This ISO 22000 requirements checklist gives food-chain organisations a clear, practical way to assess how ready their food safety management system (FSMS) is against ISO 22000:2018. Whether you run a farm, a processing plant, a packaging supplier, or a logistics operation, a structured checklist turns an abstract standard into a set of concrete actions you can plan, delegate, and verify.
ISO 22000:2018 is the current version of the international FSMS standard. It follows the Harmonized Structure (the common high-level structure shared across modern ISO management-system standards) and integrates HACCP principles, prerequisite programmes (PRPs), operational PRPs, interactive communication along the food chain, and overall system management. Because it applies to any organisation in the food chain, the checklist below is deliberately generic and should be tailored to your scope, products, and hazards.
How to use this ISO 22000 requirements checklist
Work through the checklist clause area by clause area rather than trying to do everything at once. For each item, ask three questions: Is it documented? Is it implemented in practice? Can you show evidence during an audit? Record the answer and an owner. Always verify the current version of the standard, because clause detail can be revised over time.
Treat this as a gap analysis tool. Items you cannot fully evidence become your improvement plan going into certification. The ISO 22000 requirements checklist works best when it is reviewed regularly, not just before an audit.
ISO 22000 requirements checklist by clause area
ISO 22000:2018 groups its requirements under the familiar Harmonized Structure clauses. The table maps the main areas to what an auditor typically expects to see. Use it as a high-level map, then drill into the specific sub-clauses of the standard itself.
| Clause area | Focus | What to check for |
|---|---|---|
| Context of the organisation | Internal/external issues, interested parties, FSMS scope | Documented scope, relevant parties identified, boundaries defined |
| Leadership | Commitment, food safety policy, roles | Signed policy, assigned responsibilities, a food safety team leader |
| Planning | Risks and opportunities, FSMS objectives | Actions to address risk, measurable objectives, change planning |
| Support | Resources, competence, awareness, documented information | Trained staff, calibrated equipment, controlled documents and records |
| Operation | PRPs, hazard analysis, the HACCP plan, OPRPs, traceability | PRPs in place, hazards assessed, critical control points and OPRPs defined and monitored |
| Performance evaluation | Monitoring, internal audit, management review | Verification records, audit programme, management review minutes |
| Improvement | Nonconformity, correction, corrective action, continual improvement | Incident handling, root-cause analysis, evidence of improvement |
Context and leadership
Confirm you have defined the FSMS scope, identified interested parties (customers, regulators, suppliers), and documented a food safety policy backed by visible top-management commitment. Roles and responsibilities, including the food safety team and its leader, should be assigned and communicated.
Planning and support
Check that risks and opportunities relevant to food safety are addressed, that measurable FSMS objectives exist, and that changes are planned rather than ad hoc. On the support side, verify competence, awareness, and training records, calibration of monitoring equipment, and controlled documented information.
Operation: PRPs, HACCP, and OPRPs
This is the technical heart of the standard. Prerequisite programmes should cover the basics such as hygiene, pest control, and maintenance. Your hazard analysis should identify significant hazards, and control measures should be categorised as critical control points (with critical limits) or operational PRPs. Confirm monitoring, verification, traceability, and emergency preparedness are all in place.
Performance and improvement
Ensure you monitor and measure the FSMS, run internal audits, and hold management reviews at planned intervals. When things go wrong, you should correct the immediate issue, investigate root cause, take corrective action, and feed lessons back into continual improvement.
ISO 22000 requirements checklist versus FSSC 22000
Many organisations ask whether ISO 22000 alone is enough. ISO 22000:2018 is a certifiable management-system standard, but FSSC 22000 is a separate GFSI-recognised certification scheme built on ISO 22000 plus sector-specific technical PRP specifications and additional scheme requirements. If your customers demand GFSI recognition, your checklist needs to extend beyond ISO 22000.
| Aspect | ISO 22000:2018 | FSSC 22000 |
|---|---|---|
| Type | International FSMS standard | Certification scheme |
| Built on | Harmonized Structure, HACCP, PRPs | ISO 22000 plus sector PRPs and extra requirements |
| GFSI recognition | Not GFSI-recognised on its own | GFSI-recognised |
| Best when | You need a robust, flexible FSMS | Customers require GFSI-benchmarked certification |
You can read the official overview of the standard on the ISO website to confirm scope and the latest published version.
Turning the checklist into a certification plan
Once your ISO 22000 requirements checklist reveals gaps, prioritise them by food safety risk and audit exposure. Close the highest-risk gaps first, build or update your documented information, train the people who own each process, and then run at least one full internal audit and management review cycle before inviting a certification body. This sequence gives auditors the evidence trail they need.
Frequently asked questions
Is a checklist the same as an ISO 22000 audit?
No. A checklist is a self-assessment and planning tool you control. A certification audit is an independent evaluation by an accredited certification body. Use the checklist to prepare, but expect auditors to sample evidence in more depth than a checklist alone.
Which ISO 22000 clauses are most often failed?
Gaps commonly appear in hazard analysis and control-measure categorisation, verification records, and evidence of corrective action and continual improvement. Weak documented information and inconsistent monitoring records are also frequent findings. Focus your checklist review on the operation and performance-evaluation clauses.
Do small food businesses need the full checklist?
ISO 22000:2018 applies to any organisation in the food chain, regardless of size. The requirements scale to your context, so a small business can implement a proportionate FSMS. The checklist still applies, but the depth of documentation and resources will match your operations.
How often should I review the checklist?
Review it at least annually, after significant changes to products, processes, or premises, and ahead of any surveillance or recertification audit. Always verify the current version of the standard, as clause details may be updated over time.

Related guides
- ISO 22000 food safety management: a complete beginner’s guide
- The ISO 22000 certification process explained step by step
- How ISO 22000 integrates HACCP principles into your FSMS
Ready to move from checklist to compliance? Our editable ISO 22000:2018 toolkit gives you ready-to-use policies, procedures, HACCP and PRP templates, and audit tools you can tailor to your organisation. Explore the ISO 22000 toolkit and start closing your gaps today.

