ISO 22000:2018 – 5.2.1 -Establishing the food safety policy – Part 1

 



Welcome back to this blog. I hope that the information presented here is interesting for you, that it somewhat enriches your knowledge of   ISO 22000:2018 standard and its requirements.

 

In this entry I am starting the analysis of the groups of requirements corresponding to Sub-clause 5.2 – Policy of this standard, so I will start with Section 5.2.1 - Establishing the food safety policy. There are many and very important requirements included in this section, so in this post I will analyze approximately half of them, and the rest, in a second part, in other entry.

 

However, before beginning with this analysis of the requirements of Section 5.2.1, I believe it is important to present to you some useful preliminary information for a better understanding and application of the requirements of this Sub-clause 5.2, and of which little is mentioned in relation to this ISO 22000 standard.

 

First of all, it is important to consider that in its Clause 3 - Terms and definitions, this standard, in its subsection 3.34, presents the term "policy" and defines it as follows:

 



We can understand this, in a better way, if we consider that intention is a term which means what one intends to accomplish or attain; and we can understand by direction: guidance or supervision of action or conduct.

 

These terms lead us to consider that the policy, in this case of food safety, should integrate a series of elements: on the one hand, those that identify the "intentions" of the organization in terms of food safety, which can be from a single one, to all those that the organization can identify as desirable or necessary. On the other hand, this policy should integrate as well, all the direction elements that it considers relevant in this matter of food safety.

 

The top management of an organization that establishes a food safety management system in compliance with ISO 22000 standard, should take into account that the food safety policy is a strategic element of great importance so that said system can be of value to the organization itself. In fact, for the food safety management system, the food safety policy is the most important strategic element, because all other activities that are going to be carried out within that system should be aimed at complying with that policy. Of course that there are strategic elements of a higher level than this policy, such as the mission, vision and values, but these are above this management system, and it is the policy that should be aligned with those elements.

 

Similarly, it is very important to understand that this food safety policy is a statement that should be issued by top management and contain various components, including intentions and direction elements, in accordance with the requirements of this Section 5.2.1.

 

However, a common flaw in organizations that apply these food safety management systems, based on the ISO 22000: 2018 standard, is that the food safety policy they establish are not elements generated by top management, but rather by some operational-type mid-level official, perhaps with the participation of some technical manager and, therefore, these policies do not integrate either the intentions or the direction elements that should be established and formally expressed by top management. So, they are elements that do not really make up a food safety policy, according these requirements, but some statement that contains some phrases, more motivational than guiding, with the intention of meeting with a requirement of the standard, but that are far from complying with all requirements established for said policy. In most of these cases, these policies do not meet the definition presented above, nor do they contain the intentions or the direction elements that can serve as a guide to the entire organization in terms of food safety.

 

After this brief introduction to the subject, we begin with the analysis of the requirements related to the food safety policy that I will analyze in this post, and which are the following:

 





 

As I have mentioned in other entries regarding analysis of requirements of management system standards, we should be careful when reading these requirements, since the way in which the texts are presented in these standards, when separating each requirement individually, seems that these are repeated. However, each of them sets a different specification from the others.

 

As with all requirements derived from Sub-Clause 5.1 – Leadership and commitment, all the requirements of this Section 5.2.1 – Establishment of the food safety policy, have been established for the top management of the organization. In the case of Section 5.2.2 – Communication of the food safety policy, its derived requirements refer to food safety policy, although its application falls partially on top management, but also on other members of the organization.

 

We should be aware that the most costly, but also perhaps the most common (and often unidentified) deficiency in the operation of management systems based on standards is the lack of commitment from top management.

 

There may be a wide variety of failures in management systems, and they may often be identified and corrected. But the identification of failures by top management is very complicated, both because of the ignorance of the personnel and even of auditors, as well as possibly because of the fear of receiving reprisals.

 

Paradoxically, those who should be more aware of and committed to these management systems are the ones who least comply with the responsibilities assigned to them by these standards. This is partly because they don't know the standards well, they can't identify the responsibilities assigned to them, and those responsible for operating these systems either don't know them, or don't dare enforce those responsibilities. Auditors, both internal and external, are also responsible for these deficiencies, who generally ask them very generic questions about the leadership they exercise, but usually do not ask specific questions that can reveal these failures. And the same happens with the evaluators of certification bodies, who, due to ignorance of these issues, I suppose, prefer to focus on evaluating the operational and methodological aspects of the management systems than evaluating compliance with the responsibilities of top management.


