ISO 22000:2018 Transition

Introduction

The food industry is now more challenged than ever. Globalization, a highly complex food supply ecosystem and an interconnected global economy are the main factors contributing to the challenge. Food is an important globally traded commodity; it is produced, processed, distributed, and consumed worldwide, leaving plenty of opportunities for pathogens to flourish.

In 2018, an outbreak of Escherichia coli O157:H7 was reported in the United States, where 210 people were infected, from which 96 were hospitalized, 27 developed a type of kidney failure, and 5 people lost their lives. The Centers for Disease Control and Prevention identified through laboratory testing the outbreak of E. coli O157:H7 in canal water samples taken from the region of Yuma, Arizona, where there is a notable population growth taking place.

The rapid growth in global population continues to add to the issues mentioned thus far, making it harder to come up with solutions to the challenges of global food security and safety. World leaders are attempting to overcome these challenges, by enforcing increasingly stricter national and international food safety laws. This is being complemented by different programs being run by international organizations such as WHO, WFP & FAO among others on Water, Hygiene and Sanitation (WASH) and Food Security and Safety which is really helping sensitize and mitigate on food-safety related cases around the world. Lack of awareness of the socioeconomic importance of food safety due to the paucity of data and information on the incidence of foodborne disease outbreaks is another major challenge.

A raised alertness among the general population with regard to food safety only contributes to the pressure. For instance, large retailers, in their efforts to improve food safety, are demanding third party certifications proving that suppliers are complying with international standards. Consequently, the demand for the safety control of organizations within the food chain has increased; each organization is required to organize their operations in such a way that the food chain is systematically safeguarded and guaranteed to the end users.

Towards a more effective food safety control with ISO 22000

In 2018 the International Organization for Standardization (ISO) finally published the long-awaited revised standard — ISO 22000, which can assist organizations involved in the food chain to address these global challenges in a safe and sustainable manner.

The revised ISO 22000 standard aims to facilitate the process of complying with food-related legislation, in order to protect public health, by applying uniform practices for detecting and preventing contamination, minimizing or eliminating risks, optimizing food controls and establishing traceability systems thus keeping food safe, from farm to fork.

Organizations that are directly or indirectly involved in the food industry, regardless of complexity and size, can use the ISO 22000:2018 standard— Food Safety Management Systems (FSMS). ISO 22000 will assist organizations within the food sector to establish and maintain a system which will help to ensure food safety is in place, by specifying the generic requirements for any organization in the food chain.

Among many changes, the revised version of the standard, adopts the High Level Structure (HLS), aiming to help organizations, wanting to implement more than one management system, to reduce duplications in implementation, and thereby save time and money.

The new structure of the ISO 22000:2018 standard is presented below.

Implementing the ISO 22000 standard will make it easier for organizations to address not only compliance issues, but also increase the provision of safe food products and services. The standard will assist organizations to meet their market needs including requirements from government, at all levels, industry, parties involved in the supply chain and customers or consumers.

Food safety has been and continues to be, a major and intricate topic, but what exactly does it encompass?

Food safety is concerned with the protection of food products and services from the introduction, development or persistence of microbial, chemical and physical hazards.

This means that different plans, programs and methodologies need to be combined in order to ensure that the food is safe for the consumer.

Organizations need to ensure they have a systematic way to provide safe food products and services, and that it provides a solution that helps to inspire confidence is the ISO 22000 standard. The standard is based on the Codex Alimentarius principles for food hygiene. It incorporates the Prerequisite Programs (PRPs), the Hazard Analysis and Critical Control Points (HACCP) approach, and the management system components required to achieve the intended objectives of food safety. This will then contribute to the reduction of the negative social and economic impact of unsafe food products, something that is vital for organizations involved in the food supply chain.

The revised ISO 22000 standard enables organizations to align the Food Safety Management System (FSMS) approach with the requirements of other management systems that have already adopted the High Level Structure (HLS). This is seen with the incorporation of the Plan-Do-Check-Act (PDCA) cycle and risk-based thinking.

The uniqueness of the FSMS lies in the usage of the PDCA cycle at two levels. The first level covers the FSMS as a whole (from Clause 4 to 10), whereas the second level covers the operational processes within the food safety system (Clause 8, “Operation”). Both levels enable organizations to ensure that processes are resourced and managed adequately. The illustration below shows the two levels of the PDCA cycle.

