Dear kox,
I do that already, but I need to understand the thinking of the auditors too - why on of them admitted the Codex, the second don't dunno.gif
I think you should have got some explanation from the auditor as to the reason for his not agreeing with yr plan structure (especially since you are paying him/her for the privilege). Of course, you might not have agreed with the answer.
I should note that I don’t use ISO 22000 myself so this is something of a theoretical opinion and I am certain the practical scenario will exhibit some differences. I hope other certified users of the standard will offer their actual experiences.
With respect to a
HACCP analysis the use of a decision tree seems not specifically disallowed (eg 7.4.3, 2nd para) but the inclusion of additional data to that typically shown such as probability of occurrence and severity is suggested (couldn’t see a “shall” or “required”, only a “should” in 22004) (eg 7.4.3, para2; 22004/7.4.3.b/c)
Similarly, the inclusion of a risk matrix is not mandated anywhere as far as I can see. So it seems that basic options are left open IMO.
AFAIK, the only general, readily available, “official”, in-depth, practical discussions of the new “
HACCP-related features” in the 22000 standard as compared to, for example, traditional Codex
HACCP are in (a) ISO 22004, (b) Didier Blanc’s well known paper and © on the Procert website. Published books may contain more info perhaps ?
The above (a-c) demonstrate that iso 22000 modifies the standard Codex
HACCP chain leading to a
CCP determination. This change particularly relates (but not only) to the increased focus on control measures and then to the introduction/selection of oprps. Frankly, I don’t yet entirely see much benefit has been demonstrated as resulting from the use of oprps although I can admire the increased attention towards the control measures. If you accept the info in (a-c) it seems to me to force a stepwise procedure similar to Bennii’s. If so, the standard
HACCP-type analysis which goes directly to
CCPs is obviously changed.This presumably also has a (negative) effect on the use of the standard Codex decision tree.
So, for the
HACCP portion, ISO 22000 gives the addition of an increased awareness / reorientation towards control measures and the use of oprps. It seems to me to unfortunately also diminish the importance and the selective simplicity (but not always admittedly!) of the
HACCP concept of the
CCP. I’m not yet convinced of a net benefit in this change. Of course there are many other benefits of the standard, I'm only looking at the
HACCP portion.
If any certified users (or others) of ISO 22000 have opinions / experiences on the above, feel free to comment. Maybe I have completely misunderstood the standard, anything’s possible.
Also, maybe the ISO revision committee are watching.
Rgds / Charles.C
Addded – some time back, an auditor posted his interpretation on this topic which included –
10. They need to establish what level of risk is acceptable.
11. Once they know the level of acceptable risk they must address all hazards which are over that level.
12. This can be done by either Operational Pre-Requisite Programmes (oPRPs) OR by establishing a HACCP Plan.**
13. They must select the control measures to address the hazard using a defined methodology (normally the Codex decision tree) - this decision methodology must be repeatable and the record available to show it was followed.
**An oPRP is where there is no defined critical limit OR where there is a CCP further along the Production line. EG: a sausage maker has 3 metal detection devices in the production line. The first 2 devices would be controlled by an oPRP because the third device is the 'critical' control
I don’t understand the ** opening logic but (13) suggests that the Codex Decision Tree was accepted as equivalent to section 7.4.4 . This seems difficult to me but I believe a tree-type (non-Codex) presentation did appear in a draft version of the 22000 standard. A possible related approach is also “hinted” at in ISO 22004 (last 4 paras of 7.4.4) Perhaps this is similar to what you were doing previously ? If so, maybe your auditor has now decided the methodology was not rigorous enough (= continual improvement
).