Part 1 of this article explained the processes for choosing an accredited certification body, establishing and training implementation and audit teams, and conducting a gap analysis to review a restaurant's existing Food Safety Management System (FSMS). The final part of this series will examine the development, implementation, operation, and measurement of an FSMS, as well as the process for conducting internal and certification audits.

Develop, Implement, Operate, and Measure FSMS

Restaurant operators can find the requirements for implementing an ISO 22000-compliant FSMS in clauses 4 through 10. They must thoroughly understand all of the clauses in the standard. Restaurants that are implementing an ISO 22000-compliant FSMS for the first time must meet all of the requirements of the standard. The following sections provide detail on some of the most important requirements.

ISO 22000 requires restaurant operators to define the context of the organization. This context includes the nature of the business, its products and services, its food safety objectives, and how internal and external factors (risks and issues) can affect the organization's ability to meet food safety goals. To identify risks, restaurant operators can assess the internal and external environments of the business with tools like SWOT (Strengths-Weaknesses-Opportunities-Threats) and PESTLE (Political, Economic, Sociological, Technological, Legal, and Environmental) analyses. The standard also calls for determining who the stakeholders are; how the business can affect them; what their needs and expectations are from the business, products, and services; and how they can influence the restaurant's FSMS to meet its objectives. Senior management is responsible for defining the organization's context, and the scope statement must be documented.

It is also necessary to determine the scope of the FSMS. This requires describing the geographic area in which the restaurant operates, as well as the products and services that should be included in the FSMS. The implementation team must develop a food safety policy that reflects senior management's commitment to serving safe food. The food safety policy must outline the objectives of the policy and identify the regulatory compliances that must be met, including the mutually agreed food safety requirements and how the objectives of the policy can be measured. Once the policy is developed, it must be implemented and communicated to team members so that they are aware of the policy and their role in ensuring food safety. Although not considered necessary, the ISO 22000 standard emphasizes continuous improvement by requiring food safety policies to be reviewed at least once a year and, if necessary, revised and communicated to employees.

The ISO 22000 standard allows restaurant operators to incorporate HACCP principles into their FSMS. The implementation or food safety team must identify the process steps for each menu item and document them using the process flow diagram. The implementation team must conduct a hazard analysis to identify hazards (physical, chemical, or biological) in each process, the severity of those hazards, and the likelihood of their occurrence. 

Following the identification, analysis, and assessment of hazards, the Codex decision tree is used to determine whether a prerequisite program (PRP) or a Hazard Analysis Critical Control Points (HACCP) plan will control food safety hazards. PRPs do not focus on any specific stage of the process, but rather on the fundamental conditions and activities required to maintain a sanitary environment in the restaurant to ensure food safety. Examples of PRPs include cleaning and sanitizing, personal hygiene, water quality, supplier verification, and waste management.

In a process, a Critical Control Point (CCP) is a point, step, or procedure at which control can be used to reduce, eliminate, or prevent hazards. Each CCP should contain at least one critical limit. Temperature and time are two examples of critical limits. They must be scientifically supported and monitored via measurement or observation. For example, chicken cooked at an internal temperature of 165 °F for 15 seconds is an example. The PRP will control potential food safety hazards that cannot be controlled by the HACCP plan.

It is also crucial to know the requirements of national food safety regulations. They, too, should be included in the FSMS. To reduce the possibility of contamination, both HACCP and PRP must be validated and verified for their effectiveness. Despite the fact that many restaurants have HACCP-based procedures in place, it has been observed that food safety hazards are frequently not accurately identified or HACCP-based procedures are not consistently implemented or documented, rendering the HACCP plan ineffective in controlling the hazard. In such cases, the HACCP plan must be revised, implemented, and documented. To ensure that the revised plan is correctly and consistently implemented, it must be clearly communicated to all team members.

Another important factor that restaurant operators must consider is identifying emergency situations that may arise during foodservice operations, such as foodborne illness outbreaks. ISO 22000 requires restaurant operators to develop an emergency response plan for foodborne illness. It is also critical to measure the effectiveness of emergency response strategies and, once proven, they must be implemented.

