In September 2022, the EU Commission published updated guidance to all food business operators on how to implement the EU requirements on Good Hygiene Practices (GHP) and procedures based on the Hazard Analysis and Critical Control Points principles (HACCP-based procedures) as parts of Food Safety Management Systems (FSMS). Available in 24 languages, this document can be found here.
As was the case with its 2016 version, the EU guidance document contains a strong endorsement of the approach taken by ISO 22000 to the development of operational prerequisite programmes (OPRPs). This support is clearest in Section 5 Relationship between FSMS, PRP, GHP, OPRP and HACCP, and with International Standards (pp. 5-6). The document notes that with respect to the “gap between the GHP and the CCP to address intermediate and certain significant hazards” that “Codex and ISO 22000 took different approaches”:
“The Codex Alimentarius' CXC 1-1969 ‘General Principles of Food Hygiene (GPFH)’ refers to ‘GHP requiring greater attention’ to address identified significant hazards. Thus, for some GHPs, based on safety concerns with the food, ‘greater attention’ may be needed to provide safe food. Greater attention may include a higher frequency of application, of monitoring and of verification.”
“ISO 22000 introduced in 2005 operational prerequisite programmes (OPRP) to fill this gap. They are control measures which are implemented to prevent or reduce a significant food safety hazard to an acceptable level. They are identified during the hazard analysis as important to control certain significant hazards.”
The guidance document goes on to note:
“In the EU, a central role is given to the hazard analysis, considered as essential to identify the different levels of risks, e.g., if GHP are sufficient, or if intermediate and/or risks for significant hazards need to be addressed respectively by OPRP and/or CCP. Since GHP requiring greater attention are not necessarily identified by the hazard analysis in the Codex General Principles of Food Hygiene, but OPRP are in ISO 22000, reference is made to OPRP in this document.”
On page 49, the EU guidance document also references ISO 22000 in Appendix 2 - Example of a hazard analysis – (semi-quantitative) risk evaluation procedure where it acknowledges ISO 22000’s approach of assessing deviations. Next to the assessment of the likelihood and severity of hazards to decide on the need for control measures (as in Codex GPFH), ISO 22000 also includes the assessment of the likelihood and severity of deviations - or failure - of these control measures to decide on the need for monitoring and corrective action. ISO 22000 also requires the assessment of the feasibility or capability of monitoring and corrective action to detect and correct these deviations in a timely way.