|
Both old and new food safety management
standards cover essentially
the same topics. However, there are important differences. Some
of these
are discussed below.
|
Structure
of standard
Perhaps the biggest difference
between the old and the new standard is the
structure. ISO 22000 2005 had five main sections (4 to 8) and
ISO 22000 2018
now has seven (4 to 10). This is because the new edition uses
the Annex SL*
template. According to ISO, all future management system
standards (MSSs)
will use this new layout and share the same basic
requirements. As a result,
all new MSSs will have the same basic look and feel.
A common structure is possible
because basic concepts such as management,
customers, requirements,
policy, procedure, planning, performance, objective,
control, monitoring, measurement, auditing, decision making,
corrective action,
and nonconformity are common to all management system
standards. While
this makes it easier for organizations to implement multiple
standards because
they all share the same basic requirements, it may cause some
disruption
in the short run as organizations get used to the new
structure.
*Annex SL defines the framework of a
generic management system standard
(MSS). In addition to ISO 22000, the following MSSs either
have been or will
be updated using this new ISO framework: ISO
9001, ISO 13485, ISO
14001,
ISO 22301, ISO
27001, ISO 45001, ISO 50001, AS9100, and IATF 16949.
|
Context
of the organization
Unlike the old ISO standard, the new
one expects you to understand your
organization's context before you establish its FSMS.
When ISO 22000 2018
asks you to understand your organization's context it
wants you to consider
the external and internal issues that are relevant to its
purpose and strategic
direction and to think about the influence these issues could
have on its
FSMS and the results it intends to achieve.
This means that you need to understand your
organization's
external
environment, its culture, its values, its performance, and its
interested parties
before you develop its FSMS. Why? Because your FSMS will need
to be able
to manage all of these influences.
And once you understand all of this,
you're expected to use this insight to
help you define the scope of your FSMS and the challenges it
must deal with. While this will help ensure that organizations
develop unique
food safety
management systems that address their own unique needs and
requirements,
doing all of this could be quite a challenge for some
organizations.
|
Documented
information
The new ISO 22000 2018 standard has
also eliminated the long standing
distinction between documents and records. Now they are both
referred to
as “documented information”. Why ISO chose to abandon
two common sense
concepts and replace them with one that is needlessly awkward
and esoteric
is not entirely clear.
According to ISO's definition, the
term documented
information refers to
information that must be controlled and maintained and the
medium on which
it is contained. So, whenever ISO 22000 uses the term
documented information
it implicitly expects you to control and maintain that
information.
While ISO 22000 2018 expects you to
maintain documented information,
it no longer explicitly expects you to write procedures or
prepare a food
safety manual. While you may continue to use procedures and
manuals
if you wish, they're no longer required.
|
Risk-based
thinking
According to ISO, risk-based
thinking has always been implicit in management
system standards. According to this perspective, ISO
22000 has always
been
about anticipating and preventing mistakes, which is what risk-based
thinking
is all about.
That's why we train people, why we
plan our work, why we assign roles and
responsibilities, why we validate and verify results, why we
audit and review
activities, and why we monitor, measure, and control
processes. We do these
things because we want to prevent mistakes. We do them because
we're trying
to manage risk. So, if we think of risk-based thinking in this
way, it's reasonable
to say that risk-based thinking has always been an inherent
part of ISO 22000.
Before it was implicit; now it's explicit.
So, what kind of thinking is risk-based
thinking and how is it applied? What does the new
standard expect organizations to do? The new standard expects
organizations to identify and address the risks that could
influence their ability
to provide safe products and services and to satisfy
customers. It also expects
them to identify and address the opportunities that could
enhance their ability
to provide safe products and services and to satisfy
customers.
The new ISO 22000 standard also
expects organizations to identify the risks
and opportunities that could influence the performance of their food safety
management systems or disrupt
their operation and then it expects them to
define actions to address these risks and opportunities. It
then further expects
them to figure out how they're going to make these actions
part of their FSMS
processes and how they're going to implement, control,
evaluate, and review
the effectiveness of these actions and these processes.
While risk-based thinking is now an
essential part of the new standard, it does
not actually expect you to implement a formal risk management
program, nor
does it expect you to document your risk-based approach. If
you choose to
implement a formal risk management program, please see the ISO
31000
risk management guide at: www.praxiom.com/31000.htm
|
Emergencies
and incidents
While the old ISO 22000 standard had
only a single sentence on emergency
preparedness and response (5.7), the new standard has added a
new section
on the handling of emergencies and incidents (8.4.2).
The new section 8.4.2
expects you to consider its emergency response requirements,
to prepare for
and respond to food safety incidents and emergencies, and to
mitigate their
impact. It also expects you to periodically test your
emergency response
procedures and to review the associated documents and records.
|
New
definitions
While the old ISO 22000 standard had
only 17 definitions, the new one now
has 45. While most of the new definitions
relate to management systems in
general, some of them relate to food safety management systems
in particular.
New management system definitions were
added
for the following terms:
competence, continual improvement, documented information,
effectiveness,
interested party
(stakeholders), management system,
measurement, nonconformity, objective,
outsource,
organization, performance, policy,
process, product, requirement, risk, top management, and
traceability. And
new food safety definitions were added for the following
terms: acceptable
level, action criteria, animal food, contamination, feed,
food, and lot.
Most of the new management system definitions
were
added because ISO
decided to use a new format (Annex SL) for all management
system standards.
A complete set of definitions can be found at ISO
22000 2018 Definitions.
|
