What is ISO 22000 ?

ISO 22000 is the only international voluntary standard covering food safety management. It demonstrates an ability not only to identify and control food safety hazards, but also to provide finished, safe products at all times. Interpretation.

Who compiled ISO 22000 ?

ISO 22000 is an international standard originating from ISO, the International Organization for Standardization. It is the result of collaborative and collective work by all stakeholders across the world. 35 countries participated in the latest update, which was finalized in June 2018. France is very much involved in the development of ISO 22000, via AFNOR’s “traceability and food safety – management and hygiene” Standardization Commission which brings together professionals in the field from around thirty organizations: representatives of the State, industrialists, consumers, certification bodies, as well as universities, schools and institutes. Participation is open to all. It is essential for ISO 22000 and all international standards to meet the expectations of professionals in France. The standardization of management methods, product specifications and analysis methods has increased over the years. Almost 140 countries participate in the ISO Technical Committee for the agri-food industry, with more than 840 documents already published and kept up to date.

Who may use ISO 22000 ?

The ISO 22000 standard can be used by all the direct and indirect food chain stakeholders, regardless of their size or their location in the world. This includes not only animal feed and agricultural producers (livestock and/or crop production), but also manufacturers and processors, service providers, transport operators and subcontractors, warehousing and distribution, retail stores and food services, as well as organizations closely related to the sector, such as manufacturers of equipment, packaging, cleaning products, additives and ingredients. According to the ISO annual study, more than 32,000 ISO 22000 certificates attesting to the proper application of the standard are currently displayed by organizations worldwide, including 600 in France.

Whats new in ISO 22000:2018

Why use ISO 22000 ?

Setting up a food safety quality management system leads to the deployment of resources to ensure the safety of products and services. This is an approved prevention and continuous improvement tool. The PDCA (Plan, Do, Check, Act) cycle is deployed at two levels: the first of these applies to the management system, the second to the HACCP principles. Like any international standard, ISO 22000 facilitates dialogue and saves time: by applying it, you are using a recognized, globally shared method. ISO 22000 builds trust with your suppliers, customers and interested parties in the food chain. It promotes effective communication with them by identifying potential hazards and by defining the measures to be implemented to control these hazards when they occur. However, ISO 22000 certification does not attest to the safety of a product, or of its fitness for use.

IFS, BRC, ISO 22000: what are the differences ?

The ISO 22000 standard has been compiled on a global scale by a non-governmental organization, while the British Retail Consortium (BRC) originates from the English-speaking countries and the International Featured Standards (IFS) Food is of German origin. The IFS and BRC are private standards, which are devised by and for the mass distribution sector. ISO 22000 applies to the entire food chain, whereas IFS and BRC are standards that are broken down into links in the food chain. An enterprise specializing in logistics (transport or storage, for example) has a dedicated IFS standard. Another difference is that ISO 22000 only sets performance requirements, while BRC and IFS also set obligations of means. IFS and BRC can therefore be more restrictive to apply than ISO 22000. Finally, BRC and IFS include provisions to prevent malicious acts (food defense) and to manage the authenticity of raw materials (food fraud). This is not the case with ISO 22000. However, the 2018 version of the standard does not prohibit these provisions from being incorporated into the initiative launched.

Does ISO 22000 lead to compliance with regulations ?

In the European Union, the regulations on food and feed hygiene are consolidated in the Hygiene Package. It requires almost all food chain organizations to implement a health control plan (HCP). This includes compliance with basic good practices, hazard analysis and critical control points. It also requires products to be identified to ensure their traceability and to develop provisions for the withdrawal and recall of non-compliant products. These requirements are at the core of ISO 22000. ISO 22000 provides the enterprise with a structured view of the regulatory requirements for food safety management. During the hazard analysis, the organization determines the strategy to be implemented to ensure that the hazards are controlled by combining the prerequisite programs (PRPs), operational prerequisite programs (OPRPs) and critical control points (CCPs). It also incorporates the 12 steps and 7 principles for application of the Codex Alimentarius. Deploying an initiative based on ISO 22000 thus offers the organization a food safety management system that is more targeted, consistent and integrated than is generally required by the regulations. Why do without it?

What is the relationship between ISO 22000 and the other management system standards ?

