competency and capacity must a third-party
auditor/certification body have to qualify for
accreditation?
1.643.................. What protections against conflict of interest
must a third-party auditor/certification body
have to qualify for accreditation?
1.644.................. What quality assurance procedures must a third-
party auditor/certification body have to
qualify for accreditation?
1.645.................. What records procedures must a third-party
auditor/certification body have to qualify for
accreditation?
------------------------------------------------------------------------
Requirements for accredited auditors/certification bodies under this
subpart
------------------------------------------------------------------------
1.650.................. How must an accredited auditor/certification
body ensure its audit agents are competent and
objective?
1.651.................. How must an accredited auditor/certification
body conduct a food safety audit of an
eligible entity?
1.652.................. What must an accredited auditor/certification
body include in food safety audit reports?
1.653.................. What must an accredited auditor/certification
body do when issuing food or facility
certification?
1.654.................. When must an accredited auditor/certification
body monitor an eligible entity with food or
facility certification?
1.655.................. How must an accredited auditor/certification
body monitor its own performance?
1.656.................. What reports and notifications must an
accredited auditor/certification body submit?
1.657.................. How must an accredited auditor/certification
body protect against conflicts of interest?
[[Page 45807]]
1.658.................. What records requirements must an accredited
auditor/certification body meet?
------------------------------------------------------------------------
Procedures for accreditation of third-party auditors/certification
bodies under this subpart
------------------------------------------------------------------------
1.660.................. Where do I apply for accreditation or renewal
of accreditation from a recognized
accreditation body?
1.661.................. What is the duration of accreditation?
1.662.................. How will FDA monitor accredited auditors/
certification bodies?
1.663.................. How do I request an FDA waiver or waiver
extension for the 13-month limit for audit
agents conducting regulatory audits?
1.664.................. When can FDA withdraw accreditation?
1.665.................. How do I voluntarily relinquish accreditation?
1.666.................. How do I request reaccreditation?
------------------------------------------------------------------------
Additional procedures for direct accreditation of third-party auditors/
certification bodies under this subpart
------------------------------------------------------------------------
1.670.................. How do I apply to FDA for direct accreditation
or renewal of direct accreditation?
1.671.................. How will FDA review applications for direct
accreditation and for renewal of direct
accreditation?
1.672.................. What is the duration of direct accreditation?
------------------------------------------------------------------------
Section 808 of the FD&C Act directs us to establish a voluntary
program for accreditation of third-party auditors/certification bodies
to conduct food safety audits and to issue certifications to eligible
foreign entities. Sections 808(b)(2) and (c)(5)(C) of the FD&C Act
require us to issue model accreditation standards to qualify third-
party auditors/certification bodies as accredited auditors/
certification bodies and to issue implementing regulations for the
program.
The statute requires accredited auditors/certification bodies to:
(1) Issue a written (and, as appropriate, electronic) food or facility
certification after conducting a regulatory audit and such other
activities necessary to determine compliance with the FD&C Act; (2)
submit regulatory audit reports within 45 days; (3) complete reports of
consultative audits within 45 days; (4) maintain onsite audit reports
and other audit documents in its records; (5) immediately notify us of
a condition that could cause or contribute to a serious risk to the
public health; (6) prevent an audit agent from conducting a regulatory
audit of an eligible entity for which the agent conducted a
consultative or regulatory audit within the preceding 13 months, unless
waived by FDA; and (7) comply with conflict of interest requirements.
a. Who is eligible for accreditation? (Proposed Sec. 1.640). This
proposed rule would establish the eligibility requirements for a third-
party auditor/certification body to be qualified for accreditation by a
recognized accreditation body or for direct accreditation by FDA. Under
section 808(a)(3) of the FD&C Act, a third-party auditor can be a
foreign government, an agency of a foreign government, a foreign
cooperative, or any other third party, as FDA determines appropriate
according to the Agency model accreditation standards. Section
808(c)(1)(A) of the FD&C Act requires a foreign government/agency
seeking accreditation to demonstrate that its food safety programs,
systems, and standards are capable of adequately ensuring that eligible
entities or foods it certified meet applicable FDA requirements for
food manufactured, processed, packed, or held for import into the
United States. Section 808(c)(1)(B) of the FD&C Act requires a foreign
cooperative or other third party seeking accreditation to demonstrate
that each eligible entity it certified has systems and standards in use
to ensure that the entity or food meets the applicable requirements of
the FD&C Act. The statute requires us to issue model accreditation
standards under section 808(b)(2) of the FD&C Act to qualify third-
party auditors/certification bodies for accreditation.\30\
---------------------------------------------------------------------------
\30\ Section 808(b)(2) of the FD&C Act directs us to include
requirements for regulatory audit reports in the model accreditation
standards. Because such reports are prepared by accredited third-
party auditors/certification bodies, we have included requirements
for regulatory audit reports in the proposed requirements for
accredited auditors/certification bodies in this subpart.
---------------------------------------------------------------------------
Proposed Sec. 1.640(a) aligns with the definition of third-party
auditor in section 808(a)(3) of the FD&C Act, describing the types of
organizations that may be eligible for accreditation under our program:
Foreign governments and agencies of foreign governments, foreign
cooperatives, and other third parties. Proposed Sec. 1.640(b) reflects
the requirements of section 808(b) and (c)(1)(A) of the FD&C Act,
stating that a foreign government or agency of a foreign government is
eligible for accreditation if it meets the requirements of Sec. Sec.
1.641 through 1.645, as specified in FDA model standards on
qualifications for accreditation, including legal authority,
competency, capacity, conflicts of interest, quality assurance, and
records. We believe the scope of the review of a foreign government/
agency's food safety programs, systems, and standards for accreditation
purposes should focus on the program, systems, and standards relevant
to the scope of accreditation sought. Under proposed Sec. 1.640(c), a
foreign cooperative or other third party is eligible for accreditation
if it can demonstrate that the training and qualifications of its audit
agents and its internal systems and standards meet the requirements of
Sec. Sec. 1.641 through 1.645, as explained in FDA model standards on
qualifications for accreditation, including legal authority,
competency, capacity, conflicts of interest, quality assurance, and
records.
These proposed eligibility requirements build on the language in
section 808 of the FD&C Act, using the approach we described in our
2009 guidance on voluntary certification for food and feed (Ref. 5),
which contained recommendations relating to authority, competency,
capacity, conflicts of interest, quality assurance, and recordkeeping.
We also considered the FDA MFRPS (Ref. 12) and draft ICAT (Ref. 14) for
similar standards that could help assure the maximum degree of
consistency across domestic and international foods programs. Looking
externally, we considered the GFSI Guidance version 6 (Ref. 23), which
requires food safety scheme owners to use third-party auditors/
certification bodies that comply with either ISO/IEC Guide 65:1996
(Ref. 20) for product
[[Page 45808]]
certification or ISO/IEC 17021:2006 (revised in 2011) (Ref. 19) coupled
with ISO TS 22003:2007 (Ref. 21) for management systems certification.
b. What legal authority must a third-party auditor/certification
body have to qualify for accreditation? (Proposed Sec. 1.641). This
proposed rule would require third-party auditors/certification bodies
seeking accreditation to demonstrate that they have sufficient legal
authority, which may include authority established by contract, to
adequately audit food facilities and to certify them for compliance
with food safety requirements, once accredited.
Proposed Sec. 1.641(a) would allow governmental bodies, with
auditing and certification authority inherent in their roles as public
officials, and private bodies, who have authority under contracts with
food facilities, to qualify for accreditation if they have sufficient
authority to conduct auditing and certification activities. This
includes adequate authority to access records; conduct onsite audits;
and to grant, suspend or withdraw certification. Clause 4.2(d) of ISO/
IEC Guide 65:1996 (Ref. 20) requires auditors/certification bodies to
be legal entities. Clause 5 of ISO/IEC 22003:2007 (Ref. 21), by cross
reference to ISO/IEC 17021:2011 (Ref. 19), clause 5, requires auditors/
certification bodies to be legal entities, or defined parts of a legal
entity that can be held legally responsible for its certification
activities. Clause 5.1.3 requires auditors/certification bodies to
retain authority for their certification decisions, including granting,
maintaining, renewing, extending, reducing, suspending, and withdrawing
certification.
Proposed Sec. 1.641(b) would require a third-party auditor/
certification body to demonstrate that it has adequate legal authority
to meet the requirements for an accredited auditor/certification body
in proposed Sec. Sec. 1.650 through 1.658, including conducting food
safety audits using FDA requirements and industry standards and
practices as audit criteria, preparing audit reports, issuing
certifications, submitting reports and notification to us, implementing
procedures to protect against conflicts of interest, maintaining
records, conducting monitoring when necessary, and following the
procedural requirements of our program.
Consistent with our procedures for recognition of accreditation
bodies, we are not proposing to require a newly accredited auditor/
certification body to wait a certain length of time before beginning to
conduct foods safety audits and issue certifications under our program.
Its certification authority goes into effect at the moment of
accreditation. Therefore, we believe a third-party auditor seeking
accreditation must demonstrate its capacity to fulfill the roles and
responsibilities of an accredited auditor/certification body, if
granted.
We seek comment on this tentative conclusion and our proposal to
require third-party auditors/certification bodies to have demonstrable
evidence to support a conclusion that they would be capable of meeting
our requirements, if accredited. For comments opposing this
requirement, we seek comment on what, if any, requirements we should
put in place to ensure that a third-party auditor/certification body
seeking accreditation would be equipped, upon accreditation, to perform
the obligations required under the program.
c. What competency and capacity must a third-party auditor/
certification body have to qualify for accreditation? (Proposed Sec.
1.642). This proposed rule would require third-party auditors/
certification bodies seeking accreditation to demonstrate adequate
resources to fully implement their auditing and certification programs.
Under proposed Sec. 1.642(a), a third-party auditor/certification body
must have adequate numbers of personnel and other agents with relevant
knowledge, skills, and experience to effectively audit for compliance
with applicable FDA requirements and industry standards and practices
and to issue valid and reliable certifications. The third-party
auditor/certification body would have to show it has adequate financial
resources for its operations. In the model accreditation standards, we
will explain the types of expertise and training we expect third-party
auditors/certification bodies to demonstrate. We also will explain the
types of documentation that might be used to demonstrate financial
viability.
Standards associated with auditor competency are critical to
international standards for certification bodies and are an area of
focus for GFSI and other stakeholders. Audit agents and other personnel
that lack the necessary knowledge, skills, and abilities will be unable
to perform credible audits and may result in flawed certification
decisions. ISO/IEC 17021:2011 (Ref. 19), clauses 7.2.1 and 7.2.2,
requires certification bodies to have personnel with sufficient
competence to manage their audit and certification work and to employ,
or have access to, sufficient numbers of auditors and technical experts
to cover the volume and types of its activities.
Under proposed Sec. 1.642(b), a third-party auditor/certification
body seeking to qualify for recognition must demonstrate that it has
the competency and capacity to adequately audit eligible foreign
entities to determine if they are in compliance with applicable FDA
requirements and, for consultative audits, industry standards and
practices. It also must be capable of making certification decisions
that are valid and reliable, submitting reports and notifications to
FDA in the manner we propose, and following the procedural requirements
of our program. As previously explained, a third-party auditor/
certification body will be authorized to begin auditing and
certification under our program immediately upon accreditation.
Therefore, it needs to sufficiently demonstrate its ability to meet the
competency and capacity requirements of an accredited auditor/
certification body in its application for accreditation.
d. What protections against conflicts of interest must a third-
party auditor/certification body have to qualify for accreditation?
(Proposed Sec. 1.643). This proposed rule would require third-party
auditors/certification bodies to have established programs to safeguard
against conflicts of interest that might compromise their objectivity
and independence from food facilities they audit and certify. Proposed
Sec. 1.643(a) would require accreditation bodies seeking recognition
to have written measures to safeguard against financial conflicts of
interest between the third-party auditor/certification body (and its
officers, personnel, and other agents) and food facilities (and owners
and operators). Without these conflict of interest requirements, we
believe it would be difficult for a third-party auditor/certification
body to demonstrate it has adequate independence, as a third party, in
auditing and certifying food facilities. The model accreditation
standards will describe appropriate measures to protect against
conflicts of interest.
ISO/IEC 17021: 2011 (Ref. 19), clause 4.2.2, recognizes that
payment for certification services can be a potential threat to
impartiality. Clause 5.2.2 requires auditors/certification bodies to
identify, analyze, and document the possibilities for conflicts of
interest and how it eliminates or minimizes such threats.
Under proposed Sec. 1.643(b), a third-party auditor/certification
body seeking accreditation must demonstrate its capability to meet the
conflict of interest requirements that would apply under Sec. 1.657,
upon accreditation. This measure is necessary to help ensure that any
auditing and certification activities conducted after accreditation
would be
[[Page 45809]]
considered objective and independent under our program.
e. What quality assurance procedures must a third-party auditor/
certification body have to qualify for accreditation? (Proposed Sec.
1.644). This proposed rule would require third-party auditors/
certification bodies seeking accreditation to have quality assurance
procedures in place. Proposed Sec. 1.614(a) requires a third-party
auditor/certification body seeking accreditation to have a written
program for monitoring and assessing the performance of its officers,
personnel, and other agents. The program must include procedures for
identifying areas for improvement and quickly executing corrective
actions. The model accreditation standards will describe types of
quality assurance measures that may be used to qualify for
accreditation.
We considered both international and domestic standards in
developing proposed Sec. 1.644. ISO/IEC Guide 65: 1996 (Ref. 20),
clause 4.7.1, requires auditors/certification bodies to conduct
periodic internal audits to verify that their quality systems are
implemented and effective, to take timely and appropriate corrective
actions, and to document results. The MFPRS (Ref. 12), which apply
domestically, also include requirements for quality assurance/internal
audit programs that involve assessment, corrective action, and
continuous improvement.
Proposed Sec. 1.644(b) requires the third-party auditor/
certification body to demonstrate it has the capability to meet the
quality assurance requirements of Sec. 1.655, for performing annual
self-assessments against our requirements and reporting the results of
such self-assessments.
f. What records procedures must a third-party auditor/certification
body have to qualify for accreditation? (Proposed Sec. 1.645). This
proposed rule would require third-party auditors/certification bodies
seeking accreditation to have written records procedures in place.
Under proposed Sec. 1.645(a), a third-party auditor/certification body
would have to demonstrate that it has written procedures for
establishing, controlling, and retaining records on its auditing and
certification program and activities. While we are not proposing that a
third-party auditor/certification body must have retained records for a
specified period of time prior to its accreditation, we believe it is
necessary for a third-party auditor/certification body to have
maintained records for such length of time to allow for its program and
performance to be adequately assessed in determining whether it is
qualified for accreditation. The third-party auditor/certification body
also must maintain records as required by its existing legal
obligations. The model accreditation standards will explain these
recordkeeping, document control, and retention requirements.
In developing proposed Sec. 1.645(a), we considered the records
requirements in ISO/IEC 17021:2011 (Ref. 19), clause 9.9.1, which
requires auditors/certification bodies to maintain records on audits
and other certification activities for all clients, including all
organizations submitting applications and all organizations audited,
certified, or with suspended or withdrawn certifications. Clause 9.9.4
requires auditors/certification bodies to have documented records
policies and procedures for retaining records for the current cycle and
an additional certification cycle, noting that records may need to be
retained for a longer period, where required by law.
Proposed Sec. 1.645(b) would require a third-party auditor/
certification body seeking accreditation to demonstrate its capability
to meet the requirements of an accredited auditor/certification body,
if accredited. This would include, for example, capacity for
maintaining records for 4 years, which is the maximum length for which
accreditation could be granted. It also requires accredited auditors/
certification bodies to give us routine access to records of regulatory
audits and, for consultative audits, access to records in specific
circumstances. We realize that existing third-party auditors/
certification bodies might need to modify the confidentiality
provisions in their standard contracts with food facilities. Third-
party auditors/certification bodies applying for accreditation under
this voluntary program must demonstrate their capacity to grant us
access to relevant records, upon accreditation, because records are
necessary to ensure the rigor, credibility, and independence of the
accredited third-party audits and certification program.
6. Requirements for Accredited Auditors/Certification Bodies
Table 6--Proposed Requirements for Third-Party Auditors/Certification
Bodies Accredited by Recognized Accreditation Bodies or by FDA
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
1.650.................. How must an accredited auditor/certification
body ensure its audit agents are competent and
objective?
1.651.................. How must an accredited auditor/certification
body conduct a food safety audit of an
eligible entity?
1.652.................. What must an accredited auditor/certification
body include in food safety audit reports?
1.653.................. What must an accredited auditor/certification
body do when issuing food or facility
certifications?
1.654.................. When must an accredited auditor/certification
body monitor an eligible entity with food or
facility certification?
1.655.................. How must an accredited auditor/certification
body monitor its own performance?
1.656.................. What reports and notifications must an
accredited auditor/certification body submit?
1.657.................. How must an accredited auditor/certification
body protect against conflicts of interest?
1.658.................. What records requirements must an accredited
auditor/certification body meet?
------------------------------------------------------------------------
a. How must an accredited auditor/certification body ensure its
audit agents are competent and objective? (Proposed Sec. 1.650). This
proposed rule would require an accredited auditor/certification body to
ensure that any audit agents it uses are competent and objective.
(Where an accredited auditor/certification body is an individual, the
determination of whether such auditor/certification body is competent
and objective will be made as part of the accreditation decision.)
Proposed Sec. 1.650(a)(1) and (a)(2) require an accredited
auditor/certification body to use audit agents that have knowledge and
experience to conduct food safety audits within the scope of its
accreditation. We believe that competency and independence cannot be
demonstrated solely by records or by an interview. We have tentatively
concluded that a determination of competency must be based in part on
observations of the audit agent conducting food safety audits that use
the requirements of the
[[Page 45810]]
FD&C Act as the standard against which eligible entities are audited.
We recognize that many audit agents currently are being assessed
for their performance in conducting audits under private food safety
schemes. However, section 808(a)(7) of the FD&C Act clearly states that
regulatory audits performed under this system must assess firms for
compliance with the FD&C Act and the results of such audits are to be
used to determine whether certification may be issued. Even
consultative audits for internal purposes must include assessments of
compliance with the FD&C Act, although they also include audits on
industry standards and practices. For these reasons, we are proposing
to require that audit agents be qualified through observation of audits
assessing compliance with the FD&C Act.
ISO/IEC Guide 65:1996 (Ref. 20), clauses 5.1.1 and 5.2.1, require
auditors/certification bodies to establish minimum criteria for
competence to ensure that personnel are competent for the functions
they perform and that auditors'/certification bodies' evaluations and
certifications are carried out effectively and uniformly. ISO/IEC
17021:2011 (Ref. 19), clause 7.1.3, requires auditors/certification
bodies to have documented processes for initial competency evaluations
and ongoing monitoring of personnel performance and competency. Clauses
7.2.11 and 7.2.12 state that the documented monitoring procedures for
auditors/certification bodies must include onsite observation at a
frequency based on need determined from all monitoring information
available (e.g., review of audit reports and client feedback).
Proposed Sec. 1.650(a)(3) requires audit agents to participate in
annual food safety training. ISO/IEC 17021:2011 (Ref. 19), clause
7.2.8, requires auditors/certification bodies to identify training
needs and to offer or provide access to specific training to ensure
competency of its auditors, technical experts, and personnel. The FDA
MFRPS (Ref. 12), Standard Two, requires each State inspector to receive
36 contact hours of classroom training and participate in at least two
joint or audit inspections with a qualified trainer, every 3 years.
Proposed Sec. 1.650(a)(4) requires the accredited auditor/
certification body to ensure that its audit agents have no conflicts of
interest with the eligible entity to be audited and is in compliance
with the conflicts of interest requirements of Sec. 1.657. Section
808(c)(5)(B) of the FD&C Act prohibits audit agents from owning or
operating an eligible entity to be audited by such agent. Accredited
certification bodies also are required to have procedures to ensure
against using any of its officers or employees that has a financial
conflict of interest regarding an eligible entity to be certified by
the certification body under section 808(c)(5)(A) of the FD&C Act. We
believe that proposed paragraph (a)(4) is an appropriate way to
implement these requirements.
The language in proposed Sec. 1.650(a)(4) also is consistent with
existing international standards, including ISO/IEC Guide 65:1996 (Ref.
20), clause 5.2.2, which requires personnel to agree to comply with the
auditor's/certification body's conflict of interest rules and to
declare any prior or present association with a supplier or designer of
products they are to be assigned to audit or certify. ISO/IEC
17021:2011 (Ref. 19), clause 5.2.12, states that certification body
personnel who could influence certification activities must act
impartially and must not allow commercial, financial, or other
pressures to compromise impartiality.
Proposed Sec. 1.650(a)(5) requires audit agents to agree to notify
their certification bodies immediately upon discovering, during a food
safety audit, any condition that could cause or contribute to a serious
risk to the public health, cross-referencing proposed Sec. 1.656(c),
which requires the accredited auditor/certification body to immediately
notify FDA of such condition. Proposed Sec. 1.650(a)(5) reflects the
language of section 808(c)(4)(A) and (c)(4)(B) of the FD&C Act, which
require notification based on conditions found during an audit and
identifies ``audits'' as both consultative and regulatory audits. To
ensure that roles and responsibilities of the audit agent and
accredited auditor/certification body are clearly delineated, proposed
Sec. 1.650(a)(3) places the audit agent under an obligation to report
to its auditor/certification body immediately upon discovering a
notifiable condition. (Having been informed by its agent, the
accredited auditor/certification body must immediately notify FDA,
under proposed Sec. 1.656(c).)
ISO/IEC Guide 65: 1996 (Ref. 20), clause 5.2.2, requires auditor/
certification body personnel to sign a contract or other commitment by
which they agree to comply with the certification body rules, which
often include confidentiality requirements. The legal obligation to
alert FDA, as a regulator, of a notifiable condition is a new
requirement. Voluntary notification is not a common practice of third-
party auditors/certification bodies. We believe the statutory
notification requirement is of such importance to our program that an
individual serving as an audit agent should agree to notify its
accredited auditor/certification body upon finding any condition
meeting the notification criteria of section 808(c)(4)(A) of the FD&C
Act. We believe this will help ensure that audit agents and accredited
auditors/certification bodies are aware of the notification
requirements for food safety audits conducted under the FDA program.
Proposed Sec. 1.650(b) contains additional requirements that the
accredited auditor/certification body must meet before assigning any
individual acting as its audit agent to conduct an audit of a
particular eligible entity. This requirement is intended to ensure that
each food safety audit assigned to an audit agent is conducted by a
qualified audit agent. Put another way, in order to meet proposed Sec.
1.650(b), an accredited third-party certification body would have to
ensure not only that a food safety audit is within the scope of its
accreditation but also that the audit is within the scope of
qualifications of any audit agent the certification body assigns to
conduct it.
Clauses 7.1.1 and 7.1.2 of ISO/IEC 17021: 2011 (Ref. 19) require
auditors/certification bodies to ensure that their personnel have
appropriate relevant knowledge and set competence criteria of required
knowledge and skills necessary to effectively perform audit and
certification tasks to achieve the intended results. Clause 7.2.7
requires the auditor/certification body to use auditors and technical
experts only for those certification activities (including audits)
where they have demonstrated competence. Similarly, ISO/IEC Guide
65:1996 (Ref. 20), clause 5.1.1, requires auditors'/certification
bodies' personnel to be competent for the functions they perform.
Proposed Sec. 1.650(c) imposes additional statutory restrictions
on audit agents conducting regulatory audits. Under section
808(c)(4)(C) of the FD&C Act, an audit agent may not conduct a
regulatory audit of an eligible entity if such agent conducted a
consultative or regulatory audit for the same eligible entity in the
preceding 13 months (except that such limitation may be waived under
proposed Sec. 1.663 if the accredited auditor/certification body
demonstrates there is insufficient access to accredited certification
bodies in the country or region where the eligible entity is located.)
