Understanding ISO 22000: A U.S. Perspective on Certification Requirements

This subcommittee, coordinated by the American Society of Agricultural and Biological Engineers, consists of approximately 30 members from the food industry, government agencies, and academia. It provides a U.S. perspective on matters related to food safety, primarily ISO 22000.

The ISO 22000 standard was finalized in 2005, hence the original designation ISO 22000:2005. The standard was the result of the labors of Technical Committee 34. The first meetings of the committee were hosted by the Danish Standards Association in Charlottenlund, Denmark. Among the driving forces behind the establishment of the group that was convened for the development of this standard was the desire for certification of HACCP programs, which required the establishment of an auditable international standard for food safety management systems. Another element was a desire to harmonize the current national food safety management standards. For example, there were and are currently many private food safety standards that have been established globally. ISO 22000 became a global standard. Now, there is the Codex Committee on Food Hygiene document that defines the basic HACCP principles and prerequisite programs. Although this document, along with ISO 9000, served as a reference in developing the ISO 22000 standard, it’s not an auditable standard by itself.

ISO 22000:2018

The latest version of ISO 22000 was published in 2018. ISO 22000:2018 is organized by sections, with the first being the “context” of a food processing organization. This means that the organization should consider all of the potential areas that could affect food safety, both within the company and outside of it. These could include the role of raw material suppliers in the manufacturing process and process variation within the operations, as well as the end use of the product by the consumer—whether the consumer is another business or an individual.

The next sections focus on leadership, planning, and support within the company, followed by operations, performance, and improvement. One of the strengths of the ISO 22000 standard is its focus on leadership. The plant manager, CEO, or whoever is ultimately responsible for managing the processor is also ultimately responsible for the food safety management system. This includes setting policies, assigning responsibilities, managing continual improvement through management review meetings, and handling internal and external communication. The standard presents a logical approach to developing and implementing a food safety plan, and the concepts are fully compatible with both HACCP and the preventive controls described within the Food Safety Modernization Act. All of these programs focus on risk management by mitigation at appropriate steps in the process.

Table 1

As with all ISO standards, ISO 22000 is periodically reviewed to assure that it represents the current thought processes for food safety. One of the reasons behind the revision of the standard was to bring the standard into line with other ISO standards by incorporating elements of the high-level structure (HLS). This ensured that language and standard format were uniform. Among the changes incorporated into ISO 22000:2018 is wording that more closely conforms to the Codex HACCP document and also emphasizes the difference between operational risk (i.e., traditional HACCP) and overall organizational risk (i.e., management decisions to avoid risk). In addition, the 2018 version introduces the concept of operational prerequisite programs and requires that a company demonstrate that it is effectively using the results from monitoring and verification activities. A summary of the organizational structure of ISO 22000:2018 is given in Table 1.

The most recent development for ISO 22000 was the publication of a document entitled “ISO 22000:2018–Food Safety Management Systems–A Practical Guide,” which was published jointly by ISO and the United Nations Industrial Development Organization. As the name implies, this publication provides practical information about and examples of how to implement ISO 22000:2018 and is a valuable addition not only for those who are interested in implementing 22000, but also for those who are currently certified. Other recent developments include the establishment of a committee draft on the requirements for bodies providing audits of food safety management system elements, ISO/CD 22003, parts 1 and 2. These will be an update of the existing ISO/TS 22003:2013 Food Safety Management Systems–Requirements for bodies providing audit and certification of food safety management systems.

ISO 22000 versus FSSC 22000

The Global Food Safety Initiative (GFSI) has been in place for more than 20 years, and many of the major food retailers are requiring that processors be GFSI certified. In this context, there has been some discussion about the difference between ISO 22000 and FSSC 22000, as sometimes these terms are used interchangeably. FSSC 22000 incorporates ISO 22000, 22002, and 22003, as well as other technical specifications. The primary difference is that FSSC 22000 has more extensive requirements for infrastructure and prerequisite programs than ISO 22000. Of importance to many is the fact that FSSC 22000 is one of the GFSI-recognized food safety management systems, while ISO 22000, by itself, is not. The FSSC 22000 audit scheme, which includes prerequisite guidelines described in TS 22002-1:2009 (formerly PAS 220), incorporates the ISO 22000 standard. The feeling at GFSI was that the ISO 22000 standard did not specifically address prerequisite programs in sufficient detail, hence the development of PAS (Publicly Available Standard) by the British Standards Institute (BSI), which eventually became Technical Standard (TS) 22002-1:2009.