Being said that, it was sometime before I
realized a minor mistake that was in my previous model which I eventually
corrected immediately, but I didn’t relieved my embarrassment until I could
come out of a solution after months of brooding and working on it. Thus, I hope
this new model will answer lots of ambiguity in the minds of the users and it
will give a more comprehensive approach to the requirements of the ISO
22000:2018 selection and categorization of control measures. The model given
below is a hybrid development extending my former ISO 22000:2018 decision model
and descriptions given in the ISO/ITC book “ISO 22000:2005 Food safety
Management Systems, An easy-to-use check list for small business – Are you
ready?” as well as codex decision tree and new requirements added in the ISO
22000:2018 version. However, it is not perfect as use to be and application on
your work is completely voluntary, but if you need any clarification; you are
always welcome to write down a comment or send a mail. The site is always happy
to help anyone who is in need.
Now let’s get to
the major facts laid out in the standard where following information is
directly extracted from the standard to give a clear picture of what we are up to.
8.5.2.4
Selection and categorization of control measure(s)
8.5.2.4.1
Based on the
hazard assessment, the organization shall select a n appropriate control
measure or combination of control measures that will be capable of preventing
or reducing the identified significant food safety hazards to defined
acceptable levels.
The organization
shall categorize the selected identified control measure(s) to be managed as
OPRP(s) (3.31) or at CCPs (3.11).
The categorization
shall be carried out using a systematic approach. For each of the control measures selected there
shall be an assessment of the following:
a) The likelihood
of failure of its functioning;
b) The severity
of the consequence in the case of failure of its functioning; this
assessment shall include:
1) The effect on identified significant food safety hazards;
2) The location in relation to other control measure(s);
3) Whether it is
specifically established and applied to reduce the hazards to an acceptable
level;
4) Whether it is a
single measure or is part of combination of control measure(s).
8.5.2.4.2
In addition, for
each control measure, the systematic approach shall include an assessment of the feasibility of:
a) Establishing measurable critical limits
and/or measurable/observable action criteria;
b) Monitoring to detect any failure to remain within critical limit and/or
measurable/observable action criteria;
c) Applying timely corrections in case of failure.
The decision-making
process and results of the selection and categorization of the control measures
shall be maintained as documented information.
External
requirements (e.g. customer requirements) that can impact the choice and the
strictness of the control measures shall also be maintained as documented
information.
(Source: ISO
22000:2018, Food safety management systems – Requirements for any
organization in the food chain)
Mandatory
Definitions
However,
it is mandatory to refer following definitions in order to clearly understand
the complex nature of the requirements for a practical applications of the
above requirements in a decision making process while segregating CCPs, OPRPs
and PRPs. Hence, it is a general norm that, ISO 22000 standard is promoting
more intelligence based decision making instead of logical decision making
through a standard decision tree. In contrast, most of the users prefer logical
sequence even though they apply intelligence based answers for the
requirements. In fact, it is pretty normal situation, because users of the standards
are usually supposed to be looking at standard recognized expert models rather
than wasting time for developing something extravagant. Thus, it is a useful
objective of developing something like a comprehensive decision tree that can
apply standard framer’s intelligence based requirements in the ISO 22000:2018 to
demonstrate logical sequence such as CODEX decision tree, where you need to
consider above 8.5.2.4 with the following definitions to understand
the complete picture.
Action criterion (3.2)
Measurable or
observable specification for the monitoring of an OPRP
Control Measure
(3.8)
Action or activity
that is essential to prevent a significant food safety hazard or reduce it to
an acceptable level
Correction (3.9)
Action to eliminate
a detected nonconformity
Critical control
point - CCP (3.11)
step in the process
(3.36) at which control measure(s) is (are) applied to prevent or reduce a
significant food safety hazard to an acceptable level, and defined critical
limit(s) and measurement enables the application of corrections
Critical limit (3.12)
Measurable value
which separates acceptability from unacceptability
Food safety hazard (3.22)
Biological, chemical
or physical agent in food with the potential to cause an adverse health effect
Measurement (3.27)
Process to determine
a value
Monitoring (3.28)
Determining the
status of a system, a process or an activity
Operational
prerequisite programme - OPRP (3.31)
Control measure or
combination of control measures applied to prevent or reduce a significant food
safety hazard to an acceptable level, and where action criterion and
measurement or observation enable effective control of the process and/or
product
Prerequisite
programme - PRP (3.35)
Basic conditions and
activities that are necessary within the organization and throughout the food
chain to maintain food safety
Significant food
safety hazard (3.40)
Food safety hazard,
identified through the hazard assessment, which needs to be controlled by
control measures
(Source: ISO
22000:2018, Food safety management systems – Requirements for any
organization in the food chain)
By considering
above all information you can distinguish CCP and OPRP with following specific differences.
