ISO 22000:2018 Structural Changes

What Really Changed in ISO 22000:2018

Considering these food safety problems and trade issues generated over the time, the International Standard Organization developed the ISO 22000 Food Safety Management System to harmonize the requirements of various food safety standards into integrated food safety management system while eliminating lots of trade issues faced on exports. Thus ISO 22000 is an international, auditable standard which specifies the requirements for food safety management system by incorporating all the elements of Good Manufacturing Practices (GMP) and Hazard Analysis Critical Control Points (HACCP) together with a comprehensive management system. The standard ensures the complete food safety of entire food supply chain while satisfying global food safety statutory and regulatory requirements. It promotes the conformity to the international standard of the product or services offered by providing the assurance of quality, safety and reliability. 

According to the Food safety experts in the field, set of well-functioning prerequisite programs (PRPs) initially simplify and strengthen the HACCP plan, where ISO 22000:2005 was a HACCP-type standard which fits very well with ISO 9001:2000 because, it was especially developed to assure food safety. ISO 22000 has dynamically combine the HACCP principles and application steps with prerequisite programs, using the hazard analysis to determine the strategy to be used to ensure hazard control by combining the prerequisite programs and the HACCP plan. Nevertheless, ISO 22000:2005 was the first in a family of standards which was entirely focused on food safety that introduced focusing entire food chain.

Strong Bondage of Sister Standards

However, the several food safety standards evolve overtime, but most of them are based on the guidelines of ISO 22000 and HACCP, hence adhering to ISO 22000 usually covers minimum compliances which are required internationally. Hence, rest of the additions are basically applied in private standards such as FSSC 22000, etc. Nonetheless, standard directly refers its sister standards for application of traceability, prerequisite programs and certification and auditing. However, the ISO 22000 released its first revision in 2018, where the current applicable standard is ISO 22000:2018 and it has strongly emphasized the use of its sister standards which are usually applied together based on the specific requirements in the supply chain that includes the following documents:

[  ISO/TS 22003:2013, Food safety management systems – Requirements for bodies providing audit and certification of food safety management systems.

[  ISO/TS 22004:2014, Food safety management systems – Guidance on the application of ISO 22000.

[  ISO 22005:2007, Traceability in the feed and food chain – General principles and basic requirement for system design and implementation.

[  ISO 22002-I:2009, Prerequisite programs on food safety – Part I: Food manufacturing.

The ISO/TS 22002 series further specifies requirements and guidance for establishing, implementing and maintaining prerequisite programs (PRPs) to assist in controlling food safety hazards. These Technical Specifications are:

ISO/TS 22002‐1 Prerequisite programs on food safety ‐ Part 1: Food manufacturing

ISO/TS 22002‐2 Prerequisite programs on food safety ‐ Part 2: Catering

ISO/TS 22002‐3 Prerequisite programs on food safety ‐ Part 3: Farming

ISO/TS 22002‐4 Prerequisite programs on food safety ‐ Part 4: Food packaging manufacturing

ISO/TS 22002‐6 Prerequisite programs on food safety ‐ Part 6: Feed and animal food production.

Hence, FSCC 22000 was initially claiming that ISO 22000 is not a comprehensive standard due to use of PRP, supplier evaluation and selection, traceability, food security and food allergen, tec., has not been clearly adapted where new version has emphasized these requirements when and where necessary. However, more than that the ISO 22000:2018 has open-up the opportunities to organization to decide product specific and industry specific, statutory regulatory, customer or any interested party’s requirements to cater instead of working on a completely fixed format. Thus, standard provides certain flexibility to move away from bare minimum requirements to go beyond the private standards.  

The standard specifies the requirements for a food safety management system (FSMS) that combines the following generally recognized key elements to ensure food safety along the food chain, up to the point of final consumption, that are,

1. Interactive communication
2. System management
3. HACCP principles
4. Prerequisite programs

In addition to the previous version of above elements, standard is further extend on the principles that are common to ISO management system standards, particularly the Annex SL format or high level structure which are;

5. Customer focus
6. Leadership
7. Engagement of people
8. Process approach
9. Improvement
10. Evidence-based decision making
11. Relationship management

Adaptation of Annex SL

Since ISO has hundreds of different standards, there was a requirement for common platform to reduce merging issues as well as updating them in a regular manner where ISO developed a common platform in few years back. The objective was to provide identical structure, text and common terms and definitions for management systems standards of the modern tech savvy global economy. The platform, known as Annex SL, or the high level structure was designed to ensure consistency among future and revised management systems standards, while making the standards easier to read and be understood by users, and greatly aid with the integration of multiple standards within one organization.

Annex SL is promised to be a new approach to management system format that helps streamlining the creation of new standards, and implementation of multiple standards within one organization easier. The Annex SL replaces ISO’s Guide 83, which previously provided a base structure and standardized texts for management system standards (MSS). Initially, guide 83 was started to address complaints that many have received when integrating MSS like ISO 9001, ISO 14001, ISO 22000, and ISO 2700, etc.  In addition, Annex SL also addresses much of criticism expressed by organizations integrating multiple management systems, because these standards have common elements, which are described and organized differently, making it difficult for organizations to implement multiple standards.

