Last Updated on October 24, 2025 by Hafsa J.

Why the First Audit Matters Most

Passing your first ISO 22716 audit isn’t just about getting certified. It’s about proving that your cosmetics manufacturing system works — consistently, cleanly, and confidently. Auditors look beyond the paperwork. They’re assessing whether your daily operations reflect Good Manufacturing Practices in action, not just in documentation.

For many companies, this first audit feels daunting. The questions are unpredictable, the expectations high, and the pressure real. But with the right preparation, it doesn’t have to be overwhelming. You can approach audit day with a structured plan, knowing exactly what to expect and how to demonstrate control at every stage.

This comprehensive guide walks you through the entire ISO 22716 audit journey — from preparation and internal checks to handling findings and maintaining ongoing compliance. You’ll understand what auditors look for, how to avoid common pitfalls, and how to turn the audit process into a powerful improvement tool for your GMP system.

In short, this is your roadmap to passing the ISO 22716 audit the first time — confidently, efficiently, and without the usual stress that comes with certification day.

Understanding the ISO 22716 Audit Framework

Before you start preparing checklists and binders, it helps to understand how an ISO 22716 audit actually works. Think of it as a structured conversation — part observation, part verification, and part proof that your cosmetic manufacturing system consistently follows Good Manufacturing Practices (GMP).

Auditors don’t expect perfection. What they expect is control — that you understand your processes, can explain them clearly, and have records to prove they’re being followed.

An ISO 22716 audit typically includes these stages:

1. Opening Meeting – The auditor outlines the scope, criteria, and schedule. This is where you confirm logistics and clarify what areas will be covered.

2. Facility Tour – A walk through your premises to observe hygiene, workflow, and housekeeping in real time. It sets the tone for the rest of the audit.

3. Document & Record Review – Auditors compare what’s written in your procedures with what’s happening on the floor. This includes SOPs, batch records, and training logs.

4. Interviews & Evidence Collection – They’ll talk to your team, ask questions about processes, and verify that everyone knows their role in maintaining GMP compliance.

5. Closing Meeting – You’ll receive a summary of findings: conformities, observations, and any non-conformities that require corrective action.

Every phase connects back to one idea — consistency. The auditor wants to see that your quality system functions the same way every day, not just during audit week.

Pro Tip: Treat internal audits like rehearsals. If you handle internal findings with the same seriousness as external ones, your certification audit becomes far less stressful.

Pre-Audit Preparation – Setting Up for Success

The most successful ISO 22716 audits don’t start on audit day — they start months before. Preparation is what separates a confident team from a nervous one. When your documentation is organized, your staff understands their roles, and your facility reflects daily GMP discipline, the audit runs smoothly from start to finish.

Start by scheduling an internal audit to assess your readiness. This helps you verify if your procedures, records, and practices truly align with ISO 22716 requirements. Review everything that auditors will eventually check:

• Training records – Are they up to date and signed?

• Equipment calibration logs – Are certificates valid and accessible?

• Hygiene and cleaning records – Do they show consistent follow-through?

• Supplier evaluations – Are approvals, audits, and performance reviews documented?

• Corrective and preventive actions (CAPA) – Have previous findings been fully closed?

Once you’ve done this review, document every improvement you make. Auditors appreciate transparency — seeing that you identified and corrected gaps before their visit demonstrates a mature quality system.

Pro Tip: Form an “audit readiness team” that includes people from quality, production, maintenance, and logistics. Everyone should understand how their work contributes to GMP compliance. When the audit starts, this shared responsibility shows clearly.

Common Mistake: Leaving audit preparation solely to the quality department. ISO 22716 compliance is a collective effort; the entire organization should operate audit-ready every day, not just when the date approaches.

Key Audit Focus Areas Under ISO 22716

Every ISO 22716 audit revolves around one question: Does your system consistently protect product quality and consumer safety?
To answer that, auditors examine specific areas that reveal how well your GMP framework functions in real conditions. Each focus area connects directly to your daily operations — not just your procedures.

Here’s what they’ll look for and what you should prepare:

1. Documentation & Record Control

Your documents tell the story of your GMP system. Auditors will review standard operating procedures, batch records, revisions, and approval logs.
They’ll expect controlled documents — current, signed, and available where they’re used.
Tip: Make sure obsolete versions are clearly marked or removed from circulation to avoid confusion.