CCP OPRP
Step in the process Step in the process or not in the
process
Single control
measure Control measure
or combination of CMs
Critical limits Action
criteria or control limits
Measurement Measurement or observation
Enable correction Enable control of product or process
Once you have a clear idea of what you need
to separate through your process, it is becomes easy to deal with 8.5.2.4 selection and categorization of control measure(s), the most critical
and most ambiguous explanation of the standard. However, clause 8.5.2.4.1 (a, b:1-4)
and 8.5.2.4.2 (a, b, c) share eight basic requirements which further needs to
be evaluated based on above differentiation in mind. In fact, given 10 questions
in the ISO 22000:2018/FSSC 22000 decision tree and in CCP/OPRP Decision Table were
developed to differentiate above requirements in a sequential order with familiar
terminologies used in available HACCP decision tree questions as the process is
basically a more comprehensive extension of CODEX HACCP process.
Once you look at
the given ISO 22000:2018 and FSSC 22000 compatible decision tree, it is obvious
that question Q2, Q3 and Q4 are exactly the same questions in the codex
decision tree in the same positioning while question Q5 has slightly deviated and
extended from the question Q1 of the codex diagram. However, the given model is
not as same as its predecessor, because it has very limited window of eliminating
a process step, if it is identified as a prone to functional failures or has a
significant food safety hazard. The only possibility of slipping off of any
step/process/product from the process of evaluation through questions Q3 or Q4 (the
basic codex decision tree questions). However, those “not a CCP/OPRP” steps are
still needs to identify with relevant PRPs to monitor its environment. If a step is identified
as not prone to failures or no significant food safety hazard at the beginning,
the step still needs to be managed with relevant PRPs as they are usually
managed.
ISO
22000:2018/FSSC 22000 Decision Tree Model - A Trickledown Approach
Thus, a step,
process or a product reaches up to the question Q5 means that, it is supposed
to be repeatedly going in comprehensive cycles of loops before it is categorized
in to a CCP or an OPRP in most occasions. As it developed, it is more obvious
that there will be very few CCPs while many OPRPs in a process. In fact, all the
identified CCPs and OPRPs are required to be addressed in the Hazard Control Plan
which is another term to a preventive control plan. This part of the standard is more aligned with
FSMA requirements as it was in consideration at the time of its revision
process. Hence, if an organization trying to operate an ISO/FSSC 22000 FSMS
with the status of a FDA registered facility complying to FSMA requirements or
FSVP, it is actually very easily
compatible with each other as both documents are preventive control plans that requiring
almost same requirements while documenting it. As such, the framers of the
standard has smoothly aligned its requirements with FDA regulations promoting
more effective synchronization.
Therefore, the
given decision tree “ISO 22000:2018/FSSC 22000 Decision Tree Model - A
Trickledown Approach” basically designed to trickle down the CCPs while making
sure that almost any of a kill-step or a critical control point is a
specifically designed process step for its objectives and open for continuous improvements.
Further, it has been looped inside logical sequence to provide any rejection to
flow-back to the top of the decision tree, and move down through the process until
it is accurately assigned according to the standard requirements.
In addition, the
questions used in the decision tree can be converted to a CCP/OPRP Decision Table,
which eventually becomes the part of Hazard Control Plan. The following example
provide clear dynamics of the application based on the previous article “ISO 22000:2018 Decision Tree”.
The CCP/OPRP table can be used as an alternative to decision tree or both can
be used in a combination with more clarity and transparency for decision making
process.
ISO 22000:2018 Decision Table
I have heard that under new ISO version what was CCPs earlier are counted as OPRPs because of Timely correction at a failure. Can we still use the same decision tree given by CODEX to prepare HACCP plans.
