ISO 22000:2018 Structural Changes – IV

Performance Evaluation

The ISO 22000:2018 revision has changed much on the structure where it has introduced a new section which is called performance evaluation base on the Annex SL format. Since, ISO 22000 is applicable to all organizations in the food and feed industries, regardless of size or sector it needs more integrity to work with combination of other standards. Hence, following the same High-Level Structure (HLS) as other ISO management system standards, such as ISO 9001 (quality management), it is designed in a way that it can be integrated into an organization’s existing management processes but can also be used alone, where integration of performance evaluation has collapse several areas together which are differently considered before. Therefore, following topics has been considered in the given order under performance evaluation.

9.1 Monitoring, measurement, analysis and evaluation

9.2 Internal audit

9.3 Management review

Monitoring, Measurement, Analysis and Evaluation

The section specifically discussed on the major requirements of;

a) What needs to be monitored and measured?

specific areas needs to be considered by the management according to the identified food safety hazards, PRPs, OPRPs and CCPs as well as any other requirements specified by interested parties.

   

b) The methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results;

The specific methods to be employed and the requirements to ensure valid results obtained during the operation as to the pre-specified requirements

c) When the monitoring and measuring shall be performed;

The time lines, intervals for specified activities

d) When the results from monitoring and measurement shall be analyzed and evaluated;

Time line for decision making from the outcome

e) Who shall analyze and evaluate the results from monitoring and measurement.

The responsibilities and authorities for decision making

The objective of the section is to prepare documented information of the procedures to be followed during the course of action against predetermined requirements with appropriate methods and practices. The evidence of the results will be collected in a specified manner to support the next steps of the process such as analysis and evaluation, internal audits as well as management review. Thus, section has completely focus on the system performance while connecting each other in a sequential manner. In the previous version of the ISO 22000:2005, management review was one of the first things which came first before anything, but in the new version it has come out at last because after the initial meeting to set up a food safety management system, it is come as a review meeting where you need information, results and outcomes to manage a review. 

Analysis and evaluation

As it is specified in the standard “The organization shall analyze and evaluate appropriate data and information arising from monitoring and measurement including the results of verification activities related to PRPs and hazard control plan (8.8 and 8.5.4), the internal audits (9.2) and external audits”. Thus, section should specify the relevant methods that are used evaluate and analyze obtained results as explained in the above section which will be applied here to make decisions based on the system performance. Hence, it further explains where analysis shall be carried out in order to:

a) Confirm that the overall performance of the system meets the planned arrangements and the FSMS requirements established by the organization;

b) Identify the need for updating or improving the FSMS;

c) Identify trends which indicate a higher incidence of potentially unsafe products or process failures;

d) Establish information for planning of the internal audit program related to the status and importance of areas to be audited;

e) Provide evidence that any corrections and corrective actions are effective.

The results of the analysis and any resulting activities are documented as specified and kept for further references during internal or external audits, management reviews as well as to improve the FSMS while identify trends for future considerations.

Internal Audit

As of internal audits, there is no much difference to the scope of the activities from the previous version, most of the standard audit practices are included as the previous version. Hence, if you have a previous audit procedure which can be used in the new system with minimal changes where you should consider anything if you have missed in the following areas given in the standard.

As it explains the organization shall conduct internal audits at planned intervals to provide information on whether the FSMS is conforms to the organization’s own requirements for its FSMS and the requirements of this document, as well as if it is effectively implemented and maintained.

Nonetheless, organization also need to have to plan, establish, implement and maintain an audit program(s) including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the importance of the processes concerned, changes in the FSMS, and the results of monitoring, measurement and previous audits. The program must define the audit criteria and scope for each audit while selecting competent auditors and conduct audits to ensure objectivity and the impartiality of the audit process. Ensure the results of the audits are reported to the food safety team and relevant management while retaining the documented information as evidence of the implementation of the audit program and the audit results. The evidence should further specify the necessary correction and corrective action taken within agreed time frame, to determine if the FSMS meets the intent of the food safety policy (5.2), and objectives of the FSMS (6.2).

In addition, follow-up activities by the organization should include the verification of the actions taken and the reporting of the verification results.

