ISO 22000 Transition Training Powerpoint FINAL 02-20-19
ISO 22000 Transition Training Powerpoint FINAL 02-20-19
ISO 22000 Transition Training Powerpoint FINAL 02-20-19
TRANSITION FROM
VERSION 2005 TO 2018
O P E R AT I O N S T R A I N I N G F E B R U A RY 2 0 , 2 0 1 9
P R E S E N T E D B Y M I K E G OV R O, DAV I D VA N L E U V E N &
ELIZABETH RACHWITZ
ISO 22000:2005 TO ISO22000:2018
CLAUSE 0.1 GENERAL
Benefits of the FSMS, reference to PDCA (Plan Do Check Act) and clarification
in verbal forms (shall, should, may, can) have been included
Definitions:
Shall – indicates a requirement
Should – indicates a recommendation
May – indicates a permission
Can- indicates a possibility or a capability
CLAUSE 0.2 FSMS PRINCIPLES
Plan: establish objectives of system and its processes, provide resources needed to
deliver results, and identify and address risks and opportunities
Check: monitor and (where relevant) measure processes and resulting products and
services, analyze and evaluate information and data from monitoring, measuring and
verification activities, and report the results
This revision of the standard has been developed within the ISO high level
structure (HLS). The objective of the HLS is to improve alignment between ISO
management system standards (ISO 22000, ISO 9001 and ISO 14001).
Enables an organization to use the process approach, coupled with the PDCA
cycle and risk-based thinking, to align or integrate its FSMS approach with the
requirements of other management systems and supporting standards.
FSMS - REQUIREMENTS FOR ANY
ORGANIZATION IN THE FOOD CHAIN
CLAUSE 1 SCOPE
General requirements are the same, but wording has clarified or eliminated
redundant terms (e.g. suppliers & customers are now all included under interested
parties)
Now specifically includes animal food (food for animals not producing food for
human consumption.)
FSMS - REQUIREMENTS FOR ANY
ORGANIZATION IN THE FOOD CHAIN
CLAUSE 2 NORMATIVE REFERENCES
Reference has been eliminated
FSMS - REQUIREMENTS FOR ANY
ORGANIZATION IN THE FOOD CHAIN
CLAUSE 3 TERMS AND DEFINITIONS
Reference to ISO and IEC terminology databases has been included. Number of
definitions has been increased from 17 to 45. The term Significant food
safety hazard has been included and linked to the definition of control
measures. "Elimination" of significant food safety hazards has been removed,
leaving only reduction or prevention. Definitions of CCP's and OPRP's have
been enhanced with additional elements and linked to significant food safety
hazards. Clarification between validation, verification and monitoring
included. Food, Feed and animal food terms have also been included.
CLAUSE 3 TERMS AND DEFINITIONS
(CONT.)
Acceptable level: a control measure is effective if it is able to keep the relevant
hazard under the acceptable level in the end product.
Contamination is now used for a broader purpose (i.e. now includes effects of
food fraud).
6.1.1 states “public authorities are responsible for addressing public health risks.
Organizations are required to manage food safety hazards.”
- The term risk is used at the management system level only, which is the outer PDCA
cycle to manage the organizational risk.
- In the inner PDCA cycle, the operational planning, and control ensuring control of
process, the term hazard is used. Control is based on hazard analysis, CCP and oPRP.
CLAUSE 3 TERMS AND DEFINITIONS
(CONT.)
Section 3.11 has clarified aspects of the Critical Control Point CCP.
Section 3.12 requires a Critical Limit MUST be measurable value. (If it is only
observable that must be an oPRP).
CLAUSE 3 TERMS AND DEFINITIONS
(CONT.)
Monitoring: determining the status of a system, a process or an activity
- Monitoring is applied during an activity, provides info for action within a specified time frame
IF organization has done this exercise for another ISO standard, how did they update for
FSSC?
Info must be reviewed & updated (during periodic event, such as Management Review)
Top Management Example Questions: Who determined this information, and how? When
would you revise/update this information? How did you document this information,
including changes to it?
