ISO 22000 Food Safety Management Systems - General Information

Marc

Fully vaccinated are you?
Leader
Structure of the standard

ISO 22000:2005 is compliant with ISO Guide 72. ISO Guide 72 is a standard that describes the structure of management system standards this will ensure that the ISO standard has a parallel structure to ISO 9001:2000. he structure of the BRC Global Standard - Food Packaging is similar to ISO 9001:1994.


The following is the official press release from the ISO.ch web site
Ref. 966

1 September 2005

ISO 22000 for safe food supply chains

ISO 22000, published today, is a new International Standard designed to ensure safe food supply chains worldwide.

ISO 22000:2005, Food safety management systems – Requirements for any organization in the food chain, provides a framework of internationally harmonized requirements for the global approach that is needed. The standard has been developed within ISO by experts from the food industry, along with representatives of specialized international organizations and in close cooperation with the Codex Alimentarius Commission, the body jointly established by the United Nations’ Food and Agriculture Organization (FAO) and World Health Organization (WHO) to develop food standards.

A major resulting benefit is that ISO 22000 will make it easier for organizations worldwide to implement the Codex HACCP (Hazard Analysis and Critical Control Point) system for food hygiene in a harmonized way, which does not vary with the country or food product concerned.

Food reaches consumers via supply chains that may link many different types of organization and that may stretch across multiple borders. One weak link can result in unsafe food that is dangerous to health – and when this happens, the hazards to consumers can be serious and the cost to food chain suppliers considerable. As food safety hazards can enter the food chain at any stage, adequate control throughout is essential. Food safety is a joint responsibility of all the actors in the food chain and requires their combined efforts.

ISO 22000 is therefore designed to allow all types of organization within the food chain to implement a food safety management system. These range from feed producers, primary producers, food manufacturers, transport and storage operators and subcontractors to retail and food service outlets – together with related organizations such as producers of equipment, packaging material, cleaning agents, additives and ingredients.

The standard has become necessary because of the significant increase of illnesses caused by infected food in both developed and developing countries. In addition to the health hazards, food-borne illnesses can give rise to considerable economic costs covering medical treatment, absence from work, insurance payments and legal compensation.

As a result, a number of countries have developed national standards for the supply of safe food and individual companies and groupings in the food sector have developed their own standards or programmes for auditing their suppliers. The plethora of more than 20 different such schemes worldwide generates risks of uneven levels of food safety, confusion over requirements, and increased cost and complication for suppliers that find themselves obliged to conform to multiple programmes.

ISO 22000, backed by international consensus, harmonizes the requirements for systematically managing safety in food supply chains and offers a unique solution for good practice on a worldwide basis. In addition, food safety management systems that conform to ISO 22000 can be certified – which answers the growing demand in the food sector for the certification of suppliers – although the standard can be implemented without certification of conformity, solely for the benefits it provides.

Developed with the participation of food sector experts, ISO 22000 incorporates the principles of HACCP, and covers the requirements of key standards developed by various global food retailer syndicates, in a single document.

“Public sector participation in the development of the ISO 22000 family is also significant,” ISO Secretary-General Alan Bryden commented, “notably that of the FAO/WHO’s Codex Alimentarius Commission, which is responsible for the well-known HACCP (Hazard Analysis and Critical Control Point) system for food hygiene. Thanks to the strong partnership between ISO and Codex, ISO 22000 will facilitate the implementation of HACCP and the food hygiene principles developed by this pre-eminent body in this field.”

Another benefit of ISO 22000 is that it extends the successful management system approach of the ISO 9001:2000 quality management system standard which is widely implemented in all sectors but does not itself specifically address food safety. The development of ISO 22000 was based on the assumption that the most effective food safety systems are designed, operated and continually improved within the framework of a structured management system, and incorporated into the overall management activities of the organization.

While ISO 22000 can be implemented on its own, it is designed to be fully compatible with ISO 9001:2000 and companies already certified to ISO 9001 will find it easy to extend this to certification to ISO 22000. To help users to do so, ISO 22000 includes a table showing the correspondence of its requirements with those of ISO 9001:2000.

