For those planning training sessions or candidates intending to take an online exam during this period, we will be offering online exam sessions on December 27 and 29, as well as January 5, 2024. You can check the link to online exam events here.
  2. / Resources
  3. / Whitepapers

ISO 22000 Food Safety Management System

Health, Safety and Environment 2015-10-14

Introduction 

Unsafe food causes many diseases and life threatening illnesses. Many factors including, the lack of personnel hygiene, poor sanitary conditions and improper manufacturing practices during the production, packaging or any other step of the food chain can lead to food unsafety. The consequences of unsafe food can lead to serious health problems for the consumer; thus, the adequate control throughout the food chain is essential. All parties participating in the food chain should give their complete effort to ensure food safety.
 
ISO 22000 is an industry specific risk management system standard developed by the International Organization for Standardization. It outlines food safety management system requirements for any organization in the food chain.
 
The standard is applicable to all organizations, regardless of their size and type, that stand within the food chain range, from feed producers and primary producers through food manufacturers, transport and storage operators, subcontractors to retail and food service outlets (together with inter-related organizations such as producers of equipment, packaging material, cleaning agents, additives and ingredients). Service providers, for example mass caterers, food service industries, catering companies etc., are also included.
 
ISO 22000 integrates the principles of the Hazard Analysis and Critical Control Point (HACCP) system, and application steps developed by the Codex Alimentarius Commission.

An overview of ISO 22000:2005

ISO 22000 specifies the requirements to plan, implement, and operate, maintain and update a documented food safety management system, where an organization in the food chain industry needs to ensure that food is safe at the time of human consumption.
 
The requirements specified in ISO 22000 are generic and intended to be applicable to all organizations in the food chain, regardless of size and complexity, including organizations directly or indirectly involved in one or more of the steps in the food chain.
 
To ensure food safety along the food chain, ISO 22000 combines the following generally recognized key elements: interactive communication; system management; prerequisite programs; and the principles of the Hazard Analysis and Critical Control Point (HACCP).

Food safety standardization evolves with ISO 22000 by adding:

  • Greater emphasis on setting objectives, monitoring performance and metrics;
  • Clearer expectations on management; and
  • Vigilant planning and preparing resources needed for ensuring food safety.

ISO 22000 specifies requirements to enable an organization to:

  1. Plan, implement, operate, maintain and update an FSMS, aimed at providing products that according to their intended use, are safe for the consumer;
  2. Demonstrate compliance with applicable statutory and regulatory food safety requirements;
  3. Evaluate and assess customer requirements, and demonstrate conformity with those mutually agreed customer requirements that relate to food safety, in order to enhance customer satisfaction;
  4. Effectively communicate food safety issues to their suppliers, customers and relevant interested parties in the food chain;
  5. Ensure that the organization conforms to its stated food safety policy;
  6. Demonstrate such conformity to relevant interested parties; and
  7. Seek certification or registration of its FSMS by an external organization, or make a self-assessment or selfdeclaration of conformity to this International Standard.

Key clauses of ISO 22000:2005

ISO 22000 is organized into the following main clauses:

Clause 4: Food safety management system
Clause 5: Management responsibility 
Clause 6: Resource management
Clause 7: Planning and realization of safe product
Clause 8: Validation, verification and improvement of the food safety management system
 
These key activities are briefly described below:

Clause 4: Food safety management system 

This clause specifies the general requirements and documentation requirements for a food safety management system.
 
General  requirements:
Ensure that food safety hazards, reasonably expected to occur, are identified, evaluated and controlled in such a way that the products do not harm the consumer;
Communicate appropriate information throughout the food chain regarding safety issues related to its products;
Communicate information concerning the development, implementation and updating of the FSMS throughout the organization; and
Periodically evaluate and update the FSMS when necessary, to ensure that the system incorporates the most recent information on food safety.
 
Documentation  requirements:
Documented statement of a food safety policy and related objectives;
Documented procedures and records required by this International Standard;
Documents needed by the organization to ensure the effective development, implementation and updating of the FSMS;
Control of documents; and
Control of records.
 
The organization should define the FSMS scope by specifying the products or product categories, processes and production sites included in the FSMS.

Clause 5: Management responsibility 

Top management needs to provide evidence of its commitment to the development, implementation and continual improvement of the FSMS by:
 
  • Supporting the business objectives of the organization;
  • Communicating to the organization the importance of complying with this international standard;
  • Complying with statutory, regulatory and customer requirements relating to food safety;
  • Establishing the food safety policy;
  • Conducting management reviews; and
  • Ensuring the availability of resources.

Clause 6: Resource management 

The day-to-day management of an effective food safety management system relies on using the appropriate resources for each task. This includes the consistence of competent staff with relevant (and demonstrable) training and supporting services, awareness and communication. This is proven by documented information.
 
Both internal and external communication of the organization must be considered in this area, including the format, content and proper timing of such communication.
 
This clause also includes the requirements on the creation, update and control of documented information.
 

Clause 7: Planning and realization of safe product 

The organization is responsible for planning and developing the processes needed for the realization of safe products. It should implement, operate and ensure the effectiveness of the planned activities and document any changes to those activities. This includes: PRP(s) as well as operational PRP(s) and/or the HACCP plan
 
>> Prerequisite programs (PRPs): These are basic conditions and activities that are necessary to maintain a hygienic environment throughout the food chain, and that are suitable for the production, handling and provision of safe end products assuring safe food for human consumption. When establishing these programs, the organization should consider the following:
  • Construction and lay-out of buildings and associated utilities;
  • Lay-out of premises, including workspace and employee facilities;
  • Supplies of air, water, energy and other utilities;
  • Supporting services, including waste and sewage disposal;
  • The suitability of equipment and its accessibility for cleaning and maintenance;
  • Management of purchased materials, supplies, disposals and handling of products;
  • Measures for the prevention of cross contamination;
  • Cleaning and sanitizing;
  • Pest control;
  • Personnel hygiene; and
  • Other aspects as appropriate.
>> Preliminary steps to enable hazard analysis:  Prior to conducting the hazard analysis, the organization should collect, maintain, update and document all the relevant information needed. These preliminary steps:
  1. Appoint a food safety team;
  2. Describe the product characteristics;
  3. Identify the intended use;
  4. Construct flow diagrams; and
  5. Describe the process steps and existing control measures.
>> Hazard analysis: This activity enables the food safety team determine which hazards need to be controlled, the degree of control required to ensure food safety, and what combination of control measures is needed. The team should refer to all the food safety hazards that are reasonably expected to occur, considering the type of product, type of process and actual processing facilities.
 
The hazard analysis determines the appropriate control measures, and categorizes them into those that are
to be managed by the HACCP plan and/or operational PRPs.
 
>> Operational prerequisite programs (oPRPs): Prerequisite programs are identified by the hazard analysis as essential, in order to control the likelihood of introducing food safety hazards to and/or the contamination or proliferation of food safety hazards in the product(s) or in the processing environment, which are defined as operational prerequisite programs.
 
>> The HACCP plan: The organization should have a document prepared in accordance with the principles of HACCP to ensure the control of hazards, which are significant for food safety in the segment of the food chain under consideration.
 
Every organization needs an HACCP plan(s) that has been established exclusively for the facility where it is used and reflects the individual parameters of that facility. This documented plan should include the following information for each identified critical control point (CCP):
  • Food safety hazards to be controlled at the CCP;
  • Control measures;
  • Critical limits;
  • Monitoring procedures;
  • Corrections and corrective actions to be taken if critical limits are exceeded;
  • Responsibilities and authorities; and
  • Records of monitoring.
A facility may need to develop more than one HACCP plan, depending on the number of products produced and production processes.
 
Following the establishment of operational PRPs and the HACCP plan, the organization should update the preliminary information and documents (if necessary), plan verification activities and establish a traceability system that enables the identification of product lots and their relation to batches of raw materials, processing and delivery records.
 

Clause 8: Validation, verification and improvement of the food safety management system 

The organization is responsible for planning and implementing the processes needed to validate   control measures and their combinations, and verify and improve the food safety management system.
 
The validation process is an assessment prior to operation, which demonstrates that individual (or combination of) control measures are capable of achieving the intended level of control. Thus, prior to the implementation of control measures, the organization should validate them.
 
The verification of the FSMS assures that it functions as designed and is updated based on the current available information. Verification activities may be classified as ongoing and periodic.
 
Continual improvement can be defined as all the actions taken throughout the organization to increase the effectiveness (reaching objectives) of a food safety management system.
 
An organization can continually improve the effectiveness of its management system through the use of communication, management review, internal audit, evaluation of individual verification results, analysis of results of verification activities, validation of control measure combinations, corrective actions and food safety management system updating.

Link between ISO 22000 and other standards

ISO 22000 is aligned with the Quality Management System Standard, ISO 9001, in order to enhance the compatibility of the two standards. (Cross-references between ISO 22000 and ISO 9001 are provided in Annex A of ISO 22000)
 
Furthermore, ISO 22000 can be easily linked with other standards, such as ISO 14001, OHSAS 18001, ISO 22301 and ISO 26000.
 
The table below presents several standards that ISO 22000 can relate with to create an integrated management system.
 

Link with other food safety standards

Several standards that ISO 22000 can relate with to create an integrated management system.

Link with ISO 9001

ISO 22000 has been designed to work in harmony with ISO 9001 and supporting standards. ISO 9001 provides the requirements for a quality management system that can be used for internal application by organizations, for certification, or contractual purposes. It focuses on the effectiveness of the quality management system in meeting customer requirements. ISO 22000 provides the essential elements of a food safety management system for similar purposes.
 
The table below provides the clauses included in both standards mentioned above.
 
Clauses that both ISO 22000 and ISO 9001 standards consist.

Integration with other management systems

The general requirements are ordinarily identified in every management system. These requirements assist in:
  • Determining and applying objectives according to the organization’s habits and needs;
  • Upholding the objectives based on strong management commitment by monitoring and reviewing;
  • Documenting pertinent management system processes;
  • Regular ‘health-checks’ via internal or external audits; and
  • Gaining benefits through continual improvement as achieved by a regular management review.
 
ISO 22000 enables an organization to align or integrate its own food safety management system with other related management systems, such as those particular to environmental management, occupational health and safety management, financial management, or risk management.
 
In addition, the table below presents the general requirements of several standards, which also serves as a comparing tool between FSMS and other management systems. This will authorize the organization to envision “combined audits” in order to achieve their compliance goals with adequate effort and budget.
 
General requirements of several standards.

Food safety management - the business benefits

As with all the major undertakings within an organization, it is essential to gain the backing and sponsorship of the executive management. By far, the best way to achieve this is to illustrate the positive gains of having an effective food safety management process in place, rather than highlight the negative aspects of the contrary.
 
Today an effective food safety management is not about being forced into taking action to address external pressures, but its importance relies on recognizing the positive value of food safety when good practice is embedded throughout your organization.
 
The adoption of an effective food safety management process within an organization will have benefits in a number of areas, examples of which include:
  • Increase in international acceptance of food products;
  • Reduction of foodborne illness incidents;
  • Increase of consumer satisfaction relating their wants and needs;
  • Assurance of food product safety;
  • Increase in health protection;
  • Demonstration of conformance to international standards and regulatory requirements;
  • Helps to meet food safety related legal and regulatory requirements; and
  • Helps to compete effectively in national and international markets.

Implementation of an FSMS with IMS2 methodology

Considering the well documented benefits of implementing a Food Safety Management System based on ISO 22000 makes the proposal easier to decide on.
 
Most companies now realize that it is not sufficient to implement a generic, “one size fits all” food safety plan. For an effective response, with respect to maintaining food safety management, such a plan must be customized to fit to a company. A more difficult task is the compilation of an implementation plan that balances the requirements of the standard, the business needs and the certification deadline.
 
There is no single blueprint for implementing ISO 22000 that will work for every company, but there are some common steps that will allow you to balance the frequent conflicting requirements and prepare you for a successful certification audit.
 
PECB has developed a methodology (please see example below) for implementing a management system; the “Integrated Implementation Methodology for Management Systems and Standards (IMS2)”, and it is based on applicable best practices. This methodology is based on the guidelines of ISO standards and also meets the requirements of ISO 22000.
PECB's methodology for implementing a management system.
 
IMS2 is based on the PDCA cycle which is divided into four phases: Plan, Do, Check and Act. Each phase has between 2 and 8 steps for a total of 21 steps. In turn, these steps are divided into 101 activities and tasks. This ‘Practical Guide’ considers the key phases of the implementation project from the starting point to the finishing point and suggests the appropriate ‘best practice’ for each one, while directing you to further helpful resources as you embark on your ISO 22000 journey.
 
PDCA cycle divided in phases, steps, activities, and undefined tasks.
 
By following a structured and effective methodology, an organization can be sure it covers all minimum requirements for the implementation of a management system. Whatever methodology used, the organization must adapt it to its particular context (requirements, size of the organization, scope, objectives, etc.) and not apply it like a cookbook.
 
The sequence of steps can be changed (inversion, merge). For example, the implementation of the management procedure for documented information can be done before the understanding of the organization. Many processes are iterative because of the need for progressive development throughout the implementation project; for example, communication and training.
 

Certification of organizations

  1. Implementation of the management system: Before being audited, a management system must be in operation for some time. Usually, the minimum time required by the certification bodies is 3 months.

  2. Internal audit and review by top management:  Before a management system can be certified, it must have had at least one internal audit report and one management review.

  3. Selection of the certification body (registrar): Each organization can select the certification body (registrar) of its choice.

  4. Pre-assessment audit (optional):  An organization can choose to perform a pre-audit to identify any possible gap between its current management system and the requirements of the standard.

  5. Stage 1 audit: A conformity review of the design of the management system. The main objective is to verify that the management system is designed to meet the requirements of the standard(s) and the objectives of the organization. It is recommended that at least some portion of the Stage 1 audit should be performed on-site at the organization’s premises.

  6. Stage 2 audit (On-site visit): The Stage 2 audit objective is to evaluate whether the declared management system conforms to all requirements of the standard is actually being implemented in the organization and can support the organization in achieving its objectives. Stage 2 takes place at the site(s) of the organization’s sites(s) where the management system is implemented.

  7. Follow-up audit (optional): If the auditee has non-conformities that require additional audit before being certified, the auditor will perform a follow-up visit to validate only the action plans linked to the non- conformities (usually one day).

  8. Confirmation of registration: If the organization is compliant with the conditions of the standard, the Registrar confirms the registration and publishes the certificate.

  9. Continual improvement and surveillance audits: Once an organization is registered, surveillance activities are conducted by the Certification Body to ensure that the management system still complies with the standard. The surveillance activities must include on-site visits (at least 1/year) that allow verifying the conformity of the certified client’s management system and can also include: investigations following a complaint, review of a website, a written request for follow-up, etc.

Training and certifications of professionals

PECB has created a training roadmap and personnel certification schemes which is strongly recommended for implementers and auditors of an organization that wish to get certified against ISO 22000. Whereas certification of organizations is a vital component of the food safety field as it provides evidence that organizations have developed standardized processes based on best practices. Certifications of individuals serve as documented evidence of professional competencies and experience for/of those individuals that have attended one of the related courses and exams.
 
It serves to demonstrate that a certified professional holds defined competencies based on best practices. It also allows organizations to make intelligent choices of employee selection or services based on the competencies that are represented by the certification designation. Finally, it provides incentives to the professional to constantly improve his/her skills and knowledge and serves as a tool for employers to ensure that training and awareness have been effective.
 
PECB training courses are offered globally through a network of authorized training providers. They   are available in several languages and include introduction, foundation, implementer and auditor courses.
 
The table below gives a short description relating PECB’s official training courses for food safety management systems based on ISO 28000.
 
Description relating PECB's official training courses for food safety management system
 
Although a specified set of courses or a curriculum of study is not required as part of the certification process, the completion of a recognized PECB course or program of study will significantly enhance your chance of passing a PECB certification examination. The list of approved organizations that offer PECB official training sessions can be found on our website: www.pecb.org/en/eventlist

Choosing the right certification

 
The ISO 22000 Implementer certifications are professional certifications for professionals needing to implement an FSMS and, in case of the ISO 22000 Lead Implementer Certification, needing to manage an implementation project.
 
The ISO 22000 Auditor certifications are credentials for professionals needing to audit an FSMS and, in case of the “ISO 22000 Lead Auditor” Certification, needing to manage a team of auditors.
 
The ISO 22000 Master certification is a professional certification for professionals needing to   implement
an FSMS and to master the audit techniques and manage (or be part of) audit teams and audit program.
 
Based on your overall professional experience and your acquired qualifications, you will be granted one or more of these certifications based on projects or audits activities you have been performing by the past or which you are currently working on.
 
Certification based on your overall professional experience and qualifications.
 
For more information please visit ISO 22000 Food Safety Management training courses here.

PRINCIPAL AUTHORS: 
 
Eric LACHAPELLE, PECB
Bardha AJVAZI, PECB
 

 


Downloads

English

SUBSCRIBE TO OUR NEWSLETTER

Subscribe
Help Center

Training & Certification

Resources

Network

Examination

Certification

Company

Terms, Conditions, and Policies | Privacy Statement | Cookie Preferences

© 2024 Professional Evaluation and Certification Board. All rights reserved.

Scroll to Top