Last Updated on December 9, 2025 by Melissa Lazaro

Why Clause 9 & 10 Determine Whether Your FSMS Actually Works

Here’s what I’ve noticed after supporting food businesses through ISO 22000 and FSSC 22000: many teams focus on PRPs, OPRPs, and CCPs, but forget that performance evaluation and improvement ultimately decide whether the system is effective. Controls only matter if you measure how well they’re working—and improve them when results fall short.

Clause 9 and 10 are where you pause, step back, and ask:

• Is our FSMS performing the way we expected?
• What are the trends telling us?
• Where are the weak points?
• What improvements should we make next?

These clauses connect everything you built earlier—your hazard controls, risk assessments, objectives, and monitoring programs—and turn them into decisions, actions, and real improvement.

Now that we’ve framed the purpose, let’s break down Clauses 9 and 10 in a way that’s practical and easy to apply.

ISO 22000 Clause 9 Overview — Why Performance Evaluation Determines FSMS Strength

Clause 9 is all about checking whether your food-safety system performs as intended.
It looks at:

• Data
• Trends
• Monitoring
• Complaints
• Audit results
• Supplier performance
• Achievement of objectives

When these pieces come together, you get a clear understanding of your FSMS health.

The Role of Performance Evaluation

You’re not just collecting data.
You’re interpreting it, comparing it to expectations, and deciding what needs attention.

Common Misunderstanding

Teams often track everything, but analyze very little. Data without meaning doesn’t help you improve.

Pro Tip

Focus on indicators that show risk, performance, or failure. More data isn’t better—relevant data is.

Monitoring, Measurement & Analysis — Tracking FSMS Performance With Purpose

Now that we understand why evaluation matters, let’s look at what ISO 22000 expects you to monitor.

What You Should Monitor

• PRP performance (cleaning, pest control, water quality, hygiene)
• CCP and OPRP trends
• Calibration results
• Supplier nonconformities
• Complaints
• Traceability test results
• Internal audit findings
• Verification activities

All of these data points help you understand whether your controls work day-to-day.

How to Make Monitoring Meaningful

Choose indicators that answer real questions.
Examples:

• “Are we controlling allergens effectively?”
• “Is our cleaning program preventing buildup?”
• “Are deviations decreasing over time?”

Pro Tip

Review trends monthly.
Small issues are easier to fix when caught early.

Common Mistake

Teams collect data because “the standard requires it,” but never link data back to food-safety objectives or risk controls.

Internal Audits — Planning, Executing & Reporting for Real Improvement

Internal audits are one of the most powerful tools in Clause 9, but only if they’re done with purpose.

What ISO 22000 Expects

• A risk-based audit program
• Defined scope, criteria, and frequency
• Competent auditors
• Objective findings
• Documented results and follow-up actions

How Internal Audits Add Value

A good audit doesn’t just check compliance.
It reveals gaps, inconsistencies, and improvement opportunities that would otherwise go unnoticed.

Pro Tip

Audit high-risk processes more frequently.
For example, allergen control, CCP handling, or supplier management often deserve additional attention.

Common Pitfall

Superficial audits.
Auditors check the procedure but never compare it to what’s actually happening on the floor.

Management Review — Turning Results Into Decisions

Management review can feel like a meeting for the sake of a meeting—unless it’s done well. Clause 9 expects management review to drive direction, resources, and improvement.

What Must Be Reviewed

• Monitoring results and trends
• Objectives achievement
• Audit findings
• Customer complaints and feedback
• Nonconformities and corrective actions
• Verification and validation results
• Supplier and outsourced process performance
• Resource needs
• Emerging risks

How Management Review Drives Action

The output should include decisions on:

• Resources
• Changes to the FSMS
• Updated policies and objectives
• Improvement priorities

Common Audit Issue

Minutes look fine, but no decisions or follow-up actions are documented.
Auditors want to see impact, not just discussion.

Pro Tip

Prepare a simple trend dashboard before the meeting—leadership responds faster when they can see patterns.

