Why Mandatory Procedures Matter in FSSC 22000 V6

If you’re implementing FSSC 22000 V6, chances are you’ve already felt that moment of overwhelm — wondering, “Which procedures are actually mandatory?”

That’s something I’ve seen often when auditing or coaching food businesses. Teams assume they can copy-paste ISO 22000 templates and call it a day. Then the audit comes, and suddenly there’s a finding for “incomplete documentation.”

This guide clears that up.
We’ll walk through every mandatory procedure you need under FSSC 22000 V6 — from ISO 22000 clauses to PRPs and those tricky “Additional Requirements” that auditors never skip.

By the end, you’ll know exactly:

• What to document
• Why each procedure matters
• How to avoid the most common compliance traps

And if you’re short on time, you’ll see how a structured documentation toolkit saves days of guessing and rewriting.

Food-Safety Management System (FSMS) Core Procedures

The backbone of your FSSC 22000 V6 system lies in your core ISO 22000:2018 procedures — the ones that define how your management system actually works.

At minimum, you’ll need documented procedures for:

• Control of documents and records
• Internal audits
• Management reviews
• Corrective actions and continual improvement
• Control of nonconforming outputs

Here’s what I’ve noticed:
Many teams confuse records with procedures. A record proves you did it; a procedure explains how you’ll do it next time. Auditors care about both.

Pro Tip:
Build a Documented Information Matrix. It links each ISO 22000 clause to your corresponding policy or SOP. Auditors love it — and it makes version control effortless.

Common mistake:
Having 10 different templates for similar processes. Keep formats consistent; clarity trumps complexity every time.

PRP-Related Procedures (ISO/TS 22002 Series)

This is where FSSC 22000 goes beyond ISO 22000. You must document Prerequisite Program (PRP) procedures based on your industry:

• Food manufacturing → ISO/TS 22002-1
• Packaging → ISO/TS 22002-4
• Catering → ISO/TS 22002-2, and so on

Typical PRP procedures include:

• Cleaning and sanitation
• Pest control
• Equipment maintenance
• Supplier approval and monitoring
• Personnel hygiene and gowning
• Waste management

Pro Tip:
Map out PRP responsibilities visually. A color-coded flowchart that shows who does what during cleaning or maintenance helps operators and auditors alike.

Example:
A packaging company I worked with reduced audit prep time by 30% after combining their maintenance and sanitation procedures into one visual document.

Common pitfall:
Writing “generic” procedures that ignore your actual layout or equipment. Auditors expect your PRPs to reflect your real site conditions — not a textbook.

Hazard Analysis and Operational Control Procedures

This is where theory meets the floor. Your hazard analysis and control procedures define how you identify, evaluate, and manage risks.

You’ll need documented methods for:

• Hazard identification and risk assessment
• Establishing CCPs and OPRPs
• Validation, verification, and corrective actions for each control

In my experience:
The best HACCP plans are living documents, not static binders. When production or ingredients change, so should your hazard analysis.

Pro Tip:
Cross-reference your Food Defense and Food Fraud procedures with your HACCP plan. It prevents duplication and keeps your risk register tidy.

Common mistake:
Neglecting to include what happens when a CCP fails. Document the corrective action flow — who checks, who authorizes, and who records it.

Additional FSSC 22000 V6 Requirements Procedures

FSSC 22000 V6 introduced new mandatory procedures under its Additional Requirements. Here’s the list most businesses overlook:

• Food Defense Plan
• Food Fraud Prevention Plan
• Allergen Management Procedure
• Environmental Monitoring (if applicable)
• Product Labeling and Integrity Procedure
• Food Safety & Quality Culture Assessment

These are not optional. Auditors will ask for documented evidence of implementation and review.

Pro Tip:
Assign a process owner for each. When auditors see named accountability, it signals control and maturity.

Example:
A dairy processor I advised established a cross-functional “Food Integrity Team.” When their auditor arrived, that simple team structure earned commendation — zero minors in Additional Requirements.

Common pitfall:
Copying generic Food Fraud templates. Customize it to your own supply chain risks, not someone else’s.

Communication, Training, and Competence Procedures

People make or break a food-safety system. That’s why procedures for communication and competence are mandatory under ISO 22000 clauses 7.2 and 7.4.

Include documented processes for:

• Internal communication between departments
• External communication with suppliers, regulators, and customers
• Training, awareness, and competence evaluation

Pro Tip:
Develop a Training Matrix linking roles to PRPs and control points. It instantly shows who’s trained on what.

Common mistake:
Focusing on attendance instead of competence. A signed sheet doesn’t prove learning; include post-training assessments or on-the-job evaluations.

Control of Nonconformities and Product Withdrawal Procedures

Every system needs a plan for when things go wrong. Document how you’ll handle:

• Nonconformities and corrective actions (Clause 10.2)
• Product recall or withdrawal (Clause 8.9.5)

Actionable tip:
Create a clear recall flowchart — who initiates, who communicates, and who verifies.

Example:
A frozen-food plant I worked with ran mock recalls twice a year. When a real issue occurred, their traceability test took 45 minutes — auditors were impressed.

Common pitfall:
Failing to update recall contact lists. Check them quarterly; old phone numbers have caused more audit findings than you’d expect.

Verification, Validation, and Improvement Procedures

Finally, your system needs to prove itself through verification and continual improvement. These procedures cover:

• Internal audits
• Verification of PRPs and CCPs
• Management review
• KPI monitoring and continual improvement

Pro Tip:
Link verification with your KPI dashboard. When auditors ask, you can show objective evidence of system performance.

Common mistake:
Treating validation as a one-time event. It should happen every time you modify a product, process, or piece of equipment.

FAQs — FSSC 22000 V6 Mandatory Procedures Clarified

Q1. Are all ISO 22000 procedures automatically mandatory under FSSC 22000 V6?
Not exactly. FSSC includes ISO 22000’s requirements but adds sector-specific PRPs and Additional Requirements. You need all three layers documented.

Q2. Can we combine several procedures into one manual?
Yes, absolutely. Combining related procedures (like Document Control and Record Control) is fine if your format remains clear and traceable.

Q3. Do small businesses need all procedures?
Yes — but they can be simplified. The key is that each process is defined, owned, and controlled. Scale detail to your operation’s size.

 

A strong documentation system isn’t about paperwork — it’s about clarity and consistency. Every mandatory procedure connects people, process, and proof.

At QSE Academy, we’ve helped hundreds of organizations build FSSC 22000 systems that pass audits the first time. Our clients often realize their biggest gap isn’t performance — it’s missing documentation structure.

If you’re ready to close that gap, download our FSSC 22000 V6 Mandatory Procedures Toolkit or book a quick consultation. You’ll save weeks of prep and walk into your next audit with confidence.