What Changed in FSSC 22000 Version 7 for South African Manufacturers

FSSC 22000 V7 is the biggest update since V6. What changed in the additional requirements, what South African manufacturers need to update, and how to plan your transition.

FSSC 22000 Version 7 was published in May 2026. It is the most significant revision to the Scheme since Version 6 and affects every certified and certifying organisation in the food chain. If you hold FSSC 22000 certification — or are working toward it — the changes in V7 will affect what you document, how you are audited, and what your system must demonstrate.

This article works through V7 systematically: what changed, what it means for SA manufacturers, and how to plan your transition.

1. V7 at a Glance — Publication, Transition Window, and Who's Affected

Publication date: May 2026.

Who is affected: Every organisation seeking or maintaining FSSC 22000 certification across all food chain (sub)categories — from primary conversion and food manufacturing to storage, catering, packaging, and retail.

The upgrade audit process: FSSC 22000 issues upgrade requirements when there is a significant version change. Your certification body is required to follow these instructions, recalculate audit duration where applicable, and re-issue your certificate following a successful upgrade audit. Contact your CB for your specific upgrade timeline — transition windows are communicated through the FSSC Assurance Platform and certified organisation channels.

The four main drivers behind V7 are:

• Incorporating the newly revised ISO 22002-x series (2025 editions) on prerequisite programmes
• Aligning with GFSI Benchmarking Requirements 2024
• Strengthening requirements to support organisations in contributing to the Sustainable Development Goals (SDGs)
• A more defined structure for food chain (sub)categories

2. Updated Additional Requirements — What Specifically Changed

The FSSC 22000 Additional Requirements are the layer of requirements that sit on top of ISO 22000:2018 and the applicable ISO 22002 PRP standard. These are the requirements unique to FSSC certification — and V7 brings both new clauses and significant strengthening of existing ones.

Here is a summary of the key changes in the additional requirements (Part 2, clause 2.5):

Clause 2.5.3 — Food Defence (All Food Chain Categories)

Now explicitly requires the food defence threat assessment and food defence plan to be developed and maintained by personnel with appropriate knowledge and competence. The plan must be supported by the FSMS, comply with applicable legislation, and cover all processes and products within scope. Ingredient suppliers (subcategory FII) now also have a specific obligation to ensure their own suppliers have a food defence plan in place.

Clause 2.5.4 — Food Fraud Mitigation (All Food Chain Categories)

Mirroring the food defence requirements, the food fraud vulnerability assessment and mitigation plan must now be developed and maintained by competent personnel and actively supported by the FSMS. FII subcategory organisations must also verify their suppliers have food fraud mitigation plans.

Clause 2.5.8 — Food Safety and Quality Culture (All Food Chain Categories)

Significantly strengthened — see Section 3 below.

Clause 2.5.9 — Quality Control (All Food Chain Categories)

Requires a documented quality policy and measurable quality objectives aligned with ISO 22000:2018 clauses 5.2 and 6.2. Quality control parameters must be established for finished product specifications across all products or product groups in scope. Quality results must feed into management review, and quality elements must be included in the scope of internal audits. Line start-up and change-over procedures must be established to ensure labelling and packaging from a previous run have been cleared from the line before a new run begins.

Clause 2.5.12 — PRP Verification (Selected Food Chain Categories)

Applies to food chain (sub)categories BIII, C, D, E, FI, G, I, and K. Routine (e.g., monthly) site inspections and PRP checks are now required to verify that the site, production environment, and processing equipment are in a suitable condition to ensure food safety. Frequency and content must be risk-based with defined sampling criteria and linked to the relevant technical specification.

Clause 2.5.13 — Product Design and Development (Selected Food Chain Categories)

A documented product design and development procedure is now required for new products and changes to product or manufacturing processes. The procedure must address impact on the FSMS, hazard analysis updates (including allergens), process flow implications, resource and training needs, equipment requirements, and shelf-life validation. For categories BIII, C, D, and K, shelf-life trials are required to validate that formulation and processes can produce a safe product meeting customer requirements.

Clause 2.5.15 — Equipment Management (All Food Chain Categories, excluding FII) — NEW

A new clause requiring documented purchase specifications for new equipment, addressing hygienic design, legal and customer requirements, and intended use. Suppliers must provide evidence of meeting the specification before installation. A risk-based change management process for new or modified equipment must be established and documented, including evidence of successful commissioning and assessment of effects on existing systems.

Clause 2.5.16 — Food Loss and Waste (All Food Chain Categories, excluding I) — NEW

A new clause requiring a documented policy and objectives for reducing food loss and waste within the organisation and related supply chain. Objectives must be supported by measurable targets with defined timelines. Controls must be in place for donated products, surplus products, and by-products intended as animal feed. All processes must comply with applicable legislation and must not negatively impact food safety.

Clause 2.5.17 — Communication Requirements (All Food Chain Categories) — STRENGTHENED

Organisations must notify their certification body within three working days of serious events that impact the FSMS, legality, or certification integrity. This includes force majeure events, natural or man-made disasters, public food safety events (recalls, outbreaks), regulatory enforcement actions, legal proceedings, and fraudulent activities. This is a tightened notification window with direct consequence for certificate suspension if not followed.

3. Food Safety and Quality Culture Requirements Strengthened

Clause 2.5.8 has been substantially upgraded in V7 and is now one of the most closely scrutinised sections of the audit.

What V7 now requires:

Senior management must establish, implement, and maintain food safety and quality culture objectives as part of the management system, with sufficient resources allocated to maintain a positive culture. The objectives must address — as a minimum — four elements:

• Communication
• Training
• Employee feedback and engagement
• Performance measurement of defined activities covering all sections of the organisation impacting on food safety and quality

These objectives must be supported by a documented food safety and quality culture plan with targets and timelines. The plan must be included in management review and the continuous improvement process. There must be demonstrable commitment from all personnel to the production and safe handling of food.

What this looks like in an audit:

Auditors will look for more than a poster on the wall. They will sample evidence across departments — production, maintenance, warehousing, logistics, cleaning teams — that employees at all levels understand their role in food safety and quality. They will verify that culture objectives are tracked, that feedback mechanisms exist, that training is targeted (not just induction records), and that the management review includes culture performance as a standing agenda item.

Why it changed:

This strengthening is directly aligned with the GFSI Benchmarking Requirements 2024, which treat food safety culture as a core pillar of a mature food safety management system. The expectation is that culture is not a soft element but a measurable, managed, and auditable part of the FSMS.

4. Supply Chain Management Updates

Supply chain management under V7 continues under clause 2.5.1, but several changes across the scheme tighten how upstream risks are managed.

Key supply chain requirements to note:

Supplier management for laboratories: Where external laboratories are used for verification or validation of critical food safety parameters, the organisation must confirm those laboratories are ISO/IEC 17025 accredited. Where accreditation is absent, the organisation must demonstrate how the laboratory meets competency requirements through other means (e.g., proficiency testing programmes, regulatory-approved programmes).

Emergency procurement: There must be a documented procedure for emergency use of non-approved suppliers, and any such instance since the last audit must be disclosed to the auditor, including how the procedure was followed and whether product conformity was maintained.

Food defence and fraud in the supply chain: As noted under clauses 2.5.3 and 2.5.4, FII (ingredient) suppliers must now verify that their own suppliers have food defence and food fraud mitigation plans in place — pushing the requirement upstream.

Product specifications: Microbiological, physical, chemical, and allergen specifications for food safety must be based on appropriate scientific principles, particularly where relevant legislation is absent.

5. Multi-Site Certification Changes

V7 introduces clearer rules for organisations with multiple locations and off-site activities.

Off-site storage: Storage facilities at a different location may be included in the same certification as the main site, provided they are part of the same legal entity, under the same FSMS, and in the same country, and directly linked to storage of the site's own products.

Where an off-site storage facility also stores products for sister companies, Category G (storage and distribution) must be added to the main site certification. Where off-site storage is also provided to external customers (excluding sister companies), the arrangement no longer qualifies as an off-site activity and must be certified separately under Category G.

Certificate content: Certificates must now list all audited locations and the activities at each location — either on the certificate itself or as an annex. Audit reports must clearly reflect what was audited at each location with sufficient detail to identify site-specific findings.

Unannounced audits and secondary sites: During unannounced audits, secondary sites (off-site activities), off-site storage, warehouses, and distribution facilities must also be included in the audit scope.

Auditor rotation: An auditor may not perform more than two consecutive 3-year certification cycles at the same certified organisation, either as lead auditor or co-auditor. After six years, the auditor must be rotated out for at least one full FSSC 22000 audit before returning.

6. What Stayed the Same

Amidst the changes, the fundamental architecture of FSSC 22000 certification is unchanged.

ISO 22000:2018 remains the core food safety management system standard. V7 does not change which version of ISO 22000 applies. All requirements of ISO 22000:2018 — including hazard analysis, CCPs, OPRPs, management review, internal audit, and FSMS planning — continue unchanged.

The ISO 22002-x PRP standards remain the mandatory PRP layer for each food chain category. V7 updates these references to the 2025 editions of the ISO 22002-x series, including the new ISO 22002-100:2025 (applicable across the food, feed, and packaging supply chain). Organisations will need to verify that their PRP programmes align with the updated technical requirements in the 2025 editions.

The three-tier certification structure (ISO 22000 + ISO 22002 PRPs + FSSC Additional Requirements) is unchanged.

The 3-year certification cycle, audit types (Stage 1, Stage 2, surveillance, recertification, unannounced), and general audit planning framework are all retained.

7. Impact on SA Manufacturers — What You Need to Update

For South African manufacturers across food categories — processors, packhouses, beverage producers, bakeries, dairy operations, meat plants — the V7 requirements translate into specific system updates.

Documents you will need to create or revise:

• Food Safety and Quality Culture Plan — if your current system only has food safety culture objectives embedded in the management review, V7 requires a standalone documented plan with targets, timelines, and performance measurement criteria.
• Food Loss and Waste Policy and Objectives — new requirement. You will need a documented policy, measurable targets with timelines, and controls for donated products and by-products. This must be integrated into the management system review.
• Equipment Management Procedure — new requirement covering purchase specifications with hygienic design requirements, and a risk-based change management process for new or modified equipment. Any equipment commissioned since your last audit will need to be evidenced against these requirements.
• Product Design and Development Procedure — if you launch new products or change processes, this procedure must now formally address hazard analysis updates, shelf-life validation (for applicable categories), and cooking instruction validation for ready-to-cook products.
• Revised Supplier Approval Procedure — update to address laboratory competency verification, emergency procurement disclosure requirements, and (for FII) verification that your suppliers have food defence and food fraud plans.

Records and evidence you will need to demonstrate:

• Culture plan objectives with tracking records and management review inputs
• PRP verification inspection records (monthly, risk-based, with defined sampling criteria)
• Equipment commissioning records linked to purchase specifications
• Food loss and waste measurement and objective tracking
• CB notification records where serious events occurred

What your internal audit programme must now cover:

• Quality elements (clause 2.5.9) must be within internal audit scope
• Culture plan performance
• PRP verification inspections
• Compliance with food loss and waste controls

8. Timeline for Transition: From Now to Your Next Audit

V7 was published in May 2026. The Foundation issues specific upgrade instructions to certification bodies when a version change occurs, and your CB will advise you on the precise timeline applicable to your certificate.

What to do now — regardless of where you are in your certification cycle:

Step 1 — Gap analysis (within 30 days of receiving this article)

Map your current FSMS against the V7 additional requirements. Prioritise the new clauses (2.5.15 equipment management, 2.5.16 food loss and waste) and the strengthened clauses (2.5.8 culture, 2.5.13 product design and development, 2.5.17 communication requirements). Document every gap.

Step 2 — Confirm your CB's upgrade timeline (immediately)

Contact your certification body and confirm the transition/upgrade audit requirements for your certificate. Understand exactly when V7 compliance is required and whether your next scheduled audit will be an upgrade audit.

Step 3 — Update your documentation (before your upgrade audit)

Write or revise: culture plan, food loss and waste policy, equipment management procedure, product design procedure, updated supplier approval procedure. Ensure new records are being generated and will be available as evidence.

Step 4 — Update your ISO 22002 PRPs

Cross-reference your current PRP documents against the 2025 editions of the applicable ISO 22002 standards. Your CB auditor will be auditing to the 2025 editions from the transition date. Key areas to review include cleaning and sanitation, waste management, equipment maintenance, and any category-specific requirements in the updated standards.

Step 5 — Run an internal audit against V7

Before your upgrade audit, complete at least one full internal audit against V7 requirements. This is your last opportunity to identify and close nonconformities before the CB auditor arrives.

Step 6 — Brief senior management and all relevant personnel

The food safety and quality culture requirement means that senior management demonstrably own the culture plan, and that all personnel across all functions can speak to their role in food safety. Brief everyone, not just the food safety team.

FSSC 22000 V7 raises the bar. The changes to food safety culture, food loss and waste, equipment management, and quality control requirements reflect where the GFSI and global food safety standards are heading — toward more integrated, measurable, and management-owned food safety systems. South African manufacturers who start their gap analysis now, and treat the transition as a system improvement rather than a paperwork exercise, will be best positioned going into their upgrade audits.

*If you need help conducting a V7 gap analysis, updating your documentation, or preparing your team for the audit, contact us to discuss how Figuro or our consulting services can support your transition.*