21 CFR § 117.180 - Requirements applicable to a preventive controls qualified individual and a qualified auditor.

§ 117.180 Requirements applicable to a preventive controls qualified individual and a qualified auditor.

(a) One or more preventive controls qualified individuals must do or oversee the following:

(1) Preparation of the food safety plan (§ 117.126(a)(2));

(2) Validation of the preventive controls (§ 117.160(b)(1));

(3) Written justification for validation to be performed in a timeframe that exceeds the first 90 calendar days of production of the applicable food;

(4) Determination that validation is not required (§ 117.160(c)(5));

(5) Review of records (§ 117.165(a)(4));

(6) Written justification for review of records of monitoring and corrective actions within a timeframe that exceeds 7 working days;

(7) Reanalysis of the food safety plan (§ 117.170(d)); and

(8) Determination that reanalysis can be completed, and additional preventive controls validated, as appropriate to the nature of the preventive control and its role in the facility's food safety system, in a timeframe that exceeds the first 90 calendar days of production of the applicable food.

(b) A qualified auditor must conduct an onsite audit (§ 117.435(a)).

(c)

(1) To be a preventive controls qualified individual, the individual must have successfully completed training in the development and application of risk-based preventive controls at least equivalent to that received under a standardized curriculum recognized as adequate by FDA or be otherwise qualified through job experience to develop and apply a food safety system. Job experience may qualify an individual to perform these functions if such experience has provided an individual with knowledge at least equivalent to that provided through the standardized curriculum. This individual may be, but is not required to be, an employee of the facility.

(2) To be a qualified auditor, a qualified individual must have technical expertise obtained through education, training, or experience (or a combination thereof) necessary to perform the auditing function.

(d) All applicable training in the development and application of risk-based preventive controls must be documented in records, including the date of the training, the type of training, and the person(s) trained.