image-securite-aliments.webp
Decrypting

ISO 22000: Essential FAQs for Understanding Food Safety

Published on , Updated on
Food safety

What is ISO 22000? Definition

ISO 22000 is the only voluntary international standard for food safety management. It enables organizations to demonstrate their ability to identify and control food safety hazards, as well as to consistently provide safe finished products.

Who developed the ISO 22000 food safety standard?

ISO 22000 is an international standard that:

  • Issued by ISO, the International Organization for Standardization
  • Is the result of a collaborative and collective effort by all stakeholders around the world.

Thirty-five countries participated in its latest update, which was finalized in June 2018. France played a major role in developing the ISO 22000 standard through the AFNOR standards committee on “food traceability and safety—management and hygiene.” This committee brings together professionals in the field, representing some thirty organizations:

  • Government officials
  • Manufacturers
  • Consumers
  • Certification bodies
  • Universities
  • Schools
  • Institutes.

Participation is open to everyone. It is essential to ensure that ISO 22000 and all international standards meet the expectations of professionals in France. The standardization of management methods, product specifications, and analytical methods has increased over the years. Nearly 140 countries participate in the ISO technical committee on the food industry, with more than 840 documents already published and maintained. A new version of the ISO 22000 standard is scheduled for 2027, with a public consultation on the draft text planned in France for fall 2026.

Check out our YouTube video: ISO 22000: Who developed it, and how was it developed?

Who can use ISO 22000?

The ISO 22000 standard can be used by all direct and indirect stakeholders in the food chain, regardless of their size or location. This includes:

  • Animal feed producers
  • Agricultural producers (livestock and/or crop production)
  • Manufacturers and processors
  • Service providers
  • Operators and subcontractors responsible for transportation, warehousing, and distribution
  • Retail and food service stores
  • Organizations closely linked to the sector, such as manufacturers of equipment, packaging materials, cleaning products, additives, and ingredients.

According to the ISO’s annual survey, more than 32,000 ISO 22000 certificates attesting to the proper implementation of the standard are currently held by organizations worldwide, including nearly 600 in France.

What are the benefits of the ISO 22000 standard?

Implementing a food safety management system involves taking steps to ensure the safety of a company’s products and services. It is a proven tool for:

  • Prevention
  • Continuous improvement.

The PDCA cycle (Plan, Do, Check, Act) is implemented at two levels:

  • The first applies to the management system
  • The second concerns the HACCP plan.

Like any international standard, ISO 22000 facilitates communication and saves time: by implementing it, you are using a method that is recognized and shared worldwide. The ISO 22000 standard builds trust with your suppliers, customers, and other stakeholders in the food supply chain. It promotes effective communication with them: 

  • By identifying potential hazards
  • By defining the measures to be implemented to manage them when they occur.

However, a ISO 22000 certification does not attest to the safety or suitability for use of a product.

IFS, BRC, ISO 22000: What Are the Differences?

There are several differences between IFS, BRC, and ISO 22000:

  • The ISO 22000 standard is developed on a global scale by a non-governmental organization
  • The British Retail Consortium (BRC) has Anglo-Saxon origins
  • The International Featured Standards (IFS) Food standard has Franco-German origins
  • IFS and BRC are private standards developed by and for the retail sector.

ISO 22000 applies to the entire food chain, whereas IFS and BRC are standards tailored to specific segments of that same chain. A company specializing in logistics (such as transportation or storage) has a dedicated IFS standard.

Another difference is that ISO 22000 sets only outcome-based requirements, whereas BRC and IFS also set process-based requirements. IFS and BRC may therefore be more challenging to implement than ISO 22000. 

What are the similarities between FSSC 22000 and ISO 22000?

FSSC 22000, which stands for Food Safety System Certification 22000, is a private certification scheme that incorporates the ISO 22000 standard while also including additional requirements not covered by that standard ( food fraud and food defense (among other things). 

FSSC 22000:

  • Has been recognized by the Global Food Safety Initiative, a platform that has been bringing together food manufacturers and distributors since 2000.
  • Applies to many sectors of the food industry (packaging manufacturing and processing, food packaging, food service, etc.).

The FSSC 22000 Foundation will provide transition guidance to certified organizations to help them incorporate the changes in the 2018 version of the ISO 22000 standard.

Finally, BRC and IFS include provisions for:

Preventing malicious acts (food defense)

Addressing issues related to the authenticity of raw materials (food fraud).

This is not the case with ISO 22000. However, the 2018 version of the standard does not prohibit the incorporation of these provisions into the established system.

What are the similarities between FSSC 22000 and ISO 22000?

FSSC 22000, which stands for Food Safety System Certification 22000, is a private certification scheme that incorporates the ISO 22000 standard while also including additional requirements not covered by that standard ( food fraud and food defense (among other things). 

FSSC 22000:

  • Has been recognized by the Global Food Safety Initiative, a platform that has been bringing together food manufacturers and distributors since 2000.
  • Applies to many sectors of the food industry (packaging manufacturing and processing, food packaging, food service, etc.).

The FSSC 22000 Foundation will provide transition guidance to certified organizations to help them incorporate the changes in the 2018 version of the ISO 22000 standard.

Does ISO 22000 ensure compliance with regulations?

In the European Union, regulations governing food and feed hygiene are consolidated in the Hygiene Package. It requires nearly all entities in the food chain to implement a hygiene control plan (HCP). This includes:

  • Adherence to basic best practices
  • Hazard Analysis and Critical Control Points
  • Product identification to ensure traceability
  • The development of procedures for the withdrawal and recall of non-compliant products.

These requirements are at the heart of the ISO 22000 standard. It helps organizations develop a structured approach to regulatory requirements for food safety management. During the hazard analysis, the organization determines the strategy to be implemented to ensure control of these hazards by combining:

  • Prerequisite Programs (PRP)
  • Operational PRPs (PRPO)
  • Critical Control Points (CCPs).

It also incorporates the 12 steps and 7 principles of implementation of the Codex Alimentarius. Implement an approach based on the ISO 22000 standard It therefore provides the organization with a food safety management system that is more focused, consistent, and integrated than is generally required by regulations. Why not take advantage of it?

What is the relationship between ISO 22000 and other management system standards?

Some organizations that use the ISO 22000 standard have already implemented a quality management system (ISO 9001) or an environmental management system (ISO 14001). 

In addition to being a voluntary standard, ISO 22000 shares many similarities with these other management system standards. This is no coincidence: the people who develop voluntary standards are the same people who use them. They are therefore committed to:

  • Making it easier to implement integrated approaches
  • Avoid duplicates. 

First commonality: the structure of the standard. Users of ISO 9001, ISO 14001, or ISO 45001 (occupational health and safety management) will find the same approach and the same key steps. Analysis of the context, relevant interested parties, risks, and opportunities; determination of roles, responsibilities, and authorities: all these requirements are shared. The ISO 22000 standard also mandates a process of continuous improvement. These synergies make it possible, during the management review, to:

  • Sharing the challenges
  • Promote greater consistency in the actions taken and the resources allocated.

ISO 22000 requires defining "the organization's context." How do you do that?

Defining the context means understanding the challenges the company faces, both internally and externally. This informs the company’s strategic decisions and, consequently, the policies to be established.

The context cannot be separated from the needs and expectations of the relevant stakeholders, which is another requirement. These include, for example:

  • Suppliers
  • Consumers
  • Distributors
  • Official regulatory agencies, the media, etc.

It is up to each organization to determine these. These two requirements will influence the definition of the management system and its processes. The company will also need to identify the risks and opportunities that could affect the system’s effectiveness. These new approaches aim to strengthen prevention and develop the ability to anticipate issues.

 

 

 

Mastering the Key Points of ISO 22000:2018

Good hygiene practices, HACCP… What are the principles of the ISO 22000 standard?

The issue of good hygiene practices is directly linked to prerequisite programs (PRPs), that is, the resources made available and the general hygiene measures implemented by the company.

To define PRPs, the ISO 22000 standard specifies that the organization may refer to the applicable ISO/TS 22002 technical specification. Food manufacturing, agriculture, food service, animal feed, food packaging… There is a series of approved documents (including the Codex Alimentarius codes of practice and guides to good hygiene practices) to ensure that organizations do not have to start from scratch on this point. The ISO 22000 standard, of course, requires compliance with customer requirements as well as legal requirements.

