When clients ask me what Stage 1 is really about, I usually tell them this: it’s the moment an auditor decides whether your Food-Safety Management System is mature enough for the real test—Stage 2. Over the years, I’ve supported manufacturers, distributors, and food processors through this step, and I’ve noticed the same concerns every time. “Do we have enough records?” “Is our documentation complete?” “What if the auditor asks something we’re not ready for?”
This article walks you through the same approach I use during pre-audit coaching sessions. You’ll see what auditors actually check, how to organize your documents, and how to avoid the mistakes that quietly delay certification. By the time you finish, you’ll know exactly how to show readiness, confidence, and control during your Stage 1 audit.
Now that we’ve set the stage, let’s dive into the areas that make the biggest difference.
Understanding the ISO 22000 Stage 1 Audit Requirements
Here’s what I’ve noticed after sitting in on dozens of Stage 1 reviews: companies expect a light introductory session, but auditors take this step seriously. Stage 1 is where they evaluate whether your FSMS is built correctly, documented clearly, and aligned with ISO 22000’s structure.
Auditors typically check:
Whether your scope makes sense
How your PRPs are established
Whether your HACCP methodology is coherent
If you understand your context and interested parties
And whether the entire FSMS is stable enough for Stage 2
This is important because Stage 1 findings can delay the certification timeline. I’ve seen organizations lose months because their documentation was incomplete or inconsistent.
Pro Tip: Before the audit, walk through your FSMS like an outsider. Ask yourself, “Would I understand this system if I saw it for the first time?” That mindset alone helps catch issues early.
Common Pitfall: Treating Stage 1 like a casual review. It’s an actual audit with real implications. When auditors see poorly controlled documents, they immediately question implementation maturity.
Building an Audit-Ready FSMS Documentation Package
In my experience, documentation is where companies succeed—or stumble. Auditors don’t want a stack of papers; they want a coherent system that tells a clear story of how you manage food safety.
Your documentation should include:
FSMS Manual
Documented PRPs based on the ISO/TS 22002 series
HACCP study and hazard analysis
CCP/OPRP validation and monitoring plans
Internal audit reports
Management review minutes
Legal and regulatory compliance evidence
Records demonstrating implementation (even just 1–3 months)
I once worked with a mid-sized processor who had excellent implementation, but their documents weren’t version-controlled. The auditor flagged it immediately. A simple formatting issue delayed their Stage 2 audit by six weeks.
Pro Tip: Create a single-page FSMS Document Index. Auditors appreciate clarity, and it instantly reduces stress during the audit.
Common Mistake: Submitting an incomplete hazard-analysis worksheet. Auditors look closely at logic flow—hazard identification, assessment, CCP/OPRP decisions, and validation. Missing steps create avoidable doubts.
Preparing Your PRPs, OPRPs, and CCP Controls for Stage 1 Review
Auditors don’t just check whether your PRPs exist—they check whether they’re implemented consistently. That’s why having proper records matters just as much as documented procedures.
Expect questions around:
Cleaning and sanitation schedules
Pest control
Allergen management
Equipment maintenance and calibration
Personnel hygiene
Supplier approval
Packaging and storage controls
Traceability test results
This part of the audit often surprises people. In one case, a bakery client had beautifully written PRPs, but very few records. The auditor noted that the FSMS looked “theoretical.” It wasn’t a failure, but it did hold back Stage 2 until real evidence was available.
Pro Tip: Prepare a simple map that shows each PRP and the corresponding record. This reduces confusion and speeds up the audit.
Common Pitfall: Assuming auditors won’t ask for implementation proof during Stage 1. They absolutely will—especially for high-risk PRPs like allergen control.
Demonstrating Readiness Through Internal Audits and Management Review
Internal audits are one of the strongest signals of FSMS maturity. When done well, they show auditors that you’re not just compliant—you’re managing your own system proactively.
