ISO 22000 2018 Food Safety Management          Definitions in Plain English

We’ve translated ISO 22000 2018 food safety management definitions
into Plain English in order to make them easier to understand.

Acceptable level - Action criteria - Animal food - Audit - Competence
Conformity - Contamination - Context - Continual improvement - Control
Correction  Corrective action  -  Critical control point  Critical limit
Documented information - Effectiveness - End product - Feed - Flow diagram - Food
Food chain - Food contact materials - Food defense - Food fraud - Food safety
Food safety hazard - Food safety hazard analysis - Food safety management system
Interested party - Lot - Management review - Management system - Measurement
- Nonconformity - Objective - Operational prerequisite programme
Organization - Outsource - Performance - Policy - Prerequisite programme
Procedure - Process - Product - Requirement - Risk - Risk assessment
Risk criteria
- Significant food safety hazard - Top management
Traceability - Update - Validation - Verification

Service Management - Auditing - Information Security - Risk Management
Business Continuity Supply Chain Security -    Health and Safety Management

Acceptable level

This term refers to the level of a food safety hazard. An acceptable
safety hazard level
is the level that end products must not exceed. Organizations must consider customer, statutory, and regulatory requirements when acceptable safety hazard levels are specified.
They must also use control measures, critical limits, and action
criteria to ensure that these levels aren’t exceeded.

Action criterion

Action criteria are measurable or observable specifications that are
defined in order to determine whether or not operational prerequisite programmes (OPRPs) are in control and still operating as intended.

Animal food

The term animal food refers to both single and multiple products
that are fed to non-food-producing animals (such as pets) and can
be raw, processed, or semi-processed.


An audit is an evidence gathering process. Evidence is used to evaluate
how well audit criteria are being met. Audits must be objective, impartial,
and independent, and the audit process must be both systematic and
documented. Audits can be either internal or external.

Internal audits are referred to as first-party audits while external audits
can be either second or third party. They can also be combined audits
(when two or more management of different disciplines are audited
together at the same time).

Audit evidence includes records, factual statements, and other verifiable
information that is related to the audit criteria being used. Audit criteria may
be thought of as a reference point and include policies, requirements, and
other forms of documented information. They are compared against audit
evidence to determine how well they are being met. Audit evidence is
used to determine how well policies are being implemented and
how well requirements are being followed.

For more information about auditing, see our ISO 19011
Auditing Guide at


Competence means being able to apply knowledge and skill to
achieve intended results. Being competent means having the
knowledge and skill that you need and knowing how to apply
it. Being competent means that you’re qualified to do the job


To conform means to meet a requirement. Since there are many
kinds of requirements, conformity can take many forms. You can
conform (or comply) with mandatory requirements like laws and
regulations or with voluntary requirements such as contracts,
agreements, codes, and standards.

In the context of food safety management systems, you can conform
(or comply) with (or to) the ISO 22000 requirements (or obligations) and
to any additional food safety management requirements (or obligations)
that your organization establishes for itself.


A contaminant is a polluting or poisonous substance that makes
something impure and contamination refers to the occurrence of a
contaminant in a product or processing environment or the introduction
of a contaminant into a product or processing environment.

Context of the organization

An organization’s context is its business environment. It includes
all of the internal and external factors and conditions that affect its
products and services, have an influence on its FSMS, and are
relevant to its purpose and strategic direction.

An organization’s external context includes all of the needs and
expectations of interested parties, as well as its social, cultural,
legal, technological, regulatory, and competitive environment.
An organization’s
internal context includes its values, culture,
knowledge, and performance.

Continual improvement

In the context of this FSMS standard, continual improvement is a
set of recurring activities that organizations use to enhance their safety performance. Continual improvements can be achieved by carrying out audits, self-assessments, and management reviews. They can also be
realized by collecting data, analyzing information, setting objectives,
and taking corrective actions.

Control measure

Control measures are actions or activities that are used to manage
significant food safety hazards. Control measures must be capable of
preventing or eliminating hazards or reducing them to acceptable levels.


A correction is any action that is taken to eliminate a nonconformity.
In the context of ISO 22000, a correction is any action that is taken to deal specifically with potentially
unsafe products (nonconforming products).
Corrections may include the following types of actions: reprocessing
or further processing of potentially unsafe products, assigning them
to a different use, or simply destroying them.

Corrective action

Corrective actions are steps that are taken to eliminate the causes of
existing nonconformities in order to prevent recurrence. The corrective
action process tries to make sure that existing nonconformities and
incidents don’t happen again.

Critical control point

A critical control point (CCP) is the point (or step) at which a control
measure must be applied. It is a point that is critical or essential to safety.
It is the point where a control measure can be used to prevent or eliminate
a food safety hazard or to reduce it to an acceptable level.

