Readers have approached Food Review and asked whether there is a difference between ISO 22000 and SANS 10330. The answer is clearly yes. Juanita Louw, from ProCert Southern Africa helped to clarify.
Is there a difference in the approach in the hazard analysis of ISO 22000 and SANS 10330?
The answer is clearly, yes. The differences will be explained by comparing the clauses of the standards to each other.
Clause 7.4.2 of ISO22000 requires that hazards be identified in relation to the end product (originating from steps in the operation, links in the food chain, process equipment, utilities, services and surroundings). SANS10330 clause 8.7.1 requires that hazards be identified at each step of the food handling process. This aspect provides a key difference, as the significance of hazards in ISO22000 is then evaluated once in the end product, regardless of the step where they occur. Food safety hazards only really have an impact on the final product. With SANS 10330, the same hazard is evaluated for significance various times with different levels of risk, to the extent that it is not possible to determine the significance of each hazard in the end product.
ISO22000 clause 7.4.2.3 further requires that acceptable levels of each food safety hazard in the end product must be determined. Without acceptable levels it would not be possible to evaluate the adequacy of control measures as the evaluation criteria for adequacy (and capability) of the control measure must be to bring the hazard to a level where no direct or indirect harm can be done to the consumer.
SANS10330 clause 8.8 requires the determination of critical control points (CCPs). A significant hazard that cannot be controlled as a CCP is therefore not made the object of special surveillance. This can lead to aberrations, such as the creation of CCPs which are not CCPs by definition. ISO22000 clause 7.4.4 requires that control measures be categorised into either operational prerequisite programmes (oPRPs) or CCPs. oPRPs therefore control significant hazards that are not controlled by CCPs. Control of a food safety hazard could therefore be obtained by the combination of less strict control measures, but in combination provide enough control to ensure a safe end product.
In SANS10330, a decision tree is used to determine CCPs (as per clause 8.8 and Annexure B). It is important to note that this decision tree is not adequate in categorising control measures into CCPs and oPRPs as required by ISO22000. The logical approach that is used for the categorisation of control measures should take into account (amongst others) the likelihood of failure in the functioning of a control measure and the severity of the consequence(s) in the case of failure in its functioning. Furthermore, the Codex decision tree does not have the ability to categorise control measures into oPRPs, as the tree was designed to identify CCPs. Clearly, the Codex decision tree does not make provision for these aspects required by ISO22000.
Validation in SANS10330 clause 8.12.1.1 is aimed to confirm that the critical limit for each CCP is effective and capable of achieving control of the identified food safety hazard(s). Much more is expected around validation by ISO22000, based on the fact that organisations have the freedom to select any control measures they believe would control particular food safety hazards. According to ISO22000 clause 8.2, validation is required to confirm that the selected control measures are capable of achieving the intended control of the food safety hazard(s) for which they are designed and that the control measures are effective and capable of, in combination, ensuring control of the identified food safety hazard(s) to obtain end products that meet the defined acceptable levels.
Is it really possible to conduct a hazard analysis according to SANS10330 methodology and without making any changes to it, meet the requirements of ISO22000? When evaluating the difference in the methodology, surely this cannot be possible.
The South African market is further scared by comments in industry that ‘ISO22000 is too complicated, first do SANS 10330 and move to ISO22000 at a later stage. Nothing could be further from the truth. It takes the same effort to develop a food safety management system, regardless of the standard it is based on. ISO22000 is an international standard that, in combination with ISOTS22002-1 (Pre-requisite programs on food safety – food manufacturing), forms FSSC 22000 or Synergy 22000. For Synergy 22000 also Synergy PRP 22000 is applicable, a PRP standard covering the complete food chain. FSSC 22000 (Food safety system certification) and Synergy 22000 are GFSI-recognised scheme. ISO22000 further provides tighter control over food safety hazards, which seen in the light of brand protection and the new Consumer Protection Act, responsible companies should be confident about.
ISO22000 provides an organisation the opportunity to establish clear and concise communication systems to ensure that the results obtained from monitoring and verification is utilised to generate effective action plans. This allows the organisation to achieve continual improvement by applying their systems in an effective manner.
