Welcome back to this blog. As you have probably seen, I have been carrying out a detailed analysis of the requirements of some management system standards, and I do this by applying an approach that may seem excessive at first, but from my personal point of view it is the correct approach to be able to understand, apply, demonstrate, verify, audit and appropriately improve compliance with each of the requirements established by these standards. And as I have also previously mentioned, I do this exercise because I am convinced that very few people, including trainers, leaders in the implementation of this type of system in organizations, qualified auditors and even evaluators of certification bodies have taken the interest in identifying in a clear way the variety of requirements contained in these standards, and in their daily use they fail to consider and fail to comply with several of them.
Already in
the previous entry I analyzed the requirements corresponding to Sub-clause 4.3 Determination of the scope of the
food safety management system of this ISO 22000:2018 standard (If you wish to access this entry, please clickhere).
In this post
I begin the analysis of Sub-clause 4.4
of the ISO 22000:2018 standard. This sub-clause presents a
situation similar to others that make up Clause 4 of this standard, that is, many people do
not fully understand it, so they apply it poorly. There are many people who
believe that this sub-clause is one of the easiest to accomplish of the entire standard, since it refers to the food safety
management system itself, with
which they would be working, as well as their processes, but we cannot leave aside, it is undoubtedly the most
complex sub-clause and I could say the most important of all those
that make up this standard. I know, and I have mentioned it in previous posts, that all the sub-clauses and all the requirements are important and that there is not one that we
can neglect. But this sub-clause covers the entire food safety management system, as well as all the processes that comprise it, which gives it a unique breadth and
relevance. That is why it is worth analyzing and understanding each one of the requirements that make up this Sub-clause 4.4
in order to fully comply with all of them.
In order to
carry out this analysis, I will start in the way I have started with Sub-clauses 4.1 to 4.3 that I have
previously analyzed, that is, breaking down this Subclause 4.4, identifying, in the best possible way, each of the requirements that derive from it, following up to the
progressive numbering of these.
As we can
see, this group of requirements focuses on two types of elements: the food safety management system, and its processes.
As you
probably know, there is a supporting technical specification for understanding the requirements of ISO 9001:2015, published
by ISO, called TS ISO 9002:2016. This ISO 9001 standard, by the fact
that it was the first management system standard to have been
published, has the advantage over the other management systems standards that have been issued after it, in that they have
generated supporting documents that the others have not, since it is intended
that the standards do not repeat information. That is why, if you want
to establish a management system based on a standard after the one mentioned, as would be the case of ISO 22000, which is our current topic, it is advisable to review that support information from ISO 9001, and when convenient, extrapolate that
information, with the appropriate adjustments, to our standard in question, in this case ISO 22000.
In order to be able to use this supporting information from ISO 9001 in a valuable way, it is important to know the requirements of this standard, because sometimes it differs in the presentation and wording of some of those requirements with the other management system standards, even though they have been prepared under the harmonized structure, or called in some documents as high level structure, in which the structure and some identical texts are maintained, within the wording, to facilitate the application of management systems called integrated.
So, if we
extrapolate for the ISO 22000 standard the information from TS ISO 9002:2016, the intention of subclause 4.4.- Food safety management system and
its processes is, for the organization, to determine the necessary processes
for its food safety management system in accordance with ISO 22000: 2018. This includes not only the processes
for the production and provision of services, but also the processes necessary for the effective implementation of the system, such as internal
audits, management review and others (including processes performed by external providers).
The ISO 9001:
2015 standard contains 25
specific requirements, in this Sub-clause 4.4 about processes of the quality management
system, which does not contain the ISO 22000:
2018 in that
corresponding sub-clause. In fact, the specific requirements contained in this standard about processes are found in Sub-clause 8.1-
Planning and operational control, so it will
be when analyzing that sub-clause that we will see them in detail.
Suffice it to
mention for now, with respect to processes,
that the use of the process approach
is a requirement of ISO 22000:2018.
