Here’s what I’ve noticed after helping food manufacturers, distributors, cold-chain operators, and small food brands implement ISO 22000 and FSSC 22000: teams often underestimate Clause 6 because it feels like “planning paperwork.” But this is the part of the standard that keeps your FSMS stable during change, focused on real risks, and aligned with measurable goals.
If Clause 4 sets your foundation, Clause 6 tells you how to build on it safely. And when you understand how risks, opportunities, objectives, and change-control fit together, everything downstream—HACCP studies, PRPs, monitoring, internal audits—becomes far easier.
In this guide, you’ll learn:
What ISO 22000 expects under Clause 6.1, 6.2, and 6.3
How to apply risk-based thinking without overcomplicating the process
How to set objectives auditors consider meaningful
How to manage changes in a way that protects food safety
Mistakes that commonly lead to nonconformities—and how to avoid them
Now that we’ve clarified your direction, let’s break down each part in a way that feels practical and manageable.
ISO 22000 Clause 6.1 — Actions to Address Risks and Opportunities (Applying Risk-Based Thinking)
In my experience, this is where teams either build a resilient FSMS—or create avoidable headaches. Risk-based thinking sounds abstract until you realize it’s simply about anticipating what could disrupt food safety or FSMS performance, then planning how to prevent it.
What Clause 6.1 Really Wants
ISO 22000 expects you to:
Identify top-level risks and opportunities
Evaluate how those risks affect your ability to deliver safe food
Plan actions to address them
Integrate those actions into the FSMS
These aren’t HACCP hazards. These are system-level risks, such as:
Staff competency gaps
Supplier reliability issues
Equipment aging or frequent breakdowns
Regulatory changes
Market shifts that affect ingredient availability
How to Document Risks Clearly
Your risk register or planning worksheet should show:
Identified risks
Their potential impact
The likelihood
Planned mitigation actions
Responsibility and timelines
Pro Tip
Start with your process map. Each step naturally reveals where FSMS-level risks live.
Common Pitfall
Teams often confuse Clause 6.1 risks with operational hazards. Hazards belong to HACCP (Clause 8). System risks belong here.
Once you make that separation, your planning becomes much clearer.
ISO 22000 Clause 6.1.2 — FSMS Risks vs. HACCP Risks (Understanding the Boundary)
Now that we covered top-level risk actions, let’s look at a source of confusion I see constantly during audits.
FSMS Risks (Clause 6.1.2)
These influence the overall management system, not a specific product or process.
Examples include:
Insufficient training leading to inconsistent procedures
These relate directly to food-safety dangers in the product or process.
Examples include:
Salmonella risk in raw poultry
Metal fragments from equipment
Allergen cross-contact
Chemical residues
Why This Distinction Matters
Auditors look for clarity. If you mix hazards and system risks, your FSMS loses structure.
Pro Tip
When in doubt, ask: Does this risk affect the entire FSMS, or does it only affect a specific product or process? If it’s the whole system, it belongs in Clause 6.
ISO 22000 Clause 6.2 — Food-Safety Objectives That Drive Real Improvement
This is where planning turns into measurable action. Objectives help you track whether your FSMS is working—or drifting.
What ISO 22000 Expects
Your food-safety objectives must be:
Measurable
Monitored
Communicated
Consistent with your policy
Relevant to food-safety performance
Examples of Strong FSMS Objectives
Reduce customer complaints related to foreign bodies by 30% within 12 months
Achieve ≥95% compliance in internal hygiene inspections each quarter
Maintain 100% traceability within two hours during mock recalls
Reduce supplier nonconformities by strengthening approval and monitoring
These are real, actionable, and meaningful.
Pro Tip
Tie each objective to a specific process owner. When everyone knows who’s responsible, objectives don’t fall through the cracks.
Common Mistake
Setting vague goals like “improve food safety” or “reduce deviations.” Auditors need to see how you measure progress and what success looks like.
ISO 22000 Clause 6.3 — Planning Changes in the FSMS (Controlled Change Management)
Now that we covered risks and objectives, let’s tackle change management. Every organization evolves—new equipment, new suppliers, new processes. Clause 6.3 ensures those changes don’t introduce new food-safety risks.
When Change Planning Applies
Use change-control when:
You add new machinery or modify equipment
You introduce new ingredients or suppliers
You shift process flows or plant layout
You upgrade software or monitoring systems
You restructure staffing or supervision
What ISO 22000 Requires
Before implementing a change, you must evaluate:
Food-safety impact
Resource needs
Training implications
Infrastructure requirements
Documentation updates
Communication needs
Pro Tip
Document temporary changes clearly. Unrecorded temporary fixes are one of the most common audit findings.
Common Mistake
Teams implement a change and only update the FSMS afterward. ISO 22000 expects planning first, not retroactive documentation.
Turning Clause 6 Into an Action Plan (Practical Tools & Templates)
Now that we’ve unpacked each requirement, here’s how to turn the theory into something your team can use every day.
Recommended Worksheets
FSMS Risk Register
Risk-Mitigation Action Plan
Food-Safety Objectives Planning Sheet
Change-Control Assessment Form
Auditor-Ready Evidence to Prepare
Records showing risk reviews and updates
Measurable objectives with performance trends
Documented evaluations of change impacts
Clear assignment of responsibilities for mitigation actions
Common Pitfall
Documents that don’t match real operations. If objectives, risks, and change logs don’t align, auditors will question FSMS effectiveness.
FAQs
1. What’s the simplest way to start applying Clause 6?
Begin with your risk register. A simple, well-structured list of FSMS risks instantly clarifies objectives and change-planning needs.
2. How many food-safety objectives should a company have?
Enough to measure meaningful improvement. Most small to mid-sized businesses use 3–6 strong objectives. Quality beats quantity.
3. Are small businesses required to maintain a formal change-control process?
Yes, but it can be simple. The key is showing you evaluate food-safety impacts before making operational changes.
Conclusion: Clause 6 Keeps Your FSMS Focused, Stable, and Predictable
Clause 6 isn’t just “planning paperwork.” It’s the mechanism that keeps your FSMS aligned with real risks, measurable goals, and controlled change. When risk-based thinking is clear, objectives are meaningful, and changes are evaluated properly, your entire system becomes more reliable—and audits become far less stressful.
This approach comes from supporting businesses through countless ISO 22000 and FSSC 22000 certifications. When planning is strong, the FSMS always holds steady during growth, new products, and operational challenges.
If you’re ready to strengthen your FSMS, start with a simple risk register and objective-setting exercise. From there, every part of your food-safety system becomes more deliberate, consistent, and audit-ready.
Melissa Lavaro is a seasoned ISO consultant and an enthusiastic advocate for quality management standards. With a rich experience in conducting audits and providing consultancy services, Melissa specializes in helping organizations implement and adapt to ISO standards. Her passion for quality management is evident in her hands-on approach and deep understanding of the regulatory frameworks. Melissa’s expertise and energetic commitment make her a sought-after consultant, dedicated to elevating organizational compliance and performance through practical, insightful guidance.
