The interpretation of FSMA compliance for Dietary Supplement (DS) distributers and manufacturers has varied since the law was signed in 2011. As much of the food industry, including FDA, has sought to understand compliance requirements of the various FSMA rules, the DS industry has had even more to assess and determine due to its unique requirements relative to food. This is further complicated by the maturity of specific requirements for the supplement category of products being tested by industry and regulators.

Dual Level of Regulation

Early under FSMA, many DS companies struggled—and many continue to do so—with their compliance to FDA requirements due to their direct regulatory obligations as food and DS companies. Historically, the DS industry enforcement requirements fall under FDA Section 111 GMPs, which require more stringent control of the full production process than what is required for food only. This presents DS with a dual level of regulation, with the DS-specific regulation established years prior to FSMA. In fact, this regulation was well in-place at the signing of FSMA and the additional requirements, which include the 117 GMPs.

The more conservative approach to ensure compliance is to meet requirements under both the FSMA and FDA Food and Dietary statutes concurrently. Alternatively, companies may wait for more clarity on FSMA, as the final rules and compliance dates were pending due to the rulemaking time that was instituted during the rollout phase.

Challenges of Compliance

In meeting the Section 111 GMP requirements for the DS industry, there is significant complexity; however, if managed correctly, Section 111 does address many of the related FSMA requirements. Specific areas required by FSMA but not included in the DS requirements remain, including a complete Food Safety Plan, preventive controls, environmental monitoring, program management updates, and specific organizational roles of Preventive Controls Qualified Individual (PCQI), Qualified Auditor, and Qualified Sanitation Lead.

The challenge of compliance for the DS industry lies in these issues, but also in the variation of company types within the industry (i.e., distributers, manufacturers, suppliers, and the supply chain). For DS companies with many varying aspects, there can be significant variation in requirements due to the various supply chain components. This makes development more challenging based on the proper responsible party for the specifications and the final branded product for distribution. In addition, the situation of making dietary supplements and food in the same plant must be properly addressed. These all must comply with Section 111 requirements. If the Section 111 program ensures a well-qualified supplier program, this can be referenced as 117 compliance for FSMA. Unfortunately, many organizations have not formalized their written and documented programs, as required by Section 111, as well as under FSMA.

To complicate things more, the DS industry is still evolving with rapid expansion of companies, manufacturers, and distributers participating in broad and changing product types. Within the DS supply chain, the functions of product development, specification, manufacturing, operations, and the ultimate responsibility for the product and raw material stages is not easy to determine. This leaves the ultimate responsibility party to be identified—often with overlapped and shared levels of responsibility, from raw material sourcing to final manufacture. Correspondingly, it is vital for DS companies to maintain strict control of suppliers, customers, and product identification at each step of the manufacturing process.

Direct Compliance vs. Third-Party Certification

FSMA maintains its position of direct compliance to the regulations vs. the use of third-party certification for industry-legal interpretation. However, the decision to pursue third-party certification must be evaluated within this rapidly changing industry. Acceptance of these certifications is growing along with FSMA compliance. In fact, many major retail chains require global certification under the Global Food Safety Initiative (GFSI) standards. In line with this, programs must be further defined and developed to meet the GFSI requirements associated with the benchmarked standards (i.e., BRC, IFS, FSSC22000, SQF).

The need for DS companies to be certified to the GFSI through one of the standards will only continue as the distribution channels for DS products grow. These standards are necessary to provide structured requirements and to ultimately simplify the compliance process based on even more research and learning.

Keys to Success

With this rapid evolution of unique DS products, compliance and certification efforts must consider and meet the test of time. This may take several years to establish. DS companies operating under FSMA must make appropriate decisions in the development of their programs to provide evidence that programs and processes have been appropriately implemented.

Key to this is developing and maintaining a documented system with written programs and validation to Section 111 and Section 117 GMPs under FDA to meet all necessary requirements. Sufficient records must be maintained as evidence that programs have been implemented, verified, updated, and maintained as current at all times. Any exceptions addressed by Section 111 or Section 117 compliance must be confirmed and documented within this system. As just one example, in some cases Section 117 cites specific requirements, such as the protection of outside storage containers. If they do not exist, a company must identify this has been determined as an exception.

In addition, it is very important DS companies determine their compliance assessment process for FSMA. These determinations must be made relevant to the existing and verified Section 111 programs and requirements under Section 117. Decisions within any program for FSMA compliance must be clear, verified, and implemented so they can be inspected or audited with proper evidence.

Conducting an internal compliance audit can be a very helpful and important step in confirming all requirements are met and all documented programs and practices are verified and up to date. Any identified risks will lead to program non-conformity, which must be closed to meet the regulatory requirements of Section 111, Section 117, and GFSI, if appropriate. A failure in one compliance situation has the potential to create multiple non-conformances across three areas and, therefore, must be appropriately and quickly addressed.

Mapping Your Requirements

Ultimately, mapping the compliance process for both regulations—and possibly to GFSI certification requirements—must be made, along with a final register of documentation showing all requirements are being met. This requires not only time and resources of the identified qualified personnel, but this effort also must be supported by a well-founded Management Review process to ensure compliance in this rapidly evolving sector.