Food Safety System Certification (FSSC) 22000 is a complete Global Food Safety Initiative (GFSI)-benchmarked certification scheme that is aligned with the ISO management system approach and harmonized structure. The first version of FSSC 22000 was published in 2009, and more than 16,000 sites have been certified under the scheme since.

On March 31, 2023, the Foundation FSSC published the most recent version of the FSSC 22000 scheme (FSSC V6.0) to:

• Integrate the requirements of ISO 22003-1:2022.
• Strengthen the requirements to support organizations in their contributions to meeting the United Nations’ Sustainable Development Goals.
• Incorporate feedback from the FSSC 22000 V6.0 development survey.

Overview of Changes

Foundation FSSC has set a 12-month period—between April 1, 2023 and March 31, 2024— for companies to transition from V5.1 to V6.0. In addition to changes in some of the requirements (as outlined below), V6.0 includes a realignment of the Food Chain Categories in accordance with ISO 22003-1:2022 and GFSI requirements (i.e., including Trading and Brokering (FII) and removing Farming (A)). Among others, some of the significant changes to the requirements include the following:

Food safety and quality culture. As we are seeing with other GFSI certification schemes, ISO management systems, and the FDA New Era of Smarter Food Safety, culture requirements are becoming more prominent. FSSC 22000 V6.0 requires senior management to “establish, implement, and maintain a food safety and quality culture objective as part of the management system,” addressing the following elements at a minimum: communication, training, employee feedback and engagement, and performance measurement of defined activities.

In addition, organizations must develop and implement a a documented food safety and quality culture plan that outlines objectives and timelines and follows the management system process of continuous improvement (i.e., plan-do-check-act (PDCA)).

Quality control. Quality control is a new clause of FSSC 22000 V6.0 that aligns with clauses 5.2 and 6.2 of ISO 22000:2018. Under this clause, organizations must establish, implement, and maintain a quality policy, objectives, and parameters in line with finished product specifications for all products within the scope of certification. As part of the quality program, organizations also need to establish and implement quality control and line startup and changeover procedures to ensure products meet customer and legal requirements.

Food loss and waste. The regulatory community has identified the lack of circularity in the food industry and a real need for addressing food waste. FSSC V6.0 now requires organizations to develop a documented policy with objectives and detailed strategy to reduce food loss and waste within the organization and the related supply chain.

Equipment management. Organizations must establish and implement a risk-based change management process for new equipment and/or any changes to existing equipment. This includes having documented purchase specifications to address such things as hygienic design, legal and customer requirements, and intended use of the equipment.

Allergen management. The requirement to have a documented allergen management plan is not new to V6.0. However, in addition to a including a risk assessment of all potential sources of allergen cross-contamination and related control measures, V6.0 now requires validation and verification of control measures; precautionary or warning labels as an outcome of the risk assessment to identify allergen cross-contamination risks (warning labels do not exempt the organization from implementing allergen control measures/verification testing); allergen awareness and control measures training; and annual review of the allergen management plan.

Environmental monitoring. V6.0 expands on the previous requirements for organizations to have a risk-based environmental monitoring program (EMP) for relevant pathogens, spoilage, and indicator organisms and documented procedures for evaluating the effectiveness of all controls in preventing contamination. V6.0 requires that the EMP must be reviewed for continued effectiveness at least annually, including when specific triggers occur (e.g., significant changes related to products, processes, legislation; when no positive test results have been obtained over an extended period; and when there is a repeat detection of pathogens during routine environmental monitoring).

Validation/verification of packaging claims. When a claim is made on the product label or packaging, the organization must maintain evidence of validation to support the claim and must have verification systems in place to ensure product integrity.

Food defense. V6.0 clarifies and strengthens requirements related to food defense. Organizations now must conduct and document a food defense threat assessment based on defined methodology to identify and evaluate potential threats linked to processes and products. In addition, the food defense plan must be based on the threat assessment, specify mitigation measures and verification procedures, and be implemented and supported by the food safety management system (FSMS).

Food fraud mitigation. Again, V6.0 clarifies and strengthens food fraud mitigation requirements by requiring organizations to conduct and document the food fraud vulnerability assessment to identify potential vulnerabilities and develop and implement appropriate mitigation measures. The food fraud mitigation plan must be based on the vulnerability assessment, specify mitigation measures and verification procedures, and be implemented and supported by the FSMS.

Other requirements. V6.0 also includes clarifications on the requirements for the certification process and implements the addition of a QR Code on FSSC 22000 certificates for improved traceability. It updates Communication Requirements (2.5.17) so organizations must 1) inform the certification body within three days of serious events/situations that may impact the FSMS and/or the integrity of the certification, and then 2) implement corrective measures as part of the emergency response and preparedness process. In addition, the standard requires that major nonconformities must be closed by the certification body within 28 calendar days from the last day of the audit. If this is not possible, the Corrective Action Plan must include temporary measures and controls necessary to mitigate the risk until permanent corrective action can be implemented.

Next Steps

Sites currently certified to FSSC 22000 have a transition period of 12 months to prepare their FSMS to be audited against the V6.0 requirements. The next year affords these organizations the time to assess current FSSC 22000 elements; identify improvements that are internally desirable and/or required by the new V6.0; and implement those updates to reduce nonconformances with FSSC 22000 V6.0. This can be done through a series of phases to ensure adoption throughout the organization:

Phase 1: Internal Assessment. Review existing FSSC 22000 food programs, processes, and procedures; document management systems; and employee training tools and programs to identify those areas in need of updates, development, and/or implementation to meet the requirements of V6.0.

Phase 2: FSMS Updates. Based on the assessment, develop a plan for updating your FSSC 22000 FSMS, including major activities, key milestones, and expected outcomes. This may include updating/developing programs, processes, procedures, and training with missing V6.0 requirements.

Phase 3: Training. To ensure staff are prepared to implement and sustain the updated FSSC 22000 V6.0 program, they must be trained on applicable requirements; specific plans, procedures, and good manufacturing practices (GMPs) developed to achieve compliance; and the certification roadmap to prepare for future assessments.

View the complete FSSC V6.0 standard.