When John B. Sanfilippo & Son, Inc. announced a voluntary recall of snack mix products in May 2026, the announcement carried a detail that should catch the attention of every food manufacturer sourcing ingredients from third parties. The recall wasn't triggered by something the company made. It was triggered by a recall of dry milk powder from California Dairies, Inc. — a supplier whose product had found its way into a seasoning blend used in the finished snack mix. (FDA Recall Announcement)
This is what the industry calls a cascade recall. And in my experience working with food manufacturers across the supply chain, it is one of the most preventable — and most underestimated — compliance risks in the building.
The question worth asking isn't what went wrong at the dairy. It's what supplier verification controls would have contained the exposure before a public recall became necessary.
What a Cascade Recall Tells You About Your Supplier Program
A cascade recall happens when a finished goods manufacturer must initiate a recall because a raw material or ingredient they received was itself subject to a recall. The downstream company bears the burden — the FDA notification, the market withdrawal, the reputational cost — even when the original hazard originated elsewhere.
According to FDA data, between 350 and 500 Class I and Class II food recalls are initiated in the United States each year. Across those events, allergen-related failures consistently account for more than 40 percent of total recall volume — and a meaningful portion of those trace not to finished product cross-contact but to ingredient-level sourcing gaps upstream.
The financial exposure is not theoretical. Industry research places the average cost of a food recall above $10 million when direct removal costs, lost sales, brand damage, and regulatory response are fully accounted for.
The FSMA Preventive Controls for Human Food rule (21 CFR Part 117) addressed this risk directly. Subpart G establishes the supply chain program requirements — a systematic, risk-ranked approach to verifying that ingredients and raw materials entering your facility are safe before they touch your process. When those controls work as intended, a supplier recall is a quality event your system handles before it becomes a public event your communications team handles.
The Regulatory Framework: 21 CFR Part 117, Subpart G
FSMA's Preventive Controls for Human Food rule was finalized in September 2015 and came into effect in phases between 2016 and 2020, depending on facility size. For the majority of covered facilities, the supply chain program requirements under Subpart G have been in force for several years. The obligations are not new — the gaps are.
Here is what the regulation actually requires:
21 CFR 117.405 requires that a receiving facility implement a supply chain program before receiving any raw material or ingredient subject to a hazard requiring a supply chain-applied control — unless the hazard is controlled after receipt by the receiving facility itself.
21 CFR 117.410 sets out the general requirements: the program must be risk-based, commensurate with the hazard identified in the hazard analysis, and supported by written procedures.
21 CFR 117.415 requires that verification activities match the nature of the hazard. For serious hazards — pathogens and undeclared allergens — on-site audits are generally required unless a qualified alternative can be documented and justified.
21 CFR 117.420 governs on-site audits: they must be conducted by a qualified auditor, follow written procedures, and result in documented findings reviewed by the PCQI.
21 CFR 117.430 addresses supplemental verification activities — ingredient testing, review of the supplier's own food safety records — that may supplement or, in lower-risk contexts, substitute for on-site audits.
A seasoning blend containing dry milk powder is not a low-risk ingredient from an allergen standpoint. Milk is one of the nine major food allergens recognized under the FASTER Act of 2021. A hazard analysis that treats it as anything less than a serious allergen hazard is not defensible in a regulatory review.
The Four Controls That Break the Cascade
In my work with food manufacturers — across snack food, dietary supplements, dairy, and produce — four specific controls separate facilities that contain supplier recall events from facilities that get pulled into them.
1. An Approved Supplier Program With Real Teeth
An approved supplier program that only collects questionnaires is not a program. The heart of an effective supplier qualification system is risk-tiered verification: suppliers are ranked based on the nature of the hazard they introduce, the history of their regulatory performance, and the complexity of their ingredient.
A seasoning blend supplier is not the same risk profile as a commodity salt supplier. They should not be treated identically in your verification schedule. Seasoning blends can contain allergens, processing aids, and multiple sub-ingredients sourced from multiple manufacturers — each representing a potential undeclared hazard.
