Some (Earlier) Auditorial Guidelines on ISO 22000
Started by Charles.C, May 25 2009 06:47 AM
Dear All,
These are 2 documents from my archives giving some auditor viewpoints on the ISO22000 standard. As indicated they go back a few years so some opinions may hv changed somewhat.
The first one looks at the entire standard in relatively condensed fashion. Second one is considerably more detailed but limited to selections from first half of standard.
Thought they might be of some interest to newcomers to the genre / maze.
Auditorial_Interpretation_of_ISO_22000_standard__approx._2005_.doc 69.5KB
1157 downloads
Auditorial_interpretation_of_some_sections_ISO_22000__approx_2007___ver3a.doc 111.5KB
999 downloads
Rgds / Charles.C
6 Thanks
Required Food Safety Training for Employees Under FSSC 22000
FSSC 22000 Implementation but have non-food Products
Is FSSC 22000 (Cat G) certification transferrable if facility moves to a new location after getting initial certification?
FSSC publishes Version 6 of the FSSC 22000 scheme
FSSC 22000 - 2.5.10 Transport Storage and Warehousing
[Ad]
thanks for the great doc. charles
Very well organized and detailed description!!!Really helpfull charles!
Thanks a lot!!
Thanks a lot!!
Not read all the text Charles but gave it a good scan over and the documents look like they will be helpful in the never ending clarifications on ISO 22000.
Nice find and thanks for posting.
Regards,
Simon
Nice find and thanks for posting.
Regards,
Simon
That's Charles C. for you...
thanks for the great doc. charles, but the second doc does not contain what I need for: clause 7.4.4
some auditors admit the old fashioned frequency x gravity + decision tree approach (as in the Codex), others don't
I find some very nice (new 22k conform - http://www.ifsqn.com...showtopic=9053) approach in this forum some time ago and adopted it successfully (thanks), but I need your opinion too
Regards,
kox
some auditors admit the old fashioned frequency x gravity + decision tree approach (as in the Codex), others don't
I find some very nice (new 22k conform - http://www.ifsqn.com...showtopic=9053) approach in this forum some time ago and adopted it successfully (thanks), but I need your opinion too
Regards,
kox
Dear kox,
Thks yr comments. My guess is that the authors of my posted attachment also found 7.4.4 hard to generalise.
Can you be slightly more specific as what you seek an opinion on ? Do you mean regarding something within the already posted material here or the currently “typical” auditor expectations as experienced by people during audits or ?? It might also help if you could post yr current methodology so any responses will be better oriented ?
Rgds / Charles.C
Thks yr comments. My guess is that the authors of my posted attachment also found 7.4.4 hard to generalise.
Can you be slightly more specific as what you seek an opinion on ? Do you mean regarding something within the already posted material here or the currently “typical” auditor expectations as experienced by people during audits or ?? It might also help if you could post yr current methodology so any responses will be better oriented ?
Rgds / Charles.C
I totally agree with you about hard to generalize 7.4.4., and just this what I seeking - a "clearer" approach of the assessment of the control measures.
I do that already, but I need to understand the thinking of the auditors too - why on of them admitted the Codex, the second don't
two years ago we was certified on the Codex based decision tree.
last year I was billed by an other auditor, because that not comply with standard (witch I agree a bit) and I adopted Bennii's methodology and I hope to be good for this year's audit
I just read S.U.Siddiqu's methodology too, and that even looks simplier but I don't change my docs again :)
I do that already, but I need to understand the thinking of the auditors too - why on of them admitted the Codex, the second don't
two years ago we was certified on the Codex based decision tree.
last year I was billed by an other auditor, because that not comply with standard (witch I agree a bit) and I adopted Bennii's methodology and I hope to be good for this year's audit
I just read S.U.Siddiqu's methodology too, and that even looks simplier but I don't change my docs again :)
Dear kox,
I think you should have got some explanation from the auditor as to the reason for his not agreeing with yr plan structure (especially since you are paying him/her for the privilege). Of course, you might not have agreed with the answer.
I should note that I don’t use ISO 22000 myself so this is something of a theoretical opinion and I am certain the practical scenario will exhibit some differences. I hope other certified users of the standard will offer their actual experiences.
With respect to a HACCP analysis the use of a decision tree seems not specifically disallowed (eg 7.4.3, 2nd para) but the inclusion of additional data to that typically shown such as probability of occurrence and severity is suggested (couldn’t see a “shall” or “required”, only a “should” in 22004) (eg 7.4.3, para2; 22004/7.4.3.b/c)
Similarly, the inclusion of a risk matrix is not mandated anywhere as far as I can see. So it seems that basic options are left open IMO.
AFAIK, the only general, readily available, “official”, in-depth, practical discussions of the new “HACCP-related features” in the 22000 standard as compared to, for example, traditional Codex HACCP are in (a) ISO 22004, (b) Didier Blanc’s well known paper and © on the Procert website. Published books may contain more info perhaps ?
The above (a-c) demonstrate that iso 22000 modifies the standard Codex HACCP chain leading to a CCP determination. This change particularly relates (but not only) to the increased focus on control measures and then to the introduction/selection of oprps. Frankly, I don’t yet entirely see much benefit has been demonstrated as resulting from the use of oprps although I can admire the increased attention towards the control measures. If you accept the info in (a-c) it seems to me to force a stepwise procedure similar to Bennii’s. If so, the standard HACCP-type analysis which goes directly to CCPs is obviously changed.This presumably also has a (negative) effect on the use of the standard Codex decision tree.
So, for the HACCP portion, ISO 22000 gives the addition of an increased awareness / reorientation towards control measures and the use of oprps. It seems to me to unfortunately also diminish the importance and the selective simplicity (but not always admittedly!) of the HACCP concept of the CCP. I’m not yet convinced of a net benefit in this change. Of course there are many other benefits of the standard, I'm only looking at the HACCP portion.
If any certified users (or others) of ISO 22000 have opinions / experiences on the above, feel free to comment. Maybe I have completely misunderstood the standard, anything’s possible.
Also, maybe the ISO revision committee are watching.
Rgds / Charles.C
Addded – some time back, an auditor posted his interpretation on this topic which included –
I don’t understand the ** opening logic but (13) suggests that the Codex Decision Tree was accepted as equivalent to section 7.4.4 . This seems difficult to me but I believe a tree-type (non-Codex) presentation did appear in a draft version of the 22000 standard. A possible related approach is also “hinted” at in ISO 22004 (last 4 paras of 7.4.4) Perhaps this is similar to what you were doing previously ? If so, maybe your auditor has now decided the methodology was not rigorous enough (= continual improvement
I do that already, but I need to understand the thinking of the auditors too - why on of them admitted the Codex, the second don't dunno.gif
I think you should have got some explanation from the auditor as to the reason for his not agreeing with yr plan structure (especially since you are paying him/her for the privilege). Of course, you might not have agreed with the answer.
I should note that I don’t use ISO 22000 myself so this is something of a theoretical opinion and I am certain the practical scenario will exhibit some differences. I hope other certified users of the standard will offer their actual experiences.
With respect to a HACCP analysis the use of a decision tree seems not specifically disallowed (eg 7.4.3, 2nd para) but the inclusion of additional data to that typically shown such as probability of occurrence and severity is suggested (couldn’t see a “shall” or “required”, only a “should” in 22004) (eg 7.4.3, para2; 22004/7.4.3.b/c)
Similarly, the inclusion of a risk matrix is not mandated anywhere as far as I can see. So it seems that basic options are left open IMO.
AFAIK, the only general, readily available, “official”, in-depth, practical discussions of the new “HACCP-related features” in the 22000 standard as compared to, for example, traditional Codex HACCP are in (a) ISO 22004, (b) Didier Blanc’s well known paper and © on the Procert website. Published books may contain more info perhaps ?
The above (a-c) demonstrate that iso 22000 modifies the standard Codex HACCP chain leading to a CCP determination. This change particularly relates (but not only) to the increased focus on control measures and then to the introduction/selection of oprps. Frankly, I don’t yet entirely see much benefit has been demonstrated as resulting from the use of oprps although I can admire the increased attention towards the control measures. If you accept the info in (a-c) it seems to me to force a stepwise procedure similar to Bennii’s. If so, the standard HACCP-type analysis which goes directly to CCPs is obviously changed.This presumably also has a (negative) effect on the use of the standard Codex decision tree.
So, for the HACCP portion, ISO 22000 gives the addition of an increased awareness / reorientation towards control measures and the use of oprps. It seems to me to unfortunately also diminish the importance and the selective simplicity (but not always admittedly!) of the HACCP concept of the CCP. I’m not yet convinced of a net benefit in this change. Of course there are many other benefits of the standard, I'm only looking at the HACCP portion.
If any certified users (or others) of ISO 22000 have opinions / experiences on the above, feel free to comment. Maybe I have completely misunderstood the standard, anything’s possible.
Also, maybe the ISO revision committee are watching.
Rgds / Charles.C
Addded – some time back, an auditor posted his interpretation on this topic which included –
10. They need to establish what level of risk is acceptable.
11. Once they know the level of acceptable risk they must address all hazards which are over that level.
12. This can be done by either Operational Pre-Requisite Programmes (oPRPs) OR by establishing a HACCP Plan.**
13. They must select the control measures to address the hazard using a defined methodology (normally the Codex decision tree) - this decision methodology must be repeatable and the record available to show it was followed.
**An oPRP is where there is no defined critical limit OR where there is a CCP further along the Production line. EG: a sausage maker has 3 metal detection devices in the production line. The first 2 devices would be controlled by an oPRP because the third device is the 'critical' control
I don’t understand the ** opening logic but (13) suggests that the Codex Decision Tree was accepted as equivalent to section 7.4.4 . This seems difficult to me but I believe a tree-type (non-Codex) presentation did appear in a draft version of the 22000 standard. A possible related approach is also “hinted” at in ISO 22004 (last 4 paras of 7.4.4) Perhaps this is similar to what you were doing previously ? If so, maybe your auditor has now decided the methodology was not rigorous enough (= continual improvement
Dear Kox,
I'd like to share my experience as a certified company in 2006.
In order to asses the risks, we began by categorize the level of risk through the "frequency x severity" method. We determined a level to decide wether a risk was acceptable or not. Risks under that level are controlled by PPR.
For those control measures over the acceptable level, we decided wich were CCP through a decision tree that considered every single point of section 7.4.4. (its points a) to g) are nothing else but a translation of a decision tree). Measures resulting to be a CCP must be controlled by an HACCP plan, while the rest are to be managed through an operational PPR.
We've had no problem about this in our audits, but I also think it is important to be confident with your choices to explain them to an auditor.
Best regards. Carme.
I'd like to share my experience as a certified company in 2006.
In order to asses the risks, we began by categorize the level of risk through the "frequency x severity" method. We determined a level to decide wether a risk was acceptable or not. Risks under that level are controlled by PPR.
For those control measures over the acceptable level, we decided wich were CCP through a decision tree that considered every single point of section 7.4.4. (its points a) to g) are nothing else but a translation of a decision tree). Measures resulting to be a CCP must be controlled by an HACCP plan, while the rest are to be managed through an operational PPR.
We've had no problem about this in our audits, but I also think it is important to be confident with your choices to explain them to an auditor.
Best regards. Carme.
Dear Carme,
I completely missed yr post the first time around. Sorry. Thks yr input and welcome to the forum.
Yr procedure looks analogous to the Bennii method and I believe you that it can satisy the auditors since IMO, and just like (early?) HACCP, there are no specific expectations for this issue (at this time).
Personally, I am not too happy with the logic of the first stage, for example, I think that chlorination of factory water input is a typical prp for many people but it does not derive from the fact that it’s avoidance would be a low risk issue. In fact the opposite is often the case IMO but it does conform to the ISO interpretation of prp as a GMP type process. However, if the auditors like this approach, who am I to differ ?
Rgds / Charles.C
I completely missed yr post the first time around. Sorry. Thks yr input and welcome to the forum.
Yr procedure looks analogous to the Bennii method and I believe you that it can satisy the auditors since IMO, and just like (early?) HACCP, there are no specific expectations for this issue (at this time).
Personally, I am not too happy with the logic of the first stage, for example, I think that chlorination of factory water input is a typical prp for many people but it does not derive from the fact that it’s avoidance would be a low risk issue. In fact the opposite is often the case IMO but it does conform to the ISO interpretation of prp as a GMP type process. However, if the auditors like this approach, who am I to differ ?
Rgds / Charles.C
thank you
Thank you, pretty good detailed Guide.
Required Food Safety Training for Employees Under FSSC 22000
FSSC 22000 Implementation but have non-food Products
Is FSSC 22000 (Cat G) certification transferrable if facility moves to a new location after getting initial certification?
FSSC publishes Version 6 of the FSSC 22000 scheme
FSSC 22000 - 2.5.10 Transport Storage and Warehousing
Implementing an FSSC 22000 Version 6 Compliant Food Safety and Quality Management System
Implementing an FSSC 22000 Version 6 Compliant Food Safety and Quality Management System
FSSC 22000 Food Safety Management System for Food Manufacturers - Version 6
Preparation for FSSC 22000 Certification
FSSC 22000 Clause 2.5.1 - Management of Services and Purchased Materials