Thumbnail 2 (3)

With the publication of the new standards, the landscape for auditing Food Safety Systems and Food Safety Management Systems is clearer.

As always, 2022’s World Food Safety Day was a great occasion for many food safety professionals and stakeholders in the food sector to host initiatives to celebrate the importance of safe food under the theme “Safer Food, Better Health”. Amongst the buzz of celebratory activities such as conferences, workshops, and webinars on World Food Safety Day, International Standards Organization (ISO) officially released two new important International Standards that many likely missed.


The two new ISO standards released June 7, 2022:

  1. ISO 22003-1:2022 Requirements for bodies providing audit and certification of food safety management systems
  2. ISO 22003-2:2022 Requirements for bodies providing evaluation and certification of products, processes, and services, including an audit of the food safety system


After 5 years of work, Joint Working Group 36 (JWG36) composed of 103 experts from accreditation bodies, certifications bodies, scheme owners and industry representatives, for example, produced two important standards that will shape Food Safety Managements Systems and Food Safety Systems audits.




Before diving into identifying the goals and novelties of these 2 new international standards, it is important to understand what was behind the need to develop them.


There were two different approaches to certification: ISO/IEC 17021-1 + ISO/TS 22003 for Food Safety Management Systems and ISO/IEC 17065 for Product/process and Food Safety Certifications.


This was confusing chiefly because schemes that implemented ISO/IEC 17021-1 or ISO/IEC 17065 used similar language and were recognized by GFSI.


We interviewed Kylie Sheehan (General Manager Operations at JAS-ANZ and Co-Convenor of JWG36) regarding the main goals for developing these new standards. The following information are words from Kylie Sheehan.

“We now have two standards which support industry organizations to achieve food safety certification. It also provides regulators and consumers with the confidence that certification bodies undertaking food safety certification meet minimum benchmarked requirements that provide confidence in the food safety outcomes achieved. I encourage Food Safety scheme owners internationally to consider adopting these base level requirements within their schemes.”


In the case of Food Safety Management Systems (FSMS), stakeholders could understand better what to expect because on top of ISO/IEC 17021-1, which included audits and competence requirements, they had ISO/TS 22003:2013.



Contrary to FSMS, expectations around Food Safety Systems (FSS), used for certification of products, process and services, wasn’t so clear for stakeholders as on top of ISO/IEC 17065 there were sets of different requirements from individual schemes. These different requirements were confusing and could even in some cases fall short in to fulfill stakeholder’s expectations for food safety.


The new ISO 22003-1:2022 and ISO 22003-2:2022


With the publication of the new standards, the landscape for auditing Food Safety Systems and Food Safety Management Systems is clearer.


JWG36 was expanded to deal with the development of ISO 220003-2 to include more experts with knowledge about product certification and scheme owners (that are based on ISO/IEC 17065. For example, SQFI, IFS BRCGS joined the Working Group.


By the work of this extended group, now there is a harmonized set of requirements for audits process and competence (ISO 22003-2) that are applied on top of the ISO/IEC 17065 to provide a set of minimal harmonized requirements for the certification of FSS. There are two important aspects that need to be highlighted:


  1. Food Safety Schemes can always have requirements that go above and beyond of the ones defined in ISO 22003-2
  2. ISO 22003-2 specifies rules for certification schemes that are based on the internationally accepted principles of food safety (e.g. CODEX) and include management system elements. This way, it is not applicable to to certifications that are solely based on product testing or inspection


Throughout ISO 22003-2 several times is included flexibility to accept that scheme owners define their own rules as long as those rules are not less than those required by ISO 22003-2. This new standard is the common base level of requirements but, particularly on Process Requirements, Categories (Annex A), Minimum Audit duration (Annex B) and Competence (Annex C), scheme owners can go beyond those requirements.



In ISO 22003-2 scope, it is clearly stated that it can only be applied to certification schemes that has elements of a Management Systems. Examples of such elements are management commitment, management review, internal audit, corrective actions, objectives. These elements have to be audited and that is why the document has auditor competence and audits requirements common to ISO 22003-1:22002.


Clause 7 (Process Requirements) of ISO 22003-2 has several additional requirements. This is an important addition since Clause 7 of ISO 17065 focus on the evaluation of product, process and services but an audit approach, similar to Part 1 of ISO 220003, had to be added. For these reasons, requirements for the audit process, audit team, multi-site sampling managing of nonconformities and auditor reporting, for example, were added.


In respect to the Annexes of Part 1 and Part 2 of ISO 22003, Annex A (Categories) and Annex C (Competence) are intentionally the same, looking to establish the common base level that reduced confusion in stakeholders. Regarding Annex B (Audit duration), it was added in ISO 22003-2 the need to add time for inspection, sampling and testing when assessing audit duration.


In the case of Food Safety Management Systems there are less implications with the publication of ISO 22003-1:2022.


Final thoughts


The work from JWG 36 to revise ISO/TS 22003:2013 started in 2017 and, at that time, consider what was planned, it would have a smaller impact in the audit world. Along the way, it was decided to expand the work, developing a second part to include also Food Safety Systems.


This makes this work much more impactful in harmonizing requirements and clear stakeholders’ confusion. Now, schemes that are based on FSMS or FSS are easily comparable and the industry can understand and decide from two different ways to meet customer expectations.


A second advantage is having clear harmonized requirements for audit process and competence. This will be especially beneficial for auditors and hopefully makes the career more attractive in a moment where the industry is struggling with the lack of auditors.


These new standards have to be incorporated by scheme owners and Certification Programme Owners into their scheme requirements. For example, FSSC 22000 has already announced a Version 6 of it scheme (most probably) for the first quarter of 2023.


You can learn even more about this topic watching this webinar.

Join Sharing Knowledge Group (SKG) today and get

my weekly videos/messages in your inbox 📥

This article was written by:

Nuno F. Soares

Contributing Editor: Jocelyn C. Lee, Food Safety Consultant

Disclaimer: The information contained on this article is based on research done in the last months and the authors personal experience and opinion. It is not intended to represent the view of any organization they work for or collaborate with. The authors will not be held liable for the use or misuse of the information provided in the article.

Share this post

Leave your thought here