General Framework of Additional Requirements
The FSSC 22000 Certification Scheme is based on the ISO 22000 Food Safety Management System infrastructure; however, it defines additional requirements in order to manage specific risks arising from sectoral practices more effectively. These additional requirements aim to assess not only the existence of documented procedures, but also the organizationâs risk-based thinking approach, on-site practices, and the overall effectiveness of the management system. From an audit perspective, these requirements constitute the distinctive and value-adding elements of FSSC 22000.
The primary purpose of the additional requirements is to systematically remind organizations that food safety risks are not limited solely to production processes, but extend across a broad impact area ranging from the supply chain and human factors to facility security and information management. Within this scope, FSSC 22000 expects organizations to adopt a proactive management approach, analyze potential threats in advance, and structure control mechanisms in a sustainable manner.
One of the most common issues encountered during audits is the treatment of additional requirements not as an integral extension of ISO 22000 clauses, but as independent and secondary obligations. However, within the FSSC 22000 framework, additional requirements are complementary building blocks that must be integrated into the existing food safety management system. These requirements should not be managed as separate procedures or isolated documents, but should be embedded within the systemâs risk assessment, monitoring, and improvement cycles.
Strategic Approach
Additional requirements reveal the true value of the FSSC 22000 system when they are addressed through a risk-focused and preventive management approach rather than an audit-driven perspective.
When the general framework of additional requirements is examined, areas such as food fraud vulnerability assessment, food defense and facility security, allergen management, supplier control, labeling accuracy, and traceability emerge as prominent topics. Each of these areas represents a critical control domain that directly affects not only the organizationâs internal processes, but also its external stakeholders and market relationships.
From an auditorâs perspective, the primary expectation in evaluating additional requirements is the organizationâs ability to present objective evidence that clearly demonstrates how these areas are managed. Such evidence is not limited to written procedures alone. Risk analysis records, implementation examples, training documentation, on-site observations, and management review outputs all constitute fundamental elements supporting the effectiveness of additional requirements.
Another frequently observed weakness in practice is that additional requirements are addressed during the initial certification process but subsequently lose currency or become disconnected from routine control mechanisms. By design, the FSSC 22000 structure requires these requirements to be managed dynamically rather than statically. Changes in product portfolio, new suppliers, process revisions, or externally driven risks necessitate periodic re-evaluation of additional requirements.
The general framework of FSSC 22000 additional requirements also clearly defines top management responsibility. For these requirements to be effectively implemented, top management is expected to assume not only an approving role, but also a directing and monitoring role. The alignment of management-defined policies and objectives with additional requirements, supported by performance indicators, is an important evaluation criterion during audits.
In FSSC 22000 audits conducted by Kioscert, the holistic management of additional requirements is considered a key indicator of the maturity level of the organizationâs food safety culture. Systematic risk analysis, clearly defined responsibilities, measurable control points, and a continuous improvement approach directly influence the effectiveness of these requirements.
In conclusion, the general framework of additional requirements transforms the FSSC 22000 certificate from a mere conformity document into a management tool that provides operational discipline and strategic awareness to the organization. Proper understanding and systematic implementation of this framework form the foundation of sustainable compliance in both certification and surveillance audits.
Food Fraud Assessment and Action Plan
Within the scope of the FSSC 22000 additional requirements, food fraud assessment is a critical control area that directly affects product integrity, brand credibility, and consumer health. Food fraud should be addressed from a broad risk perspective that covers not only intentional deception carried out for economic gain, but also deliberate or inadvertent manipulations that may occur within the supply chain. For this reason, FSSC 22000 requires organizations to implement a systematic assessment approach and to establish concrete action plans based on this assessment.
At the core of food fraud assessment lies vulnerability analysis. This analysis aims to identify points within the product lifecycle, from raw material to finished product, where the risk of fraud may be concentrated. Factors such as the geographical origin of raw materials, supplyâdemand imbalances, historical incidents, the economic value of the product, and supplier structure constitute the primary parameters to be considered in this analysis.
