Tackling risks and opportunities to the system
Plain-language summary
Think ahead about what could undermine your food-safety system as a whole, and what could strengthen it, then plan to deal with both.
What the clause is really asking
This is risk thinking at the system level, separate from product hazard analysis. Drawing on your context and interested parties, you decide which risks to the FSMS need action - a key supplier failing, losing a critical skill, a regulatory shift - and which opportunities to pursue. The aim is a system that is resilient and improving, not just reactive.
What auditors look for
Auditors look for evidence you identified these system-level risks and did something proportionate about them, with the actions integrated into your processes. They will probe whether the planning is genuine or a box-ticking spreadsheet disconnected from how you run.
Typical evidence
Risk and opportunity register (system level); action plans with owners and timing; evidence actions were implemented and reviewed
How to comply — recommendations
Keep this distinct from HACCP - here you are protecting the system, not analysing product hazards. Use your context and stakeholder work as the input, pick the risks worth acting on, and assign real actions. Review effectiveness rather than just listing risks forever.
Common nonconformities
Risk register confused with hazard analysis; actions listed but never done; effectiveness of actions never checked
Related clauses
ISO 22000 4.1, 4.2, 6.2, 10.1; ISO 9001 6.1
Qlause provides interpretive guidance only and is not a substitute for the standard. Refer to your licensed copy of the relevant standard for the authoritative text.