SIST-TS ISO/TS 22003:2011

TECHNICAL ISO/TS
SPECIFICATION 22003
First edition
2007-02-15

Food safety management systems —
Requirements for bodies providing audit
and certification of food safety
management systems
Systèmes de management de la sécurité des denrées alimentaires —
Exigences pour les organismes procédant à l'audit et à la certification
de systèmes de management de la sécurité des denrées alimentaires




Reference number
ISO/TS 22003:2007(E)
©
ISO 2007

---------------------- Page: 1 ----------------------
ISO/TS 22003:2007(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


©  ISO 2007
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2007 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/TS 22003:2007(E)
Contents Page
Foreword. iv
Introduction . v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions. 2
4 Principles. 2
5 General requirements. 2
5.1 General. 2
5.2 Management of impartiality . 2
6 Structural requirements . 3
7 Resource requirements. 3
7.1 Competence of management and personnel. 3
7.2 Personnel involved in the certification activities .3
7.3 Use of individual external auditors and external technical experts . 8
7.4 Personnel records . 8
7.5 Outsourcing. 8
8 Information requirements . 8
9 Process requirements . 9
9.1 General requirements. 9
9.2 Initial audit and certification . 10
9.3 Surveillance activities . 12
9.4 Recertification . 12
9.5 Special audits. 12
9.6 Suspending, withdrawing or reducing the scope of certification . 12
9.7 Appeals . 12
9.8 Complaints . 12
9.9 Records of applicants and clients . 12
10 Management system requirements for certification bodies. 12
Annex A (normative) Classification of food chain categories. 13
Annex B (informative) Minimum audit time . 14
Bibliography . 16

© ISO 2007 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/TS 22003:2007(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
In other circumstances, particularly when there is an urgent market requirement for such documents, a
technical committee may decide to publish other types of normative document:
⎯ an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in
an ISO working group and is accepted for publication if it is approved by more than 50 % of the members
of the parent committee casting a vote;
⎯ an ISO Technical Specification (ISO/TS) represents an agreement between the members of a technical
committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting
a vote.
This document is being issued in the Technical Specification series of publications (according to the ISO/IEC
Directives, Part 1, 3.1) as a “prospective standard for provisional application” in the field of food safety
because there is an urgent need for guidance on how standards in this field should be used to meet an
identified need.
This document is not to be regarded as an “International Standard”. It is proposed for provisional application
so that information and experience of its use in practice may be gathered. Comments on the content of this
document should be sent to the ISO Central Secretariat.
A review of this Technical Specification will be carried out not later than 3 years after its publication with the
options of: extension for another 3 years; conversion into an International Standard; or withdrawal.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/TS 22003 was prepared by Technical Committee ISO/TC 34, Food products, in collaboration with
ISO Committee on conformity assessment (ISO/CASCO).
iv © ISO 2007 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/TS 22003:2007(E)
Introduction
Certification of the food safety management system (FSMS) of an organization is one means of providing
assurance that the organization has implemented a system for the management of food safety in line with its
policy.
Requirements for FSMSs can originate from a number of sources, and this Technical Specification has been
developed to assist in the certification of FSMSs that fulfil the requirements of ISO 22000, Food safety
management systems — Requirements for any organization in the food chain. The contents of this Technical
Specification may also be used to support certification of FSMSs that are based on other sets of specified
FSMS requirements.
This Technical Specification is intended for use by bodies that carry out audit and certification of FSMSs. It
gives generic requirements for such certification bodies performing audit and certification in the field of food
safety management systems. Such bodies are referred to as certification bodies. This wording should not be
an obstacle to the use of this Technical Specification by bodies with other designations that undertake
activities covered by the scope of this document. Indeed, this Technical Specification should be usable by any
body involved in the assessment of FSMSs.
Certification activities involve the audit of an organization's FSMS. The form of attestation of conformity of an
organization's FSMS to a specific FSMS standard (for example ISO 22000) or other specified requirements is
normally a certification document or a certificate.
It is for the organization being certified to develop its own management systems (including ISO 22000 FSMS,
other sets of specified FSMS requirements, quality management systems, environmental management
systems or occupational health and safety management systems) and, other than where relevant legislative
requirements specify to the contrary, it is for the organization to decide how the various components of these
will be arranged. The degree of integration between the various management system components will vary
from organization to organization. It is therefore appropriate for certification bodies that operate in accordance
with this Technical Specification to take into account the culture and practices of their clients with respect to
the integration of their FSMSs within the wider organization.

© ISO 2007 – All rights reserved v

---------------------- Page: 5 ----------------------
TECHNICAL SPECIFICATION ISO/TS 22003:2007(E)