One of the most common deficiencies observed during audits is the documentation of food fraud assessments using only general statements, without sufficient product- or process-specific depth. However, under the FSSC 22000 approach, the assessment must reflect the organizationâs actual risk profile and be supported by concrete justifications rather than abstract definitions. This is critical for enabling auditors to clearly understand the assessment methodology and the rationale behind decisions taken.
Risk-Focused Approach
Food fraud assessment should be designed not as a standard checklist, but as a dynamic analysis process based on organization-specific risks.
Following vulnerability analysis, the development of action plans aligned with the identified risk levels is among the core expectations of FSSC 22000. These action plans should aim either to eliminate the risk entirely or to reduce it to an acceptable level. Supplier audits, verification of certificates of analysis, evaluation of alternative raw material sources, and product authenticity testing are commonly applied control tools within this scope.
It is not sufficient for action plans to be merely defined. From an audit perspective, the feasibility of plans, the assignment of responsibilities, and the monitoring of their effectiveness constitute critical evaluation criteria. Periodic review of action plans and their update in line with changing risk conditions directly affect the sustainability of food fraud management.
Another key aspect highlighted during audits is the extent to which food fraud awareness is embedded throughout the organization. In this context, relevant personnel are expected to be trained, fraud indicators to be recognized, and mechanisms for reporting suspicious situations to be established. Training records and internal communication practices are evaluated as objective evidence of this awareness.
The effectiveness of food fraud assessment is often directly linked to supplier management. Failure to consider fraud risks within supplier approval processes may represent the weakest link in the system. Therefore, FSSC 22000 encourages supplier performance to be monitored not only in terms of quality and delivery criteria, but also through indicators related to product integrity and reliability.
In Kioscert audit practices, food fraud management is considered one of the key indicators demonstrating an organizationâs proactive risk management capability. Systematic analysis, up-to-date action plans, and effective monitoring mechanisms reveal the maturity level in this area. Particularly during surveillance audits, how previous assessments have been addressed and which improvements have been implemented are carefully reviewed.
In conclusion, food fraud assessment and action planning are not merely technical obligations within the FSSC 22000 additional requirements; they are strategic management tools that protect organizational reputation, market trust, and long-term sustainability. Disciplined and integrated management of this process provides not only audit success, but also genuine operational assurance.
Food Defense and Facility Security Controls
Within the scope of the FSSC 22000 additional requirements, food defense represents a critical assessment area that demonstrates the extent to which an organization is prepared against intentional sabotage, harm, or malicious interference that may threaten food safety. Unlike conventional hygiene and quality controls, the food defense approach is built on the assumption that threats may be deliberate and intentional. For this reason, FSSC 22000 requires organizations to establish a holistic security structure that includes not only technical measures, but also organizational and managerial controls.
One of the core components of food defense is facility security. This includes defining the physical boundaries of the facility, preventing unauthorized access, and controlling critical areas. Raw material reception zones, warehouses, production lines, auxiliary facilities, and product dispatch points should be treated as high-risk areas from a food defense perspective, and specific control measures should be defined for each.
One of the deficiencies frequently observed during audits is the limitation of facility security practices to general security procedures. However, from an FSSC 22000 food defense perspective, potential threats must be analyzed separately for each process and area, and appropriate control mechanisms must be developed accordingly. This analysis should constitute a systematic assessment process that reflects the actual risk profile of the facility.
Threat-Based Assessment
Food defense plans should be based on defined threat scenarios developed by considering the facilityâs location, type of activity, and operational structure, rather than hypothetical assumptions.
Food defense plans should not remain as written documents only; they must be fully aligned with on-site practices. Physical measures such as surveillance camera systems, access controls, visitor management, identity verification practices, and locking of critical areas constitute tangible indicators of food defense plans. During audits, the effectiveness of these measures is verified through on-site observations.
Personnel management is also an integral part of food defense. Clear definition of authorities and responsibilities, restriction of employee access to areas outside their scope of duties, and the establishment of food defense awareness during the onboarding process for new personnel are expected. Training records and access authorization documents are considered audit evidence for this process.
