Skip to main content
Heads upFSMA 204 compliance is July 20, 2028 — extended via H.R. 5371 in November 2025. Get the implementation checklist →
HACCPLAN
Start free
Product / Audit

Product / Audit

Audit-readiness software for the unexpected inspection.

Most audit-prep tools tell you what records you have. The good ones tell you what the inspector will score you against and where you'll lose the points. Built around how SQF Edition 10, BRCGS Issue 9, FSSC V7, and the CFIA Safe Food for Canadians Regulations actually grade — not against a generic 200-row checklist.

Updated 2026ProductAudit

Andrew Langevin· 2026-06-04· 11 min read

I run a CFIA-licensed mushroom production facility in Brantford, Ontario. CFIA is the Canadian Food Inspection Agency — Canada's federal food regulator. I built HACCPlan because I needed an audit-prep system for my own operation that did more than store files in folders. The Audit Readiness module is the part of the product that scores your facility against the actual scheme your auditor will use — not a generic checklist with the scheme name in the title.

01The problem

Why most "audit-ready" software isn't.

Search "food safety audit software" and the same pattern repeats. Every product page says it supports SQF, BRCGS, FSSC, and FSMA. Every product page promises "audit-ready." Every product page shows a dashboard with a green tick.

The reality on the floor of a 30-person plant preparing for its first SQF Edition 10 audit is different. The QA manager opens the platform, fills out a template that asks 200 generic food-safety questions, and gets back a percentage score. Then the certification body's auditor shows up six weeks later, scores the same facility against the actual SQF Edition 10 scoring rules, and the number is 11 points lower. The template wasn't wrong. It just wasn't the scheme. The auditor was scoring Core Clauses with a weighted point system. The template was counting checkboxes.

That gap — between the score a generic checklist gives you and the score a certification-body audit gives you — is what an audit-readiness module has to close. Three things make that hard, and most platforms do not do all three:

  1. 01

    Scheme-version-specific scoring

    SQF Edition 10 (published March 2026, mandatory January 2027) changed how Core Clauses are weighted. A minor non-conformance against a Core Clause is now 2 points instead of 1. A major is 7 points instead of 5. The same five minors and one major that scored 10 points under Edition 9 score 17 points under Edition 10. A site sitting at 90 on Edition 9 can drop to 83 on Edition 10 without changing a single procedure. (Sources: Eurofins on the Edition 10 scoring change, Registrar Corp's non-conformances breakdown.)

  2. 02

    Evidence-linked scoring, not yes/no scoring

    Auditors don't accept "yes, we do that." They want the record on the shelf. If your tool counts a "yes" the same as a "yes plus uploaded record," it's overscoring you. The auditor will not.

  3. 03

    A way to find the gaps before they cost certification

    SQF allows a maximum of 30 minor non-conformances before the audit fails. BRCGS Issue 9 will drop you a full grade letter for a single major. A point-impact ranking — "fixing this clause gains you 4 points; fixing this one gains you 0.5" — tells you what to work on first. That ranking is harder to build than a list of missing documents, and it is the thing that actually moves the audit-day score.

A short definition list before we go further

GFSI — the Global Food Safety Initiative, the body that benchmarks the major retailer-recognized audit schemes (SQF, BRCGS, FSSC 22000, and a few smaller ones).

SQF — Safe Quality Food. A GFSI-recognized scheme owned by FMI (the Food Industry Association). Edition 10 was published March 2026 and becomes mandatory January 2027.

BRCGS — Brand Reputation through Compliance Global Standards. A GFSI-recognized scheme historically tied to UK retail; Issue 9 is current.

FSSC 22000 — Food Safety System Certification. ISO 22000 plus sector PRPs (prerequisite programs) plus FSSC additional requirements. Version 7 publishes May 2026.

SFCR — Safe Food for Canadians Regulations. The Canadian federal framework. Part 4 is preventive controls; Part 5 is traceability. Not a GFSI scheme — a regulator's inspection.

PCP — Preventive Control Plan. The written plan SFCR licence holders must have. Equivalent in function to a HACCP plan plus the operating programs that support it.

NC — non-conformance. The finding category used in audits, classified as minor, major, or critical.

For the broader operator playbook on what an inspector actually looks for, how to pass a food safety inspection walks through the universal pattern — five risk factors, seven common failures, the five-minute daily walkthrough — that sits behind every scheme.

02The four schemes

The four schemes the module scores against — and why one engine is not enough.

If you're shopping audit-readiness software, the first filter is "which scheme does my auditor use?" The four that matter for the small and mid-sized food business market are SQF Edition 10, BRCGS Issue 9, FSSC 22000 Version 7, and CFIA SFCR. Each one scores differently. That sentence is the entire reason a single scoring engine across all four does not work.

SQF Edition 10 — point deductions with weighted Core Clauses.

SQF scores against a 100-point ceiling with point deductions for non-conformances. Edition 10 changes the outcome bands. A site earning 80 to 100 is Certified. 70 to 79 is Certified with Surveillance — meaning the certification body will be back in six months for a surveillance audit, not the usual 12. Below 70 is a fail and triggers an audit re-do or a suspension.

The big change is the Core Clauses. Edition 10 introduced a weighted set of clauses where every minor non-conformance is worth 2 points (versus 1 under Edition 9), every major is 7 (versus 5), and a critical is still 50 plus an automatic fail on initial certification. The practical implication is the one I led with: the same physical findings score differently after the transition. If you are heading into your first audit under Edition 10, the score you got on the Edition 9 internal audit your consultant ran last quarter is not the score you will get on audit day. Modeling that transition correctly is the table stakes work an audit-readiness module has to do. (See SQFI's guidance on which Code edition to use.)

BRCGS Issue 9 — letter grades from finding counts, plus unannounced rules.

BRCGS does not use point deductions. It uses letter grades based on the count and severity of non-conformances. AA is 0 to 5 minors and zero majors. A is 6 to 10 minors and zero majors. B is 11 to 16 minors or 1 major. C, D, and Uncertified follow the same logic with more findings or more majors. One major drops you a grade no matter how clean the rest of the audit is. (See the BRCGS Position Statement on Unannounced Audits for the grade-band detail.)

There is also an unannounced audit cadence. Sites on the Announced+Unannounced program have to take at least one unannounced audit every three years. The grade gets a + suffix when achieved unannounced. UK Tier 1 retailers (Tesco, Sainsbury's) typically require A or AA. M&S and Waitrose tend to require AA. The implication for an audit-readiness module is that a BRCGS site has to be ready every working week of the year, not just in the run-up to the announced audit.

FSSC 22000 Version 7 — Stage 1 plus Stage 2 with a hard major-NC gate.

FSSC has a three-layer architecture: ISO 22000:2018 at the base, then ISO/TS 22002-x prerequisite programs for the sector, then FSSC's additional requirements covering food fraud, food defense, allergen management, environmental monitoring, labelling, and services and utilities.

The audit itself runs in two stages. Stage 1 is a documentation review, one to two days on site. Stage 2 is implementation verification, two to three days. An unresolved major non-conformance at Stage 2 closure blocks certification. The site has 28 days to submit a corrective action plan and six months to close it before the certificate is denied. Version 7 publishes May 2026 and initial certification audits will be required against V7 from May 2027. Sites currently certified to V6 upgrade during their next surveillance or recertification audit in the transition window. (See the FSSC 22000 V7 Upgrade Process.)

A readiness module that does not distinguish Stage 1 readiness (documentation complete and current) from Stage 2 readiness (implementation evidence on the floor) is missing the point. The two phases fail for different reasons.

CFIA SFCR — not a point system, not a letter grade.

This is the one I have personal experience with. The SFCR PCP inspection is not a GFSI scheme. It is a federal regulatory inspection that runs against the CFIA Implementation Verification operational procedure. There is no score. There are two finding categories the inspector uses:

  • Deviation — defined as a disparity between the regulated party's established Preventive Control Plan and the implementation of that plan. This is an internal-system finding. The plan says one thing; the floor does another.
  • Non-compliance — a legal contravention of the applicable Acts or Regulations. This triggers CFIA enforcement options under sections 50 and 51 of the Safe Food for Canadians Act.

