ISO
22000:2018 Determination of CCPs and OPRPs
If
you search the web these days, you will come across with hundreds of articles
explaining what’s new in the ISO 22000 standard and many explanations regards
to adaptation of new requirements. Hence, it was obvious to find out ISO
22000:2018 new decision tree or a decision table of logical sequence to apply
CCP and OPRP segregation. Unfortunately, if you search the web, you still find
only the old explanations of such decision trees and if you further try to find
out them as images of such logical sequence surprisingly most of them are
published in ISO 22000 resource center in various articles. Thus, I decided to publish a new decision
tree for ISO 22000:2018 version which I recently developed for my ISO
22000:2018 Generic Model published on amazon kindle. As to the last article, it
briefly discussed what’s new in the standard and how it is going to affect your
existing systems as well as new systems that are to be waiting for the
development. Since many articles talk about the various sections of the standard,
it is not very important at this point to comment on them, but there will be several
new articles explaining the changes in the standard as well as expert views on
the subject.
The
irony of the ISO 22000:2018 standard revision is that, the standard has kept segregation
of CCP and OPRP as mystery yet or most ambiguous puzzle yet as it was kept for
last 13 years. Anyway, they have cleaned up the idea somewhat and some of the previous words were taken off while adding few more, but they have failed to
simplify it, where it is our speculation that, even the expert panel may not
have fundamental agreement or complete understanding of how they are exactly segregate
CCPs and OPRPs. Thus, they have kept adding more and more parameters to the
CODEX decision tree model but they haven’t clear it with a proper generic model
such as a decision tree or a decision table or any other method while keeping
the ball in manufacturer’s courtyard. As to the food safety, segregation of
CCPs and OPRPs are the most important part of the operation, but after four
years of discussions and meetings, it is look like the expert panel has not found
any suitable solution to it rather than complexing it for average man to
understand.
The
HACCP plan has been changed to Hazard control plan and HACCP word is officially
out from the standard, but it is obvious that people will not remove HACCP
decision tree officially from the systems unless there will be an official
decision tree. Because decision trees are very easy to distinguish and understand
for an average intelligent person and standard also requesting a logical
sequence for decision making process. As a skeptic, I have kept my eye open
for may be last 10 years at least to the internet, ISO 22000 books, updated ISO
22004, online forums, sessions, conferences and I have asked hundreds of
auditors, many trainers and consultants, but unfortunately no body was ever
able to give me a completely satisfying answer or an easy solution that may be
very important to the users. Because it is the most ambiguous area of the standard
to any average user yet. If you consider HACCP or CODEX decision trees, whether it is completed or
not, they have given a very simple and easily understandable answer with a
diagram where most of the people in food industry actually use it rather than
ISO 22000 or any other, because they are not clearly understandable to the average
user and it keeps you doubting to yourself if you are right or wrong on your
decision making process, if yourself develop a one, instead of using already accepted one. 
Accordingly,
we were expecting the technical committee to sort it out at least by this revision,
because most of the private standards are also use these principles as their
base, instead of developing their own. However, technical committee have not yet fulfilled our hopes where most of the users still
will stick to the CODEX, the most clearly explained segregation. But we all
know it is not enough since there is a clear cut line between PRPs and CCPs,
but some of the control points are really don’t fall into any of these categories
and everybody trying to define it and still no clear agreement, because there
is no clarity. Henceforth, many people many consider many CCPs than they should consider
or less than they should consider, which actually depend on various other
factors such as auditors, buyers, company’s budget for quality assurance or
their real understanding. Here is an image from the internet, which was found in Safe
Food 360˚, published in July 30, 2014 by George Howlett, one of my
favorite writers of food safety in Europe, he named it as funny decision tree,
which is actually the case in many organizations around the world. As to his
writing I have taken one another image below to show that how we need to simplify
the decision making process, rather than complexing it for practitioners.