The ISO 22000:2018 standard establishes the following requirements derived from the Section 5.2.1, and I present them with the corresponding progressive numbering, as I have been presenting all the requirements of this standard that I have been analyzing.

 

Requirement No. 52: Top management shall establish a food safety policy that is appropriate to the purpose of the organization.

 

The first thing that this requirement establishes, and that is repeated in some subsequent ones that correspond to this sub-clause, is that top management should establish the organization's food safety policy, but it also establishes that it should be appropriate to the purpose of the organization.

 

This leads us to identify the meaning of the word "establish", which we previously did in what corresponds to Sub-clause 4.4 of this standard:

 

 

Based on this definition, top management should develop and institute a food safety policy for the organization by agreement.

 

The second element to consider from this requirement is that this food safety policy should be appropriate to the purpose of the organization. However, a question could enter here: What is the purpose of an organization? How can we find it, understand it or know it?

 

I have not found a single ISO management system standard that defines the concept of purpose, although it is included in all of these standards. But if we look in dictionaries, we may find the following definition:

 


However, in the ISO 9000:2015 standard, which, as I have mentioned in a previous entry, it is important to consult in relation to any management system standard, although its primary orientation is the ISO 9001:2015 standard, for quality management, two terms and their definitions are included that can shed some light on this concept:

 


If we add another term to these two, that is related to them, which is values, this one is not defined in the ISO 9000:2015 standard, but whose definition appears in the ISO 22316:2017 standard - Security and resilience - Organizational resilience - Principles and attributes, and is as follows:

 


We can consider that the purpose of an organization is identified from two key strategic elements for any organization, which are the mission and the vision, which may be accompanied by another element that we can consider as complementary, such as values, but which is important in guiding and supporting the behavior of the entire organization. These elements should be established by the owners and would mean why the organization was created (fundamental goal), and what would be the expectations of its performance in a certain period of time.

 

The fact that an organization should have identified a mission, vision and values, does not mean that they are specific requirements of the ISO 22000 standard, nor of any management system standard, since it is considered that every organization should have these elements identified and documented, and that they should be accessible to its entire staff. Also, it is considered that an organization could not perform in a successful way if it does not have these primary strategic elements. These elements can also be modified, either to redefine them, enrich them, or to redirect them.

 

It would be expected that this purpose would establish the reason that justifies the existence of an organization based on three elements: its profits, its impact on society, and its impact on the people that comprise it.

 

Once the concept of purpose is understood, top management should ensure that the food safety policy is appropriate and aligned with these elements. This would mean that by consistently applying and complying with this policy, the organization would be getting closer to fulfilling that purpose.

 

If we make the corresponding adjustment to the ISO 22000 standard, the technical specification ISO/TS 9001:2018 - Quality management systems — Guidelines for the application of the ISO 9001:2015 indicates that in order to establish the food safety policy, entries such as the following may be taken into account:

 

— a clear understanding of the context of the organization, including the current performance of its management system and the needs and expectations of its relevant interested parties;

— the organization’s strategic direction, based on its mission, vision, guiding principles and core values;

— the level and type of future improvements needed for the organization to be successful;

— the expected degree of customer satisfaction;

— the resources needed to meet intended results;

— the potential contributions of relevant interested parties.

 

Requirement No. 53: Top management shall establish a food safety policy that is appropriate to the context of the organization.

 

We already saw with the previous requirement what it means for top management to establish a food safety policy. In addition to that, the requirement establishes that this policy is appropriate to the context of the organization.

 

For this, it is good to remember what the context of the organization means, in accordance with the ISO 9000:2015 standard.

 


This definition in the ISO 9000:2015 standard contains four notes, which contain important complementary information, and I present below:

 

Note 1 to entry: The objectives of the organization may be related to its products and services, investments and behavior towards its interested parties.

 

Note 2 to entry: The concept of context of the organization is equally applicable to not-for-profit or public service organizations as it is to those seeking profit.

