It has been said that standards writers have a common hobby, which is that they like to watch water come to a boil. The development of standards is an interesting process. At times to the outside world, the work looks insignificant. Then there is a rush of new work that leaves everyone scrambling to see what has been published and determining a strategy to interpret and implement the standard.

Subcommittee 17 of ISO Technical Committee 34 has the responsibility to develop and maintain ISO 22000. Last year, the subcommittee published one booklet and worked on the development or revision of four standards. The subcommittee has developed two books to assist small and medium-size businesses to implement ISO 22000. The documents that have been published, or are under review or development, are summarized in Table 1.

The Standards Front
On the standards front, SC 17 is considering a change in defining auditor qualifications. This is being done to bring the standard in alignment with current auditor qualifications as defined by ISO’s Committee on Conformity Assessment and the Global Food Safety Initiative (GFSI).

This is an important revision because confidence in the audit results and the certification depends on the competence of the auditor. Over the last few years, there have been several high-profile recalls in which the root causes of the recalls were in part attributed to the third-party audit process.

Auditor competencies can be divided into three parts:

1.    Auditing skills and knowledge

2.    Technical skills and knowledge

3.    Behavior systems and thinking

During an audit, the auditor must effectively apply all three competencies to obtain the desired results.  

Food safety management system (FSMS) auditor qualifications are described in ISO 22003. In the current version of the standard, auditor assignment and selection is based on five factors: specific education requirements, specific training requirements in both food safety and management system auditing, work experience and audit experience. Next, the certification body used these requirements to determine whether the auditor was competent to audit specific sectors of the food chain.

The proposed revision of ISO 22003 will bring the standard into alignment with ISO/IEC 17021:2001 (Conformity assessment – Requirements for bodies providing audit and certification of management systems). Thus, the revised standard will have specific competency requirements for auditors.  

For example, the current version requires that auditors demonstrate the ability to apply terminology, knowledge and skills in the following food safety- specific areas, which include the identification of food safety hazards.[1]

It is expected that the revised standard will require that auditors have the “ability to identify:

•    Foodborne microbiological hazards

•    Chemical hazards

•    Physical hazards

•    Allergens

•    Food safety labeling requirements

•    Food safety regulations relevant to the food chain category (ISO/TS 22003 annex A) and their recognized control mechanisms

•    The ability to evaluate the organization’s capacity to identify and meet applicable (country of production/country of destination) food safety regulation and labeling requirements”[2]

Certification bodies will have to develop procedures to assess auditor competencies. They will also need to move past using a checklist approach in determining auditor capabilities to using a process approach. In this way, auditor qualifications such as education, training and experience could be used to partially determine competence. However, the certification body should also ensure that the auditor has specific knowledge, skills and experience in addition to having the ability to apply these factors in conducting an audit and assessing audit results. Food processing organizations seeking certification may want to ask the certification body how it determines auditor competencies.

Progress on Other ISO 22000 Standards    
SC 17 has been working on revising a number of other standards. Last year, ISO published ISO 22002-2, which describes the prerequisite programs (PRPs) to assist in controlling food safety hazards in catering operations. From an ISO perspective, catering includes a wide variety of operations, including transportation, food store delis and foodservice operations located in hospitals, hotels and restaurants. ISO 22002-2 was developed to be applicable in central foodservice units as well as in satellite operations. SC 17 is now working on a number of other standards that describe PRPs, such as standards for transport and storage, retail and feed.

The Book Front
This year, ISO published a book entitled How to use ISO 22000: Food safety management systems. This book complements an earlier ISO book entitled ISO 22000: Food safety management systems: An easy-to-use checklist for small businesses: Are your ready? This book was published in 2007.

Both books are priced around $40. PDF copies can be purchased from the American National Standards Institute[3] or ISO[4]. Hard copies of the books can also be purchased from ISO.

The 2007 book, written by an expert committee, provides detailed generic guidance on how to implement the standard. This book was designed to help small and medium-size businesses learn the strategies to implement a food safety management system. However, the publication is also useful for large organizations that are implementing ISO 22000.

In addition, the book was developed outside of any ISO standard requirements. In this way, it was not developed to be used by auditors to conduct certification audits.

The new book has a unique format. Five chapters cover the following critical topics in implementing an FSMS:

•    Management commitment and internal organization

•    The implementing of good practices: PRPs

•    Hazard Analysis and control of remaining hazards (operational PRPs and/or Critical Control Points)

•    Verification of the management system

•    Basic information on the process of certification of an FSMS according to ISO 22002:2005

The book’s structure divides the chapters into three major parts: the objectives of the chapter, themes covered by the chapter and description of each required task.  The themes relate to specific implementation tasks. Table 2[5] provides a list of the tasks found in the book. Within each task, the book addresses the following:

•    References to clauses in ISO 22002:2005

•    The main actions to be implemented

•    Examples of documents that could be used to demonstrate compliance to the requirements of the standard

•    Questions that should be answered to ensure completion of the task

Looking for Volunteers
ISO is inviting your help in the development of the standards. In the U.S., most of the work in developing ISO standards is done at the national level through U.S. Technical Advisory Groups. The American Oil Chemists’ Society holds the U.S. secretariat for ISO Technical Committee 34 (Food Products). If you would like to get involved, contact Brittany Helbling at  

John G. Surak, Ph.D., is the principal of Surak and Associates and can be reached at

1. ISO. 2007. ISO/TS 2007 Food safety management systems — Requirements for bodies providing audit and certification of food safety management systems.
2. ISO. 2013. ISO/TDS 2003 Food safety management systems — Requirements for bodies providing audit and certification of food safety management systems.
5. ISO. 2013. How to use ISO 22000: Food safety management systems.