ISO 22000:2018
Food safety management systems — Requirements for any organization in the food chain
Standard Introduction
ISO 22000:2018 is an active standard published by International Organization for Standardization (ISO). It is commonly used across Food & Beverage, Manufacturing, Retail and applies in Global.
Use this page to review the official documentation, current status, and the certification or assessment bodies most commonly associated with ISO 22000:2018.
Farm to Fork Coverage
Applicable to every organization in the food chain — from feed producers and farmers through manufacturers, transport, storage, and retail — as well as related organizations like packaging and equipment suppliers.
HACCP + ISO Integration
Combines the Codex Alimentarius HACCP principles with ISO management system structure (HLS), prerequisite programs (PRPs), and interactive communication across the food chain.
PDCA at Two Levels
Applies the Plan-Do-Check-Act cycle at both the management system level (strategic) and the operational level (HACCP plan and PRPs), ensuring both organizational and food safety objectives are addressed.
list_alt Key FSMS Elements
- Interactive communication across the food chain
- System management aligned with ISO High Level Structure
- Prerequisite programs (PRPs)
- Hazard analysis with operational PRPs and HACCP plan
- Traceability system for products and materials
- Emergency preparedness and response
- Performance evaluation through internal audits and management review
- Continual improvement of the food safety management system
Who Needs to Comply?
Any organization in the food chain regardless of size or complexity — including food manufacturers, caterers, transport and storage operators, retailers, feed producers, primary producers, and related organizations such as equipment manufacturers and packaging material suppliers.
Key Requirements
Hazard Analysis & Critical Control Points
Conduct a thorough hazard analysis identifying biological, chemical, physical, and allergenic hazards. Classify control measures into operational PRPs and the HACCP plan with validated critical limits.
Prerequisite Programs (PRPs)
Establish and maintain prerequisite programs appropriate to the organization's position in the food chain — covering hygiene, pest control, allergen management, water safety, waste management, and personnel practices.
Traceability System
Implement a traceability system that can identify incoming materials from suppliers and the initial distribution route of finished products — enabling targeted withdrawal or recall within a defined timeframe.
Verification & Validation
Validate that control measures and combinations of control measures are capable of achieving intended levels of hazard control. Verify through monitoring, internal audits, and analysis of verification activities.
Management of Nonconformities
Establish procedures for corrections, corrective actions, handling of potentially unsafe products, and withdrawals/recalls. Evaluate the cause of nonconformities and take action to prevent recurrence.
Implementation Roadmap
Prepare scope, obligations and evidence model
Define the food safety management system scope across food-chain activities, prerequisite programmes, HACCP controls, suppliers, traceability, products, services, and emergency food safety processes. Identify applicable legal, product, customer, certification, or market-access obligations and agree how evidence will be owned, updated, and retained.
Gap analysis and risk classification
Assess current practices against ISO 22000 requirements and risk context. Review food safety policy, hazard analysis, prerequisite programmes, operational PRPs, CCPs, traceability, withdrawal and recall, validation, verification, and continual improvement, then prioritize gaps by market-access impact, safety or environmental risk, customer exposure, and documentation readiness.
Implement controls, testing and documentation
Deploy required controls, supplier workflows, testing or assessment activities, labeling or communication steps, and technical documentation. Build traceable evidence around hazard analyses, PRP records, OPRP and CCP monitoring logs, traceability tests, validation records, verification results, withdrawal or recall exercises, corrective actions, and management reviews.
Review, maintain and respond to changes
Complete readiness reviews and corrective actions before the certification audit. Keep the program current after product, supplier, substance, design, regulatory, market, or incident changes.
Compliance Checklist
checklist Scope and obligations
checklist Controls and evidence
checklist Monitoring and maintenance
Penalties & Enforcement
ISO 22000 certification is voluntary. However, loss of certification can result in loss of business contracts and market access, as many retailers and food service companies require certification from their suppliers. Underlying food safety regulation violations carry separate legal penalties.
Frequently Asked Questions
Who needs ISO 22000?
expand_more
ISO 22000 is relevant for organizations whose products, services, or activities fall within food-chain activities, prerequisite programmes, HACCP controls, suppliers, traceability, products, services, and emergency food safety processes. It is commonly driven by market access, safety, environmental, customer, or regulatory obligations.
What is the main purpose of ISO 22000?
expand_more
The practical purpose is to create a repeatable program for food safety policy, hazard analysis, prerequisite programmes, operational PRPs, CCPs, traceability, withdrawal and recall, validation, verification, and continual improvement. The program should make obligations visible, define accountable owners, and maintain evidence that remains current as products and rules change.
What should be done first?
expand_more
Start with scope. Identify which products, components, sites, suppliers, markets, and activities are covered before writing procedures or commissioning tests.
How long does implementation take?
expand_more
Implementation can take weeks for a narrow product family or many months for complex multi-market portfolios. Timing depends on testing, supplier evidence, technical documentation quality, and whether third-party assessment is needed.
What evidence is most important?
expand_more
Important evidence includes hazard analyses, PRP records, OPRP and CCP monitoring logs, traceability tests, validation records, verification results, withdrawal or recall exercises, corrective actions, and management reviews. Authorities, auditors, customers, and test labs usually expect traceable records that connect requirements to decisions, tests, labels, and declarations.
How should suppliers be managed?
expand_more
Suppliers should provide declarations, test reports, change notifications, and traceable material or component data. High-risk suppliers need periodic review and contractual flow-down of compliance requirements.
When should the file be updated?
expand_more
Update the file after regulatory changes, design changes, supplier changes, material changes, incidents, complaints, or new market launches. Static files quickly become unreliable in product compliance.
Can this be integrated with other programs?
expand_more
Yes. ISO 22000 can share supplier management, document control, risk management, test planning, labeling review, and corrective-action workflows with related quality, safety, environmental, or product-compliance programs.
Official Documentation
Official PDF for ISO 22000:2018
Official publication or summary for ISO 22000:2018
Official online resource
International Organization for Standardization (ISO) guidance and reference material
Implementation toolkit
Templates, guidance, or companion resources for ISO 22000:2018