Critical limit

A critical limit is a criterion or boundary that is used to distinguish
between what is acceptable (safe) and what is unacceptable (unsafe).
A critical limit is a value of a parameter or variable. Critical limits or
values are used to ensure that a process produces safe products.

When critical limits are violated or exceeded, products are deemed to be
potentially unsafe. Critical limits are established at critical control points
(CCPs). They are used to determine whether or not a CCP is still under
control. Whenever critical limits are violated or exceeded, CCPs are
out of control and the associated products are considered to be
potentially unsafe.

Documented information

The term documented information refers to information that
must be controlled and maintained and its supporting medium.
Documented information can be in any format and on any medium
and can come from any source.

Documented information includes information about the management
system and related processes. It also includes all the information that
organizations need to operate and all the information that they use
to document the results that they achieve (aka records).


Effectiveness refers to the degree to which a planned effect is achieved.
Planned activities are effective if these activities are actually carried out
and planned results are effective if these results are actually achieved

End product (or end-product)

An end product is a finished product. It requires no further processing
or transformation. However, an end product for one organization could
be an ingredient or raw material for another (customer) organization.


The term feed refers to both single and multiple products that are fed to
food-producing animals and can be raw, processed, or semi-processed.

Flow diagram

A flow diagram is a schematic representation of a series of steps.
It shows how steps are sequentially arranged and specifies how they
interact. Flow diagrams usually consist of boxes and ovals (steps)
connected with lines or arrows.


The term food refers to raw, processed, or semi-processed substances
and ingredients that are intended for consumption by humans and animals.
It also includes any substance or ingredient that is used in the manufacture,
preparation, or treatment of food. It does not, however, include cosmetics
or tobacco; nor does it include substances and ingredients that are
used only as drugs.

Food chain

The food chain consists of the entire sequence of stages and operations
involved in the creation and consumption of food products. This includes
every step from initial production to final consumption. It includes the
production, processing, distribution, storage, and handling of all
food and food ingredients.

The food chain also includes organizations that do not directly handle food.
These include organizations that produce feed for animals that produce food
and organizations that produce feed for animals that will be used as food. It
also includes organizations that produce materials that will eventually
come into contact with food or food ingredients.

Food contact materials

Food contact materials are objects that come into contact with food,
such as bottles, cans, cartons, knives, forks, cups, and plates.

Food defense

Food defense refers to the protection of food products and ingredients
from intentional contamination or adulteration by biological, chemical,
physical, or radiological agents.

Food fraud

Food fraud is the intentional misrepresentation or adulteration
of food products or ingredients for economic gain.

Food safety

The basic food safety concept is this: food will not cause adverse health
effects so long as intended use guidelines are followed when it is prepared or
eaten. Conversely, food is potentially harmful whenever it has been exposed
to hazardous agents and intended use guidelines have not been followed.

Food safety hazard

A food safety hazard is an agent or condition that could potentially
cause an adverse human health effect. Agents can be either biological,
chemical, or physical, and can be either in or on food. Plus, the condition
of the food itself could be hazardous. Food safety hazards can also be
found in or on animal feed and feed ingredients. Since these may be
transferred to food through the consumption of animal products,
they can also cause adverse human health effects.

Organizations that do not directly handle food and feed may also
compromise food safety. These include producers of packaging materials,
cleaning agents, and other products that come into contact with food or feed.
If such products have been exposed to hazardous agents and they come into
contact with food or feed, adverse human health effects can occur.

Food safety hazard analysis

A food safety hazard analysis is done in order to determine which hazards
need to be controlled, how much control is needed, and which combination
of control measures should be used in order to make sure that food is safe.
In the context of ISO 22000, a food safety hazard analysis is carried out
in the following way:

1.    Identify your organization’s food safety hazards.
2.    Pinpoint where each hazard may be introduced.
3.    Specify acceptable hazard levels for each hazard.
4.    Assess each hazard and decide how to control it.
5.    Select control measures to control your hazards.
6.    Use OPRPs and CCPs to manage your hazards.

Food safety management system (FSMS)

A food safety management system (FSMS) is one part of a larger
management system and is a set of interrelated or interacting elements
that organizations use to meet their food safety compliance obligations,
to address their food safety hazards, and to manage their food safety risks
and opportunities. These elements include programs, procedures, practices,
plans, rules, roles, responsibilities, relationships, contracts, agreements, documents, records, methods, techniques, technologies, and resources.

NOTE: In spite of the fact that it is all about establishing a food safety
management system, ISO 22000 does not formally define this concept.
As a result, we’ve given it a try.

