Is ISO 22716 mandatory for cosmetics manufacturers?

Not always by law, but it is widely required by retailers and expected by regulators. Align your QMS to ISO 22716 and applicable regulations (e.g., MoCRA) to demonstrate GMP.

Can ISO 9001 replace ISO 22716?

No. ISO 9001 provides QMS structure, but ISO 22716 provides cosmetics-specific GMP guidance. Using both is common and effective.

Do I need electronic batch records to comply?

Paper is possible but fragile. A validated eBMR with audit trails is the most defensible way to scale, protect data integrity, and pass inspections.

How do we prevent label mix-ups under ISO 22716?

Use Labeling Control to render panels from governed data and enforce line clearance and in-line label verification scans at print and pack.

What’s the quickest improvement to meet ISO 22716?

Enforce line clearance, lock label verification, verify device calibration status, and migrate spreadsheet logic into validated systems with audit trails.

How do we prove data integrity for ISO 22716?

Use validated systems with named users, immutable audit trails, and tested backups; ensure every batch is reconstructable in minutes from governed records.

ISO 22716 – Cosmetics GMPGlossary

ISO 22716 – Cosmetics GMP

This topic is part of the SG Systems Global regulatory & operations glossary.

Updated October 2025 • Quality Management, MoCRA Alignment, Data Integrity • Manufacturing, QA/RA, Packaging, Supply Chain

ISO 22716 provides Good Manufacturing Practice (GMP) guidelines for cosmetics—covering the people, premises, equipment, materials, production, laboratory controls, packaging/labeling, storage, distribution, and the quality system that stitches them together. It is written as how to organize and control rather than a narrow list of pass/fail tests. That’s why retailers and regulators treat it as the operating system for compliant cosmetics production: if your real‑world batch records, labels, and recalls can’t be traced straight back to an ISO 22716‑aligned system, you’re betting reputation and shelf space on luck. The blunt truth: a pretty brand and a great formula won’t save you from weak GMP—bad controls leak into returns, complaints, and regulatory findings.

“Cosmetics GMP is boring by design. If your process feels exciting, your controls are missing.”

TL;DR: Build a cosmetics QMS that implements ISO 22716 with documented SOPs, trained people (Training Matrix), qualified facilities/equipment (IQ/OQ/PQ, UQ), governed materials (VQ/SQM, COA), controlled production (MES, Weigh/Dispense, Label Verification), and closed‑loop quality (Deviation, CAPA, Internal Audit). Keep data integrity tight with Part 11/Annex 11 controls in validated systems (CSV). Align with MoCRA expectations for listing, labeling, safety, and adverse events. No shadow spreadsheets, no editable print UIs, no mystery lots.

1) What ISO 22716 Covers—and What It Does Not

Covers: organization and personnel; premises/environment; equipment and maintenance; raw/packaging materials; production operations (weighing, mixing, filling); quality control and laboratory testing; packaging/labeling; finished‑goods handling; contract/outsourced activities; recalls/complaints; self‑inspections; documentation and records. It expects risk‑based controls, traceability, and the ability to reconstruct what happened for any batch.

Does not cover: marketing claims, clinical efficacy, or the science of product safety. Those are handled by substantiation and testing programs (Laboratory Analyses & Review), and by legal frameworks like MoCRA. ISO 22716 also doesn’t excuse weak data integrity—electronic evidence still needs audit trails, unique users, and controlled retention.

2) Legal, System, and Data Integrity Anchors

Cosmetics made under ISO 22716 still live within jurisdictional law. In the U.S., MoCRA strengthens expectations for facility registration, product listing, safety substantiation, labeling, serious adverse event reporting, and GMP practices. Electronic records supporting GMP must comply with Part 11/Annex 11: validated systems (CSV/GAMP 5), attributable entries (ALCOA(+)), identity/time control, and audit‑ready retention. Many firms layer ISO 22716 within an ISO 9001 QMS for broader governance and continuous improvement.

3) The Evidence Pack for ISO 22716 Compliance

Build a dossier that an auditor can follow cold: a QMS overview mapped to ISO 22716 clauses; organization chart and role competency (Training Matrix); site drawings and flows; IQ/OQ/PQ and calibration status; utility readiness (UQ); supplier files (VQ/SQM, SCAR); incoming control (Goods Receipt, Component Release); controlled recipes (Recipe Management, Recipe Versioning); executed eBMR with audit trails; lab evidence (TMV, ISO/IEC 17025); packaging/label control (Labeling Control, Label Verification); deviations and CAPAs; complaints/recalls (Recall Readiness); and management reviews with KPIs. Store it all under Document Control.

