FSSC 22000 Version 7 was published in May 2026. This guide breaks down what changed, what it means for quality managers in food and beverage, and what to do before upgrade audits begin in May 2027.
Maikel Fontein
10 min
min
FSSC 22000 Version 7 was published in May 2026. If your organization is certified, the transition clock has started.
You have until April 2027 before V6 audits close. Upgrade audits run from May 2027 to April 2028. Organizations that have not completed their upgrade by the end of that window will have their certificates withdrawn from the public register.
That is enough time to prepare well, but not enough time to leave it until it feels urgent. This guide breaks down what actually changed in V7, which changes require the most work from quality teams in food and beverage, and what to prioritize between now and your upgrade audit.
What you need to know at a glance:
V7 published: May 2026
Last V6 audits: 30 April 2027
V7 upgrade window: 1 May 2027 to 30 April 2028
Core change: new PRP standards (ISO 22002-x:2025 series) replace the previous 2009 to 2013 documents entirely
Why Version 7 Was Developed
The Foundation FSSC identifies five drivers behind V7.
The most structurally significant is the adoption of the new ISO 22002-x:2025 series on prerequisite programs. The previous PRP standards dated from 2009 to 2013 and had become fragmented and inconsistent across sectors. The 2025 series introduces a unified structure that is more globally applicable and easier to audit consistently.
The other four drivers: alignment with GFSI Benchmarking Requirements 2024, strengthened sustainability requirements linked to the UN Sustainable Development Goals, a more defined structure for food chain subcategories, and editorial improvements.
ISO 22000:2018 remains the food safety management system backbone. V7 does not adopt a revised version of ISO 22000. What changes entirely is the normative PRP layer underneath it.
The Biggest Structural Change: The New PRP Architecture
For most certified organizations, understanding the new PRP structure is the starting point for everything else.
ISO 22002-100:2025: the new shared backbone
V7 introduces ISO 22002-100:2025, an entirely new horizontal standard published in July 2025 that applies to all food chain categories alongside the relevant sector-specific PRP standard. It consolidates the cross-cutting PRP topics that previously appeared separately in each sector document.
ISO 22002-100 covers: buildings and facilities, utilities, pest control, waste and food loss management, equipment, purchased materials, storage and transport, contamination prevention, cleaning and disinfection, personal hygiene, product information, and food defense and food fraud, which now have a formal home in the PRP standard (supplemented by FSSC Additional Requirements 2.5.3 and 2.5.4).
What this means in practice
If you are a food manufacturer certified under FSSC 22000, you previously worked to ISO/TS 22002-1:2009 as your PRP standard. Under V7, you must now demonstrate conformance to both ISO 22002-100:2025 AND ISO 22002-1:2025. These are not minor updates to the same document. They are substantially reworked standards with new requirements, new clause structures, and new topics.
Your auditor will evaluate both separately, with dedicated checklist sections for each in the V7 audit report. A gap analysis against both documents is the first practical step every certified organization should take.
Updated sector standards
All sector PRP standards have been updated for 2025. The key changes for food manufacturers in Categories BIII, C, and K (ISO 22002-1:2025) include expanded contamination prevention requirements covering allergen, microbiological, physical, and chemical hazards, updated rework controls, and new requirements for boiler chemical management.
Packaging manufacturers (Category I, ISO 22002-4:2025) face new controls for recycled, nano, and plant-based incoming materials, a distinct migration clause requiring hazard-based controls, and more explicit sharps controls.
A new standard, ISO 22002-7:2025, has been introduced for retail, wholesale, and e-commerce (Category FI). This is the first sector PRP standard for this category.
The Five Changes That Require the Most Work From Quality Teams
1. Allergen Management: Significantly Tightened
Allergen management is one of the most substantially strengthened areas in V7. The changes are specific and operational.
Verification testing is now explicitly required for facilities producing multiple products with different allergen profiles in the same area. The type and frequency must be risk-based and can include surface swabs, air sampling, and product testing.
Precautionary labels cannot substitute for controls. V7 makes this unambiguous. A "may contain" label may only be used where a risk assessment confirms that cross-contamination risk remains even after all available controls have been implemented. Using a warning label to avoid implementing controls is not compliant under V7.
All personnel must now receive both allergen awareness training and specific training on the allergen control measures relevant to their area of work. This extends beyond the food safety team.
Annual review is now trigger-based. In addition to the regular review, the allergen management plan must be reviewed following any allergen-related recall or withdrawal, significant process changes, or industry trend alerts for similar products. Review must include evaluation of control measure effectiveness and trending of verification data.
If your facility runs shared lines across different allergen profiles, this section alone warrants a dedicated review before your upgrade audit.
2. Food Fraud and Food Defense: Competence Now Explicit
Both food fraud mitigation (2.5.4) and food defense (2.5.3) have been strengthened in the same direction: the people responsible for developing and maintaining these plans must now demonstrably have the competence to do so.
V7 adds an explicit competence requirement. It is no longer sufficient to have a vulnerability assessment and mitigation plan in place. You must be able to show that the personnel who developed and maintain it have appropriate knowledge and training.
Both plans must also be fully integrated into the FSMS, not maintained as standalone documents. Auditors will look for evidence that food fraud and food defense are embedded in the wider food safety management system.
For organizations in Category FII (brokers and traders), V7 adds a supply chain obligation: you must ensure your suppliers have food defense and food fraud mitigation plans in place.
3. Food Safety and Quality Culture: Measurable Targets Now Required
The culture requirement has been elevated and renamed. It is now formally "Food Safety and Quality Culture" (2.5.8), explicitly incorporating quality alongside food safety.
The plan must address four minimum elements: communication, training, employee feedback and engagement, and performance measurement. It must have documented targets and timelines. It must be an input to management review.
The practical shift: a general commitment to food safety culture is no longer sufficient. V7 requires a structured plan with measurable outcomes that can be tracked and reviewed. If your current culture plan is a policy statement or a set of principles without targets, it needs to be rebuilt before your upgrade audit.
4. Food Loss and Waste: Policy Must Have Measurable Targets
Food loss and waste (2.5.16) has been in FSSC since Version 5.1, but V7 tightens what is required. A general commitment to reducing food loss and waste is not enough.
V7 requires a documented policy with measurable objectives, defined targets, and timelines, covering both the organization's own operations and its related supply chain. The policy must be traceable to the UN Sustainable Development Goals, which are now formally embedded in the Scheme's objectives.
Organizations that have a basic FLW policy in place should review whether it includes specific, measurable targets with timelines. If it does not, it will not meet V7 requirements.
5. Climate Change: Now Formally Audited
This is a change that catches many teams off guard. Under V7, the audit report template explicitly requires auditors to confirm that the organization has determined whether climate change is a relevant issue and whether requirements related to climate change from relevant interested parties have been considered.
This does not require a full climate risk assessment. But it does require that your organization has documented its position: whether climate change is material to your FSMS, and what requirements from customers, regulators, or other stakeholders you have taken into account. If this is not addressed in your context of organization analysis under ISO 22000:2018 Clause 4.1, it needs to be.
Other Notable Changes Worth Knowing
Quality Control (2.5.9) has been formalized: quality policy and objectives must now be established explicitly, quality parameters set for all products within scope, and quality results used as management review input. Quality must also be included within the scope of internal audits.
Transport and stock rotation (2.5.10): FEFO (First Expired, First Out) is now formally required alongside FIFO. Stock rotation procedures must address both. Organizations using tankers for finished product must implement a documented risk-based tanker cleaning plan including cleaning validation and a pre-load cleanliness assessment.
Equipment management (2.5.15): Purchase specifications must now be documented before installation, and a risk-based change management process is required for new and modified equipment.
Packaging design (2.5.13): Organizations designing primary packaging must factor in four principles: product protection, shelf-life extension, minimization of food loss and waste, and clear consumer communication on handling and storage.
ICT hybrid audits (Annex 5): The hybrid remote and on-site audit approach is now formally embedded in the Scheme. Stage 2 initial certification must be full on-site. Surveillance and recertification may use the ICT approach, with a minimum of 50% on-site time and a maximum 30-day gap between the remote and on-site components.
Sub(sub)categories: V7 introduces a new sub(sub)category layer for auditor qualification. This affects Certification Bodies' auditor requalification requirements, with deadlines tied to the May 2027 upgrade audit start date.
The V7 Gap-Check Checklist
Use this before your upgrade audit to identify where work is needed.
PRP Structure |
|---|
✔ Have you identified which ISO 22002-x:2025 standards apply to your scope (ISO 22002-100:2025 plus your sector-specific standard)? |
✔ Have you conducted a gap analysis against both ISO 22002-100:2025 and your updated sector PRP? |
✔ Have you mapped current procedures to the new clause structure and identified where requirements have moved, changed, or been added? |
Allergen Management (2.5.6) |
|---|
✔ If you run shared lines with different allergen profiles, do you have a risk-based verification testing program (surface swabs, air, or product testing) in place? |
✔ Have you reviewed your use of precautionary "may contain" labels against the V7 requirement that they can only be used where residual risk remains after all controls are applied? |
✔ Have all personnel received allergen awareness training AND role-specific allergen control training? |
✔ Does your allergen management plan have documented mandatory review triggers (recall, withdrawal, significant changes, industry alerts)? |
✔ Are verification testing results being trended and used as review input? |
Food Fraud and Food Defense (2.5.3 and 2.5.4) |
|---|
✔ Can you demonstrate that the personnel responsible have documented competence in food fraud and food defense? |
✔ Are both plans fully integrated into your FSMS, not maintained as standalone documents? |
✔ If you are Category FII, have you confirmed that your suppliers have food fraud mitigation and food defense plans in place? |
Food Safety and Quality Culture (2.5.8) |
|---|
✔ Does your culture plan address all four required elements: communication, training, employee feedback, and performance measurement? |
✔ Does the plan include documented targets and timelines? |
✔ Is the culture plan an input to your management review? |
Food Loss and Waste (2.5.16) |
|---|
✔ Does your FLW policy include specific measurable targets with defined timelines, not just a general commitment? |
✔ Does it cover the supply chain, not just internal operations? |
Climate Change (ISO 22000:2018 Cl. 4.1) |
|---|
✔ Have you documented whether climate change is a relevant issue for your FSMS? |
✔ Have you identified climate-related requirements from customers or regulators and addressed them in your context of organization analysis? |
Quality Control (2.5.9) |
|---|
✔ Are quality policy and objectives formally established and documented? |
✔ Are quality parameters set for all product groups within certification scope? |
✔ Are quality results analyzed and used as management review input? |
✔ Does your internal audit scope include quality elements? |
Stock Rotation and Transport (2.5.10) |
|---|
✔ Does your stock rotation procedure address both FIFO and FEFO? |
✔ If you use tankers for finished product, do you have a documented tanker cleaning plan with validation and pre-load assessment? |
Equipment Management (2.5.15) |
|---|
✔ Are purchase specifications documented before new equipment is installed? |
✔ Do you have a risk-based change management process for new and modified equipment? |
Packaging Design (2.5.13, where applicable) |
|---|
✔ If your organization designs primary packaging, do your new product development and packaging change processes incorporate the four V7 design principles? |
The Transition Timeline
What Happens to Customer Questionnaires During a Version Transition
One thing that does not get enough attention in transition guides is what happens to the incoming questionnaire load when a certification scheme releases a new version.
When FSSC 22000 moves to a new version, the questions your customers and retail partners ask about your certification change too. Requests start arriving: Which version are you certified to? Have you completed your V7 upgrade audit? What is your current allergen verification testing approach? Do you have a documented food loss and waste policy with measurable targets?
These questions land in the same inboxes as every other compliance request, from Quality, ESG, and Technical teams already managing high volumes of incoming work. A version transition does not pause that flow. It adds a new category of questions on top of everything else. We wrote about this pattern in more detail here: Why food safety questionnaires are so common, and so frustrating.
This is where having your documentation in order pays off in a very practical way. When your procedures, policies, and evidence are stored in one place, version-controlled, and consistent, responding to V7-related customer requests is faster and more reliable. Your team is not rebuilding answers from scratch for each customer or portal format. The evidence behind your allergen management update, your new food safety and quality culture targets, your FLW policy, it is there, traceable, and ready.
That is what maintaining quality documentation well makes possible. And it is what Passionfruit is built to support: giving Quality and ESG teams a single place to store, manage, and reuse verified answers across every customer format, so the work done during a transition like this does not have to be repeated every time someone sends a questionnaire.
Where to Start
If you are FSSC 22000 certified and have not yet begun your V7 preparation, here is the practical order:
Download the V7 scheme documents from the official FSSC website
Obtain ISO 22002-100:2025 and your sector-specific 2025 standard from your National Standards Body
Work through the gap-check above against your current procedures
Prioritize allergen management, food fraud and food defense competence, culture plan, and FLW policy. These require the most substantive updates.
Contact your Certification Body to understand when your upgrade audit will fall within the May 2027 to April 2028 window
Monitor the FSSC insights page for interpretation articles and Board of Stakeholders decision updates as the transition progresses
The upgrade audit window is 12 months. Most organizations will be competing for CB slots during the same period. Starting early gives you scheduling flexibility.
