Last Updated on December 9, 2025 by Melissa Lazaro

ISO 22000 Gap-Analysis Checklist

Here’s what I’ve noticed after guiding different food businesses—manufacturers, farms, distributors, and packaging sites—through ISO 22000 implementation: most teams jump into documentation before understanding where they currently stand. And that’s exactly why they get stuck.

A proper gap analysis gives you clarity.
It shows what’s already working, what’s missing, and what needs upgrading before you even think about certification.

In this guide, you’ll walk through a structured ISO 22000 checklist covering Clauses 4–10, PRPs, HACCP elements, and documentation requirements. The goal is simple: help you identify gaps with confidence and build a practical plan for closing them.

Now that we’ve set the stage, let’s walk through each area step-by-step.

ISO 22000 Context & Scope Gap Check (Clause 4 Requirements)

When you start an ISO 22000 project, understanding your context and scope saves you from painful revisions later. I’ve seen many teams skip this, only to rework their entire FSMS months later.

Checklist Items

– Have you identified internal and external issues affecting food safety?
– Have you defined your interested parties and their requirements?
– Is your FSMS scope documented clearly and realistically?
– Are your processes mapped with inputs, outputs, and interactions?
– Have you included outsourced processes in your system?

Practical Insight

Scope definitions that are too broad stretch your resources. Too narrow, and you unintentionally exclude critical processes.

Pro Tip

Treat your process map as a living document. You’ll refine it once you start your hazard analysis.

Common Pitfall

Ignoring outsourced processes. Auditors look for this immediately because it affects control measures and responsibility boundaries.

Leadership & Food-Safety Policy Gap Check (Clause 5 Requirements)

Leadership is one of the fastest areas auditors use to gauge maturity. It isn’t about having a policy laminated on the wall—it’s about alignment, involvement, and communication.

Checklist Items

– Is your food-safety policy documented, approved, and communicated?
– Do roles and responsibilities reflect ISO 22000 requirements?
– Is there evidence of leadership commitment to the FSMS?
– Are communication channels defined and used consistently?

Pro Tip

During reviews, ask leaders to explain the policy in their own words. If they can’t, communication hasn’t reached the level ISO 22000 expects.

Common Pitfall

Policies that exist on paper but aren’t shared with teams. Auditors catch this instantly.

Planning & Risk-Management Gap Check (Clause 6 Requirements)

This clause often surprises companies because ISO 22000 expects both strategic risks and food-safety risks to be addressed.

Checklist Items

– Have you identified risks and opportunities at the FSMS level?
– Are measurable objectives established and tracked?
– Is there a method for planning and controlling changes?
– Are objectives linked to performance indicators?

Insight

Teams sometimes confuse “food-safety hazards” with “FSMS risks.” Hazards belong in Clause 8. Risks here refer to system-level issues—resource shortages, training gaps, regulatory changes, and more.

Pro Tip

Set objectives you can actually measure monthly. Complex KPIs tend to fall apart during audits.

Common Pitfall

Objectives documented but never evaluated. This leads to avoidable corrective actions later.

Support & Documentation Gap Check (Clause 7 Requirements)

Here’s where many food businesses realize they’re either missing records or drowning in outdated documents.

Checklist Items

– Do employees have the competence required for their tasks?
– Is training documented, and is competence evaluated?
– Are communication methods defined and working?
– Are resources such as equipment, infrastructure, and work environment adequate?
– Is documented information controlled, updated, and retrievable?

Pro Tip

Use a single standardized template for all procedures and logs. It keeps your FSMS clean and makes audits smoother.

Common Pitfall

Training without competence checks. ISO 22000 expects you to prove that training worked—not just that it happened.

Operational Control & PRP Gap Check (Clause 8 Requirements)

This is where ISO 22000 becomes very real. PRPs, the HACCP study, CCPs, OPRPs—these are the core of your food-safety controls.

Checklist Items

– Are PRPs based on ISO/TS 22002-1 or relevant industry prerequisites?
– Are process flow diagrams complete and up to date?
– Did you conduct a structured hazard analysis?
– Are CCPs and OPRPs justified and documented?
– Do you have traceability and recall procedures ready?
– Are monitoring and verification steps clearly defined?

Pro Tip

Update your flow diagrams before hazard analysis. A wrong diagram leads to incorrect hazard identification, which leads to incorrect controls.

Common Pitfall

Missing rework, outsourced processing, or waste steps in flow diagrams. These oversights often trigger nonconformities.

Anecdote (single allowed example)

I once worked with a packaging facility that kept failing its hazard analysis review. The issue? Their flow diagram didn’t include rework loops. Once added, their CCP justification fell into place and the audit finally moved forward.

Monitoring & Performance Evaluation Gap Check (Clause 9 Requirements)

This section shows whether your FSMS is functioning—not just documented.

Checklist Items

– Are monitoring and measurement activities defined and implemented?
– Is the internal audit program established and risk-based?
– Are internal audits performed regularly?
– Are management reviews conducted with the proper inputs and outputs?
– Are KPIs tracked, analyzed, and used for decision-making?

Pro Tip

Schedule internal audits early enough that management can use the results during review.

Common Pitfall

KPIs that are tracked but never evaluated. ISO expects interpretation, not just numbers.

Improvement & Corrective-Action Gap Check (Clause 10 Requirements)

ISO 22000 wants continual improvement, not one-time compliance.

Checklist Items

– Is there a defined corrective-action process?
– Are root causes identified using a real methodology?
– Are actions implemented and effectiveness verified?
– Is continual improvement demonstrated with tangible results?

Pro Tip

Use simple RCA tools. The more complex the method, the less frequently teams apply it.

Common Pitfall

Closing corrective actions without verifying effectiveness. Auditors flag this immediately.

Documentation & Records Completeness Gap Check (Cross-Clause Review)

This final check ties everything together.

Checklist Items

– Is your list of required procedures complete?
– Are required records available and maintained?
– Are templates consistent?
– Is version control functioning?
– Is there a master list or equivalent tracking method?

Pro Tip

Review calibration, maintenance, supplier approval, and monitoring records. These are often incomplete or outdated.

Common Pitfall

Records stored in multiple locations with no consistent system. This creates unnecessary audit stress.

FAQs

How long does an ISO 22000 gap analysis take?

Most organizations complete a full gap analysis in 1–3 days, depending on complexity. Larger operations may require a week.

Who should perform the gap analysis?

Someone who understands both your operations and ISO 22000. Some companies use internal teams; others prefer external consultants for unbiased visibility.

How is a gap analysis different from an internal audit?

A gap analysis checks readiness and identifies missing elements. An internal audit evaluates compliance against all requirements. Think of the gap analysis as preparation, not evaluation.

Conclusion

A structured gap analysis is one of the smartest steps you can take before implementing ISO 22000. It reduces uncertainty, clarifies priorities, and gives your team a realistic path forward. After working with many organizations at different maturity levels, I can say confidently: teams that complete a proper gap analysis always move faster and make fewer mistakes.

If you’d like, I can create a download-ready ISO 22000 Gap-Analysis Checklist, or tailor a version specifically for your QSE Academy toolkit.