2. Premises & Equipment

The physical environment should support hygiene and product integrity. Auditors observe cleanliness, equipment layout, and maintenance records.
Tip: Display cleaning schedules near workstations and ensure calibration certificates are current and accessible.

3. Personnel & Training

Your people are your strongest defense against contamination — or your weakest link if they’re untrained.
Auditors want to see evidence of initial and refresher GMP training, plus competence in daily tasks.
Tip: Link each training record to a specific SOP or job function. It shows traceability and accountability.

4. Production & In-Process Control

Batch records, traceability, and deviation handling reveal how well your team controls the production process.
Tip: If deviations occur, show how they’re recorded and resolved — hiding problems suggests poor control, while documented solutions show maturity.

5. Quality Control & Testing

Laboratory practices, test data integrity, and sample handling are key evidence points.
Tip: Keep all raw data traceable to sample IDs and ensure instruments have calibration logs.

6. Supplier & Subcontractor Control

Auditors expect supplier qualification, performance monitoring, and periodic audits.
Tip: Maintain supplier risk assessments and re-approval intervals — they prove proactive oversight.

7. Hygiene & Housekeeping

Clean, organized areas communicate control before a single document is reviewed.
Tip: Ensure cleaning records are current, equipment is labeled “clean” or “in use,” and storage zones are clearly segregated.

Across all these areas, consistency is what earns confidence. An occasional deviation isn’t alarming — what matters is how quickly and effectively it’s addressed.

Pro Tip: Before the audit, walk through each area as if you were the auditor. Ask yourself: “Can I see clear evidence that this process is controlled?” If not, that’s where to focus your prep.

Common Audit Non-Conformities (and How to Avoid Them)

Even the most prepared cosmetic manufacturers occasionally receive findings during an ISO 22716 audit. That’s normal — what matters is recognizing where others stumble so you can prevent the same mistakes.
Most non-conformities fall into predictable patterns, and once you understand them, they’re easy to manage.

1. Incomplete or Uncontrolled Documentation

Auditors often find outdated SOPs, unsigned records, or uncontrolled electronic files.
These issues suggest weak document control, even if your processes are fine.
Tip: Keep one master list of controlled documents, showing revision numbers, approval dates, and current versions.

2. Gaps in Cleaning and Hygiene Records

Cleaning might happen daily, but if it’s not documented, it doesn’t count.
Tip: Make cleaning logs visible and easy to fill out at the point of use. Include signatures, dates, and product-area details.

3. Missing Batch Reconciliation or Deviation Logs

Incomplete production records, missing reconciliation totals, or unreported deviations quickly raise red flags.
Tip: Record every deviation as soon as it happens and document corrective actions. Auditors appreciate transparency over perfection.

4. Weak Supplier Evaluation and Oversight

Supplier performance often gets forgotten after initial approval.
Tip: Conduct periodic reviews of supplier quality, delivery reliability, and complaints. Keep supporting evidence — audit reports, certificates, or correspondence.

5. CAPA Follow-Up Without Verification

Many companies close corrective actions too early. Auditors then classify repeat issues as major findings.
Tip: Always verify CAPA effectiveness after implementation. It’s proof your system learns and improves.

6. Poor Housekeeping or Visual GMP Issues

A disorganized environment immediately signals a lapse in discipline.
Tip: Perform short “hygiene walkthroughs” weekly. Cleanliness and order speak louder than policies.

In one audit I supported, a small cosmetics producer received a major finding because cleaning records were stored in a supervisor’s notebook instead of the official log. Once they centralized their documentation and trained staff to record in real time, subsequent audits passed without issue.

Pro Tip: Review past internal-audit results before the certification audit. If you find the same weaknesses appearing more than once, focus there first. Auditors look for recurrence — eliminating it shows genuine control.

Handling Audit Findings Professionally

How you respond to audit findings says as much about your quality system as the findings themselves.
Auditors don’t expect a flawless operation — they expect a mature one. That means you can acknowledge issues, analyze them objectively, and act decisively to prevent recurrence.

When you receive a finding, avoid reacting defensively. Instead, follow a structured process:

1. Document the finding clearly.
   Write what happened, not what you think happened. Reference the relevant ISO 22716 clause and describe the evidence presented by the auditor.

2. Analyze the root cause.
   Ask why multiple times until you uncover the real reason — not just the surface symptom. For example, “employee forgot” often points to weak training, unclear instructions, or process gaps.

3. Plan corrective actions.
   Define what will be done, who’s responsible, and by when. Your plan should include both short-term containment and long-term prevention.

4. Implement and record.
   Update relevant SOPs, conduct retraining, or adjust workflows. Keep evidence — meeting minutes, updated procedures, or photos.

5. Verify effectiveness.
   After implementation, check if the issue truly disappeared. This step separates compliance from improvement.

Auditors appreciate teams that handle findings with calm and competence. It shows ownership and understanding of GMP principles.

Pro Tip: Submit your corrective action plan within 10 working days and verify completion within 60. Timely responses demonstrate system maturity and readiness for certification.

Common Mistake: Closing CAPAs just to meet deadlines. Without proof of effectiveness, repeat findings can escalate from minor to major in the next audit.

A well-managed finding isn’t a failure — it’s an opportunity to show continuous improvement. The best auditors notice this mindset and often mention it positively in their reports.

Maintaining Hygiene & Housekeeping Standards During the Audit

Before the auditor even opens a file, they’ll take in your facility. Cleanliness, order, and discipline are instant indicators of control. If your environment looks well-managed, you’ve already built credibility before a single question is asked.

During an ISO 22716 audit, hygiene and housekeeping become visible proof of compliance. Auditors want to see that cleanliness isn’t just scheduled — it’s lived daily.

Here’s how to stay audit-ready:

1. Verify cleaning records.
   Check that all cleaning logs are current, signed, and available. Missing dates or signatures suggest weak follow-through.

2. Label everything clearly.
   Buckets, mops, and cleaning agents should be color-coded and labeled by zone. It shows you prevent cross-contamination and maintain process control.

3. Inspect high-risk areas first.
   Mixing rooms, filling lines, and packaging zones should be spotless. If a process runs during the audit, ensure real-time housekeeping happens without interrupting operations.

4. Prepare sanitation materials.
   Stock cleaning agents and PPE where they’re needed. Empty dispensers or missing gloves leave a poor impression.

5. Control personal items and waste.
   No food, drinks, or personal belongings in production areas. Waste bins should be closed, clearly marked, and not overflowing.

Pro Tip: Schedule a short GMP “walk-through” 24 hours before the audit. A fresh set of eyes often catches minor details — misplaced labels, full bins, or untidy shelves — that can turn into avoidable observations.

Maintaining strong hygiene and housekeeping practices isn’t about perfection on audit day; it’s about demonstrating consistent care. A clean, organized space tells auditors your team takes GMP seriously — every single day.

After the Audit – Follow-Up and Continuous Improvement

The audit might be over, but your work isn’t. What happens in the days and weeks after an ISO 22716 audit determines how strong your GMP system will be moving forward.
The best companies use audit results as a springboard for improvement, not just as a checklist to close.

Start with a structured follow-up plan:

1. Review the audit report together.
   Gather your quality, production, and management teams to go through each finding. Discuss what was observed and why it matters. Shared understanding prevents repeated mistakes.

2. Log all findings in your CAPA tracker.
   Record non-conformities, assign responsibilities, and set deadlines for closure. Keep the log updated and accessible so progress is visible to everyone.

3. Verify each corrective action.
   Once actions are implemented, confirm that they actually worked. Evidence can include updated SOPs, training attendance sheets, or re-audits of the affected area.

4. Share lessons learned.
   Turn findings into learning opportunities. Include audit takeaways in your next internal audit or staff training session so the entire organization benefits.

5. Update risk assessments and procedures.
   Every finding reveals a risk you can manage better. Review and adjust your risk registers, SOPs, or inspection schedules accordingly.

Pro Tip: Treat the audit report as an improvement map. Each observation is a direct insight into how to strengthen control, communication, or consistency.

Common Mistake: Treating follow-up as a paperwork exercise. Closing actions without verifying effectiveness may look complete on paper but will resurface as repeat findings next cycle.