4) From Vendor to Shelf—A Standard ISO 22716 Path

1) Supplier control. Qualify suppliers (VQ/SQM), define specs, and require COAs.

2) Receipt & release. Execute Goods Receipt, Incoming Inspection, and Component Release; stage in WMS with FEFO/FIFO.

3) Controlled production. Weigh by mass (Gravimetric Weighing), verify line clearance, execute through MES, and capture the eBMR.

4) Packaging & labels. Drive artwork from governed data (Labeling Control); enforce in‑line Label Verification.

5) QA release. Apply Release Status and retain records (Record Retention).

6) Distribution & traceability. Ship with accurate ASNs; maintain chain with EPCIS and SSCC. Be recall‑ready.

5) People & Competence—Training That Moves the Needle

ISO 22716 expects clear roles, training to task, and proof that people can do what SOPs demand. Replace “read and understand” signoffs with competency‑based programs (Training Matrix). Tie authorizations to UAM roles (UAM) in manufacturing and lab systems. For high‑risk steps (micro‑weigh, allergen handling, label release), require qualification events and periodic refreshers documented under Document Control.

6) Premises & Environment—Design Out Contamination

Control people and material flows to prevent mix‑ups and cross‑contamination (Cross‑Contamination Control). Validate environment and storage conditions with Temperature Mapping and monitor with EM. Use dedicated weigh rooms for fragrances and allergens; design cleaning states and color‑coded tools; verify line clearance at every changeover (Line Clearance).

7) Equipment & Utilities—Qualified, Calibrated, Predictable

Qualify the equipment lifecycle (IQ/OQ/PQ) and keep it “in status” (Calibration Status). Control utilities—HVAC, compressed air, purified water—using UQ. Don’t run validated processes on unvalidated kit; if status lapses mid‑batch, pause, assess impact, and document Deviation/CAPA before release.

8) Materials Management—Specs, Identity, and Status

Materials make or break cosmetics GMP. Onboard with VQ/SQM; enforce specs and COAs. Execute Incoming Inspection, quarantine until Component Release, and manage bins/eligibility in the WMS. Control allergens and sensitizers with dedicated storage and Allergen Control. Tie lot identity to every weigh and charge—no exceptions.

9) Production Controls—Weigh, Mix, Fill, Prove

Execute recipes from governed masters (Recipe Management/Recipe Versioning) into a validated MES. Bind devices to the step (Weigh/Dispense), enforce windows (Alert/Action Limits), and record who/what/when (Audit Trail). Use SPC on critical parameters (viscosity, pH, fill mass). If a device or lot is wrong, block execution—don’t “note and proceed.”

10) Cleaning, Hold Times & Changeover

Cosmetics are sticky—literally. Validate cleaning procedures (Cleaning Validation) and enforce Line Clearance to avoid carryover and label mix‑ups. Define and justify hold times for in‑process bulks (Hold Time Study) and verify container states (clean/dirty, closed/open) in the eBMR. “We always do it that way” is not validation.

11) Laboratory Controls—Methods That See the Truth

Anchor lab work with validated methods (TMV) and competent labs (ISO/IEC 17025). Separate process variation from measurement noise with MSA. Treat OOS and OOT as signals, not paperwork. Manage stability studies and set realistic shelf‑life claims; don’t back‑solve label dates to marketing promises.

12) Packaging & Labeling—Control the Last Mile

Run packaging under the same rigor as compounding. Control artworks, claims, ingredients, and barcodes through Labeling Control; verify every print with scanners (Label Verification). Bind labels to batch and market variant; lock reprints behind e‑sign and reason codes. A label that is “almost right” is wrong—full stop.

13) Warehouse, Distribution & Traceability

Use the WMS to control lots, shelf life, FEFO, and segregation. Maintain traceability with EPCIS, case/pallet IDs (SSCC), and accurate ASNs. Quarantine returns, perform RMA checks, and keep genealogy complete (Traceability).

14) Complaints, Adverse Events & Recalls

ISO 22716 expects a living complaint and recall system. Feed customer issues into Deviation/CAPA; escalate serious adverse events under your regulatory pathway (MoCRA). Test your Recall Readiness with drills; time the end‑to‑end trace to prove you can act before social media does it for you.

