Quality Audit Services
Audit-ready, inspection-proof.
Independent, evidence-based audits against 21 CFR Parts 111, 117, 110, 210/211, and 820 — plus ISO 9001, ISO 13485, and ISO 14971. FDA mock inspections, ISO accreditation readiness, gap analysis, and remediation delivered by former industry and regulatory professionals.
Audit-ready, inspection-proof.
JJCC Group conducts independent, evidence-based quality audits against the regulations and standards that govern dietary supplements, food, pharmaceuticals, and medical devices — and walks alongside you to close every finding.
From a focused gap analysis to a full FDA mock inspection, our engagements are scoped to expose risk before a regulator ever does. Every audit is conducted by lead auditors drawn from former industry quality leadership and regulatory professionals familiar with FDA inspection technique.
This document outlines the regulations and standards we audit against, our four-pillar methodology, what to expect during a typical engagement, how to prepare your organization, and how we help bring you into demonstrable compliance after the report is delivered.
Regulations & standards we audit against.
Whether you operate under FDA jurisdiction, pursue ISO certification, or supply customers who require both, JJCC Group’s audit practice is built around the frameworks that actually drive enforcement and market access.
Dietary Supplement CGMP
Current Good Manufacturing Practice for the manufacturing, packaging, labeling, and holding operations for dietary supplements. Identity, purity, strength, and composition.
Preventive Controls — Human Food
FSMA preventive controls and updated CGMP for human food. Food safety plans, hazard analysis, supply-chain controls, sanitation, allergen and process controls.
Food CGMP (Legacy)
The original Good Manufacturing Practice regulation for human food, still referenced in many contractual and global supply agreements. Personnel, plant, equipment, and processes.
Pharmaceutical CGMP
Current Good Manufacturing Practice for finished pharmaceuticals. Organization, buildings, equipment, production controls, laboratory controls, records, and reports.
Medical Device QSR / QMSR
FDA’s Quality System Regulation for medical devices, harmonizing with ISO 13485 under the new QMSR. Design controls, CAPA, complaint handling, and traceability.
Quality Management Systems
The internationally-recognized QMS standard. Risk-based thinking, leadership commitment, process approach, customer focus, and continual improvement.
Medical Device QMS
Quality management system requirements specific to medical devices. Design controls, validation, risk management integration, and post-market surveillance.
Risk Management — Medical Devices
The application of risk management to medical devices throughout their full lifecycle. Risk analysis, evaluation, control, residual risk acceptability, and review.
METHODOLOGY
Four pillars of our audit practice.
Every JJCC Group engagement follows a disciplined sequence — analyze, plan, execute, remediate. Each phase produces concrete deliverables you and your leadership can act on.
PHASE 01 — DIAGNOSE
Gap Analysis
Every engagement begins by mapping your existing quality management system against the specific standard or regulation in scope. We review documented procedures, talk to process owners, and produce a clause-by-clause assessment of where you meet, partially meet, or fall short of requirements.
- Clause-by-clause QMS scoring against the target standard
- Documented vs. implemented comparison
- Prioritized, risk-ranked gap register
- Proposed structural and procedural changes
PHASE 02 — DESIGN
Audit Plan
A formal audit plan is built collaboratively before any auditor sets foot on the floor. Scope, criteria, departments, sampling strategy, document requests, interview schedule, and reporting format are agreed in writing so there are no surprises and no scope creep.
- Scope, criteria, and acceptance ground rules
- Department-by-department schedule
- Pre-audit document request list (delivered 7–10 days ahead)
- Stakeholder briefing and logistics coordination
PHASE 03 — EXECUTE
Audit Implementation
On-site or hybrid execution by lead auditors with regulated-industry depth. Opening meeting, evidence sampling, shop-floor observation, process tracing, interviews, daily debriefs, and a formal closing meeting with categorized findings — major, minor, observation.
- Opening and closing meetings with leadership
- Process tracing and evidence sampling
- Daily preliminary findings briefings
- Formal audit report with risk ratings and recommendations
PHASE 04 — REMEDIATE
Findings Closure
Findings on paper change nothing. JJCC Group helps you write root cause analyses, design corrective and preventive actions, rebuild or rewrite procedures, train teams, and verify effectiveness — staying engaged until every non-conformance is demonstrably closed.
- Root cause analysis facilitation
- CAPA design and implementation
- SOP authoring and document control improvements
- Effectiveness verification and follow-up audit
WHAT TO EXPECT
A two-to-five day engagement, scoped to your reality.
Audit length is driven by scope — facility size, number of product lines, number of standards in play, and depth of evidence sampling required. The framework below illustrates a representative five-day, multi-standard engagement. Shorter engagements compress these phases without sacrificing rigor.