ISO 22000:2005 is the first in a family of standards that will include the following documents:

ISO/TS 22004, Food safety management systems – Guidance on the application of ISO 22000:2005, which will be published by November 2005, provides important guidance that can assist organizations including small and medium-sized enterprises around the world.

ISO/TS 22003, Food safety management systems – Requirements for bodies providing audit and certification of food safety management systems, will give harmonized guidance for the accreditation (approval) of ISO 22000 certification bodies and define the rules for auditing a food safety management system as conforming to the standard. It will be published in the first quarter of 2006.

ISO 22005, Traceability in the feed and food chain – General principles and guidance for system design and development, will shortly be circulated as a Draft International Standard.

In partnership with the International Trade Centre (ITC) – the technical cooperation agency of the United Nations Conference on Trade and Development (UNCTAD) and the World Trade Organization (WTO) – ISO is also preparing an easy-to-use check-list for small businesses and developing countries, entitled ISO 22000: Are you ready?

ISO 22000 and ISO/TS 22004 are the output of working group WG 8, Food safety management systems, of ISO technical committee ISO/TC 34, Food products. Experts from 23 countries participated in the working group, together with international organizations with liaison status. In addition to the Codex Alimentarius Commission, these included the Confederation of the Food and Drink Industries of the European Union (CIAA), the CIES/Global Food Safety Initiative, and the World Food Safety Organization (WFSO). They have been joined for the development of ISO/TS 22003 by experts from the ISO committee on conformity assessment, ISO/CASCO, the International Accreditation Forum (IAF) and the IQNet international certification network.

ISO 22000:2005, Food safety management systems – Requirements for any organization in the food chain, costs 118 Swiss francs and is available from ISO national member institutes (see the complete list with contact details) and from the
ISO Store
: to order ISO 22000:2005, Food safety management systems -- Requirements for any organization in the food chain
 

Marc

Fully vaccinated are you?
Leader
ISO 22000: a blessing or a curse?

What the IRCA has to say:
ISO 22000: a blessing or a curse?

What are the benefits and disadvantages of having a standard specifically designed for the food industry? Mary Duggan discusses the practicalities

The Registered Board of Assessors of Ireland (RBAI) was set up in 1998 to run ISO audits across different industries, focusing mainly on the food sector.

It recognized that there was a need for specialist audits for the food industry. The company now trains auditors and carries out external audits and third-party audits in Ireland.

Auditing food safety management systems

Much of RBAI’s work involves food safety management system (FSMS) audits. These audits are based on the hazard analysis critical control point (HACCP) system. RBAI Ltd audit to standards based on the codex 7 principles of HACCP.

The food company must have the HACCP PreRequisites Program (PRP) in place before setting up the HACCP system.

The PRP is an essential part of the FSMS being audited. The company must demonstrate its commitment to food safety and meeting legal requirements.

It is very important that food companies have the PRP. It must be in place (covering company policy and procedure, premises, cleaning, pest control, hygiene training and on the job training, traceability) to make a HACCP system effective.

In the working document ISO 22000 these areas are part of a food company's risk assessment.

A company’s FSMS is based on HACCP, so the auditor’s first job is to go through the company records and flow charts, and tour the plant. This helps the auditor find out basic information about food standards at the company. It establishes what processes are in place and how their documentation is organized.

Next the auditor can examine food hazard analysis and assess how the company chose its critical control points (CCP). The decision-making in the hazard analysis is vital for food safety, the HACCP team decides what steps or processes are critical in their company. The decision- making process should be documented and auditable.

It is important that food companies identify and control all hazards within the company and that the member of the management team implementing the FSMS must be given the authority and responsibility to enforce this.

Some food companies identify a lot of critical control points which are technically quality control points. This happens when organizations are influenced by their customers or third party auditors.

Trouble shooting

If a complaint has been made and the root cause cannot be found, the answer could lie in how the problem was investigated. The company may not have analyzed each step for the three main classes of hazard, which are:

* Physical hazards
* Chemical hazards
* Microbiological hazards

If the examiners only looked at the main hazard, which was identified straight away, other problems can be overlooked.

