Keystone
by CloudVoro
Try the sandboxTalk to us →
Free resource

The 18-point audit-readiness checklist
Irish food producers use to pass FSAI, BRCGS and SFPA.

We built this checklist with the QA team at our founding partner ahead of their last BRCGS audit. They passed without a single non-conformance. We've cleaned it up and made it freely available — no email gate, no marketing tax. Use it.

  • 18 actionable checks across traceability, QC, documentation, dispatch and audit log
  • Cross-referenced to BRCGS Issue 9 clauses (§3.9, §3.11, §4.7, §5.4)
  • Built with Cashel Farmhouse Cheesemakers ahead of their last audit
  • Free PDF — no email required, no marketing follow-up
The categories

What the checklist covers.

01 — Traceability (5 checks)
Forward + backward chain, supplier delivery linkage, response-time documentation, scheduled mock recalls.
02 — QC documentation (4 checks)
Per-batch records, allergen declarations, deviation procedures, retention.
03 — Dispatch & customer evidence (3 checks)
Per-customer templates, COA-on-dispatch, send audit trail.
04 — Audit log & change control (3 checks)
Immutable audit trail, role-based access, spec change history.
05 — Recall & withdrawal (3 checks)
Documented procedure, drill cadence, evidence retention.
How to use it

Print it. Mark it up. Sleep better.

Run through the list two weeks before your audit window opens. Mark green, amber, red. The amber items are usually where Keystone helps; the red items are where you need to make a decision before the auditor walks in. If you want a free hour on a call to talk through your reds, drop us a note — no quota, no commission.

FAQ

Questions buyers actually ask.

Is the checklist BRCGS-approved?
No certification body 'approves' third-party checklists. This is the working document our founding partner used ahead of a successful BRCGS Issue 9 audit. Use it as a guide, not a substitute for the BRCGS standard itself.
Will you email me marketing?
No. The PDF is open — no email gate. If you want a call, ask. If you don't, we won't bother you.
Can I share it with my team?
Yes — that's the whole point. CC your QA Manager.
Do you do audit-prep consulting?
We don't sell audit-prep as a service. We will do one free hour of prep coaching with any prospect on a discovery call.

Ready to see if Keystone fits your floor?

20-minute discovery call. No sales pitch. Written scope within 48 hours if we fit — referral to someone better if we don't.

Talk to us
Compliance & trust

How we keep your
data and your audits safe.

We are honest about what's certified and what's in progress. Anything marked "in progress" reflects active work towards a recognised standard — never marketing decoration. Privacy queries go to privacy@cloudvoro.com. Sub-processor list at /legal/sub-processors. Full security posture at /site/security.

Live
Hosted in EU / Ireland
Customer data resides on AWS Ireland (eu-west-1) — never leaves the EU.
Live
GDPR · Privacy Contact named
Internal Data Protection Lead handles subject access requests. Owner is ADPO Ireland member.
In progress
NIS2 · building toward readiness
Tenant isolation, audit trails and MFA support customers in NIS2 scope. CloudVoro itself is below the size threshold; not yet certified.
In progress
ISO 27001 · alignment
We map our controls to Annex A but hold no third-party certificate. Formal certification on the 2026 roadmap.
In progress
Cyber Essentials · planned
UK Cyber Essentials assessment is on our roadmap. We will name the assessing body (IASME) and a confirmed date here once scoped.
Live
Encryption · at rest & in transit
TLS 1.3 in transit, industry-standard symmetric ciphers at rest, KMS-managed keys.