Thus, major clause numbers and titles of all ISO management system standards will be identical, such as the introduction, terms and definitions and operation, where introduction, scope and normative references will have content which is specific to each discipline and each standard can have its own bibliography. Overall, there is a reorganizing of management system requirements into this structure that may be unfamiliar, but some of the management system standards have already successfully migrated to this new structure such as ISO 9001, ISO 22000, etc.

Thus, Annex SL addresses these issues by creating a template upon which ISO MSS are to be built, where it was primarily developed as a guide to those who draft the standards. Hence, core of Annex SL consists of 8 clauses and 4 appendices that encompass a “high level structure” (essentially shared high level concepts among standards), shared terms/definitions and actual shared clause titles and text. The appendix three is in three parts which are high-level structure, identical core text and common terms and core definitions. Despite the fact that, these standards have common elements, they are described and organized differently, making effective integration difficult. Hence, development of Annex SL has improved the use of the same structure, as well as commonly used terms and definitions, will make it far easier, less time-consuming, and consequently cheaper to implement, integrate, and maintain standards. Nonetheless, Annex SL has enabled organizations to enhance alignment among ISO’s management system standards, while facilitating their implementation for organizations that may need to simultaneously meet the requirement of two or more such standards. As a result of application of Annex SL in the development of new standards, approximately 30% or so of each new and revised standard will contain identical text.

The intent of adaptation of Annex SL to create ISO 22000:2018 food safety management system to have the same overall look and feel, where all other ISO standards will progressively migrate during their next phase, thus creating opportunities to use in multiple platform initiatives.  In addition, Annex SL provided the framework for a generic management system, with options for the addition of discipline-specific requirements such as HACCP to make fully functional standard while integrating with other standards such as quality, environmental, service management, business continuity, information security and energy management.

Considering the MSSs writers, Annex SL provides the template for their work, which promote concentration of their development efforts on the discipline-specific requirements of the given MSS that focused on clause 8 – Operation while eliminating additional works for rest of the works that can be synchronized easily between multiple systems. For management system implementers, Annex SL provides an overall management system framework within which they can pick and choose what discipline-specific standards they need to include, which will minimize the conflicts and duplication, confusion and misunderstanding from different MSSs. For management system auditors, there will be a core set of generic requirements that need to be addressed for all audits, no matter what discipline to be audited. Nonetheless, it could drive the development of auditor training, by addressing the common core set of requirements with additional training for discipline-specific requirements.

ISO 22000:2018 Gap Analysis and Internal Audit

How to Get Started on ISO 22000: 2018

How are you going to assess your system whether it is complying with ISO 22000:2018 version? This was a critical question raised by several readers recently through my personal mail. Hence, it looks like this is an interesting area to make bit of an exploration. Thus, lest see what shortcuts available to evaluate system gap and how it should be carried out. If the processing plant already got certified for ISO 22000:2005 system certification, definitely it has most of the requirement, but very critical to be not all the requirements suggested by the 22000:2018 version, since standard has been updated with several ways, where food safety team’s first act should be to conduct a gap analysis. However, if the plant is not certified for the ISO 22000 FSMS, then it will be a preliminary analysis where organization need to follow a different path, because it has to start from the scratches because it is a completely a new system which do not require to understand differences between two versions of the same standard. Instead purchase the new version, study it and follow the guidelines while building a new system, which is less complex operation even through you need much longer time to build and operate.  On the other hand, selected FST needs to participate in several trainings before start building a new system and at the same time hiring a subject expert will give a better relief since he will guide organization through the process.

Several readers are critically interesting in internal audits, which actually comes at the latter stage of the system development, because there should be an ongoing system with enough data to evaluate it; usually minimum of three months. Most of the internal audit related activities, basic requirements, process flow and conducting audit as well as their pros and cons were discussed in here long before where they are still applicable and useful information. Hence, it is user’s responsibility to find out basic requirements as well as good training to update themselves with how to conduct an internal audit or mock audit as well as how to face third party audits such as certification audits, surveillance audits, unannounced audits, compliance audits by clients or their third-party nominees, etc. Nonetheless, it is manufacturer’s responsibility to conduct supplier audits at pre-agreed intervals as well as to conduct compliance audits with newly selected suppliers. Thus, it is an endearing work, if you know the subject well and pre-prepared before starting to work on it.

Gap Analysis

Consider that organization already got an existing ISO 22000:2005 system, and the organization is planning to upgrade to ISO 22000:2018 version, where its FST need to read the standard in first place. Hence, understanding the technical jargon in the standard will require some time if FST has less experience people who new to the subject, but eventually it will penetrate into the basics that they already know. Nonetheless, there are ample resources to understand gap analysis and how to conduct a one, which are posted in many website or blogs that you required to read. Thus, you should carefully understand the newly adapted requirements in the standard which is not currently available in your existing system. Write-down what are the new requirements added and how they have been placed, because ISO 22000:2018 has adapted the Annex SL format of ISO which is also call the high-level structure. Therefore, your system documents required to adjust with new structure while considering major structural changes proposed.

