What an FDA inspector would really find in your operation.
Score your readiness across the five 21 CFR Part 111 categories that drive nearly every dietary supplement 483 observation. Answer 15 questions in 4 minutes. See where you'd hold up and where you'd get cited.
Personnel & training
21 CFR 111.12–14Do all employees handling product receive cGMP training within 30 days of hire?
21 CFR 111.13 requires training to perform assigned cGMP functions.
Are training records signed, dated, and retained for the duration of employment plus 1 year?
FDA inspectors regularly request training files. Missing or incomplete files are a common 483.
Do you have written job descriptions defining cGMP responsibilities for each role?
Required for personnel performing or supervising cGMP-related tasks.
Facility & equipment
21 CFR 111.15–35Is your facility (or your 3PL's) FDA-registered as a dietary supplement holding facility?
Required under FSMA. Verify in FDA's Food Facility Registration database.
Are pest control, sanitation, and temperature controls documented on a recurring schedule?
Logs should show frequency, person responsible, and corrective action where applicable.
Is equipment cleaned and verified between products to prevent cross-contamination?
Critical for shared lines handling allergens or active ingredients.
Lot tracking & traceability
21 CFR 111.410–475Can you trace any unit of finished product back to its component lots within 4 hours?
FDA expects rapid traceability for recalls. Manual systems often fail this test.
Are lot numbers captured at receiving, picking, and outbound shipping?
Breaks in the lot chain are the most common 483 observation in this category.
Do you have a documented mock recall procedure tested at least annually?
Mock recall documentation is standard inspection evidence.
Documentation & records
21 CFR 111.605–625Are batch records retained at least 1 year past expiration or 2 years from distribution?
21 CFR 111.605 sets the minimum retention period.
Are deviations from SOPs documented with a written investigation and corrective action?
Inspectors specifically request deviation logs and CAPA documentation.
Do you have written SOPs for receiving, holding, distributing, and returns handling?
Required for every cGMP-relevant operation a 3PL or in-house team performs.
Quality & complaint handling
21 CFR 111.553–570Do you have a written quality manual defining who has authority to release or reject product?
Quality function must be independent from production and shipping.
Are customer complaints logged, investigated, and documented with corrective actions?
Complaint files are routinely reviewed during inspections.
Are returns evaluated by a quality function before disposition (restock vs. destroy)?
Returned units that bypass quality review are a recurring 483 finding.
Across the five 21 CFR Part 111 categories:
No single category stands out yet. Lifting all five categories evenly is the path to AUDIT-READY.
Question scoring. 15 questions across 5 cGMP categories from 21 CFR Part 111. Each question scored 0 to 3 based on operational rigor: No (0), Partially (1), Mostly (2), Yes (3). Categories weighted equally at 9 points each, total 45.
Score bands. 38–45 audit-ready posture. 25–37 gaps to fix. 0–24 high audit risk. Bands derived from internal benchmarking against supplement brands that have undergone FDA inspection without 483 observations versus those that received them.
Common 483 observations. Documentation gaps and inadequate deviation investigations are the most-cited 483 observations in dietary supplement inspections. Lot tracking failures rank second.
Limitations. This scorecard is informational. It does not constitute regulatory consulting and does not guarantee any FDA inspection outcome. For binding compliance assessment, engage qualified regulatory counsel.
Sources. 21 CFR Part 111 subparts B–P, FDA dietary supplement inspection guides, PFS internal audit data.
cGMP audit readiness, answered honestly.
Twelve questions supplement founders and ops leads ask when they realize their compliance posture matters more than their last lab test.
What is 21 CFR Part 111?
21 CFR Part 111 is the FDA regulation that establishes Current Good Manufacturing Practice (cGMP) requirements for dietary supplements. It became effective in 2007 and applies to anyone who manufactures, packages, labels, or holds dietary supplements for sale in the United States.
The regulation covers personnel qualifications, facility and equipment standards, production controls, quality controls, packaging and labeling, holding and distribution, returned dietary supplements, product complaints, and records and reports. It's the framework FDA inspectors use during a cGMP audit.
Who needs to comply with cGMP for supplements?
Any business that manufactures, packages, labels, or holds dietary supplements for sale in the U.S. This includes brand owners (even if you outsource manufacturing), contract manufacturers, packagers, labelers, and 3PLs that hold or ship supplements.
The "holds for sale" language is the part most brand owners miss. If your 3PL stores your supplements, the 3PL has cGMP obligations, but those obligations don't replace yours. FDA holds brand owners accountable for the compliance posture of their entire supply chain, including warehouse and fulfillment operations.
What happens during an FDA cGMP inspection?
An inspector arrives, usually unannounced, presents Form FDA 482 (Notice of Inspection), and conducts a walk-through plus document review that typically takes 2 to 5 days for a supplement operation. They evaluate compliance against 21 CFR Part 111 across personnel, facility, production, quality control, and records.
At the end, the inspector issues Form FDA 483 listing observed deficiencies. The 483 is not a citation, it's a list of observations. Your written response and corrective actions determine whether FDA escalates to a Warning Letter, import detention, seizure, or criminal referral. Most observations are fixable. How you respond matters more than the initial findings.
What are the most common 483 observations for supplement brands?
Based on FDA inspection trends, the categories that generate the most observations:
- Personnel and training records — incomplete or missing documentation that staff are qualified for their roles.
- Written procedures (SOPs) — missing, outdated, or not followed in practice.
- Production and process controls — inadequate documentation of how processes are controlled and verified.
- Quality control unit functions — unclear authority, insufficient testing, or inadequate batch review.