The customer — the best and worst critic

Technology has changed the way we live by affecting every sphere of life. Today’s businesses face many different challenges and use various methodologies and marketing strategies to attract new customers and retain existing ones, while creating brand loyalty. Businesses in the food industry are not excluded. From automated refrigerator monitors, active and intelligent materials for food packaging to mobile applications, there are an increasing number of smart technologies available to facilitate the food safety monitoring. Automation, Digitization, and Computerization are some of the technological advancements that the food industry is adopting on its processes along the food chain so as to minimize or eliminate food safety risks that may cause harm to consumers. Technology has almost entirely eliminated the need for hard copy safety checks, which were tedious, easily falsified, and sometimes piled up in the storage spaces.

With the rise of smartphones and social media, online reviews are becoming the primary arbiter in the food industry. Customers simultaneously enjoy a meal at a restaurant and complete a review of the business on their smartphone — a review which, if negative, can single-handedly damage the business’s reputation.

Nowadays, there is an ever-growing demand for information; customers want accessible information on food safety and traceability at their fingertips. This assists customers to take more informed decisions with regard to their lifestyle and food choices.

The revised ISO 22000 standard aims to help organizations meet and exceed, not only safety legal requirements but customer satisfaction too. There is an emphasis on customer focus, one of the management principles common to other ISO management system standards. This aspect is reflected in many requirements, such as organizations being required to determine the needs and expectations of interested parties, in order to consistently provide safe food products and services meeting these requirements.

The standard itself requires that an organization, directly or indirectly involved in the food chain, is to evaluate and assess mutually agreed customer food safety requirements and is to demonstrate conformity with them. Other requirements that take into consideration customers’ requirements include, but are not limited to:

• Clause 4.2 Understanding the needs and expectations of interested parties
• Clause 5.1 Leadership and commitment
• Clause 5.2.1 Establishing the food safety policy
• Clause 6.1 Actions to address risks and opportunities
• Clause 6.2 Objectives of the Food Safety Management System and planning to achieve them
• Clause 7.4 Communication (at both internal and external communication)
• Clause 8.2 Prerequisite programmes (PRPs)
• Clause 8.3 Traceability system
• Clause 8.4.2 Handling of emergencies and incidents
• Clause 8.5.2.2 Hazard identification and determination of acceptable levels
• Clause 8.9.3 Corrective actions
• Clause 8.9.5 Withdrawal/recall
• Clause 10.2 Continual Improvement

Essentially, for a continually successful operation, organizations need to improve and sustain on the highest level their relationship with customers, and other interested parties. The revised standard requires organizations to maintain their FSMS by continually improving its suitability, adequacy and effectiveness. By implementing an FSMS, an organization should continuously prove that they adequately meet the standard’s requirements and have a system in place to deal with any gaps that may arise during the performance evaluation process.

As international standards gain momentum, they are being recognized more and more by customers around the globe. For instance, ISO is using national standard bodies who make up its membership at country level to create awareness on the standards users and beneficiaries globally. The overall goal of food safety standards is customer protection through food safety. Thus, nowadays, customers make purchases based on the different standards against which a product is certified to. ISO 22000 is an internationally recognized standard which, when implemented, facilitates the process of complying with legal, regulatory, customer and other requirements.

Let's talk about risks

Throughout history, humanity has been driven by curiosity, excitement, and the need to constantly innovate, while being restricted by many threats. People do not pursue a zero-risk life; they would rather attempt to balance the expected rewards of their actions against the risks of failure.

Intrinsically, risk is present in every organization, in any industry, regardless of its size or complexity. It is an inevitable aspect of business which affects operations and activities.

Thus, let us elaborate what precisely is “risk”.

According to ISO 22000, risk is defined as the “effect of uncertainty,” where an effect is “a deviation from the expected — positive or negative,” and uncertainty is “the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.”

Risk, in the context of food safety, is a function of the probability of an adverse health effect and its severity due to hazard(s) in food.

Before we go any further, a food safety hazard is defined by ISO 22000 as “biological, chemical or physical agent in food with the potential to cause an adverse health effect." And with a note ISO 22000 explains that Food safety hazards include allergens and radiological substances.

Organizations should identify the potential hazards in their raw materials or food products and formulate ways in which they will reduce them to acceptable levels or eliminate them altogether. This can be done by the help of laboratory test analysis which can identify the food quality composition and the physical, chemical or microbial hazards present.

It is a generally-known requirement for organizations to declare the food products composition and any allergen advisory for the consumers. This mostly captures the nutritive content and quality composition of the food product, any allergen advisory and other regulatory or compliance obligations met.

Theoretically, organizations are supposed to prevent all food-borne diseases associated with the food product and services they offer. In actuality, organizations can significantly reduce the appearance of food-related illnesses by: 1) analyzing the information on food safety hazards, the risk that these hazards pose and their capacity to take appropriate controls; and 2) implementing the necessary measures.

Over the years, management of risk has proved to be a useful tool supporting the food safety decision-making process(es), as well as supporting enhancements in the health of customers.

The revised ISO 22000 standard emphasizes the importance of risk-based thinking, which enables an organization to determine the factors that could cause its processes and its FSMS to deviate from the planned results, and implement controls to prevent or minimize adverse effects. Risk-based thinking is addressed both in explicit and implicit ways in the revised standard, and on the organizational and operational level (HACCP principles). It also takes out the preventative afterthought, and now places the emphasis on mitigating risk at the beginning of the processes instead of potential or near misses toward the middle or end of activities.

In the context of organization-wide risk management, organizations should consider the potential and actual external and internal issues they face, understand the needs and expectations of interested parties and the organization’s FSMS scope, then determine the risks and opportunities that need to be addressed. This concept is limited to events and their consequences related only to the performance and effectiveness of the FSMS.

Actions to address risks and opportunities are required in the revised ISO 22000 standard. They can be as simple as sharing the risk (with external parties), or utilizing innovative technology(ies).

On the contrary, in the context of operational risk, the HACCP steps are considered as the necessary measures to prevent or reduce a hazard(s) to acceptable levels in order to ensure food safety. This process requires targets that are realistic, based on science, and free from any bias so as to reduce the occurrence of food-borne diseases. Additionally, HACCP helps in planning and implementing tailored measures, monitoring outcomes (both successful and unsuccessful) of these measures, and, most importantly, the maintenance of documented information.

The implementation of an FSMS based on the ISO 22000 standard will contribute towards equipping organizations with the right tools and supporting the aim of providing food products and services that are safe at the time of consumption.

Safe food begins at the top of the hierarchy

Traditionally, management systems are “owned” by individuals at the middle-management level, as assigned by Top Management. Food Safety Managers, HACCP Coordinators and/ or ISO Management Representatives were sometimes left with the lonesome responsibility of developing, documenting, implementing and maintaining the FSMS. The approach to leadership has evolved in industry and so has ISO 22000. For the Food Safety Management System to be fully implemented, maintained and effective, adequate leadership is required. ISO 22000 has expanded and clarified the role of leadership in the organization.

Leadership roles and responsibilities regarding the FSMS must be clearly defined and communicated. The commitment to the FSMS must also be demonstrated. Although the intent of these requirements is not entirely new, ISO has provided more details in the 2018 version of the standard, which enables better interpretation and execution by organizations.

Accountability for the definition of the organization’s context, identification of relevant interested parties, setting of objectives, provision of resources, maintenance and improvement of the FSMS may now be more easily defined, communicated and assessed based on the expanded requirements of ISO 22000:2018.

With strong leadership in place, organizations will be better equipped to fulfil the objectives of the FSMS and their intent to provide safe food products and services.

Distinguishing OPRPs and CCPs

The requirements for Operational Prerequisite Programs (OPRP) and Critical Control Points (CPPs) have existed in the 2005 version of the ISO 22000 standard. However, it is the revised standard that provides more clarity in this regard.

ISO 22000:2018 defines an OPRP as a “control measure or combination of control measures applied to prevent or reduce a significant food safety hazard to an acceptable level, and where action criterion and measurement or observation enable effective control of the process and/or product”. Whereas a CCP is defined as a “step in the process at which control measure(s) is (are) applied to prevent or reduce a significant food safety hazard to an acceptable level, and defined critical limit(s) and measurement enable the application of corrections”.

Perhaps, the terminology does not suffice in understanding the difference between CCPs and OPRPs, therefore let’s analyze them in detail.

Organizations are required to select an appropriate control measure or combination thereof, which can prevent or reduce the identified significant food safety hazards to acceptable levels. These control measures need to be categorized to be managed as OPRPs or at CCPs.

OPRPs are essential control measures which have the intention of controlling a significant food safety hazard. Nevertheless, they are not based on measurable critical limits but in action criteria, and products affected by failure to meet action criterion for OPRPs can be released as safe under specific conditions (which are set by ISO 22000). Examples of OPRPs can be a specific cleaning activity, a metal and glass control process, etc.

CCPs on the other hand are control measures that use critical limits as threshold to distinguish between safe and unsafe food. Correspondingly, products that are not within critical limits at CCPs must not be released; they must be handled as nonconforming products. Examples of CCPs can be pasteurization or sterilization, detection of metals, etc.

Spice up food safety with communication

It is universally acknowledged that for continued success, organizations upstream and downstream in the food chain should communicate. A culture that inspires interaction and information flow from both the managers and workforce is crucial. The culture should also fully support communication with customers, suppliers and other interested parties.

Constant communication with regard to food safety, both internally and externally, helps organizations to support and improve the:

• Customer’s physical health
• Staff’s motivation to produce safe food through controlled and safe practices
• Understanding of the food safety concerns
• Organization’s trustworthiness and reputation
• Organization’s commitment towards food safety
• Food safety awareness
• Environment
• Transparency
• Mutual understanding between the organization and external interested parties, among others.

Communication can be carried out in many differing forms and media, through many different channels. Regardless of the method used, it is important that the conveyed message is clear, accurate, and easy to understand. The message should be developed and refined according to the target audience.

Organizations should provide sufficient information so as to enable their customers decide what is appropriate for them. Food safety-related information should contain sufficient product information to enable its proper use, storage, preparation, distribution and many others. The provision of information regarding the food safety hazard needing to be controlled is of significant importance.

For example, organizations may provide explanations on how to prepare a specific product in order to reduce the accompanied risk, or they may include warnings on who is most likely to be exposed to the risk. The storage conditions also play a major role in food safety; organizations should provide the storage conditions to be observed to avoid cross-contamination of food during storage.

Trust is vital for effective food safety communication. Therefore, organizations should establish a communication process that is founded on good practices and principles. In essence, communication should be transparent and open about the decision-making process. Communication should be responsive, and should occur in a timely manner. Suitable planning facilitates the organization’s development of a timely, harmonized and effective communication process.

Communication, education, and spreading awareness across the farm-to-table continuum are becoming increasingly significant in providing safe food to the consumer. Factual information, including education programs, should be provided to consumers and food industry workers, alike.

Organizations should remember to address problems with low public concern by communicating and persuading interested parties to take relevant actions regarding these concerns. Furthermore, issues such as the potential risks and benefits of genetically modified organisms (GMOs) that generate societal interest should be addressed by ongoing communication.

It is of utmost importance that organizations show transparency when conducting the recall and traceability process, as well as during emergencies. Customers, retailers, distributors, officials, staff members, and all other relevant interested parties should be informed and updated accordingly. The spokesperson of the organization must have sufficient knowledge on how to conduct the communication process.

Communication should be conducted freely among workers. For this purpose, the top management should opt for and encourage a culture that embraces food safety communication at all levels of the organization.

As with every other element of the FSMS, communication needs to be constantly updated and the latest scientific knowledge should be incorporated as soon as is practicable. Organizations can embrace this by creating a Knowledge Management system in place to ensure that all interested parties are involved in gaining information related to food safety through awareness programs, training and use of information to disseminate knowledge for their learning which can be on a need-to-know basis.

Training and certification of professionals

PECB has created training roadmaps and personnel certification schemes which are strongly recommended for implementers and auditors wishing to become certified against ISO 22000. The certification of individuals serves as documented evidence of professional competencies and experience, while also demonstrating that the individual has attended one of the related courses and successfully completed the exam(s).

Personnel certifications demonstrate that the professionals have gained competencies based on best practices. The certifications allow the organizations to make informed selections of employees or services based on the competencies represented by the certification. Finally, they provide incentives for the professionals to constantly improve their skills and knowledge, and serve as a tool for employers to ensure that the training and awareness sessions have been effective.

PECB training courses are offered globally through a network of authorized training providers. They are available in several languages and include Introduction, Foundation, Lead Implementer, and Lead Auditor courses. In addition, PECB credentials are recognized globally. The table below provides a short description of PECB’s official training courses for the ISO 22000 scheme.