Continuous improvement isn’t about fixing what’s broken; it’s about refining what already works. When you approach post-audit activities with that mindset, every cycle makes your ISO 22716 system stronger — and your next audit easier.

Building a Culture of Audit Readiness

The real goal of ISO 22716 isn’t to “pass the audit” — it’s to build a system that’s always audit-ready because it’s genuinely well-managed. When compliance becomes part of daily routine instead of an event, audits stop being stressful and start becoming opportunities to showcase excellence.

Audit readiness is a mindset. It’s about discipline, ownership, and pride in how your facility operates. Here’s how to make it part of your culture:

1. Keep internal audits consistent.
   Don’t treat them as rehearsal for certification. They’re your best continuous improvement tool. Rotate auditors, expand scope, and use findings to strengthen weak points early.

2. Integrate GMP awareness into training.
   Include short reminders during team meetings — things like document sign-offs, hygiene habits, or labeling accuracy. These reinforce awareness in daily work.

3. Use performance indicators.
   Track CAPA completion times, repeat findings, and audit results per department. It gives management tangible data to guide decisions and reward improvement.

4. Recognize good practices.
   Acknowledge teams or individuals who maintain clean workspaces, close CAPAs effectively, or achieve zero non-conformities. Small recognition builds lasting motivation.

5. Encourage open communication.
   Staff should feel safe reporting issues or suggesting improvements. The earlier you know about problems, the easier they are to fix — and auditors appreciate visible transparency.

Pro Tip: Include “audit readiness” as a standing agenda item in management review meetings. It keeps everyone focused, proactive, and prepared — not reactive when the audit date arrives.

A culture of readiness transforms how your company approaches compliance. Instead of seeing audits as interruptions, your team will start to view them as validations of the system they help maintain every day.

FAQs – ISO 22716 Audit Preparation & Certification

Q1: How long does a typical ISO 22716 audit take?

For most cosmetic manufacturers, an audit lasts one to two days, depending on the size of the facility and the complexity of your operations. Multi-site companies or those with contract manufacturers may need additional time.
Tip: Make sure auditors can access all areas and documents smoothly — efficient organization shortens audit time and leaves a strong impression.

Q2: What’s the difference between a major and a minor non-conformity?

A minor non-conformity is an isolated lapse that doesn’t directly affect product quality or GMP compliance — such as a missing signature or incomplete form.
A major non-conformity indicates a systemic issue, repeated failure, or risk that could compromise safety or traceability.
Tip: Take both seriously. Repeated minors often evolve into major findings if not properly addressed.

Q3: Can internal auditors also conduct supplier audits?

Yes — if they’re trained and independent of the activities they’re auditing. Many companies use the same trained team for both internal and supplier audits to maintain consistency.
Tip: Keep competence records and auditor training certificates ready; they’re often reviewed during external audits.

Q4: How often should internal audits be performed?

At least once per year for the full GMP system, though high-risk areas (like production and QC labs) may need quarterly or semiannual reviews.
Tip: Build an audit schedule based on risk. Areas with frequent non-conformities deserve more frequent checks.

Q5: What’s the best way to stay audit-ready year-round?

Keep documentation current, verify training records regularly, and perform short GMP walk-throughs each month. When compliance becomes habit, audits become routine.
Tip: A strong internal audit cycle supported by good housekeeping and effective CAPA management is the best audit-readiness strategy you can have.

From Audit Stress to Audit Confidence

An ISO 22716 audit isn’t something to fear — it’s proof that your cosmetic manufacturing system is working the way it should. When your processes are clear, your documentation tells a consistent story, and your facility reflects everyday discipline, the audit simply confirms what you already know: your operation is in control.

Passing your first audit comes down to preparation, awareness, and teamwork. If your internal audits are thorough, your records complete, and your people confident in their roles, the certification process becomes smooth and predictable.

At QSE Academy, we’ve seen this transformation many times — from anxious first-timers to confident teams who walk auditors through their systems with pride. The difference isn’t luck or timing; it’s consistent effort and clear understanding of what ISO 22716 truly expects.

Ready to take the final step?
[Download the Complete ISO 22716 Audit Toolkit] — including internal-audit checklists, CAPA templates, and hygiene records — to prepare smarter, work cleaner, and pass your audit the first time with confidence.