ISO (International Standards Organization) has updated its Certification for Quality Management (ISO 9001), now known as ISO 9001:2015. This standard applies to any industry seeking a quality management system (QMS) certification.

“ISO 9001:2015 is written in a format known as the high-level structure,” notes John Surak, principal of John Surak & Associates, a food safety consulting firm. “This was done to improve alignment with other ISO management system standards.” ISO 9001:2015 takes a risk-based approach. Its driving factors are understanding a company’s context and the expectations of interested parties, including customers and regulators, adds Surak.

Since many processors are already Global Food Safety Initiative (GFSI) certified (e.g., SQF Level 3 or BRC), is ISO 9001:2015 certification a good idea for them?

“Essentially, it depends on what GFSI scheme the company has chosen to use as a basis for its food safety management system,” says Surak.

“SQF Level 3 certification has a QMS component based on ISO 9001:1994, while the BRC Global Standard for Food Safety combines quality and food safety in its audit scheme. As with SQF, its quality section is based on ISO 9001:1994. Therefore, an already certified site might benefit from incorporating the requirements of ISO 9001:2015 that are yet not part of BRC or SQF Level 3 requirements,” says Surak. “However, each site should take a close look at whether ISO 9001:2015 certification is right for it.”

Can ISO 9001:2015 help processors comply with the Food Safety Modernization Act (FSMA)?

“There are both similarities and differences between ISO 9001:2015 and FSMA,” says Surak. “First, let’s start with the differences. FSMA is a set of regulations for the production of safe food and is applicable to all organizations in the food chain. Since FSMA is a series of regulations, it is written in a very prescriptive format.”

On the other hand, ISO 9001:2015 covers the requirements for any QMS. Thus, it can be applied to any organization, whether or not it is part of the food chain. Plus, ISO 9001:2015 is written in a general format, is nonprescriptive “and requires sites to meet not only customer requirements but regulatory requirements as well,” according to Surak.

“However, there are some similarities between the two documents,” adds Surak. “Over the years, the requirements for food safety have evolved, and FDA has incorporated more requirements for the management of food safety. Most notable in FSMA is the incorporation of risk-based thinking in developing a food safety plan. This concept is also included in ISO 9001:2015.”

What about FSSC 22000?

“FSSC 22000 is a GFSI-recognized audit scheme based on ISO 22000 and ISO 22002-1 [Prerequisite Programs for Food Safety],” says Surak. “Recently, the Foundation for Food Safety Certification, which manages FSSC 22000, has also begun offering a new GFSI-recognized certification scheme—FSSC 22000Q—that uses ISO 9001, ISO 22000 and ISO 22002-1 as the base standards to define a food safety and quality management system. Thus, this scheme will certify a site to both ISO 22000 and ISO 9001.”

Finally, the ISO subcommittee responsible for ISO 22000 is currently aligning this standard with the ISO high-level structure. The revised standard is expected to be published at the end of 2017 or in the first quarter of 2018.


John Surak, John Surak & Associates,
"What Is ISO 9001:2015?"  ASQ Quality Management Standards