21 CFR Part 111 is the FDA regulation that establishes Current Good Manufacturing Practice (cGMP) requirements for dietary supplements. It became effective in 2007 and applies to anyone who manufactures, packages, labels, or holds dietary supplements for sale in the United States.

The regulation covers personnel qualifications, facility and equipment standards, production controls, quality controls, packaging and labeling, holding and distribution, returned dietary supplements, product complaints, and records and reports. It's the framework FDA inspectors use during a cGMP audit.

Any business that manufactures, packages, labels, or holds dietary supplements for sale in the U.S. This includes brand owners (even if you outsource manufacturing), contract manufacturers, packagers, labelers, and 3PLs that hold or ship supplements.

The "holds for sale" language is the part most brand owners miss. If your 3PL stores your supplements, the 3PL has cGMP obligations, but those obligations don't replace yours. FDA holds brand owners accountable for the compliance posture of their entire supply chain, including warehouse and fulfillment operations.

An inspector arrives, usually unannounced, presents Form FDA 482 (Notice of Inspection), and conducts a walk-through plus document review that typically takes 2 to 5 days for a supplement operation. They evaluate compliance against 21 CFR Part 111 across personnel, facility, production, quality control, and records.

At the end, the inspector issues Form FDA 483 listing observed deficiencies. The 483 is not a citation; it's a list of observations. Your written response and corrective actions determine whether FDA escalates to a Warning Letter, import detention, seizure, or criminal referral. Most observations are fixable; how you respond matters more than the initial findings.

Based on FDA inspection trends, the categories that generate the most observations:

• Personnel and training records — incomplete or missing documentation that staff are qualified for their roles
• Written procedures (SOPs) — missing, outdated, or not followed in practice
• Production and process controls — inadequate documentation of how processes are controlled and verified
• Quality control unit functions — unclear authority, insufficient testing, or inadequate batch review
• Holding and distribution records — gaps in lot tracking and inability to produce complete distribution records on demand

Three of the five common categories trace back to documentation, which is why "if it isn't written down, it didn't happen" is the inspection mantra.

FIFO (First-In, First-Out) ships the oldest inventory first based on receiving date. FEFO (First-Expired, First-Out) ships inventory closest to its expiration date first, regardless of when it was received.

For supplements, FEFO is the correct standard because expiration dates don't always correlate with receiving dates. A lot received in June might expire before a lot received in March if the June lot was manufactured earlier. FIFO would ship the March lot first and leave the June lot to expire on the shelf. FEFO catches this and ships the closer-to-expiration lot first to maximize shelf life value and minimize waste.

FEFO is most reliable when enforced by your WMS, not by hand. Manual FEFO breaks down at scale.

An informal benchmark for traceability: if FDA picks a lot number and asks where every unit went, can you produce a complete distribution record within 30 minutes? The 30 minutes isn't a formal regulatory requirement, but it's the operational standard inspectors expect because real recalls require rapid trace-out.

Brands that fail the 30-minute test typically fail because lot tracking happens at the warehouse level but not at the order level. Your WMS knows the lot was received and shipped, but no one tied specific lots to specific customer orders. In a recall, you can't tell affected customers from unaffected ones, so you have to recall everything.

Under the Dietary Supplement and Nonprescription Drug Consumer Protection Act, supplement manufacturers and distributors must report Serious Adverse Events (SAEs) to FDA within 15 business days of receiving the report. SAEs include death, life-threatening experiences, hospitalization, persistent disability, congenital anomaly, and events requiring medical intervention to prevent serious outcomes.

Reports are submitted through MedWatch Form 3500A. The 15-day clock starts the moment a complaint is received that meets the SAE criteria, not when it's classified internally. Missing the window is a major inspection observation. Most brands need a documented intake-to-classification workflow to consistently catch SAE-eligible complaints in time.

Per 21 CFR 111.605, records must be retained for 1 year past the shelf life date if there is one, or 2 years from the date of distribution if no shelf life date is stated. The practical industry standard is 3 years from expiration date for product records, which exceeds the regulatory minimum and aligns with most supplement shelf lives.

Records covered include batch production records, quality control records, complaint files, distribution records, training records, and SOPs (current and superseded versions). Electronic records are acceptable but must be readable and verifiable; if you can't reliably retrieve them in an inspection, they don't exist for compliance purposes.

No. FDA registration confirms the facility is on FDA's radar but doesn't certify cGMP compliance. Compliance is a behavioral standard demonstrated through actual practices, documentation, and inspection results, not registration status.

What FDA registration does mean: the facility submitted a registration form, agreed to be subject to FDA inspection, and provided basic information about what it does. What it doesn't mean: the facility is automatically compliant, has been recently inspected, or has a clean inspection record.

The right question for your 3PL is not "are you FDA-registered?" but "what was the date and outcome of your most recent FDA inspection, and can I see the 483 if there was one?" A confident, compliance-aware 3PL will have a clean answer to both.

A Warning Letter is FDA's formal notice that observed violations are significant enough to require immediate corrective action. It typically follows a 483 with inadequate response or repeated observations across multiple inspections. Warning Letters are public, posted on FDA's website, and indexed by trade press, retailers, and Amazon.

The downstream consequences are usually worse than the regulatory action itself. Retailers may delist the brand, Amazon may suspend listings, distributors may pause orders, and insurance premiums increase. The recovery path involves a formal corrective action plan, follow-up inspection, and documented closure, which typically takes 6 to 18 months.

Warning Letters are not unusual. They're recoverable. But they're expensive in time, money, and brand reputation, and they're entirely avoidable with a functioning compliance program.

Three practical next steps based on your band:

• 38+ (audit-ready): Run an annual mock audit to maintain readiness. Watch any single category trending down over time. Document your strong posture in case retailers, investors, or insurance providers ask.
• 25 to 37 (gaps to fix): Start with your weakest category and address it specifically. Most brands at this score have one or two areas significantly underprepared while others are solid. Targeted fixes are usually achievable in 60 to 120 days with focused effort.
• Under 25 (high audit risk): Compliance work needs to start now, not after the next product launch. Engage a qualified consultant or compliance-aware 3PL. The cost of building compliance proactively is a fraction of the cost of recovering from a Warning Letter.

This scorecard is a diagnostic, not a substitute for compliance consulting. Use the score to prioritize, then engage qualified help to actually close the gaps.

PFS operates an FDA-registered facility specialized in supplement and nutraceutical fulfillment. The compliance posture spans the categories this scorecard evaluates:

• Personnel: Documented training records and qualifications for all staff handling supplement product
• Facility: Pest-controlled, climate-monitored storage with documented sanitation procedures
• Traceability: Lot-level tracking from receiving through customer order, with rapid recall capability
• Documentation: Written SOPs across receiving, storage, picking, packing, and shipping with regular review
• Quality: Complaint handling workflow including AER classification support

Compliance posture varies across 3PL providers. The right question to ask any potential partner is what their last FDA inspection produced and how they would support your compliance obligations. PFS can walk through ours specifically when it makes sense for your evaluation.