ISO 22000:2018 Introduction to the standard The clause structure Key changes in compared with the previous version How can DNV GL support your transition process DNV GL - Business Assurance, Global Unit Technology & Services
1
DNV GL ©
SAFER, SMARTER, GREENER
Introduction to the ISO 22000:2018 standard
2
DNV GL ©
The standard – ISO 22000:2018 ISO 22000:2018 was published 19 June 2018. The aim of ISO 22000 is to harmonize the requirements for food safety management on a global level. The standard contributes to ensure food safety throughout the whole food chain from farm-totable. The standard does not state specific criteria for food safety performance, nor is it prescriptive about the design of a management system.
3
DNV GL ©
From ISO 22000:2005 to ISO 22000:2018 – DNV GLs contribution ISO 22000 was developed by the ISO committee ISO TC 34 SC 17, including several working groups for both the main standard ISO 22000 and the related family, that is the ISO TS 22002-X series (prerequisite programs for each food chain segment), as well as the relevant guidelines. Furthermore the joint ISO-CASCO working group 36 developed and it’s now updating the ISO TS 22003, the regulation for the certification process. Since the starting of the revision process in 2014 DNV was an active member of the working group and a co-author and contributor to the content of the standards. DNV GL is currently participating to the working groups for ISO TS 22003 revision and for the new ISO TS 22002-5 PRP for storage and distribution.
4
DNV GL ©
ISO 22000:2018 – Some basics Ch. 1 ‘Scope‘ states that an organization directly or indirectly involved in the food chain shall: a) Plan, implement, operate, maintain and update a food safety management system providing products and services that are safe. b) Demonstrate compliance with applicable statutory and regulatory food safety requirements. c) Evaluate and assess mutually agreed customer food safety requirements and demonstrate conformity. d) Effectively communicate food safety issues to interested parties. e) Ensure that the organization conforms to its stated food safety policy. f) Demonstrate conformity to relevant interested parties.
5
DNV GL ©
ISO 22000:2018 - The clause structure
6
DNV GL ©
ISO 22000 adapts the High Level Structure/Annex SL ISO decided in 2012 that all management system standards shall use a common framework containing: Unified High Level Structure (HLS) Common Text and Terminology Individual management systems standard will add additional “discipline-specific” requirements as required. Main advantages Enhanced compatibility of standards Easier to implement new standards Easier to integrate standards into a management system Increase value for users Increased effectiveness in standard development for the technical committees
7
DNV GL ©
ISO 22000:2018 is using the High Level Structure
10 clause structure - Main clauses of High Level Structure (HLS)
01
Scope
06
Planning
02
Normative references
07
Support
03
8
Terms and definitions
08
Clause 3 contains a number of common terms and definitions to be used across standards.
For Clauses 4-10 there are sub-clauses with identical core text (requirements) to be used across standards.
Standard specific terms, sub-clauses and requirements are added in Clause 3-10.
Operation
04
Context of the organization
09
Performance evaluation
05
Leadership
10
Improvement
DNV GL ©
Explanations
ISO 22000:2018 requirements ISO 22000 REQUIREMENTS  SECTIONS 1 Scope 2 Normative references 3 Terms and definitions 4 Context of the organization 4.1-Understanding the organization and its context 4.2-Understanding the needs and expectations of interested parties 4.3-Determining the scope of the food safety management system 4.4-Food safety management system 5 Leadership 5.1 Leadership and commitment 5.2 Policy 5.3 Organizational roles, responsibilities and authorities
9
DNV GL Š
ISO 22000:2018 requirements ISO 22000 REQUIREMENTS  SECTIONS 6 Planning 6.1 Actions to address risks and opportunities 6.2 Objectives of the food safety management system and planning to achieve them 6.3 Planning of changes 7 Support 7.1 Resources 7.2 Competence 7.3 Awareness 7.4 Communication 7.5 Documented information
10
DNV GL Š
ISO 22000:2018 requirements ISO 22000 REQUIREMENTS  SECTIONS 8 Operation 8.1 Operational planning and control 8.2 Prerequisite programmes (PRPs) 8.3 Traceability system 8.4 Emergency preparedness and response 8.5 Hazard control 8.6 Updating the information specifying the PRPs and the hazard control plan 8.7 Control of monitoring and measuring 8.8 Verification related to PRPs and the hazard control plan 8.9 Control of product and process nonconformities 9 Performance evaluation 9.1 Monitoring, measurement, analysis and evaluation 9.2 Internal audit 9.3 Management review 11
DNV GL Š
ISO 22000:2018 requirements ISO 22000 REQUIREMENTS SECTIONS 10 Improvement 10.1 Nonconformity and corrective action 10.2 Continual improvement 10.3 Update of the food safety management system
12
DNV GL ©
Annexure A-Cross reference between the Codex HACCP and ISO 22000:2018
Annexure B-Cross reference between ISO 22000:2018 to ISO 22000:2005
Key changes in ISO 22000:2018 compared to ISO 22000:2005
13
DNV GL ©
Key changes to the requirements The key changes incorporated into the 2018 version of ISO 22000 can essentially be divided into:
14
01
Changes due to the adaption of HLS
02
Other changes that are specific to ISO 22000
DNV GL Š
Key changes induced by the HLS As a result of the HLS the structure and clauses of the standard are largely changed compared to the previous version. New clauses for systematic determination and monitoring of the business context (external and internal issues) (Ref. 4.1) and needs and expectations of interested parties (Ref. 4.2). This to identify and understand factors that can (potentially) affect the ability of Management System to reach the intended results. Strengthened emphasis on leadership and management commitment (Ref. 5.1), including to actively engage and take accountability for the effectiveness of the management system. Risks management (Ref. 6.1.1 to 6.1.3) to determine, consider and, where necessary, take action to address any risks that may impact (either positively or negatively) the ability of Management System to deliver its intended results.
