Comparatively Speaking: cGMP vs. ISO

By: Anthony J. O'Lenick Jr., Siltech LLC

Posted: August 31, 2010

page 2 of 3

Differences
The major differences also remain unchanged. First, cGMP compliance is mandatory and required by law while ISO certification is completely voluntary. The cGMP guidelines for pharmaceutical, food, drug and cosmetics are compliance programs mandated and regulated by the US Food and Drug Administration (FDA). It should be noted that while the cosmetics and personal care industry considers itself self-regulated, most companies have implemented cGMPs; also, the FDA does have the ultimate authority.

Although Congress passed the GMP Act in 1965, cGMP Guidelines did not go into effect until 1978. These have the full force of the law behind them, giving the FDA the authority to conduct on-site inspections (audits), issue warning letters publicly, and enforce product recalls and seizures of adulterated products, etc. The Code of Federal Regulations, i.e. the Food, Drug and Cosmetic Act 21 CFR, Parts 210 and 211, set forth the minimum standards required to guarantee the safety, identity, strength, purity and quality to protect consumers from adulterated products from entering the market. The sale of products that are consistently both safe and effective is the aim to protect public health.

In contrast, ISO 9001 did not come along until 1987 as a voluntary program for all industries. ISO quality standards were designed to assure customer satisfaction and not necessarily to protect consumers. There is no law requiring ISO certification. There are many consulting companies for hire to help companies obtain ISO certification, as well as companies that are approved to audit and award ISO certification. In 2003, a newer ISO (13485) came out to cover the design and manufacture of medical devices.

The "c" in cGMP stands for current and indicates that GMPs are a dynamic set of guidelines that are subject to change in order to keep current with advances in science, technology and practices. In fact, the FDA released updated cGMP guidelines in 1997. Then in 2004, the FDA issued the “Guidance for Industry—Quality System Approach to Pharmaceutical cGMP." This guidance includes things one “should” do to reach compliance with the updated cGMP requirements. These “should-dos” are suggestions or recommendations and are not necessarily required.

Some of these suggestions include certain aspects from the ISO 9001 "Quality Management Systems" document. This brought the two separate quality systems (cGMP and ISO) closer together. Now if one is cGMP compliant, it is even easier to achieve ISO certification. With the updated cGMP in place, some feel that companies are are already 80% towards the goal of ISO certification. In order to determine exactly how much further a company must go to reach ISO or cGMP, detailed side-by-side gap analysis should be conducted to compare these standards with the program the company already has in place. Software programs are available to help accomplish this. In the end, however, some consider it unlikely that there will ever be a total harmonization of both cGMP and ISO requirements.