The CFIA inspector verifies completeness, implementation, and effectiveness of the PCP across hazard analysis, preventive controls, monitoring, verification, corrective action, records, and traceability. SFCR §86 requires most records to be retained two years. Part 5 of the SFCR requires one-up/one-back traceability identification within 24 hours of a request.

The reason this matters for an audit-readiness platform is that almost no US-based food-safety SaaS scores against SFCR specifically. The Canadian licensees I talk to most often get a SaaS that "supports Canadian regulations" as a footnote and end up building their own internal scoring sheet because the platform did not. HACCPlan was built on my facility. SFCR scoring was the first thing in the module, not the last.

03The scoring matrix

How the Audit Readiness module actually scores.

Four scoring categories. Plan, Records, Operations, Training. Each scheme weights them differently. The weights are not arbitrary — they reflect actual deduction patterns from the certification bodies' published audit data.

Plan

HACCP / PCP / FSP

Hazard analysis completeness, CCP and preventive-control validation, flow diagram accuracy, scope and product description, food fraud and food defense assessments where the scheme requires them. Weighted heaviest under CFIA SFCR (around 40%) because the Implementation Verification procedure leans hard on plan completeness. SQF Edition 10 around 30%, BRCGS 25%, FSSC V7 35%.

Records

The 13 months

Monitoring records, verification records, corrective actions, training records, document control, and complaint logs — for the last 13 months minimum. This is the category that most often costs sites their grade. FSNS data on Top 10 SQF non-conformities shows records-maintenance findings in the top five every year. Weighted around 30% across all four schemes.

Operations

What the floor looks like

Facility condition, GMPs and prerequisite programs, equipment design, sanitation effectiveness, pest control, environmental monitoring where the scheme requires it. The category that an inspector validates by walking the room. Walls, ceilings, doors, equipment design, and temporary repairs are persistent top-finding categories. BRCGS weights this around 30% (the BRCGS Section 4 — Site Standards — is on average 59% of findings per FSNS BRC data). SQF and FSSC around 25%; SFCR around 20%.

Training

Including culture

Role-appropriate training, competency evidence, and the food safety culture indicators that GFSI added as an explicit certification requirement in its December 2024 benchmark update. SQF Edition 10 requires scheduled Culture of Food Safety meetings with documented metric review. BRCGS clause 1.1.2 requires visible senior-management commitment. FSSC V7 Layer 3 requires a documented culture plan plus behavioral observation evidence. Weighted around 15% across SQF, BRCGS, and FSSC; around 10% for SFCR.

Inside each category, every clause in the scheme is mapped to the category at its appropriate weight. When you answer a clause-level question, you have to attach the evidence: the monitoring record, the calibration cert, the training roster, the SOP. Without the evidence, the system scores the answer as "claimed but not evidenced" at 50% of the point value. The dashboard recomputes every time you upload a record or close a task.

The output isn't just a percentage. It's a per-clause readiness state — green, amber, red — plus a recommended grade or score that matches the certification body's grading method. An auditor-mode export produces a PDF in the same format the certifier's audit report uses, so the QA manager and the GM are not surprised by the document on audit day.

04The free quiz

The Audit-Readiness Quiz — 50 questions, 8 minutes, no commitment.

Before the paid product, there is a free interactive quiz on the site that does a lighter version of the same scoring. 50 questions, scheme selector at the start (SQF Edition 10, BRCGS Issue 9, FSSC V7, SFCR, or 21 CFR Part 117 for US FDA-registered facilities), and a category-by-category readiness score at the end across Plan, Records, Operations, and Training.

The quiz is genuinely free and ungated until the score reveal. An email at score time gets you a personalized gap report PDF identifying the highest-impact gaps you'd want to close first. The thinking is straightforward: nobody buys audit-prep software based on the marketing copy. They buy it after they've seen what the scoring actually looks like applied to their own facility. The quiz is that proof.

Mapping the quiz to the paid product: the quiz asks 50 questions; the paid product asks 400 to 1,200 depending on scheme. Quiz scoring uses the same category weights but skips the clause-by-clause evidence requirement. Useful for a baseline. Not a substitute for the dry-run.

