Platform overview
AuditCore is a cloud-based compliance and internal audit management platform engineered for food manufacturing and processing. It aligns with BRC Global Standard Issue 9 and other GFSI-recognised schemes including FSSC 22000, IFS, and SQF.
Who uses AuditCore
Quality & Technical
Define the annual audit programme, oversee NC trends, and generate evidence-led reports for management review.
Auditors & Site Managers
Execute shopfloor GMP inspections and structured system audits with photo evidence and clause references.
Operations & Production
Primary owners of the CAPA process — responsible for immediate corrections and root cause investigations.
Senior Management
Monitor real-time site health via the Risk Heatmap to satisfy BRC Clause 1.1.2 resource and management review requirements.
Pre-loaded audit standards
The following standards are available from the moment your site is created:
- BRC Global Standard for Food Safety Issue 9
- FSSC 22000 v6
- IFS Food v8
- ISO 22000:2018
- SQF Edition 9
Organisations & sites
AuditCore uses a strict three-level hierarchy to maintain data integrity and clear segregation of duties across complex business units.
Hierarchy
- Organisation — the top-level legal entity. Subscription settings and master GMP templates are managed at this level.
- Site — a physical factory or warehouse. All data (audits, NC registers, risk scores) is scoped to a specific site.
- Areas — specific locations within a site (e.g. "High-Care Packing" or "Raw Material Intake") used to pinpoint where an observation or failure occurred.
Site profile
During onboarding each site must complete a profile which informs the risk assessment engine and report headers.
| Field | Description |
|---|---|
| Site Name | Unique identifier, e.g. "BAKM — Manchester Bakery" |
| Production Areas | Total count of defined functional zones within the facility |
| Employee Count | Staffing levels used to contextualise the scale of operations |
| High-care Flag | Boolean indicator of whether the site contains high-care or high-risk production environments |
Managing production areas
Areas are managed via Settings → Sites → [Site Name] → Areas. Precise area definition is critical for the evidence trail required by auditors.
- Area types: Production, Storage, Despatch, Welfare, Utilities, or Other
- High-care status: A toggle to identify zones requiring enhanced hygiene and segregation controls
- Status & order: Admins can set areas to Active/Inactive (hiding defunct areas without losing historical data) and adjust sort order for auditor efficiency
User roles
AuditCore uses an additive permission model. Each successive role inherits all permissions of the roles below it, ensuring a clear chain of command and data security.
| Role | Primary permissions | Key restrictions |
|---|---|---|
| site_user | View dashboard and My Work; conduct assigned GMP/system audits; complete assigned CAPA phases; log Proactive Actions | Cannot raise NCs manually; cannot edit programmes or access site/org settings |
| site_manager | All site_user permissions plus: raise/edit NCs; schedule/reassign audits; verify and close NCs; view site-specific reports | Permissions restricted strictly to their assigned site(s) |
| org_admin | All site_manager permissions plus: access all sites; manage users (invite/deactivate); configure Programme Builder; run manual risk assessments | Cannot access data from other organisations (multi-tenancy lock) |
| super_admin | All org_admin permissions plus: support-level access; log in on behalf of users; global organisation management | Reserved for AuditCore technical service team only |
Onboarding & setup
New accounts start with a 14-day full-access trial. The onboarding wizard guides you through the four steps required to configure your first site.
Onboarding wizard
- Name first site — enter the site name that will appear on all reports and NC references
- Complete site profile — production area count, employee count, high-care flag
- Define production areas — add the specific locations used during inspections
- Select primary audit standard — choose from BRC Issue 9, FSSC 22000, IFS, ISO 22000, or SQF
Account states
- Trial — 14-day full-access period for new registrations
- Active — live paid subscription; full platform access
- Expired — subscription lapsed; login blocked until renewed
- Suspended — account suspended based on payment status
GMP inspections
GMP inspections are checklist-based evaluations of Prerequisite Programmes — hygiene, maintenance, pest control, and so on. Each checklist item is assigned a Risk Weight (1–5) that determines its impact on the overall inspection score.
Conducting an inspection
- Select the GMP template for the area you are inspecting
- Mark each item as Pass, Fail, or N/A
- For any failure: add notes and up to 5 photos as evidence
- Record the Area, Shift, and Product Reference in the metadata fields
- On failing an item, use the Auto-NC button to immediately raise a linked Non-Conformance
Offline support
AuditCore uses Service Workers and local caching to support audits in Wi-Fi dead zones — cold stores, external yards, or areas with poor signal.
System audits
System audits evaluate the facility against the full breadth of a certification standard, clause by clause. They can be scheduled via the Audit Programme or raised as one-off or triggered audits.
Audit lifecycle
- Schedule — create manually or let the Audit Programme generate it automatically
- Execute — work through clauses using the Audit Mode: Desk, Shopfloor, Interview, or Combined
- Report — on completion a PDF generates automatically with overall compliance score, embedded photo evidence, and a summary NC table
Audit modes
| Mode | Use case |
|---|---|
| Desk | Document review — procedures, records, HACCP plans |
| Shopfloor | Physical walkthrough of the production environment |
| Interview | Staff competency and awareness checks |
| Combined | Mixed approach covering all of the above in a single audit session |
Triggered audits
Outside the routine plan, triggered audits are initiated by specific events:
| Trigger | Example case |
|---|---|
| Customer Complaint | Significant complaint requiring a deep-dive audit response |
| Product Recall | Audit conducted as part of a formal recall or withdrawal |
| Post-Incident | Conducted following a food safety incident or near-miss |
| Process Change | Triggered by new line installations or process modifications |
| Supplier Failure | Targeted audit following a significant supplier non-conformance |
NC & CAPA process
Every Non-Conformance in AuditCore follows a mandatory two-phase CAPA workflow. Unlike Proactive Actions — which are simple improvement logs requiring no formal verification — every NC must complete a structured, multi-stage process.
NC reference format
Each NC is assigned a unique reference following the format: NC-{SITE}-{YEAR}-{SEQUENCE} (e.g. NC-BAKM-2026-0001). The site code is automatically generated from the first four characters of the site name, uppercase, no spaces.
NC source types
| Source | Description |
|---|---|
| System Audit | Auto-raised during internal audits against certification clauses |
| External Audit | Findings from third-party or certification body visits |
| GMP Inspection | Auto-raised from a failed shopfloor inspection item |
| Customer Complaint | Formal feedback requiring a technical response |
| Incident | Food safety incidents or near-miss events |
| Non-Conforming Product | Product failing specification or release criteria |
| Product Safety Point Failure | Failure of a CCP, OPRP, or other HACCP control |
| Cleaning Failure | Documented failure of cleaning and disinfection protocols |
| Supplier Issue | Non-conformance regarding delivery or supplier performance |
| Internal (Other) | Internally identified issues not covered by other sources |
| Manual / Ad Hoc | A manually created record for miscellaneous compliance failures |
Severity levels & due dates
| Severity | Definition | Due date |
|---|---|---|
| Critical | Immediate risk to safety or legality | Same day |
| Major | Substantial failure or potential risk | 3 days |
| Minor | Failure not posing significant immediate risk | 14 days |
| Observation | Weakness or area for improvement | 30 days |
The three-step CAPA workflow
- Phase 1 — Immediate correction. Document what was done immediately to prevent harm (e.g. "Batch isolated and quarantined"). Assign a Corrective Action Owner.
- Phase 2 — Root cause investigation & prevention. Record a Root Cause Analysis using methods such as the 5 Whys or Fishbone diagram. Then document the Preventive Action Plan that addresses the root cause finding.
- Verification & closure. A different person from the submitter must verify the actions taken. They may close the NC or return it for rework if evidence is insufficient.
Programme builder
AuditCore separates the library of audit requirements from the execution of the schedule. The Programme Builder defines what needs to be audited and how often. The Annual Plan puts those requirements on the calendar.
Programme builder vs annual plan
| Tool | Purpose | Answers |
|---|---|---|
| Programme Builder | The master library of Audit Events | What needs auditing, how often, and at what baseline risk level |
| Annual Plan | The site-specific 12-month calendar | When each audit event is actually scheduled throughout the year |
Using the annual plan view
The Annual Plan View displays a 12-month grid. Quality Managers use it to schedule specific instances of Programme Builder events, ensuring even distribution of workload and audit coverage across the year.
Risk assessment engine
In accordance with BRC Clause 3.4, AuditCore automatically calculates compliance risk at the section level — rated High, Medium, or Low — using a multi-factor scoring model.
Risk weighting factors
| Factor | Impact on score |
|---|---|
| Recent compliance score | The primary driver of current section risk |
| Number of open NCs | Increases risk based on volume of unresolved issues |
| Overdue NCs | Significant negative factor indicating lack of control |
| Repeat NCs | High-priority flag — triggered when the same clause fails in two or more consecutive audits |
| Time since last audit | Risk increases linearly as the duration since the last check grows |
Reports & exports
AuditCore generates two primary reports designed to meet BRC Issue 9 evidence requirements and support management review.
Management review report
Directly supporting BRC Issue 9 Clause 1.1.2, this report provides Senior Management with the data required to review the effectiveness of the Food Safety Quality Management System.
- NC trends by severity
- Open vs. closed rates
- Average time to close
- Repeat NC list
- Audit completion rates
- Risk score trends over time
NC register export
The full NC register can be exported in two formats:
- CSV — for internal data manipulation and trend analysis
- PDF — a professionally formatted register suitable for direct submission during certification audits
System audit PDF
Generated automatically on audit completion. Includes the overall compliance score (percentage of compliant non-N/A responses), all embedded photo evidence, and a summary NC table.
Video walkthroughs
Short screencasts covering the key workflows in AuditCore. More videos will be added as the product develops.
FAQ & troubleshooting
Common questions from Technical Managers getting started with AuditCore.