ISO 22000: 2018 - Interested parties - Needs and expectations

 


In this entry I focus on the ISO 22000: 2018 standard - Food safety management systems — Requirements for any organization in the food chain, and I am going to analyze, in the most complete way, from my point of view of course, its Subclause 4.2 Understanding the needs and expectations of interested parties.


As I have already mentioned in other previous entries, this subclause 4.2, together with 4.1, are characterized by containing the least understood and applied requirements of the entire ISO 22000 standard and all management system standards. That is why I recommend you dedicate the time and effort necessary to understand them correctly.


To do this, I will start by identifying, based on the information presented in this subclause, and according to the methodology that I have been using, what its established requirements are, continuing with its progressive numbering that I will be following for all the requirements of this standard.



In order to start with this analysis, we should consider that every organization has what is called interested parties, that is, as defined by the ISO 9000: 2015 standard, "person or organization that can affect, be affected or perceive itself to be affected by some decision or activity”, and this because it has a legitimate interest in relation to the performance of said organization, and each of these parties has particular needs and expectations in relation to it.


It is convenient that we rely on the definitions established by the ISO 9000: 2015 standard, which although it is part of another family of (quality) management system standards, the ISO 9000, is a valid reference in what is pertinent for other management systems. This standard includes as examples of interested parties, the following: Customers, owners, people from an organization, suppliers, banks, legislators, unions, partners or society in general that may include competitors or pressure groups with opposing interests.


More specifically, Appendix 2 of ISO Annex SL mentions the following as possible interested parties of an organization:

  


If we consider that the first requirement of this Subclause 4.2 is that the organization shall determine the interested parties that are relevant to the food safety management system, we should assume that the first activity should be to carry out a formal analysis, by the organization, by means of one or more persons, of all its interested parties, to identify its relevance to the food safety management system.


It is important to remember that this subclause of the ISO 22000 standard, like 4.1, will lead us to establish input elements for the planning of the food safety management system. Similarly, it is important that we remember the definition established by the ISO 9000: 2015 standard of the term Determination: “activity to find out one or more characteristics and their characteristic values”. This same standard also defines the term Characteristic as follows: “Distinguishing feature”. For this, this definition includes three explanatory notes:


Note 1. A characteristic can be inherent or assigned.


Note 2. A characteristic can be qualitative or quantitative.


Note 3. There are several classes of characteristics, such as the following: a) physical (for example, mechanical, electrical, chemical or biological characteristics); b) sensory (for example, related to smell, touch, taste, sight and hearing); c) behavioural (for example, courtesy, honesty, truthfulness); d) time (for example, punctuality, reliability, availability, continuity); e) ergonomic (for example, physiological characteristics, or related to the safety of people); f) functional (for example, maximum speed of an airplane).


Therefore, that person or group of people who performs this analysis on behalf of the organization, should identify among all interested parties of the organization, those that are relevant to the food safety management system, through the identification of its characteristics and characteristic values.


Starting from the determination of the interested parties of an organization, the next step is to establish the relevant requirements of those interested parties. Within this analysis, we may consider that among the characteristic values ​​of the characteristics of those determined relevant parties, those relevant requirements of those interested parties can be determined.


It is important not to lose sight of the fact that this information determined by the organization, both those interested parties and their associated requirements, should be oriented towards establishing the food safety objectives of the organization itself. That is why the standard includes the term "relevant" in both cases.


The organization decides whether a particular requirement from a relevant interested party is relevant to its food safety management system.


This last point is very important, since just as it happens when applying Sub-Clause 4.1, the determination made by the organization with respect to external or internal issues, as in this case with respect to interested parties and their requirements, it pertains only to the strategic direction of the organization, and these determinations have the objective of supporting the establishment, as precise as possible, of the food safety objectives. It is important for us to remember that the establishment of objectives is a basic element of any management system, since all the other activities that are going to be carried out, within that system, will be to comply with and verify the fulfillment of those objectives. However, no auditor or certification body will be able to qualify whether those interested parties, or their requirements, are well or poorly determined, or whether those food safety objectives are well or poorly established, since they are elements of the strategic direction of the organization.


What should be auditable are the actions or mechanisms used by the organization to reach these determinations, so it is important that the organization define, plan and carry out these actions and mechanisms appropriately. Keep in mind that the better these interested parties and their requirements are determined, the more elements the organization will have to establish its food safety objectives in a better way.


Relevant interested parties and their relevant requirements represent important inputs to several other ISO 22000 requirements, including scope, risks and opportunities, and input to management review, among others.


Appendix 2 of ISO Annex SL mentions some examples of interested parties´ requirements:


− applicable laws;

− permits, licenses or other forms of authorization;

− government regulations;

− judgments of courts or administrative tribunals;

requirements of a larger entity to which the organization belongs;

− treaties, conventions and protocols;

− relevant industry codes and standards;

− contracts that have been concluded;

− agreements with customers, community groups or non-governmental organizations;

− agreements with public authorities and customers;

requirements through the adoption of voluntary principles or codes of practice;

− voluntary labeling or environmental commitments;

− obligations arising from contractual agreements with the organization.