Food safety management systems — Requirements for bodies
providing audit and certification of food safety management
systems
1 Scope
This Technical Specification
⎯ defines the rules applicable for the audit and certification of a food safety management system (FSMS)
complying with the requirements given in ISO 22000 (or other sets of specified FSMS requirements), and
⎯ provides the necessary information and confidence to customers about the way certification of their
suppliers has been granted.
Certification of FSMSs (named “certification” in this Technical Specification) is a third-party conformity
assessment activity (see ISO/IEC 17000:2004, 5.5). Bodies performing this activity are therefore third-party
conformity assessment bodies (named “certification body/bodies” in this Technical Specification).
NOTE 1 Certification of an FSMS is sometimes also called “registration”, and certification bodies are sometimes called
“registrars”.
NOTE 2 A certification body can be non-governmental or governmental (with or without regulatory authority).
NOTE 3 This Technical Specification is primarily intended to be used as a criteria document for the accreditation or
peer assessment of certification bodies which seek to be recognized as being competent to certify that an FSMS complies
with ISO 22000. It is also intended to be used as a criteria document by regulatory authorities and industry consortia which
engage in direct recognition of certification bodies to certify that an FSMS complies with ISO 22000. Some of its
requirements could also be found useful by any other parties involved in the conformity assessment of such certification
bodies, and in the conformity assessment of any bodies that undertake to certify the compliance of FSMSs with criteria
additional to or other than those in ISO 22000.
FSMS certification does not attest to the safety or fitness of the products of an organization within the food
chain. However, ISO 22000 requires an organization to meet all applicable food-safety-related statutory and
regulatory requirements through its management system.
It is important to note that certification of an FSMS according to ISO 22000 is a management system
certification and not a product certification.
Other FSMS users can use the concepts and requirements of this Technical Specification provided that the
requirements are adapted as necessary.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing
ISO 22000:2005, Food safety management systems — Requirements for any organization in the food chain
© ISO 2007 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO/TS 22003:2007(E)
ISO/IEC 17000:2004, Conformity assessment — Vocabulary and general principles
ISO/IEC 17021:2006, Conformity assessment — Requirements for bodies providing audit and certification of
management systems
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 17000, ISO/IEC 17021,
ISO 22000 and the following apply.
NOTE In this Technical Specification, the terms “product” and “service” are used separately, which is not in
accordance with the definition of product given in ISO/IEC 17000.
3.1
hazard analysis and critical control point
HACCP
system which identifies, evaluates and controls hazards which are significant for food safety
NOTE Adapted from Reference [8].
3.2
food safety management system
FSMS
set of interrelated or interacting elements to establish policy and objectives and to achieve those objectives,
used to direct and control an organization with regard to food safety
NOTE See 3.2.1, 3.2.2 and 3.2.3 of ISO 9000:2005.
4 Principles
The principles given in Clause 4 of ISO/IEC 17021:2006 are the basis for the subsequent specific
performance and descriptive requirements in this Technical Specification. This Technical Specification does
not give specific requirements for all situations that can occur. These principles should be applied as guidance
for the decisions that may need to be made for unanticipated situations. Principles are not requirements.
The term “management system” used in ISO/IEC 17021 shall be replaced by “food safety management
system” in the context of this Technical Specification.
5 General requirements
5.1 General
All the requirements given in Clause 5 of ISO/IEC 17021:2006 apply.
5.2 Management of impartiality
The certification body and any part of the same legal entity shall not offer or provide hazard analysis
consultancy, FSMS consultancy or management system consultancy.
The fact that the organization employing the auditor is known to have provided hazard analysis consultancy,
FSMS consultancy or management system consultancy on the management system, within two years
following the end of the consultancy, is likely to be considered as a high threat to impartiality.
2 © ISO 2007 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/TS 22003:2007(E)
The term “management system consultancy” mentioned in 5.2 of ISO/IEC 17021:2006 shall be replaced in the
context of this Technical Specification by “hazard analysis consultancy, FSMS consultancy or management
system consultancy”.
6 Structural requirements
All the requirements given in Clause 6 of ISO/IEC 17021:2006 apply.
7 Resource requirements
7.1 Competence of management and personnel
All the requirements given in 7.1 of ISO/IEC 17021:2006 apply.
Additionally, the certification body shall have processes to ensure that personnel have appropriate knowledge
relevant to the categories (see Annex A) in which it operates.
7.2 Personnel involved in the certification activities
7.2.1 General
7.2.1.1 All the requirements given in 7.2 of ISO/IEC 17021:2006 apply.
7.2.1.2 The certification body shall ensure that all personnel involved in the audit and certification
activities possess the following personal attributes. The personnel shall be
a) ethical (i.e. fair, truthful, sincere, honest and discreet),
b) open-minded (i.e. willing to consider alternative ideas or points of view),
c) diplomatic (i.e. tactful in dealing with people),
d) observant (i.e. actively aware of physical surroundings and activities),
e) perceptive (i.e. instinctively aware of and able to understand situations),
f) versatile (i.e. adjust readily to different situations),
g) tenacious (i.e. persistent, focused on achieving objectives),
h) decisive (i.e. reach timely conclusions based on logical reasoning and analysis), and
i) self-reliant (i.e. act and function independently while interacting effectively with others).
7.2.2 Personnel carrying out contract review
7.2.2.1 Education
The certification body shall ensure that personnel carrying out contract review have the knowledge
corresponding to a secondary education.
© ISO 2007 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO/TS 22003:2007(E)
7.2.2.2 Food safety training
The certification body shall ensure that personnel carrying out contract review have successfully completed
training in
a) hazard analysis and critical control point (HACCP) principles, hazard assessment and hazard analysis,
b) food safety management principles including prerequisite programmes (PRPs), and
c) relevant FSMS standards (e.g. ISO 22000).
7.2.2.3 Audit training
The certification body shall ensure that personnel carrying out contract review have successfully completed
training in audit processes based on the guidance given in ISO 19011.
NOTE It is not mandatory for personnel carrying out contract review to have or to maintain audit experience.
7.2.2.4 Competences
The certification body shall ensure that personnel carrying out contract review demonstrate the ability to apply
knowledge and skills in the following areas:
a) classification of applicants in food chain categories and sectors;
b) assessment of applicant products, processes and practices;
c) deployment of FSMS auditor competences and requirements;
d) determination of audit time (see Annex B) and duration requirements;
e) certification body's policies and procedures related to contract review.
7.2.3 Personnel granting certification
7.2.3.1 General
The certification body shall ensure that the personnel who take the decision on granting certification have the
same education, food safety training, audit training and work experience as required for an auditor in one
category (see Annex A).
NOTE It is not mandatory for personnel granting certification to have or to maintain audit experience.
7.2.3.2 Competences
The certification body shall ensure that personnel granting certification demonstrate the ability to apply
knowledge and skills in the following areas:
a) current principles of HACCP;
b) understanding of PRPs;
c) identification of food safety hazards;
d) implementation and management of food safety hazards, critical control points (CCPs) and the ability to
assess the effectiveness of selected control measures;
e) corrections and corrective actions to be taken with regards to food safety matters;
4 © ISO 2007 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/TS 22003:2007(E)
f) assessment of potential food safety hazards linked to the food supply chain;
g) laws and regulations relevant to food safety, in order to be able to conduct an effective audit of the FSMS;
h) products, processes and practices;
i) relevant food safety management system requirements;
j) relevant standards;
k) assessment and review of an audit report for accuracy and completeness;
l) assessment and review of the effectiveness of corrective actions;
m) the certification process.
7.2.4 Auditors
7.2.4.1 Education
The certification body shall ensure that auditors have the knowledge corresponding to a post-secondary
education that includes general microbiology and general chemistry.
The certification body shall also ensure that auditors have the knowledge corresponding to a post-secondary
education that includes courses in the food chain industry category in which they conduct FSMS audits.
EXAMPLES
a) For the food industry (Categories C, D, E, F, G and H in Table A.1): food microbiology, food processing fundamentals
and food chemistry including food analysis.
b) For farming (plants) (Category B in Table A.1): crop production.
c) For farming (animals) (Categories A and F in Table A.1): animal production.
d) For packaging/food machine/engineering industry (Categories I to M in Table A.1): science/engineering courses
related to the discipline.
7.2.4.2 Food safety training
The certification body shall ensure that auditors have successfully completed training in
a) HACCP principles, hazard assessment and hazard analysis, and
b) food safety management principles including PRPs.
The training course(s) should be recognized by the industry (and its stakeholders) as being appropriate and
relevant. The approval or certification of the training courses by an independent body with the relevant
expertise can provide some assurance that the course meets specified criteria.
7.2.4.3 Audit training
The certification body shall ensure that auditors have successfully completed training in
a) audit techniques based on ISO 19011, and
b) relevant FSMS standards (e.g. ISO 22000).
© ISO 2007 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO/TS 22003:2007(E)
7.2.4.4 Work experience
For a first qualification of an auditor in one or more categories, the certification body shall ensure that the
auditor has a minimum of five years of full-time work experience in the food-chain-related industry, including at
least two years of work in quality assurance or food safety functions within food production or manufacturing,
retailing, inspection or enforcement, or the equivalent.
The number of years of total work experience may be reduced by one year if the auditor has completed
appropriate post-secondary education.
7.2.4.5 Audit experience
For a first qualification, the certification body shall ensure that within the last three years the auditor has
performed at least twelve FSMS audit days in at least four organizations under the leadership of a qualified
auditor.
NOTE FSMS audit days include audit days dealing with ISO 9001 in the food industry or other FSMS audits.
For extension to a new category, the certification body shall demonstrate that the auditor has the required
competences through relevant education as required in 7.2.4.1, food-safety-related training in the new
category, and either
⎯ six months of work experience in the new category, or
⎯ four FSMS audits under the supervision of a qualified auditor in the new category.
For maintaining the qualification of the auditor, the certification body shall ensure that auditors have performed
either
⎯ a minimum of five external audits per year, including at least two FSMS audits, or
⎯ a minimum of four FSMS on-site external audits or ten FSMS audit days per year.
7.2.4.6 Competences
7.2.4.6.1 The competences of auditors shall be recorded [see 5.5 c) of ISO 19011:2002] for each category
and sector (see Annex A). The certification body shall provide evidence of a successful evaluation.
7.2.4.6.2 The certification body shall ensure that auditors demonstrate the ability to apply knowledge and
skills in the following areas.
a) Audit principles, procedures and techniques: to enable the auditor to apply those appropriate to different
audits and to ensure that audits are conducted in a consistent and systematic manner. An auditor shall be
able
⎯ to apply audit principles, procedures and techniques,
⎯ to plan and organize the work effectively,
⎯ to conduct the audit within the agreed time schedule,
⎯ to prioritize and focus on matters of significance,
⎯ to collect information through effective interviewing, listening, observing and reviewing documents,
records and data,
⎯ to understand the appropriateness and consequences of using sampling techniques for auditing,
⎯ to verify the accuracy of collected information,
6 © ISO 2007 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/TS 22003:2007(E)
⎯ to confirm the sufficiency and appropriateness of audit evidence to support audit findings and
conclusions,
⎯ to assess those factors that can affect the reliability of the audit findings and conclusions,
⎯ to use work documents to record audit activities,
⎯ to prepare audit reports,
⎯ to maintain the confidentiality and security of information, and
⎯ to communicate effectively, either through personal linguistic skills or through an interpreter.
b) Management system and reference documents: to enable the auditor to comprehend the scope of the
audit and apply audit criteria. Knowledge and skills in this area shall cover
⎯ the application of management systems to different organizations,
⎯ interaction between the components of the management system,
⎯ food safety management system standards, applicable procedures or other management system
documents used as audit criteria,
⎯ recognizing differences between, and the priority of, the reference documents,
⎯ application of the reference documents to different audit situations, and
⎯ information systems and technology for authorization, security, distribution and control of documents,
data and records.
c) Organizational situations: to enable the auditor to comprehend the organization's operational context.
Knowledge and skills in this area shall cover
⎯ organizational size, structure, functions and relationships,
⎯ general business processes and related terminology, and
⎯ cultural and social customs of the auditee.
d) Applicable laws, regulations and other requirements relevant to the discipline: to enable the auditor to
work within, and be aware of, the requirements that apply to the organization being audited. Knowledge
and skills in this area shall cover
⎯ local, regional and national codes, laws and regulations,
⎯ contracts and agreements,
⎯ international treaties and conventions, and
⎯ other requirements to which the organization subscribes.
7.2.4.6.3 The certification body shall ensure that auditors demonstrate the ability to apply terminology,
knowledge and skills in the following food safety specific areas:
a) current principles of HACCP;
b) relevant PRPs for the considered category(ies) (see Annex A);
c) identification of food safety hazards;
d) methodologies used for determination, implementation and management of control measures (PRPs,
operational PRPs and CCPs) and the ability to assess the effectiveness of selected control measures;
© ISO 2007 – All rights reserved 7

---------------------- Page: 12 ----------------------
ISO/TS 22003:2007(E)
e) corrections and corrective actions to be taken with regards to food safety matters;
f) assessment of potential food safety hazards linked to the food supply chain;
g) evaluation of the relevance of the applicable PRPs, including establishing or selecting an appropriate
evaluation method or guide for these PRPs for the category(ies) considered (see Annex A);
h) laws and regulations relevant to food safety in order to
...

SLOVENSKI STANDARD
SIST-TS ISO/TS 22003:2011
01-junij-2011
Sistemi vodenja varnosti živil - Zahteve za organe, ki izvajajo presoje in
certificiranje sistemov vodenja varnosti živil
Food safety management systems -- Requirements for bodies providing audit and
certification of food safety management systems
Systèmes de management de la sécurité des denrées alimentaires -- Exigences pour les
organismes procédant à l'audit et à la certification de systèmes de management de la
sécurité des denrées alimentaires
Ta slovenski standard je istoveten z: ISO/TS 22003:2007
ICS:
03.120.20 Certificiranje proizvodov in Product and company
podjetij. Ugotavljanje certification. Conformity
skladnosti assessment
67.020 Procesi v živilski industriji Processes in the food
industry
SIST-TS ISO/TS 22003:2011 en,fr
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TS ISO/TS 22003:2011

---------------------- Page: 2 ----------------------

SIST-TS ISO/TS 22003:2011

TECHNICAL ISO/TS
SPECIFICATION 22003
First edition
2007-02-15

Food safety management systems —
Requirements for bodies providing audit
and certification of food safety
management systems
Systèmes de management de la sécurité des denrées alimentaires —
Exigences pour les organismes procédant à l'audit et à la certification
de systèmes de management de la sécurité des denrées alimentaires




Reference number
ISO/TS 22003:2007(E)
©
ISO 2007

---------------------- Page: 3 ----------------------

SIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


©  ISO 2007
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2007 – All rights reserved

