How to Achieve FSSC 22000 Certification: The Complete 15-Step Guide for V7 (2026)

A practical, internationally-applicable roadmap from initial gap analysis to a passed certification audit — written for food businesses pursuing GFSI-recognised certification under FSSC 22000 Version 7 (May 2026). Updated for the new ISO 22002-x:2025 prerequisite-programme series, ISO 22002-100:2025 umbrella standard, GFSI 2024 alignment and Global ACI MRA endorsement.

By Mthokozisi Nkosi, Food Safety Specialist & SAATCA Lead Auditor · Reviewed by senior FSSC 22000 lead auditors with IRCA · Exemplar Global · SAATCA credentials · Originally published 15 April 2026 · Last updated 9 May 2026

What is FSSC 22000?

FSSC 22000 (Food Safety System Certification 22000) is an internationally recognised certification scheme for food safety management systems, published by Foundation FSSC and benchmarked by the Global Food Safety Initiative (GFSI). It is the most widely adopted GFSI-recognised food safety certification in the world, used by tens of thousands of organisations across the food, feed and packaging supply chain.

FSSC 22000 V7 — the May 2026 release — sits on three normative foundations:

1. ISO 22000:2018 — the international standard for food safety management systems, applicable to any organisation in the food chain.
2. The relevant ISO 22002-x:2025 prerequisite-programme standard for your sector — plus the new ISO 22002-100:2025 umbrella standard which applies across categories.
3. The FSSC 22000 V7 Additional Requirements — sector-agnostic and sector-specific clauses (2.5.1 through 2.5.18) that the Foundation has added on top of ISO 22000 and the PRP standard.

For the full clause-by-clause technical breakdown of V7, see our FSSC 22000 V7 Change Guide.

Why FSSC 22000 Matters Internationally

FSSC 22000 V7 certification is the credential most major global retailers and food brands recognise when qualifying suppliers. Whether your facility is in South Africa, the United Kingdom, Germany, the Netherlands, the United States, the United Arab Emirates, Australia or anywhere in the global food supply chain, FSSC 22000 V7 opens commercial doors that ISO 22000 alone does not.

International recognition framework

• GFSI Benchmarking Requirements 2024: the credential required by retailers including Tesco, Walmart, Carrefour, Aldi, Lidl, Sainsbury's, Woolworths, Pick n Pay, Shoprite, and many others.
• Global ACI Multilateral Recognition Arrangement (NEW in V7): the Global Accreditation Cooperation Incorporated has endorsed FSSC 22000 as a sub-scope of its MRA, replacing the older IAF references. Reduces friction at the border for exporters into the EU, Asia and the Americas.
• FDA FSMA alignment: the US Food and Drug Administration has confirmed FSSC 22000 alignment with FDA Preventive Controls for Human Food (PCHF) — critical for any manufacturer targeting US market access.
• EU food law compatibility: FSSC 22000 satisfies the food safety management system requirements expected by EU buyers under EC Regulation 178/2002 and 852/2004.

For organisations exporting under demanding retail frameworks — Tesco TFMS, M&S Code of Practice, BRCGS-equivalent acceptance, Walmart SQF-equivalent acceptance — FSSC 22000 V7 is the safest and most universally recognised position to hold.

Step 1 Product Compliance

Every certification journey begins with the product itself. Ensure that what you produce complies with all applicable food safety, food quality and regulatory requirements in both the country of manufacture and the intended country of sale. This dual-country scrutiny is reinforced under V7 clause 2.5.2(a), which requires labels to comply with the country of intended sale, not country of manufacture.

For a dried-fruit exporter, that means addressing food safety risks (pesticide residues, heavy metals, mycotoxins, microbial contamination), food quality parameters (sugar content, moisture, colour, sensory profile), and regulatory requirements (additive approvals, allergen declarations, organic claims, country-of-origin labelling). For a packaging manufacturer, the considerations shift to migration testing, recycled-content criteria (a new V7 requirement under clause 2.5.1 for Category I), and end-use suitability.

Step 2 Food Premises and Process Compliance

Your facility and processes must comply with the food safety laws and regulations of the country in which you operate. In South Africa, that is the Foodstuffs, Cosmetics and Disinfectants Act 54 of 1972 and its R.638 General Hygiene Requirements regulations. In the EU, it is Regulations 178/2002 and 852/2004. In the US, the FSMA Preventive Controls regulations. In the UK, the Food Safety and Hygiene (England) Regulations 2013.

• Identify which food laws and regulations apply to your business in each country you serve.
• Obtain the latest official copies of each.
• Read, interpret and implement the requirements.
• Where uncertain, engage a qualified consultant with international experience.

Step 3 Comply with Customer Requirements

Before initiating the FSSC 22000 certification process, map every customer-specific food safety expectation. Many global retailers layer additional requirements on top of FSSC 22000 — Tesco's TFMS, M&S Code of Practice, Walmart Supplier Standards, Carrefour Quality Lines, Pick n Pay Supplier Code, Woolworths Farming for the Future. Your FSMS must be compatible with these or capable of accommodating them.

• List all customer-specific requirements alongside FSSC 22000 V7 requirements.
• Map overlaps (most are already inside V7) and gaps (which need bespoke procedures).
• Communicate progress regularly to customers — many retailers track supplier certification readiness explicitly.

Step 4 Comply with Other Relevant Standards

Adjacent standards routinely apply — potable water (ISO 24512, SANS 241, EU Drinking Water Directive); microbiological criteria (ISO 7218, FDA BAM, Codex Alimentarius); allergen control (VITAL programme); environmental monitoring (industry guidance documents). These are not the FSSC 22000 standard itself, but your FSMS must reference and implement them where applicable.

Step 5 Food Safety Training

Certification cannot succeed without competent people. Training requirements span every level of the organisation — and V7 strengthens this expectation under clauses 2.5.6 (allergens), 2.5.8 (food safety culture) and 2.5.18 (multi-site governance).

Step 6 Understand What FSSC 22000 V7 Is

Foundation FSSC publishes the FSSC 22000 scheme as an integrated certification system for food safety management. V7 is structured into five Parts, two Appendices and five mandatory Annexes:

• Part 1 — Scheme Overview (food chain categories, including the new sub-sub-category Table 1.1)
• Part 2 — Requirements for Organizations to be Audited (this is where your audit emphasis falls)
• Part 3 — Requirements for the Certification Process
• Part 4 — Requirements for Certification Bodies
• Part 5 — Requirements for Accreditation Bodies
• Appendix 1 — Definitions; Appendix 2 — Normative References
• Five mandatory Annexes plus voluntary Addenda (e.g., Full Remote Audit Addendum)

The full scheme PDF is available free of charge at fssc.com.

Step 7 Comply with ISO 22000:2018

ISO 22000:2018 is the management-system foundation of FSSC 22000 — and it is unchanged in V7. The standard adopts the High-Level Structure (HLS) aligned with ISO 9001, organised into 10 clauses with PDCA (Plan-Do-Check-Act) and risk-based thinking embedded throughout.

• Clause 4 — Context of the organisation: understand internal and external issues, interested parties, FSMS scope.
• Clause 5 — Leadership: top management commitment, food safety policy, roles and responsibilities.
• Clause 6 — Planning: risks and opportunities, food safety objectives.
• Clause 7 — Support: resources, competence, awareness, communication, documented information.
• Clause 8 — Operation: PRPs, traceability, emergency preparedness, hazard analysis, HACCP, control of monitoring and measuring.
• Clause 9 — Performance evaluation: monitoring, analysis, internal audit, management review.
• Clause 10 — Improvement: nonconformity and corrective action, continual improvement.

Step 8 Implement the Relevant ISO 22002-x:2025 Technical Standard

This is the single biggest documentation change between V6 and V7. The old ISO/TS 22002-x and PAS 221 prerequisite-programme standards are replaced by the new 2025 editions of the ISO 22002-x series, plus the brand-new ISO 22002-100:2025 umbrella standard.

Practical implication: order the new ISO 22002 standards from your national standards body or directly from ISO. Your transition project cannot move past the awareness stage without them.

Step 9 Implement the FSSC 22000 V7 Additional Requirements

The 18 V7 Additional Requirements are where most operational documentation work happens — and where the highest density of audit findings tends to occur. Review V6 → V7 carefully; clause numbers look familiar but content has shifted (most notably 2.5.14 has changed scope).

