BRCGS Audit Non-Conformities: The Data Behind Why Businesses Fail

What failing a BRCGS audit actually costs

Before getting into the clause-level data, it is worth being precise about what a poor audit outcome costs a food business, because "failing" means different things depending on severity.

Re-audit costs sit between £1,500 and £4,000 typically for a certification body return visit, depending on site size and scope. That figure does not include the management time to prepare the CAPA evidence pack, which in a complex site can easily run to 30–40 hours of QA resource. For multi-site businesses, multiply accordingly.

Grade downgrades carry commercial consequences that dwarf the direct costs. Many retail and foodservice buyers specify a minimum grade — typically Grade B or above. A downgrade from A to C, or from B to D, can trigger a contractual review clause with a major customer. Some procurement frameworks include automatic delisting triggers for anything below a threshold grade. The revenue exposure from a single delisted SKU range can be significant.

Production halts are less common but not rare. When a critical non-conformity relates to a CCP (critical control point) — contamination risk, allergen segregation failure, temperature control failure — a business may elect, or be required, to halt affected production lines until corrective evidence is in place. The cost here is measurable in lost throughput, not just fees.

Insurance and regulatory exposure rounds out the picture. A documented BRCGS non-conformity, particularly one involving temperature control or hygiene, creates a paper trail that could be relevant in the event of a product recall, enforcement action, or liability claim.

The point is not to alarm — most businesses pass their audits. The point is that the cost of a preventable NC is always higher than the cost of preventing it.

The headline numbers: 185,000 non-conformities a year

The BRCGS 2024–25 Annual Report documents approximately 185,000 non-conformities issued annually across audited sites globally. The average is 4.86 NCs per audit. Put another way, almost no site achieves a zero-finding audit — and that is not the goal. The goal is to ensure all findings are minor, well-documented, and closed within the required timeframe.

What those 185,000 findings reveal, in aggregate, is a pattern. Non-conformities are not randomly distributed across the standard's clauses. They cluster. Certain clauses generate findings year after year, across site types, geographies, and business sizes. Understanding where those clusters are is the first step in an evidence-based audit preparation programme.

The distribution breaks down as follows: 59% of all non-conformities relate to Section 4 (site standards and physical environment). The remaining 41% spread across Sections 1–3 (senior management commitment, food safety plan, food safety and quality management system) and Sections 5–9.

That 59% figure is the single most important number in this report for most QA managers. More than half of all findings that generate CAPA obligations, re-audit risk, and grade pressure come from one section of the standard. Before auditing anything else, audit Section 4.

Section 4: Why site standards generate 59% of all findings

Section 4 of the BRCGS Global Standard for Food Safety covers the physical and operational environment of the site. It includes building fabric, equipment, cleaning, pest control, waste management, and a range of hygiene and housekeeping requirements that apply across the production environment.

The concentration of findings here is not accidental. Section 4 is where the gap between documented procedures and operational reality is most visible. A cleaning schedule may be written correctly. The chemistry may be right. But the frequency of execution, the competence of operatives, the physical state of infrastructure — these are what an auditor sees when they walk the floor.

With 4,715 findings, Clause 4.11.1 (cleanliness and hygiene) is the single most-cited non-conformity in the BRCGS dataset. What auditors find in practice: residues on equipment surfaces, inaccessible areas not included in cleaning schedules, cleaning verification records that show activity happened but not the standard achieved, and hygiene monitoring data that exists in paper form and has not been reviewed or trended.

Chemical storage, labelling, and handling (Clause 4.9.1.1) generates 3,284 findings per year. Findings here tend to be procedural failures: an unlabelled container, a chemical stored in a food area without authorisation, a dilution ratio that does not match the approved specification. These are maintenance failures — the ongoing discipline required to keep physical compliance in alignment with documented procedure.

3,007 findings against Clause 4.4.8 (doors and door seals) illustrates how granular BRCGS auditors are in their inspection of physical infrastructure. Damaged seals, propped-open fire doors, inadequate cold store door seals, and missing brush strips are all findings under this clause.

