Food safety audit checklists by scheme.

01Pick your audit

Start with the scheme on your calendar.

If you're here, you probably have an audit date on the calendar. SQF (Safe Quality Food) recertification in six weeks. BRCGS (Brand Reputation Compliance Global Standards) Issue 9 surveillance next quarter. FDA shows up whenever they show up. CFIA the same. The checklists below are organized by scheme so you can grab the right one in ten seconds and walk it room by room before the auditor arrives.

The trap most operators fall into is using a generic “GMP audit checklist” for a scheme-specific audit. A generic Good Manufacturing Practices list will not pass an SQF Edition 10 recertification because it won't flag the new Core Clauses that carry double scoring weight. It won't pass a BRCGS Issue 9 audit because it won't isolate the 8 Fundamentals where a single major non-conformity blocks certification. The checklist has to match the scheme. The schemes have to match the live edition.

“

The checklist doesn't fail audits. Stale checklists fail audits.

”

What a third-party auditor told me after my second internal audit

Three branches cover most of what shows up at the door: GFSI-benchmarked certification audits (SQF, BRCGS, FSSC, IFS), regulatory inspections (FDA, USDA-FSIS, CFIA, state and provincial health), and buyer audits (Costco, Walmart, Kroger, Whole Foods). Most facilities deal with at least two — a GFSI certification plus a regulatory inspection — and many supplying retail deal with all three. Pick yours below.

02GFSI certification

SQF, BRCGS, FSSC, IFS — the four schemes most buyers ask for.

Global Food Safety Initiative (GFSI) is the meta-benchmark. SQF, BRCGS, FSSC 22000, and IFS Food are the four schemes that are benchmarked by GFSI and that most retail and foodservice buyers will accept. Operators sometimes confuse the schemes with each other and with GFSI itself. They are different. Your buyer mandates one. You certify to that one.

1. 01

   SQF Edition 10 internal audit checklist

   SQF Edition 10 was released in March 2026 with audits beginning no earlier than January 2027. The big change versus Edition 9: Core Clauses. A subset of clauses now carry weighted scoring — a minor non-conformity against a Core Clause is worth 2 points instead of 1, a major is worth 7 instead of 5. The checklist has to visually flag Core Clauses so you know which findings hurt more. It also has to address the Fundamentals (carried from Edition 9 — a major against any Fundamental fails the audit regardless of overall score) and select the right industry-specific GMP module (Module 11 for food manufacturing, Module 12 for distribution).

   Released March 2026

2. 02

   BRCGS Issue 9 audit checklist

   The BRCGS Global Standard for Food Safety Issue 9 organizes its requirements around 8 Fundamentals — senior management commitment, the food safety plan, internal audits, supplier management of raw materials, corrective and preventive actions, traceability, layout and product flow, and housekeeping. A major non-conformity on any one of those eight blocks certification. The checklist has to devote a dedicated section to each Fundamental, not bury them in a clause list. Grading runs AA / A / B / C / D with a + suffix for the unannounced-audit track; certificate validity is 12 months for AA / A / B and 6 months for C / D.

   In force since Feb 2023

3. 03

   FSSC 22000 V6 audit checklist (with V7 transition note)

   FSSC 22000 V6 has been operational since April 2024. V7 publishes early May 2026, with V6 audits permitted until April 30, 2027 and V7 upgrade audits starting May 1, 2027. The V6 checklist has to address three layers: ISO 22000:2018 (the management system standard), the sector-specific Pre-Requisite Programs (PRPs — ISO/TS 22002-1 for food manufacturing, 22002-2 for catering, and so on), and the 14 FSSC Additional Requirements (food defense, food fraud mitigation, allergen management, environmental monitoring, and the rest). V7 revises and expands these, so the checklist needs a version footer that tells you which one you're holding.

   V6 current; V7 cutover 2027

4. 04

   IFS Food v8 audit checklist

   IFS Food v8 is the scheme European retailers (Aldi, Lidl, Carrefour, Rewe, Edeka) mandate. North American operators see it when they supply European buyers. The structural feature you need on the checklist: the 10 KO (Knockout) Requirements. A KO scored D is an automatic audit failure. A KO scored C deducts 50% of the available points. The 10 KOs cover governance, CCP monitoring, personal hygiene, customer agreement, raw material specifications, foreign material risk, traceability, internal audits, recall procedures, and corrective actions.

   Released 2023

5. 05

   ISO 22000:2018 standalone

   Some operators certify to ISO 22000 alone, without the FSSC add-ons. The checklist mirrors the ISO clause structure — Clause 4 (Context), Clause 5 (Leadership), Clause 6 (Planning), Clause 7 (Support), Clause 8 (Operation — which is where HACCP, the operational PRPs, traceability, and recall live), Clause 9 (Performance Evaluation), Clause 10 (Improvement). North American buyer demand for ISO 22000 standalone is lower than for FSSC, but the checklist is useful for facilities building toward FSSC certification.

   Management system standard

The deep leaf pages — SQF Edition 10 internal audit checklist, BRCGS Issue 9 checklist, FSSC 22000 V6 checklist, and IFS Food v8 checklist — carry the full clause-by-clause row sets with scoring math built in. For the concept behind each scheme, the SQF certification overview, BRCGS overview, FSSC 22000 overview, and GFSI overview on the learn side carry the context.

03Regulatory inspection

FDA, USDA-FSIS, CFIA, state and provincial health.

GFSI certification is voluntary. Regulatory inspection is not. FDA, USDA-FSIS (United States Department of Agriculture — Food Safety and Inspection Service), CFIA (Canadian Food Inspection Agency), and state or provincial health departments show up whether you want them to or not. The checklists below are the readiness lists you walk before the inspector arrives.

1. 01

   FDA FSMA inspection readiness checklist

   FDA does not publish a public “you will be audited against this” checklist the way the GFSI schemes do. Inspectors work from internal Compliance Program Guidance Manuals. The readiness checklist therefore has to be back-engineered from three sources: 21 CFR Part 117 itself (Subpart B for CGMP, Subpart C for hazard analysis and preventive controls, Subpart F for records), FDA Form 483 observation patterns (the annual top-cited sections — §117.135 preventive controls implementation, §117.130 hazard analysis, §117.150 corrective actions, §117.165 verification activities), and the Food Safety Plan elements under §117.126. The leaf page lays out four sections: Food Safety Plan documentation signed by the Preventive Controls Qualified Individual (PCQI), CGMP physical conditions, two years of records, and recent corrective actions.

   21 CFR Part 117

2. 02

   USDA-FSIS HACCP verification checklist

   Federally-inspected meat, poultry, and egg plants are different. An FSIS inspector is physically present every operational day — there is no “audit” in the GFSI sense. The verification checklist instead covers HACCP plan adequacy under 9 CFR §417.2 (hazard analysis), §417.3 (corrective actions), §417.4 (validation), and §417.5 (records); Sanitation Standard Operating Procedures (SSOPs) under 9 CFR Part 416; pathogen testing programs (Salmonella, E. coli, Listeria depending on product class); and FSIS Directive compliance per product class.

   9 CFR Part 417

3. 03

   CFIA SFCR inspection checklist

   The Canadian Food Inspection Agency inspects against the Safe Food for Canadians Regulations (SFCR) using the System Verification Procedure. The checklist mirrors that structure: Preventive Control Plan written and signed under SFCR §86, hazard analysis under §47, control measures with documented effectiveness, traceability under §89 (one step back, one step forward, retained), records under §87 (minimum 2 years for most), process controls per Table 2 where required, employee training records, complaint and recall response systems. Every row on the leaf checklist cites the SFCR section it's tied to so you can hand the inspector a defensible answer.

   SOR/2018-108

4. 04

   Restaurant / health department inspection checklist

   State and local health departments enforce the FDA Food Code (most US states have adopted the 2022 edition with local amendments). The checklist pivots on the five foodborne illness risk factors: improper holding temperatures, inadequate cooking, contaminated equipment, poor personal hygiene, and food from unsafe sources. It tracks Priority, Priority Foundation, and Core violations as the Food Code grades them. It checks Person-in-Charge (PIC) certification and presence, date marking (TCS foods, 7-day rule), and cooling parameters (135°F to 70°F within 2 hours, then 70°F to 41°F within an additional 4 hours per §3-501.14).

   FDA Food Code 2022

5. 05

   Food truck / mobile food unit inspection checklist

   Mobile food units operate under the FDA Food Code plus local mobile-vendor rules (commissary requirement, water tank capacity, gray-water disposal, generator placement). The leaf checklist adds rows for the commissary contract, the potable water source and capacity, the wastewater capacity, the propane and electrical inspection certificates, and the route or location permits that vary by municipality.

