Sunday, August 12, 2018

ISO 22000:2018 Decision Tree


ISO 22000:2018 Determination of CCPs and OPRPs 
If you search the web these days, you will come across with hundreds of articles explaining what’s new in the ISO 22000 standard and many explanations regards to adaptation of new requirements. Hence, it was obvious to find out ISO 22000:2018 new decision tree or a decision table of logical sequence to apply CCP and OPRP segregation. Unfortunately, if you search the web, you still find only the old explanations of such decision trees and if you further try to find out them as images of such logical sequence surprisingly most of them are published in ISO 22000 resource center in various articles. Thus, I decided to publish a new decision tree for ISO 22000:2018 version which I recently developed for my ISO 22000:2018 Generic Model published on amazon kindle. As to the last article, it briefly discussed what’s new in the standard and how it is going to affect your existing systems as well as new systems that are to be waiting for the development. Since many articles talk about the various sections of the standard, it is not very important at this point to comment on them, but there will be several new articles explaining the changes in the standard as well as expert views on the subject.

The irony of the ISO 22000:2018 standard revision is that, the standard has kept segregation of CCP and OPRP as mystery yet or most ambiguous puzzle yet as it was kept for last 13 years. Anyway, they have cleaned up the idea somewhat and some of the previous words were taken off while adding few more, but they have failed to simplify it, where it is our speculation that, even the expert panel may not have fundamental agreement or complete understanding of how they are exactly segregate CCPs and OPRPs. Thus, they have kept adding more and more parameters to the CODEX decision tree model but they haven’t clear it with a proper generic model such as a decision tree or a decision table or any other method while keeping the ball in manufacturer’s courtyard. As to the food safety, segregation of CCPs and OPRPs are the most important part of the operation, but after four years of discussions and meetings, it is look like the expert panel has not found any suitable solution to it rather than complexing it for average man to understand.

The HACCP plan has been changed to Hazard control plan and HACCP word is officially out from the standard, but it is obvious that people will not remove HACCP decision tree officially from the systems unless there will be an official decision tree. Because decision trees are very easy to distinguish and understand for an average intelligent person and standard also requesting a logical sequence for decision making process. As a skeptic, I have kept my eye open for may be last 10 years at least to the internet, ISO 22000 books, updated ISO 22004, online forums, sessions, conferences and I have asked hundreds of auditors, many trainers and consultants, but unfortunately no body was ever able to give me a completely satisfying answer or an easy solution that may be very important to the users. Because it is the most ambiguous area of the standard to any average user yet. If you consider HACCP or CODEX decision trees, whether it is completed or not, they have given a very simple and easily understandable answer with a diagram where most of the people in food industry actually use it rather than ISO 22000 or any other, because they are not clearly understandable to the average user and it keeps you doubting to yourself if you are right or wrong on your decision making process, if yourself develop a one, instead of using already accepted one.

Accordingly, we were expecting the technical committee to sort it out at least by this revision, because most of the private standards are also use these principles as their base, instead of developing their own. However, technical committee have not yet fulfilled our hopes where most of the users still will stick to the CODEX, the most clearly explained segregation. But we all know it is not enough since there is a clear cut line between PRPs and CCPs, but some of the control points are really don’t fall into any of these categories and everybody trying to define it and still no clear agreement, because there is no clarity. Henceforth, many people many consider many CCPs than they should consider or less than they should consider, which actually depend on various other factors such as auditors, buyers, company’s budget for quality assurance or their real understanding. Here is an image from the internet, which was found in Safe Food 360˚, published in July 30, 2014 by George Howlett, one of my favorite writers of food safety in Europe, he named it as funny decision tree, which is actually the case in many organizations around the world. As to his writing I have taken one another image below to show that how we need to simplify the decision making process, rather than complexing it for practitioners.  

