WIXLIB

ISO 22000:2018TRANSITION GAP GUIDE50,000CERTIFICATESGLOBALLYTRANSPARENT90

INTRODUCTIONThis document provides an overview of the key changes between the 2005and 2018 version of ISO 22000 – there are several new requirements inaddition to changes to key definitions. You will need to prepare for thesechanges and adapt your food safety management system to meet the newrequirements within the transition timeline.ISO 22000:2018 TIMELINEISO 22000:2018 was published on 19th June 2018 and is the replacement for ISO 22000:2005.For organizations currently using ISO 22000:2005 there will be a three-year period to transitionto ISO 22000:2018.ProposalstageCommitteestage (CD)Approvalstage (FDIS)Training for allNQA staffNovember2014December2016February2018March - April 2019PreparatorystageEnquirystage (DIS)PublicationISO 22000:2018November2015July 2017June 2018NQA no longerprovides quotes forISO 22000:2005Last day toschedule anytransition auditsFrom May 2020October 31 2021FSMS Certifiedclients encouragedto scheduletransition auditand complete GAPanalysisNo further auditsfor ISO 22000:2005permitted.ISO 22000:2018audits are scheduledTransition period endsDecember 31 2021January 1 2021From Jan 2020STRUCTURE OF ISO 22000:2018WE ARE HERE TO HELPThe structure of ISO 22000:2018 follows theAnnex SL high level structure being appliedto all new and revised ISO managementsystem standards:We are committed to translating the languageof the new standard, to help users interpretnew concepts and manage system changesmore easily.1.2.3.4.5.6.7.8.9.10.ScopeNormative ReferencesTerms and DefinitionsContext of the ormance EvaluationImprovementKeep updated with the changes se get in touch if you have anyquestions – call 0800 522 2424.

GAP ANALYSIS AND GUIDANCEISO 22001:2018CLAUSESISO 22001:2005CLAUSESGUIDANCE4 Context of the Organization4.1 Understanding theorganization and itscontextNew requirement!This new concept relates to the factors and conditions affectingorganizational operation e.g. regulation, governance andinterested parties. What drives the culture and requirements ofyour organization? Be prepared to discuss with your assessor,how the context of the organization influences the ability toachieve the intended outcomes of your food safety managementsystem4.2 Understanding theneeds and expectationsof interested partiesNew requirement!Consider who the interested parties might be and what theirrelevant interests might be, e.g. workers, customers, regulators,competitors and external providers. Consider the risks andopportunities that are generated for the context. Be prepared todiscuss stakeholder interests with your assessor.4.3 Determining the scopeof the environmentalmanagement systemPartially coveredby 4.1When determining this scope, the organization shall consider:a) the external and internal issues referred to in 4.1;b) the requirements referred to in 4.2.Therefore the Scope can only be defined when 4.1 - 4.2 havebeen considered.Do not forget the Scope shall specify the products and services,processes and production sites that are addressed by the FSMSand shall include the activities, processes, products or servicesthat can have an influence on the food safety of the end products.4.4 Food SafetyManagement SystemPartially coveredby 4.1Largely unchanged, only highlight that 2018 version do not longerrequire a documented FSMS, how to manage the system it is nowyour decision.5.1 Leadership andcommitmentPartially covered by5.1, 7.4.3Top management of the organization are now required todemonstrate leadership and commitment to the FSMS in anumber of specified ways: ensuring integration of the FSMSrequirements into the organization’s business processes, supportpersons that contribute to the effectiveness of the FSMS, etc.5.2 Food safety policyPartially coveredby 5.2The policy must be now also appropriate to the context, addressalso internal and external communications and need to ensurecompetencies related to food safety, provide a framework forsetting and reviewing objectives, include commitment to continualimprovement among other previously required requisites. Thepolicy shall be also documented and available to relevantinterested parties.5.3 O rganizational roles,responsibilities andauthoritiesPartially coveredby 5.4, 5.5, 7.3.2Apart from communicating responsibilities and authorities, topmanagement shall ensure they are also understood within theorganization. New responsibilities and authorities for ensuringthat the FSMS conforms to the requirements of the standard andreporting on the performance of the FSMS to top management areto be assigned.5 Leadership