The hidden pattern: document control and record control in the top 10

Most QA managers expect Section 4 to dominate. The finding that surprises is the appearance of Clause 3.7.1 (document control) and Clause 3.3.1 (record control) in the top 10 non-conformities. These are not physical environment clauses. They sit in Section 3, the quality management system section. Their presence in the top 10 most common findings — year after year — points to a structural problem in how food businesses manage and evidence compliance.

Clause 3.7.1 requires that all documents used in the food safety management system are controlled, current, and accessible. Common findings include: procedures that refer to superseded forms, documents without version control or review dates, work instructions that have been updated on the floor but not in the controlled system, and SOPs that do not reflect current operating conditions.

Clause 3.3.1 requires that records demonstrating compliance with the standard are maintained, legible, protected from damage or deterioration, and retained for the required period. Common findings include: incomplete records, records that are illegible or corrected in ways that obscure the original entry, records not retained for the required duration, and records that exist in principle but cannot be produced on demand during the audit.

What connects these two clauses is not complexity. The requirements are not ambiguous. What connects them is the operational reality of paper-based record management in a production environment.

Why paper-based records fail under BRCGS scrutiny

The BRCGS standard does not prohibit paper records. Many certified sites use paper as their primary documentation medium. But paper creates structural vulnerabilities that manifest reliably as Clause 3.3.1 and 3.7.1 findings.

A paper temperature log completed in a cold store, by a team member wearing gloves, at 2am, on a clipboard that has been dropped several times, is a document that is unlikely to meet the legibility standard an auditor applies. Entries may be missing. Time gaps may be unexplained. Values may be entered retrospectively and inconsistently.

Paper forms are printed, distributed, and used. When a procedure changes, the new form version needs to reach every point of use. In practice, old forms remain in circulation. Auditors find records that do not match the current controlled procedure version — a Clause 3.7.1 finding.

BRCGS auditors ask for records during the audit. In a paper-based system, retrieval depends on physical filing — records being in the correct folder, in the correct location, correctly labelled. Retrieval failures are common and are findings under Clause 3.3.1.

The standard requires not just that records exist but that they are reviewed and that non-conformities in data trigger CAPA responses. Paper records make trend analysis difficult. If temperature excursions are recorded on paper but never aggregated, the BRCGS auditor may find evidence of repeated excursions with no corresponding CAPA record — a compound finding across multiple clauses.

Paper records can be altered. Auditors are trained to look for post-hoc corrections, date discrepancies, and other indicators of record integrity failure. When records show signs of retrospective editing, the finding moves from administrative to serious.

Continuous monitoring as the fix for record-control NCs

The structural answer to Clause 3.3.1 and 3.7.1 findings — and to many of the operational findings in Section 4 that relate to temperature and environmental control — is automated, continuous monitoring with a tamper-evident digital audit trail.

Clause 3.3.1 requires that records are legible, complete, protected, and retrievable. An automated monitoring system — sensors logging temperature, humidity, or other parameters at defined intervals, with data stored in a cloud-based system — produces records that are inherently legible, cannot be incomplete within the monitoring interval, are protected against physical deterioration, and are retrievable on demand through a searchable interface.

Clause 3.7.1 requires that records reflect current, controlled procedures. An automated system where monitoring parameters, alert thresholds, and record formats are configured centrally and applied uniformly eliminates version drift. There is no paper form to become outdated, no distribution chain for revisions, and no risk of an out-of-date format being used on the floor.

The audit evidence benefit is significant. When an auditor asks for temperature records for a cold storage unit for the previous 90 days, an automated system can produce that data in seconds — graphed, exportable, timestamped, with any excursions flagged and any CAPA responses logged against them. This is precisely what BRCGS auditors are looking for: not just that data was recorded, but that it was reviewed, that deviations were investigated, and that the system demonstrates ongoing control rather than retrospective compliance.

For sites that handle temperature-sensitive products, this connects directly to your temperature monitoring requirements under UK food safety law — the BRCGS requirement and the legal requirement are addressed by the same evidence.

How automated temperature evidence maps to specific BRCGS clauses

It is worth being precise about the clause-level benefits of automated monitoring, because the argument for investment needs to be specific to pass internal scrutiny.