Many times, in various occasions when I asked experts, they provided some answers, but at the same time they push the ball back to my court asking me, why don’t you develop a one. Most of the time, I actually had a one developed, but as already explained I had the same doubts about it, anyway later-on when many people asking me about the complexity of decision making part of the standard, it was published on this blog and it has reached the top of the most viewed articles list if you look at your left, because as already explained there are lots of ambiguity in the area of decision making in ISO 22000. However, even after publishing it, I was not completely satisfied with what was developed and which was audited by several auditors. However, I was not quite convinced of my own decision tree or the table, where do you think that an average person will be okay with what he has done?

Few weeks back, while I was developing the “ISO 22000:2018 Generic Model” which is already on amazon as a Paperback and Kindle versions, I did several of them because I’m not convinced once they were completed that they are fully complying with what standard requests us to comply with. The explanations given in the standard are vague and generic (look at the below italic text), which is the usual nature of standards, but areas like segregation of CCPs and OPRPs should have to have much more comprehensive explanations (like a diagram or specific method of evaluation) rather than few lines given in the standard. Because it specifically asking you for a logical sequence and documented information of how you arrived at your decision, but if an average user can not exactly distinguish the standard, they will not apply the right sequence for it.


Here is what ISO 22000:2018 explains about selection and categorization of control measures.

8.5.2.4 Selection and categorization of control measure(s)

8.5.2.4.1
Based on the hazard assessment, the organization shall select an appropriate control measure or combination of control measures that will be capable of preventing or reducing the identified significant food safety hazards to defined acceptable levels.
The organization shall categorize the selected identified control measure(s) to be managed as OPRP(s) (3.31) or at CCPs (3.11).

The categorization shall be carried out using a systematic approach. For each of the control measures selected there shall be an assessment of the following:
a) The likelihood of failure of its functioning;
b) The severity of the consequence in the case of failure of its functioning; this assessment shall include:
1)      The effect on identified significant food safety hazards;
2)      The location in relation to other control measure(s);
3)      Whether it is specifically established and applied to reduce the hazards to an acceptable level;
4)      Whether it is a single measure or is part of combination of control measure(s).

8.5.2.4.2
In addition, for each control measure, the systematic approach shall include an assessment of the feasibility of:
a)      Establishing measurable critical limits and/or measurable/observable action criteria;
b)      Monitoring to detect any failure to remain within critical limit and/or measurable/observable action criteria;
c)      Applying timely corrections in case of failure.

The decision-making process and results of the selection and categorization of the control measures shall be maintained as documented information.

External requirements (e.g. customer requirements) that can impact the choice and the strictness of the control measures shall also be maintained as documented information.

(Source: ISO 22000:2018, Food safety management systemsRequirements for any organization in the food chain)

Hence, I decided to publish what I have done myself which not may be the exactly what technical committee expected, but it will at least ease the burden of many users, who will love to use a decision tree logic than a table, until ISO 22000 expert panel or WTC book will give us a possible solution later. Thus, it is an alternative only, and the responsibility is vested on users to decide themselves before use it, because there will be lot of models followed by due to the lack of standard decision tree or a table to decide the fate of CCP or OPRP. Until such a standard explanation is officially exists, you can try my decision tree model for ISO 22000:2018 and the decision table with some logical sequence, which may not be the one exactly on experts mind.


ISO 22000:2018 Decision Tree
The following assumptions were used while developing the ISO 22000:2018 decision tree.  
1. If a control measure do not have a measurable critical limit, it cannot be considered as a CCP according to the general understanding in the industry.

2. If there is no possibility to monitor measurable critical limits or observable action criteria, such control measures cannot be used as a CCP or a OPRP which needs to be modified to control or monitor.

3. The word “TIMELY” has been considered as “OPPORTUNE”, which generally means that a product that will not be potentially harmful for the general public if the control measure is failed and still there is an opportunity to do the corrections without effectively harming the product. Hence, it shall  be considered as a OPRP.

4. The Q5, can be considered as the segregation point for OPRPs and CCPs, because most of the “part of combination of control measures are usually categorized under OPRPs. But the standard still specifically instruct you to get a logical sequence and answers for all other 3 feasibility criteria mentioned before finalize your decision.                     

