When a cosmetic product fails, it’s rarely just a production issue — it often starts with a supplier. Maybe a raw material wasn’t stored properly, or a packaging batch didn’t meet cleanliness standards. I’ve seen this play out countless times, and every time the lesson is the same: your GMP compliance is only as strong as your weakest supplier.
ISO 22716 expects manufacturers to control their supply chain, not just trust it. That’s where a Supplier-Audit Program comes in. It helps you verify that your suppliers follow Good Manufacturing Practices, protect product integrity, and document every critical process.
This guide walks you through exactly how to set up that system — from risk assessment and checklist design to follow-ups and performance reviews — so you can stop reacting to supplier issues and start preventing them.
Understanding ISO 22716 Requirements for Supplier Control
ISO 22716 emphasizes that suppliers must be evaluated, selected, and monitored to ensure the materials they provide are consistently suitable for use. That includes raw materials, packaging, and outsourced processes.
The goal isn’t to micromanage your suppliers; it’s to confirm they have the same level of quality commitment that you do.
In my experience, the most common gap I see is companies focusing only on raw-material vendors while ignoring packaging or subcontracted services — areas that can just as easily introduce contamination risks.
Pro tip: Treat every supplier as part of your GMP system, not just a business partner.
Common mistake: Assuming that a supplier with ISO 9001 certification automatically meets ISO 22716 GMP requirements — the two aren’t the same.
Designing a Supplier-Audit Program Step by Step
Creating a supplier-audit program doesn’t need to be complicated. Here’s how I usually help clients build one that’s practical and effective:
Identify critical suppliers. Start with those that directly affect product quality — ingredient suppliers, packaging manufacturers, and contract fillers.
Define your audit scope and frequency. High-risk suppliers should be audited annually, while lower-risk partners might only need a desktop review.
Establish audit criteria. Cover hygiene, storage, traceability, pest control, and documentation.
Assign trained auditors. Ideally, people who understand both ISO 22716 and your production process.
Document results. Record objective evidence, findings, and agreed actions.
Pro tip: Use a scoring system for supplier performance. It gives you a clear, objective way to decide who stays on your approved-supplier list.
Example: One cosmetic-cream producer I worked with introduced supplier scoring. Within three months, delivery delays dropped by 25% simply because suppliers knew they were being rated.
Building the Supplier-Audit Checklist
Your audit checklist is your roadmap — without it, audits easily become inconsistent or superficial. Here’s what to include:
GMP certification or documentation
Material handling and storage conditions
Cleaning and pest-control procedures
Personnel hygiene and protective clothing
Traceability and batch documentation
Deviation and CAPA management
The checklist should mirror your own processes so findings can be compared directly.
Pro tip: Align supplier-audit checklists with your internal-audit format. It simplifies reporting and makes trends easier to track.
Common mistake: Copying a general GMP checklist from the internet. Those rarely match the specific risks of cosmetic manufacturing — especially when it comes to hygiene zones or product-contact surfaces.
Managing Non-Conformities and CAPA from Supplier Audits
Every audit uncovers something — and that’s a good thing. What matters is how you handle it.
Classify your findings as minor, major, or critical, depending on how they affect product quality or GMP compliance. Then agree on timelines for corrective actions, and don’t stop there — verify that each action actually worked.
Pro tip: Keep one central CAPA log that includes both internal and supplier findings. It gives management a complete picture of risk areas.
Example: A packaging supplier I audited had recurring dust contamination in bottle storage. After a joint root-cause analysis and new cleaning schedule, complaint rates dropped to zero in the next quarter.
Monitoring and Reviewing Supplier Performance
Audits give you snapshots. Performance reviews show you trends.
Combine your audit results with metrics like on-time delivery, documentation accuracy, complaint rates, and responsiveness. This tells you which suppliers are improving — and which ones need coaching or replacement.
Pro tip: Share performance summaries with your suppliers. It builds accountability and often sparks healthy competition to improve.
Common mistake: Treating audits as one-off events. Continuous supplier monitoring is what keeps your GMP system strong year-round.
Integrating Supplier Audits into Your Quality System
Supplier audits shouldn’t sit in isolation. Tie them into your management review and risk assessment processes.
Audit results can help you decide:
Whether to re-qualify a supplier
Which risks to prioritize next quarter
What training or CAPA initiatives to focus on
Pro tip: Store all supplier-audit reports, CAPAs, and correspondence in your document-control system. When certification auditors ask for supplier-management evidence, you’ll have everything ready in seconds.
FAQs – ISO 22716 Supplier-Audit Program
Q1: How often should suppliers be audited? High-risk suppliers should be audited at least once a year. For lower-risk or certified suppliers, every two to three years may be enough — as long as no major changes occur.
Q2: Can we conduct remote supplier audits? Yes, especially for low-risk suppliers. A well-structured remote audit with video tours and document reviews is perfectly acceptable under ISO 22716, provided you justify it in your risk assessment.
Q3: What qualifications should our supplier auditors have? They should be trained in ISO 22716, understand cosmetic GMP principles, and have experience evaluating production or material-handling processes.
Strengthen Your GMP Supply Chain
Your product quality depends on the people and processes behind your ingredients and packaging. Setting up a solid Supplier-Audit Program isn’t just a compliance requirement — it’s insurance for your brand’s reputation.
At QSE Academy, we’ve helped hundreds of cosmetics manufacturers design supplier-audit systems that meet ISO 22716 expectations and impress auditors.
Ready to take the next step? [Download Your ISO 22716 Supplier-Audit Program Template] and start auditing your suppliers with confidence.
👋 Hi, I’m HAFSA, and for the past 12 years, I’ve been on a journey to make ISO standards less intimidating and more approachable for everyone.
Whether it’s ISO 9001, ISO 22000, or the cosmetics-focused ISO 22716, I’ve spent my career turning complex jargon into clear, actionable steps that businesses can actually use.
I’m not here to call myself an expert—I prefer “enthusiast” because I truly love what I do.
There’s something incredibly rewarding about helping people navigate food safety and quality management systems
in a way that feels simple, practical, and even enjoyable.
When I’m not writing about standards, you’ll probably find me playing Piano 🎹, connecting with people, or diving into my next big project💫.
I’m an engineer specialized in the food and agricultural industry
I have a Master’s in QHSE management and over 12 years of experience as a Quality Manager
I’ve helped more than 15 companies implement ISO 9001, ISO 22000, ISO 22716, GMP, and other standards
My clients include food producers, cosmetics manufacturers, laboratories, and service companies
I believe quality systems should be simple, useful, and efficient.
