Home Resources Blog February 2019

Guide to ISO 22000

25 februari 2019
ISO 22000 describes requirements for a food safety management system and sets out what requirements an organization must meet to demonstrate it can control food safety hazards.

Unsafe food can have severe health consequences, so it's crucial for organizations in the food supply chain to take steps to ensure their processes and products are safe. Today, many food products cross national borders, highlighting the need for a global standard for food safety management. ISO 22000 meets this need by providing guidelines organizations can follow to help identify and control hazards related to food safety.

What Is ISO 22000?

what is iso 22000

ISO 22000:2018, which recently got revised, is a food safety standard for businesses in the global food chain. The International Organization for Standardization (ISO) developed the standard ISO 22000:2018, Food safety management systems – Requirements for any organization in the food chain.

ISO 22000 describes requirements for a food safety management system and sets out what requirements an organization must meet to demonstrate it can control food safety hazards. ISO 22000 industries can get certified to the standard.

ISO 22000 covers organizations across the whole food chain, from the farm to the table. It is designed to ensure fair competition and provide for communication within and between organizations along the food chain.
The standard incorporates and complements the main elements of ISO 9001, the standard for quality management systems, as well as hazard analysis and critical control points (HACCP), a preventive approach to food safety.

The standard provides a framework for organizations to develop, implement, monitor and continually improve a food safety management system, or FSMS, within the context of their overall business risks. To comply with the standard, businesses must meet all applicable food safety-related statutory and regulatory requirements.

Organizations that want to create an FSMS that is more focused, coherent and integrated than what the law requires can benefit from ISO 22000. It helps organizations with aspects of their operations such as food safety, hazard controls, their supply chain, HACCP, their business strategy and food traceability.

What Is a Food Safety Management System?

Although the primary concern regarding food safety is the presence of food safety hazards at the point of consumption, these hazards can occur at any point along the food chain. Because of this, it's crucial to have adequate controls in place throughout the food chain, and all the organizations involved must collaborate to ensure safety.


The primary elements of an FSMS, as described in ISO 22000, are:

  • Interactive communication across the organization

  • System management that includes documentation

  • Prerequisite programs, which ensure a clean, sanitary environment

  • HACCPprinciples, which help identify, prevent and remove food safety hazards

The standard also covers other principles, which are part of all ISO management system standards. These principles are:

  • Customer focus

  • Leadership

  • Engagement of people

  • Process approach

  • Improvement

  • Evidence-based decision-making

  • Relationship management

What Does ISO 22000 Require?

fsms iso 22000

An FSMS, as described in ISO 22000, establishes a process for managing food safety that applies across the entire organization. Some of the processes an organization may consider about ISO 22000 include:

  • An overall food safety policy

  • Targets that will drive the company's efforts to comply with its policy

  • Planning, designing and documenting a management system

  • Creating a food safety team of qualified individuals and assigning responsibilities

  • Establishing communication procedures for internal communication and communication with parties outside the company, such as customers, suppliers and regulatory bodies

  • An emergency plan

  • A plan for regularly evaluating the performance of the FSMS

  • A strategy for providing sufficient resources to enable the operation of the FSMS, including trained and qualified personnel, infrastructure and an appropriate work environment

  • A plan for following principles of HACCP

  • A system to enhance the traceability and identification of products

  • A system for controlling nonconformities in products

  • A documented procedure for the withdrawal of products

  • An internal audit program

  • A plan for continually improving the FSMS

  • Prerequisite programs

Prerequisite Requirements

When seeking compliance with ISO 22000, organizations must establish prerequisite programs that aim to reduce the likelihood of contamination. While ISO identifies certain areas and programs organizations must consider, it doesn't define the specific requirements of each program. Instead, each organization will develop its own programs based on its needs.

