Quality Audit Services
Audit-ready, inspection-proof.
Independent, evidence-based audits against 21 CFR Parts 111, 117, 110, 210/211, and 820 — plus ISO 9001, ISO 13485, and ISO 14971. FDA mock inspections, ISO accreditation readiness, gap analysis, and remediation delivered by former industry and regulatory professionals.
Audit-ready, inspection-proof.
JJCC Group conducts independent, evidence-based quality audits against the regulations and standards that govern dietary supplements, food, pharmaceuticals, and medical devices — and walks alongside you to close every finding.
From a focused gap analysis to a full FDA mock inspection, our engagements are scoped to expose risk before a regulator ever does. Every audit is conducted by lead auditors drawn from former industry quality leadership and regulatory professionals familiar with FDA inspection technique.
This document outlines the regulations and standards we audit against, our four-pillar methodology, what to expect during a typical engagement, how to prepare your organization, and how we help bring you into demonstrable compliance after the report is delivered.
Regulations & standards we audit against.
Whether you operate under FDA jurisdiction, pursue ISO certification, or supply customers who require both, JJCC Group’s audit practice is built around the frameworks that actually drive enforcement and market access.
Dietary Supplement CGMP
Current Good Manufacturing Practice for the manufacturing, packaging, labeling, and holding operations for dietary supplements. Identity, purity, strength, and composition.
Preventive Controls — Human Food
FSMA preventive controls and updated CGMP for human food. Food safety plans, hazard analysis, supply-chain controls, sanitation, allergen and process controls.
Food CGMP (Legacy)
The original Good Manufacturing Practice regulation for human food, still referenced in many contractual and global supply agreements. Personnel, plant, equipment, and processes.
Pharmaceutical CGMP
Current Good Manufacturing Practice for finished pharmaceuticals. Organization, buildings, equipment, production controls, laboratory controls, records, and reports.
Medical Device QSR / QMSR
FDA’s Quality System Regulation for medical devices, harmonizing with ISO 13485 under the new QMSR. Design controls, CAPA, complaint handling, and traceability.
Quality Management Systems
The internationally-recognized QMS standard. Risk-based thinking, leadership commitment, process approach, customer focus, and continual improvement.
Medical Device QMS
Quality management system requirements specific to medical devices. Design controls, validation, risk management integration, and post-market surveillance.
Risk Management — Medical Devices
The application of risk management to medical devices throughout their full lifecycle. Risk analysis, evaluation, control, residual risk acceptability, and review.
METHODOLOGY
Four pillars of our audit practice.
Every JJCC Group engagement follows a disciplined sequence — analyze, plan, execute, remediate. Each phase produces concrete deliverables you and your leadership can act on.
PHASE 01 — DIAGNOSE
Gap Analysis
Every engagement begins by mapping your existing quality management system against the specific standard or regulation in scope. We review documented procedures, talk to process owners, and produce a clause-by-clause assessment of where you meet, partially meet, or fall short of requirements.
- Clause-by-clause QMS scoring against the target standard
- Documented vs. implemented comparison
- Prioritized, risk-ranked gap register
- Proposed structural and procedural changes
PHASE 02 — DESIGN
Audit Plan
A formal audit plan is built collaboratively before any auditor sets foot on the floor. Scope, criteria, departments, sampling strategy, document requests, interview schedule, and reporting format are agreed in writing so there are no surprises and no scope creep.
- Scope, criteria, and acceptance ground rules
- Department-by-department schedule
- Pre-audit document request list (delivered 7–10 days ahead)
- Stakeholder briefing and logistics coordination
PHASE 03 — EXECUTE
Audit Implementation
On-site or hybrid execution by lead auditors with regulated-industry depth. Opening meeting, evidence sampling, shop-floor observation, process tracing, interviews, daily debriefs, and a formal closing meeting with categorized findings — major, minor, observation.
- Opening and closing meetings with leadership
- Process tracing and evidence sampling
- Daily preliminary findings briefings
- Formal audit report with risk ratings and recommendations
PHASE 04 — REMEDIATE
Findings Closure
Findings on paper change nothing. JJCC Group helps you write root cause analyses, design corrective and preventive actions, rebuild or rewrite procedures, train teams, and verify effectiveness — staying engaged until every non-conformance is demonstrably closed.
