FSSC 22000 Internal Audit with full standards for C

4.1 Understanding the organization and its context: The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended result(s) of its FSMS.<br>The organization shall identify, review and update information related to these external and internal issues.<br>NOTE 1 Issues can include positive and negative factors or conditions for consideration.<br>NOTE 2 Understanding the context can be facilitated by considering external and internal issues, including, but not limited to, legal, technological, competitive, market, cultural, social and economic environments, cybersecurity and food fraud, food defence and intentional contamination, knowledge and performance of the organization, whether international, national, regional or local.

4.2 Understanding the needs and expectations of interested parties<br>To ensure that the organization has the ability to consistently provide products and services that meet applicable statutory, regulatory and customer requirements with regard to food safety, the organization shall determine:<br>a) the interested parties that are relevant to the FSMS;<br>b) the relevant requirements of the interested parties of the FSMS.<br>The organization shall identify, review and update information related to the interested parties and their requirements.

4.3 Determining the scope of the food safety management system<br>The organization shall determine the boundaries and applicability of the FSMS to establish its scope. The scope shall specify the products and services, processes and production site(s) that are included in the FSMS. The scope shall include the activities, processes, products or services that can have an influence on the food safety of its end products.<br>When determining this scope, the organization shall consider:<br>a) the external and internal issues referred to in 4.1;<br>b) the requirements referred to in 4.2.<br>The scope shall be available and maintained as documented information.

4.4 Food safety management system<br>The organization shall establish, implement, maintain, update and continually improve a FSMS, including the processes needed and their interactions, in accordance with the requirements of this document.

5.1 Leadership and commitment<br>Top management shall demonstrate leadership and commitment with respect to the FSMS by:<br>a) ensuring that the food safety policy and the objectives of the FSMS are established and are compatible with the strategic direction of the organization;<br>b) ensuring the integration of the FSMS requirements into the organization’s business processes;<br>c) ensuring that the resources needed for the FSMS are available;<br>d) communicating the importance of effective food safety management and conforming to the FSMS requirements, applicable statutory and regulatory requirements, and mutually agreed customer requirements related to food safety;<br>e) ensuring that the FSMS is evaluated and maintained to achieve its intended result(s) (see 4.1);<br>f) directing and supporting persons to contribute to the effectiveness of the FSMS;<br>g) promoting continual improvement;<br>h) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.<br>NOTE Reference to “business” in this document can

5.2 Policy<br>5.2.1 Establishing the food safety policy<br>Top management shall establish, implement and maintain a food safety policy that:<br>a) is appropriate to the purpose and context of the organization;<br>b) provides a framework for setting and reviewing the objectives of the FSMS;<br>c) includes a commitment to satisfy applicable food safety requirements, including statutory and regulatory requirements and mutually agreed customer requirements related to food safety;<br>d) addresses internal and external communication;<br>e) includes a commitment to continual improvement of the FSMS;<br>f) addresses the need to ensure competencies related to food safety.

5.2.2 Communicating the food safety policy<br>The food safety policy shall:<br>a) be available and maintained as documented information;<br>b) be communicated, understood and applied at all levels within the organization; <br>c) be available to relevant interested parties, as appropriate.

5.3 Organizational roles, responsibilities and authorities<br>5.3.1 Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization.<br>Top management shall assign the responsibility and authority for:<br>a) ensuring that the FSMS conforms to the requirements of this document;<br>b) reporting on the performance of the FSMS to top management;<br>c) appointing the food safety team and the food safety team leader;<br>d) designating persons with defined responsibility and authority to initiate and document action(s).

5.3.2 The food safety team leader shall be responsible for:<br>a) ensuring the FSMS is established, implemented, maintained and updated;<br>b) managing and organizing the work of the food safety team;<br>c) ensuring relevant training and competencies for the food safety team (see 7.2);<br>d) reporting to top management on the effectiveness and suitability of the FSMS.

5.3.3 All persons shall have the responsibility to report problem(s) with regards to the FSMS to identified person(s).

6.1 Actions to address risks and opportunities<br>6.1.1 When planning for the FSMS, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and 4.3 and determine the risks and opportunities that need to be addressed to:<br>a) give assurance that the FSMS can achieve its intended result(s);<br>b) enhance desirable effects;<br>c) prevent, or reduce, undesired effects;<br>d) achieve continual improvement.<br>NOTE In the context of this document, the concept of risks and opportunities is limited to events and their consequences relating to the performance and effectiveness of the FSMS. Public authorities are responsible for addressing public health risks. Organizations are required to manage food safety hazards (see 3.22) and the requirements related to this process that are laid down in Clause 8.

6.1.2 The organization shall plan:<br>a) actions to address these risks and opportunities;<br>b) how to:<br>1) integrate and implement the actions into its FSMS processes;<br>2) evaluate the effectiveness of these actions.

6.1.3 The actions taken by the organization to address risks and opportunities shall be proportionate to:<br>a) the impact on food safety requirements;<br>b) the conformity of food products and services to customers;<br>c) requirements of interested parties in the food chain.<br>NOTE 1 Actions to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or accepting the presence of risk by informed decision.<br>NOTE 2 Opportunities can lead to the adoption of new practices (modification of products or processes), using new technology and

6.2 Objectives of the food safety management system and planning to achieve them<br>6.2.1 The organization shall establish objectives for the FSMS at relevant functions and levels.<br>The objectives of the FSMS shall:<br>a) be consistent with the food safety policy;<br>b) be measurable (if practicable);<br>c) take into account applicable food safety requirements, including statutory, regulatory and customer requirements;<br>d) be monitored and verified;<br>e) be communicated;<br>f) be maintained and updated as appropriate.<br>The organization shall retain documented information on the objectives for the FSMS.

6.2.2 When planning how to achieve its objectives for the FSMS, the organization shall determine:<br>a) what will be done;<br>b) what resources will be required;<br>c) who will be responsible;<br>d) when it will be completed;<br>e) how the results will be evaluated.

6.3 Planning of changes<br>When the organization determines the need for changes to the FSMS, including personnel changes, the changes shall be carried out and communicated in a planned manner.<br>The organization shall consider:<br>a) the purpose of the changes and their potential consequences;<br>b) the continued integrity of the FSMS;<br>c) the availability of resources to effectively implement the changes;<br>d) the allocation or re-allocation of responsibilities and authorities.

7.1 Resources<br>7.1.1 General<br>The organization shall determine and provide the resources needed for the establishment, implementation, maintenance, update and continual improvement of the FSMS.<br>The organization shall consider:<br>a) the capability of, and any constraints on, existing internal resources;<br>b) the need for external resources.

