Embed Size (px)
Citation preview
1
TA54 (V1)
ISO2200O0:2018 Description of change from 2005 to 2018 version ISO 22000:2005 clause references
- Introduction
0.1 General The benefits to an organisation of implementing a FSMS were included in this section. It further gives an overview of the process approach, PDCA cycle and risk-based thinking. It clarifies verbs (shall, should, may, can) used in the Standard.
-
0.2 Food safety management system principles This section is new to ISO22000 (previously used in ISO9001). -
0.3 Process approach See sub-sections. -
0.3.1 General The process approach is now illustrated with a new model that includes clauses 4 – 10 (previously clauses 4 – 8). -
0.3.2 PDCA-cycle PDCA-cycle now illustrated with a new model that includes clauses 4 – 7 and clauses 9 - 10 (previously clauses 4 – 8). The diagram illustrates the PDCA-cycle of the overall FSMS and at operational level.
-
0.3.3 Risk-based thinking Completely new requirement. This requirement acknowledges two levels of risk – organisational risk and operational risk. -
0.4 Relationship with other management system
standards
This section references other Standards that can be used in relation to ISO22000, with specific reference to the Technical Specifications. -
1 Scope
1 Scope No major changes 1
2 Normative references
2 Normative references The standard previously referenced the use of ISO9000:2000 as a normative reference for definitions. There are currently no normative references stated, as all the relevant definitions have been included in clause 3.
2
3 Terms & definitions
3 Terms & definitions This previous clause 3 included 17 definitions. It now includes 45 definitions. 3
Summary of the main changes between ISO 22000:2005 and ISO 22000:2018
2
TA54 (V1)
ISO2200O0:2018 Description of change from 2005 to 2018 version ISO 22000:2005 clause references
4 Context of the organisation
4.1 Understanding the organisation and its context
New requirement. It is required that the organisation determines external and internal issues that are relevant to
its purpose and that could affect its ability to achieve the intended result(s) of its FSMS. Information about these external and internal issues must be identified, reviewed and updated.
Issues to be considered includes legal, technological, competitive, market, cultural, social, economic environments, cybersecurity and food fraud, food defence & intentional contamination, knowledge & performance of the organisation, whether international, national, regional or local.
New
4.2 Understanding the needs & expectations of interested
parties
New requirement. Due to their effect on the organisation’s ability to consistently provide products & services that
meet customer & applicable statutory & regulatory requirements, the organisation must determine:
o The interested parties that are relevant to the FSMS o The requirements of these interested parties that are relevant to the FSMS.
It is required that the organisation identifies, reviews and updates information about these interested parties and their relevant requirements.
New
4.3 Determining the scope of the
food safety management system
Amended requirement. The company must determine the boundaries and applicability of the FSMS to establish its scope
and consider: o External and internal issues referred to in 4.1 o Requirements of relevant interested parties referred to in 4.2
The scope previously required companies to specify products, product categories, processes and production sites. It now requires identification of activities, processes, products or services that can have an influence on the food safety of its end products.
4.1
4.4 Food safety management system No major changes. 4.1
5 Leadership
5.1 Leadership & commitment
The previous “Management” requirement has been replaced by “Leadership” and previous “Management commitment” requirement has been replaced by “Leadership & commitment”.
Objectives must be compatible with the strategic direction of the organisation In addition to other commitments previously stated, also:
o Ensure integration of the FSMS into the organisation’s business processes o Directing & supporting persons to contribute to the effectiveness of the FSMS o Promoting continual improvement o Supporting other relevant management roles to demonstrate their food safety
leadership as it applies to their areas of responsibility
5.1
3
TA54 (V1)
ISO2200O0:2018 Description of change from 2005 to 2018 version ISO 22000:2005 clause references
5 Leadership (continued)
5.2 Food safety Policy See below. 5.2
5.2.1 Establishing the food safety policy
In addition to previously stated requirements of the policy, it is further required that the policy Provides a framework for setting and reviewing objectives of the FSMS. Includes a commitment to continual improvement of the FSMS. Addresses the need to ensure competences related to food safety.
5.2
5.2.2 Communicating the food safety policy It is now required that the policy must be available to relevant interested parties as appropriate. 5.2
5.3 Organisational roles, responsibilities & authorities
It is now required that responsibilities and authorities must be assigned, communicated and understood within the organisation for:
o Ensuring that the FSMS conforms to the requirements of ISO22000 (these are not by default assigned only to the Food safety team leader).
o Reporting on the performance of the FSMS to top management o Appointing the FS team and FS team leader.
There are no major changes to the responsibilities of the food safety team leader.
5.4 & 5.5
6 Planning
6.1 Actions to address risks & opportunities
This clause requires determination of risks and opportunities that need to be addressed that will Give assurance that the FSMS can achieve its intended results Enhance desirable results Prevent or reduce undesired effects Achieve improvement. It further requires that planning shall be performed to address risks and opportunities and determine how to integrate and implement the actions into its FSMS and evaluate the effectiveness of these actions. Actions taken to address risks and opportunities must be proportionate to The impact on food safety requirements Conformity of food products & services to customers and Requirements of interested parties in the food chain.
4.1, majority is new
4
TA54 (V1)
ISO2200O0:2018 Description of change from 2005 to 2018 version ISO 22000:2005 clause references
6 Planning (continued)
6.2 Objectives of the food safety
management system and planning to achieve them
In addition to the previous requirements, it is further required that food safety objectives be monitored, communicated, maintained and updated as appropriate.
Furthermore, in addition when planning how to achieve its food safety objectives, the organisation must determine:
o What will be done o What resources will be required o Who will be responsible o When it will be completed o How the results will be evaluated.
5.2
6.3 Planning of changes
This requirement was expanded to ensure that the organisation consider: The purpose of the changes and their potential consequences. The continued integrity of the FSMS The availability of resources to effectively implement the changes. The allocation or reallocation of responsibilities & authorities.
5.3
7 Support
7.1 Resources See below. -
7.1.1 General The standard now requires that the organisation must consider the capabilities of, and constraints on existing internal resources and what needs to be obtained from external providers. 6.1
7.1.2 People Prior to the requirement of training, competence and awareness, it is required that the organisation provides competent persons for the operation and maintenance of the FSMS. 6.2.1
7.1.3 Infrastructure No major changes. A note was added to provide examples of infrastructure. 6.3
7.1.4 Work environment No major changes. A note was added to provide examples of work environment. 6.4
7.1.5 Externally developed
elements of the food safety management system
New requirement. When the FSMS is implemented by using externally developed elements, it must be ensured that these are developed in conformance with the requirements of the Standard, applicable to the sites, processes and products of the organisation, specifically adapted to the processes and products of the organisation by the food safety team, implemented, maintained and updated as required and retained as documented information.
New
7.1.6 Control of externally
provided processes, products or services
The requirement for “control of outsourced processes” and that in PRP previously defined as “management of purchased materials” are now defined to include criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers. It further requires that externally provided processes, products and services do not adversely affect the organisation’s ability to consistently meet requirements of its FSMS. Adequate communication of requirements to external providers are required.
4.1 & 7.2.3 f
5
TA54 (V1)
ISO2200O0:2018 Description of change from 2005 to 2018 version ISO 22000:2005 clause references
7 Support (continued)
7.2 Competence
This requirement was revised to not only determine competence of personnel whose activities have an impact on food safety, but to determine competence requirements of persons, including external providers doing work under its control that affects the performance and effectiveness of the FSMS. It incorporates the requirements of the food safety team to be competent and multi-disciplinary as previously stated in clause 7.3.2.
6.2.2 & 7.3.2
7.3 Awareness
In addition to the requirement of ensuring that its personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the food safety objectives, it is now required that they are aware of the implications of not conforming with the FSMS requirements and of the benefits of improved food safety performance.
This requirement is furthermore not only for personnel, but for persons doing work under the organisation’s control.
6.2.2
7.4 Communication
The “communication” requirement was now expanded to include explicit requirements: On what it will communicate When to communicate With whom to communicate How to communicate Who communicates.
New
7.4.1 General See below. 5.6
7.4.2 External communication No major changes. 5.6.1
7.4.3 Internal communication No major changes. 5.6.2
7.5 Documented information Documentation, documents & records are now collectively referred to as documented information. -
7.5.1 General Apart from documented information required by ISO22000 and the organisation, it further requires that documentation information required by statutory and regulatory authorities and customers are included.
4.2.1
7.5.2 Creating & updating
This requirement includes detail about information required when creating and updating documented information: Identification & description (e.g. a title, date, author or reference number) Format (e.g. language, software version, graphics) and media (e.g. paper, electronic).