Senior management must ensure that internal communication within the restaurant is effective enough to keep the FSMS running smoothly. Employees are critical to food safety. It is important to define and communicate the roles and responsibilities of all restaurant employees who are directly or indirectly involved in food handling so that they understand their role in ensuring food safety while preparing and serving food. Restaurant operators should create a system that encourages employees to provide feedback for improving the existing FSMS. Restaurants must also seek feedback from customers to improve their foodservice operations. In addition, communication procedures should be developed on how information will be exchanged with employees and management, as well as with external stakeholders, such as customers. 

Management must hold review meetings and conduct internal audits to determine whether food safety goals are being met and whether the current FSMS is capable of controlling potential food safety hazards. If any deviations are discovered, corrective actions must be taken. Records must be kept of all review meetings, internal audits, and corrective actions. Senior management must invest in employee training on a consistent basis. Employees must be trained on a regular basis, and training records must be detailed. Depending on the need, employees can be trained in safe food practices and behaviors, leadership, auditing, cleaning and sanitation, and HACCP.

Another critical requirement of the standard is the establishment of a system outlining how non-conforming, potentially unsafe food items will be handled, including disposal. Food items may become potentially unsafe if standard purchasing or receiving procedures are not followed, or if CCPs are violated during cooking or service. For example, shellfish obtained from unapproved or illegal sources, or hot and cold foods that are not kept at appropriate temperature in buffets, may be sources of possible unsafe food hazards. The factors that contributed to the non-conformance must be identified so that corrective action can be taken.

Restaurants must have a food recall plan in place to recall food items that have been identified as unsafe. The recall management plan must include procedures for recovering and disposing of the food item(s). The procedures for recall, the team members responsible for recalls, and the responsibilities and procedures for communicating the recall must be outlined in the plan. According to the standard, recall procedures must be tested for effectiveness at least once per year.

Conduct an Internal Audit

ISO 22000 requires an internal audit team to audit all existing internal processes, policies and systems against the ISO 22000 standard prior to the certification audit by the certification body. This will not only make it easier to pass the certification audit, but will also ensure that all policies, procedures, and processes are established, implemented, and maintained in accordance with ISO 22000 requirements. 

Internal auditing, when done properly, assists the audit team in identifying major and minor non-conformances and implementing corrective actions prior to the certification audit. It is critical that the internal audit team attend ISO 22000 implementation training to understand exactly what knowledge and skills they require as auditors, how to audit and assess the system, and what preparations they must make prior to the audit. 

If the restaurant is implementing ISO 22000 for the first time, internal auditing may be difficult due to a lack of data, particularly in the first few months. In such cases, the first internal audit can take place three months after the ISO 22000 requirements are implemented. Through a corrective action plan, the implementation team must address any major or minor non-conformances discovered during the internal audit. The implementation team must conduct a root cause analysis on the identified non-conformance, identify corrections and corrective actions, and share them with the certification team within the timeframe specified, which is usually four weeks for minor non-conformances and two weeks for major non-conformances from the date of the last audit. 

The implementation team is responsible for ensuring that the corrections outlined in the corrective action plan are carried out. During the first stage of the certification audit, auditors review these corrections. If the restaurant does not address a minor non-conformance, it may be considered a major non-conformance in the next audit. If the implementation team fails to address non-conformances identified during the internal audit, then the lead auditors will conduct a certification re-audit. The certification body's lead auditor closes non-conformances only after they are satisfied with corrective actions. Certain non-conformances may require a site audit before they can be closed. Corrective actions must be documented using a corrective action report (CAR). Such initiatives demonstrate the commitment of senior management to continuous improvement. ISO 22000 certification is granted after the certification body's lead auditors have satisfactorily closed out all non-conformances. 

It is essential to understand the difference between a gap analysis and an internal audit. Internal audits are conducted after the FSMS has been established, to evaluate how well the existing FSMS is performing. A gap analysis is performed before the establishment of the FSMS, to identify where processes, systems, and policies fall short of the ISO 22000 standard.

Undergoing a Certification Audit

A certification audit is conducted in two stages. In the first stage, lead auditors will audit the existing FSMS and review whether the processes, standards, and policies are developed, implemented, maintained, and documented in accordance with the ISO 22000 standard. Internal audit records, management review meetings, and corrective actions will be reviewed to ensure that the system is in compliance. 

