What is the difference between a CCP and an OPRP in ISO 22000?

A Critical Control Point (CCP) is a step in the process where a control measure is essential to prevent, eliminate, or reduce a food safety hazard to an acceptable level, and where a precise critical limit can be defined and monitored. An Operational Prerequisite Programme (OPRP) also controls a significant hazard but does not meet the strict CCP criteria, typically because monitoring is less precise or the control reduces rather than eliminates the hazard. Both require monitoring, corrective actions, and documentation, but CCPs are held to a higher standard of rigour.

Do I need a HACCP qualification to conduct a hazard analysis for ISO 22000?

ISO 22000 does not specify a formal HACCP qualification, but it does require the food safety team to have the relevant combination of knowledge and experience. In practice, at least one team member should have a solid understanding of food microbiology, food chemistry, and HACCP principles. If your team lacks this expertise, you can bring in an external food safety consultant or technologist to contribute to the hazard analysis process. Their involvement should be documented as part of your team records.

How often should the hazard analysis be reviewed?

ISO 22000 requires the hazard analysis to be updated whenever there is a change that could affect food safety. This includes changes to raw materials or suppliers, changes to the production process or equipment, new products or product reformulations, changes in packaging or storage conditions, new scientific information about hazards, and findings from verification activities or incident investigations. As a minimum, most food businesses review their full hazard analysis annually as part of their management review cycle, even if no specific trigger has occurred.

Can I use a generic HACCP template for my ISO 22000 hazard analysis?

Generic templates can be a useful starting point for structure and format, but they cannot substitute for a genuine analysis of your specific products, processes, and hazards. ISO 22000 requires the hazard analysis to reflect your actual operation. An auditor will quickly identify a template that has not been properly adapted, and this will result in a non-conformance. Use templates to guide the process, but ensure every entry in your hazard analysis is based on real assessment of your own facility, ingredients, and processes.

What happens if a CCP critical limit is breached during production?

When a critical limit is breached, you must immediately initiate your documented corrective action procedure. This involves stopping or segregating the affected product, investigating the cause of the deviation, taking action to bring the process back under control, and making a disposition decision about the affected product (which may include rework, reprocessing, or destruction). All of this must be documented. Repeated breaches of the same CCP are a serious indicator that either the critical limit is incorrectly set or the control measure is not functioning as intended, and both scenarios require formal investigation and system review.

Is ISO 22000 hazard analysis the same as a HACCP plan?

They are closely related but not identical. A traditional HACCP plan focuses on identifying CCPs and managing them through critical limits, monitoring, and corrective actions. ISO 22000 builds on this by also requiring Operational Prerequisite Programmes (OPRPs) for hazards that are significant but not managed through CCPs, and by embedding the hazard analysis within a broader Food Safety Management System that includes prerequisite programmes, management commitment, communication, and continual improvement. ISO 22000 essentially formalises and extends HACCP within a management system framework.

How to Conduct a Hazard Analysis for ISO 22000

Why Hazard Analysis Is the Heart of ISO 22000

If you are pursuing ISO 22000 certification, the hazard analysis is not just one box to tick among many. It is the technical core of your entire Food Safety Management System. Get it right and the rest of your system flows logically from it. Get it wrong and your certification will have a hollow centre, regardless of how tidy your documentation looks.

On this page

ISO 22000 requires organisations to identify, evaluate, and control food safety hazards using a structured, science-based approach. This is drawn from the principles of HACCP (Hazard Analysis and Critical Control Points), which has been embedded into the standard since its first edition. But ISO 22000 goes further than traditional HACCP by requiring you to combine hazard analysis with prerequisite programmes and operational prerequisite programmes in a way that is systematic and fully documented.

This guide walks you through the entire hazard analysis process step by step, with practical examples so you can apply it to your own operation. Whether you run a small food manufacturing business, a catering company, or a large processing facility, the same principles apply.

Step 1: Assemble a Knowledgeable Food Safety Team

Before you write a single hazard down, you need the right people in the room. ISO 22000 Clause 7.2 requires you to establish a food safety team with the relevant combination of knowledge and experience. This is not a formality. A hazard analysis conducted by one person working alone, or by people who do not understand the production process, will miss things that matter.

Your team should typically include people who understand the product and its ingredients, the production process and equipment, food microbiology or chemistry (either in-house or through an external adviser), regulatory requirements in your market, and quality assurance.

In smaller businesses, one person may cover several of these areas. That is fine, as long as the gaps are acknowledged and filled. If your team lacks microbiological expertise, bring in a food technologist or consultant for that part of the process. Document who is on the team, what their qualifications are, and what role they play in the hazard analysis. An auditor will look at this early in the assessment.

Get 3 ISO Quotes. 24 Hours Response

Tell us what you need and compare vetted ISO consultants or certification bodies within 24 hours. Free, no obligation.

Trusted by 400+ businesses like yours

Step 2: Describe Your Products and Intended Use

You cannot analyse hazards without first being specific about what you are making and who is going to consume it. ISO 22000 requires detailed product descriptions covering raw materials, ingredients, packaging materials, and the characteristics of the finished product.

For each product or product category, document the following:

Composition and ingredients, including allergens
Physical, chemical, and microbiological properties (water activity, pH, salt content, etc.)
Packaging type and materials
Storage and distribution conditions
Shelf life
Labelling and any required consumer instructions

The intended use description is equally important. Who will eat this product? Will it be consumed by vulnerable groups such as infants, elderly people, pregnant women, or immunocompromised individuals? Will it be cooked before consumption or eaten directly? A ready-to-eat product destined for hospital patients carries a very different risk profile to a frozen meal intended for healthy adults who will cook it at home.

Be specific here. Vague product descriptions lead to vague hazard analyses. If your product is a cold-smoked salmon portion packed in modified atmosphere packaging and sold to aged care facilities, write exactly that.

Step 3: Construct and Verify Your Flow Diagram

The flow diagram is your map of the process. It shows every step from raw material receipt through to dispatch, including any rework loops, waste streams, and points where the product is held or transferred. ISO 22000 requires you to construct this diagram and then verify it on-site by walking the actual process.

This on-site verification step is one that many businesses skip or treat as a rubber stamp. Do not do that. Walk the floor with the diagram in hand. You will almost always find steps that were missed, sequences that are slightly different in practice, or equipment that was not included. Common omissions include:

Sanitation and cleaning steps
Rework reintroduction points
Temporary holding areas
Allergen changeover procedures
Maintenance access points

Once verified and corrected, sign and date the flow diagram and keep it as a controlled document. It forms the backbone of your hazard analysis and will be reviewed by your certification auditor.

Step 4: Identify All Potential Hazards at Each Process Step

Now the real work begins. For every step in your flow diagram, you need to identify all food safety hazards that could reasonably be expected to occur. ISO 22000 Clause 8.5.2 requires you to consider three categories of hazards:

Biological Hazards

These include bacteria, viruses, parasites, and moulds. Common examples include Salmonella in raw poultry, Listeria monocytogenes in ready-to-eat products, E. coli O157:H7 in raw beef, norovirus contamination from food handlers, and Cryptosporidium in water used in processing.

Chemical Hazards

These include pesticide residues, veterinary drug residues, cleaning chemical contamination, naturally occurring toxins (such as aflatoxins in nuts or histamine in fish), allergens, and migration from packaging materials.

Physical Hazards

These include hard foreign objects such as glass, metal fragments, bone, plastic pieces, stones, and personal items such as jewellery or pen lids. Physical hazards are often underestimated but cause significant consumer injury and product recalls.

When listing hazards, do not self-censor. The purpose of this step is to generate a comprehensive list, not to decide what is significant. Write down every hazard that could plausibly occur at each step, even if you think it is unlikely or already well-controlled. The evaluation step that follows will sort out which ones need formal control measures.

Use published sources to support your hazard identification. The World Health Organisation's food safety resources provide useful background on common biological and chemical hazards. Industry-specific guidance, outbreak data, and regulatory alerts for your product category are also valuable inputs.

Step 5: Conduct the Hazard Assessment

Once you have your hazard list, you need to evaluate each hazard to determine whether it is significant enough to require a specific control measure. ISO 22000 requires you to assess each hazard based on two dimensions: the severity of the adverse health effect and the likelihood of occurrence before control measures are applied.

Most food safety teams use a simple risk matrix for this. Assign a score for severity (for example, 1 to 3 where 3 is severe or life-threatening) and a score for likelihood (1 to 3 where 3 is likely or frequent). Multiply the scores to get a risk rating. Hazards that exceed a defined threshold are deemed significant and require a formal control measure.

Here is a practical example. Suppose you are producing fresh pasta. At the raw egg intake step, you identify Salmonella as a biological hazard. Severity is high (3) because Salmonella can cause serious illness, particularly in vulnerable groups. Likelihood before controls is medium (2) because contamination of raw eggs is a known and documented occurrence. Risk score is 6, which exceeds your threshold of 4, so this hazard is deemed significant and requires a formal control measure.

Document your rationale for every assessment decision, not just the significant ones. An auditor will want to see that you thought carefully about hazards you dismissed as non-significant, not just the ones you flagged.

Step 6: Determine Control Measures and Classify Them

For every significant hazard, you need to select one or more control measures that will prevent, eliminate, or reduce the hazard to an acceptable level. ISO 22000 then requires you to classify each control measure into one of two categories:

Critical Control Points (CCPs)

A CCP is a step in the process where a control measure can be applied and is essential to prevent or eliminate a food safety hazard or reduce it to an acceptable level. Classic examples include a cooking step that destroys pathogens, a metal detection step that removes metal fragments, or a pasteurisation step for liquid products. CCPs have critical limits, monitoring procedures, corrective actions, and verification activities associated with them.

Operational Prerequisite Programmes (OPRPs)

An OPRP is a control measure that manages a significant hazard but does not meet the strict definition of a CCP. It may be a step where the hazard can be reduced but not fully eliminated, or where monitoring is less precise. Examples include allergen segregation procedures, temperature controls during chilled storage, and supplier assurance programmes for raw materials.

The decision about whether a control measure is a CCP or an OPRP is made using a decision tree or equivalent logic tool. ISO 22000 does not mandate a specific decision tree, but your reasoning must be documented and defensible. The Codex Alimentarius HACCP decision tree is widely accepted and a good starting point.

For the Salmonella example from the previous step, the control measure would likely be the cooking step (a heat treatment that achieves a defined internal temperature). This would be classified as a CCP because it is the point where the hazard is eliminated, and you can apply precise monitoring with a critical limit (for example, a minimum internal temperature of 75 degrees Celsius).

Step 7: Establish Critical Limits, Monitoring, and Corrective Actions

For each CCP, you must define a critical limit. This is the boundary between safe and potentially unsafe. Critical limits must be measurable and scientifically validated. Common examples include minimum cooking temperatures, maximum chilling times, minimum pH levels, minimum water activity values, and maximum metal detector sensitivity settings.

Monitoring procedures specify how you will check that each CCP is under control during production. Define what is measured, how it is measured, how often, and who is responsible. Monitoring must be frequent enough to detect loss of control in time to prevent unsafe product from reaching consumers.

Corrective actions define what happens when a critical limit is breached. This includes what happens to the product that was produced while the process was out of control, how the process is brought back into control, and how the event is documented. Corrective actions must be documented every time a deviation occurs.

For OPRPs, you follow a similar but slightly less rigid structure. You define action criteria (rather than critical limits), monitoring procedures, and corrective actions. The difference is that OPRPs typically allow more flexibility in monitoring frequency and corrective action response.

Step 8: Establish Verification and Validation Activities

Verification answers the question: is the HACCP plan actually working? Validation answers a different but equally important question: does this control measure actually control the hazard it is supposed to control?

Validation should ideally happen before a control measure is implemented, or when significant changes are made. It might involve scientific literature, challenge testing, or regulatory guidance confirming that a particular cooking temperature destroys a specific pathogen.

Verification activities include internal audits of the HACCP system, review of CCP monitoring records, calibration of monitoring equipment, microbiological testing of finished product, and review of customer complaints. These activities confirm that the system is functioning as designed.

This is an area where many businesses do the minimum. A strong verification programme will catch drift in your system before it becomes a non-conformance in a certification audit. If you are not sure how to structure your verification activities, this is a good area to discuss with a food safety consultant before your audit.

Step 9: Document Everything

ISO 22000 has specific documentation requirements for the hazard analysis. You need to retain documented information showing the hazard identification and assessment, the rationale for classifying control measures as CCPs or OPRPs, critical limits and their validation basis, monitoring procedures and records, corrective action records, and verification results.

Good documentation is not about producing volumes of paperwork. It is about creating a clear, logical record that demonstrates your system is based on sound science and is being actively managed. An auditor reviewing your hazard analysis documentation should be able to follow your reasoning from the product description through to the control measures without needing you to explain every decision verbally.

If you are building your food safety management system from scratch and want to understand how the broader certification process works, the seven steps to achieve ISO certification is a useful reference for the overall journey.

Common Mistakes That Will Cost You at Audit

After years of auditing food businesses, the same mistakes come up repeatedly. Here are the ones most likely to result in a major non-conformance during your ISO 22000 certification audit:

Flow diagram not verified on-site. The diagram exists on paper but does not match what actually happens on the floor.
Hazard list is incomplete. Allergens are frequently missed, as are chemical hazards from packaging or processing aids.
Risk assessment scores are not justified. Numbers appear without any documented rationale for why a particular severity or likelihood rating was assigned.
Critical limits are not validated. The team chose a temperature or time value without scientific evidence to support it.
Monitoring records are incomplete or falsified. Gaps in monitoring records or records that look too perfect are a red flag for auditors.
Corrective actions are reactive but not systematic. The team fixes the immediate problem but does not investigate root cause or prevent recurrence.

If you are unsure whether your hazard analysis is audit-ready, consider using the internal audit process to test it before your certification audit. A well-run internal audit of your HACCP plan will surface gaps that are far better found internally than by an external auditor.

How CertBetter Can Help

A thorough hazard analysis requires food safety expertise, knowledge of your specific product category, and experience with what ISO 22000 auditors actually look for. If you are building your food safety management system and want to make sure your hazard analysis is genuinely robust, working with a qualified food safety consultant is worth the investment.

CertBetter connects food businesses with verified ISO 22000 consultants and accredited certification bodies. Submit one form and receive up to three competing quotes from vetted providers who understand the food industry. The service is completely free for businesses seeking certification help. If you want to understand what ISO 22000 certification costs before you start, that is a good first step before reaching out to providers.