Standard Operating Procedure: FSSC 22000 Internal Audit

This Standard Operating Procedure (SOP) outlines the mandatory requirements and procedural steps for conducting an internal audit against the FSSC 22000 (Version 6) scheme. The objective of this audit is to verify the effectiveness of the Food Safety Management System (FSMS), ensure compliance with prerequisite programs (PRPs), HACCP principles, and FSSC-specific requirements, and identify opportunities for continuous improvement. All audits must be conducted by personnel who are independent of the specific area being audited.

Phase 1: Pre-Audit Preparation

• Audit Schedule Verification: Confirm the audit dates align with the annual master schedule and verify that all FSSC 22000 clauses are covered within a 12-month cycle.
• Auditor Appointment: Assign auditors with documented competence in food safety, HACCP, and ISO 22000/FSSC requirements.
• Documentation Review: Review the previous audit report, outstanding Non-Conformances (NCs), and recent management review minutes.
• Audit Plan Distribution: Provide the auditees with the audit scope, objectives, and agenda at least 48 hours prior to the start.

Phase 2: On-Site Execution

• Opening Meeting: Review the scope and methodology with department heads; confirm the timeline and resource availability.
• PRP & Operational PRP Assessment:
  • Verify structural integrity, pest control records, and cleaning schedules.
  • Inspect waste management, allergen control, and cross-contamination prevention measures.
• HACCP/Hazard Control Review:
  • Audit the current Flow Diagrams and Hazard Analysis for accuracy.
  • Verify Critical Control Point (CCP) monitoring logs and calibration records for monitoring equipment.
• Management & System Controls:
  • Review Food Defense (TACCP) and Food Fraud (VACCP) vulnerability assessments.
  • Check document control, record retention, and internal communication protocols.
  • Verify emergency preparedness and traceability testing results.

Phase 3: Reporting & Closure

• Closing Meeting: Present preliminary findings to management, discussing any non-conformances and clarifying the timeline for Corrective Actions (CARs).
• Report Issuance: Generate a formal report detailing findings, objective evidence, and the specific FSSC clause violated.
• Corrective Action Follow-up: Monitor the submission of Root Cause Analysis (RCA) and evidence of implementation for every identified NC.
• Verification: Close out NCs only after verifying that the corrective action is effective and systemic.

Pro Tips & Pitfalls

• Pro Tip (The "Show Me" Method): Never rely solely on interviews. Always ask for evidence (e.g., "Show me the logs for the last three shifts" rather than "Are the logs filled out daily?").
• Pro Tip (Focus on Trends): Don't look at one record in isolation. Check for patterns in maintenance logs or cleaning validations that might suggest a failing system.
• Pitfall (Auditing the Document, Not the Process): A common mistake is checking if the form exists. Ensure the process described in the document is actually happening on the floor.
• Pitfall (Underestimating FSSC 22000 Additional Requirements): Auditors often miss the "Additional Requirements" (e.g., transport, storage, hazard control in outsourcing). Ensure these are explicitly covered in your checklist.

Frequently Asked Questions (FAQ)

Q: How often must an FSSC 22000 internal audit be performed? A: FSSC 22000 requires that the internal audit program covers all elements of the FSMS, including FSSC requirements, at least annually.

Q: Can a department manager audit their own department? A: No. FSSC 22000 requires the audit to be conducted by personnel who are independent of the activity being audited to ensure objective and impartial results.

Q: What is the most critical item to verify during the audit? A: While all clauses are mandatory, the HACCP system and the management of Critical Control Points are the most critical. Any failure here poses a direct food safety risk and is treated as a major non-conformance.

<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "How often should FSSC 22000 internal audits be conducted?", "acceptedAnswer": { "@type": "Answer", "text": "Internal audits must be planned and executed to ensure all FSSC 22000 clauses and system requirements are covered within a 12-month cycle." } }, { "@type": "Question", "name": "Who is qualified to conduct an FSSC 22000 internal audit?", "acceptedAnswer": { "@type": "Answer", "text": "Audits must be performed by personnel who have documented competence in food safety, HACCP, and ISO 22000/FSSC requirements and remain independent of the area being audited." } }, { "@type": "Question", "name": "What is included in the FSSC 22000 audit scope?", "acceptedAnswer": { "@type": "Answer", "text": "The scope covers prerequisite programs (PRPs), HACCP principles, Food Defense (TACCP), Food Fraud (VACCP), and overall effectiveness of the Food Safety Management System." } } ] } </script> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "SoftwareApplication", "name": "FSSC 22000 Internal Audit Management System", "applicationCategory": "BusinessApplication", "operatingSystem": "Web", "description": "A comprehensive framework and SOP for conducting FSSC 22000 Version 6 internal audits to ensure food safety compliance and continuous improvement.", "softwareVersion": "6.0", "offers": { "@type": "Offer", "price": "0.00", "priceCurrency": "USD" } } </script>