Regarding HACCP (Hazard decryptions Control Points), a proven method for managing hazards, the 2018 version of the ISO 22000 standard provides valuable definitions:

  • What is contamination?
  • What does “an acceptable level of risk” or “significant risk” mean?

The primary purpose of a voluntary standard is to establish a common terminology, enabling professionals across different fields and countries to speak the same language. Other examples of clarified definitions:

  • Control measures
  • Operational Prerequisite Program (OPRP)
  • Critical Control Point (CCP)…

In ISO 22000:2018, the differences between a PRPO and a CCP have been clarified, particularly with regard to the procedures to follow in the event of a deviation and the initiation of corrective actions.

ISO 22000 and Risks: What's New?

The 2018 version of ISO 22000 addresses not only hazards but also risks. The concept of hazard is still used for the operational control of food safety (the “h” in “hazard” from HACCP), but risks and opportunities have also been introduced. These relate to the organizational level of the approach. A new version of the ISO 22000 standard is scheduled for 2027. An interim version exists, NF EN ISO 22000/A1, supplemented by an amendment addressing climate risk.

The organization must assess uncertainties that could jeopardize the achievement of its objectives. Companies must take into account the risks and opportunities associated with their objectives and their achievement. The ultimate goal is to enable the company to improve its overall performance, that is, its ability to:

  • Consistently provide safe products
  • Have an effective management system in place.

How do you implement the ISO 22000 standard?

The implementation of the ISO 22000 standard generally involves eight successive steps:

  • Define the context and objectives
  • Planning your management system: answering the questions who, what, where, when, and how
  • Building a Solid Foundation Through Good Hygiene Practices
  • Conducting an HACCP analysis
  • Implementing a management system
  • Planning for and managing crisis situations
  • Assess the effectiveness of your management system
  • Continuously improve its management system.

What skills are required to implement ISO 22000?

The management system coordinator must have expertise in continuous improvement processes. He or she must also possess managerial skills:

  • Knowing how to facilitate group work
  • Ensure effective communication with the organization’s leadership.

The team responsible for health and safety must have specific expertise regarding the product, the process, the equipment, and potential hazards, such as microbiological risks. If necessary, the standard allows for the use of external experts to address any gaps in expertise.

If the company prefers to hire from within, it must demonstrate that the necessary skills are indeed available. The 2018 version of the ISO 22000 standard requires the expertise necessary to implement a food safety management system. The complexity of public health incidents that come to light serves as a constant reminder: those leading these initiatives must possess recognized expertise. In this regard, the ISO 22000 standard is prescriptive.

Which is the difference between the ISO standard 9001 What about ISO 22000?

These two standards differ in their scope of application and their fundamental objectives.

  • ISO 9001: The Quality Management System (QMS) . This standard is cross-functional and generic. It applies to all sectors of activity and focuses on customer satisfaction, process control, and an organization’s ability to deliver a compliant product or service. Its primary goal is to improve overall performance.
  • ISO 22000: The Food Safety Management System (FSMS) . Specifically designed for stakeholders in the food supply chain, this standard has a critical objective: food safety. Unlike ISO 9001, it incorporates strict technical requirements such as Prerequisite Programs (PRPs) and the principles of the HACCP plan to identify, prevent, and control hazards (biological, chemical, or physical).

In summary : ISO 9001 ensures that customers receive what they ordered with the highest level of service, while ISO 22000 ensures that the product poses no risk to consumer health. 

Which is the difference between ISO 22000 and the standard HACCP ?

The ISO 22000 standard and HACCP principles are often mentioned together, but they are not the same. 

  • HACCP was established to identify, assess, and control significant hazards related to food safety. It focuses primarily on the technical and operational aspects of production to prevent biological, chemical, and physical risks.
  • The ISO 22000 standard While it certainly incorporates HACCP principles, it places them within a broader management framework. It adds essential strategic pillars such as the system management, executive leadership, and prerequisite programs (PRP).

 

Stay informed

New standards, labels, and certifications, QSE news, audit techniques, practical case studies... An unmissable monthly event.

Subscribe to our newsletter