Planning Your FSSC 22000 V7 Transition in 90 Days

A 90-day action plan for transitioning your food safety system from FSSC 22000 V6 to V7. Week-by-week tasks, documentation updates, and team preparation.

FSSC 22000 Version 7 was published in May 2026. If your organisation is currently certified to Version 6, the clock is running. Your certification body will communicate the official upgrade deadline — and once it arrives, all audits will be conducted against V7 requirements only.

The good news is that 90 days is enough time to do this properly, if you work systematically. This guide breaks the transition into week-by-week tasks so you know exactly what to do, in what order, and why each step matters.

Before You Start: Assess Where You Stand

Before you open a single procedure, you need to know what has actually changed between V6 and V7. The two biggest structural shifts in V7 are:

1. The PRP standard has changed. V7 replaces the old sector-specific ISO 22002 parts (ISO 22002-1 for food manufacturing, ISO 22002-4 for packaging, and so on) with a new umbrella standard: ISO 22002-100:2025. This is not a cosmetic update — it is a fully rewritten PRP framework covering the entire food, feed and packaging supply chain. Your PRPs need to be reviewed against ISO 22002-100:2025 and the applicable sector sub-part (e.g., ISO 22002-1:2025 for food manufacturing).
2. The FSSC Additional Requirements have been strengthened. Several clauses that existed in V6 now carry more specific obligations — particularly around food safety culture (§2.5.8), quality control (§2.5.9), allergen management (§2.5.6), environmental monitoring (§2.5.7), and food fraud mitigation (§2.5.4).

Your starting point is a formal gap assessment: go through each V7 additional requirement clause by clause and record whether your current system fully meets it, partially meets it, or has no coverage at all. Be ruthless. Partial compliance is non-compliance at an audit.

Use a simple three-column table: Clause | Current Status | Action Required. This becomes your master transition tracker for the next 90 days.

Weeks 1–2: Documentation Review — Which Procedures Need Updating

Your gap assessment tells you what is missing. Weeks 1–2 are about translating that into a concrete document register and getting the right people assigned to each update.

Start by listing every controlled document in your FSMS and mapping it to the V7 clauses it is meant to satisfy. Common documents that will need revision under V7 include:

• All PRP procedures — these must now reference ISO 22002-100:2025 and the applicable sub-part rather than the old ISO 22002-1 (or 22002-4, etc.)
• The food safety culture plan (§2.5.8) — in V7 this must be a standalone documented plan with defined targets, timelines, and a performance measurement component
• The quality policy and objectives (§2.5.9) — V7 now requires a documented quality policy and measurable quality objectives that are separate from your food safety objectives and linked to management review
• The allergen management plan (§2.5.6) — V7 requires documented validation and verification of allergen control measures, with risk-based verification testing where multiple allergen profiles are produced in the same area
• The food fraud mitigation plan (§2.5.4) — competence of the personnel maintaining this plan must now be explicitly demonstrated
• The environmental monitoring procedure (§2.5.7) — a formal trigger-based review requirement has been added

By the end of Week 2, every affected document should have an owner, a target revision date, and a sign-off workflow. Do not start writing yet — confirm scope first.

Weeks 3–4: Food Safety Culture Programme Update

Food safety culture is the most misunderstood requirement in the FSSC additional requirements — and V7 has made it harder to bluff.

Under §2.5.8 of V7, senior management must establish, implement and maintain food safety and quality culture objectives as part of the management system. The following elements must all be addressed:

• Communication — how food safety and quality messages are communicated across the organisation
• Training — structured, documented, role-appropriate training that goes beyond induction
• Employee feedback and engagement — a mechanism for workers to raise food safety concerns, with evidence that feedback is received and acted on
• Performance measurement of defined activities — this is where most V6 systems fall short; you need measurable KPIs tied to culture activities, not just compliance outputs

These elements must be backed by a documented food safety and quality culture plan with specific targets and timelines. The plan must be included as an input to management review. Auditors will look for evidence that senior management is actively driving culture, not delegating it to the food safety team.

What to do in Weeks 3–4:

• Draft or update the food safety and quality culture plan with named objectives, measurable targets, timelines, and named responsible persons
• Ensure at least one culture-related KPI is on your management review agenda
• Gather evidence of existing culture activities (toolbox talks, walkabouts, feedback mechanisms) and check they are documented
• If your current culture programme is thin, design a minimum of two new activities — for example, a monthly food safety question in team meetings, or a near-miss reporting system — and add them to the plan with start dates
• Brief senior leadership: they need to be able to speak to culture objectives under audit, not just point to a document

Weeks 5–6: Supply Chain and Supplier Management Updates

V7's new PRP framework under ISO 22002-100:2025 significantly strengthens expectations around supplier management. The audit report requirements in Annex 2 are explicit: auditors must provide an overview of the supplier approval programme including supplier risk assessment, and how it is controlled, monitored, and reviewed.

This goes beyond having an approved supplier list. V7 requires evidence that:

• Suppliers are assessed using a risk-based methodology, not simply approved on the basis of a certificate or a questionnaire returned
• Incoming material inspection requirements are defined, including frequency, vehicle inspection, and what to do when materials do not conform
• Temperature records are maintained as documented information where applicable
• For FII (broker/trader) subcategory organisations: suppliers must have both a food defense plan and a food fraud mitigation plan in place — this is an explicit additional requirement under §2.5.3(c) and §2.5.4(c)

What to do in Weeks 5–6:

• Review your supplier approval procedure against ISO 22002-100:2025 clause 10 requirements
• Check that your supplier risk assessment methodology is documented and applied consistently — not just for new suppliers but as part of ongoing supplier reviews
• Ensure incoming materials inspection records are being maintained and that non-conforming material procedures are current
• If you supply or broker food and operate under subcategory FII: contact key suppliers and obtain confirmation that their food defense and food fraud plans are in place; record this as part of your supplier files

Weeks 7–8: Food Fraud and Allergen Management Review

These two areas are among the most audit-intensive in V7, and both require documented evidence of validation, verification, and competence.

Food Fraud Mitigation (§2.5.4)

V7 requires that the vulnerability assessment and mitigation plan are developed and maintained by personnel with appropriate knowledge and competence. At audit, your team must be able to demonstrate that competence — not just produce the document. The plan must cover processes and products within the certification scope and be integrated with the FSMS.

Review your food fraud vulnerability assessment:

• Was it conducted using a defined methodology? (If not, this is a gap.)
• Does it cover the full supply chain, not just on-site activities?
• Is it current, and does it reflect recent changes in products, suppliers or processes?
• Can the person responsible for it demonstrate that they understand the methodology?

Allergen Management (§2.5.6)

V7's allergen requirements are among the most detailed in the scheme. The documented allergen management plan must include all of the following:

• A complete list of allergens on site, including raw materials and finished products
• A risk assessment covering all potential cross-contamination sources
• Identified control measures with documented validation and verification
• Where multiple allergen profiles are produced in the same area: risk-based verification testing (surface testing, air sampling and/or product testing)
• Precautionary labelling used only where the risk assessment confirms residual risk after all controls are implemented — applying a "may contain" label does not remove the obligation to test
• Training records for all personnel in allergen awareness and their area-specific controls
• Annual review of the plan, plus trigger-based reviews after recalls, withdrawals, or emerging industry contamination trends

Weeks 7–8 actions:

• Pull your current allergen management plan and score it against each sub-clause of §2.5.6 — document any gaps
• Confirm that validation records exist for all allergen control measures
• Check that verification testing frequency is documented and risk-based, not arbitrary
• Review training records: are they specific enough to show that each worker understands the allergen controls relevant to their role?
• Update your food fraud vulnerability assessment if it has not been reviewed since your last audit, or since any significant change in your supply chain

Weeks 9–10: Environmental Monitoring Programme Alignment

Environmental monitoring (§2.5.7) applies to food chain subcategories BIII, C, I and K. If your category falls outside these, document the basis for not applying this requirement.

If it applies to you, V7 has strengthened this requirement significantly compared to V6. You need:

• A risk-based environmental monitoring programme covering pathogens, spoilage organisms, and indicator organisms — all three, not just pathogens
• A documented procedure for evaluating the effectiveness of all controls on preventing environmental contamination, including at minimum an evaluation of microbiological controls
• Collected and trended data from environmental monitoring activities — trend analysis is explicit, not implied
• A programme review at minimum annually, plus trigger-based reviews when any of the following occur: significant changes to products, processes, or legislation; an extended period with no positive results (which may indicate inadequate sampling rather than a clean environment); a trend of out-of-specification microbiological results in intermediate or finished products linked to the environment; a repeat detection of pathogens during routine monitoring; product alerts, recalls or withdrawals from your facility

Weeks 9–10 actions:

• Review your EMP against the updated requirements — check that pathogen, spoilage, and indicator organisms are all addressed in your sampling plan
• Confirm that trend analysis is being performed and documented, and that results are being used to adjust the programme when needed
• Verify that the trigger-based review criteria are formally incorporated into your EMP procedure
• Ensure your sampling criteria and frequency are documented as risk-based decisions, not habits from the previous audit cycle

Weeks 11–12: Internal Audit Against V7, Management Review, Team Training

By Week 11, your updated documentation should be largely in place. Now you need to verify it works.

Internal audit against V7

Run a full internal audit using the V7 additional requirements as your checklist. Do not audit against your old V6 checklist — this defeats the purpose. Your internal auditors need to be familiar with the V7 changes before they conduct this audit.

If your internal auditors have not yet been trained on V7, this is the critical path item for Weeks 11–12. Train them first, then audit.

The internal audit must cover all FSSC additional requirements clauses, including:

• §2.5.1 (Laboratories and use of external laboratories)
• §2.5.2 (Labelling)
• §2.5.3 (Food defense)
• §2.5.4 (Food fraud mitigation)
• §2.5.5 (Logo use — check if this applies to your communications)
• §2.5.6 (Allergen management)
• §2.5.7 (Environmental monitoring — if applicable)
• §2.5.8 (Food safety and quality culture)
• §2.5.9 (Quality control)
• §2.5.10–2.5.14 (Applicable category-specific requirements)

Under V7, quality elements as defined in §2.5.9 must be included within the scope of the internal audit. If your internal audit has historically focused only on food safety clauses, this is a gap you need to close now.

Management review

Your management review must include the food safety and quality culture plan as an agenda item — this is a V7 requirement. It must also include quality control results as a formal input, in addition to the standard ISO 22000:2018 management review inputs.

If your management review is not yet scheduled within your transition window, schedule it now. Evidence of a management review conducted under V7 requirements will be expected at your upgrade audit.

Team training

Every person whose procedure or responsibility has changed needs to be trained on the change before your upgrade audit. Record the training: who was trained, what was covered, when, by whom, and how understanding was confirmed. A training register alone is not sufficient evidence — you need to show the content of what was trained.

Week 13: Final Readiness Check and Audit Preparation

This week is for verification, not implementation. If you are still implementing controls in Week 13, you are not ready for an upgrade audit.

Work through the following readiness checks:

Documentation

• All updated procedures are at the correct version, approved, and distributed
• Old version documents have been removed from circulation
• Document references in procedures cite the correct standards (ISO 22002-100:2025 and applicable sub-part, not the old ISO 22002-1:2009 etc.)

Records

• Environmental monitoring trend analysis records are current
• Allergen verification testing records are available and within frequency
• Supplier approval records reflect the risk-based review process
• Food safety culture plan activities have been implemented and records are available
• Management review minutes include the required V7 inputs

People

• All staff with procedure ownership can explain their V7 responsibilities
• Senior management can articulate the food safety and quality culture objectives
• Internal auditors have been trained and have conducted the V7 internal audit
• The food fraud vulnerability assessment and allergen management plan owners can demonstrate competence

Audit logistics

• Your certification body has been notified that you are ready for an upgrade audit
• An upgrade audit date has been agreed — note that upgrade audits follow the requirements issued by the Foundation and your CB will advise on the specific format and duration
• A successful upgrade audit results in a reissued certificate

If you find gaps during your Week 13 readiness check, do not proceed to the upgrade audit. Close the gaps, allow time for implementation evidence to accumulate, and reschedule.

What Happens If You Miss the Transition Deadline

The Foundation FSSC issues upgrade instructions to certification bodies. Once the mandatory transition deadline passes, all audits — including your regular surveillance or recertification audit — will be conducted against V7. If your system has not been transitioned and your audit is conducted against V7, any missing V7 requirements will result in nonconformities.

Nonconformity consequences under the scheme:

• A minor nonconformity must be closed with a root cause analysis and corrective action plan submitted to the CB. Evidence of corrective action is submitted and reviewed.
• A major nonconformity must be closed within 28 calendar days from the last day of the audit. If it cannot be closed within that timeframe, your certificate will be suspended.
• A critical nonconformity results in immediate certificate suspension within 3 working days. If the critical nonconformity is not effectively resolved within 6 months, your certificate will be withdrawn.

Certificate suspension has immediate commercial consequences. Most retailer and customer contracts require an active, unsuspended food safety certification as a condition of supply. Suspension can trigger contract review, listing removal, or supply chain disruption.

The better risk management decision is to start your transition now, work the 90-day plan, and arrive at your upgrade audit with a fully implemented system — not paperwork that has never been tested in practice.

*This article covers FSSC 22000 Version 7.0, published May 2026. Always verify current transition deadlines and upgrade audit requirements directly with your certification body and the FSSC Foundation.*