ISO 22000

Food Safety Management System

Food Safety


  1. Introduction
  2. Overview
  3. Global adoption
  4. Benefits
  5. Auditing
  6. Choosing a registrar
  7. Route to registration
  8. Costs
  9. Contributing editor


The ISO 22000 family of standards relate to food safety management systems and are designed to help organizations of any size and at any stage in the food chain to ensure they meet the needs of customers and other stakeholders. The standards are published by ISO, the International Organization for Standardization and are available through National standards bodies.

ISO 22000 deals with the fundamentals of food safety management systems.  ISO 22000:2005 deals with the requirements that organizations wishing to meet the standard have to meet.  It has been designed to be compatible with other management system standards such as ISO 9001 and can be implemented within an integrated management system.

Independent confirmation that organizations meet the requirements of ISO 22000:2005 may be obtained from third party certification bodies. 

ISO 22000:2005 specifies the basic requirements for a food safety management system (FMS) that an organization must fulfil to demonstrate its ability to consistently produce food products which are safe for the end consumer.

The standard can be used for certification/registration and contractual purposes by organizations seeking recognition of their food safety management system. ISO 22000:2005 delivers safe product, and covers all organizations in the food chain, both direct and indirect food chain.

ISO 22000 has been developed to aid harmonisation of approaches to managing food safety, not for just one part of the food chain, but for all organizations in the food chain and for those organizations supplying to the food chain, materials and services that could impact on the safety of food.

The standard combines the key elements to enable management of food safety along the food chain including: integrating the principles of HACCP and application sequence developed by Codex Alimentarius Commission; system management; control of food safety hazards through pre-requisite programmes and HACCP plans; interactive communication with suppliers, customers, regulators and consumers and, continual improvement and updating of the management system.

The standard has been developed as a food safety management system applicable to all organizations in the food chain and to suppliers of services and products to the food chain, and has been designed to enhance communication on food safety issues within the food chain to help raise standards of food safety within the food industry and thus harmonise approached to managing food safety globally.


ISO 22000 describes the requirements for operating an effective food safety management system integrating the use of the Hazard Analysis and Critical Control Point (HACCP) techniques and defined prerequisites for the safe production of food.

The ISO 22000 model is a systematic approach to developing, planning, validating, establishing, implementing, monitoring, verifying and improving the food safety management system. Implementation is split down into several distinct stages including:

Management responsibility

This section of the standard is designed to enable top management to establish and maintain commitment to the development and improvement of a food safety management system.

The need for measurable objectives is intended to support top management understanding how the food safety management system is performing and therefore what improvements and updating may be required to enable the ongoing production of safe food.

  1. Food Safety Policy:  Establish a policy that is appropriate to the role of the organization in the food chain ensuring it conforms to both statutory and regulatory requirements and agreed food safety requirements of customers.
  2. Objectives:  Establish measurable objectives relating to food safety in support of the food safety policy.
  3. System definition:
    • Define the scope of the food safety management system in terms of products, activities and sites.
    • Documented food safety management system.
    • Development of internal and external communication on food safety issues with relevant interested parties.
    • Development of a food safety management system that enables all food safety hazards to be identified and controlled.
    • Establish procedures to manage potential emergency situations that can impact food safety.
  4. Responsibilities:  Responsibilities and authorities defined and communicated.  Appointment of a food safety team leader and establish a food safety team.
  5. Review the continued suitability, adequacy and effectiveness of the food safety management system at planned intervals and identify opportunities for improvement and updating of the system.
  6. Resources:  Provide adequate resources for the development, maintenance, updating and improvement of the food safety system.

Planning and realization of safe products

  1. All relevant information needed to conduct the hazard analysis shall be collected, maintained, updated and documented.
  2. The food safety team shall conduct a hazard analysis to determine which hazards need to be controlled.
  3. A combination of control measures shall be put in place and managed through pre requisite programmes and/or by HACCP plans.
  4. Traceability systems will need to be implemented to enable the identification of product lots/batches back through to raw materials and delivery records in the event that recall or withdrawal is warranted.
  5. There shall be procedures in place to handle potentially unsafe products, withdrawals, disposal.

Validation, verification and improvement of the food safety management system

  1. The food safety team shall plan and implement the processes needed to validate control measures and/or control measure combinations before their implementation to test that they will work in practice. They will also need to verify the effectiveness of the system after implementation.
  2. Internal audits shall be conducted at planned intervals to determine whether the food safety system conforms to planned arrangements and is effectively implemented and updated.
  3. The food safety team shall evaluate the individual results of planned verification and shall analyse the results ,which are then formally reviewed by top management.

The ISO 22000 series of standards consist of:

  • ISO 22000:2005 Food safety management systems - Requirements for any organization in the food chain
  • ISO 22003:2007 Food safety management systems - Requirements for bodies providing audit and certification of food safety management systems
  • ISO 22004:2005 Food safety management systems -Guidance on the application of ISO 22000:2005
  • ISO 22005:2007 Traceability in the feed and food chain -General principles and basic requirements for system design and implementation

Is ISO 22000 relevant to your organization?

ISO 22000 has been developed to aid harmonisation of approaches to managing food safety, not for just one part of the food chain, but for all organizations in the food chain and for those organizations supplying to the food chain, materials and services that could impact on the safety of food.

Examples of organizations who can adopt ISO 22000:2005 include:

Direct food chain:

  • Farmers
  • Growers
  • Feed producers
  • Food manufacturers and processors
  • Food ingredient producers
  • Food storage, distribution and transport organisations
  • Caterers
  • Retailers
  • Food service operators such as restaurants and fast food outlets

Indirect food chain:

  • Producers of chemicals to be used in the food industry
  • Producers of equipment used in the food industry
  • Producers of cleaning and sanitizing equipment
  • Producers of packaging materials
  • Service providers

Global adoption

Following the ISO Survey of Certifications in 2009, ISO 22000:2005 certifications reached at least 13,881 certificates in 127 countries and economies – a rise of 69 %.


  • Applies to all organizations in the global food supply chain.
  • Internationally recognized standard
  • Complies with the Codex HACCP principles.
  • An auditable standard which provides a framework for third-party certification.
  • The structure aligns with the management system clauses of ISO 9001:2008 and ISO 14001:2004.
  • System approach, rather than product approach.
  • Improved documentation.
  • Systematic management of prerequisite programs.
  • Increased due diligence.
  • Dynamic communication on food safety issues with suppliers, customers, regulatory bodies and other interested parties.


Two types of auditing are required to become registered to the standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual process of review and assessment, to verify that the system is working as it's supposed to, find out where it can improve and to correct or prevent problems identified. It is considered healthier for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgements.

Choosing a registrar

There are over 1000 certification bodies globally. It is important to select an approved certification body and to ensure they comply with the following criteria:

  • Ensure the company is accredited to ISO/IEC 17021:2006, and the certification body accreditation is issued by a recognised competent body.
  • Receive quotations from several certification bodies.
  • Do not select the cheapest as their auditing or service may be below standard,
  • Ensure the certification body is recognised by your customers and they relevant sector experience for your industry sector

Route to registration

There are various phases to registration:

  1. Pre-audit Assessment
    • Check documentation with Lead Assessor
      Together, you and your Lead Assessor will review your documentation. This will ensure that all documented procedures cover the requirements of ISO 22000:2005.
    • Determine date of assessment
      Together with your Lead Assessor you will determine the best timetable for your registration and agree on a date for initial assessment. Many organizations benefit from our pre-assessment "dry run" of the formal assessment.
  2. Initial Assessment conducted
    • An initial assessment will be conducted by your auditor. You will be informed of his recommendation at the closing meeting.
  3. Registration Confirmation
    Following your auditors recommendation, your registration will be confirmed by the technical reviewers.
    • Certificate Issued
      Your certificate of registration will arrive soon after your registration has been confirmed.
  4. Continued Assessment
    After registration your nominated auditor will visit your organization every 6 months or annually to ensure that your management system continues to meet the requirements of ISO 22000:2005.
  5. Reassessment
    Your registrar is required to perform a reassessment of your management system every 3 years. This is normally 2/3 of the initial assessment duration at the end of the closing meeting your auditor will confirm the outcome of the reassessment.


The answer depends on a number of factors. There are costs to both implement and to maintain your certification.

Implementation Costs

In terms of costs to implement, if you choose a full do-it-yourself approach, the only real costs will be the time for resources dedicated to the implementation process and in time spent writing documents and training your staff. If you have little experience with ISO 22000:2005, or have limited internal resources, you might choose to get some outside professional help through a management system consultant.  If you choose to use external help, costs will vary depending on your country, the typical day rate in the United Kingdom will vary between £400 - £1000 plus depending on the consultant.  There are advantages by recruiting a consultant as you are able to guarantee your registration within a given period, however it is essential you research their credentials prior to engaging them.

Certification Costs

Costs of registration are dependent on the size of your organization. Most registrars charge a certain rate per day to be on-site at your facility. This day rate will vary depending on your country, the typical day rate in the United Kingdom will vary between £300 and £800 per auditor day depending on the registrar. Small companies with less than 20 staff could expect one auditor on site for 1-3 days; Large companies can expect several auditors on site for up to up to 10-15 days.

Other fees include application fees, certificate fees or annual licence fees.

To maintain your certification, the Registrar must return annually to audit a portion of your system. These costs will be less than the original visit, since the time spent will be shorter. Once every three years, the Registrar returns to audit your entire system.

Contributing editor

Ruth Bell, MSc FIFST
AF Associates – International Food Safety Management Specialists

Established in 1995, AF Associates is a leading provider of Food Safety Management System Consultancy and Auditing to all sectors of the Food Chain. The Advisory Team is led by Ruth Bell, a specialist food safety management system practitioner and auditor, who has a wealth of experience in all fields of the food industry, both in the UK and internationally.  Having gained experience from working in the food industry in product development, technical and quality management roles, Ruth’s particular areas of specialism are Food Safety Management Systems based around HACCP/ISO 22000 and private quality assurance schemes.  Ruth has worked on a number of projects helping organizations throughout the food chain to design, develop, implement and verify manageable food safety systems tailored to their needs.  Ruth is well known for her practical quality and HACCP knowledge as a consultant and auditor.

Based in the UK, the Company specializes in providing a comprehensive range of services to assist clients both large and small, nationally and internationally in the development and implementation of robust food safety management systems in line with standards, legislative and customer requirements.

Find a Standard

Find a Consultant