Choosing the wrong manufacturer costs months, money, and market trust. This 12-point audit is the same framework we use at Lab 03 to qualify partners and defend your launch in Dubai (UAE) and Saudi Arabia (KSA)—from factory floors to Montaji and SFDA eCosma portals. Where it matters, we cite official GCC guidance so your team (or your board) can verify the details.
TL;DR: The pass-fail quick screen
- ISO 22716 (GMP) certificate in good standing (not just “working towards”).
- Regulatory readiness: recent, successful Montaji files (UAE) and eCosma notifications (KSA).
- Labels aligned to GSO 1943 (Arabic/English, mandatory fields).
- QC evidence: stability & micro test plans tied to lots, traceability on batch records (GMP).
- GS1 barcodes prepared correctly (GTIN hierarchy).
If any of these are shaky, keep looking.
The 12-Point Audit (what to check, what to ask, red flags)
1) Legal entity & scope
What to check: Valid trade license covering manufacturing/trading of cosmetics; ability to appoint the UAE/KSA “responsible person,” where applicable.
Ask for: Copy of license(s), list of permitted activities.
Red flags: Vague “partner” licenses; no clear responsible entity for registrations.
2) ISO 22716 (GMP) in practice, not on paper
What to check: Real implementation—cleanroom behavior, calibrated equipment, change control, deviations/CAPAs, training logs, and traceability end-to-end.
Ask for: Latest ISO 22716 certificate + audit report summary; SOP index; training matrix.
Why it matters: ISO 22716 is the globally recognized GMP guide for cosmetic production, control, storage, and shipment.
Red flags: “Pre-audit” certificates, expired docs, or staff unaware of their own SOPs.
3) Regulatory readiness: Montaji (UAE)
What to check: Whether they’ve recently registered comparable products in Dubai Municipality’s Montaji system and understand updated technical guidelines.
Ask for: Redacted Montaji approvals; list of typical documents they prepare (FSC, COA, ingredient report, label artwork, etc.).
Why it matters: DM’s technical guideline governs cosmetics and personal-care registrations; missteps delay approvals. Dubai Municipality
Red flags: “We can do it later” or “we use an agent for everything” without in-house knowledge transfer.
4) Regulatory readiness: SFDA eCosma (KSA)
What to check: Experience with SFDA eCosma notification; clear understanding of the PIF (Product Information File) and label prerequisites.
Ask for: Redacted eCosma notifications; PIF table of contents template; proof they’ve supported shipments to KSA.
Why it matters: SFDA’s guidance sets the process for notification and PIF expectations in KSA. Saudi Food and Drug Authority
Red flags: Confusing “notification” with a formal safety approval; gaps in Arabic label readiness.
5) Label compliance to GSO 1943
What to check: Arabic + English labeling with mandatory fields (INCI list, batch/expiry, function, warnings, etc.) laid out correctly.
Ask for: Their GCC label checklist and an annotated sample.
Why it matters: GSO 1943:2021 sets GCC-wide safety, labeling, and packaging requirements for cosmetics/personal care. Gulf Standards Authority
Red flags: Treating labels as “marketing only” or promising claims with no substantiation path.
6) Claims & substantiation
What to check: Evidence plans (e.g., dermatologically tested, hypoallergenic, whitening/brightening) and where such claims appear on pack and in PIF.
Ask for: Claims matrix with supporting tests/references.
Red flags: “Everyone says it; it’s fine.”
7) Quality control: stability & microbiology
What to check: Stability protocols (accelerated/real-time) and micro controls fit for product type and pack; acceptance criteria; re-test windows.
Ask for: Stability protocol template; micro test methods & limits; recent reports.
Why it matters: Robust QC underpins safety and shelf-life, and ties back to GMP guidance.
Red flags: Only “organoleptic checks,” no written protocols, or ad-hoc testing.
8) Full traceability & batch records
What to check: From incoming raw materials (COA/TDS/SDS) to finished goods (BMR/BPR), including sampling frequency, holds, and release criteria.
Ask for: Sample BMR (redacted), lot genealogy map.
Why it matters: ISO 22716 emphasizes traceability and documented control of each batch.
Red flags: “We keep it in spreadsheets somewhere.”
9) Packaging & artwork readiness
What to check: Artwork QA for GSO 1943 labeling rules and barcoding correctness; transport testing appropriate to pack type.
Ask for: Artwork checklist; dielines; GS1 GTIN assignment plan (unit, inner, master); barcode verification reports.
Why it matters: Proper GTINs/barcodes minimize customs and retail headaches; GS1 UAE is the recognized authority.
Red flags: Non-GS1 barcodes, single GTIN reused across sizes.
10) Capacity, MOQs & critical path
What to check: Line capacities, changeover times, validated lead times (sampling → pilot → registration → production), and contingency for peak seasons (Ramadan/back-to-school).
Ask for: Gantt with buffers; maximum daily output by SKU format.
Red flags: “Everything is 2–3 weeks” with no calendar backing.
11) Logistics & KSA clearance specifics
What to check: UAE export/KSA import flow, including who handles FASEH requests for Certificates of Conformity (where applicable) and how label verifications are done pre-shipment.
Ask for: Step-by-step with responsibility split (Incoterms, documents, platform logins).
Why it matters: In KSA, importers interact with SFDA systems and may request CoC via FASEH alongside eCosma notification.
Red flags: “We’ll figure it out with your forwarder.”
12) Data security, NDA & handover
What to check: NDA, IP boundaries (formula ownership), and complete regulatory file handover (Montaji package, eCosma/PIF, COAs, stability, label sources).
Ask for: Document handover checklist and retention policy.
Red flags: “We keep the master files; we’ll send screenshots if needed.”
A practical scoring model (print this)
Use a 100-point score to compare factories:
| Area | Weight |
|---|---|
| ISO 22716 implementation & audits | 15 |
| Montaji experience & docs | 10 |
| eCosma & PIF competence | 10 |
| GSO 1943 label compliance workflow | 10 |
| QC (stability + micro) | 10 |
| Traceability & batch records | 8 |
| Packaging/artwork & GS1 readiness | 8 |
| Capacity, MOQs, lead-time realism | 8 |
| Logistics/KSA clearance (incl. FASEH) | 6 |
| Claims & substantiation | 5 |
| Legal entity & responsible person | 5 |
| Data security, NDA & handover | 5 |
Pass mark: 75+ with no “critical” red flags.
FAQ (for searchers in the GCC)
Do I need Montaji to sell cosmetics in Dubai?
Yes—Dubai Municipality requires registration of cosmetics/personal-care products via Montaji before sale in Dubai. Use the latest Technical Guidelines to prepare labels and documents.
Does SFDA “approve” my product in KSA?
KSA uses eCosma notification to list your product; notification itself isn’t a safety endorsement. You remain responsible for compliance, labeling, and PIF adequacy.
What standard controls GCC cosmetic labeling?
GSO 1943:2021 sets GCC-wide safety, labeling, and packaging requirements for cosmetics/personal care. Local authorities (e.g., DM, SFDA) implement procedures on top.
Where should I get barcodes for UAE retail and KSA import?
Obtain GTINs from GS1 UAE (or your national GS1 office) and follow GS1 hierarchy when assigning unit/inner/master codes.
Final word
If you’re comparing vendors, ask them to walk you through a recent, similar launch—from first sample to Montaji/eCosma submission—with documents. Good manufacturers are proud to show their homework. And if you want, we can run this full 12-point audit on your shortlist and provide a risk-ranked report.
