IFS Wholesale/Cash & Carry version 3
The final version of IFS Wholesale 3 was published on 27 November 2024. Audits according to IFS Wholesale version 3 can take place from 1 May 2025. In this article, read explanations on how to interpret the standard and discover the main changes compared to version 2.3. This standard is not GFSI recognised.
The IFS Wholesale/Cash & Carry standard is an international standard that focuses on food safety and product quality within wholesale and cash & Carry companies. The standard helps organisations to control processes, minimise risks and comply with legal requirements. Certification under this standard shows that a company operates reliably, safely and transparently within the supply chain.
IFS Wholesale and Cash & Carry version 3 audits are possible from 1 May 2025 and become mandatory for all certified companies from 1 November 2025. Version 3 comes with a new logo colour.
Scoring system
New in this version is that the scoring system is in line with the other IFS standards. The B-score is again classified as deviation. By defining a correction or corrective action, this contributes to continuous quality system improvement. IFS Star status
Unannounced audits strengthen the credibility of the audit process and demonstrate that a company complies with IFS requirements on a daily basis. The IFS Star status, with a special star logo, has been introduced to indicate that the audit was unannounced. This status will be visible in the IFS database and on the certificate. Companies can voluntarily undergo unannounced audits.
Notification requirement
The standard specifies in which circumstances the certifying body must be notified. At least the following should be reported:
Recalls, withdrawal caused by the company for reasons of product safety and/or product fraud.
Changes in organisation and management.
Significant changes in the products and/or product handling/processing methods.
Changes in the contact address of Wholesale/Cash & Carry locations, new location address).
This notification must take place within 3 working days.
The components of IFS Wholesale/Cash & Carry
The IFS Wholesale/Cash & Carry standard (version 3) broadly follows the modular structure of IFS Food and consists of two main modules (Classic and PLUS) within the Wholesale and Cash & Carry categories. The standard is made up of the following main sections:
Governance and commitment
Food safety and quality management system
Resource management
Operational processes
Measurements, analysis and improvements
Governance and engagement
Management will develop, implement and maintain a company policy. The policy should be communicated to all employees. The policy should include at least the following:
Product safety, quality, legality and authenticity
Customer focus
Product safety culture
Sustainability
Company profile Management is responsible for ensuring product safety and quality within the organisation. This includes direct reporting from the quality department, an up-to-date organisational chart, awareness of responsibilities among employees, and systems to monitor effectiveness. In addition, relevant staff should be kept up to date with relevant legislation and risks (such as product fraud), and sufficient resources should be available to meet all requirements. Management review Management must review the product safety and quality management system at least annually (within 15 months). This review includes objectives, audit results, customer feedback, food fraud and food defence and compliance with legislation, among others. The results should lead to improvement actions and follow-up on previous reviews. In addition, the infrastructure and working environment must also be assessed annually, with the outcomes fed into investment plans. Everything must be fully documented.
Food safety and quality management system
Document control
There should be a procedure for managing, implementing and maintaining documents and any changes to them. Only the most up-to-date versions should be used and changes to critical documents should be recorded with reason. The document management system should prevent manipulation and should only be managed by authorised personnel. Documents must be clear, complete and always accessible to the right employees. Records must also be legible, correct and authentic, with manipulation technically impossible. Retention periods must comply with laws, regulations or customer requirements. If these are missing, a minimum retention period of one year applies for non-food products and one year after expiry of the shelf life for food products. For products without an expiry date, the retention period should be substantiated and recorded. All information must be stored securely and easily accessible.
Food safety management
The food safety management system should consist of a fully implemented, systematic and documented risk management system applicable to the site. For food, this should be based on the HACCP principles of the Codex Alimentarius. The hazard analysis should cover all relevant products, processes and potential risks such as allergens. The system should be substantiated by scientific sources or expert advice and comply with the legislation of both the production and destination country. In case of changes in products, processes or equipment, the system should be reviewed to ensure product safety. HACCP analysis and risk assessment
Risk analysis should be carried out by competent persons with specific knowledge. The team leader should be well versed in risk management and/or HACCP principles and be able to recognise, control and manage product safety risks. Those involved in managing the system should also be appropriately trained for this purpose and have knowledge of the products and processes. A team leader should be appointed with clear management support.
