In April 2023, Version 6 of the FSSC 22000 standard was published. More than 31,000 companies worldwide are currently certified according to FSSC 22000. In this article, DQS lead auditor Martin Seitz has summarized the changes certified companies should prepare for and the timeframe for implementation.
What are the reasons for the revision?
FSSC cites the following as the main reasons for the update:
- Incorporating the requirements of ISO 22003-1:2022
- Strengthening the requirements to support organizations in their efforts to achieve the UN Sustainable Development Goals (SDGs).
- Editorial changes and amendments as part of continuous improvement
The Scheme consists of five Parts and two Appendices which are bundled into one document. Furthermore, there are five Annexes. All of these documents contain mandatory Scheme requirements. The mandatory requirements of the so-called BOS List (Board of Stakeholder Decision List) continue to serve as a basis for certification.
In addition, guidance documents on various topics to provide additional support are available.
All documents can be downloaded free of charge from the FSSC 22000-Website.
FSSC 22000 Version 6: Changes certified companies need to be aware of
Some of the new requirements cover a very wide range of issues. A critical review of these issues is essential. With this in mind, an effective and efficient implementation strategy needs to be developed. Note that additional resources may be required.
The mandatory upgrade period from 1 April 2024, to 31 March 2025, during which certificates must be updated from FSSC 22000 version 5.1 to version 6, could potentially cause companies to put off implementing the changes and especially the new requirements added to the standard. However, we recommend to work on implementation of the new requirements as soon as possible, as some of them can be considered challenging.
The main changes are:
- Qualitative and quantitative traceability of labels and printed packaging (including secondary packaging) with food safety-relevant information, such as best before dates, allergens, and nutritional values
- Comprehensive allergen management including training, declaration, validation, and verification
- Food and quality culture
- Systematic approach to quality control
- Foreign body management and management of all breakages
- Equipment management
- Food loss and waste
- Communication requirements
We encourage you to start the transition early. An overview of the most important changes can be found in this article. For ease of reading, the changes are presented below according to the structure of the standard.
FSSC 22000: What are the most important changes and additions in version 6 compared to version 5.1?
Part 1 Scheme Overview
Here, as in version 5.1, the structure of the FSSC 22000 certification system is outlined. The scheme still consists of the following parts:
- ISO 22000:2018: Food safety management systems - Requirements for organizations in the food chain.
- Preventive programs (PRPs) for food safety - based on technical specifications for the relevant area (e.g., ISO/TS 22002-x; PAS xyz).
- The additional FSSC 22000 requirements, set out in
- Chapter 2 of this FSSC standard document and in the
- BoS-List (Board of Stakeholder Decision List); FSSC board interpretation list.
FSSC is based on the food chain categorization described in ISO 22003-1:2022 This is particularly important to consider when implementing the additional FSSC 22000 requirements in chapter two of the Scheme document.
Noteworthy are the changes in the food chain categories of V6 compared to V5.1:
- Primary production (category A) of animal and plant products has been removed and replaced by category BIII "Activities on harvested plants" and
- category C0 "Transformation of carcasses for further processing..." have been included.
- The categories DIIa and DIIb pet food were removed and pet food has been included in food categories CI through CIV.
- The transport and storage category has been merged into one category G.
- The FII brokerage activities category has been newly added.
The description of the categories has been further specified and has become more precise in general. Foods for special dietary needs and foods for special medical purposes, where legally classified as food in the country of manufacture, may be included in the food chain category C. Products legally classified as pharmaceutical or medical products do not fall within the scope of FSSC 22000 certification.
Category I, Packaging, includes food service napkins and packaging materials (such as aluminum foil, baking paper, plastic wrap) used in the food industry. Packaging materials and napkins used in private households are excluded from the scope.
The combined FSSC 22000 and ISO 9001 process, which was not GFSI benchmarked in the past, is no longer included in the FSSC 22000 Scheme.
Part 2 Requirements for Organizations to be Audited
The additional requirements are still listed in chapter 2.5 of the Scheme. A number of them are now more precise and a number of new topics and aspects have been added:
2.5.1 Management of Services and Purchased Materials
This chapter applies to all categories.
Category I (packaging) now includes:
e) Establishing and ensuring criteria for compliance with legal and customer requirements for the use of recycled packaging as a raw material input into the production of finished packaging material.
2.5.2 Product Labeling And Printed Materials
c) Claims, such as allergens, nutritional, method of production, chain of custody, raw material status, shall be verifiably validated. The labels or printed materials shall be traceable including mass balance. This is undoubtedly a significant challenge for a large part of the certified companies.
d) Category I (packaging) now also requires to have a system in place for the approval of artwork and print control, covering changes and management of obsolete artwork and print materials. There shall be an approval of each print run against the agreed standard or master sample. A procedure for detecting and identifying printing errors shall be established. Differing print variants shall be effectively segregated. Unused print products shall be accounted for.
2.5.3 Food Defense
Here, the requirements have been formulated more clearly.
- threat assessment shall be documented in a traceable manner according to a defined methodology; and
- the food defense plan shall be based on the threat assessment and
- the risk mitigation measures and verification procedures shall be specified in the food defense plan.
For the new category FII - Broker, there is an additional requirement that brokers ensure their suppliers have a food defense plan.
2.5.4 Food Fraud Mitigation
Comparable amendments to those for Food Defense have been made here:
Defined methodology and documentation of mitigation measures with reference to the vulnerability assessment.
For the new category FII - Broker, there is the additional requirement that you shall ensure that your suppliers have a food fraud mitigation plan in place.
2.5.5 Use of FSSC Logo for Certified Organizations
It is still not allowed to use the FSSC logo on products, labels, and packaging. In addition, the logo shall also not be used on certificates of analyses (CoA's) or certificates of conformance (CoC's).
2.5.6 Management of Allergens
The most extensive amendments in FSSC Version 6 were made in the management of allergens section.
The following requirements have been added:
a) A list of all allergens handled on site, including raw materials and finished products
d) Documented information on validation and verification (e.g., surface testing, air sampling, and/or product testing) of control measures to reduce cross-contaminations.
e) The use of precautionary or warning labels on packaging only where the outcome of the risk assessment actually identifies a risk of cross-contamination with allergens, even though all necessary control measures have been effectively implemented.
f) All personnel shall receive training in allergen awareness and specific training on allergen control measures associated with their areas of work.
g) Annual review of the allergen management plan as well as reviews following significant changes, allergen-related recalls or withdrawals and also when allergen problems occur within the industry.
h) For food chain category D, animal feed and pet food, the allergen-related section may be indicated as "not applicable" under defined conditions.
2.5.7 Environmental Monitoring
The chapter on environmental monitoring now includes a requirement to review the effectiveness and adequacy of environmental monitoring. This review must take place at least annually or in the event of significant changes. The effectiveness and adequacy of environmental monitoring shall also be reviewed in the event of anomalies, such as trends in environmental, intermediate and finished product analyses, or in the event of corresponding withdrawals or recalls.
2.5.8 Food Safety and Quality Culture
This chapter is new. Until now, FSSC's position was that the topic of food safety culture - if properly implemented - was sufficiently included in ISO 22000.
In order to pay more attention to the topic in the new version, a completely new chapter has been included in the additional requirements.
It now covers a quality culture in addition to the well-known aspects from the Codex Alimentarius and Regulation (EU) 2021/382 of 03.03.2021. As part of the organization's commitment to cultivating a positive food safety and quality culture, senior management shall establish, implement and maintain food safety and quality culture objectives. Aspects to consider in food safety and quality culture are communication, training/initial training, employee feedback and engagement and performance measurement.
It explicitly requires a documented food safety and quality culture plan with targets and deadlines showing continuous improvement and the evaluation in the management review.
2.5.9 Quality Control
This too is a new chapter. It requires a systematic quality control procedure including the establishment, implementation, and maintenance of quality parameters in line with finished product specifications and product release. Additionally, an analysis and review of the results of the quality control parameters shall be carried out and used as an input for the management review. The quality control procedure shall be included in internal audits. Quantity control procedures according to legal and customer requirements are also included in this chapter.
Another requirement was added: establishing and implementing line start-up and change-over procedures. This shall include having controls in place to ensure labelling and packaging from the previous run are removed from the line.
2.5.10 Transport, Storage and Warehousing
Here there are only amendments concerning transports by ships.
2.5.11 Hazard Control and Measures for Preventing Cross-Contamination
In this section, the main amendment is the requirement to use a risk analysis for identifying the need of foreign body detection equipment (such as magnets, metal detectors, X-ray equipment, filters and sieves)
Where the use of foreign body equipment is not necessary, justification shall be maintained in writing.
A documented procedure shall be in place for the management and use of the foreign body equipment.
There is also the new mandatory requirement for foreign matter management and management of all breakages linked to potential contamination (e.g., metal, ceramic, hard plastic).
2.5.13 Product Design And Development
The requirements were supplemented by the risk-based verification of the shelf life of products and validation of cooking instructions for ready-to-cook products to ensure food safety.
2.5.15 Equipment Management
This is a new chapter. Specification of the equipment is required, addressing hygienic design, compliance with applicable legal and customer requirements, and the intended use of the equipment, including the product handled. The supplier shall provide evidence of meeting this specification prior to installation of the equipment.
Risk-based change management for new equipment and/or all changes to existing equipment shall be implemented. Evidence shall include successful commissioning and assessment of possible effects on existing systems. Adequate control measures shall be determined and implemented.
2.5.16 Food Loss and Waste
Another chapter that is entirely new. The organization's strategy to reduce food loss and waste within the related supply chain shall be described through a documented policy and objectives.
