Effective Complaint Handling & Product Recall Protocol
This criterion assesses the organization's effectiveness in handling customer complaints and managing product recalls in a just, transparent, and welfare-oriented manner. It evaluates the existence of a clearly defined and documented protocol for addressing customer grievances, investigating product defects, and executing recalls when necessary. The protocol must include a mandatory 'Complaint-to-Safety Signal' decision tree and risk matrix (severity × likelihood × detectability) with clear triggers for stop-sale, regulator notification, and public recall. It requires a written Delegation of Authority (DoA) empowering coordinators to enact immediate stop-sale/quarantine measures to minimize harm (la ḍarar). The system must ensure end-to-end traceability (batch/lot level) capable of identifying affected stock/customers within 4 hours (2 hours for food). It mandates a 'Vulnerability Support SOP' to identify and assist vulnerable customers, ensuring equitable access to remedies. The organization must uphold the prohibition of deception (ghish) through transparent disclosure and prohibit internal concealment via a protected speak-up route. The process includes a formal two-stage complaint resolution pathway with ADR signposting, periodic mock recall drills with specific performance metrics, and strict adherence to data protection (UK GDPR) and statutory duties (GPSR, Food Safety Act, CRA 2015).
- Does the organization have a documented 'Complaint-to-Safety Signal' decision tree and Risk Matrix?
- Is there a written Delegation of Authority (DoA) empowering coordinators to enact immediate stop-sale/quarantine?
- Can the organization demonstrate traceability of affected batches to customers within 4 hours (2 hours for food)?
- Does the organization have a 'Vulnerability Support SOP' and evidence of its use (e.g., assisted refunds)?
- Is there a formal two-stage complaint process with a Deadlock Letter and ADR signposting after 8 weeks?
- Has the organization conducted an annual mock recall drill with defined scenarios and measured metrics?
- Are data protection controls (lawful basis, retention, DPIA) in place for complaint and recall data?
- Is there a protected 'Product Safety Speak-Up Route' for staff to report concealment or pressure?
- Do supplier contracts include clauses for 24h safety notification, traceability sharing, and cost allocation?
- How does the organization ensure statutory remedies (CRA 2015) are offered without unlawful exclusions?
- What KPIs are used to monitor acknowledgement SLAs, decision times, and recall effectiveness?
- Documented Protocol with Risk Matrix and Decision Tree.
- Written Delegation of Authority (DoA) signed by the Board/CEO.
- Recall Playbook (templates for notices, scripts, regulator forms).
- Traceability test records showing time-to-identify (<4h).
- Vulnerability Support SOP and training records.
- Complaint log showing Stage 1/2 progression and Deadlock Letters.
- Mock Recall Drill Report with metrics and CAPA plan.
- Data Protection records: Lawful basis, Retention Schedule, Recall DPIA.
- Supplier Contracts with safety/recall clauses.
- KPI Dashboard reports (monthly).
- Whistleblowing policy/channel details for product safety.
| Level | Rating | Description |
|---|---|---|
| 5 | 5/5 | World-class system with predictive safety signaling, automated traceability (<1hr), and deep integration of lessons learned into product design. Exceeds statutory duties with proactive consumer welfare initiatives. |
| 4 | 4/5 | Robust, documented process with tested recall capability (mock drills passed), clear DoA, and consistent KPI monitoring. Vulnerable customer support is operational. |
| 3 | 3/5 | Compliant process with defined roles and basic traceability. Complaint handling is structured but may lack advanced risk triage or specific vulnerability SOPs. |
| 2 | 2/5 | Basic process exists but lacks rigorous risk assessment, traceability is slow (>24h), or recall authority is unclear. Reactive rather than proactive. |
| 1 | 1/5 | No defined protocol; ad-hoc response to safety issues; no traceability or risk triage. High risk of harm and non-compliance. |
Related Criteria
Discussion (1)
📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json
Sign in to post a comment.