Flow diagram
A flow diagram should be documented and maintained for each product or product group, and for all variations of the processes, including (if applicable) product handling, rework and reprocessing. The flow diagram should identify each step and each control measure. It should be dated and updated in case of changes. Control measures
A comprehensive hazard analysis should be carried out to identify and assess all reasonably foreseeable physical, chemical (including allergens) and biological hazards. This includes hazards associated with packaging materials, contact materials and the working environment. The probability of occurrence and severity of possible health effects should be assessed, as well as the necessary control measures.
Based on this analysis, critical control points (CCPs) are identified using a decision-making tool, such as a decision tree. Validated critical limits must be established for each CCP and a monitoring system set up. This monitoring should be documented, implemented and maintained, including recording of results, to detect loss of control. Other key control measures, outside CCPs, should also be controlled and monitored through measurable or observable criteria. Personnel monitoring CCPs and other control measures should be specifically trained for this purpose, and monitoring data should be verified in a timely manner by a responsible person within the company.
Validation
The hazard and risk management system should be validated to ensure that the HACCP plan is effective in controlling identified hazards. This validation should be carried out again in case of changes. Both validation and re-validation procedures must be in writing, properly implemented and maintained. Verification
It is necessary to establish verification procedures that confirm that the food safety system is functioning properly. These activities should be carried out at least once every 12 months or when significant changes occur. The results of verification should be recorded.
Resource management
All employees performing work affecting product safety, quality, legality and authenticity must have the required competence, appropriate to their role, as a result of education, work experience and/or training. Personal hygiene
The organisation must document, implement and maintain risk-based requirements for personal hygiene. These requirements apply to employees, technical staff and visitors and should include at least aspects such as hair (including beards), protective clothing, hand hygiene, eating and smoking habits, handling injuries, personal grooming (such as nails and jewellery) and reporting infectious diseases through a medical screening procedure. All those involved should understand these hygiene rules and apply them correctly. Compliance should be monitored on a risk-based basis, but at least once every 12 months. Protective clothing should be available in sufficient quantity for staff and visitors, and this clothing should be washed thoroughly and regularly - in-house, by approved external parties or by staff themselves - based on risk assessment.
Training
The organisation must establish training and instruction programmes that match product specifications and the needs of employees. These are mandatory for all personnel, including temporary and external workers, and must be attended before work starts. The programmes include content, frequency, tasks, language, trainers and effectiveness assessment. There should be records of each training course, and content should be regularly reviewed and updated with attention to product safety, fraud, quality, legislation and feedback, among others.
Operational processes
Customer agreements and contractual agreements
The agreed requirements between contractual partners must be assessed before concluding a supply contract. Customer feedback must be used for continuous improvement. All requirements relating to product safety and quality from customer agreements must be communicated to and implemented by all relevant departments.
Specifications
Specifications must be available for all products for which the company is responsible. There must be a procedure for drawing up, amending, approving and managing these specifications. Employees must have access to the relevant specifications when necessary.
Product development
Product development and changes must be documented, implemented and maintained, including a hazard analysis. In the event of changes to the recipe, reprocessing or packaging material, the process characteristics must be reviewed to ensure that the product requirements are met.
Purchasing
There must be a documented and implemented procedure for purchasing raw materials, semi-finished products and packaging materials, including the approval of suppliers. This procedure must include risks associated with raw materials or suppliers, performance requirements and exceptional situations, as well as additional criteria such as audits, test results and complaints, based on risks.
When parts of the processing, packaging or labelling are outsourced, these processes must be documented in the quality and food safety system and checked to ensure safety, quality, legality and authenticity. If required, the customer must be informed of this and agree to it.
