ISO 22000:2018 Structural Changes – III

The Documentation Process

The major changes in the standard applied in documentation process, since Annex SL format has adjusted its wording from documentation and record keeping to documented information in the recently modified versions of ISO standards. Hence, at the documentation level, the standard has flatten its controls while introducing the bare minimum thus, releasing the complete responsibility to the user, which is one of the best improvements, because standard 3^rd party auditors are crazy and hectic headache to users. They change their documentation requirements from one audit to another, person to person, organization to organization if they couldn’t find any minor concerns, but they mostly ignored major concerns to retain the client. Now company can decide what documents to be kept, at which format, the way they want to document, and what documents are really required based on the process requirements, but it doesn’t mean that company do not require documentation. Thus, there are mandatory documented information as evidence of proper implementation and maintenance, which is mentioned in the standard without basically dictating whether it is a manual or a procedure or a work instruction or something else. 

However, considering the documented information, it still requires much more than it asked from the food manufacturer where it is best advised to consider the original documentation model or what we call the documentation pyramid to ease the development of better FSMS. The company can eliminate the manual, but manual can be used as an explanatory document of company’s food safety/quality system which can amalgamate several ISO standards together such as ISO 9001, ISO 22000, ISO 14001, etc. Thus, common Annex SL can be used to setup initial documents and references to the relevant procedures or secondary documents as well as system performance documents, while linking several standard together to build a single company manual. Nonetheless, it also provide the opportunity to club all the relevant documents to a one place while using them in a flattened structure.

Considering the mandatory documented information, the standard still requests to provide hazard analysis, PRPs, CCPs, OPRPs, hazard control plans, and procedures or sort of evidence of protocols for the below mentioned areas.   In addition, same procedures and activities are applied to the prerequisite programs and operational prerequisite programs identified according to the risk levels of the product manufactured.   

The ISO 22000 management elements are handled through mandatory documented information in addition to the above mentioned areas which consists of;

1.   Control of documented information

2.   Statutory, regulatory and customer requirements

3.   Communication

4.   Product identification and traceability

5.   Emergency preparedness and response 

6.   Corrections and corrective actions

7.   Handling of potentially unsafe products

8.   Withdrawals and recalls

9.   Internal audits

10. Management review 

Some of these procedures are not requested as procedures directly, but as documented information, but practitioners of ISO 22000 can consider to write them as procedures since it is easier to upgrade from previous model to the new version without much documentation work rather than completely revising the existing system. Nonetheless, some of these requirements are basically identical to ISO 9001, and compatible with its requirements, thus it can be used in harmony if required. The ISO 22000 FSMS has procedure for emergency preparedness and response, which is inherited from reputed safety standards while it is also identical to ISO 9001. The organization and the top management must be prepared to respond to potential emergency situations and accidents that can impact on food safety. These can include incidents such as fire, flooding, bio-terrorism and sabotage, energy failure, vehicle accidents, contamination of the environment, various types of weather-related events, or the impact of a pandemic.

 

Hence, food safety management system needs to be documented as it requires documented information. This means that the organization must have, as a minimum, a written food safety policy and related objectives, the procedures/way of execution/rules and performance evidence as required by ISO 22000 as well as any other documented information that might need to ensure the effective development, implementation and updating of the system. In addition, organization will not only need to document its policies and procedures but it also need to have a procedure for controlling its documentation and records, because food safety management systems will change over time, as will the people doing the activity. Therefore, one reason for controlling documented information is to ensure that the individual using the document has the most recent version of the document. Part of document control ensures that all the proposed changes are reviewed prior to implementation which determines their effects on food safety and the impact on the management system.

The documentation system is still identical to the ISO 9001 which consisted of four layers in its previous version that has been flatten in the latest revision in 2015. As the organization develops its food safety management system, it has been advised to carefully document its activities. These will include the written food safety policy and related objectives, food safety procedures and the required records as to pervious terminology, even though their names have been changed to a generic documented information. Further, the scope of the required documentation has been extended wherever possible. For example, in establishing your control measures you are required to document your hazard analysis and hazard assessment, including the decision-making process and the selection of control measures, whereas decision making process requires additional categorizations based on two types of logics which require more information than previous version. Nonetheless, organization will have to have evidence of documented information on the validation of its system and verification activities. The work of the food safety team and the management review also require documentation as it was required before.

Prerequisite programs were basically developed as part of good manufacturing practices initially and later-on it was became one of the major components in HACCP, because most of the system developers wanted to keep lowest number of HACCP studies in a system where PRPs were used to cover less critical control points as well as which cannot be measured in real time.  In ISO 22000:2005, this uncertainty was addressed with separating real time immeasurable critical control points in to operational prerequisite programs, which was not properly segregated in HACCP, even though later versions of HACCP addressed the issue up to a certain extent. As it didn’t completely cover the gap until the ISO 22000:2005 was released, where ISO 22000:2005 version introduced separation through ISO 22000 decision tree with logical sequence of questions to segregate them. However, most of the users never understand the complete logic behind it in ISO 22000:2005 and they compel to use HACCP decision tree, where there was a great disagreement between many auditors and user to clearly define them. Because, people love logical trees and select CCPs easily, but distinguishing OPRP had great differences which was ignorant in many cases.

Considering the changes in the new version of ISO 22000, it has nominated HACCP plan and OPRP plan as hazard control plan by clubbing both CCP plan and OPRP plan together which is a terminological improvement, rather than system, where standard has struggled to come out of better solution to differentiate, segregation of CCP and OPRP. But the technical committee has not come out with a completely successful solution which practitioners can easily understand. This is one of the major weak points so far in the previous standard, which is still remains a mystery to average users. When considering the private standards like FSSC 22000, it is also depend on the ISO 22000, where they have added additional parameters or streamlined the issues with the ISO 22000, but never address this part of the misunderstanding to the average user completely.   

Nevertheless, all prerequisite programs have four common factors which are; address indirect or less critical food safety issues, cover general programs related to food safety and it can be applied to multiple production lines. Momentary failure to meet prerequisite programs seldom results in a food safety hazard. The organization should use documented information of external origin relevant for food safety in its various activities, for example in meeting statutory, regulatory and customer requirements and their interests. The new version has also considered paperless management situations, where electronic documentation has added as part of documented information which may be required to comply with regulatory requirements.

As a whole, ISO 22000 can be considered as a business management tool which links food safety to business processes and encourages organizations to analyze requirements of interested parties, define processes and keep them in control where it enables integration of quality management and food safety management. In this way ISO 22000 FSMS is considered as more focused, more coherent and integrated food safety management system which can satisfy any food safety statutory or regulatory requirements.