Top ISO 22716 Audit Non‑Conformities

Last Updated on October 24, 2025 by Hafsa J.

What Audit Findings Reveal About Your GMP System

Every ISO 22716 audit tells a story. Sometimes it’s about a team doing all the right things but missing one small detail that costs them a major finding. Other times, it’s about a system that looks good on paper but doesn’t work in practice.

I’ve reviewed hundreds of cosmetic GMP audits, and here’s what I’ve noticed — most non-conformities don’t come from bad intentions. They come from incomplete documentation, poor follow-up, or assumptions that “someone else handled it.”

In this guide, we’ll go over the most common ISO 22716 non-conformities, why they happen, and how to fix them before your next audit. You’ll see patterns that every auditor recognizes — and the exact steps to stay ahead of them.

Documentation & Record Control – The Root of Most Non-Conformities

If you’ve ever heard an auditor say, “If it’s not documented, it didn’t happen,” you already understand this one.

ISO 22716 expects clear control of every document and record: SOPs, batch records, training logs, calibration certificates — the works. Yet, this is where most teams stumble.

Common issues I’ve seen:

• Using outdated SOPs still pinned to production walls.
• Batch records missing operator signatures or approval dates.
• Digital files with no version control or backup.

Pro tip: Assign one document custodian responsible for approving, archiving, and updating files. Even in small teams, that single point of accountability prevents chaos.

Pitfall: Thinking a digital file means it’s automatically “controlled.” Auditors still want to see version history, approvals, and access restrictions.

Premises & Equipment – Hygiene and Maintenance Gaps

Even the best-written procedures can’t hide a dirty mixer.

Auditors always check the condition of your premises and equipment because it says a lot about day-to-day GMP culture.

Typical findings include:

• Cleaning schedules not followed or not recorded.
• Residue in tanks or filling lines.
• Raw materials stored beside finished products.
• Calibration certificates missing or expired.

Pro tip: Place laminated cleaning logs near every equipment station. It creates visible accountability and helps your team remember.

Example: A skincare plant once failed an audit because their air filter replacement log was “planned” but never updated. They fixed it, retrained maintenance staff, and passed the next audit cleanly.

Personnel & Training – Competence Is More Than Attendance

ISO 22716 doesn’t just ask, “Did you train your people?” It asks, “Can they apply what they learned?”

Many audits uncover that staff signed training sheets without understanding the procedures they’re supposed to follow.

Frequent findings:

• No GMP training for new hires before starting work.
• Old training materials that don’t reflect updated SOPs.
• Missing evaluation of training effectiveness.

Pro tip: After every session, ask staff to demonstrate or explain one key task. It’s simple proof that the training worked.

Example: One cosmetics company introduced five-minute “GMP refreshers” every Monday. Within two months, their hygiene-related findings dropped to zero.

Production & In-Process Control – Traceability and Batch Records

This is where small oversights can become big findings. Auditors love reviewing batch records because they reveal how well your process actually runs.

Common non-conformities:

• Missing batch reconciliation (what was made vs. what was packaged).
• Deviations noted verbally but never recorded.
• Rework not documented or approved.

Pro tip: Treat every batch record as a legal document — because to an auditor, it is. Record deviations as they happen, not later.

Common mistake: Thinking “we’ll fix the record tomorrow.” Retroactive entries raise red flags fast.

Laboratory Control & Quality Testing – When Data Integrity Fails

Lab areas often generate findings around data integrity and sample handling. The good news? Most are avoidable.

Typical issues:

• Test results jotted on sticky notes or loose papers.
• Missing calibration logs for analytical equipment.
• Lack of reference standards or retention samples.

Pro tip: Establish a clear data trail — from sample receipt to test report. Every entry should show who did what, when, and how.

Example: A small cosmetics lab improved their audit score dramatically by implementing electronic logbooks with automatic date stamps. It cut data errors by half within one quarter.

Deviations, CAPA & Change Control – The Follow-Up Gaps

Auditors expect to see a story: problem found, root cause analyzed, action taken, and effectiveness verified. Too often, that last part — verification — gets skipped.

Frequent findings:

• CAPA records without closure dates.
• Corrective actions implemented but never checked.
• Changes made without risk assessment or documented approval.

Pro tip: During management reviews, include a standing agenda item for “Open CAPAs.” It keeps everyone accountable.

Example: A contract manufacturer reduced recurring findings by holding a 15-minute CAPA review meeting every two weeks — simple, but powerful.

Supplier & Outsourced Process Control – The Forgotten Area

One of the biggest blind spots in ISO 22716 compliance is supplier management. You might have great GMP systems internally, but what about your suppliers?

Common non-conformities:

• No documented supplier evaluations.
• Missing GMP evidence from ingredient or packaging suppliers.
• No follow-up after supplier audits.

Pro tip: Develop a supplier-risk matrix — high-risk suppliers get annual audits, low-risk ones get document reviews.

Pitfall: Assuming “approved once” means “approved forever.” ISO 22716 expects ongoing evaluation.

Storage & Distribution – Overlooked but Audited

Warehouses and logistics areas often get less attention, but auditors always go there.

Typical findings:

• Mixed storage of quarantined and released materials.
• No temperature or humidity monitoring.
• Missing traceability of batches during shipment.

Pro tip: Color-code or label storage zones (e.g., red for quarantine, green for released). It instantly shows control and discipline.

Example: One cosmetics brand implemented barcode tracking for finished goods. Not only did audit findings disappear — inventory errors dropped by 35%.

FAQs About ISO 22716 Audit Findings

Q1: What’s the difference between a minor and a major non-conformity?
Minors are isolated lapses that pose limited risk. Majors are systemic or recurring issues that directly affect product safety or GMP compliance.

Q2: How long do we have to close non-conformities?
Usually 30–60 days, depending on severity. High-risk issues may require immediate corrective action.

Q3: Can repeated minor findings become a major one?
Yes — auditors treat recurrence as a sign that the root cause wasn’t fixed, which often escalates the severity.

Turn Audit Findings Into Improvements

An audit isn’t a failure — it’s a feedback loop. Every finding is a chance to tighten your system, retrain your team, or document what you already do well.

At QSE Academy, we’ve helped countless cosmetic manufacturers turn audit findings into stronger, leaner GMP systems. Once you know what to look for, you can prevent 90% of these issues before the auditor even arrives.

Ready to stay ahead of your next audit?
[Download the ISO 22716 Internal-Audit Checklist] and start using it to catch these non-conformities before they catch you.