Home Resources Videos

ISO 22000:2018 Transition Webinar

25 August 2021
Watch this video designed to give you an overview of the changes from ISO 22000:2005 to ISO 22000:2018 Food Safety Standard with the aim of helping you manage the transition effectively.

Please feel free to download the slides here.

The deadline to transition to ISO 22000:2018 was extended until 31st December 2021. This date will soon be upon us but it's clear that many certified organisations have taken this opportunity to transition later in in the year.

In this video, Maria Constable, NQA's Food Certification Manager discusses:

  • The main changes of the Standard

  • How the standard aligns with Annex SL

  • A transition checklist tool to help organisations prepare for their transition audit

  • The main differences between the 2005 and 2018 versions of the Standard that certified organisations across the industry seem to be finding most difficult to interpret and manage.

Having audited our clients in many different food chain categories to the new Standard; Maria shares her experiences...

Download a copy of our handy Implementation Guide here.
Download a copy of our handy Transition Gap Guide here.




ISO 22000 Transition

00:06 - Good afternoon everybody whose joined us so far, we'll just wait a couple of minutes and we'll start in just a couple of minutes to allow some other people to join.
00:39 - I can see the questions on my other screen.
00:53 - Okay let's go for it. So welcome to everybody who's joined us this afternoon, we are going to talk to you about ISO 22000.
01:07 - Just a little bit about who we are and so NQA, we are a certification body based in the UK predominantly, we have offices globally our head office for this region is in the UK.
01:29 - For our food business actually we're bigger in other countries but it's all managed through the UK with NQA.
01:48 - Just a couple of slides to tell you who we are and what we, what certification areas we specialize in and we have training services as well at the moment all of our training courses are online so a really good time to try and attend training courses. I know I like not having to go anywhere.

Your Presenter

02:17 - And this is me, so we are going to the webinar will last probably about 45 minutes and if anyone's got any questions you can put them in the question box I'll answer questions at the end and the webinar is being recorded and it'll be circulated once we've finished.
02:41 - So myself, so I'm the food certification manager for NQA, I have worked in the certification industry for over 15 years.
02:53 - I've specialized in food safety but all the way from farming, to delivery or to retail to actually feeding people. My position here at NQA is, well my responsibilities are to oversee the accreditation and our certification for food safety management systems and making sure that we stay up to date with everything that's going on in the food industry and cascading and training auditors accordingly.

What Will You Learn?

03:39 - So this is what we're going to go through today with a really sort of overview of the ISO 22000 standard, I'm not going to go through every single clause what I've done is I've picked out bits in each clause that might need further clarification or we get lots of questions over.
04:06 - By doing that you'll get sort of tips on how to implement the standards, we'll look at some of the new and updated clauses, and how to prepare for a transition, and just common queries that we get with the ISO 202000 standard.

What is ISO 22000?

04:29 - So first of all what is ISO 22000? So ISO 2000 is an ISO food safety management system standard, it was first developed in or first published sorry in 2005 it was published in response, it was developed in response to a number of food safety crisis such as mad cow disease and some food fraud instances.
04:58 - It's a global standard that looks at supply chains in food supply chains.
05:09 - It starts all the way from farm again, all the way to manufacturing and catering, food packaging and then the auxiliary services so people that make machinery for use in the food industry, they can also have ISO 22000.
05:34 - And the biggest thing is that the ISO 22000 standard facilitated the harmonization of international food safety regulations.

Revision & Transition Timeline

05:51 - So we're going to be talking about the transition or the revision of ISO 22000 that was reissued in 2018, the original deadline for existing clients to transition to the new standard was June this year, due to covid that deadline has been extended until the
06:12 - end of 2021 and we have found a lot of clients last year lots of audits had to go remote or be deferred for a number of months, so lots of people have waited until that you know later in 2021 to transition to the new version of the standard.

Annex SL

06:40 - The new standard adopts a high-level structure which some people may be familiar with such as in 9001, 14001, it's a core high level structure that has common terms and definitions which cannot be changed.
07:04 - The food safety elements are incorporated into this high-level structure. This is particularly good when you're implementing a number of management systems, so lots of elements can be combined to address more than one standard.


07:29 - The 2018 standard has brought in the plan do check act cycle, which is, I quite like this way of working at the end of the day what are we all trying to do we plan it, we do it, we check it, we act upon it, and we start all over again, so it's a nice way of thinking but it's also important to understand how the standard incorporates the plan do check act cycle.
08:07 - So looking at the standard the requirement clause is starting section four, four five six and seven is all our plan phase and then section eight operation, that's our doing what we're actually doing and then performance evaluation in section
08:28 - nine we're checking what we've done, and then in section 10 improvement we're then acting upon the monitoring and the trends and everything that we've identified in the check stage.

Structural Changes

08:51 - So just on the structural changes between 2005 and 2018 standard, already in 2005 standard we had interactive communication, we had system management prerequisite programs and haccp.
09:08 - So they are still relevant 2018 but in 2018 we have new clauses around customer focus, leadership, and the engagement of people, we have we've incorporated, well they have incorporated the process approach and improvement. And risk-based thinking and risk-based evidence-based
09:35 - decision-making which we'll talk about later on but that's really important with the ISO 22000 standard which really brings it away from other food safety management system standards and also relationship management which comes in with concepts of organization and leadership really to understand the relationships the business has in order to do things safely, effectively and be able to continually improve.

Process Based Thinking/Audits

10:19 - So process-based thinking and the process-based audit mentioned this a little bit before, this is, what I really like to point out with this is ISO 22000 is not a tick box exercise, it's not a
10:35 - checklist audit, it's a process-based audit. So this could mean that the auditor could follow a process within your business and from following that process the auditor can actually evaluate your compliance to a number of clauses. So by following the production of a product, they could
11:00 - look at your planning, they could look at your doing, your checking, in your acting, so by doing that they're actually covering every clause of the standard. It's a different mindset from people that are used to inspections you know that the auditor's there with a checklist, are you doing this, are you doing that, ISO 22000 is more let's see what you're doing, let's follow your process and from that they can assess your compliance support these are the standards.

Risk Based Thinking/Audits

11:44 - So risk-based thinking, the best way to decide how you carry out an activity is to look at the risks involved in the process.
11:58 - Obviously anything that is high risk, possibly because it has a potential to go wrong or that the consequences could be quite bad or severe and then you'd want to you know put more focus on that activity. I always use the some examples like pest control, if pest control is a problem you have a problem with pests, are you just going to continue to do to
12:30 - pest control in once a month or whatever you know if a standard says you have to have the pest control in once a month but it's a problem and then you're going to up that frequency and you're going to have them even more often. Similarly if pest control is not a problem
12:47 - or certain months of the year is not a problem you might want to relax the frequency a little bit and the ISO 22000 standard gives you the flexibility to decide for yourself, obviously as long as the regulations are met the frequency in which you do things.
13:10 - Just to mention that the 22000 standard doesn't give you a specific method on how to reassess your management system, it does specify that you should look at organizational and operational risks, so your organizational risks might be things out of your control, like weather, pandemics, your operational risks may be your food safety hazards they will come under operational risks.
13:55 - However, the standard does require you to document the decision-making process when you're doing your risk assessment.


14:10 - So there's a section at the beginning of the standard with the definitions, lots of people don't know it's there but I find it really helpful when people are trying to interact with causes of the standard. If they don't quite know what a phrase or a word actually means and what they're
14:31 - asking you to do, there is the definition section at the beginning of the standard and it's been updated as well so in the 2018 version of the standard they have changed the wording in the definition of significant food safety hazards, control measures, action criterion, competence, interested parties, outsourcing, and risk.
15:01 - So it's really important that if you are looking at trying to implement or to understand the standard that you know that that section's there I find it really helpful.

Standard Requirements

15:21 - So we touched on this before but sections four to ten are the requirements of the standard, these are the requirements that you need to conform to and it's important to understand that where the standard specifies that an organization shall have something in place that these are mandatory requirements
15:45 - and these are the requirements that are audited external and internal, we'll be looking to gather evidence to verify your performance against these clauses.