What internal audits should cover:
PRPs
Hazard control plan (including validation and verification)
Nonconformities and corrective actions
Document control
Training and competence
Traceability and recall tests
Pro Tip: Present a clear summary of internal audit findings. Include the issue, root cause, action, and verification. Auditors love seeing a structured thought process.
Your management review should also demonstrate leadership involvement. Include:
KPI results
Nonconformities and trends
Customer complaints
Resource needs
Improvement plans
Common Pitfall: Conducting a superficial internal audit. Auditors immediately see when it’s rushed or generic.
Confirming Your Certification Scope and FSMS Context
The audit always includes a review of your scope statement. And honestly, this is where many companies get tripped up.
Your scope must specify:
Products covered
Processes involved
Sites included
Boundaries and exclusions
Outsourced processes
If your scope is unclear, the auditor will pause everything until it’s corrected.
You’ll also review your context and interested-party analysis. It doesn’t need to be academic—just accurate and meaningful.
Pro Tip: Use one process-flow diagram that shows the step-by-step path of your product and highlights CCP/OPRP points. Auditors rely on this visual to validate your hazard study.
Common Mistake: Forgetting to include outsourced logistics or external storage. If it influences food safety, it must be included or managed.
Preparing Your Team for Auditor Questions
Stage 1 includes interviews. Auditors want to see whether your team actually understands the FSMS—not word-for-word, but in a practical way.
Operators may be asked:
What hazards they’re managing
How they monitor their CCPs/OPRPs
What they do when something goes wrong
How they report an issue
Where to find instructions or forms
I once coached a packaging supervisor who felt nervous about speaking to auditors. After a short practice session, she realized she didn’t need technical jargon—just clarity about her daily routine. She ended up answering confidently and even received praise from the auditor.
Pro Tip: Hold a 15-minute refresher session with your team before the audit. Simple reminders help more than you think.
Common Pitfall: Overloading staff with theoretical explanations. Auditors want practical understanding, not memorized definitions.
Organizing the Stage 1 Audit Day Smoothly
Smooth logistics make a strong first impression. When auditors see structure and readiness, they’re naturally more confident about your FSMS.
Before the audit, prepare:
A room or quiet space
A printed or digital FSMS Index
Key staff schedule
Access to records
Your process-flow diagrams
A simple agenda for the day
Pro Tip: Keep one FSMS coordinator available throughout the audit. It prevents gaps in communication and keeps the audit flowing.
Common Pitfall: Scrambling for evidence during the audit. It signals weak control—even if your system is actually strong.
FAQs
How long does the ISO 22000 Stage 1 audit take?
For most SMEs, it’s one day. Larger operations may need two days depending on scope and complexity.
What if the auditor finds gaps?
You’ll receive observations or nonconformities. The certification body will require corrective actions before Stage 2 can be scheduled.
Is Stage 1 easier than Stage 2?
Stage 1 is less operational but still critical. It determines whether you’re allowed to proceed to Stage 2, so preparation matters.
Conclusion: Your Roadmap to a Confident Stage 1 Audit
If there’s one thing I’ve learned from supporting companies through ISO 22000, it’s that Stage 1 sets the tone for the entire certification journey. When your documentation is crisp, your team feels confident, and your PRPs show real implementation, auditors immediately see that your FSMS is solid.
Use this preparation guide as your structure. And if you want to go faster or avoid the usual stumbling blocks, start by organizing your documentation and walking through your hazard plan with a critical eye. That step alone puts you ahead of most businesses preparing for ISO 22000.
Melissa Lavaro is a seasoned ISO consultant and an enthusiastic advocate for quality management standards. With a rich experience in conducting audits and providing consultancy services, Melissa specializes in helping organizations implement and adapt to ISO standards. Her passion for quality management is evident in her hands-on approach and deep understanding of the regulatory frameworks. Melissa’s expertise and energetic commitment make her a sought-after consultant, dedicated to elevating organizational compliance and performance through practical, insightful guidance.
