Strengthening the Food Safety Management System with ISO

A foodborne disease incident can be devastating for any organization that supplies food to the U.S. market. The cost of a food safety recall is typically millions of dollars and can result in the closing of food processing plants. To minimize this risk, many companies in the supply chain require that their supplier’s implement and maintain HACCP programs.

HACCP is not a new concept. When the Pillsbury Co. (Minneapolis, Minn.) developed HACCP in the late 1950s, it consisted of three principles. In 1997, the Codex Alimentarius Commission (CODEX) published an international standard that defined HACCP as five preliminary steps, and seven principles that are supported by prerequisite programs.

HACCP continues to evolve. Advances in the quality management field allowed food processors to develop a complete food safety management system. This further reduced the risk of creating a food safety incident. During this time, a number of countries including: Australia, Denmark, Germany, Ireland, the Netherlands and the U.S. developed national food safety management standards. In addition, a number of organizations developed third party audit programs of sanitation and HACCP programs. Examples include:

• Food Marketing Institute and SQF program;
• Food Products Association and FPA-Safe Food Audit;
• British Retail Consortium and the BRC Global Standard;
• CIES – The Food Business Forum and the Global Food Safety initiative.

All of these standards and audit programs are similar but slightly different. As a result, there was an international effort to harmonize the standards into a single ISO standard. ISO 22000 was published in 2005, and defines a state-of-the-art food safety management system (Table 1). The standard has the following characteristics:

• Utilizable by all organizations in the food chain;
• Combines the recognized food safety system elements as defined by CODEX;
• Provides an auditable standard that could be used as part of third party certification;
• Ensures that the process used to control food safety is validated, verified, implemented, monitored and managed;
• Focuses only on a food safety.

The working group that developed ISO 22000 intended that ISO 22000 would not replace ISO 9001. Instead, they intended that a food processor use both standards: ISO 22000 to address a food safety management system (FSMS) and ISO 9001 to address a quality management system. Both standards are compatible and have similar structures.

ISO has a unique format when compared to both the U.S. definition of HACCP, developed by the National Advisory Committee on the Microbiological Criteria for Foods (NACMCF), or the CODEX definition of HACCP. NACMCF and CODEX wrote their standards as guidance standards. These standards describe how a food processor can implement HACCP. ISO 22000 is written in auditable form so it can be used as a tool to develop audit plans for either internal audits or third party audits.

ISO 22000 incorporates the five preliminary steps and the seven principles of HACCP. Thus, companies that design a FSMS, which complies with ISO 22000, will have a FSMS that complies with both the Codex definition of HACCP and the NACMCF definition of HACCP.

The strength of ISO 22000 lies in its ability to link the quality management system to the business process. This is done by:

• Establishing a food safety policy with measurable objectives;
• Increasing the management responsibilities for the food safety team leader;
• Implementing a management review process of the food safety management system.

In addition, the ISO 22000 food safety management system does the following:

• Clarify the role of prerequisite programs in the FSMS;
• Define food safety communications;
• Allow for the development of a FSMS without a CCP;
• Further define the process to update the FSMS;
• Separate validation activities from verification activities;
• Present the requirements of a FSMS in an audit format.

Management Responsibility for a FSMS

ISO 22000 defines a management approach to food safety. Therefore, food safety is more than just a function of quality assurance and operations. The production of safe food requires the active involvement of most of the business functions, including, R&D, engineering, purchasing, sales, and human resources. ISO 22000 recognized this by requiring that top management must be committed and involved in the planning and production of safe food. Top management is actively involved in food safety by establishing a corporate food safety policy and food safety objectives and then managing the company to achieve the objectives. The objectives should be specific, attainable, relevant, and time-framed. An objective could be: Make the existing food safety management system compliant to ISO 22000 by the end of the fourth quarter. The policy and the objectives must be communicated, implemented and maintained at all levels in the organization.