Additionally,
within the so-called "Principles of
quality management" indicated in the ISO 9000:2015 standard, which were later called the "Principles
of management" that apply to all management system standards, including ISO 22000, and among which the following is included, already considered for the food safety
management system:
The ISO 22000:2018 standard, by itself, in Subsection 0.3.- Process approach, promotes the adoption of a process approach when developing, implementing and improving the effectiveness of a food safety management system and improving its effectiveness for increase production of safe products and services while meeting applicable requirements. Understanding and managing interrelated processes as a system contributes to the effectiveness and efficiency of the organization in achieving its intended results. The process approach involves the systematic definition and management of processes, and their interactions, in order to achieve the expected results in accordance with the food safety policy and the strategic direction of the organization. The management of the processes and the system as a whole can be achieved using the PDCA cycle, with an overall approach of risk-based thinking aimed at seizing opportunities and preventing undesired results. Recognition of the organization's role and position within the food chain is essential to ensure effective interactive communication throughout the food chain.
The
description of the process approach
in the "Introduction
section" of ISO 22000 is purely informative and does not introduce any
additional requirements on its own, but it is useful for understanding how
the process approach is implemented
in this standard. The following image
(similar to figure 1 of the "Introduction
section" of ISO 9001) provides us with a good description for the
understanding of a single process.
However, if
we read and analyze this Sub-clause 4.4, we can identify that before referring to the processes, the requirements indicate what an organization should meet in terms of a food safety
management system are
initially mentioned.
With this
information we then begin the identification and analysis of the requirements of this Sub-clause 4.4.
Requirement No. 32: "The organization shall establish a food safety management system, including the necessary processes and their interactions, in accordance with the requirements of this standard."
When applying this requirement, it is quite common that organizations do not clearly understand what the requirement really indicates, so it is not easy for them to find a way to comply with it in a specific way, and even less to be able to demonstrate their appropriate compliance and show evidence of it. That is why, repeatedly in the verification and audit processes of these systems, many doubts are generated about whether compliance with the requirement is correct or not, as well as, where appropriate, how to identify and write a possible non-conformity, and even worse, how to plan, establish and verify the result of a corrective action.
From my point of view, it is important that all people with direct responsibilities within a food safety management system, first understand the concept of what precisely this food safety management system is, as well as its elements, and the meaning of terms this standard includes in its requirements, as “establish”, and all the relevant terms included in them.
Curiously,
this term "establish", which is so important for the use or application of the whole standard and this particular requirement, is not included among the terms to be defined in the ISO
9000:2015 standard, nor in the ISO 22000
standard, and not even in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. ISO 9000:2015 contains in Sub-section 3.4.3, the term: "quality management
system realization", which is
defined as follows: 'Process
of establishing, documenting, implementing, maintaining and continually improving
of a quality management system [ORIGIN: ISO 10019:2005]'.
Thus, it is
convenient for us to analyze the meaning of this term in accordance with a
recognized dictionary, for which, consulting the Merriam-Webster Dictionary, we
find that the definition of this term is:
In this way,
based on the meaning of this term and the original wording, we can understand,
therefore, that the organization should somehow bring into existence a food safety management system, in an orderly or determined manner, including the
necessary processes and their
interactions, in accordance with all requirements of this standard.
After having
correctly identified this requirement, the next step is to define how an organization can meet it. For this, it should initially have
the decision of top management to establish said food safety management system, and with which it also commits to provide the
necessary resources for its development, documentation and operation, as well
as to comply with the responsibilities
assigned to it within that system. It is
important that this decision is documented in some way and is kept as evidence.
In the same way, it is important to point out that this food safety
management system should be in compliance with all the requirements of the ISO 22000 standard in its current version, which is actually the one
issued in 2018, so the organization should document the identification of requirements of this standard, as well as the way in
which all those will be fulfilled. To document all these
elements, it is very useful to generate and maintain a food safety
management manual, or an
equivalent document, in which these identifications and descriptions could be specified.
One of the
most important characteristics of this standard, already mentioned before, is that it was developed under a process approach, so the organization should identify and manage its relevant
processes, as well as their interactions, within its food safety
management system.
Requirement No. 33: "The organization shall
implement a food safety management system, including the necessary processes and their interactions, in accordance with the requirements of this standard."