We seek comment on the requirements we propose to ensure that audit
agents as competent and objective and on any other requirements
necessary to achieve this objective. In
[[Page 45811]]
particular, we seek input on whether we should place other requirements
or limitations to help ensure auditor competency. Any recommendations
that are based on common industry standards or practices should be so
identified.
b. How must an accredited auditor/certification body conduct a food
safety audit of an eligible entity? (Proposed Sec. 1.651). This
proposed rule would establish requirements for the conduct of
consultative and regulatory audits by accredited auditors/certification
bodies. Proposed Sec. 1.651 implements section 808(c)(3) of the FD&C
Act regarding audit reports and sets out requirements we believe are
necessary for planning and conducting audits in a manner that fulfills
the purposes of section 808 of the FD&C Act, including ensuring that
audits are of sufficient rigor to allow us to rely on the
certifications that issue based on the results of such audits.
Proposed Sec. 1.651(a) requires accredited auditors/certification
bodies to obtain basic information from the eligible entity about the
type and nature of the requested audit, which will allow the accredited
auditor/certification body to determine whether: (1) The requested
audit is within the scope of its accreditation and which of its audit
agents would be qualified to conduct the audit; (2) whether any
conflicts of interest prevent it from conducting an audit; or (3)
whether any other limitations apply, such as the 13-month limit
described in proposed Sec. 1.650(c). ISO/IEC Guide 65:1996 (Ref. 20),
clause 8.2.1, is similar, requiring auditors/certification bodies to
ensure that their clients complete a signed application that describes
the scope of the desired certification and to provide information on
the products to be certified, the certification system, and the
certification standards, if known. The information we propose to
require under Sec. 1.651(a) is essential for ensuring that the
accredited auditor/certification body (and any audit agent assigned)
has the appropriate qualifications to conduct the food safety audit.
Proposed Sec. 1.651(a) also requires the auditor/certification
body to obtain the eligible entity's operating schedule for a 30-day
window, including information relevant to the scope and purposes of the
audit. This information will help accredited auditors/certification
bodies in meeting the requirements of section 808(c)(5)(C)(i) of the
FD&C Act for ``unannounced'' food safety audits. Having the facility's
operating schedule for a certain period of time will allow the auditor/
certification body to determine when to appear at the facility to
conduct a food safety audit under proposed Sec. 1.651(b). ISO/IEC
17021:2011 (Ref. 19) has several provisions on audit planning, such as
clause 9.1.2.1, which requires them to establish an audit plan for each
audit. The requirement to provide a production schedule to enable audit
planning also is a feature of the British Retail Consortium's Global
Standard for Food Safety (BRC scheme) (Ref. 32). In advance of an
audit, a facility subject to audit under the BRC scheme (Ref. 32) may
be asked to provide, among other things, a production schedule and
typical shift pattern to allow planning to cover relevant
processes.\31\
---------------------------------------------------------------------------
\31\ Section III, Part I, Clause 7.2 states that a certification
body may request ``production schedules, to allow audits to cover
relevant processes, for example night-time manufacture or where
production processes are not carried out each day'' and ``typical
shift patterns.''
---------------------------------------------------------------------------
Proposed Sec. 1.651(b) would require accredited auditors/
certification bodies to develop contracts or other arrangements
granting them adequate authority to conduct unannounced audits, access
records and any area in the facility relevant to the scope of the
audit, use an accredited laboratory for analytical results, notify FDA
of a condition that could cause or contribute to a serious risk to the
public health, prepare and submit audit reports, as appropriate, and
allow FDA to observe any food safety audit it conducts. This provision
is intended to help ensure that the auditor/certification body has such
access to areas within the facility and records maintained by the
eligible entity as is necessary to conduct a rigorous food safety
audit. Proposed Sec. 1.651(b) also ensures that that auditor/
certification body has authority to use a laboratory accredited under
section 422 of the FD&C Act to perform analytical work, and authority
to provide any reports and the notifications that must be submitted to
us under this subpart.
Under clause 8.6.1(d)(2) of ISO/IEC 17021:2011 (Ref. 19), auditors/
certification bodies must require prospective clients to make all
necessary arrangements for the conduct of the audits, including for
examining records and access to all processes, areas, records, and
personnel. An application for certification must include a statement
that the applicant agrees to supply any information needed for
evaluation of the products to be certified, under clause 8.2.1(b) of
ISO/IEC Guide 65:1996 (Ref. 20).
Proposed Sec. 1.651(c) addresses the protocols for food safety
audits under this rule. The audit must be conducted in a manner
consistent with the identified scope and purpose of the audit, on an
unannounced basis as required by section 808(c)(5)(C)(i) of the FD&C
Act, and must be sufficiently rigorous to give confidence in the
reliability and validity of the audit outcomes.
ISO/IEC 17021:2011 (Ref. 19), clause 9.1.9.5.1, requires that
information relevant to the audit objectives, scope, and criteria be
collected by appropriate sampling and verified to become audit
evidence. Information may be collected through observation, records
review, and interviews. Under clause 9.1.9.6, audit findings,
summarizing conformity and detailing nonconformity and its supporting
audit evidence must be recorded and reported to enable an informed
certification decision.
Proposed Sec. 1.651(c) requires the facility audit portion of the
food safety audit to be conducted at an appropriate time within the 30
days covered by the operating schedule provided by the eligible entity
under proposed Sec. 1.651(a)(1)(ii).
Though most private food safety audit standards rely on announced
audits, the BRC scheme (Ref. 32) has protocols for both announced and
unannounced audits.\32\ An unannounced audit under the BRC scheme may
be conducted in 2 parts, with the ``Good Manufacturing Practices-type
audit'' unannounced and occurring prior to a records review, which may
be a planned visit.
---------------------------------------------------------------------------
\32\ The BRC scheme (Ref. 32) only allows facilities that have
achieved sufficiently high scores on announced audits to be audited
under the unannounced protocol.
---------------------------------------------------------------------------
We considered several factors in developing the audit protocols in
proposed Sec. 1.651(c), including the 2-part BRC unannounced audit
protocol. We have tentatively concluded that it is reasonable and
appropriate to interpret the ``unannounced audit'' requirement of
section 808(c)(5)(C)(i) of the FD&C Act to apply to the onsite facility
assessment portion of a food safety audit. We have further concluded
that an accredited auditor/certification body, equipped with a 30-day
facility operating schedule, would have adequate opportunity to plan
and conduct an unannounced facility audit. We anticipate that an
eligible entity seeking a food safety audit would sign a contract with
an accredited auditor/certification body at eligible entity (e.g., its
headquarters), where some or all of the relevant records of the entity
would be maintained. We think it is appropriate and efficient to allow
an auditor/certification body to review records maintained at the
eligible entity on the same day that the contract is signed, even
though the signing of the contract is a planned event.
[[Page 45812]]
We propose to sequence our audit protocol different than that of
the BRC, in that we would allow the planned records review to occur
prior to the unannounced onsite facility audit. We believe it will be
important for accredited auditors/certification bodies to gather
information about the facility before going onsite to audit it.
(Unannounced audits under the BRC scheme occur only after an announced
audit has been conducted, which allows the auditors/certification
bodies to become familiar with the facility and its records before
conducting an unannounced audit.) Accredited auditors/certification
bodies operating under the FDA program would have a limited
opportunity, if any, to gain knowledge about a facility prior to
conducting an unannounced audit. For this reason, we believe that
accredited auditors/certification bodies under the FDA program should
sequence the unannounced audit differently than the 2-part BRC
unannounced audit. We propose to require accredited auditors/
certification bodies to first review an eligible entity's management
systems (e.g., records) before conducting an onsite food safety audit
at the facility.
We believe that the requirement for unannounced audits will help
provide confidence in our program. It helps ensure that food facilities
will remain ``audit ready.'' It also reinforces the independence of the
accredited auditor/certification body.
We seek comment on our proposed approach for ``unannounced''
audits, including whether it is feasible and appropriate. We also
request information on current industry practice on arranging audits--
e.g., does industry commonly provide an auditor/certification body
information about its operating schedule? If not, what other means are
used to ensure that the auditor/certification body visits a facility at
the appropriate time to conduct the requested activities? For comments
suggesting other approaches, we request information on the practical
implications of the recommended alternate approach(es).
c. What must an accredited auditor/certification body include in
food safety audit reports? (Proposed Sec. 1.652). This proposed rule
would implement the audit reporting requirements of section 808 of the
FD&C Act and describes the elements of consultative and regulatory
audit reports that we believe would be appropriate.
As required by section 808(c)(3) of the FD&C Act, proposed Sec.
1.652(a) requires a report of a consultative audit be prepared not
later than 45 days after the audit was completed. Proposed Sec.
1.652(a) also sets requirements for the content of reports of
consultative audits, based on the content required by section
808(c)(3)(A)(i) through (c)(3)(A)(iv) of the FD&C Act: (1) The identity
of the persons at the eligible entity responsible for compliance with
food safety requirements; (2) the dates and scope of the audit; and (3)
any other information we require that relates to or may influence an
assessment of compliance with the FD&C Act.
ISO/IEC 17021:2011 (Ref. 19), clause 9.1.10.2, requires audit
reports to provide an accurate, concise, and clear record of the audit
to allow for informed certification decisions and include or refer to
the name and address of the client, the type of audit, the audit scope,
the dates and places where audit activities were conducted, audit
findings, evidence, and conclusions, consistent with the requirements
of the type of audit, and any unresolved issues, if defined.
Under proposed Sec. 1.652(a)(1) and (a)(2), we propose to require
that the following identifying information for the facility and the
eligible entity (if it differs from the facility) that chooses to
participate in the voluntary third-party certification program be
included in the consultative audit report: Name, address, and a unique
facility identifier (UFI), as required by FDA.
We are proposing to require this information to help ensure that we
have comprehensive, accurate, and up-to-date on eligible entities and
audited facilities that chose to participate in the program, which will
allow us to conduct efficient and effective oversight of the program.
Firm name and address alone may not provide sufficient information to
allow us to correctly identify an eligible foreign entity, such as a
farm that is not subject to the FDA facility registration requirements
and that may be located in a remote area in the foreign country. An UFI
could help us with eligible entities and facilities that would
otherwise be difficult to identify or locate.
After considering the types of information available, we have
tentatively concluded that an UFI should include two elements: (1) A
common business identifier, and (2) information on the firm's
geographic location. For the business identifier, we believe the Data
Universal Numbering System (D-U-N-S[supreg]) numbers system is
appropriate because it is a commonly used international business entity
listing system under which a company can obtain, at no charge, a unique
identification number for its business. D-U-N-S[supreg] numbers are
distinct, site-specific, 9-digit numbers that would allow us to
identify and verify certain business information, e.g., its trade
names, the name of each corporate officer and director, and additional
ownership information that may be useful in determining possible
conflicts of interest between eligible entities and accredited
auditors/certification bodies.\33\ The use of D-U-N-S[supreg] numbers,
as a unique numerical identification system, is less prone to mistake
or ambiguity than the use of an eligible entity's or facility's name
and address. Similarly, geographic information, such as Global
Positioning System (GPS) coordinates, would identify precisely where a
facility or eligible entity (if different) is located. We believe this
is a necessary element of a UFI, particularly for facilities such as
farms that are not required to register with us under Sec. Sec. 1.225
through 1.243 and that may be difficult to locate by street address. We
expect that accredited auditors/certification bodies that are qualified
to participate in our program likely would already own GPS units or
would be adequately resourced to purchase them.
---------------------------------------------------------------------------
\33\ D-U-N-S[supreg] numbers are assigned by Dun & Bradstreet
and maintained in their database of D-U-N-S[supreg] numbers. If the
D-U-N-S[supreg] Number for a location has not been assigned, a
business may obtain one for no cost directly from Dun & Bradstreet
(https://www.dnb.com).
---------------------------------------------------------------------------
Proposed Sec. 1.652(a)(3) and (a)(4) requires reports of
consultative audits to include the contact information for the
person(s) responsible for food safety compliance, the dates and scope
of the consultative audit, both of which are statutory requirements.
Proposed Sec. 1.652(a)(5) requires information on any deficiencies
observed during the audit that require corrective action and the date
on which such corrective actions were completed. ISO/IEC 17021:2011
(Ref. 19), clause 9.1.11, states that [audit/]certification bodies must
require their clients to analyze the cause of nonconformities and the
corrective actions to address such nonconformities within a defined
time. [Auditors/]certification bodies must verify and document the
effectiveness of the corrective actions based on document review or,
where necessary, onsite verification or additional audits under clauses
9.1.12 and 9.1.13. Proposed Sec. 1.652(a)(5) would require such
documentation be included in the consultative audit report.
Proposed Sec. 1.652(b) requires an accredited auditor/
certification body to prepare a report of a regulatory audit and submit
it to us electronically, in English, within 45 days after conducting
such audit, as mandated by section 808(c)(3) of the FD&C Act. We have
[[Page 45813]]
tentatively concluded that electronic submission of regulatory audit
reports, written in English, will help ensure we have ready access to
information needed for monitoring and oversight of the program.
Proposed Sec. 1.652(b) also requires auditors/certification bodies
accredited by recognized accreditation bodies to submit each regulatory
audit report to the accrediting body in the same timeframe and manner
as it is submitted to us. We believe that this information is important
to recognized accreditation bodies in conducting monitoring and
oversight of the auditors/certification bodies they accredit, including
monitoring required by proposed Sec. 1.621, and in assessing its own
performance of accreditation activities under proposed Sec. 1.622.
The report of a regulatory audit must contain all of the data
elements required for reports of consultative audits under proposed
Sec. 1.652(a). Proposed Sec. 1.652(b) requires that regulatory audit
reports contain the following additional data elements: (1) The FDA
registration number assigned to the facility, where applicable; (2) the
process(es), food(s), and facility observed during the audit; and (3)
information on sampling and laboratory analysis, recent food recalls,
recent significant changes at the facility, and any food or facility
certifications recently issued to the entity. We discuss each of these
additional data elements.
FDA Registration Number: Having an audited facility's FDA
registration number, where required, will allow us to verify (and to
correct, where necessary) registration information in our database.
This will help us in overseeing this program and in risk-based planning
for FDA foreign inspections.
Process(es) and food(s) observed during a regulatory audit: In
proposed Sec. 1.652(b)(4) we require a description of the process(es)
and food(s) observed during the audit, because we believe that,
otherwise, the description of the scope of the audit may not provide
sufficient information to allow the accredited auditor/certification
body, its recognized accreditation body, or us to determine whether the
certification matches the scope of the audit stated and, furthermore,
whether the stated scope of the audit matches the scope of auditor's/
certification body's accreditation. In sum, the description of the
process(es) and food(s) subject to regulatory audit help to verify the
validity of any food or facility certifications issued as a result of
the regulatory audit.
Sampling and analysis: Proposed Sec. 1.652(b)(8) requires
information on whether the entity uses sampling and laboratory analysis
(e.g., under a microbiological sampling plan) as part of the facility's
preventive control plan. We are not proposing to require the accredited
auditor/certification body to include the results of such sampling and
analysis in the regulatory audit report. Information on whether a
facility uses sampling and laboratory analysis helps identify how the
facility has chosen to verify its preventive controls.
Recalls during the preceding 2 years: Proposed Sec. 1.652(b)(9)
requires information on whether the entity issued a food-safety related
recall of an article of food from the facility during the 2 years
preceding the audit and, if so, any such article(s) recalled and the
reason(s) for the recall(s). We believe this is an important element of
a regulatory audit for certification purposes, because it may be
relevant in helping us to determine whether to accept a certification
or other assurance by an accredited auditor/certification body for
purposes of admitting a food into the United States under section
801(q) of the FD&C Act. Recent food safety-related recalls might call
into question the reliability of any food certifications issued to the
facility. Recall information also may be relevant to the risk factors
used to determine VQIP eligibility.
Recent significant changes: Proposed Sec. 1.652(b)(10) requires
submission of information regarding whether, during the 2 years
preceding the audit, the entity made a significant change in the
activities conducted at the facility, if such change creates a
reasonable potential for a new hazard or a significant increase in a
previously identified hazard. For example, a new hazard might arise if
a facility began to process a different type of commodity or began to
package an existing product in a different way (e.g., going from a
canned product to a vacuum-packed ready-to-eat product).
We developed this criterion based on the language in section 418(i)
of the FD&C Act, regarding conditions that trigger a requirement to
reanalyze hazards under section 418(b) of the FD&C Act (21 U.S.C.
350g(b) and (i)), as described in the Preventive Controls proposed
rule. While the types of facilities that may be audited are not limited
to facilities subject to the proposed preventive controls regulations,
we nonetheless believe the language set out in the statute sets the
appropriate boundaries for proposed Sec. 1.652(b)(9). We have
tentatively concluded that the type of information that has relevance
for reanalysis of hazards in a facility under the Preventive Controls
proposed rule is the same type of information that has relevance for
the conduct of a regulatory audit of a facility under this rule. We
invite comment on this tentative conclusion. For comments that oppose
this criterion, we seek comment on whether any other information on
facility changes has relevance for our oversight and, if so, we seek
alternative language for proposed Sec. 1.652(b)(9).
Prior certifications: Proposed Sec. 1.652(b)(11) requires
regulatory audit reports to contain information on any food or facility
certifications issued to the entity during the 2 years preceding the
audit, where available. The information must include the scope and
duration of each such certification. This information is a helpful in
verifying certifications submitted to us by importers for purposes of
VQIP eligibility or as required to accompany food for which
certification is a condition of admission under section 801(q) of the
FD&C Act. It also verifies the activities of an accredited auditor/
certification body under this program, which should be documented in
the records of the accredited auditor/certification body under proposed
Sec. 1.658.
Proposed Sec. 1.652(c) explains that an accredited auditor/
certification body must submit a report, as required by paragraph (b),
for each regulatory audit it conducts, regardless of whether
certification issued as a result. This requirement is consistent with
section 808(c)(3)(A) of the FD&C Act, which requires all regulatory
audit reports to be submitted. That statutory provision is not limited
to reports of regulatory audits where certifications were issued.
Proposed Sec. 1.652(d) requires accredited certification bodies to
implement written procedures for receiving and addressing challenges
from eligible entities contesting adverse regulatory audit results and
requires them to maintain records of such challenges under Sec. 1.658.
ISO/IEC 17021:2011 (Ref. 19) requires auditors/certification bodies to
have a documented process to receive, evaluate, and make decisions on
complaints relating to certification activities under clause 9.8.4., as
well as a documented process for handling appeals under clause 9.7.1.
d. What must accredited auditor/certification body do when issuing
food or facility certifications? (Proposed Sec. 1.653). This proposed
rule describes the activities that an accredited auditor/certification
body would have to perform when issuing food and facility
certifications. It is based on the language in section 808(c)(2)(C)
(requiring a regulatory audit and such other
[[Page 45814]]
necessary activities) and (c)(5)(C)(i) (requiring unannounced audits)
of the FD&C Act.
Proposed Sec. 1.653(a) specifies that the certification body must
have conducted a regulatory audit meeting the requirements of proposed
Sec. 1.651, including verification of corrective actions and using an
accredited laboratory, subject to the requirements of the laboratory
accreditation program we implement under that provision (21 U.S.C.
350k).
ISO/IEC 17021:2011 (Ref. 19) requires auditors/certification bodies
to use certain information in considering certification decisions:
Audit reports; comments on nonconformities and corrective actions (if
any); verified application information; and the audit agent's
recommendation on certification, including any conditions or
observations. The auditor's/certification body's decision must be based
on an evaluation of the audit findings and conclusions and any other
relevant information, such as public information and the client's
comments on the audit report.
Proposed Sec. 1.653(b) sets out the requirements for issuance of
certification. As with other submissions under this rule, we propose to
require certifications to be submitted electronically and in English.
Proposed paragraph (b)(2) describes the minimum elements of a
certification: Identifying information for the accredited auditor/
certification body, the eligible entity to which certification was
issued (including its unique facility identifier), and the facility (if
different from the eligible entity); the scope and date(s) of the
regulatory audit and the name of the audit agent conducting it, where
applicable; and the scope of the certification, its date of issuance,
and its date of expiration. These are the minimum elements we believe
necessary for us to link the certification to an importer in the VQIP
program under section 806 of the FD&C Act or to a food subject to
mandatory certification under section 801(q) of the FD&C Act. Moreover,
these data elements will help us determine whether the certification is
valid and reliable or should be refused under section 801(q)(4)(B) of
the FD&C Act.
e. When must an accredited auditor/certification body monitor an
eligible entity with food or facility certification? (Proposed Sec.
1.654). This proposed rule would require accredited auditors/
certification bodies to monitor eligible entities in certain
circumstances. Under proposed Sec. 1.654, an accredited auditor/
certification body is required to conduct monitoring of an eligible
entity if the auditor/certification body has reason to believe that an
eligible entity to which it issued a certification may no longer be in
compliance with the FD&C Act.
In developing proposed Sec. 1.654, we considered international
standards. ISO/IEC Guide 65: 1996 (Ref. 20), clause 13.1, requires
auditors/certification bodies to have documented procedures for
surveillance under applicable criteria. Under clause 13.2, auditors/
certification bodies must determine whether changes, such as a client's
intended changes in manufacturing processes, require further
investigation. ISO/IEC 17021:2011 (Ref. 19), clause 9.3, requires
auditors/certification bodies to develop their surveillance activities
so that representative areas and functions are regularly monitored.
Surveillance may include onsite audits. While we are not proposing to
require regular surveillance of certified eligible entities, we believe
requiring an accredited auditor/certification body to conduct
monitoring when it has ``reason to believe'' that the entity is no
longer in compliance with the FD&C Act strikes an appropriate balance.
Proposed Sec. 1.654 requires the accredited auditor/certification
body to immediately notify us under proposed Sec. 1.656(d) if it
determines that the entity to which it issued certification is out of
compliance with the FD&C Act. We believe that such notification is
necessary to ensure the protection of the public health and to maintain
the credibility of the program, particularly in light of the use of
such certifications: To allow admission of a food subject to mandatory
certification based on a determination of safety risk, under section
801(q) of the FD&C Act, and to allow importers to participate in a
program giving them expedited review and entry of product from a
certified facility, under section 806 of the FD&C Act.
f. How must an accredited auditor/certification body monitor its
own performance? (Proposed Sec. 1.655). This proposed rule would
require accredited auditors/certification bodies to conduct self-
assessments annually and following revocation of the recognition of its
accreditation body. Proposed Sec. 1.655(a) requires an accredited
auditor/certification body prepare a report of the results of each
self-assessment. The report must address the performance of its
officers, employees, or other agents in activities under this subpart.
For audit agents in particular, the accredited auditor/certification
body must report on whether its audit agents, during food safety
audits, focused on the elements of production, manufacturing,
processing, packing, and holding of food that pose the most significant
risks to human and/or animal health.
Under proposed Sec. 1.655(a), the self-assessment report must
evaluate the degree of consistency among its officers, employees, or
other agents in performing activities under this subpart. (With audit
agents, this is frequently called ``auditor correlation.'') In
addition, the report must assess compliance with the conflict of
interest requirements of Sec. 1.657, actions taken based on
assessments by FDA or its recognized accreditation body, and must
address any other aspects of performance relevant to a determination of
compliance, if requested by FDA.
Proposed Sec. 1.655(b) states that, in conducting its self-
assessment, an accredited auditor/certification body may assess the
compliance of one or more of the eligible entities it certified, as a
means to evaluate its performance. Under proposed Sec. 1.655(c), the
auditor/certification body must quickly execute appropriate corrective
actions when problems are identified during a self-assessment under
paragraphs (a) or (b) and must maintain records documenting the
completion of such actions under proposed Sec. 1.658. In addition,
proposed Sec. 1.655(d) describes the contents of the written reports
of its self-assessments, including describing any corrective actions
taken based on its self-assessments and stating the extent of its
compliance with conflict of interest requirements and other applicable
requirements of this rule.