Step 10 Conduct a Gap Audit

Before booking your Certification Body audit, run an internal gap audit against V7 expectations — ideally executed by an independent FSSC 22000 lead auditor who was not involved in implementing your system. Most sites uncover 40–60 individual gaps in their first pass. The objective is to surface every gap before your CB does, and to close them with verified evidence.

A comprehensive gap audit report includes: clause-by-clause findings; root-cause guidance; recommended corrective actions; an evidence checklist; and a closure-tracking register. Treat it as a rehearsal for the real audit, not a paper exercise.

Step 11 Select an FSSC-Licensed Certification Body

Once your FSMS is implemented and gap-audit findings are closed, engage an FSSC-licensed Certification Body to conduct the formal certification audit. Internationally active CBs include:

The complete current list of licensed CBs by country is maintained at fssc.com. When selecting, confirm: (a) the CB is licensed for your specific FSSC sub-sub-category code; (b) the assigned auditor's competence covers your sector; (c) audit-day calculation under ISO 22003-1:2022 is transparent; (d) timelines and fees are documented up-front.

Step 12 Understand the Two-Stage Initial Certification Audit

Stage 1 — Document review and readiness assessment

The Stage 1 audit verifies that your FSMS has been designed and developed in line with FSSC 22000 V7 requirements, your own internal documents and applicable regulations. It assesses readiness to proceed to Stage 2. The auditor reviews your documentation and visits the site. You need at least six months of verifiable records and the site must be in operation.

Stage 1 produces "areas of concern" graded as Major or Minor — not formal findings — and you have up to six months to address them before Stage 2.

Stage 2 — Implementation audit

Stage 2 substantiates top management's claim that the FSMS is implemented. The site must be in full operation. Audit activities include document verification, observation of operations, interviews across all relevant personnel levels, traceability and recall simulation, and senior-management review against V7 strategic clauses (food culture, SDGs, food fraud, food defence, food loss and waste).

Stage 2 must take place within six months of Stage 1. Findings are graded as Minor, Major or Critical. Critical findings cause immediate audit failure and the audit becomes a gap assessment — the site must remediate and re-book a new initial audit.

Step 13 Certificate Issue

Once all findings are closed to the auditor's satisfaction (Majors typically within 28 days, Minors typically within 90 days, with verified evidence), the Certification Body's independent certification decision-maker reviews the audit report and issues your FSSC 22000 V7 certificate within 30 days. The certificate is valid for three years from the certification decision date, subject to satisfactory annual surveillance audits.

Step 14 Annual Surveillance Audits

FSSC 22000 V7 requires annual surveillance audits within the three-year cycle. Under V7, at least one surveillance audit per cycle must be unannounced. Surveillance audits are full and comprehensive — they are not a reduced subset of the initial audit. New nonconformities can be issued at any surveillance audit.

Maintain your FSMS throughout the cycle: keep records current, run scheduled internal audits, conduct management review at least annually, address all corrective actions on time, and notify your CB within 3 working days of any FSMS-impacting event (V7 clause 2.5.17).

Step 15 Recertification Requirements

Every three years, your certificate is renewed via a full recertification audit — equivalent in scope to the initial Stage 2 audit. Recertification audits are scheduled before the certificate expiry date to allow uninterrupted certification. Each recertification cycle is also typically used to absorb any new FSSC scheme version released within the cycle.

Cost and Timeline Expectations

Typical timelines

Typical cost ranges (international, indicative)

These ranges are indicative for international planning purposes. Final pricing is always quote-based after scoping.

