What Is ISO 22000 Clause 7.2 and Why Does It Matter?
If you work in food manufacturing, food processing, catering, or any part of the food supply chain, ISO 22000 Clause 7.2 is one of the most practical clauses you will deal with. It covers competence, which is the requirement that every person doing work that affects food safety must actually know what they are doing and be able to prove it.
On this page
This sounds obvious. Of course your staff should be competent. But the clause goes further than that. It requires you to define what competence looks like for each relevant role, assess whether your people meet that standard, take action when they do not, and keep records to demonstrate all of it. That is where many food businesses fall short during audits.
This guide breaks down exactly what Clause 7.2 requires, how it connects to the rest of your Food Safety Management System (FSMS), and what it looks like in practice across different types of food businesses. If you want a broader understanding of the standard first, the essential guide to ISO 22000 is a good starting point before diving into individual clauses.
The Full Text of Clause 7.2 Explained
ISO 22000:2018 Clause 7.2 states that the organisation must determine the necessary competence of persons doing work under its control that affects food safety performance and food safety outcomes. It then requires the organisation to ensure those persons are competent based on appropriate education, training, or experience. Where gaps exist, the organisation must take action to acquire the necessary competence and evaluate the effectiveness of those actions. Documented information must be retained as evidence.
There are four distinct obligations packed into that clause. Let us look at each one properly.
Obligation 1: Determine Necessary Competence
Before you can train anyone or assess anyone, you need to define what competence actually means for each role that touches food safety. This is not a generic job description exercise. You need to think specifically about what knowledge, skills, and abilities are required for a person in that role to perform their work without creating food safety risks.
For a production line worker handling ready-to-eat foods, competence might include understanding allergen cross-contamination, personal hygiene requirements, and how to identify and report a potential hazard. For a quality assurance technician, it might include knowledge of critical control points (CCPs), how to calibrate monitoring equipment, and what corrective actions to take when a CCP limit is breached.
The key word in the clause is “necessary.” You are not trying to document every skill a person has. You are identifying the minimum competence required for them to do their specific work safely and effectively.
Obligation 2: Ensure Persons Are Competent
Once you know what competence is required, you need to confirm that the people in those roles actually have it. This can be demonstrated through formal qualifications, on-the-job training records, years of relevant experience, or a combination of these. The standard does not prescribe how competence must be achieved, only that it must be demonstrated.
A common mistake here is assuming that because someone has been doing a job for five years, they are automatically competent. Experience counts, but it needs to be evaluated. Someone could have been doing something incorrectly for five years. The evaluation step is what separates a genuine competence system from a paper exercise.
Obligation 3: Take Action Where Gaps Exist
When you identify that someone does not meet the required competence level, you must do something about it. This is where training programs, mentoring, job rotation, or bringing in external expertise come in. The action must be appropriate to the gap. If a worker does not understand allergen controls, a five-minute verbal reminder is probably not sufficient. A structured training session with a competency check would be more appropriate.
Obligation 4: Retain Documented Information
Everything above needs to be backed by records. Training logs, competency assessments, qualification certificates, and records of effectiveness evaluations all count. If an auditor asks how you know your HACCP team leader is competent to perform that role, you need to be able to show them something concrete. Good documentation practices are not bureaucracy for its own sake. They are the evidence that your system is real.
If you want to understand how documentation fits into the broader picture of your management system, the article on controlled documents and how to implement them covers the fundamentals clearly.
How Clause 7.2 Connects to Other Parts of ISO 22000
Clause 7.2 does not sit in isolation. It connects directly to several other requirements in the standard.
Connection to Clause 7.3 Awareness
Clause 7.3 requires that persons doing relevant work are aware of the food safety policy, their contribution to the FSMS, and the implications of not conforming to requirements. Competence and awareness are related but different. A worker can be aware of the food safety policy without being competent to implement a CCP monitoring procedure. Both are required.