- Root cause analysis facilitation
- CAPA design and implementation
- SOP authoring and document control improvements
- Effectiveness verification and follow-up audit
WHAT TO EXPECT
A two-to-five day engagement, scoped to your reality.
Audit length is driven by scope — facility size, number of product lines, number of standards in play, and depth of evidence sampling required. The framework below illustrates a representative five-day, multi-standard engagement. Shorter engagements compress these phases without sacrificing rigor.
Opening & Document Review
Opening meeting with leadership, scope confirmation, kickoff with the audit team, and review of quality manual, SOPs, policy documents, and organizational structure.
Production & Quality Floor
On-site observation of manufacturing, packaging, sanitation, and material handling. Process tracing from receipt through release. Interviews with operators and supervisors.
QA / QC, Lab & Records
Review of batch records, testing protocols, calibration logs, lab data integrity, environmental monitoring, and stability programs where applicable.
Support Systems & CAPA
Supplier qualification, training records, complaint handling, deviations, change control, internal audits, management review, and CAPA effectiveness.
Closing & Report
Findings consolidation, risk classification, draft closing presentation, formal closing meeting with leadership, and delivery of the comprehensive audit report with prioritized recommendations.
Areas & departments covered.
Final scope is established during planning. Below are the functional areas typically included in a comprehensive CFR or ISO audit. We adjust depth and sampling based on the regulation, your risk profile, and the engagement length agreed upon.
Core Operations
Core Operations
How to prepare your organization for the audit.
A well-prepared audit is a better audit — for everyone. The week before we arrive matters as much as the week we are on site. Here is what we ask clients to do, and what we help with.
STEP 01
Align leadership on scope
Confirm with executive sponsors what is in scope, what is out, and what success looks like. Identify a single primary point of contact and a backup. Communicate the audit dates broadly enough that key personnel are not on PTO during the engagement.
STEP 02
Pull the document package
Quality manual, master SOP list, batch and device history records, training matrix, supplier files, calibration records, complaint and CAPA logs, internal audit reports, management review minutes, and validation protocols. JJCC Group provides a tailored document request list 7–10 days ahead.
STEP 03
Walk the floor
Conduct an internal walkthrough focused on housekeeping, posted procedures, expired materials, equipment labels, and visible non-conformances. Most "easy" findings are eliminated by a thoughtful pre-walkthrough one week before the audit.
STEP 04
Brief and rehearse staff
Make sure operators, supervisors, and QA personnel know what to expect: how to respond to questions, how to retrieve records, and the difference between answering what was asked versus volunteering unrelated information. Calm, accurate, and concise.
STEP 05
Stage a working room
Reserve a private conference room for the audit team, with reliable Wi-Fi, screen-sharing capability, and a printer if practical. Ensure subject-matter experts are within fifteen minutes of the room when scheduled. Small logistics, large impact.
STEP 06
Decide on remediation owners
Before the audit closes, identify who will own corrective actions in each functional area. Findings without an owner stall. JJCC Group facilitates this assignment in the closing meeting and works directly with named owners during remediation.
SPECIALTY ENGAGEMENT
The FDA Mock Audit.
A real inspection, without the consequences.
An FDA mock audit is a fully simulated inspection, conducted exactly as an FDA investigator would conduct it. Same opening meeting structure. Same document requests. Same shop-floor walkthroughs. Same questioning style and same Form 483-style findings report at the close. The only difference: the outcome lands on your desk, not in a public docket.
JJCC Group conducts mock FDA audits with auditors drawn from former industry quality leadership and regulatory professionals familiar with FDA inspection technique. We replicate pressure, pacing, and observation depth so your team experiences the real thing — and so vulnerabilities surface before a regulator arrives unannounced.
What is included
- Pre-announced or unannounced — Choose a scheduled rehearsal or a true cold-start simulation to stress-test reception, security desk, and on-call QA response.
- Investigator-style questioning — Auditors apply the questioning cadence and follow-up depth used by FDA investigators in real CGMP and QSR inspections.
- Form 483-style observations — Findings are written, categorized, and presented in a format matching the FDA's actual observation language and structure.
- Coaching debrief included — After the mock audit closes, we conduct a coaching session with your QA leadership and subject-matter experts on inspection conduct, response posture, and document handling.
