Food Safety Magazine

PROCESS CONTROL | August/September 2008

Evolution of HACCP: A Natural Progression to ISO 22000

By Richard F. Stier and John G. Surak, Ph.D.

Evolution of HACCP: A Natural Progression to ISO 22000

September 1, 2008 marks the third anniversary of the ISO 22000 standard, "Food safety management systems—Requirements for any organization in the food chain." This auditable standard is the latest in the evolving food safety management system (FSMS) called HACCP or Hazard Analysis Critical Control Points. It is the first truly international FSMS standard.

The year 2009 marks the 50th anniversary of HACCP, which was developed jointly by NASA, the U. S. Army Natick Research Laboratories and The Pillsbury Company. Pillsbury further contributed to the knowledge of HACCP by developing the first HACCP manual and training the officials from the U. S. Food and Drug Administration back in 1973. The original HACCP system had only three principles:

• The identification and assessment of food hazards
• Documentation of critical control points to control identified hazards
• Establishment of a system to monitor the critical control points

Since the inception of HACCP, the basic goal of the system has never changed. However, there has been a slow evolution of HACCP, which helps ensure that food processors develop a strong and robust FSMS.

HACCP received a big boost in 1985 in a report issued by the National Academies of Sciences entitled, "An Evaluation of the Role of Microbiological Criteria for Foods and Ingredients." The report stated that HACCP "provides a more specific and critical approach to the control of microbiological hazards than that achievable by traditional inspection and quality control procedures." The report also concluded that testing of finished products was not an effective strategy to protest customers and assure that food was free of pathogens.

The United States National Advisory Committee on Microbiological Criteria for Foods (NACMCF) defined HACCP from the U.S. perspective. They published the first HACCP standard in 1989 and revised the standard in 1992 and 1997. During this time, the now familiar five preliminary steps and the prerequisite programs were added to the standard. With the addition of the prerequisite programs, the concept of a FSMS was born.

More recent discussions on HACCP have focused on redefining the concept of validation. Traditionally, validation has been described as part of the verification process and not as having an independent function in the FSMS.[1] The ISO 22000[2] writers recognized this difference and defined validation, verification and monitoring in the following way:

• Validation — "obtaining evidence that the control measures managed by the HACCP plan are capable of being effective."

• Verification — "confirmation, through the provision of objective evidence, that specified requirements have been fulfilled."

• Monitoring — "conducting a planned sequence of observations or measurements to assess whether control measures are operating as intended."

Today, there are some quality professionals who believe that further revision should be made to the seven principles of HACCP and an eighth principle added—validation.

HACCP is an effective and rationale approach to food safety. As a result, food safety experts determined that HACCP plans were best if they were developed by individual companies. These organizations have the greatest understanding of their operations and processes. This allows the HACCP plans to be customized to meet the needs of the company rather than using a generic "one size fits all" approach, which typically results in the implementation of a highly conservative HACCP plan.

Importance of Certification
The globalization of the world’s food supply has made food safety a critical issue. Customers want to ensure that the food they purchase is safe and wholesome. Subsequently, buyers demand guarantees or certificates that their suppliers can meet this customer demand.

Some buyers require that the suppliers receive HACCP and GMP audits. Certain certification bodies developed audit schemes using Codex HACCP and good hygiene practices. The Codex document is an excellent guidance document, but it was not written in auditable form. Private firms have developed their own food safety, quality and sanitation audits, which include a HACCP component. These audits include SQF 2000 (Safe Quality Food), which is managed by the Food Marketing Institute, the Dutch HACCP Standard, the BRC or British Retail Consortium and IFS (International Food Standard) by the Federal Union of German Trade Associations. All of these standards are auditable. Auditors evaluate processing facilities and issue certificates of compliance with the standards. However, in 2001, there was not a truly auditable international standard.

Market pressures tend to determine which audit scheme a supplier must choose. If your customers demand that you must have a BRC, then that is the route you must go.

According to a survey done by Dr. Alfred Chambers of Manarchus Consulting,[3] the standard has been rather well received over the past three years. Tables 1 and 2 present the breakdown of the certificates.

