ISO Certification Guide

Saturday 31 December 2011

OHSAS 18001: Occupational Health & Safety Management System

In the changed industrial scenario, an emphatic worldwide endeavour is visible in improving quality in all functions of an organization1. Recognizing that the workplace safety and health is a decisive factor in an organizational effectiveness, several management frameworks have been proposed to implement cost effective occupational health and safety (OHS) in preventing workplace ailments and promoting health and welfare of workers revolving around the International Standards Organization families of management standards (eg. ISO 9000 and ISO 14000)2-3. Broadly, an ideal OHS management system (OHSMS) should provide a structured process to minimize potentials of work-related injuries and illnesses, increase productivity by reducing the direct and indirect costs associated with accidents, and increase the quality of manufactured products and/ or rendered services. It must provide a direction to OHS activities, in accordance with the organizational policies,
regulatory requirements, industry practices and standards, including negotiated labour agreements.
Therefore, conforming to an OHSMS may be of significant value to an organization. This approach has drawn significant attention among the standards organizations, the accreditation and certification bodies and the national agencies in formalizing, implementing and evaluating OHSMS. This write-up gives an account and analysis of the OHSMS development, including its scope in the context of our diverse employment sectors.
What is OHSAS 18001?

An Occupational Health & Safety Management System is a framework that allows an organization to consistently identify and control its health and safety risks, reduce the potential for accidents, aid legislative compliance and improve overall performance.
OHSAS 18001 is the assessment specification for Occupational Health & Safety Management Systems. It was developed in response to the need for companies to meet their health and safety obligations in an efficient manner.
The following key areas are addressed by OHSAS 18001:
  • Planning for hazard identification, risk assessment and risk control
  • OHSAS management programme
  • Structure and responsibility
  • Training, awareness and competence
  • Consultation and communication
  • Operational control
  • Emergency preparedness and response
  • Performance measuring, monitoring and improvement
Who is it relevant to?

OHSAS 18001 can be adopted by any organization wishing to implement a formal procedure, which will reduce the risks associated with health and safety in the working environment for employees, customers and the general public.
In a competitive market place, customers are looking for more than just keen pricing from their suppliers. Companies need to demonstrate that their businesses are managed efficiently and responsibly and that they can provide a reliable service without excessive downtime caused by work related accidents and incidents.
Whatever the nature or size of your business, implementing an occupational health and safety management system is common sense as well as a legal requirement in many countries worldwide.
Whilst the British and International Management System Standards are autonomous, they are more compatible than ever before. Integrating your systems give limitless potential while adding value and efficiency to any organization. BSI has developed the practical solution for those organizations seeking an integrated management system
What are the benefits?
Assessment to OHSAS 18001 will ensure that you take the effective measures and implement the necessary rigorous controls to ensure that you have identified and are managing the safety and risks associated with your work activities.
Registration to OHSAS 18001 will not only help you enhance your business performance, but also has the following benefits:
·         Reduce risk
Improved safety levels by controlling hazards and risks
Better management of health and safety risks, now and in the future
·         Gain competitive advantage
Demonstrate your commitment to health and safety to stakeholders
·         Improve overall performance
Underline your commitment to an innovative and forward thinking approach
Improved operational efficiency through accident management reduction and reduction in downtime
·         Reduced costs for insurance premiums, compensation or penalties for breach of legislation.

Safety Management System (SMS) Audit
The sample audit and safety inspection checklists contained herein are designed to help you evaluate the quality of your company’s safety management system design and performance. It should be revised as need to best meet your organization's needs. SMS audits should be reviewed at least annually to look at each of the critical components of the SMS to determine what is working well and what changes, if any, are needed. When you identify needs that should be addressed, you have the basis for a new safety and health objective for program improvement. This audit does not replace any provision, standard, or rule contained in the OSHAct of 1970.

 Does the company have a comprehensive written safety and health program that addresses the following key elements:
1. Management commitment;
2. Employee involvement;
3. Management and labor accountability;
4. Incident and accident investigation policy and procedures;
5. Safety training;
6. Hazard identification and control; and
7. Periodic program review.
____ Has responsibility for developing and monitoring the safety and health program been delegated to a person or office?
____ Has responsibility for carrying out the safety and health program been assigned to all levels of the line organization (managers and supervisors) and employees?
____ Are managers and supervisors carrying out their safety and health supervision, training, and enforcement responsibilities?
____ Are employees carrying out their safety and health compliance and reporting responsibilities?
____ Is there an accountability system for ensuring managers and supervisors carry out their safety and health supervision, training and enforcement responsibilities?
____ Is there an accountability system for ensuring employees comply with safety and health rules and hazard/injury reporting responsibilities?
____ Is there a system that provides communication with affected employees on occupational safety and health matters (meetings, training programs, posting, written communications, a system of hazard reporting, etc.)?
____ Does the communication system include provisions designed to encourage employees to inform the employer of hazards at the work site without fear of reprisal?
Is there a system for identifying and evaluating workplace hazards whenever new substances, processes, procedures or equipment are introduced into the workplace, and whenever the employer receives notification of a new or previously unrecognized hazard?
____ Are periodic inspections for safety and health scheduled and carried out by managers and supervisors, and the safety committee?
____ Are inspection records kept which identify unsafe conditions and practices?
____ Is there an incident and accident investigation program?
____ Are unsafe and unhealthful conditions and work practices corrected immediately, with the most hazardous exposures corrected first?
____ Do employees know the safety and health hazards specific to their job assignments?
____ Is training provided to all employees when they are first hired and when they receive new job assignments?
____ Are training needs of employees evaluated whenever new substances, processes, procedures, or equipment are introduced into the workplace, and whenever the employer received notification of a new or previously unrecognized hazard?
____ Are records kept documenting safety and health training for each employee by name or other identifier, training dates, types of training, and training provider?
____ Does the employer have a labor-management safety and health committee?


Safety Inspection Checklists
Since OSHA regulations are quite extensive, these audits are by no means all inclusive. You should add to them or delete items which don’t apply to your operations. More information regarding rules which may apply to your workplace is available from Federal or State OSHA.

Abrasive Wheel Equipment Grinders
Additional VDT Workstation Criteria
Chemical Exposures
Compressed Gas and Cylinders
Compressors and Compressed Gas
Confined Spaces
Cranes and Hoists
Electrical Safety
Elevated Surfaces
Emergency Action Plan
Environmental Controls
Ergonomics
Exit or Egress
Exit Doors
Eye Protection
Fire Protection
Flammable and Combustible Materials
Floor and Wall Openings
General Work Environment
Hand Tools and Equipment
Hazard Communication
Hearing Conservation
Identification of Piping Systems
Industrial Trucks - Forklifts
Infection Control
Injury and Illness Prevention Program
Lockout/Tagout Procedures
Machine Guarding
Materials Handling
Medical Services and First Aid
Noise
Personal Protective Equipment and Clothing
Posting
Portable Ladders
Portable (Power-operated) Tools and Equipment
Recommended VDT Workstation Criteria
Recordkeeping
Safety Committees
Spray Finishing Operations
Stairs and Stairways
Tire Inflation
Transporting Employees and Materials
Ventilation for Indoor Air Quality
Video Display Terminals
Walkways
Welding, Cutting and Brazing
 

Monday 26 December 2011

ISO 27001:2005 Certification

ISO 27001:2005
ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following:
§  use within organizations to formulate security requirements and objectives;
§  use within organizations as a way to ensure that security risks are cost effectively managed;
§  use within organizations to ensure compliance with laws and regulations;
§  use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;
§  definition of new information security management processes;
§  identification and clarification of existing information security management processes;
§  use by the management of organizations to determine the status of information security management activities;
§  use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization;
§  use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons;
§  implementation of business-enabling information security;
§  Use by organizations to provide relevant information about information security to customers.

CHECK POINTS FOR ISO 27001:2005
(a)     the legal or regulatory and contractual security obligations?
(b)   strategic risk management established and maintained of ISMS ?
(c)    the risk assessment approach defined in the organization?
(d)   the risk analysis and evaluate and its treatment? Give one example?
(e)    control objective and control risk treatment defined?
(f)    risk treatment plan is established?
(g)    the improvement matrix defined in the organization for ISMS?
(h)   risk assessment methodology Procedure
(i)     Routine & non-routine activities,
(j)     Control of document
(k)   Control of records
(l)     Management commitment procedure
(m) Management legal entity defined in ISMS manual?
(n)   Technological options.
(o)   Financial, operations & business requirements.
(p)   Views of interested parties.
(q)   Can competence to perform tasks that may impact on ISMS in the workplace be demonstrated?
(r)     Operating Procedures Do the Procedures take into account differing levels of responsibility, ability, literacy and risk ?
(s)    Performance measurement and monitoring Procedure

Is there evidence to show that the system complies with planned arrangements and ISO 27001?

Does the Audit Procedure cover the scope, frequency, methodologies, competencies, responsibilities and requirements for conducting audits and reporting results?

Are personnel conducting audits independent of those having direct responsibility for the Organisation?

Management Review

Is the ISMS Management System reviewed at determined intervals?