Food given to non-profit organizations, employees and other organizations shall be safe. This shall be controlled and products handled accordingly.
Products intended as animal feed/food shall not be contaminated.
2.5.17 Communication Requirements
This is a new section. The certification body shall be informed within three days of events or situations that impact food safety, legality and/or the certification integrity (force majeure, natural or man-made disasters (e.g., war, strike, terrorism, crime, flood, earthquake, malicious computer hacking, etc.)). Also, in serious situations where the integrity of the certification is at risk and/or the FSSC may be brought into disrepute (e.g., recalls, withdrawals, disasters, food safety outbreaks), the certification body shall be informed within three days. This also applies to imposed actions by regulatory authorities as a result of food safety issues, where additional monitoring or forced shutdown of production is required; in the event of food safety-related legal proceedings, prosecution, malpractice and negligence, and fraudulent activities and corruption.
Part 3 Requirements for the Certification Process
This chapter incorporates the updated requirements of ISO 22003-1:2022 and provides some clarifications that address audit planning, minimum audit time for PRPs, audit execution, and reporting. It also describes how audits are conducted in organizations with central functions that are not located at the site being certified or in multi-site organizations. These requirements are primarily aimed at certification bodies and auditors.
For the audited organization it is interesting to know that the two surveillance audits may not take place later than 12 months after the initial or recertification audit. A recertification audit (with issuance of a new certificate) should preferably take place at least three (3) months prior to the expiry date of the certificate, allowing enough time to complete the certification process before the certificate expires.
There are no substantial changes to the regulations on unannounced audits.
The evaluation system with minor, major and critical nonconformity and the procedure regarding the measures to close the nonconformities also remain unchanged.
What is new is that in addition to a list of participants with the audit times to be signed by the organization, an integrity declaration shall also be signed by the senior representative of the organization and the auditor(s). This confirms
- that there is no actual or perceived conflict of interest to ensure the impartiality of the audit,
- that the integrity of the audit has not been compromised, and
- that the audit was conducted in an ethical manner.
Part 4 Requirements for Certification Bodies
In this chapter, the updated ISO 22003-1:2022 has been included and some clarifications have been made regarding the relationship between the certification body and the FSSC Foundation and the auditor qualification process.
Part 5 Requirements for Accreditation Bodies
In this chapter, the updated ISO 22003-1:2022 and ISO/IEC 17021-1:2015 have been included and some clarifications have been made.
Appendix 1 Definitions
In this chapter, some definitions have been reworded or added.
Appendix 2 References
The normative references have been updated to include, for example, the FSSC Code of Ethics and FSSC Full Remote Audit Addendum.
Other normative documents:
These are primarily relevant for certification and accreditation bodies.
Annex 1 Explanations on formulating certificate scope statements
Annex 2 Certification Body Requirements regarding audit reports
Annex 3 (in Version 5.1 Annex 4) Certificate Templates for Certification Bodies
Annex 4 (in Version 5.1 Annex 5) Accreditation certificate templates for Accreditation Bodies
Annex 5 (in version 5.1 Annex 9) CB Requirements for the use of information and communication technology (ICT)
FSSC also has additional voluntary supplements and modules that can be conducted in combination with FSSC 22000 certification audits. These voluntary supplements and modules (e.g., HAVI Global Quality and Safety; FSMA PCHF; Costco; ISO 23412; HPC 420), including associated conditions and requirements, are also available on the FSSC website.
The upgrade process: Transition from Version 5 to Version 6
With the publication of version 6 of FSSC 22000, the document "Requirements V6-Upgrade-Process" was also published.
Here the transition phase from version 5.1 to version 6 is described as follows:
Audits against FSSC 22000 Scheme V5.1 may only be conducted until 31 March 31 2024.
Upgrade audits against FSSC 22000 Scheme V6 shall be conducted from 1 April 2024 until 31 March 2025.
The document "Requirements V6-Upgrade Process" also explains the discontinuation of the audit areas primary production/agriculture, category A:
No FSSC 22000 audits to V6 will be allowed for organizations holding category A scopes. This will apply to audits as of 1 April 2024. FSSC 22000 certificates with the Farming scope will be withdrawn, or the scope reduced where multiple categories apply, as of 31 December 2024.
The "Requirements V6-Upgrade Process" also explains the discontinuation of the FSSC 22000-Quality program (combination of FSSC 22000 and ISO 9001): from of 1 April 2023 no further licenses against FSSC 22000-Quality will be issued by FSSC. From 1 April 2024, no more FSSC 22000-Quality audits shall be delivered.
DQS - Your partner for FSSC 22000 certification
DQS is an accredited certification body for the FSSC 22000 standard. With qualified auditors all over the world we are at your disposal. Contact us - we will be happy to discuss your plans!