ISO 22001:2018CLAUSESISO 22001:2005CLAUSESGUIDANCE6 Planning6.1 Actions to address risksand opportunitiesNew requirement!Consideration needs to be given to its identified internal and externalissues (4.1), the needs and expectations of its interested parties(4.2) during planning and determined scope of the FSMS (4.3). Anew concept of “risks and opportunities” is introduced. Planningnow requires the identification of the risks (defined as the effectof uncertainty) and opportunities related to the performance andeffectiveness of the FSMS. Risks and opportunities identified insection 4 become inputs to a comprehensive planning approach.6.2 Objectives of the FSMSand planning to achievethemPartially coveredby 5.3Objectives must be consistent with the food safety policy, follow theSMART criteria, and consider customer, statutory and regulatoryrequirements. There should be detail of who is responsible, agreedtimings and measures in place to establish progress, resourcesavailable and whether proposed achievements have been met.Established objectives will be documented information.6.3 Planning of changesPartially coveredby 5.3When determining the need for changes to the FSMS, theorganization must be also taken into consideration the purposeof changes, resources and responsibilities apart from ensuring itsintegrity.7.1.1 GeneralPartially coveredby 6.1The organization shall also consider the capability of and anyconstraints on existing internal resources and resources requiredfrom external sources.7.1.2 PeoplePartially coveredby 6.2Where external experts where used in the development,implementation, operation or assessment of the FSMS, theorganization must ensure they retained documented informationsuch as an agreement or contract that defines their relevantcompetency, responsibility and authority.7.1.3 InfrastructurePartially coveredby 6.3Largely unchanged7.1.4 Work EnvironmentPartially coveredby 6.4Largely unchanged, note added highlighting examples of whatfactors need to be considered within environment7.1.5 Externally developedelements of the FSMSPartially coveredby 1New information regarding externally developed elements of theFSMS to be considered when used7.1.6 Control of externallyprovided processes,products or servicesPartially coveredby 4.1New information regarding control of externally provided processes,products or services7.2 CompetencePartially coveredby 6.2, 7.3.2External providers are now also considered when determiningcompetence of persons doing work under the organization’s controlthat may affect the FSMS. The term “competent” replaces “trained”.The organization shall retained documented information as evidenceof competence.7.3 AwarenessPartially coveredby 6.2.2Now personnel must also be aware of the food safety policy,objectives of the FSMS relevant to their tasks, and the benefits ofimproved food safety performance.7.4 Communication5.6, 6.2.2Some terms have been replaced to make them more clear (suppliersby external providers and qualifications by competencies)7.5 Documented InformationPartially coveredby 4.2, 5.6.1The organization’s FSMS must include also documented informationand food safety requirements required by statutory, regulatoryauthorities and customers.7 Support

ISO 22001:2018CLAUSESISO 22001:2005CLAUSESGUIDANCE8 Operation8.1 Operational Planningand ControlNew requirement!Specific reference is now made to the planning of operations, aswell as their control and update. Controls for processes shouldnow be implemented to ensure the realisation of safe products aswell as the implementation of defined actions to address risk andopportunities. There are requirements for the control of plannedchanges and the review of unintended changes. It is now specifiedthat outsourced processes are to be controlled.8.2 PrerequisiteProgrammes (PRPs)Partially coveredby 7.2Statutory and regulatory requirements shall be taken intoconsideration when selecting PRPs. Likewise, when establishingthe PRPs, the organization must consider also supplier approval,labelling and control of incoming materials, storage, dispatch anddistribution.8.3 TraceabilityPartially coveredby 7.9Further details regarding what to be considered when establishingand implementing the traceability exercise. Documented informationmust be retained for a defined period, as a minimum, the shelf-life ofthe product. Its effectiveness shall be also tested.8.4 E mergencypreparedness andresponsePartially coveredby 5.7Documented information is now required to be established andmaintained in case of potential emergency situations and incidents.Steps to handle emergencies are now specified.8.5.1 P reliminary steps toenable hazard analysisPartially coveredby 7.3, 7.2.4Source of products is now required to be specified in thedocumented information concerning raw materials, ingredientsand packaging specifications. Documented information regardingcharacteristics of ends products must include method of distributionand delivery. “Description of processes steps and control measures”has been replaced by “description of processes and processenvironment” detailing also additional requirements. Processingaids, packaging and utilities are also to be added to the flowdiagram/s.8.5.2 Hazard analysisPartially covered by7.3.5.2, 7.4, 7.6.2The identification of hazards shall also be based on internalinformation and customer requirements. The systematic approachfor assessing each control measure, must also consider the viabilityof establishing measurable critical limits and applying timelycorrections in case of failure. Additionally, external requirements thatcan impact the choice and strictness of control measures shall bedocumented.8.5.3 Validation of controlmeasure(s) andcombination(s) ofcontrol measure(s)Partially coveredby 8.2The decision making process and categorization of controlmeasures as well as their validation must be maintained asdocumented information. It is also mentioned that this validationmust be conducted before the implementation of the Hazard controlplan.8.5.4 Hazard Control PlanPartially coveredby 7.5, 7.6A Hazard Control Plan includes OPRP plan and monitoring systemsfor OPRPs as well as a HACCP Plan and monitoring system forCCPs. The organization shall implement, maintain and retainedevidence of the hazard control plan as documented information.When critical limits or action criteria are not met the organizationshall ensure, among others, that the potentially unsafe products arenot released.8.6 U pdating the informationspecifying the PRPs andthe hazard control planPartially coveredby 7.7Once the Hazard Control Plan is established, the information tobe updated, if necessary, is listed (process steps and controlmeasures now replaced by descriptions of processes and processenvironment).8.7 C ontrol of monitoringand measuringPartially coveredby 8.3Included also that software used in monitoring and measuring needsvalidation prior to use.Operation section continues on next page