Does the review cover the System’s continuing suitability, adequacy effectiveness?

Are reviews documented?

Does the review process ensure that the necessary information is collected to allow Management to carry out the evaluation?

Does the review address the possible need for changes to Policy, objectives and other elements of the ISMS Management System ?

Continual Improvement:-
-does the continual improvement system is established in the orianization?

-does the continual improvement procedure established?
Corrective Acotion & Preventive Action:-

-Does company ha established the procedures for Corrective and preventive actions?

-          Does all the records found for corrective and preventive action?
-          Does analysis has performed for corrective and preventive actions?


Overview of an ISMS
Information security is the protection of information to ensure:
Confidentiality: ensuring that the information is accessible only to those authorized to access it.
Integrity: ensuring that the information is accurate and complete and that the information is not
modified without authorization.
Availability: ensuring that the information is accessible to authorized users when required.
Information security is achieved by applying a suitable set of controls (policies, processes, procedures,
organizational structures, and software and hardware functions).
An Information Security Management System (ISMS) is way to protect and manage information based on
a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and
improve information security. It is an organizational approach to information security.
ISO/IEC publishes two standards that focus on an organization’s ISMS:
The code of practice standard: ISO/IEC 27002 (ISO/IEC 17799). This standard can be used as a
starting point for developing an ISMS. It provides guidance for planning and implementing a program
to protect information assets. It also provides a list of controls (safeguards) that you can consider
implementing as part of your ISMS.
The management system standard: ISO/IEC 27001. This standard is the specification for an ISMS.
It explains how to apply ISO/IEC 27002 (ISO/IEC 17799). It provides the standard against which
certification is performed, including a list of required documents. An organization that seeks
certification of its ISMS is examined against this standard.
These standards are copyright protected text and must be purchased. (For purchasing information, refer to
section 1, “Purchase ISO standards.”)
The standards set forth the following practices:
All activities must follow a method. The method is arbitrary but must be well defined and
documented.                      
A company or organization must document its own security goals. An auditor will verify whether these
requirements are fulfilled.
All security measures used in the ISMS shall be implemented as the result of a risk analysis in order
to eliminate or reduce risks to an acceptable level.
The standard offers a set of security controls. It is up to the organization to choose which controls to
implement based on the specific needs of their business.
A process must ensure the continuous verification of all elements of the security system through
audits and reviews.
A process must ensure the continuous improvement of all elements of the information and security
management system. (The ISO/IEC 27001 standard adopts the Plan-Do-Check-Act [PDCA] model as
its basis and expects the model will be followed in an ISMS implementation.)
These practices form the framework within which you will establish an ISMS. The sections that follow
describe the steps involved in establishing an ISMS.
Note: It is important to remember that although this guide provides examples, the implementation of an ISMS
is process-based and specific to your organization. Consider using the guide and examples as a starting
point of discussion within your organization, rather than as a set of templates.

Thursday 15 December 2011

HACCP Certification

Contents
What is HACCP?
Principles of HACCP
Implementation of HACCP
HACCP and ISO 9000

1. What is HACCP?
HACCP is an abbreviation for the Hazard Analysis Critical Control Point system,
which is synonymous with food safety management. It is “a system which identifies,
evaluates, and controls hazards which are significant for food safety.” HACCP is a system
that gives confidence that food safety is being managed effectively. The system looks for
hazards, or anything that could go wrong regarding product safety, and implements controls
subsequently to ensure that the product will not cause harm to the consumer.
HACCP was developed originally as a microbiological safety system in the early days
(1960s) of the US manned space programme, as it was vital to ensure the safety of food for
astronauts. The Pillsbury Company working alongside the National Aeronautics and Space
Administration (NASA) of the United States and the US Army Laboratories developed the
original system.
A “hazard” as used in the HACCP system is defined as “a biological, chemical or
physical agent in, or condition of food, with the potential to cause an adverse health effect”.
A “Critical Control Point” (CCP) is “a step at which control can be applied and is essential to
prevent or eliminate a food safety hazard or reduce it to an acceptable level”.
HACCP is based on the principle that hazards affecting food safety can be either
eliminated or minimized by prevention during production rather than by inspection of the
finished product. Its goal is to prevent hazards at the earliest possible point in the food chain.
The HACCP approach can be applied right from harvest to the point of consumption. Adding
HACCP to traditional inspection and quality control activities would lead to a preventive
quality assurance system in a company. Companies using the HACCP system will be able to
provide greater confidence about food safety to consumers as well as to food regulatory
authorities.
In many food processing industries established ways of operating, including methods of
food processing and handling have become entrenched. The application of HACCP may
require a fundamental change in the culture or attitudes of those involved in food processing.
A good example is the need to establish a written procedural manual and for written records.
In many industries there is no tradition of written procedures or records of quality or safety
parameters, indeed the skill of the individual in many food processing situations is what is “in
their head”. HACCP requires a fundamental change in attitudes, focused record keeping and
documentation, even though many of the procedures to be documented themselves may
remain unchanged. Similarly, those attempting to implement HACCP may find it difficult to
grasp the concept of risk-based food safety controls, particularly if they have been
accustomed to controls based on pre-specified physical parameters that may bear little
resemblance to the particular characteristics of the food processing operation in which they
are involved. It is very important that all the people working in the company understand the
HACCP system and that they maintain it. The adoption of HACCP simply to satisfy a
regulatory requirement has the potential to lead to failure in that company.
The HACCP system and guidelines for its application were developed by the Codex
Committee for Food Hygiene on the Codex Alimentarius Commission, a joint Food
Standards Programme of the Food and Agriculture Organization (FAO) of the United
Nations, and the World Health Organization (WHO). The HACCP system and guidelines
were published in 1993 and revised in 1997.
4
2. Principles of HACCP
The HACCP system consists of seven principles, which outline how to establish,
implement and maintain a HACCP plan for the operation under study.
Principle 1
Conduct a hazard analysis. Identify potential hazards associated with all stages of the
production, using a flow diagram of the steps in the process. Assess the likelihood of
occurrence of the hazards, and identify preventive measures for their control.
Principle 2
Identify/Determine the CCPs. Determine the points/procedures/operational steps that can be
controlled to eliminate the hazards, or minimize the likelihood of occurrence, or reduce the
hazards to an acceptable level.
Principle 3
Establish Critical Limits (target levels and tolerances), which must be met to ensure the
CCPs are under control. They must involve a measurable parameter and may also be known
as the absolute tolerance or safety limit for the CCP.
Principle 4
Establish a system to monitor control of the CCP by scheduled testing or observation.
Principle 5
Establish the corrective action to be taken when monitoring indicates that a particular
CCP is moving out of control. Corrective action procedures and responsibilities for their
implementation need to be specified.
Principle 6
Establish procedures for verification to confirm that the HACCP system is working
effectively. Verification procedures must be developed to maintain the HACCP system and
ensure that it continues to work effectively.
Principle 7
Establish documentation concerning all procedures and records relating to the
application of these principles. Records must be kept to demonstrate that the HACCP
system is operating under control and that appropriate corrective action has been taken for
any deviations from the Critical Limits.
HACCP is not a “stand-alone” system. Good hygiene practices and other prerequisites
for food processing as well as strong management commitment are also necessary; HACCP is
not a substitute for these. Training is another essential requirement for a successful HACCP
system. As an aid to developing specific training to support a HACCP plan, prepare working
instructions and procedures that define the tasks of the operating personnel at each critical
control point.
5
3. Implementation of HACCP
HACCP is a system that assists organizations to identify potential food safety hazards
in the entire food supply chain and to take preventive measures for their control. HACCP
focuses on the prevention of hazards rather than relying on end product testing. The
following sequence of 12 steps, included in the guidelines developed by the Codex
Committee on Food Hygiene, is the recommended approach to develop a HACCP
programme.
Step 1: Assemble HACCP team
Set up a multi-disciplinary team that includes representatives from production, sanitation,
quality control, food microbiology, etc. This team should be assigned specific segments of
the food chain to be covered in the HACCP system, and be entrusted with developing a
HACCP system as described from Step 2 onwards. Top management must give its full
support to the team. If the required expertise is not available within the company, bring in
help from a consultant.
Step 2: Describe product
Draw up a full description of the product for which the HACCP plan is to be prepared,
including product composition, structure, processing conditions, packaging, storage and
distribution conditions, required shelf life, instructions for use, etc.
Step 3: Identify intended use
Identify the intended use of the product by the end-user or consumer. You need to determine
where the product will be sold as well as the target group (e.g. institutional catering, homes
for senior citizens, hospitals, etc.).
Step 4: Construct flow diagram
You need to carefully examine the product/process and produce a flow diagram around which
to base the HACCP study. Whatever the format you choose, study all the steps involved in
the process – including delays during or between the steps from receiving the raw material to
placing the end-product on the market – in seque nce, and present them in a detailed flow
diagram with sufficient technical data. In the diagram, you might also want to include the
movements of raw materials, products, wastes, a plan of working premises, equipment layout,
product storage and distribution, and of employee moves or changes.
Step 5: On-site confirmation of flow diagram
The HACCP team should confirm the processing operation against the flow diagram during
all stages and hours of operation and amend the flow diagram if necessary.
Step 6: List all potential hazards associated with each step, conduct a hazard analysis,
and consider any measures to control hazards
Using the flow diagram, the team should list all the hazards – biological, chemical or physical
– that may reasonably be expected to occur at each process step, and describe the preventive
measures that can be used to control such hazards (for example, the use of air curtains, hand
and feet washing at entrance to processing areas, wearing of head gear, use of good
manufacturing practices [GMP]/standard operating procedures [SOP]/ sanitation standard
operating procedures [SSOP], etc.).
6
Step 7: Determine Critical Control Points (CCPs)
You may wish to use a decision tree with “yes” or “no” answers to facilitate the
determination of CCPs (See Annex A). When applying the decision tree, you need to remain
flexible and use common sense to avoid, wherever possible, unnecessary control points
throughout the whole manufacturing process. If you identify hazards at a step where control
is necessary for safety and no preventive measures exist at that step, you need to modify the
process at that step, or at an earlier or a later stage, to include a preventive measure. For
example, in a slaughterhouse, covering carcasses with a sanitized cloth to preve nt infection
by flies is a preventive measure at the carcass stage, which substitutes for a preventive
measure such as washing the prepared meat at the next stage, as it will not be possible to
disinfect the meat at this stage, i.e., during cutting or mincing operations.
Step 8: Establish critical limits for each CCP
You need to establish critical limits for each CCP. They are normally derived from
specifications included in the food legislation of a country or in national or international
standards (e.g. moisture levels in milk powder, or pH level and chlorine limit in potable
water, etc.). When limits are not taken from regulatory standards (e.g. frozen storage
temperature) or from existing and validated guides of good manufacturing practices, the
HACCP team should ascertain the validity of such limits relative to the control of identified
hazards and critical points.
Step 9: Establish a system of monitoring each CCP
Monitoring is the scheduled measurement or observation of a CCP to determine conformance
to its critical limits. The monitoring procedures must be able to determine loss of control, if
any, at the CCP (e.g. improper control of the temperature that may lead to faults in the
functioning of a pasteurization unit in a dairy plant). Monitoring for CCPs needs to be done
rapidly, as they later relate to on-line processes, and there is usually no time for lengthy
analytical testing. Physical and chemical measurements are often preferred as these can be
done rapidly and can frequently indicate microbiological control of the product.
The programme of observations or measurements should properly identify for each critical
point:
·  Who is to perform monitoring and checking;
·  When monitoring and checking are performed; and
·  How monitoring and checking are performed.
All records and documents associated with monitoring CCPs must be signed by the person(s)
doing the monitoring.
Step 10: Establish corrective actions
The HACCP team should develop specific corrective actions and document them in the
HACCP plan for each CCP in the HACCP system so that they can deal with deviations when
they occur. Such corrective action should include:
·  Proper identification of the person(s) responsible for implementation of a corrective
action;
·  Actions required to correct the observed deviation;
·  Action to be taken with regard to products manufactured during the period when the
process was out of control; and
7
·  Written records of measures taken.
The actions must ensure, for example, that the CCP has been brought under control, that
procedures or conditions that created the out-of-control situation have been corrected, and the
food affected, disposed off safely, etc.
Step 11: Establish verification procedure
Develop a verification procedure to ensure that the HACCP system is working correctly. The
procedure should include the frequency of verification, which should be conducted by a
responsible and independent person. Examples of verification include auditing methods,
random sampling and analysis, etc.
Step 12: Establish documentation and record keeping
The HACCP system requires efficient documentation and accurate record keeping. For
example, hazard analysis, identified CCPs and their limits (including revisions, if any) should
be documented. Examples of records are CCP monitoring records, records of deviation found
and corrective action taken on them, etc.