ISO 22000:2018 Decision Table 

Note:
There is a new version with a more comprehensive approach has been added to the site. Thus, please visit “ISO 22000:2018/FSSC 22000 Decision Tree Model” for more updated information.

17 comments:

  1. when the answer is '' NOT A CCP'', then what is it? A PRP ?

    ReplyDelete
  2. Your question should be more elaborated to understand if the answer is "not a CCP" then it can be a PRP or an OPRP. However, in situations where a hazard is controlled by a subsequent process step to a acceptable level through an OPRP or a PRP can be opt out by implementation of a specific raw material criteria which will eliminate the burden from your shoulders rather than considering complex control methods (so your control becomes a PRP as it is a supplier control program). Thus, it depends on the situation, where it needs more information to provide a complete answer for your question, but in short: it can be a PRP or OPRP but not necessarily.

    ReplyDelete
    Replies
    1. vindika, Yes, for OPRP program normally identified through Hazard analysis steps if the hazard does not pose unacceptable level harm to human consumption. PRP is identified as general GMP covering all aspect specified in COdex Alimentarius. I also wondering WHY the decision trees questionnaires never get any revision or up-dates from the Technical committee because those questions were quite useless and meaningless in some situation. I ask people to use other methodology to confirm the presence of food hazards instead of decision tree diagram. There are many other methodologies to identify the occurrence of food hazards using statistical process control.

      Delete
  3. Yeah, SPC is a good method,however the OPRPs are basically CPs in HACCP,isn't it? But if you consider Allergen management, the PRP has a major role in prevention. Thus, decision trees or tables or any other methods does not matter, what matters here is the prevention of the food safety outbreaks. Hence, use of all the methods are important to achieve the targeted/desired controls over the food. It's true that technical committees don't promote the decision trees anymore other than Codex I believe, that may be the reason they are not working on it. However, it is the best tool that an average person can understand this technical jargon up to a certain level at the beginning. That's one of the reasons, I develop this, because you should see those requirements given in the standard, they are not very user friendly or sequenced to apply in a decision tree. So it is you who should decide how to use them according to the expectations. Because new format of ISO 22000:2018 has given the control of the system requirements to the producers, manufacturers and the customers, which does not necessarily mean that you are relieved, instead you are under more tight leash.

    ReplyDelete
  4. Could you please give me a clarity on 8.5.2.4.1, b), 2) The location in relation to other control measure

    ReplyDelete
    Replies

    1. Hi Solo,
      Here is what
      In 8.5.2.4.1 b)
      2) The location in relation to other control measure(s); is

      The question is two dimensional and it basically focus on; if your production process is completely eliminating the risk at another CCP (it means complete reduction at a CCP or reduction of proliferation of a particular hazard), or how it is critical to the prevention of the contamination or reduction of pathogen introduction to the product or intensify it.

      It also has a second consideration of; if the control measure is able to reduce the hazard to an acceptable level based on where the control measure located physically, establish quantifiable limit and how fast can you react on the deviation.
      However, out of two basic explanations above, the major consideration on this question basically focused on the Q3 of the above decision tree given as it is a process designed to select CCPs as to my understanding. On the other hand, you can also focus on other decision trees available on ISO 22000:2018 and see what they have considered on the specific criteria they have focused on for your improvement.

      Delete
  5. Nope, it is basically the ISO 22000:2005 has specific requirements which are less than 2018 version. However, basically both almost same but the order and details it required has few differences to 2005 version.

    ReplyDelete
  6. Hi Vindika, i dont now method determine " a. The likelihood of failure of its functioning" Can you Can you show me how to evaluate the possibility of failure?

    ReplyDelete
    Replies
    1. Hi,
      The likelihood of failure of its functioning, can basically address the same way like contamination or proliferation of a microbe is been addressed in the system using the risk matrix where severity and consequence to be calculated using the industry known data that links to the possible failures identified in the specific food product you are manufacturing. If you consider a complete loss of function in a step or a process/non-process, it is clearly functional failure. However, a functional failure in the food safety risk is that the inability to function at the level of performance that has been specified as satisfactory for the food been manufactured for human/animal consumption. Functional failure can lead to catastrophic damage to the system, product or the intended users.