Clause 4.11.1 (cleanliness and hygiene — 4,715 findings): Automated environmental monitoring does not directly clean a facility, but it does provide continuous evidence of environmental conditions. ATP testing results, air quality data, and temperature records that demonstrate consistent controlled conditions support the hygiene programme evidence pack.

Clause 3.3.1 (record control): Automated systems produce records that meet every requirement of this clause by design — legible, complete, protected, retrievable.

Clause 3.7.1 (document control): Centrally managed monitoring systems eliminate the version control problem for records. Parameter changes are applied system-wide with a logged timestamp.

Section 4.4 (equipment and structure — including 4.4.8 doors): Cold store door monitoring — detecting doors held open beyond defined thresholds — generates direct evidence of controlled access. Repeated door-open alerts that are investigated and resolved demonstrate the kind of ongoing management BRCGS auditors want to see.

Section 5.5 (temperature control for storage and processing): This is the most direct mapping. BRCGS Section 5.5 requires that temperature-controlled environments are monitored, that monitoring records are maintained, and that excursions trigger defined responses. Automated monitoring with alerting and CAPA logging is the most complete response to this section available.

If your HACCP plan identifies a temperature CCP — and most food businesses have at least one — continuous automated monitoring with an alert at the CCP critical limit, with a logged response record, produces the strongest possible evidence of CCP control. Manual monitoring at intervals, by contrast, creates evidence gaps between checks.

For businesses preparing for EHO visits alongside BRCGS audits, the same automated evidence base addresses inspection requirements — see our guide to EHO inspection preparation for the overlap.

Practical checklist: 5 things to audit before the auditor arrives

BRCGS audit preparation is a continuous process, not a pre-audit scramble. But if you are working backwards from an audit date and need to prioritise, the NC data points to five areas that will deliver the most risk reduction per hour spent.

First: walk Section 4 with the clause list. Print the Section 4 clause list. Walk every part of your site and score each clause against what you actually see. The gap between procedure and reality is where 59% of your findings will come from. Pay specific attention to Clauses 4.11.1, 4.9.1.1, and 4.4.8.

Second: audit your record retrieval. Ask someone who was not involved in creating your records to retrieve a specific set of records on demand. Choose a date range, a piece of equipment, and a product. Time the retrieval. If it takes more than five minutes, or if any records cannot be found, you have a Clause 3.3.1 exposure.

Third: check document version currency. Pull the current version number from your document control register for your five most operationally critical procedures. Then go to where those procedures are used on the floor and check the version in use. If they do not match, you have a Clause 3.7.1 finding waiting.

Fourth: verify CAPA closure on previous findings. BRCGS auditors review the previous audit report and check whether findings were closed effectively. Effective closure requires a root cause analysis, a documented corrective action, evidence that the action was implemented, and evidence that it was effective.

Fifth: test your temperature evidence. For every temperature-controlled area on your site, confirm that you have continuous, auditable records for the previous 90 days at minimum. Check for gaps. For any gaps, confirm that you have a documented explanation rather than an unexplained absence. Cross-reference with your SFBB compliance documentation if you are operating in a retail or foodservice context alongside your BRCGS scope.

The business case for acting on this data

The 185,000 annual non-conformity figure is not a condemnation of the food industry. Most of those NCs are minor findings that are closed within the required timeframe with minimal business impact. But the distribution of where those findings concentrate — and the structural reasons they concentrate there — contains actionable information.

59% of findings in Section 4 means that physical site standards, maintained consistently and evidenced effectively, solve the majority of BRCGS audit risk. That is a practical, manageable scope.

The presence of Clause 3.3.1 and Clause 3.7.1 in the top 10 most common findings tells a more uncomfortable story. These are not findings about things being physically wrong on site. They are findings about the inability to demonstrate what is right. They are administrative failures — not failures of food safety, but failures of evidence — and they are directly addressable with the right systems.

The businesses that consistently achieve Grade A results are not, in most cases, doing fundamentally different things on the floor. They are doing the same things with more reliable evidence. They are monitoring continuously rather than intermittently. They are managing records in systems that are retrievable on demand. They are reviewing data and closing loops on deviations in ways that produce auditable records.

The gap between a Grade A site and a site with 6–8 NCs is often not a gap in food safety practice. It is a gap in the evidence infrastructure that supports that practice.