Most small food producers I talk to have a real HACCP plan. A good one. It names the hazards, sets the critical limits, and says exactly what to record, when to record it, and how often. They paid for it, or they sweated over it, and it sits in a binder that would pass a first glance.
That plan is not where compliance breaks. Compliance breaks in the gap between the plan and what actually got written down during a hard week of production.
Here is the difference, stated plainly. A HACCP plan is a set of instructions: it names your hazards, your critical limits, and what to record. Being compliant is having the records that prove you followed it, on every batch, in a form an outside auditor can trust without taking your word for it. The plan is the easy part. The records are what get tested.
What the plan is actually for
A good plan does one job well. It tells you what has to be true for your product to be safe, and it tells you how to prove it. For a fermented hot sauce, that usually means the finished pH. The plan sets the limit, names the check, and sets the frequency. If your process authority asked for it, it might also call for verifying that the pH stays stable after a set holding period.
None of that is hard to understand. The plan is clear. The trouble starts when you have to execute it for the four hundredth time, at hour eleven, on day six of a stretch where you are doing everything from harvest to bottle yourself.
Is a HACCP plan the same as being compliant?
No. And the gap between the two is not theoretical. One of the most common things auditors flag is monitoring records that do not capture every critical limit the plan calls for. The plan lists three things to record at a control point, and the log only shows one. The plan was fine. The record was not. That is the gap, and it opens for a reason.
At Off The Deck, our peak season is weeks of eighty hours or more, back to back. We are farm to bottle, so the same two people picking peppers in the morning are running fermentation and bottling by afternoon. In that state, stopping to open a spreadsheet and key in a CCP value in the moment is genuinely hard. Not because we do not care. Because the friction is real and the day is long.
So we built a workaround. We texted each other the CCP value. A reading, a timestamp, sent by SMS, so we had the number and the time captured somewhere we trusted, and we could move the spreadsheet entry over later. It worked, in the sense that we never lost a reading. But look at what it actually was: a second system, bolted onto the first, that still left us re-entering everything after the fact.
That is the whole problem in one example. Every step you add to recording a check adds time. And every step adds another chance to forget, to fat-finger a number, or to skip the entry entirely because the moment passed. When following the plan takes real effort, the plan loses to "we will update the record later." That is not a plan failure. It is what people do when the effort is high and the hours are long.
A spreadsheet does not fix that. It is the thing creating the friction.
What an actually compliant record looks like
Forget the software for a second. Think about what a record has to be to mean anything.
There is an old line in auditing: if it is not written down, it did not happen. A real record is what makes something count as having happened. It is a ledger. It says what was measured, when it was measured, and who measured it. If an entry is changed, it says why it was changed and who changed it. Those last two are the part most producers miss, and they are the part that matters most.
Here is the test I use. Imagine you have to put your records in front of someone whose job is to find the hole in them. An auditor on a bad day, or worse, an opposing side in a recall that went to court. Which record is harder to pick apart?
An append-only ledger stands on its own. Each entry has a time, a value, and a name attached, and nothing can be quietly changed after the fact. It needs no explanation.
A spreadsheet does not stand on its own. It can be edited at any time, by anyone with access, with no trace. So the spreadsheet itself proves nothing. To make it mean anything, you now have to explain every external control you put around it: who had access, how versions were kept, how you know a number was not changed after the batch shipped. You are no longer handing over proof. You are defending a process. That is the moment a spreadsheet stops being an asset and becomes a liability.
The plan told you to record the pH. Compliance is a record of that pH that an outsider can trust without taking your word for it.
What records does a food auditor actually check?
In practice, an auditor asks for the CCP monitoring logs, the calibration records, and the batch or lot records that tie them together. The general principle is the same for every producer: capture the check in the moment, make it attributable, and keep it per batch. But the specific rule you answer to depends on what you make. Here is where each one lives, so you can read the source instead of taking my word for it.
These links point to the official regulation text on the FDA's eCFR. They are a starting point for understanding your obligations, not a substitute for your own process authority or regulatory counsel.
Fermented and acidified foods (hot sauce, pickles, krauts, salsas)
If you acidify a low-acid food to a finished pH of 4.6 or below and sell it shelf stable, you are most likely under 21 CFR Part 114.
- Part 114, Acidified Foods: https://www.ecfr.gov/current/title-21/chapter-I/subchapter-B/part-114
- 114.80, Processes and controls: requires frequent testing and recording of results so finished pH stays at or below 4.6. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-B/part-114/subpart-E/section-114.80
- 114.100, Records: requires production records showing you followed the scheduled process, including the pH measurements, kept per lot or batch. https://www.law.cornell.edu/cfr/text/21/114.100
That second and third point together are the whole argument of this post in the regulation's own words. The rule does not ask for a plan. It asks for recorded pH readings, per batch, that show the plan was followed.
Juice
If you process juice, you are under 21 CFR Part 120, the juice HACCP rule.
- Part 120, HACCP Systems for juice: https://www.ecfr.gov/current/title-21/chapter-I/subchapter-B/part-120
- FDA's Juice HACCP Hazards and Controls guidance: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/guidance-industry-juice-hazard-analysis-critical-control-point-hazards-and-controls-guidance-first
Seafood and fishery products
If you process fish or fishery products, you are under 21 CFR Part 123.
- Part 123, Fish and Fishery Products: https://www.ecfr.gov/current/title-21/chapter-I/subchapter-B/part-123
- 123.6, Hazard analysis and HACCP plan: every processor must have and implement a written HACCP plan when a hazard analysis shows a hazard reasonably likely to occur. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-B/part-123/subpart-A/section-123.6
Everyone else, and the baseline under it all
Most registered food facilities also sit under FSMA's Preventive Controls for Human Food, 21 CFR Part 117. This is the rule that spells out what a record has to contain.
- Part 117, Preventive Controls for Human Food: https://www.ecfr.gov/current/title-21/chapter-I/subchapter-B/part-117
- 117.190, Implementation records: names monitoring records as a required output, not an optional one. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-B/part-117/subpart-C/section-117.190
- Part 117, Subpart F, record requirements: states that records must carry the date and, where appropriate, the time of the activity, the signature or initials of the person who performed it, and the product and lot. https://www.ecfr.gov/current/title-21/chapter-I/subchapter-B/part-117/subpart-F
Read that last one again. Date, time, who did it, which lot. The regulation is describing a ledger. It is describing the exact thing a spreadsheet cannot give you on its own.
What it looks like when the records are real
Our last inspection is the clearest before-and-after I can offer. The inspector asked to see our records. In the spreadsheet days, that question started a scramble. This time it was a few taps. The CCP report and the calibration records, all of it, viewable, sortable, and searchable, handed over without a knot in my stomach.
Nothing about our plan changed between those two inspections. What changed was that the records finally matched the plan, because capturing them stopped being a second job.
The fix is not a better plan. It is less friction.
This is the whole idea behind FourFoxes. We did not build it to give you a fancier place to store records. We built it so that recording a check on the floor is as fast as the text message we used to send each other. You log the reading, it is timestamped and attributed the moment you enter it, and you get back to work.
Every problem in this post traces back to one thing: when recording a check takes real effort, it does not happen reliably. Take the effort away and the records take care of themselves. The ledger builds itself as you work, and there is no end-of-shift catch-up, no second system, no batch shipping before the entry exists.
That is the foundation everything else rests on. Audit readiness, recall traceability, a clean handoff between shifts. None of it works without records that are actually there. So that is the first thing we made easy.
If logging your checks is harder than texting them to yourself, your records are one bad week away from a gap. We built FourFoxes to close that gap by making the right thing the easy thing.
Built for the batch. Ready for the audit.
Frequently asked questions
Is having a HACCP plan the same as being HACCP compliant?
No. A plan describes what to control and record. Compliance is the record that proves you did it, per batch, captured in real time. A strong plan with missing or after-the-fact records still fails an audit.
Are spreadsheets acceptable for HACCP records?
Regulations do not ban them, but a spreadsheet can be edited by anyone with access and leaves no trace, so on its own it cannot prove a reading was not changed after the fact. An append-only, timestamped, attributed record holds up better under audit. This is general information, not legal advice; confirm your own requirements with your process authority.
What makes a record audit-ready?
It captures what was measured, when, and by whom, ties to the batch or lot, and shows who changed an entry and why if it was edited. FDA's record requirements under 21 CFR Part 117 Subpart F describe these same elements.
What records does a food auditor ask to see?
Usually CCP monitoring logs, calibration records, and the batch or lot records that tie them together. A common finding is monitoring records that fail to capture every critical limit the plan specifies.