CONTEXT OF THE ORGANISATION

From 01.01.2020. it has become mandatory for organizations certified according to the FSSC22000 standard to be evaluated according to FSSC22000 version 5. Version 5 was published on June 3, 2019. the transition to this version is possible during the surveilance or (re) certification audit.

The FSSC22000 standard has been applied:

Changes concerning the HLS (High Level Structure) ISO22000 standard:

· Changes that are specific to ISO22000
· Changes that are specific to FSSC22000

Recall that FSSC22000 consists of 3 mandatory components:

However, what leaves the most ambiguity seems to be the part related to the changes in the ISO22000 standard related to HLS (High Level Structure, structure of the ISO standard according to Annex SL: the same structure for easier integration of multiple management systems; 2015. eg ISO9001 and ISO14001 harmonize their structure according to Annex SL and in 2018 ISO22000).

How can we understood the context of an organization?

What exactly is context? The connection and meaning of the organization that represents the context in which the organization operates, the assessment of the ability to respond to internal and external requirements and situations that may affect the strategic goals and planning of quality management system. Analyzing the context in which an organization finds itself, increases the possibility of discovering business risks that would save the organization from potential failure, ie increase the conditions for business progress in the future.

Let's take the example of two companies, X and Y, which are engaged in the production of biscuits, one of which is located in the USA and the other in Serbia. Imagine that they produce identical products and apply: the same technology, the same management system standards, specifically FSSC22000. What are all the differences in understanding the organization and its context?

The environment is analyzed based on the elements of the context. Take e.g. social context: one of the elements of the social context that could affect a company is a decline in purchasing power. Is it the same probability that this will happen in Serbia and the USA, and then would it have the same impact on the organization with a market of 7 or 200 million inhabitants.

So, first it is necessary to understand the environment in which the organization is, what are the internal and external factors that can affect the ability of the organization to achieve its goals and then it is necessary to define stakeholders and their requirements which means that the organization should deliver products and services that satisfy consumers but also legal and other requirements.

Again, we use the mentioned comparison of two companies X and Y. External stakeholders of company X could be: competent inspection services, customers, suppliers, banks, ministries, etc. while Company Y could include consumer protection companies, NGOs, Food And Drug Administration, etc. Thus, different environments also lead to different stakeholders.

Accordingly, we can further analyze risk-based thinking. The basis for achieving an effective product safety management system is risk-based thinking. Risk is a measure of uncertainty and as such can bring positive or negative effects. Positive deviations that occur under the influence of risk lead to opportunities, although not all positive effects will necessarily lead to opportunities.

In relation to stakeholders, we analyze the risks and opportunities for our company. If the example of an interested party is a bank, a loan taken from a bank with favorable and fixed interest rates in the US will be an opportunity for company Y, while a loan taken in Serbia is still, unfortunately a risk for company X, due to the possibility of changes in the banking market.

Risk-based thinking helps to implement preventive measures, thus eliminating potential non-conformities, analyzing any non-conformities that may occur and taking actions to prevent their recurrence.

Now we can understand the two PDCA cycles in ISO22000: 2018 - what they actually mean:

In the first PDCA cycle, we analyzed the risks and opportunities in relation to the context of the organization and implemented preventive measures before entering the operational part: the second PDCA cycle. In this way, we reduced the number of potential non-compliances and enabled the improvement of the management system.
So, the purpose of these changes is actually preventive action and better risk management.

You can contact our agency for help in preparing documentation related to the context of the organization, as well as risk analysis in relation to the processes. Also, we are successfully conducting trainings on the topic of novelties in the ISO22000: 2018 standard ie. FSSC22000 ver 5.