ISO 22000 is the only voluntary international standard for food safety management. It enables us to demonstrate our ability to identify and control food safety hazards, as well as to consistently supply safe, finished products. Here’s how it works.
What is ISO 22000, by Olivier Boutou, and in video :
What is ISO 22 000?
ISO 22 000 is the only international standard dealing with food safety.
It is a standard that was established during an international consensus that was first published in 2005, which was recently updated in June 2018 and addresses the principles recognized as essential to guarantee food safety.
These principles include, of course, the good practices known as PRPs in ISO 22000.
The HACCP method, which, thanks to its twelve steps and seven principles, enables food safety to be controlled through the management of the famous PRP O and CCP hazards. A third principle is interactive communication.
Internal communication, of course, within the organization, to communicate important aspects and take advantage of the opportunity to raise awareness among all those carrying out work under the company’s responsibility, but also external communication with interested parties.
As we can see, this communication is important with all the links in the chain, whether suppliers, customers, official control services or, in the event of a crisis, the media. The fourth principle is system management, i.e. developing a policy and objectives, and defining the resources and processes needed to achieve these objectives.
ISO 22000 is an international standard issued by ISO, the international standards organization. It is the result of a collaborative and collective effort by all stakeholders worldwide. 35 countries participated in its latest update, finalized in June 2018. France was heavily involved in the development of ISO 22000, via the AFNOR standards commission. “traceability and food safety – management and hygiene which brings together professionals in the field, including some thirty organizations: government representatives, industrialists, consumers, certification bodies, as well as universities, schools and institutes. Participation is open to all. It is essential if ISO 22000 and all international standards are to meet the expectations of professionals in France. Standardization of management methods, product specifications and analysis methods has increased over the years. Nearly 140 countries participate in ISO’s technical committee on agri-food, with over 840 documents already published and kept up to date.
See also our Youtube video: ISO 22000: who and how was it developed?
ISO 22000 can be used by all direct and indirect players in the food chain, whatever their size or location worldwide. This includes feed and agricultural producers (animal and/or crop production), but also manufacturers and processors, service providers, operators and subcontractors in charge of transport, storage and distribution, retail and foodservice outlets, as well as organizations closely linked to the sector, such as manufacturers of equipment, packaging materials, cleaning products, additives and ingredients. According to ISO’s annual survey, more than 32,000 ISO 22000 certificates attesting to proper application of the standard are currently held by organizations worldwide, including nearly 600 in France.
Implementing a food safety management system means deploying resources to ensure the safety of products and services. It’s an approved tool for prevention and continuous improvement. The PDCA cycle (Pal, do, check, act) is deployed on two levels: the first applies to the management system, the second to the HACCP principles. Like all international standards, ISO 22000 facilitates dialogue and saves time: by applying it, you use a method that is recognized and shared worldwide. ISO 22000 brings confidence to your suppliers, customers and stakeholders in the food chain. It promotes effective communication with them, identifying potential hazards and defining the measures to be implemented to control them when they arise. However, ISO 22000 certification does not attest to a product’s safety or suitability for use.
ISO 22000 is a global standard drawn up by a non-governmental organization, while the British Retail Consortium (BRC) is of Anglo-Saxon origin, and the International Featured Standards (IFS) Food of Franco-German origin. IFS and BRC are private standards, developed by and for the mass retail sector. ISO 22000 applies to the entire food chain, while IFS and BRC are standards for each link in the chain. A company specializing in logistics (transport or warehousing, for example) has its own dedicated IFS repository. Another difference is that ISO 22000 sets out only results-based obligations, whereas BRC and IFS also set out means-based obligations. IFS and BRC can therefore be more restrictive to apply than ISO 22000. Finally, BRC and IFS include provisions to prevent malicious acts(food defense) or to manage issues of raw material authenticity(food fraud). This is not the case with ISO 22000. However, the 2018 version of the standard does not preclude the integration of these provisions into the process.
FSSC 22000, for Food Safety System Certification 22000, is a private certification scheme that integrates ISO 22000, while also incorporating other requirements not covered by this standard (food fraud and food defense in particular). FSSC 22000 has been recognized by the Global Food Safety Initiativea platform that has been bringing together food manufacturers and distributors since 2000. FSSC 22000 applies to many sectors of the food industry (packaging manufacture and processing, packaging, catering, etc.). The FSSC 22000 Foundation will offer transitional arrangements for certified organizations to incorporate the new features of ISO 22000 version 2018.
