FSSC 22000

The FSSC 22000 certification is managed by a protocol published by the FSSC Foundation, which defines the different requirements applicable to certified companies, certification bodies and accreditation services.   This protocol has evolved towards version 4 in order to be in line with the requirements of the GFSI (Global Food Safety Initiative). FSSC certification is still based on ISO 22000 and the PRP standard. (Ex ISO TS 22002-1) (Food Manufacturing).

The main changes to consider are:

The implementation of new requirements for the establishment of a Food Fraud and Food Defense systems.

• Mandatory conduct of at least one of the unannounced surveillance audits.
• Increasing the duration of audits with an average 4 – 8 hours per year and per site.
• A change in the definition of non-conformities, with the appearance of critical non-conformity and the disappearance of the notion of "remark" or "recommendation". The definitions of major and minor non-conformities remain unchanged.

The version 4 protocol is applicable from 1st January 2018. This means that all the audits that will be carried out in 2018 will have to be done according to the new requirements.  

However, you can choose to "upgrade" your current certification to version 4, starting in October 2017.

Your current certificate remains valid until the new version 4 certificate is established.

If the 2018 audit is a surveillance audit (year 1 or 2), there is no requirement to recertify, but simply to perform the surveillance audit on dates agreed with your auditor, adding a few hours - more generally from 4 to 8 hours in order to audit the new requirements of V4. This audit will be called an "upgrade audit". You will receive a new contract demonstrating the additional time which will be valid for the balance of the initial certification cycle. Following this audit, if certification is maintained, ProCert will issue a new FSSC V4 certificate, with the same expiration dates as your current version 3 certificate.

It is entirely possible to grant FSSC version 3 certification until 31 December 2017. In this case the audit phase 2 or the recertification audit must take place before 15 November 2017. The migration to the version 4 will then be carried out in 2018 during the surveillance audit.

Do not hesitate to contact your Market Manager for an offer in this regard.

The new   protocol requires that at least one of the surveillance audits be unannounced. The company may decide that the two surveillance audits are unannounced.

The auditor will be able to renew the non-conformities still open in minor or major depending on the causes. We recommend that you close them within 6 months after the audit.  

No, in this case, your surveillance audit will be an "upgrade" audit, it will be conducted normally according to the scheduled dates.

However, if the audit of 2019 is also a surveillance audit, it will in this case be conducted an unannounced audit in accordance with the requirements of protocol version 4.

Your (re)certification audit will be conducted according to version 4 and new contract will be established with the new auditing durations. The 2018 audit will be planned and announced as usual but at least one of the monitoring audits in 2019 and / or 2020 will have to be carried out unannounced.

Completely. The FSSC audits according to version 4 can be combined as usual, while respecting the specifications and requirements of the FSSC protocol. So these ISO type audits will be conducted as unannounced audits. This question must be still clarified before a new certification contract.

FSSC surveillance audits can be combined with an IFS and / or BRC audit, but recertification audits will always be announced and therefore can not be combined with an unannounced audit.   Here is an example of a certification cycle:

• 2018: Two different audits; An announced FSSC recertification audit and another IFS and / or BRC unannounced audit.
• 2019 and 2020, one audit per year, combined FSSC / IFS/BRC unannounced audit.

The head office that manages central functions or processes will always be audited normally, with an announced and planned audit. The production sites will have unannounced audits as required by the FSSC V4 protocol. It is recommended that the head office audit be carried out first.