Context of the Organization

16:07 - In the next section of the standard called section 4, context of the organization, this is new in Annex SL and ISO 22000:2018. It's important for an organization to be able to run a an effective safe, food safety management system, to understand the context of their organization.
16:31 - And the standard asks us to identify external and internal issues along with, you know, what are those issues, can we do anything to satisfy them or to reduce them, so I'll just pick out you know a few. So external issues will include cultural, political,
16:58 - environmental issues, competitors other companies that you know may be seen as your competitors they can be an issue, laws at the moment covid restrictions could be an external issue that we're all facing. Internal issues could be the competency of your staff,
17:27 - working conditions, your resources, your machinery, equipment, your work environment, those sort of things. Then we're asked to identify the interested parties to your business, we see some really funny things when people are looking at these.

Understanding the Needs of Interested Parties

17:58 - So you're asked to identify and analyse how they can affect the how you achieve effectiveness of your food safety management system.
18:12 - Some that people often don't identify would be your neighbours, you know your neighbours have they're interested in what you're doing, you know, why are they interested in what you're doing what can you do to help that.
18:31 - Obviously your suppliers their interested parties that they're supplying you with their products, consumers are eating your products obviously they're an interesting party and there's lots of others there so I've given you a few to just to start people thinking.
18:54 - Lots of people say that their interested parties are suppliers, consumers, their staff, and I think there's lots of people to consider and if you do consider them you identify them you, consider them you make your company a better company.

Scope of FSMS

19:19 - So the next part of the standard is the scope of your food safety management system.
19:27 - So it's not new but it's been revised and I think simple but concise so if you are packing onions, if you're growing onions and packing onions and selling them, you know what is the scope of your food safety management system so it may be the growing, grading, packing of onions
19:57 - and don't put any fancy words in just for the sake of putting fancy words in because it gets translated into different languages and it ends up not reading anything. If there's something in your packaging or your processing that will affect the food safety element of your product put
20:19 - it in there so if you are some of the example here fermentation, carbonation and packing of red wine into glass bottles, obviously into glass bottles is really important because it could be in boxes, it could be in bulk bags, it's important to understand what it is you're actually doing.
20:44 - And every well most organizations need to buy raw materials, they need to process the raw materials and they almost certainly are all going to sell it.
21:00 - So these things are not necessarily going to be included in the scope of your food safety management system, strip it out and say what it is you're actually doing, what is the food safety management system there to manage.


21:22 - Leadership so this is new in Annex SL, leadership is very important, so the standard states that top management should demonstrate leadership and commitment with respect to the food safety management system. So who is top management so according to ISO 22000 top management is the person or group of people who direct or control an organization at the highest level.
21:50 - I explain it as if there was a major or a severe food safety issue who ultimately will be responsible, who would be taken to court in fact that person is your top management and because they have ultimate responsibility. they need to be. they need to show leadership and commitment to your food safety management system or standard, and
22:22 - when an external audit comes to all of you they will expect to discuss this with them, not with their designated person that you know they not with a quality manager, not with the technical manager, ultimately that the top management is responsible. So we need to understand that they actually understand what it is that the you know what the food safety management system is.
23:00 - So just on the leadership the 2018 version has added sort of objectives and the strategic plans of the business you know it's important to have these in place to drive improvement and we would expect that top management would be involved with those.


23:36 - So then as we move on we are going to plan what it is we're actually going to do, so we know our scope, we now need to know how we're going to do, it what do we need and this section is asking you exactly that so what are you trying to achieve, what could stop you from achieving your objective, how are you going to address that, can you turn
24:04 - your risks into opportunities, who's responsible for turning those risks into opportunities, who needs to take action and how are you going to check whether those actions are effective.
24:28 - So as we mentioned before operational risks they could be controlled by your HACCP plan, your prps, oprp, ccps, and even your emergency preparedness response plan and other risks that will affect the entire management system would come under your organizational risks.
24:54 - Some of those organizational risks you know they could be sporadic they could never happen, if there's a possibility that they could happen then you know we should be prepared to know what to do in that event. I don't think anybody had in their risks and opportunities or risks that a covid pandemic would happen or a global pandemic,
25:22 - I don't think that could have been foreseen, but if they'd already identified a risk of you know adverse weather effects that you couldn't get to the site for example or you know and then a number of people could get to the site and you couldn't ship things you couldn't travel anywhere.
25:42 - I'm sure that the response plan for the covid pandemic would have been able to use another one of those risk assessments and tweaked it for what the actual risks are that we're facing.