---------------------- Page: 4 ----------------------

SIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
Contents Page
Foreword. iv
Introduction . v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions. 2
4 Principles. 2
5 General requirements. 2
5.1 General. 2
5.2 Management of impartiality . 2
6 Structural requirements . 3
7 Resource requirements. 3
7.1 Competence of management and personnel. 3
7.2 Personnel involved in the certification activities .3
7.3 Use of individual external auditors and external technical experts . 8
7.4 Personnel records . 8
7.5 Outsourcing. 8
8 Information requirements . 8
9 Process requirements . 9
9.1 General requirements. 9
9.2 Initial audit and certification . 10
9.3 Surveillance activities . 12
9.4 Recertification . 12
9.5 Special audits. 12
9.6 Suspending, withdrawing or reducing the scope of certification . 12
9.7 Appeals . 12
9.8 Complaints . 12
9.9 Records of applicants and clients . 12
10 Management system requirements for certification bodies. 12
Annex A (normative) Classification of food chain categories. 13
Annex B (informative) Minimum audit time . 14
Bibliography . 16

© ISO 2007 – All rights reserved iii

---------------------- Page: 5 ----------------------

SIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
In other circumstances, particularly when there is an urgent market requirement for such documents, a
technical committee may decide to publish other types of normative document:
⎯ an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in
an ISO working group and is accepted for publication if it is approved by more than 50 % of the members
of the parent committee casting a vote;
⎯ an ISO Technical Specification (ISO/TS) represents an agreement between the members of a technical
committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting
a vote.
This document is being issued in the Technical Specification series of publications (according to the ISO/IEC
Directives, Part 1, 3.1) as a “prospective standard for provisional application” in the field of food safety
because there is an urgent need for guidance on how standards in this field should be used to meet an
identified need.
This document is not to be regarded as an “International Standard”. It is proposed for provisional application
so that information and experience of its use in practice may be gathered. Comments on the content of this
document should be sent to the ISO Central Secretariat.
A review of this Technical Specification will be carried out not later than 3 years after its publication with the
options of: extension for another 3 years; conversion into an International Standard; or withdrawal.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/TS 22003 was prepared by Technical Committee ISO/TC 34, Food products, in collaboration with
ISO Committee on conformity assessment (ISO/CASCO).
iv © ISO 2007 – All rights reserved

---------------------- Page: 6 ----------------------

SIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
Introduction
Certification of the food safety management system (FSMS) of an organization is one means of providing
assurance that the organization has implemented a system for the management of food safety in line with its
policy.
Requirements for FSMSs can originate from a number of sources, and this Technical Specification has been
developed to assist in the certification of FSMSs that fulfil the requirements of ISO 22000, Food safety
management systems — Requirements for any organization in the food chain. The contents of this Technical
Specification may also be used to support certification of FSMSs that are based on other sets of specified
FSMS requirements.
This Technical Specification is intended for use by bodies that carry out audit and certification of FSMSs. It
gives generic requirements for such certification bodies performing audit and certification in the field of food
safety management systems. Such bodies are referred to as certification bodies. This wording should not be
an obstacle to the use of this Technical Specification by bodies with other designations that undertake
activities covered by the scope of this document. Indeed, this Technical Specification should be usable by any
body involved in the assessment of FSMSs.
Certification activities involve the audit of an organization's FSMS. The form of attestation of conformity of an
organization's FSMS to a specific FSMS standard (for example ISO 22000) or other specified requirements is
normally a certification document or a certificate.
It is for the organization being certified to develop its own management systems (including ISO 22000 FSMS,
other sets of specified FSMS requirements, quality management systems, environmental management
systems or occupational health and safety management systems) and, other than where relevant legislative
requirements specify to the contrary, it is for the organization to decide how the various components of these
will be arranged. The degree of integration between the various management system components will vary
from organization to organization. It is therefore appropriate for certification bodies that operate in accordance
with this Technical Specification to take into account the culture and practices of their clients with respect to
the integration of their FSMSs within the wider organization.

© ISO 2007 – All rights reserved v

---------------------- Page: 7 ----------------------

SIST-TS ISO/TS 22003:2011

---------------------- Page: 8 ----------------------

SIST-TS ISO/TS 22003:2011
TECHNICAL SPECIFICATION ISO/TS 22003:2007(E)

Food safety management systems — Requirements for bodies
providing audit and certification of food safety management
systems
1 Scope
This Technical Specification
⎯ defines the rules applicable for the audit and certification of a food safety management system (FSMS)
complying with the requirements given in ISO 22000 (or other sets of specified FSMS requirements), and
⎯ provides the necessary information and confidence to customers about the way certification of their
suppliers has been granted.
Certification of FSMSs (named “certification” in this Technical Specification) is a third-party conformity
assessment activity (see ISO/IEC 17000:2004, 5.5). Bodies performing this activity are therefore third-party
conformity assessment bodies (named “certification body/bodies” in this Technical Specification).
NOTE 1 Certification of an FSMS is sometimes also called “registration”, and certification bodies are sometimes called
“registrars”.
NOTE 2 A certification body can be non-governmental or governmental (with or without regulatory authority).
NOTE 3 This Technical Specification is primarily intended to be used as a criteria document for the accreditation or
peer assessment of certification bodies which seek to be recognized as being competent to certify that an FSMS complies
with ISO 22000. It is also intended to be used as a criteria document by regulatory authorities and industry consortia which
engage in direct recognition of certification bodies to certify that an FSMS complies with ISO 22000. Some of its
requirements could also be found useful by any other parties involved in the conformity assessment of such certification
bodies, and in the conformity assessment of any bodies that undertake to certify the compliance of FSMSs with criteria
additional to or other than those in ISO 22000.
FSMS certification does not attest to the safety or fitness of the products of an organization within the food
chain. However, ISO 22000 requires an organization to meet all applicable food-safety-related statutory and
regulatory requirements through its management system.
It is important to note that certification of an FSMS according to ISO 22000 is a management system
certification and not a product certification.
Other FSMS users can use the concepts and requirements of this Technical Specification provided that the
requirements are adapted as necessary.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing
ISO 22000:2005, Food safety management systems — Requirements for any organization in the food chain
© ISO 2007 – All rights reserved 1

---------------------- Page: 9 ----------------------

SIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
ISO/IEC 17000:2004, Conformity assessment — Vocabulary and general principles
ISO/IEC 17021:2006, Conformity assessment — Requirements for bodies providing audit and certification of
management systems
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 17000, ISO/IEC 17021,
ISO 22000 and the following apply.
NOTE In this Technical Specification, the terms “product” and “service” are used separately, which is not in
accordance with the definition of product given in ISO/IEC 17000.
3.1
hazard analysis and critical control point
HACCP
system which identifies, evaluates and controls hazards which are significant for food safety
NOTE Adapted from Reference [8].
3.2
food safety management system
FSMS
set of interrelated or interacting elements to establish policy and objectives and to achieve those objectives,
used to direct and control an organization with regard to food safety
NOTE See 3.2.1, 3.2.2 and 3.2.3 of ISO 9000:2005.
4 Principles
The principles given in Clause 4 of ISO/IEC 17021:2006 are the basis for the subsequent specific
performance and descriptive requirements in this Technical Specification. This Technical Specification does
not give specific requirements for all situations that can occur. These principles should be applied as guidance
for the decisions that may need to be made for unanticipated situations. Principles are not requirements.
The term “management system” used in ISO/IEC 17021 shall be replaced by “food safety management
system” in the context of this Technical Specification.
5 General requirements
5.1 General
All the requirements given in Clause 5 of ISO/IEC 17021:2006 apply.
5.2 Management of impartiality
The certification body and any part of the same legal entity shall not offer or provide hazard analysis
consultancy, FSMS consultancy or management system consultancy.
The fact that the organization employing the auditor is known to have provided hazard analysis consultancy,
FSMS consultancy or management system consultancy on the management system, within two years
following the end of the consultancy, is likely to be considered as a high threat to impartiality.
2 © ISO 2007 – All rights reserved

---------------------- Page: 10 ----------------------

SIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
The term “management system consultancy” mentioned in 5.2 of ISO/IEC 17021:2006 shall be replaced in the
context of this Technical Specification by “hazard analysis consultancy, FSMS consultancy or management
system consultancy”.
6 Structural requirements
All the requirements given in Clause 6 of ISO/IEC 17021:2006 apply.
7 Resource requirements
7.1 Competence of management and personnel
All the requirements given in 7.1 of ISO/IEC 17021:2006 apply.
Additionally, the certification body shall have processes to ensure that personnel have appropriate knowledge
relevant to the categories (see Annex A) in which it operates.
7.2 Personnel involved in the certification activities
7.2.1 General
7.2.1.1 All the requirements given in 7.2 of ISO/IEC 17021:2006 apply.
7.2.1.2 The certification body shall ensure that all personnel involved in the audit and certification
activities possess the following personal attributes. The personnel shall be
a) ethical (i.e. fair, truthful, sincere, honest and discreet),
b) open-minded (i.e. willing to consider alternative ideas or points of view),
c) diplomatic (i.e. tactful in dealing with people),
d) observant (i.e. actively aware of physical surroundings and activities),
e) perceptive (i.e. instinctively aware of and able to understand situations),
f) versatile (i.e. adjust readily to different situations),
g) tenacious (i.e. persistent, focused on achieving objectives),
h) decisive (i.e. reach timely conclusions based on logical reasoning and analysis), and
i) self-reliant (i.e. act and function independently while interacting effectively with others).
7.2.2 Personnel carrying out contract review
7.2.2.1 Education
The certification body shall ensure that personnel carrying out contract review have the knowledge
corresponding to a secondary education.
© ISO 2007 – All rights reserved 3

---------------------- Page: 11 ----------------------

SIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
7.2.2.2 Food safety training
The certification body shall ensure that personnel carrying out contract review have successfully completed
training in
a) hazard analysis and critical control point (HACCP) principles, hazard assessment and hazard analysis,
b) food safety management principles including prerequisite programmes (PRPs), and
c) relevant FSMS standards (e.g. ISO 22000).
7.2.2.3 Audit training
The certification body shall ensure that personnel carrying out contract review have successfully completed
training in audit processes based on the guidance given in ISO 19011.
NOTE It is not mandatory for personnel carrying out contract review to have or to maintain audit experience.
7.2.2.4 Competences
The certification body shall ensure that personnel carrying out contract review demonstrate the ability to apply
knowledge and skills in the following areas:
a) classification of applicants in food chain categories and sectors;
b) assessment of applicant products, processes and practices;
c) deployment of FSMS auditor competences and requirements;
d) determination of audit time (see Annex B) and duration requirements;
e) certification body's policies and procedures related to contract review.
7.2.3 Personnel granting certification
7.2.3.1 General
The certification body shall ensure that the personnel who take the decision on granting certification have the
same education, food safety training, audit training and work experience as required for an auditor in one
category (see Annex A).
NOTE It is not mandatory for personnel granting certification to have or to maintain audit experience.
7.2.3.2 Competences
The certification body shall ensure that personnel granting certification demonstrate the ability to apply
knowledge and skills in the following areas:
a) current principles of HACCP;
b) understanding of PRPs;
c) identification of food safety hazards;
d) implementation and management of food safety hazards, critical control points (CCPs) and the ability to
assess the effectiveness of selected control measures;
e) corrections and corrective actions to be taken with regards to food safety matters;
4 © ISO 2007 – All rights reserved

---------------------- Page: 12 ----------------------

SIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
f) assessment of potential food safety hazards linked to the food supply chain;
g) laws and regulations relevant to food safety, in order to be able to conduct an effective audit of the FSMS;
h) products, processes and practices;
i) relevant food safety management system requirements;
j) relevant standards;
k) assessment and review of an audit report for accuracy and completeness;
l) assessment and review of the effectiveness of corrective actions;
m) the certification process.
7.2.4 Auditors
7.2.4.1 Education
The certification body shall ensure that auditors have the knowledge corresponding to a post-secondary
education that includes general microbiology and general chemistry.
The certification body shall also ensure that auditors have the knowledge corresponding to a post-secondary
education that includes courses in the food chain industry category in which they conduct FSMS audits.
EXAMPLES
a) For the food industry (Categories C, D, E, F, G and H in Table A.1): food microbiology, food processing fundamentals
and food chemistry including food analysis.
b) For farming (plants) (Category B in Table A.1): crop production.
c) For farming (animals) (Categories A and F in Table A.1): animal production.
d) For packaging/food machine/engineering industry (Categories I to M in Table A.1): science/engineering courses
related to the discipline.
7.2.4.2 Food safety training
The certification body shall ensure that auditors have successfully completed training in
a) HACCP principles, hazard assessment and hazard analysis, and
b) food safety management principles including PRPs.
The training course(s) should be recognized by the industry (and its stakeholders) as being appropriate and
relevant. The approval or certification of the training courses by an independent body with the relevant
expertise can provide some assurance that the course meets specified criteria.
7.2.4.3 Audit training
The certification body shall ensure that auditors have successfully completed training in
a) audit techniques based on ISO 19011, and
b) relevant FSMS standards (e.g. ISO 22000).
© ISO 2007 – All rights reserved 5

---------------------- Page: 13 ----------------------

SIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
7.2.4.4 Work experience
For a first qualification of an auditor in one or more categories, the certification body shall ensure that the
auditor has a minimum of five years of full-time work experience in the food-chain-related industry, including at
least two years of work in quality assurance or food safety functions within food production or manufacturing,
retailing, inspection or enforcement, or the equivalent.
The number of years of total work experience may be reduced by one year if the auditor has completed
appropriate post-secondary education.
7.2.4.5 Audit experience
For a first qualification, the certification body shall ensure that within the last three years the auditor has
performed at least twelve FSMS audit days in at least four organizations under the leadership of a qualified
auditor.
NOTE FSMS audit days include audit days dealing with ISO 9001 in the food industry or other FSMS audits.
For extension to a new category, the certification body shall demonstrate that the auditor has the required
competences through relevant education as required in 7.2.4.1, food-safety-related training in the new
category, and either
⎯ six months of work experience in the new category, or
⎯ four FSMS audits under the supervision of a qualified auditor in the new category.
For maintaining the qualification of the auditor, the certification body shall ensure that auditors have performed
either
⎯ a minimum of five external audits per year, including at least two FSMS audits, or
⎯ a minimum of four FSMS on-site external audits or ten FSMS audit days per year.
7.2.4.6 Competences
7.2.4.6.1 The competences of auditors shall be recorded [see 5.5 c) of ISO 19011:2002] for each category
and sector (see Annex A). The certification body shall provide evidence of a successful evaluation.
7.2.4.6.2 The certification body shall ensure that auditors demonstrate the ability to apply knowledge and
skills in the following areas.
a) Audit principles, procedures and techniques: to enable the auditor to apply those appropriate to different
audits and to ensure that audits are conducted in a consistent and systematic manner. An auditor shall be
able
⎯ to apply audit principles, procedures and techniques,
⎯ to plan and organize the work effectively,
⎯ to conduct the audit within the agreed time schedule,
⎯ to prioritize and focus on matters of significance,
⎯ to collect information through effective interviewing, listening, observing and reviewing documents,
records and data,
⎯ to understand the appropriateness and consequences of using sampling techniques for auditing,
⎯ to verify the accuracy of collected information,
6 © ISO 2007 – All rights reserved

---------------------- Page: 14 ----------------------

SIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
⎯ to confirm the sufficiency and appropriateness of audit evidence to support audit findings and
conclusions,
⎯ to assess those factors that can affect the reliability of the audit findings and conclusions,
⎯ to use work documents to record audit activities,
⎯ to prepare audit reports,
⎯ to maintain the confidentiality and security of information, and
⎯ to communicate effectively, either through personal linguistic skills or through an interpreter.
b) Management system and reference documents: to enable the auditor to comprehend the scope of the
audit and apply audit criteria. Knowledge and skills in this area shall cover
⎯ the application of management systems to different organizations,
⎯ interaction between the components of the management system,
⎯ food safety management system standards, applicable procedures or other management system
documents used as audit criteria,
⎯ recognizing differences between, and the priority of, the reference documents,
⎯ application of the reference documents to different audit situations, and
⎯ information systems and technology for authorization, security, distribution and control of documents,
data and records.
c) Organizational situations: to enable the auditor to comprehend the organization's operational context.
Knowledge and skills in this area shall cover
⎯ organizational size, structure, functions and relationships,
⎯ general business processes and related terminology, and
⎯ cultural and social customs of the auditee.
d) Applicable laws,
...

SLOVENSKI STANDARD
oSIST-TS ISO/TS 22003:2011
01-april-2011
Sistemi vodenja varnosti živil - Zahteve za organe, ki izvajajo presoje in
certificiranje sistemov vodenja varnosti živil
Food safety management systems -- Requirements for bodies providing audit and
certification of food safety management systems
Systèmes de management de la sécurité des denrées alimentaires -- Exigences pour les
organismes procédant à l'audit et à la certification de systèmes de management de la
sécurité des denrées alimentaires
Ta slovenski standard je istoveten z: ISO/TS 22003:2007
ICS:
03.120.20 Certificiranje proizvodov in Product and company
podjetij. Ugotavljanje certification. Conformity
skladnosti assessment
67.020 Procesi v živilski industriji Processes in the food
industry
oSIST-TS ISO/TS 22003:2011 en,fr
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

oSIST-TS ISO/TS 22003:2011

---------------------- Page: 2 ----------------------

oSIST-TS ISO/TS 22003:2011

TECHNICAL ISO/TS
SPECIFICATION 22003
First edition
2007-02-15

Food safety management systems —
Requirements for bodies providing audit
and certification of food safety
management systems
Systèmes de management de la sécurité des denrées alimentaires —
Exigences pour les organismes procédant à l'audit et à la certification
de systèmes de management de la sécurité des denrées alimentaires




Reference number
ISO/TS 22003:2007(E)
©
ISO 2007

---------------------- Page: 3 ----------------------

oSIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


©  ISO 2007
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2007 – All rights reserved

---------------------- Page: 4 ----------------------

oSIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
Contents Page
Foreword. iv
Introduction . v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions. 2
4 Principles. 2
5 General requirements. 2
5.1 General. 2
5.2 Management of impartiality . 2
6 Structural requirements . 3
7 Resource requirements. 3
7.1 Competence of management and personnel. 3
7.2 Personnel involved in the certification activities .3
7.3 Use of individual external auditors and external technical experts . 8
7.4 Personnel records . 8
7.5 Outsourcing. 8
8 Information requirements . 8
9 Process requirements . 9
9.1 General requirements. 9
9.2 Initial audit and certification . 10
9.3 Surveillance activities . 12
9.4 Recertification . 12
9.5 Special audits. 12
9.6 Suspending, withdrawing or reducing the scope of certification . 12
9.7 Appeals . 12
9.8 Complaints . 12
9.9 Records of applicants and clients . 12
10 Management system requirements for certification bodies. 12
Annex A (normative) Classification of food chain categories. 13
Annex B (informative) Minimum audit time . 14
Bibliography . 16

© ISO 2007 – All rights reserved iii

---------------------- Page: 5 ----------------------

oSIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
In other circumstances, particularly when there is an urgent market requirement for such documents, a
technical committee may decide to publish other types of normative document:
⎯ an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in
an ISO working group and is accepted for publication if it is approved by more than 50 % of the members
of the parent committee casting a vote;
⎯ an ISO Technical Specification (ISO/TS) represents an agreement between the members of a technical
committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting
a vote.
This document is being issued in the Technical Specification series of publications (according to the ISO/IEC
Directives, Part 1, 3.1) as a “prospective standard for provisional application” in the field of food safety
because there is an urgent need for guidance on how standards in this field should be used to meet an
identified need.
This document is not to be regarded as an “International Standard”. It is proposed for provisional application
so that information and experience of its use in practice may be gathered. Comments on the content of this
document should be sent to the ISO Central Secretariat.
A review of this Technical Specification will be carried out not later than 3 years after its publication with the
options of: extension for another 3 years; conversion into an International Standard; or withdrawal.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/TS 22003 was prepared by Technical Committee ISO/TC 34, Food products, in collaboration with
ISO Committee on conformity assessment (ISO/CASCO).
iv © ISO 2007 – All rights reserved

---------------------- Page: 6 ----------------------

oSIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
Introduction
Certification of the food safety management system (FSMS) of an organization is one means of providing
assurance that the organization has implemented a system for the management of food safety in line with its
policy.
Requirements for FSMSs can originate from a number of sources, and this Technical Specification has been
developed to assist in the certification of FSMSs that fulfil the requirements of ISO 22000, Food safety
management systems — Requirements for any organization in the food chain. The contents of this Technical
Specification may also be used to support certification of FSMSs that are based on other sets of specified
FSMS requirements.
This Technical Specification is intended for use by bodies that carry out audit and certification of FSMSs. It
gives generic requirements for such certification bodies performing audit and certification in the field of food
safety management systems. Such bodies are referred to as certification bodies. This wording should not be
an obstacle to the use of this Technical Specification by bodies with other designations that undertake
activities covered by the scope of this document. Indeed, this Technical Specification should be usable by any
body involved in the assessment of FSMSs.
Certification activities involve the audit of an organization's FSMS. The form of attestation of conformity of an
organization's FSMS to a specific FSMS standard (for example ISO 22000) or other specified requirements is
normally a certification document or a certificate.
It is for the organization being certified to develop its own management systems (including ISO 22000 FSMS,
other sets of specified FSMS requirements, quality management systems, environmental management
systems or occupational health and safety management systems) and, other than where relevant legislative
requirements specify to the contrary, it is for the organization to decide how the various components of these
will be arranged. The degree of integration between the various management system components will vary
from organization to organization. It is therefore appropriate for certification bodies that operate in accordance
with this Technical Specification to take into account the culture and practices of their clients with respect to
the integration of their FSMSs within the wider organization.

© ISO 2007 – All rights reserved v

---------------------- Page: 7 ----------------------

oSIST-TS ISO/TS 22003:2011

---------------------- Page: 8 ----------------------

oSIST-TS ISO/TS 22003:2011
TECHNICAL SPECIFICATION ISO/TS 22003:2007(E)

Food safety management systems — Requirements for bodies
providing audit and certification of food safety management
systems
1 Scope
This Technical Specification
⎯ defines the rules applicable for the audit and certification of a food safety management system (FSMS)
complying with the requirements given in ISO 22000 (or other sets of specified FSMS requirements), and
⎯ provides the necessary information and confidence to customers about the way certification of their
suppliers has been granted.
Certification of FSMSs (named “certification” in this Technical Specification) is a third-party conformity
assessment activity (see ISO/IEC 17000:2004, 5.5). Bodies performing this activity are therefore third-party
conformity assessment bodies (named “certification body/bodies” in this Technical Specification).
NOTE 1 Certification of an FSMS is sometimes also called “registration”, and certification bodies are sometimes called
“registrars”.
NOTE 2 A certification body can be non-governmental or governmental (with or without regulatory authority).
NOTE 3 This Technical Specification is primarily intended to be used as a criteria document for the accreditation or
peer assessment of certification bodies which seek to be recognized as being competent to certify that an FSMS complies
with ISO 22000. It is also intended to be used as a criteria document by regulatory authorities and industry consortia which
engage in direct recognition of certification bodies to certify that an FSMS complies with ISO 22000. Some of its
requirements could also be found useful by any other parties involved in the conformity assessment of such certification
bodies, and in the conformity assessment of any bodies that undertake to certify the compliance of FSMSs with criteria
additional to or other than those in ISO 22000.
FSMS certification does not attest to the safety or fitness of the products of an organization within the food
chain. However, ISO 22000 requires an organization to meet all applicable food-safety-related statutory and
regulatory requirements through its management system.
It is important to note that certification of an FSMS according to ISO 22000 is a management system
certification and not a product certification.
Other FSMS users can use the concepts and requirements of this Technical Specification provided that the
requirements are adapted as necessary.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing
ISO 22000:2005, Food safety management systems — Requirements for any organization in the food chain
© ISO 2007 – All rights reserved 1

---------------------- Page: 9 ----------------------

oSIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
ISO/IEC 17000:2004, Conformity assessment — Vocabulary and general principles
ISO/IEC 17021:2006, Conformity assessment — Requirements for bodies providing audit and certification of
management systems
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 17000, ISO/IEC 17021,
ISO 22000 and the following apply.
NOTE In this Technical Specification, the terms “product” and “service” are used separately, which is not in
accordance with the definition of product given in ISO/IEC 17000.
3.1
hazard analysis and critical control point
HACCP
system which identifies, evaluates and controls hazards which are significant for food safety
NOTE Adapted from Reference [8].
3.2
food safety management system
FSMS
set of interrelated or interacting elements to establish policy and objectives and to achieve those objectives,
used to direct and control an organization with regard to food safety
NOTE See 3.2.1, 3.2.2 and 3.2.3 of ISO 9000:2005.
4 Principles
The principles given in Clause 4 of ISO/IEC 17021:2006 are the basis for the subsequent specific
performance and descriptive requirements in this Technical Specification. This Technical Specification does
not give specific requirements for all situations that can occur. These principles should be applied as guidance
for the decisions that may need to be made for unanticipated situations. Principles are not requirements.
The term “management system” used in ISO/IEC 17021 shall be replaced by “food safety management
system” in the context of this Technical Specification.
5 General requirements
5.1 General
All the requirements given in Clause 5 of ISO/IEC 17021:2006 apply.
5.2 Management of impartiality
The certification body and any part of the same legal entity shall not offer or provide hazard analysis
consultancy, FSMS consultancy or management system consultancy.
The fact that the organization employing the auditor is known to have provided hazard analysis consultancy,
FSMS consultancy or management system consultancy on the management system, within two years
following the end of the consultancy, is likely to be considered as a high threat to impartiality.
2 © ISO 2007 – All rights reserved

---------------------- Page: 10 ----------------------

oSIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
The term “management system consultancy” mentioned in 5.2 of ISO/IEC 17021:2006 shall be replaced in the
context of this Technical Specification by “hazard analysis consultancy, FSMS consultancy or management
system consultancy”.
6 Structural requirements
All the requirements given in Clause 6 of ISO/IEC 17021:2006 apply.
7 Resource requirements
7.1 Competence of management and personnel
All the requirements given in 7.1 of ISO/IEC 17021:2006 apply.
Additionally, the certification body shall have processes to ensure that personnel have appropriate knowledge
relevant to the categories (see Annex A) in which it operates.
7.2 Personnel involved in the certification activities
7.2.1 General
7.2.1.1 All the requirements given in 7.2 of ISO/IEC 17021:2006 apply.
7.2.1.2 The certification body shall ensure that all personnel involved in the audit and certification
activities possess the following personal attributes. The personnel shall be
a) ethical (i.e. fair, truthful, sincere, honest and discreet),
b) open-minded (i.e. willing to consider alternative ideas or points of view),
c) diplomatic (i.e. tactful in dealing with people),
d) observant (i.e. actively aware of physical surroundings and activities),
e) perceptive (i.e. instinctively aware of and able to understand situations),
f) versatile (i.e. adjust readily to different situations),
g) tenacious (i.e. persistent, focused on achieving objectives),
h) decisive (i.e. reach timely conclusions based on logical reasoning and analysis), and
i) self-reliant (i.e. act and function independently while interacting effectively with others).
7.2.2 Personnel carrying out contract review
7.2.2.1 Education
The certification body shall ensure that personnel carrying out contract review have the knowledge
corresponding to a secondary education.
© ISO 2007 – All rights reserved 3

---------------------- Page: 11 ----------------------

oSIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
7.2.2.2 Food safety training
The certification body shall ensure that personnel carrying out contract review have successfully completed
training in
a) hazard analysis and critical control point (HACCP) principles, hazard assessment and hazard analysis,
b) food safety management principles including prerequisite programmes (PRPs), and
c) relevant FSMS standards (e.g. ISO 22000).
7.2.2.3 Audit training
The certification body shall ensure that personnel carrying out contract review have successfully completed
training in audit processes based on the guidance given in ISO 19011.
NOTE It is not mandatory for personnel carrying out contract review to have or to maintain audit experience.
7.2.2.4 Competences
The certification body shall ensure that personnel carrying out contract review demonstrate the ability to apply
knowledge and skills in the following areas:
a) classification of applicants in food chain categories and sectors;
b) assessment of applicant products, processes and practices;
c) deployment of FSMS auditor competences and requirements;
d) determination of audit time (see Annex B) and duration requirements;
e) certification body's policies and procedures related to contract review.
7.2.3 Personnel granting certification
7.2.3.1 General
The certification body shall ensure that the personnel who take the decision on granting certification have the
same education, food safety training, audit training and work experience as required for an auditor in one
category (see Annex A).
NOTE It is not mandatory for personnel granting certification to have or to maintain audit experience.
7.2.3.2 Competences
The certification body shall ensure that personnel granting certification demonstrate the ability to apply
knowledge and skills in the following areas:
a) current principles of HACCP;
b) understanding of PRPs;
c) identification of food safety hazards;
d) implementation and management of food safety hazards, critical control points (CCPs) and the ability to
assess the effectiveness of selected control measures;
e) corrections and corrective actions to be taken with regards to food safety matters;
4 © ISO 2007 – All rights reserved

