21 CFR Part 117

This glossary term is part of the SG Systems Global regulatory & operations guide library.

Updated December 2025 • 21 CFR Part 117, Human Food Preventive Controls (FSMA), cGMP baseline, hazard analysis, preventive controls, sanitation, allergen controls, supply-chain program, recall plan, monitoring/verification/validation, recordkeeping • Food & Beverage (manufacturing, processing, packing, holding)

21 CFR Part 117 is the FDA rule that turns “we make food” into “we control risk.” It’s the modern FSMA-era framework for Current Good Manufacturing Practice (cGMP) plus hazard analysis and risk-based preventive controls for human food. If your food safety posture is mostly “we have SOPs” and “we pass audits,” Part 117 is where that posture gets pressure-tested—because the regulation is about controlled execution and defensible evidence, not document volume.

Operationally, Part 117 forces a systems question: do you capture risk controls as repeatable workflow or as tribal knowledge? Can you prove that allergen risks were prevented, sanitation controls were executed, supply-chain hazards were managed, and deviations were handled with governance? If your proof is a mix of PDFs, binders, shared drives, and memory, you’ll be slow and inconsistent when an inspector—or a real incident—demands answers.

Part 117 also doesn’t live in isolation. It connects directly to upstream and downstream obligations like 21 CFR Part 1 (program requirements and records), labeling expectations under 21 CFR Part 101, and defensible electronic evidence concepts tied to 21 CFR Part 11, Audit Trails, and Data Integrity. In practice, Part 117 compliance is less about “knowing the rule” and more about building an operating model that generates trustworthy records by default.

“If your food safety plan depends on reconstruction, 21 CFR Part 117 is where that plan gets exposed.”

1) What people mean when they cite 21 CFR Part 117

When a QA leader, plant manager, auditor, or consultant says “we need to meet Part 117,” they’re usually not asking for a policy statement. They mean one (or more) of these practical realities:

First: the business needs a defensible Food Safety Plan posture—hazard analysis, preventive controls, monitoring, corrective actions, verification, and records—without relying on heroics.

Second: you’re getting squeezed by risk: allergen exposure, sanitation variability, supplier instability, or foreign material concerns. Part 117 forces those risks to be expressed as actual controls tied to evidence, not “general expectations.”

Third: you’re scaling complexity: more SKUs, more lines, more co-packers, more suppliers, more shifts. The moment volume and turnover rise, weak controls start producing repeat incidents (deviations, rework, holds, and costly “investigations” that don’t prevent recurrence).

Tell it like it is: Part 117 is where food safety stops being a binder and becomes an operating system.

2) Scope map: what Part 117 actually controls

Part 117 can feel “big” because it spans baseline cGMP discipline and risk-based preventive control discipline. The fastest way to understand it is to map it to operational control objects.

The bottom line: Part 117 is a multi-layer control system. Most failures happen at the seams—between departments, shifts, suppliers, and systems—where ownership is ambiguous and evidence gets lost.

3) Who Part 117 applies to (and where teams misclassify themselves)

Part 117 is activity-driven: if you manufacture, process, pack, or hold human food, you can inherit obligations even if you don’t think of yourself as a “manufacturer.” A common failure pattern is “we’re just a warehouse,” “we’re just a repacker,” or “we’re just a co-packer.” Those roles can still carry real cGMP and preventive control responsibilities depending on what you handle and how you handle it.

Part 117 also tends to pull on adjacent programs: record availability and response posture under 21 CFR Part 1, labeling governance under 21 CFR Part 101, and—if you maintain electronic records—defensibility expectations tied to 21 CFR Part 11 and Data Integrity.

4) cGMP foundation: the controls that prevent “normal failures”

cGMP is the baseline. It covers the “normal” failure modes that become catastrophic when they repeat: sanitation variability, equipment hygiene drift, undocumented changeovers, weak training discipline, and uncontrolled rework.

If your cGMP posture is strong, many hazards are prevented before you even talk about “preventive controls.” If it’s weak, you end up doing investigations for problems that never should have happened.

Three cGMP control clusters show up constantly in real operations:

Implementation anchors that map directly to these outcomes include Cleaning Verification, Environmental Monitoring, Foreign Material Inspection, and Temperature Excursions. For operational “how,” see Cleaning Verification Software and the broader program hub Food Safety Management System (FSMS) Hub.

5) Hazard analysis: turning risks into a control design

Hazard analysis is not supposed to be a “once-a-year document.” It’s a control design engine. The job is to identify what could go wrong and translate that into preventive controls that are monitorable, verifiable, and record-backed.