Minimum elements of a functional approved supplier program include written qualification criteria, a tiered verification schedule based on hazard and history, defined requalification triggers when an FDA action occurs or a product formulation changes, and PCQI review of all audit and testing records before a new supplier is approved or reapproved.
2. Certificates of Analysis That Are Actually Verified
Certificates of Analysis are among the most commonly cited documents in food safety programs — and among the most commonly rubber-stamped. A COA that is received, filed, and never compared to incoming test results is not verification. It is documentation theater.
Functional COA management means each incoming lot is compared against its COA for key parameters, COAs are reviewed for completeness including test method, lot number, date, and laboratory accreditation, and at-risk ingredients are periodically tested by a third-party or in-house laboratory to verify what the supplier claims.
For seasonings and flavored ingredients specifically, allergen declarations on the COA must be checked against the finished product label on every production run. One formula change at the supplier level — communicated or not — can create an undeclared allergen on your shelf without any visible change to the ingredient's appearance.
3. Allergen Controls at Receipt and in the Facility
Undeclared allergens are the leading cause of food recalls in the United States, consistently accounting for more than 40 percent of all recall events. Many of those recalls trace to ingredient-level failures — not finished product cross-contact — which means they are preventable through supplier controls, not through production line management alone.
Under 21 CFR 117.135(c)(2), allergen controls must address the use of allergens as ingredients. That means the hazard analysis must specifically identify allergen risks from each ingredient, including sub-ingredients in compound ingredients like seasoning blends. "Contains milk" on a COA is not the same thing as a verified understanding of every milk-derived component in a multi-ingredient seasoning system.
Practical allergen controls at receipt include confirming incoming allergen status against the purchase order and approved ingredient specification, physically segregating allergen-containing ingredients in storage, completing an allergen reconciliation step before each production run, and requiring documented review whenever any supplier notifies of a formula change.
4. Traceability and Mock Recall Readiness
The final control is the one most facilities delay: a traceability system that lets you identify, within hours, every lot of finished product that contains a specific ingredient lot number.
The FDA's Food Traceability Rule (21 CFR Part 1, Subpart S), finalized in November 2022, establishes key data element (KDE) and critical tracking event (CTE) recordkeeping requirements for foods on the Food Traceability List. But traceability readiness is a practical business requirement independent of any specific regulatory mandate.
A mock recall exercise, conducted at least annually, tests whether your system can answer one question within four hours: Given this supplier lot number, which finished product lots contain it, and where are they in the distribution chain?
If your team cannot answer that question in a mock exercise, the real answer — the one you provide to FDA during an actual recall — will be slower, costlier, and more damaging than it needs to be. The Sanfilippo event is a current, public illustration of what happens when that readiness is untested.
Compliant vs. Functional Supplier Programs
The distinction I draw with clients is between technical compliance and functional effectiveness. A food safety plan can check every regulatory box and still fail in a cascade scenario. Here is what that difference looks like in practice:
| Program Element | Technically Compliant | Functionally Effective |
|---|---|---|
| Supplier qualification | Questionnaire on file | Risk-tiered, PCQI-reviewed, requalified on trigger events |
| COA review | COA received and filed | Parameters verified; periodic third-party testing on high-risk lots |
| Allergen control | Allergens listed in hazard analysis | Per-run reconciliation; sub-ingredient review on compound ingredients |
| On-site audits | Completed per schedule | Findings reviewed; corrective actions closed; re-audited on risk flag |
| Supplier change notification | Requested in contract language | Contractually required with defined response protocol and requalification trigger |
| Traceability | Lot records maintained | Mock recall completed annually; four-hour answer capability demonstrated |
| PCQI oversight | PCQI named in food safety plan | PCQI actively reviews all incoming verification records on defined cadence |
The cascade recall scenario is almost always a story about the left column not yet becoming the right one.
The PCQI's Role When a Supplier Recall Hits
When a supplier announces a recall, the Preventive Controls Qualified Individual at the receiving facility is the operational decision point. Under the combined requirements of 21 CFR 117.135 and Subpart G, the PCQI is responsible for the supply chain program and for ensuring that verification activities are adequate and current.
In a cascade scenario, the PCQI needs to answer three questions before FDA asks them:
- Does the recalled ingredient appear in any current or recent production runs?
- Have we confirmed through our verification records that the affected lot numbers were received and used?
- What is the distribution status of finished product containing those lots?
A PCQI who has an active, documented supplier program — with current COA records, lot traceability, and recent verification findings — can answer these quickly. A PCQI who is reconstructing records after the fact cannot. That is the real operational value of the FSMA preventive controls framework: not the documentation itself, but the speed and confidence of the response when something breaks upstream.
What This Means for Your Operation Right Now
The Sanfilippo/California Dairies event is a current, public example of a risk that exists in virtually every food manufacturing operation sourcing complex ingredients from third parties. If your facility uses seasoning blends, flavoring systems, or compound ingredients — any ingredient with multiple sub-components from multiple upstream sources — the same cascade exposure is available to you.
The practical checklist from this event:
- Pull your approved supplier list and confirm that every seasoning and flavoring supplier has been verified at a level commensurate with their allergen and microbiological hazard profile
- Confirm that your COA review procedure includes allergen reconciliation against the finished product label
- Run a tabletop mock recall using one of your current high-risk ingredient lots
- Verify that your supplier agreements contractually require change notification with a defined response protocol
- Confirm your PCQI has documented their review of your supply chain program within the past 12 months
None of these steps are unusual. They are the operational core of what the FSMA Preventive Controls rule intended. Getting them functional — not just documented — is the difference between absorbing a supplier recall cleanly and being swept into it publicly.
If you want a qualified second set of eyes on your supplier verification program, Certify Consulting offers targeted supply chain compliance reviews backed by 200+ clients served and a 100% first-time audit pass rate. Our FSMA preventive controls compliance services are designed for manufacturers who need functional programs, not just filed ones.
Frequently Asked Questions
What is a cascade recall and how does it typically occur?
A cascade recall occurs when a finished goods manufacturer must recall its products because a raw material or ingredient it received has itself been recalled upstream. The downstream company bears the regulatory and reputational burden even though the original hazard originated at the supplier level. Cascade recalls are primarily caused by supplier verification programs that fail to detect or contain upstream quality events before those materials enter finished product.
What does FSMA require for supplier verification under 21 CFR Part 117, Subpart G?
Most food manufacturers covered by FSMA must maintain a written, risk-based supply chain program for ingredients presenting hazards that require supply chain controls. For serious hazards — pathogens and undeclared allergens — 21 CFR 117.415 generally requires on-site audits by a qualified auditor unless a documented alternative can be justified. All verification activities must be reviewed by the facility's PCQI and records retained for at least two years.
How often should food manufacturers audit ingredient suppliers?
Audit frequency must be risk-based and documented in the supply chain program. Suppliers of allergen-containing or microbiologically sensitive ingredients — including compound ingredients like seasoning blends — warrant annual verification at minimum. Lower-risk commodity suppliers may be verified less frequently. The schedule must be justified by the hazard analysis, and any supplier regulatory action, customer complaint, or formula change should trigger requalification outside the normal cycle.
What is the PCQI's role when a supplier issues a recall?
The PCQI is the operational decision-maker during a supplier recall event. Their responsibility is to determine whether the recalled material was received, trace it through production to finished product lots, and assess whether a downstream recall is warranted. This response is only possible at speed when the PCQI has current verification records, active COA documentation, and a functioning traceability system — not when those records are being reconstructed under pressure.
What records should a food manufacturer maintain to support supplier traceability?
At minimum: incoming lot numbers tied to purchase orders, COA records by lot, production batch records linking ingredient lots to finished product lots, and distribution records linking finished product lots to first customers. The FDA's Food Traceability Rule (21 CFR Part 1, Subpart S) establishes additional requirements for foods on the Food Traceability List, including critical tracking events and key data elements that must be maintained for two years and producible to FDA within 24 hours of a request.
Last updated: 2026-06-03
Jared Clark
Principal Consultant, Certify Consulting
Jared Clark is the founder of Certify Consulting, helping organizations achieve and maintain compliance with international standards and regulatory requirements.