---------------------- Page: 12 ----------------------

oSIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
f) assessment of potential food safety hazards linked to the food supply chain;
g) laws and regulations relevant to food safety, in order to be able to conduct an effective audit of the FSMS;
h) products, processes and practices;
i) relevant food safety management system requirements;
j) relevant standards;
k) assessment and review of an audit report for accuracy and completeness;
l) assessment and review of the effectiveness of corrective actions;
m) the certification process.
7.2.4 Auditors
7.2.4.1 Education
The certification body shall ensure that auditors have the knowledge corresponding to a post-secondary
education that includes general microbiology and general chemistry.
The certification body shall also ensure that auditors have the knowledge corresponding to a post-secondary
education that includes courses in the food chain industry category in which they conduct FSMS audits.
EXAMPLES
a) For the food industry (Categories C, D, E, F, G and H in Table A.1): food microbiology, food processing fundamentals
and food chemistry including food analysis.
b) For farming (plants) (Category B in Table A.1): crop production.
c) For farming (animals) (Categories A and F in Table A.1): animal production.
d) For packaging/food machine/engineering industry (Categories I to M in Table A.1): science/engineering courses
related to the discipline.
7.2.4.2 Food safety training
The certification body shall ensure that auditors have successfully completed training in
a) HACCP principles, hazard assessment and hazard analysis, and
b) food safety management principles including PRPs.
The training course(s) should be recognized by the industry (and its stakeholders) as being appropriate and
relevant. The approval or certification of the training courses by an independent body with the relevant
expertise can provide some assurance that the course meets specified criteria.
7.2.4.3 Audit training
The certification body shall ensure that auditors have successfully completed training in
a) audit techniques based on ISO 19011, and
b) relevant FSMS standards (e.g. ISO 22000).
© ISO 2007 – All rights reserved 5

---------------------- Page: 13 ----------------------

oSIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
7.2.4.4 Work experience
For a first qualification of an auditor in one or more categories, the certification body shall ensure that the
auditor has a minimum of five years of full-time work experience in the food-chain-related industry, including at
least two years of work in quality assurance or food safety functions within food production or manufacturing,
retailing, inspection or enforcement, or the equivalent.
The number of years of total work experience may be reduced by one year if the auditor has completed
appropriate post-secondary education.
7.2.4.5 Audit experience
For a first qualification, the certification body shall ensure that within the last three years the auditor has
performed at least twelve FSMS audit days in at least four organizations under the leadership of a qualified
auditor.
NOTE FSMS audit days include audit days dealing with ISO 9001 in the food industry or other FSMS audits.
For extension to a new category, the certification body shall demonstrate that the auditor has the required
competences through relevant education as required in 7.2.4.1, food-safety-related training in the new
category, and either
⎯ six months of work experience in the new category, or
⎯ four FSMS audits under the supervision of a qualified auditor in the new category.
For maintaining the qualification of the auditor, the certification body shall ensure that auditors have performed
either
⎯ a minimum of five external audits per year, including at least two FSMS audits, or
⎯ a minimum of four FSMS on-site external audits or ten FSMS audit days per year.
7.2.4.6 Competences
7.2.4.6.1 The competences of auditors shall be recorded [see 5.5 c) of ISO 19011:2002] for each category
and sector (see Annex A). The certification body shall provide evidence of a successful evaluation.
7.2.4.6.2 The certification body shall ensure that auditors demonstrate the ability to apply knowledge and
skills in the following areas.
a) Audit principles, procedures and techniques: to enable the auditor to apply those appropriate to different
audits and to ensure that audits are conducted in a consistent and systematic manner. An auditor shall be
able
⎯ to apply audit principles, procedures and techniques,
⎯ to plan and organize the work effectively,
⎯ to conduct the audit within the agreed time schedule,
⎯ to prioritize and focus on matters of significance,
⎯ to collect information through effective interviewing, listening, observing and reviewing documents,
records and data,
⎯ to understand the appropriateness and consequences of using sampling techniques for auditing,
⎯ to verify the accuracy of collected information,
6 © ISO 2007 – All rights reserved

---------------------- Page: 14 ----------------------

oSIST-TS ISO/TS 22003:2011
ISO/TS 22003:2007(E)
⎯ to confirm the sufficiency and appropriateness of audit evidence to support audit findings and
conclusions,
⎯ to assess those factors that can affect the reliability of the audit findings and conclusions,
⎯ to use work documents to record audit activities,
⎯ to prepare audit reports,
⎯ to maintain the confidentiality and security of information, and
⎯ to communicate effectively, either through personal linguistic skills or through an interpreter.
b) Management system and reference documents: to enable the auditor to comprehend the scope of the
audit and apply audit criteria. Knowledge and skills in this area shall cover
⎯ the application of management systems to different organizations,
⎯ interaction between the components of the management system,
⎯ food safety management system standards, applicable procedures or other management system
documents used as audit criteria,
⎯ recognizing differences between, and the priority of, the reference documents,
⎯ application of the reference documents to different audit situations, and
⎯ information systems and technology for authorization, security, distribution and control of documents,
data and records.
c) Organizational situations: to enable the auditor to comprehend the organization's operational context.
Knowledge and skills in this area shall cover
⎯ organizational size, structure, functions and relationships,
⎯ general business processes and related terminology, and
⎯ cultural and social customs of the auditee.
d)
...

SPÉCIFICATION ISO
TECHNIQUE 22003
Première édition
2007-02-15


Systèmes de management de la sécurité
des denrées alimentaires — Exigences
pour les organismes procédant à l'audit
et à la certification de systèmes de
management de la sécurité des denrées
alimentaires
Food safety management systems — Requirements for bodies
providing audit and certification of food safety management systems




Numéro de référence
ISO/TS 22003:2007(F)
©
ISO 2007

---------------------- Page: 1 ----------------------
ISO/TS 22003:2007(F)
PDF – Exonération de responsabilité
Le présent fichier PDF peut contenir des polices de caractères intégrées. Conformément aux conditions de licence d'Adobe, ce fichier
peut être imprimé ou visualisé, mais ne doit pas être modifié à moins que l'ordinateur employé à cet effet ne bénéficie d'une licence
autorisant l'utilisation de ces polices et que celles-ci y soient installées. Lors du téléchargement de ce fichier, les parties concernées
acceptent de fait la responsabilité de ne pas enfreindre les conditions de licence d'Adobe. Le Secrétariat central de l'ISO décline toute
responsabilité en la matière.
Adobe est une marque déposée d'Adobe Systems Incorporated.
Les détails relatifs aux produits logiciels utilisés pour la création du présent fichier PDF sont disponibles dans la rubrique General Info
du fichier; les paramètres de création PDF ont été optimisés pour l'impression. Toutes les mesures ont été prises pour garantir
l'exploitation de ce fichier par les comités membres de l'ISO. Dans le cas peu probable où surviendrait un problème d'utilisation,
veuillez en informer le Secrétariat central à l'adresse donnée ci-dessous.


DOCUMENT PROTÉGÉ PAR COPYRIGHT


©  ISO 2007
Droits de reproduction réservés. Sauf prescription différente, aucune partie de cette publication ne peut être reproduite ni utilisée sous
quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie et les microfilms, sans l'accord écrit
de l'ISO à l'adresse ci-après ou du comité membre de l'ISO dans le pays du demandeur.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax. + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Publié en Suisse

ii © ISO 2007 – Tous droits réservés

---------------------- Page: 2 ----------------------
ISO/TS 22003:2007(F)
Sommaire Page
Avant-propos. iv
Introduction . v
1 Domaine d'application. 1
2 Références normatives . 2
3 Termes et définitions. 2
4 Principes. 2
5 Exigences générales . 3
5.1 Généralités . 3
5.2 Gestion de l'impartialité . 3
6 Exigences structurelles . 3
7 Exigences relatives aux ressources. 3
7.1 Compétence de la direction et du personnel. 3
7.2 Personnel intervenant dans les activités de certification . 3
7.3 Intervention d'auditeurs et d'experts techniques externes individuels. 9
7.4 Enregistrements relatifs au personnel . 9
7.5 Externalisation . 9
8 Exigences relatives aux informations . 9
9 Exigences relatives aux processus . 10
9.1 Exigences générales . 10
9.2 Évaluation et certification initiales. 11
9.3 Activités de surveillance. 13
9.4 Renouvellement de la certification . 13
9.5 Audits particuliers . 13
9.6 Suspension, retrait ou réduction du périmètre de la certification. 13
9.7 Appels . 13
9.8 Plaintes . 13
9.9 Enregistrements relatifs aux demandeurs et aux clients. 13
10 Exigences relatives au système de management des organismes de certification. 13
Annexe A (normative) Classification des catégories de la chaîne alimentaire . 14
Annexe B (informative) Durée minimale de l'audit. 15
Bibliographie . 17

© ISO 2007 – Tous droits réservés iii

---------------------- Page: 3 ----------------------
ISO/TS 22003:2007(F)
Avant-propos
L'ISO (Organisation internationale de normalisation) est une fédération mondiale d'organismes nationaux de
normalisation (comités membres de l'ISO). L'élaboration des Normes internationales est en général confiée
aux comités techniques de l'ISO. Chaque comité membre intéressé par une étude a le droit de faire partie du
comité technique créé à cet effet. Les organisations internationales, gouvernementales et non
gouvernementales, en liaison avec l'ISO participent également aux travaux. L'ISO collabore étroitement avec
la Commission électrotechnique internationale (CEI) en ce qui concerne la normalisation électrotechnique.
Les Normes internationales sont rédigées conformément aux règles données dans les Directives ISO/CEI,
Partie 2.
La tâche principale des comités techniques est d'élaborer les Normes internationales. Les projets de Normes
internationales adoptés par les comités techniques sont soumis aux comités membres pour vote. Leur
publication comme Normes internationales requiert l'approbation de 75 % au moins des comités membres
votants.
Dans d'autres circonstances, en particulier lorsqu'il existe une demande urgente du marché, un comité
technique peut décider de publier d'autres types de documents normatifs:
⎯ une Spécification publiquement disponible ISO (ISO/PAS) représente un accord entre les experts dans
un groupe de travail ISO et est acceptée pour publication si elle est approuvée par plus de 50 % des
membres votants du comité dont relève le groupe de travail;
⎯ une Spécification technique ISO (ISO/TS) représente un accord entre les membres d'un comité technique
et est acceptée pour publication si elle est approuvée par 2/3 des membres votants du comité.
Le présent document est publié dans la série des Spécifications techniques (conformément au
paragraphe 3.1 de la partie 1 des Directives ISO/CEI) comme «norme prospective d'application provisoire»
dans le domaine de la sécurité des denrées alimentaires en raison de l'urgence d'avoir une indication quant à
la manière dont il convient d'utiliser les normes dans ce domaine pour répondre à un besoin déterminé.
Ce document ne doit pas être considéré comme une «Norme internationale». Il est proposé pour une mise en
œuvre provisoire, afin de recueillir des informations et d'acquérir de l'expérience quant à son application dans
la pratique. Il est de règle d'envoyer les observations éventuelles relatives au contenu de ce document au
Secrétariat central de l'ISO.
Il sera procédé à un nouvel examen de cette Spécification technique au plus tard trois ans après sa
publication, avec la faculté d'en prolonger la validité pendant trois autres années, de le transformer en Norme
internationale ou de l'annuler.
L'attention est appelée sur le fait que certains des éléments du présent document peuvent faire l'objet de
droits de propriété intellectuelle ou de droits analogues. L'ISO ne saurait être tenue pour responsable de ne
pas avoir identifié de tels droits de propriété et averti de leur existence.
L'ISO/TS 22003 a été élaborée par le comité technique ISO/TC 34 Produits alimentaires, en collaboration
avec le Comité ISO pour l'évaluation de la conformité (ISO/CASCO).
iv © ISO 2007 – Tous droits réservés

