This post was written by Denis Kiely, our Food Safety Tutor
In November last year, the International Organization of Standarization (ISO) released the first International Risk Management Standard entitled:
ISO 31000:2009, Risk Management – Principles and Guidelines.
The standard aims to provide organisations with guidance and a common platform for managing different types of risks irrespective of the organizations size, complexity or activities.
The establishment of the European Food Safety Authority and the reorganisation of food safety legislation via regulation 178/2002 was based on the idea of risk management. Under Article 3 of 178/2002, it gave five risk-based definitions which are fundamental to designing and developing a Food Safety Management System.
Risk – means a function of the probability of an adverse health effect and the severity of that effect, consequential to the hazard
Risk Analysis – means a process consisting of three interconnected components, risk assessment, risk management and risk communication
Risk Assessment – means a scientifically based process consisting of four steps, hazard identification, hazard characterization, exposure assessment and risk characterization
Risk Management – means the process, distinct from risk assessment, of weighing policy alternatives in consideration with interested parties, considering risk assessment and other legitimate factors and if needs be selecting appropriate prevention and control options
Risk Communication – definition too long, complex and confusing to write or explain!
The above definitions, written in 2002, in my view are not user friendly and would need to be revisited.
The definition for risk management in ISO 31000 is:
Co-ordinated activities to direct and control an organization with regards to risk
All food safety, health and safety/environmental professionals need to be comfortable with the concept of risk, how it is assessed, treated, monitored, reviewed and hence managed. All audits, particularly in the area of legal compliance are risk based. The majority of customer/retail audits are also risk based as illustrated by the BRC – Issue 5 Global Food Safety Standard.
To begin to understand risk and the new risk management standard, ISO 31000, one has to explore:
Clause 3 The eleven risk management principles
Clause 4 The risk management framework, and
Clause 5 The risk management process.
ISO 31000 does not have all the answers, and it is not prescriptive however it does provide food business operators with principles and guidelines to assist in developing a risk management strategy.
Full details of our new Introduction to ISO 31000 Risk Management – Principles and Guidelines are here