The purchasing procedure and supplier assessment must be evaluated at least annually or in the event of major changes, with documented results and follow-up actions. Purchased materials must be assessed for risks and serve as the basis for testing and monitoring plans.
Packaging and labelling
In the case of claims on labels or the exclusion of certain production methods, measures must be taken to demonstrate compliance, with attention to food safety and authenticity. Labelling services must guarantee that packaging codes and labels correspond to the product and comply with customer agreements; this must be regularly checked and documented. Where applicable, online product information must also be available.
Buildings and construction requirements
Buildings in which food is handled, processed or stored must be designed, constructed and maintained in such a way as to ensure food safety. Loading and unloading areas must be suitable for their function and designed in such a way as to prevent risks such as access by pests, exposure to adverse weather conditions, accumulation of waste, condensation and mould growth. In addition, these areas must be easy to clean and, if necessary, disinfect.
Water and air
Buildings and processes that affect food safety and quality must take place under controlled environmental conditions. Parameters such as temperature and humidity must be predetermined and correctly applied. Process parameters that are essential for product safety and quality, such as temperature, time, pressure and chemical properties, must be monitored and recorded regularly or continuously.
When air treatment or cooling is required, the equipment used must be well maintained and cleaned regularly. Air circulation must not have a negative impact on product safety or quality. In the event of malfunctions or temperature deviations, an alarm system and an effective emergency plan must be in place to ensure product safety. Dust extraction must be provided in areas where large amounts of dust are released.
The water supply must consist of drinking water of suitable quality at the point of use, be available in sufficient quantities and be suitable for hand hygiene, cleaning, disinfection and steam or ice that comes into direct contact with food or packaging. The quality of this water (including recycled water) must be checked regularly on the basis of a risk analysis. Non-potable water used in the process must not pose a contamination risk and must be transported via separate, clearly marked pipes.
Cleaning and disinfection
Risk-based cleaning and disinfection plans must be drawn up and implemented, with clear guidelines on objectives, responsibilities, resources used, frequencies, locations and documentation. Implementation must be effective and recorded, with monitoring by a designated responsible person. Cleaning of transport units must take into account product-specific risks, and food transport containers must be correctly labelled and used exclusively for food. Only competent and trained personnel may carry out the cleaning.
When using external cleaning services, all requirements must be laid down in a contract.
Waste management
Waste management must be documented, implemented and maintained to prevent cross-contamination. Food and other waste must be removed quickly from rooms and must not accumulate. Waste containers must be clearly marked, suitably designed, well maintained and easy to clean or disinfect. Waste must be collected separately according to its destination and may only be disposed of by authorised parties, with the disposal being documented.
Pest control and monitoring
The site and equipment must be designed, constructed and maintained in such a way that pests do not stand a chance. Risk-based control measures must be established, implemented and maintained, taking into account the environment, structural risks, use of resources and inspection frequencies. When using external pest control services, all requirements must be laid down in a contract, with an internally appointed person responsible for supervision. Inspections, actions and any infestations must be documented and followed up. The effectiveness of the measures must be monitored and recorded, including trend analyses.
Transport
Before transport vehicles are loaded, their condition must be checked for odour, moisture, mould, pests and other risks, and measures must be taken and documented if necessary. During loading and transport, the correct temperature must be maintained, especially for temperature-sensitive products. Transport containers must be clean, dry and suitable and pre-cooled if required. Procedures must prevent cross-contamination. Cleaning and disinfection of transport equipment must be tailored to product risks and documented. When using external transport services, all relevant requirements must be laid down in a contract. Drivers providing these services must comply with hygiene rules. Appropriate precautions must also be taken for occasional use or parcel services to ensure product integrity and safety.
Maintenance
There must be a maintenance plan that covers all critical equipment and areas for transport and storage, with the aim of ensuring product safety and quality. This plan applies to both internal maintenance and external service providers and must include responsibilities, priorities and deadlines. During and after maintenance work, the safety, quality, legality and authenticity of the product must remain guaranteed. All materials used must be suitable and pose no risk of contamination. Malfunctions must be recorded, evaluated and addressed quickly to improve the maintenance system. Temporary repairs must not compromise product safety and must be short-term. When using external maintenance services, all relevant company requirements must be clearly documented to prevent contamination.
Traceability
A traceability system must be fully established, implemented and maintained so that all products and, where applicable, food contact packaging can be traced from supplier to customer. This system must be tested annually or in the event of significant changes using a mass balance, whereby the test demonstrates both the origin and destination of products. This must be possible within a timeframe of 4 hours or less when a more limited timeframe is imposed by customers.
Product fraud and defence
For product defence, responsibilities must be clearly defined and assigned to individuals with the appropriate expertise. There must be a documented and maintained plan that identifies potential internal and external threats and describes appropriate protective measures, such as access policy, security, transport management and IT risks. The criteria for vulnerability assessment must be established. In addition, there must be an appropriate warning system, which is regularly evaluated for effectiveness.
Measurements, analysis and improvements
Internal audit
Indicated is that there should be an effective internal audit programme that is documented, implemented and maintained and covers at least all requirements of the IFS standard. Audit planning should take place within 12 months and be carried out within 15 months at the latest. Audit results, including deviations, should be recorded and communicated to management and responsible staff. External audit
The auditor will spend at least 50% of the audit time on site. However, a reduction is possible in certain situations, as defined in the standard. Check with the certifying body. The certifying body must send an action plan within two weeks of the audit. A preliminary report is no longer mandatory. Site inspections
Site inspections should be carried out in addition to internal audits. These inspections focus on the condition of the building, outdoor environment, product control, hygiene, risks of foreign materials and personal hygiene, among others.
Process validation and control
The company should identify, based on risk analysis, which processes require validation. The criteria for validation and process control must be clearly defined. Environmental factors such as temperature and humidity that affect product safety and quality must be defined and applied. Essential process parameters must be monitored, recorded and secured against unauthorised changes. Deviations and malfunctions must be promptly reported, recorded and followed up according to established procedures. Calibration, adjustment and control of measuring and monitoring devices
Measuring and monitoring devices required for product safety and quality must be identified, recorded and, if legally required, approved. These devices should be checked, calibrated and adjusted at defined intervals according to recognised standards. Product analysis and environmental monitoring
Risk-based microbiological, physical and chemical analyses are carried out for proprietary brands or self-produced products. A risk-based environmental monitoring programme should be in place, documented, implemented and maintained. Analysis and monitoring plans for internal and external testing must cover all relevant stages of production and meet safety, quality and regulatory requirements.
Management of product recalls, product recalls and incidents
There should be an effective procedure for managing recalls, withdrawals, incidents and emergencies affecting product safety and quality. The procedure should be tested annually through a full simulation, the results of which are evaluated for continuous improvement. There should be a procedure for managing non-compliant products and packaging. This includes responsibilities, quarantine, risk analysis, labelling and decisions on follow-up actions. Employees must understand and apply the procedure. Management of deviations, non-conformities, corrections and corrective actions
There should be a procedure for managing corrections and corrective actions. This includes recording, analysing and communicating deviations and non-conformities with the aim of closing them and preventing their recurrence. For discrepancies affecting safety, legality or authenticity, a thorough root cause analysis should be performed. Corrective actions should be promptly identified, documented and implemented, with clear responsibilities and deadlines. The effectiveness of these measures should be monitored and recorded.
In this article, you read the main changes of the IFS Wholesale/cash & Carry standard version 3. For the exact requirements, consult the complete IFS Wholesale/cash & Carry standard version 3. Want to know what changes you need to make? Have a baseline measurement IFS Wholesale/cash & Carry version 3 performed by our specialists.
Need assistence with IFS Wholesale/Cash & Carry version 3?
We support companies with:
Compliance management
Audit Support
Quality Management Systems (QMS)
Risk Analysis