---------------------- Page: 4 ----------------------
ISO/TS 22003:2007(F)
Introduction
La certification du système de management de la sécurité des denrées alimentaires (SMSDA) d'une
organisation est l'un des moyens permettant d'assurer que l'organisation a mis en œuvre un SMSDA
conforme à sa politique.
Les exigences applicables aux SMSDA peuvent émaner d'un certain nombre de sources et la présente
Spécification technique a été élaborée pour apporter une aide à la certification des SMSDA qui satisfont aux
exigences de l'ISO 22000, Systèmes de management de la sécurité des denrées alimentaires — Exigences
pour tout organisme appartenant à la chaîne alimentaire. Le contenu de la présente Spécification technique
peut également servir à accompagner la certification des SMSDA qui sont fondés sur d'autres ensembles
d'exigences spécifiées en la matière.
La présente Spécification technique est destinée à l'usage des organismes qui auditent et qui certifient des
SMSDA. Elle définit des exigences génériques applicables aux organismes de certification procédant à l'audit
et à la certification dans le domaine des SMSDA. Ces organismes sont appelés organismes de certification. Il
convient que ce libellé ne fasse pas obstacle à l'utilisation de la présente Spécification technique par des
organismes désignés différemment entreprenant des activités couvertes par le domaine d'application décrit
dans ce document. En effet, il convient que la présente Spécification technique puisse être utilisée par tout
organisme impliqué dans l'évaluation de SMSDA.
Les activités de certification comprennent l'audit du SMSDA d'une organisation. La manière d'attester la
conformité de ce système à une norme spécifique de SMSDA (par exemple ISO 22000) ou à d'autres
exigences spécifiées prend généralement la forme d'un document de certification ou d'un certificat.
Il incombe à l'organisation soumise à la procédure de certification de mettre au point ses propres systèmes de
management (y compris un SMSDA conforme à l'ISO 22000, d'autres ensembles d'exigences spécifiées en la
matière, des systèmes de management de la qualité, des systèmes de management environnemental ou des
systèmes de management de l'hygiène et de la sécurité au travail) et, sauf spécifications contraires dans les
exigences réglementaires applicables, il appartient à l'organisation de décider de l'agencement des divers
composants desdits systèmes. Le degré d'intégration entre les divers composants des systèmes de
management variera d'une organisation à l'autre. Il est donc approprié pour les organismes de certification qui
opèrent conformément à la présente Spécification technique de prendre en compte la culture et les pratiques
de leurs clients, eu égard à l'intégration de leurs SMSDA dans un cadre plus large.

© ISO 2007 – Tous droits réservés v

---------------------- Page: 5 ----------------------
SPÉCIFICATION TECHNIQUE ISO/TS 22003:2007(F)

Systèmes de management de la sécurité des denrées
alimentaires — Exigences pour les organismes procédant à
l'audit et à la certification de systèmes de management de la
sécurité des denrées alimentaires
1 Domaine d'application
La présente Spécification technique
⎯ définit les règles applicables à l'audit et à la certification d'un système de management de la sécurité des
denrées alimentaires (SMSDA) conforme aux exigences de l'ISO 22000 (ou à d'autres ensembles
d'exigences spécifiées en la matière);
⎯ fournit aux clients les informations nécessaires sur la manière de procéder à la certification de leurs
fournisseurs et leur donne ainsi confiance dans cette certification.
La certification des SMSDA (désignée «certification» dans la présente Spécification technique) est une
activité d'évaluation de la conformité par tierce partie (voir l'ISO/CEI 17000:2004, 5.5). Les organismes
exerçant cette activité sont par conséquent des organismes d'évaluation de la conformité par tierce partie
[désignés «organisme(s) de certification» dans la présente Spécification technique].
NOTE 1 La certification d'un SMSDA est parfois également appelée «enregistrement», et les organismes de
certification sont parfois désignés «organismes d'enregistrement».
NOTE 2 Un organisme de certification peut être gouvernemental (avec ou sans pouvoir réglementaire) ou non
gouvernemental.
NOTE 3 La présente Spécification technique est essentiellement destinée à être utilisée comme référentiel pour
l'accréditation ou l'évaluation par des pairs des organismes de certification qui cherchent à se faire reconnaître comme
étant compétents pour certifier qu'un SMSDA est conforme à l'ISO 22000. Elle est également destinée à être utilisée
comme référentiel par des autorités réglementaires et des consortiums industriels qui procèdent à la reconnaissance
directe des organismes de certification qui certifient qu'un SMSDA est conforme à l'ISO 22000. Certaines de ses
exigences peuvent aussi s'avérer utiles pour toute autre partie pouvant être impliquée dans l'évaluation de la conformité
de tels organismes de certification et dans l'évaluation de la conformité de tout organisme qui réalise la certification de la
conformité des SMSDA à des critères complémentaires à l'ISO 22000 ou différents de ceux énoncés dans cette dernière.
La certification d'un SMSDA n'atteste pas la sécurité ou l'aptitude à l'emploi des produits d'une organisation
appartenant à la chaîne alimentaire. Cependant, l'ISO 22000 exige qu'une organisation satisfasse à
l'ensemble des exigences législatives et réglementaires en vigueur liées à la sécurité des denrées
alimentaires au travers de son système de management.
Il est important de noter que la certification d'un SMSDA conforme à l'ISO 22000 est une certification de
système de management et non une certification de produits.
D'autres utilisateurs de SMSDA peuvent utiliser les concepts et les exigences de la présente Spécification
technique, à condition d'adapter les exigences selon les besoins.
© ISO 2007 – Tous droits réservés 1

---------------------- Page: 6 ----------------------
ISO/TS 22003:2007(F)
2 Références normatives
Les documents de référence suivants sont indispensables pour l'application du présent document. Pour les
références datées, seule l'édition citée s'applique. Pour les références non datées, la dernière édition du
document de référence s'applique (y compris les éventuels amendements).
ISO 19011:2002, Lignes directrices pour l'audit des systèmes de management de la qualité et/ou de
management environnemental
ISO 22000:2005, Systèmes de management de la sécurité des denrées alimentaires — Exigences pour tout
organisme appartenant à la chaîne alimentaire
ISO/CEI 17000:2004, Évaluation de la conformité — Vocabulaire et principes généraux
ISO/CEI 17021:2006, Évaluation de la conformité — Exigences pour les organismes procédant à l'audit et à la
certification de systèmes de management
3 Termes et définitions
Pour les besoins du présent document, les termes et définitions donnés dans l'ISO/CEI 17000,
l'ISO/CEI 17021 et l'ISO 22000 ainsi que les suivants s'appliquent.
NOTE Dans la présente Spécification technique, les termes «produit» et «service» sont employés séparément, ce
qui n'est pas conforme à la définition de «produit» donnée dans l'ISO/CEI 17000.
3.1
analyse des dangers et points critiques pour leur maîtrise
HACCP
système qui identifie, évalue et maîtrise les dangers significatifs au regard de la sécurité des denrées
alimentaires
NOTE Adapté de la Référence [8].
3.2
système de management de la sécurité des denrées alimentaires
SMSDA
ensemble d'éléments corrélés ou interactifs permettant d'établir une politique et des objectifs et d'atteindre
ces objectifs, utilisé pour orienter et maîtriser une organisation en matière de sécurité des denrées
alimentaires
NOTE Voir 3.2.1, 3.2.2 et 3.2.3 de l'ISO 9000:2005.
4 Principes
Les principes énoncés dans l'Article 4 de l'ISO/CEI 17021:2006 servent de base pour les exigences
spécifiques de performance et les exigences descriptives données dans la présente Spécification technique.
Cette Spécification technique ne fournit pas d'exigences spécifiques applicables à toutes les situations
susceptibles de survenir. Il convient de considérer ces principes comme des recommandations à appliquer en
cas de décisions à prendre dans des situations imprévues. Ces principes ne constituent pas des exigences.
L'expression «système de management» employée dans l'ISO/CEI 17021:2006 doit être remplacée par
«système de management de la sécurité des denrées alimentaires» dans le contexte de la présente
Spécification technique.
2 © ISO 2007 – Tous droits réservés