ISO/IEC Guide 65:1996 (Ref. 20), clause 4.7.1, requires auditors/
certification bodies to conduct periodic internal audits covering all
of its procedures and to ensure that personnel responsible for the area
audited are informed of the audit outcome, timely and appropriate
corrective actions are taken, and audit results are documented.
Additionally, clause 4.7.2 requires the management with executive
responsibility to review its quality systems at sufficiently short
intervals to ensure its continuing suitability and effectiveness.
The FDA MFRPS (Ref. 12) have elements requiring States to conduct
periodic self-assessments of its manufactured food regulatory program
against the criteria we established. These self-assessments are
designed to identify the strengths and weaknesses of the State program
by determining the level of conformance with the program standards and
are independently verified through an audit. Records documenting the
results of the self-assessment must be maintained. We have tentatively
concluded that self-assessments would serve a similarly
[[Page 45815]]
important role for accredited auditors/certification bodies under our
accredited third-party audits and certification program.
g. What reports and notifications must an accredited auditor/
certification body submit? (Proposed Sec. 1.656). This proposed rule
would establish requirements for various reports and notifications that
accredited auditors/certification bodies would have to submit to FDA.
Proposed Sec. 1.656(a) requires accredited auditors/certification
bodies to submit regulatory audit reports no later than 45 days after
completing such audit. This requirement is based on section
808(c)(3)(A) of the FD&C Act, which requires submission of regulatory
audit reports as a condition of accreditation. The regulatory audit
report must be submitted electronically, in English, contain the
information required by proposed Sec. 1.652(b). The requirement for
electronic submissions, in English language, is required consistently
throughout this rule, for the reasons explained in section IV.3.c and
IV.3.d.
Under proposed Sec. 1.656(b), an accredited auditor/certification
body must submit its annual self-assessment report to its accreditation
body (or, in the case of direct accreditation, to us) no later than 45
days after the anniversary date of its accreditation under this program
and, for reports required following revocation of its accreditation
body's recognition, within 2 months of the revocation. The self-
assessment report, which is required by Sec. 1.655, must be submitted
electronically, in English, and must include an up-to-date list of any
audit agents the certification body uses to conduct audits under this
subpart. As explained in the discussion of proposed Sec. 1.621, we
believe that the results of such assessments will be helpful to us in
performing our monitoring of not only the accredited auditor/
certification body itself, but also the recognized accreditation body
that accredited it, where applicable. Monitoring of recognized
accreditation bodies and accredited third-party auditors/certification
bodies is required by section 808(f)(2) of the FD&C Act.
Having information about deficiencies the accredited auditor/
certification body identified in its own performance and program,
together with the corrective actions that were implemented to address
such deficiencies helps us target our monitoring activities. Moreover,
the results of self-assessments across a number of accredited auditors/
certification bodies will help us identify trends in program
performance and may offer an early signal of potential issues for the
Agency to address at the program level.
Proposed Sec. 1.656(c) requires an accredited auditor/
certification body to immediately notify us when any audit agent or the
auditor/certification body itself, discovers during an audit any
condition that could cause or contribute to a serious risk to the
public health. This notification is required by section 808(c)(4) of
the FD&C Act, which identifies certain information that must be
contained in the notification.
Based on that requirement and the authority granted to us to issue
regulations for the efficient enforcement of its authority, under
section 701(a) of the FD&C Act, proposed Sec. 1.656(c) requires such
notification to include the following: (1) The name and address of the
facility where the condition was discovered; (2) the FDA registration
number assigned to the facility, where applicable; (3) the name and
address of the eligible entity, if different from that of the facility;
and (4) the condition that could cause or contribute to a serious risk
to the public health and for which notification is required.
Information on the identity of the entity and the notifiable
condition is required by section 808(c)(4) of the FD&C Act. The other
data elements we propose to require are essential for us to take
immediate and necessary steps to protect the public health. In the
event that the facility where the condition was discovered is different
than the eligible entity, or is at a different location, we need to
know the name and address of the facility so that we can interact
directly with the facility. Knowing the facility's FDA registration
number (where required) helps us quickly assemble relevant information
we possess, including information from our foreign regulatory partners.
The data elements required for notification under Sec. 1.656(c)(1),
(c)(2), and (c)(3) offer the minimum information we believe necessary
to allow the Agency to determine the appropriate course of action with
respect to the situation.
We note that section 808 of the FD&C Act does not define ``serious
risk to the public health,'' nor does it give examples of
``condition[s] that could cause or contribute to a serious risk to the
public health.'' The statutory description of notifiable conditions--as
ones that ``could'' cause or contribute to a serious risk to public
health--suggests to us that the scope of this provision is broad. In
developing these proposed implementing regulations, we looked for the
precise phrase, ``cause or contribute to a serious risk to the public
health'' elsewhere in the FD&C Act, but did not find it there (21
U.S.C. 301 et seq.). In considering section 808 of the FD&C Act as a
whole, we noted that the provision giving us access to records
associated with consultative audits cross-references section 414 of the
FD&C Act (21 U.S.C. 350c). Section 414 of the FD&C Act, among other
things, gives us access to records if we have a reasonable belief that
an article of food, and any other article of food that we reasonably
believe is likely to be affected in a similar manner, is adulterated
and presents a threat of serious adverse health consequences or death
to humans or animals (SAHCODHA) (21 U.S.C. 350c(a)). Although Congress
chose to incorporate SAHCODHA by referencing section 414 of the FD&C
Act as authority for us to access records of consultative audits under
section 808(c)(3)(C) of the FD&C Act, Congress did not use the SAHCODHA
standard in describing the types of conditions that could cause or
contribute to a serious risk to the public health and that must be
reported to FDA under section 808(c)(4)(A) of the FD&C Act. We believe
Congress intended the standard for notification to be a different
standard than SAHCODHA.
We invite comment from interested parties interpreting the
notification standard in section 808(c)(4)(A) of the FD&C Act and
providing examples of circumstances that stakeholders believe do and do
not rise to the level of a ``condition that could cause or contribute
to a serious risk to the public health.'' We are particularly
interested in receiving input on whether our existing Class I and Class
II recall standards (Ref. 33), taken together, might adequately address
any condition covered by section 808(c)(4)(A) of the FD&C Act. An FDA
Class I recall occurs in a situation in which there is a reasonable
probability that the use of or exposure to a violative product will
cause serious adverse health consequences or death. An FDA Class II
recall occurs in a situation in which use of or exposure to a violative
product may cause temporary or medically reversible adverse health
consequences or where the probability of serious adverse health
consequences is remote.
We also note that international standards for [auditors/
]certification bodies have exceptions to confidentiality agreements
where disclosure is required by law. For example, ISO/IEC Guide
17021:2011 (Ref. 19), clause 8.5.3, requires an auditor/certification
body that is required by law to release confidential information to a
third party, to notify the client before providing such information to
a third party, ``unless regulated by law.'' Based on section
808(c)(4)(A) of the FD&C Act, which
[[Page 45816]]
requires that the accredited third-party certification body
``immediately'' notify us, proposed Sec. 1.656(c) requires an
accredited auditor/certification body to notify us of a serious risk to
public health prior to notifying its client, the eligible entity. We
recommend that accredited auditors/certification bodies include a
provision explaining this notification requirement in their contracts
with eligible entities. We believe this will help ensure that eligible
entities are aware of the notification requirement and will help
emphasize to the accredited auditors/certification bodies their
obligation to notify FDA of such condition.
Proposed Sec. 1.656(d) requires an accredited auditor/
certification body to immediately notify us electronically, in English,
upon withdrawing or suspending the food or facility certification of an
eligible entity. The notice must describe the basis for withdrawal or
suspension. We believe immediate notification of suspension or
withdrawal of certifications is necessary because of how we use these
certifications: As a condition of granting admission to a food subject
to an risk determination under section 801(q) of the FD&C Act and as a
criteria for an importer's eligibility to participate in VQIP under
section 806 of the FD&C Act. We realize that certification bodies
currently withdraw and suspend certifications for a number of reasons,
some of which relate to payment of fees and others relate to food
safety matters. Therefore, having information on the fact that a
certification has been withdrawn or suspended, as well as the reason(s)
for the action, allows us to determine the effect of suspension or
withdrawal on our use of the certifications under sections 801(a) and
806 of the FD&C Act. Depending on the reasons for suspension or
withdrawal of certification, we may conduct an inspection or take other
action.
Under proposed Sec. 1.656(e)(1), an accredited auditor/
certification body that notifies us under proposed Sec. 1.656(c) must
immediately thereafter notify the eligible entity where the condition
was discovered. Proposed Sec. 1.656(e)(2) requires an accredited
auditor/certification body to notify its accreditation body (or, in the
case of direct accreditation, to us) electronically, in English, within
30 days after making any significant change that may affect its
compliance with the requirements of Sec. Sec. 1.640 through 1.658. The
notice must describe the purpose of the change and an explanation for
whether and how the change might affect its accreditation under this
program. In that proposed Sec. 1.640 requires auditors/certification
bodies to maintain compliance with the requirements of this rule as a
condition of their accreditation, this notification is necessary for
our program oversight. We will use this information in monitoring the
certification body as required by section 808(f)(2) of the FD&C Act and
may use the notification (or the failure to notify under proposed Sec.
1.656(e)(2)) in determining whether to withdraw accreditation under
section 808(c)(6) of the FD&C Act.
h. How must an accredited auditor/certification body protect
against conflicts of interest? (Proposed Sec. 1.657). This proposed
rule would require accredited auditors/certification bodies to have
procedures to ensure against financial conflicts of interest and to
make annual financial disclosure statements available to us, as
required by section 808(c)(5)(A) and (c)(5)(B) of the FD&C Act.
Additionally, section 808(c)(5)(C) of the FD&C Act directs us to issue
implementing regulations including requirements for unannounced audits,
a structure to decrease the potential for conflicts of interest
(including requirements for timing and public disclosure of fee
payments), and appropriate limits on financial affiliations between
certification bodies (and their audit agents) and eligible entities to
be certified.
Proposed Sec. 1.657 sets out the elements of a conflict of
interest program we believe are appropriate to implement this mandate
and to ensure the objectivity and independence of accredited auditors/
certification bodies necessary for to maintain the credibility of the
program. Proposed Sec. 1.657(a) requires the accredited auditor/
certification body to have written program that covers the
certification body itself and any of its officers, employees, or other
agents (e.g., audit agents) conducting audits or certification
activities under this program.
Based in large part on section 808(c)(5)(A)(i) of the FD&C Act,
proposed Sec. 1.657(a)(1) prohibits an accredited auditor/
certification body and its officers, personnel, and other agents
(except for audit agents subject to paragraph (a)(2)) from owning,
controlling, managing, or otherwise having a financial interest in an
eligible entity, or an affiliate, parent, or subsidiary of such entity,
to be certified by the auditor/certification body . The effect of the
language in proposed Sec. 1.657(a)(1) would be to prevent a foreign
food firm with its own audit team from conducting regulatory audits and
issuing certifications for its own facilities, processes, or products
(i.e., first-party audits) or for an affiliate or for its parent or
subsidiary (i.e., second-party audits). Given the multinational nature
and multiple corporate interests of many food companies, we have
tentatively concluded it is important to extend the conflict of
interest safeguards in proposed Sec. 1.657 to subsidiaries,
affiliates, and parent organizations. We seek comment on this tentative
conclusion.
Proposed Sec. 1.657(a)(2) prohibits an audit agent of an
accredited auditor/certification body from conducting a food safety
audit of an eligible entity, or an affiliate, parent, or subsidiary of
such entity, that the agent owns or operates. This provision is largely
based on the section 808(c)(5)(B)(i) of the FD&C Act, which prohibits
an audit agent from owning or operating an eligible entity to be
audited by the agent, coupled with language covering financial
interests associated with an affiliate, parent, or subsidiary of the
eligible entity, for the reasons previously described.
To be clear, proposed Sec. 1.657(a)(2) does not go so far as to
prohibit audit agents from having any financial interest in any food
company; rather, it prevents an audit agent from conducting a
consultative or regulatory audit of an eligible entity or an affiliate,
parent, or subsidiary of such entity, owned or operated by such agent.
We believe that requiring any audit agent conducting audits under this
program to divest all interests in FDA-regulated food firms might
unnecessarily limit the pool of qualified audit agents.
We seek comment on these tentative conclusions and on the approach
we propose in Sec. 1.657(a)(2), including whether this approach might
unnecessarily limit the availability of competent audit agents to
conduct audits under this program and whether removing the restriction
relating to interests in affiliates, parents, or subsidiaries might
create, or create the appearance of, bias.
Proposed Sec. 1.657(a)(3) prohibits officers, employees, or other
agents of an accredited auditor/certification body from accepting any
gift, gratuity, or item of value from the entity subject to audit. A
gift, gratuity, or item of value would not include meals of a de
minimis value provided on the premises where the audit or assessment is
being conducted, recognizing that some facilities may be remotely
located and allowing onsite meals is appropriate in the interest of
efficiency. We seek comment on whether to interpret de minimis value
according to the limits for gifts or items of value applicable to U.S.
Government employees. Proposed Sec. 1.657(a)(3) also
[[Page 45817]]
allows for authorized officials, employees, or agents to accept
payments of fees for the audit and certification, as described in
proposed Sec. 1.657(b).
Proposed Sec. 1.657(b) addresses the requirement, in section
808(c)(5)(C) of the FD&C Act, to issue implementing regulations that
include a structure to decrease the potential for conflicts of
interest, including timing and public disclosure, for fees paid by
eligible entities to accredited third-party certification bodies. After
considering this statutory provision, we have tentatively concluded
that an appropriate structure to decrease the potential for conflicts
of interests between an eligible entity and an accredited auditor/
certification body would be one in which there was public disclosure of
the point at which the entity paid fees for audit and certification
services. Proposed Sec. 1.657(b) provides that that payment of such
fees does not constitute a covered financial conflict of interest.
Proposed Sec. 1.657(c) imputes to an officer, employee, or other
agent of an accredited auditor/certification body the financial
interests of his or her spouse and minor children, if any. This
proposed requirement is based on the approach we recommended in the
2009 Guidance that no auditor acting for the [auditor/]certification
body (or spouse or minor children) should have any significant
ownership or other financial interest regarding any product of the type
it certifies (Ref. 5). As another example, FDA regulations on conflicts
of interest of experts serving on panels for unapproved new animal
drugs imputes the financial interests and arrangements of an expert's
spouse and minor children to the expert him- or herself (21 CFR
516.141(g)).
We believe that imposing a similar requirement on the immediate
family of the officers, employees, or other agents of an accredited
auditor/certification body will help to ensure the credibility of the
accredited third-party audits and certification program at every level.
We seek comment on this tentative conclusion.
Proposed Sec. 1.657(d) requires accredited certification bodies to
maintain on their Web sites an up-to-date list of eligible entities to
which they issued certifications under this subpart, the duration and
scope of each such certifications, and the date on which the eligible
entity paid any fee or reimbursement under proposed Sec. 1.657(c).
Information on timing of fee payments is required by section
808(b)(5)(C)(iii) of the FD&C Act and is necessary, we believe, in the
interest of transparency.
We seek comment on the tentative conclusions identified here--
namely, we should require accredited certification bodies to: (1) Have
a written program to safeguard against conflicts of interest; (2)
include the interest of any affiliate, parent, or subsidiary of a
certification body within the scope of interests covered by its
conflict of interest program; (3) impute the interests of immediate
family members of an officer, employee, or other agent to such officer,
employee, or other agent; and (4) to maintain on its Web site a list of
its certified eligible entities, including duration and scope of each
such certification, and disclosure of the date(s) on which an eligible
entity paid the accredited auditor/certification body any fee or
reimbursement associated with an audit or certification under this
program.
i. What records requirements must an accredited auditor/
certification body meet? (Proposed Sec. 1.658). This proposed rule
would establish requirements for accredited auditors/certification
bodies to establish, control, and retain records relating to their
auditing and certification activities under our program.
Proposed Sec. 1.658 requires accredited auditors/certification
bodies to maintain certain documents and data electronically, in
English, for 4 years, to document compliance with this rule.\34\ These
records include: (1) Requests for regulatory audits; (2) audit reports
and other documents resulting from a consultative or regulatory audit;
(3) any notification of a condition under proposed Sec. 1.650(a)(5) or
by the accredited auditor/certification body to FDA under proposedSec.
1.656(c); (4) any food or facility certification issued under this
program; (5) any challenge to an adverse regulatory audit decision and
its disposition; (6) any monitoring it conducted of a certified
eligible entity; (7) the auditor's/certification body's self-
assessments and corrective actions; and (8) any significant change to
the auditing and certification program that might affect compliance
with this rule.
---------------------------------------------------------------------------
\34\ We are proposing records be maintained for 4 years, which
aligns with the maximum length of time for which accreditation may
be granted. This will be particularly useful in decisionmaking on an
application to renew accreditation, because the accrediting body
will have access to data and information on activities conducted at
any time during its current accreditation. We used a similar
rationale in proposing to require recognized accreditation bodies to
maintain their records for 5 years, which is the maximum length of
time for which recognition may be granted.
---------------------------------------------------------------------------
Maintenance of records on requests for regulatory audits under
proposed Sec. 1.658(a)(1) is one means to verify the adequacy of audit
planning under proposed Sec. 1.651(a). Records associated with audits,
certifications, challenges to auditor/certification body decisions,
internal reviews, significant changes, and monitoring (also known as
surveillance) of eligible entities are among the records commonly
required to be maintained by international standards. We believe it
appropriate to require maintenance of similar records for purposes of
this rule.
We propose to require accredited auditors/certification bodies
choosing to participate in this program to maintain their program
records in English. We believe this English-language records
requirement is necessary for our oversight based on, among other
things, our experience with the shrimp pilot (Ref. 6). During the pilot
project, we faced costly delays and logistical hurdles in attempting to
assess third-party [auditors/]certification bodies, because we needed
English-language translations of their records to be able to conduct
performance audits. Based on that experience, we believe that having
real-time access to English-language records is necessary for
conducting efficient and effective assessments to the fullest extent of
our authority.
We solicit comment on the English-language records requirement in
proposed Sec. 1.658 and on whether other approaches might be similarly
efficient and effective. For example, should we allow an accredited
auditor/certification body to maintain its records in a language other
than English, if the auditor/certification body would be required to
make an English translation of its records available ``promptly'' upon
a written FDA request? What should ``promptly'' mean in this context
(e.g., 2 business days of the written request)? Would such an approach
be as efficient and effective as the proposed English-language records
requirement would be? For comments offering other approaches, we
request a detailed description of the alternative, an analysis of the
impacts of the alternative on our ability to ensure the compliance of
accredited auditors/certification bodies with applicable FDA
requirements.
Based on section 808(c)(3)(B) of the FD&C Act, proposed Sec.
1.658(b) and (c) require an accredited auditor/certification body to
provide FDA access to records upon request of an officer or employee we
designate, except that reports or other documents of a consultative
audit must be made available to us only in accordance with the
requirements of subpart J (records access under section 414 of the FD&C
Act). Proposed Sec. 1.658(b) reflects section 808(c)(3)(C) of the FD&C
Act, which
[[Page 45818]]
states that reports or other documents resulting from a consultative
audit are accessible to us only under circumstances that meet the
threshold for records access under section 414 of the FD&C Act (21
U.S.C. 350c). Based on these statutory requirements, we can access such
documents from consultative audits in either of the following
circumstances: If we have a reasonable belief that an article of food,
and any other article of food that we reasonably believe is likely to
be affected in a similar manner, is adulterated and presents a threat
of SAHCODHA; or if we believe that there is a reasonable probability
that the use of or exposure to an article of food, and any other
article of food that we reasonably believe is likely to be affected in
a similar manner, will cause SAHCODHA, as described in Sec. 1.361 of
this part.
We have tentatively concluded that the records identified and the
records maintenance and access requirements in proposed Sec. 1.658 are
necessary to monitor and evaluate accredited certification bodies, as
directed by section 808(f)(2) of the FD&C Act. We believe it is
reasonable to require accredited auditors/certification bodies to
maintain such records for the maximum length of accreditation, 4 years.
We acknowledge that the requirements of proposed Sec. 1.658 may
require revisions to contracts and perhaps other documents establishing
and limiting the scope of an auditor's/certification body's authority
with respect to granting records access. We nonetheless have
tentatively concluded that such access is necessary to help ensure the
credibility of the program. We seek comment on this tentative
conclusion and on the specific records requirements we propose.
7. Procedures for Accreditation of Third-Party Auditors/Certification
Bodies
Table 7--Proposed Procedures for Third-Party Auditors/Certification
Bodies
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
1.660.................. Where do I apply for accreditation or renewal
of accreditation by a recognized accreditation
body?
1.661.................. What is the duration of accreditation?
1.662.................. How will FDA monitor accredited auditors/
certification bodies?
1.663.................. How do I request an FDA waiver or waiver
extension for the 13-month limit for audit
agents conducting regulatory audits?
1.664.................. When can FDA withdraw accreditation?
1.665.................. How do I voluntarily relinquish accreditation?
1.666.................. How do I request reaccreditation?
------------------------------------------------------------------------
a. Where do I apply to obtain accreditation from a recognized
accreditation body? (Proposed Sec. 1.660). This proposed rule explains
where interested third-party auditors/certification bodies could apply
for accreditation under our accredited third-party audits and
certification program.
Proposed Sec. 1.660 informs third-party auditors/certification
bodies that they must apply directly to a recognized accreditation body
for accreditation, except for those circumstances meeting the
requirements of proposed Sec. 1.670 for direct accreditation.
b. What is the duration of accreditation? (Proposed Sec. 1.661).
Proposed Sec. 1.661 states that accreditation of a third-party
auditor/certification body may be granted for a period up to 4 years.
This applies both to accreditations granted by recognized accreditation
bodies and to direct accreditations that we grant under proposed Sec.
1.672. We have tentatively concluded that 4 years is an appropriate
duration for an accreditation, because we believe the rigor and
credibility of this new program rests, in part, on the extent of
oversight of accredited third-party auditors/certification bodies to
conduct audits and to certify eligible foreign entities.
The process for renewal of accreditation provides an opportunity
for recognized accreditation bodies (and us, for directly accredited
auditors/certification bodies) to look closely at all aspects of the
auditor's/certification body's program and performance and to decide
anew whether the auditor/certification body meets the eligibility
requirements.
We note proposed Sec. 1.661 set the duration of accreditation in
the new accredited third-party auditor/certification body program for a
shorter period than the duration of accreditation we allow in the
mammography program under 21 CFR part 900, which is a time-tested
program. As we and the recognized accreditation bodies participating in
the accredited third-party audits and certification program for food
gain experience with the program, we may revisit this matter. For these
reasons, we have tentatively concluded that accreditation should be
granted for a period of no longer than 4 years. We seek comment on this
tentative conclusion.
c. How will FDA monitor accredited auditors/certification bodies?
(Proposed Sec. 1.662). This proposed rule would establish requirements
for our evaluation of the performance of accredited auditors/
certification bodies, based on section 808(f)(2) of the FD&C Act, which
requires us to monitor accredited auditors/certification bodies
periodically, or at least once every 4 years.
The statute makes no distinction between the frequency of our
monitoring necessary for auditors/certification bodies accredited by
recognized accreditation bodies and for auditors/certification bodies
that we directly accredit. However, we are proposing, in Sec. 1.621,
to require a recognized accreditation body to conduct annual
assessments of the performance of each third-party auditor/
certification body it accredited under this program. Under proposed
Sec. 1.662(a) we will perform our own performance evaluations of
auditors/certification bodies accredited by recognized accreditation
bodies at least once every 3 years for auditors/certifications bodies
accredited for 4 year terms, and at the mid-term point for auditors/
certification bodies accredited for less than 4 years. Proposed Sec.