      For an example just consider that recent COVID – 19 pandemic, US had a Global Pandemic Response Team, which was created under Obama administration due to their experience with Ebola Virus as well as history. Once, Mr. Trump came in, he thought it’s a white elephant and wasting money on keeping it while experts hired there was sleeping because there isn’t any Global pandemics. As any usual businessmen he just saw the waste and didn’t consider it as a preventive action, so he dismantle it to earn credit from general public and discredit Mr. Obama. Look what happened, now he has to react to the situation with Deserter Response Act instead of prevention to address his own stupidity rather than considering a fact based more scientific action before act on it. Because even if it is costly to maintain a bunch of experts, if they were still there and they would have been working on background since they have heard of the events and it would have been completely different picture then, but now it was history and all the damage is done.

      Thus, it is mandatory to evaluate every step with its possible functional failures which can lead to the food safety problems, that you haven’t anticipated yet or never happen in your country or region, but consider entire global scenario and try to find out credible failures with citations related to such cases (equipment, product, process or step) and keep a record of it and consider preventive actions that has to be taken, instead of focusing reaction to the situation in a later date.

      Delete
  7. Hello, for ISO22000: 2018, for every control measure that i have listed out for each hazard identified, i will need to categorise whether it is OPRP or CCP? and i need to include all the OPRP into for hazard control table?

    ReplyDelete
    Replies
    1. The Simple answer is YES. However,
      1. You have to justify if it is a Significant Food Safety Hazard, If so..
      2. Scientifically decide if it is a CCP or OPRP based on the requirements given in the Standard. In addition, if it is a non-process control point, then it definitely become an OPRP. If not, you may still need to comply with environmental sanitation and other relevant PRPs.
      3. When it comes to documentation, you can decide if it is a table or spread sheet or any other method. So yes you have to fill your tables, but you have to provide sufficient details to show how you achieved your decision logically. Please read my new article "ISO/FSSC 22000:2018 Decision Tree Model" on above link.

      Delete
  8. Mr. Vindika may I know if this decision tree is accepted by auditors

    ReplyDelete
    Replies
    1. Dear Nuvan,
      I don't know if any auditor will accept this or not, but you should use my most updated version of this decision tree, not exactly this one, because it is more clear and logical. What I can exactly say is that, I still didn't see a better one myself yet anywhere else, so it is up to you to decide and use. Then if you get rejected, let me know why exactly your auditor is rejecting it and get him explains what he wants. Then you can build a better one and let everyone know what problems my decision tree has by writing a comment here. Then I will correct it or let you know if he is right about it. I like to see more comments and suggestions from anyone interested.

      Delete
  9. Hi,
    i have a question
    in Q6, ask : Does the measurable Critical Limit or observable action criteria??
    If No that is OPRP. But then ask in Q7: does the monitoring is feasible with measurable Critical Limit or observable action criteria??
    (in Q6 already confirmed there is no measurable Critical Limit or observable action criteria (OPRP). Then how can ask in Q7does the monitoring is feasible with measurable Critical Limit or observable action criteria?? Please Explain

    ReplyDelete
  10. Hi Mushtaq,
    I already left a note at the end of this article, that there is a new improved model which you must use(ISO 22000:2018/FSSC 22000 Decision Tree Model) if you want to use it. However, as to your question,it seems like you have miss the point that standard tells you that it must be a single measure instead of combination of control measures. Thus, you have to check your measure against single measure or not that's why this question was asked for further to trickle down the decision. You must read the above article mentioned which will clarify your thoughts I think.
    Thanks

    ReplyDelete
  11. Hi,
    You mentioned as function in a step or a process/non-process
    What is different
    step vs process vs non process

    ReplyDelete