FSSC 22000

New protocol FSSC 22000 version 4

Protocol version 4

The protocol version 4, what exactly?


The FSSC 22000 certification is managed by a protocol published by the FSSC Foundation, which defines the different requirements applicable to certified companies, certification bodies and accreditation services.   This protocol has evolved towards version 4 in order to be in line with the requirements of the GFSI (Global Food Safety Initiative). FSSC certification is still based on ISO 22000 and the PRP standard. (Ex ISO TS 22002-1) (Food Manufacturing).

Change for our company

What are the changes that will affect our company?


The main changes to consider are:

The implementation of new requirements for the establishment of a Food Fraud and Food Defense systems.

  • Mandatory conduct of at least one of the unannounced surveillance audits.
  • Increasing the duration of audits with an average 4 – 8 hours per year and per site.
  • A change in the definition of non-conformities, with the appearance of critical non-conformity and the disappearance of the notion of "remark" or "recommendation". The definitions of major and minor non-conformities remain unchanged.

Critical non-conformity

What is a critical non-conformity?


It is a non-conformity that is observed when there is a direct consequence on food safety during the audit or when the legality and / or integrity of the certification is at stake.

Consequence of a critical non-compliance

What is the consequence of a critical non-compliance during a surveillance or re-certification audit?


Cela engendre une suspension immédiate du certificat. Mais l’audit sera finalisé comme prévu selon le plan d’audit. Un audit complémentaire devra être conduit dans une période maximale de 6 mois pour vérifier la clôture de la non-conformité critique.

Par contre si la non-conformité critique est constatée lors d’un audit de (re)certification ou un audit phase 2, c’est tout l’audit qui devra être refait.  

Mandatory changes

When will these changes become mandatory?


The version 4 protocol is applicable from 1st January 2018. This means that all the audits that will be carried out in 2018 will have to be done according to the new requirements.  

However, you can choose to "upgrade" your current certification to version 4, starting in October 2017.

Validity of current certificate

Is my current FSSC certificate still valid? And until when?


Your current certificate remains valid until the new version 4 certificate is established.

Next audit

My next audit, which is planned in 2018, is a surveillance audit, Should we do a re-certification for version 4?


If the 2018 audit is a surveillance audit (year 1 or 2), there is no requirement to recertify, but simply to perform the surveillance audit on dates agreed with your auditor, adding a few hours - more generally from 4 to 8 hours in order to audit the new requirements of V4. This audit will be called an "upgrade audit". You will receive a new contract demonstrating the additional time which will be valid for the balance of the initial certification cycle. Following this audit, if certification is maintained, ProCert will issue a new FSSC V4 certificate, with the same expiration dates as your current version 3 certificate.

Date for requirements of FSSC v4

We would like to obtain FSSC certification in 2017, do we have to apply the requirements of FSSC v4 ?


It is entirely possible to grant FSSC version 3 certification until 31 December 2017. In this case the audit phase 2 or the recertification audit must take place before 15 November 2017. The migration to the version 4 will then be carried out in 2018 during the surveillance audit.

Do not hesitate to contact your Market Manager for an offer in this regard.

Unannounced audits

Should unannounced FSSC V4 audits be conducted?


The new   protocol requires that at least one of the surveillance audits be unannounced. The company may decide that the two surveillance audits are unannounced.

Date for unannounced audits

When will the first unannounced audits take place with a current or ongoing FSSC 22000 version 3 certification?


It depends on the current certification FSSC 22000 version 3:

See attachement


Decision for unannounced audits

Who decides which audit will be unannounced?


It is up to the certification body to choose which surveillance audit will be unannounced. This is communicated to you when the certificate is issued an will be carried out 6-12 months after the last audit. You may decide to conduct the two unannounced surveillance audits.

Action plan still open

If the action plan has not yet been closed in a non-advertised monitoring audit, what happens?


The auditor will be able to renew the non-conformities still open in minor or major depending on the causes. We recommend that you close them within 6 months after the audit.  

Surveillance audit planned 2018, conducted in unexpected?

We are already FSSC certified, and our surveillance audit is planned for 2018, will it be conducted in unexpected?


No, in this case, your surveillance audit will be an "upgrade" audit, it will be conducted normally according to the scheduled dates.

However, if the audit of 2019 is also a surveillance audit, it will in this case be conducted an unannounced audit in accordance with the requirements of protocol version 4.

2018 process for a (re)certification audit

We have a (re)certification audit planned in 2018, what is the process to follow?


Your (re)certification audit will be conducted according to version 4 and new contract will be established with the new auditing durations. The 2018 audit will be planned and announced as usual but at least one of the monitoring audits in 2019 and / or 2020 will have to be carried out unannounced.

Combination with other types of audits

In general, can we continue to combine FSSC V4 audits with other types of audits, such as ISO 9001, ISO 14001, BRC or IFS?


Completely. The FSSC audits according to version 4 can be combined as usual, while respecting the specifications and requirements of the FSSC protocol. So these ISO type audits will be conducted as unannounced audits. This question must be still clarified before a new certification contract.

Combination with other types of audits for "unannounced" audits

We have subscribed to the "unannounced" option of the IFS and BRC audits, can they be combined with the FSSC V4 audits?


FSSC surveillance audits can be combined with an IFS and / or BRC audit, but recertification audits will always be announced and therefore can not be combined with an unannounced audit.   Here is an example of a certification cycle:

  • 2018: Two different audits; An announced FSSC recertification audit and another IFS and / or BRC unannounced audit.
  • 2019 and 2020, one audit per year, combined FSSC / IFS/BRC unannounced audit.

Unannounced audit: Site is shut down & no one is abailable

If, on the day of the unannounced audit, no one is available or the site is completely shut down, what does V4 mean?


The FSSC protocol does not have specific rules on this subject, but ProCert invites you to communicate to your Market Manager the planned days during which an unannounced audit cannot take place. This should inculde aspects such as shut downs due to maintenance, annlual closures or any other important events. Nevertheless, it is also important to know that as long as the manufacturing lines are working, the audit could take place.

One of the lines is stopped & a person is not available

If one of the lines is stopped on the day of the unannounced audit? Or a person is not available?


Since the audit must start with the site and manufacturing facility visit, it is essential that the auditor assess these aspects immediately, however, it is not mandatory that all products are in the process of being manufactured, The audit can take place on at least one of the lines.

Also, if a key person is absent, his or her replacement may be audited in his place.

Seasonal production

Our process is seasonal, and our site is only in production during a variable period of the year, can we still subscribe to the unannounced audit


The FSSC surveillance audit must be conducted in an unannounced manner, it is not an option. In your case the production period must be communicated in advance to ProCert in order to perform the audit under the required conditions.

Central processes on headquarters & manufacturing sites

We have several manufacturing sites and a headquarters that manages the central processes, how will the unannounced audits be organized?


The head office that manages central functions or processes will always be audited normally, with an announced and planned audit. The production sites will have unannounced audits as required by the FSSC V4 protocol. It is recommended that the head office audit be carried out first.

Main and secondary sites

We have a main site (manufacturing, storage and shipping) with two other secondary sites: one site that does only the primary packaging, and another one for storage. Will these secondary sites be audited in unannounced?


Secondary sites considered as off-site as well as off-site storage premises must also be subject to an unannounced audit with the main site. (Same audit, same report).

Cycles for auditors

Does the new protocol impose cycles for auditors?


Yes, the new protocol requires that an auditor can only carry out two certification cycles. The same auditor will be able to audit the same company only 6 times. This cycle starts for audits in version 4, this rule is not retroactive. For comparison, other standards impose a cycle of three consecutive years.


What is FSSC Q?


This is a combined certification, FSSC 22000 and ISO 9001.

Q for Quality. The audit is performed by the same auditor, in accordance with the requirements of both standards, as well as the additional requirements of the FSSC protocol.

When certification is granted, a certificate "FSSC 22000-Quality" is published.

Food Fraud

What is the meaning of Food Fraud?

Definition of Food Fraud Prevention (Part 0: Definitions) :”The process to prevent food and feed supply chains from all forms of economically motivated, intentional adulteration that might impact consumer health” That’s mean, intentional adulteration that might impact only food quality (without any impact consumer health) will be not assessed during FSSC 22000 audit, Ex: extra virgin olive oil cut with cheap olive oil, or foods advertised as containing beef were found to contain undeclared or improperly declared horse meat.


The primary focus of FSSC 22000 is consumer health. Quality is also additionally included with FSSC 22000-Q.

The examples that you give do have an impact on consumer health. Horse-meat can contain residues which are harmful for consumer health. Cheap olive oil (depending on its origin) can contain residues that have an effect on human health. Intentional adulteration always has a potential effect on human health or product integrity (consumer trust).
Intentional adulteration shall therefor always be taken into consideration with regard to food fraud.