Many
times, in various occasions when I asked experts, they provided some answers,
but at the same time they push the ball back to my court asking me, why don’t you
develop a one. Most of the time, I actually had a one developed, but as already
explained I had the same doubts about it, anyway later-on when many people asking
me about the complexity of decision making part of the standard, it was
published on this blog and it has reached the top of the most viewed articles
list if you look at your left, because as already explained there are lots of
ambiguity in the area of decision making in ISO 22000. However, even after
publishing it, I was not completely satisfied with what was developed and which
was audited by several auditors. However, I was not quite convinced of my own
decision tree or the table, where do you think that an average person will be
okay with what he has done?
Few weeks back, while I was developing the “ISO 22000:2018 Generic Model” which is
already on amazon as a Paperback and Kindle versions, I did several of them
because I’m not convinced once they were completed that they are fully
complying with what standard requests us to comply with. The explanations given
in the standard are vague and generic (look at the below italic text), which is
the usual nature of standards, but areas like segregation of CCPs and OPRPs
should have to have much more comprehensive explanations (like a diagram or
specific method of evaluation) rather than few lines given in the standard. Because
it specifically asking you for a logical sequence and documented information of
how you arrived at your decision, but if an average user can not exactly distinguish
the standard, they will not apply the right sequence for it.
Here
is what ISO 22000:2018 explains about selection and categorization of control measures.
8.5.2.4
Selection and categorization of control measure(s)
8.5.2.4.1
Based
on the hazard assessment, the organization shall select an appropriate control measure
or combination of control measures that will be capable of preventing or
reducing the identified significant food safety hazards to defined acceptable
levels.
The
organization shall categorize the selected identified control measure(s) to be
managed as OPRP(s) (3.31) or at CCPs (3.11).
The categorization shall be carried out using a systematic approach. For each of the control measures selected there shall be an
assessment of the following:
a)
The likelihood of failure of its functioning;
b)
The severity of the consequence in the case of failure of its
functioning; this assessment shall include:
1)
The effect on identified
significant food safety hazards;
2)
The location in relation
to other control measure(s);
3)
Whether it is specifically
established and applied to reduce the hazards to an acceptable level;
4)
Whether it is a single
measure or is part of combination of control measure(s).
8.5.2.4.2
In addition, for each control measure, the systematic approach shall
include an assessment of the feasibility of:
a)
Establishing measurable
critical limits and/or measurable/observable action criteria;
b)
Monitoring to detect any
failure to remain within critical limit and/or measurable/observable action
criteria;
c)
Applying timely
corrections in case of failure.
The decision-making process and results of the selection and
categorization of the control measures shall be maintained as documented
information.
External
requirements (e.g. customer requirements) that can impact the choice and the
strictness of the control measures shall also be maintained as documented
information.
(Source:
ISO 22000:2018, Food safety management systems – Requirements
for any organization in the food chain)
Hence,
I decided to publish what I have done myself which not may be the exactly what
technical committee expected, but it will at least ease the burden of many
users, who will love to use a decision tree logic than a table, until ISO 22000
expert panel or WTC book will give us a possible solution later. Thus, it is an
alternative only, and the responsibility is vested on users to decide
themselves before use it, because there will be lot of models followed by due to
the lack of standard decision tree or a table to decide the fate of CCP or
OPRP. Until such a standard explanation is officially exists, you can try my
decision tree model for ISO 22000:2018 and the decision table with some logical
sequence, which may not be the one exactly on experts mind.
The
following assumptions were used while developing the ISO 22000:2018 decision
tree.
1. If a control measure
do not have a measurable critical limit, it cannot be considered as a CCP according
to the general understanding in the industry.
2. If there is no
possibility to monitor measurable critical limits or observable action criteria,
such control measures cannot be used as a CCP or a OPRP which needs to be
modified to control or monitor.
3. The word “TIMELY” has
been considered as “OPPORTUNE”, which generally means that a product that will
not be potentially harmful for the general public if the control measure is
failed and still there is an opportunity to do the corrections without
effectively harming the product. Hence, it shall be considered as a OPRP.
4. The Q5, can be
considered as the segregation point for OPRPs and CCPs, because most of the “part
of combination of control measures are usually categorized under OPRPs. But the
standard still specifically instruct you to get a logical sequence and answers
for all other 3 feasibility criteria mentioned before finalize your decision.
ISO 22000:2018 Decision Table