The reason hazard analysis fails in practice is simple: teams list hazards but don’t connect them to enforceable controls. They create a narrative, not a system.

A usable hazard analysis posture typically includes:

• Consistent risk language: use a structured approach like a Risk Matrix or a Risk Register & Controls view.
• Clear control mapping: each significant risk maps to a specific preventive control and evidence set.
• Defined “failure signals”: what counts as a deviation, what triggers a hold, what triggers escalation.
• Governed change control: new ingredients, suppliers, formulations, packaging, lines, or processes trigger updates to risk controls.

If you want a blunt test: if a new allergen SKU or supplier change can go live without updating risk controls, your hazard analysis is paperwork—not governance.

6) Preventive controls: process, sanitation, allergen, supply-chain

Preventive controls are where Part 117 becomes operationally real. The control types vary by operation, but the execution pattern is consistent: define the control, define monitoring, define corrective action, define verification, retain records.

In most facilities, four control themes dominate:

Allergen controls deserve special attention because they fail fast and publicly. Strong programs treat allergens as an execution discipline tied to Priority Allergen Control and Cross-Contact prevention, supported by operational frameworks like Allergen Control Hub and changeover verification concepts like Allergen Changeover Verification.

For packaging/label risk (which can turn a good product into a noncompliant product instantly), prevention often requires execution controls like Line Clearance and Label Reconciliation, supported by the glossary anchors Label Reconciliation and Labeling Control.

7) Supply-chain program: supplier evidence as controlled workflow

Part 117 forces an uncomfortable truth: supplier risk is your risk. You can’t outsource accountability by filing supplier PDFs. A working supply-chain program means supplier approval, monitoring, change control, and escalation are managed as an evidence-backed workflow.

A mature supplier control posture usually includes:

• Defined approval criteria: what evidence is required to approve a supplier and keep them approved.
• Change notifications as control events: suppliers changing formulation, sites, processes, or specs triggers evaluation (not surprise).
• Exception governance: deviations and nonconformances trigger investigations and corrective actions, including SCARs.
• Record retrievability: supplier evidence can be produced quickly by supplier, item, lot, and time window.

Practical anchors for this include Supplier Qualification, plus implementation guides like Supplier Quality Agreements, Supplier Change Notifications, and Contract Manufacturer Oversight.

8) Corrections, corrective actions, and CAPA

Part 117 does not require perfection. It requires controlled response. When controls fail (or when execution drifts), you need defined mechanisms to correct the issue, evaluate product impact, and prevent recurrence.

The failure mode is predictable: teams treat corrective action as “fix it and move on,” without governed investigation and prevention. That produces repeat incidents—and eventually, regulator attention.

Strong programs treat these as distinct control objects:

• Deviations: captured and managed as a workflow (Deviation Management).
• Nonconformance: controlled product impact evaluation and disposition (Nonconformance).
• CAPA: prevention discipline that actually changes the system (CAPA).

If you want implementation patterns for scaling this, see Nonconforming Product Control and the broader risk posture hub Risk Management + Deviations + CAPA Hub.

9) Monitoring, verification, validation, and internal audit posture

The difference between “we have controls” and “our controls work” is verification discipline. Part 117 expects that controls aren’t just defined—they’re monitored and periodically verified as effective.

Operationally, this tends to show up as:

• Monitoring records (did we execute the control today?)
• Verification records (did we confirm the control was done correctly?)
• Audit posture (do we test ourselves, or wait for findings?)

Practical anchors include Internal Audit, Quality Assurance Auditing, and readiness guidance like Audit Readiness.

10) Records, GDP, retention, audit trails, and electronic evidence

Most Part 117 failures become visible as record failures. Not because teams didn’t “do the work,” but because they can’t prove the work was done consistently and correctly.

A defensible record posture typically requires:

• GDP discipline for how records are created and corrected.
• Retention lifecycle so records remain accessible under turnover and system change.
• Auditability so edits are controlled and reviewable.
• Fast retrieval so you can respond without archaeology.

Use Good Documentation Practices and Record Retention Policy as operational anchors. Evidence defensibility is strengthened when you can show Audit Trails and meet Data Integrity expectations—especially when electronic systems are involved (see 21 CFR Part 11 and the guide Audit Trail Software).

11) Recall readiness + traceability response

Part 117 doesn’t just care about “prevention.” It cares about how you respond when prevention fails. That’s where recall readiness becomes an operating capability, not a PowerPoint.

