Section 21 Due Diligence: 6 Documents Courts Actually Accept

TLDR

• Section 21 of the Food Safety Act 1990 provides a complete defence if you prove you took all reasonable precautions and exercised all due diligence.

• Food safety offences are strict liability: the prosecution doesn't need to prove intent. Fines are unlimited in the magistrates' court.

• Courts want contemporaneous records, not after-the-fact explanations. Documents created during normal operations carry far more weight.

• The 7 key documents: continuous temperature logs, calibration certificates, HACCP plan with CCP records, SFBB diary, corrective action records, staff training records, and supplier verification documents.

• Paper SC2 logs covering 2 readings per day are increasingly weak evidence when automated systems capturing 288 readings per day cost £29/month.

• Every document must link to the others through a shared record ID so courts can trace the full evidence trail.

What the section 21 due diligence defence actually requires

The wording is deceptively simple. Section 21(1) of the Food Safety Act 1990 states: 'it shall be a defence for the person charged to prove that he took all reasonable precautions and exercised all due diligence to avoid the commission of the offence.'

Two tests. Both must pass. 'All reasonable precautions' means you had systems in place before anything went wrong. Temperature monitoring, HACCP plans, staff training, supplier checks. 'All due diligence' means you actually followed those systems every day. Not just on paper. Not just when inspectors were expected. For a practical breakdown of 10 ways to prove due diligence in food safety, see the companion guide.

Courts interpret 'all' strictly. One gap: a missing week of temperature logs, an expired calibration certificate, a corrective action with no verification: can sink the entire defence. The burden of proof sits on you, not the prosecution. You must prove compliance. They just need to show the offence occurred.

1. Continuous temperature logs with timestamps

This is your foundation. Every other document builds on it.

A court wants to see that food was stored at the correct temperature for the entire period in question. Not at 8am. Not at 5pm. All day, all night, every day. The legal thresholds are clear: 8°C for chilled food, -18°C for frozen food, 63°C for hot-held food under UK food safety temperature monitoring requirements.

A paper SC2 form records two readings per day. That's 0.7% of the monitoring window. A compressor failure at 2am goes undetected until the morning check. The food spent 6 hours above 8°C. The SC2 shows two compliant readings. That's not a defence: it's a liability.

Automated sensors recording every 5 minutes produce 288 readings per day. Each reading carries a timestamp, sensor ID, and calibration reference. Hash-chain the records and nobody can alter them after the fact. That density and integrity is what 'all reasonable precautions' looks like in 2026.

Courts increasingly question why operators rely on manual checks when automated alternatives cost £29/month. The 'reasonable' bar rises as technology becomes more accessible and affordable.

2. UKAS-traceable calibration certificates

A temperature reading is only evidence if the instrument that produced it was accurate. Full stop.

UKAS-traceable calibration means your sensor's accuracy has been verified against a reference standard that traces back to national measurement standards. The certificate records the sensor serial number, calibration date, reference instrument ID, and measurement uncertainty at 95% confidence. Without it, a defence solicitor's first question will be: 'How do you know this reading was correct?'

Calibrate annually at minimum. High-use sensors near door seals, blast-chill zones, or delivery bays may need it more often. Keep every certificate on file with the sensor serial number linked to the daily logs it produced. If you can't connect the certificate to the reading, the reading is unverifiable.

Cost: £30-80 per sensor per year. Compare that to £32,000 in fines for the South Kesteven deli, and the ROI calculation is instant.

3. HACCP plan with documented CCP monitoring

Every UK food business must operate a HACCP-based food safety system under Regulation (EC) No 852/2004. But having a plan isn't enough for Section 21. You need to prove your Critical Control Points were monitored according to the plan's own procedures.

Your HACCP plan defines what you monitor, how often, and what happens when something goes wrong. Courts compare the plan to your actual records. If the plan says 'monitor chiller temperature every 5 minutes' and your records show two daily checks, that contradiction destroys your defence. The plan itself becomes evidence against you.

Keep the HACCP plan current. Review it when menus change, equipment changes, suppliers change, or premises change. Date every revision. Remove old versions from the production floor. A shift supervisor following a 2022 version of the plan when the current version is from 2025 creates a document control failure that assessors and courts both catch.

4. SFBB diary with management verification

The Safer Food, Better Business diary is the FSA's recommended food safety management system for smaller businesses. Courts treat a well-maintained SFBB diary as strong evidence of day-to-day due diligence: the 'exercised' part of 'exercised all due diligence.'

A good SFBB diary records daily opening and closing checks, delivery temperature verifications, cleaning schedules, and cross-contamination controls. Each entry should carry a date, the staff member's name, and a manager's sign-off.

The weak spot: gaps. A diary with entries on Monday, Wednesday, and Friday but nothing on Tuesday or Thursday tells a court that nobody was checking on those days. 'We did the checks but forgot to write them down' is not a defence. If it's not recorded, it didn't happen.

Automated SFBB diary entries solve this. When a sensor fires every 5 minutes, the system generates AUTO-DETECTED entries for opening checks, temperature verifications, and excursion events. Staff add manual notes for visual inspections, deliveries, and corrective actions. The diary stays complete without relying on someone remembering to write things down during a busy lunch service.

5. Corrective action records with root cause analysis

Something will go wrong. A compressor will fail. A door seal will split. A delivery will arrive at 12°C instead of 5°C. What matters for Section 21 is not that the problem happened: it's how you responded.

