ISO 22000 defines the overall guidelines for helping food and beverage manufacturers implement a Food Safety Management System (FSMS). But with so much confusing terminology within the standard, many organizations were unsure whether they were implementing the FSMS correctly.
Now, the international standards body is providing additional guidance to help food safety professionals better understand how to implement ISO 22000 in their organizations. While the new standard doesn’t create any new requirements, it does aim to clear up some potentially confusing terms.
What makes ISO 22000 different from other FSMSs is the fact that it has an extra layer of hazard control. While most FSMSs call for prerequisite programs (PRPs) and critical control points (CCPs), ISO 22000 requires a third layer of hazard control, operation prerequisite programs (OPRPs).
Confused yet? You’re not alone.
Enter ISO 22004, designed as a companion guide to ISO 22000 to help food safety professionals meet global best practices expected by customers and partners. The goal is clear up the confusion between PRPs, OPRPs and CCPs, helping food safety professionals accurately categorize various controls used in the FSMS and ensure critical measures are in place.
PRPs are those controls that are the most basic, like washing hands, maintaining a clean processing area or even pest control. In contrast, CCPs are measures that are most crucial to reducing hazards in processing, such as a cooking step that eliminates bacteria. Finally, an OPRP is an intermediary safety measure, such as cold storage. That is, an OPRP isn’t a general procedure, but it also doesn’t require establishing critical limits for the control that must be monitored.
To understand the difference between a CCP and an OPRP, consider them in terms of the consequences of failure. If your cooler goes down, you’ll likely catch it immediately and complete a corrective action before it affects too much product. On the other hand, if a crucial cooking step doesn’t eliminate pathogens, it may not be caught, with potentially greater consequences.
The Role of Technology
By now you’re probably wondering, do I need to purchase this new standard if it doesn’t, in fact, contain any new requirements? The short answer? Not necessarily.
That’s because food safety management software is capable of taking companies through every step of ISO 22000 compliance, providing enhanced guidance that actually reduces uncertainty (not so for wading through standards documents). This type of system should come with a full suite of technology-based tools to streamline the process. Let’s take a look at a few:
Risk-based technology tools such as Risk Assessment and Decision Trees help guide users through hazard analysis and critical control points (HACCP). This simplifies the process of quantifying risk, categorizing different types of controls and determining which hazards require a CCP.
Document Control creates a revision-controlled environment for capturing pertinent information, including process steps, critical limits, monitoring protocols and any associated corrective actions. Related records can be automatically linked, and any changes made are automatically propagated throughout all relevant documents.
Corrective and Preventive Action (CAPA) to automate corrective actions from start to finish, including review, root cause analysis, corrective action taken and verification. Risk assessment tools also allow food safety professionals to prioritize corrective actions to ensure high-risk items are handled first.
Audits and Surveys automate the process of auditing the HACCP plan, with pre-set question checklists as well as the flexibility to create custom lists from a library of questions.
Legislative & Regulatory Requirements to help organizations identify, track and comply with ISO 22000 requirements.
The bottom line? If you’re looking for a deeper understanding of ISO 22000 terms and processes, then it might make sense to get the new documentation in ISO 22004. But if your goal is to actually achieve ISO 22000 compliance, you need more than just another standards document. You need a system—one that’s capable of automating the entire process, from HACCP to document control, monitoring, audits and the full life cycle of CAPA identification and tracking.