I run a co-pack operation. At Nature Lion, the private-label division ships lion's mane, reishi, and cordyceps blends under other companies' brand labels into other companies' supply chains, under their recall responsibility — but on my HACCP plan, in my CFIA-licensed (Canadian Food Inspection Agency) Brantford, Ontario facility, with my allergen-cleaning records and my supplier verification. The first time I tried to manage that across eight clients with Google Drive folders and a shared inbox, the first customer audit ate 30 hours of my week. That is the week I started building this.
01The mismatch
Why a co-packer needs different software than a single-brand manufacturer.
Most food-safety software was written for one of two reference customers. The single-brand manufacturer who owns its own label, its own recipe, its own recall responsibility. Or the Fortune 500 with a corporate quality team and a six-figure annual software budget. A co-packer is neither. The structural problem is different, and the software has to model it natively or you spend your week working around it.
A co-packer (sometimes written as co-manufacturer or contract manufacturer — they refer to the same operation in slightly different language) makes product that goes out under somebody else's brand. The label is theirs. The recipe is theirs. The recall is filed in their name with the FDA. But the production line is yours. The supplier verification is yours. The hazard analysis is yours. The 21 CFR Part 117 preventive controls accountability sits with the facility doing the work — which is you — regardless of whose logo is on the box.
That structural reality cascades into every record you keep. One HACCP plan per client. One allergen statement per client. One recall scope per client. One audit-readiness packet per client. One supplier-responsibility map per client. Multiply that by 5 or 20 or 50 active brand-owner relationships and you have a documentation problem that generic platforms were not designed for.
$173B
2025 food contract manufacturing market (Towards FNB), projected to roughly $283 billion by 2030 at 8.7 percent CAGR. The fastest-growing segment of food and beverage manufacturing.
3,000+
US co-packers by triangulated estimate — Specialty Food Association lists about 700 specialty operators, Thomasnet indexes 1,170+, state directories add several thousand more.
July 2028
FSMA 204 enforcement takes effect July 20, 2028 (Federal Register, August 7, 2025). Co-packers handling Food Traceability List ingredients owe 24-hour electronic trace exports per brand.
CAGR is Compound Annual Growth Rate — the average year-over-year growth percentage. FSMA is the Food Safety Modernization Act, signed in 2011 and being rolled out in stages across the 2020s. FSMA 204 is the traceability piece of that rule.
02The six pains
The six pains every co-packer QA manager has memorized.
Different facilities, different clients, different categories. Same six complaints, repeated across IFSQN (International Food Safety and Quality Network) forum threads, LinkedIn posts, and the conversations I have with operators every week.
- 01
Document chaos at customer onboarding
A new brand-owner signs the manufacturing services agreement. Now you need their HACCP plan (or you are writing it for them), their SKU specs, their label artwork, their allergen statement, their recall contact list, their certificate-of-analysis expectations, the responsibility log of who keeps which record, their NDA signatures, and the ingredient master with supplier documents. For one client this lives in Dropbox. For another, email threads. For a third, a Google Sheet that only the brand-owner's marketing intern can edit. Nothing connects. Day one of the new client and your QA function is already behind.
- 02
Per-client recall scope when something goes wrong
A supplier issues a recall on sugar Lot 4521. You used that lot in eight brands' products across the past 90 days. Which brand owners need notification right now? Which SKUs are affected? Which downstream retail customers carry each brand's product? A folder-per-client system requires a manual trace across folders, with one mistake meaning you missed a client and they hear about it from the FDA before they hear about it from you. That call ends the relationship.
- 03
Allergen control on shared lines
Brand A's product is peanut-free. Brand B's product contains peanut. They run on the same line on alternating shifts. Cleaning validation between brands is not a checklist — it is a brand-A-vs-brand-B traceable verification with ELISA (Enzyme-Linked Immunosorbent Assay) or validated lateral-flow tests, with an action limit, with a corrective action if you fail it. Brand owners audit this annually and want to see the records for their products specifically, not facility-wide.
- 04
Customer audits every brand wants every year
Each of your 20 clients sends a customer-audit team or a third-party auditor (Eurofins, Merieux NutriSciences, AIB, NSF, or the brand's own QA) once a year. Each audit asks for your documents for their products during the audit period. A QA manager I talked to spends roughly 40 hours a week during audit season just pulling per-brand binders. Generic platforms export everything; you spend the rest of the week filtering.
- 05
Per-brand label compliance
Every client owns their own label artwork. Every label is subject to FALCPA (the Food Allergen Labeling and Consumer Protection Act), Nutrition Facts rules, and state-specific labeling layers. You ship under their UPC, their address, their brand name. If the allergen statement is wrong on one brand's product, the recall is theirs to file — but inspectors will still ask why your preventive controls did not catch the mismatch when the label was approved at intake.
- 06
The we-are-not-the-brand-owner liability gap
FDA expects co-manufacturers to comply with 21 CFR Part 117 as if you owned the brand yourself. Brand owners often assume the co-packer handles all the food-safety work. Both are partly right and both are partly wrong. The contractual and regulatory boundary between owner-labeler and co-manufacturer is constantly fuzzy and constantly the source of disputes. Software has to map which records belong to whom so neither side gets surprised in an FDA inspection.
Underneath all six: you are not running one food business. You are running as many food businesses as you have active brand-owner clients. A platform that does not natively model that structure forces you to build it from spreadsheets and folders. That is the tax HACCPlan is built to remove.
03The regulatory regime
What 21 CFR Part 117 actually says about co-manufacturers.
The federal preventive-controls framework — Title 21 of the Code of Federal Regulations, Part 117, sometimes called the PCHF rule (Preventive Controls for Human Food) — treats the co-manufacturer as the manufacturer. The brand owner's labeler/distributor status does not shift hazard-analysis responsibility upstream. If you make the food, you own the hazard analysis, the preventive controls, the monitoring, the verification, the corrective actions, and the records — for every product on every line in your facility, under every brand on the label.
What the FDA explicitly allows is a split supply-chain program. The 2017 FDA guidance — Supply-Chain Program Requirements and Co-Manufacturer Supplier Approval and Verification for Human Food and Animal Food — recognizes that the brand owner, the co-manufacturer, or both may share supplier-verification work. But the receiving facility — the co-packer — must document who is doing what. You still need written assurance the supplier is qualified at first approval and annually thereafter, plus written assurance every two years that the supplier produces in compliance with applicable FDA food safety regulations.
The split-responsibility doc nobody has
Every brand-owner relationship needs a written, file-able division-of-supplier-program-responsibility document that says "brand owner verifies these suppliers and shares the records with us; we verify those suppliers ourselves; here is how the records flow between us." Most operators I talk to do not have this document for any of their clients. The contract usually says "supplier verification handled per FDA requirements." That is not a document — that is a deferred fight. Build the written assignment at onboarding; do not improvise it during an inspection.
The supply-chain program records themselves live under 21 CFR §117.475: two-year retention, available to the FDA in legible form on request. That is the federal floor. SQF (Safe Quality Food) auditors and individual brand-owner contracts often push retention longer — shelf life of the product plus one to two years is a common contractual ask.
04FSMA 204
What changes July 20, 2028 — and why co-packers carry the heaviest FSMA 204 load.
FSMA 204 — the Food Traceability Final Rule under FSMA section 204 — requires anyone who manufactures, processes, packs, or holds foods on the Food Traceability List (FTL) to maintain records of Critical Tracking Events (CTEs) with specified Key Data Elements (KDEs). Records must be retained two years and produced to the FDA in a sortable electronic spreadsheet within 24 hours of request. FDA extended enforcement to July 20, 2028 in the Federal Register notice dated August 7, 2025.
The FTL is mainstream food: soft cheeses, shell eggs, nut butters, cucumbers, leafy greens, melons, peppers, tomatoes, tropical tree fruits, sprouts, fresh herbs, deli salads with FTL ingredients, ready-to-eat seafood. If you co-pack a granola bar with nut butter, a salsa with tomato, a meal kit with leafy greens, or a finished cheese product, you are in scope.
For a single-brand manufacturer, FSMA 204 is a database project. For a co-packer running 30 brands across several FTL categories, it is structurally harder:
Single-brand
One trace tree
Receiving CTE for a lot of leafy greens. Transformation CTE when the salad is assembled. Shipping CTE when it leaves the dock. Linked by lot code through one product family, one customer list, one brand. The trace exports as one spreadsheet for one inspector for one product.
Co-packer
N trace trees
Same receiving CTE for the same lot of leafy greens — but now that lot was used in three brands' salad SKUs across two production days. Each brand needs its own trace tree, with KDEs reconciled to that brand's product family, that brand's shipping records, and that brand's downstream customer list. Three brands = three exports. Twenty brands of FTL exposure = twenty exports, each on demand within 24 hours.
This is not a feature you can bolt on later. It is a database-architecture decision that has to be made before you load your first brand. HACCPlan's data model treats the brand-owner client as a first-class tenant inside your facility tenant — receiving, transformation, and shipping CTEs are tagged at the lot level and roll up to whichever brand-owner client's products consumed that lot. The trace export filters by brand with one click.
05SQF Edition 10
What SQF Edition 10 means for your customer-audit calendar.
The Safe Quality Food Institute released SQF Edition 10 in March 2026. Audits against Edition 10 begin no earlier than January 2, 2027, pending GFSI (Global Food Safety Initiative) benchmarking. Four changes hit co-packers harder than they hit single-brand manufacturers: contracted activities must be documented and approved by both parties (every brand-owner agreement becomes auditable evidence); risk-based environmental monitoring has to scale per-brand on shared lines, not a single facility-wide swab schedule; formal change management requires an auditable log every time a new client, SKU, ingredient sub, or label version lands; and allergen management now expects per-changeover validation records that name the from-product and the to-product.
SQF certification is the single most-cited reason brand owners hire a specific co-packer. Industrial Packaging puts it bluntly: many big-name brands will not even consider a contract packager without SQF Level 2 certification. You carry SQF not because the FDA requires it but because your customers do. Edition 10 raises the bar most on the documentation a co-packer has to keep per brand — exactly where most facilities are already overloaded.
06Architecture
What per-client workspace actually has to mean.
Plenty of platforms claim multi-client support. The claim usually decomposes into folders, tags, or custom fields on a single shared dataset. That fails three real tests every working co-packer applies.
- 01
The access-control test
Can you give brand A's QA director a login that sees only brand A's documents, only brand A's recall scope, only brand A's audit history — and nothing else? On a folder-based system, that is a several-hundred-permission-row matrix updated manually every time a new SKU is added. On a per-tenant system, it is a workspace assignment. Trade-secret protection of brand B's recipe is automatic, not a permissions discipline you have to remember to maintain.
- 02
The recall-scope test
A supplier issues a recall on lot 4521 of imported sugar. You used that lot in eight brands' products across the past 90 days. Recall is initiated by the supplier. Which brand owners need notification? Which SKUs are affected? Which retail customers downstream from each brand have the affected product? A folder system requires a manual lot trace across folders. A tenant system filters automatically by the lot tag and produces one notification packet per affected brand, ready to send.
- 03
The per-brand audit-export test
Brand X's third-party auditor — NSF, Eurofins, Merieux NutriSciences, AIB — arrives Monday. They want every document for brand X's SKUs during the audit period, in a clean PDF binder, in the order the auditor reads. A folder system: eight hours of QA work renaming and re-exporting. A tenant system: one button.
HACCPlan's per-client mode treats each brand-owner customer as a logical tenant inside your facility tenant — isolation by default, sharing by exception. Shared resources stay shared (facility-wide sanitation SOPs, equipment specs, potable-water tests, employee training records, the underlying HACCP plan template). Brand-specific resources stay brand-specific (the recipe, the spec sheet, the label artwork, the COA expectations, the recall contact tree, the per-brand environmental monitoring overlay).
“
Every demo I take, the rep does not know what a co-packer is. They want me to map my SKUs to their generic product field. I have 47 clients with 200 SKUs each. The math does not work.
”Composite — QA manager, 25-employee specialty co-packer
07Customer onboarding
Brand-owner onboarding in a day, not a quarter.
The fastest way to lose a brand-owner relationship is to make onboarding feel like a procurement exercise. The fastest way to keep one is to have an intake process that catches everything in one pass. HACCPlan's co-packer onboarding flow walks both sides through eight sections, all stored in the new client's workspace from the first signature.
- 01
NDA and intellectual property terms
Signed before recipe transfer. Trade-secret protection language. Recipe rights terminate at end of relationship. Stored against the client workspace before anyone on your team touches the recipe.
- 02
Brand-owner company information
Legal name, address, label-of-record contact, recall contact (primary, alternate, alternate-alternate), billing contact, audit contact, and the third-party auditor relationship (which firm, what scheme, last audit date, next audit date).
- 03
Product specs
Finished product spec, ingredient master, packaging spec, label artwork (attached, dated, version-numbered), shelf life, storage requirements, allowable substitutions (or none-must-request).
- 04
Food-safety responsibility split
The matrix that says who writes the HACCP plan, who maintains supplier verification for each ingredient, who runs validation, who signs off on hazard-analysis changes. This is the document the 2017 FDA guidance asks for. Most facilities improvise it; the platform asks for it explicitly so it cannot be deferred.
- 05
Recall scope and recall team
Brand-owner-side primary, alternate, and alternate-alternate. Co-packer-side primary and alternate. FDA-of-record (typically the brand owner, since they hold the label). Escalation timeline. Pre-builds a mock-recall drill against this team list so the first time you run one together is not the first real one.
- 06
Audit, customer-visibility, and insurance expectations
Annual audit calendar, ad-hoc audit triggers, COA frequency, EMP visibility, plus the $1M to $5M product-liability minimum and brand-owner indemnification for label-defect claims. Certificates of insurance stored against the client record with 30-day renewal alerts. Sign-off block at the bottom flips the workspace from pending to active.
From Nature Lion's private-label division
My private-label clients ship under their own brand names, into their own retail channels, with their own recall responsibility. The intake form I use is a longer version of what you just read. The discipline is the same — capture everything in one signed packet, store it in one workspace, never improvise it during an inspection or an audit. The first time I tried to wing it, a customer-audit team asked for the supplier-responsibility matrix for the ingredients in their product. It took me four hours to assemble from emails. They got it the same day, but the auditor's note said "records should be filterable by product family." That note is why this page exists.
08Shared lines
Allergen control on shared lines — per-brand verification.
For most SME co-packers, dedicated lines per brand are economically impossible. Lines are shared. Allergen profiles vary across brands. The cleaning validation between products containing different allergens is the single highest-risk operational decision you make daily.
Validate the cleaning procedure with allergen-specific ELISA or validated lateral-flow immunoassay tests at action limits in parts per million (ppm) — typically 5 to 10 ppm. Do not substitute protein swabs or ATP (Adenosine Triphosphate) swabs for allergen verification; they confirm general cleanliness, not removal of a specific allergen. Any result at or above the action limit triggers stop-and-re-clean. No borderline releases without explicit, documented QA management authorization.
The shared-line records every brand owner will ask to see
Validated cleaning procedure for the specific from-product and to-product combination on the specific line. Generic "between-product cleaning SOP" is insufficient at brand-owner audit. The SOP names the products.
ELISA or lateral-flow verification at the action limit, dated and timestamped, with the technician's ID and the lot-code anchor of both the from-product and the to-product.
Sequencing decision log — which brand ran first, which ran second, why. Running peanut-free before peanut whenever possible. When that order is impossible (urgent schedule, equipment availability), document the deviation and the additional cleaning step.
Two-year retention minimum per 21 CFR §117.475. Many brand owners contractually ask for shelf-life-plus-one-or-two-years, which can push retention to four or five years for ambient-shelf-stable products.
What HACCPlan does with shared-line records: the validation log links the from-product to the to-product to the cleaning SOP to the verification result, scoped to each brand's workspace. When brand A's auditor asks for the allergen records for their product during the audit period, the export filters to the changeovers where brand A's product was either the from-product or the to-product. Brand B's records stay invisible. You have not given away trade-secret information about who else runs on that line, and brand A has the validation evidence they came to see.
09The build
What is inside the co-packer build of HACCPlan.
None of this is generic food-safety software with a "co-packer" label glued on. Every feature exists because it has been a real pain in my own facility or in a conversation with another co-packer operator.
- 01
Per-client workspaces
Each brand-owner client gets a logical tenant inside your facility. Isolation by default. Shared resources (facility SOPs, employee training, potable-water tests, master HACCP template) live at the facility level and inherit down. Brand-specific resources (recipe, spec, label, COA expectations, recall contacts, customer-audit calendar) live in the workspace. Adding the 21st client takes the same setup time as the second.
- 02
Per-brand HACCP plan with versioning
Each client's HACCP plan is its own document with its own version history. When the brand owner changes a recipe and the hazard analysis needs to be revisited, the platform versions the plan, captures the change-management rationale (per SQF Edition 10), and keeps the prior version available for audit lookback. Multi-LLM verification on every plan update flags missing CCPs or unsupported hazard claims before the brand owner sees the document.
- 03
Per-brand recall scope and one-button trace export
Lot-level tracking from receiving CTE through transformation to shipping CTE. When a supplier-side recall hits, the platform filters affected brands and produces the per-brand notification packet — lot codes, SKUs, downstream customers, dates, quantities. Mock-recall drill against the same data model, runnable monthly per brand.
- 04
Per-brand customer-audit export
One button. Generates the audit-ready binder for the selected brand and the selected date range — HACCP plan version active during that window, supplier verifications, EMP results for the lines those products ran on, allergen changeover records, cleaning validation, open and closed CAPAs (Corrective and Preventive Actions). The format follows the auditor's expected order, with section bookmarks so they can navigate the PDF on their tablet.
- 05
Branded customer portal
Brand owners log into a portal that carries your brand — your logo, your colors, your domain. They see their own COAs, their open and closed CAPAs, their EMP results, their supplier-verification status. They do not see other brands. For a co-packer doing 20 brands and answering eight quarterly data requests per brand per year, the portal removes 160 ad-hoc data pulls from QA's desk.
- 06
Supplier verification with split-responsibility documentation
Per-ingredient supplier records, with a tag for who owns the verification (brand owner, co-packer, or shared). Annual and biennial written-assurance renewals tracked with alerts. Letters of guarantee, COAs, and supplier audits stored against the supplier record and inherited into every workspace using that ingredient.
- 07
FSMA 204 traceability per CTE per brand
Receiving, transformation, and shipping CTEs with the required KDEs, tagged to the brand-owner workspace consuming each lot. Export in the 24-hour sortable spreadsheet format the FDA expects, filtered to the brand the request concerns. Built so the database structure satisfies the rule on July 20, 2028 without a migration project the week before.
- 08
Per-brand label compliance check
Label artwork stored against each SKU is checked against the ingredient master and the allergen statement on intake. Mismatches flag for QA review before the product runs — catches undeclared allergens (34 percent of all FDA food recalls in 2024) at intake rather than at recall.
- 09
Change management log per SQF Edition 10
Every change-of-control event (new client, new SKU, new ingredient sub, new label version, new line allocation) creates a change log entry with risk assessment, approver, and effective date. Brand-specific changes stay in the brand workspace. Facility-wide changes propagate to every affected workspace with an alert.
- 10
Bilingual operation for Canadian co-packers
Both US 21 CFR Part 117 and Canadian SFCR (Safe Food for Canadians Regulations) §86 Preventive Control Plan formats supported in the same workspace. Bilingual label generation (English and French) for any Canadian brand-owner client. Two-year retention under SFCR §87. Single platform, both regulators.
10Where I do not compete
What HACCPlan does not do — honest about the gaps.
HACCPlan is built for the SME (small-and-medium-enterprise) co-packer running 5 to 50 brand-owner clients. It is not built for the global Tier-1 contract manufacturer running 500 brands across 30 facilities. The enterprise stack does a few things HACCPlan does not: massive supplier-network views (TraceGains has 100,000+ supplier locations indexed); SAP or Oracle ERP integration at enterprise scale (HACCPlan integrates with QuickBooks, Xero, and mid-market ERPs instead); real-time line-monitoring sensors at high-throughput plants; and dedicated implementation teams for six-month rollouts.
What HACCPlan does, and the enterprise stack mostly does not, is solve the SME co-packer's problem at a price the SME co-packer can sign for without finance-committee approval. Pick the tool that fits the operation you actually run, not the operation you aspire to run in five years.
11Getting started
What the first 30 days on HACCPlan actually look like.
A realistic onboarding for a co-packer with five active brand-owner clients runs roughly like this. Add a week for every 10 additional active clients.
- 01
Days 1 to 3 — set up the facility tenant
Create the facility, add the facility-wide HACCP master, upload the SOP library, configure user roles (QA lead, QA associates, production manager, sanitation lead, facility manager). Sign the platform agreement.
- 02
Days 4 to 10 — load the first client
Walk one brand-owner client through the six-section onboarding flow. The first client takes two or three days because you are also learning the platform. The fifth one takes an afternoon.
- 03
Days 11 to 20 — migrate the other four clients
For each remaining client, import the existing HACCP plan (or generate from the platform template), upload spec sheets and label artwork, transcribe recall contacts, capture the audit calendar. Set up branded customer portal access for the brand-owner contact who has historically asked for the most data.
- 04
Days 21 to 30 — go live on the daily logs and run a mock recall
Switch the temperature, cleaning, changeover, EMP, and supplier-receipt records from paper or shared drive to the platform. Run a mock recall against your largest client to verify the per-brand trace export works end to end. If your QA lead can complete a per-brand notification within four hours of the simulated alert, you are operationally ready for the real one.
By day 30 you should be running the per-brand audit-export against a real practice run for whichever client's next customer audit is closest. If the export comes out in the format the auditor expects, in the order the auditor reads, with the date range filtered correctly, the system is working.
12Starter templates
Where to start — the free templates that cover the most-failed co-packer logs.
If you are not ready to commit to the platform, start with the logs that get cited most often at customer audits and FDA inspections. Each of these is a fillable PDF you can use on a tablet or print to a clipboard. No account needed, no email gate.
Free templates — start here
Free, ungated. Fillable on a tablet or computer in any PDF viewer. Print blank and fill on a clipboard. No account needed.
Most co-packers run on the free templates for a few weeks while onboarding their first client to the full platform. That is the right order. Get the logs filled out reliably on paper or PDF first; the platform is the version that keeps the records integrated, time-stamped, per-brand-filterable, and inspector-ready.
Start with the HACCP plan generator
Generate a co-packer HACCP plan free — then add per-client workspaces as you onboard
Free tier covers one HACCP plan, the supplier-verification log, and the core temperature and cleaning logs. The Co-Packer Multi-Tenant tier adds per-client workspaces, per-brand recall scope, per-customer audit export, the branded customer portal, and FSMA 204 traceability with per-brand filtering.
Email required to save your HACCP plan. No credit card. First brand-owner workspace stays on the free tier — add additional client workspaces as your roster grows.
Footnotes
1.21 CFR Part 117 — Current Good Manufacturing Practice, Hazard Analysis, and Risk-Based Preventive Controls for Human Food — ecfr.gov
2.21 CFR §117.475 — Records documenting the supply-chain program — ecfr.gov
3.FDA Guidance for Industry — Supply-Chain Program Requirements and Co-Manufacturer Supplier Approval and Verification for Human Food and Animal Food (Nov 2017) — fda.gov
4.FSMA Final Rule on Additional Traceability Records for Certain Foods (FSMA 204) — fda.gov
5.Federal Register — FSMA 204 Compliance Date Extension to July 20, 2028 (August 7, 2025) — federalregister.gov
6.SQFI — SQF Food Safety Code Library (Edition 10) — sqfi.com
7.Grand View Research — Food Contract Manufacturing Market Size Report, 2030 — grandviewresearch.com
8.CFIA Safe Food for Canadians Regulations — inspection.canada.ca
Andrew Langevin·CFIA-licensed facility, Brantford ON· Published 2026-06-04· 14 min read· Wikidata Q139112497