26:01 - So when setting objectives for the food safety management system they need to be achievable but they need to be relevant, so they need to be consistent with the food safety policy, you need to be able to measure them,
26:18 - they need to be within sort of requirements of your regulatory requirements or your customer requirements, you need to be able to monitor them, you need to be able to verify that monitoring you, need to have communicated them with the business or stakeholders, and then we need to maintain those objectives continually monitor and verify until they're met and we need to document them.
26:50 - Lots of companies already have sort of quality objectives, we would suggest that if you already have quality objectives it might be worth adding in some food safety objectives into the same format that you already have objectives, so that you don't need to duplicate this with anything else.
27:14 - If you're running more than one ISO standard you should be able to get away with having one set of objectives.
27:23 - Really important they have to be relevant you can't just say our objective is to be the most successful doughnut supplier in the world, you know how are you actually going to monitor and measure that.


27:44 - Then we move on to support so what resources do we need to consider in our food safety management system, so resources are not just raw materials or you know equipment that you need, resources include people, they include your infrastructure and your environment.
28:15 - Within support we also need to control our external providers and our external providers could be pest control contractors, they could be the people that service our trucks, so think wider than just an external provider being a supplier.
28:43 - We then look at competency, so what competency do we need in the business to be able to carry out the activities that we plan to do and the ISO 22000 2018 version has brought in a different way of thinking competency is not just that person was trained, it's you know was that training effective for, is their experience above and beyond any training that you could give them.
29:19 - So think about assessing people's competency not based just on training and if they have had training then work out a way to measure whether that training was effective.
29:39 - Communication, so this the standard is helpful in providing you a framework to depict a communication process within an organization and to your stakeholders.
29:56 - And documented information as you go through the standard not everything has to be documented but there are a few things that they stipulate must be documented and it needs it needs to be easily identifiable in a format that can be retrieved and opened and available to the right
30:18 - people at the right time. We also need to make sure our documented information is maintained, is it up to date, if we say we're going to review it every 12 months you might not need to update it for 12 months but have you got record that you reviewed it every 12 months.


30:41 - The operations section of the standard this is the core of our 22000 standards this is our do of our plan do check act, this incorporates our prerequisite programmes.
30:54 - The ISO 22000 standard tells us that we should identify or consider our prerequisite programs in relation to ISO/TS 22002, so there's a different part to each part of the food chain.
31:15 - If we don't use ISO 22000/TS 22000 are there customer requirements that we should be complying to regulatory requirements. Our traceability and emergency response plans and we mentioned these before so traceability is as it says, so are can your products be traced from raw materials all the way to where it's dispatched, where it's sold.
31:55 - How do we do that traceability how is it labelled and then the emergency response with regards to traceability, so should there be a product recall then you know can we trace the products.
32:23 - So looking at our hazards now in the operational section our prps will already have been established, we can now look all of our hazards and put them through a decision tree but before we do that we need a multidisciplinary team with a leader who are competent to looking at the hazards of the business.
33:03 - The standard does stipulate that we need to evaluate the hazards based on the severity of harm and probability of occurrence and this needs to be documented, this could be your decision tree, if your hazards you put them through a decision tree and you decide then from that decision tree
33:22 - whether they are managed or controlled by your prps or are they a ccp or an oprp and which time you would then decide what measures you need to put in place, what are the critical limits or your action criteria when you're looking at oprps, you know what
33:43 - can't be exceeded, how do you monitor it and which corrections or corrective actions will be carried out if your critical limits or the action criteria is not met and who is responsible for the activity.
33:59 - So do you define that the people actually monitoring them are responsible for monitoring and correction or do they monitor and then decide you know if it's out of spec, who do they tell who's responsible putting it through corrective action
34:19 - and also you need to decide which records you maintain what format you maintain them and how can you keep them in a format that you can continually monitor the results so you can look at any trends.
34:41 - So non-conforming products, so there needs to be a process on how you manage non-controlling products, this could be when your limits or for your ccps or your oprps are not met.
34:56 - The standard says that you must treat the product as potentially unsafe and then and they also so if you're treating the product as potentially unsafe for you to be able to identify that you've said that products unsafe and then you need to decide as per your process what's the next steps. This product's already gone out to clients retailers etc, then you must initiate a withdrawal or a recall and notify all the relevant interested parties.

