How to Conduct an ISO 22000 Internal Audit

Book Free Consultation

An ISO 22000 internal audit is a critical component of maintaining a compliant Food Safety Management System (FSMS). Internal audits help ensure ISO 22000 compliance, verify effective HACCP implementation, reduce food safety risks, and demonstrate continual improvement—core principles of ISO 22000.

This guide explains how to conduct an ISO 22000 internal audit, who is qualified to perform one, and how PillarStone Quality can support your organization with expert ISO 22000 auditing and food safety compliance services.

What Is an ISO 22000 Internal Audit?

An ISO 22000 internal audit is a systematic and independent review of your FSMS to determine whether:

It conforms to ISO 22000 requirements, HACCP principles, and applicable regulatory requirements (such as FDA FSMA and Codex Alimentarius).
Food safety controls, including PRPs, OPRPs, and CCPs, are effectively implemented and maintained.
The FSMS supports the achievement of food safety objectives and continual improvement.

Internal audits are a mandatory requirement under ISO 22000 (Clause 9.2) and are essential for certification readiness, regulatory compliance, and effective food safety risk management.

Book Free Consultation

Who Is Qualified to Conduct an ISO 22000 Internal Audit?

ISO 22000 does not require internal auditors to hold external certification, but auditors must be competent, objective, and independent of the activities being audited.

Qualified ISO 22000 internal auditors should:

Have formal training in ISO 22000 requirements, HACCP principles, and auditing techniques (ISO 19011 guidance).
Understand food safety hazards, production processes, sanitation, and supply chain controls.
Apply evidence-based auditing and clearly communicate findings.
Maintain impartiality and avoid conflicts of interest.

Many organizations engage external ISO 22000 consultants to supplement internal resources or ensure objectivity—especially when preparing for certification or surveillance audits.

Step-by-Step ISO 22000 Internal Audit Process

Plan the Audit

Develop an annual ISO 22000 audit schedule covering all FSMS processes, products, and locations.
Define audit scope (processes, departments, or sites) and criteria (ISO 22000 clauses, HACCP plans, PRPs, and internal procedures).
Assign trained auditors—internal staff or PillarStone Quality ISO 22000 consultants.

Prepare the ISO 22000 Audit Checklist

Use a custom ISO 22000 internal audit checklist aligned with ISO 22000 clauses and HACCP requirements to ensure
Consistent evaluation
Complete FSMS coverage
Evidence-based and repeatable assessments

Conduct the Audit

Hold an opening meeting with auditees.
Gather evidence through interviews, on-site observation, and document review.
Record:

Conformities

Opportunities for improvement

Minor and major nonconformities

Report the Results

Document findings in a detailed ISO 22000 internal audit report.
Clearly identify nonconformities and recommended corrective actions.
Communicate results to management and food safety team members.

Corrective Action and Follow-Up

Conduct root cause analysis for each nonconformity.
Implement and verify corrective actions.
Confirm closure through follow-up verification or re-audit.

Book Free Consultation

Best Practices for Effective ISO 22000 Internal Audits

Maintain auditor independence do not audit your own work.
Focus audits on risk-based and food safety–critical processes.
Use digital audit tools and templates to manage findings efficiently.
Review audit results during management review meetings.
Partner with experienced ISO 22000 consultants for added expertise and certification readiness.