This term refers
to the level of a food safety hazard. An acceptable
safety hazard level is the level that end products
must not exceed. Organizations must consider customer,
statutory, and regulatory requirements when acceptable
safety hazard levels are specified.
They must also use control measures, critical limits, and
criteria to ensure that these levels aren’t exceeded.
criteria are measurable or observable specifications
defined in order to determine whether or not operational
prerequisite programmes (OPRPs) are in control and still
operating as intended.
The term animal
food refers to both single and multiple products
that are fed to non-food-producing animals (such as pets)
be raw, processed, or semi-processed.
An audit is an evidence gathering process.
Evidence is used to evaluate
how well audit criteria are being met. Audits must be
and independent, and the audit process must be both
documented. Audits can be either internal or external.
Internal audits are referred to as first-party audits
while external audits
can be either second or third party. They can also be
(when two or more management of different disciplines are
together at the same time).
Audit evidence includes records, factual statements,
and other verifiable
information that is related to the audit criteria being
used. Audit criteria may
be thought of as a reference point and include policies,
other forms of documented information. They are compared
evidence to determine how well they are being met. Audit
used to determine how well policies are being implemented
how well requirements are being followed.
For more information about auditing, see our ISO 19011
Auditing Guide at https://www.praxiom.com/19011.htm
Competence means being able to apply
knowledge and skill to
achieve intended results. Being competent means
knowledge and skill that you need and knowing how to apply
it. Being competent means that you’re qualified to do the
To conform means to meet a requirement. Since
there are many
kinds of requirements, conformity can take many forms. You
conform (or comply) with mandatory requirements like laws
regulations or with voluntary requirements such as
agreements, codes, and standards.
In the context of food safety management systems, you
(or comply) with (or to) the ISO 22000 requirements (or
to any additional food safety management requirements (or
that your organization establishes for itself.
A contaminant is a polluting or poisonous
substance that makes
something impure and contamination
refers to the occurrence of a
contaminant in a product or processing environment or the
of a contaminant into a product or processing environment.
An organization’s context is its business
environment. It includes
all of the internal and external factors and conditions that
products and services, have an influence on its FSMS, and
relevant to its purpose and strategic direction.
An organization’s external context includes
all of the needs and
expectations of interested
parties, as well as its social, cultural,
legal, technological, regulatory, and competitive environment.
An organization’s internal context includes
its values, culture,
knowledge, and performance.
In the context of this FSMS standard, continual
improvement is a
set of recurring activities that organizations use to
enhance their safety performance. Continual improvements can
be achieved by carrying out audits, self-assessments, and
management reviews. They can also be
realized by collecting data, analyzing information, setting
and taking corrective actions.
Control measures are actions or activities
that are used to manage
significant food safety hazards. Control measures must be
preventing or eliminating hazards or reducing them to
is any action that is taken to eliminate a nonconformity.
In the context of ISO 22000, a correction is any
action that is taken to deal specifically with potentially unsafe
products (nonconforming products).
may include the following types of actions: reprocessing
or further processing of potentially unsafe products,
to a different use, or simply destroying them.
Corrective actions are steps that
are taken to eliminate the causes of
existing nonconformities in order to prevent recurrence. The
action process tries to make sure that existing
incidents don’t happen again.
A critical control point (CCP) is the point
(or step) at which a control
measure must be applied. It is a point that is critical or
essential to safety.
It is the point where a control measure can be used to
prevent or eliminate
a food safety hazard or to reduce it to an acceptable level.
A critical limit is a criterion or boundary
that is used to distinguish
between what is acceptable (safe) and what is unacceptable
A critical limit is a value of a parameter or variable.
Critical limits or
values are used to ensure that a process produces safe
When critical limits are violated or exceeded,
products are deemed to be
potentially unsafe. Critical limits are established at
critical control points
(CCPs). They are used to determine whether or not a CCP is
control. Whenever critical limits are violated or exceeded,
out of control and the associated products are considered to
The term documented
information refers to information that
must be controlled and maintained
and its supporting medium.
Documented information can be in any format and on any
and can come from any source.
Documented information includes information
about the management
system and related processes. It also includes all the
organizations need to operate and all the information that
to document the results that they achieve (aka records).
Effectiveness refers to the degree to which
a planned effect is achieved.
Planned activities are effective if these activities are
actually carried out
and planned results are effective if these results are
An end product is a finished product. It
requires no further processing
or transformation. However, an end product for one
be an ingredient or raw material for another (customer)
The term feed refers to both single and
multiple products that are fed to
food-producing animals and can be raw, processed, or
A flow diagram is a schematic representation
of a series of steps.
It shows how steps are sequentially arranged and specifies
interact. Flow diagrams usually consist of boxes and ovals
connected with lines or arrows.
The term food refers to raw, processed, or
and ingredients that are intended for consumption by humans
It also includes any substance or ingredient that is used in
preparation, or treatment of food. It does not, however,
or tobacco; nor does it include substances and ingredients
used only as drugs.
The food chain consists of the entire
sequence of stages and operations
involved in the creation and consumption of food products.
every step from initial production to final consumption. It
production, processing, distribution, storage, and handling
food and food ingredients.
The food chain also includes organizations
that do not directly handle food.
These include organizations that produce feed for animals
that produce food
and organizations that produce feed for animals that will be
used as food. It
also includes organizations that produce materials that will
come into contact with food or food ingredients.
Food contact materials are objects that come
into contact with food,
such as bottles, cans, cartons, knives, forks, cups, and
Food defense refers to the protection of food
products and ingredients
from intentional contamination or adulteration by
physical, or radiological agents.
Food fraud is the intentional
misrepresentation or adulteration
of food products or ingredients for economic gain.
The basic food safety concept is this: food
will not cause adverse health
effects so long as intended use guidelines are followed when
it is prepared or
eaten. Conversely, food is potentially harmful whenever it
has been exposed
to hazardous agents and intended use guidelines have not
A food safety hazard is an agent or condition
that could potentially
cause an adverse human health effect. Agents can be either
chemical, or physical, and can be either in or on food.
Plus, the condition
of the food itself could be hazardous. Food safety hazards
can also be
found in or on animal feed and feed ingredients. Since these
transferred to food through the consumption of animal
they can also cause adverse human health effects.
Organizations that do not directly handle food and
feed may also
compromise food safety. These include producers of packaging
cleaning agents, and other products that come into contact
with food or feed.
If such products have been exposed to hazardous agents and
they come into
contact with food or feed, adverse human health effects can
A food safety hazard analysis is done in
order to determine which hazards
need to be controlled, how much control is needed, and which
of control measures should be used in order to make sure
that food is safe.
In the context of ISO 22000, a food safety hazard analysis
is carried out
in the following way:
1. Identify your organization’s
food safety hazards.
2. Pinpoint where each hazard may be
3. Specify acceptable hazard levels for
4. Assess each hazard and decide how to
5. Select control measures to control your
6. Use OPRPs and CCPs to manage your
safety management system (FSMS)
is one part of a larger
management system and is a set of interrelated or
that organizations use to meet their food safety
to address their food safety hazards, and to manage their
food safety risks
and opportunities. These elements include programs,
procedures, practices, plans, rules, roles,
responsibilities, relationships, contracts, agreements,
documents, records, methods, techniques, technologies, and
NOTE: In spite of the fact that it is all about establishing
a food safety
management system, ISO 22000 does not formally define this
As a result, we’ve given it a try.
An interested party
is any person, group, or organization who can affect,
be affected by, or believe that they are affected by a
decision or activity. In
the context of this ISO 22000 standard, an interested party
is anyone who
can affect, be affected by, or believe that they are
affected by the food
safety performance of an organization.
A lot (or batch) is a defined quantity of a
specific product that is produced,
processed, or packaged under essentially the same basic
The purpose of a management review is to
evaluate the overall performance
of an organization's food safety management system (FSMS)
and to identify
improvement opportunities. Management reviews are carried
out by the
organization's top managers and are done regularly.
A management system is a set of
interrelated or interacting elements
that organizations use to formulate policies and objectives
establish the processes that
are needed to ensure that policies
followed and objectives are achieved. These
structures, programs, procedures, practices,
plans, rules, roles,
responsibilities, relationships, contracts, agreements, documents,
records, methods, tools, techniques, technologies, and
There are many types of management systems.
Some of these include
quality management systems,
financial management systems,
information security management
management systems, disaster management systems, food safety
management systems, and health and safety management
The scope or focus of a management system
could be restricted to
a specific function or section of an organization or it
the entire organization. It could even include a function
across several organizations.
Measurement is a process that is used to
a value. In most cases this value will be a quantity.
To monitor means to determine the status of
an activity, process,
or system at different stages or at different times. In
order to determine
status, you need to supervise and to continually check and
observe the activity, process, or system that is being
Nonconformity is a nonfulfillment or failure
to meet a requirement.
A requirement is a need, expectation, or obligation. It can
or implied by an organization or interested parties.
An objective is a result you intend to
achieve. Objectives can be
strategic, tactical, or operational and can apply to an
as a whole or to a system, process, project, product, or
Objectives may also be referred to as targets, aims, goals,
or intended outcomes.
Operational prerequisite programs (OPRPs) are
control measures or
combinations of control measures that are used to control
food safety hazards.
OPRPs, observations, measurements, and action
criteria are used to
prevent food safety hazards or to reduce the
likelihood that products
will be exposed to such hazards, that they will be
contaminated, and that hazards will proliferate. They are
also used to reduce the likelihood that the processing
environment will be exposed to significant hazards,
that it will
be contaminated, and that such hazards will proliferate in
An organization can be a single person or a
group that achieves its
objectives by using its own
functions, responsibilities, authorities,
and relationships. It can be a company, corporation,
partnership, charity, association,
or institution and can be
incorporated or unincorporated
and be either privately or
owned. It can also be an operating unit that is part of a
When an organization makes an arrangement
with an outside
organization to perform part of a function or process,
it is referred
to as outsourcing. To outsource means to
ask an external organization
to perform part of a function or process normally done
an outsourced organization is beyond the scope of your FSMS,
outsourced process or function itself falls within your
According to ISO, the term performance
refers to a measurable result.
It refers to the measurable results
that activities, processes, products,
services, systems and organizations are able to achieve.
perform well it means
that acceptable results are being achieved and
whenever they perform poorly, unacceptable results
A policy is a general commitment, direction, or intention and is
formally stated by top management. A quality policy
express top management's commitment to the implementation
improvement of its quality management system and should
managers to set quality objectives.
Prerequisite programs (PRPs) are the
conditions that must be established
throughout the food chain and the
activities and practices that must be
performed in order to ensure that food products are safe.
PRPs must be
suitable and be capable of producing safe end products and
food that is safe for human consumption.
In order to select the most suitable PRPs,
organizations must consider
their type of organization and their own unique
circumstances, as well
as the capabilities of their suppliers and service
providers. They must
also consider customer needs and expectations; they must
statutory and regulatory requirements; they must consider
practices in their segment of the food chain; and they must
consider all relevant standards and guidelines.
A procedure is a way of carrying out a
process or an activity.
Procedures may or may not be formally documented.
A process is a set of activities that are
interrelated or that interact
with one another. Processes
use resources to transform inputs
into outputs. Processes are interconnected because the
from one process often becomes the input for another
While processes usually transform inputs
into outputs, this
is not always the case. Sometimes inputs become outputs
should be planned and carried
out under controlled conditions. An effective process is one
that realizes planned activities and achieves planned
A product is a tangible or intangible output
that is the result of a process. Products can be either
tangible or intangible (a service can be a product).
A requirement is a need, expectation, or
obligation. It can be stated or
implied by an organization, its customers,
or other interested parties.
A specified requirement is one that has been stated (in a
example), whereas an implied requirement is a need,
obligation that is common practice or customary.
There are many types of requirements. Some of these
requirements, safety requirements,
safety management requirements,
management requirements, product requirements, service
contractual requirements, statutory requirements, and
ISO 22000 2018 (3.39) defines risk as the “effect
of uncertainty”. This
rather enigmatic definition is a shorted variation of the
version found in the ISO 31000 risk management standard
risk as the “effect of uncertainty on objectives”.
ISO 31000 goes on to say
that an effect is a positive or negative deviation from what
This definition recognizes that all of us operate in
an uncertain world.
There’s always the chance that things will not go according
Every step has an element of risk that needs to be managed
every outcome is uncertain.
While the official definition thinks of risk as
the “effect of uncertainty”,
a note to this ISO 22000 definition actually seems to reject
it. It says that
“Food safety risk is a function of the probability of an
adverse health effect
and the severity of that effect, consequential to (a)
hazard(s) in food”. This
more traditional definition starts with a “hazard in food”
and then asks:
what is the probability that this hazard will cause an
effect and how severe would this effect be?
While ISO 31000 defines risk in a new and unusual
way, the two definitions
are largely compatible. Both definitions talk about the same
from two different perspectives. ISO 31000 provides a
of risk while the more traditional ISO 22000 formulation
general definition: it explains how to quantify risk. It
argues that the amount
or level of risk can be calculated by combining probability
For more on risk management, please see: https://www.praxiom.com/31000.htm
Risk assessment is a process that is made up
of three separate
processes: risk identification, risk analysis, and risk
identification is a process that is used to find,
recognize, and describe
the risks that could affect the achievement of objectives. Risk
is a process that is used to understand the nature, sources,
of the risks that you have identified and to estimate the
level of risk. It
is also used to study impacts and consequences and to
controls that exist. Risk evaluation is a process
that is used to
compare risk analysis results with risk criteria in order to
determine whether or not a specified level of risk is
acceptable or tolerable.
Risk criteria are terms of reference and are
used to evaluate the
significance or importance of your organization’s risks.
used to determine whether a specified level of risk is
or tolerable. Risk criteria should reflect your
policies, and objectives, should be based on its external
context, should consider the views of stakeholders, and
derived from standards, laws, policies, and other
A food safety hazard is an agent or condition
that could potentially
cause an adverse health effect. A food safety hazard is
to be significant when a hazard assessment has
control measures need to be applied.
The term top management normally refers to
the people at
the top of an organization. It refers to the people who
resources and delegate authority and who coordinate, direct,
and control organizations.
However, if the scope of a management system covers
of an organization, then the term top management
to the people who direct and control that part of the
Traceability is the ability to identify and
trace the history, movement,
location, and application of objects. A traceability
system records and
follows the trail as objects come from their source and on
production, processing, and final distribution.
An update is an immediate or planned activity.
Its purpose is
to ensure that the most recent information is being applied.
Validation is a process that is used to
ensure that food safety control
measures are capable of controlling significant food safety
The validation process uses evidence to determine
control measures are actually effective.
is a process that uses objective evidence to confirm
specified requirements have been met.