1.662(a) also establishes requirements for our monitoring of directly
accredited auditors/certification bodies. In these circumstances, we
act in the role of a recognized accreditation body and will perform
annual monitoring. Not only would annual monitoring by us provide
oversight similar to the annual monitoring requirements of proposed
Sec. 1.621, but also it would satisfy the monitoring requirement of
section 808(f)(2) of the FD&C Act with respect to monitoring of
directly accredited auditors/certification bodies.
[[Page 45819]]
Proposed Sec. 1.662(b) identifies the types of information we may
review in conducting our evaluations of accredited auditors/
certification bodies. Proposed Sec. 1.662(c) makes clear that we can
conduct our evaluation of an auditor/certification body through onsite
observations of performance during the conduct of food safety audits
and through document review.
For both directly accredited auditors/certification bodies and
those accredited by recognized accreditation bodies, we will evaluate
performance based on whether the auditor/certification body continues
to comply with the requirements of Sec. Sec. 1.640 through 1.658 and
whether there are performance deficiencies that would warrant
withdrawal of accreditation under this rule. We seek comment on whether
the criteria in proposed Sec. 1.662(a) and (b) are appropriate for
evaluating accredited auditors/certification bodies under this program.
Additionally, we seek recommendations for possible approaches we might
use to monitor performance, such as conducting our inspections of a
certain number of eligible entities, shortly after the accredited
auditor/certification body conducted a food safety audit of an eligible
entity. For each such recommendation, we seek comment on the how the
approach might affect: (1) The incentives for auditors/certification
bodies to seek accreditation under our program, and (2) the degree of
oversight needed to meet the objectives of section 808 of the FD&C Act.
d. How do I request a waiver or waiver extension for the 13-month
limit for audit agents conducting regulatory audits? (Proposed Sec.
1.663). This proposed rule would allow accredited auditors/
certification bodies to seek an FDA waiver of the limit on audit agents
conducting regulatory audits of an eligible entity where they conducted
a regulatory or consultative audit in the preceding 13 months. Under
section 808(c)(4)(C)(ii) of the FD&C Act, we may waive the limit, which
appears in proposed Sec. 1.650(c), where there is insufficient access
to accredited certification bodies in the country or region where an
eligible entity is located. Proposed Sec. 1.663(a) establishes the
requirements for a waiver or waiver extension and proposed Sec.
1.663(b) to (f) describes the procedural requirements for a waiver or
waiver extension request, including electronic submission, in English.
Under proposed Sec. 1.663(g), we explain that an accredited auditor/
certification body should not use an audit agent subject to the 13-
month limit in proposed Sec. 1.650 unless we have granted the request
or the 13-month limit has elapsed. The procedural requirements in
proposed Sec. 1.663 mirror the procedural requirements for other
applications submitted to us.
e. When can FDA withdraw accreditation? (Proposed Sec. 1.664).
This proposed rule would establish the conditions under which we could
withdraw accreditation from an auditor/certification body, regardless
of whether it was directly accredited or accredited by a recognized
accreditation body.
Proposed Sec. 1.664(a) describes criteria for mandatory withdrawal
that reflect section 808(c)(6)(A) of the FD&C Act, which requires us to
withdraw accreditation in certain outbreak situations, whenever we find
that an accredited auditor/certification body is no longer meeting the
requirements for accreditation, or following a refusal to allow U.S.
officials to conduct audits and investigations to ensure compliance
with these requirements. The statute directs us to withdraw
accreditation if a food or facility certified by an accredited auditor/
certification body under our program is linked to an outbreak of
foodborne illness that has a reasonable probability of causing serious
adverse health consequences or death in human or animals, except under
section 808(c)(6)(C) of the FD&C Act, if we conduct an investigation of
the material facts of the outbreak, review the steps and actions taken
by the auditor/certification body, and determine that the accredited
auditor/certification body satisfied the requirements for issuance of
certification under this rule. The exception is set out in proposed
Sec. 1.664(b).
Section 808(c)(6)(B) of the FD&C Act allows us to withdraw
accreditation from an accredited auditor/certification body whose
accrediting body had its recognition revoked, if we determine there is
good cause for withdrawal. This statutory provision is reflected in
Sec. 1.664(c), which also provides two examples of circumstances we
believe provide good cause for withdrawal, including bias or lack of
objectivity and performance calling into question the validity or
reliability of its food safety audits and certifications.
In proposed Sec. 1.664(d) we provide for records access when
considering possible withdrawal of accreditation. In proposed Sec.
1.664(e) we provide for notice of withdrawal of accreditation and
describe the processes to challenge such withdrawal.
Proposed Sec. 1.665(f) describes the effect of withdrawal on
eligible entities. In general, a food or facility certification issued
by an accredited auditor/certification prior to withdrawal of
accreditation will remain in effect until it terminates by expiration,
except if we have reason to believe a certification issued for purposes
of section 801(q) of the FD&C Act is not valid or reliable, we can
refuse to accept the certification.
Proposed Sec. 1.664(g)(1) explains that FDA will notify the
recognized accreditation body that accredited the third-party auditor/
certification body whose accreditation was withdrawn by FDA. In such
circumstances, proposed Sec. 1.664(g)(1) requires the recognized
accreditation body to conduct a self-assessment, as described in Sec.
1.622, and report the results of such self-assessment to FDA within 2
months after withdrawal, as required by Sec. 1.623(b). Proposed Sec.
1.664(g)(2) explains that FDA may revoke recognition of an
accreditation body whenever FDA determines there is good cause for
revocation under proposed Sec. 1.634.
Proposed Sec. 1.664(h) provides for public notice of withdrawal of
accreditation on FDA's Web site. We believe this information is
necessary in the interest of transparency.
f. How do I voluntarily relinquish accreditation? (Proposed Sec.
1.665). This proposed rule would allow accredited auditors/
certification bodies to voluntarily relinquish their accreditations
before they expire and without having them withdrawn by FDA.
Proposed Sec. 1.665 offers the mechanism for voluntarily
relinquishment before it terminates by expiration. Relinquishment on
the initiative of the auditor/certification body is distinct from
withdrawal of accreditation for cause.
The mammography regulations in 21 CFR 900.3 offer accreditation
bodies the opportunity to voluntarily relinquish their authority to
grant accreditation. We believe that auditors/certification bodies
operating under our accredited third-party audits and certification
program should have the option to voluntarily relinquish their
accreditation for their business reasons. We are proposing certain
procedural requirements--similar to those contained in the mammography
regulations--which auditors/certification bodies must follow in
relinquishing accreditation. We believe these measures are necessary to
ensure an orderly transition for eligible entities certified by the
auditor/certification body that is relinquishing its accreditation, and
for us to make the necessary adjustments in the program.
Proposed Sec. 1.665(a) requires auditors/certification bodies to
notify us and to
[[Page 45820]]
notify their accreditation body (where applicable) at least 6 months
before relinquishing accreditation. We propose to require such
notifications to be submitted electronically and in English. To ensure
that we have the ability to maintain adequate oversight of the program,
including through access the records of the auditor/certification body,
the notice required under proposed Sec. 1.665(a) must identify the
location where the records required by proposed Sec. 1.658 will be
maintained.
The decision to relinquish accreditation is made solely by the
third-party auditor/certification body, without FDA involvement.
Therefore, in relinquishing accreditation under proposed Sec.
1.665(a), the auditor/certification body would waive its rights to
appeal, because there is no FDA action to serve as the basis for
appeal.
Proposed Sec. 1.665(b) requires the accreditation body to notify
any eligible entity to which it issued a food or facility certification
no later than 15 business days after notifying FDA of its intent to
voluntarily relinquish accreditation.
Proposed Sec. 1.665(c) describes the effects of relinquishment of
accreditation on certification issued by an auditor/certification body
prior to relinquishing its accreditation. In considering the impact of
relinquishment on eligible entities, we were mindful that such entities
would likely have little, if any, opportunity to provide input on a
decision by its auditor/certification body whether or not to relinquish
accreditation. We believe that, under most circumstances, the fact that
an auditor/certification body decided to relinquish its accreditation
is likely to have no bearing on the validity or reliability of
certifications it issued. Therefore, we have tentatively concluded that
the certification of an eligible entity whose auditor/certification
body voluntarily relinquished its accreditation under proposed Sec.
1.665 will remain in effect (subject to recertification under proposed
Sec. 1.681), except that we may refuse to consider a certification
issued for purposes of section 801(q) of the FD&C Act, if we have
reason to believe the certification is not valid or reliable.
Proposed Sec. 1.665(d) provides for public notice on our Web site
of the voluntary relinquishment of accreditation by an auditor/
certification body.
g. How do I request reaccreditation? (Proposed Sec. 1.666). This
proposed rule would allow a third-party auditor/certification body to
become reaccredited after withdrawal or relinquishment of its
accreditation.
Section 808(c)(7) of the FD&C Act requires us to establish
procedures to reinstate the accreditation of an auditor/certification
body for which we have withdrawn accreditation. Under proposed Sec.
1.666(a), we will reinstate accreditation if the auditor/certification
body can demonstrate that the grounds for withdrawal no longer exist,
or if the withdrawal was prompted by the revocation of recognition of
its accreditation body and the auditor/certification body finds a new
recognized accreditation body, becomes directly accredited, or
otherwise meets conditions we impose in the withdrawal. Under proposed
Sec. 1.666(b), an auditor/certification body that voluntarily
relinquished its accreditation may become reaccredited by submitting a
new application for accreditation under proposed Sec. 1.660 or Sec.
1.670 (where the criteria for direct accreditation are met).
8. Additional Procedures for Direct Accreditation of a Third-Party
Auditors/Certification Bodies
Table 8--Additional Procedures Proposed for Direct Accreditation of
Third-Party Auditors/Certification Bodies
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
1.670.................. How do I apply to FDA for direct accreditation
or renewal of direct accreditation?
1.671.................. How will FDA review applications for direct
accreditation and for renewal of direct
accreditation?
1.672.................. What is the duration of direct accreditation?
------------------------------------------------------------------------
a. How do I apply to FDA for direct accreditation or renewal of
direct accreditation? (Proposed Sec. 1.670). This proposed rule
describes the circumstances and procedures that would apply for direct
accreditation and renewal of direct accreditation.
Proposed Sec. 1.670 describes the conditions under which we will
accept applications for direct accreditation, reflecting the statutory
language in section 808(b)(1)(A)(ii) of the FD&C Act, which allows us
to directly accredit auditors/certification bodies if we have not
identified and recognized an accreditation body to meet the
requirements of section 808 of the FD&C Act within 2 years after
establishing our program. Proposed Sec. 1.670(a)(1) identifies certain
circumstances and criteria that we have tentatively concluded are
relevant for determining whether we have not identified and recognized
an accreditation body to meet the requirements of section 808 of the
FD&C Act. Proposed Sec. 1.670(a)(2) specifies conditions under which
we may revoke or modify such a determination. Proposed Sec.
1.670(a)(3) provides for public notice of such determination or its
revocation or revision.
Proposed Sec. 1.670(b) sets out the procedures for applying for
direct accreditation or renewal of direct accreditation. This mirrors
the procedures for applications established elsewhere under this rule.
b. How will FDA review applications for direct accreditation and
for renewal of direct accreditation? (Proposed Sec. 1.671). This
proposed rule would establish procedures for processing applications
for direct accreditation and for renewal of direct accreditation.
Proposed Sec. 1.671 describes a process for reviewing and deciding
on applications for direct accreditation and renewal that is consistent
with the procedures for reviewing and deciding on applications under
other provisions in this rule. For example, we propose to establish a
queue for direct accreditation and renewal applications based on the
date on which an application was completed, and we will review
applications on a first in, first out basis. We will inform applicants
of deficiencies in application documentation. To encourage applicants
to supply any missing information promptly, we will not place an
application in the queue until it is complete. Allowing incomplete
applications in the queue might block applications that are ready for
review, but were submitted later in time.
We will inform an applicant once its application has been placed in
the queue. We will review each application for direct accreditation or
renewal of direct accreditation to determine
[[Page 45821]]
whether the applicant meets the eligibility requirements of proposed
Sec. 1.640. We will communicate anticipated processing periods to
applicants. We are not proposing to include specific timeframes for
review in the regulation, for the following reasons: (1) It is
difficult to project, at this time, the amount of resources that will
be available to us for this program, which under section 808(c)(8) of
the FD&C Act, is funded through user fees established by regulation;
and (2) we anticipate that, as we gain experience in reviewing
applications and in overall administration of the program, we will
become more efficient in processing applications but currently lack
data that would allow us to reasonably estimate the effect of
efficiency gains on review times.
Under proposed Sec. 1.671(c), (d), and (e), we will notify an
applicant, in writing, whether the application has been approved or
denied. If approved, the notice will describe any conditions imposed on
the direct accreditation. If denied, the notice will state the basis
for the denial and will describe procedures for requesting
reconsideration of the decision. We believe this provision offers
necessary protections for applicants. We seek comment on the process
and procedures required by proposed Sec. 1.671.
c. What is the duration of direct accreditation? (Proposed Sec.
1.672). This proposed rule would establish the duration of
accreditation.
Proposed Sec. 1.672 states that direct accreditation of a third-
party auditor/certification body may be granted for a period up to 4
years. Similarly, proposed Sec. 1.661 allows a recognized
accreditation body to grant accreditation for a period of up to 4
years. We have tentatively concluded that 4 years is an appropriate
duration for an accreditation--whether granted by a recognized
accreditation body or by us--because we believe the rigor and
credibility of this new program rests, in part, on the extent of
oversight of accredited third-party auditors/certification bodies to
conduct audits and to certify eligible foreign entities. The process
for renewal of accreditation provides an opportunity for us to look
closely at all aspects of the auditor's/certification body's program
and performance and to decide anew whether the auditor/certification
body meets the eligibility requirements for accreditation.
We are proposing to set the duration of accreditation under this
new program for a shorter period than the duration of accreditation we
allow under 21 CFR part 900, which is the mammography program
established several years ago. As we gain experience with accredited
auditors/certification bodies in the food and feed programs, we may
revisit this matter. For these reasons, we have tentatively concluded
that accreditation should be granted for a period of no longer than 4
years. We seek comment on this tentative conclusion.
9. Requirements for Eligible Entities
Table 9--Proposed Requirements for Eligible Entities
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
1.680.................. How and when will FDA monitor eligible
entities?
1.681.................. How frequently must eligible entities be
recertified?
------------------------------------------------------------------------
a. How and when will FDA monitor eligible entities? (Proposed Sec.
1.680). This proposed rule would provide for FDA monitoring of eligible
entities that choose to be audited under our program.
Proposed Sec. 1.680(a) states that we may conduct an onsite audit
of an eligible entity that has received certification under this
program, as allowed under section 808(f)(3) of the FD&C Act, which
specifies that we may conduct an onsite audit of a certified entity at
any time, with or without the accredited auditor/certification body
present. Proposed Sec. 1.680(b) reflects section 808(h)(1) of the FD&C
Act, explaining that a food safety audit conducted under this program
is not considered an inspection under section 704 of the FD&C Act.
b. How frequently must eligible entities be recertified? (Proposed
Sec. 1.681). This proposed rule would require eligible entities to be
recertified annually.
Section 808(d) of the FD&C Act requires eligible entities to apply
for annual certification for food required to have certification under
section 801(q) of the FD&C Act or for its facility, if it intends the
certification to be used by an importer in establishing eligibility to
participate in VQIP under section 806 of the FD&C Act. This statutory
requirement is reflected in proposed Sec. 1.681(a). Proposed Sec.
1.681(b) states that FDA may require renewal of a food certification at
any time FDA determines appropriate under section 801(q)(4)(A) of the
FD&C Act.
10. General Requirements
Table 10--Proposed General Requirements
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
1.690.................. How will FDA make information about recognized
accreditation bodies and accredited auditors/
certification bodies available to the public?
1.691.................. How do I request reconsideration of a denial by
FDA of an application or a waiver request?
1.692.................. How do I request internal agency review of a
denial of an application or waiver request
upon reconsideration?
1.693.................. How do I request a regulatory hearing on a
revocation of recognition or withdrawal of
accreditation?
------------------------------------------------------------------------
a. How will FDA make information about recognized accreditation
bodies and accredited auditors/certification bodies available to the
public? (Proposed Sec. 1.690). This proposed rule explains how and
where we would make information on the accredited third-party audits
and certification program public. Section 808(g) of the FD&C Act
requires us to establish a publicly available registry of recognized
accreditation bodies and accredited auditors/certification bodies,
including their names and contact information.
Proposed Sec. 1.690 provides that we will post on our Web site a
registry of recognized accreditation bodies and of accredited auditors/
certification bodies
[[Page 45822]]
and explains that we may meet the obligation with respect to accredited
auditors/certification bodies by establishing links on our Web site to
the Web sites of recognized accreditation bodies, who are required to
maintain this information for auditors/certification bodies they
accredit under this program. As appropriate based on available
resources, we may use such links in the interest of minimizing the
administrative burden on us and in acknowledgement that some
accreditation bodies currently maintain such information on their Web
sites. We are seeking comment on our proposed public registry.
b. How do I request reconsideration of a denial by FDA of an
application or a waiver request? (Proposed Sec. 1.691). This proposed
rule would establish procedures for an applicant or requestor to seek
reconsideration of a denial. Under proposed Sec. 1.691, accreditation
bodies and certification bodies may ask us to reconsider an application
or waiver request we previously denied. The types of applications and
requests that may be reconsidered are: (1) Denial of an application for
recognition or for renewal of recognition; (2) denial of an application
submitted to reinstate recognition; or (3) denial of a request for a
waiver of the 13-month limit on audit agents or for a waiver extension;
(4) denial of an application for direct accreditation or for renewal of
direct accreditation; and (5) denial of an application for
reaccreditation.
The procedures described in proposed Sec. 1.691 require submission
of the request for reconsideration within 10 business days of the date
of such decision, in accordance with the procedures described in the
notice of denial, including requirements relating to submission of
supporting information. Within a reasonable time after completing its
review and evaluation of the request for reconsideration and the
supporting information (if any) submitted, we will notify the
requestor, in writing, of our decision to grant the application or
waiver request upon reconsideration, or our decision to deny upon
reconsideration the application or waiver request.
c. How do I request internal Agency review of a denial of an
application or waiver request upon reconsideration? (Proposed Sec.
1.692). This proposed rule would offer additional process for
applicants or requestors whose request for reconsideration was denied.
Proposed Sec. 1.692 states that the requestor who received a
denial upon reconsideration may seek internal Agency review of such
denial under 21 CFR 10.75(c)(1), which is a currently established
process for review but different than the initial review process under
proposed Sec. 1.691. The request for internal Agency review must be
submitted within 10 business days of the date of denial upon
reconsideration, in accordance with procedures described in the denial
upon reconsideration and must be signed by the accreditation body or
certification body, as appropriate, or by an individual authorized to
act on its behalf. Internal Agency review of the denial upon
reconsideration must be based on the information in the administrative
file, which will include any supporting information submitted under
proposed Sec. 1.691(c). Within a reasonable time after completing the
review and evaluation of the administrative file, we will notify the
requestor, in writing, of our decision to overturn the denial and grant
the application or waiver request or to affirm the denial. Affirmation
of a denial constitutes final Agency action for purposes of 5 U.S.C.
702.
d. How do I request a regulatory hearing on a revocation of
recognition or withdrawal of accreditation? (Proposed Sec. 1.693).
This proposed rule explains the procedures that would be used for
challenges to revocation of recognition or withdrawal of accreditation.
Under proposed Sec. 1.693(a) an accreditation body whose
recognition was revoked (or an individual authorized to act on its
behalf) may submit a request for a regulatory hearing, under part 16,
on the revocation. The request must be submitted within 10 business
days of the date of revocation. Similarly, under proposed Sec.
1.693(b) a certification body whose accreditation was withdrawn by FDA
may submit a request for a part 16 regulatory hearing on the
withdrawal. Such request must be submitted within 10 business days of
the date of withdrawal. Written notices of revocation and of withdrawal
will contain all of the elements required by Sec. 16.22 of this
chapter and will thereby constitute the notice of an opportunity for
hearing under part 16 of this chapter.
Under proposed Sec. 1.693(c), the request for a regulatory hearing
under paragraph (a) or (b) of this section must be submitted with a
written appeal that responds to the bases for our decision described in
the written notice of revocation or withdrawal, as appropriate,
together with any supporting information upon which the requestor is
relying. The request, appeal, and supporting information must be
submitted in accordance with the procedures described in the notice.
Proposed Sec. 1.693 makes clear that the submission of a request
for a regulatory hearing under this subpart will not operate to delay
or stay the effect of our decision to revoke recognition of an
accreditation body or to withdraw accreditation of a certification body
unless we determine that delay or a stay is in the public interest.
Under proposed Sec. 1.693(e) and (f), the presiding officer for a
regulatory hearing under this subpart will be designated after a
request for a regulatory hearing is submitted to us. The presiding
officer may deny a request for regulatory hearing under this subpart
pursuant to Sec. 16.26(a) of this chapter.
Proposed Sec. 1.693(g) states that if a hearing request is
granted, the hearing will be held within 10 business days after the
date the request was filed or, if applicable, within a time frame
agreed upon in writing by requestor and the presiding officer. The
presiding officer may require that a hearing conducted under this
subpart be completed within 1 business day, as appropriate.
The presiding officer must conduct the hearing under part 16 of
this chapter, except that, under Sec. 16.5(b) of this chapter, the
procedures for a regulatory hearing described in part 16 of this
chapter apply only to the extent that such procedures are supplementary
and not in conflict with the procedures specified for the conduct of
regulatory hearings under this subpart. Based on Sec. 16.5(b), the
following requirements of part 16 of this chapter are inapplicable to
regulatory hearings conducted under this subpart: The requirements of
Sec. 16.22 (Initiation of a regulatory hearing), Sec. 16.24(e)
(Timing) and (f) (Contents of notice), Sec. 16.40 (Commissioner),
Sec. 16.95(b) (Administrative decision and record for decision), and
Sec. 16.119 (Reconsideration and stay of action).
Proposed Sec. 1.693(g)(4) states that a decision by the presiding
officer to affirm the revocation of recognition or the withdrawal of
accreditation that served as the basis for the request for a regulatory
hearing is considered a final Agency action for purposes of 5 U.S.C.
702.
11. Audits for Other Purposes
[[Page 45823]]
Table 11--Proposed Use of Regulatory Audit Reports Under Subpart L
------------------------------------------------------------------------
Proposed rule section Title
------------------------------------------------------------------------
1.698.................. May importers use reports of regulatory audits
by accredited auditors/certification bodies
for purposes of subpart L of this part?
------------------------------------------------------------------------
May importers use reports of regulatory audits by accredited
auditors/certification bodies for purposes of subpart L of this part?
(Proposed Sec. 1.698). This proposed rule would allow importers to use
certain information from accredited auditors/certification bodies in
meeting the Foreign Supplier Verification Program (FSVP) requirements.
Proposed Sec. 1.698 allows an importer, as defined in the proposed
regulations for the FSVP published elsewhere in this edition of the
Federal Register, to use a report of a regulatory audit of a foreign
supplier (which is an eligible entity), in meeting the verification
requirements under the proposed FSVP regulations.
The FSVP proposed rule would require importers to verify that
hazards identified as reasonably likely to occur are being adequately
controlled. Onsite auditing may be used under the FSVP proposed rule.
While the FSVP proposed rule would not require use of accredited
auditors/certification bodies, we believe accredited auditor/
certification body program we are establishing under section 808 of the
FD&C Act will help ensure the rigor and objectivity of audits performed
by auditors/certification bodies accredited under our program.
Proposed Sec. 1.698 allows an importer required (or having the
option) to perform onsite auditing of its foreign supplier to comply
with the FSVP proposed rule to use the results of a regulatory audit in
meeting such requirement. The regulatory audit report of the foreign
supplier would be the documentation of such verification activity. (We
have tentatively concluded that the report of a consultative audit
would not be appropriate documentation for purposes of the proposed
FSVP rule. Among other things, consultative audits are defined as being
conducted for internal purposes only and are conducted against industry
standards as well as the requirements of the FD&C Act.)
