FSSC 22000

The FSSC 22000 certification is managed by a protocol published by the FSSC Foundation, which defines the different requirements applicable to certified companies, certification bodies and accreditation services.   This protocol has evolved towards version 4 in order to be in line with the requirements of the GFSI (Global Food Safety Initiative). FSSC certification is still based on ISO 22000 and the PRP standard. (Ex ISO TS 22002-1) (Food Manufacturing).

The main changes to consider are:

The implementation of new requirements for the establishment of a Food Fraud and Food Defense systems.

• Mandatory conduct of at least one of the unannounced surveillance audits.
• Increasing the duration of audits with an average 4 – 8 hours per year and per site.
• A change in the definition of non-conformities, with the appearance of critical non-conformity and the disappearance of the notion of "remark" or "recommendation". The definitions of major and minor non-conformities remain unchanged.

It is a non-conformity that is observed when there is a direct consequence on food safety during the audit or when the legality and / or integrity of the certification is at stake.

Cela engendre une suspension immédiate du certificat. Mais l’audit sera finalisé comme prévu selon le plan d’audit. Un audit complémentaire devra être conduit dans une période maximale de 6 mois pour vérifier la clôture de la non-conformité critique.

Par contre si la non-conformité critique est constatée lors d’un audit de (re)certification ou un audit phase 2, c’est tout l’audit qui devra être refait.  

The version 4 protocol is applicable from 1st January 2018. This means that all the audits that will be carried out in 2018 will have to be done according to the new requirements.  

However, you can choose to "upgrade" your current certification to version 4, starting in October 2017.

Your current certificate remains valid until the new version 4 certificate is established.

If the 2018 audit is a surveillance audit (year 1 or 2), there is no requirement to recertify, but simply to perform the surveillance audit on dates agreed with your auditor, adding a few hours - more generally from 4 to 8 hours in order to audit the new requirements of V4. This audit will be called an "upgrade audit". You will receive a new contract demonstrating the additional time which will be valid for the balance of the initial certification cycle. Following this audit, if certification is maintained, ProCert will issue a new FSSC V4 certificate, with the same expiration dates as your current version 3 certificate.

It is entirely possible to grant FSSC version 3 certification until 31 December 2017. In this case the audit phase 2 or the recertification audit must take place before 15 November 2017. The migration to the version 4 will then be carried out in 2018 during the surveillance audit.

Do not hesitate to contact your Market Manager for an offer in this regard.

The new   protocol requires that at least one of the surveillance audits be unannounced. The company may decide that the two surveillance audits are unannounced.

It depends on the current certification FSSC 22000 version 3:

See attachement

It is up to the certification body to choose which surveillance audit will be unannounced. This is communicated to you when the certificate is issued an will be carried out 6-12 months after the last audit. You may decide to conduct the two unannounced surveillance audits.

The auditor will be able to renew the non-conformities still open in minor or major depending on the causes. We recommend that you close them within 6 months after the audit.  

No, in this case, your surveillance audit will be an "upgrade" audit, it will be conducted normally according to the scheduled dates.

However, if the audit of 2019 is also a surveillance audit, it will in this case be conducted an unannounced audit in accordance with the requirements of protocol version 4.

Your (re)certification audit will be conducted according to version 4 and new contract will be established with the new auditing durations. The 2018 audit will be planned and announced as usual but at least one of the monitoring audits in 2019 and / or 2020 will have to be carried out unannounced.

Completely. The FSSC audits according to version 4 can be combined as usual, while respecting the specifications and requirements of the FSSC protocol. So these ISO type audits will be conducted as unannounced audits. This question must be still clarified before a new certification contract.

FSSC surveillance audits can be combined with an IFS and / or BRC audit, but recertification audits will always be announced and therefore can not be combined with an unannounced audit.   Here is an example of a certification cycle:

• 2018: Two different audits; An announced FSSC recertification audit and another IFS and / or BRC unannounced audit.
• 2019 and 2020, one audit per year, combined FSSC / IFS/BRC unannounced audit.

The FSSC protocol does not have specific rules on this subject, but ProCert invites you to communicate to your Market Manager the planned days during which an unannounced audit cannot take place. This should inculde aspects such as shut downs due to maintenance, annlual closures or any other important events. Nevertheless, it is also important to know that as long as the manufacturing lines are working, the audit could take place.

Since the audit must start with the site and manufacturing facility visit, it is essential that the auditor assess these aspects immediately, however, it is not mandatory that all products are in the process of being manufactured, The audit can take place on at least one of the lines.

Also, if a key person is absent, his or her replacement may be audited in his place.

The FSSC surveillance audit must be conducted in an unannounced manner, it is not an option. In your case the production period must be communicated in advance to ProCert in order to perform the audit under the required conditions.

The head office that manages central functions or processes will always be audited normally, with an announced and planned audit. The production sites will have unannounced audits as required by the FSSC V4 protocol. It is recommended that the head office audit be carried out first.

Secondary sites considered as off-site as well as off-site storage premises must also be subject to an unannounced audit with the main site. (Same audit, same report).

Yes, the new protocol requires that an auditor can only carry out two certification cycles. The same auditor will be able to audit the same company only 6 times. This cycle starts for audits in version 4, this rule is not retroactive. For comparison, other standards impose a cycle of three consecutive years.

This is a combined certification, FSSC 22000 and ISO 9001.

Q for Quality. The audit is performed by the same auditor, in accordance with the requirements of both standards, as well as the additional requirements of the FSSC protocol.

When certification is granted, a certificate "FSSC 22000-Quality" is published.

The primary focus of FSSC 22000 is consumer health. Quality is also additionally included with FSSC 22000-Q.

The examples that you give do have an impact on consumer health. Horse-meat can contain residues which are harmful for consumer health. Cheap olive oil (depending on its origin) can contain residues that have an effect on human health. Intentional adulteration always has a potential effect on human health or product integrity (consumer trust).
Intentional adulteration shall therefor always be taken into consideration with regard to food fraud.