ISO 22000 Clause 10 Overview — What Improvement Really Means in the FSMS

Clause 10 takes everything from Clause 9 and says: Now act on it.

The Goal of Clause 10

• Fix what’s not working
• Prevent recurrence
• Strengthen weak areas
• Improve food-safety performance over time

Improvement doesn’t always require big projects.
Sometimes a small change in monitoring or procedure clarity makes a huge difference.

Handling Nonconformities & Corrective Actions — Practical, Simple Root-Cause Methods

Let’s talk about nonconformities. They’re not failures—they’re opportunities for clarity and improvement.

What Counts as a Nonconformity

• A PRP wasn’t followed
• A CCP deviation occurred
• A procedure wasn’t updated
• A supplier provided unsafe materials
• Records were incomplete
• Monitoring wasn’t performed

Correction vs Corrective Action

• Correction: Immediate fix
• Corrective action: Fixing the root cause so it doesn’t happen again

Root-Cause Methods That Work

• 5 Whys
• Fishbone diagram
• Barrier analysis
• Fault tree (for more technical processes)

Pro Tip

Always document why the issue happened—not just what was done to fix it.

Real-Life Example (your one story)

A confectionery facility kept seeing allergen-labeling errors. They corrected each issue but never addressed the root cause. After we performed a proper 5 Whys exercise, we found that label verification training was inconsistent across shifts. A simple retraining and clearer instructions eliminated the issue entirely—and future audits noted the improvement.

Common Mistake

Closing actions too quickly.
Corrective actions aren’t complete until you verify that the issue didn’t recur.

Continual Improvement — Turning Insights Into Stronger FSMS Performance

Clause 10 expects continual improvement, not occasional fixes.

Where Improvement Ideas Come From

• Monitoring trends
• Internal audits
• Management review
• Customer complaints
• Process deviations
• Supplier performance
• Staff suggestions
• Verification results

Examples of Continual Improvement

• Improving traceability speed
• Strengthening allergen-changeover procedures
• Redesigning cleaning schedules
• Adding automation to reduce human error
• Enhancing supplier qualification processes

Pro Tip

Document improvements, even small ones.
Auditors appreciate evidence that your FSMS is evolving.

Documentation & Evidence Requirements for Clause 9 & 10

Your documentation should tell the story of how you evaluate, correct, and improve performance.

Key Records Include

• Monitoring data and trend analysis
• Internal audit reports and follow-up
• Management review minutes
• Corrective-action reports
• Tracking of improvements
• Evidence of verification and validation
• Updated policies, objectives, and plans

Common Pitfall

Data exists—but isn’t analyzed, communicated, or used to drive decisions.
The system must show insight, not just information.

Pro Tip

Keep records simple but consistent.
Complexity doesn’t impress auditors—clarity does.

FAQs

1. How often should internal audits and management reviews occur?

Internal audits should follow a risk-based schedule, typically once per year at minimum.
Management review is usually annual, though high-risk operations benefit from more frequent strategic reviews.

2. What’s the fastest way to spot weak areas in an FSMS?

Look at trends: complaints, deviations, internal audit findings, and supplier issues. Patterns show where risks are growing.

3. How can I demonstrate continual improvement to an auditor?

Show a trail of decisions, actions, and measurable results—improved KPIs, fewer deviations, stronger monitoring, better supplier performance, updated procedures.

Conclusion: Clause 9 & 10 Turn Your FSMS Into a Living, Learning System

Clause 9 reveals how your FSMS performs.
Clause 10 strengthens it.
Together, they turn your food-safety system into something dynamic, measurable, and resilient.

This perspective comes from years of supporting food businesses as they refine monitoring, improve controls, and eliminate recurring issues. Strong performance evaluation and improvement habits almost always lead to easier audits and safer operations.

If you’re ready to build a stronger FSMS, start by reviewing your trends and recent audit findings. Your next improvement opportunity is already waiting in your data.