We see significant value in having the food industry use competent
and impartial auditors/certification bodies to conduct food safety
audits of their facilities and are aware that many leaders in the food
industry are working to assure those objectives are achieved. We
believe that the accredited third-party audits and certification
program we are establishing to implement section 808 of the FD&C Act
offers a credible system to help ensure that the audits conducted by
auditors/certification bodies accredited under our program and the
certifications they issue based on the results of those audits are
valid and reliable not only to us, but also to companies throughout the
supply chain of the audited facility. We further believe that our
involvement, as the regulator responsible with oversight of these
facilities, offers an added level of assurance to consumers in the
validity of these third-party audits--a confidence they otherwise might
not gain from private audit systems.
It is our intent that the program we establish for foreign food
safety audits be solidly grounded in the key principles set out in the
statute and in the international standards and best practices that are
currently used by leaders at the forefront of efforts to ensure auditor
competency and objectivity. We realize that the same principles and
standards that are features of a rigorous and credible program for
audits of foreign firms would likewise hold great merit for audits of
domestic food facilities.
We seek comment on the value of, and need for, a program
established and administered by FDA for the use of accredited auditors/
certification bodies to conduct domestic food safety audits. We seek
input on whether accreditation bodies, auditors/certification bodies,
and domestic food facilities might be interested in such a program and
the incentives we might offer to encourage participation.
B. Proposed Revisions to Part 16
We are proposing a conforming change to the section of the CFR that
describes procedures for regulatory hearings that would add revocation
of recognition of an accreditation body and withdrawal of accreditation
of a third-party auditor/certification body to the list of actions for
which a hearing under this part may be held. The affected section in
title 21 of the CFR is 16.1.
V. Analysis of Environmental Impact
We have carefully considered the potential environmental effects of
this action. We have concluded, under 21 CFR 25.30(h), that this action
is of a type that does not individually or cumulatively have a
significant effect on the human environment. Therefore, neither an
environmental assessment nor an environmental impact statement is
required (Ref. 34).
VI. Federalism
We have analyzed this proposed rule in accordance with the
principles set forth in Executive Order 13132. We have determined that
the proposed rule does not contain policies that have substantial
direct effects on the States, on the relationship between the National
Government and the States, or on the distribution of power and
responsibilities among the various levels of government. Accordingly,
we have concluded that the proposed rule does not contain policies that
have federalism implications as defined in the Executive order and,
consequently, a federalism summary impact statement is not required.
VII. Comments
Interested persons may submit either electronic comments regarding
this document to https://www.regulations.gov or written comments to the
Division of Dockets Management (see ADDRESSES). It is only necessary to
send one set of comments. Identify comments with the docket number
found in brackets in the heading of this document. Received comments
may be seen in the Division of Dockets Management between 9 a.m. and 4
p.m., Monday through Friday, and will be posted to the docket at https://www.regulations.gov.
VIII. References
The following references have been placed on display in the
Division of Dockets Management (see ADDRESSES) and may be seen by
interested persons between 9 a.m. and 4 p.m., Monday through Friday.
(FDA has verified all the Web site addresses in this References
section, but FDA is not responsible for any subsequent changes to the
Web sites after this document publishes in the Federal Register).
1. Centers for Disease Control and Prevention. ``CDC research shows
outbreaks linked to imported foods increasing.'' https://www.cdc.gov/media/releases/2012/p0314_foodborne.html. Accessed April 23, 2013.
[[Page 45824]]
2. ``Notification to the World Trade Organization (G/SPS/N/USA/
2156).'' Food and Drug Administration, 2011. https://docs.wto.org/imrd/directdoc.asp?DDFDocuments/t/G/SPS/NUSA2156.DOC.
3. International Organization for Standardization/CASCO. ``Building
Trust: The Conformity Assessment Toolbox,'' 2009. https://www.iso.org/iso/casco_building-trust.pdf. Accessed April 23, 2013.
4. U.S. Agency for International Development. ``The Relationship of
Third-Party Certification (TPC) to Sanitary/Phytosanitary (SPS)
Measures and the International Agri-Food Trade: Final Report,''
2005. https://cs3.msu.edu/d/pubs/
The%20Relationship%20of%20TPC%20to%20SPS%20Measures--
Final%20Report%20+%20Annexes.pdf. Accessed April 23, 2013.
5. ``Guidance for Industry--Voluntary Third-Party Certification
Program for Foods and Feeds,'' 2009. Food and Drug Administration.
https://www.fda.gov/regulatoryinformation/guidances/ucm125431.html.
6. ``Assessment of the Third-Party Certification Program for
Aquacultured Shrimp,'' 2011. Food and Drug Administration. https://www.fda.gov/Food/GuidanceRegulation/GuidanceDocumentsRegulatoryInformation/Seafood/ucm265934.htm.
7. ``Mammography Quality Standards Act and Program, Facility
Certification and Inspection (MQSA).'' Food and Drug Administration.
https://www.fda.gov/Radiation-EmittingProducts/MammographyQualityStandardsActandProgram/AbouttheMammographyProgram/default.htm. Accessed on April 23, 2013. Last Modified 2012.
8. ``Import Alert 28-20 Detention Without Physical Examination of
Indian Pepper.'' https://www.accessdata.fda.gov/cms_ia/importalert_90.html. Accessed April 23, 2013. Last Modified 2011.
9. ``Memorandum of Understanding Between the Food and Drug
Administration, Department of Health and Human Services, United
States of America and the Ministry of Agriculture of the Republic of
France Covering Caseins, Caseinates, and Mixtures Thereof Exported
to the United States of America.'' Food and Drug Administration.
https://www.fda.gov/InternationalPrograms/Agreements/MemorandaofUnderstanding/ucm107563.htm. Accessed on April 23, 2013.
Last Modified 1987. ``Cooperative Arrangement with the Department of
Agriculture, Fisheries, and Food of Ireland Concerning Certification
Requirements for Caseins, Caseinates, and Mixtures Thereof Exported
from Ireland to the United States of America.'' Food and Drug
Administration. https://www.fda.gov/InternationalPrograms/Agreements/MemorandaofUnderstanding/ucm107596.htm. Accessed on April 23, 2013.
Last Modified 2010. ``Memorandum of Understanding Between the Food
and Drug Administration and the Royal Norwegian Ministry of
Agriculture Covering Rennet Casein Exported to the United States of
America.'' Food and Drug Administration. https://www.fda.gov/InternationalPrograms/Agreements/MemorandaofUnderstanding/ucm107618.htm. Accessed on April 23, 2013. Last Modified 1982.
10. Government Accountability Office. ``Food Safety: FDA Can Better
Oversee Food Imports by Assessing and Leveraging Other Countries'
Oversight Resources (GAO-12-933),'' 2012. https://www.gao.gov/assets/650/649010.pdf.
11. National Academies Press. ``Enhancing Food Safety: The Role of
the Food and Drug Administration,'' 2010. https://www.iom.edu/Reports/2010/Enhancing-Food-Safety-The-Role-of-the-Food-and-Drug-Administration.aspx.
12. ``Manufactured Foods Regulatory Program Standards.'' Food and
Drug Administration. https://www.fda.gov/downloads/RegulatoryInformation/Guidances/UCM125448.pdf. Accessed on April 23,
2013. Last Modified 2007.
13. ``Ensuring the Safety of Imported Foods and Animal Feed:
Comparability of Food Safety Systems and Import Practices of Foreign
Countries; Notice of Public Hearing; Request for Comments, 2011.''
Food and Drug Administration. https://www.fda.gov/Food/NewsEvents/WorkshopsMeetingsConferences/ucm243781.htm. Accessed on April 23,
2013.
14. ``Draft International Comparability Assessment Tool, 2010.''
Food and Drug Administration. https://www.fda.gov/downloads/Food/InternationalInteragencyCoordination/UCM331177.pdf. Accessed on
April 23, 2013.
15. ``Circular A-119 Federal Participation in the Development and
Use of Voluntary Consensus Standards and in Conformity Assessment
Activities, 1998.'' Office of Management and Budget. https://www.whitehouse.gov/omb/circulars_a119. Accessed on April 23, 2013.
16. ``Federal Participation in the Development and Use of Voluntary
Consensus Standards and in Conformity Assessment Activities; Request
for Information and Notice of Public Workshop, 2012.'' Office of
Management and Budget. https://www.regulations.gov/#!documentDetail;D=OMB-2012-0003-0001. Accessed on April 23, 2013.
17. ``ISO/IEC 17000:2004 Conformity assessment--Vocabulary and
General Principles.'' International Organization for
Standardization/International Electrotechnical Commission. Accessed
on April 23, 2013. Copies are available from the International
Organization for Standardization, 1, rue de Varembe, Case postale
56, CH-1211 Geneve 20, Switzerland, or on the Internet at https://www.iso.org/iso/catalogue_detail.htm?csnumber=29316 or may be
examined at the Division of Dockets Management (see ADDRESSES) (Ref.
Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66).
18. ``ISO/IEC 17011:2004 Conformity assessment--General requirements
for accreditation bodies accrediting conformity assessment bodies.''
International Organization for Standardization/International
Electrotechnical Commission. Accessed on April 23, 2013. Copies are
available from the International Organization for Standardization,
1, rue de Varembe, Case postale 56, CH-1211 Geneve 20, Switzerland,
or on the Internet at https://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=29332 or may be examined at the
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
19. ``ISO/IEC 17021: 2006/2011 Conformity assessment--Requirements
for bodies providing audit and certification of management
systems.'' International Organization for Standardization/
International Electrotechnical Commission. Accessed on April 23,
2013. Last Modified 2011. Copies are available from the
International Organization for Standardization, 1, rue de Varembe,
Case postale 56, CH-1211 Geneve 20, Switzerland, or on the Internet
at https://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=46568 or may be examined at the Division of
Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-2011-N-0146
and/or RIN 0910-AG66).
20. ``ISO/IEC Guide 65:1996 General requirements for bodies
operating product certification systems.'' International
Organization for Standardization/International Electrotechnical
Commission. Accessed on February 27, 2013. Copies are available from
the International Electrotechnical Commission, 3, rue de Varembe,
P.O. Box 131, CH-1211 Geneva 20--Switzerland, or on the Internet at
https://webstore.iec.ch/webstore/webstore.nsf/Artnum_PK/40140, or
may be examined at the Division of Dockets Management (see
ADDRESSES) (Ref. Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66).
``ISO/IEC 17065:2012 Conformity assessment--Requirements for bodies
certifying products, processes and services.'' International
Organization for Standardization/International Electrotechnical
Commission. Accessed on April 23, 2013. Copies are available from
the International Organization for Standardization, 1, rue de
Varembe, Case postale 56, CH-1211 Geneve 20, Switzerland, or on the
Internet at https://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=46568 or may be examined at the
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
21. ``ISO/TS 22003:2007 Food safety management systems--Requirements
for bodies providing audit and certification of food safety
management systems.'' International Organization for
Standardization/International Electrotechnical Commission. Accessed
on April 23, 2013. Copies are available from the International
Organization for
[[Page 45825]]
Standardization, 1, rue de Varembe, Case postale 56, CH-1211 Geneve
20, Switzerland, or on the Internet at https://www.iso.org/iso/home/store/cataloguetc/catalogue_detail.htm?csnumber=39834 or may be
examined at the Division of Dockets Management (see ADDRESSES) (Ref.
Docket No. FDA-2011-N-0146 and/or RIN 0910-AG66).
22. ``Enhancing Food Safety Through Third-Party Certification.''
Global Food Safety Initiative. https://www.mygfsi.com/technical-resources/global-regulatory-affairs-working-group.html. Accessed on
April 23, 2013. Last Modified 2011.
23. ``GFSI Guidance Document Sixth Edition, Version 6.2.'' Global
Food Safety Initiative. https://www.mygfsi.com/gfsifiles/GFSI_Guidance_Document_Sixth_Edition_Version_6.2.pdf. Accessed on
April 23, 2013. Last Modified 2012.
24. ``Accreditation Services,'' 2013. American National Standards
Institute. https://www.ansica.org/wwwversion2/outside/PROsectorprograms.asp?menuID=1. Accessed on April 23, 2013.
25. Food and Drug Administration. Analysis to examine the impacts of
the proposed rules for the Foreign Supplier Verification Program and
the Accreditation of Third-Party Auditors/Certification Bodies to
Conduct Food Safety Audits and to Issue Certifications under
Executive Order 12866, Executive Order 13563, the Regulatory
Flexibility Act (5 U.S.C. 601-612), the Unfunded Mandates Reform Act
of 1995 (Pub. L. 104-4), and the Paperwork Reduction Act of 1995 (44
U.S.C. 3501-3520), 2013. https://www.fda.gov/AboutFDA/ReportsManualsForms/Reports/EconomicAnalyses/default.htm. Accessed
on July 22, 2013.
26. Codex Alimentarius Commission. Principles for Food Import and
Export Inspection and Certification (CAC/GL 20-1995).
www.codexalimentarius.org/input/download/standards/37/CXG_020e.pdf.
Accessed on April 23, 2013.
27. ``Policy Memorandum, Certification of Grower Groups,'' 2011.
U.S. Department of Agriculture Agricultural Marketing Service
National Organic Program. https://www.ams.usda.gov/AMSv1.0/getfile?dDocName=STELPRDC5088955. Accessed on April 23, 2013.
28. ``NVCASE Program Handbook: Procedures for Obtaining NIST
Recognition as an Accreditor (NISTIR 6440),'' 2004. National
Institute for Standards and Technology. https://gsi.nist.gov/global/docs/NVCASE_Handbook.pdf. Accessed on April 23, 2013.
29. ``GFSI Requirements on the Application of ISO/IEC 17011:2004,''
2009. Global Food Safety Initiative. https://www.mygfsi.com/gfsifiles/GFSI_ISO_17011_Requirements_190209_Final_IAF.pdf.
Accessed April 23, 2013.
30. ``Multilateral Recognition Arrangement Documents (ML Series).''
International Accreditation Forum. https://www.iaf.nu/articles/MRA_Documents/39. Accessed April 23, 2013.
31. ``Letter to Interested Parties re: Draft WaterSense[supreg]
Program,'' 2007. Environmental Protection Agency. https://www.epa.gov/watersense/docs/cert_scheme_cover_letter508.pdf.
Accessed on April 23, 2013. ``WaterSense[supreg] Program, Product
Certification System, Version 2.0,'' 2011. Environmental Protection
Agency. https://www.epa.gov/watersense/docs/cert_system_508.pdf.
Accessed on April 23, 2013.
32. ``Global Standard for Food Safety, Issue 6,'' 2012. British
Retail Consortium. Copies are available from the British Retail
Consortium, Second Floor, 21 Dartmouth Street, London SW1H 9BP, or
on the Internet at https://www.brcglobalstandards.com/GlobalStandards/Standards/Food.aspx or may be examined at the
Division of Dockets Management (see ADDRESSES) (Ref. Docket No. FDA-
2011-N-0146 and/or RIN 0910-AG66).
33. ``Recalls Background and Definitions.'' Food and Drug
Administration. https://www.fda.gov/Safety/Recalls/IndustryGuidance/ucm129337.htm. Accessed on April 23, 2013. Last Modified 2009.
34. McCarthy, A. and Food and Drug Administration. ``Memorandum:
Establishment of regulation to accredit third-party auditors and
laboratories as required by the Food Safety Modernization Act of
2011.''
List of Subjects
21 CFR Part 1
Cosmetics, Drugs, Exports, Food labeling, Imports, Labeling,
Reporting and recordkeeping requirements.
21 CFR Part 16
Administrative practice and procedure.
Therefore, under the Federal Food, Drug, and Cosmetic Act and under
authority delegated to the Commissioner of Food and Drugs, it is
proposed that 21 CFR parts 1 and 16 be amended as follows:
PART 1--GENERAL ENFORCEMENT REGULATIONS
0
1. The authority citation for 21 CFR part 1 is revised to read as
follows:
Authority: 15 U.S.C. 1453, 1454, 1455; 19 U.S.C. 1490, 1491; 21
U.S.C. 321, 331, 332, 333, 334, 335a, 343, 350c, 350d, 350k, 352,
355, 360b, 362, 371, 374, 381, 382, 384a, 384b, 384d, 393, 42 U.S.C.
216, 241, 243, 262, 264.
0
2. Add subpart M, consisting of Sec. Sec. 1.600 through 1.698, to read
as follows:
Subpart M--Accredited Third-Party Food Safety Audits and Food or
Facility Certification
1.600 What definitions apply to this subpart?
1.601 Who is subject to this subpart?
Recognition of Accreditation Bodies Under This Subpart
1.610 Who is eligible for recognition?
1.611 What legal authority must an accreditation body have to
qualify for recognition?
1.612 What competency and capacity must an accreditation body have
to qualify for recognition?
1.613 What protections against conflicts of interest must an
accreditation body have to qualify for recognition?
1.614 What quality assurance procedures must an accreditation body
have to qualify for recognition?
1.615 What records procedures must an accreditation body have to
qualify for recognition?
Requirements for Recognized Accreditation Bodies Under This Subpart
1.620 How must a recognized accreditation body assess third-party
auditors/certification bodies seeking accreditation?
1.621 How must a recognized accreditation body monitor the
performance of third-party auditors/certification bodies it
accredits?
1.622 How must a recognized accreditation body monitor its own
performance?
1.623 What reports and notifications must a recognized accreditation
body submit to FDA?
1.624 How must a recognized accreditation body protect against
conflicts of interest?
1.625 What records requirements must a recognized accreditation body
meet?
Procedures for Recognition of Accreditation Bodies Under This Subpart
1.630 How do I apply to FDA for recognition or renewal of
recognition?
1.631 How will FDA review applications for recognition and for
renewal of recognition?
1.632 What is the duration of recognition?
1.633 How will FDA monitor recognized accreditation bodies?
1.634 When will FDA revoke recognition?
1.635 How do I voluntarily relinquish recognition?
1.636 How do I request reinstatement of recognition?
Accreditation of Third-Party Auditors/Certification Bodies Under This
Subpart
1.640 Who is eligible for accreditation?
1.641 What legal authority must a third-party auditor/certification
body have to qualify for accreditation?
1.642 What competency and capacity must a third-party auditor/
certification body have to qualify for accreditation?
1.643 What protections against conflicts of interest must a third-
party auditor/certification body have to qualify for accreditation?
1.644 What quality assurance procedures must a third-party auditor/
certification body have to qualify for accreditation?
1.645 What records procedures must a third-party auditor/
certification body have to qualify for accreditation?
[[Page 45826]]
Requirements for Accredited Auditors/Certification Bodies Under This
Subpart
1.650 How must an accredited auditor/certification body ensure its
audit agents are competent and objective?
1.651 How must an accredited auditor/certification body conduct a
food safety audit of an eligible entity?
1.652 What must an accredited auditor/certification body include in
food safety audit reports?
1.653 What must an accredited auditor/certification body do when
issuing food or facility certifications?
1.654 When must an accredited auditor/certification body monitor an
eligible entity with food or facility certification?
1.655 How must an accredited auditor/certification body monitor its
own performance?
1.656 What reports and notifications must an accredited auditor/
certification body submit?
1.657 How must an accredited auditor/certification body protect
against conflicts of interest?
1.658 What records requirements must an accredited auditor/
certification body meet?
Procedures for Accreditation of Third-Party Auditors/Certification
Bodies Under This Subpart
1.660 Where do I apply for accreditation or renewal of accreditation
by a recognized accreditation body?
1.661 What is the duration of accreditation?
1.662 How will FDA monitor accredited auditors/certification bodies?
1.663 How do I request an FDA waiver or waiver extension for the 13-
month limit for audit agents conducting regulatory audits?
1.664 When can FDA withdraw accreditation?
1.665 How do I voluntarily relinquish accreditation?
1.666 How do I request reaccreditation?
Additional Procedures for Direct Accreditation of Third-Party Auditors/
Certification Bodies Under This Subpart
1.670 How do I apply to FDA for direct accreditation or renewal of
direct accreditation?
1.671 How will FDA review applications for direct accreditation and
for renewal of direct accreditation?
1.672 What is the duration of direct accreditation?
Requirements for Eligible Entities Under This Subpart
1.680 How and when will FDA monitor eligible entities?
1.681 How frequently must eligible entities be recertified?
General Requirements of This Subpart
1.690 How will FDA make information about recognized accreditation
bodies and accredited auditors/certification bodies available to the
public?
1.691 How do I request reconsideration of a denial by FDA of an
application or a waiver request?
1.692 How do I request internal agency review of a denial of an
application or waiver request upon reconsideration?
1.693 How do I request a regulatory hearing on a revocation of
recognition or withdrawal of accreditation?
Audits for Other Purposes
1.698 May importers use reports of regulatory audits by accredited
auditors/certification bodies for purposes of subpart L of this
part?
Subpart M--Accredited Third-Party Food Safety Audits and Food or
Facility Certification
Authority: 15 U.S.C. 1453, 1454, 1455; 19 U.S.C. 1490, 1491; 21
U.S.C. 321, 331, 332, 333, 334, 335a, 343, 350c, 350d, 350k, 352,
355, 360b, 362, 371, 374, 381, 382, 384a, 384b, 384d, 393, 42 U.S.C.
216, 241, 243, 262, 264.
Sec. 1.600 What definitions apply to this subpart?
(a) The FD&C Act means the Federal Food, Drug, and Cosmetic Act.
(b) Except as otherwise defined in paragraph (c) of this section,
the definitions of terms in section 201 of the FD&C Act apply when the
terms are used in this subpart.
(c) In addition, for the purposes of this subpart:
Accreditation means a determination by a recognized accreditation
body (or, in the case of direct accreditation, by FDA) that a third-
party auditor/certification body meets the applicable requirements of
this subpart, including the model accreditation standards.
Accreditation body means an authority that performs accreditation
of third-party auditors/certification bodies.
Accredited auditor/certification body means a third-party auditor/
certification body that a recognized accreditation body (or, in the
case of direct accreditation, FDA) has determined meets the applicable
requirements of this subpart and is authorized to conduct food safety
audits and to issue food or facility certifications to eligible
entities.
Audit means:
(1) With respect to an accreditation body, the systematic,
independent, and documented examination (through observation,
investigation, and records review) by FDA to assess the accreditation
body's authority, qualifications (including its expertise and training
program), and resources; its procedures for quality assurance,
conflicts of interest, and records; its performance in accreditation
activities; and its capability to meet the applicable requirements of
this subpart.
(2) With respect to a third-party auditor/certification body, the
systematic, independent, and documented examination (through
observation, investigation, and records review) by a recognized
accreditation body (or, in the case of direct accreditation, by FDA) to
assess the third-party auditor's/certification body's authority,
qualifications (including its expertise and training program), and
resources; its procedures for quality assurance, conflicts of interest,
and records; its performance in auditing and certification activities;
and its capability to meet the applicable requirements of this subpart;
and
(3) With respect to an eligible entity, the systematic,
independent, and documented examination (through observation,
investigation, records review, and as appropriate, sampling and
laboratory analysis) by an accredited auditor/certification body to
assess the entity, its facility, system(s), and food using audit
criteria for consultative or regulatory audits, including compliance
with any applicable requirements for preventative controls, sanitation,
monitoring, verification, corrective actions, and recalls, and, for
consultative audits, also includes an assessment of compliance with
applicable industry standards and practices.
Audit agent means an individual who is an employee or other agent
of an accredited auditor/certification body who, although not
individually accredited, is qualified to conduct food safety audits on
behalf of an accredited auditor/certification body. An audit agent
includes a contractor of the accredited auditor/certification body.
Certification body means a foreign government, agency of a foreign
government, foreign cooperative, or any other third party that is
eligible to be considered for accreditation to conduct food safety
audits and to certify that eligible entities meet applicable
requirements of the FD&C Act. A certification body may be a single
individual or an organization. A certification body may use audit
agents to conduct food safety audits. Certification body has the same
meaning as Third-party auditor as that term is defined in section 808
of the FD&C Act and in this subpart.
Consultative audit means an audit of an eligible entity:
(1) To determine whether such entity is in compliance with
applicable requirements of the FD&C Act and industry standards and
practices; and
(2) The results of which are for internal purposes only and cannot
be used to determine eligibility for a food or facility certification
issued under this subpart or in meeting the requirements
[[Page 45827]]
for an onsite audit of a foreign supplier under subpart L of this part.
Direct accreditation means accreditation of a third-party auditor/
certification body by FDA.
Eligible entity means a foreign entity that chooses to be subject
to a food safety audit by an accredited auditor/certification body.
Eligible entities include foreign facilities subject to the
registration requirements of subpart H of this part.
Facility means any structure, or structures of an eligible entity
under one ownership at one general physical location, or, in the case
of a mobile facility, traveling to multiple locations, that
manufactures/processes, packs, or holds food for consumption in the
United States. Transport vehicles are not facilities if they hold food
only in the usual course of business as carriers. A facility may
consist of one or more contiguous structures, and a single building may
house more than one distinct facility if the facilities are under
separate ownership. The private residence of an individual is not a
facility. Non-bottled water drinking water collection and distribution
establishments and their structures are not facilities.
Facility certification means an attestation, issued for purposes of
section 806 of the FD&C Act by an accredited auditor/certification
body, after conducting a regulatory audit and any other activities
necessary to establish that a facility meets the applicable
requirements of the FD&C Act.
Food certification means an attestation, issued for purposes of
section 801(q) of the FD&C Act by an accredited auditor/certification
body, after conducting a regulatory audit and any other activities
necessary to establish that a food meets the applicable requirements of
the FD&C Act.
Food safety audit means a regulatory audit or a consultative audit.
Foreign cooperative means an entity that aggregates food from
growers or processors that is intended for export to the United States.
Recognized accreditation body means an accreditation body that FDA
has determined meets the applicable requirements of this subpart and is
authorized to accredit third-party auditors/certification bodies under
this subpart.
Regulatory audit means an audit of an eligible entity:
(1) To determine whether such entity is in compliance with the
provisions of the FD&C Act; and
(2) The results of which are used in determining eligibility for
food certification under section 801(q) of the FD&C Act or facility
certification under section 806 of the FD&C Act, and may be used by an
importer in meeting the requirements for an onsite audit of a foreign
supplier under subpart L of this part.
Relinquishment means:
(1) With respect to an accreditation body, a decision to cede
voluntarily its authority to accredit third-party auditors/
certification bodies as a recognized accreditation body; and
(2) With respect to a third-party auditor/certification body, a
decision to cede voluntarily its authority to conduct food safety
audits and to issue food and facility certifications to eligible
entities.
Self-assessment means a systematic assessment conducted by an
accreditation body or by a third-party auditor/certification body to
determine whether it meets the applicable requirements of this subpart.
Third-party auditor means a foreign government, agency of a foreign
government, foreign cooperative, or any other third party that is
eligible to be considered for accreditation to conduct food safety
audits and to certify that eligible entities meet the applicable
requirements of the FD&C Act. A third-party auditor may be a single
individual or an organization. A third-party auditor may use audit
agents to conduct food safety audits. Third-party auditor has the same
meaning as Certification body as that term is defined in this subpart.
Sec. 1.601 Who is subject to this subpart?
(a) Accreditation bodies. Any accreditation body seeking
recognition from FDA to accredit third-party auditor/certification
bodies for conducting food safety audits and for issuing food and
facility certifications to eligible entities.
(b) Third-party auditors/certification bodies. Any third-party
auditor/certification body seeking accreditation from a recognized
accreditation body or direct accreditation by FDA for:
(1) Conducting food safety audits; and
(2) Issuing food and facility certifications that may be used in
satisfying a condition of admissibility of an article of food under
section 801(q) of the FD&C Act; or in meeting the eligibility
requirements for the Voluntary Qualified Importer Program under section
806 of the FD&C Act.
(c) Eligible entities. Any eligible entity seeking a food safety
audit or a food or facility certification from an accredited auditor/
certification body, except as provided in paragraph (d) of this
section.
(d) Limited exemptions from section 801(q) of the FD&C Act. (1) The
certification of food under section 801(q) of the FD&C Act does not
apply with respect to alcoholic beverages from an eligible entity that
is a facility that meets the following two conditions:
(i) Under the Federal Alcohol Administration Act (27 U.S.C. 201 et
seq.) or chapter 51 of subtitle E of the Internal Revenue Code of 1986
(26 U.S.C. 5001 et seq.), the facility is a foreign facility of a type
that, if it were a domestic facility, would require obtaining a permit
from, registering with, or obtaining approval of a notice or
application from the Secretary of the Treasury as a condition of doing
business in the United States; and
(ii) Under section 415 of the FD&C Act, the facility is required to
register as a facility because it is engaged in manufacturing/
processing one or more alcoholic beverages.
(2) Certification of food under section 801(q) of the FD&C Act does
not apply with respect to food other than alcoholic beverages that is
from a facility described in paragraph (d)(1) of this section, provided
such food:
(i) Is in prepackaged form that prevents any direct human contact
with such food; and
(ii) Constitutes not more than 5 percent of the overall sales of
the facility, as determined by the Secretary of the Treasury.
Recognition of Accreditation Bodies Under This Subpart
Sec. 1.610 Who is eligible for recognition?
An accreditation body is eligible for recognition by FDA if it can
demonstrate that it meets the requirements of Sec. Sec. 1.611 to
1.615.
Sec. 1.611 What legal authority must an accreditation body have to
qualify for recognition?
(a) An accreditation body seeking recognition must demonstrate that
it has the authority (as a governmental entity or through contractual
rights) to perform such assessments of a third-party auditor/
certification body as are necessary to determine its capability to
audit and certify food facilities and food, including authority to:
(1) Review any relevant records;
(2) Conduct onsite assessments of the performance of third-party
auditors/certification bodies, such as by witnessing the performance of
a statistically significant number of personnel and other agents
conducting assessments;
(3) Perform any reassessments or surveillance necessary to monitor
[[Page 45828]]
compliance of accredited auditors/certification bodies; and
(4) Suspend, withdraw, or reduce the scope of accreditation for
failure to comply with the requirements of accreditation.
(b) An accreditation body seeking recognition must demonstrate that
it is capable of exerting any authority necessary to meet the
requirements of recognition in Sec. Sec. 1.620 to 1.625 and the
procedures in Sec. Sec. 1.630, 1.635, and 1.636, if recognized.
Sec. 1.612 What competency and capacity must an accreditation body
have to qualify for recognition?
An accreditation body seeking recognition must demonstrate that it
has:
(a) The resources required to adequately implement its
accreditation program, including:
(1) Adequate numbers of personnel and other agents with relevant
knowledge, skills, and experience to effectively assess the
qualifications of third-party auditors/certification bodies seeking
accreditation and to effectively monitor the performance of third-party
auditors/certification bodies; and
(2) Adequate financial resources for its operations; and
(b) The capability to meet the assessment and monitoring
requirements of Sec. Sec. 1.620 and 1.621, the reporting and
notification requirements of Sec. 1.623, and the procedures in
Sec. Sec. 1.630, 1.631, 1.635, and 1.636, if recognized.
Sec. 1.613 What protections against conflicts of interest must an
accreditation body have to qualify for recognition?
An accreditation body must demonstrate that it has:
(a) Implemented written measures to protect against conflicts of
interest between the accreditation body (and its officers, personnel,
and other agents) and third-party auditors/certification bodies (and
their officers, personnel, and other agents) seeking accreditation
from, or accredited by, such accreditation body; and
(b) The capability to meet the conflict of interest requirements in
Sec. 1.624, if recognized.
Sec. 1.614 What quality assurance procedures must an accreditation
body have to qualify for recognition?
An accreditation body seeking recognition must demonstrate that it
has:
(a) Implemented a written program for monitoring and assessing the
performance of its officers, personnel and other agents and its
accreditation program, including procedures to:
(1) Identify areas in its accreditation program or performance that
need improvement; and
(2) Quickly execute appropriate corrective actions when problems
are found; and
(b) The capability to meet the quality assurance requirements of
Sec. 1.622, if recognized.
Sec. 1.615 What records procedures must an accreditation body have to
qualify for recognition?
An accreditation body seeking recognition must demonstrate that it
has:
(a) Implemented written procedures to establish, control, and
retain records (including documents and data) for the period of time
necessary to meet its contractual and legal obligations and to provide
an adequate basis for assessing its program and performance; and
(b) Is capable of meeting the reporting and notification
requirements of Sec. 1.623 and the records requirements of Sec.
1.625, if recognized.
Requirements for Recognized Accreditation Bodies Under This Subpart
Sec. 1.620 How must a recognized accreditation body assess third-
party auditors/certification bodies seeking accreditation?
(a) Prior to accrediting a third-party auditor/certification body
under this subpart, a recognized accreditation body must perform, at a
minimum, the following:
(1) In the case of a foreign government or an agency of a foreign
government, such reviews and audits of its food safety programs,
systems, and standards as are necessary to determine that it meets the
eligibility requirements of Sec. 1.640(b) and any requirements
specified in FDA model accreditation standards regarding qualifications
for accreditation, including legal authority, competency, capacity,
conflicts of interest, quality assurance, and records.
(2) In the case of a foreign cooperative that aggregates the
products of growers or processor or any other third-party seeking
accreditation as a third-party auditor/certification body, such reviews
and audits of the training and qualifications of audit agents used by
such cooperative or other third party and such reviews of internal
systems and any other investigation of the cooperative or other third
party necessary to determine that it meets the eligibility requirements
of Sec. 1.640(c) and any requirements specified in FDA model
accreditation standards regarding qualifications for accreditation,
including legal authority, competency, capacity, conflicts of interest,
quality assurance, and records.
(3) In conducting a review and audit under paragraph (a)(1) or
(a)(2) of this section, observe a statistically significant number of
onsite audits conducted by the third-party auditor/certification body
(or its audit agents) to assess compliance with the applicable
requirements of the FD&C Act.
(b) A recognized accreditation body must require a third-party
auditor/certification body, as a condition of accreditation under this
subpart, to comply with the reports and notification requirements of
Sec. Sec. 1.652 and 1.656 and to agree to submit electronic food and
facility certifications, in English, to FDA for purposes of sections
801(q) and 806 of the FD&C Act.
(c) A recognized accreditation body must maintain records on any
denial of accreditation (in whole or in part) and on any withdrawal,
suspension, or reduction in scope of accreditation of a third-party
auditor/certification body under this subpart. The records must include
the name and contact information for the third-party auditor/
certification body; the scope of accreditation denied, withdrawn,
suspended, or reduced; and the basis for such action.
(d) A recognized accreditation body must implement written
procedures for receiving and addressing appeals from any third-party
auditor/certification body challenging an adverse decision associated
with accreditation under this subpart and for investigating and
deciding on appeals in a fair and meaningful manner. The appeals
procedures must provide similar protections to those offered by FDA
under Sec. Sec. 1.692 and 1.693, including requirements to:
(1) Make the appeals procedures publicly available;
(2) Use competent, independent persons to investigate and decide
appeals;
(3) Advise third-party auditors/certification bodies of the final
decisions on their appeals; and
(4) Maintain records under Sec. 1.625 of appeals, final decisions
on appeals, and the bases for such decisions.
Sec. 1.621 How must a recognized accreditation body monitor the
performance of third-party auditors/certification bodies it accredits?
A recognized accreditation body must annually conduct a
comprehensive assessment of the performance of each auditor/
certification body it accredited under this subpart by reviewing the
auditor's/certification body's self-assessments (including information
on
[[Page 45829]]
compliance with the conflict of interest requirements of Sec. Sec.
1.643 and 1.657); its regulatory audit reports and notifications
submitted to FDA under Sec. 1.656; and any other information
reasonably available to the accreditation body:
(a) Regarding the compliance history of eligible entities it
certified; or
(b) That is otherwise relevant to a determination whether the
accredited auditor/certification body is in compliance with this
subpart.
Sec. 1.622 How must a recognized accreditation body monitor its own
performance?
(a) A recognized accreditation body must annually, and as required
under Sec. 1.664(g), conduct a self-assessment that includes
evaluation of:
(1) The performance of its officers, personnel, or other agents in
activities under this subpart and the degree of consistency among such
performances;
(2) The compliance of the accreditation body and its officers,
personnel, and other agents, with the conflict of interest requirements
of Sec. 1.624; and
(3) If requested by FDA, any other aspects of its performance
relevant to a determination whether the accreditation body is in
compliance with this subpart.
(b) As a means to evaluate the accreditation body's performance,
the self-assessment must include onsite observation of regulatory
audits by a statistically significant number of third-party auditors/
certification bodies it accredited under this subpart.
(c) Based on the evaluations conducted under paragraphs (a) and (b)
of this section, the accreditation body must:
(1) Identify any area(s) needing improvement;
(2) Quickly implement effective corrective action(s) to address
those area(s); and
(3) Establish and maintain records of such corrective action(s)
under Sec. 1.625.
(d) The accreditation body must prepare, and as required by Sec.
1.623(b) submit, a written report of the results of its self-assessment
that includes:
(1) A description of any corrective actions taken under paragraph
(c) of this section;
(2) A statement disclosing the extent to which the accreditation
body, and its officers, personnel, and other agents, complied with the
conflict of interest requirements in Sec. 1.624; and
(3) A statement attesting to the extent to which the accreditation
body complied with applicable requirements of this subpart.
Sec. 1.623 What reports and notifications must a recognized
accreditation body submit to FDA?
(a) Reporting results of assessments of certification body
performance. A recognized accreditation body must submit to FDA
electronically, in English, a report of the results of any assessment
conducted under Sec. 1.621, no later than 45 days after completing
such assessment. The report must include an up-to-date list of any
audit agent used by the accredited auditor/certification body to
conduct food safety audits under this subpart.
(b) Reporting results of accreditation body self-assessments. A
recognized accreditation body must submit to FDA electronically, in
English, a report of the results of an annual self-assessment required
under Sec. 1.622, no later than 45 days after completing such self-
assessment and, for a recognized accreditation body subject to Sec.
1.664(g)(1), must submit a report of such self-assessment to FDA within
2 months.
(c) Immediate notification to FDA. A recognized accreditation body
must notify FDA electronically, in English, immediately upon:
(1) Granting accreditation to an auditor/certification body under
this subpart, and include:
(i) The name, address, and telephone number of the auditor/
certification body;
(ii) The name of one or more officers of the auditor/certification
body;
(iii) A list of the auditor's/certification body's audit agents;
and
(iv) The scope of accreditation and the date on which it was
granted.
(2) Withdrawing, suspending, or reducing the scope of an
accreditation under this subpart, and include:
(i) The basis for such action; and
(ii) Any additional changes to accreditation information previously
submitted to FDA under paragraph (c)(1) of this section.
(3) Determining that an auditor/certification body it accredited
failed to comply with Sec. 1.653 in issuing a food or facility
certification under this subpart, and include:
(i) The basis for such determination; and
(ii) Any changes to accreditation information previously submitted
to FDA under paragraph (c)(1) of this section.
(d) Other notification to FDA. A recognized accreditation body must
notify FDA electronically, in English, within 30 days after:
(1) Denying accreditation (in whole or in part) under this subpart
and include:
(i) The name, address, and telephone number of the auditor/
certification body;
(ii) The name of one or more officers of the auditor/certification
body;
(iii) The scope of accreditation requested; and
(iv) The basis for such denial.
(2) Making any significant change that would affect the manner in
which it complies with the requirements in Sec. Sec. 1.610 to 1.625
and include:
(i) A description of the change; and
(ii) An explanation for the purpose of the change.
Sec. 1.624 How must a recognized accreditation body protect against
conflicts of interest?
(a) A recognized accreditation body must implement a written
program to protect against conflicts of interest between the
accreditation body (and its officers, personnel, and other agents) and
a third-party auditor/certification body (and its officers, personnel,
and other agents) seeking accreditation from, or accredited by, such
accreditation body, including the following:
(1) Ensuring that the accreditation body (and its officers,
personnel, or other agents) do not own or have a financial interest in,
manage, or otherwise control the third-party auditor/certification body
(or any affiliate, parent, or subsidiary); and
(2) Prohibiting officers, personnel, or other agents of the
accreditation body from accepting any money, gift, gratuity, or item of
value from the third-party auditor/certification body.
(3) The items specified in paragraph (a)(2) of this section do not
include:
(i) Money representing payment of fees for accreditation services
and reimbursement of direct costs associated with an onsite audit or
assessment of the third-party auditor/certification body; or
(ii) Meals, of de minimis value, provided on the premises where the
audit or assessment is conducted.
(b) The financial interests of the spouses and children younger
than 18 years of age of officers, personnel, and other agents of a
recognized accreditation body will be considered the financial
interests of such officers, personnel, and other agents of the
accreditation body.
(c) A recognized accreditation body must maintain on its Web site
an up-to-date list of the auditors/certification bodies it accredited
under this subpart and must identify the duration and scope of each
accreditation and date(s) on each the accredited auditor/certification
body paid any fee or reimbursement associated with such accreditation.
[[Page 45830]]
Sec. 1.625 What records requirements must a recognized accreditation
body meet?
(a) A recognized accreditation body must maintain electronically
for 5 years records (including documents and data), in English,
demonstrating its compliance with this subpart, including records
relating to:
(1) Applications for accreditation and renewal of accreditation
under Sec. 1.660;
(2) Decisions to grant, deny, suspend, withdraw, or reduce the
scope of an accreditation;
(3) Challenges to adverse accreditation decisions under Sec.
1.620(c);
(4) Its monitoring of accredited auditors/certification bodies
under Sec. 1.621;
(5) Self-assessments and corrective actions under Sec. 1.622;
(6) Regulatory audit reports, including any supporting information,
that an accredited auditor/certification body may have submitted; and
(7) Any reports or notifications to FDA under Sec. 1.623,
including any supporting information.
(b) A recognized accreditation body must make records required by
paragraph (a) of this section available for inspection and copying
promptly upon written request of an authorized FDA officer or employee
at the place of business of the accreditation body or at a reasonably
accessible location. If the records required by paragraph (a) of this
section are requested by FDA electronically, the records must be
submitted to FDA electronically, in English, not later than 10 business
days after the date of the request.
(c) A recognized accreditation body must not prevent or interfere
with FDA's access to its accredited auditors/certification bodies and
the auditor/certification body records required by Sec. 1.658.
Procedures for Recognition of Accreditation Bodies Under This Subpart
Sec. 1.630 How do I apply to FDA for recognition or renewal of
recognition?
(a) Applicant for recognition. An accreditation body seeking
recognition must submit an application demonstrating that it meets the
eligibility requirements in Sec. 1.610.
(b) Applicant for renewal of recognition. An accreditation body
seeking renewal of its accreditation must submit a renewal application
demonstrating that it continues to meet the eligibility requirements in
Sec. 1.610.
(c) Submission. Recognition and renewal applications and any
documents provided as part of the application process must be submitted
electronically, in English. An applicant must provide any translation
and interpretation services needed by FDA to process the application,
including during onsite audits or assessments of the applicant by FDA.
(d) Signature. Recognition and renewal applications must be signed
by the applicant or by any individual authorized to act on behalf of
the applicant for purposes of seeking recognition or renewal of
recognition.
Sec. 1.631 How will FDA review applications for recognition and for
renewal of recognition?
(a) FDA will review a recognition or renewal application on a first
in, first out basis according to the date on which the application was
submitted in complete form.
(b) FDA will evaluate any completed recognition or renewal
application to determine whether the applicant meets the eligibility
requirements in Sec. 1.610 and will notify the applicant, in writing,
whether the application has been approved or denied. FDA may make such
notification electronically.
(c) When FDA notifies an applicant that its recognition or renewal
application has been approved, the notification will list any
conditions associated with the recognition.
(d) If FDA denies a recognition or renewal application, the
notification will state the basis for such denial and will provide the
address and procedures for requesting reconsideration of the
application under Sec. 1.691.
(e) If FDA does not reach a final decision on a renewal application
before an accreditation body's recognition terminates by expiration,
FDA may extend such recognition for a specified period of time or until
the agency reaches a final decision on the renewal application.
Sec. 1.632 What is the duration of recognition?
FDA may grant recognition of an accreditation body for a period not
to exceed 5 years.
Sec. 1.633 How will FDA monitor recognized accreditation bodies?
(a) FDA will periodically evaluate the performance of each
recognized accreditation body to determine its compliance with the
applicable requirements of this subpart. Such evaluation must occur by
at least 4 years after the date of accreditation for a 5-year term of
recognition, or by no later than mid-term point for recognition granted
for less than 5 years. FDA may conduct additional performance
evaluations of a recognized accreditation body at any time.
(b) An FDA performance evaluation may include onsite assessments of
statistically significant numbers of auditors/certification bodies the
recognized accreditation body accredited and onsite audits of eligible
entities such auditors/certification bodies certified. These may be
conducted at any time, with or without the accreditation body or
auditor/certification body present.
Sec. 1.634 When will FDA revoke recognition?
(a) Grounds for revocation of recognition. FDA will revoke the
recognition of an accreditation body for any one or more of the
following:
(1) Refusal to allow FDA to access records required by Sec. 1.625,
or to conduct an audit, assessment, or investigation of the
accreditation body or of a third-party auditor/certification body it
accredited to ensure the accreditation body's continued compliance with
the requirements of this subpart.
(2) Failure to take timely and necessary corrective action when:
(i) The accreditation of an auditor/certification body it
accredited is withdrawn by FDA under Sec. 1.664(a);
(ii) A significant problem with the accreditation body is
identified through self-assessment under Sec. 1.622, monitoring under
Sec. 1.621, or self-assessment by one or more of its accredited
auditors/certification bodies under Sec. 1.655; or
(iii) Directed by FDA to ensure compliance with this subpart.
(3) A determination by FDA that the accreditation body has
committed fraud or has submitted material false statements to the
agency.
(4) A determination by FDA that there is otherwise good cause for
revocation, including:
(i) Demonstrated bias or lack of objectivity when conducting
activities under this subpart; or
(ii) Failure to adequately support one or more decisions to grant
accreditation under this subpart.
(b) Records request associated with revocation. To assist in
determining whether revocation is warranted under paragraph (a) of this
section, FDA may request records of the accreditation body required by
Sec. 1.625 or the records, required by Sec. 1.658, of one or more of
the auditors/certification bodies it accredited under this subpart.
(c) Notice to the accreditation body of revocation of recognition.
(1) Upon revocation, FDA will notify the accreditation body
electronically, in English, stating the grounds for revocation, the
procedures for requesting a regulatory hearing under
[[Page 45831]]
Sec. 1.693 on the revocation, and the procedures for requesting
reinstatement of recognition under Sec. 1.636.
(2) Within 10 business days of the date of revocation, the
accreditation body must notify FDA electronically, in English, of the
location where the records required by Sec. 1.625 will be maintained.
(d) Effect of revocation of recognition on accredited auditors/
certification bodies. (1) FDA will notify an accredited auditor/
certification body, electronically and in English, if the recognition
of its accreditation body is revoked. Such auditor's/certification
body's accreditation will remain in effect if the auditor/certification
body:
(i) No later than 2 months after the revocation, conducts a self-
assessment under Sec. 1.655 and reports the results of the self-
assessment to FDA under Sec. 1.656(b); and
(ii) No later than 1 year after the revocation, becomes accredited
by a recognized accreditation body or by FDA through direct
accreditation.
(2) FDA may withdraw the accreditation of a third-party auditor/
certification body whenever FDA determines there is good cause for
withdrawal of accreditation under Sec. 1.664.
(e) Effect of revocation of recognition on food or facility
certifications issued to eligible entities. A food or facility
certification issued by an auditor/certification body accredited by an
accreditation body prior to revocation of recognition will remain in
effect until the certificate terminates by expiration. If FDA has
reason to believe that a food certification issued for purposes of
section 801(q) of the FD&C Act is not valid or reliable, FDA may refuse
to consider the certification in determining the admissibility of the
article of food for which the certification was offered.
(f) Public notice of revocation and the status of accreditations
and food and facility certifications. FDA will provide notice on the
Web site described in Sec. 1.690 of the revocation of recognition of
an accreditation body under this subpart.
Sec. 1.635 How do I voluntarily relinquish recognition?
(a) An accreditation body that decides to relinquish recognition
before it terminates by expiration must notify FDA electronically, in
English, at least 6 months before relinquishing such authority and must
identify the location where the records required by Sec. 1.625 will be
maintained. An accreditation body waives the right to a hearing when
relinquishing its recognition under this subpart.
(b) No later than 15 business days after notifying FDA, the
accreditation body must notify any third-party auditor/accreditation
body currently accredited that it intends to relinquish its
recognition, specify the date on which it will occur. The accreditation
body must establish and maintain records of such notification under
Sec. 1.625.
(c) An accreditation granted by an accreditation body prior to
relinquishing its recognition will remain in effect, subject to
reaccreditation under Sec. 1.665, except where FDA determines that
there is good cause for withdrawal of accreditation under Sec. 1.664.
(d) A food certification issued by such accredited auditor/
certification body will remain in effect until it terminates by
expiration, unless FDA requires renewal of the certification under
section 801(q)(4)(A) of the FD&C Act prior to its expiration. If FDA
has reason to believe that a certification issued for purposes of
section 801(q) of the FD&C Act is not valid or reliable, FDA may refuse
to consider the certification in determining the admissibility of the
article of food for which the certification was offered.
(e) FDA will provide notice on the Web site described in Sec.
1.690 of the voluntary relinquishment of recognition of an
accreditation body. The notice will describe the effect, if any, on any
third-party auditor/certification body it accredited and on any food or
facility certifications such auditor/certification body issued under
this subpart.
Sec. 1.636 How do I request reinstatement of recognition?
(a) Application following revocation. An accreditation body that
has had its recognition revoked may seek reinstatement by submitting a
new application for recognition under Sec. 1.630, or may be required
to submit such application after a determination in a regulatory
hearing under Sec. 1.693 that revocation was appropriate. The
accreditation body must submit evidence that the grounds for revocation
have been resolved, including evidence addressing the cause or
conditions that were the basis for revocation and identifying measures
that have been implemented to help ensure that such cause(s) or
condition(s) are unlikely to recur.
(b) Application following relinquishment. An accreditation body
that previously relinquished its recognition under Sec. 1.635 may seek
recognition by submitting a new application for recognition under Sec.
1.630.
Accreditation of Third-Party Auditors/Certification Bodies Under This
Subpart
Sec. 1.640 Who is eligible for accreditation?
(a) A foreign government, agency of a foreign government, foreign
cooperative, or any other third party may seek accreditation from a
recognized accreditation body (or, where direct accreditation is
appropriate, FDA) to conduct food safety audits and to issue food and
facility certifications to eligible entities under this subpart.
(b) A foreign government or an agency of a foreign government is
eligible for accreditation if it can demonstrate that its food safety
programs, systems, and standards meet the requirements of Sec. Sec.
1.641 to 1.645, as specified in FDA model standards on qualifications
for accreditation, including legal authority, competency, capacity,
conflicts of interest, quality assurance, and records.
(c) A foreign cooperative or other third party is eligible for
accreditation if it can demonstrate that the training and
qualifications of its audit agents and its internal systems and
standards meet the requirements of Sec. Sec. 1.641 to 1.645, as
specified in FDA model standards on qualifications for accreditation,
including legal authority, competency, capacity, conflicts of interest,
quality assurance, and records.
Sec. 1.641 What legal authority must a third-party auditor/
certification body have to qualify for accreditation?
(a) A third-party auditor/certification body seeking accreditation
from a recognized accreditation body or from FDA must demonstrate that
it has the authority (as a governmental entity or through contractual
rights) to perform such assessments of facilities, their process(es),
and food(s) as are necessary to determine compliance with the FD&C Act
and with industry standards and practices and to issue certifications
where appropriate based on a review of the findings of such
assessments. This includes authority to:
(1) Review any relevant records;
(2) Conduct onsite audits of the eligible entity, such as
witnessing the performance of a statistically significant number of
personnel and other agents conducting audits of food facilities; and
(3) Suspend or withdraw certification for failure to comply with
applicable requirements.
(b) A third-party auditor/certification body seeking accreditation
must demonstrate that it is capable of exerting any authority necessary
to meet the requirements of accreditation in Sec. Sec. 1.650 to 1.658
and the procedures in Sec. Sec. 1.660, 1.663, 1.665, 1.666, and 1.670,
if accredited.
[[Page 45832]]
Sec. 1.642 What competency and capacity must a third-party auditor/
certification body have to qualify for accreditation?
A third-party auditor/certification body seeking accreditation must
demonstrate that it has:
(a) The resources necessary to fully implement its audit and
certification program, including:
(1) Adequate numbers of personnel and other agents with relevant
knowledge, skills, and experience to effectively audit and assess
compliance with applicable FDA requirements and industry standards and
practices and to issue valid and reliable certifications; and
(2) Adequate financial resources for its operations; and
(b) The competency and capacity to meet the requirements of
Sec. Sec. 1.650 to 1.658 and the procedures in Sec. Sec. 1.660,
1.663, 1.665, 1.666, and 1.670, if accredited.
Sec. 1.643 What protections against conflicts of interest must a
third-party auditor/certification body have to qualify for
accreditation?
A third-party auditor/certification body must demonstrate that it
has:
(a) Implemented written measures to protect against conflicts of
interest between the auditor/certification body (and its officers,
personnel, and other agents) and eligible entities (and their owners
and operators) seeking assessment and certification from, or assessed
and certified by, such auditor/certification body; and
(b) The capability to meet the conflict of interest requirements in
Sec. 1.657, if accredited.
Sec. 1.644 What quality assurance procedures must a third-party
auditor/certification body have to qualify for accreditation?
A third-party auditor/certification body seeking accreditation must
demonstrate that it has:
(a) Implemented a written program for monitoring and assessing the
performance of its officers, personnel, and other agents involved in
auditing and certification activities, including procedures to:
(1) Identify areas in its auditing and certification program or
performance that need improvement; and
(2) Quickly execute appropriate corrective actions when problems
are found; and
(b) The capability to meet the quality assurance requirements of
Sec. 1.655, if accredited.
Sec. 1.645 What records procedures must a third-party auditor/
certification body have to qualify for accreditation?
A third-party auditor/certification body seeking accreditation must
demonstrate that it:
(a) Implemented written procedures to establish, control, and
retain records (including documents and data) for a period of time
necessary to meet its contractual and legal obligations and to provide
an adequate basis for assessing its program and performance; and
(b) Is capable of meeting the reporting and notification
requirements of Sec. 1.656 and the records requirements of Sec.
1.658, if accredited.
Requirements for Accredited Auditors/Certification Bodies Under This
Subpart
Sec. 1.650 How must an accredited auditor/certification body ensure
its audit agents are competent and objective?
(a) An accredited auditor/certification body that uses audit agents
to conduct food safety audits must ensure that each such agent meets
the following requirements with respect to the scope of its
accreditation under this subpart:
(1) Has relevant knowledge and experience that provides an adequate
basis for the agent to assess compliance with the FD&C Act and, for
consultative audits, industry standards and practices;
(2) Has been determined by the accredited auditor/certification
body, through observations of a representative number of audits, to be
competent to conduct food safety audits under this subpart;
(3) Participates in annual food safety training under the
accredited auditor's/certification body's training plan;
(4) Is in compliance with the conflict of interest requirements of
Sec. 1.657 and has no other conflicts of interest with the eligible
entity to be audited that might impair the agent's objectivity; and
(5) Agrees to notify its accredited auditor/certification body
immediately upon discovering, during a food safety audit, any condition
that could cause or contribute to a serious risk to the public health.
(b) In assigning an audit agent to conduct a food safety audit at a
particular eligible entity, an accredited auditor/certification body
must determine that the agent is qualified to conduct such audit under
the criteria established in paragraph (a) of this section and based on
the scope and purpose of the audit and the type of facility, its
process(es), and food.
(c) An accredited auditor/certification body cannot use an audit
agent to conduct a regulatory audit at an eligible entity if such agent
conducted a consultative audit or regulatory audit for the same
eligible entity in the preceding 13 months, except that such limitation
may be waived if the accredited auditor/certification body demonstrates
to FDA, under Sec. 1.663, there is insufficient access to accredited
auditors/certification bodies in the country or region where the
eligible entity is located or in the country of export.
Sec. 1.651 How must an accredited auditor/certification body conduct
a food safety audit of an eligible entity?
(a) Audit planning. Before beginning to conduct a food safety audit
under this subpart, an accredited auditor/certification body must:
(1) Require the entity seeking an audit to:
(i) Identify the scope and purpose of the food safety audit,
including the facility, process(es), or food to be audited; whether the
audit is to be conducted as a consultative or regulatory audit, and if
a regulatory audit, the type(s) of certification(s) sought; and
(ii) Provide a 30-day operating schedule for such facility that
includes information relevant to the scope and purpose of the audit;
and
(2) Determine whether the requested audit is within its scope of
accreditation.
(b) Authority to audit. In arranging a food safety audit with an
eligible entity, an accredited auditor/certification body must ensure
it has authority, whether contractual or otherwise, to:
(1) Conduct an unannounced audit to verify whether the activities
and results of the eligible entity (within the scope of the audit)
comply with the applicable requirements of the FD&C Act and, for
consultative audits, industry standards and practices;
(2) Access any records and any area of the facility, its
process(es), and food of the eligible entity relevant to the scope and
purpose of such audit and, where appropriate, to issue food and
facility certifications;
(3) Where FDA requires sampling and analysis, use of validated
sampling or analytical methodologies and analysis by a laboratory that
is accredited, in accordance with the requirements of section 422 of
the FD&C Act;
(4) Notify FDA immediately if, at any time during a food safety
audit, the accredited auditor/certification body (or its audit agent,
where applicable) discovers a condition that could cause or contribute
to a serious risk to the public health and provide information required
by Sec. 1.656(c);
(5) Prepare reports of consultative audits that contain the
elements
[[Page 45833]]
specified in Sec. 1.652(a) and, for regulatory audits, prepare reports
that contain the elements specified in Sec. 1.652(b) and submit them
to FDA and to its accreditation body (where applicable) under Sec.
1.656(a); and
(6) Allow FDA and the recognized accreditation body that accredited
such third-party auditor/certification body, if any, to observe any
food safety audit for purposes of evaluating the accredited auditor's/
certification body's performance under Sec. Sec. 1.621 and 1.662 or,
where appropriate, the recognized accreditation body's performance
under Sec. Sec. 1.622 and 1.633.
(c) Audit protocols. An accredited auditor/certification body (or
its audit agent, where applicable) must conduct a food safety audit in
a manner consistent with the identified scope and purpose of the audit
and within the scope of its accreditation.
(1) The audit must be conducted without announcement during the 30-
day timeframe identified under paragraph (a)(1)(ii) of this section and
must be focused on the highest food safety risk(s) associated with the
facility, its process(es), and food within the scope of the audit.
(2) The audit must include records review; an onsite assessment of
the facility, its process(es), and the food that results from such
process(es); and where appropriate, environmental or product sampling
and analysis, using validated procedures (including sample integrity
procedures) and analysis performed by a laboratory accredited in
accordance with the requirements of section 422 of the FD&C Act. The
audit may include any other activities necessary to establish
compliance with the FD&C Act.
(3) The audit must be sufficiently rigorous to allow the accredited
auditor/certification body to determine whether the entity is in
compliance with the FD&C Act at the time of the audit; and for a
regulatory audit, whether the entity would be likely to remain in
compliance with the applicable requirements of the FD&C Act for at
least 12 months following the audit, provided that the facility and its
process(es) are properly maintained and implemented.
(4) Audit observations and assessments, including corrective
actions, must be documented and must be used to support the findings
contained in the audit report required by Sec. 1.652 and maintained as
a record of the accredited auditor/certification body under Sec.
1.658.
Sec. 1.652 What must an accredited auditor/certification body include
in food safety audit reports?
(a) Consultative audits. An accredited auditor/certification body
must prepare a report of a consultative audit, in English, not later
than 45 days after completing such audit and must maintain such report
under Sec. 1.658. A consultative audit report must include:
(1) The name and address of the facility subject to audit and the
name and address of the eligible entity, if different from the
facility;
(2) A unique facility identifier, as required by FDA, for the
facility and for the eligible entity, if different from the facility;
(3) The names and telephone numbers of the persons responsible for
food safety compliance at the facility;
(4) The dates and scope of the audit; and
(5) Any deficiencies observed that require corrective action, the
corrective action plan, and the date on which such corrective actions
were completed. Such audit report must be maintained as a record under
Sec. 1.658 and must be made available to FDA under Sec. 1.361.
(b) Regulatory audits. An accredited auditor/certification body
must, no later than 45 days after completing a regulatory audit,
prepare and submit electronically, in English, to FDA and to its
accreditation body (or, in the case of direct accreditation, only to
FDA) a report of such regulatory audit that includes the following
information:
(1) The identity of the audited facility, including:
(i) The name and address of the facility subject to audit and a
unique facility identifier, as required by FDA; and
(ii) Where applicable, the FDA registration number assigned to the
facility under subpart H of this part;
(2) The identity of the eligible entity, including the name,
address, and unique facility identifier, as required by FDA, of the
eligible entity (if different than that of facility);
(3) The dates and scope of the regulatory audit;
(4) The process(es) and food(s) observed during such audit;
(5) The identity of the person(s) responsible for the facility's
compliance with the applicable requirements of the FD&C Act;
(6) Any deficiencies observed during the audit that present a
reasonable probability that the use of or exposure to a violative
product:
(i) Will cause serious adverse health consequences or death; or
(ii) May cause temporary or medically reversible adverse health
consequences or where the probability of serious adverse health
consequences is remote;
(7) The corrective action plan for addressing each deficiency
identified under paragraph (b)(6) of this section, unless corrective
action was implemented immediately and verified onsite by the
accredited auditor/certification body (or its audit agent);
(8) Whether any sampling and laboratory analysis (e.g., under a
microbiological sampling plan) is used in the facility;
(9) Whether the entity has issued a food safety-related recall of
an article of food from the facility during the 2 years preceding the
audit and, if so, any such article(s) recalled and the reason(s) for
the recall(s);
(10) Whether the entity has made significant changes to the
facility, its process(es), or products during the 2 years preceding the
audit; and
(11) Any food or facility certifications issued to the entity
during the 2 years preceding the audit, including the scope and
duration of each such certification.
(c) Submission of regulatory audit report. An accredited auditor/
certification body must submit a completed regulatory audit report as
required by paragraph (b) of this section, regardless of whether the
food or facility certification was issued under this subpart.
(d) Appeals of adverse regulatory audit results. An accredited
auditor/certification body must implement written procedures for
receiving and addressing appeals from eligible entities challenging
adverse regulatory audit results and for investigating and deciding on
appeals in a fair and meaningful manner. The appeals procedures must
provide similar protections to those offered by FDA under Sec. Sec.
1.692 and 1.693, including requirements to:
(1) Make the appeals procedures publicly available;
(2) Use qualified persons, different from those involved in the
subject of the appeal, to investigate and decide on an appeal;
(3) Advise the eligible entity of the final decision on its appeal;
and
(4) Maintain records under Sec. 1.658 of the appeal, the final
decision, and the basis for such decision.
Sec. 1.653 What must accredited auditor/certification body do when
issuing food or facility certifications?
(a) Basis for issuance of a food or facility certification. (1)
Prior to issuing a food or facility certification to an eligible
entity, an accredited auditor/certification body (or an audit agent on
its behalf) must complete a regulatory
[[Page 45834]]
audit that meets the requirements of Sec. 1.651 and any other
activities that may be necessary to establish compliance with
applicable requirements of the FD&C Act.
(2) If, as a result of an observation during a regulatory audit, an
eligible entity must implement a corrective action plan to address an
observation, an accredited auditor/certification body may not issue a
food or facility certification to such entity until after the
accredited auditor/certification body verifies that eligible entity has
implemented the corrective action plan through onsite observation,
except for corrective actions taken to address recordkeeping
deficiencies that may be verified through submission of records or
through assurances by the eligible entity.
(3) An accredited auditor/certification body must consider each
observation and assessment made during a regulatory audit and other
activities conducted under Sec. 1.651 to determine whether the entity
was in compliance with the applicable requirements of the FD&C Act at
the time of the audit and whether the entity would be likely to remain
in compliance for the duration of a food or facility certification
issued under this subpart.
(4) A single regulatory audit may result in issuance of one or more
food or facility certifications under this subpart, provided that the
requirements of issuance are met as to each such certification.
(5) Where an accredited auditor/certification body uses an audit
agent to conduct a regulatory audit of an eligible entity under this
subpart, the accredited auditor/certification body (and not the audit
agent) must make the determination whether to issue a food or facility
certification based on the results of such regulatory audit.
(b) Issuance of a food or facility certification and submission to
FDA. (1) For purposes of submission to FDA under this subpart, an
accredited auditor/certification body must issue a food or facility
certification electronically and in English. The accredited auditor/
certification body must not issue a food or facility certification
under this subpart for a term that is longer than 12 months.
(2) A food or facility certification must contain, at a minimum,
the following elements:
(i) The name and address of the accredited auditor/certification
body and the scope and date of its accreditation under this subpart;
(ii) The name, address, and unique facility identifier, as required
by FDA, of the eligible entity to which the food or facility
certification was issued;
(iii) The name, address, and unique facility identifier, as
required by FDA, of the facility where the audit was conducted, if
different than the eligible entity;
(iv) The scope and date(s) of the audit;
(v) The name of the audit agent(s) (where applicable) conducting
the audit;
(vi) The scope of the food or facility certification, date of
issuance, and date of expiration.
(3) FDA may refuse to accept any food certification or other
assurance for food issued by an accredited auditor/certification body
for purposes of section 801(q) of the FD&C Act, if FDA determines,
under section 801(q)(4)(B), that such food certification or assurance
was not validly issued or does not reliably demonstrate that the food
is in compliance with the applicable requirements of the FD&C Act,
including the following:
(i) That the food certification or assurance is offered in support
of the admissibility of a food that was not within the scope of the
certification or assurance; and
(ii) That the food certification was issued by an accredited
auditor/certification body acting outside the scope of its
accreditation under this subpart.
Sec. 1.654 When must an accredited auditor/certification body monitor
an eligible entity with food or facility certification?
If an accredited auditor/certification body has reason to believe
that an eligible entity to which it issued a food or facility
certification may no longer be in compliance with the applicable
requirements of the FD&C Act, the accredited auditor/certification body
must conduct any monitoring (including an onsite assessment) of such
eligible entity necessary to determine whether the entity is in
compliance. The accredited auditor/certification body must immediately
notify FDA, under Sec. 1.656(d), if it determines the entity is no
longer in compliance with the applicable requirements of the FD&C Act.
The accredited auditor/certification body must maintain records of such
monitoring under Sec. 1.658.
Sec. 1.655 How must an accredited auditor/certification body monitor
its own performance?
(a) An accredited auditor/certification body must annually, and as
required under Sec. 1.634(d)(1)(i) or upon FDA request made for cause,
conduct a self-assessment that includes evaluation of:
(1) The performance of its officers, personnel, or other agents in
activities under this subpart, including assessing whether its audit
agents focused on the most significant risks to human and/or animal
health when conducting food safety audits of facilities involved in the
production, manufacturing, processing, packing, or holding of food;
(2) The degree of consistency among its officers, personnel, or
other agents in performing activities under this subpart, including
assessing whether its audit agents interpreted audit protocols in a
consistent manner;
(3) The compliance of the accredited auditor/certification body and
its officers, personnel, and other agents, with the conflict of
interest requirements of Sec. 1.657;
(4) Actions taken in response to the results of any assessments
conducted by FDA or, where applicable, the recognized accreditation
body under Sec. 1.621; and
(5) As requested by FDA, any other aspects of its performance
relevant to a determination whether the accredited auditor/
certification body is in compliance with this subpart.
(b) As a means to evaluate its performance, the accredited auditor/
certification body may evaluate the compliance of one or more of
eligible entities to which food or facility certification was issued
under this subpart.
(c) Based on the evaluations conducted under paragraphs (a) and (b)
of this section, the accredited auditor/certification body must:
(1) Identify any area(s) needing improvement;
(2) Quickly implement effective corrective action(s) to address
those area(s); and
(3) Under Sec. 1.658, establish and maintain records of such
corrective action(s).
(d) The accredited auditor/certification body must prepare a
written report, in English, of the results of its self-assessment that
includes:
(1) A description of any corrective action(s) taken under paragraph
(c) of this section;
(2) A statement disclosing the extent to which the accredited
auditor/certification body, and its officers, personnel, and other
agents complied with the conflict of interest requirements in Sec.
1.657; and
(3) A statement attesting to the extent to which the accredited
auditor/certification body complied with the applicable requirements of
this subpart.
Sec. 1.656 What reports and notifications must an accredited auditor/
certification body submit?
(a) Reporting results of regulatory audits. An accredited auditor/
[[Page 45835]]
certification body must submit a regulatory audit report, as described
in Sec. 1.652(b), electronically, in English, to FDA and to the
accreditation body that granted its accreditation (where applicable),
no later than 45 days after completing such audit.
(b) Reporting results of accredited auditor/certification body
self-assessments. An accredited auditor/certification body must submit
the report of its annual self-assessment required by Sec. 1.655
electronically to its accreditation body (or, in the case of direct
accreditation, FDA), within 45 days of the anniversary date of its
accreditation under this subpart and, for an accredited auditor/
certification body subject to Sec. 1.634(d)(1)(i) or an FDA request
for cause, must submit the report of its self-assessment to FDA within
2 months. Such report must include an up-to-date list of any audit
agents it uses to conduct audits under this subpart.
(c) Notification to FDA of a serious risk to public health. An
accredited auditor/certification body must immediately notify FDA
electronically, in English, when any of its audit agents or the
accredited auditor/certification body itself, discovers any condition,
found during a regulatory or consultative audit of an eligible entity,
which could cause or contribute to a serious risk to the public health,
providing the following information:
(1) The name and address of the eligible entity subject to the
audit;
(2) The name and address of the facility where the condition was
discovered (if different from that of the eligible entity) and, where
applicable, the FDA registration number assigned to the facility under
subpart H of this part; and
(3) The condition for which notification is submitted.
(d) Immediate notification to FDA of withdrawal or suspension of
food or facility certification. An accredited auditor/certification
body must notify FDA electronically, in English, immediately upon
withdrawing or suspending the food or facility certification of an
eligible entity and the basis for such action.
(e) Notification to its accreditation body or an eligible entity.
(1) After notifying FDA under paragraph (c) of this section, an
accredited auditor/certification body must immediately notify the
eligible entity of such condition and must immediately thereafter
notify the accreditation body that granted its accreditation, except
for auditors/certification bodies directly accredited by FDA.
(2) An accredited auditor/certification body must notify its
accreditation body (or, in the case of direct accreditation, FDA)
electronically, in English, within 30 days after making any significant
change that would affect the manner in which it complies with the
requirements of Sec. Sec. 1.640 to 1.658, and must include with such
notification the following information:
(i) A description of the change; and
(ii) An explanation for the purpose of the change.
Sec. 1.657 How must an accredited auditor/certification body protect
against conflicts of interest?