Management Review

As of previous version, management review has no much difference where your previous procedure can be reused with slight modifications. It requests top management to review the organization’s FSMS, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness. Hence, the management review input and the output has no much difference either where your company specifications based on the product manufactured and the requirements of the interested parties may add few more specific requirements to the scope. Thus, only difference is the scope has been widened than the previous version including monitoring, measuring analysis, evaluations and audits.    

Management review input

The management review request you to include consideration of:

a) The status of actions from previous management reviews;

b) Changes in external and internal issues that are relevant to the FSMS including changes in the organization and its context (4.1);

c) Information on the performance and the effectiveness of the FSMS, including trends in:

1) Result of system updating activities (4.4 and 10.3);

2) Monitoring and measurement results;

3) Analysis of the results of verification activities related to PRPs and the hazard control plan (8.8.2);

4) Nonconformities and corrective actions;

5) Audit results (internal and external);

6) Inspections (e.g. regulatory, customer);

7) Performance of external providers;

8) Review of risks and opportunities and of the effectiveness of actions taken to address them (6.1);

9) Extent to which objectives of the FSMS have been met.

d) The adequacy of resources;

e) Any emergency situation, incident (8.4.2) or withdrawal/recall (8.9.5) that occurred;

f) Relevant information obtained through external (7.4.2) and internal (7.4.3) communication, including requests and complaints from interested parties;

g) Opportunities for continual improvement.               

Considering the above factors it is basically the same management review model without major differences, where it further requests you to present data in a manner that enables top management to relate the information to stated objectives of the FSMS.

Management review output

As usual management output also similar to its predecessor which request to include decisions and actions related to continual improvement opportunities as well as any need for updates and changes to the FSMS, including resource needs and revision of the food safety policy and objectives of the FSMS. The relevant information must be retained as documented information for evidence of the results of management reviews.

While adapting to the new format, the performance of the system is being evaluated and organized under a single section where it has given greater opportunities for merging any ISO standard manufacturer intended to follow. Thus, inclusion of additional audit requirements to a single procedure has been possible with reduction of complexities while adapting a single format.

Reference: ISO 22000:2018 Standard 

ISO 22000:2018 Structural Changes – III

The Documentation Process

The major changes in the standard applied in documentation process, since Annex SL format has adjusted its wording from documentation and record keeping to documented information in the recently modified versions of ISO standards. Hence, at the documentation level, the standard has flatten its controls while introducing the bare minimum thus, releasing the complete responsibility to the user, which is one of the best improvements, because standard 3^rd party auditors are crazy and hectic headache to users. They change their documentation requirements from one audit to another, person to person, organization to organization if they couldn’t find any minor concerns, but they mostly ignored major concerns to retain the client. Now company can decide what documents to be kept, at which format, the way they want to document, and what documents are really required based on the process requirements, but it doesn’t mean that company do not require documentation. Thus, there are mandatory documented information as evidence of proper implementation and maintenance, which is mentioned in the standard without basically dictating whether it is a manual or a procedure or a work instruction or something else. 

However, considering the documented information, it still requires much more than it asked from the food manufacturer where it is best advised to consider the original documentation model or what we call the documentation pyramid to ease the development of better FSMS. The company can eliminate the manual, but manual can be used as an explanatory document of company’s food safety/quality system which can amalgamate several ISO standards together such as ISO 9001, ISO 22000, ISO 14001, etc. Thus, common Annex SL can be used to setup initial documents and references to the relevant procedures or secondary documents as well as system performance documents, while linking several standard together to build a single company manual. Nonetheless, it also provide the opportunity to club all the relevant documents to a one place while using them in a flattened structure.

Considering the mandatory documented information, the standard still requests to provide hazard analysis, PRPs, CCPs, OPRPs, hazard control plans, and procedures or sort of evidence of protocols for the below mentioned areas.   In addition, same procedures and activities are applied to the prerequisite programs and operational prerequisite programs identified according to the risk levels of the product manufactured.   