HACCP and ISO 9000
The food industry is highly regulated by local, national and international laws relating
to food safety. More so, consumers are very careful in their buying decisions relating to raw
or processed foods. Consumers usually feel more confident when they have evidence of
quality management during the manufacturing of food and drink products, in addition to
supervision by food regulators.
The ISO 9000 family of standards is generic in nature and has been developed to assist
organizations of all types and sizes that wish to implement and operate a quality management
system (QMS). There are no restrictions on its implementation by any sector of industry,
including the food and drink industry. Large and small companies that process and/or
package food products worldwide have implemented ISO 9000 and obtained third-party
certification. These companies may also use HACCP or similar systems as part of their
quality assurance system. Some companies are using both ISO 9000 and HACCP as an
integrated food safety and quality management system.
ISO 9000 focuses on customer needs and expectations, and one of the most important
customer expectations is to have safe food products. Applying HACCP within an ISO 9000
QMS can result in a food safety system that is more effective than applying ISO 9001 or
HACCP separately. The emphasis of both systems is prevention rather than correction of
problems or deficiencies after they occur. A company implementing a HACCP system does
not have to comply with ISO 9001 but it is desirable.
The seven principles of HACCP can be integrated with ISO 9001:2000 requirements, as
explained below:
QMS documentation
When developing documentation for ISO 9001 (such as a Quality Manual, quality
system procedures, work instructions, quality plans, etc.), also take into account HACCP
Principle 7, which requires you to establish documentation on all procedures and records, to
ensure that requirements concerning food safety aspects are integrated at the documentation
stage.
9
Management responsibility
When defining the requirements conce rning management responsibility (e.g. quality
policy, quality objectives, planning, customer focus, communication, responsibility and
authority), you can incorporate the requirements of Principle 1 (conducting a hazard
analysis), Principle 2 (determining critical control points [CCPs]) and Principle 4
(establishing a system to monitor CCPs).
For example:
·  In the quality policy, stress that the organization is fully aware of its problems within the
food chain, by referring to food production, hygiene and safety;
·  Consider the HACCP plan while carrying out QMS planning; and
·  Make all personnel aware of the role they play in achieving stated policies and
objectives and in meeting customer requirements for both food safety and quality.
Resource management
When managing resources for ISO 9000 (e.g. human resources, infrastructure, work
environment, and other services), ensure that you have provided resources for preventing
hazards (HACCP Principle 1) and resources to monitor the control of CCPs (Principle 4). For
example:
·  The design and maintenance of the work area has a major effect on food safety;
·  Appropriate maintenance of equipment can also ensure that hazards do not affect the
food production process;
·  Effective sanitary and hygiene conditions in the processing area, including drainage,
pest control, segregation of wastes, health screening of employees, provision of
appropriate work wear (coats, boots, head gears, etc.) are essential for food products.
Product realization processes
In your product realization processes (e.g. planning, identification and review of
customer requirements, design and development, purchasing and operational controls), you
can integrate several HACCP principles, e.g. Principle 1 (identifying hazards), Principle 2
(determining CCPs), Principle 4 (establishing a system to monitor control of CCPs), etc. For
example:
·  Incorporate the HACCP study and CCPs into the product realization planning process.
·  Identify potential users and consumers for each product. Give careful consideration to
the special requirements of groups of consumers such as babies, children, patients,
elderly people, etc.
·  Determine specific customer and regulatory requirements such as control limits of
pesticides, residues, and heavy metals; test methods, etc.
·  Make food safety paramount when developing new products. Consult regulatory
requirements relating to the product during product development.
10
·  In purchasing processes, check suppliers’ capability to adhere to critical limits at critical
control points for raw materials, equipment, cleaning chemicals, transport services,
laboratory testing services, warehousing, distribution, etc.
·  In your HACCP plan, include the identification of product and its traceability at each
stage of processing to ensure compliance with legal requirements for batch/lot
traceability control on raw materials and packaging materials.
·  Include controls identified in your HACCP plan for storage handling, delivery
conditions of the product including temperature/humidity control, shelf life, hygiene,
and infestation controls.
·  Processes such as pasteurization and sterilization, require well-defined process
conditions, trained personnel, adequate machinery and equipment to reduce reliance on
end-product testing.
·  The verification of measuring and monitoring devices in the food industry is crucial, and
may require data from inter-laboratory studies.
Measurement, analysis and improvement
In measuring, analyzing and improving the processes of ISO 9000, you can address
HACCP Principle 3 (establishing critical limits), Principle 4 (establishing a system to monitor
control of CCPs), Principle 5 (establishing corrective action) and Principle 6 (establishing a
verification procedure to check effective operations).
·  A monitoring plan is the output of a HACCP plan. It should include monitoring of
product, process, services, environmental aspects concerning food safety, etc. Measurement
and monitoring records are the backbone of a documented HACCP system, as the records
provide evidence that a product is within defined acceptance limits.
·  The overriding principle behind the establishment of a HACCP system is to ensure that
products are produced safely. It is argued that “after-the-fact inspection” will not contribute
to this principle, and therefore gathering information as to whether the controls identified
and executed have been successful or not is extremely important. The results of the
monitoring exercises will show whether the control steps have been effective.
General
The QMS requirements of training, internal audit and management review ensure the
effective operation and measurement of the HACCP system through internal audit; periodic
review of audit results and other data by top management ensures that the HACCP system
will continue to provide the des ired results, i.e. the provision of safe food to its consumers.
The HACCP approach and the ISO 9000 QMS are complementary. For companies that
have not yet settled on setting up a QMS but have decided to adopt HACCP for controlling
food safety requirements, it is advisable to first develop a HACCP system and then integrate
it into a QMS, when the company decides to adopt ISO 9000. Those companies that have
11
already set up a QMS conforming to ISO 9001 may use the HACCP approach to upgrade