05Mock audit

The mock audit — five phases that predict the real one.

The cadence the industry recommends — and the one I'd recommend from operating experience — is two mocks for a first-time certification: one at T-90 days (gap finding) and one at T-30 days (dress rehearsal). For recertification, one mock at T-30 days. For high-risk sites, quarterly internal audits scoped to specific areas (sanitation, allergen control, environmental monitoring).

The Mock Audit feature scripts five phases that mirror the certification body's actual audit structure:

  1. 01

    Opening Meeting Simulation

    Eight standard auditor questions the QA manager and the site lead need to be able to answer cold. Scope of the audit, locations included, key staff and roles, recent changes since the last audit, any open non-conformances from the previous audit, allergen handling overview, recall procedure status, and any pending regulatory actions. If the answers come out flat in the simulation, that is the conversation to have with the team before the real auditor walks in.

  2. 02

    Document Audit

    Sequenced clause-by-clause prompts mirroring the certifier's audit guide. The system asks for the document, you upload it, and the platform tags it against the clause. Missing documents are flagged. Out-of-date documents (last revised more than 13 months ago on a record that needs to be current) are flagged. This is the phase that historically takes the longest, and the one where the dry-run gives you the most lead time to fix gaps.

  3. 03

    Facility Walk

    A mobile checklist. The user walks the facility with the tablet, photographs observations, geo-tags them to the production area, and notes severity. The walk follows the scheme's Site Standards or PRP checklist. Photos and observations attach to the clause they relate to. The point is to catch the wall-paint, door-seal, equipment-condition issues that the auditor will spot on day two before they get cited.

  4. 04

    Personnel Interview

    Five randomized questions per role — line operator, sanitation, QC, maintenance, receiver. The script varies by role because the auditor's questions vary by role. An auditor asks a sanitation operator about their chemical concentrations, not about CCP critical limits. An auditor asks a line operator about the temperature on their station, not about the recall procedure. The simulation prepares the right person for the right question.

  5. 05

    Closing Meeting

    Auto-generated findings list with severity classification, point-impact estimate, and a recommended grade or score that matches how the certifier would grade the same audit. The output is a mock audit report styled like the certification body's report. Run T-90; compare to the internal audit of record; fix gaps; re-run at T-30.

The single most useful question the mock answers: "if the auditor walked in tomorrow, what grade would we get and which three findings would cost us the most points?" That's the number the QA manager carries into the morning standup.

06The binder

The document binder — auto-rebuilt every 24 hours.

Auditors open with the binder. They will ask for the food safety plan, the licence or registration, and 13 months of monitoring records before they walk anywhere. The opening-meeting binder used to be a physical three-ring with tabs. It is now a digital export, and the export has to be current to the day.

What HACCPlan compiles into the binder, indexed by scheme clause:

  • HACCP, FSP, or PCP plus the hazard analysis and CCP or preventive-control monitoring records for the last 13 months
  • Internal audit reports plus corrective action evidence, 13 months
  • Management review minutes, 13 months
  • Training records by role plus competency evidence
  • Supplier approval list plus verification records
  • Sanitation Master Schedule plus verification records
  • Pest control reports from your third-party provider, 13 months
  • Environmental monitoring records where applicable to the scheme
  • Customer complaint log plus corrective actions
  • Recall procedure plus most recent mock recall test (annual minimum)
  • Allergen management program plus label verification records
  • Calibration records for thermometers, pH meters, and any in-line measurement device
  • Licence, registration, and any permits required by jurisdiction

The export is a single PDF (clause-indexed) plus a ZIP of source documents. Rebuilt every 24 hours during the audit window so the auditor sees the live state, not last week's snapshot. When the auditor asks for "the sanitation training records for the second shift for the past 12 months including signatures," the answer is two taps, not 40 minutes of folder-hunting.

What auditors are actually counting

The certification-body audit reads records the same way a regulator does: pick a section, pick a random date in the last two to four weeks, count backwards looking for blanks. Two consecutive blank days in a refrigerator log, or a sanitation verification with the same handwriting across three weeks of shifts, is the cue that triggers the deeper questions. The dry-run finds these patterns first.

07The dashboard

The morning-standup dashboard — point impact, not just gap counts.

This is the screen the QA manager opens with coffee, and the one the General Manager looks at on Monday morning.

  1. 01

    Overall readiness score by scheme — live single number

    Recomputed every time a record is uploaded or a task is closed. Headline number that everyone on the site sees the same way.

  2. 02

    Score broken out by category

    Plan, Records, Operations, Training — each with its own number. Operations sitting at 72% while Plan is at 91% tells you exactly where the standup conversation needs to go.

  3. 03

    Top 10 gaps ranked by point impact

    Not "what's missing" — what's missing weighted by how many points closing it gains you. "Close this sanitation calibration log gap: +4 points. Close this training refresh: +0.5 points." That ranking is the differentiator. Other tools show what's missing; this one shows you what to do first.

  4. 04

    Days-to-audit countdown with task burndown

    Audit date entered, working-day countdown, with the rolling task list burning down against it. If the burndown stalls, the dashboard flags it.

  5. 05

    Critical NC alarms plus Core Clause amber warnings

    Any clause classified as "critical" by the scheme that is in a red state gets a high-visibility alarm. Core Clauses in amber get a softer warning. The QA manager knows immediately what would auto-fail the audit if the auditor walked in today.

  6. 06

    90-day trend line

    Are you converging on certification or drifting? The trend matters more than the snapshot. A score that climbed from 71 to 84 over eight weeks tells a different story than a score that has been stuck at 84 for eight weeks.

  7. 07

    Multi-site rollup, sortable by readiness or audit date

    For operators running more than one site, the rollup shows each site's score and its next audit date. The director of operations can sort by lowest readiness or soonest audit and know which plant to visit this week.

The point-impact ranking is the piece I built specifically because I had not seen it elsewhere. When the auditor's findings are weighted differently (Core Clauses scoring at 2× the rest), the priority of what to fix is also weighted differently. Fixing a 0.5-point gap before a 4-point gap is the kind of misallocation that costs sites their certification.

08The top failure modes

The findings the engine prioritizes — because they're the ones auditors find.

The 2025 FSNS Top 10 SQF Non-Conformities report is the most useful single data source for what audit-readiness software has to surface. The ranking, abbreviated:

  1. Cleaning and sanitation (clauses 9.2.5.1 and 11.2.5.1) — areas not properly cleaned, expired titration kits
  2. Walls, ceilings, doors (11.1.2.4) — rust, peeling paint, unsealed junctions
  3. Hazardous chemicals (9.6.4.1 and 11.6.4.1) — labeling issues, missing Safety Data Sheets
  4. Records maintenance (2.2.3.2) — incomplete forms, illegible markouts
  5. HACCP plan flow diagram (2.4.3.6) — missing processing aids, waste streams
  6. Hazard analysis (2.4.3.7) — incomplete analysis, missing ingredient assessments
  7. Equipment design (11.1.7.2 and 9.1.7.2) — damaged or non-cleanable repairs
  8. Temporary repairs (11.2.1.6) — undocumented, no completion plan
  9. Internal audits (2.5.4.1) — missing evidence, no corrective actions
  10. Document control (2.2.2.1) — obsolete versions, missing revision information

Seven of the ten are in the Records or Operations category. That is the empirical basis for weighting those two categories at 55% to 60% of total scoring. The BRCGS pattern is the same: on average 4.86 NCs per BRCGS audit and 59% of findings tied to Section 4 (Site Standards), per FSNS's BRC non-conformity data.

The dashboard's point-impact ranking is built directly against this distribution. The clauses that most often cost sites points are weighted to surface first when their state is anything other than green.

09Culture

Food safety culture — the line item competitors are still catching up to.

GFSI's December 2024 benchmark update made food safety culture an explicit certification requirement across SQF, BRCGS, and FSSC. From 2026 onward, sites will see culture findings show up in audits the same way they see allergen-program findings. The three schemes each handle it slightly differently:

  • SQF Edition 10 requires scheduled Culture of Food Safety meetings, documented metric review, walk-throughs, and employee feedback loops.
  • BRCGS Issue 9 clause 1.1.2 frames it as senior management commitment — visible leadership, allocated resources, communicated objectives.
  • FSSC V7 Layer 3 requires a documented culture plan plus behavioral observation evidence.