7.1.2 People<br>The organization shall ensure that persons necessary to operate and maintain an effective FSMS are competent (see 7.2).<br>Where the assistance of external experts is used for the development, implementation, operation or assessment of the FSMS, evidence of agreement or contracts defining the competency,

7.1.3 Infrastructure<br>The organization shall provide the resources for the determination, establishment and maintenance of the infrastructure necessary to achieve conformity with the requirements of the FSMS.<br>NOTE Infrastructure can include:<br>— land, vessels, buildings and associated utilities;<br>— equipment, including hardware and software;<br>— transportation;<br>— information and communication technology.

7.1.4 Work environment<br>The organization shall determine, provide and maintain the resources for the establishment, management and maintenance of the work environment necessary to achieve conformity with the requirements of the FSMS.<br>NOTE A suitable environment can be a combination of human and physical factors such as:<br>a) social (e.g. non-discriminatory, calm, non-confrontational);<br>b) psychological (e.g. stress-reducing, burnout prevention, emotionally protective);<br>c) physical (e.g. temperature, heat, humidity, light, air flow, hygiene, noise).<br>These factors can differ substantially depending on the products and services provided.

7.1.5 Externally developed elements of the food safety management system<br>When an organization establishes, maintains, updates and continually improves its FSMS by using externally developed elements of a FSMS, including PRPs, the hazard analysis and the hazard control plan (see 8.5.4), the organization shall ensure that the provided elements are:<br>a) developed in conformance with requirements of this document;<br>b) applicable to the sites, processes and products of the organization;<br>c) specifically adapted to the processes and products of the organization by the food safety team;<br>d) implemented, maintained and updated as required by this document;<br>e) retained as documented information.

7.1.6 Control of externally provided processes, products or services<br>The organization shall:<br>a) establish and apply criteria for the evaluation, selection, monitoring of performance and re- evaluation of external providers of processes, products and/or services;<br>b) ensure adequate communication of requirements to the external provider(s);<br>c) ensure that externally provided processes, products or services do not adversely affect the organization's ability to consistently meet the requirements of the FSMS;<br>d) retain documented information of these activities and any necessary actions as a result of the evaluations and re-evaluations.

7.2 Competence<br>The organization shall:<br>a) determine the necessary competence of person(s), including external providers, doing work under its control that affects its food safety performance and effectiveness of the FSMS;<br>b) ensure that these persons, including the food safety team and those responsible for the operation of the hazard control plan, are competent on the basis of appropriate education, training and/or experience;<br>c) ensure that the food safety team has a combination of multi-disciplinary knowledge and experience in developing and implementing the FSMS (including, but not limited to, the organization’s products, processes, equipment and food safety hazards within the scope of the FSMS);<br>d) where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken;<br>e) retain appropriate documented information as evidence of competence.<br>NOTE Applicable actions can include, for example, the provision of training to, the mentoring

7.3 Awareness<br>The organization shall ensure that all relevant persons doing work under the organization’s control shall be aware of:<br>a) the food safety policy;<br>b) the objectives of the FSMS relevant to their task(s);<br>c) their individual contribution to the effectiveness of the FSMS, including the benefits of improved food safety performance;<br>d) the implications of not conforming with the FSMS requirements.

7.4 Communication<br>7.4.1 General<br>The organization shall determine the internal and external communications relevant to the FSMS, including:<br>a) on what it will communicate;<br>b) when to communicate;<br>c) with whom to communicate;<br>d) how to communicate;<br>e) who communicates.<br>The organization shall ensure that the requirement for effective communication is understood by all persons whose activities have an impact on food safety.

7.4.2 External communication<br>The organization shall ensure that sufficient information is communicated externally and is available for interested parties of the food chain.<br>The organization shall establish, implement and maintain effective communications with:<br>a) external providers and contractors;<br>b) customers and/or consumers, in relation to:<br>1) product information related to food safety, to enable the handling, display, storage, preparation, distribution and use of the product within the food chain or by the consumer;<br>2) identified foods safety hazards that need to be controlled by other organizations in the food chain and/or by consumers;<br>3) contractual arrangements, enquiries and orders, including their amendments;<br>4) customer and/or consumer feedback, including complaints;<br>c) statutory and regulatory authorities;<br>d) other organizations that have an impact on, or will be affected by, the effectiveness or updating of the FSMS.<br>Designated persons shall have defined responsibility and authority for the external communication of any information concerning food safety. Where relevant, information obtained through external communication shall be included as input for management review (see 9.3) and for updating the FSMS (see 4.4 and 10.3).<br>Evidence of external communication shall be retained as documented information.

7.4.3 Internal communication<br>The organization shall establish, implement and maintain an effective system for communicating issues having an impact on food safety.<br>To maintain the effectiveness of the FSMS, the organization shall ensure that the food safety team is informed in a timely manner of changes in the following:<br>a) products or new products;<br>b) raw materials, ingredients and services;<br>c) production systems and equipment;<br>d) production premises, location of equipment and surrounding environment;<br>e) cleaning and sanitation programmes;<br>f) packaging, storage and distribution systems;<br>g) competencies and/or allocation of responsibilities and authorizations;<br>h) applicable statutory and regulatory requirements;<br>i) knowledge regarding food safety hazards and control measures;<br>j) customer, sector and other requirements that the organization observes;<br>k) relevant enquiries and communications from external interested parties;<br>l) complaints and alerts indicating food safety hazards associated with the end product;<br>m) other conditions that have an impact on food safety.<br>The food safety team shall ensure that this information is included when updating the FSMS (see 4.4 and 10.3).<br>Top management shall ensure that relevant information is included as input to the management review (see 9.3).

7.5 Documented information<br>7.5.1 General<br>The organization’s FSMS shall include:<br>a) documented information required by this document;<br>b) documented information determined by the organization as being necessary for the effectiveness of the FSMS;<br>c) documented information and food safety requirements required by statutory, regulatory authorities and customers.<br>NOTE The extent of documented information for a FSMS can differ from one organization to another due to:<br>— the size of organization and its type of activities, processes, products and services;<br>— the complexity of processes and their interactions;<br>— the competence of persons.

7.5.2 Creating and updating<br>When creating and updating documented information, the organization shall ensure appropriate:<br>a) identification and description (e.g. a title, date, author, or reference number);<br>b) format (e.g. language, software version, graphics) and media (e.g. paper, electronic);<br>c) review and approval for suitability and adequacy.

