BRCGS Supplier Management: What the Standard Actually Requires

What BRCGS requires for supplier approval, monitoring, and risk assessment. A practical guide for South African food manufacturers managing their supply chain under Issue 9.

Introduction: Why BRCGS Doesn't Leave Supplier Management to Chance

If you've ever worked with both FSSC 22000 and BRCGS, you'll have noticed a distinct difference in how each standard approaches supplier management. FSSC 22000, underpinned by ISO 22000, is largely system-based — it asks you to demonstrate that you have a process in place and that it works. BRCGS Issue 9 is significantly more prescriptive. It tells you not only that you need supplier controls, but how those controls must function, what evidence must exist, and how often that evidence must be refreshed.

For South African food manufacturers — particularly those supplying major retail chains such as Woolworths, Pick n Pay, Checkers, or exporting to the UK and EU markets — understanding this distinction isn't academic. It is the difference between a clean audit and a stack of non-conformances.

Section 3.5 of the BRCGS Global Standard for Food Safety Issue 9 governs supplier and raw material approval and performance monitoring. It is one of the most document-intensive sections of the standard, and it touches nearly every other clause in the system: your HACCP plan, your traceability programme, your specifications, and your incoming goods controls.

This guide deconstructs what the clauses actually require, how to build a defensible risk-based system, and where South African manufacturers most commonly fall short.

Section 1: The Supplier Approval Process — What the Clauses Actually Say

The Core Obligation (Clause 3.5.1.2)

BRCGS requires a documented procedure for both the initial and ongoing approval of raw material and primary packaging suppliers. This procedure must be risk-based, and it must specify one or more of the following approval methods:

• BRCGS or GFSI-benchmarked certification — the most straightforward route. If your supplier holds a valid BRCGS, FSSC 22000, SQF, or equivalent certification that covers the specific products they supply to you, that certification can serve as the basis for approval. However, BRCGS is clear: a photocopy of the certificate is not sufficient. You must verify current certification status independently — for BRCGS suppliers, this can be done via the BRCGS Directory. You must also confirm that the scope of certification actually covers the materials being purchased.
• Supplier audits — conducted by an experienced, demonstrably competent auditor. The audit scope must cover product safety, traceability, HACCP review, and good manufacturing practices (GMPs). Where a second- or third-party audit is used, you must be able to demonstrate auditor competency, confirm the audit scope meets requirements, and obtain the full audit report — not a summary, not a certificate.
• Supplier questionnaires — but only for low-risk suppliers, and only where a documented, risk-based justification exists. The questionnaire must cover product safety, traceability, HACCP review, GMPs, product security, food defence, and product authenticity. Critically, it must have been reviewed and verified by a demonstrably competent person.

Verifying Traceability (Clause 3.5.1.6)

One element of supplier approval that many manufacturers underestimate is the traceability verification requirement. Where supplier approval is based solely on a questionnaire, you are required to verify that the supplier's traceability system is functional. This verification must occur at first approval and then at least every three years.

BRCGS provides phased guidance for initial certification: verify at least one-third of suppliers in year one (prioritising high-risk materials), two-thirds by year two, and all suppliers by year three.

Section 2: Risk-Based Supplier Categorisation — Building a Defensible Tier System

Before you can apply the correct approval method, you must complete a documented raw material risk assessment (Clause 3.5.1.1). This assessment underpins everything that follows. It must consider:

• Allergen content and contamination potential
• Microbiological contamination risk
• Chemical contamination risk
• Foreign-body risks
• Species or variety cross-contamination
• Substitution and fraud risk (food authenticity)
• Country of origin considerations
• Legislative requirements in both the country of manufacture and the country of sale

The output of this risk assessment determines your supplier tier and, therefore, your approval and monitoring obligations.

A Practical Three-Tier Framework

Section 3: Raw Material Specifications and Incoming Goods Verification

Specifications (Section 3.6)

Every raw material and primary packaging component must have a written specification. This is not optional, and it must be current. Specifications must be available to relevant personnel — including goods receipt staff — and must cover:

• Product description, grade, and relevant legislative requirements
• Microbiological, chemical, and physical parameters
• Allergen status
• Labelling requirements
• Shelf-life and storage conditions

Incoming Goods Acceptance (Clause 3.5.2.1)

Your goods receipt procedure must be based on the raw material risk assessment and must document:

• Who is authorised to accept or reject incoming materials
• What checks must be completed, and at what frequency
• Acceptance criteria (defined limits, not vague descriptors)
• Management of non-conforming product

Acceptable verification methods include one or more of the following:

• Visual inspection — packaging integrity, pest evidence, pallet condition, correct labelling
• Product sampling and testing — microbiological, chemical, allergen, or physical testing
• Certificates of Analysis (CoA) — these must be consignment-specific (batch- or lot-specific), not generic product CoAs
• Certificates of Conformance (CoC) — confirming the consignment meets the agreed specification

A goods receipt matrix is best practice and is specifically referenced in the BRCGS Interpretation Guideline. This matrix lists each raw material, the required checks, the frequency, and the acceptance criteria. It belongs at goods receipt — on the wall, in the system, or in a folder that receiving staff actually use.