15
DNV GL ©
Key changes induced by the HLS 5.1 Top Management shall demonstrate leadership and commitment by: a) Ensuring that the food safety policy and the objectives of the food safety management system (FSMS) are established. b) Ensuring the implementation of the FSMS. c) Ensuring that the resources for the FSMS are available. d) Communicating the importance of effective food safety management. e) Ensuring that the FSMS is evaluated and maintained. f) Directing and supporting persons to contribute to the FSMS’ effectiveness. g) Promoting continual improvement; h) supporting other relevant management roles to i) demonstrate their food safety leadership.
16
DNV GL ©
Key changes induced by the HLS Strengthened focus on objectives as drivers for improvements (6.2.1/6.2.2) & performance evaluation (9.1.1/9.1.2). Extended requirements related to Communications (7.4): More prescriptive in respect of the mechanics of communication, including determination of what, when and how to communicate. Less strict requirements for a Food Safety Manual (7.5.1). It is still required to have documented information. Documented information shall be controlled to ensure it is adequately protected (ref. 7.5.3). The explicit requirement to have a documented procedure has been removed.
17
DNV GL ©
Note also the following related to the HLS The HLS does not refer to Preventive action as a term or clause. However the concept of preventive action is considered to be covered through the risk based thinking throughout the standard and implicitly embedded in relevant clauses (e.g. through chapter 4, 6, 8 and 9). Documented information is now the term used as replacement of Documents and Records.
18
DNV GL ©
In addition there are other key changes (see next slides)
ISO 22000 – two stage PDCA implementation * Including control of externally provided processes, products and services.
Organizational planning and control PLAN (FSMS)
The PDCA cycle
The standard clarifies the
Plan-Do-Check-Act cycle, by having two separate cycles in the standard working together: one covering the management system and the other, covering the principles of HACCP.
19
DNV GL ©
4. 5. 6. 7.
DO (FSMS)
Context of the organization Leadership Planning Support*
8. Operation
CHECK (FSMS) 9. Performance evaluation
ACT (FSMS)
10. Improvement
Operational planning and control PRPs Traceability system Emergency preparedness & response
Hazard analysis
Validation of control measures
Hazard control plan (HACCP/oPRP plan)
Verification planning
PLAN (food safety)
Updating of preliminary information and documents specifying the PRPs and the hazard control plan
Verification activities
ACT (food safety)
CHECK (food safety)
Analysis of results of verification activities
Implementation of the PLAN (food safety) Control of monitoring and measuring Control of products & process nonconformities
DO (food safety)
Other specific key changes The changes listed from this slide onwards slides are additional to the ones originating from HLS.
STEP
SCOPE
STEP
DEFINITIONS
1
3
20
DNV GL Š
Now specifically includes animal food: food for animals not producing food for human consumption. Feed is intended to be fed to food producing animals.
Acceptable level: a control measure is effective if able to keep the relevant hazard under the acceptable level in the end product. Contamination is now used for a broader purpose, e.g. now includes effects of food fraud.
Other specific key changes FOOD SAFETY STEP
3.21
Harm is replaced by adverse health effect because consistency with definition of food safety hazard (where "adverse health effect" is used). The use of assurance highlights the relationship between the consumer and the food product, based on the assurance of safety.
OUTSOURCE STEP
3.33
An external organization is outside the scope of the food safety management system (3.23), although the outsourced function or process is within the scope.
RISK STEP
3.39
21
DNV GL ©
6.1.1 states “public authorities are responsible for addressing public health risks. Organizations are required to manage food safety hazards.” The term risk is used at the management system level only, which is the outer PDCA cycle to manage the organizational risk. In the inner PDCA cycle, the operational planning and control ensuring control of process, the term hazard is used. the control is based on hazard analysis, CCP and OPRP.