From an audit perspective, the sustainability of food defense practices is one of the most critical evaluation criteria. In many organizations, plans prepared during the initial certification process gradually lose relevance or become disconnected from on-site implementation. FSSC 22000 encourages periodic testing of these plans and verification of their effectiveness. Drills and internal audits are key tools supporting this verification.
Another important topic assessed during audits is the relationship between food defense and emergency management. Clear definition of steps to be followed in the event of suspected sabotage or intentional contamination, notification of relevant functions, and establishment of communication procedures with external stakeholders are expected. The fact that these processes have been rehearsed directly reflects the maturity level of the system.
In FSSC 22000 audits conducted by Kioscert, food defense and facility security controls are considered key indicators demonstrating the organizationâs risk awareness and crisis management capability. Consistent practices, up-to-date plans, and effective monitoring mechanisms clearly reveal the level of compliance in this area.
In conclusion, food defense and facility security controls are not merely a security topic within the FSSC 22000 additional requirements; they constitute a strategic management component that completes the organizationâs holistic food safety approach. Disciplined and systematic management of this area provides operational assurance beyond audit success.
Allergen Management and Cross-Contamination Prevention Measures
Within the scope of the FSSC 22000 additional requirements, allergen management is one of the fundamental control areas that directly affects consumer health and is evaluated with high sensitivity during audits. Allergen-related risks often arise not from the product itself, but from uncontrolled contact points within the process flow, insufficient cleaning practices, or incorrect labeling activities. For this reason, FSSC 22000 expects organizations to systematically identify allergen risks and establish comprehensive control mechanisms to prevent cross-contamination.
The first step of allergen management is the detailed analysis of all raw materials, auxiliary materials, and processing aids used within the organization in terms of allergen content. This analysis must cover not only major allergens, but also components that may be present in trace amounts and elements that may create cross-contact risks within the production environment. During audits, clear and traceable evidence is expected to demonstrate that this evaluation is conducted on a product- and process-based level.
One of the most frequently observed weaknesses in practice is limiting allergen management solely to the labeling stage. However, under the FSSC 22000 approach, allergen control is an integrated management area that encompasses all operational processes, including raw material acceptance, storage, production planning, and cleaning verification. This holistic perspective enables effective control of cross-contamination risks.
Process-Based Control
Allergen management is more effectively implemented when structured based on process flow rather than product categories, allowing cross-contamination risks to be managed more efficiently.
Physical and operational segregation of production areas constitutes an important control measure for preventing cross-contamination. In cases where allergen-containing and non-allergen products are produced on the same line, clear definitions of production sequencing, shared equipment use, and cleaning procedures are required. During audits, it is verified that these measures are not only documented, but also effectively implemented in practice.
Cleaning and sanitation practices represent one of the most critical components of allergen management. The applied cleaning methods must be verified to effectively remove allergen residues. This verification should be supported not only by visual inspection, but also by analytical testing where necessary. Cleaning validation records constitute essential audit evidence demonstrating the effectiveness of allergen control.
Personnel awareness and training are critical for the sustainability of allergen management. Employees are expected to clearly understand the concept of allergens, cross- contamination risks, and their specific responsibilities. Periodic renewal of training programs and maintenance of participation records are elements frequently reviewed during audits.
There is a strong relationship between allergen management and labeling accuracy. Allergen risks that are not effectively controlled within processes may lead to serious consumer safety issues despite correct declarations on labels. Therefore, FSSC 22000 addresses allergen management not only as a legal obligation, but as a strategic control area for protecting consumer trust.
In FSSC 22000 audits conducted by Kioscert, allergen management and cross-contamination prevention measures are considered key indicators of an organizationâs commitment to consumer safety and process discipline. Consistent practices, current risk analyses, and effective monitoring mechanisms clearly demonstrate the level of compliance in this area.
In conclusion, allergen management and cross-contamination prevention measures are not merely technical control activities within the FSSC 22000 additional requirements; they represent strategic management components that support organizational responsibility and brand credibility. Disciplined and systematic management of this area ensures not only audit success, but also long-term consumer confidence.
Supplier Approval and Outsourced Process Controls
Within the scope of the FSSC 22000 additional requirements, supplier approval and control of outsourced processes represent a critical management area that extends the food safety management system beyond the organizational boundaries. In todayâs food supply chain, a significant portion of operations is carried out through raw material suppliers, service providers, and outsourced processes. This structure clearly demonstrates that food safety risks cannot be confined solely to internal practices.
Under the FSSC 22000 approach, the supplier approval process is not treated as a simple purchasing activity, but as a risk-based evaluation and monitoring mechanism. Factors such as the nature and intended use of raw materials, the supplierâs operational history, geographical location, and product integrity performance constitute key elements of this assessment. During audits, how these criteria are defined and the rationale behind approval decisions are examined in detail.
One of the most frequently observed deficiencies in practice is subjecting all suppliers to identical evaluation criteria. However, FSSC 22000 expects suppliers to be classified based on their risk profiles and control levels to be determined accordingly. Establishing more comprehensive evaluation and monitoring mechanisms for suppliers providing high-risk raw materials or critical process inputs is considered a positive practice during audits.
Risk-Based Supplier Management
Supplier approval and monitoring processes should be differentiated based on the supplierâs strategic importance and food safety risk level.
Outsourced processes under FSSC 22000 are not limited to situations where a portion of production is performed by another organization. Activities such as analysis, packaging, storage, transportation, pest control, and maintenance services are also considered outsourced processes. Each of these activities may have a direct or indirect impact on food safety and must therefore be systematically controlled.
From an audit perspective, the content of contracts plays a critical role in the control of outsourced processes. Food safety requirements, responsibilities, and performance expectations must be clearly defined within contracts or service agreements. These documents constitute key evidence demonstrating how outsourced activities are integrated into the organizationâs food safety management system.
Monitoring supplier performance is a complementary element of the approval process. Delivery compliance, analysis results, nonconformity notifications, and corrective actions are among the primary indicators used in this monitoring process. During audits, it is expected to observe that these indicators are systematically analyzed and that supplier status is re-evaluated when necessary.
One of the most common risks associated with outsourced processes is leaving control entirely to the service provider. The FSSC 22000 approach explicitly emphasizes that ultimate responsibility always remains with the certified organization. Therefore, organizations are expected to establish effective oversight and verification mechanisms over outsourced activities.
In FSSC 22000 audits conducted by Kioscert, supplier approval and outsourced process controls are considered key indicators of an organizationâs supply chain awareness and system integrity. A risk-based approach, up-to-date evaluations, and effective monitoring records clearly demonstrate the level of compliance in this area.
In conclusion, supplier approval and outsourced process controls are not merely administrative obligations within the FSSC 22000 additional requirements; they are strategic management tools that ensure food safety risks are managed throughout the supply chain. Disciplined and integrated management of this area supports not only audit success, but also sustainable supply chain security.
Labeling Accuracy and Traceability Tests
Within the scope of the FSSC 22000 additional requirements, labeling accuracy and traceability tests represent critical control areas that directly interface with the market and consumers. Labels constitute the primary source of information regarding product composition, allergen status, conditions of use, and legal compliance. Errors in labeling processes therefore create not only regulatory noncompliance, but also significant risks to consumer health and brand credibility.
Under the FSSC 22000 approach, labeling accuracy is not limited to the review of label design alone. Accurate identification of all components from raw materials to finished products, full reflection of process changes on labels, and consistency between product formulations and label content are fundamental elements of this control area. During audits, the mechanisms used to verify labeling information are examined in detail.
One of the most common deficiencies observed in practice is the execution of label approval processes only during the initial product launch, without maintaining them on an ongoing basis. However, FSSC 22000 requires labeling controls to be managed dynamically. Recipe changes, supplier revisions, or updates in legal requirements necessitate systematic re-evaluation of label content.
SourceâProduct Consistency
Labeling accuracy must be managed in full alignment with product formulations, raw material specifications, and process records.
Traceability is one of the most important systematic tools supporting labeling accuracy. Within the scope of FSSC 22000, traceability refers to the ability to track a product from raw materials through production, storage, and distribution. This structure enables rapid and accurate identification of affected batches in the event of a recall or nonconformity.
During audits, the effectiveness of traceability systems is evaluated through practical tests rather than desk-based record reviews alone. Backward and forward traceability tests demonstrate how effectively the organization operates its system under real scenarios. These tests must clearly show which raw materials were used, how batches are linked, and to which customers products were dispatched.
The relationship between labeling accuracy and traceability is another key focus during audits. Lot numbers, production dates, and batch information displayed on labels must be fully consistent with traceability records. This alignment supports both internal monitoring effectiveness and rapid response capability in potential crisis situations.
Personnel involvement in labeling and traceability processes is also evaluated during audits. Clear definition of roles and responsibilities, along with the implementation of double-check mechanisms at critical control points, is expected to reduce the risk of labeling errors. Training records and work instructions constitute key audit evidence for this process.
In FSSC 22000 audits conducted by Kioscert, labeling accuracy and traceability tests are considered key indicators of an organizationâs crisis management capability, regulatory compliance, and commitment to consumer safety. Consistent records, regular testing, and effective verification mechanisms clearly demonstrate the level of compliance in this area.
In conclusion, labeling accuracy and traceability tests are not merely operational control activities within the FSSC 22000 additional requirements; they are strategic management components that embody transparency, accountability, and reliability. Disciplined management of this area supports not only audit success, but also sustainable market trust.
Sustainable Control Structure for Surveillance Audits
The FSSC 22000 certification process is not limited to the initial audit; it is a dynamic structure in which the continuity and effectiveness of the system are verified through surveillance audits. In this context, establishing a sustainable control structure should be regarded not only as audit preparation, but as a strategic requirement that ensures daily operations are managed in a disciplined and predictable manner. Surveillance audits are fundamental evaluation tools that measure the systemâs performance and improvement capability over time.
The foundation of a sustainable control structure lies in the organization-wide adoption of risk-based thinking. Each of the additional requirements defined under FSSC 22000 must be periodically reviewed in line with changing risk conditions, and control mechanisms must be kept up to date. This approach allows surveillance audits to assess not only the current status, but also past performance and the level of preparedness for future risks.
One of the most frequently observed weaknesses in practice is treating audit activities as a periodic preparation process. However, FSSC 22000 adopts a management system approach in which audits are a natural outcome of continuous operations. Accordingly, internal audits, performance monitoring activities, and management review processes constitute integral components of a sustainable control structure.
Principle of Continuity
Preparation for surveillance audits should not be focused on audit dates, but supported by systematic controls implemented throughout the year.
The internal audit mechanism is one of the most important verification tools within a sustainable control structure. Internal audits are expected to evaluate not only compliance with procedures, but also the effectiveness of practices and their adequacy in addressing identified risks. Support of audit findings with root cause analyses and monitoring the effectiveness of corrective actions are among the elements closely reviewed during surveillance audits.
Performance indicators and measurement criteria enable the control structure to generate tangible outputs. Indicators defined in areas such as allergen management, food fraud, supplier performance, and traceability reveal both the strengths of the system and areas requiring improvement. Regular analysis of these data and their use as inputs for management decisions constitute core expectations of the FSSC 22000 approach.
The currency and accessibility of documentation represent another critical component of a sustainable control structure. Risk analyses, plans, and records related to the additional requirements must be revised in parallel with operational changes. During audits, it is expected to see that these updates are managed systematically and remain traceable.
Personnel involvement and awareness are among the key factors that ensure the control structure is effectively implemented in the field. Employees are expected to understand not only their individual responsibilities, but also their contribution to the overall food safety management system. Continuous training and communication activities play a vital role in maintaining this awareness.
In FSSC 22000 surveillance audits conducted by Kioscert, the sustainable control structure is considered one of the key evaluation criteria demonstrating system maturity and a commitment to continuous improvement. Planned monitoring activities, up-to-date analyses, and management support clearly indicate the level of compliance in this area.
In conclusion, a sustainable control structure for surveillance audits provides a strategic framework that ensures the long-term effective management of the FSSC 22000 additional requirements. Establishing this structure in a disciplined and integrated manner guarantees not only audit success, but also the continuity of the organizationâs food safety performance.