**2. The food supply chain and food contamination**

Globally, about 600 million people fall ill after eating contaminated food, and 420,000 die every year, resulting in the loss of 33 million healthy life years (DALYs). Safe food supplies support national economies, trade, and tourism, contribute to food and nutrition security, and underpin sustainable development [7]. The Centre for Disease Control, CDC, estimates that roughly 48 million people get sick, 128,000 are hospitalized, and 3000 die from foodborne diseases each year [8]. Due to the speed and product distribution range, local incidents can quickly develop into international emergencies. Severe foodborne illness outbreaks have occurred in every continent in the past decade, often augmented by globalized trade. For example, the contamination of ready-to-eat meat with listeria monocytogenes in South Africa in 2017/18, brought about 1060 cases of listeriosis and 216 deaths. At the same time, contaminated products were exported to 15 other countries in Africa, requiring an international response to implement risk management measures [9].

Food can become contaminated at any stage of the food chain including the production and distribution stages, and the primary responsibility to prevent food contamination lies with the food producers. The authors [10] reported that foods that are not prepared properly, or foods mishandled at home, in foodservice establishments, or at markets contribute to the majority of foodborne disease incidents. In addition to this, most consumers and food handlers may lack knowledge and understanding of the practice of basic hygiene measures when buying, selling, and preparing food items hence, their health and that of the wider community may be at risk of foodborne illnesses. Tracking food through all the supply chain stages has become more complex and difficult as consumers are distant from the farm. Therefore, farmers must ensure food safety when growing and processing food, and during food preservation and transportation. Due to the fact that food items travel long distances, food products are exposed to a greater possibility of contamination or spoilage [11]. **Figure 1** below shows the flow of food and services that begin at the input and farm production sector and extend along the food supply chain until they reach the consumer.

#### **2.1 The ISO 22000:2018 food safety management system**

The ISO Food Safety Management System is malleable and can be utilized by all organizations involved in the food chain. Resulting from the usage, the food industry organizations may share common food safety language, thus reducing the risk of critical errors and maximizing the use of resources. Enterprises such as growers, transporters, packagers, processors, retailers, public and private catering companies, public and private food production and services units, bottlers, and restaurants can implement this standard [12].

The ISO 22000 was first published in 2005 to overcome the food crisis and facilitate harmonizing international food safety rules and regulations. The food industry has received the standard well, however the new food safety risks impelled for an updated version. Therefore, the latest edition was published on 19th June 2018 and upholds a concrete association with the Codex Alimentarius standards. The standard also addresses evolving food safety challenges and supports the organizational strategic direction with its Food Safety Management objectives.

The ISO 22000: 2018 is an internationally recognized food safety management system that can be used in any organization in the food chain. The latest ISO 22000:2018 is the newest food safety management standard bringing a common framework to all management systems. The ISO 22000:2018's framework can assist in aligning the different food safety management system standards, helps to keep uniformity, offer corresponding sub-clauses against the top-level structure and apply communal language through all standards. Also, the new standard in place, makes it easier for organizations to incorporate their food safety management system into the fundamental business processes and attract more participation from senior management [13]. The ISO 22000:2018 is more focused on top management to demonstrate leadership and commitment to the FSMS and food safety policies. Additionally, top management needs to ensure the consignment, communication, and understanding of all the responsibilities, across the organization. Also, top management has a responsibility to ensure that the adequate food safety importance is communicated and understood by all parties and that the FSMS achieves its intended outcomes.

#### *2.1.1 Key changes of the ISO 22000 standard*

The following critical changes of the IS0 22000 standard were identified by [14].

1.Organizational context: clause four (4)

This clause intends to provide a high-level, strategic understanding of the essential issues that can positively or negatively affect organizational food safety management. It countenances the organization to identify and understand factors and parties that affect the intended outcome(s) of the FSMS. It addresses the concept of preventive action, where organizations need to determine external and internal issues, problems, and risks relevant to their purpose. The issues should also include conditions that affect the organization, such as those highlighted in the general guidance on "issues" in Clause 5.3 of ISO 31000:2009.

