ISO
22000:2018 Determination of CCPs and OPRPs
If
you search the web these days, you will come across with hundreds of articles
explaining what’s new in the ISO 22000 standard and many explanations regards
to adaptation of new requirements. Hence, it was obvious to find out ISO
22000:2018 new decision tree or a decision table of logical sequence to apply
CCP and OPRP segregation. Unfortunately, if you search the web, you still find
only the old explanations of such decision trees and if you further try to find
out them as images of such logical sequence surprisingly most of them are
published in ISO 22000 resource center in various articles. Thus, I decided to publish a new decision
tree for ISO 22000:2018 version which I recently developed for my ISO
22000:2018 Generic Model published on amazon kindle. As to the last article, it
briefly discussed what’s new in the standard and how it is going to affect your
existing systems as well as new systems that are to be waiting for the
development. Since many articles talk about the various sections of the standard,
it is not very important at this point to comment on them, but there will be several
new articles explaining the changes in the standard as well as expert views on
the subject.
The
irony of the ISO 22000:2018 standard revision is that, the standard has kept segregation
of CCP and OPRP as mystery yet or most ambiguous puzzle yet as it was kept for
last 13 years. Anyway, they have cleaned up the idea somewhat and some of the previous words were taken off while adding few more, but they have failed to
simplify it, where it is our speculation that, even the expert panel may not
have fundamental agreement or complete understanding of how they are exactly segregate
CCPs and OPRPs. Thus, they have kept adding more and more parameters to the
CODEX decision tree model but they haven’t clear it with a proper generic model
such as a decision tree or a decision table or any other method while keeping
the ball in manufacturer’s courtyard. As to the food safety, segregation of
CCPs and OPRPs are the most important part of the operation, but after four
years of discussions and meetings, it is look like the expert panel has not found
any suitable solution to it rather than complexing it for average man to
understand.
The
HACCP plan has been changed to Hazard control plan and HACCP word is officially
out from the standard, but it is obvious that people will not remove HACCP
decision tree officially from the systems unless there will be an official
decision tree. Because decision trees are very easy to distinguish and understand
for an average intelligent person and standard also requesting a logical
sequence for decision making process. As a skeptic, I have kept my eye open
for may be last 10 years at least to the internet, ISO 22000 books, updated ISO
22004, online forums, sessions, conferences and I have asked hundreds of
auditors, many trainers and consultants, but unfortunately no body was ever
able to give me a completely satisfying answer or an easy solution that may be
very important to the users. Because it is the most ambiguous area of the standard
to any average user yet. If you consider HACCP or CODEX decision trees, whether it is completed or
not, they have given a very simple and easily understandable answer with a
diagram where most of the people in food industry actually use it rather than
ISO 22000 or any other, because they are not clearly understandable to the average
user and it keeps you doubting to yourself if you are right or wrong on your
decision making process, if yourself develop a one, instead of using already accepted one.
Accordingly,
we were expecting the technical committee to sort it out at least by this revision,
because most of the private standards are also use these principles as their
base, instead of developing their own. However, technical committee have not yet fulfilled our hopes where most of the users still
will stick to the CODEX, the most clearly explained segregation. But we all
know it is not enough since there is a clear cut line between PRPs and CCPs,
but some of the control points are really don’t fall into any of these categories
and everybody trying to define it and still no clear agreement, because there
is no clarity. Henceforth, many people many consider many CCPs than they should consider
or less than they should consider, which actually depend on various other
factors such as auditors, buyers, company’s budget for quality assurance or
their real understanding. Here is an image from the internet, which was found in Safe
Food 360˚, published in July 30, 2014 by George Howlett, one of my
favorite writers of food safety in Europe, he named it as funny decision tree,
which is actually the case in many organizations around the world. As to his
writing I have taken one another image below to show that how we need to simplify
the decision making process, rather than complexing it for practitioners.
