Select & implement FSSC 22000, ISO 22000, BRCGS
Selection, Implementation, and Auditing of FSSC 22000, ISO 22000, and BRCGS in the Food Chain
Food safety has meaning only when the consumer can trust that every bite, anywhere in the world, is produced with the same order, transparency, and accountability expected elsewhere. Three reference frameworks build this assurance: ISO 22000 as a management-system standard; FSSC 22000 as an ISO-based certification scheme with additional requirements; and BRCGS as a plant-focused operational standard long used by global retailers and brands to approve suppliers. Choosing correctly among the three determines a food business’s market trajectory, risk profile, and investment needs.
ISO 22000:2018 establishes a food safety management system grounded in the plan-do-check-act cycle; its recent addendum on “climate action changes” in 2023 emphasizes that organizations should include climate factors in their context analysis and stakeholder needs. FSSC 22000 Version 6 strengthens this ISO 22000 pillar with prerequisite programs based on the ISO/TS 22002 series and several additional requirements covering food safety culture, quality control, food loss reduction, and laboratory requirements; audits against Version 6 began in 2024. BRCGS Food Safety Issue 9 was released in 2022 and has been used in audits since 2022; for many European and UK retailers, it remains a key supplier-acceptance benchmark.
ISO 22000’s strength is a common risk-management language across the whole chain; FSSC 22000’s strength is linking that language to precise operational requirements and recognition by the GFSI; and BRCGS’s strength is operational clarity and rigorous mechanisms for unannounced audits, root-cause management of nonconformities, and emphasis on factory food safety culture. For exporters, GFSI recognition and the expectations of destination customers are usually decisive; for companies seeking corporate governance and systematic improvement, alignment with ISO 22000 and the audit rules of ISO 22003-1 is a major advantage.
– Dr. Margaret Chan (Former WHO Director-General): “This report sheds light on reality.”
At the policy level, Europe mandates HACCP through Regulation 852/2004, while the General Food Law 178/2002 establishes the framework for risk analysis, accountability, and traceability. At the technical level, Codex CXC 1-1969, revised in 2020, updated HACCP and prerequisite practices to support integrated implementation in farming, processing, and distribution. This convergence means the key differences among the three frameworks lie more in the “intensity and depth” of controls and in the “audit and certification protocols” than in the underlying principles.
– Lalaina Randriamanantsoa (GFSI Senior Technical Manager): “BRCGS’s achievement of GFSI recognition reflects sustained alignment with requirements and a commitment to the highest safety standards.”
In 2024, GFSI confirmed recognition for BRCGS Issue 9 and then for FSSC 22000 Version 6. These milestones signal clearer routes to acceptance within global supply chains. Alongside this, FSSC 22000 Version 6, by adding elements on food safety culture, quality control, and even food-loss reduction, moves organizations from simple “compliance” toward “effectiveness and resilience.” Practically, a site seeking entry to the UK retail market today will often pursue BRCGS, whereas a site serving multinational customers in ingredients may adopt FSSC 22000 to “speak the ISO management-systems language.”
– Amanda McCarthy (BRCGS Director): “Renewed recognition of BRCGS underscores the use of science to build a safer world.”
All of this leads to a practical question: “How should we choose?” Key criteria include target-market requirements, the nature of product and process risk, the maturity of the organization’s management system, and the financial and human resources available to maintain it. If your primary need is “retail acceptance,” BRCGS is a logical choice; if “synergy with other management standards” and an “ISO gateway” matter most, FSSC 22000 is the best blend; and if you are in an early-maturity stage or organizing a domestic supply chain, ISO 22000 can serve as a launchpad that later upgrades to FSSC or BRCGS.
Technical & Operational Architecture: From HACCP to Safety Culture
ISO 22000 views food-safety hazards in three main families: biological, chemical, and physical. Managing these hazards rests on a precise linkage between prerequisite programs, hazard analysis, and the design of control points. Prerequisite programs (PRPs) good manufacturing hygiene, sanitation, allergen control, hygienic equipment design, safe storage and transport, and the like are often codified through the ISO/TS 22002 family. In this architecture, OPRPs are operational controls that reduce the likelihood of hazards occurring, and CCPs are points where monitoring is critical to making the product safe. Key metrics include microbial contamination rates in SI units such as CFU/g, temperatures in degrees Celsius, process times in seconds and minutes, and critical limits such as pH or aw, all validated by approved laboratory methods.
FSSC 22000 Version 6 enhances this architecture with additional requirements: safety and quality culture must be targeted, planned, and measured; environmental monitoring programs must consider pathogens and indicators according to risk; for packaging, criteria for validation and verification must be defined for claims management, print control, and the use of recycled materials; and in areas such as tanker transport, cleaning programs and verification of effectiveness are essential. This approach helps many nonconformities be rooted out and corrected at the process level before they lead to a safety incident.
– Aldin Hilbrands (FSSC CEO): “Ongoing GFSI recognition for Version 6 confirms that we continue to build trust and impact.”
BRCGS Issue 9 sits at the other end of this spectrum: a standard with strong, plant-level operational detail that uses unannounced programs, root-cause reviews, and safety-culture measurement as engines of continuous improvement. Exceptional situations such as severe restrictions are managed with defined protocols for remote and hybrid audits. Updated procedures for unannounced programs and changing certification bodies also reduce planning risks. For technical teams, this translates into constant readiness, data integrity, and reliable, always-available evidence.
– Lalaina Randriamanantsoa (GFSI Senior Technical Manager): “FSSC’s continued alignment with GFSI benchmarking requirements highlights its pivotal role in strengthening food safety.”
How is auditing standardized? The answer lies in ISO 22003-1:2022, which sets out the rules for assessing and certifying food-safety management systems for certification and accreditation bodies. Its annexes clarify how to calculate “audit time” in person-days, competency rules for auditors, the use of information and communication technologies, sampling for multi-site organizations, and conditions for certificate transfer. Mandatory IAF documents—such as MD5 for determining audit time and MD11 for auditing integrated management systems provide a common, uniform basis for estimating audit effort so that assessment quality is comparable across bodies.
On the safety and environmental front, the link between risk management and food-loss reduction matters. The Food Waste Index report in 1403 (2024) shows that precise measurement of loss in mass- and energy-equivalent units helps countries gauge the opportunity size and set reduction targets under SDG 12.3. By incorporating loss-reduction requirements and adding quality-culture elements, FSSC 22000 Version 6 turns this link from a slogan into measurable action. For example, a fruit-processing plant by designing a precise thermal CCP, establishing washing and disinfection OPRPs, and targeting environmental monitoring in zones with high secondary-contamination risk can control safety risk while also reducing product loss.
In execution, metrics must be clearly defined: the “critical nonconformity rate” as the number of critical nonconformities per one hundred production person-hours; the “quarantine rate” as the percentage of held product volume relative to total monthly output; the “market return rate” in ppm; and the “safety-culture index” based on structured surveys, the effectiveness of training, and observable behavioral indicators. These metrics become valuable only when they are tied to action plans, management review, and continuous-improvement cycles.
– Dr. Margaret Chan (World Health Organization): “Knowing which pathogens cause problems and where enables targeted action.”
Economics, Governance, and a Localization Pathway for Iran
The economics of food safety is a blend of fixed capital, day-to-day operations, and the opportunity cost of risks avoided. Fixed capital includes hygienic equipment design, upgrades to cold-storage and ventilation infrastructure, monitoring tools and laboratories, and improved layout and traffic flows. Daily operations cover continuous training, sanitation and hygiene chemicals, microbiological and chemical testing, calibration, and preventive maintenance. On the returns side, reductions in waste, market returns, recalls, and rework are sources of payback especially when HACCP principles and environmental monitoring are properly targeted.
Financing models for food-safety upgrades must align with scale and value chain. For mid-sized plants, supply-chain finance strategies backed by sales contracts or co-investment from key customers via offtake agreements can provide the liquidity needed for implementation. For large complexes, public–private partnerships that upgrade regional laboratory infrastructure or digital traceability platforms are value-creating. For processing or packaging start-ups, corporate venture capital focused on rapid risk assessment or smart packaging can accelerate growth. Across all scenarios, having certificates “recognized” by GFSI lowers market-acceptance risk.
In Iran, the legal infrastructure is built on Codex principles and ISO management standards, and national documents aligned with food-safety management systems are available. Nonetheless, international acceptance and access to premium markets are optimized when organizations choose a certification program “recognized” by GFSI and base the selection of the certification body and audit-time planning on ISO 22003-1 rules. Market experience shows that to build a brand in the UK and Ireland, BRCGS offers a more direct route into retail; for multinational ingredient supply in Europe and Asia, FSSC 22000 Version 6 is commonly the shared language; and ISO 22000 provides an agile platform for organizational maturity and synergy with other management systems such as ISO 9001 and ISO 14001.
– Amanda McCarthy (BRCGS Director): “Our vision is to use science to build a safer world.”
A suggested execution roadmap is as follows: (1) define scope, products, formulations, processes, and the supply network; (2) conduct a gap assessment against ISO 22000 or BRCGS/FSSC requirements, depending on the chosen path; (3) strengthen PRPs with a focus on hygienic design, allergen control, and environmental monitoring; (4) perform hazard analysis and design CCPs/OPRPs with defined critical limits, monitoring methods, verification, and corrective actions; (5) validate and verify using accredited laboratory methods and, where possible, laboratories with capabilities aligned to ISO/IEC 17025; (6) run traceability and mock-recall tests; (7) deliver training and implement a food-safety culture program; (8) perform internal audits and management review; (9) select a reputable certification body and plan Stage 1 and Stage 2 audits based on ISO 22003-1 and IAF guidance; (10) enter the maintenance cycle, unannounced programs, and continuous improvement.
– Lalaina Randriamanantsoa (GFSI Senior Technical Manager): “Alignment with benchmarking requirements is the backbone of transparency and trust across the global chain.”
The policy and regulatory dimensions are clear: HACCP is a legal requirement in the European Union; Codex provides the shared scientific framework; and ISO standards are the common language of certification and accreditation bodies worldwide. From a climate-resilience perspective, the “climate action changes” addendum to ISO 22000 obliges organizations to take climate impacts seriously in their context analysis and stakeholder needs. For Iran, this alignment can be coupled with ESG programs and resource efficiency in the food industry from improving energy performance in cold stores to managing process water and choosing lower-hazard preservatives.
From a market perspective, three realistic scenarios emerge. First scenario: a dairy plant aiming to enter UK retail; the natural choice is BRCGS Issue 9, with emphasis on safety culture, unannounced programs, and advanced traceability. Second scenario: a plant-based ingredients producer selling to multinational brands in the EU; FSSC 22000 Version 6 leveraging ISO 22003-1 and paying attention to quality control and loss reduction is a durable choice. Third scenario: a domestic producer with a regional export horizon; implementing ISO 22000 as a maturity platform, then upgrading to FSSC or BRCGS according to destination-market needs, can optimize cost and impact. In all three scenarios, linking loss-reduction programs with safety creates a measurable economic opportunity.