Performance Evaluation

35:39 - The performance evaluation, there's three main ways in which to evaluate performance.
35:47 - Process monitoring, so this is your results from monitoring your prps ccps etc. You will need to conduct internal audits, this will tell you how you are performing against your food safety management system.
36:05 - And also management reviews so management review is bringing everything together and doing all your trend analysis and reviewing everything making decisions on what the next steps are.
36:21 - There's some new elements to be considered when looking at management review.
36:29 - The standard has a long list of things and for which you need to consider, some of these things are changes in context. So changes in your internal and external issues, information on the performance and effectiveness of your food safety management systems.
36:50 - So looking at your trends the adequacy of resources, so do they need more people, do they need new equipment, different equipment, is the lighting good enough, things like that and are there any opportunities for continual improvement.
37:13 - And then from the management review there will be outputs, so and this must be documented, you must consider any actions that need to be taken, who's responsible for them and also any changes that may be needed to the food safety management system and how we manage that.


37:42 - Improvement, so a methodology to capture manage and resolve needs to be undertaken and documented.
37:51 - So this is about your non-conformity so it might be internal non-conformities or external non-conformities.
38:02 - What are you going to do to correct it, you look at the root cause correction, the corrective action, do you have preventative action etcetera and also consider could this happen again.
38:22 - And then review the effectiveness of any corrective action that you put in place, and again make changes to the food safety management system if needed.

Continual Improvement

38:44 - Continual improvement nice and short really, if the requirements of ISO 22000 are established, implemented, regularly reviewed, and challenged and continual improvement will happen naturally.

NQA Resources

39:03 - We're coming to the end of the presentation here that, so at NQA we have we did regular food safety management system updates and blogs via our website. These are also posted on LinkedIn.
39:22 - We have an ISO 22000 implementation guide which you can download from our website and also a transition checklist, the transition checklist is designed for you to be able to do sort of an internal audit of your food safety management system, so you can identify any gaps between what you've got and the standard that you're trying to achieve.
39:47 - And we also have an associate partner program for so if you need any help with implementation or readiness for your audit, you can consult our associate partner program and connect with a consultant that could help you.

Advanced Training Courses

40:07 - We also offer advanced training courses, there's a few here on the screen you can sign up for these on our website, they're really good for continued improvement and with tpp I know that I'm trying to do as many as possible whilst we're at home and can do these remotely.


40:31 - Let's see if we've got any questions, okay so we've got a question here is there any correlation between this standard and the brc?
40:41 - So the brc standard is a product certification audit, it's a food safety management system also that it looks at product safety rather than that does the organization have a management system to enable to it to produce safe products. It's a big, it's more of a the brc is more of a,
41:12 - how can I put this, it's more restrictive in the way it tells you what you need to do to meet a requirement, you have to have certain things in place, the ISO standards where it's more of a management system standard.
41:30 - It tells you what the requirement is and you can decide how you meet that requirement yourself, that's the biggest difference also brc is gfsi recognized ISO 22000 is not gfsi but FSSC 22000 is gfsi benchmarked so if suppliers require you to have a gfsi
41:55 - recognized certification you can have FSSC 22000 which is ISO 22000 plus your prp standard, your 22002 and additional FSSC requirements, which bridge the gap between ISO 22000 and gfsi requirements. I hope that answers your question.
42:20 - If there's no more questions and I will say thank you for your time it's been really great sharing some of our experiences with you. Thank you and have a good day.