Many
times, in various occasions when I asked experts, they provided some answers,
but at the same time they push the ball back to my court asking me, why don’t you
develop a one. Most of the time, I actually had a one developed, but as already
explained I had the same doubts about it, anyway later-on when many people asking
me about the complexity of decision making part of the standard, it was
published on this blog and it has reached the top of the most viewed articles
list if you look at your left, because as already explained there are lots of
ambiguity in the area of decision making in ISO 22000. However, even after
publishing it, I was not completely satisfied with what was developed and which
was audited by several auditors. However, I was not quite convinced of my own
decision tree or the table, where do you think that an average person will be
okay with what he has done?
Few weeks back, while I was developing the “ISO 22000:2018 Generic Model” which is
already on amazon as a Paperback and Kindle versions, I did several of them
because I’m not convinced once they were completed that they are fully
complying with what standard requests us to comply with. The explanations given
in the standard are vague and generic (look at the below italic text), which is
the usual nature of standards, but areas like segregation of CCPs and OPRPs
should have to have much more comprehensive explanations (like a diagram or
specific method of evaluation) rather than few lines given in the standard. Because
it specifically asking you for a logical sequence and documented information of
how you arrived at your decision, but if an average user can not exactly distinguish
the standard, they will not apply the right sequence for it.
Here
is what ISO 22000:2018 explains about selection and categorization of control measures.
8.5.2.4
Selection and categorization of control measure(s)
8.5.2.4.1
Based
on the hazard assessment, the organization shall select an appropriate control measure
or combination of control measures that will be capable of preventing or
reducing the identified significant food safety hazards to defined acceptable
levels.
The
organization shall categorize the selected identified control measure(s) to be
managed as OPRP(s) (3.31) or at CCPs (3.11).
The categorization shall be carried out using a systematic approach. For each of the control measures selected there shall be an
assessment of the following:
a)
The likelihood of failure of its functioning;
b)
The severity of the consequence in the case of failure of its
functioning; this assessment shall include:
1)
The effect on identified
significant food safety hazards;
2)
The location in relation
to other control measure(s);
3)
Whether it is specifically
established and applied to reduce the hazards to an acceptable level;
4)
Whether it is a single
measure or is part of combination of control measure(s).
8.5.2.4.2
In addition, for each control measure, the systematic approach shall
include an assessment of the feasibility of:
a)
Establishing measurable
critical limits and/or measurable/observable action criteria;
b)
Monitoring to detect any
failure to remain within critical limit and/or measurable/observable action
criteria;
c)
Applying timely
corrections in case of failure.
The decision-making process and results of the selection and
categorization of the control measures shall be maintained as documented
information.
External
requirements (e.g. customer requirements) that can impact the choice and the
strictness of the control measures shall also be maintained as documented
information.
(Source:
ISO 22000:2018, Food safety management systems – Requirements
for any organization in the food chain)
Hence,
I decided to publish what I have done myself which not may be the exactly what
technical committee expected, but it will at least ease the burden of many
users, who will love to use a decision tree logic than a table, until ISO 22000
expert panel or WTC book will give us a possible solution later. Thus, it is an
alternative only, and the responsibility is vested on users to decide
themselves before use it, because there will be lot of models followed by due to
the lack of standard decision tree or a table to decide the fate of CCP or
OPRP. Until such a standard explanation is officially exists, you can try my
decision tree model for ISO 22000:2018 and the decision table with some logical
sequence, which may not be the one exactly on experts mind.
The
following assumptions were used while developing the ISO 22000:2018 decision
tree.
1. If a control measure
do not have a measurable critical limit, it cannot be considered as a CCP according
to the general understanding in the industry.
2. If there is no
possibility to monitor measurable critical limits or observable action criteria,
such control measures cannot be used as a CCP or a OPRP which needs to be
modified to control or monitor.
3. The word “TIMELY” has
been considered as “OPPORTUNE”, which generally means that a product that will
not be potentially harmful for the general public if the control measure is
failed and still there is an opportunity to do the corrections without
effectively harming the product. Hence, it shall be considered as a OPRP.
