21 CFR Part 117 – Preventive Controls for Human Food

This topic is part of the SG Systems Global regulatory glossary series.

Updated October 2025 • FDA / FSMA • Food Safety and Traceability

21 CFR Part 117 is the FDA’s rule implementing the Food Safety Modernization Act (FSMA). It replaces older food GMPs (Part 110) and adds mandatory hazard analysis and risk-based preventive controls (HARPC) for human food. It covers Good Manufacturing Practice (GMP), hazard analysis, allergen control, sanitation, supply-chain controls, recall plans, and recordkeeping. This entry covers (1) What It Is, (2) FAQs, and (3) How It Relates to V5.

“Part 117 transformed U.S. food regulation from reactive to preventive — requiring manufacturers to anticipate and control hazards before they reach consumers.”

1) What It Is

Part 117 is organized into six subparts that define GMP standards and preventive controls for human food facilities. It requires a written food safety plan covering hazard analysis, preventive controls, monitoring, corrective actions, verification, and recordkeeping. It applies to most U.S. food manufacturers, processors, packers, and holders of human food for consumption in the United States.

Key subparts of Part 117:

• Subpart A – General Provisions. Defines scope, responsibilities, and qualified individual requirements.
• Subpart B – GMP Requirements. Establishes hygienic personnel, plant, and sanitation controls.
• Subpart C – Hazard Analysis and Risk-Based Preventive Controls. Mandates a written food safety plan based on hazard analysis and preventive controls for process, allergens, sanitation, and supply chain.
• Subpart D – Monitoring and Corrective Actions. Requires documentation of verification and corrective actions.
• Subpart E – Supply-Chain Program. Requires approval and verification of suppliers handling hazardous ingredients.
• Subpart F – Recordkeeping. Specifies formats, retention times, and availability for FDA inspection.

Authoritative references. Regulation text: 21 CFR Part 117 (eCFR). Also see FSMA 204 Traceability and ISO 22000 / HACCP for related standards.

2) FAQ

Q1. How does Part 117 differ from Part 110?
Part 110 was replaced by Part 117 to include preventive controls and risk-based planning instead of purely GMP-based requirements.

Q2. What is a Food Safety Plan?
A written document prepared by a Qualified Individual that includes hazard analysis, preventive controls, monitoring, corrective actions, and verification procedures.

Q3. Who is a “Qualified Individual”?
Someone who has completed FDA-recognized training or is otherwise qualified through experience to develop and apply food safety plans and controls.

Q4. Are allergen controls mandatory?
Yes. Facilities must identify and control cross-contact risks and labeling errors for major food allergens under 21 U.S.C. 343(w).

Q5. How do supply-chain controls work?
Manufacturers must verify suppliers handling hazardous ingredients through onsite audits, testing, or certifications to control risk before receipt.

Q6. What records must be kept?
Monitoring data, corrective actions, verification, training, and supplier approval records must be retained and readily retrievable for FDA review.

Q7. How does Part 11 apply to Part 117?
Part 11 applies when electronic systems store records required by Part 117; systems must be validated with audit trails and secure signatures.

Q8. Where can I read the rule?
Full text available at eCFR Part 117.

3) How It Relates to V5

V5 by SG Systems Global enforces Part 117 compliance by digitally linking GMP records, hazard controls, and traceability events into a single platform spanning production, quality, and warehouse activities.

• Digital GMP records. Capture and store sanitation, temperature, and equipment checklists with Part 11 audit trails and sign-offs.
• Preventive controls workflow. MES automates process monitoring, ingredient traceability, and QC sampling to detect deviations early.
• Allergen control integration. Allergen zones, color-coded labels, and segregated lot tracking reduce cross-contact risk.
• Supplier qualification module. Manage approved suppliers and certifications through QMS and linked LIMS results.
• Traceability for FSMA 204. V5 Traceability captures Key Data Elements (KDEs) and Critical Tracking Events (CTEs) for rapid recall response.
• Warehouse control. WMS enforces FEFO, lot segregation, and release status to prevent use of unapproved materials.

End-to-end example. A food processor logs sanitation checks, executes a preventive control plan in MES, tests ingredients via LIMS, and approves lots in QMS. Traceability records in V5 link hazard data to each batch for instant recall readiness and inspection compliance.

Primary References:
• FDA eCFR: 21 CFR Part 117
• FSMA 204 Traceability: Key Data Elements & CTEs
• HACCP Framework: ISO 22000 / HACCP