Interested party

An interested party is any person, group, or organization who can affect,
be affected by, or believe that they are affected by a decision or activity. In
the context of this ISO 22000 standard, an interested party is anyone who
can affect, be affected by, or believe that they are affected by the food
safety performance of an organization.


A lot (or batch) is a defined quantity of a specific product that is produced,
processed, or packaged under essentially the same basic conditions.

Management review

The purpose of a management review is to evaluate the overall performance
of an organization's food safety management system (FSMS) and to identify
improvement opportunities. Management reviews are carried out by the
organization's top managers and are done regularly.

Management system

A management system is a set of interrelated or interacting elements
that organizations use to formulate policies and objectives and to
establish the processes that are needed to ensure that policies are
followed and objectives are achieved. These elements include
structures, programs, procedures, practices, plans, rules, roles,
responsibilities, relationships, contracts, agreements, documents,
records, methods, tools, techniques, technologies, and resources.

There are many types of management systems. Some of these include
quality management systems, environmental management systems,
financial management systems, information security management
systems, business continuity management systems, emergency
management systems, disaster management systems, food safety
management systems, and health and safety management systems.

The scope or focus of a management system could be restricted to
a specific function or section of an organization or it could include
the entire organization. It could even include a function that cuts
across several organizations.


Measurement is a process that is used to determine
a value. In most cases this value will be a quantity.


To monitor means to determine the status of an activity, process,
or system at different stages or at different times. In order to determine
status, you need to supervise and to continually check and critically
observe the activity, process, or system that is being monitored


Nonconformity is a nonfulfillment or failure to meet a requirement.
A requirement is a need, expectation, or obligation. It can be stated
or implied by an organization or interested parties.


An objective is a result you intend to achieve. Objectives can be
strategic, tactical, or operational and can apply to an organization
as a whole or to a system, process, project, product, or service.
Objectives may also be referred to as targets, aims, goals,
or intended outcomes.

Operational prerequisite programme (OPRP)

Operational prerequisite programs (OPRPs) are control measures or
combinations of control measures that are used to control significant
food safety hazards.

OPRPs, observations, measurements, and action criteria are used to
food safety hazards or to reduce the likelihood that products
will be exposed to such hazards, that they will be contaminated, and that hazards will proliferate. They are also used to reduce the likelihood that the processing environment will be exposed to significant hazards, that it will
be contaminated, and that such hazards will proliferate in that environment.


An organization can be a single person or a group that achieves its
objectives by using its own functions, responsibilities, authorities,
and relationships. It can be a company, corporation, enterprise, firm,
partnership, charity, association, or institution and can be either
incorporated or unincorporated and be either privately or publicly
owned. It can also be an operating unit that is part of a larger entity


When an organization makes an arrangement with an outside
organization to perform part of a function or process, it is referred
to as outsourcing. To outsource means to ask an external organization
to perform part of a function or process normally done inhouse. While
an outsourced organization is beyond the scope of your FSMS, the
outsourced process or function itself falls within your scope


According to ISO, the term performance refers to a measurable result.
It refers to the measurable results that activities, processes, products,
services, systems and organizations are able to achieve. Whenever they
perform well it means that acceptable results are being achieved and
whenever they perform poorly, unacceptable results are achieved.


A policy is a general commitment, direction, or intention and is
formally stated by top management. A quality policy statement should
express top management's commitment to the implementation and
improvement of its quality management system and should allow
managers to set quality objectives

Prerequisite programme (PRP)

Prerequisite programs (PRPs) are the conditions that must be established
throughout the food chain and the activities and practices that must be
performed in order to ensure that food products are safe. PRPs must be
suitable and be capable of producing safe end products and providing
food that is safe for human consumption.

In order to select the most suitable PRPs, organizations must consider
their type of organization and their own unique circumstances, as well
as the capabilities of their suppliers and service providers. They must
also consider customer needs and expectations; they must consider
statutory and regulatory requirements; they must consider good
practices in their segment of the food chain; and they must
consider all relevant standards and guidelines.


A procedure is a way of carrying out a process or an activity.
Procedures may or may not be formally documented.


A process is a set of activities that are interrelated or that interact
with one another. Processes use resources to transform inputs
into outputs. Processes are interconnected because the output
from one process often becomes the input for another process.

While processes usually transform inputs into outputs, this
is not always the case. Sometimes inputs become outputs
without transformation.

Organizational processes should be planned and carried
out under controlled conditions. An effective process is one
that realizes planned activities and achieves planned results.


A product is a tangible or intangible output that is the result of a process. Products can be either tangible or intangible (a service can be a product).