their quality planning to include food safety issues, if this has not already been done.
National HACCP system standards
National HACCP system standards have been developed in many countries.
Certification bodies provide third-party certification to companies that implement such
standards. For example, Det Norske Veritas (DNV), an international certification body,
provides an accredited Food Safety Management System certification to Danish Standard DS
3027, Requirements of Food Safety according to HACCP.
The Bureau of Indian Standards (BIS) provides two certification schemes to the food
industry, the first for a HACCP system alone, and the second for a combined HACCP and
ISO 9000 system:
·  Food Safety Certification against Indian Standard IS 15000:1998,Food Hygiene - Hazard
Analysis and Critical Control Point (HACCP) - System and Guidelines for its Application.
·  The HACCP-based Quality Management System Certification provides for two
certifications through one audit; certification of the quality system to Indian Standard IS/ISO
9000, and certification of HACCP to IS 15000:1998.
5. HACCP in international trade
It is important for SMEs in the food processing business to use HACCP: firstly because
of internal benefits like reducing the risk of manufacturing and selling unsafe products and
thus providing better confidence to consumers; and secondly, because food regulatory
authorities in many countries are adopting or likely to adopt HACCP as a part of their food
regulations. By implementing HACCP, you will have opportunities to e xport to such markets.
Some examples are given below:
·  In the United Kingdom, the Food Safety Act, 1990, and the Food Hygiene Inspection
Codes of Practice both include HACCP.
·  Canada has developed a Food Safety Enhancement Programme (FSEP) to encourage the
establishment of HACCP -based procedures in all registered establishments in the agricultural
and food processing sectors.
·  The Australian Quarantine and Inspection Service (AQIS) has developed a new
inspection system known as Food Hazard Control System (FHCS).
·  In the USA, the Food Adviser to the Center for Food Safety and Applied Nutrition has
recommended that the US Food and Drug Administration (FDA) encourage and eventually
require HACCP for the entire food industry. The FDA revised the Food Code in 1993,
making it compatible with HACCP concepts. From December 1997, all fish and fishery
products produced and marketed in the USA have had to comply with HACCP requirements.
FDA verifies HACCP plans prepared by producers. This also applies to imports of fish and
fishery products into the USA. Importers are required to obtain HACCP plans from the
concerned producers (exporters) in the exporting country and submit them to FDA for
verification. In addition, many HACCP principles are already in place in the FDA-regulated
12
low-acid canned food industry. The juice industry is subject to HACCP regulation according
to a staggered schedule since January 2002. The US Department of Agriculture has required
the use of HACCP in meat and poultry processing plants since Janua ry 1999. FDA published
the Fish and Fishery Products Hazards and Controls Guide in September 1996 to assist
processors in the development of their HACCP plans, identify hazards and formulate control
strategies for those hazards. FDA is now considering deve lopment of regulations that would
establish HACCP as the food safety guideline throughout other areas of the food industry.
·  In the European Union (EU), EU Council Directive No. 93/43/EEC of 14 June 1993 on
Hygiene of Foodstuffs requires that food business operators should develop HACCP -based
systems for ensuring food safety. This Directive further suggests that member states may
develop codes of practice for specific food industries and adopt EN 29000 (the European
equivalent of the ISO 9000 series) to implement the general rules of hygiene and guides to
good hygiene practices. The European Commission Decision of 20 May 1994 (94/356/EC)
requires a system of “own checks” for the production and sale of fishery products in EU
countries. This decision also applies to imports. “Own check” means all those actions aimed
at ensuring and demonstrating that a fishery product satisfies the requirements of the above
decision. The “own check” included in this decision contains HACCP requirements. The EU
has also decided that HACCP plans prepared by producers/exporters are verified by an
authority nominated by the European Union. For example, in India, EU authorities have
nominated the Export Inspection Council, a statutory body under the Ministry of Commerce,
to verify exporters’ HACCP plans.
·  HACCP third-party certification on a voluntary basis exists in Australia, New Zealand,
some countries of Europe, India, Brazil, etc. It has also started in some countries in the
Middle East, South Asia and Latin America.
As shown above there are many different ways in which HACCP as a concept is
implemented into regulatory food safety requirements. In some cases, for example the United
States, detailed HACCP plans may be specified, the basic elements of which food processors
must translate and implement in their own operations. In other cases there may be a general
requirement to implement HACCP -based food safety controls, for example for certain
products in the European Union. In such cases, food processors must demonstrate that they
have an effective HACCP system in place, although the specific way in which the system is
implemented and operated is flexible. Further, in some cases a full seven-point HACCP
system may be required, including verification, whilst in others a six-point system, without a
specific requirement for verification, may be required. It should be emphasized, however, that
a properly implemented HACCP system, which will continue to operate effectively over
time, requires the full seven steps.
13
ANNEXES
A. Example of decision tree to identify CCPs
14
B. List of selected websites where information about HACCP can be obtained
Ø Codex Alimentarius Commission of the Food and Agricultural Organisation (FAO)
of the United Nations. http://www.codexalimentarius.net. This site contains
information on Codex Standards as well as other standards including HACCP.
Ø U.S. Food and Drug Administrat ion web site available from
http://vm.cfsan.fda.gov/~lrd/haccp.html. This site gives useful information on
HACCP principles and application guidelines.
Ø National Center for Food Safety and Technology (NCFST) - Consortium of
academia, industry, and government working together in Illinois, USA, to ensure the
safety and quality of the nation's food supply. http://www.iit.edu/~ncfs/
Ø The Society for Food Hygiene Technology in the United Kingdom. A group of
professional people who recognised the need for an organisation to cover the interests
and views of everyone involved in food hygiene in its widest application throughout
the food chain. http://www.sofht.co.uk
Ø The Seafood Network Information Centre web site providing information
including generic HACCP plans and current progress in the area of seafood HACCP.
http://seafood.ucdavis.edu/pubs/99resources.htm.
C. List of selected documents on HACCP
a. Documents downloadable free from the Internet
Strategies for Implementing HACCP in Small and/or Less Deve loped Businesses (1999),
World Health Organization (WHO), Avenue Appia 20, 1211 Geneva 27, Switzerland, Tel:

DEFINITIONS

CCP Decision Tree:
A sequence of questions to assist in determining whether a control point is a CCP.
Control:
(a) To manage the conditions of an operation to maintain compliance with established criteria.
(b) The state where correct procedures are being followed and criteria are being met.
Control Measure:
Any action or activity that can be used to prevent, eliminate or reduce a significant hazard.
Control Point:
Any step at which biological, chemical, or physical factors can be controlled.
Corrective Action:
Procedures followed when a deviation occurs.
Criterion:
A requirement on which a judgement or decision can be based.
Critical Control Point:
A step at which control can be applied and is essential to prevent or eliminate a food safety hazard or reduce it to an acceptable level.
Critical Limit:
A maximum and/or minimum value to which a biological, chemical or physical parameter must be controlled at a CCP to prevent, eliminate or reduce to an acceptable level the occurrence of a food safety hazard.
Deviation:
Failure to meet a critical limit.
HACCP:
A systematic approach to the identification, evaluation, and control of food safety hazards.
HACCP Plan:
The written document which is based upon the principles of HACCP and which delineates the procedures to be followed.
HACCP System:
The result of the implementation of the HACCP Plan.
HACCP Team:
The group of people who are responsible for developing, implementing and maintaining the HACCP system.
Hazard:
A biological, chemical, or physical agent that is reasonably likely to cause illness or injury in the absence of its control.
Hazard Analysis:
The process of collecting and evaluating information on hazards associated with the food under consideration to decide which are significant and must be addressed in the HACCP plan.
Monitor:
To conduct a planned sequence of observations or measurements to assess whether a CCP is under control and to produce an accurate record for future use in verification.
Prerequisite Programs:
Procedures, including Good Manufacturing Practices, that address operational conditions providing the foundation for the HACCP system.
Severity:
The seriousness of the effect(s) of a hazard.
Step:
A point, procedure, operation or stage in the food system from primary production to final consumption.
Validation:
That element of verification focused on collecting and evaluating scientific and technical information to determine if the HACCP plan, when properly implemented, will effectively control the hazards.
Verification:
Those activities, other than monitoring, that determine the validity of the HACCP plan and that the system is operating according to the plan.

HACCP PRINCIPLES

HACCP is a systematic approach to the identification, evaluation, and control of food safety hazards based on the following seven principles:
Principle 1: Conduct a hazard analysis.
Principle 2: Determine the critical control points (CCPs).
Principle 3: Establish critical limits.
Principle 4: Establish monitoring procedures.
Principle 5: Establish corrective actions.
Principle 6: Establish verification procedures.
Principle 7: Establish record-keeping and documentation procedures.