The ISO 22000 management elements are handled through mandatory documented information in addition to the above mentioned areas which consists of;

1.   Control of documented information

2.   Statutory, regulatory and customer requirements

3.   Communication

4.   Product identification and traceability

5.   Emergency preparedness and response 

6.   Corrections and corrective actions

7.   Handling of potentially unsafe products

8.   Withdrawals and recalls

9.   Internal audits

10. Management review 

Some of these procedures are not requested as procedures directly, but as documented information, but practitioners of ISO 22000 can consider to write them as procedures since it is easier to upgrade from previous model to the new version without much documentation work rather than completely revising the existing system. Nonetheless, some of these requirements are basically identical to ISO 9001, and compatible with its requirements, thus it can be used in harmony if required. The ISO 22000 FSMS has procedure for emergency preparedness and response, which is inherited from reputed safety standards while it is also identical to ISO 9001. The organization and the top management must be prepared to respond to potential emergency situations and accidents that can impact on food safety. These can include incidents such as fire, flooding, bio-terrorism and sabotage, energy failure, vehicle accidents, contamination of the environment, various types of weather-related events, or the impact of a pandemic.

 

Hence, food safety management system needs to be documented as it requires documented information. This means that the organization must have, as a minimum, a written food safety policy and related objectives, the procedures/way of execution/rules and performance evidence as required by ISO 22000 as well as any other documented information that might need to ensure the effective development, implementation and updating of the system. In addition, organization will not only need to document its policies and procedures but it also need to have a procedure for controlling its documentation and records, because food safety management systems will change over time, as will the people doing the activity. Therefore, one reason for controlling documented information is to ensure that the individual using the document has the most recent version of the document. Part of document control ensures that all the proposed changes are reviewed prior to implementation which determines their effects on food safety and the impact on the management system.

The documentation system is still identical to the ISO 9001 which consisted of four layers in its previous version that has been flatten in the latest revision in 2015. As the organization develops its food safety management system, it has been advised to carefully document its activities. These will include the written food safety policy and related objectives, food safety procedures and the required records as to pervious terminology, even though their names have been changed to a generic documented information. Further, the scope of the required documentation has been extended wherever possible. For example, in establishing your control measures you are required to document your hazard analysis and hazard assessment, including the decision-making process and the selection of control measures, whereas decision making process requires additional categorizations based on two types of logics which require more information than previous version. Nonetheless, organization will have to have evidence of documented information on the validation of its system and verification activities. The work of the food safety team and the management review also require documentation as it was required before.

Prerequisite programs were basically developed as part of good manufacturing practices initially and later-on it was became one of the major components in HACCP, because most of the system developers wanted to keep lowest number of HACCP studies in a system where PRPs were used to cover less critical control points as well as which cannot be measured in real time.  In ISO 22000:2005, this uncertainty was addressed with separating real time immeasurable critical control points in to operational prerequisite programs, which was not properly segregated in HACCP, even though later versions of HACCP addressed the issue up to a certain extent. As it didn’t completely cover the gap until the ISO 22000:2005 was released, where ISO 22000:2005 version introduced separation through ISO 22000 decision tree with logical sequence of questions to segregate them. However, most of the users never understand the complete logic behind it in ISO 22000:2005 and they compel to use HACCP decision tree, where there was a great disagreement between many auditors and user to clearly define them. Because, people love logical trees and select CCPs easily, but distinguishing OPRP had great differences which was ignorant in many cases.

Considering the changes in the new version of ISO 22000, it has nominated HACCP plan and OPRP plan as hazard control plan by clubbing both CCP plan and OPRP plan together which is a terminological improvement, rather than system, where standard has struggled to come out of better solution to differentiate, segregation of CCP and OPRP. But the technical committee has not come out with a completely successful solution which practitioners can easily understand. This is one of the major weak points so far in the previous standard, which is still remains a mystery to average users. When considering the private standards like FSSC 22000, it is also depend on the ISO 22000, where they have added additional parameters or streamlined the issues with the ISO 22000, but never address this part of the misunderstanding to the average user completely.   

Nevertheless, all prerequisite programs have four common factors which are; address indirect or less critical food safety issues, cover general programs related to food safety and it can be applied to multiple production lines. Momentary failure to meet prerequisite programs seldom results in a food safety hazard. The organization should use documented information of external origin relevant for food safety in its various activities, for example in meeting statutory, regulatory and customer requirements and their interests. The new version has also considered paperless management situations, where electronic documentation has added as part of documented information which may be required to comply with regulatory requirements.

As a whole, ISO 22000 can be considered as a business management tool which links food safety to business processes and encourages organizations to analyze requirements of interested parties, define processes and keep them in control where it enables integration of quality management and food safety management. In this way ISO 22000 FSMS is considered as more focused, more coherent and integrated food safety management system which can satisfy any food safety statutory or regulatory requirements.