4. The Q5, can be
considered as the segregation point for OPRPs and CCPs, because most of the “part
of combination of control measures are usually categorized under OPRPs. But the
standard still specifically instruct you to get a logical sequence and answers
for all other 3 feasibility criteria mentioned before finalize your decision.
ISO 22000:2018 Decision Table
thanks for you support
ReplyDeletewhen the answer is '' NOT A CCP'', then what is it? A PRP ?
ReplyDeleteYour question should be more elaborated to understand if the answer is "not a CCP" then it can be a PRP or an OPRP. However, in situations where a hazard is controlled by a subsequent process step to a acceptable level through an OPRP or a PRP can be opt out by implementation of a specific raw material criteria which will eliminate the burden from your shoulders rather than considering complex control methods (so your control becomes a PRP as it is a supplier control program). Thus, it depends on the situation, where it needs more information to provide a complete answer for your question, but in short: it can be a PRP or OPRP but not necessarily.
ReplyDeletevindika, Yes, for OPRP program normally identified through Hazard analysis steps if the hazard does not pose unacceptable level harm to human consumption. PRP is identified as general GMP covering all aspect specified in COdex Alimentarius. I also wondering WHY the decision trees questionnaires never get any revision or up-dates from the Technical committee because those questions were quite useless and meaningless in some situation. I ask people to use other methodology to confirm the presence of food hazards instead of decision tree diagram. There are many other methodologies to identify the occurrence of food hazards using statistical process control.
DeleteYeah, SPC is a good method,however the OPRPs are basically CPs in HACCP,isn't it? But if you consider Allergen management, the PRP has a major role in prevention. Thus, decision trees or tables or any other methods does not matter, what matters here is the prevention of the food safety outbreaks. Hence, use of all the methods are important to achieve the targeted/desired controls over the food. It's true that technical committees don't promote the decision trees anymore other than Codex I believe, that may be the reason they are not working on it. However, it is the best tool that an average person can understand this technical jargon up to a certain level at the beginning. That's one of the reasons, I develop this, because you should see those requirements given in the standard, they are not very user friendly or sequenced to apply in a decision tree. So it is you who should decide how to use them according to the expectations. Because new format of ISO 22000:2018 has given the control of the system requirements to the producers, manufacturers and the customers, which does not necessarily mean that you are relieved, instead you are under more tight leash.
ReplyDeleteCould you please give me a clarity on 8.5.2.4.1, b), 2) The location in relation to other control measure
ReplyDelete
DeleteHi Solo,
Here is what
In 8.5.2.4.1 b)
2) The location in relation to other control measure(s); is
The question is two dimensional and it basically focus on; if your production process is completely eliminating the risk at another CCP (it means complete reduction at a CCP or reduction of proliferation of a particular hazard), or how it is critical to the prevention of the contamination or reduction of pathogen introduction to the product or intensify it.
It also has a second consideration of; if the control measure is able to reduce the hazard to an acceptable level based on where the control measure located physically, establish quantifiable limit and how fast can you react on the deviation.
However, out of two basic explanations above, the major consideration on this question basically focused on the Q3 of the above decision tree given as it is a process designed to select CCPs as to my understanding. On the other hand, you can also focus on other decision trees available on ISO 22000:2018 and see what they have considered on the specific criteria they have focused on for your improvement.
Nope, it is basically the ISO 22000:2005 has specific requirements which are less than 2018 version. However, basically both almost same but the order and details it required has few differences to 2005 version.
ReplyDeleteHi Vindika, i dont now method determine " a. The likelihood of failure of its functioning" Can you Can you show me how to evaluate the possibility of failure?
ReplyDeleteHi,
DeleteThe likelihood of failure of its functioning, can basically address the same way like contamination or proliferation of a microbe is been addressed in the system using the risk matrix where severity and consequence to be calculated using the industry known data that links to the possible failures identified in the specific food product you are manufacturing. If you consider a complete loss of function in a step or a process/non-process, it is clearly functional failure. However, a functional failure in the food safety risk is that the inability to function at the level of performance that has been specified as satisfactory for the food been manufactured for human/animal consumption. Functional failure can lead to catastrophic damage to the system, product or the intended users.
For an example just consider that recent COVID – 19 pandemic, US had a Global Pandemic Response Team, which was created under Obama administration due to their experience with Ebola Virus as well as history. Once, Mr. Trump came in, he thought it’s a white elephant and wasting money on keeping it while experts hired there was sleeping because there isn’t any Global pandemics. As any usual businessmen he just saw the waste and didn’t consider it as a preventive action, so he dismantle it to earn credit from general public and discredit Mr. Obama. Look what happened, now he has to react to the situation with Deserter Response Act instead of prevention to address his own stupidity rather than considering a fact based more scientific action before act on it. Because even if it is costly to maintain a bunch of experts, if they were still there and they would have been working on background since they have heard of the events and it would have been completely different picture then, but now it was history and all the damage is done.
Thus, it is mandatory to evaluate every step with its possible functional failures which can lead to the food safety problems, that you haven’t anticipated yet or never happen in your country or region, but consider entire global scenario and try to find out credible failures with citations related to such cases (equipment, product, process or step) and keep a record of it and consider preventive actions that has to be taken, instead of focusing reaction to the situation in a later date.
Hello, for ISO22000: 2018, for every control measure that i have listed out for each hazard identified, i will need to categorise whether it is OPRP or CCP? and i need to include all the OPRP into for hazard control table?
ReplyDeleteThe Simple answer is YES. However,
Delete1. You have to justify if it is a Significant Food Safety Hazard, If so..
2. Scientifically decide if it is a CCP or OPRP based on the requirements given in the Standard. In addition, if it is a non-process control point, then it definitely become an OPRP. If not, you may still need to comply with environmental sanitation and other relevant PRPs.
3. When it comes to documentation, you can decide if it is a table or spread sheet or any other method. So yes you have to fill your tables, but you have to provide sufficient details to show how you achieved your decision logically. Please read my new article "ISO/FSSC 22000:2018 Decision Tree Model" on above link.
Mr. Vindika may I know if this decision tree is accepted by auditors
ReplyDeleteDear Nuvan,
DeleteI don't know if any auditor will accept this or not, but you should use my most updated version of this decision tree, not exactly this one, because it is more clear and logical. What I can exactly say is that, I still didn't see a better one myself yet anywhere else, so it is up to you to decide and use. Then if you get rejected, let me know why exactly your auditor is rejecting it and get him explains what he wants. Then you can build a better one and let everyone know what problems my decision tree has by writing a comment here. Then I will correct it or let you know if he is right about it. I like to see more comments and suggestions from anyone interested.
Hi,
ReplyDeletei have a question
in Q6, ask : Does the measurable Critical Limit or observable action criteria??
If No that is OPRP. But then ask in Q7: does the monitoring is feasible with measurable Critical Limit or observable action criteria??
(in Q6 already confirmed there is no measurable Critical Limit or observable action criteria (OPRP). Then how can ask in Q7does the monitoring is feasible with measurable Critical Limit or observable action criteria?? Please Explain
Hi Mushtaq,
ReplyDeleteI already left a note at the end of this article, that there is a new improved model which you must use(ISO 22000:2018/FSSC 22000 Decision Tree Model) if you want to use it. However, as to your question,it seems like you have miss the point that standard tells you that it must be a single measure instead of combination of control measures. Thus, you have to check your measure against single measure or not that's why this question was asked for further to trickle down the decision. You must read the above article mentioned which will clarify your thoughts I think.
Thanks
Hi,
ReplyDeleteYou mentioned as function in a step or a process/non-process
What is different
step vs process vs non process