Courts want to see four things. What went wrong (the trigger). What you did about it (the corrective action). How you confirmed the fix worked (verification). What you changed to prevent it happening again (prevention). This maps directly to the corrective action requirements in BRCGS Clause 2.11.

Each corrective action record must link back to the temperature log that triggered it. If your excursion report references record ID #1247, that same ID should appear in the daily log, the SFBB diary, and any product disposition records. Break that chain and the court has to take your word for it. Keep the chain intact and the evidence speaks for itself.

Product disposition matters too. When a chiller breaches 8°C, what happened to the food inside? Hold, quarantine, dispose, or verify safe? That decision, the person who made it, and the time it was made must all appear in the record.

6. Staff training records and competence evidence

'All reasonable precautions' includes making sure your people know what they're doing. Courts assess whether staff were trained, whether training was appropriate, and whether refresher training happened at reasonable intervals.

Keep records of every food safety training session. Date, attendees, topics covered, trainer name, and qualification level. Include induction training for new starters. Include ad-hoc training after incidents. Include seasonal refreshers for temporary staff.

The minimum: all food handlers hold a Level 2 food safety qualification. Supervisors and HACCP team leads should hold Level 3. These certificates don't expire legally, but courts and EHOs question qualifications older than 3 years. Refresh them.

Training records also cover your monitoring procedures. Can every member of staff explain what to do if the chiller alarm goes off at 3am? If the answer is 'phone the manager,' that's fine, as long as the procedure is documented, the phone number is posted, and the manager's response is recorded in the corrective action log.

7. Supplier verification and receipt temperature records

Your Section 21 defence covers what happens in your premises. But courts also ask whether you verified the safety of incoming goods. With 571 FDA recalls in 2025 and 67 UK product recalls in the same period, supplier verification is no longer optional due diligence.

Record the temperature of every chilled and frozen delivery on arrival. Note the supplier name, delivery time, and batch or lot number. Flag any delivery that arrives above threshold and document what you did: reject it, quarantine it, or accept it with a noted deviation. That receipt record connects your cold chain evidence to the supplier's cold chain.

Keep supplier specifications, certificates of analysis, and allergen declarations on file. When a recall notice lands, you need to trace the affected batch from the FSA alert to your specific stock within minutes. A food business that can do this in under 5 minutes demonstrates significantly stronger due diligence than one that needs to search through email inboxes and paper files.

Supplier audits add another layer. Even a simple annual questionnaire: confirming their HACCP system, temperature monitoring, and staff training: shows the court you didn't blindly trust your supply chain.

Section 21 due diligence defence: document comparison table

Here's how each document maps to the Section 21 test, what courts look for, and what makes it weak evidence.

Key takeaway: Every document addresses a specific part of the Section 21 test. Missing one creates a gap. Missing two or more makes the defence very difficult to argue. The strongest position: all seven documents sharing the same record ID chain so courts can follow the evidence from sensor to corrective action to supplier in a single narrative.

What courts reject as Section 21 evidence

Not everything qualifies. Here's what doesn't work.

After-the-fact records. Documents created after an incident are statements, not evidence. Courts distinguish between contemporaneous records (created during normal operations) and retrospective accounts (written after someone knocked on the door). A temperature log generated in real time by an automated sensor is contemporaneous. A handwritten summary assembled the night before a court hearing is not.

Generic policies without implementation proof. A HACCP plan in a binder proves you knew what to do. It doesn't prove you did it. Courts want the monitoring records that match the plan's procedures. Policy plus records equals evidence. Policy alone equals aspiration.

Verbal assurances. 'We always check the temperatures' carries zero weight without documentation. The entire point of Section 21 is documented proof. If a practice isn't recorded, it didn't happen in the eyes of the court.

Incomplete record chains. A corrective action report that mentions 'temperature excursion detected at 14:32' but can't be linked to the specific sensor reading at 14:32 raises questions about whether the report is accurate. Courts follow the evidence chain. If it breaks, so does your defence.

How to build your Section 21 defence pack today

You don't need a lawyer to start. You need a system that creates these 7 documents automatically as part of daily operations.

Step 1: Install continuous temperature monitoring. WiFi sensors recording every 5 minutes. One per zone: chiller, freezer, hot-hold, dry store. Cost: £29/month for basic cloud monitoring with the right sensor setup.

Step 2: Schedule annual calibration. Book UKAS-traceable calibration for every sensor. Link each certificate to the sensor serial number in your system. Set calendar reminders 30 days before expiry.

Step 3: Review your HACCP plan. Make sure the monitoring frequency stated in the plan matches your actual system. If you've upgraded from manual checks to automated sensors, update the plan to reflect that.

Step 4: Automate your SFBB diary. Let the sensor data generate daily opening checks and temperature verifications automatically. Add manual entries for visual inspections, deliveries, and cleaning. Manager sign-off weekly at minimum.

Step 5: Build corrective action templates. Pre-build the four-step structure (trigger, action, verification, prevention) so staff fill in fields rather than writing free text. Link every corrective action to the sensor record that triggered it.

Step 6: Centralise training records. One folder or digital system. Every certificate, every session, every refresher. Check expiry dates quarterly.

Step 7: Log every delivery temperature. Sensor at the delivery bay or handheld probe with documented readings. Note the supplier, batch number, and time. Flag deviations immediately.