ISO 22000 – Sub-clause 4.1 - Understanding the organization and its context (Part 1)


In this post I continue with the analysis of the text of ISO 22000: 2018 standard, that is, of the normative elements that make up its technical body, and which are those that comprise clauses 4 to 10, considering that this standard, as well as each of the requirements established in it, should generate value for the organization that correctly implements them within its food safety management system.


The clause 4 of this standard, which is presented as: Context of the organization, displays four sub-clauses, which I present below, each of which contains some requirements:


Source: ISO 22000:2018 Standard, (ISO)


If you wish to establish, implement, verify, audit, maintain and improve a food safety management system in compliance with the ISO 22000: 2018 standard, I recommend that you do not fail to meet completely each of the requirements established therein, and that each time you read and analyze one of these requirements, consider it within the context of the organization itself, its structure, its processes and its documented support.


After this introduction, this time we will start with the analysis of Sub-Clause 4.1. Understanding of the organization and its context, which establishes the following requirements:


Requirement No. 1: The organization shall determine external issues that are relevant to its purpose and that affect its ability to achieve the intended result(s) of its food safety management system (FSMS).


Requirement No. 2: The organization shall determine internal issues that are relevant to its purpose and that affect its ability to achieve the intended result(s) of its food safety management system (FSMS).


Requirement No. 3: The organization shall identify information related to these external issues.


Requirement No. 4: The organization shall identify information related to these internal issues.


Requirement No. 5: The organization shall review information related to these external issues.


Requirement No. 6: The organization shall review information related to these internal issues.

Requirement No. 7: The organization shall update information related to these external issues.


Requirement No. 8: The organization shall update information related to these internal issues.


Here we have the first group of requirements, corresponding to the first normative subclause of the ISO 22000: 2018 standard, which I will analyze in detail in the following post, because there are some elements that I would like to present to you.


First, let me mention that in this sub-clause, the standard presents two notes.


NOTE 1  Issues can include positive and negative factors or conditions for consideration.


NOTE 2  Understanding the context can be facilitated by considering external and internal issues, including, but not limited to, legal, technological, competitive, market, cultural, social and economic environments, cybersecurity and food fraud, food defense and intentional contamination, knowledge and performance of the organization, whether international, national, regional or local.


I consider as a relevant factor, that we correctly visualize each of the requirements, without being confused by the way they are written and without mixing or entangling among them. It is also important to take into consideration the information contained in the NOTES that the standard itself includes.


The intention that this requirement has been conformed and presented in ISO 22000 is for the organization to ensure that it understands the problems that may affect, either positively or negatively, the organization itself and its ability to achieve the expected results of your food safety management system. The knowledge gained will then be used to guide the planning, implementation, operation, evaluation and improvement of the management system.


In this way we can establish the necessary elements in our food safety management system, which allow us to comply with each of these requirements.


Now, in order to understand the meaning of these first requirements, it is important that we remember the conceptual model or process approach of the food safety management system presented by the ISO 22000 standard, which is as follows:


 Source: ISO 2200:2018 standard, (ISO)


I think it is relevant to mention that of these conceptual models or process approaches considered in the various management system standards, the one presented in ISO 22000: 2018, on food safety management system, is the only one that contains a double PDCA Cycle, one for planning and organizational control, and another specific one for planning and operational control, so that the organization can establish an order in the activities related to prerequisite programs, hazard analysis, hazard control plan, implementation, verification and control of operational activities, including traceability systems and emergency preparedness and response.


Considering the information presented in this conceptual model, we can see that the initial stage of activities of the food safety management system is the one that refers to planning, both of the management system and of the processes, so that all Clause 4. Context of the organization, including all its sub-clauses and requirements, refers to preparatory activities to include those planning inputs.


It is important to understand this consideration with respect to the aforementioned Clause 4 requirements, since if they are not properly followed and meet, the organization will surely have problems making a valuable planning.


As I have already mentioned in a previous post, something that I have observed in my professional experience is that this Clause 4 is, of all clauses of ISO 22000: 2018, as of all management system standards, the least understood by organizations that have established and even certificated, their management systems, and therefore, in which there are more non-compliances or true non-conformities, although both internal auditors, external auditors (on behalf of customers), as well as the evaluators (or auditors) of the certification bodies are not interested or do not have the knowledge to correctly identify them, and from what I have seen, this clause does not seem to be of much interest to the accreditation bodies, in relation to their proper compliance, and that is why there are many organizations with their management systems certified, but without proper compliance with all of Clause 4, both of this and of other management system standards. That is why I have dedicated myself to analyze these subclauses of the standard in detail.


A very important point for those of us who are dedicated to activities related to standardized management systems, such as food safety management, we must always bear in mind that the management of an organization, or in particular of any of its components or systems, it is actually an art, which can be supported by scientific, technological, methodological and documentary elements. There are many people immersed in this environment of management systems, especially those who have technological training, who see these management activities as if they were a kind of cooking recipe; that is, by combining some ingredients and applying some specific technique, the organization will be managed automatically. Well, nothing further from reality. Most of these people can perfectly understand how a closed system works, which with adequate levels of temperature, pressure, vacuum, among other factors, will always give the same result, without fully understanding that management systems are open systems, therefore that there are innumerable factors, including human, that can affect them. That is why training in management skills is so important to carry on this kind of activity. This is an assessment based on my professional experience.


The setting of objectives is a basic element of any management system or of an organization in general, since all other activities that will be carried out by the organization will be to meet, verify and control the fulfillment of those objectives. However, no auditor or certification body will be able to qualify if these objectives are well or badly established, since they are elements of the strategic direction of the organization itself. However, if, on the one hand, those objectives are very lax, or low, very little effort will be required on the part of the organization to meet them, but most likely its stakeholders would be dissatisfied with its performance and, in particular, in the case of food safety, they could be subject to sanctions for sanitary breaches. But if those objectives are too high and restrictive, it would most likely be that no matter how hard the entire organization strives, it would not be able to achieve them, which would be generating annoyance and frustration among managers and staff.


We must consider that the goal of establishing a food safety management system by an organization is not that it eventually elaborates safe food or products, that do not cause harm to those who consume these foods, or foods that have been in contact with this type of products, but so that the organization can consistently produce these foods or safe products, both to comply with regulatory sanitary criteria, and to generate trust among its customers and consumers.


That is why each objective established by an organization for a food safety management system represents a possible result that should be desirable and achievable. If any of these objectives turn out to be undesirable or unattainable, the organization will run into trouble.


This is the importance of the requirements included in Clause 4, in general, and particularly in Sub-Clauses 4.1 and 4.2. If an organization meets them, it will facilitate that the objectives, which would be established in the planning stage (Clause 6 of the standard), are more likely to meet both conditions, which are desirable and achievable.


If we consider the part of the organization's strategic planning, the so-called strategic direction must carry out the set of activities that are required in an organization, based on its mission, taking into consideration the vision and, where appropriate, the values ​​that have been recognized, in order to identify and establish, among other elements, the food safety general objectives and policies, collectively referred to as "food safety policy". Based on these food safety general objectives, the strategic direction of the organization should deploy its specific objectives (operational planning), within it, establish its operational plans and hence its food safety goals (tactical planning). And precisely that is what these requirements of the standard are about, to establish mechanisms so that organizations can identify all those issues, both external and internal, that come to affect, favorably or unfavorably, in their strategic planning, and can evaluate those possible impacts. positive or negative, to achieve greater precision in setting their food safety objectives.


We can visualize this as follows:


It is also important that the organization has defined, and you know it, its organizational structure, the composition of the top management, as well as the basic elements of its strategic and operational planning, both in terms of its performance, as well as relevant references of the industrial sector in the one that your organization develops, with the information of relevant aspects at the local, national and international level that have an impact on its activities, performance and competitiveness, referring in this case, mainly to the concept of food safety. These elements are essential to meet these first requirements.


When the organization develops it strategic planning, all these determined issues, both external and internal, must be considered, since if it can appropriately identify all factors that can influence, both positively and negatively, its performance, it will be able to set, in the best way, the objectives of its food safety management system.


In an audit, whether internal or external, it could not be evaluated or scored for the participant auditors if the policies and objectives of the food safety management system are well established, but they should verify if the organization has implemented the appropriate actions and methods to determine those issues, both external and internal, as well as to identify, review and update them. This is what an auditor should do, yet very few ever do.


In part 2 of this post, I will conclude this analysis of the requirements of Sub-clause 4.1 of ISO 22000: 2018, where we will see how an organization can meet these requirements.





Ernesto Palomares H.