In the European Union, food and feed hygiene regulations are grouped together in the Hygiene Package. It requires almost all organizations in the food chain to apply a sanitary control plan (SCP). This includes compliance with basic good practices, hazard analysis and critical control points. It also calls for products to be identified to ensure traceability, and for provisions to be drawn up for the withdrawal and recall of non-compliant products. These requirements are at the heart of ISO 22000. ISO 22000 provides companies with a structured vision of regulatory requirements for food safety management. When analyzing hazards, the organization determines the strategy to be implemented to ensure their control by combining prerequisite programs (PRP), operational PRPs (PRPO) and critical control points (CCP). It also incorporates the 12 steps and 7 application principles of the Codex Alimentarius. Deploying an approach based on ISO 22000 therefore offers the organization a more focused, coherent and integrated food safety management system than is generally required by regulations. Why deprive yourself?
Some organizations using ISO 22000 have already deployed a quality management approach (ISO 9001) or an environmental management approach (ISO 14001). In addition to being voluntary, ISO 22000 has many points in common with these other management system standards. This is no coincidence: the people who draw up voluntary standards are the ones who use them. They are therefore keen to make it easier for each other to deploy combined approaches, and avoid duplication. First point in common: the structure of the standard. Users of ISO 9001, ISO 14001 or ISO 45001 (occupational health and safety management) will find the same thinking, the same major steps. Analysis of context, relevant stakeholders, risks and opportunities, determination of roles, responsibilities and authorities: these are all common requirements. ISO 22000 also imposes a continuous improvement approach. These synergies make it possible to share challenges and promote greater consistency in the actions undertaken and the resources mobilized during management reviews.
Defining the context means understanding the challenges facing the company, both internally and externally: this sheds light on the company’s strategic choices, and therefore on the policy to be defined. The context cannot be dissociated from the needs and expectations of the relevant stakeholders, which is another requirement. These include suppliers, consumers, distributors, official control services, the media, etc. It’s up to each organization to decide. These two requirements will have an impact on the definition of the management system and its processes. The company will also need to determine the risks and opportunities that could affect the system’s efficiency. These new reflexes are designed to boost prevention and develop anticipation skills.
The question of good hygiene practices refers directly to the prerequisite programs (PRP), i.e. all the resources made available and the general hygiene measures implemented by the company. To define PRPs, ISO 22000 specifies that the company may take into account the technical specification
ISO/TS 22002 technical specification
. Food manufacturing, agriculture, catering, animal feed, food packaging… There are a number of approved documents (including Codex Alimentarius codes of practice and guides to good hygiene practice), so you don’t have to start from scratch here. ISO 22000 naturally requires compliance with customer and legal requirements.
When it comes to HACCP(Hazard Analysis Critical Control Point), a proven method for controlling hazards, the 2018 version of ISO 22000 provides valuable definitions: what is contamination? What is an “acceptable level of danger”, a “significant danger”? The main advantage of a voluntary standard is that it establishes a common terminology, enabling us to speak the same language from one profession to another, and from one country to another. Other examples of clarified definitions include: control measures, operational prerequisite program (OPRP), critical control point (CCP), etc. In ISO 22000:2018, the differences between an OPRP and a CCP have been clarified, particularly with regard to the action to be taken in the event of deviation and the launch of corrections and/or corrective actions.
ISO 22000 version 2018 addresses not only hazards, but also risks. The notion of danger is still used for the operational control of health safety (the “h” in HACCP’s ” hazard “), but risks and opportunities have also made their appearance. They concern the organizational level of the approach. The organization must consider any uncertainties that could jeopardize the achievement of its objectives. Companies will have to take into account the risks and opportunities associated with the objectives and their achievement. The aim is to enable the company to improve its overall performance, i.e. its ability to consistently supply safe products and to operate an efficient management system.
Implementing ISO 22000 generally involves 8 successive stages:
The management system coordinator must not only have expertise in continuous improvement procedures, but also managerial skills: he or she must be able to lead a group and ensure effective relations with the organization’s management. The team in charge of food safety must have specific skills in the product, process, equipment and hazards, such as microbiological hazards. Where necessary, the standard allows the use of external experts to compensate for a lack of skills. If the company prefers to work in-house, it has to prove that the necessary skills are available. The 2018 version of ISO 22000 enshrines the expertise needed to lead a food safety approach. The complexity of public health cases is a constant reminder that the people who lead these initiatives must have recognized skills. On this point, ISO 22000 is prescriptive.