The structural and contextual changes are also a public domain information right now because there are hundreds of articles already published about the new changes where it is practitioner’s responsibility to spend some time in the internet and find it out. This will be an easy task, instead of reading the standard or comparing it with previous version intending to find out what they have changed and wondering how you should apply it. It is actually a job of experts, who has already critical views or explanations about it. Thus, go read the stuff, don’t waste your time while trying to reinvent something that already available which is a waste of valuable time. This exercise will give you a better understanding of the new changes of the standard where you have to note down new features added to the standard as well as old features omitted from it. The activity will easily cover the gap analysis which food safety team leader can conduct as a team work while managing to expose his food safety team to update their knowledge. The best option is to participate some training programs and do involve in home work to understand the new changes as explained. Assign some of the tasks to your team based on their expertise and subject knowledge, where you need to send your team or participate yourself on ISO 22000:2018 new features or whatever it calls to upgrade older version. The internal audit training should come after the given homework which will help the understanding of the subject greatly.

Nonetheless, follow existing gap analysis models or formats which you can find in the internet if you are unable to prepare your own one. The best way to work on gap analysis formats is to find some reliable formats and customize them according to your requirements and understanding of the specific production facility you are working on. Once you complete your gap analysis format conduct a gap analysis, first on the system documents to understand the gap to be bridged and then on the evidences that are to be collected as records or documented information. Then move it to the production areas to evaluate practical changes required to amend the system. As to the new changes, documented information has replaced previously used terms in system documentation work. But it is a tricky wording, where you should still manage all the relevant documents you managed before, may be more and nothing less. However, they have simplified the process by clubbing some of the procedures to make one and sometime it demands for more procedures or new additions in some areas such as PRPs.

Internal Audits

The standard has changed little bit of its way of deciding on how to select CCPs and OPRPs where you need to change your hazard analysis documents to align with it. Nonetheless, there are drastic changes to wording of the standard instead of the core. Consider the HACCP which was discussed in previous version which has been almost completely eliminated from the standard, but they have kept the practices as it is in most instances with different wording. The decision making on CCP and OPRP has been slightly changed but what happens there was actually new sequence has been introduced to the old wording while adding some new parameters, but they haven’t given a clear cut idea on it yet.

Back to the internal audits, you need to consider all these such small instances changed in the standard as well as major drastic changes like structural changes. Reduce the number of documents you need to keep in here and there and concentrate them in to specific locations from your previous standard while cutting down the repetition. Once you have done all these activities, it will be the time to conduct a mock audit or testify your internal audit system once again. Validation, verification and internal audits are different parts of the internal audit process, hence you need to conduct validation and verification studies for the newly developed or updated system. Initially follow a complete documentation audit before you move to the production floor. Consider all aspects of the documents including every minor details such as date, version, authorization, etc., once you completed the documentation audit, then conduct validation studies for CCPs and OPRPs. Validation of control measures may require you to adjust or reinvent existing control methods or critical limits, thus use of an expert/consultant may help you to reduce problems you may encounter during this process. Nonetheless, you may have to adjust your PRPs according to the new requirements while validating them or completely adding new PRPs with different set of requirements based on the process. Justify your changes and revalidate where required while updating documented verification results for every control point considered.

Once the mock audit, validation, and verification studies are completed, the system required to run at least three months to gather reliable information to understand if the new system accurately deliver intended results. Hence, now it is the time to conduct full internal audit on all aspects of the system, while preparing complete analysis on each area of consideration. The internal audit documents are to be prepared based on the specific requirements of the production, where it is not possible to explain exact activities required for internal audits other than usual procedures. However, following a generic internal audit requirements will greatly help to cut down the additional time where you can check out ISO 22000:2018 GENERIC MODEL on Amazon bookstore which provides all the basic formats you required. The internal audits has not introduced drastic changes in the current version, but there are differences in the process which you can observe by considering to buy the standard.

As to the ISO 22000:2018 it request organization to conform to its own requirements for the developed FSMS as well as to the ISO 22000:2018 while it effectively implemented and maintained. Further to that, standard demands organization to a) plan, establish, implement and maintain an audit program(s) including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the importance of the processes concerned, changes in the FSMS, and the results of monitoring, measurement and previous audits. Thus, b) define the audit criteria and scope for each audit and c) select competent auditors and conduct audits to ensure objectivity and the impartiality of the audit process. Nonetheless organization shall d) ensure that the results of the audits are reported to the food safety team and relevant management while e) retaining documented information as evidence of the implementation of the audit program and the audit results. In addition, organization shall f) take the necessary correction and corrective action within agreed time frame while g) determining  if the FSMS meets the intent of the food safety policy (5.2), and objectives of the FSMS (6.2) (reference ISO 22000:2018).