ISO 22000 Sectoral HACCP Templates (Bakery, Dairy, Meat, Beverage)

Hazard Lists and Critical Control Points

Within ISO 22000, the preparation of sector-specific HACCP plans begins with a systematic identification of all potential hazards in production processes and an evaluation of which points are critical. Since bakery, dairy, meat, and beverage industries have distinct risk profiles, each requires a tailored hazard matrix.

1) Bakery sector hazards

Flour and cereal-based products are prone to microbiological risks (mold, yeast), physical hazards (metal, glass fragments), and chemical hazards (acrylamide formation during baking). Critical control points often include baking time/temperature parameters and foreign material detection equipment such as sieves and metal detectors.

2) Dairy sector hazards

Dairy products are vulnerable to pathogens like Listeria, Salmonella, and E. coli, along with chemical risks such as antibiotic residues and mycotoxins. Critical control points typically include pasteurization parameters, cold chain maintenance, and raw milk acceptance testing.

3) Meat sector hazards

Meat products present high risks of Salmonella, Clostridium, and Campylobacter contamination. Cross-contamination, equipment hygiene, and storage conditions are also major concerns. Critical control points include cooking temperatures, cold storage monitoring, and sanitation verification.

4) Beverage sector hazards

In non-alcoholic beverages, the safety of the water source, the integrity of sugar and flavoring ingredients, and sanitation of bottling lines are critical. Critical control points include water treatment systems, sterilization of filling machines, and storage conditions.

Process Flow Diagrams (Examples)

Process flow diagrams are a cornerstone of HACCP planning under ISO 22000. They visually map each production step, from raw material intake to finished product distribution, enabling accurate hazard analysis and the identification of critical control points (CCPs). Each sector requires its own flow diagram due to differing processes and risks.

1) Bakery sector flow

Raw material acceptance → Sieving → Dough preparation → Fermentation → Shaping → Baking → Cooling → Packaging → Storage → Distribution. CCPs: Sieving (foreign matter control), baking (internal product temperature), packaging (cross-contamination prevention).

2) Dairy sector flow

Milk reception → Filtration → Cooling → Pasteurization → Homogenization → Filling → Cold storage → Distribution. CCPs: Pasteurization parameters, integrity of the cold chain, aseptic filling line hygiene.

3) Meat sector flow

Raw meat reception → Cutting → Processing (mincing, sausage/salami production) → Cooking or curing → Packaging → Cold storage → Distribution. CCPs: Cooking temperature validation, cold storage monitoring, prevention of cross-contamination in processing areas.

4) Beverage sector flow

Water intake → Pre-treatment → Filtration → Ingredient mixing (sugar, flavorings) → Pasteurization or sterilization → Filling → Capping → Labeling → Storage → Distribution. CCPs: Water quality and filtration, sterilization of filling machines, secure sealing and labeling processes.

PRP/OPRP Selection and Justification

In the ISO 22000 HACCP framework, hazard control is achieved not only through Critical Control Points (CCPs) but also via Prerequisite Programs (PRPs) and Operational Prerequisite Programs (OPRPs). Correctly distinguishing and justifying PRPs and OPRPs is vital for building a reliable food safety management system.

1) PRP selection criteria

PRPs cover general hygiene and infrastructure requirements across all processes. Examples include:

• Personal hygiene practices (handwashing, protective clothing management).
• Cleaning and sanitation of equipment and surfaces.
• Pest control measures.
• Water quality and supply management.
• Storage and transportation conditions.

These measures are foundational and not tied to a single production step, but rather ensure an overall hygienic environment.

2) OPRP selection criteria

OPRPs are process-specific measures that reduce the likelihood of hazards reaching unsafe levels but may not have strict numerical limits like CCPs. Examples include:

• Maintaining cold chain continuity in dairy operations.
• Sanitation of mincing equipment in the meat sector.
• Filtration efficiency checks in beverage production.
• Fermentation time control in bakery operations.

3) Difference from CCPs

CCPs are managed with critical limits and direct product safety implications. For example, failure to achieve pasteurization temperature immediately renders a product unsafe. OPRPs, on the other hand, require continuous monitoring but deviations can often be corrected without rendering the product unsafe, as long as corrective action is timely.

4) Justification process

Each PRP and OPRP must be justified using risk analysis results. Documented rationale is essential during audits to prove why a particular step was classified as PRP or OPRP instead of CCP.

Monitoring Calibration and Equipment Management

Within ISO 22000 HACCP plans, the reliability of monitoring activities depends on the accuracy of the instruments used. Incorrect or uncalibrated devices can lead to false results, causing either unnecessary product rejection or, more critically, the release of unsafe food to the market. Proper calibration and management of monitoring equipment are therefore essential.

1) Equipment inventory

An updated inventory must be maintained for all measurement devices, including thermometers, pH meters, weighing scales, metal detectors, and pressure gauges. The inventory should record device type, serial number, location of use, responsible person, and the last calibration date.

2) Calibration schedule

Calibration intervals should be set based on the risk and criticality of the device:

• High-risk devices: Thermometers used for pasteurization → monthly or quarterly calibration.
• Medium-risk devices: Scales and pH meters → semi-annual calibration.
• Low-risk devices: Humidity and pressure gauges → annual calibration.

3) Calibration records

Every calibration event must be recorded with the calibration date, results, adjustment performed, and the certifying body. These records are mandatory evidence during ISO 22000 audits and must be accessible at all times.

4) Preventive maintenance

In addition to calibration, preventive maintenance ensures devices remain functional. For example, weekly verification tests of metal detectors using test cards and ice-water validation for thermometers should be carried out.

5) Traceability and accountability

Each device must be linked to its associated critical control point. If deviations occur, the traceability system should allow auditors and managers to identify which device was used, by whom, and when.

Limits and Corrective Actions

The effectiveness of a HACCP plan depends heavily on the establishment of measurable limits at each Critical Control Point (CCP) and the implementation of predefined corrective actions whenever deviations occur. Limits must be based on scientific data, regulatory requirements, and industry best practices to ensure food safety.

1) Defining critical limits

Critical limits must be precise and quantifiable. Examples include:

• Dairy sector: Pasteurization temperature of at least 72°C for 15 seconds.
• Meat sector: Internal cooking temperature of ≥70°C.
• Beverage sector: Filtration resulting in 0 CFU/100 ml for microbiological safety.
• Bakery sector: Final product moisture content not exceeding set thresholds.

2) Verification of limits

Limits must be routinely verified using calibrated instruments and validated test methods. Regular monitoring includes thermometer readings, microbiological analyses, and pH measurements, with results documented in official records.

3) Corrective action procedures

Corrective actions must be clearly defined for each CCP. Examples include:

• If pasteurization fails to reach the required temperature → product is reprocessed or discarded.
• If cold storage exceeds temperature limits → affected batch is quarantined and investigated.
• If a metal detector signals contamination → production is halted, affected batch isolated, and equipment inspected.

4) Responsibility and accountability

Corrective actions must be assigned to trained personnel, with timeframes for completion specified. Clear accountability prevents delays and ensures rapid resolution of hazards.

5) Documentation and follow-up

Every deviation and corrective action must be recorded. Root cause analysis should be performed to prevent recurrence, and outcomes must be reviewed during management meetings and audits.

Supplier Risk Classification

Food safety under ISO 22000 extends beyond internal production processes to include the entire supply chain. Since raw materials, additives, and packaging materials come from external sources, assessing and classifying supplier risks is essential for ensuring product integrity and consumer safety.

1) Risk classification criteria

Suppliers should be categorized based on the potential impact of their materials or services on food safety:

• High-risk suppliers: Provide perishable or high-risk raw materials such as dairy, meat, or eggs.
• Medium-risk suppliers: Provide additives, spices, and packaging materials with moderate impact on safety.
• Low-risk suppliers: Provide cleaning products, maintenance services, or logistics support with indirect food safety impact.

2) Evaluation methods

Suppliers should be evaluated using objective criteria, including:

• Compliance history and previous nonconformities.
• Certification status (ISO 22000, FSSC 22000, BRC, IFS, etc.).
• Analytical test reports and product conformity certificates.
• Delivery performance, including timeliness and handling conditions.

3) Monitoring and auditing

High-risk suppliers require regular on-site audits to verify compliance. Medium- and low-risk suppliers may be assessed through documentation reviews, questionnaires, or periodic evaluations.

4) Contractual requirements

Contracts with suppliers should explicitly state food safety obligations. For example: “The supplier shall provide valid test reports with every batch delivered and ensure compliance with applicable legal requirements.”

5) Partnership for improvement

Supplier risk classification should not only be used for control but also as a tool for improvement. Training, technical support, and joint development projects can be offered to high-risk suppliers to enhance overall supply chain safety.

Allergen Management and Declaration

Allergens represent one of the most serious hazards in food safety, as even trace amounts can trigger severe reactions in sensitive consumers. Under ISO 22000, allergen management must be embedded into HACCP planning to prevent cross-contamination and ensure transparent communication to consumers through labeling and declarations.

1) Identification of allergens

All ingredients and raw materials should be reviewed for allergenic potential. Common allergens include gluten, milk, eggs, fish, crustaceans, peanuts, tree nuts, soy, celery, mustard, sesame seeds, and sulfites. Any use of these must be highlighted in product specifications.

2) Cross-contamination risks

Cross-contact may occur if production lines, equipment, or storage areas are not properly managed. Examples include:

• Processing allergen-free and allergen-containing products on the same line without validated cleaning procedures.
• Improper segregation of allergen-containing raw materials in warehouses.
• Shared utensils or equipment without proper sanitation.

3) Control measures

Key allergen control practices include:

• Dedicated production lines or clear scheduling to separate allergen-containing products.
• Color-coded tools and containers for allergenic ingredients.
• Validated cleaning procedures with allergen-specific testing (e.g., ELISA swabs).
• Controlled storage with labeling and sealed containers.

4) Declaration and labeling

Food labels must clearly indicate the presence of allergens according to regulatory requirements. Statements such as “Contains milk and gluten” or precautionary warnings like “May contain traces of nuts” must be accurate and not misleading. Non-compliance can result in recalls and legal action.

5) Consumer communication

Allergen information should be accessible not only on packaging but also through menus, websites, and digital product descriptions. This builds consumer trust and ensures that sensitive individuals can make informed purchasing decisions.

Recall Exercise Plan

A well-prepared recall plan is one of the most critical safeguards in an ISO 22000 food safety management system. It ensures that potentially unsafe products already distributed in the market can be quickly and effectively removed, protecting consumer health and maintaining regulatory compliance. Regular recall exercises (mock recalls) validate the system’s readiness in real-world scenarios.

1) Scope of the recall plan

The plan should clearly define the conditions under which recalls are triggered, the roles and responsibilities of each team member, the communication channels to be used, and the sequence of steps. Recalls may be initiated not only for food safety hazards but also for labeling errors, undeclared allergens, or packaging defects.

2) Importance of recall exercises

Theoretical plans are insufficient without practical testing. Recall exercises, performed at least annually, simulate real-life incidents and expose weaknesses in the system, such as delays in communication or incomplete traceability. Corrective measures can then be implemented to strengthen the process.

3) Types of recall scenarios

Different scenarios should be tested to cover various risk types:

• Microbiological hazard: Products contaminated with Salmonella or Listeria.
• Allergen hazard: Products containing undeclared allergens such as milk or nuts.
• Chemical hazard: Excess pesticide residues or unapproved additives in raw materials.

4) Communication strategy

Effective recalls depend on timely communication. Internal stakeholders (management, production, quality) and external parties (regulators, customers, distributors, and the public) must be informed using predefined templates and contact lists. Maintaining updated emergency contact details is essential.

5) Documentation and reporting

Every recall exercise must conclude with a detailed report that outlines the speed of product traceability, communication effectiveness, and recovery rates. Lessons learned should feed back into revising and improving the recall procedure.

Internal Audit and Verification Plan

Internal audits and verification activities are essential mechanisms within ISO 22000 to ensure that the HACCP plan is effectively implemented and continuously improved. These processes test whether documented procedures are applied in practice and whether critical limits and controls remain reliable.

1) Purpose of internal audits

The goal of internal audits is to assess compliance with established procedures, evaluate the accuracy of records, and verify that hazards are effectively controlled at each stage of production. Audits also measure staff awareness and their adherence to food safety protocols.

2) Developing the audit plan

A comprehensive annual audit schedule should cover all departments and processes. The plan must outline audit dates, scope, criteria, auditors, and the use of standardized checklists. High-risk processes such as pasteurization or meat processing should be audited more frequently.

3) Verification activities

Verification ensures that HACCP controls are not only in place but are functioning as intended. Examples include:

• Laboratory testing of finished products and raw materials.
• Functional tests of monitoring equipment like metal detectors and filtration systems.
• On-site inspections of hygiene practices and production conditions.

4) Managing nonconformities

Any deficiencies identified during audits must be documented in formal reports. Corrective actions must be assigned to responsible staff, with defined deadlines, and progress tracked until closure. This ensures continuous improvement and system robustness.

5) Integration with management review

Audit and verification results must feed into management review meetings. Top management should use these findings to allocate resources, update objectives, and refine HACCP plans, ensuring alignment with strategic goals and regulatory expectations.