- Linked remediation pathway — Every observation rolls into a CAPA plan with JJCC Group support, so the mock audit drives concrete change rather than a one-time scare.
A NOTE ON SCOPE
Scope discipline is one of the most overlooked elements of a productive audit. JJCC Group prefers narrower-and-deeper over broader-and-shallower: a focused two-day audit of three high-risk processes typically yields more actionable findings than a five-day sweep that touches everything once. We help you decide where depth pays off.
Is cGMP a Certification? Understanding cGMP Certification
This is one of the most common misconceptions in the industry: cGMP is a federal regulatory standard, not a certification. The FDA does not issue “cGMP certificates” to U.S. manufacturing facilities. There is no certificate to hang on the wall that says “FDA-Certified cGMP.” Any company claiming to sell you an “FDA cGMP certificate” is misrepresenting how the U.S. regulatory system works.
Instead, cGMP compliance is demonstrated three ways:
FDA inspection outcomes
establishment inspection reports (EIRs), Form FDA 483 observations (or their absence), and Warning Letters all paint a picture of your compliance status.
Government-issued export certificates
the FDA issues Certificates of a Pharmaceutical Product (CPP), Certificates to Foreign Government (CFG), and Certificates of Free Sale for export purposes. These reference your inspection history but are not “cGMP certificates” in the certification sense.
Third-party certifications
private organizations such as NSF International, USP, UL, SGS, BSI, and Eurofins offer voluntary GMP audits and certifications. Standards such as ISO 13485 (devices), ISO 22716 (cosmetics), NSF/ANSI 455 (dietary supplements), SQF, BRCGS, and FSSC 22000 (food) are widely recognized but do not replace FDA cGMP compliance. They complement it.
In other words: a third-party certificate may be a useful business credential and a sign of quality maturity, but it does not exempt you from FDA inspection or guarantee compliance with U.S. cGMP regulations.
What Must Manufacturers Do to Comply with cGMP?
Regardless of industry, every cGMP-regulated manufacturer needs to build and maintain certain core systems. The table below summarizes the eight compliance pillars and what each looks like in practice:
| Compliance Pillar | What It Looks Like in Practice |
|---|---|
| Quality Management System | Documented QMS aligned with FDA expectations and, where applicable, ISO 13485, ICH Q10, or NSF/ANSI standards. |
| Personnel & Training | Job descriptions, qualification records, role-based training matrices, and ongoing competency assessments. |
| Facilities & Equipment | Qualified utilities (HVAC, water, compressed air), preventive maintenance, calibration, and contamination controls. |
| Production & Process Controls | Validated processes, written procedures, in-process checks, and segregation of materials and product stages. |
| Documentation & Records | ALCOA+ data integrity, controlled SOPs, batch records, electronic records compliant with 21 CFR Part 11. |
| Laboratory Controls | Validated analytical methods, qualified instruments, stability programs, OOS/OOT investigations. |
| CAPA & Deviations | Risk-based investigation, root cause analysis, and effectiveness verification for every cGMP deviation. |
| Supplier & Material Controls | Approved supplier lists, qualification audits, incoming inspection, and supply-chain risk programs. |
Beyond these pillars, mature manufacturers also embed:
- A formal Quality Risk Management (QRM) framework aligned with ICH Q9
- A pharmaceutical (or product) quality system aligned with ICH Q10
- 21 CFR Part 11 compliance for electronic records and electronic signatures
- Annual self-inspection and internal audit programs
- Mock FDA inspections to identify gaps before the real inspection
- Quality agreements with all contract manufacturers, packagers, and testing labs
- Cross-functional change control governance that prevents unplanned changes from slipping through engineering or procurement channels
Need a cGMP Consultant? We Can Help.
Whether you are preparing for your first FDA inspection, responding to a Form 483 or Warning Letter, scaling production into a new facility, launching in a new regulated category, or restructuring a quality system that has grown faster than its documentation, our cGMP consultants partner with you to build sustainable, audit-ready compliance. We work across drugs, medical devices, dietary supplements, food, cosmetics, and tobacco, and we tailor our approach to your company size, product risk, and regulatory exposure.
What to Expect on Our First Call
The introductory call is a confidential, no-obligation conversation — typically 30 to 45 minutes — designed to understand your situation and answer your questions. We will discuss:
- Your product type, regulatory classification, and intended markets
- Your current manufacturing footprint (in-house, contract, hybrid) and operations scope
- The maturity of your existing quality system and any documented gaps you already know about
- Any recent FDA correspondence — inspections, 483s, Warning Letters, Untitled Letters, or Import Alerts
- Your business objectives, timelines, and constraints (product launches, due diligence, M&A, retail onboarding)
- Your team’s current capabilities and where outside expertise would be most valuable
You leave the call with a clear understanding of scope, recommended next steps, indicative timelines, and pricing options. No high-pressure sales tactics, and no engagement until you are ready.
Our On-Site Facility Visit
Once a mutual NDA is in place, our lead consultant comes on-site — or conducts a hybrid virtual review for smaller scopes — for one to several days, depending on the complexity of your operation. The visit typically includes:
- Opening meeting with leadership to align on scope, objectives, and ground rules
- Guided facility tour covering warehouse, production, packaging, laboratory, sampling, and storage areas
- Observation of live operations (production, sanitation changeover, in-process testing, sampling, line clearance)
- Structured interviews with operators, line supervisors, QC analysts, QA, production management, engineering, and senior leadership
- Document review across the QMS — SOPs, batch records, training files, equipment qualification, validation, calibration, supplier files, complaint files, CAPA, deviation, and change control
- Walkthroughs of critical systems such as water, HVAC, compressed gases, and any environmental monitoring program
- Closing meeting with a verbal summary of preliminary observations and immediate priorities
Gap Analysis and Current Compliance Level
Within an agreed-upon timeframe after the visit, we deliver a detailed Gap Analysis Report that maps your current state against the applicable regulatory standard (21 CFR 210/211, Part 820/QMSR, Part 111, Part 117, Part 700/MoCRA, Part 1100, ISO 13485, ISO 22716, NSF/ANSI 455, or others). Each requirement is rated as Conforming, Partially Conforming, or Non-Conforming, and your overall compliance level is scored so leadership can see exactly where you stand and prioritize investment.
The report also identifies systemic themes — patterns that cut across multiple observations and point to deeper cultural or structural issues — because closing individual gaps without addressing the system that produced them is how Warning Letters happen.
Findings and Non-Conforming Issues
Every observation in the report is documented with:
- The specific regulatory citation (e.g., 21 CFR 211.100(b), 21 CFR 820.100, 21 CFR 111.140(b))
- An objective, factual description of what was observed (not interpreted or editorialized)
- The associated risk — patient or consumer safety, product quality, regulatory exposure, business continuity
- A priority ranking: Critical, Major, or Minor
- Recommended corrective and preventive actions, with estimated effort
- Suggested ownership and reasonable target dates
We deliver the findings in both an executive summary suitable for the board and a detailed working document suitable for the quality team. We never use a generic template — every gap analysis is specific to your products, processes, and risk profile.
How We Help You Address These Issues
We do not hand you a report and walk away. Our remediation support is hands-on and tailored to your team’s bandwidth. Common scopes include:
- Drafting, revising, and harmonizing SOPs, work instructions, and forms
- Building or rebuilding a complete QMS, including document control, training, CAPA, deviation, change control, complaint, and management review systems
- Leading process validation, cleaning validation, computer system validation, and analytical method validation programs
- Establishing supplier qualification and quality agreement programs
- Authoring Warning Letter responses, 483 responses, and FDA meeting briefing documents
- Conducting mock FDA inspections with realistic interview scenarios and document requests
- Training programs — from cGMP awareness for the floor to advanced root cause analysis and inspection readiness for QA leadership
- Mentoring and coaching Quality Unit leadership through challenging investigations or remediation projects
- Ongoing retainer support so compliance continues to mature long after the initial engagement ends
Throughout the engagement, we transfer knowledge to your team so you build internal capability — not dependency on us.
Testimonial
What our clients say about JJCC
Professional, knowledgeable team guided us through FDA registration and complete product listing accurately and efficiently.
Frequently Asked Questions About cGMP
Ready to assess your compliance posture?
Contact us today to schedule your confidential introductory call and take the first step toward a stronger, audit-ready quality system. Whether your product is regulated under 21 CFR Part 211, Part 820/QMSR, Part 111, Part 117, Part 700/MoCRA, or Part 1100, our consultants have walked the floor, written the SOPs, and stood in the closing meeting. Let us help you do the same.