Over 1,350 companies are certified to SQF 2000 levels 2 or 3 internationally.[4] BRC has reported that over 7,600 certificates have been issued to food processing companies with approximmately one-third located in Great Britain.[5]

The Global Food Safety Initiative (GFSI) established benchmark requirements for food safety audit programs, but has yet to approve ISO 22000. However, both the SQF and BRC audits benchmarked their latest standard against ISO 22000.

ISO 22000 and the Others
When one examines the different audits schemes and compares them to ISO 22000, the most striking difference is that the private standards specifically define the requirements for the FSMS. There may be guidance documents that contain additional information than is defined or implied in the actual structure of the FSMS. These documents must be followed if the food processor is going to successfully pass the audit. Most of these checklists are highly prescriptive and tell the auditor exactly what to look for and clearly elucidate what is expected in each section of the audit. ISO 22000 does not follow this strategy. ISO 22000 was written as a management standard. Thus, the standard addresses the following management issues include:

1. Management Commitment — The standard demands that top management provide evidence of its support for the FSMS by incorporating it as part of how they do business and effectively communicating the program throughout the organization.

2. Food Safety Policy — Organizations must establish a food safety policy and communicate this policy throughout the operation. The policy must incorporate both regulatory and food safety requirements of their customers. Also, the policy must be supported by food safety objectives.

3. Planning — Management must facilitate planning and organization of the FSMS to ensure that policies and goals are achieved.

4. Responsibilities and Authorities — Management must clearly define who within the organization is responsible for managing, maintaining and monitoring the FSMS.

Dr. Jacob Faergamand,[6] chair of the international working group that wrote ISO 22000, emphasized the importance of these elements by stating, "The most effective food safety systems are designed, operated and updated within the framework of a structured management system and incorporated into the overall management activities of the organization."

ISO 22000 defines what is expected to ensure the production of safe food. It is up to the company that implements the system to define the prerequisite programs and the HACCP plan.

ISO 22000 mandates that organizations establish, implement and maintain prerequisite programs (PRPs) to minimize the potential of introducing hazards into the processing environment, control potential food hazards and reduce the potential of biological, chemical and physical hazards being introduced into the food or beverage. The processor must verify that the PRPs are effective as part of the FSMS and modify them as needed. Again, this kind of discipline is implied but not mandated in many HACCP programs.

The Standard provides reference material to assist the company in the proper selection, implementation and documentation of the prerequisite programs. This strategy was intentional. In addition, ISO and the International Trade Centre published an additional reference that further elaborates on the Standard.[7] It allows the development of an FSMS that is customized to the culture and operations of the food processing company.

These two different strategies have their "sweet spots" in assuring food safety. If a processing company has limited technical resources, a more prescriptive standard may be of benefit in establishing a FSMS. However, if a food processing company has the technical resources, ISO 22000 may be the better standard.

The Need for Competent Auditors
One of the complaints that has been levied against ISO 9000 certification process is the level of auditor competence. This is something that the authors have observed first hand. Many times the auditors know how to audit, however, their technical background is in non-food related fields. To address this concern, TC-34, the technical committee that developed the standard, published TS 22003:2007.[8] The scope of this standard is to define the basic requirements for accrediting, certifying and auditing ISO 22000.

The working group intends that accreditation bodies and certification bodies use three ISO standards (22003, 17021 and 9011) to manage the audit process. ISO 22003 defines that the FSMS auditor demonstrates competencies in the following areas:

• Management system audits
• Applicable laws and regulations
• HACCP and food safety, including the identification and evaluation of supply-chain safety hazards
• Methods to determine, implement and manage control measures for HACCP plans and PRPs
• Knowledge of products, processes and practices in the food sectors they will audit.

This places a burden on the auditor since he or she must understand the system. It also places a burden on the company since it must provide documentation for why or why they have not done something that would be expected in most operations.

What’s Next for ISO 22000
As this is published, the third anniversary of the ISO 22000 standard is fast approaching. ISO standard rules require that their standards be reviewed every 5 years. The objective of the review is that the standard will not become a technical barrier to trade. Users and potential users of ISO 22000 are invited to participate in the review process at the national level. If you like to participate in the review process please contact Dr. Richard Cantrill at richard.cantrill@aocs.org.