7.5.3 Control of documented information<br>7.5.3.1 Documented information required by the FSMS and by this document shall be controlled to ensure:<br>a) it is available and suitable for use, where and when it is needed;<br>b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

7.5.3.2 For the control of documented information, the organization shall address the following activities, as applicable:<br>a) distribution, access, retrieval and use;<br>b) storage and preservation, including preservation of legibility;<br>c) control of changes (e.g. version control);<br>d) retention and disposition.<br>Documented information of external origin determined by the organization to be necessary for the planning and operation of the FSMS shall be identified, as appropriate, and controlled.<br>Documented information retained as evidence of conformity shall be protected from unintended alterations.<br>NOTE Access can imply a decision regarding the permission to view the

8.1 Operational planning and control<br>The organization shall plan, implement, control, maintain and update the processes needed to meet requirements for the realization of safe products, and to implement the actions determined in 6.1, by:<br>a) establishing criteria for the processes;<br>b) implementing control of the processes in accordance with the criteria;<br>c) keeping documented information to the extent necessary to have the confidence to demonstrate that the processes have been carried out as planned.<br>The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.<br>The organization shall ensure that outsourced processes are controlled (see 7.1.6).

8.2 Prerequisite programmes (PRPs)<br>8.2.1 The organization shall establish, implement, maintain and update PRP(s) to facilitate the prevention and/or reduction of contaminants (including food safety hazards) in the products, product processing and work environment.

8.2.2 The PRP(s) shall be:<br>a) appropriate to the organization and its context with regard to food safety;<br>b) appropriate to the size and type of the operation and the nature of the products being manufactured and/or handled;<br>c) implemented across the entire production system, either as programmes applicable in general or as programmes applicable to a particular product or process;<br>d) approved by the food safety team.

8.2.3 When selecting and/or establishing PRP(s), the organization shall ensure that applicable statutory, regulatory and mutually agreed customer requirements are identified. The organization should consider:<br>a) the applicable part of the ISO/TS 22002 series;<br>b) applicable standards, codes of practice and guidelines.

8.2.4 When establishing PRP(s) the organization shall consider:<br>a) construction, lay-out of buildings and associated utilities;<br>b) lay-out of premises, including zoning, workspace and employee facilities;<br>c) supplies of air, water, energy and other utilities;<br>d) pest control, waste and sewage disposal and supporting services;<br>e) the suitability of equipment and its accessibility for cleaning and maintenance;<br>f) supplier approval and assurance processes (e.g. raw materials, ingredients, chemicals and packaging);<br>g) reception of incoming materials, storage, dispatch, transportation and handling of products;<br>h) measures for the prevention of cross contamination;<br>i) cleaning and disinfecting;<br>j) personal hygiene;<br>k) product information/consumer awareness;<br>l) others, as appropriate.<br>Documented information shall specify the selection, establishment, applicable monitoring and verification of the PRP(s).

8.3 Traceability system<br>The traceability system shall be able to uniquely identify incoming material from the suppliers and the first stage of the distribution route of the end product. When establishing and implementing the traceability system, the following shall be considered as a minimum:<br>a) relation of lots of received materials, ingredients and intermediate products to the end products;<br>b) reworking of materials/products;<br>c) distribution of the end product.<br>The organization shall ensure that applicable statutory, regulatory and customer requirements are identified. <br>Documented information as evidence of the traceability system shall be retained for a defined period to include, as a minimum, the shelf life of the product. The organization shall verify and test the effectiveness of the traceability system.<br>NOTE Where appropriate, the verification of the system is expected to include the reconciliation of quantities of end products with the quantity of ingredients as evidence of effectiveness.

8.4 Emergency preparedness and response<br>8.4.1 General<br>Top management shall ensure procedures are in place to respond to potential emergency situations or incidents that can have an impact on food safety which are relevant to the role of the organization in the food chain.<br>Documented information shall be established and maintained to manage these situations and incidents.

8.4.2 Handling of emergencies and incidents<br>The organization shall:<br>a) respond to actual emergency situations and incidents by:<br>1) ensuring applicable statutory and regulatory requirements are identified;<br>2) communicating internally;<br>3) communicating externally (e.g. suppliers, customers, appropriate authorities, media);<br>b) take action to reduce the consequences of the emergency situation, appropriate to the magnitude of the emergency or incident and the potential food safety impact;<br>c) periodically test procedures where practical;<br>d) review and, where necessary, update the documented information after the occurrence of any incident, emergency situation or tests.<br>NOTE Examples of emergency situations that can affect food safety and/or production are natural disasters, environmental accidents, bioterrorism, workplace accidents, public health emergencies and other accidents, e.g. interruption of essential services such as water, electricity or refrigeration supply.

8.5 Hazard control<br>8.5.1 Preliminary steps to enable hazard analysis<br>8.5.1.1 General<br>To carry out the hazard analysis, preliminary documented information shall be collected, maintained and updated by the food safety team. This shall include, but not be limited to:<br>a) applicable statutory, regulatory and customer requirements;<br>b) the organization’s products, processes and equipment;<br>c) food safety hazards relevant to the FSMS.

8.5.1.2 Characteristics of raw materials, ingredients and product contact materials<br>The organization shall ensure that all applicable statutory and regulatory food safety requirements are identified for all raw materials, ingredients and product contact materials. <br>The organization shall maintain documented information concerning all raw materials, ingredients and product contact materials to the extent needed to conduct the hazard analysis (see 8.5.2), including the following, as appropriate:<br>a) biological, chemical and physical characteristics;<br>b) composition of formulated ingredients, including additives and processing aids;<br>c) source (e.g. animal, mineral or vegetable);<br>d) place of origin (provenance);<br>e) method of production;<br>f) method of packaging and delivery;<br>g) storage conditions and shelf life;<br>h) preparation and/or handling before use or processing;<br>i) acceptance criteria related to food safety or specifications of purchased materials and ingredients appropriate to their intended use.

8.5.1.3 Characteristics of end products<br>The organization shall ensure that all applicable statutory and regulatory food safety requirements are identified for all the end products intended to be produced.<br>The organization shall maintain documented information concerning the characteristics of end products to the extent needed to conduct the hazard analysis (see 8.5.2), including information on the following, as appropriate:<br>a) product name or similar identification;<br>b) composition;<br>c) biological, chemical and physical characteristics relevant for food safety;<br>d) intended shelf life and storage conditions;<br>e) packaging;<br>f) labelling relating to food safety and/or instructions for handling, preparation and intended use;<br>g) method(s) of distribution and delivery.

8.5.1.4 Intended use<br>The intended use, including reasonably expected handling of the end product and any unintended use but reasonably expected mishandling and misuse of the end product, shall be considered and shall be maintained as documented information to the extent needed to conduct the hazard analysis (see 8.5.2).<br>Where appropriate, groups of consumers/users shall be identified for each product.<br>Groups of consumers/users known to be especially vulnerable to specific food safety hazards shall be identified.

8.5.1.5 Flow diagrams and description of processes<br>8.5.1.5.1 Preparation of the flow diagrams<br>The food safety team shall establish, maintain and update flow diagrams as documented information for the products or product categories and the processes covered by the FSMS.<br>Flow diagrams provide a graphic representation of the process. Flow diagrams shall be used when conducting the hazard analysis as a basis for evaluating the possible occurrence, increase, decrease or introduction of food safety hazards.<br>Flow diagrams shall be clear, accurate and sufficiently detailed to the extent needed to conduct the hazard analysis. Flow diagrams shall, as appropriate, include the following:<br>a) the sequence and interaction of the steps in the operation;<br>b) any outsourced processes;<br>c) where raw materials, ingredients, processing aids, packaging materials, utilities and intermediate products enter the flow;<br>d) where reworking and recycling take place;<br>e) where end products, intermediate products, by-products and waste are released or removed.

8.5.1.5.2 On-site confirmation of flow diagrams<br>The food safety team shall confirm on-site the accuracy of the flow diagrams, update the flow diagrams where appropriate and retain as documented information.

8.5.1.5.3 Description of processes and process environment<br>The food safety team shall describe, to the extent needed to conduct the hazard analysis:<br>a) the layout of premises, including food and non-food handling areas;<br>b) processing equipment and contact materials, processing aids and flow of materials;<br>c) existing PRPs, process parameters, control measures (if any) and/or the strictness with which they are applied, or procedures that can influence food safety;<br>d) external requirements (e.g. from statutory and regulatory authorities or customers) that can impact the choice and the strictness of the control measures.<br>The variations resulting from expected seasonal changes or shift patterns shall be included as appropriate.<br>The descriptions shall be updated as appropriate and maintained as documented information.

8.5.2 Hazard analysis<br>8.5.2.1 General<br>The food safety team shall conduct a hazard analysis, based on the preliminary information, to determine the hazards that need to be controlled. The degree of control shall ensure food safety and, where appropriate, a combination of control measures shall be used.

8.5.2.2.1 The organization shall identify and document all food safety hazards that are reasonably expected to occur in relation to the type of product, type of process and process environment.<br>The identification shall be based on:<br>a) the preliminary information and data collected in accordance with 8.5.1;<br>b) experience;<br>c) internal and external information including, to the extent possible, epidemiological, scientific and other historical data;<br>d) information from the food chain on food safety hazards related to the safety of the end products, intermediate products and the food at the time of consumption;<br>e) statutory, regulatory and customer requirements.<br>NOTE 1 Experience can include information from staff and external experts who are familiar with the product and/or processes in other facilities.<br>NOTE 2 Statutory and regulatory requirements can include food safety objectives (FSOs). The Codex Alimentarius Commission defines FSOs as “The maximum frequency and/or concentration of a hazard in a food at the time of consumption that provides or contributes to the appropriate level of protection (ALOP)”.<br>Hazards should be considered in sufficient detail to enable hazard assessment and the selection of appropriate control measures.

8.5.2.2.2 The organization shall identify step(s) (e.g. receiving raw materials, processing, distribution and delivery) at which each food safety hazard can be present, be introduced, increase or persist.<br>When identifying hazards, the organization shall consider:<br>a) the stages preceding and following in the food chain;<br>b) all steps in the flow diagram;<br>c) the process equipment, utilities/services, process environment and persons.

8.5.2.2.3 The organization shall determine the acceptable level in the end product of each food safety hazard identified, whenever possible.<br>When determining acceptable levels, the organization shall:<br>a) ensure that applicable statutory, regulatory and customer requirements are identified;<br>b) consider the intended use of end products;<br>c) consider any other relevant information.<br>The organization shall maintain documented information concerning the determination of acceptable levels and the justification for the acceptable levels.

8.5.2.3 Hazard assessment<br>The organization shall conduct, for each identified food safety hazard, a hazard assessment to determine whether its prevention or reduction to an acceptable level is essential.<br>The organization shall evaluate each food safety hazard with regard to:<br>a) the likelihood of its occurrence in the end product prior to application of control measures;<br>b) the severity of its adverse health effects in relation to the intended use (see 8.5.1.4).<br>The organization shall identify any significant food safety hazards.<br>The methodology used shall be described, and the result of the hazard assessment shall be maintained as documented information.

8.5.2.4 Selection and categorization of control measure(s)<br>8.5.2.4.1 Based on the hazard assessment, the organization shall select an appropriate control measure or combination of control measures that will be capable of preventing or reducing the identified significant food safety hazards to defined acceptable levels.<br>The organization shall categorize the selected identified control measure(s) to be managed as OPRP(s) (see 3.30) or at CCPs (see 3.11).<br>The categorization shall be carried out using a systematic approach. For each of the control measures selected, there shall be an assessment of the following:<br>a) the likelihood of failure of its functioning;<br>b) the severity of the consequence in the case of failure of its functioning; this assessment shall include:<br>1) the effect on identified significant food safety hazards;<br>2) the location in relation to other control measure(s);<br>3) whether it is specifically established and applied to reduce the hazards to an acceptable level;<br>4) whether it is a single measure or is part of combination of control measure(s).

8.5.2.4.2 In addition, for each control measure, the systematic approach shall include an assessment of the feasibility of:<br>a) establishing measurable critical limits and/or measurable/observable action criteria;<br>b) monitoring to detect any failure to remain within critical limit and/or measurable/observable action criteria;<br>c) applying timely corrections in case of failure.<br>The decision-making process and results of the selection and categorization of the control measures shall be maintained as documented information.<br>External requirements (e.g. statutory, regulatory and customer requirements) that can impact the choice and the strictness of the control measures shall also be maintained as documented information.

8.5.3 Validation of control measure(s) and combinations of control measures<br>The food safety team shall validate that the selected control measures are capable of achieving the intended control of the significant food safety hazard(s). This validation shall be done prior to implementation of control measure(s) and combinations of control measures to be included in the hazard control plan (see 8.5.4) and after any change therein (see 7.4.2, 7.4.3, 10.2 and 10.3).<br>When the result of validation shows that the control measures(s) is (are) not capable of achieving the intended control, the food safety team shall modify and re-assess the control measure(s) and/or combination(s) of control measure(s).<br>The food safety team shall maintain the validation methodology and evidence of capability of the control measure(s) to achieve the intended control as documented information.<br>NOTE Modification can include changes in control measure(s) (i.e. process parameters, rigour and/or their combination) and/or change(s) in the manufacturing technologies for raw materials, end product characteristics, methods of distribution and intended use of the end products.

8.5.4 Hazard control plan (HACCP/OPRP plan)<br>8.5.4.1 General<br>The organization shall establish, implement and maintain a hazard control plan. The hazard control plan shall be maintained as documented information and shall include the following information for each control measure at each CCP or OPRP:<br>a) food safety hazard(s) to be controlled at the CCP or by the OPRP;<br>b) critical limit(s) at CCP or action criteria for OPRP;<br>c) monitoring procedure(s);<br>d) correction(s) to be made if critical limits or action criteria are not met;<br>e) responsibilities and authorities;<br>f) records of monitoring.

8.5.4.2 Determination of critical limits and action criteria<br>Critical limits at CCPs and action criteria for OPRPs shall be specified. The rationale for their determination shall be maintained as documented information.<br>Critical limits at CCPs shall be measurable. Conformance with critical limits shall ensure that the acceptable level is not exceeded.<br>Action criteria for OPRPs shall be measurable or observable. Conformance with action criteria shall contribute to the assurance that the acceptable level is not exceeded.

8.5.4.3 Monitoring systems at CCPs and for OPRPs<br>At each CCP, a monitoring system shall be established for each control measure or combination of control measure(s) to detect any failure to remain within the critical limits. The system shall include all scheduled measurements relative to the critical limit(s).<br>For each OPRP, a monitoring system shall be established for the control measure or combination of control measure(s) to detect failure to meet the action criterion.<br>The monitoring system, at each CCP and for each OPRP, shall consist of documented information, including:<br>a) measurements or observations that provide results within an adequate time frame;<br>b) monitoring methods or devices used;<br>c) applicable calibration methods or, for OPRPs, equivalent methods for verification of reliable measurements or observations (see 8.7);<br>d) monitoring frequency;<br>e) monitoring results;<br>f) responsibility and authority related to monitoring;<br>g) responsibility and authority related to evaluation of monitoring results.<br>At each CCP, the monitoring method and frequency shall be capable of timely detection of any failure to remain within critical limits, to allow timely isolation and evaluation of the product (see 8.9.4).<br>For each OPRP, the monitoring method and frequency shall be proportionate to the likelihood of failure and the severity of consequences.<br>When monitoring an OPRP is based on subjective data from observations (e.g. visual inspection), the method shall be supported by instructions or specifications.

8.5.4.4 Actions when critical limits or action criteria are not met<br>The organization shall specify corrections (see 8.9.2) and corrective actions (see 8.9.3) to be taken when critical limits or action criterion are not met and shall ensure that:<br>a) the potentially unsafe products are not released (see 8.9.4);<br>b) the cause of nonconformity is identified;<br>c) the parameter(s) controlled at the CCP or by the OPRP is (are) returned within the critical limits or action criteria;<br>d) recurrence is prevented.<br>The organization shall make corrections in accordance with 8.9.2 and corrective actions in accordance with 8.9.3.

8.5.4.5 Implementation of the hazard control plan<br>The organization shall implement and maintain the hazard control plan, and retain evidence of the implementation as documented information.

8.6 Updating the information specifying the PRPs and the hazard control plan<br>Following the establishment of the hazard control plan, the organization shall update the following information, if necessary:<br>a) characteristics of raw materials, ingredients and product-contact materials;<br>b) characteristics of end products;<br>c) intended use;<br>d) flow diagrams and descriptions of processes and process environment.<br>The organization shall ensure that the hazard control plan and/or the PRP(s) are up to date.

8.7 Control of monitoring and measuring<br>The organization shall provide evidence that the specified monitoring and measuring methods and equipment in use are adequate for the monitoring and measuring activities related to the PRP(s) and the hazard control plan.<br>The monitoring and measuring equipment used shall be:<br>a) calibrated or verified at specified intervals prior to use;<br>b) adjusted or re-adjusted as necessary;<br>c) identified to enable the calibration status to be determined;<br>d) safeguarded from adjustments that would invalidate the measurement results;<br>e) protected from damage and deterioration.<br>The results of calibration and verification shall be retained as documented information. The calibration of all the equipment shall be traceable to international or national measurement standards; where no standards exist, the basis used for calibration or verification shall be retained as documented information.<br>The organization shall assess the validity of the previous measurement results when the equipment or process environment is found not to conform to requirements. The organization shall take appropriate action in relation to the equipment or process environment and any product affected by the non-conformance.<br>The assessment and resulting action shall be maintained as documented information.<br>Software used in monitoring and measuring within the FSMS shall be validated by the organization, software supplier or third party prior to use. Documented information on validation activities shall be maintained by the organization and the software shall be updated in a timely manner.<br>Whenever there are changes, including software configuration/modifications to commercial off-the- shelf software, they shall be authorized, documented and validated before implementation.<br>NOTE Commercial off-the-shelf software in general use within its designed application range can be considered to be sufficiently validated.

8.8 Verification related to PRPs and the hazard control plan<br>8.8.1 Verification<br>The organization shall establish, implement and maintain verification activities. The verification planning shall define purpose, methods, frequencies and responsibilities for the verification activities.<br>The verification activities shall confirm that:<br>a) the PRP(s) are implemented and effective;<br>b) the hazard control plan is implemented and effective;<br>c) hazard levels are within identified acceptable levels;<br>d) input to the hazard analysis is updated;<br>e) other actions determined by the organization are implemented and effective.<br>The organization shall ensure that verification activities are not carried out by the person responsible for monitoring the same activities.<br>Verification results shall be retained as documented information and shall be communicated.<br>Where verification is based on testing of end product samples or direct process samples and where such test samples show nonconformity with the acceptable level of the food safety hazard (see 8.5.2.2), the organization shall handle the affected lot(s) of product as potentially unsafe (see 8.9.4.3) and apply corrective actions in accordance with 8.9.3.

8.8.2 Analysis of results of verification activities<br>The food safety team shall conduct an analysis of the results of verification that shall be used as an input to the performance evaluation of the FSMS (see 9.1.2).

