Standard Operating Procedure: ISO 22000 Internal Audit

This Standard Operating Procedure (SOP) provides a comprehensive framework for conducting an internal audit against ISO 22000:2018 Food Safety Management System (FSMS) requirements. The objective of this audit is to verify that the organization’s food safety processes are effectively implemented, maintained, and compliant with both international standards and internal regulatory requirements. This document serves as a roadmap for auditors to evaluate the "Plan-Do-Check-Act" cycle within the facility, ensuring food safety hazards are identified and controlled at every stage of the supply chain.

Section 1: Context of the Organization & Leadership

• Organizational Context: Verify that internal and external issues affecting food safety objectives have been documented.
• Interested Parties: Confirm that the needs and expectations of relevant stakeholders (customers, regulators, suppliers) are clearly defined.
• Leadership Commitment: Review documented evidence of management’s commitment, including the establishment of a Food Safety Policy and measurable objectives.
• Resources: Confirm that adequate human, infrastructure, and work environment resources are provided to maintain the FSMS.

Section 2: Planning and Risk Management

• Risk and Opportunities: Evaluate the process for identifying risks to the FSMS and the actions taken to address them.
• Food Safety Objectives: Confirm that objectives are SMART (Specific, Measurable, Achievable, Relevant, Time-bound) and communicated across the organization.
• Planning of Changes: Check for a formal process to manage changes (personnel, equipment, suppliers) that impact food safety.

Section 3: Hazard Control and Operational Planning

• PRPs (Prerequisite Programs): Audit the implementation of PRPs (e.g., sanitation, pest control, maintenance, personal hygiene) to ensure they are current and effective.
• Hazard Analysis: Review the HACCP plan. Ensure all potential hazards (biological, chemical, physical) are identified and evaluated.
• HACCP/OPRP Plan: Verify that Critical Control Points (CCPs) and Operational Prerequisite Programs (OPRPs) have established critical limits and monitoring procedures.
• Traceability & Recall: Audit the traceability system—perform a mock recall exercise to ensure product can be tracked one step forward and one step back.

Section 4: Performance Evaluation and Improvement

• Monitoring & Measurement: Verify that all monitoring equipment (thermometers, scales) is calibrated and records are maintained.
• Internal Audit Records: Review evidence of previous internal audits and ensure non-conformities were addressed within the specified timeframe.
• Management Review: Inspect minutes from recent management review meetings to ensure high-level oversight of FSMS performance.
• Corrective Action: Ensure that non-conformities are documented, root cause analysis is performed, and corrective actions are effective.

Pro Tips & Pitfalls

• Pro Tip (The "Show Me" Approach): Never rely solely on interviews. Always ask for objective evidence (records, logs, signatures) to corroborate statements.
• Pro Tip (Vertical Auditing): Pick a finished product and trace it backward through the supply chain to the raw material stage to test the robustness of your documentation.
• Pitfall (Fragmented Records): A common audit finding is the "disconnected log"—where a machine is running, but the sanitation or temperature log hasn't been signed for two hours.
• Pitfall (Scope Creep): Ensure your audit stays strictly within the boundaries of the certified ISO 22000 scope. Do not waste time auditing processes that do not impact food safety unless necessary.

FAQ

Q: How often must an internal audit be conducted? A: ISO 22000 requires internal audits to be conducted at "planned intervals." Most organizations perform a full system audit annually, though quarterly audits for high-risk areas are recommended.

Q: Can the auditor be the person who manages the food safety system? A: To maintain impartiality, auditors should not audit their own work. Ensure that the internal auditor is independent of the department or process being audited.

Q: What is the biggest mistake during an audit? A: The most common failure is the lack of Root Cause Analysis (RCA). Auditors look for why a problem happened, not just how it was fixed. If you haven't identified the systemic cause, the audit finding remains open.

<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "What is the primary goal of an ISO 22000 internal audit?", "acceptedAnswer": { "@type": "Answer", "text": "The primary goal is to verify that your Food Safety Management System (FSMS) is effectively implemented, maintained, and compliant with ISO 22000:2018 standards." } }, { "@type": "Question", "name": "Which sections should an ISO 22000 audit cover?", "acceptedAnswer": { "@type": "Answer", "text": "An audit should cover organizational context, leadership commitment, risk management, hazard analysis (HACCP), and the effective implementation of Prerequisite Programs (PRPs)." } }, { "@type": "Question", "name": "How are hazards managed in an ISO 22000 audit?", "acceptedAnswer": { "@type": "Answer", "text": "Auditors evaluate the HACCP plan to ensure all biological, chemical, and physical hazards are identified, and that Critical Control Points (CCPs) have established monitoring procedures." } } ] } </script> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "SoftwareApplication", "name": "ISO 22000 Internal Audit SOP Framework", "applicationCategory": "Compliance Management Software", "operatingSystem": "Web-based", "description": "A comprehensive standard operating procedure framework for conducting ISO 22000:2018 internal audits, covering risk management, HACCP, and FSMS compliance.", "featureList": "Organizational context assessment, Leadership commitment review, Risk and opportunity analysis, HACCP/OPRP monitoring, Traceability and mock recall procedures." } </script>