A few months back, Dr. David Acheson described the requirements described in the Hazard Analysis and Risk-based Preventive Controls-proposed regulation as “HACCP on steroids.” This is a bit of an exaggeration as what the U.S. Food and Drug Administration (FDA) is asking is nowhere near as rigid as what is mandated under the ISO 22000 international standard (ISO 22000: Food safety management systems — Requirements for any organization in the food chain) or in the Global Food Safety Initiative (GFSI) food safety audit schemes. What the proposal does indicate, however, is that FDA will be taking longer and harder looks at what food processors are doing to ensure the safety of what they are manufacturing.

The current seafood and juice Hazard Analysis and Critical Control Points (HACCP) regulations mandate that a HACCP plan be assessed or re-evaluated on a regular basis, which means at least once a year. ISO 22000 and the GFSI audit schemes have similar requirements. So, your first step should be not just a re-assessment, but a complete and very detailed evaluation. Because of economic pressures and a need to protect their customers, brands and reputations, most processors have established HACCP plans based on the seven principles described in the 1997 guidelines established by the National Advisory Committee for Microbiological Criteria for Foods or the Codex Food Hygiene document. These two documents are harmonized. If your company has properly followed these guidelines when developing your plans, you should be okay when it comes to a review by FDA. Note that the word “should” is used. Some processors have had a tendency to be a bit lax when it comes to developing, documenting, implementing and maintaining their HACCP plans. Areas where companies can do better are as follows:

• Conducting the Hazard Analysis (risk assessment) on ingredients, processes and finished products

• Validating and documenting that their CCPs are adequate for controlling established hazards

• Verifying that the system is working as designed

This is not to say that these elements are lacking in their current programs; they simply need to be strengthened and managed better. This is one reason why it would be a good idea for more companies to take a long look at the ISO 22000 standard. In this case, look at the standard as a system for managing food safety. The HACCP plan is a part of the food safety management system, which includes prerequisite programs, vendor quality, traceability and recalls, communication and management commitment. The best way to protect your customers is to establish a culture of food safety through a systems approach. Each and every one of these elements is part of the system. A company can use the ISO 22000 standard as a guideline to build the food safety management system but does not have to spend the money for certification. Please note that the reference is to money only. Building an ISO 22000-based food safety management system will take time and effort (and money, if the goal is to do it right), but a processor does not have to be certified. This is especially true in the United States and North America. Since the standard was issued in 2005, Europe and Asia have jumped on the bandwagon, so to speak. But, the message is not one of certification but of building a strong food safety management system that will meet the final requirement of the Food Safety Modernization Act (FSMA). ISO 22000 is a tool that will help ensure that you do so.

Richard F. Stier is a consulting food scientist with international experience in food safety (HACCP), plant sanitation, quality systems, process optimization, GMP compliance and microbiology. Among his many affiliations, he is a member of the Institute of Food Technologists and an editorial advisor to Food Safety Magazine. He can be reached at rickstier4@aol.com.