We can say that success of an organization depends on understanding and satisfying the current and future needs and expectations of current and potential customers and end users, as well as understanding and considering those of other interested parties.


To meet the needs and expectations of all interested parties, the organization should:


• identify its interested parties and maintain a balanced response to their needs and expectations;

• translate identified needs and expectations into requirements;

• communicate requirements throughout the organization; and

• focus on process improvement to ensure value creation for identified interested parties;

• understand the needs and expectations of your customers, including those of potential customers;

• determine the key features of the product for customers and end users;

• identify and evaluate competitors in your market; and

• identify market opportunities, weaknesses and competitive advantages.


As examples of needs and expectations of customers and users, in relation to the organization's products, we can mention the following:



The organization should be able to demonstrate that it has identified its interested parties, as well as the needs and expectations of each of them.


As I usually do, when I present this type of requirements to you, to facilitate your understanding of them, I rely on definitions of these terms, which are usually established in international standards, or failing that, in recognized dictionaries.


The ISO 9000:2015 standard establishes the definition of "Information" as: "Meaningful data"


The Merriam Webster dictionary defines the term “Identification” as: “an act of identifying / the state of being identified”. In the same way, it defines the term “Identify”, among other meanings, as: “to perceive or state the identity of (someone or something)”.


So, what this requirement establishes is that the organization should carry out the “act of identifying” the information related to those interested parties. That is, it should establish and maintain documented information about identification of "meaningful data" for the determination of relevant interested parties.


A very similar thing happens with the following requirement, in which the organization should establish and maintain documented information on the identification of “meaningful data” for the determination of the relevant requirements of those relevant interested parties.


The next requirement (fifth) of this Sub-clause 4.2 states that the organization shall review information related to these interested parties.


If we take the ISO 9000 definition of term "Review" as: "Determination of the suitability, adequacy or effectiveness of an object to achieve established objectives"


To do this, the organization should conduct a determination of the suitability, adequacy or effectiveness of all identified information on relevant interested parties. This review should be through a formal evaluation of each of the supporting documents or publications for the identification, prioritization and determination of relevant interested parties, and compare it with new publications, reports or more recent data, to ensure that these interested parties continue to be valid in terms of the relevance identified by the organization, or if necessary, make the necessary adjustments. The organization should also generate and maintain the appropriate records and documentation.


The sixth requirement of this Sub-clause 4.2 states that the organization shall review information related to requirements of those interested parties; in the same way as mentioned with the previous requirement, the organization should carry out the review of all the information identified about the relevant requirements of the relevant interested parties. This review should also be carried out through a formal evaluation of each of the supporting documents, publications or data for the identification, prioritization and determination of each of the requirements of the relevant interested parties, and compare it with new publications, reports or more recent data, to ensure that the requirements established as relevant by these interested parties continue to be valid in terms of the relevance identified by the organization, or, where appropriate, make the necessary adjustments. The organization should also generate and maintain the appropriate records and documentation.


The penultimate (seventh) requirement of this sub-clause establishes that the organization shall update the information related to these interested parties.


In this case, it is the ISO 22000: 2018 standard that establishes the definition of the term "Update" as follows: "immediate and/or planned activity to ensure application of the most recent information".


This leads us that when the organization reviews all information identified about relevant interested parties, it should ensure that information that has already become outdated or invalid is replaced by current or more recent information.


This is also true for the last requirement of this sub-clause which states that the organization shall update the information related to requirements of these interested parties; That is, when the organization reviews all information identified on the relevant requirements of interested parties, it should ensure that information that has already become obsolete or invalid is replaced by current or more recent information.


One element worth knowing is the material issued by the ISO 9001 Auditing Practices Group, as part of ISO Technical Committee 176. This group carefully analyzes the requirements of ISO 9001 and issues recommendations for auditing them. Sub-clause 4.2 of ISO 22000 has some different requirements from those of Subclause 4.2 of ISO 9001, that is, they are similar but not identical texts, so when analyzing these recommendations we must do so considering these differences. Thus, with respect to this Sub-clause 4.2, it tells us that auditors should understand and assess how an organization decides on the requirements of interested parties that are relevant to the food safety management system, by considering:


• the range of interested parties considered,


• criteria for selecting relevant interested parties,


• aspects to select the relevant requirements.


Auditors should be able to conclude on the appropriateness of these practices and how this information is tracked and reviewed, for example through management reviews.

 

The relevant requirements of those relevant interested parties should be apparent as inputs to the planning process, such as potential risks and opportunities. Again, although there is no requirement to retain documented information, an organization would be expected to keep some record of its analysis for ongoing and future reference. This could be expressed, for example, as:


• Minutes of meetings

• Tables

• Spreadsheets

• Databases

• Hyperlinks

• External documentation

• FS manual (if the organization decides to have one)

• Among others.


Auditors should conduct this review in an interview with top management and follow these issues throughout the audit. If documented information is not provided, auditors should collect objective evidence that the results of this activity are consistently reflected in the risk and opportunity review, external documentation, communication, and other relevant areas of their food safety management system.


I hope that this information provides you with more complete information and helps you better understand and comply with this sub-clause.


Author:


Ernesto Palomares Hilton.


Comments