ReplyDeleteAnswer is little tricky, because standard has extended their requirements beyond what CODEX has requested, so you can use it up to a certain extent. However, you have to further categorize process/non-process steps, PRPs, OPRPs and CCPs, which is beyond CODEX decision tree.Thus, you need more of a comprehensive, scientific and intelligent decision making model for the ISO 22000:2018 version.
DeleteThank you for your helpful work, as this will be very useful in trying to figure out what the requirements of the standard are.
ReplyDeleteDear Vindika
ReplyDeleteI'd like to hear your opinion on the FSSC 22000 Decision tree at the end of this document - https://www.fssc22000.com/wp-content/uploads/19.1210-Guidance_ISO-22000-Interpretation_Version-5.pdf
Any good or not?
Kind regards.
Juliette
Hi Juliette,
DeleteI don’t know how ethical to write a review on someone else’s work without an official request on my blog. Because I believe it is not politically right, but as you requested my opinion… here it is…..
As to the overall context of decision tree, it is a mirror image of the ISO 22000:2018 decision making conditions. The document has made a good effort to distinguish the PRPs, OPRPs and CCPs. But it has partially failed to completely differentiate them and specifically distinguish a method to logically separate them. The given model is more complex, sequence of the questions and their logical order is not clearly differentiate the logics behind the decisions (I know it has given a huge explanations before it comes to the diagram and even within it, but yet), you have to ask several sub-questions within a one major question to find out if it fits into the category and still you may have doubts of your decision where it falls exactly. The ambiguity of mind is a real issue when it comes to CCPs, OPRPs and CCPs, where we need very precise informative decisions. In addition, it is an innovative idea of asking about same questions in a very different manner in a practical approach, eg. Question 3.
Thus, overall it is bit more technical approach where average person will not understand this technical jargon at a glance or over a week or two. Hence, it needs to be bit simpler, because all the industries cannot afford to a technical expert to deal with it, but it is the most important and hardest part of the standard where it is our duty as writers/scientists to give them a better simplified approaches to quickly and efficiently complete the tasks at hand. Based on that personal approach, I think the guide has not efficiently delivered its objective in terms of decision tree model, because the given model is good for a spread sheet based multiple question/intelligent decision making table for an expert rather than for an average QA executive who is actually working on the document in many organizations across the globe.
On the other hand, it has basically given a good approach to the decision making process, but every step has a designated Stop where there is no loops back to the beginning or end which is also clearly distinguishable with other models in existence. In my approach I think people are more familiar with CODEX decision tree and we should follow it as a generic model and extend it to further improve the existing model which will be easy for practitioners to understand than researching new comprehensive approaches.
I think overall guide is a good one with good explanations to its new improved requirements and has given explicit explanations on the improvements added to the revision.
Thank you
Dear all,
ReplyDeleteIn recent days, I have had to work harder on re-writing the existing HACCP plan, reviewing it in the light of the requirements of ISO 22000:2018 and applying the approach set out in that annex (19-1210).
Yes, the approach seems easy at first glance, but there is a great deal of personal decision in determining whether or not a measure can fail, whether control is feasible or not. Somehow the connection with the approach in which we take into account the presence or not of a subsequent control measure is broken. Here the standard says "single or a combination of control measures" which is not unambiguous for interpretation. When we get to the essence of the categorization, the approach is more subjective, consistent with the control points defined so far. It even turns out to be unnecessary to control some of them, because they turn out to be insignificant.
I believe that in the basis of a good analysis and decision for categorization it is necessary to be precise and not to rely on intuition or personal opinion.
My question is - given that so far there has been a certain categorization of control measures covered CODEX Alimentarius, which requires a review of control measures? Isn't this a lead to additional paper and unnecessary work, provided that the control measures are the same, only that the CP`s is already called the OPRP?
Hi,
DeleteI'm sorry for the delayed reply, anyway I agree with your comments on rewriting or upgrading your existing system. It is true that you need to consider subjectively, but you also need to consider more additional requirements on ISO 22000:2018 than before as well as they are becoming more specific and subjective too.