The organization needs to identify the interested parties relevant to the FSMS. For example, these groups could include customers, consumers, suppliers, and non-government organizations. Determining their relevant needs and expectations is currently part of establishing the context for a FSMS. After the context has been established, the FSMS scope must be determined with various additional factors.

Finally, Clause 4 requirement is to establish, implement, maintain and continually improve the FSMS. This clause requires adopting a process approach. Although each

organization may be different, documented information such as process diagrams or written procedures can be used to support this.

2.Clause eight (8): operation

With the exception of the HACCP Step one (Assemble HACCP team), Step 12 (Establishing documentation and record-keeping), which are addressed outside clause 8 (in clauses 5.3 and 7.5, respectively), Clause eight of ISO 22000: 2018 is more focused on the HACCP principles and steps. Internal audit—a verification procedure (Step 11), is covered in clause 9.2.

Clause 8.1—Operational planning and control

In clause 8.1, an organization's responsibility regarding processes required to meet requirements (plan, implement, control, maintain, and update) is highlighted in more detail. Examples of establishing criteria, implementing processes control, and demonstrating that processes have been carried out as planned are also provided, and a necessity to implement risk and opportunities assessment actions is introduced. Clause 8.2—Prerequisite programs

For the effective implementation of any food safety system, prerequisite programs are crucial. The following differences were observed between the ISO 22000: 2018 and the ISO 2005 versions: (1) The word establish was replaced with the word "*update"* in the statement "establish, implement, maintain and update PRP(s)"; (2) Since the ISO/TS 22002 series prerequisites are not compulsory, the standard includes the terms "shall" which indicates a mandatory requirement and "should" which indicates a recommendation. This change denotes that the only prerequisites organizations must implement (mandatory) are presented in the standard (clause 8.2.4). (3). Hence, the prerequisites list in the ISO 22000:2018 is similar to those specified in the ISO 2005 version. The significant differences are the additional terms such as product information/consumer awareness and supplier approval (although it is apparent that most organizations may have some related procedure in place to address the purchased materials management presented in the ISO 2005 version).

Clause 8.3—Traceability system

The ISO 22000:2018 standard presents a list of topics to be considered when organizations establish a traceability system. For example, the reworking of materials/ products and the connection between received materials, ingredients, and intermediate products to the end products were not mentioned in the IS0 2005 version. The mandatory verification and testing of the traceability system's effectiveness exist in the ISO 22000:2018 version. Although this was not detailed in the ISO 2005 version, the guide for its application (ISO 22004:2014) encompassed making tests.

However, reference to quantities reconciliation (end products vs. ingredients) is a new requirement presented in the ISO 22000: 2018.

Clause 8.4—Emergency preparedness and response

Compared with clause 5.7 of ISO 22000:2005, the term "accident" was substituted with "incident." Clause 8.4 of ISO 22000: 2018 is more extensive than the one in the 2005 version. In the standard, it is currently compulsory to lessen the food safety emergencies, review, and update documentation. Additional examples of emergencies such as some new examples of emergencies were workplace accidents, public health emergencies, and interruptions of services like water, electricity, and refrigeration supply were added.

Clause 8.5.1, covers the preliminary steps to enable hazard analysis. In this clause, identifying raw materials, ingredients, product contact materials, end products (and their intended use), preparing flow diagrams, and describing processes are considered as the first step of hazard control.

Also, the information to be collected to conduct hazard analysis is more detailed in the IS022000:2018. It is well explained that, at a minimum, the information collected by the food safety team should include statutory, regulatory, and customer requirements, food safety hazards, and products processes and equipment. A new point requiring organizations to declare the source (e.g., animal, mineral, or vegetable) of their raw materials, ingredients, and product contact materials were also added. Therefore, the new word "place of origin (provenance)" replaced the wording "origin," which demands organizations to identify their product origin.