If the HACCP plan is part of a FSMS then all aspects of customer and legislative requirements must connect to the system.

If an employee has checked for a substance, the check must be documented in their hazard system.

Companies do keep records to show that products are analyzed for antibiotics; however, if these records do not connect into their hazard system, it will look like they have not performed the correct FSMS.

Ignorance about FSMSs can lead to serious problems. One example is an organization that was analyzing products for specific levels of a food additive. There are many additives used in food and consumers are unaware of the effects additives can have.

The food industry is responsible for ensuring that the food is safe. Thorough investigation into the effects of a chemical hazard added into a product and the maximum levels permitted in food is relevant in a FSMS.

A company may not know the maximum level of additives that are allowed in the food and rely on the laboratories that samples are sent to to inform them if additive levels are too high. This is not satisfactory.

High levels of additives will have different affects on health, which is why guidelines are set. However, the responsibility to keep to these guidelines belongs to the organization producing the product. The laboratories testing for the substance have no accountability.

Be prepared

Some companies are unprepared for their audits. One company visited would not let the auditor into the premises to inspect them. The auditor persisted and was eventually allowed in, although she had to wait for 45 minutes.

The same company had performed a hazard analysis and decided that there were no CCPs, so nothing was documented. In this situation auditing could not take place.

Making sure that all processes are documented within an organization ensures that a thorough audit can be done. Relying on an outside organisation for important information leads to a lack of central knowledge and then a full audit would have to incorporate outside organizations in a wider audit. This is not practical.

Recent improvements

Over the last decade the food industry’s confidence in hazard control has improved. Often at the beginning of their career, a person may think: ‘I hope I never have anything to do with HACCP’. Students on training courses seem to substantiate this view further, often finding HACCP very difficult to understand initially, until they sit down with a team and set up and implement the HACCP plan.

A FSMS is logical and simple to use. Most people already know a lot of food safety procedures and students at the beginning of a training course often have the right idea before they start. This is part of the reason why food businesses have been able to operate safely in the past.
When will the benefits show?

From starting the HACCP system, it takes six months for any company to really implement it and to follow on after that, but if you go back after three months it’s never fully implemented. However, an audit at this stage can provide the incentive to implement fully.

The HACCP plan must be kept up-to-date and reviewed at least annually.
The future of ISO 22000

The introduction of a standard specific to food safety is extremely beneficial. Risk analysis should be at the heart of food production companies. Companies should ask themselves the following questions:

* What can happen?
* How do I prevent it happening?
* If that goes wrong what can I do to put it right and stop it recurring?

The standard is now specific to the food industry but previously it was not. With existing standards such as ISO 15161 and ISO 9001, the HACCP plan was not the foundation of the system and was not easy for a food company to pick out.

In ISO 22000, the hazard analysis, risk assessment, flow diagrams and preventative measures are aimed directly at the food industry.

The future is simple

Many standards are not used because some companies think that they are too bureaucratic. ISO 22000 can be used to improve an organization.

The importance for the food industry is that all standards are HACCP based, otherwise they are not applicable. Companies with ISO 9001 never had an advantage in the food industry.

Now, having ISO 22000, which is a risk-assessment based system like HACCP, means that a food company will have international recognition, and many companies will say: ‘I don’t need to do a supplier audit because they are achieving ISO 22000 standards’. It is a turning point in standard terms.

About the author

Mary Duggan is the training manager at
the Registered Board of Assessors of Ireland.
 

Sidney Vianna

Post Responsibly
Leader
Admin
Marc, I am glad that you started the ISO 22000 own forum. I had been posting about it @ ISO 22000 (HACCP) Has been released - Seeking information

ISO 22000 has the potential to make a huge impact around the World. I suspect many consultants and registrars are "salivating" :drool: thinking of the potential $ stream.