The purpose of the first-stage certification audit is to determine whether the restaurant is ready for the second-stage audit. During the exit meeting, the lead auditor will share the audit report with senior management, outlining all of the conformances and non-conformances discovered during the audit. The implementation team is then asked to devise a corrective action plan and implement corrective actions. 

In the second-stage audit, which is typically conducted six months after the first stage, auditors will determine whether all non-conformances discovered during the first-stage audit have been resolved. Following a successful second-stage audit, the auditor can make a certification recommendation, and certification will be granted. 

The certification process for restaurants and other foodservice establishments typically takes six to eight months. The certification body will assist the restaurant operator in ensuring compliance by visiting the restaurant every six months and reviewing the operation of the FSMS. If any deviations are discovered, corrective recommendations will be made so that they do not cause problems during the annual re-certification audit.

The Surveillance Audit Process

Once the restaurant is ISO 22000 certified, it must maintain its certification by passing a re-certification audit—i.e., by consistently meeting the requirements of the standard. Certification bodies conduct surveillance audits once a year between recertification audits. The purpose of the surveillance audit is to ensure that the restaurant is complying with the requirements of the standard. There are, however, some prerequisites for the surveillance audit that must be met. Prior to the surveillance audit, the internal audit team must conduct an internal audit of the existing FSMS, and any deficiencies discovered must be addressed with a corrective action plan. Any changes made to processes, systems, or standards must be reviewed and documented.

Conditions for Suspension of Certification

In cases where a restaurant consistently fails to meet certification requirements, the certification body has the authority to suspend the establishment's certification. If a restaurant does not regain certification after a six-month suspension, then the certification body has the authority to withdraw the certification. 

Certification can be withdrawn if the restaurant ceases operations or if the certification body believes that the audit process has been compromised, thereby jeopardizing the certificate's integrity. Certification can also be revoked if the restaurant management refuses to allow the certification body to conduct surveillance or re-certification audits after the first certification is established. Restaurant management may also request that the certification be suspended if they wish to continue operations without ISO certification. If the restaurant management resolves the non-conformances that caused the suspension within six months, then the certificate suspension can be lifted. 

If a restaurant operator is dissatisfied with the manner in which the audit was conducted or with the refusal of certification, they typically have four weeks to express their displeasure to their auditor. If the problem is not resolved, then the restaurant owner can file a written complaint with the certification company. The certification body will take up the matter with the corporate office within 12 weeks of receiving the written complaint. The corporate committee will then form a review committee to investigate the complaint and determine whether to reverse the decision. The certification agency keeps audit-related data private. It can share the audit findings with regulatory agencies when requested or when foodborne illness outbreaks are under investigation.

Choosing Between ISO 22000 and ISO 9001

In addition to food safety, restaurant operators place a premium on the quality of their food and beverages, as well as the overall service they provide. Given this, some restaurant operators prefer to invest in ISO 9001, a Quality Management System (QMS). ISO 9001 is a QMS that emphasizes quality, while ISO 22000 is an FSMS. 

The system to be used is determined by the restaurant's specific requirements. Experts argue that when choosing between ISO 22000 and 9001, ISO 22000 should be prioritized over ISO 9001, not only because food safety is paramount, but also because some ISO 9001 quality elements can be incorporated into ISO 22000. Restaurants that are ISO 22000 certified do not need to obtain an additional ISO 9001 certification because ISO 22000 is structured similarly to ISO 9001. In either case, HACCP is necessary. If a restaurant wants to obtain both ISO 9001 and 22000 certifications, it must create a manual that addresses both safety and quality concerns separately, as well as train its employees to think about both quality and safety when preparing, serving, and handing food.

ISO 22000 places a premium on preparing and serving food safely. Once the standards are consistently implemented and maintained over time, restaurant operators can effectively reduce risks and control food safety hazards, thereby reducing the spread of foodborne illnesses. Customers who dine at ISO 22000-certified restaurants can be confident that their meals are prepared and served to the highest international standards. As customer concerns about food safety become more vocal, restaurant operators must invest in a strong FSMS, such as ISO 22000. After all, restaurant operators have a social obligation to protect the health and wellbeing of their customers.