Overnight Record Gap: Why Auditors Flag It (Case Teardown)

Why this matters to an EHO

EHOs and BRCGS assessors test the same underlying question: can you produce complete, timestamped, verifiable temperature records on demand? A site that passes its hygiene walk with flying colours but cannot produce the overnight temperature log for Tuesday 14 January sends a clear signal: the management system has gaps, and those gaps exist during the hours when nobody is watching. That is exactly the pattern that triggers an improvement notice from an EHO or a major NC from a BRCGS assessor.

The Cold Chain Federation's compliance guidance reinforces this: operators must demonstrate that temperature monitoring covers the full 24-hour cycle, including overnight and weekend periods when staffing is reduced. A missing log is not a minor administrative oversight: it is evidence that the HACCP monitoring procedure failed to detect a potential loss of control at a Critical Control Point, which is the definition of a system failure under both BRCGS Issue 9 and the Food Hygiene (England) Regulations 2013.

The scenario: a routine BRCGS recertification audit

The facility operated four temperature-controlled zones: a 2–4 °C high-care chiller, a 0–5 °C ambient cold store, a -22 °C blast freezer, and a 5–8 °C dispatch dock. Day shift staff recorded SC2 temperatures at 07:00 and 15:00. Night shift: a two-person crew running 22:00 to 06:00: was supposed to log readings at 23:00 and 03:00 on a paper form clipped to the chiller door. The facility had passed its previous three BRCGS audits with an AA grade.

During the recertification assessment, the auditor sampled temperature records for the previous 28 days. Twenty-seven days had four manual entries each. Day 14: a Tuesday night in mid-January: had only two: the 07:00 and 15:00 day-shift readings. The 23:00 and 03:00 night entries were blank. The paper form was on the clipboard, but the temperature fields were empty. The night shift supervisor had been redeployed to cover a stock-receiving backlog and nobody else completed the log.

The cascade: three non-conformities from one missing log

The first NC was straightforward. Clause 3.3.1 requires sites to 'maintain genuine records to demonstrate the effective control of product safety, legality and quality.' A blank overnight temperature log for a high-care chiller is a textbook record-control failure. The assessor wrote: 'Temperature monitoring records for Zone 1 (high-care chiller, 2–4 °C) were incomplete for the night shift of 14 January. No readings were recorded between 15:00 on 14 January and 07:00 on 15 January: a 16-hour gap in CCP monitoring.'

The second NC followed within minutes. Clause 2.11 requires root cause analysis and corrective action for non-conformities. The assessor asked: 'What corrective action was taken when the gap was identified?' The site QA manager had not identified the gap before the audit. No corrective action existed, no root cause analysis had been performed, and no preventive measure had been implemented to stop it recurring. The assessor noted: 'No evidence of corrective action or root cause analysis for the 16-hour monitoring gap identified under 3.3.1.'

The third NC targeted the internal audit programme. Clause 3.4 requires a scheduled programme of internal audits covering HACCP prerequisite programmes and record completeness. If the site's own internal audits had sampled overnight records in the 28 days before the assessment, they would have found the gap. The assessor asked to see the last three internal audit reports covering temperature monitoring. None of them had specifically sampled overnight records. The assessor wrote: 'Internal audit programme does not include sampling of overnight/out-of-hours temperature monitoring records, which contributed to the 3.3.1 finding remaining undetected.'

The fix: continuous automated monitoring eliminates the root cause

The root cause was not a lazy night shift worker: it was a system that depended on human memory to generate legally critical evidence. When the supervisor was redeployed, the system failed silently. No alert was generated, no escalation was triggered, and the gap was invisible until an external assessor sampled the records four weeks later.

Automated continuous monitoring eliminates this root cause entirely. A sensor firing every five minutes generates 288 readings per day per zone: including the 16 overnight hours that manual logs consistently miss. Shield tier captures those readings with hash-chained record IDs, UKAS-traceable calibration certificates, and tamper-evident storage. The readings exist independently of whether anyone is standing in front of the chiller. If the January night shift had been monitored by a sensor instead of a clipboard, the assessor would have seen 192 overnight readings instead of zero, and Clause 3.3.1 would never have been raised.

Command tier extends the fix into the corrective action and internal audit layers. AUTO-DETECTED SFBB diary entries flag every excursion and every gap without waiting for a human to notice. Excursion Reports auto-generate the five-step CAPA structure (Trigger → Impact → Corrective Action → Verification → Prevention) that Clause 2.11 requires. And the Management Confidence Statement surfaces open items to leadership daily, which means the internal audit programme under Clause 3.4 is supplemented by continuous governance: not dependent on a quarterly sampling exercise that may or may not include overnight records.

Tier the lesson: Shield prevents Clause 3.3.1, Command prevents the cascade

Shield (£29/month) eliminates the overnight record gap that generated the first NC. With 288 immutable readings per day, Clause 3.3.1 record completeness is a structural guarantee rather than a staffing gamble. The hash-chained architecture means every reading carries a deterministic record ID, calibration certificate reference, and timestamp that no manual process can match.

Command (£59/month) prevents the cascade into Clauses 2.11 and 3.4. AUTO-DETECTED diary entries surface gaps in real time, Excursion Reports auto-generate CAPA records with root cause analysis, and the Management Confidence Statement ensures leadership reviews overnight evidence before the next shift starts. The assessor who sampled Day 14 would have found 192 sensor readings, an automated diary acknowledgement, and a management sign-off: instead of a blank clipboard. At the 4.86-NC average, eliminating three findings from a single root cause drops the site comfortably below the global benchmark. Print the tier ladder on every pre-audit briefing with deployment dates, avoided NCs, and the record IDs that prove each control is live.