The purpose of any organization in the food sector should be to ensure that their products can be consumed without constituting a health risk. The variety of safety levels and requirements of national legislation have made it increasingly difficult to achieve this objective in a world where food products are traded around the globe and the food chain is increasingly complex. The failure of one organization in the supply chain can make the product unsafe and therefore constitute a risk to consumer health.

As a result of the work of the Technical Committee ISO/TC 34, the ISO Standard 22000:2005 Food Safety management systems: Requirements for any organization in the food chain was firstly published in September 2005. This committee met not only with delegates of the member countries but also with other prominent organizations, such as the Codex Alimentarius Commission, Confederation of Food and Drink Industries of the European Union (CIAA, later renamed FoodDrinkEurope), and WHO. The aim was preparing a reference, based on the draft standard proposed in 2001 by the Danish Association of Standardization, that could structure the principles of the HACCP transversely across the industry and be applied worldwide.

ISO standards are normally evaluated every 5 years to decide if a revision is necessary. It is a long process that in this last revision started in November 2014 (proposal stage), lead to the release of the Final Draft International Standard (FDIS) in February 2018 and finally to the publication of the new standard in 19/06/2018. Specialists from over 30 countries contributed to the revision of the standard in a working group inside the Technical Committee ISO/TC34/SC17/W8. A regular revision of the standard is decisive to guarantee that it copes with the industry evolution, consumers’ concerns and food safety new challenges.

The latest statistics from companies certified by this management system show its continuous growth since 2007, stabilizing in the last two years in more than 32.000 organizations as shown in the graph presented above (source ISO). It is clear that a substantial number (82,7 % in 2016) of the organizations are located in Europe and East Asia and Pacific.

When compared with other standards, ISO reported the highest number of certifications during 2016. Since FSSC 22000 is also an ISO-based standard, it is clear how relevant and well accepted is this standard by the food industry.

The new version of the standard (ISO 22000:2018) has significant amendments and therefore cannot be presented in a single article. This first one presents considerations about the changes regarding standard structure, introduction, and clause 3 (Terms and definitions).

Standard Structure – What has changed?

The table below shows the main clauses from ISO 22000:2005 and ISO 22000:2018.

The first thing that can be noticed looking at the table is that there is no direct correspondence between the clauses; however, as a general rule:

• The old 4, 5 and 6 clauses correspond to the new clauses 4, 5, 6 and 7
• Clause 8 of the new version corresponds to most of the previous version’s clause 7
• 2005’s version clause 8 is now addressed in clauses 9 and 10

In the new version, the different subjects addressed by the standard are organized according with their position in the PLAN/DO/CHECK/ACT cycle, and that explains most of the clauses that changed place, for instance:

1. The topic about the competence of food safety team and how it is appointed that was presented inside HACCP clause 7 (2005 version), moved to clause 5.3 (Organizational roles, responsibilities and authorities) and clause 7.3 (Competence), since it is an PLAN activity, not a DO activity.
2. Emergency preparedness and response also jumps from clause 5.7 (2005 version) to clause 8 (Operation), that is the DO clause according with the standard.
3. Management review leaves the Management Responsibility (clause 5) of the 2005 version to the CHECK step of the cycle (clause 9 of the new version).

Despite of the fact that in the case of points 2 and 3 presented above the subjects are no longer under a clause that included all the Management responsibilities (in the last version), Top Management is still accountable for these issues in the new version.

Introduction

Easily noticeable in the new introduction is that, regarding food safety management system principles, it retains the key elements of ISO 22000:2005

• interactive communication;
• system management;
• prerequisite programmes;
• hazard analysis and critical control points (HACCP) principles

but adds the main principles that are common to all other ISO:

• customer focus;
• leadership;
• engagement of people;
• process approach;
• improvement;
• evidence-based decision making;
• relationship management.

Another interesting aspect is that the meaning of some of the main verbal forms used (“shall”, “should”, “may” and “can”) is clarified.

In the introduction it is also noticed that the new version promotes the adoption of a process approach in the development and implementation of the food safety management system. This process approach is subdivided into a Plan-Do-Check-Act (PDCA) cycle and risk-based thinking. The concept of PDCA cycle, although not addressed in ISO 22000:2005, is not new for the system, being included into ISO 22004:2014 (Guidance on the application of ISO 22000). But now, there is a twist since this new version distinguishes between a PDCA for the organizational planning and another for the operational planning, being the control of communication between the two cycles essential. The risk-based thinking is only briefly mentioned as it has always been a characteristic of HACCP. Nevertheless, it should also be used in the organizational planning and control (i.e. also in all the system clauses besides n.º 8).

The last section of the Introduction uncovers the relationship with other management system standards and explains that the document was developed within the ISO High Level Structure (HLS) to improve alignment between the ISO management system standards. This can be clearly seen as, for instance, the new ISO 22000 has the same structure and even the same main clauses number and names as ISO 9001:2015.

Terms and definitions

There are two main things that pop right up when we take the first look into this section. Firstly, it is organized in alphabetical order and secondly, there are many more definitions than in the old version, a total of 45 against 17.

The new terms and definitions are: acceptable level, action criterion, audit, competence, conformity, contamination, continual improvement, documented information, effectiveness, feed, food, animal food, food safety management system, interested party, lot, measurement, nonconformity, objective, organization, outsourced, performance, process, product, requirement, risk, significant food safety hazard, top management, traceability.

Despite these concepts were not present in the 2005 version, we cannot say that they are new since most of them are present in other ISO publications and others were only adapted into the food safety perspective.

We are not going to go through all the changes, but we would like to spot some interesting points that can be found:

1. Validation, monitoring and verification are clearly distinguished (by adding the exactly same note in each definition) as applied prior, during and after an activity, respectively.
2. The definition of critical control point (CCP) and operational prerequisite program (OPRP) are less about their objective and more about what it should be/include. For instance in CCP, it is stated that it is a process step with a control measure applied and a defined critical limit, and where effective product control should be guarantee by measurements.
3. In the definition of prerequisite program (PRP) it is added a new note explaining that PRP used to control significant food safety hazards are control measures that should be considered either as CCPs our as OPRs.

And this is all for this month 🙂

Hope it adds value and please share it and come back next month for Part 2!

Disclaimer: The information contained on this article is based on research done in the last months and the authors personal experience and opinion. It is not intended to represent the view of any organization they work for or collaborate with. The authors will not be held liable for the use or misuse of the information provided in the article.