Other specific key changes COMMUNICATING THE FOOD SAFETY POLICY STEP
Explicitly requires the management to facilitate understanding of the Food Safety Policies by employees.
5.2.2
FOOD SAFETY OBJECTIVES STEP
6.2.1
Establishing objectives for the FSMS is further specified. now includes items as e.g. consistent with customer requirements, monitored and verified. Note that FSMS objectives are not food safety objectives; a food safety objective (FSO) is a tool to meet a public health goal such as an appropriate level of protection (ALOP). An FSMS objective is related to the management system itself.
CONTROL OF EXTERNALLY-PROVIDED PROCESSES, PRODUCTS OR SERVICES STEP
7.1.6
22
DNV GL Š
This clause introduces the need to control the suppliers of products, processes and services (including outsourced processes) and to ensure adequate communication of relevant requirements, in order to ensure to meet the FSMS requirements. relevant documented information shall be retained.
Other specific key changes COMPETENCE STEP
7.2
The scope of this clause does not solely cover own employees, but also includes subcontractors and other people performing work on behalf of the organization.
GENERAL STEP
There has to be a clear decision on whether, what and how to communicate.
7.4.1
GENERAL STEP
7.5.1
23
DNV GL Š
The term documented information relates both to how to operate a process (former procedure) and evidence of the results achieved (former records). The extent of documentation will vary depending on its risk exposure, size of the organization, nature of its activities, complexity of the process and competency of its employees. A key aspect of documenting processes is knowledge preservation and management.
Other specific key changes TRACEABILITY SYSTEM STEP
8.3
The clause is more precise in the specification of unique identification, taking into account rework and retention time of records related to the shelf life of the products.
VERIFICATION STEP
8.8.1
PRP verification shall confirm not only that the PRP is implemented, but also that it's effective. The verification activities shall be carried out by person not involved in the monitoring.
EVALUATION FOR RELEASE STEP 8.9.4.2
24
DNV GL Š
When the nonconformity of a product is related to critical limits and CCPs, the product is unsafe and cannot be released. only nonconformities related to action criteria and oPRP may result in product release, provided the condition given in the clause are met.
Other specific key changes DISPOSITION OF NONCONFORMING PRODUCTS STEP 8.9.4.3
When a nonconformity is related to critical limits and CCPs, the product is unsafe and cannot be released. Only nonconformities related to action criteria and oPRP may result in product release, provided the condition given in the clause are met.
DESCRIPTION OF PROCESSES AND PROCESS ENVIRONMENT STEP
8.5.1.5.3
The responsibility of the food safety team within the organization is now explicitly stated for the relevant activities. The need to describe the process environment, food contact materials, existing PRPs and any occurring change (e.g. seasonal and shift patterns) is now explicit.
MANAGEMENT REVIEW INPUT STEP
9.3.2
25
DNV GL Š
The list of the inputs to be considered has been better detailed, including e.g. the performance of external providers, the review of risks and opportunities and the need of resources.
Key Changes in ISO 22000:2018 compared to ISO 22000:2005 related to the HACCP systematic
26
DNV GL ©
Changes affecting systematics on hazard analysis, CCP’s and oPRP’s CONTROL MEASURE STEP
3.8
Elimination of food safety hazards is not realistic, the definition considers prevention and/or reduction of significant food safety hazards, making clear that any control measure is managed within the hazard control plan (CCP or oPRP). It's essential, identified by hazard analysis, targetting significant food safety hazards.
CRITICAL CONTROL POINT CCP STEP
3.11
This now clarifies several aspects e.g. it is a step in the process, it involves control measure, is needed for significant food safety hazards, and specifies that the definition of critical limits and the possibility to carry out measurement are essential to define a CCP.
CRITICAL LIMIT STEP
3.12
27
DNV GL ©
This is now restricted to measurable value; any criterion not measurable cannot be associated with any CCP (actually, the observable criterion is now associated with oPRP concept).
Changes affecting systematics on hazard analysis, CCP’s and oPRP’s OPERATIONAL PREREQUISITE PROGRAMME STEP
3.30
The oPRP concept is changed and clarified. oPRP is now also applied to reduce (not just to prevent) a significant food safety hazard. It makes explicit reference to control measure instead of PRP and the need for action criteria is established to ensure effective control of the process and/or the product.
OPERATIONAL PLANNING AND CONTROL STEP
8.1
This is the inner PDA cycle. It includes the codex Alimentarius' 7 principles / 12 steps (except assemble HACCP team which is covered in 5.3.1 and 7.2 c). It develops the risk-based thinking embedded in the food safety field through the HACCP methodology. It's important to remind, that the operational control is dealing with hazards. This clause includes a reminder to consider the control of changes (ref 6.3) and the control of outsourced processes (ref 7.1.6).
