In this entry I focus on the ISO 22000: 2018 standard - Food safety management systems — Requirements for any organization in the food chain, and I am going to analyze, in the most complete way, from my point of view of course, its Subclause 4.2 Understanding the needs and expectations of interested parties.
As I have already mentioned in other previous entries, this subclause
4.2, together
with 4.1, are characterized by containing the least
understood and applied requirements of the entire ISO 22000
standard and all management system standards. That is why I recommend you dedicate the time and
effort necessary to understand them correctly.
To do this, I will start by identifying, based on the information
presented in this subclause, and according to the methodology that I have been
using, what its established requirements are, continuing with its progressive numbering
that I will be following for all the requirements of this standard.
In order to start with this analysis, we should consider that every organization has what is called interested
parties, that is, as defined by the ISO 9000:
2015 standard,
"person or organization that can affect, be affected or perceive itself to
be affected by some decision or activity”, and this because it has a legitimate
interest in relation to the performance of said organization, and each of these parties has particular needs and expectations in relation to it.
It is convenient that we rely on the definitions established by the ISO 9000: 2015 standard, which although it is part of another family of (quality) management system standards, the ISO 9000, is a valid reference in what is pertinent for
other management systems. This standard includes as examples of interested parties, the following: Customers, owners, people from an organization, suppliers, banks, legislators, unions, partners or society in general
that may include competitors or pressure groups with opposing interests.
More specifically, Appendix
2 of ISO Annex SL mentions the following as possible interested parties of an organization:
If we consider that the first requirement of this Subclause 4.2 is that the organization shall
determine the interested parties that
are relevant to the food safety management system, we should assume that the first activity should
be to carry out a formal analysis, by the organization, by means of one or more persons, of all its interested parties, to identify its
relevance to the food safety management system.
It is important to remember that this subclause of the ISO 22000 standard, like 4.1, will lead us to establish input elements for the planning of the food safety management system. Similarly, it is important that we remember the
definition established by the ISO 9000: 2015 standard of the term Determination:
“activity to find out one or more characteristics
and their characteristic values”.
This same standard also defines the term Characteristic as follows: “Distinguishing feature”. For this, this
definition includes three explanatory notes:
Note 1. A characteristic can be inherent or assigned.
Note 2. A characteristic can be qualitative or quantitative.
Note 3. There are several classes of characteristics, such
as the following: a) physical (for
example, mechanical, electrical, chemical or biological characteristics); b) sensory (for example, related to
smell, touch, taste, sight and hearing); c)
behavioural (for example, courtesy, honesty, truthfulness); d) time (for example, punctuality,
reliability, availability, continuity); e)
ergonomic (for example, physiological characteristics, or related to the
safety of people); f) functional
(for example, maximum speed of an airplane).
Therefore, that person or group of people who performs this analysis on
behalf of the organization, should identify among all interested parties of the organization, those that are relevant to the food safety management system, through the identification of its characteristics and characteristic values.
Starting from the determination of the interested parties of an organization, the next step is to establish the relevant requirements
of those interested parties. Within this
analysis, we may consider that among the characteristic
values of the characteristics
of those determined relevant parties,
those relevant requirements of those interested
parties can be determined.
It is important not to lose sight of the fact that this information
determined by the organization, both those interested
parties and their associated requirements, should be oriented towards establishing the food safety objectives of the organization itself. That is why the standard includes the term "relevant" in both
cases.
The organization decides whether a particular requirement from a relevant interested party is relevant to its food safety
management system.
This last point is very important, since just as it happens when
applying Sub-Clause 4.1, the determination made by the organization with respect to external or internal issues, as in this case with
respect to interested parties and
their requirements, it pertains only to the strategic direction of the organization, and these determinations have the objective of supporting the establishment, as precise as
possible, of the food safety objectives. It is important for us to remember that the
establishment of objectives is a basic element of any management system, since all the other activities that are going to be carried out,
within that system, will be to comply with and verify the fulfillment
of those objectives. However, no auditor or certification
body will be able to qualify whether those interested parties, or their requirements, are well or poorly determined, or whether those food safety objectives are well or
poorly established, since they are elements of the strategic
direction of the organization.
What should be auditable are the actions or mechanisms used by the organization to reach these determinations, so it is important that the organization define, plan and carry out these actions and mechanisms appropriately.
Keep in mind that the better these interested
parties and their requirements are determined, the more elements the organization will have to establish its
food safety objectives in a better way.
Relevant interested parties
and their relevant requirements represent important inputs to several other ISO 22000 requirements, including scope, risks and opportunities, and
input to management review, among others.
Appendix
2 of ISO Annex SL mentions some examples of interested parties´ requirements:
− applicable laws;
− permits, licenses or other forms of authorization;
− government regulations;
− judgments of courts or administrative tribunals;
− requirements of a larger entity to which the organization belongs;
− treaties, conventions and protocols;
− relevant industry codes and standards;
− contracts that have been concluded;
− agreements with customers, community groups or non-governmental organizations;
− agreements with public authorities and customers;
− requirements through the adoption of voluntary principles or
codes of practice;
− voluntary labeling or environmental commitments;
− obligations arising from contractual agreements with the organization.
We can say that success of an organization depends on understanding and satisfying the
current and future needs and expectations of current and potential customers
and end users, as well as understanding and considering those of other interested parties.
