By John G. Surak, Ph.D. and Gustavo Gonzalez, Ph.D.
Food Safety and
Risk Assessment
Risk assessment plays a central role in the operations of food companies. Risks companies must address include
the following: food safety, food quality,
personal health and safety, adverse en-
vironmental effects, biosecurity, infor-
mation security and financial.
Management, especially senior management, has a responsibility to identify and
mitigate risks within the organization. This poses a challenge to management, who
need to provide direction on conducting risk assessments, including how those
identified risks will impact the business.
The International Organization for Standardization (ISO) has published a number of standards in the risk management area. These standards include:
• ISO 9001:2008 Quality management systems — Requirements
• ISO 14001:2004 Environmental management systems — Requirements with
guidance for use
• ISO 22000:2005 Food safety management systems (FSMS) — Requirements for
any organization in the food chain
• ISO 22002-1:2009 Prerequisite programs (PRPs) on food safety — Part 1: Food
manufacturing
• ISO/IEC 27001:2005 Information technology — Security techniques —
Information security management systems — Requirements
• ISO 31000 Risk management — Principles and guidelines
• ISO 31010:2009 Risk management — Risk assessment technique
• ISO Guide 73:2009 Risk management — Vocabulary
The ISO 31000 series of standards was published in 2009. This series provides
general guidance on identifying risks and then developing mitigation strategies.
ISO 31000 is summarized in the sidebar, p. 18.
ISO 22000 follows the risk management principles outlined in ISO 31000.
However, there are some differences in how key terms are used between the two
standards. ISO 31000 uses the term risk assessment to describe the overall process of
risk identification and analysis. Risk
analysis is used to describe the process to
determine the level of risk.