Opening & Document Review
Opening meeting with leadership, scope confirmation, kickoff with the audit team, and review of quality manual, SOPs, policy documents, and organizational structure.
Production & Quality Floor
On-site observation of manufacturing, packaging, sanitation, and material handling. Process tracing from receipt through release. Interviews with operators and supervisors.
QA / QC, Lab & Records
Review of batch records, testing protocols, calibration logs, lab data integrity, environmental monitoring, and stability programs where applicable.
Support Systems & CAPA
Supplier qualification, training records, complaint handling, deviations, change control, internal audits, management review, and CAPA effectiveness.
Closing & Report
Findings consolidation, risk classification, draft closing presentation, formal closing meeting with leadership, and delivery of the comprehensive audit report with prioritized recommendations.
cGMP Standards for Dietary Supplements
Regulatory standard: 21 CFR Part 111. The Dietary Supplement Health and Education Act (DSHEA) established the category, and Part 111 sets out the cGMPs for manufacturing, packaging, labeling, and holding operations.
What it covers: Vitamins, minerals, herbal and botanical products, amino acids, enzymes, probiotics, sports nutrition products, and any other product meeting the DSHEA definition of a dietary supplement.
Core requirements to comply:
- Identity verification of every incoming dietary ingredient — typically by validated methods such as HPLC, FTIR, microscopy, or DNA testing
- Written master manufacturing records (MMRs) for each unique formulation, batch size, and packaging configuration
- Batch production records (BPRs) documenting every step of each batch
- Specifications for components, in-process materials, finished products, and packaging — each with scientifically valid test methods
- Qualified personnel with documented training in cGMP and assigned responsibilities
- Sanitation, pest control, and physical plant requirements appropriate for ingestible products
- Holding and distribution controls with traceability from receipt of components through finished product distribution
- Written procedures for receiving, investigating, and responding to product complaints and serious adverse event reports
- Reserve sample retention for each batch of finished dietary supplement
cGMP Standards for Food
Regulatory standard: 21 CFR Part 117 (Current Good Manufacturing Practice, Hazard Analysis, and Risk-Based Preventive Controls for Human Food) under the Food Safety Modernization Act (FSMA). Animal food is governed by 21 CFR Part 507. Additional rules cover produce safety (Part 112), foreign supplier verification (Part 1, Subpart L), and intentional adulteration (Part 121).
What it covers: All FDA-regulated human food, beverages, ingredients, dietary ingredients prior to incorporation, and animal food including pet food and livestock feed.
Core requirements to comply:
- A written Food Safety Plan including hazard analysis and risk-based preventive controls (HARPC)
- Preventive controls for process, food allergens, sanitation, and supply-chain hazards
- Oversight by a Preventive Controls Qualified Individual (PCQI)
- Written recall plan with mock recalls and traceability one-up/one-back at a minimum
- Sanitation programs, GMP training, employee hygiene, and allergen cross-contact controls
- Environmental monitoring for ready-to-eat foods where contamination is a concern
- Foreign Supplier Verification Programs (FSVPs) for importers of food into the U.S.
- Records demonstrating implementation, monitoring, verification, and validation of all controls
cGMP Standards for Cosmetics
Regulatory standard: Historically governed by FDA guidance (FDA Cosmetic GMP Guideline) and ISO 22716. The Modernization of Cosmetics Regulation Act (MoCRA), signed into law in late 2022, gave the FDA explicit authority to issue binding cosmetic GMP regulations. A proposed federal cosmetic GMP rule is in development and expected to formalize requirements similar to ISO 22716.
What it covers: Skincare, color cosmetics, hair care, fragrances, deodorants, oral care that is not a drug, and other personal care products meeting the FD&C Act definition of a cosmetic.
Core requirements to comply:
- Facility registration and product listing with the FDA (mandatory under MoCRA)
- Designated Responsible Person on product labels
- Adequate safety substantiation records for every marketed cosmetic
- Serious adverse event reporting within 15 business days
- Recordkeeping for adverse events for six years (three years for small businesses)
- Good manufacturing practices for premises, personnel, equipment, raw materials, production, finished products, laboratory, treatment of non-conforming product, complaints, and recalls (consistent with ISO 22716)
- Fragrance allergen labeling consistent with forthcoming FDA rules
- Compliance with applicable color additive, prohibited/restricted ingredient, and labeling requirements
cGMP Standards for Tobacco Products
Regulatory standard: Section 906(e) of the Federal Food, Drug, and Cosmetic Act — added by the Family Smoking Prevention and Tobacco Control Act of 2009 — directs the FDA to establish tobacco product manufacturing practice (TPMP) requirements. The FDA published a proposed Tobacco Product Manufacturing Practice (TPMP) rule and is in the process of finalizing it. In the meantime, manufacturers are subject to registration, product listing, ingredient reporting, and substantial equivalence/premarket review requirements.
What it covers: Cigarettes, cigarette tobacco, roll-your-own tobacco, smokeless tobacco, cigars, pipe tobacco, electronic nicotine delivery systems (ENDS / e-cigarettes), heated tobacco products, hookah/waterpipe tobacco, and nicotine pouches that meet the definition of a tobacco product.
Core requirements to comply:
- Establishment registration and product listing with the FDA Center for Tobacco Products (CTP)
- Ingredient listing and harmful and potentially harmful constituents (HPHC) reporting
- Premarket authorization — Premarket Tobacco Application (PMTA), Substantial Equivalence (SE), or Exemption from SE — before marketing a new tobacco product
- Labeling requirements including required warning statements
- Controls over design, manufacturing, packaging, storage, and installation under the forthcoming TPMP rule
- Documented quality systems, supplier controls, complaint handling, nonconforming product controls, and CAPA
- Testing programs for nicotine content, HPHCs, and product consistency
- Recordkeeping sufficient to support traceability, investigations, and inspections
Is cGMP a Certification? Understanding cGMP Certification
This is one of the most common misconceptions in the industry: cGMP is a federal regulatory standard, not a certification. The FDA does not issue “cGMP certificates” to U.S. manufacturing facilities. There is no certificate to hang on the wall that says “FDA-Certified cGMP.” Any company claiming to sell you an “FDA cGMP certificate” is misrepresenting how the U.S. regulatory system works.
Instead, cGMP compliance is demonstrated three ways:
FDA inspection outcomes
establishment inspection reports (EIRs), Form FDA 483 observations (or their absence), and Warning Letters all paint a picture of your compliance status.
Government-issued export certificates
the FDA issues Certificates of a Pharmaceutical Product (CPP), Certificates to Foreign Government (CFG), and Certificates of Free Sale for export purposes. These reference your inspection history but are not “cGMP certificates” in the certification sense.
Third-party certifications
private organizations such as NSF International, USP, UL, SGS, BSI, and Eurofins offer voluntary GMP audits and certifications. Standards such as ISO 13485 (devices), ISO 22716 (cosmetics), NSF/ANSI 455 (dietary supplements), SQF, BRCGS, and FSSC 22000 (food) are widely recognized but do not replace FDA cGMP compliance. They complement it.
In other words: a third-party certificate may be a useful business credential and a sign of quality maturity, but it does not exempt you from FDA inspection or guarantee compliance with U.S. cGMP regulations.
What Must Manufacturers Do to Comply with cGMP?
Regardless of industry, every cGMP-regulated manufacturer needs to build and maintain certain core systems. The table below summarizes the eight compliance pillars and what each looks like in practice:
| Compliance Pillar | What It Looks Like in Practice |
|---|---|
| Quality Management System | Documented QMS aligned with FDA expectations and, where applicable, ISO 13485, ICH Q10, or NSF/ANSI standards. |
| Personnel & Training | Job descriptions, qualification records, role-based training matrices, and ongoing competency assessments. |
| Facilities & Equipment | Qualified utilities (HVAC, water, compressed air), preventive maintenance, calibration, and contamination controls. |
| Production & Process Controls | Validated processes, written procedures, in-process checks, and segregation of materials and product stages. |
| Documentation & Records | ALCOA+ data integrity, controlled SOPs, batch records, electronic records compliant with 21 CFR Part 11. |
| Laboratory Controls | Validated analytical methods, qualified instruments, stability programs, OOS/OOT investigations. |
| CAPA & Deviations | Risk-based investigation, root cause analysis, and effectiveness verification for every cGMP deviation. |
| Supplier & Material Controls | Approved supplier lists, qualification audits, incoming inspection, and supply-chain risk programs. |
Beyond these pillars, mature manufacturers also embed:
- A formal Quality Risk Management (QRM) framework aligned with ICH Q9
- A pharmaceutical (or product) quality system aligned with ICH Q10
- 21 CFR Part 11 compliance for electronic records and electronic signatures
- Annual self-inspection and internal audit programs
- Mock FDA inspections to identify gaps before the real inspection
- Quality agreements with all contract manufacturers, packagers, and testing labs
- Cross-functional change control governance that prevents unplanned changes from slipping through engineering or procurement channels
Need a cGMP Consultant? We Can Help.
Whether you are preparing for your first FDA inspection, responding to a Form 483 or Warning Letter, scaling production into a new facility, launching in a new regulated category, or restructuring a quality system that has grown faster than its documentation, our cGMP consultants partner with you to build sustainable, audit-ready compliance. We work across drugs, medical devices, dietary supplements, food, cosmetics, and tobacco, and we tailor our approach to your company size, product risk, and regulatory exposure.
What to Expect on Our First Call
The introductory call is a confidential, no-obligation conversation — typically 30 to 45 minutes — designed to understand your situation and answer your questions. We will discuss:
- Your product type, regulatory classification, and intended markets
- Your current manufacturing footprint (in-house, contract, hybrid) and operations scope
- The maturity of your existing quality system and any documented gaps you already know about
- Any recent FDA correspondence — inspections, 483s, Warning Letters, Untitled Letters, or Import Alerts
- Your business objectives, timelines, and constraints (product launches, due diligence, M&A, retail onboarding)
- Your team’s current capabilities and where outside expertise would be most valuable
You leave the call with a clear understanding of scope, recommended next steps, indicative timelines, and pricing options. No high-pressure sales tactics, and no engagement until you are ready.
Our On-Site Facility Visit
Once a mutual NDA is in place, our lead consultant comes on-site — or conducts a hybrid virtual review for smaller scopes — for one to several days, depending on the complexity of your operation. The visit typically includes:
- Opening meeting with leadership to align on scope, objectives, and ground rules
- Guided facility tour covering warehouse, production, packaging, laboratory, sampling, and storage areas
- Observation of live operations (production, sanitation changeover, in-process testing, sampling, line clearance)
- Structured interviews with operators, line supervisors, QC analysts, QA, production management, engineering, and senior leadership
- Document review across the QMS — SOPs, batch records, training files, equipment qualification, validation, calibration, supplier files, complaint files, CAPA, deviation, and change control
- Walkthroughs of critical systems such as water, HVAC, compressed gases, and any environmental monitoring program
- Closing meeting with a verbal summary of preliminary observations and immediate priorities
Gap Analysis and Current Compliance Level
Within an agreed-upon timeframe after the visit, we deliver a detailed Gap Analysis Report that maps your current state against the applicable regulatory standard (21 CFR 210/211, Part 820/QMSR, Part 111, Part 117, Part 700/MoCRA, Part 1100, ISO 13485, ISO 22716, NSF/ANSI 455, or others). Each requirement is rated as Conforming, Partially Conforming, or Non-Conforming, and your overall compliance level is scored so leadership can see exactly where you stand and prioritize investment.
The report also identifies systemic themes — patterns that cut across multiple observations and point to deeper cultural or structural issues — because closing individual gaps without addressing the system that produced them is how Warning Letters happen.
Findings and Non-Conforming Issues
Every observation in the report is documented with:
- The specific regulatory citation (e.g., 21 CFR 211.100(b), 21 CFR 820.100, 21 CFR 111.140(b))
- An objective, factual description of what was observed (not interpreted or editorialized)
- The associated risk — patient or consumer safety, product quality, regulatory exposure, business continuity
- A priority ranking: Critical, Major, or Minor
- Recommended corrective and preventive actions, with estimated effort
- Suggested ownership and reasonable target dates
We deliver the findings in both an executive summary suitable for the board and a detailed working document suitable for the quality team. We never use a generic template — every gap analysis is specific to your products, processes, and risk profile.
How We Help You Address These Issues
We do not hand you a report and walk away. Our remediation support is hands-on and tailored to your team’s bandwidth. Common scopes include:
- Drafting, revising, and harmonizing SOPs, work instructions, and forms
- Building or rebuilding a complete QMS, including document control, training, CAPA, deviation, change control, complaint, and management review systems
- Leading process validation, cleaning validation, computer system validation, and analytical method validation programs
- Establishing supplier qualification and quality agreement programs
- Authoring Warning Letter responses, 483 responses, and FDA meeting briefing documents
- Conducting mock FDA inspections with realistic interview scenarios and document requests
- Training programs — from cGMP awareness for the floor to advanced root cause analysis and inspection readiness for QA leadership
- Mentoring and coaching Quality Unit leadership through challenging investigations or remediation projects
- Ongoing retainer support so compliance continues to mature long after the initial engagement ends
Throughout the engagement, we transfer knowledge to your team so you build internal capability — not dependency on us.
Testimonial
What our clients say about JJCC
Professional, knowledgeable team guided us through FDA registration and complete product listing accurately and efficiently.
Frequently Asked Questions About cGMP
Ready to assess your compliance posture?
Contact us today to schedule your confidential introductory call and take the first step toward a stronger, audit-ready quality system. Whether your product is regulated under 21 CFR Part 211, Part 820/QMSR, Part 111, Part 117, Part 700/MoCRA, or Part 1100, our consultants have walked the floor, written the SOPs, and stood in the closing meeting. Let us help you do the same.