4.2.2
7.5.3 Control of documented information
Document and record control is now called “control of documented information”. This requirement now explicitly includes preventing loss of confidentiality, improper use or loss
of integrity. 4.2.2 & 4.2.3
6
TA54 (V1)
ISO2200O0:2018 Description of change from 2005 to 2018 version ISO 22000:2005 clause references
8 Operation
8.1 Operational planning & control
New requirement. The organisation shall plan, implement, control, maintain and update the processes needed to
meet the requirements for the realisation of safe products, and to implement the actions determined in clause 6.1 by:
o Establishing criteria for the processes o Implementing control of the processes in accordance with the criteria o Keeping documented information to have confidence to demonstrate that processes
have been carried out as planned.
The organisation shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.
The organisation shall ensure that outsourced processes are controlled.
4.1, 5.3 & 7.1
8.2 Prerequisite programmes (PRPs)
PRPs shall be established to control the likelihood, not only of food safety hazards, but also contaminants.
This clause now references in addition to other sources of information that should be consulted during PRP establishment, also the relevant Technical Specification in the ISO/TS 22002 series.
Product information/consumer awareness was included in the list of PRPs.
7.2
8.3 Traceability system The requirement now includes traceability for reworking of materials/products. It further requires a mass balance during verification exercises as evidence of effectiveness of
the traceability system. 7.9
8.4.1 Emergency preparedness & response - general No changes – more detail in the new requirement 8.4.2 5.7
8.4.2 Handling of emergencies and incidents
This requirement was expanded. It requires that the organisation must respond to actual emergency situations and accidents
by: o Complying with statutory and regulatory requirements o Communicate internally o Communicate externally o Take action to reduce the consequences of the emergency situation, appropriate to the
magnitude of the emergency or incident and potential food safety impact It requires periodic testing of procedures where practical It requires a review and possible revision of the procedure, especially after occurrence of an
incident or emergency situation. It provides in the “note” section examples of emergency situations.
5.7
7
TA54 (V1)
ISO2200O0:2018 Description of change from 2005 to 2018 version ISO 22000:2005 clause references
8 Operation (continued)
8.5 Hazard control See below. 7.4
8.5.1.1 Preliminary steps to enable hazard analysis - general
The standard requires that the organisation collect, maintains and updates information to carry out hazard analysis which includes customer, statutory and regulatory requirements, information related to the company’s products, processes and equipment and food safety hazards relevant to the food safety management system.
7.3
8.5.1.2 Characteristics of raw
materials, ingredients & product contact materials
Source (animal, mineral or vegetable) must now be included. 7.3.3.1
8.5.1.3 Characteristics of end products No changes. 7.3.3.2
8.5.1.4 Intended use No changes. 7.3.4
8.5.1.5 Flow diagrams & description of processes
A layout of the premises including food and non-food handling areas must be prepared. A description of process equipment is required. The flow diagram must include where processing, aids, packaging materials and utilities enter
the flow. Variations resulting from expected seasonal changes or shift patterns must be described.
7.3.5.1 & 7.3.5.2
8.5.2 Hazard analysis No major changes. 7.4
8.5.2.1 General No major changes. 7.4.1
8.5.2.2 Hazard identification &
determination of acceptable levels
When identifying hazards, in addition to previously stated sources of information, those related to statutory, regulatory and customer requirements must be included. 7.4.2
8.5.2.3 Hazard assessment No changes. 7.4.3
8.5.2.4 Selection & categorisation of control measures
The categorisation must consider 8 aspects and not 7 as previously required. Some criteria for categorisation was amended. 7.4.4
8.5.3 Validation of control
measure(s) and combinations of control measures
It is now required that the organisation must retain the validation methodology and evidence of capability of the control measures to achieve the intended results as documented information. 8.2
8.5.4 Hazard control plan (HACCP/OPRP Plan) The hazard control plan now includes the controls related to both OPRPs and CCPs. 7.5 & 7.6.1
8.5.4.1 General For each OPRP, action criteria must be established and defined. 7.5 & 7.6.1
8.5.4.2 Determination of critical limits & action criteria Action criteria must be measurable or observable. 7.6.3
8
TA54 (V1)
ISO2200O0:2018 Description of change from 2005 to 2018 version ISO 22000:2005 clause references
8 Operation (continued)
8.5.4.3 Monitoring systems at CCPs & for OPRPs
No major changes, except that the OPRP monitoring system is now similar to that of CCP monitoring.