4.2 UNDERSTANDING THE NEEDS &
EXPECTATIONS OF INTERESTED PARTIES
2005 Reference: New Clause
IF organization has already done this exercise for another ISO standard, how did
they update for FSSC?
2005 Reference: Requirements for scope definition already included in 4.1, however further
requirements have been added
The term services has been added to the scope definition requirement, as well as
activities..... that can have an influence on the food safety of the end products
of the organization.
Link to requirements defined in 4.1 and 4.2 has been added when determining the
scope.
- The organization’s documented information from 4.1 and 4.2 should provide the raw
material for them to develop their Scope = the boundaries of their FSMS.
4.3 DETERMINING SCOPE OF THE FSMS (CONT.)
The scope:
- Shall specify products and services, processes and production site(s) included in the FSMS.
- Shall include activities, processes, products or services that can have an influence on the
food safety of its end products.
- Shall be documented.
- Is NOT just what is shown on the organization’s certificate or in the FRS!
Exclusions are rare as, even if processes, sites, etc. may not be directly managed by the
organization, they still must be controlled. Example: an outside warehouse managed and
manned by a 3rd party. The organization would still be expected to ensure this location is
meeting their FSMS requirements, as it has influence on the food safety of the
organization’s end products.
4.4 FOOD SAFETY MANAGEMENT SYSTEM
2005 Reference: Already existing in 4.1 but more extensive than in the new version. "The
organization shall establish, document, implement and maintain an effective food safety
management system and update it when necessary in accordance with the requirements of this
International Standard". Control of outsourced processes has been moved to clause 7.1
General requirements related to the food safety management system, have been
resumed in a single general clause. The word document has been removed
giving an open decision how to manage the FSMS .
The site’s SWOT Analysis (January 2019) includes a column for strength, weakness, opportunity and threat
questions, and additional columns for the departments/areas impacted by each S, W, O and T, such as
Manufacturing, Shipping, Sales, Customer Service and Accounting. An example of how the above works is
the question “Where do you lack resources?” (a weakness) is answered “manpower” by both
Manufacturing and Shipping. The Management Team revised their analysis in their Quality Management
Team (QMT) meeting in early 2019 to include Suppliers as an area potentially impacted by the site’s S, W, O
and T determinations.
The CLIENT NAME Relevant Interested Party Analysis (01/10/18) was also reviewed at that time and found
to still be accurate.
The Quality Systems Manager is in charge of the QMS. The Management Team has identified the processes
needed for the QMS, including Quality Plan (12/11/17) and Quality Process/Relationships (12/11/17).
The Management Team has determined the top three risks to be addressed: 1) resource allocation to
improve throughput and reduce overtime, 2) focus on downtime/set-up time, and 3) safety, and
determined actions to address these risks; however, they have not documented the effectiveness of those
actions (see minor non-conformance raised in section I-9.3.2e).
Real Example #2 of how Context of the Organization section was written up for 1st time ISO 9001:2015
transition (an extra wordy one!):
The objective of this process is to ensure management has fully considered, discussed and addressed all
aspects of the context of the organization, with this determination used to continuously improve the quality
management system. This process was considered effective and met the intent of the standard.
The Context of Organization (Rev 0, 11/27/17), Interested Parties, SWOT and Scope of the Management
System were developed by the Management Team. The General Manager, Production Manager and
Controller, all members of top management interviewed to ensure management commitment to the ISO
9001:2015 transition and implementation, were able to talk to the SWOT and Interested Parties, giving
examples that applied to their specific area/department and to the overall site.
Site management determined external and internal issues relevant to its purpose using SWOT Analysis (Rev 2,
03/09/18), with detailed strengths, weaknesses, opportunities and threats. Examples of strengths included
GFSI certification for direct food contact, people, reputation and ‘the answer is yes”. Examples of weakness
included quality product (R&A), yield and on time delivery (OTD). Opportunities included sales and volume
growth, continual training and development of employees. Threat examples included competitor pricing
strategies, and paper supply logistics. Each item on the list was scored for likelihood (scale 1-5) and severity
(scale 1-5); when those scores was multiplied, it provided a Risk Priority Number (RPN).