Some organizations using ISO 22000 have already deployed a quality management initiative (ISO 9001) or an environmental management approach (ISO 14001). In addition to being voluntary, ISO 22000 has many common points with these other management system standards. It is no coincidence: those developing voluntary standards are those that use them. They are concerned with making it easier to deploy combined approaches and avoiding duplication. The first common point: the structure of the standard. Users of ISO 9001, ISO 14001 and ISO 45001 (occupational health and safety management) will encounter the same considerations and the same main steps. Analysis of the background, the relevant interested parties, risks and opportunities, determination of roles, responsibilities and authorities: all these requirements are common. ISO 22000 also requires a continuous improvement initiative. These synergies enable issues to be shared and greater consistency to be promoted in terms of the actions undertaken and resources mobilized during the management review.

ISO 22000 requires “the background of the organization” to be defined. How is this done?

Defining the background means understanding the enterprise’s internal and external challenges: it illuminates the enterprise’s strategic choices and thereby the policy to be defined. The background cannot be dissociated from the needs and expectations of the relevant interested parties, which is another requirement. These may be, for example, suppliers, consumers, distributors, official control services, media, etc. Each organization must determine these. These two requirements affect the definition of the management system and its processes. The enterprise must also determine the risks and opportunities that may affect the effectiveness of the system. These new reflexes are designed to amplify prevention and to develop anticipation capabilities.

Good hygiene practices, HACCP, etc. What are the ISO 22000 requirements ?

The question of good hygiene practices refers directly to the prerequisite programs (PRPs), i.e. all of the available resources and general hygiene measures that the enterprise puts in place. For defining the PRPs, ISO 22000 specifies that the enterprise may take into account the applicable ISO/TS 22002 technical specification. Food manufacturing, agriculture, catering, animal feed, food packaging, etc. There are a number of approved documents (including the Codex Alimentarius codes of practice and the good hygiene practices guides) that make it possible to avoid starting with a blank page on this point. Of course, both the customer’s requirements and the legal requirements are met to comply with ISO 22000.

Regarding HACCP (Hazard Analysis Critical Control Point), the proven hazard control method, the 2018 version of ISO 22000 provides valuable definitions: what is an occurrence of contamination? What do an “acceptable hazard level” and a “significant hazard” mean? The primary interest of a voluntary standard is to establish common terminology, so that the same wording is used from one profession to another and from one country to another. Other examples of clarified definitions include control measures, operational prerequisite programs (OPRPs), critical control points (CCPs), etc. In ISO 22000:2018, the differences between an OPRP and a CCP have been clarified, particularly regarding the action to be taken in case of deviation and the corrections and/or corrective action to be initiated.

ISO 22000 and risks: what’s new ?

The ISO 22000 2018 version addresses risks as well as hazards. The “hazard” notion is still used for the operational control of health security (the “h” for “Hazard” in HACCP), but risks and opportunities have also emerged. These concern the organizational level of the initiative. The organization must consider uncertainties that may call into question the attainment of the objectives. Enterprises must take into account the risks and opportunities associated with objectives and their attainment. The aim is to enable the enterprise to improve its overall performance, i.e. its ability to supply safe products consistently and to have an effective management system.

What are the key steps for deploying ISO 22000 ?

ISO 22000 is usually implemented in 8 stages :

  • Defining the background and directions ;
  • Planning the management system: answering the who, what, where, when and how questions ;
  • Building a solid base through good hygiene practices ;
  • Conducting an HACCP study ;
  • Implementing the management system ;
  • Anticipating and managing crisis situations ;
  • Checking the effectiveness of the management system ;
  • Continuously improving the management system.

What competences are needed to use ISO 22000 ?

L’animateur du système de management doit avoir des compétences sur les démarches d’amélioration continue, mais aussi disposer de compétences managériales : il doit savoir animer un travail de groupe et garantir des relations efficaces avec la direction de l’organisme. L’équipe en charge de la sécurité sanitaire doit avoir des compétences spécifiques sur le produit, le process, les équipements et les dangers, microbiologiques par exemple. Le cas échéant, la norme permet d’avoir recours à des experts extérieurs, pour pallier un déficit de compétences. Si l’entreprise privilégie l’interne, elle doit prouver que les compétences sont bien disponibles. La version 2018 de l’ISO 22000 consacre l’expertise nécessaire pour mener une démarche de sécurité des denrées alimentaires. La complexité des affaires sanitaires rendues publiques le rappelle à chaque fois : les pilotes de démarches doivent avoir des compétences reconnues. Sur ce point, la norme ISO 22000 est prescriptive.

You are operating in an industrial company, food services, food supply chain or food packaging ?