A requirement is a need, expectation, or obligation. It can be stated or
implied by an organization, its customers, or other interested parties.
A specified requirement is one that has been stated (in a document for
example), whereas an implied requirement is a need, expectation, or
obligation that is common practice or customary.

There are many types of requirements. Some of these include customer
requirements, safety requirements, safety management requirements,
management requirements, product requirements, service requirements,
contractual requirements, statutory requirements, and regulatory


ISO 22000 2018 (3.39) defines risk as the “effect of uncertainty”. This
rather enigmatic definition is a shorted variation of the equally enigmatic
version found in the ISO 31000 risk management standard which defines
as the “effect of uncertainty on objectives”. ISO 31000 goes on to say
that an effect is a positive or negative deviation from what is expected.

This definition recognizes that all of us operate in an uncertain world.
There’s always the chance that things will not go according to plan.
Every step has an element of risk that needs to be managed and
every outcome is uncertain.

While the official definition thinks of risk as the “effect of uncertainty”,
a note to this ISO 22000 definition actually seems to reject it. It says that
“Food safety risk is a function of the probability of an adverse health effect
and the severity of that effect, consequential to (a) hazard(s) in food”
. This
more traditional definition starts with a “hazard in food” and then asks:
what is the probability that this hazard will cause an adverse health
effect and how severe would this effect be?

While ISO 31000 defines risk in a new and unusual way, the two definitions
are largely compatible. Both definitions talk about the same phenomena but
from two different perspectives. ISO 31000 provides a conceptual definition
of risk while the more traditional ISO 22000 formulation operationalizes this
general definition: it explains how to quantify risk. It argues that the amount
or level of risk can be calculated by combining probability and severity.

For more on risk management, please see:

Risk assessment

Risk assessment is a process that is made up of three separate
processes: risk identification, risk analysis, and risk evaluation. Risk
is a process that is used to find, recognize, and describe
the risks that could affect the achievement of objectives. Risk analysis
is a process that is used to understand the nature, sources, and causes
of the risks that you have identified and to estimate the level of risk. It
is also used to study impacts and consequences and to examine the
controls that exist. Risk evaluation is a process that is used to
compare risk analysis results with risk criteria in order to
determine whether or not a specified level of risk is
acceptable or tolerable

Risk criteria

Risk criteria are terms of reference and are used to evaluate the
significance or importance of your organization’s risks. They are
used to determine whether a specified level of risk is acceptable
or tolerable. Risk criteria should reflect your organization’s values,
policies, and objectives, should be based on its external and internal
context, should consider the views of stakeholders, and should be
derived from standards, laws, policies, and other requirements.

Significant food safety hazard

A food safety hazard is an agent or condition that could potentially
cause an adverse health effect. A food safety hazard is considered
to be significant when a hazard assessment has concluded that
control measures need to be applied.

Top management

The term top management normally refers to the people at
the top of an organization. It refers to the people who provide
resources and delegate authority and who coordinate, direct,
and control organizations.

However, if the scope of a management system covers only part
of an organization, then the term top management refers, instead,
to the people who direct and control that part of the organization


Traceability is the ability to identify and trace the history, movement,
location, and application of objects. A traceability system records and
follows the trail as objects come from their source and on through to
production, processing, and final distribution.


An update is an immediate or planned activity. Its purpose is
to ensure that the most recent information is being applied.


Validation is a process that is used to ensure that food safety control
measures are capable of controlling significant food safety hazards.
The validation process uses evidence to determine whether
control measures are actually effective.


Verfiication is a process that uses objective evidence to confirm that
specified requirements have been met.


Introduction to ISO 22000 2018 Standard

ISO 22000 2018 Food Safety Management Principles

Overview of ISO 22000 2018 Food Safety Management Standard

Structure of the ISO 22000 2018 Food Safety Management Standard

ISO 22000 2018 Food Safety Standard Translated into Plain English

Plain English Food Safety Management Gap Analysis Process

ISO 22000 2018 Food Safety Management Audit Tool

Plain English Food Safety Management Checklist

ISO 22000 2005 Translated into Plain English

ISO 22000 2018 versus ISO 22000 2005

Plain English Approach


ISO 19011 Internal Auditing Guide

ISO 31000 Risk Management Guide

ISO 9001 Quality Management Guide

ISO 20000 Service Management Guide

ISO 22301 Business Continuity Guide

ISO 27000 Security Management Guide

ISO 28000 Supply Chain Security Guide

ISO 45001 Worker Safety Management Guide

Home Page

Our Library

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

Praxiom Research Group Limited       780-461-4514

 Updated on August 29, 2019. First published on November 30, 2006.

Legal Restrictions on the Use of this Page
Thank you for visiting this web page. You are welcome to view our material as often as
you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2006-2019 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited