What is the primary objective of ISO 22000?

ISO 22000 establishes, implements, maintains, and continually improves a Food Safety Management System (FSMS) to provide safe products and services. It enables organizations to prevent, eliminate, or reduce food safety hazards to acceptable levels, demonstrate compliance with statutory, regulatory, and customer requirements, and facilitate effective internal/external communication across the food chain. Published June 19, 2018, the standard integrates HACCP principles with a High-Level Structure (HLS) featuring two PDCA cycles: organizational for governance and operational (Clause 8) for PRPs, hazard analysis, CCPs/OPRPs, traceability, verification, and recall.

Who is legally or professionally required to comply with ISO 22000?

No organization is legally required to comply with ISO 22000, as it is a voluntary international standard. It applies professionally to any entity directly or indirectly in the food chain, including primary producers, feed/animal food producers, processors, packaging providers, transport/storage operators, retailers, caterers, and service providers affecting food safety. Certification demonstrates FSMS assurance to customers, regulators, and markets, often mandated by contracts or GFSI schemes like FSSC 22000.

Does ISO 22000 require an external audit or third-party certification?

ISO 22000 requires internal audits but external audits and third-party certification are voluntary. Clause 9.2 mandates risk-based internal audits to verify FSMS conformity and effectiveness. Certification by accredited bodies follows ISO/IEC conformity standards: Stage 1 (readiness), Stage 2 (implementation), annual surveillance, and recertification every three years. Certification confirms Clause 4–10 compliance across leadership, PRPs, hazard control plans, and improvement.

How often should an assessment for ISO 22000 be performed?

ISO 22000 requires internal audits at planned intervals, typically risk-based and at least annually. Clause 9.2 specifies audits to evaluate FSMS suitability, adequacy, and effectiveness, focusing high-risk processes (e.g., CCPs/OPRPs, allergens) more frequently. Management reviews (Clause 9.3) occur regularly, using audit results, monitoring data, and nonconformities. Verification of controls (Clause 8) is ongoing, with full FSMS reassessments tied to changes in context, processes, or performance.

What are the consequences of non-compliance with ISO 22000?

Non-compliance with ISO 22000 results in certification denial, suspension, or withdrawal by accredited bodies. Internally, it risks food safety failures like contamination, recalls, regulatory fines under local laws (e.g., EU EC 852/2004), litigation, brand damage, and supply chain exclusion. Audits identify major nonconformities requiring correction within specified timeframes (e.g., 14 days), with uncorrected issues preventing certification. System gaps undermine hazard control, traceability, and continual improvement (Clause 10).

Can ISO 22000 be mapped to other international frameworks?

Yes, ISO 22000:2018 aligns with the High-Level Structure (HLS) shared by other ISO management system standards. Its Clauses 4–10 enable integration with frameworks using Annex SL, facilitating combined audits and reduced duplication in governance, risk planning (Clause 6), and performance evaluation. It forms the foundation for GFSI schemes like FSSC 22000, incorporating all ISO 22000 requirements plus sector PRPs (ISO/TS 22002 series).

What is the first step to begin implementing ISO 22000?

The first step is defining the FSMS scope and understanding organizational context per Clause 4. Identify internal/external issues, interested parties' requirements, and boundaries (products, sites, processes, outsourcing). Form a cross-functional food safety team, conduct a gap analysis against Clauses 4–10, and secure leadership commitment for a food safety policy (Clause 5). This establishes the foundation before PRPs and hazard analysis (Clause 8).

What is the primary objective of AS9100?

AS9100 establishes a quality management system (QMS) for aviation, space, and defense organizations to ensure product safety, configuration integrity, and supply chain reliability. It builds on ISO 9001:2015 with over 100 aerospace-specific requirements in Clauses 4–10, emphasizing operational controls like configuration management (8.1.2), product safety (8.1.3), and counterfeit parts prevention (8.1.4). The standard drives risk-based thinking across enterprise (Clause 6.1) and operational levels (8.1.1), reducing quality escapes in high-consequence environments.

Who is legally or professionally required to comply with AS9100?

AS9100 applies to organizations designing, developing, manufacturing, or servicing aviation, space, and defense products and services. It targets manufacturers, material suppliers, design centers, and quality support organizations in the supply chain. Major OEMs and primes require certification as a business condition, with visibility via IAQG’s OASIS database; 96% of certified firms have under 500 employees, per AAQG data.

Does AS9100 require an external audit or third-party certification?

Yes, AS9100 mandates third-party certification through accredited bodies via Stage 1 (readiness) and Stage 2 (effectiveness) audits. Certification is maintained with annual surveillance audits and recertification every three years, using AS9101 audit guidance. Nonconformities require corrective action within 60–90 days, with evidence of process effectiveness.

How often should an assessment for AS9100 be performed?

AS9100 requires internal audits at planned intervals per Clause 9.2, plus annual surveillance audits post-certification. Management reviews occur periodically (Clause 9.3), and full recertification happens every three years. Risk-based scheduling prioritizes high-risk processes like Clause 8 operations.

What are the consequences of non-compliance with AS9100?

Non-compliance risks certification suspension, loss of OASIS listing, and exclusion from OEM supply chains. It leads to contract penalties, rework costs, product escapes, and safety incidents; systemic failures in configuration or counterfeit controls trigger major nonconformities and potential regulatory scrutiny in safety-critical sectors.

Can AS9100 be mapped to other international frameworks?

Yes, AS9100D aligns with ISO 9001:2015’s Annex SL 10-clause structure for integrated management systems. Its risk-based thinking (Clauses 6.1, 8.1.1) and process approach enable mapping to compatible frameworks sharing high-level structure, without clause exclusions undermining conformity.

What is the first step to begin implementing AS9100?

Conduct a gap analysis against AS9100D clauses to identify compliance gaps and prioritize remediation. Assemble a cross-functional team, define QMS scope (Clause 4.3) with justified non-applicabilities, and develop an implementation plan focusing on aerospace additions like product safety and supplier controls.

Standards Comparison

ISO 22000 vs AS9100

ISO 22000

Voluntary

2018

International standard for food safety management systems

AS9100

Mandatory

2016

International standard for aerospace quality management systems.

Quick Verdict

ISO 22000 ensures food safety via HACCP and FSMS for food chain organizations, while AS9100 extends ISO 9001 with aerospace controls like configuration and counterfeit prevention. Companies adopt them for certification, regulatory compliance, and supply chain market access.

Food Safety

ISO 22000

ISO 22000:2018 Food safety management systems

Cost

€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Adopts High-Level Structure for integrated management systems
Implements two nested PDCA cycles for governance and operations
Integrates HACCP principles with full management system discipline
Categorizes controls as PRPs, OPRPs, and CCPs systematically
Mandates interactive communication across entire food chain

Quality Management

AS9100

AS9100D:2016 Quality Management Systems Requirements

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Configuration management for product integrity
Product safety controls across lifecycle
Counterfeit parts prevention and detection
Operational risk management in processes
Enhanced supplier controls and traceability

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

ISO 22000 Details

What It Is

ISO 22000:2018 is an international certification standard for Food Safety Management Systems (FSMS). It applies to any organization in the food chain, providing a systematic framework to ensure safe food through hazard prevention, regulatory compliance, and effective communication. Built on a risk-based approach with two nested PDCA cycles—one for organizational governance and one for operational controls.

Key Components

High-Level Structure (HLS) aligning with ISO 9001/14001.
**Clauses 4-10Context, leadership, planning, support, operation (PRPs, HACCP, traceability), evaluation, improvement.
Core elements: PRPs, hazard analysis, CCPs/OPRPs, verification.
Certifiable via accredited bodies with staged audits.

Why Organizations Use It

Meets customer/regulatory demands; enables market access.
Reduces risks of recalls, contamination, legal issues.
Builds trust with stakeholders; supports GFSI schemes like FSSC 22000.
Drives efficiency, integration, continual improvement.

Implementation Overview

Phased approach: gap analysis, PRP development, hazard control planning, training, audits. Scalable for all sizes/industries in food chain; requires 6-18 months, internal audits, management reviews for certification.

AS9100 Details

What It Is

AS9100D:2016 is the international quality management system (QMS) standard for aviation, space, and defense organizations. It extends ISO 9001:2015 with over 100 aerospace-specific requirements, focusing on safety-critical integrity via a process-based, risk-based thinking approach across 10 clauses.

Key Components

Core pillars: operational controls (Clause 8), including configuration management (8.1.2), product safety (8.1.3), counterfeit parts prevention (8.1.4), and enhanced supplier management.
Built on ISO 9001's Annex SL structure; emphasizes lifecycle assurance, human factors, and traceability.
Certification via accredited third-party audits (Stage 1/2, annual surveillance, triennial recertification).

Why Organizations Use It

Required by OEMs/primes for market access and supply chain qualification.
Reduces defects, improves delivery, cuts costs; builds stakeholder trust via OASIS visibility.
Manages catastrophic risks in high-consequence industries.

Implementation Overview

Phased: gap analysis, process design, training, internal audits (6-18 months typical).
Applies to manufacturers, designers, MROs globally; cross-functional effort with digital tools recommended.

Key Differences

Aspect	ISO 22000	AS9100
Scope	Food safety management systems (FSMS) with HACCP integration	Aerospace quality management with product safety, configuration
Industry	Food chain organizations worldwide, all sizes	Aviation, space, defense suppliers globally
Nature	Voluntary ISO certification standard	Voluntary certification extending ISO 9001
Testing	Internal audits, management review, certification audits	Stage 1/2 audits, surveillance, OASIS database
Penalties	Loss of certification, market exclusion	Certification loss, supplier disqualification

Scope

ISO 22000

Food safety management systems (FSMS) with HACCP integration

AS9100

Aerospace quality management with product safety, configuration

Industry

ISO 22000

Food chain organizations worldwide, all sizes

AS9100

Aviation, space, defense suppliers globally

Nature

ISO 22000

Voluntary ISO certification standard

AS9100

Voluntary certification extending ISO 9001

Testing

ISO 22000

Internal audits, management review, certification audits

AS9100

Stage 1/2 audits, surveillance, OASIS database

Penalties

ISO 22000

Loss of certification, market exclusion

AS9100

Certification loss, supplier disqualification

Frequently Asked Questions

Common questions about ISO 22000 and AS9100

ISO 22000 FAQ

AS9100 FAQ

You Might also be Interested in These Articles...

From Reactive Gatekeeper to Proactive Strategist: How Compliance Software Reshapes the Compliance Professional's Day

Discover how compliance software automates monitoring, delivers real-time insights, and transforms compliance pros from reactive gatekeepers to proactive strate

CMMC Level 3 Implementation Guide: Integrating NIST SP 800-172 Enhanced Controls for APT Defense

Step-by-step CMMC Level 3 guide for DIB contractors. Implement 24 NIST SP 800-172 controls on Level 2. Prep for DIBCAC, C3PAO scoping & 180-day POA&Ms. Boost cy

From Data Fragments to Strategic Insight: Powering Intelligent Risk Management with Integrated Compliance Monitoring

Transform data fragments into strategic insights with integrated compliance monitoring. Automate real-time risk management, ensure GDPR & SOC 2 compliance, and

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Explore More Comparisons

See how ISO 22000 and AS9100 compare against other standards

Other ISO 22000 Comparisons

Other AS9100 Comparisons

What It Is

Key Components

Core pillars: operational controls (Clause 8), including configuration management (8.1.2), product safety (8.1.3), counterfeit parts prevention (8.1.4), and enhanced supplier management.

Built on ISO 9001's Annex SL structure; emphasizes lifecycle assurance, human factors, and traceability.

Certification via accredited third-party audits (Stage 1/2, annual surveillance, triennial recertification).

Aspect

ISO 22000

AS9100

Scope

Food safety management systems (FSMS) with HACCP integration

Aerospace quality management with product safety, configuration

Industry

Food chain organizations worldwide, all sizes

Aviation, space, defense suppliers globally

Nature

Voluntary ISO certification standard

Voluntary certification extending ISO 9001

Testing

Internal audits, management review, certification audits

Stage 1/2 audits, surveillance, OASIS database

Penalties

Loss of certification, market exclusion

Certification loss, supplier disqualification