The team also developed Relevant Interested Parties (Rev 0, 10/18/17), which included such groups as customers,
suppliers, employees and managers/supervisors. The team looked at the requirements of each party and the
Management System Processes in place to address each of these requirements.
Top management decided to address all opportunities and threats. Actions to improve (reduce the RPN) are
discussed and documented in Management Review and in Continual Improvement Teams, if created. All are
included in the Action Plan list. Interviews of the GM and Sales Manager included how they plan to increase
volume and grow sales, both deemed opportunities and threats. Interviews of the Production Manager included
discussion on Yield, a weakness tied to numerous opportunities and threats. In addition, the GM was able to
show improvements in their key quality objectives when compared to the same time last year, which he
attributed to the Continual Improvement Teams and the training program the site has put in place for employees.
Site management determined the Scope of the QMS included all production and service activities that take place
at the local address and the outside warehouse.
The site uses the flow diagrams in Context of Organization and Process Mapping for CLIENT NAME, most recently
reviewed for accuracy on 04/28/18, to document their QMS processes, including inputs and outputs, the
sequence of steps, criteria and method, resources needed, and responsibility and authority.
Management Team members interviewed for this process: TG, TT, SW, DH and A
5.0 LEADERSHIP
5.1 LEADERSHIP & COMMITMENT
2005 Reference: Partially covered by clause 5.1 & 7.4.3
Top Management Example Questions: How did you establish (and update, if
already established) site’s FSMS objectives? How do you communicate these
objectives to your employees? How do you ensure adequate resources are given
to the FSMS? Examples? What are your current/recent FSMS continual
improvement projects?
5.2 POLICY
How has top management alerted all personnel that they should report FSMS
problems? Who should they report these problems to?
6.0 PLANNING
6.1 ACTIONS TO ADDRESS RISKS &
OPPORTUNITIES
2005 Reference: New section title, New clause
Additional specific requirements for the definition of objectives have been incorporated
(SMART), as well as requirements related to the planning to achieve them.
How did organization take into account applicable food safety requirements
(statutory, regulatory and customer) when planning objectives?
The general requirement in clause 5.3 (v2005) has been extended to include
additional considerations when planning and carrying out changes within the
FSMS
Wording has been changed slightly and a note added with examples of
infrastructure (land, vessels, buildings and associated utilities; equipment,
including hardware and software; transportation; information and communication
technology).
7.1.4 WORK ENVIRONMENT
Wording has been changed slightly and a note added giving examples of
human and physical factors comprising a suitable environment (social;
psychological; physical).
7.1.5. EXTERNALLY DEVELOPED ELEMENTS
OF THE FSMS
2005 Reference: Partially covered by 1
Food safety team competence has been included under this clause, scope of
necessary competence includes now also specifically external providers.
Requirement for personnel responsible of the operation of the hazard control plan
has been changed from trained to competent.
How does the auditor determine a person is competent? Use challenge questions. What
are some food safety specific issues that would make you stop your line? What changes to your
organization would warrant revising the Hazard Control Plan? How would you know if a raw
material supplier had to get a component from another location?
7.3 AWARENESS
The requirements originally included under 7.1 were extended to take into
consideration the implementation of actions defined to address risks
and opportunities (6.1).
How do they control the actions put in place to address the risks and
opportunities determined in section 6.1 so they achieve planned outcome?
Wording has been changed slightly and appropriateness of the PRP linked to the
context of the organization.
8.2.1 now requires PRPs are updated to prevent/reduce contamination risk. Did
results of verification activities show a PRP should be updated? Ask for
documented evidence of this planned change.
Section 8.2.3 includes items the organization should consider when establishing
PRPs.
Section 8.2.4 includes the minimum list the organization shall consider when
establishing PRPs:
- supplier approval and assurance added (8.2.4f) – was “management of purchased
materials”
- Product information/consumer awareness – new! (8.2.4k)
8.3 TRACEABILITY SYSTEM
Now includes requirements for taking rework into account and ensuring
retention time of records related to the shelf life of the products.
Requirements related to the competence of the Food Safety Team have been
relocated to Clause 7.2 Competence.
