Reviewed and Approved by Kaci Foote, Accreditation Manager, FSNS Certification & Audit
1-Minute Summary
- An FSSC 22000 audit evaluates how well your food safety management system functions in real time, not just how it looks on paper.
- Internal audits, management review, and employee engagement are critical.
- Expect to show implementation of PRPs and Additional Requirements, backed by risk assessments.
- A confident team and well-managed system are your best tools for audit success.
FSSC Audits Are About System Performance
FSSC 22000 focuses on how you manage your entire food safety management system, not just what’s written in your manual. Unlike prescriptive schemes like SQF or BRCGS Food Safety, FSSC allows flexibility. The audit is your opportunity to demonstrate that your programs are active, effective, and understood by your team.
This article outlines practical steps to help you prepare for your FSSC 22000 audit, from confirming alignment to making sure your team is confident and audit-ready.
Step 1: Verify That Your System Matches the FSSC 22000 Scheme
Start by confirming that your food safety system aligns with the correct and current FSSC 22000 standards. Certification is based on the following three components:
Part 1: ISO 22000 — Food Safety Management System
ISO 22000:2018 outlines how your site manages food safety, including HACCP, corrective actions, internal audits, and management review. Make sure you’re using the current version and that your policies, procedures, and practices address each clause. A clause-by-clause review is often the best place to start.
Part 2: ISO/TS 22002-x — Pre-Requisite Programs (PRPs)
The PRP standard defines the operational hygiene controls that support your food safety system. Which version applies depends on your product type:
- ISO/TS 22002-1 – Food Manufacturing
- ISO/TS 22002-2 – Catering
- ISO/TS 22002-3 – Farming
- ISO/TS 22002-4 – Food Packaging Manufacturing
- ISO/TS 22002-5 – Transport and Storage
- ISO/TS 22002-6 – Feed and Animal Food Production
Check that your sanitation, pest control, and hygiene programs align with the relevant standard. FSNS Certification & Audit is accredited for audits against ISO 22002-1 and -4.
Part 3: FSSC Additional Requirements
These requirements go beyond ISO and cover high-risk topics that often get missed, including:
- Food fraud and food defense
- Labeling verification
- Allergen management
- Environmental monitoring (if applicable)
- Use of the FSSC logo
- Communication and complaint handling
Each one must be implemented, verified, or justified with a risk assessment if marked not applicable.
Your auditor will expect to see all three components functioning together: ISO 22000 for system control, ISO/TS 22002-x for operational hygiene, and the Additional Requirements for broader risk management.
Our complimentary FSSC 22000 Audit Checklist can help with this step.
Step 2: Review Your Programs for Real-World Implementation
Once your standards are confirmed, the next step is to ensure your programs are active and functioning, not just documented. FSSC auditors expect to see that procedures are being followed, records are current, and employees understand their roles.
Walk your site as if you were the auditor and…
- Observe sanitation in action.
- Review pest control logs and follow-ups.
- Check allergen line changeovers for verification and documentation.
- Ask employees what they do and why, especially regarding labeling, food defense, and corrective actions.
Spot-check key records like swabbing schedules, lab results, and EMP data. Look for completeness, accuracy, and real usage. Correct any gaps, whether that’s a missing signature or a procedure not being followed, to stay ahead of findings.
Step 3: Prepare for the Management Review
The management review is one of the most important parts of an FSSC 22000 audit, so spend extra time on this step during your preparation. Under ISO 22000 clause 9.3, this review must follow a structured format and lead to meaningful outputs, not just notes or summaries. Auditors want to see that leadership is actively engaged, using data to make decisions, and formally recording the outputs. Management review must be documented and communicated to relevant personnel.
Management review should cover the required inputs:
- Internal and external audit findings.
- Trends in non-conformities and corrective actions.
- Results of monitoring and measurement.
- Customer complaints and feedback.
- Risk and opportunity updates.
- Performance of external suppliers or service providers.
Most importantly, the meeting must result in outputs, which are concrete, documented decisions or follow-ups based on what was discussed. Outputs may include:
- Approval of a capital improvement (e.g., to address recurring pest issues).
- Plans for additional training in response to audit trends.
- Adjustments to environmental monitoring scope or frequency.
- Decisions to defer certain actions, with documented reasoning.
- Updates to the food safety policy or objectives.
- Adding additional resources.
The auditor doesn’t expect you to fix every problem instantly. But they do expect to see that issues were discussed, decisions were made, and responsibilities were assigned. Even a decision to “maintain current controls” should be clearly justified.
Step 4: Train Your Employees for Auditor Interviews
Auditors will speak to frontline staff to confirm that your system is understood beyond management. Employees don’t need to recite standards, but they do need to explain what they do and why it matters.
Here’s how to prepare your team effectively:
- Explain the “why” behind procedures. Help employees understand the food safety purpose behind their tasks. For example, “Why do you verify labels before production?” or “What happens if you find damaged packaging?”
- Use real examples. Relate procedures to what they do every day. If they handle allergens, they should be able to explain cleaning steps, line clearance, and changeover protocols.
- Hold mock interviews. Walk the floor and ask simple audit-style questions. This helps employees get comfortable speaking about their roles and builds confidence.
- Review key documents. Make sure employees know where to find relevant logs, checklists, and forms if asked.
- Encourage honesty. If someone doesn’t know the answer to a question, it’s better they say so and ask a supervisor, just like they would in real life. Auditors value integrity over rehearsed answers.
Practicing calmly and informally in the weeks leading up to the audit helps build familiarity and keeps anxiety low.
Step 5: Prepare Documentation and Verification Records
Documentation is proof that the system is working. Auditors will want real-time evidence that procedures are followed and verified consistently.
Focus on…
- Record completeness: Logs, monitoring forms, and checklists should be complete, legible, signed, and dated.
- Verification data: Show that programs like sanitation, calibration, and your EMP are being monitored and trended. If you’ve found issues, auditors will want to see what you did about them.
- Traceability: Be prepared to conduct a traceability exercise. You should be able to track a finished product back through all raw materials, packaging, suppliers, and processing steps, with supporting documentation.
- Corrective actions: These should be more than just notes on a form. Auditors expect to see root cause analysis, assigned responsibilities, completion dates, and effectiveness checks.
- Version control: Make sure only current versions of procedures and forms are in use. Remove outdated copies from work areas and shared drives.
Assign team members ahead of time to help retrieve documents during the audit. Consistency between records and reality is key; what’s on paper must match what’s happening on the floor.
Step 6: Run a Final Self-Assessment and Close Gaps Before the Audit
Finally, conduct a mock audit. Walk the site, check records, and interview staff like an auditor would. This is a great opportunity to catch things that may have fallen through the cracks.
Confirm that…
- Procedures are followed as written.
- Records are complete and current.
- Corrective actions are properly closed.
- EMP and allergen controls are properly implemented.
- Traceability is achievable.
Document your findings, assign actions, and make sure any changes are verified. Even small gaps, like a missing signature or an outdated form, can lead to non-conformances.
Prepare to Demonstrate, Not Just Pass
FSSC 22000 audits focus on how well your food safety system functions, not just how it reads on paper. If your programs are implemented, your team is engaged, and your records match your procedures, you’re already in a strong position.
Use the weeks leading up to the audit to confirm alignment, close gaps, and prepare your people. If your system is well-managed and implemented, you have no need to worry. Just show the auditor what you’re already doing each day.