   FDA Food Code + local

The deep leaves carry the full row sets: FDA inspection readiness, USDA-FSIS HACCP verification, CFIA SFCR inspection, restaurant inspection, food truck inspection, and food trailer inspection. For deeper background on the regulatory framework, FDA inspection readiness on the learn side and CFIA inspection prep carry the long-form context.

04Buyer audits

Costco, Walmart, Kroger, Whole Foods.

Buyer audits sit on top of the GFSI audit. A retailer who already requires SQF certification may also send their own auditor with their own addendum. You get one audit day that has to satisfy both. The checklist for that day is the GFSI base plus the buyer addendum.

1. 01

   Costco Food Safety and Quality Audit v3.0

   Costco's audit expectations updated to v3.0 in September 2025. Five things the v3.0 checklist captures that the v2.0 didn't: the metal detection requirement softened (x-ray is no longer mandatory, but the checklist row needs to confirm detection method AND calibration / challenge testing), audits are unannounced (the internal-audit checklist needs to assume zero notice), the Corrective Action Plan window dropped from 90 to 60 days (with 14 calendar days for a CAP submission when scoring below 98%), multi-site exceptions allow one audit to cover multiple sites under specific conditions, and the Environmental Monitoring Program (EMP) requires Listeria and Salmonella swabbing cadences beyond GFSI base. The Costco addendum overlays your existing SQF, BRCGS, or FSSC checklist — you walk one combined list, not two.

   Effective Sept 1, 2025

2. 02

   Walmart supplier audit checklist

   Walmart requires GFSI-recognized certification (SQF, BRCGS, FSSC, IFS, or Global G.A.P. for produce) for all food and pet food suppliers. Local, state, or federal inspections do not substitute. As of August 1, 2025, Walmart added Advanced Shipment Notification (ASN) and Food Traceability List (FTL) compliance rows — the checklist needs to verify your traceability system can produce one-step-back / one-step-forward records on the FTL-covered SKUs within 24 hours.

   GFSI base + ASN / FTL

3. 03

   Kroger Our Brands audit checklist

   Kroger requires GFSI benchmarked certification for private-label (Our Brands) manufacturers. Non-private-label vendors require a Kroger facility audit before onboarding. The Kroger addendum focuses on private-label specification compliance, recall responsiveness, and the supplier scorecard metrics that drive the Kroger relationship.

   GFSI required for private-label

4. 04

   Whole Foods Quality Standards audit checklist

   Whole Foods requires GFSI for high-risk categories and adds the Whole Foods Quality Standards Program — specific addenda on banned ingredients (the “unacceptable” list updates regularly), animal welfare for relevant categories, and seafood sourcing for the seafood department.

   GFSI for high-risk + Quality Standards

5. 05

   Sysco / US Foods supplier audits

   Foodservice distributors layer their own supplier code of conduct and product-specific addenda on top of the GFSI base. The checklist tracks distributor-specific traceability requirements, recall responsiveness commitments, and the product-category addenda (ready-to-eat, raw protein, produce).

   GFSI + supplier code of conduct

05By audit phase

Pre-audit, day-of, post-audit.

Every checklist family above can be cut by audit phase. The same SQF checklist looks different in week six (full clause-by-clause review during pre-audit prep), morning of audit day (compressed walkthrough), and the week after (corrective action plans for the findings). Three different uses, three different forms.

1. 01

   Pre-audit readiness checklist

   Walked weeks before audit day. The full clause-by-clause review. This is the 50-to-200 row checklist. Used for self-audit and gap analysis. Most search volume points here because this is when QA managers feel the most pain — they have a date on the calendar and a stack of clauses to walk through. Run it 6-8 weeks out, fix what you find, run it again 2 weeks out.

2. 02

   Day-of audit walkthrough

   The compressed checklist the QA manager uses morning-of: documents present and pulled into the binder, records up to date through yesterday, facility walk completed, sign-in process for the auditor, opening-meeting agenda printed, escort assignments made (who walks the auditor through which area). Lower row count — 20 to 40 — but higher stakes per row.

3. 03

   Post-audit corrective action plan

   Triggered by findings. Each finding gets a corrective action plan with: root cause analysis (5 Whys or similar), immediate correction (what you did right now), systemic action (what you're changing so it doesn't happen again), verification (how you'll confirm the fix works), completion date, responsible person, and evidence link. Schemes prescribe specific CAP formats and timelines — Costco is 14 days for sub-98% scores, BRCGS minor is 28 days, BRCGS major is immediate, SQF major is 30 days, an FDA Form 483 response is requested within 15 working days.

The corrective action plan template lives at /templates/records/corrective-action and the internal audit report template at /templates/records/internal-audit-report. For post-failure context — what a Form 483 actually looks like and how to respond — see FDA Form 483 common observations and audit failure recovery.

06What changed

What's actually changed in the current editions.

The reason most online “free audit checklists” quietly fail their users is that schemes update and checklists don't. SQF moved to Edition 10. FSSC is moving to V7. BRCGS Issue 9 reweighted some clauses when it dropped in 2023. IFS Food v8 changed KO scoring rules. A checklist built against the prior edition will miss things the auditor will not miss.

1. 01

   SQF Edition 10 vs Edition 9

   Core Clauses are new. A minor against a Core Clause scores 2 points instead of 1; a major scores 7 instead of 5. The Food Safety Culture clause from Edition 9 is reinforced — Edition 10 requires documented evidence (employee surveys, training records, behavior observations) on a more specific cadence. Fundamentals carry over. Scoring bands carry over (Excellent 95-100%, Good 86-94%, Complies 70-85%, Fails below 70% or any major on a Fundamental). Audits against Edition 10 begin no earlier than January 2027 with the transition window running through 2027.

2. 02

   BRCGS Issue 9 highlights

   Issue 9 has been in force since February 2023. The 8 Fundamentals are unchanged in number but the clause numbers reorganized. Food safety culture (clause 1.1.2) requires a documented plan with measurable objectives — not just “we have a culture” but specific objectives, owner, and review cadence. The audit-time split is mandated — typically 50% on-site observation, 50% document review. Issue 10 has not been publicly confirmed as of mid-2026; treat Issue 9 as current.

3. 03

   FSSC V6 to V7 transition

   V6 has been operational since April 2024. V7 publishes early May 2026. V6 audits are permitted through April 30, 2027. V7 upgrade audits begin May 1, 2027. The V7 changes expand and revise the 14 Additional Requirements — the leaf page tracks the final list once the V7 documents are confirmed. If your audit is before April 2027, walk V6. If after, walk V7. Don't mix.

4. 04

   IFS Food v8 scoring update

   Released in 2023. The major structural change versus v7: KO clauses cannot score B in v8 (only A, C, or D). A KO scored D is automatic fail; a KO scored C deducts 50% of available points. Certification still possible with a C-scored KO if your final percentage is at least 75% (Foundation level) or 95% (Higher Level).

07Supporting logs

The logs the auditor will ask to see.

Every audit checklist above is the parent document. The actual records the auditor flips through are the operational logs underneath — temperature logs, cleaning logs, cooking logs, calibration records. A passing audit needs both: the parent checklist filled in, and the supporting logs signed and current. The logs below are the ones most commonly pulled at audit.

The full temperature log hub and cleaning log hub cover every log variant, threshold, and citation. For the parent plans the logs feed into, see food safety plan template and recall plan template — both regularly audit-tested.

08Format

PDF, Excel, Google Sheets — which to use when.

A checklist is a document until you fill it in, and the format determines who can fill it in and how. Four options, four reasonable use cases.

1. 01

   Static PDF

   Print, clipboard, file with the paper records. Best for day-of audit walkthrough where you need a physical document in the binder. Weakness: no automatic scoring math, manual tally.

2. 02

   Fillable PDF

   Type into form fields, auto-fill metadata, signature blocks. Best for internal audit reports submitted to the certification body. Weakness: still no formula scoring.

3. 03

   Microsoft Excel

   Formula scoring (auto-calculate the SQF Edition 10 weighted score, auto-flag BRCGS Fundamentals, auto-detect IFS KO trigger), conditional formatting for findings, pivot tables for trend analysis across audits. Best for pre-audit readiness with scoring. Weakness: version sprawl, file corruption risk.

4. 04

   Google Sheets

   Multi-user concurrent editing, share read-only with the auditor, full revision history. Best for distributed internal-audit teams or multi-site operations. Weakness: internet dependency on audit day, occasionally an awkward conversation about which auditor account gets access.

09Andrew's facility

How I walk these in my own facility.

My first CFIA inspection at the Brantford facility went exactly the way every operator's first inspection goes. The inspector arrived, asked for the Preventive Control Plan, and opened my binder. She flipped to the temperature log section, picked a random date from two weeks earlier, and counted back fourteen days looking for blanks. Then she did the same with the cleaning log. Then with the receiving log. The inspection didn't feel like an audit of my food — it felt like an audit of whether I'd been writing things down.