To meet the needs and expectations of all interested parties, the organization should:
• identify its interested parties
and maintain a balanced response to their needs and expectations;
• translate identified needs and expectations into requirements;
• communicate requirements throughout the organization; and
• focus on process improvement to ensure value creation for identified interested parties;
• understand the needs and expectations of your customers, including
those of potential customers;
• determine the key features of the product for customers and end users;
• identify and evaluate competitors in your market; and
• identify market opportunities, weaknesses and competitive advantages.
As examples of needs and expectations of customers and users, in
relation to the organization's products, we can mention the following:
The organization should be able to demonstrate that it has
identified its interested parties,
as well as the needs and expectations of each of them.
As I usually do, when I present this type of requirements to you, to facilitate your understanding of them,
I rely on definitions of these terms, which are usually established in international standards, or failing that, in recognized dictionaries.
The ISO 9000:2015 standard establishes the definition of "Information"
as: "Meaningful data"
The Merriam Webster dictionary defines the term “Identification” as: “an
act of identifying / the state of being identified”. In the same way, it
defines the term “Identify”, among other meanings, as: “to perceive or state
the identity of (someone or something)”.
So, what this requirement establishes is that the organization should carry out the “act of identifying” the information related to
those interested parties. That is, it
should establish and maintain documented information about identification of
"meaningful data" for the determination of relevant interested parties.
A very similar thing happens with the following requirement, in which the organization should establish and maintain documented information
on the identification of “meaningful data” for the determination of the
relevant requirements of those relevant interested parties.
The next requirement (fifth) of this Sub-clause 4.2 states that the organization shall review information related to these interested parties.
If we take the ISO 9000 definition of term "Review" as: "Determination of the suitability, adequacy
or effectiveness of an object to achieve established objectives"
To do this, the organization should conduct a determination of the suitability,
adequacy or effectiveness of all identified information on relevant interested parties. This review should be through a formal
evaluation of each of the supporting documents or publications for the
identification, prioritization and determination of relevant interested parties, and compare it with
new publications, reports or more recent data, to ensure that these interested parties continue to be valid
in terms of the relevance identified by the organization, or if necessary, make the necessary adjustments.
The organization should also generate and maintain the appropriate
records and documentation.
The sixth requirement of this Sub-clause 4.2 states that the organization shall review information related to requirements of those interested
parties; in the same way as mentioned with the previous requirement, the organization should carry out the review of all the information identified about the relevant requirements of the relevant interested parties. This review should also be carried out
through a formal evaluation of each of the supporting documents, publications
or data for the identification, prioritization and determination of each of the
requirements of the relevant interested parties, and compare it with new publications, reports
or more recent data, to ensure that the requirements established as relevant by these interested parties continue to be valid
in terms of the relevance identified by the organization, or, where appropriate, make the necessary
adjustments. The organization should also generate and maintain the appropriate
records and documentation.
The penultimate (seventh) requirement of this sub-clause establishes that the organization shall update the information related to these interested parties.
In this case, it is the ISO 22000: 2018 standard that establishes the definition of the term "Update" as follows: "immediate and/or planned activity to
ensure application of the most recent information".
This leads us that when the organization reviews all information identified about relevant interested parties, it should ensure
that information that has already become outdated or invalid is replaced by
current or more recent information.
This is also true for the last requirement of this sub-clause
which states that the organization shall update the information related to requirements of these interested
parties; That is, when the organization reviews all information identified on the relevant
requirements of interested
parties, it should ensure that information that has already become obsolete
or invalid is replaced by current or more recent information.
One element worth knowing is the material issued by the ISO 9001
Auditing Practices Group, as part of ISO Technical
Committee 176. This group carefully analyzes the requirements of ISO 9001 and issues recommendations for auditing them. Sub-clause
4.2 of ISO 22000 has some different requirements from those of Subclause 4.2 of ISO 9001, that is, they are similar but not identical texts, so when
analyzing these recommendations we must do so considering these differences.
Thus, with respect to this Sub-clause 4.2, it tells us that auditors should understand and assess how an organization decides on the requirements of interested
parties that are relevant to the food safety
management system, by considering:
• the range of interested parties
considered,
• criteria for selecting relevant interested
parties,
• aspects to select the relevant requirements.
Auditors should be able to conclude on the appropriateness
of these practices and how this information is tracked and reviewed, for
example through management reviews.
The relevant requirements of
those relevant interested parties
should be apparent as inputs to the planning process, such as potential risks
and opportunities. Again, although there is no requirement to retain documented information, an organization would be expected to keep some record of its analysis for ongoing and
future reference. This could be expressed, for example, as:
• Minutes of meetings
• Tables
• Spreadsheets
• Databases
• Hyperlinks
• External documentation
• FS manual (if the organization decides to have one)
• Among others.
Auditors should conduct this review in an interview with top
management and follow
these issues throughout the audit.
If documented information is not provided, auditors should collect objective evidence that the results
of this activity are consistently reflected in the risk and opportunity review,
external documentation, communication, and other relevant areas of their food safety management system.
I hope that this information provides you with more complete information
and helps you better understand and comply with this sub-clause.
Author:
Ernesto Palomares Hilton.
Comments
Post a Comment
Nombre:
País:
Comentarios: