Standard Operating Procedure: FSSC 22000 Internal Audit Protocol

This Standard Operating Procedure (SOP) outlines the mandatory requirements and procedural framework for conducting an internal audit against FSSC 22000 (Version 6) standards. The objective is to verify that the Food Safety Management System (FSMS) is implemented effectively, complies with regulatory and statutory requirements, and meets the criteria established by the Global Food Safety Initiative (GFSI). This SOP serves as a foundational guide for Quality Assurance (QA) teams to maintain audit readiness and foster a culture of continuous improvement.

1. Preparation and Documentation Review

• Verify the current version of the FSSC 22000 Scheme and applicable ISO 22000:2018 requirements.
• Review the previous audit report to ensure all non-conformities (NCs) were closed with effective root cause analysis (RCA).
• Review the current Hazard Analysis and Critical Control Point (HACCP) plan and Prerequisite Programs (PRPs).
• Ensure all food safety policy and objective documentation is updated and accessible.
• Confirm auditor independence: Ensure the auditor is not auditing their own work.

2. Management Responsibility and Infrastructure

• Confirm top management provides adequate resources for the FSMS.
• Verify evidence of management reviews conducted within the last 12 months.
• Audit site maintenance records: Ensure buildings, equipment, and grounds are maintained to prevent contamination.
• Inspect pest control records, trend analysis, and bait map accuracy.
• Validate the facility's waste management and drainage systems against the layout.

3. HACCP and Food Safety Controls

• Review the HACCP team composition; verify that multidisciplinary expertise is represented.
• Examine the Hazard Analysis document; ensure all biological, chemical, physical, and radiological hazards are identified.
• Verify CCP and OPRP monitoring records. Ensure they are signed, dated, and reviewed within 24 hours.
• Validate corrective actions taken during deviations at CCPs or OPRPs.
• Confirm calibration records for all monitoring equipment used in food safety critical tasks.

4. Operational Prerequisites and Traceability

• Assess the effectiveness of the allergen management program (labeling, segregation, cleaning validation).
• Verify the traceability system: Conduct a mock recall (must reach 100% accountability within the established time frame).
• Review supplier approval and monitoring programs; verify Certificates of Analysis (COA) for high-risk raw materials.
• Audit the cleaning and sanitization protocols (SSOPs); review validation and verification records (e.g., ATP swabs, microbial testing).
• Examine foreign body detection equipment (metal detectors, X-rays) performance checks.

5. Personnel and Training

• Audit training logs: Ensure all staff, including temporary workers, are trained in food safety and hygiene.
• Verify medical screening and fitness-to-work procedures.
• Inspect employee breakrooms, locker rooms, and hygiene stations for compliance with Good Manufacturing Practices (GMPs).
• Verify that visitors are properly briefed and signed in via the visitor registration log.

Pro Tips & Pitfalls

• Pitfall - The "Paper-Only" Audit: Auditors often get lost in documentation. Always verify physical reality against the records. If a document says the floor is cleaned daily, check the condition of the floor and the logs.
• Pro Tip - Focus on Trends: FSSC 22000 is not just about compliance; it is about trends. Use your audit to look for repeating issues that suggest a broken process rather than just a one-time human error.
• Pro Tip - The "Red Flag" Approach: Focus heavily on CCP/OPRP deviations. If a plant has multiple unrecorded CCP deviations, this is a major indicator of a systemic failure in the FSMS culture.
• Pitfall - Vague Root Causes: Avoid accepting "human error" as a root cause. Always dig deeper using the "5 Whys" method to find the structural or procedural flaw.

Frequently Asked Questions (FAQ)

Q: How often must an internal audit be performed for FSSC 22000? A: FSSC 22000 requires that the internal audit program covers all elements of the FSMS at least once per year. However, high-risk areas or areas with previous non-conformities should be audited more frequently.

Q: What is the most common reason for a major non-conformity during an FSSC 22000 audit? A: Failure to close the loop on corrective actions. Often, a facility identifies a problem but fails to implement a systemic change, resulting in a recurrence of the same issue.

Q: Are internal auditors required to be certified? A: While they do not need to be third-party certified auditors, FSSC 22000 mandates that internal auditors must be trained, competent, and objective. They must understand the requirements of the standard and the specific food safety risks associated with your facility.

<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "How often should an FSSC 22000 internal audit be conducted?", "acceptedAnswer": { "@type": "Answer", "text": "FSSC 22000 standards require that internal audits be performed at planned intervals, typically at least once per year, to ensure the effectiveness of the Food Safety Management System." } }, { "@type": "Question", "name": "Who is eligible to conduct an FSSC 22000 internal audit?", "acceptedAnswer": { "@type": "Answer", "text": "Internal auditors must be impartial and objective. A core requirement is auditor independence; individuals cannot audit their own work or areas where they have direct responsibility." } }, { "@type": "Question", "name": "What must be included in a mock recall during an internal audit?", "acceptedAnswer": { "@type": "Answer", "text": "A mock recall must demonstrate 100% accountability for traceability from raw materials to finished goods within your facility's established time frame." } } ] } </script> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "SoftwareApplication", "name": "FSSC 22000 Audit Protocol Manager", "applicationCategory": "Compliance Management Software", "operatingSystem": "Web-based", "description": "Standardized procedural framework for auditing Food Safety Management Systems against FSSC 22000 Version 6 standards.", "offers": { "@type": "Offer", "price": "0.00", "priceCurrency": "USD" }, "featureList": "HACCP compliance validation, traceability audit tracking, corrective action management, and GFSI regulatory alignment." } </script>