Other Standards that you could consider as to have a specific forum are:
  • ISO 27001
  • ISO 20000
  • ANSI Z10
  • AS9110
 

Marc

Fully vaccinated are you?
Leader
OK - I was doing some forum maintenance and rearranging. I hadn't noticed much forum discussion traffic with respect to ISO 22000 and, not having browsed the existing forum (technically this was a forum rename), I didn't remember (or see, obviously) that thread.

If I have a question, it is will this have a place in the US considering FDA regulations, or is that apples and oranges? Should they be separate forums or are they, for all intents and purposes, the same?
 
V

venkat - 2011

Applicability of ISO 22000

I am working in a software company which deals with application development, maintenance and support.

Please dont think that my question is trivial or imature

The breakfast,lunch and dinner are supplied by an external caterer.

Can my company go in for ISO 22000 compliance?

My question is whether the consumer of the food provided by a third party is eligible to covered under the standard
 

Al Rosen

Leader
Super Moderator
venkat said:
I am working in a software company which deals with application development, maintenance and support.

Please dont think that my question is trivial or imature

The breakfast,lunch and dinner are supplied by an external caterer.

Can my company go in for ISO 22000 compliance?

My question is whether the consumer of the food provided by a third party is eligible to covered under the standard
You don't supply the meals the caterer does, so why would you want to or need to? Although I haven't seen it, I think that standard is used for regulatory purposes. You may want to require your caterer to meet it.
 
Last edited:
F

frawat

Hi,

Al is right, there is no need for you to get ISO 22000 compliance, even if your office has its own cooks for preparing the meals!

ISO 22000 applies only to companies in the business of producing food, from the farm up to caterers, retail outlets, etc.

I don't think this standard is for regulatory purposes. Rather, it specifies the requirements for a Food Safety Management System, although "it requires an organization to meet any applicable food safety related statutory and regulatory requirements through its food safety management system".

regards,
Francis
 

Raffy

Quite Involved in Discussions
Hi Marc,
Thank you very much for starting this thread for ISO22000:2005, basically I'd been reading articles on this standard, but I'm still craving for other information.
We are planning to establish a Food Safety Management System in our Plant and as a start, I've read lots of our procedures and this standard. And as I've read, there are lots of questions that comes into my mind: Listed below are my querries:
1. Is there any mandatory procedure for ISO22000:2005 that I need to establish? What are they?
2. What are the 7 mandatory inputs and 4 mandatory outputs in Management Review?
3. How am I going to document the clause 7.8 Verification Planning? Would be a simple audit would do? Does internal audit can carry out the task for this? Please advice.

:thanx::thanx:
Thanks in advance.
Best regards,
Raffy
 
V

venkat - 2011

Dear Mr.Raffy

The new standard for Food safety is aligned similar to other ISO standards. To clarify on the queries my understanding is hereunder:

1.Mandatory procedures: If we go through the standard there are certain phrases where shall be prepared and maintained will be mentioned. This means a procedure is required for that clause. The same is applicable to records as well. Accordingly we need to prepare the procedure.

2.Management review: Under the clause Management review of the standard, there will be a title called Review input and review output. This means that those items under input needs to be discussed during the top management meeting and the output should focus on the items as mentioned in the standard. Please refer the standard.

3.Verification Planning: A simple procedure can be prepared for this clause. You can identify an owner for this and he would take the responsibility for the implementation of the same. Here verification includes the quality of food, timeliness, hygiene, quantity etc., In addition a template cn be prepared to monitor it during the month. In the internal audit the auditor checks the procedure and the complaince using the template and sees if there are any deviations as stated in the procedure.

I have explained to the best of my understanding. I dont have the standard and hence I am unable to reproduce the words in the standard.

Please let me know if you need any further clarifications.
 

Raffy

Quite Involved in Discussions
Hi Venkat,:thanks:
First of all, I would like to thank you for the answer and you've enlightened me.
Basically, from my understanding on the answer to my query, some of the required procedures for ISO22000 is the same with ISO9001:2000 procedures. So i traced back my ISO9001:2000 requirements and compare it with ISO22000, and I found out that the shall statements embed into the procedure.
Again, Thank you very much. :thanx:
Best regards,
Raffy :cool:
 
Top Bottom