---------------------- Page: 7 ----------------------
ISO/TS 22003:2007(F)
5 Exigences générales
5.1 Généralités
Toutes les exigences énoncées dans l'Article 5 de l'ISO/CEI 17021:2006 s'appliquent.
5.2 Gestion de l'impartialité
L'organisme de certification et toute autre partie de la même entité juridique ne doivent pas proposer ou
fournir des prestations de conseil en matière d'analyse des dangers, de SMSDA ou de système de
management.
Le fait que l'on sache que l'organisme employant l'auditeur a fourni, sur le système de management, des
prestations de conseil en matière d'analyse des dangers, de SMSDA ou de système de management dans les
deux ans précédant le début de l'audit, est susceptible d'être considéré comme une menace importante pour
l'impartialité.
L'expression «conseils en matière de système de management» mentionnée en 5.2 de l'ISO/CEI 17021:2006
doit être remplacée dans le cadre de la présente Spécification technique par «conseils en matière d'analyse
des dangers, de SMSDA ou de système de management».
6 Exigences structurelles
Toutes les exigences énoncées dans l'Article 6 de l'ISO/CEI 17021:2006 s'appliquent.
7 Exigences relatives aux ressources
7.1 Compétence de la direction et du personnel
Toutes les exigences énoncées en 7.1 de l'ISO/CEI 17021:2006 s'appliquent.
En outre, l'organisme de certification doit disposer de processus lui garantissant que le personnel possède
une connaissance appropriée des catégories (voir Annexe A) qui entrent dans son périmètre d'action.
7.2 Personnel intervenant dans les activités de certification
7.2.1 Généralités
7.2.1.1 Toutes les exigences énoncées en 7.2 de l'ISO/CEI 17021:2006 s'appliquent.
7.2.1.2 L'organisme de certification doit s'assurer que tous les personnels impliqués dans les activités
d'audit et de certification possèdent les qualités personnelles suivantes. Le personnel doit être
a) intègre (c'est-à-dire juste, attaché à la vérité, sincère, honnête et discret),
b) ouvert d'esprit (c'est-à-dire soucieux de prendre en considération des idées ou des points de vue
différents),
c) diplomate (c'est-à-dire faisant preuve de tact dans les relations avec les autres),
d) observateur (c'est-à-dire activement attentif aux activités et à leur environnement physique),
e) perspicace (c'est-à-dire appréhendant instinctivement et capable de comprendre les situations),
© ISO 2007 – Tous droits réservés 3

---------------------- Page: 8 ----------------------
ISO/TS 22003:2007(F)
f) polyvalent (c'est-à-dire s'adaptant facilement à différentes situations),
g) tenace (c'est-à-dire persévérant, concentré sur l'atteinte des objectifs),
h) capable de décision (c'est-à-dire capable de tirer en temps voulu des conclusions fondées sur un
raisonnement et une analyse logiques),
i) autonome (c'est-à-dire agissant et travaillant de son propre chef tout en établissant des relations
efficaces avec les autres).
7.2.2 Personnel réalisant la revue de contrat
7.2.2.1 Formation
L'organisme de certification doit s'assurer que les personnes réalisant la revue de contrat possèdent les
connaissances correspondant à un niveau d'enseignement secondaire.
7.2.2.2 Formation en matière de sécurité des denrées alimentaires
L'organisme de certification doit s'assurer que les personnes intervenant dans la revue de contrat ont suivi
avec succès une formation relative
a) aux principes de l'analyse des dangers et des points critiques pour leur maîtrise (HACCP), à l'évaluation
des dangers et à l'analyse des dangers,
b) aux principes de management de la sécurité des denrées alimentaires, y compris les programmes
prérequis (PRP), et
c) aux normes correspondantes de SMSDA (par exemple l'ISO 22000).
7.2.2.3 Formation à l'audit
L'organisme de certification doit s'assurer que les personnes intervenant dans la revue de contrat ont suivi
avec succès une formation relative aux processus d'audit fondée sur l'ISO 19011.
NOTE Pour les personnes intervenant dans la revue de contrat, il n'est pas obligatoire d'avoir une expérience en
matière d'audit ou de la tenir à jour.
7.2.2.4 Compétences
L'organisme de certification doit s'assurer que les personnes intervenant dans la revue de contrat démontrent
la capacité d'appliquer leurs connaissances et leurs compétences dans les domaines suivants:
a) la classification des demandeurs dans les catégories et les secteurs de la chaîne alimentaire;
b) l'évaluation des produits, des procédés et des pratiques des demandeurs;
c) le déploiement des compétences des auditeurs et des exigences de SMSDA;
d) la détermination de la date de l'audit (voir Annexe B) et les exigences en matière de durée;
e) les politiques et les modes opératoires de l'organisme de certification liés à la revue de contrat.
4 © ISO 2007 – Tous droits réservés

---------------------- Page: 9 ----------------------
ISO/TS 22003:2007(F)
7.2.3 Personnel délivrant la certification
7.2.3.1 Généralités
L'organisme de certification doit s'assurer que les personnes qui prennent la décision de délivrer une
certification possèdent le même niveau de formation, la même formation en matière de sécurité des denrées
alimentaires, la même formation à l'audit et la même expérience professionnelle exigés pour un auditeur dans
une catégorie (voir Annexe A).
NOTE Pour les personnes intervenant dans la délivrance d'une certification, il n'est pas obligatoire d'avoir une
expérience en matière d'audit ou de la tenir à jour.
7.2.3.2 Compétences
L'organisme de certification doit s'assurer que les personnes intervenant dans la délivrance d'une certification
démontrent la capacité d'appliquer leurs connaissances et leurs compétences dans les domaines suivants:
a) les principes HACCP actuellement en vigueur;
b) la compréhension des programmes prérequis (PRP);
c) l'identification des dangers liés à la sécurité des denrées alimentaires;
d) la mise en œuvre et la gestion des dangers liés à la sécurité des denrées alimentaires, des points
critiques pour la maîtrise, ainsi que la capacité d'évaluer l'efficacité des mesures de maîtrise
sélectionnées;
e) les corrections et les actions correctives à prendre en matière de sécurité des denrées alimentaires;
f) l'évaluation de dangers potentiels liés à la sécurité des denrées alimentaires et associés à la chaîne
alimentaire;
g) les législations et les réglementations en matière de sécurité des denrées alimentaires afin de pouvoir
réaliser un audit efficace du SMSDA;
h) les produits, les procédés et les pratiques;
i) les exigences pertinentes des SMSDA;
j) les normes pertinentes;
k) l'évaluation et la revue d'un rapport d'audit quant à son exactitude et à sa complétude;
l) l'évaluation et la revue de l'efficacité des actions correctives;
m) le processus de certification.
7.2.4 Auditeurs
7.2.4.1 Formation
L'organisme de certification doit s'assurer que les auditeurs possèdent les connaissances correspondant à un
niveau d'enseignement postsecondaire comprenant des cours de microbiologie générale et de chimie
générale.
L'organisme de certification doit s'assurer que les auditeurs possèdent les connaissances correspondant à un
niveau d'enseignement postsecondaire qui comporte des cours relatifs à la catégorie de l'industrie de la
chaîne alimentaire où ils mènent des audits de SMSDA.
© ISO 2007 – Tous droits réservés 5

---------------------- Page: 10 ----------------------
ISO/TS 22003:2007(F)
EXEMPLES
a) Pour l'industrie alimentaire (Catégories C, D, E, F, G et H dans le Tableau A.1): microbiologie des aliments, principes
fondamentaux de la transformation des aliments et chimie des aliments, y compris l‘analyse des denrées
alimentaires.
b) Pour l'agriculture (végétaux) (Catégorie B dans le Tableau A.1): production végétale.
c) Pour l'agriculture (animaux) (Catégories A et F dans le Tableau A.1): production animale.
d) Pour les industries de l'emballage, des machines alimentaires et du génie des procédés (Catégories I à M dans le
Tableau A.1): cours de science et d'ingénierie liés à la discipline.
7.2.4.2 Formation en matière de sécurité des denrées alimentaires
L'organisme de certification doit s'assurer que les auditeurs ont suivi avec succès une formation relative
a) aux principes HACCP, à l'évaluation des dangers et à l'analyse des dangers, et
b) aux principes de management de la sécurité des denrées alimentaires, y compris les programmes
prérequis (PRP).
Il est recommandé que le ou les cours de formation soient reconnus par l'industrie (et par ses parties
prenantes) comme étant appropriés et pertinents. Leur approbation ou certification par un organisme
indépendant possédant l'expertise correspondante peut fournir une certaine assurance de la conformité du
cours aux critères spécifiés.
7.2.4.3 Formation à l'audit
L'organisme de certification doit s'assurer que les auditeurs ont suivi avec succès une formation relative
a) aux techniques d'audit fondées sur l'ISO 19011, et
b) aux normes correspondantes de SMSDA (par exemple l'ISO 22000).
7.2.4.4 Expérience professionnelle
Pour une première qualification d'un auditeur dans une ou plusieurs catégories, l'organisme de certification
doit s'assurer que l'auditeur possède au minimum cinq ans d'expérience professionnelle à temps plein dans
l'industrie liée à la chaîne alimentaire correspondante, dont au moins deux ans d'activité dans des postes
ayant trait à l'assurance qualité ou à la sécurité des denrées alimentaires dans le domaine de la production ou
fabrication alimentaire, de la vente au détail, de l'inspection ou de l'application de la loi ou l'équivalent.
Le nombre total d'années d'expérience professionnelle peut être réduit d'un an si l'auditeur a suivi avec
succès une formation postsecondaire appropriée.
7.2.4.5 Expérience d'audit
Pour une première qualification, l'organisme de certification doit s'assurer que l'auditeur a effectué, au cours
des trois dernières années, au minimum 12 journées d'audit de SMSDA dans au moins quatre organisations
sous la supervision d'un auditeur qualifié.
NOTE Les journées d'audit de SMSDA incluent des journées d'audit par rapport à l'ISO 9001 dans l'industrie
alimentaire ou d'autres audits de SMSDA.
6 © ISO 2007 – Tous droits réservés

---------------------- Page: 11 ----------------------
ISO/TS 22003:2007(F)
Pour l'extension à une nouvelle catégorie, l'organisme de certification doit démontrer que l'auditeur possède
les compétences requises grâce à une formation pertinente telle que requise en 7.2.4.1, à une formation liée
à la sécurité des denrées alimentaires dans la nouvelle catégorie et soit
⎯ six mois d'expérience professionnelle dans la nouvelle catégorie, soit
⎯ quatre audits de SMSDA réalisés sous la supervision d'un auditeur qualifié dans la nouvelle catégorie.
Pour le maintien de la qualification de l'auditeur, l'organisme de certification doit s'assurer que les auditeurs
ont réalisé soi
...