Connection to Clause 8.2 Prerequisite Programmes
Your prerequisite programmes (PRPs) such as cleaning and sanitation, pest control, and personal hygiene all depend on people being competent to carry them out. If your PRP for allergen management requires staff to follow a specific cleaning procedure between production runs, those staff need to be competent in that procedure. Clause 7.2 is what underpins the human element of your PRPs.
Connection to the HACCP Team
ISO 22000 requires a food safety team, and the team leader must have the knowledge and experience to organise and manage the work of that team. Clause 7.2 is the mechanism by which you demonstrate that your HACCP team collectively has the competence to develop, implement, and maintain your hazard analysis. This is one of the areas auditors pay close attention to. If your food safety team leader cannot explain the basis for a CCP decision, that is a competence gap with real consequences.
For a related look at how competence requirements work across ISO standards more broadly, the article on what competence means and how to prove it for ISO provides a useful comparison across multiple standards.
Practical Examples Across Different Food Businesses
Let us look at how Clause 7.2 plays out in real scenarios. These examples are drawn from common situations in food businesses of different sizes and types.
Example 1: A Small Bakery
A family-owned bakery employs eight people. They produce bread, pastries, and cakes, including products containing nuts. For ISO 22000 certification, they need to demonstrate competence across their team.
The owner, who also manages food safety, needs to demonstrate competence in hazard analysis, allergen management, and the operation of their FSMS. This might be evidenced by a food safety management certificate, records of attending a HACCP training course, and documented experience managing food safety for a defined period.
A production staff member needs to demonstrate competence in allergen segregation procedures, personal hygiene, and the cleaning protocol between allergen and non-allergen runs. Their competence might be evidenced by a completed induction training record, a signed competency checklist, and a brief practical assessment observed and signed off by the owner.
When the bakery takes on a new casual worker during a busy period, they cannot just put that person on the production line and hope for the best. Clause 7.2 requires that the gap between what the new worker knows and what is required is assessed, training is provided, and the effectiveness of that training is confirmed before the worker handles allergen-containing products unsupervised.
Example 2: A Medium-Sized Meat Processing Facility
A meat processing company with 60 employees produces chilled and frozen products for retail. Their food safety risks are significant, and their FSMS is more complex, with multiple CCPs covering temperature control, pathogen reduction, and foreign body detection.
For this business, competence requirements need to be defined for roles including quality assurance officers, production supervisors, maintenance technicians, and line workers. Each role has a different competence profile.
A maintenance technician working on equipment in the processing area needs to understand food-grade lubricants, hygienic design principles, and the food safety implications of maintenance activities. If a technician replaces a component and does not follow the correct procedure for informing the QA team and re-validating the process, that is a food safety risk. Competence here is not just about being a good mechanic. It is about understanding the food safety context of their work.
A QA officer monitoring a CCP for metal detection needs to be competent in operating the equipment, recognising a deviation, initiating a hold and investigation, and completing the required records. Their competence should be demonstrated through formal training on the specific equipment, records of supervised operation, and documented sign-off by the food safety team leader.
Example 3: A Food Service Catering Company
A catering company providing meals to aged care facilities faces particularly high food safety stakes. Their customers are vulnerable, and the consequences of a food safety failure are severe. Clause 7.2 is not just a compliance exercise here. It is a genuine risk control.
Chefs need to be competent in allergen management, temperature control during cooking and holding, and safe food handling practices. Delivery drivers who transport meals need to understand temperature monitoring requirements and what to do if a temperature excursion occurs during transport. Even administrative staff who take customer orders containing allergen information need some level of competence in how that information is communicated to the kitchen.
The catering company might use a competency matrix that maps each role against the required competencies, records the evidence of competence for each individual, and flags when refresher training is due. This kind of structured approach makes Clause 7.2 manageable even with a large and varied workforce.
Building a Competence Management System That Works
Rather than treating Clause 7.2 as a documentation exercise, think of it as building a genuine system for managing the human element of food safety. Here is a practical approach.
Step 1: Map Your Roles Against Food Safety Requirements
Start with your hazard analysis and your PRPs. For each significant hazard and each PRP, identify which roles are responsible for implementing controls. Those are the roles that need defined competence requirements under Clause 7.2.
Step 2: Define Competence Requirements for Each Role
For each relevant role, document the specific knowledge, skills, and experience required. Be specific. “Understanding of food safety” is not a competence requirement. “Ability to identify and correctly label allergen-containing ingredients during goods receipt” is.
Step 3: Assess Current Competence
Compare what you have defined against what your current staff actually know and can do. Use practical assessments, not just written tests. Watching someone perform a task is far more informative than asking them to answer questions about it. Record the outcomes of your assessments.
Step 4: Address Gaps With Appropriate Actions
Where gaps exist, plan and implement training or other actions. Make sure the training is actually relevant to the gap. Generic food safety awareness training does not address a specific gap in CCP monitoring competence. Targeted, role-specific training is more effective and more defensible in an audit.
Step 5: Evaluate Effectiveness
After training or other actions, check whether the gap has been closed. This might involve a repeat assessment, observation of the person performing the task, or review of their work records over a defined period. Document the outcome. If the training was not effective, you need to take further action.
Step 6: Keep Records and Review Regularly
Maintain your competence records and review them regularly. People leave, roles change, new hazards emerge, and processes are updated. Your competence management system needs to keep pace with these changes. A competency matrix that is updated annually at a minimum is a practical way to stay on top of this.
Building a training matrix is closely related to this process. The article on how to build an ISO training matrix for your team gives a step-by-step approach that applies directly to Clause 7.2 requirements.
Common Audit Findings Related to Clause 7.2
Based on common audit experience in food businesses, these are the nonconformities that come up most frequently against Clause 7.2.
Competence requirements not defined for all relevant roles. Many businesses define competence for their QA team but overlook production workers, maintenance staff, or contractors. If a role affects food safety, it needs defined competence requirements.
No evidence of effectiveness evaluation. Training records exist, but there is no record of whether the training actually worked. Signing off that someone attended a training session is not the same as confirming they are now competent.
Outdated records. Competence records that were completed at induction and never updated. If a process has changed or a new hazard has been introduced, the competence assessment needs to reflect that.
Contractors and temporary workers not covered. The clause applies to persons doing work under the organisation's control. That includes contractors, labour hire workers, and temporary staff. Many businesses overlook this.
HACCP team competence not adequately demonstrated. The food safety team collectively needs to cover the competencies required for hazard analysis. If the team does not have sufficient expertise in microbiology, chemistry, or specific processing technologies relevant to your products, that is a gap that needs to be addressed, either through training or by bringing in external expertise.
The difference between ISO 22000 and SQF certification is worth understanding if you are also considering other food safety standards, as competence requirements vary in their emphasis and documentation expectations across schemes.
What Auditors Actually Look For
When an auditor reviews Clause 7.2, they are typically looking for a few specific things. They want to see that you have thought about which roles affect food safety and why. They want to see that the competence requirements you have defined are actually linked to the food safety risks in your operation. They want to see records that are specific, current, and meaningful rather than generic training attendance sheets.
Auditors will often interview staff as part of their assessment. If a production worker cannot explain why allergen segregation matters or what to do if they notice a potential contamination, that is evidence of a competence gap regardless of what your training records say. The practical reality of your food safety culture is what auditors are trying to understand.
ISO 22000 food safety management information from ISO.org provides the authoritative background on the standard's intent, which is useful context when preparing for an audit.
Getting Help With ISO 22000 Implementation
Implementing Clause 7.2 properly requires a clear understanding of your food safety risks, your organisational structure, and how to build documentation systems that are practical rather than just compliant on paper. Many food businesses benefit from working with a consultant who has genuine food industry experience rather than a generalist who has never set foot in a food processing environment.
If you are working toward ISO 22000 certification or trying to strengthen your existing FSMS, CertBetter can connect you with verified ISO consultants and accredited certification bodies who specialise in food safety management systems. You submit one form and receive up to three competing quotes from vetted providers, at no cost to your business. It is a straightforward way to find the right expertise without spending hours researching providers individually.
