1. Training: Building Real Competence, Not Just Ticking Boxes
While most established food manufacturers will already have training in place around their processes and include food safety, Clause 7.2 specifically asks for competency. And for your high risk or complicated processes, reading the SOP and ticking the box just isn't enough, there is an expectation that you have proof that they understand what's required. This can be a quiz/questionnaire, in-plant test, or an assessment by a competent assessor with clear requirements they must meet. And of course, all that needs to be on record somewhere! Get this right, and you'll start your ISO journey on solid ground. But having a competent team is just one part of the puzzle—you also need to understand and manage your risks at a much deeper level.
2. Risk Assessment: Going Beyond Basic HACCP
For your food safety risks, Clause 6.1 gives clear guidance on what is expected, and it may be more than your original HACCP allowed for. Managing your risk is not just about basic control, it's also about "enhancing desirable effects" and achieving continual improvement.Ticking the box on having a risk register won't quite cut it, now you will need to show plans for improvement, to lower the risk rating/impact moving forward.You also need to be able to show that you are evaluating how effective your controls are, whether that be monitoring levels of out-of-spec product in-house or customer complaints, or some other metric that shows your risks are under control. All of this must also be proportionate – i.e. the greatest levels of control, planning and effort, are related to your biggest risks. Of course, not every risk can be eliminated, which is why ISO 22000 expects you to be ready for the unexpected.
3. Crisis Management: Including Food Safety in Emergencies
Most businesses these days have their fire drills under control, and some sort of basic emergency response plan for the biggies, like earthquakes, pandemics etc. but do they consider food safety? Clause 8.4 is all about handling emergencies, and your team needs to make sure your emergency plans consider all aspects of food safety. Keep an eye out for our upcoming "Food Safety in Crisis Management" blog, which will outline what you need to consider in more detail. And speaking of readiness—your people can't follow the plan if they don't understand it
4. Staff Familiarity: Awareness Across the Entire Team
This one can be a toughie.Clause 7.3 is Awareness, and there are specific requirements regarding what ALL of your staff understand about your Food Safety.They need to know about your Food Safety policy, have some understanding of your food safety objectives and how they relate to their work, how they contribute to your Food Safety system and what happens if they don't do what's needed.It's always best to start from the beginning, so make sure your induction / onboarding plan includes all related facets of food safety, and that you are getting regular comms out to the team when things change, new objectives are set or just as a refresher – we're all human and sometimes we need a wee nudge to get us back on track.That ties in neatly also with some of Clause 7.4 Communication, specifically around internal communication. Clear communication relies on another critical piece of your system—your documents.
5. Document Control: Keeping Records Accurate and Accessible
If you already have an existing ISO certification like 9001 for Quality, this one will be a no-brainer, all the same requirements are there.However, if you're new to ISO then this one requires some thought.While these days ISO has very little in the way of documentation that you must have for them, Clause 7.5 is all about how you manage your Food Safety documentation.This includes all your key internal information like processes and work instructions but also about managing externally provided information, like standards, manuals, customer specs etc. You will need to consider regulation of who can access documentation, who has authority to make changes and who needs to be involved in reviewing and updating your documentation. You can of course do this manually with a paper system but increasingly the use of dedicated compliance systems like Mango is becoming the norm here and can dramatically simplify the process for you. It also includes things like retention of records, whether that's training, testing, calibration or other key things that are relevant to your Food Safety Management System. But even the best documentation won't save you if leadership isn't fully engaged.
6. Management Input: Driving Food Safety from the Top
Nowadays there's a lot more focus on top-down driven systems everywhere and ISO is no exception. Clause 5 is all about Leadership and 9.3 is around Management Review.There is expectation that top level management will be driving the food safety system from their level down, setting objectives, reviewing analysis and outcomes of audits, ensuring there are the right resources available to manage the system and maintain it, and promotion of continuous improvement. And you need to be able to prove it.Things like management review meetings and reports need to be clear, documented and retained for audit. And because no food safety system exists in isolation, you'll also need to keep a close eye on your suppliers.
7. Supplier Management: Evaluating and Monitoring Your Partners
22000 has a little clause called 7.1.6 Control of externally provided processes, products and services, which requires criteria to be in place for the evaluation, selection and monitoring of your suppliers.You will need to be able to show how you decided what supplier to use for your main ingredients and processes, and that you continue to monitor their performance to your criteria and act when there is an issue. It doesn't have to be a scrupulously detailed list as long as your arm, but it does need to consider at minimum the risks posed to your business by their product/service. i.e. if they provide a raw food ingredient, do they have HACCP processes in place? Can they trace it if there is an issue? How are they potentially going to affect your product?
A combination of questionnaires and in person audits would be the best way to go to cover your bases and have confidence in the information. Finally, don't forget that every change—no matter how small—can affect your food safety system.
8. Change Management: Planning Changes the Right Way
This is one of the most common areas that isn't done justice, and it can be a costly one.Clause 6.3 Planning of changes outlines the standards requirements for managing change. This includes the purpose of the change, its potential consequences, how it affects your FSMS, if you have the resource to change effectively and more.You will need to have in place a proper change management process, and consider prompts/questions around what should be considered as part of the change and what interested parties might be involved, from different departments in house, to customers and regulation bodies where relevant.
And of course, the ol' chestnut, it must be documented! Document it all, and you'll avoid costly mistakes down the road.
Wrapping up
ISO 22000 isn't just about passing an audit— it has some huge benefits and is about embedding a culture of food safety and continuous improvement into every corner of your business. Avoid these 8 pitfalls, and you'll be well on your way to smoother implementation, stronger compliance, and greater customer trust.