What is the primary objective of **IFS Food**?

**IFS Food's primary objective is to audit product and process compliance ensuring manufacturers produce safe, legal products meeting customer specifications.** Version 8 (mandatory from 1 January 2024) uses a **Product and Process Approach (PPA)** with risk-based product sampling, traceability tests, and at least **50% audit time** in production areas to verify **food safety, quality, legality, authenticity**, and governance through HACCP, PRPs, and operational controls like food fraud (4.20) and defense (4.21).

Who is legally or professionally required to comply with **IFS Food**?

**IFS Food applies to food product manufacturers processing food or packing loose products where contamination risk exists.** It targets **site-specific certification** (one legal entity, one address) for all site products/processes, demanded by European retailers for private-label suppliers. **Partly outsourced processes** require controls (4.4); fully outsourced/traded products need **IFS Broker**. Exclusions limited per Annex 4; not for storage/transport alone.

Does **IFS Food** require an external audit or third-party certification?

**Yes, IFS Food mandates external audits by ISO/IEC 17065-accredited certification bodies using the IFS checklist.** Audits include **initial/recertification** (annual, full scope), **follow-up** (for Majors, 6 weeks-6 months post-audit), and **extension** audits. **Unannounced audits** required at least every third audit; denial withdraws certificate in **2 working days**.

How often should an assessment for **IFS Food** be performed?

**IFS Food requires annual full recertification audits covering all requirements.** Internal audits (KO 5.1.1) must occur regularly (risk-based, at least annually); management reviews at least yearly (1.3). **Unannounced** every third audit since 2021. Audit duration minimum **2 days (16 hours)** via mandatory tool based on employees, scopes, steps.

What are the consequences of non-compliance with **IFS Food**?

**Non-compliance triggers scoring deductions, certificate denial/withdrawal, and database notifications.** **KO D** (e.g., traceability 4.18.1) deducts **50%**, blocks certification; **Majors** deduct **15%**, require follow-up. Recertification Majors/KOs withdraw certificate in **2 days**. Unannounced access denial: immediate withdrawal. Foundation level ≥**75%**; Higher ≥**95%**.

Can **IFS Food** be mapped to other international frameworks?

**No, IFS Food FAQs stand alone without mapping to other frameworks.** As a GFSI-benchmarked scheme, it shares foundations but differs in annual audits (vs. surveillance), ISO 17065 accreditation, PPA focus, and scoring (Higher/Foundation levels).

What is the first step to begin implementing **IFS Food**?

**The first step is appointing an ISO/IEC 17065-accredited IFS-approved certification body and contracting with defined scope, duration, and integrity program references.** Disclose products, outsourced processes, exports, and history; conduct gap analysis against **IFS Food v8** and **Doctrine**; perform **3 months** operations for initial audit evidence.

What is the primary objective of **MLPS 2.0 (Multi-Level Protection Scheme)**?

**The primary objective of MLPS 2.0 is to establish a graded cybersecurity protection system ensuring security controls match the potential impact of system compromise on national security, social order, and public interests.** It classifies information systems into five levels (1-5) based on harm severity to individuals, organizations, or the state, mandating commensurate technical, management, physical, and personnel controls per GB/T 22239-2019 and related standards.

Who is legally or professionally required to comply with **MLPS 2.0 (Multi-Level Protection Scheme)**?

**All network operators in mainland China must comply with MLPS 2.0 under Article 21 of the 2017 Cybersecurity Law.** This includes domestic enterprises, foreign-invested entities, cloud providers, and operators of IT, IoT, big data, or industrial control systems; critical sectors like finance and energy often classify at Level 3+.

Does **MLPS 2.0 (Multi-Level Protection Scheme)** require an external audit or third-party certification?

**Yes, MLPS 2.0 requires external security reviews by licensed Chinese firms for Level 2+ systems, with PSB approval.** Reviews score compliance (minimum 75/100) across technical and management domains per GB/T 28448-2019; Level 3+ mandates annual evaluations.

How often should an assessment for **MLPS 2.0 (Multi-Level Protection Scheme)** be performed?

**Assessments under MLPS 2.0 must occur biennially for Level 2, annually for Level 3, semi-annually for Level 4, and as directed for Level 5.** Re-evaluations are also required post-major changes; all levels need ongoing self-inspections.

What are the consequences of non-compliance with **MLPS 2.0 (Multi-Level Protection Scheme)**?

**Non-compliance with MLPS 2.0 risks fines up to 100,000 RMB, operational suspensions, system shutdowns, and intensified PSB inspections.** Enforcement links certification to business license renewals; severe cases involve blacklisting or criminal liability.