For many
people, this requirement
No. 33 is identical
to the previous one, No. 32, which leads
them to make mistakes when complying with it. If we look closely, these two requirements, like others subsequent ones, use the same wording,
because that is how the sub-clause
of the standard presents them, but they differ from each other just by a word (a verb),
which obviously changes the meaning for each one of these requirements. Similar situations occur repeatedly throughout
the standard and we should be careful
not to get confused.
Returning to
this requirement, it is easy to identify the term that
differentiates it from the previous one, and to understand that “implement” is not the same as “establish”. We have previously seen what the term "establish" means, but in relation to "implement" something similar happens as with the previous one,
that is, it is not defined in the ISO 9000:2015 standard, nor in the ISO 22000 standard:2018, and neither in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. For this we
have to resort, in the same way, to the use of a dictionary. If we consult the Merriam-Webster
Dictionary, we find that the definition of this term is:
So, if we go back to our requirement No. 33 already presented, but substitute the term in question for its meaning, it would read as follows: "the organization shall carry out, or accomplish, a food safety management system, to give practical effect to and ensure of actual fulfillment by concrete measures, including the necessary processes and their interactions, in accordance with the requirements of this standard."
Analyzed in
this way, we see that in order for an organization to accomplish this requirement, it should, once it has established
its food safety management system, apply the appropriate measures and methods to put the entire management
system into
operation. For this, it will be necessary that all the processes that are part of this system are operating and are managed appropriately.
Requirement, No. 34: "The organization shall
maintain a food
safety management system, including the necessary processes and their interactions, in accordance with the requirements of this standard."
As with the two previous requirements, we find an identical wording, with the exception of the term "maintain", which is not defined in the ISO 9000:2015 standard, nor in ISO 22000, and neither in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. Like the cases of the previous requirements in this Sub-clause 4.4 of the ISO 9001:2015 standard, when consulting the Merriam-Webster Dictionary, we find a meaning of this term:
Thus, if we transfer these definitions to the aforementioned requirement No. 34, its wording would reasonably be as follows: "the organization shall keep in an existing state, as of efficiency or validity, a food safety management system, preserving it from failure or decline, including the processes necessary and their interactions, in accordance with the requirements of this standard”.
When
analyzing the requirement
under this wording, in order for an organization to comply with it, it should, after having established a food safety management system, including the necessary processes and their interactions, comply with the requirements of
the ISO 22000 standard, and after
having implemented it, continue with
the operation of said system, considering
the passage of time, changes in the organization, in the requirements or in the support standard itself, as well as the changes generated by corrections, corrective and
improvement actions, in order to keep this food safety management system in its existing state, as of efficiency or
validity, preserving it from failure or decline.
Requirement No. 35: the organization shall
continuously improve a food safety
management system, including
the necessary processes and their
interactions, in accordance with the requirements of this standard.
This means
that, once the organization has established,
implemented and maintained a food safety management system, in accordance with the requirements that we saw previously, it should carry out
activities or processes that lead it
to obtain, in accordance with this one, continuously, better results of this
entire system.
The ISO 22000: 2018 standard incorporates a definition for the following term in its subsection 3.7 "Continuous improvement":
This standard does not have more information about this definition, but the ISO 9000:2015 standard includes this same definition in its Subsection 3.3.2, but this one includes two explanatory notes that I present here to you, hoping the first of them will help you to better understand this specific process:
Note 1 to entry: The process
(3.4.1) of establishing objectives (3.7.1) and finding opportunities for improvement (3.3.1) is a continual process
through the use of audit findings (3.13.9) and audit
conclusions (3.13.10), analysis of data
(3.8.1), management (3.3.3) reviews (3.11.2) or other means and generally leads to corrective action (3.12.2) or preventive
action (3.12.1).
Note 2 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. The original definition has been modified by adding Note 1 to entry.
With this information, we can consider that to meet this requirement, as well as to demonstrate its compliance, the organization should apply these recurring activities to improve performance and show evidence of them, as well as demonstrate that the organization has continuously improved its performance, identifying higher objectives, and with better results in their performance.
In the next
entry I will start with the analysis of the requirements of Clause
No. 5 - Leadership.
Author:
Ernesto Palomares Hilton
Comments
Post a Comment
Nombre:
País:
Comentarios: