Integrating ISO 22000, ISO 14001

Food safety testing, lab, standards

Q: In a food manufacturing company, with certifications to ISO 22000:2005 Food safety management systems — Requirements for any organization in the food chain as well as ISO 14001-2004: Environmental management systems – Requirements with guidance for use, the certification to ISO 22000 allows the company to operate with exemption from the Food Act. The exemption from Food Act determines that the organization has a permit to use its physical premises to indulge in industrial activity involving consumable food products.

Now, this permit is issued with certain conditions — e.g., regular updates to the issuing authority regarding changes to to the food safety plan. We view this requirement as a legal requirement.

My question is, would we use the legal register developed as part of ISO 14000 as the tool to manage the compliance to the above legal requirements? Doubt arises because the legal requirement addresses a condition imposed by the food safety system, but at the same time, if it is not complied with we could lose our license to operate (which I could interpret as an environmental aspect…license to exist).

Could someone kindly advise what they would consider to be a logical option?

Response from Susan Briggs:

A: I am not a food safety expert, so I  cannot give an opinion on whether or not using a register/process established for environmental regulations can be used for tracking food safety regulatory requirements.  But from the ISO 14001 perspective, and my professional opinion, the answer is “of course!.”

The intent of management system standards  — certainly all of the ones I have worked with– is to integrate the processes that are required by a standard (whether it be ISO 14001, ISO 22000, etc.) into the company’s business management process (i.e., a single process that is used to track all of the company’s legal obligations…environment, safety, finance, food safety, etc.), not to create stove piped processes (i.e., separate processes/systems for tracking depending on the nature of the regulation).

Susan Briggs
Director of Environment, Health and Safety, Textron Systems
Wilmington, MA
Chair, U.S. TAG to ISO/TC 207 on Environmental Management Systems

Response from John Surak:

A: I am not sure what is meant by the term “exemption from the Food Act.”  ISO 22000 requires that the organization meet all of the legal requirements of the country  in which the site is located.  In addition, if the organization is exporting food, they must meet all of the legal requirements of the target company.  ISO 22000 was developed to be compatible with the other ISO management system standards.  Therefore, it is fully permissible to develop an integrated management system as long as the management system meets the requirements of each standard and regulatory requirements.  I personally support the development of an integrated management system.  Sue conveyed this thought very well in her response.

Just one additional note, if the organization’s customers expect that the organization has a food safety management system that meets the requirements of Global Food Safety Initiative (GFSI), then the organization should seek registration to FSSC 22000 rather than ISO 22000.  FSSC 22000 is a food safety audit scheme that utilizes ISO 22000 and ISO 22002-1.

John G. Surak, PhD
Surak and Associates
Clemson, SC
A member of Stratecon International Consultants

For more on this topic, please visit ASQ’s website.

Framework to Integrate ISO Standards and Non-ISO Standards

Reviewing confidential files, training records, human resources files

Q: I have a few questions about integrating standards for one of the experts:

1) Will registrars (in addition to BSI, who wrote it) accept a documented quality management system organized around the framework suggested in PAS 99:2006 – Specification of common management system requirements as a framework for integration, given there is adequate audit evidence that the requirements of both of the integrated standards have been addressed and have been implemented?

2) Is PAS 99 only for ISO-related standards, e.g.,  ISO 9001:2008 Quality management systems–Requirements and  ISO 14001-2004: Environmental management systems – Requirements with guidance for use, or can other combinations be made – e.g., ISO 9001 and American Institute of Steel Construction-Bridge and Highway AISCQC028?

AISCQC028 is not an ISO or ISO sector-specific standard, although the framework and structure is very similar. The AISC has its own certification body (registrar) and would insist that their auditors conduct a certification audit even though an organization has been previously ISO registered. AISC does not object to an integrated system that integrates/combines ISO 9001 with one of their certification standards as long as AISC certification requirements have been addressed.

The integration of ISO 9001 and 14001 is becoming common place and I’m fairly certain that PAS 99 is an acceptable format in those cases. I’m more interested in other industry standards and requirements not generally considered ISO-related that are being demanded by certain customer segments and integrating them in a system that must also be acceptable to ISO registrars because of other customer segments who are demanding ISO registration by their suppliers.

A: This is an excellent, and timely, question.

More and more organizations are developing integrated management systems based on multiple specification standards – such as ISO 9001, ISO 14001 and OHSAS 18001.   In addition, there are more and more management system standards being developed.  This includes both ISO standards and non-ISO standards – such as OHSAS 18001, Responsible Recycling (R2) and, based on your question, AISCQC028.

It is not even clear how many different management system specification standards there are. What one individual considers a guidance document; someone else insists is a specification standard suitable for certification.

So when you are developing documentation for an integrated management system, how should it be organized?

There are several options:

•    One option is to choose one of the standards as the primary high-level structure – say, ISO 9001:2008 – and address the requirements of the other standards within that structure.

•    PAS 99:2006 offers a different option for a high-level framework for organizing the management system documentation for an integrated management system.  (As you correctly point out in your question, PAS 99 cannot be used as a replacement specification standard for any of the discipline-specific management system standards.)

•    Another option is to establish a high-level structure that makes sense for your organization.

There is no required framework for organizing management system documentation.  You can use whichever overall structure and numbering scheme works for your organization.

ISO has recognized that having different high-level structures for its various management system standards may be problematic for organizations that are implementing integrated management systems that are intended to meet the requirements of multiple specification standards.  As a result, in February 2012, the ISO Technical Management Board (TMB) approved a guide for ISO standard writers that specifies a common structure and definitions to be used for all new and future revisions of ISO management system standards.  This was circulated as ISO Guide 83. This action by ISO highlights the primary issue with using PAS 99:2006.  It is out-of-date.

First, the normative references listed in PAS 99:2006 are not the current versions for some of the standards (notably ISO 9001 and OHSAS 18001).  Second, the high-level structure set out in PAS 99:2006 is not consistent with the common structure recently approved by ISO.

The key to establishing an integrated management is NOT the use of a particular organizing framework or high-level structure.  How you organize your management system documentation needs to fit the needs of your organization – not the desires of a particular registration auditor.

What is important is being able to clearly explain how your management system meets the requirements of each of the specification standards to which you want to become certified.  This requires clearly written documentation that defines the links to the requirements you are addressing within your management system.  It may also require discussion with your registrar and/or the use of reference tables – similar to those set out in the Annexes of ISO 9001, ISO 14001, OHSAS 18001 – and PAS 99:2006.

Thea Dunmire, JD, CIH, CSP
ENLAR Compliance Services, Inc.
Thea’s Blogs: