The FDA's position is clear: you can outsource manufacturing, but you cannot outsource responsibility. Warning letters go to the name on the label — not the factory floor.
FDA warning letters repeatedly state that outsourcing operations does not transfer or negate the obligation to ensure cGMP compliance. When you distribute a product under your brand name, you are the responsible party in the FDA's eyes — regardless of who manufactured it.
This is not a technicality. It is the foundational principle of 21 CFR Part 111. Brand owners who assume that hiring a contract manufacturer (CMO) shifts regulatory liability have misread the regulation. The FDA holds the label holder responsible for every quality failure that ends up in consumers' hands.
⚠️ FDA warning letters are public record. They name your company, describe every deficiency in detail, and remain searchable indefinitely. Retailers, investors, and wholesale buyers check them before approving new brands.
These are the compliance failures that appear most frequently in FDA warning letters targeting brand owners who outsource manufacturing. Each one is something your oversight program must address — even if you never touch the manufacturing process yourself.
Brand owners are expected to have a documented process for evaluating and approving the CMOs and raw material suppliers in their supply chain. Letters cite companies that selected a CMO without any documented qualification process — no audit, no questionnaire, no review of the CMO's cGMP track record. "We checked their website" is not qualification.
The absence of a formal quality agreement is one of the most cited findings in brand owner warning letters. Without a quality agreement, there is no documented division of responsibilities between you and your CMO — which means the FDA cannot verify that anyone is accountable for GMP compliance. A purchase order is not a quality agreement.
Brand owners are cited for releasing product without independently verifying — or ensuring through a documented process — that the CMO's testing was performed correctly and that results were reviewed before distribution. Accepting a Certificate of Analysis without any review procedure does not satisfy the FDA's finished product release requirements.
When a manufacturing deviation, consumer complaint, or out-of-specification result occurs, the brand owner is expected to have documented procedures for receiving that information from the CMO, evaluating it, and determining whether an investigation or corrective action is required. Letters cite brand owners with no records of complaints ever being received or investigated.
The FDA expects the brand owner — the name on the label — to have an active, documented role in finished product release. Companies cited in warning letters often had no written procedure for what the brand owner reviews before product ships. The CMO releasing product is not a substitute for the brand owner's own release function.
A warning letter is not a fine. It is a public document that signals to the FDA, retailers, and consumers that your brand has unresolved compliance failures. The consequences escalate fast.
The oversight obligations that warning letters cite are not ambiguous. The FDA publishes them in 21 CFR Part 111. Building a compliant oversight program is straightforward if you do it before the inspector arrives.
A signed quality agreement with your CMO is the single document that proves you have defined oversight responsibilities. It must cover roles, specs, change control, deviations, audit rights, and release authority.
Document that you have visited (or engaged a third party to audit) your CMO's facility at least once per year. An unaudited CMO is an unqualified CMO in the FDA's view.
Establish a written procedure for reviewing Certificates of Analysis before releasing product for distribution. The review does not have to be performed in a lab — but it must be documented and performed by someone at your company.
Require your CMO to notify you of manufacturing deviations, OOS results, and consumer complaints within a defined timeframe. Document your review of each one. These records are what investigators examine first.
✓ Document everything. An oversight program that exists but was never documented is invisible to an FDA investigator. If it isn't written down and signed, it didn't happen.
Everything your brand needs to demonstrate CMO oversight. Two tiers based on SKU count. No surprises.
Tell us about your brand and we'll confirm which package fits. No sales pressure — just a straightforward conversation about what you need to be audit-ready.