With over 13,000 certified sites, FSSC 22000 is one of the most widely used food safety certification systems in the world. In order to meet the changing demands of the markets, the system has undergone a revision in recent months. In December 2016, the new and now fourth version was published. As one of the leading certification bodies for FSSC 22000, we do not want to miss the opportunity to provide you with an overview of what is new in version 4.

One of the main reasons for the revision was to align the FSSC Systems to the latest version of the GFSI Guidance Document, which is expected to be published before the end of 2016. In order to maintain the status of the GFSI benchmarked certification standard, two major changes had become necessary: On the one hand, the introduction of unannounced audits, and on the other hand, the introduction of new requirements to combat food fraud.

Unannounced FSSC 22000 audits: Mandatory for all certified sites

Under the new GFSI minimum requirements, all food safety certification systems must at least include the ability to conduct unannounced audits. Version 4 of the FSSC 22000 however, already goes a step further: Unlike IFS and BRC, the unannounced audits are not optional, but mandatory. Of the two surveillance audits, at least one must be unannounced. It is up to the certification body to decide which of the two surveillance audits is unannounced.

Certified sites may also choose to have both surveillance audits occur unannounced. However, an initial assessment and a recertification audit can never be conducted unannounced.

A time window of nine months is provided for the unannounced audit to be conducted: The audit can take place at the earliest 3 months after the last day of the previous audit but at the latest 12 months after the previous audit. The next announced audit must take place within 24 months after the last day of the previous announced audit.

New requirements for the prevention of food fraud

Among the most significant changes in Version 4 are the new requirements to combat food fraud. According to these, all FSSC 22000-certified sites must have a documented procedure for what is known as a 'vulnerability assessment', meaning that an analysis of potential vulnerabilities and risks related to food fraud must be carried out at regular intervals.

Also required is a documented plan outlining the measures taken to combat food fraud and the risks to public health, linked to the food safety management system and relevant legislation.

Other changes in FSSC 22000 version 4

The following changes are still worth noting:

  • Broadening the scope: Both Catering and Retail are included in the scope of the FSSC 22000 system from version 4. All Storage & Distribution activities will also be covered by FSSC 22000 in the near future.
  • The new version requires auditor rotation every three years; certified sites may not be assessed by the same auditor for more than three years in a row.


FSSC 22000 version 4 certification has been available since January 2017. As of January 1, 2018, the new version will become mandatory.

Dr. Thijs Willaert

Dr. Thijs Willaert is Head of Marketing & Communications for the Sustainability and Food Safety segments. He is also an auditor for the external audit of sustainability reports. His areas of interest include sustainability management, sustainable procurement, and the digitalization of the audit landscape.