I'd cobbled together my pre-inspection checklist from three different downloads I'd found online. None of them mapped to SFCR §47, §86, §87, or §89 by section number. The inspector did. The week after that inspection, I rebuilt my checklist from the SFCR text itself, with the section number printed beside every row. That's the version that lives at /templates/audit-checklist/cfia-inspection now.

The lesson I took: the auditor doesn't care which checklist you used. The auditor cares whether the records exist, whether they're signed, whether they're cited to the regulation, and whether someone other than the recorder reviewed them periodically. A defensible checklist is one that produces defensible records.

“

The free checklist on this page is the one I'd walk in my own facility tomorrow.

”

Andrew Langevin, Nature Lion Inc., Brantford ON

10FAQ

Questions operators ask about audit checklists.

1. 01

   Are these checklists current to the live scheme edition?

   Yes. Every leaf carries a version footer (“Updated 2026-06-04 for SQF Edition 10” or equivalent). When a scheme publishes a new edition, the matching checklist updates within 60 days.

2. 02

   Is the SQF Edition 10 checklist usable for Edition 9 audits?

   For self-audit purposes, yes — most clauses are identical between editions. For Edition 9 third-party audit preparation, use the Edition 9 variant in the archive on the leaf page. Don't walk Edition 10 against an Edition 9 audit; the scoring weights differ.

3. 03

   Do you have Canadian / CFIA checklists?

   Yes. The CFIA inspection checklist maps every row to an SFCR section number. Most online libraries don't have this — they assume US jurisdiction. The CFIA leaf is one of the reasons this hub exists.

4. 04

   Will an auditor accept these checklists?

   Auditors don't prescribe which checklist you use for internal audits — they verify whether you ran an internal audit at all (a clause in every GFSI scheme) and whether your findings produced corrective actions. Any defensible internal-audit checklist that maps to the scheme's clauses is acceptable. These do.

5. 05

   What about the Costco addendum on top of my GFSI audit?

   The Costco checklist is layered. Walk your SQF / BRCGS / FSSC base, then walk the Costco rows. The leaf page has a combined version that interleaves them in walking order so you don't do the same physical loop twice.

6. 06

   How often do you update for new scheme editions?

   Within 60 days of scheme publication. When FSSC V7 publishes, the V7 checklist ships within 60 days with V6 archived on the same page for the transition window. Same pattern for SQF, BRCGS, and IFS.

7. 07

   What if my buyer requires a checklist I don't see here?

   Reply to the download email and tell me which scheme or which buyer. The library expands based on requests — Walmart, Kroger, and Whole Foods leaves are scheduled before the end of the year.

11Where to start

Pick your first checklist this week.

If your audit is more than 30 days out, start with the pre-audit readiness leaf for your scheme — SQF, BRCGS, FSSC, or IFS — and walk it room by room. Don't score it. Just mark every row green, yellow, or red. Fix everything red first, then everything yellow. Re-walk it two weeks out and again the day before.

If your audit is inside 30 days, start with the day-of walkthrough checklist and the supporting logs above. The point at that range isn't to find new gaps — it's to confirm that what should be in the binder actually is. Pull the temperature log, the cleaning log, the cooking log, the calibration log, and the supplier records, and confirm each one has 14 consecutive signed days through yesterday.

If you've already had your audit and you're sitting on findings, go straight to the corrective action template and the audit failure recovery guide. Schemes give you a window — use it. The fastest way to fail the next audit is to under-document the response to the last one.

Footnotes

1.21 CFR Part 117 (FSMA Preventive Controls for Human Food) — ecfr.gov

2.9 CFR Part 417 (USDA-FSIS HACCP) — ecfr.gov

3.SOR/2018-108 Safe Food for Canadians Regulations — laws-lois.justice.gc.ca

4.CFIA — Food preventive control and traceability inspection (system verification) — inspection.canada.ca

5.FDA Food Code 2022 — fda.gov

6.FDA Inspection Observations annual data — fda.gov

7.SQFI — Which Code Edition Should I Use — sqfi.com

8.BRCGS Global Standard Food Safety Issue 9 — brcgs.com

9.FSSC 22000 V7 Documents — fssc.com

10.IFS Food v8 Audit Checklist Guideline — ifs-certification.com

11.Costco Food Safety & Quality Audit Expectations v3.0 — azzule.com

Andrew Langevin·CFIA-licensed facility, Brantford ON· Published 2026-06-04· 13 min read· Wikidata Q139112497