ISO does provide some guidance on how to develop these prerequisite programs through each one of the  technical specification, such as ISO/TS 22002-1, Prerequisite programs on food safety — Part 1: food manufacturing. This document replaces PAS 220. This ISO specification is tailored more toward use with ISO 22000 and provides more detail than PAS 220. It's essential to know ISO/TS 22002-1 applies only to food manufacturers, not all organizations across the entirety of the food chain.Some of the areas ISO 22000 identifies for organizations to consider when developing their prerequisite programs include:

  • Pest control

  • Food defense, biovigilance and bioterrorism

  • The construction and layout of buildings

  • Prevention of cross-contamination

  • Equipment suitability, cleaning and maintenance

  • Employee facilities and personal hygiene

  • Management of purchased material

  • The layout of the premises and workspace

  • Cleaning and sanitizing procedures

  • Product information

  • Utilities, including energy, water and air

  • Warehousing

  • Waste disposal

  • Procedures for product recall

Currently, there are other sector specific technical specifications available for catering companies, the retail sector, business based on transport and storage services, manufacturers of animal feed and also producers of food packaging products.

What Are the Benefits of ISO 22000 Certification?

ISO 22000 helps organizations minimize food risks and improve performance as it relates to food safety. It does so by providing a framework they can use to develop an FSMS, a systematic approach to addressing food safety issues. Compliance with ISO 22000 provides benefits such as:

  • Improved health and safety — Minimizing food risks leads to better health and safety outcomes for customers, other users, employees and others who may come into contact with food.

  • Improved customer satisfaction — Having an FSMS helps you reliably deliver products that meet customer expectations.

  • Help meeting regulatory requirements — Compliance with regulatory requirements is required to achieve certification to ISO 22000. Having an FSMS in place can help companies meet these requirements and understand how they impact the organization and its customers.

  • Help meeting other standards and guidelines — ISO 22000 links to various other international standards and guidelines and can help organizations meet the requirements of these systems as well.

  • Enhanced transparency — ISO 22000 helps organizations improve the traceability of their products and achieve greater transparency regarding operations.

  • Improved response to risks — Having an FSMS in place can help organizations respond more quickly and efficiently to issues that may compromise food safety, helping them stop potential contamination before it occurs.

  • Reduced investigation time — If contamination does occur, an FSMS helps organizations reduce the time it takes to investigate any food safety breaches, solving the problem faster.

The standard itself also offers several advantages over other systems:

  • Consistent structure — The structure of ISO 22000 is similar to that of other international standards. It is designed to integrate seamlessly with other management systems from ISO, such as ISO 9001, ISO 45001 and ISO 14001.

  • Global recognition — ISO 22000 is a well-known, internationally recognized standard. Certification to it improves an organization's reputability with customers, suppliers, investors, regulatory groups and other parties worldwide.

  • Increased business opportunities — Certification to an international standard such as ISO 22000 opens doors for a business. Some organizations require certification before they will supply or otherwise work with a company.

benefits of iso 22000

Who Should Adhere to the Standard and Get Certified?

ISO 22000 applies to any organization that is part of or contacts the food industry or food chain, regardless of the size of the organization or where it is along the food chain.

These organizations may be food, ingredient and additive manufacturers, feed producers, organizations involved in the transport or storage of food or those that subcontract to food-related companies. Organizations that are related to the food industry but aren't directly part of it can also use it, such as those that produce equipment, packaging materials or cleaning agents the food industry uses.

How the Standard Works

ISO 22000 provides organizations with a framework they can use when creating and deploying an FSMS, but organizations have some level of flexibility in how they create their system. Compliance with the standard is voluntary, although some organizations may require certification to it before they will work with an organization. A company may seek certification to the standard or implement aspects of it without seeking certification.

Since the recent revision, ISO 22000 contains some organizational elements that are common to other ISO management standards. These components enable you to integrate these standards and use them together. These organizational elements include the following.

The Plan-Do-Check-Act Cycle

iso 22000 plan do check act

An essential aspect of ISO management standards is continuous improvement. Organizations can use the plan-do-check-act (PDCA) cycle as described in ISO 22000 to drive this improvement. The PDCA model can apply to the overall FSMS and each of its elements. The steps of the PDCA approach are:

  • Plan — Establish the objectives of the FSMS and its processes, provide the required resources and identify and address opportunities and risks

  • Do — Implement the processes you have planned

  • Check — Monitor the processes and their results, analyze the data gathered from this monitoring and report the results

  • Act — Implement measures to improve the performance of the processes

Annex SL

ISO 22000 uses the Annex SL format, a high-level structure that is now common to all ISO management standards. Through the use of this shared structure, ISO is aiming to reduce the number of processes that need to be repeated, improve interoperability and reduce confusion about terminology and other elements.
The 10 main elements of the Annex SL structure are:

  1. Scope describes the intended outcomes of the FSMS. These outcomes are industry-specific and must make sense within the context of the organization.

  2. Normative references identify other standards and publications that relate to the standard in question.

  3. Terms and definitions define relevant terms.

  4. The context of the organization includes details about the organization and its context, the expectations of interested parties, the scope of the FSMS and the FSMS itself.

  5. Leadership describes the commitment from the organization's leadership, its policies and the roles, responsibilities and authorities of others within the organization.

  6. Planning assists with aspects of planning the FSMS, including how to address risks and opportunities and achieve objectives.

  7. Support deals with the resources, competence, awareness, communication and documented information required for the FSMS.

  8. Operation addresses the operational aspects of the FSMS and has one subclause: operational planning and control.

  9. Performance evaluation describes monitoring, measurement, analysis and evaluation as it relates to the FSMS, including internal audits and management reviews.

  10. Improvement describes processes for improving the FSMS, including correcting nonconformities and enabling continual improvement.

Previous Versions

ISO published its revised food safety standard, ISO 22000:2018, on June19 , 2018. The previous version was ISO 22000:2005. ISO regularly reviews and updates its standards.

ISO 22000:2018 replaces ISO 22000:2005, and any organization that is currently certified to ISO 22000:2005 will have three years to transition to the new version. Certifications to ISO 22000:2005 will expire on June18 , 2021, three years after the publication of the revision, if the organization does not transition.

The revision revises the standard to address new food safety challenges the modern food chain is facing. A primary aim of the update, ISO said, was to align ISO 22000 more closely with its other management system standards by using the common high-level structure of Annex SL.

iso 22000 revision

The new version of the standard also includes a new approach to risk that addresses risk on two different levels — the operational level and the organization level — which relates to the strategic direction of the business.

The plan-do-check-act cycle also works on two different levels — that of the FSMS as a whole and the operations level, which also deals with the HACCP principles.

The revised standard includes new and revised definitions of various critical terms.

Relationship to Other Standards

ISO 22000 relates to several other well-known standards and guidelines and shares some elements with them. There are also various other ISO publications that relate to ISO 22000.

Codex Alimentarius

The revised version of ISO 22000 is based on the principles for food hygiene outlined in Codex Alimentarius, an internationally recognized set of guidelines and standards developed by the Codex Alimentarius Commission, an intergovernmental body established by the World Health Organization and the Food and Agriculture Organization of the United Nations.

codex alimentarius

Codex Alimentarius, also called the Food Code, is referenced in many national food safety laws. Because ISO 22000 is based on principles of Codex Alimentarius, government authorities can refer to ISO 22000 in national requirements and inspections. Compliance with ISO 22000 may also help companies meet requirements of national laws that reference the Food Code.

The United Nations' Sustainable Development Goals

ISO 22000 supports the United Nations' Sustainable Development Goals, especially Goal 2: Zero Hunger and Goal 3: Good Health and Well-Being. The standard helps meet these goals by reducing foodborne illnesses and supporting improved public health.

iso 22000 goals

The FSSC 22000 Food Safety System Certification

The FSSC 22000 Food Safety System Certification is based on ISO 22000, ISO Technical Standards for prerequisite programs and other FSSC additional requirements. While ISO 22000 applies to a broad range of organizations, FSSC 22000 is more limited in scope. The Global Food Safety Initiative (GFSI) recognizes FSSC 22000 but not ISO 22000. The Food Business Forum CIES, a global network of food retailers and manufacturers, coordinates GFSI. Current scopes GFSI addresses include, ,production of (bio)chemicals, food manufacturing, feed production, transport and storage and food packaging material manufacturing.

Related ISO Technical Committees and Standards

Numerous ISO technical committees publish standards related to food safety, including:

  • ISO/TC 34 creates standards related to food products as well as vitamins, animal welfare and microbiology

  • ISO/TC 34/SC 17 creates standards related to management systems for food safety

  • ISO/TC 134 creates standards related to fertilizers, soil conditioners and other related substances

  • ISO/TC 234 creates standards related to fisheries and aquaculture

  • ISO/TC 34/SC 5 creates standards related to milk and milk products

ISO has more than 1,600 standards and documents related to the food industry. ISO standards related to ISO 22000 and food safety are:

  • ISO 22005:2007 addresses traceability within the food and feed chain and lays out basic principles and requirements for designing and implementing systems for traceability.

  • ISO 8157:2015 defines terms related to fertilizers and soil conditioners.

  • ISO 16488:2015 describes methods used for the design, operation and evaluation of net-cage marine finfish farms. It minimizes the risk of escape from these fish farms.

  • ISO 20633:2015 specifies test methods for determining the quantity of vitamins and other micronutrients in infant formula, as well as adult nutritionals.

Steps to Become Certified

You do not have to become certified to ISO 22000 to use its principles, but certification provides numerous benefits, namely the ability to demonstrate your compliance with the standard to third parties.

Upon implementing your FSMS, you can seek certification. To become certified, you will work with an accredited certification body such as NQA. This certification body will perform the audits required to verify compliance and issue certification if your organization meets all requirements.

iso 22000 certification

The main steps of the certification process are:

1. Application
The first step is to apply for certification by submitting a quote request form. Through this form, you will provide us with information about your organization. Once you submit the form, we will provide you with a quote for certification.

2. Assessment
The next step is to undergo several rounds of audits to confirm your organization's compliance with the standard. Before scheduling the first audit, you must demonstrate your FSMS has been operating fully for at least three months and complete a full cycle internal audits of the FSMS.

iso 22000 assessment

The initial certification audit includes two stages. The first seeks to show your organization is ready for a full audit. During the visit to your facility for the first stage of the audit, the auditor will:

  • Verify the FSMS meets the requirements of ISO 22000

  • Verify the implementation status of the FSMS

  • Confirm the certification scope

  • Confirm compliance with statutory and regulatory requirements

  • Issue a report that identifies any issues or opportunities for improvement and agrees with the organization on a plan for corrective action, if necessary

  • Develop an assessment plan and confirm with the organization a date for the next visit

The second stage of the initial audit seeks to verify the FSMS is fully compliant with all requirements of ISO 22000. During the second visit, the auditor will:

  • Undertake sample audits of all relevant processes and activities

  • Document whether the system complies with standards

  • Visit any remote locations to evaluate the performance of the FSMS offsite

If the assessor discovers any non-compliance or opportunities for improvement, they will report them to the organization. If the auditor finds any major non-compliance, the organization must correct the issues before they can receive certification. If the organization doesn't correct the major issues within14 days after the audit , it must undergo another stage two audit.

3. Certification
If the auditor determines that the FSMS complies with the requirements of ISO 22000, NQA will issue certification. To maintain this certification, the organization will undergo annual surveillance audits. The annual surveillance audits ensure the organization maintains compliance and is continually improving its FSMS as required by ISO 22000. After three years, the organization must undergo a full audit to be recertified. If the organization changes during these three years through expanding, moving, entering new markets or other changes, it can adjust its FSMS accordingly and maintain certification, provided it still follows all the requirements of the standard.

If an organization is certified to ISO 22000:2005, it must adjust its FSMS to comply with the newest version of the standard. It can transition its certification to ISO 22000:2018 at a surveillance audit, recertification audit or a one-off audit visit.

How NQA Can Help

Working with an accredited certification body like NQA can help you achieve certification and improve your organization. At NQA, we are passionate about providing excellent value and service for our clients and helping them improve their products and processes.

iso 22000 certified

We can help you in your efforts to achieve ISO 22000 certification in the following ways:

  • Certification audits — We provide certification audits that help you improve your organization and meet the demands of the standards you're seeking certification to.

  • Gap analysis — We can perform a gap analysis to help you determine the amount of time and effort achieving ISO 22000 certification will require and help you plan your FSMS.

  • Transition guidance — We offer resources and assessments that can assist your organization in transitioning from ISO 22000:2005 to ISO 22000:2018.

  • Consultancy information — While we do not provide consultancy services, we do have a database of consultants you can use to find one to work with.

For more information about ISO 22000 and the role we can play in your efforts to achieve certification to it, feel free to contact us. To get started with the certification process, you can also request a quote.