A real recall posture includes:

• Traceability response that can be executed quickly (not “we’ll pull it later”).
• Governed holds so you can stop distribution when needed.
• Drills that reveal gaps before real events do.

Use Recall Drills and Recall Readiness as control anchors, supported by implementation guidance like Recall Readiness Software and traceability program guidance like Food Traceability Program.

If your operation is also impacted by traceability modernization initiatives, connect Part 117 execution evidence to broader traceability architecture guidance like FSMA 204 Traceability and Raw Material Traceability. Even when requirements differ across rules, the operating truth is the same: event-linked identity beats narrative every time.

12) Copy/paste compliance scorecard (self-assessment)

Use this as a practical test. If you can’t answer these cleanly, your Part 117 posture is fragile.

The goal isn’t a perfect score. The goal is to find where your control model depends on memory and replace it with event-linked evidence.

13) Selection pitfalls: how Part 117 compliance gets faked

• Paper plans with weak execution. A great plan doesn’t matter if monitoring and verification aren’t consistent.
• Allergen controls by habit. If prevention depends on “experienced operators,” turnover will break you.
• Supplier PDFs without workflow. Documents are not controls unless exceptions and changes are governed.
• Spreadsheet evidence. Spreadsheets can help analysis, but they are fragile as control systems under stress.
• Records without integrity. If records can be edited silently, your evidence won’t hold up.
• No retrieval drills. If you don’t practice recall/trace retrieval, you’ll learn gaps during a real event.

14) How this maps to V5 by SG Systems Global

V5 supports Part 117 outcomes by turning food safety controls into executable workflows with governed evidence: structured records, controlled approvals, enforced statuses, and fast retrieval.

• V5 platform + products:
  V5 Solution Overview,
  Quality Management System (QMS),
  Manufacturing Execution System (MES),
  Warehouse Management System (WMS),
  V5 Connect (API).
• Food safety execution hubs:
  FSMS (HACCP/GFSI) Hub,
  Allergen Control Hub,
  Traceability in Regulated Manufacturing.
• Recall & traceability capability:
  Recall Readiness Software,
  Food Traceability Program,
  FSMA 204 Traceability.
• Evidence integrity:
  Good Documentation Practices,
  Record Retention Policy,
  Audit Trail Software,
  Audit Readiness.
• Industry context:
  Food Processing,
  Produce Packing,
  Bakery Manufacturing.

The point isn’t that “software equals compliance.” The point is that Part 117 assumes your controls are executable and your evidence is retrievable under pressure. V5 is designed to make that operating model realistic.

15) Extended FAQ

Q1. Is Part 117 basically the same as HACCP?
No. HACCP (HACCP) is a hazard-focused framework, but Part 117 expands into broader preventive controls and program evidence expectations. In practice, many operations map HACCP concepts into a Part 117 control model, but the compliance posture depends on execution and records.

Q2. What’s the fastest way to tell if our Part 117 posture is real?
Run a drill: pick a risk area (allergen, sanitation, supplier hazard) and prove you can produce monitoring, verification, and corrective action evidence quickly—without spreadsheets and file hunts.

Q3. What breaks most often in Part 117 programs?
Inconsistent execution across shifts and weak evidence architecture: records are incomplete, scattered, or not trustworthy (data integrity gaps).

Q4. Are allergen controls really a “preventive control” issue?
Yes. Allergen failures are often execution failures: changeovers, label versioning, line clearance, and reconciliation. That’s why allergen control is a systems and workflow topic—not a training slogan.

Q5. How does Part 117 connect to recall readiness?
Preventive controls reduce incident probability; recall readiness reduces incident damage. A mature posture includes drills (Recall Drill) and rapid traceability response (Recall Readiness).

Q6. Do electronic records help Part 117 compliance?
They can—if they improve integrity and retrieval. Weak electronic recordkeeping is still weak. Strong electronic evidence supports audit trails, controlled corrections, retention, and fast retrieval (audit trail + data integrity).

Related Reading
• Food Safety Program Hub: FSMS (HACCP/GFSI) Hub
• Allergen Controls: Allergen Control Hub | Label Reconciliation Software | Line Clearance Software
• Traceability + Recall: Recall Readiness Software | Food Traceability Program | FSMA 204 Traceability
• Evidence Integrity: Good Documentation Practices | Record Retention Policy | Audit Trail Software | Audit Readiness
• V5 Product Pages: V5 Solution Overview | QMS | MES | WMS | V5 Connect (API)