As to your question outlined here, it is not exactly right about the CP and OPRP selection, because OPRPs are incompletely differentiated from CPs when the standard was initially introduced and in the revision it has been further differentiated with more clarity. However, there are still ambiguity on certain areas of OPRP and CP, but you need to provide documentary evidence on how you arrive your decisions not just like in the previous version. Thus, you need to have more comprehensive data to select and control those processes in order to provide safer environment for manufacturing. On the other hand, CPs are that you can't categorize as CCPs, but OPRPs are not the same, i.e. if a control point is highly critical for the operation, but if it is still a non-process critical control point it automatically becomes an OPRP, where CPs are not distinguished in the same specificity. Hence, you should eliminate your CP and OPRP comparison because these two things are not completely compatible to each other now. In addition, ISO 22000:2018 decision making process has established close ties with FSMA requirements than basic HACCP decision tree model.
Hello, from Q3 to Q4, seems the significant hazard will have a chance that not using OPRP/ CCP as a control measure; would it violate ISO standard?
ReplyDeleteHi,
DeleteSorry for the delayed answer, but I don't see such a chance, because as to the question Q3 and Q4, if there are no unintended activities of the identified hazard in the given process step, then there is no risk to the process and you don't need to control it as a CCP or OPRP (still you need to monitor and control environmental impacts), but if there is a slightest activity then you need to go through the Q4. In Q4 the question is if it is controlled by a following step to reduce or eliminate to an acceptable level. I think both question capture the essence you required to control there,and it is derived from CODEX HACCP decision tree after very careful consideration, where I can't see anything slipping off the fingers when you consider two questions together.
However, I like to see your question further expanded and explain to me if you still think that it still has any doubts. If so then same situation is true with CODEX decision tree and you should explain why it is okay in the same condition and not in this model.
Thank you
Vindika Lokunarangodage wow fantastic well done
Deletea question on the first point Q1, the first part of the question is clear: if I don't have a significat safety hazard I manage a PRP; the second part on the probability of failure is not clear to me; if i have a significant probability of failure am i not managing a PRP?
ReplyDeleteThe Q1 Clarifies if the step has any significant hazard or not (process or non-process), so if you don’t have a significant hazard in the process, then environmental controls prevailed. Hence, you have to implement appropriate PRPs depending on your facility requirements.
DeleteThe Q2 is asking you; if the process is specifically designed to control a significant hazard, because not just like in the previous version here we only deal with significant hazards whether process or non-process.
As to your question “the second part on the probability of failure is not clear to me; if I have a significant probability of failure am I not managing a PRP?” if you have any probability of failure for any control measure, you must revalidate, and compare with specific requirements planned. Nonetheless, you can’t say you are not managing a PRP, without considering a variety of factors, i.e. if it is CCP, OPRP, or PRP, based on the location of the control measure, and the criticality of the process and end-use, etc.
However, if you can elaborate me what you exactly want to clarify I may be able to give you a more specific answer. Because Q2 is simple and direct; if any probability of failure in the process steps that are filtered down to it are significant hazards, which must be dealt with. Hence, they are basically categorized into OPRPs or CCPs. On the other hand, if it is a non-significant hazard, you still have to consider as a PRP that has its inbuilt control processes, which you must keep in compliance with and if such controls have any probability of failure, then you must take corrective actions and relevant updating process.
Please could you clarify regarding on process non process
ReplyDeleteA step in the production process is considered an ON PROCESS and any activity not directly related to the production process such as environmental controls, i.e., plant cleaning and sanitation, or repair and maintenance are considered as NON PROCESS activities. Most of the day-to-day activities that are controlled under GMP are considered non-process activities including personal hygiene activities before entering the production facility as they are not directly related to the manufacturing process but to food safety. However, if any non-process activity has a live danger to the ongoing production, such activities are critical to consumer safety. Hence, they are considered warranted for verification through a thorough evaluation using HACCP process.
DeleteWhat is the difference between process step and non process step
ReplyDeletePlease explain
The answer is in the above explanation.
DeleteThanks
hi, this one is for process step right? how about raw material?
ReplyDeleteHi Mushtaq,
DeleteSorry for the delayed reply, I'm not working in the food industry anymore, so I'm not actively working on this blog anymore like in the past. However for your question..... The given decision tree and the table are applied for all types of material or process screening, thus you just have to consider all your end products, process, raw materials, and critical non-process activities through the same screening process.