REWORDED AND CLARIFIED STEP
8.5.2.4.1
28
DNV GL ©
The control measures categorization is an assessment based on likelyhood and severity, and aspects affecting the severity of consequences are specified. the concept of synergistic effect considers any combination of control measures, not necessarily synergistic.
Changes affecting systematics on hazard analysis, CCP’s and oPRP’s HACCP PLAN vs HAZARD CONTROL PLAN STEP 8.5.4.1
The new wording hazard control plan is important to highlight that the oPRPs and the HACCP plans are actually part of the same hazard control plan, based on the same hazard assessment, with the shared objective to control significant food safety hazards.
DETERMINATION OF CRITICAL LIMITS AND ACTION CRITERIA STEP 8.5.4.2
29
DNV GL ©
This is a key change in the standard, now better clarifying the difference between CCP and oPRP as well as their common structure and shared objective. The monitoring of both CCPs and oPRPs needs the definition of criteria to determine the status of the relevant control measure and take action if needed. These criteria are the critical limit for the CCP (measurable) and the action criteria for the oPRP (measurable or observable). It should be recognized that in some cases the action criteria could be having the oPRP itself in place; for example if the oPRP is the hand washing with hourly frequency, the action criterion will be the observation of the hand washing itself (while the relevant hand swabbing should be considered a verification).
Changes affecting systematics on hazard analysis, CCP’s and oPRP’s MONITORING SYSTEMS AT CCPs AND FOR oPRPs STEP 8.5.4.3
30
DNV GL ©
The monitoring system shall be established for control measures, both at CCPs and for oPRPs. The need to document the monitoring results is now explicit. Note that despite the different wording used for CCPs and oPRP, the technical approach for the selection of the monitoring methods and frequency is substantially the same. While frequency and monitoring methods at CCPs shall be capable to detect any failure before the product leaves the organization's control because the product is unsafe (same as previous version), the selection of methods and frequency for oPRP monitoring shall be based on the likelihood of failure (of the control measure) and the severity of consequences (of the failure), which in turn means that monitoring shall be stricter and stricter according to the actual risk for consumer (as the product is not necessarily unsafe). The requirement related to the monitoring based on observation such as the visual inspection is now referred specifically to the oPRPs, as this type of criteria is accepted for action criteria only (not for critical control points).
Transition from ISO 22000:2005 to ISO 22000:2018 Timeline, implementation and how DNV GL can support your transition process.
31
DNV GL Š
Timeline Important! ISO 22000:2005 ceases to be valid 3 years after publication date of ISO 22000:2018. ‘2005’ certificates therefore need to be migrated to ‘2018’ within these 3 years, as all ‘2005’ certificates will cease to be valid after this period. DNV GL will only be allowed to issue only accredited ISO 22000:2018 certificates, e.g. RvA, ANAB etc. Accredited ‘2005’ certificates can be migrated to ‘2018’ during a scheduled periodic or recertification audit within in the 3 year period. Normally depending on the FSMS complexity 0.5-1 auditor man day will be added when transition audit is done in conjunction with a scheduled periodic or recertification audit. Additional time is to cover existing and new requirements implied by ISO 22000:2018.
32
DNV GL ©
How to prepare for implementation of the new standard? Our recommendation is to start preparing for the migration as early as possible and plan properly to incorporate needed changes into your management system. Recommended steps for the migration Get to know the content and requirements of ISO 22000:2018. The standard is available for purchase from ISO and possibly from your normal national standards provider. If you are a current user of ISO 22000:2005 you should focus on the changes in requirements. Ensure that relevant personnel in your organization are trained and understand the requirements and key changes. Identify gaps which need to be addressed to meet the new requirements and establish an implementation plan. Implement actions and update your management system to meet the new requirements. Evaluate the effectiveness of implementation via internal audits and define further actions were needed.
33
DNV GL ©
How can DNV GL support your implementation? DNV GL can support through Seminars, webinars, e-learning etc. where you typically learn about the standard and where you get a basic overview of the content and key changes compared with ISO 22000:2015, the migration process etc. Tutored training courses, in-company or public. The objective of these courses is to provide detailed insight to the content and changes and about the required steps for migration. These are modular courses where the level of detail can be tailored to your needs. Gap assessment (workshops) where we assess your management system against the requirements of the new standard and identify the gaps that need to be addressed. This will provide useful input to your process to comply with the new standard. The level of detail of such assessment can be tailored to your needs.
34
DNV GL ©
Please contact your local DNV GL office for more info! See also relevant material and info for on DNV GLs homepage: dnvgl.com/assurance
Thank you!
www.dnvgl.com/assurance www.dnvgl.com
SAFER, SMARTER, GREENER
35
DNV GL ©
The trademarks DNV GL®, DNV®, the Horizon Graphic and Det Norske Veritas® are the properties of companies in the Det Norske Veritas group. All rights reserved.