Redefining Existing Practices
Differentiating risks from
There has been confusion over use of the terms “risks” and “hazards,” which has caused issues in the certification audit process. Issues re- ported include International Organization for Standardization (ISO)-certified facilities failing
the transition audits to revised ISO standards that contain requirements for risk-based thinking. This can lead
to the food safety professional asking: Is risk something
new or is risk a redefinition of existing practices?
When we look at food safety issues, we see the use
of the terms “risk” and “risk analysis” being used more
often in the literature. In fact, terms like “risk” and “risk
management” are increasingly used throughout many
industry sectors. ISO has published a series of standards
on risk management (Table 1). Furthermore, ISO is incorporating the concept of risk-based thinking into new
revisions of the management systems standards including ISO 9001 (quality), ISO 14001 (environment) and
ISO 22000 (food safety).
The U.S. Food and Drug Administration (FDA)
incorporated the concepts of risk into Food Safety Mod-
ernization Act (FSMA) requirements for Hazard Analy-
sis and Risk-Based Preventive Controls.
Nongovernmental organizations such
as the Food and Agriculture Organiza-
tion of the United Nations, the World
Health Organization and Codex Ali-
mentarius Commission (Codex) have
published numerous articles and stan-
dards on the applications of risk assess-
ment in the production of safe food.
“Risk” as a Buzzword
Table 2 provides a series of definitions for “risk” and “hazard” as the
terms are used in the food safety literature. Understanding the definitions
is important, because they can reduce
confusion in communicating about
food safety, especially to external stakeholders such as regulatory authorities,
external food safety auditors, customers
ISO 22000 has an interesting note
associated with the definition of “food
safety hazard”: The term “hazard” is not
to be confused with the term “risk,” which,
in the context of food safety, means a function of the probability of an adverse health
effect...and the severity of that effect...when
exposed to a specified hazard. Risk is defined
in ISO/IEC Guide 51 as the combination of
the probability of occurrence of harm and the
severity of that harm.
Thus, in 2005, ISO 22000 separated
the concepts of hazards and risks.
If we look at the definitions and new
FSMA Preventive Controls for Human
Food rule as well as the training material that supports the regulations, the
emergence of risk appears to be inherent
in the process of developing the food
By John G. Surak, Ph.D.
ISO 31000:2009 Risk Management – Principles and Guidelines (under revision)
ISO/TR 31004:2013 Risk Management – Guidance for the Implementation of ISO 31000
IEC 31010:2009 Risk Management – Risk Assessment Techniques (under revision)
ISO guide 73:2009 – Risk Management – Vocabulary
ISO/AWI 31022 Guidelines for Implementation of Enterprise Legal Risk Management
Table 1. ISO Standards on Risk Management