Flow Diagrams: Inputs and Outputs to be detailed in the flow diagrams have
been extended and the on-site verification requirements described separately
(8.5.1.5.2).
8.5.1 PRELIMINARY STEPS TO ENABLE
HAZARD ANALYSIS (CONT.)
8.5.1.4 Intended use: Groups of consumers/users, especially those known to be
especially vulnerable to specific food safety hazards, shall be identified (was
considered).
Hazard Assessment: The word elimination of food safety hazards has been
removed. Requirement to identify significant food safety hazards has been
included.
8.5.2 HAZARD ANALYSIS (CONT.)
Selection of control measures:
The word elimination (re food safety hazards) has been removed and the wording
significant food safety hazards has been added to scope of application of this
sub-clause.
Inputs for conducting the assessment & categorization of control measures have
been extended to include feasibility of establishing measuring Critical Limits and
applicability of timely corrections. External requirements that can impact the choice
and strictness of control measures shall be documented.
8.5.2 HAZARD ANALYSIS (CONT.)
Wording has been changed to clarify that validation applies to both single
control measures and combinations of control measures.
The HACCP plan and OPRP document have been combined in a single
document called Hazard Control Plan. Requirements for both OPRP and
CCP (monitoring, critical limits/action criteria/ corrections/corrective actions)
have been combined under this clause (8.5.4)
Requirements for actions to be taken are not only applicable for when critical
limits are not met but also when action criteria is not met.
8.5.4 HAZARD CONTROL PLAN (CONT.)
8.5.4.2 Determination of critical limits and action criteria contains a key change
to the standard.
- It clarifies the difference between CCPs and oPRPs
- Monitoring of a CCP is a measurable critical limit
- Monitoring of an oPRP is a measurable or observable action criteria
8.6 UPDATING INFORMATION SPECIFYING
THE PRP AND HAZARD CONTROL PLAN
2005 Reference: Partially covered by 7.7
Change in wording to substitute HACCP Plan & OPRP for Hazard Control Plan.
Additional information has been added in the outputs of the update process
8.7 CONTROL OF MONITORING & MEASURING
The scope of application of 8.7 has been clarified: methods and equipment
related to PRP and hazard control plan.
PRP verification not only confirms PRP was implemented but also that it is
effective.
The wording "evaluating the need for action to ensure that non conformities do
not recur" has been replaced with determining & implementing actions to
ensure...
8.9 CONTROL OF PRODUCT AND PROCESS
NONCONFORMITIES (CONT.)
Handling of potentially unsafe products:
Requirement clarified for evaluating each lot of affected product.
2005 Reference: New section title, Partially covered by 8.4.2 and 8.4.3
General: organization must determine what, when and how they will monitor and
measure, and who and when will these results be analyzed and evaluated. Results
must be retained as documented information.
9.2 INTERNAL AUDITS
Inputs for generating the audit program have been extended: changes in the
FSMS & results of monitoring and measurement shall be taken into
account to develop the audit program.
Requirement added to ensure that the results of the audit are reported to
the FS Team & relevant management.
MR Inputs: The structure and number of inputs for the management review have
been amended. Additional inputs have been included, and a number of inputs
grouped under a general input of information on the performance &
effectiveness of the FSMS.
Management Review should be about site management looking for trends (in
such functions as customer satisfaction, internal/external audits, internal/external
corrective action, etc.) NOT just a listing.
Did actions to address risks and opportunities (from section 6) achieve intended
results? If they did, how was it documented in MR minutes? If they did not, how
were actions updated and revised?
10.0 IMPROVEMENT
10.1 NON CONFORMITY AND CORRECTIVE
ACTION
2005 Reference: New section
What Opportunities for Improvement are site management working on? These
should come from Management Review inputs and outputs, including actions to
address risk, plans to achieve objectives, and/or address customer feedback.
10.3 UPDATE OF THE FSMS
Did these Continual Improvements achieve the intended result(s)? If so, how did
site management update the FSMS (focus on section 9.1, 9.3)? If not, how has
management adjusted their planning (section 6)?
QUESTIONS?
QUIZ TIME!