ISO/TS 22003:2013

TECHNICAL ISO/TS
SPECIFICATION 22003
Redline version
compares second edition
to first edition
Food safety management systems —
Requirements for bodies providing
audit and certification of food safety
management systems
Systèmes de management de la sécurité des denrées alimentaires —
Exigences pour les organismes procédant à l’audit et à la certification
de systèmes de management de la sécurité des denrées alimentaires
Reference number
ISO/TS 22003:redline:2014(E)
©
ISO 2014

---------------------- Page: 1 ----------------------
ISO/TS 22003:redline:2014(E)

IMPORTANT — PLEASE NOTE
This is a provisional mark-up copy and uses the following colour coding:
Text example 1 — indicates added text (in green)
Text example 2 — indicates removed text (in red)
— indicates added graphic figure
— indicates removed graphic figure
1.x . — Heading numbers containg modifications are highlighted in yellow in
the Table of Contents
DISCLAIMER
This Redline version provides you with a quick and easy way to compare the main changes
between this edition of the standard and its previous edition. It doesn’t capture all single
changes such as punctuation but highlights the modifications providing customers with
the most valuable information. Therefore it is important to note that this Redline version is
not the official ISO standard and that the users must consult with the clean version of the
standard, which is the official standard, for implementation purposes.
COPYRIGHT PROTECTED DOCUMENT
© ISO 2014
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2014 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/TS 22003:redline:2014(E)

Contents Page
Foreword .iv
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Principles . 2
5 General requirements . 3
5.1 General . 3
5.2 Management of impartiality . 3
6 Structural requirements . 3
7 Resource requirements . 3
7.1 Competence of management and personnel . 3
7.2 7.1 Personnel involved in the certification activities Competence of management
and personnel . 3
7.2 Personnel involved in the certification activities . 9
7.3 Use of individual external auditors and external technical experts advisors . 9
7.4 Personnel records. 9
7.5 Outsourcing. 9
8 Information requirements . 9
9 Process requirements . 9
9.1 General requirements . 9
9.2 Initial audit and certification .12
9.3 Surveillance activities .14
9.4 Recertification .14
9.5 Special audits .14
9.6 Suspending, withdrawing or reducing the scope of certification .14
9.7 Appeals .14
9.8 Complaints .14
9.9 Records of applicants and clients .14
10 Management system requirements for certification bodies .14
Annex A (normative) Classification of food chain categories .15
Annex B (informative normative) Minimum audit time .18
Annex C (normative) Required food safety management system (FSMS) competence .21
Annex D (informative) Guidance on generic certification functions .25
Annex E (informative) Food safety management systems and product certification .29
Bibliography .33
© ISO 2014 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/TS 22003:redline:2014(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International
Standards adopted by the technical committees are circulated to the member bodies for voting.
Publication as an International Standard requires approval by at least 75 % of the member bodies
casting a vote.
In other circumstances, particularly when there is an urgent market requirement for such documents, a
technical committee may decide to publish other types of normative document:
— an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical
experts in an ISO working group and is accepted for publication if it is approved by more than
50 % of the members of the parent committee casting a vote;
— an ISO Technical Specification (ISO/TS) represents an agreement between the members of a
technical committee and is accepted for publication if it is approved by 2/3 of the members of the
committee casting a vote.
This document is being issued in the Technical Specification series of publications (according toThe
procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1, 3.1) as a “prospective standard for provisional application” in the field
of food safety because there is an urgent need for guidance on how standards in this field should be used
to meet an identified need 1. In particular the different approval criteria needed for the different types
of ISO documents should be noted. This document was drafted in accordance with the editorial rules of
the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
This document is not to be regarded as an “International Standard”. It is proposed for provisional
application so that information and experience of its use in practice may be gathered. Comments on the
content of this document should be sent to the ISO Central Secretariat.
A review of this Technical Specification will be carried out not later than 3 years after its publication with
the options of: extension for another 3 years; conversion into an International Standard; or withdrawal.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on
the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT) see the following URL: Foreword - Supplementary information
ISO/TS 22003 was prepared by Technical Committee The committee responsible for this document is
Technical Committee ISO/TC 34, Food products, Subcommittee SC 17, Management systems for food
safety, in collaboration with the ISO Committee on conformity assessment (ISO/CASCO).
iv © ISO 2014 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/TS 22003:redline:2014(E)

This second edition cancels and replaces the first edition (ISO/TS 22003:2007), which has been
technically revised.
© ISO 2014 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/TS 22003:redline:2014(E)

Introduction
Certification of the food safety management system (FSMS) of an organization is one means of providing
assurance that the organization has implemented a system for the management of food safety in line
with its policy.
Requirements for FSMSsan FSMS can originate from a number of sources, and this. This Technical
Specification has been developed to assist in the certification of FSMSsFSMS that fulfil the requirements
of ISO 22000, Food safety management systems — Requirements for any organization in the food chain.
The contents of this Technical Specification maycan also be used to support certification of FSMSsFSMS
that are based on other sets of specified FSMS requirements.
This Technical Specification is intended for use by bodies that carry out audit and certification of
FSMSs. It givesFSMS by providing generic requirements for such certification bodies performing audit
and certification in the field of food safety management systemsbodies. Such bodies are referred to as
certification bodies. This wording should notis not intended to be an obstacle to the use of this Technical
Specification by bodies with other designations that undertake activities covered by the scope of this
document. Indeed, this Technical Specification should be usable by any bodyTechnical Specification.
This Technical Specification is intended to be used by anybody involved in the assessment of FSMSs.
FSMS. It can also be used to support other types of food safety certifications based on a combination of
ISO/IEC 17021 and ISO/IEC 17065.
Certification activities involve the audit of an organization’s FSMS. The form of attestation of conformity
of an organization’s FSMS to a specific FSMS standard (for examplee.g. ISO 22000) or other specified
requirements is normally a certification document or a certificate.
It is for the organization being certified to develop its own management systems (includinge.g. ISO 22000
FSMSFSMS in accordance with ISO 22000, other sets of specified FSMS requirements, quality management
systems, environmental management systems or occupational health and safety management systems)
and, other than where relevant legislative requirements specify to the contrary, it is for the organization
to decide how the various components of these will be arranged. The degree of integration between the
various management system components will vary from organization to organization. It is therefore
appropriate for certification bodies that operate in accordance with this Technical Specification to take
into account the culture and practices of their clients with respect to the integration of their FSMSsFSMS
within the wider organization.
vi © ISO 2014 – All rights reserved

---------------------- Page: 6 ----------------------
TECHNICAL SPECIFICATION ISO/TS 22003:redline:2014(E)
Food safety management systems — Requirements for
bodies providing audit and certification of food safety
management systems
1 Scope
This Technical Specification defines the rules applicable for the audit and certification of a food safety
management system (FSMS) complying with the requirements given in ISO 22000 (or other sets of
specified FSMS requirements). It also provides the necessary information and confidence to customers
about the way certification of their suppliers has been granted.
— defines the rules applicable for the audit and certification of a food safety management system
(FSMS) complying with the requirements given in ISO 22000 (or other sets of specified FSMS
requirements), and
— provides the necessary information and confidence to customers about the way certification of
their suppliers has been granted.
Certification of FSMSs (named “certification” in this Technical Specification)FSMS is a third-party
conformity assessment activity (seeas described in ISO/IEC 17000:2004, 5.5). Bodies, 5.5), and bodies
performing this activity are therefore third-party conformity assessment bodies (named “certification
body/bodies” in this Technical Specification).
NOTE 1 Certification of an FSMS is sometimes also called “registration”, and certification bodies are sometimes
called “registrars”In this Technical Specification, the terms “product” and “service” are used separately (in
contrast with the definition of “product” given in ISO/IEC 17000).
NOTE 2 A certification body can be non-governmental or governmental (with or without regulatory authority).
NOTE 3 2 This Technical Specification is primarily intended tocan be used as a criteria document for the
accreditation or peer assessment of certification bodies which seek to be recognized as being competent to certify
that an FSMS complies with ISO 22000. It is also intended to be used as a criteria document by regulatory authorities
and industry consortia which engage in direct recognition of certification bodies to certify that an FSMS complies
with ISO 22000. Some of its requirements could also be found useful by anyuseful to other parties involved in the
conformity assessment of such certification bodies, and in the conformity assessment of any bodies that undertake
to certify the compliance of FSMSsFSMS with criteria additional to, or other than, those in ISO 22000.
FSMS certification does not attest to the safety or fitness of the products of an organization within
the food chain. However, ISO 22000 requires an organization to meet all applicable food-safety-related
statutory and regulatory requirements through its management system.
It is important to note that certification of an FSMS according to ISO 22000 is a management system
certification and not a product certification.
NOTE 3 Certification of an FSMS according to ISO 22000 is a management system certification, not a product
certification.
Other FSMS users can use the concepts and requirements of this Technical Specification provided that
the requirements are adapted as necessary.
2 Normative references
The following referenced documents are indispensable for the application of this document, in whole or
in part, are normatively referenced in this document and are indispensable for its application. For dated
© ISO 2014 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO/TS 22003:redline:2014(E)

references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing
ISO 22000:2005, Food safety management systems — Requirements for any organization in the food chain
ISO/IEC 17000:2004, Conformity assessment — Vocabulary and general principles
ISO/IEC 17021:2006 2011, Conformity assessment — Requirements for bodies providing audit and
certification of management systems
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 17000, ISO/IEC 17021,
ISO 22000 and the following apply.
NOTE In this Technical Specification, the terms “product” and “service” are used separately, which is not in
accordance with the definition of product given in ISO/IEC 17000.
3.1
hazard analysis and critical control point
HACCP
system which identifies, evaluates and controls hazards which are significant for food safety [SOURCE:
[12]
Codex Alimentarius Food Hygiene Basic Texts, modified]
Note 1 to entry: Adapted from Reference [8].
3.2
food safety management system
FSMS
set of interrelated or interacting elements to establish policy and objectives and to achieve those
objectives, used to direct and control an organization with regard to food safety
Note 1 to entry: See 3.2.1, 3.2.2 and 3.2.3 of ISO 9000:2005ISO 9000:2005, 3.2.1, 3.2.2 and 3.2.3.
Note 2 to entry: In this Technical Specification, “food safety management system” replaces the term “management
system” used in ISO/IEC 17021.
3.3
competence
ability to apply knowledge and skills to achieve intended results
4 Principles
The principles given inof ISO/IEC 17021:2011, Clause 4 of ISO/IEC 17021:2006Clause 4, are the basis
for the subsequent specific performance and descriptive requirements in this Technical Specification.
This Technical Specification does not give specific requirements for all situations that can occur. These
principles should be applied as guidance for the decisions that may need to be made for unanticipated
situations. Principles are not requirements.
The term “management system” used in ISO/IEC 17021 shall be replaced by “food safety management
system” in the context of this Technical Specification.
NOTE Annex E has been included to address the needs of parties interested both in FSMS and food product
certification.
2 © ISO 2014 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/TS 22003:redline:2014(E)

5 General requirements
5.1 General
All the requirements given inThe requirements of ISO/IEC 17021:2011, Clause 5 of
ISO/IEC 17021:2006Clause 5, apply.
5.2 Management of impartiality
The certification body andFSMS consultancy shall not be provided by either the certification body or any
part of the same legal entity shall not offer or provide hazard analysis consultancy, FSMS consultancy or
management system consultancy.
The fact that the organization employing the auditor is known to have provided hazard analysis
consultancy, FSMS consultancy or management system consultancy on the management system, within
two years following the end of the consultancy, is likely to be considered as a high threat to impartiality.
The term “management system consultancy” mentioned in 5.2 of ISO/IEC 17021:2006 shall be replaced
in the context of this Technical Specification by “hazard analysis consultancy, FSMS consultancy or
management system consultancy”.
6 Structural requirements
All the requirements given inThe requirements of ISO/IEC 17021:2011, Clause 6 of
ISO/IEC 17021:2006Clause 6, apply.
7 Resource requirements
7.1 Competence of management and personnel
All the requirements given in 7.1 of ISO/IEC 17021:2006 apply.
Additionally, the certification body shall have processes to ensure that personnel have appropriate
knowledge relevant to the categories (see Annex A) in which it operates.
7.2 7.1 Personnel involved in the certification activities Competence of management
and personnel
7.2.1 7.1.1 General considerations
All the requirements given in 7.2 of ISO/IEC 17021:2006 apply.
The requirements of ISO/IEC 17021:2011, 7.1.1, apply.
The certification body shall ensure that all personnel involved in the audit and certification activities
possess the following personal attributes. The personnel shall be
a) ethical (i.e. fair, truthful, sincere, honest and discreet),
b) open-minded (i.e. willing to consider alternative ideas or points of view),
c) diplomatic (i.e. tactful in dealing with people),
d) observant (i.e. actively aware of physical surroundings and activities),
e) perceptive (i.e. instinctively aware of and able to understand situations),
© ISO 2014 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO/TS 22003:redline:2014(E)

f) versatile (i.e. adjust readily to different situations),
g) tenacious (i.e. persistent, focused on achieving objectives),
h) decisive (i.e. reach timely conclusions based on logical reasoning and analysis), and
i) self-reliant (i.e. act and function independently while interacting effectively with others).
The technical areas referred to in ISO/IEC 17021:2011, 7.1.1, shall be those categories identified in
Annex A. The functions of certification for which competence shall be identified are those given in
Annex C.
7.2.2 Personnel carrying out contract review
7.2.2.1 Education
The certification body shall ensure that personnel carrying out contract review have the knowledge
corresponding to a secondary education.
7.2.2.2 Food safety training
The certification body shall ensure that personnel carrying out contract review have successfully
completed training in
a) hazard analysis and critical control point (HACCP) principles, hazard assessment and hazard analysis,
b) food safety management principles including prerequisite programmes (PRPs), and
c) relevant FSMS standards (e.g. ISO 22000).
7.2.2.3 Audit training
The certification body shall ensure that personnel carrying out contract review have successfully
completed training in audit processes based on the guidance given in ISO 19011.
NOTE It is not mandatory for personnel carrying out contract review to have or to maintain audit experience.
7.2.2.4 Competences
The certification body shall ensure that personnel carrying out contract review demonstrate the ability
to apply knowledge and skills in the following areas:
a) classification of applicants in food chain categories and sectors;
b) assessment of applicant products, processes and practices;
c) deployment of FSMS auditor competences and requirements;
d) determination of audit time (see Annex B) and duration requirements;
e) certification body’s policies and procedures related to contract review.
7.2.3 Personnel granting certification
7.2.3.1 General
The certification body shall ensure that the personnel who take the decision on granting certification
have the same education, food safety training, audit training and work experience as required for an
auditor in one category (see Annex A).
NOTE It is not mandatory for personnel granting certification to have or to maintain audit experience.
4 © ISO 2014 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/TS 22003:redline:2014(E)

7.2.3.2 Competences
The certification body shall ensure that personnel granting certification demonstrate the ability to
apply knowledge and skills in the following areas:
a) current principles of HACCP;
b) understanding of PRPs;
c) identification of food safety hazards;
d) implementation and management of food safety hazards, critical control points (CCPs) and the
ability to assess the effectiveness of selected control measures;
e) corrections and corrective actions to be taken with regards to food safety matters;
f) assessment of potential food safety hazards linked to the food supply chain;
g) laws and regulations relevant to food safety, in order to be able to conduct an effective audit of the FSMS;
h) products, processes and practices;
i) relevant food safety management system requirements;
j) relevant standards;
k) assessment and review of an audit report for accuracy and completeness;
l) assessment and review of the effectiveness of corrective actions;
m) the certification process.
7.2.4 7.1.2 Auditors Determination of competence criteria
7.2.4.1 Education
The certification body shall ensure that auditors have the knowledge corresponding to a post-secondary
education that includes general microbiology and general chemistry.
The certification body shall also ensure that auditors have the knowledge corresponding to a post-secondary
education that includes courses in the food chain industry category in which they conduct FSMS audits.
a) For the food industry (Categories C, D, E, F, G and H in Table A.1): food microbiology, food processing
fundamentals and food chemistry including food analysis.
b) For farming (plants) (Category B in Table A.1): crop production.
c) For farming (animals) (Categories A and F in Table A.1): animal production.
d) For packaging/food machine/engineering industry (Categories I to M in Table A.1): science/engineering
courses related to the discipline.
The requirements of ISO/IEC 17021:2011, 7.1.2, apply.
7.2.4.2 Food safety training
The certification body shall ensure that auditors have successfully completed training in
a) HACCP principles, hazard assessment and hazard analysis, and
b) food safety management principles including PRPs.
© ISO 2014 – All rights reserved 5

---------------------- Page: 11 ----------------------
ISO/TS 22003:redline:2014(E)

The training course(s) should be recognized by the industry (and its stakeholders) as being appropriate
and relevant. The approval or certification of the training courses by an independent body with the
relevant expertise can provide some assurance that the course meets specified criteria.
The competence criteria included in Annex C shall form the basis for the criteria developed for each
category. Competence criteria can be generic or specific. The competence criteria in ISO/IEC 17021:2011,
Annex A, shall be considered to be generic.
7.2.4.3 Audit training
The certification body shall ensure that
...

TECHNICAL ISO/TS
SPECIFICATION 22003
Second edition
2013-12-15
Food safety management systems —
Requirements for bodies providing
audit and certification of food safety
management systems
Systèmes de management de la sécurité des denrées alimentaires —
Exigences pour les organismes procédant à l’audit et à la certification
de systèmes de management de la sécurité des denrées alimentaires
Reference number
ISO/TS 22003:2013(E)
©
ISO 2013

---------------------- Page: 1 ----------------------
ISO/TS 22003:2013(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2013 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/TS 22003:2013(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 2
5 General requirements . 2
5.1 General . 2
5.2 Management of impartiality . 2
6 Structural requirements . 2
7 Resource requirements . 2
7.1 Competence of management and personnel . 2
7.2 Personnel involved in the certification activities . 3
7.3 Use of individual external auditors and external technical advisors . 3
7.4 Personnel records. 3
7.5 Outsourcing. 3
8 Information requirements . 4
9 Process requirements . 4
9.1 General requirements . 4
9.2 Initial audit and certification . 6
9.3 Surveillance activities . 7
9.4 Recertification . 7
9.5 Special audits . 7
9.6 Suspending, withdrawing or reducing the scope of certification . 7
9.7 Appeals . 7
9.8 Complaints . 8
9.9 Records of applicants and clients . 8
10 Management system requirements for certification bodies . 8
Annex A (normative) Classification of food chain categories . 9
Annex B (normative) Minimum audit time .12
Annex C (normative) Required food safety management system (FSMS) competence .14
Annex D (informative) Guidance on generic certification functions .18
Annex E (informative) Food safety management systems and product certification .22
Bibliography .26
© ISO 2013 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/TS 22003:2013(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on
the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is Technical Committee ISO/TC 34, Food products,
Subcommittee SC 17, Management systems for food safety, in collaboration with the ISO Committee on
conformity assessment (CASCO).
This second edition cancels and replaces the first edition (ISO/TS 22003:2007), which has been
technically revised.
iv © ISO 2013 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/TS 22003:2013(E)

Introduction
Certification of the food safety management system (FSMS) of an organization is one means of providing
assurance that the organization has implemented a system for the management of food safety in line
with its policy.
Requirements for an FSMS can originate from a number of sources. This Technical Specification has
been developed to assist in the certification of FSMS that fulfil the requirements of ISO 22000. The
contents of this Technical Specification can also be used to support certification of FSMS that are based
on other sets of specified FSMS requirements.
This Technical Specification is intended for use by bodies that carry out audit and certification of FSMS
by providing generic requirements for such bodies. Such bodies are referred to as certification bodies.
This wording is not intended to be an obstacle to the use of this Technical Specification by bodies with
other designations that undertake activities covered by the scope of this Technical Specification. This
Technical Specification is intended to be used by anybody involved in the assessment of FSMS. It can also
be used to support other types of food safety certifications based on a combination of ISO/IEC 17021 and
ISO/IEC 17065.
Certification activities involve the audit of an organization’s FSMS. The form of attestation of conformity
of an organization’s FSMS to a specific FSMS standard (e.g. ISO 22000) or other specified requirements
is normally a certification document or a certificate.
It is for the organization being certified to develop its own management systems (e.g. FSMS in
accordance with ISO 22000, other sets of specified FSMS requirements, quality management systems,
environmental management systems or occupational health and safety management systems) and,
other than where relevant legislative requirements specify to the contrary, it is for the organization to
decide how the various components of these will be arranged. The degree of integration between the
various management system components will vary from organization to organization. It is therefore
appropriate for certification bodies that operate in accordance with this Technical Specification to
take into account the culture and practices of their clients with respect to the integration of their FSMS
within the wider organization.
© ISO 2013 – All rights reserved v

---------------------- Page: 5 ----------------------
TECHNICAL SPECIFICATION ISO/TS 22003:2013(E)
Food safety management systems — Requirements for
bodies providing audit and certification of food safety
management systems
1 Scope
This Technical Specification defines the rules applicable for the audit and certification of a food safety
management system (FSMS) complying with the requirements given in ISO 22000 (or other sets of
specified FSMS requirements). It also provides the necessary information and confidence to customers
about the way certification of their suppliers has been granted.
Certification of FSMS is a third-party conformity assessment activity (as described in ISO/IEC 17000:2004,
5.5), and bodies performing this activity are third-party conformity assessment bodies.
NOTE 1 In this Technical Specification, the terms “product” and “service” are used separately (in contrast with
the definition of “product” given in ISO/IEC 17000).
NOTE 2 This Technical Specification can be used as a criteria document for the accreditation or peer assessment
of certification bodies which seek to be recognized as being competent to certify that an FSMS complies with
ISO 22000. It is also intended to be used as a criteria document by regulatory authorities and industry consortia
which engage in direct recognition of certification bodies to certify that an FSMS complies with ISO 22000. Some of
its requirements could also be useful to other parties involved in the conformity assessment of such certification
bodies, and in the conformity assessment of bodies that undertake to certify the compliance of FSMS with criteria
additional to, or other than, those in ISO 22000.
FSMS certification does not attest to the safety or fitness of the products of an organization within
the food chain. However, ISO 22000 requires an organization to meet all applicable food-safety-related
statutory and regulatory requirements through its management system.
NOTE 3 Certification of an FSMS according to ISO 22000 is a management system certification, not a product
certification.
Other FSMS users can use the concepts and requirements of this Technical Specification provided that
the requirements are adapted as necessary.
2 Normative references
The following referenced documents, in whole or in part, are normatively referenced in this document
and are indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO 22000:2005, Food safety management systems — Requirements for any organization in the food chain
ISO/IEC 17000:2004, Conformity assessment — Vocabulary and general principles
ISO/IEC 17021:2011, Conformity assessment — Requirements for bodies providing audit and certification
of management systems
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 17000, ISO/IEC 17021,
ISO 22000 and the following apply.
© ISO 2013 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO/TS 22003:2013(E)

3.1
hazard analysis and critical control point
HACCP
system which identifies, evaluates and controls hazards which are significant for food safety
[12]
[SOURCE: Codex Alimentarius Food Hygiene Basic Texts, modified]
3.2
food safety management system
FSMS
set of interrelated or interacting elements to establish policy and objectives and to achieve those
objectives, used to direct and control an organization with regard to food safety
Note 1 to entry: See ISO 9000:2005, 3.2.1, 3.2.2 and 3.2.3.
Note 2 to entry: In this Technical Specification, “food safety management system” replaces the term “management
system” used in ISO/IEC 17021.
3.3
competence
ability to apply knowledge and skills to achieve intended results
4 Principles
The principles of ISO/IEC 17021:2011, Clause 4, are the basis for the subsequent specific performance
and descriptive requirements in this Technical Specification. This Technical Specification does not give
specific requirements for all situations that can occur. These principles should be applied as guidance
for the decisions that may need to be made for unanticipated situations. Principles are not requirements.
NOTE Annex E has been included to address the needs of parties interested both in FSMS and food product
certification.
5 General requirements
5.1 General
The requirements of ISO/IEC 17021:2011, Clause 5, apply.
5.2 Management of impartiality
FSMS consultancy shall not be provided by either the certification body or any part of the same legal
entity.
6 Structural requirements
The requirements of ISO/IEC 17021:2011, Clause 6, apply.
7 Resource requirements
7.1 Competence of management and personnel
7.1.1 General considerations
The requirements of ISO/IEC 17021:2011, 7.1.1, apply.
2 © ISO 2013 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/TS 22003:2013(E)

The technical areas referred to in ISO/IEC 17021:2011, 7.1.1, shall be those categories identified in
Annex A. The functions of certification for which competence shall be identified are those given in
Annex C.
7.1.2 Determination of competence criteria
The requirements of ISO/IEC 17021:2011, 7.1.2, apply.
The competence criteria included in Annex C shall form the basis for the criteria developed for each
category. Competence criteria can be generic or specific. The competence criteria in ISO/IEC 17021:2011,
Annex A, shall be considered to be generic.
NOTE 1 The competence criteria identified in Annex C are food safety related criteria for certification body
personnel. The certification body can identify specific competences required for the identified categories and for
each certification function.
NOTE 2 Annex D provides guidance to the certification body on many of the generic certification functions
identified in ISO/IEC 17021:2011, Annex A, for which competence criteria need to be determined for personnel
involved in the audit and certification of an FSMS.
NOTE 3 Qualification(s) and experience can be used as part of the criteria; however, competence is not based on
these alone, as it is important to ensure that a person can demonstrate the ability to apply the specific knowledge
and skills that one would expect a person to have after completing a qualification or having a certain amount of
industry experience.
7.1.3 Evaluation processes
The requirements of ISO/IEC 17021:2011, 7.1.3, apply.
Evaluation processes shall evaluate, in particular, the individual’s knowledge relating to food safety,
including knowledge of specific prerequisite programmes (PRP) and food safety hazards related to the
categories within which the certification body personnel operate. These shall have been identified for
these categories under the requirements of 7.1.2.
NOTE ISO/IEC 17021:2011, 7.1.3, requires the certification body to demonstrate the effectiveness of the
evaluation methods used to evaluate personnel against identified competence criteria. ISO/IEC 17021:2011,
Annex B, contains five examples of methods of evaluation.
7.1.4 Other considerations
The requirements of ISO/IEC 17021:2011, 7.1.4, apply.
7.2 Personnel involved in the certification activities
The requirements of ISO/IEC 17021:2011, 7.2, apply.
7.3 Use of individual external auditors and external technical advisors
The requirements of ISO/IEC 17021:2011, 7.3, apply.
7.4 Personnel records
The requirements of ISO/IEC 17021:2011, 7.4, apply.
7.5 Outsourcing
The requirements of ISO/IEC 17021:2011, 7.5, apply.
© ISO 2013 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO/TS 22003:2013(E)

8 Information requirements
The requirements of ISO/IEC 17021:2011, Clause 8, apply.
The certification documents shall identify in detail what activity is certified, referring to categories and
subcategories (see Table A.1).
9 Process requirements
9.1 General requirements
9.1.1 The certification body shall use Annex A to define the relevant scope for the organization applying
for certification. The certification body shall not exclude activities, processes, products or services from
the scope of certification when those activities, processes, products or services can have an influence on
the food safety of the end products as defined in the scope of certification.
9.1.2 The certification body shall have a process for choosing the audit day, time and season, so that
the audit team has the opportunity of auditing the organization operating on a representative number of
product lines, categories and subcategories covered by the scope of certification.
9.1.3 The requirements of ISO/IEC 17021:2011, 9.1.1 to 9.1.3, apply.
9.1.4 The requirements of ISO/IEC 17021:2011, 9.1.4, apply.
The certification body shall have documented procedures for determining audit time, and for each client,
the certification body shall determine the time needed to plan and accomplish a complete and effective
audit of the client’s FSMS. The audit time determined by the certification body, and the justification for
the determination, shall be recorded.
9.1.5 For the certification of multi-site organizations, 9.1.5.1 to 9.1.5.4 apply.
NOTE This subclause (9.1.5) is intended to apply only to operations directly affecting food safety, and not to
exclusively administrative sites.
9.1.5.1 A multi-site organization is an organization having an identified central function (hereafter
referred to as a central office – but not necessarily the headquarters of the organization) at which certain
FSMS activities are planned, controlled or managed, and a network of sites at which such activities are
fully or partially carried out. Examples of possible multi-site organizations are:
— organizations operating with franchises;
— a manufacturing company with one or more production sites and a network of sales offices;
— service organizations with multiple sites offering a similar service;
— organizations with multiple branches.
9.1.5.2 The certification body can certify a multi-site organization under one management system,
providing that the following conditions apply:
a) all sites are operating under one centrally controlled and administered FSMS as defined in
ISO 22000:2005, Clause 4, or equivalent for other FSMS;
b) an internal audit has been conducted on each site within one year prior to certification;
c) audit findings of the individual sites shall be considered indicative of the entire system and
correction shall be implemented accordingly.
4 © ISO 2013 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/TS 22003:2013(E)

9.1.5.3 The use of multi-site sampling is only possible for categories A, B, E, F and G (see Table A.1)
and for organizations with more than 20 sites operating similar processes within these categories. This
applies to the initial certification, to surveillance and to recertification audits. The certification body shall
justify its decision on sampling for multi-site certification.
Where multi-site sampling is permitted, following certification, the annual internal audit programme
shall include all sites of the organization.
NOTE Risk is another consideration when determining sampling and can increase the level of sample
indicated in Table 1.
9.1.5.4 Where the certification body offers multi-site sampling, the certification body shall utilize a
sampling programme to ensure an effective audit of the FSMS where the following apply.
a) For organizations with 20 sites or less, all sites shall be audited. The sampling for more than 20 sites
shall be at the ratio of 1 site per 5 sites. All sites shall be randomly selected and, after the audit, no
sampled sites may be nonconforming (i.e. not meeting certification thresholds for ISO 22000).
b) At least annually, an audit of the central office for the FSMS shall be performed by the certification
body.
c) At least annually, surveillance audits shall be performed by the certification body on the required
number of sampled sites.
d) Audit findings of the sampled sites shall be considered indicative of the entire system and correction
shall be implemented accordingly.
Table 1 gives examples of the number of sites to audit when sampling is used.
Table 1 — Examples of the number of sites to be audited when multi-site sampling is used
Total number of sites
Number
of sites to
be audited 21 22 23 24 25 26 27 28
between 1
and 20
Number of sites above 20 0 1 2 3 4 5 6 7 8
Additional number of sites to audit 0 1 1 1 1 1 2 2 2
Number of sites to be audited x 21 21 21 21 21 22 22 22
9.1.6 The requirements of ISO/IEC 17021:2011, 9.1.6 to 9.1.9, apply.
9.1.7 Audit report: the requirements of ISO/IEC 17021:2011, 9.1.10, apply.
9.1.8 The certification body shall provide a written report for each audit. The audit team may identify
opportunities for improvement, but shall not recommend specific solutions. Ownership of the audit
report shall be maintained by the certification body.
The report shall include information about PRP used by the organization, hazard analysis methodology
used, comments on the food safety team, and other issues relevant to the FSMS.
NOTE The stage 1 documented conclusions do not need to meet the full requirements of a report (see
ISO/IEC 17021:2011, 9.1.10).
9.1.9 The requirements of ISO/IEC 17021:2011, 9.1.11 to 9.1.15, apply.
© ISO 2013 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO/TS 22003:2013(E)

9.2 Initial audit and certification
9.2.1 Application
The requirements of ISO/IEC 17021:2011, 9.2.1, apply.
The certification body shall require the applicant organization to provide detailed information
concerning process lines, HACCP studies and the number of shifts.
9.2.2 Application review
The requirements of ISO/IEC 17021:2011, 9.2.2, apply.
9.2.3 Initial certification audit
The initial certfication audit of an FSMS shall be conducted in two stages: stage 1 and stage 2.
9.2.3.1 Stage 1
9.2.3.1.1 The requirements of ISO/IEC 17021:2011, 9.2.3.1.1, apply.
9.2.3.1.2 The objectives of the stage 1 are to provide a focus for planning the stage 2 audit by gaining
an understanding of the organization’s FSMS and the organization’s state of preparedness for stage 2 by
reviewing the extent to which:
a) the organization has identified PRP that are appropriate to the business (e.g. regulatory, statutory,
customer and certification scheme requirements),
b) the FSMS includes adequate processes and methods for the identification and assessment of the
organization’s food safety hazards, and subsequent selection and categorization of control measures
(combinations),
c) relevant food safety legislation is implemented,
d) the FSMS is designed to achieve the organization’s food safety policy,
e) the FSMS implementation programme justifies proceeding to the audit (stage 2),
f) the validation of control measures, verification of activities and improvement programmes conform
to the requirements of the FSMS standard,
g) the FSMS documents and arrangements are in place to communicate internally and with relevant
suppliers, customers and interested parties, and
h) there is any additional documentation which needs to be reviewed and/or information which needs
to be obtained in advance.
Where an organization has implemented an externally developed combination of control measures, the
stage 1 shall review the documentation included in the FSMS to determine if the combination of control
measures
— is suitable for the organization,
— was developed in compliance with the requirements of ISO 22000, and
— is kept up to date.
The availability of relevant authorizations shall be checked when collecting the information regarding
the compliance to regulatory aspects.
6 © ISO 2013 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/TS 22003:2013(E)

9.2.3.1.3 For FSMS, the stage 1 shall be carried out at the client’s premises in order to achieve the
objectives stated above.
In exceptional circumstances, part of stage 1 can take place off-site and shall be fully justified. The
evidence demonstrating that stage 1 objectives are fully achieved shall be provided. Exceptional
circumstances can include very remote location, short seasonal production
9.2.3.1.4 The requirements of ISO/IEC 17021:2011, 9.2.3.1.2, apply.
The client shall be informed that the results of the stage 1 may lead to postponement or cancellation of
the stage 2.
9.2.3.1.5 Any part of the FSMS that is audited during the stage 1 audit, and determined to be fully
implemented, effective and in conformity with requirements, may not need to be re-audited during the
stage 2 audit. However, the certification body shall ensure that the already audited parts of the FSMS
continue to conform to the certification requirements. In this case, the audit report shall include these
findings and shall clearly state that conformity has been established during the stage 1 audit.
9.2.3.1.6 The requirements of ISO/IEC 17021:2011, 9.2.3.1.3, apply.
The interval between stage 1 and stage 2 shall not be longer than 6 months. Stage 1 shall be repeated if
a longer interval is needed.
9.2.3.2 Stage 2
The requirements of ISO/IEC 17021:2011, 9.2.3.2, apply.
9.2.4 Initial certification audit conclusions
The requirements of ISO/IEC
...

SLOVENSKI STANDARD
SIST-TS ISO/TS 22003:2016
01-april-2016
Sistemi vodenja varnosti živil - Zahteve za organe, ki izvajajo presoje in
certificiranje sistemov vodenja varnosti živil
Food safety management systems -- Requirements for bodies providing audit and
certification of food safety management systems
Systèmes de management de la sécurité des denrées alimentaires -- Exigences pour les
organismes procédant à l'audit et à la certification de systèmes de management de la
sécurité des denrées alimentaires
Ta slovenski standard je istoveten z: ISO/TS 22003:2013
ICS:
03.120.20 Certificiranje proizvodov in Product and company
podjetij. Ugotavljanje certification. Conformity
skladnosti assessment
67.020 Procesi v živilski industriji Processes in the food
industry
SIST-TS ISO/TS 22003:2016 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TS ISO/TS 22003:2016

---------------------- Page: 2 ----------------------

SIST-TS ISO/TS 22003:2016
TECHNICAL ISO/TS
SPECIFICATION 22003
Second edition
2013-12-15
Food safety management systems —
Requirements for bodies providing
audit and certification of food safety
management systems
Systèmes de management de la sécurité des denrées alimentaires —
Exigences pour les organismes procédant à l’audit et à la certification
de systèmes de management de la sécurité des denrées alimentaires
Reference number
ISO/TS 22003:2013(E)
©
ISO 2013

---------------------- Page: 3 ----------------------

SIST-TS ISO/TS 22003:2016
ISO/TS 22003:2013(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2013 – All rights reserved

---------------------- Page: 4 ----------------------

SIST-TS ISO/TS 22003:2016
ISO/TS 22003:2013(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 2
5 General requirements . 2
5.1 General . 2
5.2 Management of impartiality . 2
6 Structural requirements . 2
7 Resource requirements . 2
7.1 Competence of management and personnel . 2
7.2 Personnel involved in the certification activities . 3
7.3 Use of individual external auditors and external technical advisors . 3
7.4 Personnel records. 3
7.5 Outsourcing. 3
8 Information requirements . 4
9 Process requirements . 4
9.1 General requirements . 4
9.2 Initial audit and certification . 6
9.3 Surveillance activities . 7
9.4 Recertification . 7
9.5 Special audits . 7
9.6 Suspending, withdrawing or reducing the scope of certification . 7
9.7 Appeals . 7
9.8 Complaints . 8
9.9 Records of applicants and clients . 8
10 Management system requirements for certification bodies . 8
Annex A (normative) Classification of food chain categories . 9
Annex B (normative) Minimum audit time .12
Annex C (normative) Required food safety management system (FSMS) competence .14
Annex D (informative) Guidance on generic certification functions .18
Annex E (informative) Food safety management systems and product certification .22
Bibliography .26
© ISO 2013 – All rights reserved iii

---------------------- Page: 5 ----------------------

SIST-TS ISO/TS 22003:2016
ISO/TS 22003:2013(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on
the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is Technical Committee ISO/TC 34, Food products,
Subcommittee SC 17, Management systems for food safety, in collaboration with the ISO Committee on
conformity assessment (CASCO).
This second edition cancels and replaces the first edition (ISO/TS 22003:2007), which has been
technically revised.
iv © ISO 2013 – All rights reserved

---------------------- Page: 6 ----------------------

SIST-TS ISO/TS 22003:2016
ISO/TS 22003:2013(E)