More details on the choice of method and frequency of monitoring to enable timely detection and actions to be taken in case of failure is provided.
7.5, 7.6.1 & 7.6.4
8.5.4.4 Actions when critical limits or action criteria are not met
No major changes, except that these actions be taken not only when critical limits for CCPs have been exceeded, but also when action criteria related to OPRPs have not been met. 7.5, 7.6.1 & 7.6.5
8.5.4.5 Implementation of the hazard control plan No major changes. 7.1
8.6 Updating the information specifying the PRPs & the
hazard control plan No major changes. 7.7
8.7 Control of monitoring & measuring
Monitoring and measuring activities now include those related to PRPs, OPRPs and CCPs, not only OPRPs and CCPs as before.
Whenever there are any changes, including software configuration or modifications to commercial off-the-shelf software, they shall be authorised, documented and validated before implementation.
8.3
8.8 Verification related to PRPs and the hazard control plan See below. 7.8
8.8.1 Verification
In addition to the previous requirement that verification planning must be defined to ensure that PRPs are implemented, it must now ensure that PRPs are effective.
A further requirement has been included that verification activities may not be carried out by the person responsible for monitoring the activity or control measure.
7.8
8.8.2 & 9.1.2
Analysis of results of verification activities No major changes. 8.4.2
8.9 Control of product & process non-conformities See below. 7.10
8.9.1 General No major changes. 7.10.1
8.9.2 Corrections No major changes. 7.10.3.1
8.9.3 Corrective actions This clause now requires that apart from only reviewing non-conformities and customer complaints, regulatory inspection reports and consumer complaints must also be included in the review. 7.10.2
8.9.4 Handling of potentially unsafe products See below 7.10.3
8.9.4.1 General It requires that controls and related responses from relevant interested parties and authorisation for dealing with potentially unsafe products must be retained as documented information. 7.10.3.1
9
TA54 (V1)
ISO2200O0:2018 Description of change from 2005 to 2018 version ISO 22000:2005 clause references
8 Operation (continued)
8.9.4.2 Evaluation for release No changes. 7.10.3.2
8.9.4.3 Disposition of non-conforming products
Disposition of non-conforming products could, in addition to re-processing or destruction also be redirected for other use if food safety in the food chain is not affected. 7.10.3.3
8.9.5 Withdrawal/Recall This clause was previously known as “withdrawals” but is now called “withdrawal/recall”. 7.10.4
9 Performance evaluation of the food safety management system
9.1 Monitoring, measurement, analysis & evaluation See below. 8
9.1.1 General
The Standard now requires the organisation to determine What needs to be monitored & measured The methods for monitoring, measurement, analysis & evaluation to ensure valid results When monitoring and measuring shall be performed When the results of monitoring & measurement shall be analysed & evaluated. Who shall analyse and evaluate the results from monitoring and measurements. The performance and effectiveness of the FSMS must be evaluated.
New
9.1.2 Analysis & evaluation No major changes. 8.4.3
9.2 Internal audit
It is required that results of the audits be reported to the food safety team and relevant management.
The organisation shall further determine if the FSMS meets the intent of the food safety policy and objectives of the FSMS.
8.4.1
9.3 Management review See below. 5.8
9.3.1 General No major changes. 5.8.1
9.3.2 Management review input
Additional (new) inputs are: Changes in external and internal issues that are relevant to the FSMS including changes in the
organisation and its context Information on the performance and effectiveness of the FSMS, including trends in
o Non-conformities and corrective actions o Performance of external providers o Review of risks and opportunities and of the effectiveness of actions taken to address
them and o Extent to which objectives of the FSMS have been met
Adequacy of resources Opportunities for continual improvement.
5.8.2
10
TA54 (V1)
ISO2200O0:2018 Description of change from 2005 to 2018 version ISO 22000:2005 clause references
9 Performance evaluation of the food safety management system (continued)
9.3.3 Management review output No major changes. 5.8.3
10 Improvement
10.1 Non-conformity and corrective action No major changes. 7.10.3.1 & 7.10.2
10.2 Update of the food safety management system No major changes. 8.5.1
10.3 Continual improvement No major changes. 8.5.2