8.9 Control of product and process nonconformities<br>8.9.1 General<br>The organization shall ensure that data derived from the monitoring of OPRPs and at CCPs are evaluated by designated persons who are competent and have the authority to initiate corrections and corrective actions.

8.9.2 Corrections<br>8.9.2.1 The organization shall ensure that when critical limits at CCP(s) and/or action criteria for OPRPs are not met, the products affected are identified and controlled with regard to their use and release.<br>The organization shall establish, maintain and update documented information that includes:<br>a) a method of identification, assessment and correction for affected products to ensure their proper handling;<br>b) arrangements for review of the corrections carried out.

8.9.2.2 When critical limits at CCPs are not met, affected products shall be identified and handled as potentially unsafe products (see 8.9.4).

8.9.2.3 Where action criteria for an OPRP are not met, the following shall be carried out:<br>a) determination of the consequences of that failure with respect to food safety;<br>b) determination of the cause(s) of failure;<br>c) identification of the affected products and handling in accordance with 8.9.4.<br>The organization shall retain results of the evaluation as documented information.

8.9.2.4 Documented information shall be retained to describe corrections made on nonconforming products and processes, including:<br>a) the nature of the nonconformity;<br>b) the cause(s) of the failure;<br>c) the consequences as a result of the nonconformity.

8.9.3 Corrective actions<br>The need for corrective actions shall be evaluated when critical limits at CCP(s) and/or action criteria for OPRPs are not met.<br>The organization shall establish and maintain documented information that specifies appropriate actions to identify and eliminate the cause of detected nonconformities, to prevent recurrence, and to return the process to control after a nonconformity is identified.<br>These actions shall include:<br>a) reviewing nonconformities identified by customer and/or consumer complaints and/or regulatory inspection reports;<br>b) reviewing trends in monitoring results that can indicate loss of control;<br>c) determining the cause(s) of nonconformities;<br>d) determining and implementing actions to ensure that nonconformities do not recur;<br>e) documenting the results of corrective actions taken;<br>f) verifying corrective actions taken to ensure that they are effective.<br>The organization shall retain documented information on all corrective actions.

8.9.4 Handling of potentially unsafe products<br>8.9.4.1 General<br>The organization shall take action(s) to prevent potentially unsafe products from entering the food chain, unless it can demonstrate that:<br>a) the food safety hazard(s) of concern is (are) reduced to the defined acceptable levels;<br>b) the food safety hazard(s) of concern will be reduced to identified acceptable levels prior to entering the food chain; or<br>c) the product still meets the defined acceptable level(s) of the food safety hazard(s) of concern despite the nonconformity.<br>The organization shall retain products that have been identified as potentially unsafe under its control until the products have been evaluated and the disposition has been determined.<br>If products that have left the control of the organization are subsequently determined to be unsafe, the organization shall notify relevant interested parties and initiate a withdrawal/recall (see 8.9.5).<br>The controls and related responses from relevant interested parties and authorization for dealing with potentially unsafe products shall be retained as documented information.

8.9.4.2 Evaluation for release<br>Each lot of products affected by the nonconformity shall be evaluated.<br>Products affected by failure to remain within critical limits at CCPs shall not be released, but shall be handled in accordance with 8.9.4.3.<br>Products affected by failure to meet action criterion for OPRPs shall only be released as safe when any of the following conditions apply:<br>a) evidence other than the monitoring system demonstrates that the control measures have been effective;<br>b) evidence shows that the combined effect of the control measures for that particular product conforms to the performance intended (i.e. identified acceptable levels);<br>c) the results of sampling, analysis and/or other verification activities demonstrate that the affected products conform to the identified acceptable levels for the food safety hazard(s) concerned.<br>Results of evaluation for release of products shall be retained as documented information.

8.9.4.3 Disposition of nonconforming products<br>Products that are not acceptable for release shall be:<br>a) reprocessed or further processed within or outside the organization to ensure that the food safety hazard is reduced to acceptable levels; or<br>b) redirected for other use as long as food safety in the food chain is not affected; or<br>c) destroyed and/or disposed as waste.<br>Documented information on the disposition of nonconforming products, including the identification of the person(s) with approving authority shall be retained.

8.9.5 Withdrawal/recall<br>The organization shall be able to ensure the timely withdrawal/recall of lots of end products that have been identified as potentially unsafe, by appointing competent person(s) having the authority to initiate and carry out the withdrawal/recall.<br>The organization shall establish and maintain documented information for:<br>a) notifying relevant interested parties (e.g. statutory and regulatory authorities, customers and/or consumers);<br>b) handling withdrawn/recalled products as well as products still in stock;<br>c) performing the sequence of actions to be taken.<br>Withdrawn/recalled products and end products still in stock shall be secured or held under the control of the organization until they are managed in accordance with 8.9.4.3.<br>The cause, extent and result of a withdrawal/recall shall be retained as documented information and reported to the top management as input for the management review (see 9.3).<br>The organization shall verify the implementation and effectiveness of withdrawals/recalls through the use of appropriate techniques (e.g. mock withdrawal/recall or practice withdrawal/recall) and retain documented information.

<br>9.1 Monitoring, measurement, analysis and evaluation<br>9.1.1 General<br>The organization shall determine:<br>a) what needs to be monitored and measured;<br>b) the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results;<br>c) when the monitoring and measuring shall be performed;<br>d) when the results from monitoring and measurement shall be analysed and evaluated;<br>e) who shall analyse and evaluate the results from monitoring and measurement.<br>The organization shall retain appropriate documented information as evidence of the results.<br>The organization shall evaluate the performance and the effectiveness of the FSMS.

9.1.2 Analysis and evaluation<br>The organization shall analyse and evaluate appropriate data and information arising from monitoring and measurement, including the results of verification activities related to PRPs and the hazard control plan (see 8.8 and 8.5.4), the internal audits (see 9.2) and external audits.<br>The analysis shall be carried out:<br>a) to confirm that the overall performance of the system meets the planned arrangements and the FSMS requirements established by the organization;<br>b) to identify the need for updating or improving the FSMS;<br>c) to identify trends which indicate a higher incidence of potentially unsafe products or process failures;<br>d) to establish information for planning of the internal audit programme related to the status and importance of areas to be audited;<br>e) to provide evidence that corrections and corrective actions are effective.<br>The results of the analysis and the resulting activities shall be retained as documented information. The results shall be reported to top management and used as input to the management review (see 9.3) and the updating of the FSMS (see 10.3).<br>NOTE Methods to analyse data can include statistical techniques.

9.2 Internal audit<br>9.2.1 The organization shall conduct internal audits at planned intervals to provide information on whether the FSMS:<br>a) conforms to:<br>1) the organization’s own requirements for its FSMS;<br>2) the requirements of this document;<br>b) is effectively implemented and maintained.

9.2.2 The organization shall:<br>a) plan, establish, implement and maintain (an) audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the importance of the processes concerned, changes in the FSMS, and the results of monitoring, measurement and previous audits;<br>b) define the audit criteria and scope for each audit;<br>c) select competent auditors and conduct audits to ensure objectivity and the impartiality of the audit process;<br>d) ensure that the results of the audits are reported to the food safety team and relevant management;<br>e) retain documented information as evidence of the implementation of the audit programme and the audit results;<br>f) make the necessary correction and take the necessary corrective action within the agreed time frame;<br>g) determine if the FSMS meets the intent of the food safety policy (see 5.2) and objectives of the FSMS (see 6.2).<br>Follow-up activities by the organization shall include the verification of the actions taken and the reporting of the verification results.<br>NOTE ISO 19011 provides guidelines for auditing management systems.

9.3 Management review<br>9.3.1 General<br>Top management shall review the organization’s FSMS, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness.

9.3.2 Management review input<br>The management review shall consider:<br>a) the status of actions from previous management reviews;<br>b) changes in external and internal issues that are relevant to the FSMS, including changes in the organization and its context (see 4.1);<br>c) information on the performance and the effectiveness of the FSMS, including trends in:<br>1) result(s) of system updating activities (see 4.4 and 10.3);<br>2) monitoring and measurement results;<br>3) analysis of the results of verification activities related to PRPs and the hazard control plan (see 8.8.2);<br>4) nonconformities and corrective actions;<br>5) audit results (internal and external);<br>6) inspections (e.g. regulatory, customer);<br>7) the performance of external providers;<br>8) the review of risks and opportunities and of the effectiveness of actions taken to address them (see 6.1);<br>9) the extent to which objectives of the FSMS have been met;<br>d) the adequacy of resources;<br>e) any emergency situation, incident (see 8.4.2) or withdrawal/recall (see 8.9.5) that occurred;<br>f) relevant information obtained through external (see 7.4.2) and internal (see 7.4.3) communication, including requests and complaints from interested parties;<br>g) opportunities for continual improvement.<br>The data shall be presented in a manner that enables top management to relate the information to stated objectives of the FSMS.

9.3.3 Management review output<br>The outputs of the management review shall include:<br>a) decisions and actions related to continual improvement opportunities;<br>b) any need for updates and changes to the FSMS, including resource needs and revision of the food safety policy and objectives of the FSMS.<br>The organization shall retain documented information as evidence of the results of management reviews.

10.1 Nonconformity and corrective action<br>10.1.1 When a nonconformity occurs, the organization shall:<br>a) react to the nonconformity and, as applicable:<br>1) take action to control and correct it;<br>2) deal with the consequences;<br>b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by:<br>1) reviewing the nonconformity;<br>2) determining the causes of the nonconformity;<br>3) determining if similar nonconformities exist, or could potentially occur;<br>c) implement any action needed;<br>d) review the effectiveness of any corrective action taken;<br>e) make changes to the FSMS, if necessary.<br>Corrective actions shall be appropriate to the effects of the nonconformities encountered.

10.1.2 The organization shall retain documented information as evidence of:<br>a) the nature of the nonconformities and any subsequent actions taken;<br>b) the results of any corrective action.

10.2 Continual improvement<br>The organization shall continually improve the suitability, adequacy and effectiveness of the FSMS.<br>Top management shall ensure that the organization continually improves the effectiveness of the FSMS through the use of communication (see 7.4), management review (see 9.3), internal audit (see 9.2), analysis of results of verification activities (see 8.8.2), validation of control measure(s) and combination(s) of control measure(s) (see 8.5.3), corrective actions (see 8.9.3) and FSMS updating (see 10.3).

10.3 Update of the food safety management system<br>Top management shall ensure that the FSMS is continually updated. To achieve this, the food safety team shall evaluate the FSMS at planned intervals. The team shall consider whether it is necessary to review the hazard analysis (see 8.5.2), the established hazard control plan (see 8.5.4) and the established PRPs (see 8.2). The updating activities shall be based on:<br>a) input from communication, external as well as internal (see 7.4);<br>b) input from other information concerning the suitability, adequacy and effectiveness of the FSMS;<br>c) output from the analysis of results of verification activities (see 9.1.2);<br>d) output from management review (see 9.3).<br>System updating activities shall be retained as documented information and reported as input to the management review (see 9.3).

Food Safety Policy

Hazard Control Plan

FSMS or Management Manual

Procedures

Food Safety Improvement Plan (monitoring food safety objectives and targets)

Food Defence Plan

Food Fraud Mitigation Plan

Emergency Plan

Allergen Management Plan

Records for OPRP & CCP monitoring

Registers for nonconformances and corrective action

Environmental Monitoring Plan.

2.5.1 MANAGEMENT OF SERVICES AND PURCHASED MATERIALS a) In addition to clause 7.1.6 of ISO 22000:2018, the organization shall ensure that where laboratory analysis services are used for the verification and/or validation of food safety, these shall be conducted by a competent laboratory (including both internal and external laboratories as applicable) that has the capability to produce precise and repeatable test results using validated test methods and best practices (e.g. successful participation in proficiency testing programs, regulatory approved programs or accreditation to international standards such as ISO 17025). <br> b) For food chain categories C, D, I, G and K, the following additional requirement applies to ISO 22000:2018 clause 7.1.6: The organization shall have a documented procedure for procurement in emergency situations to ensure that products still conform to specified requirements and the supplier has been evaluated. <br> c) In addition to ISO/TS 22002-1:2009 clause 9.2, the organization shall have a policy for the procurement of animals, fish and seafood that are subject to control of prohibited substances (e.g. pharmaceuticals, veterinary medicines, heavy metals and pesticides); <br> d) For food chain categories C, D, I, G and K, the following additional requirement applies to ISO/TS 22002-1 clause 9.2; ISO/TS 22002-4 clause 4.6 and ISO/TS 22002-5 clause 4: The organization shall establish, implement and maintain a review process for product specifications to ensure continued compliance with food safety, legal and customer requirements.

2.5.2 PRODUCT LABELLING In addition to clause 8.5.1.3 of ISO 22000:2018, the organization shall ensure that finished products are labelled according to all applicable statutory and regulatory requirements in the country of intended sale, including allergen and customer specific requirements. Where product is unlabelled, all relevant product information shall be made available to ensure the safe use of the food by the customer or consumer.

2.5.3 FOOD DEFENSE <br> 2.5.3.1 THREAT ASSESSMENT The organization shall have a documented procedure in place to: a) Conduct a threat assessment to identify and assess potential threats; b) Develop and implement mitigation measures for significant threats.

2.5.3.2 PLAN a) The organization shall have a documented food defense plan specifying the mitigation measures covering the processes and products within the FSMS scope of the organization. b) The food defense plan shall be supported by the organization’s FSMS. c) The plan shall comply with applicable legislation and be kept up-to-date.

2.5.4 FOOD FRAUD MITIGATION 2.5.4 2.5.4.1 VULNERABILITY ASSESSMENT The organization shall have a documented procedure in place to: a) Conduct a food fraud vulnerability assessment to identify and assess potential vulnerabilities; b) Develop and implement mitigation measures for significant vulnerabilities.

2.5.4.2 PLAN a) The organization shall have a documented food fraud mitigation plan specifying the mitigation measures covering the processes and products within the FSMS scope of the organization. b) The food fraud mitigation plan shall be supported by the organization’s FSMS. c) The plan shall comply with the applicable legislation and be kept up-to-date.

2.5.5 LOGO USE a) Certified organizations, Certification Bodies and Training Organizations shall use the FSSC 22000 logo only for marketing activities such as organization's printed matter, website and another promotional material. b) In case of using the logo the organization shall comply with the following specifications: Use of the logo in black and white is permitted when all other text and images are in black and white. c) The certified organization is not allowed to use the FSSC 22000 logo, any statement or make reference to its certified status on: i. a product; ii. its labelling; iii. its packaging (primary, secondary or any other form); iv. in any other manner that implies FSSC 22000 approves a product, process or service.

2.5.6 MANAGEMENT OF ALLERGENS (FOOD CHAIN CATEGORIES C, E, FI, G, I & K) The organization shall have a documented allergen management plan that includes: a) Risk assessment covering all potential sources of allergen cross-contamination and; b) Control measures to reduce or eliminate the risk of cross-contamination

2.5.7 ENVIRONMENTAL MONITORING (FOOD CHAIN CATEGORIES C, I & K) The organization shall have in place: a) Risk-based environmental monitoring program; b) Documented procedure for the evaluation of the effectiveness of all controls on preventing contamination from the manufacturing environment and this shall include, at a minimum, the evaluation of microbiological and allergen controls present; c) Data of the monitoring activities including regular trend analysis.

2.5.10 STORAGE AND WAREHOUSING (ALL FOOD CHAIN CATEGORIES) a) The organization shall establish, implement and maintain a procedure and specified stock rotation system that includes FEFO principles in conjunction with the FIFO requirements. b) In addition to ISO/TS 22002-1:2009 clause 16.2, the organization shall have specified requirements in place that define post-slaughter time and temperature in relation with chilling or freezing of the products.

2.5.11 HAZARD CONTROL AND MEASURES FOR PREVENTING CROSSCONTAMINATION (FOOD CHAIN CATEGORIES C & I) a) For food chain category I, the following additional requirement applies to ISO 22000:2018 clause 8.5.1.3: • The organization shall have specified requirements in place in case packaging is used to impart or provide a functional effect on food (e.g. shelf life extension). b) For food chain category CI, the following requirement apply in addition to ISO/TS 22002-1:2009 clause 10.1: • The organization shall have specified requirements for an inspection process at lairage and/or at evisceration to ensure animals are fit for human consumption;

2.5.12 PRP VERIFICATION (FOOD CHAIN CATEGORIES C, D, G, I & K) For food chain categories C, D, G, I and K, the following additional requirement applies to ISO22000: 2018 clause 8.8.1: • The organization shall establish, implement and maintain routine (e.g. monthly) site inspections/PRP checks to verify that the site (internal and external), production environment and processing equipment are maintained in a suitable condition to ensure food safety. The frequency and content of the site inspections/PRP checks shall be based on risk w

2.5.13 PRODUCT DEVELOPMENT (FOOD CHAIN CATEGORIES C, D, E, F, I & K) A product design and development procedure shall be established, implemented and maintained for new products and changes to product or manufacturing processes to ensure safe and legal products are produced. This shall include the following: a) Evaluation of the impact of the change on the FSMS taking into account any new food safety hazards (incl. allergens) introduced and updating the hazard analysis accordingly b) Consideration of the impact on the process flow for the new product and existing products and processes c) Resource and training needs d) Equipment and maintenance requirements e) The need to conduct production and shelf-life trials to validate product formulation and processes a

2.5.15.2 - Internal Audit Requirements a) An internal audit procedure and program shall be established by the central function covering the management system, central function and all sites. Internal auditors shall be independent from the areas they audit and be assigned by the central function to ensure impartiality at site level. b) The management system, centralised function and all sites shall be audited at least annually or more frequently based on a risk assessment. c) Internal auditors shall meet at least the following requirements and this shall be assessed by the CB annually as part of the audit: Work experience: 2 years’ full time work experience in the food industry including at least 1 year in the organization. Education: completion of a higher education course or in the absence of a formal course, have at least 5 years work experience in the food production or manufacturing, transport and storage, retailing, inspection or enforcement areas. Training: i. For FSSC 22000 internal audits, the lead auditor shall have successfully completed a FSMS, QMS or FSSC 22000 Lead Auditor Course of 40 hours. ii. Other auditors in the internal audit team shall have successfully completed an internal auditor course of 16 hours covering audit principles, practices and techniques. The training may be provided by the qualified internal Lead Auditor or through an external training provider. iii. FSSC scheme training covering at least ISO 22000, the relevant prerequisite programs based on the technical specification for the sector (e.g. ISO/TS 22002x; PAS-xyz) and the FSSC additional requirements – minimum 8 hours. d) Internal audit reports shall be subject to a technical review by the central function, including addressing the non-conformities resulting from the internal audit. Technical reviewers shall be impartial, have the ability to interpret and apply the FSSC normative documents (at least ISO 22000, the relevant ISO/TS 22002-x; PAS-xyz and the FSSC additional requirements) and have knowledge of the organizations processes and systems. e) Internal auditors and technical reviewers shall be subject to annual performance monitoring and calibration. Any follow-up actions identified shall be suitably actioned in a timely and appropriate manner by the Central function.