Introduction
Certification of the food safety management system (FSMS) of an organization is one means of providing
assurance that the organization has implemented a system for the management of food safety in line
with its policy.
Requirements for an FSMS can originate from a number of sources. This Technical Specification has
been developed to assist in the certification of FSMS that fulfil the requirements of ISO 22000. The
contents of this Technical Specification can also be used to support certification of FSMS that are based
on other sets of specified FSMS requirements.
This Technical Specification is intended for use by bodies that carry out audit and certification of FSMS
by providing generic requirements for such bodies. Such bodies are referred to as certification bodies.
This wording is not intended to be an obstacle to the use of this Technical Specification by bodies with
other designations that undertake activities covered by the scope of this Technical Specification. This
Technical Specification is intended to be used by anybody involved in the assessment of FSMS. It can also
be used to support other types of food safety certifications based on a combination of ISO/IEC 17021 and
ISO/IEC 17065.
Certification activities involve the audit of an organization’s FSMS. The form of attestation of conformity
of an organization’s FSMS to a specific FSMS standard (e.g. ISO 22000) or other specified requirements
is normally a certification document or a certificate.
It is for the organization being certified to develop its own management systems (e.g. FSMS in
accordance with ISO 22000, other sets of specified FSMS requirements, quality management systems,
environmental management systems or occupational health and safety management systems) and,
other than where relevant legislative requirements specify to the contrary, it is for the organization to
decide how the various components of these will be arranged. The degree of integration between the
various management system components will vary from organization to organization. It is therefore
appropriate for certification bodies that operate in accordance with this Technical Specification to
take into account the culture and practices of their clients with respect to the integration of their FSMS
within the wider organization.
© ISO 2013 – All rights reserved v

---------------------- Page: 7 ----------------------

SIST-TS ISO/TS 22003:2016

---------------------- Page: 8 ----------------------

SIST-TS ISO/TS 22003:2016
TECHNICAL SPECIFICATION ISO/TS 22003:2013(E)
Food safety management systems — Requirements for
bodies providing audit and certification of food safety
management systems
1 Scope
This Technical Specification defines the rules applicable for the audit and certification of a food safety
management system (FSMS) complying with the requirements given in ISO 22000 (or other sets of
specified FSMS requirements). It also provides the necessary information and confidence to customers
about the way certification of their suppliers has been granted.
Certification of FSMS is a third-party conformity assessment activity (as described in ISO/IEC 17000:2004,
5.5), and bodies performing this activity are third-party conformity assessment bodies.
NOTE 1 In this Technical Specification, the terms “product” and “service” are used separately (in contrast with
the definition of “product” given in ISO/IEC 17000).
NOTE 2 This Technical Specification can be used as a criteria document for the accreditation or peer assessment
of certification bodies which seek to be recognized as being competent to certify that an FSMS complies with
ISO 22000. It is also intended to be used as a criteria document by regulatory authorities and industry consortia
which engage in direct recognition of certification bodies to certify that an FSMS complies with ISO 22000. Some of
its requirements could also be useful to other parties involved in the conformity assessment of such certification
bodies, and in the conformity assessment of bodies that undertake to certify the compliance of FSMS with criteria
additional to, or other than, those in ISO 22000.
FSMS certification does not attest to the safety or fitness of the products of an organization within
the food chain. However, ISO 22000 requires an organization to meet all applicable food-safety-related
statutory and regulatory requirements through its management system.
NOTE 3 Certification of an FSMS according to ISO 22000 is a management system certification, not a product
certification.
Other FSMS users can use the concepts and requirements of this Technical Specification provided that
the requirements are adapted as necessary.
2 Normative references
The following referenced documents, in whole or in part, are normatively referenced in this document
and are indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO 22000:2005, Food safety management systems — Requirements for any organization in the food chain
ISO/IEC 17000:2004, Conformity assessment — Vocabulary and general principles
ISO/IEC 17021:2011, Conformity assessment — Requirements for bodies providing audit and certification
of management systems
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 17000, ISO/IEC 17021,
ISO 22000 and the following apply.
© ISO 2013 – All rights reserved 1

---------------------- Page: 9 ----------------------

SIST-TS ISO/TS 22003:2016
ISO/TS 22003:2013(E)

3.1
hazard analysis and critical control point
HACCP
system which identifies, evaluates and controls hazards which are significant for food safety
[12]
[SOURCE: Codex Alimentarius Food Hygiene Basic Texts, modified]
3.2
food safety management system
FSMS
set of interrelated or interacting elements to establish policy and objectives and to achieve those
objectives, used to direct and control an organization with regard to food safety
Note 1 to entry: See ISO 9000:2005, 3.2.1, 3.2.2 and 3.2.3.
Note 2 to entry: In this Technical Specification, “food safety management system” replaces the term “management
system” used in ISO/IEC 17021.
3.3
competence
ability to apply knowledge and skills to achieve intended results
4 Principles
The principles of ISO/IEC 17021:2011, Clause 4, are the basis for the subsequent specific performance
and descriptive requirements in this Technical Specification. This Technical Specification does not give
specific requirements for all situations that can occur. These principles should be applied as guidance
for the decisions that may need to be made for unanticipated situations. Principles are not requirements.
NOTE Annex E has been included to address the needs of parties interested both in FSMS and food product
certification.
5 General requirements
5.1 General
The requirements of ISO/IEC 17021:2011, Clause 5, apply.
5.2 Management of impartiality
FSMS consultancy shall not be provided by either the certification body or any part of the same legal
entity.
6 Structural requirements
The requirements of ISO/IEC 17021:2011, Clause 6, apply.
7 Resource requirements
7.1 Competence of management and personnel
7.1.1 General considerations
The requirements of ISO/IEC 17021:2011, 7.1.1, apply.
2 © ISO 2013 – All rights reserved

---------------------- Page: 10 ----------------------

SIST-TS ISO/TS 22003:2016
ISO/TS 22003:2013(E)

The technical areas referred to in ISO/IEC 17021:2011, 7.1.1, shall be those categories identified in
Annex A. The functions of certification for which competence shall be identified are those given in
Annex C.
7.1.2 Determination of competence criteria
The requirements of ISO/IEC 17021:2011, 7.1.2, apply.
The competence criteria included in Annex C shall form the basis for the criteria developed for each
category. Competence criteria can be generic or specific. The competence criteria in ISO/IEC 17021:2011,
Annex A, shall be considered to be generic.
NOTE 1 The competence criteria identified in Annex C are food safety related criteria for certification body
personnel. The certification body can identify specific competences required for the identified categories and for
each certification function.
NOTE 2 Annex D provides guidance to the certification body on many of the generic certification functions
identified in ISO/IEC 17021:2011, Annex A, for which competence criteria need to be determined for personnel
involved in the audit and certification of an FSMS.
NOTE 3 Qualification(s) and experience can be used as part of the criteria; however, competence is not based on
these alone, as it is important to ensure that a person can demonstrate the ability to apply the specific knowledge
and skills that one would expect a person to have after completing a qualification or having a certain amount of
industry experience.
7.1.3 Evaluation processes
The requirements of ISO/IEC 17021:2011, 7.1.3, apply.
Evaluation processes shall evaluate, in particular, the individual’s knowledge relating to food safety,
including knowledge of specific prerequisite programmes (PRP) and food safety hazards related to the
categories within which the certification body personnel operate. These shall have been identified for
these categories under the requirements of 7.1.2.
NOTE ISO/IEC 17021:2011, 7.1.3, requires the certification body to demonstrate the effectiveness of the
evaluation methods used to evaluate personnel against identified competence criteria. ISO/IEC 17021:2011,
Annex B, contains five examples of methods of evaluation.
7.1.4 Other considerations
The requirements of ISO/IEC 17021:2011, 7.1.4, apply.
7.2 Personnel involved in the certification activities
The requirements of ISO/IEC 17021:2011, 7.2, apply.
7.3 Use of individual external auditors and external technical advisors
The requirements of ISO/IEC 17021:2011, 7.3, apply.
7.4 Personnel records
The requirements of ISO/IEC 17021:2011, 7.4, apply.
7.5 Outsourcing
The requirements of ISO/IEC 17021:2011, 7.5, apply.
© ISO 2013 – All rights reserved 3

---------------------- Page: 11 ----------------------

SIST-TS ISO/TS 22003:2016
ISO/TS 22003:2013(E)

8 Information requirements
The requirements of ISO/IEC 17021:2011, Clause 8, apply.
The certification documents shall identify in detail what activity is certified, referring to categories and
subcategories (see Table A.1).
9 Process requirements
9.1 General requirements
9.1.1 The certification body shall use Annex A to define the relevant scope for the organization applying
for certification. The certification body shall not exclude activities, processes, products or services from
the scope of certification when those activities, processes, products or services can have an influence on
the food safety of the end products as defined in the scope of certification.
9.1.2 The certification body shall have a process for choosing the audit day, time and season, so that
the audit team has the opportunity of auditing the organization operating on a representative number of
product lines, categories and subcategories covered by the scope of certification.
9.1.3 The requirements of ISO/IEC 17021:2011, 9.1.1 to 9.1.3, apply.
9.1.4 The requirements of ISO/IEC 17021:2011, 9.1.4, apply.
The certification body shall have documented procedures for determining audit time, and for each client,
the certification body shall determine the time needed to plan and accomplish a complete and effective
audit of the client’s FSMS. The audit time determined by the certification body, and the justification for
the determination, shall be recorded.
9.1.5 For the certification of multi-site organizations, 9.1.5.1 to 9.1.5.4 apply.
NOTE This subclause (9.1.5) is intended to apply only to operations directly affecting food safety, and not to
exclusively administrative sites.
9.1.5.1 A multi-site organization is an organization having an identified central function (hereafter
referred to as a central office – but not necessarily the headquarters of the organization) at which certain
FSMS activities are planned, controlled or managed, and a network of sites at which such activities are
fully or partially carried out. Examples of possible multi-site organizations are:
— organizations operating with franchises;
— a manufacturing company with one or more production sites and a network of sales offices;
— service organizations with multiple sites offering a similar service;
— organizations with multiple branches.
9.1.5.2 The certification body can certify a multi-site organization under one management system,
providing that the following conditions apply:
a) all sites are operating under one centrally controlled and administered FSMS as defined in
ISO 22000:2005, Clause 4, or equivalent for other FSMS;
b) an internal audit has been conducted on each site within one year prior to certification;
c) audit findings of the individual sites shall be considered indicative of the entire system and
correction shall be implemented accordingly.
4 © ISO 2013 – All rights reserved

---------------------- Page: 12 ----------------------

SIST-TS ISO/TS 22003:2016
ISO/TS 22003:2013(E)

9.1.5.3 The use of multi-site sampling is only possible for categories A, B, E, F and G (see Table A.1)
and for organizations with more than 20 sites operating similar processes within these categories. This
applies to the initial certification, to surveillance and to recertification audits. The certification body shall
justify its decision on sampling for multi-site certification.
Where multi-site sampling is permitted, following certification, the annual internal audit programme
shall include all sites of the organization.
NOTE Risk is another consideration when determining sampling and can increase the level of sample
indicated in Table 1.
9.1.5.4 Where the certification body offers multi-site sampling, the certification body shall utilize a
sampling programme to ensure an effective audit of the FSMS where the following apply.
a) For organizations with 20 sites or less, all sites shall be audited. The sampling for more than 20 sites
shall be at the ratio of 1 site per 5 sites. All sites shall be randomly selected and, after the audit, no
sampled sites may be nonconforming (i.e. not meeting certification thresholds for ISO 22000).
b) At least annually, an audit of the central office for the FSMS shall be performed by the certification
body.
c) At least annually, surveillance audits shall be performed by the certification body on the required
number of sampled sites.
d) Audit findings of the sampled sites shall be considered indicative of the entire system and correction
shall be implemented accordingly.
Table 1 gives examples of the number of sites to audit when sampling is used.
Table 1 — Examples of the number of sites to be audited when multi-site sampling is used
Total number of sites
Number
of sites to
be audited 21 22 23 24 25 26 27 28
between 1
and 20
Number of sites above 20 0 1 2 3 4 5 6 7 8
Additional number of sites to audit 0 1 1 1 1 1 2 2 2
Number of sites to be audited x 21 21 21 21 21 22 22 22
9.1.6 The requirements of ISO/IEC 17021:2011, 9.1.6 to 9.1.9, apply.
9.1.7 Audit report: the requirements of ISO/IEC 17021:2011, 9.1.10, apply.
9.1.8 The certification body shall provide a written report for each audit. The audit team may identify
opportunities for improvement, but shall not recommend specific solutions. Ownership of the audit
report shall be maintained by the certification body.
The report shall include information about PRP used by the organization, hazard analysis methodology
used, comments on the food safety team, and other issues relevant to the FSMS.
NOTE The stage 1 documented conclusions do not need to meet the full requirements of a report (see
ISO/IEC 17021:2011, 9.1.10).
9.1.9 The requirements of ISO/IEC 17021:2011, 9.1.11 to 9.1.15, apply.
© ISO 2013 – All rights reserved 5

---------------------- Page: 13 ----------------------

SIST-TS ISO/TS 22003:2016
ISO/TS 22003:2013(E)

9.2 Initial audit and certification
9.2.1 Application
The requirements of ISO/IEC 17021:2011, 9.2.1, apply.
The certification body shall require the applicant organization to provide detailed information
concerning process lines, HACCP studies and the number of shifts.
9.2.2 Application review
The requirements of ISO/IEC 17021:2011, 9.2.2, apply.
9.2.3 Initial certification audit
The initial certfication audit of an FSMS shall be conducted in two stages: stage 1 and stage 2.
9.2.3.1 Stage 1
9.2.3.1.1 The requirements of ISO/IEC 17021:2011, 9.2.3.1.1, apply.
9.2.3.1.2 The objectives of the stage 1 are to provide a focus for planning the stage 2 audit by gaining
an understanding of the organization’s FSMS and the organization’s state of preparedness for stage 2 by
reviewing the extent to which:
a) the organization has identified PRP that are appropriate to the business (e.g. regulatory, statutory,
customer and certification scheme requirements),
b) the FSMS includes adequate processes and methods for the identification and assessment of the
organization’s food safety hazards, and subsequent selection and categorization of control measures
(combinations),
c) relevant food safety legislation is implemented,
d) the FSMS is designed to achieve the organization’s food safety policy,
e) the FSMS implementation programme justifies proceeding to the audit (stage 2),
f) the validation of control measures, verification of activities and improvement programmes conform
to the requirements of the FSMS standard,
g) the FSMS documents and arrangements are in place to communicate internally and with relevant
suppliers, customers and interested parties, and
h) there is any additional documentation which needs to be reviewed and/or information which needs
to be obtained in advance.
Where an organization has implemented an externally developed combination of control measures, the
stage 1 shall review the documentation included in the FSMS to determine if the combination of control
measures
— is suitable for the organization,
— was developed in compliance with the requirements of ISO 22000, and
— is kept up to date.
The availability of relevant authorizations shall be checked when collecting the information regarding
the compliance to regulatory aspects.
6 © ISO 2013 – All rights reserved

---------------------- Page: 14 ----------------------

SIST-TS ISO/TS 2
...

SPÉCIFICATION ISO/TS
TECHNIQUE 22003
Deuxième édition
2013-12-15
Systèmes de management de la
sécurité des denrées alimentaires —
Exigences pour les organismes
procédant à l’audit et à la certification
de systèmes de management de la
sécurité des denrées alimentaires
Food safety management systems — Requirements for bodies
providing audit and certification of food safety management systems
Numéro de référence
ISO/TS 22003:2013(F)
©
ISO 2013

---------------------- Page: 1 ----------------------
ISO/TS 22003:2013(F)

DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2013
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite ni utilisée
sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie, l’affichage sur
l’internet ou sur un Intranet, sans autorisation écrite préalable. Les demandes d’autorisation peuvent être adressées à l’ISO à
l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Version française parue en 2014
Publié en Suisse
ii © ISO 2013 – Tous droits réservés

---------------------- Page: 2 ----------------------
ISO/TS 22003:2013(F)

Sommaire Page
Avant-propos .iv
Introduction .v
1 Domaine d’application . 1
2 Références normatives . 1
3 Termes et définitions . 2
4 Principes . 2
5 Exigences générales . 2
5.1 Généralités . 2
5.2 Gestion de l’impartialité . 2
6 Exigences structurelles . 2
7 Exigences relatives aux ressources . 3
7.1 Compétence de la direction et du personnel. 3
7.2 Personnel intervenant dans les activités de certification . 3
7.3 Intervention d’auditeurs et d’experts techniques externes individuels . 3
7.4 Enregistrements relatifs au personnel . 4
7.5 Externalisation . 4
8 Exigences relatives aux informations . 4
9 Exigences relatives aux processus . 4
9.1 Exigences générales . 4
9.2 Évaluation et certification initiales . 6
9.3 Activités de surveillance . 7
9.4 Renouvellement de la certification . 7
9.5 Audits particuliers . 8
9.6 Suspension, retrait ou réduction du périmètre de la certification . 8
9.7 Appels . 8
9.8 Plaintes . 8
9.9 Enregistrements relatifs aux demandeurs et aux clients . 8
10 Exigences relatives au système de management des organismes de certification .8
Annexe A (normative) Classification des catégories de la chaîne alimentaire .9
Annexe B (normative) Durée minimale de l’audit .12
Annexe C (normative) Compétences requises en matière de systèmes de management de la
sécurité des denrées alimentaires (SMSDA) .15
Annexe D (informative) Recommandations relatives aux fonctions de certification génériques .19
Annexe E (informative) Systèmes de management de la sécurité des denrées alimentaires et
certification de produits .23
Bibliographie .28
© ISO 2013 – Tous droits réservés iii

---------------------- Page: 3 ----------------------
ISO/TS 22003:2013(F)

Avant-propos
L’ISO (Organisation internationale de normalisation) est une fédération mondiale d’organismes
nationaux de normalisation (comités membres de l’ISO). L’élaboration des Normes internationales est
en général confiée aux comités techniques de l’ISO. Chaque comité membre intéressé par une étude
a le droit de faire partie du comité technique créé à cet effet. Les organisations internationales,
gouvernementales et non gouvernementales, en liaison avec l’ISO participent également aux travaux.
L’ISO collabore étroitement avec la Commission électrotechnique internationale (CEI) en ce qui concerne
la normalisation électrotechnique.
Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont
décrites dans les Directives ISO/CEI, Partie 1. Il convient, en particulier de prendre note des différents
critères d’approbation requis pour les différents types de documents ISO. Le présent document a été
rédigé conformément aux règles de rédaction données dans les Directives ISO/CEI, Partie 2 (voir www.
iso.org/directives).
L’attention est appelée sur le fait que certains des éléments du présent document peuvent faire l’objet de
droits de propriété intellectuelle ou de droits analogues. L’ISO ne saurait être tenue pour responsable
de ne pas avoir identifié de tels droits de propriété et averti de leur existence. Les détails concernant les
références aux droits de propriété intellectuelle ou autres droits analogues identifiés lors de l’élaboration
du document sont indiqués dans l’Introduction et/ou sur la liste ISO des déclarations de brevets reçues
(voir www.iso.org/brevets).
Les éventuelles appellations commerciales utilisées dans le présent document sont données pour
information à l’intention des utilisateurs et ne constituent pas une approbation ou une recommandation.
Pour une explication de la signification des termes et expressions spécifiques de l’ISO liés à l’évaluation
de la conformité, aussi bien que pour des informations au sujet de l’adhésion de l’ISO aux principes de
l’OMC concernant les obstacles techniques au commerce (OTC) voir le lien suivant: Avant-propos —
Informations supplémentaires.
Le comité chargé de l’élaboration du présent document est l’ISO/TC 34, Produits alimentaires, sous-
comité SC 17, Systèmes de management pour la sécurité des denrées alimentaires, en collaboration avec le
Comité ISO pour l’évaluation de la conformité (CASCO).
Cette seconde édition annule et remplace la première édition (ISO/TS 22003:2007), qui a fait l’objet
d’une révision technique.
iv © ISO 2013 – Tous droits réservés

---------------------- Page: 4 ----------------------
ISO/TS 22003:2013(F)

Introduction
La certification du système de management de la sécurité des denrées alimentaires (SMSDA) d’une
organisation est l’un des moyens permettant d’assurer que l’organisation a mis en œuvre un SMSDA
conforme à sa politique.
Les exigences applicables à un SMSDA peuvent émaner d’un certain nombre de sources et la présente
Spécification technique a été élaborée pour apporter une aide à la certification des SMSDA qui satisfont
aux exigences de l’ISO 22000. Le contenu de la présente Spécification technique peut également servir
à accompagner la certification des SMSDA qui sont fondés sur d’autres ensembles d’exigences spécifiées
en la matière.
La présente Spécification technique est destinée à l’usage des organismes qui auditent et qui certifient
des SMSDA en fournissant des exigences génériques applicables à ces organismes. Ces organismes
sont appelés organismes de certification. Ce libellé n’est pas destiné à faire obstacle à l’utilisation de
la présente Spécification technique par des organismes désignés différemment qui entreprennent des
activités couvertes par le domaine d’application décrit dans cette Spécification technique. La présente
Spécification technique est destinée à être utilisée par tout organisme impliqué dans l’évaluation de
SMSDA. Elle peut également servir à accompagner d’autres types de certifications en matière de sécurité
des denrées alimentaires fondées sur une combinaison de l’ISO/CEI 17021 et de l’ISO/CEI 17065.
Les activités de certification comprennent l’audit du SMSDA d’une organisation. La manière d’attester
la conformité de ce système à une norme spécifique de SMSDA (par exemple ISO 22000) ou à d’autres
exigences spécifiées prend généralement la forme d’un document de certification ou d’un certificat.
Il incombe à l’organisation soumise à la procédure de certification de mettre au point ses propres
systèmes de management (par exemple un SMSDA conforme à l’ISO 22000, d’autres ensembles d’exigences
spécifiées en la matière, des systèmes de management de la qualité, des systèmes de management
environnemental ou des systèmes de management de l’hygiène et de la sécurité au travail) et, sauf
spécifications contraires dans les exigences réglementaires applicables, il appartient à l’organisation de
décider de l’agencement des divers composants desdits systèmes. Le degré d’intégration entre les divers
composants des systèmes de management variera d’une organisation à l’autre. Il est donc approprié
pour les organismes de certification qui opèrent conformément à la présente Spécification technique
de prendre en compte la culture et les pratiques de leurs clients, eu égard à l’intégration de leur SMSDA
dans un cadre plus large.
© ISO 2013 – Tous droits réservés v

---------------------- Page: 5 ----------------------
SPÉCIFICATION TECHNIQUE ISO/TS 22003:2013(F)
Systèmes de management de la sécurité des denrées
alimentaires — Exigences pour les organismes procédant à
l’audit et à la certification de systèmes de management de
la sécurité des denrées alimentaires
1 Domaine d’application
La présente Spécification technique définit les règles applicables à l’audit et à la certification d’un système
de management de la sécurité des denrées alimentaires (SMSDA) conforme aux exigences données dans
l’ISO 22000 (ou à d’autres ensembles d’exigences spécifiées en la matière). Elle fournit également aux
clients les informations nécessaires sur la manière de procéder à la certification de leurs fournisseurs et
leur donne ainsi confiance dans cette certification.
La certification des SMSDA est une activité d’évaluation de la conformité par tierce partie (tel que décrit
dans le 5.5 de l’ISO/CEI 17000:2004) et les organismes exerçant cette activité sont des organismes
d’évaluation de la conformité par tierce partie.
NOTE 1 Dans la présente Spécification technique, les termes «produit» et «service» sont employés séparément
(contrairement à la définition de «produit» donnée dans l’ISO/CEI 17000).
NOTE 2 La présente Spécification technique peut être utilisée comme référentiel pour l’accréditation
ou l’évaluation par des tiers des organismes de certification qui cherchent à se faire reconnaître comme
étant compétents pour certifier qu’un SMSDA est conforme à l’ISO 22000. Elle est également destinée à être
utilisée comme référentiel par des autorités réglementaires et des consortiums industriels qui procèdent à la
reconnaissance directe des organismes de certification qui certifient qu’un SMSDA est conforme à l’ISO 22000.
Certaines de ses exigences pourraient aussi être utiles pour toute autre partie susceptible d’être impliquée dans
l’évaluation de la conformité de tels organismes de certification et dans l’évaluation de la conformité de tout
organisme qui réalise la certification de la conformité des SMSDA à des critères complémentaires à l’ISO 22000
ou différents de ceux énoncés dans cette dernière.
La certification d’un SMSDA n’atteste pas la sécurité ou l’aptitude à l’emploi des produits d’une
organisation appartenant à la chaîne alimentaire. Cependant, l’ISO 22000 exige qu’une organisation
satisfasse à l’ensemble des exigences législatives et réglementaires en vigueur liées à la sécurité des
denrées alimentaires au travers de son système de management.
NOTE 3 La certification d’un SMSDA conforme à l’ISO 22000 est une certification de système de management,
non une certification de produits.
D’autres utilisateurs de SMSDA peuvent utiliser les concepts et les exigences de la présente Spécification
technique, à condition d’adapter les exigences selon les besoins.
2 Références normatives
Les documents ci-après, dans leur intégralité ou non, sont des références normatives indispensables
à l’application du présent document. Pour les références datées, seule l’édition citée s’applique. Pour
les références non datées, la dernière édition du document de référence (y compris les éventuels
amendements) s’applique.
ISO 22000:2005, Systèmes de management de la sécurité des denrées alimentaires — Exigences pour tout
organisme appartenant à la chaîne alimentaire
ISO/CEI 17000:2004, Évaluation de la conformité — Vocabulaire et principes généraux
ISO/CEI 17021:2011, Évaluation de la conformité — Exigences pour les organismes procédant à l’audit et à
la certification de systèmes de management
© ISO 2013 – Tous droits réservés 1

---------------------- Page: 6 ----------------------
ISO/TS 22003:2013(F)

3 Termes et définitions
Pour les besoins du présent document, les termes et définitions donnés dans l’ISO/CEI 17000,
l’ISO/CEI 17021 et l’ISO 22000 ainsi que les suivants s’appliquent.
3.1
analyse des dangers et points critiques pour leur maîtrise
HACCP
système qui identifie, évalue et maîtrise les dangers
significatifs au regard de la sécurité des denrées alimentaires
[12]
[SOURCE: Codex Alimentarius Food Hygiene Basic Texts, modifié]
3.2
système de management de la sécurité des denrées alimentaires
SMSDA
ensemble d’éléments corrélés ou interactifs permettant d’établir une politique et des objectifs et
d’atteindre ces objectifs, utilisé pour orienter et maîtriser une organisation en matière de sécurité des
denrées alimentaires
Note 1 à l’article: Voir 3.2.1, 3.2.2 et 3.2.3 de l’ISO 9000:2005.
Note 2 à l’article: Dans la présente Spécification technique, l’expression «système de management de la sécurité
des denrées alimentaires» remplace l’expression «système de management» utilisée dans l’ISO/CEI 17021.
3.3
compétence
aptitude à mettre en pratique des connaissances et un savoir-faire pour obtenir les résultats escomptés
4 Principes
Les principes de l’Article 4 de l’ISO/CEI 17021:2011 servent de base pour les exigences spécifiques de
performance et les exigences descriptives données dans la présente Spécification technique. Cette
Spécification technique ne fournit pas d’exigences spécifiques applicables à toutes les situations
susceptibles de survenir. Il convient de considérer ces principes comme des recommandations à
appliquer en cas de décisions à prendre dans des situations imprévues. Ces principes ne constituent pas
des exigences.
NOTE L’Annexe E a été incluse pour traiter les besoins des parties intéressées à la fois par le SMSDA et la
certification des produits alimentaires.
5 Exigences générales
5.1 Généralités
Les exigences de l’Article 5 de l’ISO/CEI 17021:2011 s’appliquent.
5.2 Gestion de l’impartialité
L’organisme de certification et toute autre partie de la même entité juridique ne doivent pas fournir des
prestations de conseil en matière de SMSDA.
6 Exigences structurelles
Les exigences de l’Article 6 de l’ISO/CEI 17021:2011 s’appliquent.
2 © ISO 2013 – Tous droits réservés

---------------------- Page: 7 ----------------------
ISO/TS 22003:2013(F)

7 Exigences relatives aux ressources
7.1 Compétence de la direction et du personnel
7.1.1 Considérations générales
Les exigences du paragraphe 7.1.1 de l’ISO/CEI 17021:2011 s’appliquent.
Les secteurs techniques cités au paragraphe 7.1.1 de l’ISO/CEI 17021:2011 doivent correspondre aux
catégories identifiées à l’Annexe A. Les fonctions de certification pour lesquelles une compétence doit
être identifiée sont celles énoncées à l’Annexe C.
7.1.2 Détermination des critères de compétence
Les exigences du paragraphe 7.1.2 de l’ISO/CEI 17021:2011 s’appliquent.
Les critères de compétences fixés à l’Annexe C doivent servir de base aux critères développés pour
chaque catégorie. Les critères de compétence peuvent être génériques ou spécifiques. Les critères de
compétence énoncés à l’Annexe A de l’ISO/CEI 17021:2011 doivent être considérés comme génériques.
NOTE 1 Les critères de compétence identifiés à l’Annexe C sont des critères relatifs à la sécurité des denrées
alimentaires à l’attention du personnel de l’organisme de certification. L’organisme de certification peut identifier
des compétences spécifiques requises pour les catégories identifiées et pour chaque fonction de certification.
NOTE 2 L’Annexe D fournit des recommandations à l’organisme de certification sur la plupart des fonctions
de certification génériques identifiées à l’Annexe A de l’ISO/CEI 17021:2011 et pour lesquelles il est nécessaire de
déterminer des critères de compétence des membres du personnel impliqués dans la réalisation des audits et de
la certification d’un SMSDA.
NOTE 3 La ou les qualifications et l’expérience peuvent faire partie des critères; toutefois, la compétence ne
repose pas uniquement sur ces caractéristiques, car il est important de s’assurer qu’une personne peut démontrer
son aptitude à mettre en œuvre les connaissances spécifiques et le savoir-faire que l’on attendrait d’une personne
ayant obtenu une qualification ou possédant une certaine expérience dans le secteur.
7.1.3 Processus d’évaluation
Les exigences du paragraphe 7.1.3 de l’ISO/CEI 17021:2011 s’appliquent.
Les processus d’évaluation doivent en particulier évaluer les connaissances de l’individu en matière
de sécurité des denrées alimentaires, y compris ses connaissances des programmes prérequis (PRP)
spécifiques et des dangers liés à la sécurité des denrées alimentaires concernant les catégories qui
entrent dans le périmètre d’action du personnel de l’organisme de certification. Ils doivent être identifiés
pour les catégories relevant des exigences du 7.1.2.
NOTE Le paragraphe 7.1.3 de l’ISO/CEI 17021:2011 exige que l’organisme de certification démontre l’efficacité
des méthodes d’évaluation utilisées pour évaluer le personnel par rapport à des critères de compétence identifiés.
L’Annexe B de l’ISO/CEI 17021:2011 contient cinq exemples de méthodes d’évaluation.
7.1.4 Autres considérations
Les exigences du paragraphe 7.1.4 de l’ISO/CEI 17021:2011 s’appliquent.
7.2 Personnel intervenant dans les activités de certification
Les exigences du paragraphe 7.2 de l’ISO/CEI 17021:2011 s’appliquent.
7.3 Intervention d’auditeurs et d’experts techniques externes individuels
Les exigences du paragraphe 7.3 de l’ISO/CEI 17021:2011 s’appliquent.
© ISO 2013 – Tous droits réservés 3

---------------------- Page: 8 ----------------------
ISO/TS 22003:2013(F)

7.4 Enregistrements relatifs au personnel
Les exigences du paragraphe 7.4 de l’ISO/CEI 17021:2011 s’appliquent.
7.5 Externalisation
Les exigences du paragraphe 7.5 de l’ISO/CEI 17021:2011 s’appliquent.
8 Exigences relatives aux informations
Les exigences de l’Article 8 de l’ISO/CEI 17021:2011 s’appliquent.
Les documents de certification doivent identifier en détail quelle activité est certifiée, en faisant
référence aux catégories et aux sous-catégories (voir Tableau A.1).
9 Exigences relatives aux processus
9.1 Exigences générales
9.1.1 L’organisme de certification doit utiliser l’Annexe A pour définir le domaine d’application
pertinent pour l’organisation émettant une demande de certification. L’organisme de certification ne
doit pas exclure d’activités, de procédés, de produits ou de services du domaine d’application de la
certification lorsque ces derniers peuvent influer sur la sécurité sanitaire des produits finis telle que
définie dans le domaine d’application de la certification.
9.1.2 L’organisme de certification doit disposer d’un processus pour choisir la date, la durée et la
saison de l’audit pour que l’équipe d’audit ait l’occasion d’auditer l’organisation en fonctionnement sur un
nombre représentatif de lignes de produits, de catégories et de sous-catégories couverts par le domaine
d’application de la certification.
9.1.3 Les exigences des paragraphes 9.1.1 à 9.1.3 de l’ISO/CEI 17021:2011 s’appliquent.
9.1.4 Les exigences du paragraphe 9.1.4 de l’ISO/CEI 17021:2011 s’appliquent.
L’organisme de certification doit disposer de procédures documentées pour la détermination de la
durée de l’audit et pour chaque client, l’organisme de certification doit déterminer le temps nécessaire
à la planification et à la réalisation d’un audit complet et efficace du SMSDA du client. Le temps imparti
déterminé par l’organisme de certification ainsi que les justifications correspondantes doivent être
enregistrés.
9.1.5 Pour les organisations multisites, les paragraphes 9.1.5.1 et 9.1.5.4 s’appliquent.
NOTE Ce paragraphe (9.1.5) est destiné à s’appliquer uniquement aux opérations qui affectent directement la
sécurité des denrées alimentaires, et non aux sites exclusivement administratifs.
9.1.5.1 Une organisation multisite est une organisation comportant une fonction centralisée identifiée
(ci-après désignée «bureau central», mais pas nécessairement le siège social de l’organisation) au niveau
de laquelle certaines activités du SMSDA sont planifiées, maîtrisées ou gérées; ainsi qu’un réseau de
sites au niveau desquels ces activités sont entièrement ou partiellement réalisées. Des exemples
d’organisations multisites possibles sont:
— les organisations opérant avec des franchises;
— une entreprise manufacturière disposant d’un ou de plusieurs sites de production et d’un réseau de
bureaux de vente;
— les organisations de services disposant de plusieurs sites offrant un service similaire;
— les organisations comportant plusieurs filiales.
4 © ISO 2013 – Tous droits réservés

---------------------- Page: 9 ----------------------
ISO/TS 22003:2013(F)

9.1.5.2 L’organisme de certification peut certifier une organisation multisite dans le cadre d’un seul
système de management dans la mesure où les conditions suivantes s’appliquent:
a) tous les sites opèrent sous un seul SMSDA contrôlé et administré de façon centralisée, tel que défini
à l’Article 4 de l’ISO 22000:2005 ou dans des normes équivalentes pour d’autres SMSDA;
b) un audit interne a été réalisé sur chaque site dans l’année précédant la certification;
c) les constats d’audit issus des sites individuels doivent être considérés comme indicatifs de l’ensemble
du système et une correction doit être apportée en conséquence.
9.1.5.3 L’utilisation d’un échantillonnage multisite n’est possible que pour les catégories A, B, E, F et G
(voir Tableau A.1) pour les organisations de plus de 20 sites opérant des processus similaires dans ces
catégories. Cela s’applique à la certification initiale, aux audits de surveillance et de renouvellement de la
certification. L’organisme de certification doit justifier sa décision de recourir à un échantillonnage pour
la certification multisite.
À la suite de la certification, lorsqu’un échantillonnage multisite est autorisé, le programme d’audit
interne annuel doit inclure tous les sites de l’organisation.
NOTE Le risque est un autre élément à prendre en compte lors de la détermination de l’échantillonnage et
doit augmenter le niveau d’échantillon indiqué dans le Tableau 1.
9.1.5.4 Lorsque l’organisme de certification propose un échantillonnage multisite, il doit utiliser un
programme d’échantillonnage afin de garantir un audit efficace du SMSDA dans lequel les critères suivants
s’appliquent.
a) Pour les organisations comportant 20 sites ou moins, tous les sites doivent être audités.
L’échantillonnage au-delà de 20 sites doit porter sur 1 site sur 5. Tous les sites doivent être
sélectionnés au hasard et une fois l’audit réalisé, aucun site échantillonné ne peut être non conforme
(c’est-à-dire ne pas satisfaire aux seuils de certification de l’ISO 22000).
b) un audit du bureau central concernant le SMSDA doit être réalisé au moins une fois par an par
l’organisme de certification.
c) des audits de surveillance doivent être réalisés au moins une fois par an par l’organisme de
certification sur le nombre de sites échantillonnés requis.
d) les constats d’audit issus des sites échantillonnés doivent être considérés comme indicatifs de
l’ensemble du système et une correction doit être apportée en conséquence.
Le Tableau 1 donne des exemples du nombre de sites à auditer lorsque l’échantillonnage est utilisé.
Tableau 1 — Exemples du nombre de sites à auditer lorsque l’échantillonnage multisite
est utilisé
Nombre total de sites
Nombre de

sites à audi-
21 22 23 24 25 26 27 28
ter entre 1
et 20
Nombre de sites au delà de 20 0 1 2 3 4 5 6 7 8
Nombre supplémentaire de sites à
0 1 1 1 1 1 2 2 2
auditer
Nombre de sites à auditer x 21 21 21 21 21 22 22 22
9.1.6 Les exigences des paragraphes 9.1.6 à 9.1.9 de l’ISO/CEI 17021:2011 s’appliquent.
9.1.7 Rapport d’audit: les exigences du paragraphe 9.1.10 de l’ISO/CEI 17021:2011 s’appliquent.
© ISO 2013 – Tous droits réservés 5

---------------------- Page: 10 ----------------------
ISO/TS 22003:2013(F)

9.1.8 L’organisme de certification doit fournir un rapport écrit pour chaque audit. L’équipe d’audit peut
également identifier des opportunités d’amélioration, mais elle ne doit pas recommander des solutions
spécifiques. Le rapport d’audit demeure la propriété de l’organisme de certification.
Le rapport doit inclure des informations sur les PRP utilisés par l’organisation, la méthodologie d’analyse
des dangers utilisée, les commentaires sur l’équipe de sécurité des denrées alimentaires et d’autres
questions en rapport avec le SMSDA.
NOTE Il n’est pas nécessaire que les conclusions documentées de l’étape 1 satisfassent à toutes les exigences
d’un rapport (voir 9.1.10 de l’ISO/CEI 17021:2011).
9.1.9 Les exigences des paragraphes 9.1.11 à 9.1.15 de l’ISO/CEI 17021:2011 s’appl
...