 

Note 3 to entry: In English, this concept is often referred to by other terms, such as “business environment”, “organizational environment” or “ecosystem for an organization”.

 

Note 4 to entry: Understanding the infrastructure can help to define the context of the organization.

 

Thus, this requirement indicates that this food safety policy should be appropriate to this context of the organization, considering the internal and external issues, determined by the organization, that are relevant to its purpose and that affect its ability to achieve the expected results of its food safety management system, as set out in ISO 22000 Sub-Clause 4.1. It should consider what the organization has determined in terms of the needs and expectations of its interested parties, as set out in Sub-Clause 4.2. This policy should also consider the scope of the FSMS, as established in Sub-clause 4.3, and also the characteristics of the FSMS itself, as established in Sub-clause 4.4 of this standard.

 

Requirement No. 54: Top management shall implement a food safety policy that is appropriate to the purpose of the organization.

 

What this requirement tells us is that once top management has established the food safety policy, the very same top management should implement it. For this, I present the definition of this term:

 


Based on this definition, we can understand that top management should apply, and ensure that it is applied throughout the organization, at all relevant levels and functions, each of the elements (intentions and direction elements) that make up said policy, and that they are appropriate to the purpose of the organization.

 

Requirement No. 55: Top management shall implement a food safety policy that is appropriate to the context of the organization.

 

With the previous requirement we already saw what the term implement means. Based on this definition, we can understand that top management should apply, and ensure that it is applied throughout the organization, at all relevant levels and functions, each of the elements (intentions and direction elements) that make up said policy, and that they are appropriate to the context of the organization.

 

Requirement No. 56: Top management shall maintain a food safety policy that is appropriate to the purpose of the organization.

 

What this requirement tells us is that once top management has established and implemented the food safety policy, the same top management should maintain it. For this, I present the definition of this term:

 


This means that top management should preserve the food safety policy, in the face of any adjustment that must be made, for any change that may exist in relation to the purpose of the organization, in order for this policy to keep its validity over time, and remains applicable for all relevant functions and levels.

 

Requirement No. 57: Top management shall maintain a food safety policy that is appropriate to the context of the organization.

 

With the previous requirement we saw what the term maintain means. Based on this definition, top management should preserve the food safety policy for any change that may occur in relation to the context of the organization, in order for this policy to keep its validity over time, and remains applicable for all relevant functions and levels.

 

Requirement No. 58: Top management shall establish a food safety policy that provides a framework for setting the objectives of the FSMS.

 

This requirement also refers to the establishment of the food safety policy by top management, as we saw previously with the requirements with progressive numbering 52 and 53, but in particular this one requires that the aforementioned policy provide a framework to establish the objectives of the FSMS.

 

If you have read the ISO 22000:2018 standard, you may know that there is a Clause 6 Planning, dedicated to this topic of FSMS Planning. However, what we should understand with this requirement No. 58 is that the food safety policy should establish the basis for that planning. The important point in relation to this is: How can we identify that framework, within the policy, to establish the objectives for this system?

 

Remember that in developing and issuing management system standards, ISO has not been inventing new things. This is no its function. ISO has been integrating knowledge that for more than a hundred years has been developed in management area, since the concepts of scientific management to date. The most valuable thing about these standards is that they have identified some very valuable elements of administrative process as requirements of standards for integrating a management system so that an organization which implements it is able to build confidence in its performance.

 

It is considered that for an organization to establish its objectives (specific, or quantifiable), within any productive system, it should be able to count on some strategic elements as a framework.

 

We have already mentioned what the mission, vision and values are, as well as the importance they have for identifying the purpose of the organization, that is, the justification for the existence of the organization, what they intend to achieve in the future, in a determined time and with what bases of behavior accepted by the organization itself.

 

These elements are of a general type, basic for any organization, and do not have to refer to any particular management system. From this, the top management should break down this purpose and specify other strategic elements, from general to particular, so that all corresponding areas, functions and levels of the organization participate actively to achieve this purpose.

 

After those three elements already mentioned (mission, vision and values), the next strategic level is commonly known as general objectives. Top management should identify all the general objectives, or global intentions, that are necessary for the organization to fulfill its purpose. As the name implies, these objectives have a fairly broad coverage and do not need to be quantifiable. They can refer to any relevant item, such as productive areas of interest, investment and profit aspects, technological focus, among others, but it is important that there is, at least, one of them related to the food safety management system.

 

The next strategic level is known as policies, which are the guidelines and direction elements that the organization establishes as general behavior guides for all the organization's personnel.

 

With respect to this requirement of the standard, what is needed is that top management issues a documented statement, which the standard calls the food safety policy, which should be made up of all the general objectives (intentions) and all the policies (guidelines or direction elements) that guide the entire organization towards where it is going to advance and what is expected to be achieved in terms of food safety.

 

I understand that since the first version of the ISO 9001 standard was developed, which was published in 1987, it was considered to use the term global intentions instead of general objectives, even though the concept was the same, to avoid confusion between the different levels. of objectives (general or specific), as well as using the term guidelines, and in the current version, direction, instead of policies, to leave this term as an identification of the requirement and the statement for the basic strategic element of these management systems based on standards.

 

Based on these elements that make up the food safety policy, the corresponding planning areas will have the appropriate framework so that from each identified intention or general objective in the aforementioned policy, all the objectives (specific) necessary to meet that intention, can be displayed, so that from each one of these objectives the planning of all the necessary activities to meet it can be developed. If an organization achieve all its objectives following the established guidelines, all the intentions are fulfilled (general objectives), and with that, will achieve its purpose.

 

Requirement No. 59: Top management shall establish a food safety policy that provides a framework for reviewing the objectives of the FSMS.

 

Like the previous requirement, this one also refers to the establishment of the food safety policy by top management, as we also saw previously in the requirements No. 52 and 53, but in particular this one requires that the said policy provides a framework to review the objectives of the FSMS.

 

To meet this requirement, the food safety policy should provide a framework that favors the review of the FSMS objectives.

 

For this, we should take into consideration that all these strategic elements that have been mentioned here, the mission, vision, values, intentions (general objectives) and direction (guidelines or policies) are timeless, or we could call them permanent, that is, they do not have a date for its validity or compliance. That is why they should be reviewed at certain intervals, so that the organization can assess if each of these elements will be maintained as originally established, if it continues to be valuable, if it is canceled or if it requires some modification, either to make it more or less strict. The intentions and direction that make up the policy should provide that framework to carry out this review of the objectives of the FSMS.

 

Requirement No. 60: Top management shall implement a food safety policy that provides a framework for setting the objectives of the FSMS.

 

This requirement also refers to the implementation of the food safety policy by top management; as we also saw previously in requirements No. 54 and 55, but in particular this one requires that when the aforementioned policy is implemented, it provides an appropriate framework to establish the FSMS objectives.

 

Requirement No. 61: Top management shall implement a food safety policy that provides a framework for reviewing the objectives of the FSMS.

 

This requirement also refers to the implementation of the food safety policy by top management, like the previous one and as we also saw previously in requirements No. 54 and 55, but in this one it requires that when implemented the aforementioned policy, it provides an appropriate framework to review the FSMS objectives. We have already seen what the policy implementation and FSMS objectives´ revision mean.

 

Requirement No. 62: Top management shall maintain a food safety policy that provides a framework for setting the objectives of the FSMS.

 

This requirement also refers to maintaining the food safety policy by top management, as we also saw previously in the requirements with numbers 56 and 57, but in particular this requires that, when the aforementioned policy is maintained, it continues providing an appropriate framework to establish the FSMS objectives.

 

Requirement No. 63: Top management shall maintain a food safety policy that provides a framework for reviewing the objectives of the FSMS.

 

This requirement also refers to the maintenance of the food safety policy by top management, like the previous one and as we also saw previously in the requirements with numbers 56 and 57, but in this one it requires that when the said policy is maintained, it continues providing an appropriate framework to review the FSMS objectives.

 

I will be grateful to the readers who upload their doubts or comments about this analysis. In the next entry I will conclude with the analysis of these requirements derived from Sub-clause 5.2.1 of the ISO 22000:2018 standard.

 

Author:

 

Ernesto Palomares Hilton


Comments