Everyday Food Safety
ISO 22000:2018 Food Safety Management System – Each Clause Explained
Many small food business owners hear the words ISO 22000 certification and immediately think:
“This sounds complicated and only for large factories.”
In reality, ISO 22000 asks a food business to establish a structured system to ensure food safety every single day.
Think of it as a roadmap that helps you organize your food safety practices.
Instead of relying on memory or guesswork, ISO 22000 ensures that:
- Food safety responsibilities are clear
- Risks are identified early
- Procedures are effective, documented, and followed consistently
- Records prove that food safety controls are working
Let’s walk through each clause in simple terms and understand what they mean for your food business.
Clause 4 – Context of the Organization
(Understanding your food business and its environment)
Before implementing a food safety system, ISO 22000 asks a very basic question:
“What does your food business look like?”
Every food business operates in a different environment. A small bakery, a restaurant, and a large food factory face different food safety risks.
Therefore, this clause requires you to understand:
- What products do you produce
- Who your customers are
- What regulations apply to you
- What internal and external factors may affect food safety
A small bakery may face risks such as:
- Poor supplier quality of flour
- Improper storage temperature for dairy ingredients
- Staff hygiene issues
Meanwhile, a food manufacturer may worry about:
- Equipment sanitation
- Allergen cross-contamination
- Packaging contamination
ISO 22000 encourages businesses to analyze these factors before designing their food safety system.
You must also define the scope of your Food Safety Management System (FSMS). This means clearly stating:
- What products are covered
- What processes are included
- What locations are involved
For example:
“Production and packaging of baked goods at ABC Bakery facility.”
This scope helps auditors and regulators understand where your food safety system applies.
Records and Documents as Evidence
- FSMS Scope Document
- Internal and External Issues Analysis
- List of Interested Parties (customers, regulators, suppliers)
- Food Safety Policy Statement
Clause 5 – Leadership
(Management must lead food safety efforts)
One of the most important ideas in ISO 22000 is this:
Food safety cannot be delegated entirely to the quality department.
Top management must actively support it.
Why?
Food safety decisions often involve resources, staffing, and company priorities.
For example:
If a sanitation team lacks proper cleaning chemicals, management must approve the purchase.
If equipment is outdated and causing contamination risks, management must decide whether to repair or replace it.
This clause requires management to:
- Establish a food safety policy
- Ensure food safety objectives are set
- Provide adequate resources
- Support the food safety team
Management must also appoint a Food Safety Team Leader who coordinates the implementation of the FSMS.
In small businesses, this role is often handled by the quality manager, food technologist, or even the owner.
Leadership involvement also helps build a strong food safety culture. Employees are more likely to follow food safety rules when they see management taking them seriously.
Records and Documents as Evidence
- Food Safety Policy
- Organization Chart
- Job Descriptions and Responsibilities
- Appointment Letter for Food Safety Team
- Management Commitment Records
Clause 6 – Planning
(Preparing for risks before they become problems)
Food businesses face many uncertainties.
For example:
- Supplier quality may change
- Equipment may break down
- New regulations may appear
- Customer complaints may increase
- Supply Chain may be disrupted by unforeseen events such as war, natural disasters, or conflicts among people.
Clause 6 requires companies to anticipate risks and opportunities before they affect food safety.
Instead of reacting after a problem happens, ISO 22000 encourages businesses to plan.
For instance:
If a supplier occasionally delivers poor-quality ingredients, the company may:
- Implement stricter supplier evaluation
- Require certificates of analysis
- Perform additional incoming inspections
Businesses must also establish food safety objectives. These objectives should be measurable and realistic.
Examples:
- Reduce customer complaints by 20%
- Achieve 100% completion of sanitation verification
- Improve staff food safety training compliance
Planning also includes creating action plans to address risks.
Records and Documents as Evidence
- Risk and Opportunity Assessment
- Food Safety Objectives
- Action Plans
- FSMS Planning Records
Clause 7 – Support
(Ensuring people, resources, and systems are ready)
Even the best food safety system will fail if employees do not understand their responsibilities.
Clause 7 focuses on providing the support needed for the FSMS to function effectively.
This includes:
Employee Competence and Training
Workers must understand:
- personal hygiene rules
- cleaning procedures
- contamination risks
- proper handling of food products
Training should not happen only once. Employees must receive regular refresher training.
Infrastructure and Equipment
The company must maintain:
- production equipment
- temperature monitoring devices
- storage facilities
Poorly maintained equipment can lead to contamination.
Communication
Food safety information must flow effectively between:
- employees
- suppliers
- customers
- regulatory authorities
For example, if a supplier changes an ingredient formulation, the company must evaluate whether it affects food safety.
Document Control
ISO 22000 also requires controlled documents and records. This ensures that employees always follow the latest approved procedures.
Records and Documents as Evidence
- Training Records
- Competency Evaluation Forms
- Equipment Maintenance Logs
- Calibration Records
- Document Control Procedure
- Internal Communication Records
Clause 8 – Operation
(The core of food safety management)
Clause 8 is the largest and most important section of ISO 22000.
This clause focuses on how a business identifies, controls, and monitors food safety hazards.
The process usually begins with hazard analysis.
Hazards can be:
Biological hazards
- bacteria
- viruses
- parasites
Chemical hazards
- cleaning chemical residues
- allergens
- pesticide contamination
Physical hazards
- metal fragments
- glass pieces
- plastic fragments
Once hazards are identified, the business establishes control measures.
These controls usually fall into three categories:
PRPs – Prerequisite Programs
Basic hygiene practices that support food safety.
Examples:
- cleaning and sanitation
- pest control
- personal hygiene
- equipment maintenance
OPRPs – Operational PRPs
Operational controls that reduce significant hazards but are not considered CCPs.
Examples:
- metal detection
- allergen control
- supplier inspection
CCPs – Critical Control Points
Steps where loss of control could cause serious food safety risks.
Examples:
- cooking temperature
- pasteurization
- sterilization
Each CCP requires:
- critical limits
- monitoring procedures
- corrective actions
- verification activities
ISO 22000 also requires traceability and recall systems. If unsafe food reaches the market, the company must be able to identify and withdraw the product quickly.
Records and Documents as Evidence
- Hazard Analysis Worksheet
- HACCP Plan
- Process Flow Diagram
- PRP Programs
- CCP Monitoring Logs
- Corrective Action Reports
- Supplier Evaluation Records
- Product Traceability Records
- Mock Recall Reports
Clause 9 – Performance Evaluation
(Checking whether the food safety system actually works)
Implementing procedures is not enough.
Businesses must regularly evaluate whether their Food Safety Management System is effective.
This clause requires several monitoring activities.
Internal Audits
Internal audits help verify whether procedures are being followed correctly.
Audits identify gaps such as:
- incomplete records
- incorrect procedures
- employee non-compliance
Management Review
Top management must review the FSMS periodically to assess:
- audit results
- customer complaints
- system performance
- improvement opportunities
These reviews help management make strategic decisions to improve food safety.
Records and Documents as Evidence
- Internal Audit Plan
- Internal Audit Reports
- Management Review Minutes
- KPI Monitoring Reports
- Verification Records
Clause 10 – Improvement
(Learning from mistakes and improving continuously)
No food safety system is perfect.
Mistakes can happen.
However, ISO 22000 requires businesses to learn from problems and prevent them from happening again.
When a nonconformity occurs, the company must:
- Identify the problem
- Investigate the root cause
- Implement corrective action
- Monitor whether the solution works
For example:
If contaminated products were detected, the company should investigate:
- whether sanitation procedures were followed
- whether the equipment malfunctioned
- whether staff training was insufficient
This approach helps prevent repeated food safety incidents.
Continuous improvement also encourages companies to strengthen their processes continually.
Records and Documents as Evidence
- Nonconformity Reports
- Corrective Action Reports
- Root Cause Analysis
- Continuous Improvement Records
Practical Advice for Small Food Businesses
Many small businesses worry about ISO 22000 documentation.
But remember this:
ISO auditors usually look for clear, logical evidence.
They want to see:
- What are your procedures?
- Who performs them
- What records prove these procedures were followed
You do not need complicated paperwork.
Even simple checklists, logs, and forms can satisfy ISO requirements as long as they are consistent and accurate.
External Reference
International Organization for Standardization (ISO). https://www.iso.org/standard/65464.html
Internal Reference:
