PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

BSI Certification Guidebook

BSI Standard Terms and Conditions Addendum

FSSC 22000 V5

Page 1 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

Contents

Revision History ....................................................................................................................... 4

1 Introduction ..................................................................................................................... 5
1.1 FSSC 22000 V5 – Main Changes ........................................................................................ 5
2 Accreditation Status and BSI Scope of Accreditation ....................................................... 5
3 The Recognition Process .................................................................................................. 6
3.1 Initial Enquiry .................................................................................................................. 6
3.2 Application for Certification and Assessment ....................................................................... 6
3.2.1 Application Form Client Contact......................................................................................... 6
3.2.2 Annual Fee ..................................................................................................................... 6
3.3 Certification Contract........................................................................................................ 7
3.4 Conduct a Self-Assessment / Pre-assessment Audit (not mandatory) .................................... 7
3.5 Identifying the Scope of Certification ................................................................................. 7
3.6 Certification Cycle .......................................................................................................... 10
3.6.1 Planning Audits ............................................................................................................. 10
3.7 Audit Criteria ................................................................................................................. 10
3.7.1 Legal and Regulatory Audit Requirements ........................................................................ 11
3.8 The Certification Audit .................................................................................................... 12
3.9 Surveillance Audits ......................................................................................................... 12
3.10 Recertification................................................................................................................ 12
3.11 Audit Duration ............................................................................................................... 13
3.11.1 Basic Rules for Audit Duration ......................................................................................... 13
3.11.2 Audit Duration Calculation .............................................................................................. 13
3.11.3 Additional Time ............................................................................................................. 15
3.11.4 Reduction Time ............................................................................................................. 15
3.11.5 Rounding Down and Up ................................................................................................. 16
3.11.6 Audit Duration Confirmation – On Site ............................................................................. 16
3.12 Audit Report .................................................................................................................. 16
3.13 Non-conformities ........................................................................................................... 16
3.13.1 Nonconformities Levels ................................................................................................. 17
3.13.2 Non-Conformity Management ......................................................................................... 17
3.14 Granting Certification ..................................................................................................... 18
3.15 Maintaining Certification ................................................................................................. 19
3.15.1 Multi-site certification ..................................................................................................... 19

Page 2 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

3.15.3 Remote audits............................................................................................................... 19

3.15.4 Transfer of certification .................................................................................................. 19
3.15.5 Transition Audits ........................................................................................................... 19
3.15.6 Special Audits ............................................................................................................... 19
3.15.7 FSSC 22000 Follow Up Audits ......................................................................................... 20
3.16 Unannounced Audit ........................................................................................................ 20
3.16.1 Unannounced Audit Execution ........................................................................................ 20
3.17 Auditor Rotation ............................................................................................................ 21
4 Implementation of FSSC 22000 ..................................................................................... 21
4.1 Learn about the FSSC 22000 Scheme .............................................................................. 21
4.1.1 FSSC 22000 V5 Documents ............................................................................................ 21
4.2 FSSC Database .............................................................................................................. 22
5 Certificate Suspension, Withdrawal or Scope Reduction................................................ 22
5.1 Action Upon Suspension, Withdrawal and Scope Reduction................................................ 23
6 Use of the BSI Certification Mark ................................................................................... 23
7 Use of the FSSC Logo...................................................................................................... 23
8 Confidentiality ................................................................................................................ 24
9 Additional Obligations .................................................................................................... 24
9.1 Complaints .................................................................................................................... 25
9.2 Certification Agreement .................................................................................................. 25
9.3 Assessment Scheduling .................................................................................................. 25
9.4 Misleading Statements.................................................................................................... 25
9.5 Communication Obligations............................................................................................. 25
9.6 Observers ..................................................................................................................... 26
9.7 Witnessing Assessment by CB ......................................................................................... 26
9.8 FSSC Website ................................................................................................................ 27
10 Complaints and Appeals ................................................................................................. 27
11 Upgrade Process from FSSC 22000 V4.1 to V5 ............................................................... 28
11.1 Audit requirements: ....................................................................................................... 28
11.2 Audit planning ............................................................................................................... 28
11.3 Audit duration................................................................................................................ 28
11.4 Timelines ...................................................................................................................... 28
11.5 Certificates .................................................................................................................... 28
11.6 FSSC portal ................................................................................................................... 29

Page 3 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

Revision History

Rev Revision Approved Page Sec.

Author Brief Description of Change
No Date by No No

1 February Gaynor Todd New document

2018 Clow/ Redwood
Luanshya
Naidoo

2 July 2018 Gaynor Todd 10 3.12 Changed word from three to six.
Clow Redwood

3 January 2019 Gaynor Todd 15 Contact details

Clow Redwood
11 5
4 May 2019 Ana Todd Various updates
Cicolin Redwood
10 3.10
5 May 2019 Ana Todd RAM for certification and audit cycles
Cicolin Redwood
The entire
6 July 2019 Ana Todd Various updates to be in accordance
document was
Cicolin Redwood with FSSC V5
reviewed

Page 4 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

1 Introduction

This certification guidebook is designed to assist your site with the requirements for certification to the
Food Safety Systems Certification (FSSC) standard version 5 throughout the BSI Group. This document
is considered an addendum to the BSI Standard Terms and Conditions and therefore forms part of the
contract with BSI.
The FSSC 22000 V5 certification scheme was launched on 03 June 2019. The main reasons for publishing
a revised version include:
 Publication of the new ISO 22000:2018 standard;
 Inclusion of the board of stakeholders list of decisions;
 Compliance with GFSI requirements;
 Continual improvement process.

1.1 FSSC 22000 V5 – Main Changes

FSSC have published a document with an overview of main changes that can be found at FSSC Website.

2 Accreditation Status and BSI Scope of Accreditation

BSI holds a valid global ISO/IEC 17021-1:2015 accreditation, including ISO/TS 22003:2013. The
Accreditation Body is ANAB and the Scheme owner is The FSSC Foundation.
BSI operate in the categories and subcategories covered by the accreditation, being categories C, I and
K as per detailed below:

FSSC 22000 Category FSSC 22000 Sub Category

CI - Processing of perishable animal products
C CII - Processing of perishable plant products
Food Manufacturing CIII - Processing of perishable animal and plant products (mixed products)
CIV - Processing of ambient stable products
I
Production of Food Packaging and
I - Production of Food Packaging and Packaging Material
Packaging Material

K K - Production of Biochemicals
Production of
Biochemicals

Page 5 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

3 The Recognition Process

The following section outlines the steps that apply during the BSI recognition process for FSSC. BSI
reserves the right to provide its clients and those that request quotations with marketing and technical
information relating to standards, training and compliance services.

3.1 Initial Enquiry

BSI will respond to either verbal or written expressions of interest from sites interested in one or more
of our programs. If your site is located near one of BSI’s offices, an advisory visit may be arranged to
discuss your recognition requirements and how BSI can help your site achieve them.
BSI will also, on request and receipt of a Request for Proposal, prepare a proposal suited to your site’s
needs.

3.2 Application for Certification and Assessment

Receipt of your site’s Application form (or authorized acceptance of a valid BSI proposal), along with the
accompanying payment of the non-refundable application fee (or invoicing instructions) together with
this document forms the contract between your site and BSI.
Your requirements will be entered into our database and an auditor will be appointed to look after your
certification or assessment requirements. The auditor will be your primary point of contact with BSI and
is responsible for ensuring that our certification/assessment services are delivered to your site in the
most effective manner possible.

3.2.1 Application Form Client Contact

1) BSI will require completion of an official application form, signed by an authorized representative
of the applicant site
2) It is the responsibility of the applicant site to ensure that adequate and accurate information is
shared with BSI about the details of the applicant site

3.2.2 Annual Fee

1) BSI shall charge an annual fee to all sites certified against the FSSC Scheme. This fee will be paid
by BSI to The FSSC Foundation
2) The FSSC Foundation shall decide annually on the fee amount

Page 6 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

3.3 Certification Contract

As soon as practicable after receipt of your signed application/proposal, a BSI auditor (or nominated
representative) will contact your site. Your auditor will seek to establish a working relationship between
your site and BSI, and to confirm your recognition requirements in terms of the certification or
assessment services, standards or codes of practice, locations, and activities and/or products to be
included in the scope of certification.
The auditor will seek to gain an appreciation of the structure of your site and the activities being
conducted. In particular the auditor will:
 Seek an appreciation of the nature and scope of your site’s activities, structure and location(s),
including any activities for which certification is being excluded; and
 Determine the status of system documentation and implementation including organizational
policies, objectives and targets.
If your site is working with a consultant it is often useful for that person to be party to the communication
process.

3.4 Conduct a Self-Assessment / Pre-assessment Audit (not mandatory)

A self-assessment or pre-assessment audit can assist in identifying gaps in your site’s FSSC System so
that corrective action can occur before engaging BSI for a full certification audit. It can be conducted
using internal resources, an FSSC consultant, or an FSSC auditor.
Once your site has signed a contract with BSI, BSI can provide an assessment checklist free of charge
to utilize in a self-assessment / pre-assessment audit.

3.5 Identifying the Scope of Certification

FSSC certification is site and product specific. When activities are carried out in different premises but
are overseen by the same senior, operational, and technical management, and are covered by the one
FSSC System, the scope can be expanded to include those off-site activities.
The scope of certification forms part of the certificate of registration. It describes the food sector
categories (refer to table below) and the products processed and handled on that site. The certificate of
registration outlines the location of the site and nature and extent of the FSSC certification.
The audit scope will be agreed between your site and BSI before the certification audit begins. The scope
of the audit shall cover the required level of certification, the food sector categories, and the products
listed under the scope of certification for a site. The audit scope shall cover all processes under the
control of your site from raw material receipt to shipment of finished product.

Page 7 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

Category FSSC 22000 Sub Category Example of included activities and

products
Production of animal products
Activities / Processes: Slaughtering, deboning,
evisceration, gutting, cutting, sorting, washing,
pasteurizing, trimming, curing, fermentation,
CI - Processing of perishable animal smoking, freezing, chilling, cooling, scalding.
products
Final product examples: fish, meat, poultry,
eggs, frozen and/or chilled dairy products and
C
fish/seafood products.
Food Manufacturing
Production of plant products
Activities / Processes: De-shelling, drying,
packing, sorting, washing, rinsing, fluming,
trimming, slicing, pasteurizing, roasting,
scalding, peeling, de-husking, cooling, chilling,
freezing and final product.
CII - Processing of perishable plant
products Final product examples: chilled or frozen e.g.
fresh fruits, fresh juices, vegetables, grains,
nuts and pulses, meat replacers based on plant
materials (e.g. soy)

Production of mixed animal and plant products

CIII - Processing of perishable animal
and plant products (mixed products)
C that are stored and sold at ambient
Food Manufacturing
CIV - Processing of ambient stable
products
Activities / Processes: Mixing, cooking, packing,
ensemble cooling, chilling, freezing
Final product examples: mixed products, pizza,
lasagna, sandwich, dumplings, ready-to eat
meals.
Production of food products from any source
temperature.
Activities / Processes: Mixing, cooking, packing,
bottling, brewing, drying, pressing, milling,
blending, roasting , refining, ensemble,
distilling, drying, canning, pasteurizing,
sterilization.
Final product examples: canned products,
biscuits, bread, snacks, oil, drinking water,
beverages alcoholic and non-alcoholic, pasta,
flour, sugar, food-grade salt, dairy products
with long shelf life, margarines.

Page 8 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

Category FSSC 22000 Sub Category Example of included activities and

products

Packaging that includes the production of

food/feed packaging, food/feed packaging
materials and intermediate products for:
- direct food contact surfaces or materials (i.e.
physically touching the food or in contact with
headspace) that will be in contact with the food
during normal use of the food packaging
and/or;
- indirect food contact surfaces or materials that
I
are not in direct contact with the food during
Production of Food I
normal use of the food packaging, but there is
Packaging and Production of Food Packaging and
the possibility for substances to be transferred
Packaging Material Packaging Material
into the food.
Packaging material used for personal care,
pharmacy or other uses are outside the scope
of the standard. Disposable tableware can only
be certified when it is sold together (and as part
of) the food product. Examples are spoons that
are packed with yoghurt, forks or chopsticks
packed with ready-to-eat food.
Activities / Processes: All manufacturing
activities for plastic, carton, paper, metal, glass,
wood and other materials to be used as
packaging materials in the food/feed industry.

Final product examples: bottles, boxes, jars,

barrels, cork, cans; devices for closing
packaging materials such as tape, plastic strips,
or other when the manufacturer can prove that
they belong to a food/ feed packaging material;
Production of labels with direct food contact.
I I
Production of Food Production of Food Packaging and
Packaging and Packaging Material
Packaging Material

Production of Bio-Chemicals and applies to the

production of food and feed additives, vitamins,
minerals, bio-cultures, flavorings, enzymes and
processing aids but excludes pesticides, drugs,
fertilizers and cleaning agents.
K Activities / Processes: Mixing, cooking, packing,
Production of distilling, drying, canning, sterilization for all

Page 9 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

Category FSSC 22000 Sub Category Example of included activities and

products
Biochemicals K - Production of Biochemicals products at ambient, chilled and frozen
temperatures.
Final product examples: food and feed
additives, vitamins, minerals, bio-cultures,
flavorings, enzymes and processing aids, gases
as ingredients and/or packaging gas.

3.6 Certification Cycle

A 3-year certification cycle shall be applied to FSSC 22000.

• Stage 01 Surveillance Surveillance Re-

Year 0 Year 1 01
Year 2 02
Year 3 Certfication
• Stage 02

3.6.1 Planning Audits

The basis of timings applied to the certification and audit cycles for FSSC 22000 scheme is that each
certificate shall become attached permanently to a month for its CAVs (surveillances) and RAs (Re-
certifications) audits. This month is defined as a Reoccurring Audit Month (RAM) in which it is expected
that these audits shall occur on a regular basis

3.7 Audit Criteria

The audit criteria represent set of requirements used as a reference against which objective evidence is
compared. FSSC 22000 audit criteria shall include the requirements as below.

FSSC 22000 FSSC 22000 Sub Category

Requirements of
Category
CI - Processing of perishable animal products - Normative Documents:
CII - Processing of perishable plant products  ISO 22000:2018
C
 ISO/TS 22002-1:2009
Food Manufacturing CIII - Processing of perishable animal and  FSSC Additional Requirements
plant products (mixed products)

Page 10 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

FSSC 22000 FSSC 22000 Sub Category

Requirements of
Category
CIV - Processing of ambient stable products -The defined processes and documentation of
the management system developed by the
K
client
Production of K - Production of Biochemicals
Biochemicals - Legal requirements
- Normative Documents:
I I - Production of Food Packaging and Packaging  ISO 22000:2018
Production of Food Material  ISO/TS 22002-4:2013
Packaging and  FSSC Additional Requirements
Packaging Material
- The defined processes and documentation of
the management system developed by the
client.
- Legal Requirements
Note:
o The board of stakeholder decision list is also part of the scheme and shall be considered.

3.7.1 Legal and Regulatory Audit Requirements

Legislative and regulatory compliance is a requirement of FSSC 22000. The maintenance and evaluation
of legal compliance is the responsibility of the client. BSI’s role is to establish confidence that the FSSC
22000 system functions adequately in this regard and to confirm that the FSSC 22000 system is capable
of achieving continued compliance.
BSI will verify that the client has included legal and regulatory compliance in their FSSC 22000 system
and can show that action has been taken in cases of non-compliance with relevant legislation. BSI will
not issue certification to a site where an infringement of food safety related legislation or regulation is
discovered. Where an action plan to achieve compliance has been agreed with the appropriate regulator
an exception may be requested.
BSI will notify the client if an infringement is discovered. Action will depend upon the nature of the
infringement, corrective action proposals and the stance taken by the appropriate enforcement authority
but would normally constitute a major non-conformity followed up with a re-audit visit.
Similarly, action will be taken where a post certification infringement is discovered. The conditions of
contract require the client to notify BSI of post certification breaches. De-registration is an option for
persistent failure to comply.
Where licenses/consents/permits have not been issued by appropriate authorities, including incomplete
document submissions, and steps are being taken to achieve compliance in agreement with the regulator
a non-conformity should be raised

Page 11 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

3.8 The Certification Audit

The FSSC certification audit consists of two stages:

1) The initial auditing for certification is always carried out at the production site of the applicant site
and is conducted in two separate stages:
a) The stage 1 audit verifies that the system has been designed and developed in accordance with
your site’s top management commitment to conform with FSSC scheme requirements. The
objective of this audit is to assess the preparedness of your site to proceed to the stage 2 audit
b) The stage 2 audit substantiates top management’s claim by auditing implementation of the food
safety management system
c) The activities subject to the proposed certification scopes shall be assessed during the initial
certification audit

3.9 Surveillance Audits

1) Surveillance audits shall assess and report on conformity with all Scheme requirements including the
use of marks and references to certification
2) At least one of the two annual surveillance audits shall be unannounced
3) The audit program shall also consider the results of any previous audits including the unannounced
audit(s)
4) If not, all audit objectives are fulfilled during an unannounced audit, an additional audit shall be
performed of which the nature shall be determined by BSI

3.10 Recertification

1) The recertification audit must be planned and conducted in due time to enable timely renewal of the
certificate before the expiry date
2) The purpose of this audit is to confirm the continuing conformity of the food safety management
system as a whole with all FSSC scheme requirements
3) The recertification activity also includes a review of the food safety management system over the
whole period of certification, including previous surveillance audit reports and complaints received
4) BSI decides on renewal of the certification cycle on the basis of the recertification audit which must
meet the same requirements as an initial audit

Page 12 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

3.11 Audit Duration

The FSSC 22000 audit duration is determined by using the following factors:
 Product Category;
 Number of HACCP plan/study;
 Relevant management system in place
 Number of Employees

3.11.1 Basic Rules for Audit Duration

Audit duration will be based on the information gathered from the organization’s application and following
the requirements of ISO/IEC 17021-1, ISO/TS 22003 and FSSC 22000 as follows:
 the duration of an audit day normally is eight (8) hours;
 the effective on-site audit duration does not include a lunch break (unless in contradiction
with local legislation)
 the audit duration calculation for FSSC 22000 shall be documented at the contract review form,
including justifications for reduction or addition of time based on the minimum audit duration;
 the on-site audit time does not include planning, reporting or travel activities, only actual on-site
auditing time;
 where the FSSC 22000 audit is undertaken in combination or integration with other food safety
audits as a combined audit, the audit time stated in the report shall be of the total combined
audit and match the audit plan. Total audit duration is then longer than for FSSC 22000 alone.
This is considered as an increase in audit duration and the reason for this shall be justified.

3.11.2 Audit Duration Calculation

The total on-site audit time (for a single site) is defined as Ts + TFSSC. In additional to that, BSI shall
include appropriate time for preparation and audit report.

The TS is calculated as follow: TS = (TD + TH + TMS + TFTE), each parameter can be obtained thru the
table below, being:

 TS = the minimum audit time for a single site;

 TD = is the basic on-site audit time, in days;
 TH = is the number of audit days for additional HACCP studies

Page 13 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

 TMS = is the number of audit days for absence of relevant management system
 TFTE = is the number of audit days per number of employees

Basic, on-site Number of audit Number of audit days Number of audit days
Category
audit time, in days for each for absence of per number of
audit days additional HACCP certified relevant employees
study management system (FTE on the man shift)
TD
TH TMS TFTE
1 to 19 = 0
C 1.5 0.50
20 to 49 = 0.5
50 to 79 = 1.0
80 to 199 = 1.5
I 1.0 0.25 200 to 499 = 2.0
0.25 500 to 899 = 2.5
900 to 1299 =3.0
K 1.5 0.50 1300 to 1699 = 3.5
1700 to 2999 = 4.0
3000 to 5000 = 4.5
>5000 = 5.0

TFSSC shall be calculated as follows:

Number of Employees Number of HACCP studies TFSSC

(FTE on the main shift)

0.5 auditor day

< 250 and 1 or 2 HACCP studies

10 auditor day
> 250 or 3 HACCP studies or more

Preparation and Report Time : Preparation and reporting time shall be in addition to the on-site audit
time:
 At least 0.25 auditor day (2 working hours) shall be added to the FSSC 22000 on-site audit time
for audit preparation.
 At least 0.5 auditor day (4 working hours) additional shall be added to the FSSC 22000 onsite
audit time for audit reporting.

Page 14 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

3.11.3 Additional Time

3.11.3.1 Use of translator:

Additional time shall be considered in case an interpreter is required. For translation the minimum time
to be added is 0,5 auditor day.

3.11.3.2 Separate Head Office

For organizations where some functions pertinent to the certification are controlled by a Head Office
separate to the manufacturing site(s), the minimum time shall be 0.5 auditor day (4 working hours) on-
site to audit the functions pertinent to the certification at the Head Office.
A maximum of 20% audit time reduction can be allowed for each of the single manufacturing sites
belonging to the group where the shared functions are controlled by the (off-site) Head Office. The 20%
audit time reduction is applied to the minimum audit time (TS) only.

3.11.3.3 Off-site Activities

For offsite manufacturing or service activities: a 50% audit time reduction of TS may be applied for each
additional site.
For off-site storage: at least 0.25 auditor day (2 working hours) additional on-site audit time shall be
added to the FSSC 22000 audit time for each off-site storage facility.

3.11.3.4 Additional Scheme

Where the FSSC 22000 audit is undertaken in combination or integration with other food safety audits
as a combined audit, the duration shall be increase on the top of FSSC 22000. The minimum FSSC audit
duration shall always be respected. The audit time stated in the report shall be of the total combined
audit and match the audit plan. Total audit duration is then longer than for FSSC 22000 alone. This is
considered as an increase in audit duration and the reason for this shall be justified.

3.11.4 Reduction Time

Reduction cannot be applied at TFSSC. When properly documented and justified, a reduction of the Ts
audit time can be made in accordance with ISO/TS 22003:2013, Annex B. The reduction in Ts audit time
can never be more than 0,25 auditor day (2 working hours). The reduction cannot be applied on TFSSC.
Exemption: Further reduction is only allowed for sites with simple processes, having 5 FTE or less and
maximum 1 HACCP study. For such sites, a reduction in on-site audit time (TFSSC) can be made but the
total time Ts+ TFSSC shall be minimum one day. This reduction shall be approved in the contract review.

Page 15 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

3.11.5 Rounding Down and Up

If after the calculation the result is a decimal number, the number of days should be adjusted to the
nearest half day following mathematic rule/ concept. The rounding is done over the total of (T s + TFSSC).

3.11.6 Audit Duration Confirmation – On Site

For every audit, the auditor has the responsibility to check if the factors that affect the duration has not
been changed and if the audit duration allocated is correct. If auditor realized that the audit duration
that was allocated to the activity is not corrected, he/she shall immediately contact the BSI office that
will provide instruction on how to proceed in order to ensure that the correct duration will be delivered.
In additional to that when this situation occurs the contract review shall be reviewed and re-approved in
order to ensure the following audits of the cycle will be delivered in accordance with FSSC 22000 audit
duration rules. As per FSSC 22000 Guidebook client is requested to send us the APCF507 when significant
changes occur.

3.12 Audit Report

At the conclusion of the audit, the audit team will prepare a written report on the audit findings and
the audit team leader will present these findings to your site’s senior management at the exit meeting.
Non-conformities will be discussed with your team during the auditor’s visit and outlined at the exit
meeting. Non-Conformities are categorized as Critical, Major and Minor.
These Non-Conformities and their categorization at the exit meeting are preliminary and are subject to
a technical review by BSI.
The audit findings include a summary of the overall compliance of your system with the requirements
of the relevant standard(s) or codes of practice.
If you are unclear regarding the meaning of anything in your report, please contact your BSI auditor or
local office.
The ownership of the certificate and audit report content is held by BSI. At the request of food safety
authorities, information related to the certification and auditing process shall be shared

3.13 Non-conformities

It is your site’s responsibility to respond to the non-conformities detailed in your audit report by the
designated time frame. Failure to do so may result in suspension or cancellation of your certification.
Close out of non-conformities is via your BSI FSSC auditor. The auditor will review the information
provided and will either approve and close out the non-conformance or request further information from

Page 16 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

your site until such time as the sufficient information has been received. Certain non-conformances
require a revisit to the site to confirm satisfactory closure.

3.13.1 Nonconformities Levels

BSI shall apply these criteria as a reference against which to determine the level of nonconformities for
findings in FSSC audits. There are three nonconformity (NC) grading levels:

Nc Level Definition
A minor nonconformity shall be issued when the finding does not affect the capability of the
management system to achieve the intended results.
Minor

A major nonconformity shall be issued when the finding affects the capability of the management
system to achieve the intended results.
Major

A critical nonconformity is issued when a direct food safety impact without appropriate action by
the organization is observed during the audit or when legality and/or certification integrity are at
Critical
stake.

In case of non-conformities noticed in a Head Office audit, these are assumed to have impact on the
equivalent procedures applicable to all sites. Corrective actions shall therefore address issues of
communication across the certified sites and appropriate actions for impacted sites. Such nonconformities
and corrective actions shall be clearly identified in the relevant section of the site audit report and shall
be cleared in accordance with BSI procedures before issuing the site certificate.

3.13.2 Non-Conformity Management

3.13.2.1 Minor Nonconformity

1) the organization shall provide the BSI with objective evidence of the correction, evidence of an
investigation into causative factors, exposed risks and the proposed corrective action plan (CAP);
2) BSI shall review the corrective action plan and the evidence of correction and approve it when
acceptable. The BSI approval shall be completed within three (3) months after the last day of the audit.
Exceeding this timeframe shall result in a suspension of the certificate;
3) corrective action(s) (CA) shall be implemented by the organization within the timeframe agreed with
BSI;
4) effectiveness of implementation of the corrective action plan shall be reviewed, at the latest, at the
next scheduled on-site audit.

Page 17 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

3.13.2.2 Major Nonconformity

1) the organization shall provide to BSI with objective evidence of an investigation into causative factors,
exposed risks and evidence of effective implementation;
2) BSI shall review the corrective action plan and conduct an on-site follow-up audit to verify the
implementation of the CA to close the major nonconformity. In cases where documentary evidence is
sufficient to close out the major nonconformity, BSI may decide to perform a desk review. This follow-
up shall be done within 28 days from the last day of the audit;
3) the major nonconformity shall be closed by BSI within 28 calendar days from the last day of the audit.
When the major cannot be closed in this timeframe, the certificate shall be suspended;
4) where completion of corrective actions might take more time, the CAP shall include any temporary
measures or controls necessary to mitigate the risk until the permanent corrective action is implemented.

3.13.2.3 Critical Nonconformity

1) when a critical nonconformity is issued at a certified site the certificate shall be immediately suspended
for a maximum period of six (6) months;
2) when a critical nonconformity is issued during an audit, the organization shall provide to BSI with
objective evidence of an investigation into causative factors, exposed risks and the proposed CAP. This
shall be provided to BSI within 14 days after the audit;
3) a separate audit shall be conducted by BSI between six (6) weeks to six (6) month after the regular
audit to verify the effective implementation of the corrective actions. This audit shall be a full on-site
audit (with a minimum on-site duration of one day). After a successful follow-up audit, the certificate
and the current audit cycle will be restored and the next audit shall take place as originally planned (the
follow-up audit is additional and does not replace an annual audit). This audit shall be documented and
the report uploaded;
4) the certificate shall be withdrawn when the critical nonconformity is not effectively resolved within the
six (6) month timeframe;
5) in case of a certification audit (initial), the full certification audit shall be repeated.

3.14 Granting Certification

Certification of an FSSC System shall be awarded to an organization with no outstanding non-

conformities. BSI will issue the certificate within 30 calendar days from the date of the certification
decision. The certificate expires three years after the date of the initial certification decision. However,
whilst the certificate is issued to the applicant site, it remains the property of BSI under the conditions
outlined in the contract.

Page 18 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

3.15 Maintaining Certification

To maintain FSSC certification, your site is required to ensure that surveillance and/or re-certification
audits occur within the required timeframe, ensure that no critical non-conformities are raised at
surveillance or re-certification audits, and that all major and minor non-conformities are corrected within
the time frame specified.

3.15.1 Multi-site certification

Multisite is not allowed for the categories that BSI is accredited for. Thus, not applicable to FSSC 22000
operation in BSI.

3.15.3 Remote audits

Computer aided audit techniques (CAAT) may be used as a remote audit tool during FSSC 22000 audits
provided the requirements of IAF MD4 are met.

3.15.4 Transfer of certification

BSI shall follow the requirements of IAF MD 2 for all transfer certification.

3.15.5 Transition Audits

Transition audits are allowed from Dutch HACCP, ISO 22000 and GFSI recognized certification programs
with equivalent scopes. Transition audits are only allowed from valid certificated issued by BSI.
Transition audits are the start of a new certification cycle and shall therefore be a stage 2 audit (a stage
1 may be performed at the discretion of BSI). The FSSC 22000 certificate issued shall have a validity of
3 years.
Important: Transition CANNOT be performed from a certificate issued by another CB. For this case,
clients shall be first transferred and have their BSI certificate issued. Only after that, the transition can
be performed (before the expire date of the certificate).

3.15.6 Special Audits

Additional special audits shall be performed on top – but never as a replacement of the annual
surveillance/ recertification audits. These special audits shall be documented and upload in the portal.

Page 19 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

3.15.6.1 Extension of Scope

BSI shall, in response to an application for expanding the scope of a certification already granted,
undertake a review of the application and determine any audit activities necessary to decide whether or
not the extension may be granted. This may be conducted in conjunction with a surveillance audit or
with a re-certification or separated from the audit cycle being conducted as special audit.
BSI shall be notified at least 90 days in advance to the audit in order to properly update the contract,
including all relevant aspects such as audit duration. A new application

3.15.6.2 Short – notice audits

It may be necessary for the BSI to conduct audits of certified clients at short notice or unannounced to
investigate complaints, or in response to changes, or as follow up on suspended clients.
In such cases BSI shall describe and make known in advance to the certified clients the conditions under
which such audits will be conducted.

3.15.7 FSSC 22000 Follow Up Audits

For follow up audit duration will depend on the number of non-conformities that shall be closed.

3.16 Unannounced Audit

An unannounced audit program is part of the 3-year certification cycle. Participation in the unannounced
audit program is mandatory.
1) The program shall ensure that for each certified site, at least one unannounced audit is undertaken
after the initial certification audit and within each 3-year period thereafter.
2) The certified organization can voluntary choose to replace all surveillance audits by unannounced
annual surveillance audits. Recertification audits may be conducted unannounced at the request of the
certified organization.
3) The initial certification audit (stage 1 and stage 2) cannot be performed unannounced.

3.16.1 Unannounced Audit Execution

1) Your organization will not be notified in advance of the date of the unannounced audit and the audit
plan will not be shared until the opening meeting.
2) The unannounced audit takes place during normal operational working hours including night shifts
when required.
3) Blackout days may be agreed in advance.

Page 20 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

4) The audit will start with an inspection of the production facilities commencing within 1 hour after the
auditor has arrived on site. In case of multiple buildings at the site the auditor shall, based on the risks,
decide which buildings/facilities shall be inspected in which order.
5) All Scheme requirements shall be assessed including production or service processes in operation.
Where parts of the audit plan cannot be audited, an (announced) follow-up audit shall be scheduled
within 4 weeks.
6) If the certified organization refuses to participate in the unannounced audit, the certificate shall be
suspended immediately, and BSI will withdraw the certificate if the unannounced audit is not conducted
within a six-month timeframe from the date refusal.
7) The audit of separate Head offices controlling certain FSMS processes pertinent to certification
separate to the site(s) shall be announced . Where Head Office activities are part of a site audit, they
shall be unannounced.
8) Secondary sites (off-site activities) and off-site storage, warehouses and distribution facilities shall
also be audited during the unannounced audit.

3.17 Auditor Rotation

FSSC has a restriction in place that one auditor may conduct no more than six (6) consecutive audits at
the same company. After six (6) audits, another auditor must be assigned to visit your premises.
Following this change, the original auditor may return for up to another six (6) consecutive audits after
a minimum period of one year.

4 Implementation of FSSC 22000

4.1 Learn about the FSSC 22000 Scheme

There are several ways to learn how to implement the FSSC 22000 Scheme within your food business.
The following options are available:
 Attend an FSSC 22000 Training course available through the BSI Training Academy (refer to your
local BSI office or website)
 Train yourself by downloading the necessary documents from the FSSC website.

4.1.1 FSSC 22000 V5 Documents

FSSC 22000 V5 scheme documents are available at FSSC Website.

The FSSC 22000 scheme version 5 standard is structured in 06 parts compiled in 01 manual, 02
appendices, 07 annexes and guidances that are publicly available in English at FSSC website.

Page 21 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

o Part 1 - Scheme Overview

o Part 2 – Requirements for Organizations to be Audited
o Part 3 – Requirements for the Certification Process
o Part 4 – Requirements for Certification Bodies
o Part 5 – Requirements for Accreditation Bodies
o Part 6 – Requirements for Training Organizations
o Appendix 01: Definitions
o Appendix 2: References
o Annex 1 - CB Certificate scope statements
o Annex 2 - CB Audit report template (FSSC 22000)
o Annex 3 - CB Audit report template (FSSC 22000-Quality)
o Annex 4 - CB Certificate templates
o Annex 5 - AB Accreditation certificate scope
o Annex 6 - TO Course specifications
o Annex 7 - TO Training certificate templates

4.2 FSSC Database

The FSSC Foundation maintains a Register of Certified Sites with the names and information of all
certified sites. This register is publicly available on the FSSC website.

5 Certificate Suspension, Withdrawal or Scope Reduction

1) Suspension: BSI shall immediately suspend certification when a critical nonconformity is issued and/or
there is evidence that their client is either unable or unwilling to establish and maintain conformity with
Scheme requirements
2) Withdrawal: BSI shall withdraw a certificate when:
 the status of suspension cannot be lifted within six (6) months;
 the organization ceases its FSSC 22000 certification activities;
 any other situation where the integrity of the certificate or audit process is severely compromised.
3) Scope reduction: When BSI has evidence that client holds a certificate whose scope exceeds their
capability or capacity to meet scheme requirements, BSI shall reduce the certification scope accordingly.
BSI shall not exclude activities, processes, products or services from the scope of certification when those
activities, processes, products or services can have an influence on the food safety of the end products
as defined in the scope of certification.

Page 22 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

5.1 Action Upon Suspension, Withdrawal and Scope Reduction

1) In case of suspension or withdrawal, the organizations’ management system certification is invalid.

The BSI shall:
 immediately change the status of the certified organization in the Portal and its own Register of
certified organizations and shall take any other measures it deems appropriate;
 inform the organization in writing of the suspension or withdrawal decision within three (3) days
after the decision was made;
 instruct the organization to take appropriate steps in order to inform its interested parties.
2) In case of scope reduction, the organizations’ management system certification is invalid beyond the
revised certification scope statement. BSI shall:
 immediately change the scope of the certified organization in the FSSC 22000 database and its
own Register of certified organizations and shall take any other measures it deems appropriate;
 inform the organization in writing of the scope change within three (3) days after the decision of
change;
 instruct the organization to take appropriate steps in order to inform its interested parties.

6 Use of the BSI Certification Mark

You are entitled to use the appropriate BSI Certification Mark whilst you maintain certification to this
program with BSI. For a copy, visit our website at www.bsigroup.com
Use of the logo is subject to Condition and rules of its application.

7 Use of the FSSC Logo

Certified organizations can use the FSSC 22000 logo only for marketing activities such as organization's
printed matter, website and another promotional material.

In case of using the logo, the organization shall comply with the following specifications:

Page 23 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

Use of the logo in black and white is permitted when all other text and images are in black and white.
The certified organization is not allowed to use the FSSC 22000 logo, any statement or make reference
to its certified status on:
 a product;
 its labelling;
 its packaging (primary, secondary or any other form);
 in any other manner that implies FSSC 22000 approves a product, process or service.

8 Confidentiality

BSI will keep confidential information confidential for a period of 6 years after it has received it and will
not use or disclose it except for the purpose of exercising or performing its rights and obligations under
the contract, or to the extent required by law, or by any governmental or other regulatory authority, or
accreditation authority, or by a court or other authority of competent jurisdiction and/or by the
Foundation.
In these cases, BSI will not be required to notify you of such disclosure and will not be required to oppose
any demand made by such entities.
The ownership of the certificate and the audit report content of your site is held by BSI. At the request
of food safety authorities, information related to the certification and auditing process shall be shared.

9 Additional Obligations

Following certification, there are a number of managerial responsibilities which your site will need to fulfil
to maintain BSI’s certification. These include:
 Continued compliance with the relevant systems standard(s) or code(s) of practice;
 Compliance with BSI’s Standard Commercial Terms and Conditions and obligations as specified
in this document as well as other guidance documentation that may be specifically provided from
time-to-time;
 Conduct of regular internal reviews of your system, with appropriate documentation of such
reviews and of any subsequent corrective actions;
 Notification to BSI of any significant changes in the structure (key responsibilities and
management system), ownership and operations of your site to enable the impact of such
changes on the certified ownership system to be evaluated; and

Page 24 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

 Notification to BSI of any litigation or serious events or matters that relate to the scope of your
certification within twenty-four (24) hours of the event.

9.1 Complaints

Your site is required to keep a record of all known complaints. These records must be made available
to the audit team and BSI when requested.
Your site is required to demonstrate that you have taken appropriate action to address these complaints
through investigation and correct any deficiencies found. These actions must be documented.

9.2 Certification Agreement

Your site is required to meet the requirements of the Certification Agreement. This requires that your
site and products remain compliant with the scheme requirements and the conditions of certification at
all times.
Your site is required to implement appropriate changes as communicated by BSI in a time appropriate
manner.

9.3 Assessment Scheduling

Your site is required to make all necessary arrangements to allow the evaluation and surveillance
activities to take place. This includes but is not limited to; Equipment, Product, Locations, Personnel and
Sub-contractors.

9.4 Misleading Statements

Your site is not permitted to use its certification in a manner that could bring BSI into disrepute. This
includes making misleading or unauthorized statements. If you are unsure if a statement could be
misleading you are advised to contact BSI prior to making the statement. Statements include but are
not limited to advertising (including your website) and internal communication. The use of the logo on
product and product packaging is not permitted.
If your site is required to provide copies of certification documents these must be reproduced in its
entirety. Failure to do so may be misleading to the recipient as to the scope of certification.

9.5 Communication Obligations

Your organization has the obligation to communicate with your local BSI office within 3 working days
related to the following:

Page 25 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

a) any significant changes that affect the compliance with the Scheme requirements and obtain advice
of BSI in cases where there is doubt over the significance of a change;
b) changes to organization name, contact address and site details;
c) changes to organization (e.g. legal, commercial, organizational status or ownership) and management
(e.g. key managerial, decision-making or technical staff);
d) changes to the management system, scope of operations and product categories covered by the
certified management system;
e) an extraordinary event affecting a certified site or BSI may temporarily prevent BSI from carrying out
planned audits on-site. When such a situation occurs, BSI in consultation with the certified site will need
to determine a reasonable planned course of action;
f) any other change that renders the information on the certificate inaccurate.

In case your organization is affected by serious events that impact the FSMS, legality and/or the integrity
of the certification which includes legal proceedings, prosecutions, situations which pose major threats
to food safety, quality or certification integrity as a result of natural or man-made disasters (e.g. war,
strike, terrorism, crime, flood, earthquake, malicious computer hacking, etc.), BSI shall be contacted
within 03 working days through [email protected]. BSI will assess the risks of continuing
certification and establish a documented policy and process, outlining the steps it will take in consultation
with certified organizations, for a reasonable planned course of action. This includes situations where,
due to security and/or visa issues in a Country, an audit cannot be performed as unannounced (e.g.
when an auditor requires to be in contact with the organization at all times, due to security reasons or a
visa must be requested in advance with the assistance/invitation of the certified organization).
In case your organization is affected by public food safety events (such as e.g. public recalls, calamities,
food safety outbreaks, etc.) BSI shall be notified within 03 working days through
[email protected]

9.6 Observers

 From time to time BSI requires an observer to be in attendance at an audit. This may be related
to training of new staff and witness assessment of existing staff. It is a requirement of
certification that your site allows these activities to occur.
 Failure to allow this activity to occur may result in cancellation of your certification.
 BSI will, at all times, ensure that the use of observers is kept to a minimum and your site will be
advised prior to the assessment activity.
 The observer does not take an active part in an assessment.

9.7 Witnessing Assessment by CB

From time to time the accreditation body and /or the Foundation FSSC requires a performance of
a witnessing process. By accepting the FSSC BSI quote your organization accept cooperate with
such process

Page 26 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

9.8 FSSC Website

It is an FSSC scheme requirement for your site’s details to be displayed on the FSSC website.

10 Complaints and Appeals

Appeals against certification decisions and/or complaints against service delivery levels may be raised
with your auditor. If you remain dissatisfied, contact BSI in writing using the contact details below.
BSI will also investigate legitimate documented complaints, relevant to operation of the system, from
c li ent s /customers of certified s i t e s , T h e F S S C F o u n d a t i o n and the accreditation body (ANAB).
Certified sites shall, at all reasonable times, provide representatives of BSI, FSSC or ANAB with access
to its premises and records for the purposes of investigating such complaints.
If your site’s application for certification has been refused; or your certified site’s certification has been
suspended, withdrawn, or reduced in scope, you may appeal against the decision. All complaints will be
investigated and the originator of a complaint will be advised of the outcomes, as appropriate.
Where necessary a Review Committee will be established and operated as set out below:
 The appellant shall, within 28 days of the disputed advice from BSI, lodge a written notice of
appeal with an affidavit as to the grounds of appeal;
 The BSI Global Operations & Compliance Management Group shall be advised within 14 days of
receiving the appellant’s notice;
 The Global Operations & Compliance Management Group shall then establish a Review
Committee;
 The Review Committee shall consist a minimum of three persons considered as experts in the
area of technology or business relevant to the appeal. The Review Committee shall be constituted
as follows:
o One-person expert in the relevant area of technology or business
o Two persons selected by the appellant from a list of four persons
 The appellant shall represent himself and no legal representation will be allowed unless approved
by the Review Committee; and
 The Review Committee will carry out investigations as are required, including assessment of
information supplied by the appellant and, within a reasonable time, decide by majority vote
whether or not to reverse the original decision.
 The Global Food and Retail Supply Chain Operations and Compliance Director shall give
notification of the decision to the appellant within 14 days of the Review Committee decision
To raise a complaint or appeal against the service delivery by BSI or audit outcome please notify:
 Todd Redwood
Global Food and Retail Supply Chain Operations and Compliance Director
Email: [email protected]

Page 27 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

11 Upgrade Process from FSSC 22000 V4.1 to V5

11.1 Audit requirements:

Upgrade audits will be performed against FSSC 22000 V5 requirements. These can be found on the FSSC
22000 website under certification scheme documents (FSSC 22000 Scheme Version 5).

11.2 Audit planning

The upgrade audits (surveillance and re-certification) will be conducted as announced audits, unless your
organization specifically requests an unannounced upgrade audit.

11.3 Audit duration

The audit time for the upgrade audit will remain the same as for regular planned audit and will be
calculated in accordance with certification scheme documents (FSSC 22000 Scheme Version 5 - Part 3
Requirements for Certification Process - chapter 4.3).

11.4 Timelines

Audits against FSSC 22000 V4.1 are only allowed until 31 December 2019.

Upgrade audits against FSSC 22000 V5 scheme requirements will be conducted between 1 January 2020
and 31 December 2020.

Under extraordinary circumstances, the V5 upgrade audit could take place in 2021, however this
process must be completed in accordance with FSSC 22000 V5 scheme requirements and before 29 June
2021. The extraordinary circumstances must be documented, shared with and approved by BSI.

If approved, BSI must communicate the delayed audits by 31 December 2020 at the latest. In order to
us comply with this time frame, your organization must make BSI aware of your organization’s
extraordinary circumstances no later than 29 November 2020.

11.5 Certificates

All FSSC 22000 V4.1 certificates will become invalid after 29 June 2021 and will be withdrawn by BSI. If
your organization doesn’t comply with the upgrade process timelines detailed above, the process to re-
gain the certification will require that your organization begins the certification process at stage 1 as per
ISO 17021 requirements.

A new V5 certificate will be issued after a successful upgrade audit (maintaining the same certificate
expiry date in case of surveillance audit. For re-certification a new certification cycle will be established).

Page 28 of 29
 PP1268

BSI Certification Guidebook (FSSC V5)

Revision 6 (August 2019)

11.6 FSSC portal

The FSSC portal (database) will be updated by BSI when the new V5 certificates are issued. The V4.1
certificate of clients that upgrade during 2020 will be withdrawan in the Portal once the V5 certicate is
uploaded.
All remaining V4.1 certificates of clients that do not upgrade, will be automatically set to invalid by the
portal after 29 June 2021 and no longer visible on the public list of certified organizations on the FSSC
22000 website.

Page 29 of 29