ISO 22000:2018 Revision

What’s New in ISO 22000:2018?

The ISO 22000 family of food safety standards first launch in 2005, since then it has been adopted by more than 32,000 organizations worldwide (ISO, 2016) as their food safety management system due to the risk involved in food manufacturing sectors and as response to consumer demand for food safety. The standard revision was first announced around 2012, but it was started in 2014 which took four years to complete the entire revision up to publication in June 2018. The standard has introduced significant changes by adapting to the ISOs common high level structure while creating extended PDCA cycle. Hence, standard has adopted 10 section based high level structure based on identical core text and common terms and definitions which can be compatible with other ISO family standards to reduce the complexities while increasing the adaptability to multiple platform initiative.

The core changes introduced in the revision will affect organizations that wish to maintain their existing system certifications, as well as the organizations that are involved in the auditing compliance. The changes will also effectively impacted on the existing system scope, top management involvement, documentation of the system, application of the risk based approach to organizational needs with a clear focus on the process approach through the Plan-Do-Check-Act (PDCA) cycle. The PDCA cycle has extended by adaptation of separate HACCP cycle which runs inside the PDCA. Additional changes introduced to the standard are differentiation of PRPs, OPRPs and CCPs, adaptation of ISO/TS 22002 (1, 2, 3, 4 and 6) prerequisite programs on food safety, traceability, allergen management, supplier evaluation and acceptance which were the major criticism from GFSI to build their own FSSC 22000 while other minor changes were adapted to clarify and simplify the long held issues in the industry as well as to update international developments in food safety approaches in the last 13 years.

According to the World Health Organization’s estimates one in ten people fall ill and 420,000 die because of contaminated food every year where food safety standards are required to reduce such risks by helping food producers to implement food safety management systems that defend against the potential hazards and risks that lead to contamination.  Hence, ISO 22000 has the advantage over the many private standards due to its generic nature, minimum enforcement levels, voluntary adaptation and as it covers the whole organization. The new ISO 22000:2018 will fully contributes to ensure food safety hazards throughout the whole food chain from farm-to-folk with the enhanced compliances, which is essential as hazards occur at any stage of the food chain. ISO 22000 accommodates communication along the food chain and within the organization. ISO 22000:2018 has ensures fair competition to the other food safety standards as it has consolidated major complains made by public regarding traceability, prerequisite programs, allergen management, food security, other requirements etc.

The Major Changes

The new release has undergone a thorough revision for the standard, since it is the first revision of the standard after 2005. The standard has now been updated with ISO’s high level structure (HLS) and revised to meet today’s food safety challenges, where organizations with previous version certificate must transit to the 2018 version by June 19, 2021. After this date, the 2005 version of the standard will be withdrawn. The standard has tried to capture recent updates in the food safety landscape, changes in business diversity, global commerce and digitalization in food supply chains. The major proposed changes to the standard include modifications to its structure as well as clarifying key concepts.  

The High Level Structure

The expectation to deliver safe, sustainable and socially responsible food has increased significantly for the food sector during last 13 years since the standard was first published. In order to make life easier for businesses using more than one management system standard, the new version of ISO 22000 will follow the same structure as all the other ISO management system standards, the High Level Structure (HLS). Annex SL was developed by ISO as a framework for a generic management system. It’s the framework for a generic management system and the blueprint for all new and revised management system standards going forward. The HLS will help to keep consistency, align different management system standards, offer matching sub-clauses against the top level structure and apply common language across all standards. With the new standard in place, organizations will find it easier to incorporate their food safety management system into core business processes and get more involvement from senior management.

The Risk Approach

The standard now includes a different approach to understanding risk where standard clarifies the Plan-Do-Check-Act cycle, by having two separate cycles in the standard working together by one covering the management system and the other, covering the principles of HACCP. The initiative will combine both organizational and operational risk management into one management system. Application of PDCA cycle to manage business risk while using HACCP to identify, prevent and control food safety hazards, ISO 22000:2018 helps organizations to reduce exposure to risk and improve safety. The risk is now distinguished between the operational level and the strategic level, where strategic level of the management system (business risk), organizations can embrace opportunities in order to reach a business’s specific goals. On the other hand the operational level, users can use the Hazard Analysis Critical Control Point (HACCP) approach. The approach provides the opportunity to consider all the different aspects that might impact any organization, either good or bad, while allowing to prioritize the objectives of the organization’s FSMS to implement in a way that can accommodate the effects of these risks should they occur. The revision has placed a heavy focus on risk in which organization required to tackle the risks in daunting and seemingly overwhelming force for better accommodating risk surround concerns with a FSMS and its processes. Food safety encompasses the prevention, elimination, and control of foodborne hazards, from the site of production to the point of consumption. The potential benefits of combining risk-based thinking, PDCA and the process approach includes focus of FSMS and activities on high risk processes and understanding how processes within the organization are interdependent. It will further help more effective use of resources, improved agility in meeting the requirements of new customers and/or meet new requirements established by existing customers.

The Operation Processes

To help food sector organizations manage the challenges in distinguishing different key terms, a clear description is given of the differences between key terms such as Critical Control Points (CCPs), Operational Prerequisite Programs (OPRPs) and Prerequisite Programs (PRPs). On the operational side, risk-based thinking provides additional benefits to organizations throughout the food chain that includes improved control over food safety activities, customer, statutory and regulatory compliance, facilitated market growth, increased customer/stakeholder and consumer confidence in products, improved risk management and integration with other ISO management systems. In addition, ISO 22000:2018 has been changed it process to offer a dynamic control of food safety hazards through combining interactive communication, systems management, Prerequisite Programs (PRPs), and the principles of HACCP. The standard also clearly describes the differences between these key operation process elements while creating strong links to Codex Alimentarius HACCP principles.

Context of Organization and Interested Parties

The context of organization expanded and the interested parties are added to provide a high-level, strategic understanding of the important issues that can affect, either positively or negatively, the way of an organization manages food safety. It gives food safety team the opportunity to identify and understand factors and parties that affect the intended outcome(s) of the FSMS, which also addresses the concept of preventive action. The organization will need to determine external and internal issues that are relevant to its purpose, while considering the relevant internal and external issues that could have an impact or effect on the FSMS in achieving its intended outcome(s). Hence, system can enable an organization either directly or indirectly involved in the food chain to plan, implement, operate, maintain, and update a FSMS providing safe products and services. It also assures the organization’s conformance to its stated food policy, while evaluating and assessing mutually agreed customer safety requirements and demonstrating conformity with customers and any other interested parties.

Leadership and Commitment  

There is a much greater focus has given on top management to demonstrate their leadership and commitment with respect to the ISO 22000:2018 to ensure consultation and participation of top management in the development, planning, implementation and continual improvement of the food safety management system. Top management have a responsibility to ensure that the importance of effective food safety management and clear communication to the all employees and that they understood to ensure FSMS achieves its intended outcomes. Risk and opportunity ISO 22000:2018 takes a business orientated approach that requires broader risks and opportunities to be identified. This robust approach will enable the identification of opportunities that contribute to further improvement in food safety performance, which will improve their ability to identify and manage risks more effectively making them more resilient.

Documented Information

The basic changes to the system through HLS is the convergence of ‘procedures’ and ‘records’ into ‘documented information’, which gives the freedom for the organization to define the type and extent of documented information to be defined, although some mandatory documentation is still specified, where established controls for documents in the system are retained. Nonetheless, number of requirements relating to basic system elements are clarified and strengthened, including communication systems and needs. Now resource planning is required along with tighter controls over external contributors to system development, where the needs of competence of relevant personnel, both internal and external, are more fully explained, while documented system required for greater control of suppliers of goods and services.