The IS0 22,000:2018 also specifies that the organization must include the introduction of processing aids, packaging materials, and utilities in the flow diagram. When describing hazards analysis, The IS0 22,000:2018 stipulates that the food safety team address the following expanded issues:

Clause 8.5.2—Hazard analysis

The implicit understanding is that the food safety team must conduct a hazard analysis based on the preliminary information covered in the ISO 22000:2005. However, it is explicitly stated at the beginning of the ISO 22000:2018 to highlight its importance.

Changes were also observed in the type of information used to identify food safety hazards. The ISO 2018 food safety standard requires organizations to use internal information such as epidemiological, scientific, and historical data, statutory, regulatory, and customer requirements to identify food safety hazards. Therefore, instead of only focusing on the steps preceding and following the specified operation, organizations must consider all steps in the flow diagram, including the people involved.

In conducting a hazard assessment, organizations must determine the likelihood of occurrence prior to applying control measures and evaluate the severity concerning the intended use.

After identifying the hazards, determining acceptable levels, and hazard assessment, the step that follows is to select and categorize control measures. The following aspects to consider when selecting and categorizing control measures are available in the ISO. However, most of them are similar to the ISO 2005 version. Notably, three issues are more critical: (1) assessing the practicability of creating assessable critical limits and measurable/observable action criteria. This is similar to what was also previously stated in the ISO 22004:2014: (2) To assess the viability of applying well-timed improvements in case of failure (3) and using the external requirements to select control measures.

Clause 8.5.4—Hazard control plan (HACCP/OPRP plan)

In the ISO 22000:2018 standard, information that was previously separated into two clauses: *Establishing the operational prerequisite programs* and *Establishing the HACCP plan is combined*. This assists in recognizing that the Hazard Control Plan must include a critical limit(s) at CCP and action criteria for Operational Prerequisite Programs (OPRP).

This standard presents the need to document the monitoring methods used in monitoring systems. The standard also augments the probability of utilizing *comparable methods* for calibration *to verify reliable measurements or observations for* OPRPs.

Clause 8.6—Updating information specifying the PRPs and the hazard control plan

The clause in the ISO 22000:2018 standard remains similar to clause 7.7 in the 2005 version. Above and beyond using a hazard control plan to substitute what was previously considered operational PRP(s) and HACCP plan, it announces that after establishing the hazard control plan, organizations need to update raw materials, ingredients, and product-contact materials characteristics.

Clause 8.7—Control of monitoring and measuring

The ISO 22000:2018 standard's clause 8.7 was adjusted to make it more explicit. it has been declared that for monitoring and measuring PRP's hazard control plan, organizations must provide evidence that specified monitoring and measuring methods and equipment are adequate to ensure the monitoring and measuring procedures. The clause is more demanding for monitoring and measuring software as it requires organizations to validate its adequacy prior to use and when it is changed/updated.

Clause 8.8—PRPs and the hazard control plan verification

There are three differences identified in this clause: (1) The list of the constituents of the verification activities in ISO 22000:2018 corresponds to clause 7.8 of the ISO 2005 except that implementation, and the PRP's effectiveness (s) must be confirmed. Hence, the rewording of operational OPRP(s) and HACCP plan to hazard control plan is also to be noted. (2) It is mandatory in the ISO 22000:2018 standard that organizations must warrant the objectivity of the person who does the verification activities (3) Every time nonconformity is found in testing final manufactured goods or natural process samples, the ISO 2018 version postulates the necessity to take corrective actions.

Clause 8.9—Product control and process nonconformities

It is well explained in the clause that organizations must ensure that process nonconformities are addressed. Clause 8.9.2.4. of this standard clearly explains the information reserved to describe corrections made.

In the ISO 2005, the clause indicated that only designated persons (with competence and authority) might evaluate nonconformities and initiate corrections and corrective actions, which was dispersed throughout the clause. However, in the ISO 22000:2018 version, the clause is placed at the beginning of the title. Organizations must also review nonconformities identified by consumers or in regulatory inspection reports. In contrast, only customer complaints were given as examples in the 2005 version.

Clause 8.9.4.3—dispositions of non-conforming products, it is required that any product that fails to remain within critical limits at CCPs not be released.

Clause 9—Performance evaluation

Clause 9 covers the evaluation of how the system performs. The clause covers the monitoring, measurement, and analysis; including valuation—a new item, which forces organizations to indicate what and when monitoring and measurement should take place, and how, when, and by whom will the results be analyzed and evaluated. Also, when conducting internal audits, and after introducing the audits program (which must be used to verify the FSMS against the food safety objectives and policy), the clause expects organizations to recognize the importance of integrating the changes in the FSMS and the results of monitoring and measurement. The clause also highlights the importance of reporting the audit results to the food safety team and pertinent management. Items such as nonconformities and corrective actions, the performance of external providers, adequacy of resources, and opportunities for continual improvement were added to the management review section of clause nine. The internal and external issues are covered as inputs for addressing any applicable change essential for the FSMS mainly, changes including decisions and actions related to output continual improvement opportunities.

Clause 10—Continuous improvement

The is a new sub-clause that was added to clause ten of ISO 22000:2018 which gives clear guidance on addressing nonconformity and corrective action. The subclause is similar to the one in ISO 2005 standard however, the need for an organization to continuously improve the effectiveness of the FSMS and its suitability and adequacy was added in the 2018 version. No relevant changes were found in the last clause of the system (*updating the FSMS*).

The standard considers these changes essential to help organizations reduce food safety hazards and beneficial in alignment with the organization's strategic direction for the food safety management system.

For effective implementation, ISO 22000:2018 is developed on a high-level structure and enables an organization to use a process approach (PDCA) cycle along with risk-based thinking. This high-level structure is beneficial in the integration of other management standards. This standard enables an organization to control food safety hazards along the food chain. This "Norm" also applies to all types and sizes of organizations in the food industry.

#### **2.2 Process approach and risk-based thinking**

In addition to making ISO 22000 and the resulting FSMS easier to integrate with other ISO management systems, the IS0 22000:2018 introduces the Plan-Do-Check-Act (PDCA) cycle and risk-based thinking. ISO 22000 can help organizations reduce risk exposure and improve safety by combining organizational and operational risk management into one management system. For example, combining PDCA and riskbased thinking to manage business risk with HACCP to identify, prevent and control food safety hazards. Organizationally, this approach provides the opportunity to consider all the different things (both good and bad) that might impact the company [15]. The approach allows for prioritization of the FSMS objectives that it is implemented to accommodate the effects of these risks. On the operational side, risk-based thinking and implementation are based on HACCP principles associated with food safety management. **Figure 2** below shows how they can be seen in the diagram below. The PDCA Cycle in the food industry.

The PDCA cycle is comprised of the Plan, Do, Check and Act concepts [16], and the cycle is suggested for beginning a new improvement project, implementing changes, continuous process improvements, and planning data collection and analysis (ASQ ) [17]. There are four main stages for the PDCA cycle: Plan, Do, Check and Act [18]:

**The "Plan Stage"**: The problem is identified during the planning stage, and data on the intended root causes are collected. Lastly, the intended outcomes are selected, as well as developing a plan to meet the outcomes. The planning stage is performed to assist in evaluating and forecasting problems that might occur during the execution stage and provide alternative modification strategies to prevent possible problems.

**The Implementation stage**: In this stage, the solution to the problem is developed and implemented, and the results are measured.

**The "Check Stage"**: During this stage, the status and effectiveness of the plan are implemented. For example, checking whether the intended outcome was met and the reasons for not meeting the intended outcome if the outcome was not met.

**Act Stage**: This is the final stage of the PDCA cycle process and the first stage for the next cycle. In this stage, solutions are reviewed against standards, and actions are taken; information and results about the process and recommended changes are documented.