Read the sidebar "Evolving Principles of HACCP"

Richard F. Stier is a consulting food scientist with international experience in food safety (HACCP), food plant sanitation, quality systems, GMP compliance and food microbiology. He is a member of the Institute of Food Technologists and an editorial advisor to Food Safety Magazine. He can be reached at rickstier4@aol.com.

John G. Surak, Ph.D., the principal of Surak and Associates, provides consulting for food safety and quality management systems, auditing management systems and designing and implementing process control systems. He helped develop the ISO 22000 and serves as an editorial advisor to Food Safety Magazine. John can be reached at jgsurak@yahoo.com; www.stratecon-intl.com/jsurak.html.


References
1. Codex Alimentarius Commission. 2007. Proposed guidelines for the validation of food safety control measures, CX/FH 07/39/05.
2. International Organization for Standardization. 2005. ISO 22000: Food Safety Management Systems—Requirements for Any Organization in the Food Chain. ISO: Geneva, Switzerland.
3. Chambers, A.F. 2008. ISO Management Systems. www.iso.org/ims.
4. Safe Quality Food Institute. 2008. http://www.sqfi.com.
5. British Retail Consortium. 2008. http//:membersarea.brc.org.uk/directory/?dir=1.
6. Faergamand, J. 2007. ISO Focus. September, 29—32.
7. International Trade Centre and International Organization for Standardization. 2007. ISO 22000 Food Safety Management Systems. An easy to use checklist for small businesses. Are you ready? ITC and ISO: Geneva Switzerland.
8. International Organization for Standardization. 2007. TS 22003. Food Safety Management Systems—Requirements for Bodies Providing Audit and Certification of FSMS. ISO: Geneva, Switzerland.
 



Evolving Principles of HACCP

HACCP Principles – 1973
1. The identification and assessment of food hazards
2. Documentation of critical control points (CCPs) to control identified hazards
3. Establishment of a system to monitor the CCPs

HACCP Principles – 1989
1. Assess hazards and risks associated with growing, harvesting, raw materials and ingredients, processing, manufacturing, distribution, marketing, preparation and consumption of food
2. Determine CCPs required to control the identified hazards
3. Establish the critical limits that must be met at each CCP
4. Establish procedures to monitor CCPs
5. Establish corrective actions to be taken when there is a deviation identified by monitoring a CCP
6. Establish effective record-keeping systems that document the HACCP plan
7. Establish procedures for verification that the HACCP system is working correctly

HACCP Principles – 1992
1. Conduct a hazard analysis. Prepare a list of steps in the process where significant hazards occur and describe preventive measures
2. Identify CCPs in the process
3. Establish critical limits for preventive measures associated with each identified CCP
4. Establish CCP monitoring requirements. Establish procedures for using the results of monitoring to adjust the process and maintain control
5. Establish corrective actions to be taken when monitoring indicates that there is a deviation from an established critical limit
6. Effective record-keeping procedures that document the HACCP system
7. Establish procedures for verification that the HACCP system is working correctly

HACCP Principles – 1997
1. Conduct a hazard analysis. Prepare a list of steps in the process where significant hazards occur and describe preventive measures
2. Identify CCPs in the process
3. Establish critical limits for preventive measures associated with each identified CCP
4. Establish CCP monitoring requirements. Establish procedures for using the results of monitoring to adjust the process and maintain control
5. Establish corrective actions to be taken when monitoring indicates that there is a deviation from an established critical limit
6. Establish procedures for verification that the HACCP system is working correctly
7. Effective record-keeping procedures that document the HACCP system

HACCP Principles – 2010?
1. Conduct a hazard analysis. Prepare a list of steps in the process where significant hazards occur and describe preventive measures
2. Identify CCPs in the process
3. Establish critical limits for preventive measures associated with each identified CCP
4. Establish CCP monitoring requirements. Establish procedures for using the results of monitoring to adjust the process and maintain control
5. Establish corrective actions to be taken when monitoring indicates that there is a deviation from an established critical limit
6. Establish procedures for verification that the HACCP system is working correctly
7. Validate the efficacy of controlling identified hazards of all CCPs
8. Effective record-keeping procedures that document the HACCP system

Copies of the ISO 22000 can be obtained from the international organization for standardization: Tel. + 41 22 749 01 11 • Fax + 41 22 749 09 47 • www.iso.org

Categories: Process Control: Best Practices; Regulatory: HACCP