Records of every delivery and every check must be maintained. These records are likely to form part of the traceability challenge during your audit.

Communicating Changes (Clause 3.5.2.2)

When a raw material changes — even packaging design or label artwork — this change must be formally communicated to goods receipt personnel so that only the correct version is accepted. This is particularly critical for allergen labelling changes, where incorrect or obsolete packaging entering production is a serious food safety risk.

Section 4: Monitoring and Ongoing Evaluation — What Auditors Look For

Approving a supplier once is not sufficient. BRCGS requires a documented process for ongoing supplier performance review (Clause 3.5.1.3), based on risk and defined performance criteria.

What "Ongoing Monitoring" Must Look Like

• Where approval is based on a questionnaire, it must be reissued at least every three years. Suppliers must notify you of any significant changes in the interim, including changes to certification status.
• Where approval is based on certification, you must actively track certificate expiry and re-verify status at renewal.
• Performance criteria must include food safety, authenticity, legality, and quality considerations — not just commercial metrics like delivery punctuality.

Performance Criteria to Include

Typical criteria that auditors will look for in your monitoring system:

• Incidences of non-conforming raw materials received
• Complaints or quality rejections linked to specific suppliers
• Supplier responses to emerging food safety risks or alerts
• Certificate status and audit findings (for certified suppliers)
• Adherence to specification (supported by CoA review)

Your approved supplier list (Clause 3.5.1.4) must be up to date and must be accessible to goods receipt staff. An out-of-date list is a common finding — and entirely avoidable.

During the Audit Itself

Expect the auditor to:

• Pull a raw material from your traceability challenge and trace it back through your approved supplier list
• Request your supplier approval files for that raw material's supplier and scrutinise the evidence
• Challenge whether your risk assessment justifies the approval method used
• Check the date of the last questionnaire or certificate verification
• Cross-reference your goods receipt records against your acceptance procedure

Section 5: Outsourced Processes and Sub-contracted Activities

Section 3.5.4 addresses outsourced processing — defined as any intermediate production, processing, or storage step completed at another company or site, with the product returning to your site afterwards. This includes outsourced blending, cooking, cold storage, packing, or any other intermediate step.

Important clarity: Where a product leaves your site and does not return, that is not outsourced processing under BRCGS — it falls outside your audit scope. Where raw materials receive additional processing before they arrive at your site, that is also not outsourced processing — it is managed through your supplier approval system.

What the Standard Requires for Outsourced Processors

Clause 3.5.4.1 — You must notify your customer of any outsourced intermediate processing. Many customers require formal approval. If this is already captured in the agreed product specification, that typically serves as evidence of customer awareness.

Clause 3.5.4.2 — Outsourced processors must be approved and monitored using the same methods as raw material suppliers: BRCGS/GFSI certification or a full audit (covering product safety, traceability, HACCP, food defence, and GMPs). Unlike raw material suppliers, questionnaires alone are not listed as an acceptable approval method for outsourced processors.

Clause 3.5.4.3 — The risks from outsourced processing must be incorporated into your HACCP plan. If your co-packer handles allergens that you don't, that cross-contamination risk must appear in your hazard analysis and be controlled.

Clause 3.5.4.4 — A service specification must exist — equivalent to a finished product specification — documenting what the outsourced processor must do, and any specific handling requirements.

Clause 3.5.4.5 — A formal contract must be in place, and product traceability must be maintained throughout the outsourced step.

Clause 3.5.4.6 — You must have inspection and test procedures for products returned from outsourced processing, including visual, chemical, and/or microbiological testing, based on risk assessment.

Section 6: Common Non-Conformances Facing South African Manufacturers

South African food manufacturers face several supplier management challenges that are partly structural and partly systemic. These are the non-conformances most frequently raised during BRCGS audits in the local context.

1. Supplier Questionnaire Backlogs

Many sites have approved suppliers on their list who have not returned a questionnaire in three or more years — or have never returned one at all. The questionnaire requirement is treated as a once-off onboarding activity rather than an ongoing monitoring tool. At audit, the QA manager scrambles to chase responses from suppliers who no longer recognise the site contact's email address.

Fix: Build questionnaire renewal into your supplier management calendar. Set calendar reminders 90 days before the three-year deadline. Consider using a simple supplier portal or shared Google Form to streamline collection.

2. Inadequate Risk Assessments

Risk assessments that consist of a single sentence ("This supplier is low risk because they have been supplying us for 10 years") will not satisfy a BRCGS auditor. A long trading relationship reduces commercial risk — it does not reduce food safety risk.

Fix: Use a documented risk matrix that scores each raw material against allergen status, microbiological risk, fraud vulnerability, country of origin, and regulatory exposure. The score determines the tier. The reasoning must be traceable.

3. International Supplier Documentation in Foreign Languages

South African manufacturers who source ingredients from Asia, South America, or Eastern Europe frequently receive supplier documentation — audit reports, questionnaires, certificates of conformance — in languages other than English. BRCGS does not explicitly mandate certified translations, but an auditor cannot assess compliance with documentation they cannot read. In practice, untranslated documents are treated as unusable evidence.

Fix: Require English-language documentation as part of your supplier agreement terms. Where this isn't possible, commission professional translations of key documents (audit reports and questionnaires, at minimum) and retain them on file.

4. Certificate Copies Without Verification

Sites that hold photocopied BRCGS or FSSC 22000 certificates in their supplier files without independently verifying current certification status are exposed. A supplier may have lost certification, been suspended, or had their scope reduced after the copy was provided.

Fix: Verify all supplier certifications in the BRCGS Directory or the relevant GFSI scheme database at each annual review. Record the date and result of the verification check. A screenshot with a date stamp is adequate evidence.

5. Goods Receipt Records Not Linked to Supplier Approval

Goods receipt check sheets that record deliveries without cross-referencing the approved supplier list, or that use acceptance criteria not aligned to the current specification, create a disconnect that auditors will identify during the traceability challenge.

Fix: Ensure your goods receipt matrix is aligned to your current raw material specifications and approved supplier list. Review all three documents together annually.

6. Outsourced Processors Not in the HACCP Plan

Sites that outsource a processing step — cold storage, blending, co-packing — but have not included that step in their process flow diagram or HACCP analysis are in violation of Clause 3.5.4.3. This is a surprisingly common finding, particularly for sites that have recently started using a co-manufacturer.

Fix: Any time a new outsourced processing arrangement is established, trigger a formal HACCP review. Update the process flow diagram first, then re-run the hazard analysis for the affected steps.

Section 7: Supplier Management as the Bedrock of Supply Chain Visibility

It would be a mistake to treat supplier management as a compliance exercise separate from your broader food safety system. BRCGS is deliberate in how Section 3.5 connects to the rest of the standard.

Your supplier approval system feeds your traceability system. The records you maintain at goods receipt — batch codes, CoAs, CoCs, supplier identifiers — are the first link in your traceability chain. When an auditor conducts a traceability challenge (which they will), they will trace a finished product batch back through production records, back through the goods receipt system, and back to the supplier. If the supplier approval evidence doesn't stack up at that point, the traceability challenge fails.

Your raw material risk assessment feeds your HACCP plan. Hazards identified in your risk assessment for each raw material must flow through into the HACCP study — either as inputs to the hazard analysis or as control measures applied at goods receipt. The two documents must be coherent.

Your specifications connect supplier approval to goods receipt to production. A raw material that arrives out-of-specification is only identifiable as such if your goods receipt procedure references a current, agreed specification — and the supplier was approved against that same specification.

This interconnectedness is not accidental. It is precisely what makes BRCGS audit trails comprehensive — and what makes gaps in supplier management so consequential during an audit.

Ready to Get Your Supplier Management System Audit-Ready?

Understanding the requirements is the first step. Building a system that works consistently — through staff turnover, supplier changes, and annual audit cycles — requires the right structure.

Explore our Supplier Management gallery card for a visual overview of how the BRCGS Issue 9 supplier management clauses connect, the key documents required at each stage, and a ready-to-use supplier tier classification framework.

You may also find our companion article on BRCGS Traceability Requirements useful — traceability and supplier management are tightly linked under Issue 9, and gaps in one almost always surface in the other.

*Figuro System documents referenced in this article are designed for South African food manufacturers pursuing BRCGS certification or retail supplier approval. All clause references are to BRCGS Global Standard for Food Safety Issue 9.*