ISO-Based Food Safety Certification
FSSC 22000 combines ISO 22000 with sector-specific prerequisite programs and FSSC additional requirements to create one of the world's most rigorous GFSI-recognized food safety certifications. Affinity QMS provides the quality management infrastructure food manufacturers need to achieve and maintain FSSC 22000 Version 6 certification.
Overview
FSSC 22000 (Food Safety System Certification 22000) is a GFSI-recognized food safety management system certification developed by the Foundation FSSC 22000. Unlike SQF or BRCGS, which are standalone proprietary standards, FSSC 22000 is built on ISO 22000 — the international standard for food safety management systems — combined with sector-specific prerequisite program specifications (the ISO/TS 22002 series) and a set of FSSC-specific additional requirements that close gaps in ISO 22000 for GFSI benchmarking purposes.
This three-layer structure is the key to understanding FSSC 22000. ISO 22000:2018 provides the management system framework — context of the organization, leadership, planning, support, operation, performance evaluation, and improvement — following the ISO High Level Structure (HLS) used by ISO 9001, ISO 14001, and other ISO management standards. The ISO/TS 22002 series (22002-1 for food manufacturing, 22002-2 for catering, 22002-3 for farming, 22002-4 for food packaging, 22002-6 for feed production) provides sector-specific Good Manufacturing Practices and prerequisite program (PRP) requirements that ISO 22000 references but does not fully specify. The FSSC additional requirements layer adds food fraud mitigation, food defense, allergen management, environmental monitoring, and specific labeling requirements that GFSI benchmarking demanded beyond the ISO 22000 base.
FSSC 22000 Version 6, released in April 2023, introduced updates including enhanced food fraud and food defense requirements, a strengthened culture requirement aligned with GFSI guidance, additional requirements on allergen management, and more detailed environmental monitoring program requirements. FSSC Version 6 is now the auditable version, and all facilities certified under earlier versions must have transitioned to Version 6 by April 2024.
FSSC 22000 is particularly well-suited to manufacturers who already operate within an ISO management system framework (ISO 9001, ISO 14001, ISO 45001) because FSSC 22000's ISO HLS structure integrates naturally with other ISO standards, allowing integrated management system audits that reduce total audit burden.
Standard Structure
Layer 1 — Foundation
The management system framework. Addresses organizational context, leadership commitment, risk-based thinking, hazard analysis and HACCP-based food safety plans, operational prerequisite programs (oPRPs), critical control points, verification, and management review. Follows ISO High Level Structure for integration with other ISO standards.
Layer 2 — Sector PRPs
Sector-specific prerequisite program specifications. ISO/TS 22002-1 (food manufacturing) is the most commonly applied, covering infrastructure, cleaning and disinfection, pest control, cross-contamination prevention, allergen management, waste management, and supplier management requirements specific to food manufacturing operations.
Layer 3 — GFSI Gap Fill
Additional requirements specified by the Foundation FSSC 22000 to satisfy GFSI benchmarking: food fraud vulnerability assessment (VACCP), food defense (TACCP), allergen management, environmental monitoring program, product authenticity, sustainability commitments, and food safety culture. Version 6 significantly expanded these requirements.
Platform Mapping
| FSSC 22000 Requirement | ISO 22000 Clause | Affinity QMS Module | What It Does |
|---|---|---|---|
| Documented Information | Clause 7.5 | Document Control | Controlled SOPs, food safety plans, records, and documented information with version control, approval workflows, and access controls per ISO 22000 documented information requirements |
| Nonconformity and Corrective Action | Clause 10.1 | CAPA Management | Non-conformance identification, root cause analysis, corrective action planning, effectiveness verification, and documented retention per ISO 22000 clause 10.1 requirements |
| Internal Audit | Clause 9.2 | Audit Management | Planned internal audit program against ISO 22000 and FSSC additional requirements, auditor independence tracking, finding management, and corrective action linkage |
| Externally Provided Processes | Clause 8.4 | Supplier Management | Supplier qualification, approved supplier register, control of externally provided products and services including risk-based monitoring and periodic review documentation |
| Competence and Training | Clause 7.2 | Training Management | Competency-based training records, food safety training for all personnel affecting food safety, training effectiveness evaluation, and retained evidence per clause 7.2 |
Who This Is For
Food Safety Manager at an ISO-Certified Facility
Manufacturers already operating under ISO 9001 or ISO 14001 who need to add FSSC 22000 benefit from Affinity QMS's ISO-aligned structure — the document control, CAPA, and internal audit modules match the ISO HLS framework, reducing the integration effort compared to proprietary-standard QMS software.
Global Food Manufacturer
Food manufacturers supplying global food companies (Nestle, Unilever, Danone, Mars) that specify FSSC 22000 as their supplier qualification standard. FSSC 22000's ISO foundation makes it the preferred certification for global operations requiring a single globally-recognized standard.
Food Packaging Manufacturer
Packaging manufacturers that supply food companies increasingly face FSSC 22000 certification requirements from their food manufacturing customers. ISO/TS 22002-4 covers food packaging specifically, and Affinity QMS manages the document and audit infrastructure for both food and packaging manufacturing operations.
Common Questions
What is the difference between FSSC 22000 and ISO 22000?
ISO 22000 is an international standard for food safety management systems published by the International Organization for Standardization. It is certifiable but not GFSI-recognized on its own because GFSI benchmarking requires sector-specific PRP specifications and additional requirements that ISO 22000 does not fully address. FSSC 22000 adds the ISO/TS 22002-x series of sector-specific PRP requirements and a set of FSSC additional requirements on top of ISO 22000, creating a GFSI-recognized certification scheme. In practice, achieving FSSC 22000 certification means you have also achieved ISO 22000 compliance as part of the process, because ISO 22000 is the management system foundation that FSSC 22000 is built upon.
How does FSSC 22000 compare to SQF and BRCGS?
All three are GFSI-recognized, meaning major retail and foodservice buyers accept all three. The choice between them typically comes down to customer requirements, market geography, and existing management system maturity. SQF is most dominant in North American retail. BRCGS is most dominant in UK and European retail. FSSC 22000 is most common among global food manufacturers, ingredient suppliers, and companies already operating within an ISO management system framework. FSSC 22000 is often preferred by organizations that want a single standard that integrates smoothly with ISO 9001 and other ISO standards. SQF and BRCGS are proprietary standards with more prescriptive requirements that some manufacturers find more straightforward to implement for the first time.
What did FSSC 22000 Version 6 change?
Version 6, released April 2023 with a mandatory transition deadline of April 2024, introduced several significant changes. Food fraud mitigation (VACCP) and food defense (TACCP) requirements were expanded and strengthened with clearer documentation expectations. Food safety culture requirements were enhanced with specific requirements for culture measurement and evidence of improvement activities. Allergen management requirements were updated with more specific controls for allergen risk assessment and cross-contact prevention. Environmental monitoring program requirements became more explicit about scope, frequency, and corrective action triggers. The sustainability commitment requirement was added as a new element, requiring organizations to document a commitment to sustainable practices. Supplier management requirements were clarified to address remote supplier assessments.
How do I choose a certification body for FSSC 22000?
FSSC 22000 audits must be conducted by a certification body (CB) that is accredited by an ILAC-recognized accreditation body (such as ANAB in the US, UKAS in the UK, or DAkkS in Germany) and licensed by the Foundation FSSC 22000. A list of licensed CBs is available on the FSSC 22000 website. When selecting a CB, consider auditor experience in your specific food sector, geographic availability, audit scheduling flexibility, and cost. It is advisable to conduct pre-assessment readiness reviews with at least two CBs before committing, as audit costs and auditor expertise vary significantly. The Foundation FSSC 22000 requires that CBs rotate their lead auditors every five years to maintain audit integrity.
Can FSSC 22000 certification be integrated with ISO 9001?
Yes, and this is one of FSSC 22000's primary advantages over proprietary standards like SQF and BRCGS. Because ISO 22000 follows the ISO High Level Structure (HLS) — the same architectural framework as ISO 9001, ISO 14001, and ISO 45001 — the management system requirements (clauses 4 through 10) are highly compatible across standards. An integrated management system (IMS) can address ISO 9001 quality management, ISO 22000/FSSC 22000 food safety, and ISO 14001 environmental management within a single documentation structure, and integrated audits can cover all three systems in a combined audit event. Affinity QMS's document control, CAPA, internal audit, and training modules support integrated management systems with shared infrastructure and per-standard scope filtering.
How long does FSSC 22000 certification take?
FSSC 22000 certification involves a two-stage audit process. Stage 1 is a documentation review and readiness assessment, typically conducted on-site or remotely, to verify that the management system is designed correctly and is ready for the Stage 2 assessment. Stage 2 is the full on-site certification audit assessing implementation effectiveness across all requirements. From the Stage 1 audit date to certificate issuance, the process typically takes two to four months depending on the number and severity of any non-conformances requiring corrective action before certificate decision. Organizations starting from a mature food safety system with existing HACCP documentation can often complete the full process within four to six months. Affinity QMS accelerates this by providing pre-built ISO 22000-aligned document templates and internal audit checklists that prepare your system for Stage 1 review within weeks rather than months.
Related Resources
See how Affinity QMS maps to ISO 22000 clause requirements and FSSC Version 6 additional requirements — giving you a complete audit-ready documentation system before your Stage 1 assessment.
Book a Demo