Common Pitfalls — and How to Avoid Them

1. Underestimating the V6 → V7 documentation refresh. The new ISO 22002-x:2025 series alone refreshes thousands of underlying PRP requirements. Treat V7 as a substantive update, not an editorial revision.
2. Treating food safety culture as a poster on the wall. V7 clause 2.5.8 expects demonstrable commitment from all personnel. Production operators must be able to discuss the culture plan with conviction.
3. Copying old food fraud and food defence plans verbatim. Both now reference ISO 22002-100:2025 clauses 16.2 and 16.3 — they need to be rebuilt from the new clauses, not patched.
4. Forgetting suppliers. V7 strengthens supplier expectations across allergens, food fraud, food defence and recycled-input criteria. Refresh your supplier programme alongside your internal documentation.
5. Underestimating the artwork procedure. Clause 2.5.2(d) requires six specific elements. Sites that print labels in-house often find theirs only addresses two or three.
6. Missing the 3-working-day notification window. Clause 2.5.17 requires CB notification within 3 working days of certain serious events. Embed the trigger into your incident-management procedure.
7. Leaving auditor competence to the CB. Sub-sub-categories under V7 are more granular. Confirm in writing which sub-sub-category code your CB has registered for your site before any audit is scheduled.
8. Forgetting that the deadline is your audit date — not the FSSC window end. Plan the project working backward from your specific audit date.

How ASC Food Safety Consultants Helps You Achieve FSSC 22000 V7 Certification

ASC Food Safety Consultants is a full-spectrum FSSC 22000 implementation partner trusted internationally. Our lead auditors hold competence registrations with all three of the world's leading auditor certification bodies — IRCA, Exemplar Global and SAATCA — meaning the consultants who train and guide you carry credentials recognised by certification bodies, retailers and regulators in every major market.

Online courses — self-enrol from anywhere in the world

Available 24/7 at ascfoodsafetytraining.com with lifetime access, knowledge tests, downloadable certificates, and supporting resources:

• Implementation of Good Manufacturing Practices — foundation, ISO 22002:2025 aligned
• Introduction to HACCP
• HACCP for Supervisors and HACCP Teams
• Advanced HACCP System Implementation
• Overview of ISO 22000:2018
• Introduction to FSSC 22000 V7 for Food Manufacturing
• Transition to FSSC 22000 V7 for Food Manufacturing
• Food Safety and Quality Culture
• Food Fraud and Food Defence
• Internal and Supplier Auditing based on an FSMS
• Overview of Root Cause Analysis

Document toolkits — save months of writing

• TK01 — FSSC 22000 V7 for Food Manufacturing (Category C)
• TK02 — FSSC 22000 V7 for Food Packaging Manufacturing (Category I)
• TK03 — FSSC 22000 V7 for Feed and Animal Food (Category D)
• HACCP and PRPs Document Templates Toolkit — for sites pre-FSSC 22000

Consulting services — international

• Gap audit / readiness assessment — on-site or remote, anywhere internationally
• End-to-end implementation consulting — gap analysis through CB handover
• V6 → V7 transition consulting — for already-certified sites
• Mock / pre-certification audit — by IRCA-, Exemplar Global- or SAATCA-credentialed lead auditors
• Premium hourly virtual consultation — for specialist questions, document review and audit-prep coaching
• Post-certification surveillance support — annual surveillance audit prep, management review facilitation, supplier audits

Frequently Asked Questions

↑ Back to top

About ASC Food Safety Consultants

Branches and contact

Eastern Cape — Head Office: 14 Brickmakers Kloof Road, South End, Gqeberha, 6001 · +27 (0)41 004 0382

Gauteng: Atrium Terraces, 272 Oak Avenue, Ferndale, Randburg, 2194 · +27 (0)10 500 4661

Western Cape: 183 Albion Springs, Rondebosch, Cape Town, 7700 · +27 (0)21 140 1504

Email: info@ascfoodsafety.com · Web: ascfoodsafety.com · Training: ascfoodsafetytraining.com

Resources, downloads and next steps

• FSSC 22000 V7: The Complete V6→V7 Change Guide — full clause-by-clause technical breakdown.
• FSSC 22000 V7: Your Complete Implementation Partner — services overview.
• All FSMS Document Toolkits
• ASC Online Training Hub — self-enrol 24/7
• FSSC 22000 Course Bundle — save R1 175
• Training enquiry form — for in-house, virtual or group delivery
• Foundation FSSC — download the V7 PDF and Annexes (free)
• GFSI Benchmarking Requirements 2024

Originally published 15 April 2026. Last updated 9 May 2026 to reflect the published FSSC 22000 Scheme Version 7.0 (May 2026).

Disclaimer: this article is an educational guide. The official, binding source for FSSC 22000 V7 requirements is the English-language version of the Scheme published by Foundation FSSC.