Hazard Analysis Records

This glossary term is part of the SG Systems Global regulatory & operations guide library.

Updated January 2026 • FSMA hazard analysis documentation, hazards requiring a preventive control, rationale and risk scoring, process flow linkage, preventive control selection, validation support, reanalysis history • Primarily Food & Beverage Manufacturing (PCQI-led food safety plans, SQF/BRCGS audits, inspection readiness)

Hazard Analysis Records are the documented evidence that a facility systematically identified and evaluated food safety hazards, decided which hazards require control, and justified the preventive controls (or prerequisite programs) used to manage them. Under FSMA (and most GFSI schemes), the hazard analysis record is not a “paper exercise.” It is the logic file that proves your food safety plan is risk-based, site-specific, and tied to real operations.

Most hazard analyses look fine until an auditor asks two simple questions: “Why did you decide this hazard does not require a preventive control?” and “Show me where this control is implemented and how it’s monitored.” Weak hazard analysis records collapse here because they’re generic, vague, or disconnected from actual process steps. The record becomes a list of hazards rather than a defensible decision chain.

Tell it like it is: inspectors and auditors are not impressed by long hazard lists. They’re impressed by clear, consistent rationale that matches your floor reality—equipment, product categories, allergens, rework, sanitation risks, and supplier exposures. Strong hazard analysis records make audits easier, make change control safer, and make recalls narrower because you understand your hazards and your control boundaries.

“A hazard analysis record isn’t what you think could happen. It’s what you can defend—step by step—when someone pressure-tests your logic.”

1) What “hazard analysis records” include (and what they exclude)

Hazard analysis records include the documents and structured outputs that prove the hazard analysis was performed and maintained. Depending on your framework (FSMA, SQF, BRCGS), this typically includes:

• Process flow and step list: how product moves through the facility.
• Hazard identification by step: hazards that could be introduced, increased, or controlled at each step.
• Risk evaluation rationale: why the hazard is significant or not.
• Decision on control requirement: whether the hazard requires a preventive control (or is managed by PRPs or suppliers).
• Control mapping: which controls address each hazard (and where they are implemented).
• Validation/scientific support references: evidence the control can work (process validation, kill step support, etc.).
• Reanalysis/revision history: when hazard analysis was updated and why.

Hazard analysis records do not include every daily monitoring log—that’s execution evidence governed by recordkeeping rules. The hazard analysis record is the “design file” for why those daily logs exist and what they are supposed to prove.

2) Why hazard analysis records are the most audited part of your food safety plan

Hazard analysis records are audited heavily because they drive everything else. If your hazard analysis is wrong or vague, your preventive controls may be misdirected, and your records may be collecting evidence for the wrong things. Auditors know this.

Hazard analysis is also where gaps can be hidden. It’s easy to write “controlled by GMP” without proving how. It’s easy to mark a hazard “not significant” without explaining why. Auditors pressure-test these decisions because they reveal whether your program is truly risk-based or just inherited templates.

3) Inputs and sources: what your hazard analysis should draw from

Strong hazard analysis records show you didn’t invent hazards from thin air. They reference sources such as:

• historical deviations, complaints, and nonconformance trends,
• supplier risk information (CoAs, alerts, site changes),
• process and product knowledge (RTE vs NRTE, kill steps, exposure windows),
• environmental monitoring trends (where used),
• industry guidance and scientific literature (for pathogens, allergens, toxins),
• regulatory alerts and recalls relevant to your ingredients and products,
• customer requirements and retailer programs (labeling, traceability, allergen statements).

The record doesn’t need to be a research paper, but it should show your hazard analysis is informed and site-specific.

4) Process flow linkage: step-level mapping and boundaries

A hazard analysis that is not anchored to a process flow is generic by definition. Auditors expect the hazard analysis to match what they can observe on the floor. That means your record should define:

• process steps and step boundaries,
• where product is exposed (especially for RTE),
• where rework enters and exits,
• where allergens enter and where allergen changeovers occur,
• where labeling and packaging identity is applied,
• where storage conditions matter (cold chain, humidity, pests).

When auditors walk the plant, they compare the flow to reality. If reality has extra steps (staging, rework tote storage, repack stations) that your hazard analysis ignores, your record becomes untrustworthy.

5) Hazard categories: biological, chemical, physical, radiological

Hazard analysis records typically classify hazards into categories:

• Biological: pathogens, growth, survival, toxin formation, cross-contamination.
• Chemical: allergens, residues, sanitation chemicals, natural toxins.
• Physical: foreign material such as metal, glass, hard plastic.
• Radiological: usually low likelihood but evaluated where relevant.

What matters is not the category label. What matters is your reasoning: why that hazard is plausible for your product and step, and what controls exist.

6) Risk factors: severity, likelihood, detectability, exposure

Most hazard analysis frameworks evaluate risk. You don’t need a complex scoring model, but you do need consistent reasoning. Strong records explicitly consider:

• Severity: potential harm if hazard occurs (illness/injury, allergen reaction).
• Likelihood: probability the hazard could occur without controls.
• Detectability: likelihood the hazard would be detected before release.
• Exposure: whether product is RTE, whether consumers will cook, shelf-life effects.
• Control strength: whether existing PRPs are adequate or whether preventive controls are required.

The point is to avoid arbitrary decisions. If a hazard is marked “not significant,” the record should show why that conclusion is reasonable.

7) Hazards requiring a preventive control: the decision record

Under FSMA Subpart C, the hazard analysis must identify hazards requiring a preventive control. This is the decision node auditors care about most. Your record should show:

• the hazard at the step,
• your risk rationale,
• whether it requires a preventive control,
• if yes, which type (process, allergen, sanitation, other),
• if no, what controls manage it (CGMPs, PRPs, supplier controls), and
• how you will verify the control remains effective.

Weak records skip the rationale and jump straight to “controlled.” Strong records show why.

8) Control mapping: PRPs vs preventive controls vs supply-chain controls

Hazard analysis records should map each hazard to a control mechanism and show where the control lives operationally:

• PRPs/CGMPs: baseline programs like sanitation, pest control, equipment maintenance.
• Preventive controls: defined controls with monitoring/verification expectations.
• Supply-chain controls: hazards controlled by supplier approvals and verification.

This mapping is where you prevent the common trap: “GMP controls everything.” Sometimes GMP is enough. Sometimes it isn’t. The record must reflect the difference.

9) Scientific support and validation artifacts: what to attach

Strong hazard analysis records reference the evidence that supports control effectiveness:

• Kill step validation: lethality or process control evidence (see kill step validation).
• Sanitation validation/verification: evidence cleaning controls are effective (see cleaning validation and cleaning verification).
• Supplier verification: supplier approvals, CoA verification, audit outcomes (see CoA verification).
• Foreign material controls: detection capability and verification checks.

The hazard analysis record doesn’t have to contain all supporting documents, but it should reference where they are controlled and how they support the hazard decision.

10) Allergen hazard analysis: cross-contact, mislabeling, rework

Allergen hazards are often the highest enforcement risk in food facilities. Strong hazard analysis records address allergen risk at multiple points:

• ingredient receiving and storage segregation,
• staging and weighing/dispensing points,
• changeovers and cleaning verification,
• rework identity and controlled re-use,
• label printing and label verification controls.

Allergen analysis is not just “we have allergens.” It’s “where could cross-contact occur and how do we prove we prevented it?” This is where auditors look for operational realism.

11) Supplier hazards: incoming risk and supplier verification logic

Hazard analysis must consider hazards that may be controlled by suppliers. Strong records show how you decide:

• which hazards are controlled by the supplier,
• what supplier approval and verification steps support reliance,
• what receiving checks exist (CoA match, identity testing where applicable),
• what triggers increased verification (supplier change, deviations, recalls).

If you claim “supplier controls it,” auditors will ask to see supplier approval evidence and receiving verification. If it’s not linked, the claim is weak.

12) Reanalysis triggers and revision history: proving the record stays current

Hazard analysis records must stay current. Practical triggers for reanalysis include:

• new product introductions or formulation changes,
• process changes (new equipment, new steps, new packaging modes),
• new allergens introduced,
• supplier/site changes,
• new hazards or repeated deviations,
• regulatory or industry emerging risks relevant to your products.

Revision history should show when the hazard analysis was updated and why, under document control and revision control.

13) Audit retrieval: what inspectors ask for and how to package it

During audits, hazard analysis records are often requested in a way that forces you to show coherence. Auditors may ask for:

• the hazard analysis for a specific product line,
• the rationale for why a hazard does/does not require a preventive control,
• the linkage to preventive controls and their monitoring,
• evidence that validation/support exists,
• evidence of reanalysis after changes.

The best practice is to package hazard analysis records as a “decision chain” rather than a list: flow step → hazard → risk rationale → control decision → control evidence pointers → revision history.

14) Copy/paste readiness scorecard

Use this as a blunt internal test. If you can’t answer cleanly, your hazard analysis record is not defendable.

15) Failure patterns: how hazard analysis records get “filled in”

• Template copying. Hazard lists copied from generic examples without site-specific exposure points.
• “Controlled by GMP” everywhere. Controls claimed without measurable criteria or evidence.
• Missing rework/WIP detail. Internal transformations ignored; auditors see holes immediately.
• No linkage to actual controls. Hazard analysis exists, but controls are not mapped to SOPs and records.
• Weak supplier rationale. “Supplier controls it” without supplier verification evidence.
• Outdated analysis. Process changed, hazard analysis didn’t.
• Overcomplication. Risk scoring so complex that no one can explain decisions consistently.

The fix is not more pages. The fix is coherent logic tied to real process steps and enforceable controls.

16) How this maps to V5 by SG Systems Global

V5 supports hazard analysis record integrity by linking hazard decisions to executable controls and evidence. In practice, V5 can:

• maintain hazard-to-control mappings tied to actual workflows,
• link lot genealogy and batch execution evidence to hazard control points,
• support supplier verification and CoA matching evidence linkage,
• support revision control and reanalysis workflows, and
• enable rapid retrieval of the “decision chain” during audits.

For platform context, start with V5 Solution Overview. Where hazard controls require shop-floor enforcement, V5 MES captures execution evidence, V5 WMS enforces movement and segregation, and V5 QMS governs deviations and approvals.

17) Extended FAQ

Q1. Are hazard analysis records only required for FSMA?
No. Many certification schemes (SQF, BRCGS) and customer programs expect hazard analysis evidence. The exact structure differs, but the core idea—defensible hazard decisions tied to controls—is consistent.

Q2. What’s the most common auditor question about hazard analysis records?
“Why did you decide this hazard does not require a preventive control?” That question exposes whether your reasoning is real or inherited from templates.

Q3. Do we need complex risk scoring?
Not necessarily. You need consistent reasoning. A simple severity/likelihood rationale that is applied consistently is often more defensible than a complex scoring model nobody can explain.

Q4. How often should hazard analysis be updated?
Whenever significant changes occur (new products, process changes, new allergens, supplier changes) and on a defined review cadence. The key is to document reanalysis triggers and revision history.

Q5. How can we tell if our hazard analysis records are strong?
Try to defend them out loud: pick a hazard and explain the decision chain from process step to control selection to monitoring evidence. If your explanation relies on “we always do it,” the records are weak.

Related Reading (keep it practical)
If you’re building hazard analysis records for FSMA, anchor them to Subpart C logic and ensure recordkeeping integrity via Subpart F. Tie allergen hazards to real controls (segregation, cross-contact, and label verification), and tie process hazards to validated controls (kill step validation). Then prove recall readiness with drill performance and mass balance reconciliation.