- Holding and distribution records — gaps in lot tracking and inability to produce complete distribution records on demand.
Three of the five common categories trace back to documentation, which is why if it isn't written down, it didn't happen is the inspection mantra.
What's the difference between FEFO and FIFO?
FIFO (First-In, First-Out) ships the oldest inventory first based on receiving date. FEFO (First-Expired, First-Out) ships inventory closest to its expiration date first, regardless of when it was received.
For supplements, FEFO is the correct standard because expiration dates don't always correlate with receiving dates. A lot received in June might expire before a lot received in March if the June lot was manufactured earlier. FIFO would ship the March lot first and leave the June lot to expire on the shelf. FEFO catches this and ships the closer-to-expiration lot first to maximize shelf life value and minimize waste.
FEFO is most reliable when enforced by your WMS, not by hand.
What is the 30-minute recall test?
An informal benchmark for traceability: if FDA picks a lot number and asks where every unit went, can you produce a complete distribution record within 30 minutes? Not a formal regulatory requirement, but the operational standard inspectors expect, because real recalls require rapid trace-out.
Brands that fail this test typically fail because lot tracking happens at the warehouse level but not the order level. The WMS knows the lot was received and shipped, but no one tied lots to specific customer orders. In a recall, affected customers can't be distinguished from unaffected ones, so everything has to be recalled. That's the avoidable scenario the 30-minute test is designed to surface.
What are SAE reporting requirements for supplements?
Under the Dietary Supplement and Nonprescription Drug Consumer Protection Act, supplement manufacturers and distributors must report Serious Adverse Events (SAEs) to FDA within 15 business days of receiving the report.
SAEs include death, life-threatening experiences, hospitalization, persistent or significant disability, congenital anomaly, and any event requiring medical or surgical intervention to prevent permanent impairment. Reports are submitted through MedWatch Form 3500A.
The 15-day clock starts when a qualifying complaint is received, not when it's classified internally. Missing the window is a major inspection observation. Most brands need a documented intake-to-classification workflow to consistently catch SAE-eligible complaints in time.
How long do I have to keep records under 21 CFR Part 111?
Per 21 CFR 111.605, records must be retained for 1 year past the shelf life date if there is one, or 2 years from the date of distribution if no shelf life date is stated. The practical industry standard is 3 years from expiration date for product records, which exceeds the regulatory minimum and aligns with most supplement shelf lives.
Records covered include batch production records, quality control records, complaint files, distribution records, training records, and SOPs (current and superseded versions). Electronic records are acceptable but must be readable and verifiable. If you can't reliably retrieve them in an inspection, they don't exist for compliance purposes.
If my 3PL is FDA-registered, am I covered?
No. FDA registration confirms the facility is on FDA's radar but doesn't certify cGMP compliance. Compliance is a behavioral standard demonstrated through actual practices, documentation, and inspection results, not registration status.
What FDA registration does mean: the facility submitted a registration form, agreed to be subject to FDA inspection, and provided basic information about what it does. What it doesn't mean: the facility is automatically compliant, has been recently inspected, or has a clean inspection record.
The right question for your 3PL is not are you FDA-registered? but what was the date and outcome of your most recent FDA inspection, and can I see the 483 if there was one? A confident, compliance-aware 3PL will have a clean answer to both.
What does a Warning Letter actually mean?
A Warning Letter is FDA's formal notice that observed violations are significant enough to require immediate corrective action. It typically follows a 483 with inadequate response or repeated observations across multiple inspections. Warning Letters are public, posted on FDA's website, and indexed by trade press, retailers, and Amazon.
The downstream consequences are usually worse than the regulatory action itself. Retailers may delist the brand, Amazon may suspend listings, distributors may pause orders, insurance premiums increase. The recovery path involves a formal corrective action plan, follow-up inspection, and documented closure, which typically takes 6 to 18 months.
Warning Letters are not unusual. They're recoverable. But they're expensive in time, money, and brand reputation, and they're entirely avoidable with a functioning compliance program.
What should I do with my readiness score?
Three practical next steps based on your band:
- 38+ (audit-ready): Run an annual mock audit to maintain readiness. Watch any single category trending down over time. Document your strong posture in case retailers, investors, or insurance providers ask.
- 25 to 37 (gaps to fix): Start with your weakest category and address it specifically. Most brands at this score have one or two areas significantly underprepared while others are solid. Targeted fixes are usually achievable in 60 to 120 days with focused effort.
- Under 25 (high audit risk): Compliance work needs to start now, not after the next product launch. Engage a qualified consultant or compliance-aware 3PL. The cost of building compliance proactively is a fraction of the cost of recovering from a Warning Letter.
This scorecard is a diagnostic, not a substitute for compliance consulting. Use the score to prioritize, then engage qualified help to actually close the gaps.
How does PFS support cGMP-aware fulfillment?
PFS operates an FDA-registered facility specialized in supplement and nutraceutical fulfillment. The compliance posture spans the categories this scorecard evaluates:
- Personnel. Documented training records and qualifications for all staff handling supplement product.
- Facility. Pest-controlled, climate-monitored storage with documented sanitation procedures.
- Traceability. Lot-level tracking from receiving through customer order, with rapid recall capability.
- Documentation. Written SOPs across receiving, storage, picking, packing, and shipping with regular review.
- Quality. Complaint handling workflow including AER classification support.
Compliance posture varies across 3PL providers. The right question to ask any potential partner is what their last FDA inspection produced and how they would support your compliance obligations. PFS can walk through ours specifically when it makes sense for your evaluation. We've operated for 17 years out of Cincinnati and serve supplement, beauty, subscription box, and wellness DTC brands.