Can **MLPS 2.0 (Multi-Level Protection Scheme)** be mapped to other international frameworks?

**Yes, MLPS 2.0 control domains align with frameworks like ISO 27001 and NIST CSF.** Organizational, physical, and technical controls map directly, enabling gap analysis via Statement of Applicability, though MLPS adds prescriptive grading and PSB oversight.

What is the first step to begin implementing **MLPS 2.0 (Multi-Level Protection Scheme)**?

**The first step is conducting a provisional self-assessment to classify systems into Levels 1-5 based on impact to national security and public interests.** Inventory assets, evaluate harm severity per GB/T 22239-2019, document rationale, then file with local PSB within 30 days for Level 2+.

IFS Food vs MLPS 2.0 (Multi-Level Protection Scheme)

Standards Comparison

IFS Food

Voluntary

2023

GFSI standard for food manufacturing safety and quality

MLPS 2.0 (Multi-Level Protection Scheme)

Mandatory

N/A

China's mandatory graded cybersecurity protection regime

Quick Verdict

IFS Food ensures food safety certification for global manufacturers via audits, while MLPS 2.0 mandates graded cybersecurity for China networks with PSB oversight. Companies adopt IFS for retailer access; MLPS to avoid legal penalties.

Food Safety

IFS Food

IFS Food Standard Version 8

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Product and Process Approach with traceability tests
Minimum 50% audit time in production areas
Annual full audits with unannounced option
Risk-based HACCP and KO critical requirements
GFSI-benchmarked for retailer supply chain trust

Standard

MLPS 2.0 (Multi-Level Protection Scheme)

Multi-Level Protection Scheme 2.0

Cost

€€€€

Complexity

Medium

Implementation Time

12-18 months

Key Features

Five-level impact-based system classification
Mandatory for all China network operators
Enforced by Public Security Bureaus inspections
Graded technical and governance controls
Third-party audits for Level 2+ systems

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

IFS Food Details

What It Is

IFS Food Version 8 is a GFSI-benchmarked certification standard for auditing food manufacturers' product and process compliance. It focuses on food safety, quality, legality, authenticity, and customer requirements using a risk-based Product and Process Approach (PPA).

Key Components

Organized into governance, HACCP/PRPs, operational controls, and performance monitoring.
Over 200 checklist requirements with 10 Knock-Out (KO) criteria.
Built on HACCP principles, prerequisite programs, and integrity topics like food fraud/defense.
Annual certification via accredited bodies with scoring (Higher/Foundation levels).

Why Organizations Use It

Enables European retailer market access and reduces duplicate audits.
Enhances supply chain trust, operational resilience, and due diligence.
Manages risks like recalls, fraud, and contamination.
Provides competitive edge through Star status for unannounced audits.

Implementation Overview

Phased gap analysis, FSMS development, training, internal audits.
Involves validation, traceability tests, management reviews.
Applies to food processing sites globally; requires on-site audits (50% production time).

MLPS 2.0 (Multi-Level Protection Scheme) Details

What It Is

MLPS 2.0 (Multi-Level Protection Scheme 2.0) is China's mandatory cybersecurity regulation mandated by the 2017 Cybersecurity Law (Article 21). It requires network operators to classify information systems into five protection levels based on potential harm to national security, social order, and public interests, implementing commensurate technical, governance, and organizational controls.

Key Components

Core domains: physical security, network protection, data security, access control, monitoring, and governance.
Standards like GB/T 22239-2019 (baseline), GB/T 25070-2019 (technical), GB/T 28448-2019 (evaluation).
Common controls for all levels plus extended requirements for cloud, IoT, big data, ICS.
Compliance via self-classification, third-party audits (Level 2+), PSB approval.

Why Organizations Use It

Legal obligation for China-based networks to avoid fines, suspensions.
Enhances resilience, supports market access, aligns with data laws.
Builds regulator trust, reduces enforcement risks.

Implementation Overview

Phased: scoping, classification, gap analysis, remediation, audits, ongoing monitoring.
Applies to all network operators in China; intensive for multinationals.
Mandatory external reviews, periodic re-evaluations.

Key Differences

Aspect	IFS Food	MLPS 2.0 (Multi-Level Protection Scheme)
Scope	Food manufacturing safety, quality, processes	Cybersecurity for all networks, systems
Industry	Food processing, global retailers	All sectors in China, mandatory
Nature	GFSI certification, voluntary audits	Legal mandate, PSB enforcement
Testing	Annual product/process audits, 50% on-site	Graded external reviews, re-evaluations
Penalties	Certification loss, no fines	Fines, suspensions, inspections