Instant downloadAuditor-writtenSecure Stripe checkout
ISO 22000 Requirements Checklist: Best 2026 Guide — ISO Toolkits

ISO 22000 Requirements Checklist: Best 2026 Guide

This ISO 22000 requirements checklist gives food-chain organisations a clear, practical way to assess how ready their food safety management system (FSMS) is against ISO 22000:2018. Whether you run a farm, a processing plant, a packaging supplier, or a logistics operation, a structured checklist turns an abstract standard into a set of concrete actions you can plan, delegate, and verify.

ISO 22000:2018 is the current version of the international FSMS standard. It follows the Harmonized Structure (the common high-level structure shared across modern ISO management-system standards) and integrates HACCP principles, prerequisite programmes (PRPs), operational PRPs, interactive communication along the food chain, and overall system management. Because it applies to any organisation in the food chain, the checklist below is deliberately generic and should be tailored to your scope, products, and hazards.

How to use this ISO 22000 requirements checklist

Work through the checklist clause area by clause area rather than trying to do everything at once. For each item, ask three questions: Is it documented? Is it implemented in practice? Can you show evidence during an audit? Record the answer and an owner. Always verify the current version of the standard, because clause detail can be revised over time.

Treat this as a gap analysis tool. Items you cannot fully evidence become your improvement plan going into certification. The ISO 22000 requirements checklist works best when it is reviewed regularly, not just before an audit.

ISO 22000 requirements checklist by clause area

ISO 22000:2018 groups its requirements under the familiar Harmonized Structure clauses. The table maps the main areas to what an auditor typically expects to see. Use it as a high-level map, then drill into the specific sub-clauses of the standard itself.

Clause areaFocusWhat to check for
Context of the organisationInternal/external issues, interested parties, FSMS scopeDocumented scope, relevant parties identified, boundaries defined
LeadershipCommitment, food safety policy, rolesSigned policy, assigned responsibilities, a food safety team leader
PlanningRisks and opportunities, FSMS objectivesActions to address risk, measurable objectives, change planning
SupportResources, competence, awareness, documented informationTrained staff, calibrated equipment, controlled documents and records
OperationPRPs, hazard analysis, the HACCP plan, OPRPs, traceabilityPRPs in place, hazards assessed, critical control points and OPRPs defined and monitored
Performance evaluationMonitoring, internal audit, management reviewVerification records, audit programme, management review minutes
ImprovementNonconformity, correction, corrective action, continual improvementIncident handling, root-cause analysis, evidence of improvement

Context and leadership

Confirm you have defined the FSMS scope, identified interested parties (customers, regulators, suppliers), and documented a food safety policy backed by visible top-management commitment. Roles and responsibilities, including the food safety team and its leader, should be assigned and communicated.

Planning and support

Check that risks and opportunities relevant to food safety are addressed, that measurable FSMS objectives exist, and that changes are planned rather than ad hoc. On the support side, verify competence, awareness, and training records, calibration of monitoring equipment, and controlled documented information.

Operation: PRPs, HACCP, and OPRPs

This is the technical heart of the standard. Prerequisite programmes should cover the basics such as hygiene, pest control, and maintenance. Your hazard analysis should identify significant hazards, and control measures should be categorised as critical control points (with critical limits) or operational PRPs. Confirm monitoring, verification, traceability, and emergency preparedness are all in place.

Performance and improvement

Ensure you monitor and measure the FSMS, run internal audits, and hold management reviews at planned intervals. When things go wrong, you should correct the immediate issue, investigate root cause, take corrective action, and feed lessons back into continual improvement.

ISO 22000 requirements checklist versus FSSC 22000

Many organisations ask whether ISO 22000 alone is enough. ISO 22000:2018 is a certifiable management-system standard, but FSSC 22000 is a separate GFSI-recognised certification scheme built on ISO 22000 plus sector-specific technical PRP specifications and additional scheme requirements. If your customers demand GFSI recognition, your checklist needs to extend beyond ISO 22000.

AspectISO 22000:2018FSSC 22000
TypeInternational FSMS standardCertification scheme
Built onHarmonized Structure, HACCP, PRPsISO 22000 plus sector PRPs and extra requirements
GFSI recognitionNot GFSI-recognised on its ownGFSI-recognised
Best whenYou need a robust, flexible FSMSCustomers require GFSI-benchmarked certification

You can read the official overview of the standard on the ISO website to confirm scope and the latest published version.

Turning the checklist into a certification plan

Once your ISO 22000 requirements checklist reveals gaps, prioritise them by food safety risk and audit exposure. Close the highest-risk gaps first, build or update your documented information, train the people who own each process, and then run at least one full internal audit and management review cycle before inviting a certification body. This sequence gives auditors the evidence trail they need.

Frequently asked questions

Is a checklist the same as an ISO 22000 audit?

No. A checklist is a self-assessment and planning tool you control. A certification audit is an independent evaluation by an accredited certification body. Use the checklist to prepare, but expect auditors to sample evidence in more depth than a checklist alone.

Which ISO 22000 clauses are most often failed?

Gaps commonly appear in hazard analysis and control-measure categorisation, verification records, and evidence of corrective action and continual improvement. Weak documented information and inconsistent monitoring records are also frequent findings. Focus your checklist review on the operation and performance-evaluation clauses.

Do small food businesses need the full checklist?

ISO 22000:2018 applies to any organisation in the food chain, regardless of size. The requirements scale to your context, so a small business can implement a proportionate FSMS. The checklist still applies, but the depth of documentation and resources will match your operations.

How often should I review the checklist?

Review it at least annually, after significant changes to products, processes, or premises, and ahead of any surveillance or recertification audit. Always verify the current version of the standard, as clause details may be updated over time.

ISO 22000 requirements checklist toolkit templates
The editable ISO 22000 Toolkit — FSMS policies, HACCP, PRP and audit templates.

Related guides

Ready to move from checklist to compliance? Our editable ISO 22000:2018 toolkit gives you ready-to-use policies, procedures, HACCP and PRP templates, and audit tools you can tailor to your organisation. Explore the ISO 22000 toolkit and start closing your gaps today.

Shopping Cart