15) Change, Deviation & CAPA—Cause, Not Theater

Route changes through structured Change Control; analyze risk (QRM), verify effectiveness, and document approvals. Treat deviations with root‑cause rigor (RCA) and remediate with measurable CAPAs. Cosmetic fixes create repeat failures; fix systems so people don’t have to be heroes twice a week.

16) Documentation & Data Integrity—Reconstructable or It Didn’t Happen

Author and approve under Document Control, execute in validated systems (CSV), and keep every critical action attributable (Audit Trail, UAM). Ban shadow spreadsheets; embed calculations and conversions (UOM Conversion) in the platform. Test backups and restores (Record Retention).

17) Continuous Improvement—Measure What Matters

Use SPC and Cp/Cpk on critical attributes; run Internal Audits; roll findings into CAPA; review performance in management reviews. ISO 22716 and ISO 9001 play well together—use the structure to kill variation and cost, not to decorate binders.

18) Metrics That Prove Control

Right‑First‑Time (RFT) batches and pack orders.
Deviation/CAPA cycle time and CAPA effectiveness rate.
Supplier quality (COA match rate, SCAR recurrence).
Label verification pass rate and reprint reason completeness.
Traceability drill time (batch to retail lot via EPCIS/SSCC).
Environmental excursions (EM/temperature mapping) vs. impact.
Audit‑trail review health and late‑entry rate.
Complaint rates and time to signal detection.

If a metric never changes a decision, retire it. ISO 22716 rewards control, not dashboards.

19) Common Pitfalls & How to Avoid Them

Beautiful SOPs, ugly execution. Train to competency and bind steps to systems.
Unqualified utilities/equipment. No production on out‑of‑status assets—ever.
Shadow spreadsheets. Move recipe/label math into validated platforms with audit trails.
Label mix‑ups. Enforce line clearance and mandatory verification.
Supplier drift. Tie incoming failures to SCAR and review eligibility.
Complaint theater. Investigate root causes; don’t close tickets with sympathy notes.
Data‑integrity gaps. Kill shared logins; lock reprints behind e‑sign; review audit trails.
“We’ll fix it at release.” You won’t. Build controls where work happens.

20) What Belongs in the ISO 22716 Dossier

QMS/Manual mapped to ISO 22716; org chart and Training Matrix; facility/flow diagrams; IQ/OQ/PQ, UQ, and calibration; supplier files (VQ/SQM/SCAR); specifications and COAs; controlled recipes and version history; executed eBMR and lab results (TMV, MSA); packaging/label approvals and verification logs; deviations, OOS/OOT, CAPAs; complaint/adverse event records; recall drill evidence; internal audits and management reviews. Keep it under Document Control with effective dates and approvals.

21) How This Fits with V5 by SG Systems Global

Governed master data. The V5 platform manages recipes, specs, labels, roles, and training as versioned records with approvals and full audit trails.

Device‑tight execution. V5 binds scales, mixers, fillers, and printers to each step; blocks work when calibration status, lot eligibility, or line clearance fail; and writes directly to the eBMR.

Label control & verification. The label engine renders pack copy from governed data (Labeling Control), while scanners enforce verification at print/pack.

WMS & traceability. Integrated WMS stages right lots, enforces FEFO/FIFO, and publishes EPCIS/ASN events for end‑to‑end genealogy.

Quality loop. Deviations, OOS/OOT, CAPA, and Internal Audit live in V5; dashboards put SPC/Cpk next to cost and risk. Bottom line: V5 turns ISO 22716 from policy into daily behavior—with evidence.

22) FAQ

Q1. Is ISO 22716 mandatory?
Not always by law, but many retailers require it and regulators expect equivalent GMP. Align your QMS to ISO 22716 and to local regulations like MoCRA.

Q2. Can a cosmetics brand adopt ISO 9001 without ISO 22716?
ISO 9001 helps, but it’s not cosmetic‑specific. Use ISO 22716 for GMP detail and ISO 9001 for overarching QMS discipline.

Q3. Do we need eBMR to comply?
Paper can work, but it’s fragile. A validated eBMR with audit trails is the defensible way to pass inspections and scale.

Q4. How do we control labels across markets?
Drive panels from governed data with Labeling Control, verify at print (Label Verification), and block wrong‑market prints automatically.

Q5. What’s the fastest quality win?
Enforce line clearance, lock labels behind verification, calibrate critical devices, and kill shadow spreadsheets—then measure RFT and complaint rates.

Q6. How do we prove data integrity?
Use validated systems (CSV), named users (UAM), immutable audit trails, and tested retention. Reconstruct a batch in minutes or expect findings.