(a) An accredited auditor/certification body must implement a
written program to protect against conflicts of interest between the
accredited auditor/certification body (and its officers, personnel, and
agents) and an eligible entity seeking a food safety audit or food or
facility certification from, or audited or certified by, such
accredited auditor/certification body, including the following:
(1) Ensuring that the accredited auditor/certification body and its
officers, personnel, or agents (other than audit agents subject to
paragraph (a)(2) of this section) do not own or have a financial
interest in, manage, or otherwise control an eligible entity to be
certified, or any affiliate, parent, or subsidiary of the entity;
(2) Ensuring that an audit agent of the accredited auditor/
certification body does not own or operate an eligible entity, or any
affiliate, parent, or subsidiary of the entity, to be subject to
consultative or regulatory audit by such agent; and
(3) Prohibiting an officer, employee, or other agent of the
accredited auditor/certification body from accepting any money, gift,
gratuity, or item of value from the eligible entity to be audited or
certified under this subpart.
(4) The items specified in paragraph (a)(3) of this section do not
include:
(i) Money representing payment of fees for accreditation services
and reimbursement of direct costs associated with an onsite audit or
assessment of the third-party auditor/certification body; or
(ii) Meals, of de minimis value, provided on the premises where the
audit or assessment is conducted.
(b) An accredited auditor/certification body may accept the payment
of fees for auditing and certification services and the reimbursement
of direct costs associated with an audit of an eligible entity only
after the date on which the report of such audit was completed or the
date a food or facility certification was issued, whichever is later.
Such payment is not considered a conflict of interest for purposes of
paragraph (a) of this section.
(c) The financial interests of the spouses and children younger
than 18 years of age of officers, personnel, and other agents of an
accredited auditor/certification body will be considered the financial
interests of such officers, personnel, and other agents of the
accredited auditor/certification body for purposes of this subpart.
(d) An accredited auditor/certification body must maintain on its
Web site an up-to-date list of the eligible entities to which it has
issued food or facility certifications under this subpart. For each
such eligible entity, the Web site also must identify the duration and
scope of the food or facility certification and date(s) on which the
eligible entity paid the accredited auditor/certification body any fee
or reimbursement associated with such audit or certification.
Sec. 1.658 What records requirements must an accredited auditor/
certification body meet?
(a) An accredited auditor/certification body must maintain
electronically for 4 years records (including documents and data), in
English, that document compliance with this subpart, including:
(1) Any audit report and other documents resulting from a
consultative audit conducted under this subpart, including the audit
agent's observations, laboratory testing records and results (as
applicable), correspondence with the eligible entity, and corrective
actions to address deficiencies identified during the audit;
(2) Any request for a regulatory audit from an eligible entity;
(3) Any audit report and other documents resulting from a
regulatory audit conducted under this subpart, including the audit
agent's observations, laboratory testing records and results (as
applicable), correspondence with the eligible entity, and corrective
actions to address deficiencies identified during the audit;
(4) Any notification submitted by an audit agent to the accredited
auditor/certification body under Sec. 1.650(a)(5) or by the accredited
auditor/certification body to FDA under Sec. 1.656(c);
(5) Any food or facility certification issued under this subpart;
(6) Any challenge to an adverse regulatory audit decision and the
disposition of the challenge;
(7) Any monitoring it conducted of an eligible entity to which food
or facility certification was issued;
[[Page 45836]]
(8) Its self-assessments and corrective actions taken as a result;
and
(9) Significant changes to the auditing or certification program
that might affect compliance with this subpart.
(b) An accredited auditor/certification body must make the records
of a consultative audit required by paragraph (a)(1) of this section
available to FDA in accordance with the requirements of subpart J of
this chapter.
(c) An accredited auditor/certification body must make the records
required by paragraphs (a)(2) to (a)(9) of this section available for
inspection and copying promptly upon written request of an authorized
FDA officer or employee at the place of business of the auditor/
certification body or at a reasonably accessible location. If such
records are requested by FDA electronically, the records must be
submitted electronically, in English, not later than 10 business days
after the date of the request.
Procedures for Accreditation of Third-Party Auditors/Certification
Bodies Under This Subpart
Sec. 1.660 Where do I apply for accreditation or renewal of
accreditation by a recognized accreditation body?
Except as allowed under Sec. 1.670, a third-party auditor/
certification body seeking accreditation must submit its request for
accreditation or renewal of accreditation to an accreditation body
recognized by FDA under this subpart and identified on the Web site
described in Sec. 1.690.
Sec. 1.661 What is the duration of accreditation?
A recognized accreditation body may grant accreditation to a third-
party auditor/certification body under this subpart for a period not to
exceed 4 years.
Sec. 1.662 How will FDA monitor accredited auditors/certification
bodies?
(a) FDA will periodically evaluate the performance of each auditor/
certification body accredited under this subpart to determine whether
the accredited auditor/certification body continues to comply with the
requirements of Sec. Sec. 1.640 to 1.658 and whether there are
deficiencies in the performance of the accredited auditor/certification
body that, if not corrected, would warrant withdrawal of its
accreditation under this subpart. FDA will evaluate each directly
accredited auditor/certification body annually. FDA will evaluate an
accredited auditor/certification body annually evaluated by a
recognized accreditation body under Sec. 1.621 by not later than 3
years after the date of accreditation for a 4-year term of
accreditation, or by no later than the mid-term point for accreditation
granted for less than 4 years. FDA may conduct additional performance
evaluations of an accredited auditor/certification body at any time.
(b) In evaluating the performance of an accredited auditor/
certification body under paragraph (a) of this section, FDA may review
any one or more of the following:
(1) Regulatory audit reports and food and facility certifications;
(2) The accredited auditor's/certification body's annual self-
assessments under Sec. 1.655;
(3) Reports of assessments by a recognized accreditation body under
Sec. 1.621, where applicable;
(4) Documents and other information regarding the accredited
auditor's/certification body's authority, qualifications (including the
expertise and training of its audit agents), conflict of interest
program, internal quality assurance program, and monitoring by its
accreditation body (or, in the case of direct accreditation, FDA); and
(5) Information obtained by FDA, including during inspections,
audits, onsite observations, or investigations, of one or more eligible
entities to which food or facility certification was issued by such
accredited auditor/certification body.
(c) FDA may conduct its evaluation of an accredited auditor/
certification body through onsite observations of performance during a
food safety audit of an eligible entity or through document review.
Sec. 1.663 How do I request an FDA waiver or waiver extension for the
13-month limit for audit agents conducting regulatory audits?
(a) An accredited auditor/certification body may submit a request
to FDA to waive the requirements of Sec. 1.650(c) preventing an audit
agent from conducting a regulatory audit of an eligible entity if the
agent has conducted a food safety audit of such entity during the
previous 13 months. The auditor/certification body seeking a waiver or
waiver extension must demonstrate there is insufficient access to
accredited auditors/certification bodies in the country or region where
the eligible entity is located.
(b) Requests for a waiver or waiver extension and all documents
provided in support of the request must be submitted to FDA
electronically, in English. The requestor must provide such translation
and interpretation services as are needed by FDA to process the
request.
(c) The request must be signed by the requestor or by any
individual authorized to act on behalf of the requestor for purposes of
seeking such waiver or waiver extension.
(d) FDA will review requests for waivers and waiver extensions on a
first in, first out basis according to the date on which the submission
was completed. FDA will evaluate any completed waiver request to
determine whether the criteria for waiver have been met.
(e) FDA will notify the requestor, in writing, whether the request
for a waiver or waiver extension is approved or denied. Such
notification may be made electronically.
(f) If FDA approves the request, the notification will state the
duration of the waiver and list any conditions associated with it. If
FDA denies the request, the notification will state the basis for
denial and will provide the address and procedures for requesting
reconsideration of the request under Sec. 1.691.
(g) Unless FDA notifies a requestor that its waiver request has
been approved, an accredited auditor/certification body must not use
the agent to conduct a regulatory audit of such eligible entity until
the 13-month limit in Sec. 1.650(a) has elapsed.
Sec. 1.664 When can FDA withdraw accreditation?
(a) Mandatory withdrawal. FDA will withdraw accreditation from an
auditor/certification body:
(1) Except as provided in paragraph (b) of this section, if the
food or facility certified under this subpart is linked to an outbreak
of foodborne illness that has a reasonable probability of causing
serious adverse health consequences or death in humans or animals;
(2) Following an evaluation and finding by FDA that the auditor/
certification body no longer meets the requirements for accreditation;
or
(3) Following its refusal to allow FDA to access records under
Sec. 1.658 or to conduct an audit, assessment, or investigation
necessary to ensure continued compliance with this subpart.
(b) Exception. FDA may waive mandatory withdrawal under paragraph
(a)(1) of this section, if FDA:
(1) Conducts an investigation of the material facts related to the
outbreak of human or animal illness;
(2) Reviews the steps or actions taken by the accredited auditor/
certification body to justify the food or facility certification; and
(3) Determines that the accredited auditor/certification body
satisfied the
[[Page 45837]]
requirements for issuance of certification under sections 801(q) or 806
of the FD&C Act, as applicable, and under this subpart.
(c) Discretionary withdrawal. FDA may withdraw accreditation from
an auditor/certification body when such auditor/certification body is
accredited by an accreditation body for which recognition is revoked
under Sec. 1.634, if FDA determines there is good cause for
withdrawal, including:
(1) Demonstrated bias or lack of objectivity when conducting
activities under this subpart; or
(2) Performance that calls into question the validity or
reliability of its food safety audits and food and facility
certifications.
(d) Records access. FDA may request records of the accredited
auditor/certification body under Sec. 1.658 and, where applicable, may
request records of the recognized accreditation body under Sec. 1.625,
when considering withdrawal under paragraphs (a)(1), (a)(2), or (c) of
this section.
(e) Notice to the auditor/certification body of withdrawal of
accreditation. (1) FDA will notify the auditor/certification body of
the withdrawal electronically, in English, stating the grounds for
withdrawal, the procedures for requesting a regulatory hearing under
Sec. 1.693 on the withdrawal, and the procedures for requesting
reaccreditation under Sec. 1.666.
(2) Within 10 business days of the date of withdrawal, the auditor/
certification body must notify FDA electronically, in English, of the
location where the records will be maintained as required by Sec.
1.658.
(f) Effect of withdrawal of accreditation on eligible entities. A
food or facility certification issued by third-party auditor/
certification body prior to withdrawal will remain in effect until the
certification terminates by expiration. If FDA has reason to believe
that a food certification issued for purposes of section 801(q) of the
FD&C Act is not valid or reliable, FDA may refuse to consider the
certification in determining the admissibility of the article of food
for which the certification was offered.
(g) Effect of withdrawal of accreditation on recognized
accreditation bodies. (1) FDA will notify a recognized accreditation
body, electronically and in English, if the accreditation of one of its
auditors/certification bodies is withdrawn. Such accreditation body's
recognition will remain in effect if, no later than 2 months after
withdrawal, the accreditation body conducts a self-assessment under
Sec. 1.622 and reports the results of the self-assessment to FDA as
required by Sec. 1.623(b).
(2) FDA may revoke the recognition of such accreditation body
whenever FDA determines there is good cause for revocation of
recognition under Sec. 1.634.
(h) Public notice of withdrawal and the status of recognition and
food and facility certifications. FDA will provide notice on the Web
site described in Sec. 1.690 of its withdrawal of accreditation of an
auditor/certification body under this subpart.
Sec. 1.665 How do I voluntarily relinquish accreditation?
(a) An accredited auditor/certification body that decides to
relinquish accreditation before it terminates by expiration must notify
the accreditation body (where applicable) and must notify FDA
electronically, in English, at least 6 months before relinquishing such
authority. The notice must identify the location where the records will
be maintained as required by Sec. 1.658. A third-party auditor/
certification body waives the right to a hearing when relinquishing its
accreditation under this subpart.
(b) No later than 15 business days after notifying FDA under
paragraph (a) of this section, the accredited auditor/certification
body must notify any eligible entity to which it issued food or
facility certification under this subpart.
(c) A food or facility certification issued by an accredited
auditor/certification body prior to relinquishing its accreditation
will remain in effect until terminated by expiration. If FDA has reason
to believe that a certification issued for purposes of section 801(q)
of the FD&C Act is not valid or reliable, FDA may refuse to consider
the certification in determining the admissibility of the article of
food for which the certification was offered.
(d) FDA will provide notice on the Web site described in Sec.
1.690 of the voluntary relinquishment of accreditation by an auditor/
certification body.
Sec. 1.666 How do I request reaccreditation?
(a) Application following withdrawal. FDA will reinstate the
accreditation of an auditor/certification body for which it has
withdrawn accreditation:
(1) If, in the case of direct accreditation, FDA determines, based
on evidence presented by the auditor/certification body, that the
auditor/certification body satisfies the requirements for accreditation
and adequate grounds for withdrawal no longer exist; or
(2) In the case of an auditor/certification body accredited by an
accreditation body for which recognition has been revoked under Sec.
1.634:
(i) If the auditor/certification body becomes accredited by a
recognized accreditation body or by FDA through direct accreditation
not later than 1 year after withdrawal of accreditation; or
(ii) Under such conditions as FDA may impose in withdrawing
accreditation.
(b) Application following relinquishment. An auditor/certification
body that previously relinquished its accreditation under Sec. 1.665
may seek accreditation by submitting a new application for
accreditation under Sec. 1.660 or, where applicable, Sec. 1.670.
Additional Procedures for Direct Accreditation of Third-Party Auditors/
Certification Bodies Under This Subpart
Sec. 1.670 How do I apply to FDA for direct accreditation or renewal
of direct accreditation?
(a) Eligibility. (1) FDA will accept applications from third-party
auditors/certification bodies for direct accreditation or renewal of
direct accreditation only if FDA determines that it has not identified
and recognized an accreditation body to meet the requirements of
section 808 of the FD&C Act within 2 years after establishing the
accredited third-party audits and certification program. Such FDA
determination may apply, as appropriate, to specific types of auditor/
certification bodies, types of expertise, or geographic location; or
through identification by FDA of any requirements of section 808 of the
FD&C Act not otherwise met by previously recognized accreditation
bodies. FDA will only accept applications for direct accreditation and
renewal applications that are within the scope of the determination.
(2) FDA may revoke or modify a determination under paragraph (a)(1)
of this section if FDA subsequently identifies and recognizes an
accreditation body that affects such determination.
(3) FDA will provide notice on the Web site described in Sec.
1.690 of a determination under paragraph (a)(1) of this section and of
a revocation or modification of the determination under paragraph
(a)(2) of this section.
(b) Application for direct accreditation or renewal of direct
accreditation. (1) An auditor/certification body seeking direct
accreditation or renewal of direct accreditation must submit an
application to FDA, demonstrating that it is within the scope of the
[[Page 45838]]
determination issued under paragraph (a) of this section, and it meets
the eligibility requirements of Sec. 1.640.
(2) Applications and all documents provided as part of the
application process must be submitted electronically, in English. An
applicant must provide such translation and interpretation services as
are needed by FDA to process the application, including during an
onsite audit of the applicant.
(3) The application must be signed by the applicant or by any
individual authorized to act on behalf of the applicant for purposes of
seeking or renewing direct accreditation.
Sec. 1.671 How will FDA review applications for direct accreditation
and for renewal of direct accreditation?
(a) FDA will review applications for direct accreditation and for
renewal of direct accreditation on a first in, first out basis
according to the date the submission was completed.
(b) FDA will evaluate any completed application to determine
whether the applicant meets the requirements for direct accreditation
under this subpart.
(c) FDA will notify the applicant in writing whether the
application has been approved or denied. FDA may provide such
notification electronically.
(d) If an application has been approved, the notification will list
any conditions associated with the accreditation.
(e) If FDA denies an application, the notification will state the
basis of denial and will provide the address and procedures for
requesting reconsideration of the application under Sec. 1.691.
(f) If FDA does not reach a final decision on a renewal application
before the expiration of its direct accreditation, FDA may extend the
duration of such direct accreditation for a specified period of time or
until the agency reaches a final decision on the renewal application.
Sec. 1.672 What is the duration of direct accreditation?
FDA will grant direct accreditation of a third-party auditor/
certification body for a period not to exceed 4 years.
Requirements for Eligible Entities Under This Subpart
Sec. 1.680 How and when will FDA monitor eligible entities?
(a) FDA may, at any time, conduct an onsite audit of an eligible
entity that has received food or facility certification from an
accredited auditor/certification body under this subpart. The audit may
be conducted with or without the accredited auditor/certification body
or the recognized accreditation body (where applicable) present.
(b) A food safety audit conducted by an accredited auditor/
certification body under this subpart is not considered an inspection
under section 704 of the FD&C Act.
Sec. 1.681 How frequently must eligible entities be recertified?
(a) An eligible entity seeking to maintain facility certification
under this subpart must seek recertification prior to expiration of its
certification. To obtain recertification, the eligible entity must
demonstrate its continuing compliance with the applicable requirements
of the FD&C Act.
(b) FDA may require an eligible entity to renew a food
certification at any time FDA determines appropriate under section
801(q)(4)(A) of the FD&C Act.
General Requirements of This Subpart
Sec. 1.690 How will FDA make information about recognized
accreditation bodies and accredited auditors/certification bodies
available to the public?
FDA will place on its Web site a registry of recognized
accreditation bodies and accredited auditors/certification bodies,
including the name and contact information for each. The registry may
provide information on auditors/certification bodies accredited by
recognized accreditation bodies through links to the Web sites of such
accreditation bodies.
Sec. 1.691 How do I request reconsideration of a denial by FDA of an
application or a waiver request?
(a) An accreditation body may seek reconsideration of the denial of
an application for recognition, renewal of recognition, or
reinstatement of recognition no later than 10 business days after the
date of such decision.
(b) A third-party auditor/certification body may seek
reconsideration of the denial of an application for direct
accreditation, renewal of direct accreditation, reinstatement of direct
accreditation, a request for a waiver of the conflict of interest
requirement in Sec. 1.650(b), or a waiver extension no later than 10
business days after the date of such decision.
(c) A request to reconsider an application or waiver request under
paragraph (a) or (b) of this section must be signed by the requestor or
by an individual authorized to act on its behalf in submitting the
request for reconsideration. The request must be submitted in English
to the address specified in the notice of denial and must comply with
the procedures it describes.
(d) After completing its review and evaluation of the request for
reconsideration, FDA will notify the requestor, in writing, of its
decision to grant the application or waiver request upon
reconsideration, or its decision to deny the application or waiver
request upon reconsideration.
Sec. 1.692 How do I request internal agency review of a denial of an
application or waiver request upon reconsideration?
(a) No later than 10 business days after the date FDA issued a
denial of an application or waiver request upon reconsideration under
Sec. 1.691, the requestor may seek internal agency review of such
denial under Sec. 10.75(c)(1) of this chapter.
(b) The request for internal agency review under paragraph (a) of
this section must be signed by the requestor or by an individual
authorized to act on its behalf in submitting the request for internal
review. The request must be submitted in English to the address
specified in the letter of denial upon reconsideration and must comply
with procedures it describes.
(c) Under Sec. 10.75(d) of this chapter, internal agency review of
such denial must be based on the information in the administrative
file, which will include any supporting information submitted under
Sec. 1.691(c).
(d) After completing the review and evaluation of the
administrative file, FDA will notify the requestor, electronically, of
its decision to overturn the denial and grant the application or waiver
request or to affirm the denial of the application or waiver request
upon reconsideration.
(e) Affirmation by FDA of a denial of an application or waiver
request upon reconsideration constitutes final agency action under 5
U.S.C. 702.
Sec. 1.693 How do I request a regulatory hearing on a revocation of
recognition or withdrawal of accreditation?
(a) Request for hearing on revocation. No later than 10 business
days after the date FDA issued a revocation of recognition of an
accreditation body under Sec. 1.634, the accreditation body or an
individual authorized to act on its behalf may submit a request for a
regulatory hearing on the revocation under part 16 of this chapter. The
written notice of revocation issued under Sec. 1.634 will contain all
of the elements required by Sec. 16.22 of this chapter and will
thereby constitute the notice of an opportunity for hearing under part
16 of this chapter.
(b) Request for hearing on withdrawal. No later than 10 business
days after the date FDA issued a withdrawal of
[[Page 45839]]
accreditation of a third-party auditor/certification body under Sec.
1.664, the auditor/certification body or an individual authorized to
act on its behalf may submit a request for a regulatory hearing on the
withdrawal under part 16 of this chapter. The written notice of
withdrawal under Sec. 1.664 will contain all of the elements required
by Sec. 16.22 of this chapter and will thereby constitute the notice
of opportunity of hearing under part 16 of this chapter.
(c) Submission of request for regulatory hearing. The request for a
regulatory hearing under paragraph (a) or (b) of this section must be
submitted with a written appeal that responds to the basis for the FDA
decision, as described in the written notice of revocation or
withdrawal, as appropriate, and includes any supporting information
upon which the requestor is relying. The request, appeal, and
supporting information must be submitted in English to the address
specified in the notice and must comply with the procedures it
describes.
(d) Effect of submission of request on FDA decision. The submission
of a request for a regulatory hearing under paragraph (a) or (b) of
this section will not operate to delay or stay the effect of a decision
by FDA to revoke recognition of an accreditation body or to withdraw
accreditation of an auditor/certification body unless FDA determines
that a delay or a stay is in the public interest.
(e) Presiding officer. The presiding officer for a regulatory
hearing for a revocation or withdrawal under this subpart will be
designated after a request for a regulatory hearing is submitted to
FDA.
(f) Denial of a request for regulatory hearing. The presiding
officer may deny a request for regulatory hearing for a revocation or
withdrawal under Sec. 16.26(a) of this chapter.
(g) Conduct of regulatory hearing. (1) If the presiding officer
grants a request for a regulatory hearing for a revocation or
withdrawal, the hearing will be held within 10 business days after the
date the request was filed or, if applicable, within a timeframe agreed
upon in writing by requestor, the presiding officer, and FDA.
(2) The presiding officer may require that a regulatory hearing for
a revocation or withdrawal be completed within 1 business day, as
appropriate.
(3) The presiding officer must conduct the regulatory hearing for
revocation or withdrawal under part 16 of this chapter, except that,
under Sec. 16.5 of this chapter, such procedures apply only to the
extent that the procedures are supplementary and do not conflict with
the procedures specified for regulatory hearings under this subpart.
Accordingly, the following requirements are inapplicable to regulatory
hearings under this subpart: The requirements of Sec. 16.22
(Initiation of a regulatory hearing); Sec. 16.24(e) (timing) and (f)
(contents of notice); Sec. 16.40 (Commissioner); Sec. 16.95(b)
(administrative decision and record for decision) and Sec. 16.119
(Reconsideration and stay of action) of this chapter.
(4) A decision by the presiding officer to affirm the revocation of
recognition or the withdrawal of accreditation is considered a final
agency action under 5 U.S.C. 702.
Audits for Other Purposes
Sec. 1.698 May importers use reports of regulatory audits by
accredited auditors/certification bodies for purposes of subpart L of
this part?
An importer, as defined in Sec. 1.500 of this part, may use a
regulatory audit of an eligible entity, documented in a regulatory
audit report, in meeting requirements for an onsite audit of a foreign
supplier under subpart L of this part.
PART 16--REGULATORY HEARING BEFORE THE FOOD AND DRUG ADMINISTRATION
0
3. The authority citation for 21 CFR part 16 continues to read as
follows:
Authority: 15 U.S.C. 1451-1461; 21 U.S.C. 141-149, 321-394,
467f, 679, 821, 1034; 28 U.S.C. 2112; 42 U.S.C. 201-262, 263b, 364.
0
4. Section 16.1 is amended by numerically adding the following entry in
paragraph (b)(2) to read as follows:
Sec. 16.1 Scope.
* * * * *
(b) * * *
(2) * * *
Sec. Sec. 1.634 and 1.664, relating to revocation of recognition
of an accreditation body and withdrawal of accreditation of auditors/
certification bodies that conduct food safety audits of eligible
entities in the food import supply chain and issue food and facility
certifications.
* * * * *
Dated: July 23, 2013.
Leslie Kux,
Assistant Commissioner for Policy.
[FR Doc. 2013-17994 Filed 7-26-13; 8:45 am]
BILLING CODE 4160-01-P
