The Supplement Compliance Glossary You’ll Actually Use (GMP, Specs, COAs, Recalls, SOPs)
Key takeaways
GMP = Good Manufacturing Practices: The rules for how your product must be made and documented. “Doing” + proving.
Specifications (Specs): The pass/fail recipe for your finished product: identity, purity, strength, and composition (plus any claims like gluten-free).
COA (Certificate of Analysis): Lab results showing your batch met your specs. A COA is only as good as the spec behind it.
Recall plan: Your playbook to find, notify, and remove product if something goes wrong—before a buyer asks for it.
SOPs (Standard Operating Procedures): Step-by-step instructions for your quality system. If it isn’t written, it didn’t happen.
Who this is for
Early-stage supplement founders, operators, and creator brands who want to speak the same language as buyers, lawyers, auditors, and contract manufacturers—without getting buried in jargon.
The glossary (and how to use each term in real life)
1) GMP — Good Manufacturing Practices
What it means (plain English):
The mandatory rules for how your product is made (clean facility, trained people, controlled processes) and how you prove it (records, logs, signatures, lot traceability).
Why buyers and lawyers care:
GMPs are the baseline for risk. Retailers and partners assume you follow them; auditors will ask you to show it (batch records, logs, training).
Founder move:
Ask your co-man: “Show me your last third-party GMP audit and how you closed any findings.” Then confirm how they document each batch you buy.
2) Specifications (a.k.a. Finished Product Specs)
What it means:
A signed technical document listing every test your finished product must pass, including identity, purity, strength,and composition—plus any claim-dependent tests (e.g., gluten-free, sugar-free).
Why it matters:
Specs are the contract between your label and reality. If a test isn’t in your spec, no one is obligated to do it.
Founder move:
Ensure your spec includes:
Potency for every labeled active (per serving and acceptable range)
Micro (Salmonella, E. coli, yeast/mold—appropriate for the dose form)
Heavy metals (Pb, Cd, Hg, As with sensible limits)
Allergens/claims you make (e.g., gluten, dairy, vegan)
Organoleptics/physical (appearance, taste, pH, fill weight, disintegration where relevant)
3) COA — Certificate of Analysis
What it means:
A test report for your specific lot that shows actual results versus your spec.
Why it matters:
A COA that only shows potency is incomplete. Regulators and retailers expect to see the whole panel aligned to your spec.
Founder move:
When a co-man sends a COA, verify:
Lot number matches your goods
Each spec parameter appears with method, result, and pass/fail
Any “tested by supplier” items have a vetted chain (qualified vendor, method suitability)
Sampling plan covers the batch—not just a token scoop
4) Recall plan
What it means:
A written, step-by-step plan to stop shipments, trace where lots went, notify partners/customers, and remove product safely.
Why buyers care:
Big accounts won’t onboard without seeing you can execute a recall quickly.
Founder move:
Keep a 1-page Recall Quick Sheet at the front of your binder: primary contacts, lot-trace reports, canned customer emails, and your lab partner on speed dial.
5) SOP — Standard Operating Procedure
What it means:
Your documented, repeatable instructions (who does what, when, and how you record it).
Why it matters:
“If it’s not written, it didn’t happen.” SOPs turn good intentions into evidence.
Founder move:
Start with 6 core SOPs:
Supplier qualification
Incoming material review
Finished product release (COA review)
Label control & change management
Complaint & adverse event handling
Recall & mock recall
Quick checklist: Speak compliance like a pro
I can explain GMP as both doing and proving.
My finished product spec covers identity, purity, strength, composition, and claims.
Each batch ships with a full-panel COA mapped to my spec.
I have a recall plan and can pull lot-to-customer reports in minutes.
I maintain SOPs and training records for my quality processes.
Common pitfalls to avoid
Potency only: COAs that skip micro/metals/allergens.
Vague specs: “Test as needed” offers no protection.
No retention samples: Keep sealed bottles from each lot for potential re-testing.
Label first, compliance later: Fixing claims after print burns cash.
Relying entirely on your co-man: You own compliance; verify, don’t assume.
FAQ
Do I need specs if my manufacturer already tests?
Yes. Specs are your standard, not just their habit. Retail and legal reviews anchor to your spec.
Is a third-party COA required?
Not always, but it increases credibility—especially for key actives and claim-critical tests.
Who writes my SOPs?
You own them. Your co-man has their SOPs; you need brand-owner SOPs for release, complaints, and recalls at minimum.
What if my product is “low risk”?
Risk doesn’t remove requirements. It may affect which tests and limits you set, but GMP, specs, COAs, and recalls still apply.
Next steps
Option 1 — Signature Compliance Consultation
Get founder-friendly clarity on what applies to your product right now and where your biggest gaps and quick wins are. In one focused hour we can:
Map your regulatory path (claims, testing, labeling priorities)
Review your spec/COA approach at a high level
Outline a minimum viable quality system (SOPs you actually need first)
Note: This session is for strategy and prioritization. It isn’t an in-depth legal or line-by-line contract/SOP drafting review.
Option 2 — SSET: Supplement Startup Essentials Training
A self-paced program for founders who want to understand the landscape and build a smart game plan..
You’ll learn how to:
Identify which regulatory requirements apply to your concept
Build a concise market & claims brief to guide R&D and labeling
Find and vet a co-man (what to ask, what to verify)
Plan testing and specs that match your label and channels