A culture sub-score sits inside the Training category in the readiness scoring. Inputs include employee survey results, leadership walk-through frequency, communication evidence (newsletters, town halls, posted commitments), and near-miss reporting volume. None of those are hard to record; the gap is that most operators don't have a single place to record them. Culture as a scored item is the next 12-month story in this category, and the readiness module is built for it now rather than retrofitted later. (See Meritech on applying GFSI's culture requirements.)

10Why I built it this way

The Brantford story — why SFCR scoring was the first thing built.

Quick context on where this came from. I licensed my facility in Brantford under SFCR in 2023. The first inspection was the one I described in the inspection-prep article — the inspector walked in, asked for the licence, asked for the PCP, then put the binder down and walked the room. The whole inspection was a check on whether what the PCP said matched what the floor did.

That experience is the reason the module separates Plan (what the PCP says) from Operations (what the floor looks like) from Records (what the monitoring documents show). They are three different failure modes. A site can have a beautiful PCP and a chaotic floor. A site can have a clean floor and missing records. A site can have everything except an honest, current Hazard Analysis. The scoring has to surface the gap regardless of which axis it falls on, because the inspector will.

The other reason SFCR scoring was the first thing built: there are roughly 7,500 CFIA-licensed food businesses in Canada at SME scale, and most of them are not GFSI-certified. They need SFCR readiness specifically — not a US-oriented platform that supports Canadian regulations as a footnote. I am building the tool I needed in 2023.

I'll say what I'm not. I am not a certified SQF Practitioner. I am not a registered Lead Auditor. The platform is not a substitute for either of those. What it is: a system built by an operator who has been through the inspection, who has the daily standup discipline of running an audit-ready facility, and who has built the same data model into software for other operators going through the same trajectory.

I'm not trying to catch you. I'm trying to confirm that what the plan says and what the floor does are the same thing.

The CFIA inspector at my third Brantford visit

11Transition timing

The edition-transition window — and why you should know exactly where you sit.

Two major edition transitions land in the next 18 months. Both will move scores against the same physical site without anyone changing a procedure.

SQF Edition 9 to Edition 10 — mandatory January 2027

Edition 10 increases Core Clause penalty weights. A site running at 88 under Edition 9 may score 80 or below under Edition 10 with the same findings. Sites in the August 2026 through January 2027 window should be running their internal audits against Edition 10 scoring, not Edition 9. The transition advisor inside the readiness module shows the side-by-side: your score under Edition 9 rules and your score under Edition 10 rules, with the deltas attributed to specific clauses so you know what to address before the audit slot.

FSSC 22000 V6 to V7 — initial certification audits required from May 2027

V6 stays operational through April 2027. Sites currently certified on V6 upgrade during their next scheduled surveillance or recertification audit during the 12-month transition window. V7's Layer 3 expanded requirements (food fraud, food defense, allergen management, environmental monitoring, labelling, services and utilities) need documentation and evidence in place before the upgrade audit. The Stage 1 documentation review will catch V6-era language that hasn't been updated.

If you are heading into your first certification audit between October 2026 and April 2027, the version you're being scored against is the question to answer first. A consultant or a tool that scores you on the previous edition is giving you a number that the certification body will not match.

12Pricing

What's included and what costs what.

  1. 01

    Free — the Audit-Readiness Quiz

    50 questions, scheme selector, category-by-category readiness score, emailed personalized gap report. No credit card. The quiz is the right starting point for any operator who isn't sure which scheme is right or where their facility actually sits.

  2. 02

    14-day free trial — the full module

    Full clause-level scoring, dry-run mock audit, document binder generation, real-time gap dashboard, point-impact ranking. Onboarding imports an existing HACCP plan or PCP and auto-tags clauses against the chosen scheme. No credit card to start the trial.

  3. 03

    Paid tiers — Solo, Growth, and Multi-Site

    Solo is a single-facility plan for the QA manager or owner-operator. Growth adds team seats and the full mock-audit cadence. Multi-Site adds the cross-facility rollup and brand-standard SOP push. Current pricing is on the pricing page.

  4. 04

    20-minute scheme-selection call

    For operators who are not sure which scheme applies — typically Canadian operators weighing SFCR-only versus adding SQF, or US co-packers being told by a retailer they need GFSI. The call is free; it doesn't try to sell you the platform.

13Where this fits

Where this sits next to the rest of the audit-prep work.

The audit-readiness module is one part of the broader audit-prep stack. Three related places to read next, depending on where you are in the cycle:

  • For the universal inspection playbook — what an inspector actually looks for, the five-minute daily walkthrough, the seven most-common failures — read how to pass a food safety inspection. Read this if you have an inspection or audit on the calendar in the next 90 days.
  • For the foundational plan that everything else depends on — the HACCP plan, Food Safety Plan, or PCP — the HACCP pillar is where the plan content sits. The audit-readiness module imports the plan from this side of the product.
  • For Canadian operators specifically — SFCR PCP requirements, Part 4 preventive controls, Part 5 traceability, and SFCR §86 records retention — the SFCR Compliance product page (sibling on /product/) covers the regulatory side without the GFSI scheme overlay.

14Start

How to actually use this.

Three sequenced steps for an operator who has an audit in the next six months:

  1. 01

    Take the quiz

    Eight minutes, scheme selector at the start, category-by-category score at the end. You'll know which of Plan, Records, Operations, or Training is the weakest leg in your current state. The gap report PDF is the artifact to bring into your next QA standup.

  2. 02

    Start the 14-day trial

    Import the existing HACCP plan or PCP. The platform auto-tags clauses against the chosen scheme. Run a T-90 mock audit at the start of the trial. Compare its findings to whatever internal audit you have on the books. Where they disagree is usually where the trial earns its keep.

  3. 03

    Use the dashboard for the morning standup

    Open the dashboard at the start of the QA shift. Look at the headline score, the category breakdown, and the top three point-impact gaps. Assign each one to a person with a date. Close the loop the next morning. That cadence — daily, ten minutes, one screen — is the operator habit that moves the audit-day score more than any single feature in the product.

Score your readiness in 8 minutes

Take the free Audit-Readiness Quiz — scheme-specific, no credit card

The free quiz scores your facility against SQF Edition 10, BRCGS Issue 9, FSSC 22000 V7, CFIA SFCR, or 21 CFR Part 117 — your choice. Personalized gap report on score reveal. From the quiz, the 14-day trial is one click, and brings the full clause-level scoring, mock audit, binder export, and point-impact dashboard.

Email required for the gap report PDF. No credit card for the quiz or the trial. The platform never resells email addresses.

Footnotes

1.SQFI — Which Code Edition Should I Use — sqfi.com

2.Eurofins — Scoring Changes in SQF Edition 10 — eurofinsus.com

3.Registrar Corp — SQF Non-Conformances and Edition 10 — registrarcorp.com

4.BRCGS — Position Statement on Unannounced Audits v3 — brcgs.com

5.FSSC 22000 V7 Upgrade Process (May 2026) — fssc.com

6.CFIA — Operational procedure: Food preventive control inspection (Implementation Verification) — inspection.canada.ca

7.CFIA — Guide for preparing a PCP for domestic food businesses — inspection.canada.ca

8.SFCR — Safe Food for Canadians Regulations (SOR/2018-108), Part 4 (Preventive Controls) — laws-lois.justice.gc.ca

9.21 CFR Part 117 — Preventive Controls for Human Food (including §117.150 Corrective Actions) — ecfr.gov

10.FDA Investigations Operations Manual (IOM) — fda.gov

11.FDA Form 482 (Notice of Inspection) and FDA Form 483 (Inspectional Observations) — fda.gov

12.FSNS — Top 10 Reasons for an SQF Audit Non-Conformity (2025) — fsns.com

13.FSNS — Top 10 Reasons for a BRC Audit Non-Conformity (2025) — fsns.com

14.Meritech — Applying GFSI Food Safety Culture Requirements — meritech.com

Andrew Langevin·CFIA-licensed facility, Brantford ON· Published 2026-06-04· 11 min read· Wikidata Q139112497