**Figure 2.** *The food safety PDCA cycle.*

### **2.3 Uses of the PDCA cycle in the food industry**

The PDCA cycle is a managerial decision-making strategy that guarantees that process, product, or service goals are accomplished [19]. The plan involves establishing goals and procedures to achieve the set goals. All employees are expected to meet performance standards and behave appropriately hence, contributing to the effective achievement of the goals set by the organizational management.

#### *2.3.1 Corrective actions*

Corrective action is a practice whereby management communicates with organizational employees to improve their behavior after other methods such as coaching and performance appraisal failed. Corrective action is also considered an aspect of quality management that aims to remedy a task, process, product/service, or a person's behavior when any deviation from an intended plan is identified. Once the deliverables deviate from the required output, corrective actions can be applied to the entire project whether tangible or service. For example, in Human resources for higher education institutions, corrective action also applies to individual employees and functions to communicate aspects of attendance, unacceptable behavior, or performance that require improvement.

For corrective actions, [20] suggest not using the PDCA cycle as a whole however, it must be broken down into the following seven food safety management system steps for corrective action procedures: **Planning Stage -Step one and two: Understanding the system requirements and planning the process**.

In the course of the planning stage, the managers must understand the FSMS, the nature of the deviations, and a root cause analysis must be conducted to determine the cause of the problem. The risk and consequences of the deviations must be frequently evaluated.

Do Stage-Steps 3, 4, and 5: Develop and Document, Conduct Training, and Implementation.

After the root cause analysis of the problem is determined, planning to correct the deviations can be performed. When developing corrective action, [21] is recommending the following actions by organizations:


Corrective actions may be implemented as soon as the right ones have been determined, procedures updated, and training performed. Implementation of the corrective actions could take account of retesting the food products, confirming and observing procedures, and revising food safety records to make certain employees follow the procedures.

Check Stage-Step 6: Test/check the system.

After a few cycles of corrective actions implementation, ensuring that the corrective actions become a permanent solution is essential. The check stage can be done by gathering employee feedback, employee interviews, reviewing the documentation, and monitoring employee activities.

Act Stage-Step 7: Adjust and improve.

In the last stage, the effectiveness of the corrective actions and preventative actions are reviewed, and the efficiency and effectiveness of the corrective actions are determined. Based on data obtained from the users, the corrective actions may be improved.

#### *2.3.2 Internal audit*

Internal audit is a fundamental process in any food safety management system because it helps evaluate its functioning as intended. It enables checking for the process systems and validates processes against their intended result—furthermore, internal audit assists in preparation for third-party audits [22]. This section will review the internal audit process from the PDCA cycle perspective.

The Internal Audit comes into play during the "Check" stage and allows checking of the process put in place during the "Plan" and "Do" Stages. During internal audits data is collected using document reviews, observations, and employee interviews, and used as evidence of the effectiveness of the implementation of the FSMS hence, the process allows for a full systemic review of the FSMS.

The envisioned internal audit purpose is to assure that one finds and resolves the deviations or gaps in the food safety management system before the thirdparty audit identifies them. The deviations found during the internal audits are documented and further reviewed for immediate corrections and follow the Corrective Actions and Preventative Action procedures. The Internal Audit and Corrective Actions procedures are inter-connected. That is the "Act" stage, where information gathered can be used to improve the organization's food safety management system [23].

## **2.4 Advantages and disadvantages of PDCA cycle**

The PDCA cycle has its advantages and disadvantages. One of its advantages is that it is intended to be repeatable and reused as necessary, thus permitting continuous improvements. It allows for mistake documentation, assessment, and rectifications that can be frequent as needed. Any changes can be tested on a small scale before being implemented on a large scale [24].

According to [25], one of the disadvantages to the PDCA Cycles is that including the actual work only comes in the action plan; it can take very long and even get stuck at the "Plan" stages while being analyzed and not proceeding to the next step.
