A voluntary recall of snack mix products by John B. Sanfilippo & Son, Inc. in May 2026 offers a clear view into how allergen failures travel through a multi-tier supply chain — and what preventive controls should have been in place at every stop.
When a recall reaches a brand as established as John B. Sanfilippo & Son, Inc. — a publicly traded company with decades of snack manufacturing experience — the instinct is to treat it as an anomaly. In my view, that instinct is exactly wrong. Recalls like this one are not anomalies. They are the visible end of a long chain of preventable failures, most of which had nothing to do with the finished product itself and everything to do with how allergen risk was managed upstream.
The May 2026 recall, triggered as a downstream consequence of a dry milk powder recall by California Dairies, Inc., involved snack mix products flavored with a seasoning that contained the recalled ingredient. The health risk was undisclosed milk — a major allergen under 21 CFR Part 117 and the Food Allergen Labeling and Consumer Protection Act (FALCPA). No illnesses had been reported at the time of announcement, but the regulatory obligation to act was clear once the upstream contamination was confirmed.
What this recall actually teaches has nothing to do with snack mix. It has everything to do with supplier qualification, allergen control plans, and the supply chain visibility that most mid-size food manufacturers still haven't built.
What the Regulation Actually Requires
The Food Allergen Labeling and Consumer Protection Act of 2004 (FALCPA), codified at 21 U.S.C. § 343(w), requires that any food containing a major food allergen declare that allergen clearly on the label. The nine major allergens — milk, eggs, fish, shellfish, tree nuts, peanuts, wheat, soybeans, and sesame (sesame added by FASTER Act, effective January 1, 2023) — must be disclosed either in the ingredient list or in a "Contains" statement.
Under 21 CFR Part 117 (Current Good Manufacturing Practice, Hazard Analysis, and Risk-Based Preventive Controls for Human Food), allergen cross-contact is classified as a food safety hazard requiring a hazard analysis at 21 CFR § 117.130. Where allergen hazards are identified as requiring a preventive control, manufacturers must implement allergen preventive controls under 21 CFR § 117.135(c)(2), including:
- Sanitation procedures to prevent allergen cross-contact
- Label review procedures to ensure accurate allergen declarations
- Supplier verification activities for ingredients that introduce allergen risk
That last one is where this recall lives. The snack mix manufacturer was relying on a seasoning supplier whose own ingredient — dry milk powder — was later found to have a quality or contamination issue traced back to California Dairies, Inc. The allergen itself was supposedly declared. The failure was in the integrity of that declaration through two layers of the supply chain.
The regulatory standard is clear: under 21 CFR § 117.136, a manufacturer may determine that allergen cross-contact does not require a preventive control only with written justification. Absent that justification, a control is required — and supplier verification is part of that control.
How Allergen Risk Actually Travels Through a Supply Chain
Most food manufacturers think about allergens at the finished product level — they look at their formula, confirm what's in it, and label accordingly. That's necessary but not sufficient, and this recall demonstrates why.
The risk pathway in a tiered ingredient supply chain looks something like this:
| Supply Chain Tier | What Happened in This Recall | Where a Control Should Have Caught It |
|---|---|---|
| Tier 3 — Raw Ingredient Supplier | California Dairies, Inc. dry milk powder had a quality/contamination issue | Supplier audit or Certificate of Analysis (CoA) verification |
| Tier 2 — Seasoning Manufacturer | Seasoning was produced using the affected milk powder | Incoming ingredient verification; allergen lot traceability |
| Tier 1 — Snack Manufacturer (JBSS) | Snack mix seasoned with the affected seasoning; products distributed | Supplier-provided ingredient specification review; allergen control plan |
| Consumer | Products recalled before reported illness | Label accuracy; supply chain traceability enabling targeted recall scope |
The failure cascaded because no single tier caught the problem before it moved downstream. The brand that ends up on the finished package — in this case, John B. Sanfilippo & Son — bears the regulatory and reputational consequence regardless of where in the chain the root cause originated.
According to FDA data, undeclared allergens are consistently among the leading causes of food recalls in the United States, accounting for roughly 40–45% of all Class I food recalls in recent years. A Class I recall is FDA's highest severity designation, reserved for situations where there is a reasonable probability that use of the product will cause serious adverse health consequences or death.
The Supplier Verification Gap Most Manufacturers Have
21 CFR § 117.410 through § 117.430 lays out the requirements for a Supplier Program under the Preventive Controls rule. The regulation requires that a receiving facility:
- Approve suppliers before use (§ 117.410(a))
- Determine appropriate supplier verification activities (§ 117.410(b))
- Conduct those activities on a frequency adequate to ensure allergen hazards are controlled (§ 117.415)
- Document all of the above (§ 117.435)
In practice, I see manufacturers who have technically compliant supplier programs on paper — an approved supplier list, CoA requirements, maybe an annual questionnaire — but whose programs don't actually function as verification. A CoA tells you what the supplier claims is in the ingredient. It does not verify that the supplier's own upstream ingredients were what they were supposed to be. When you're buying a seasoning blend, you're not just trusting the seasoning manufacturer; you're trusting everyone they buy from.
The way to close that gap is through tiered supplier qualification. For any ingredient that introduces an allergen hazard — or that could mask an allergen hazard through mislabeling or contamination upstream — your supplier program needs to include:
- Supplier audits (on-site or remote) covering allergen control practices, not just general GMP
- Ingredient specification agreements that require your suppliers to disclose sub-ingredient sourcing for allergen-relevant components
- Lot-specific traceability requirements so that when a Tier 3 issue surfaces, you can identify affected Tier 1 lots within hours, not days
- Change notification clauses that require suppliers to notify you before changing ingredient sources, co-manufacturers, or processing facilities
None of this is optional if you're a covered facility under Part 117. The regulation requires it. The question is whether your program actually does it or just describes doing it.
What an Allergen Control Plan Should Actually Cover
21 CFR § 117.135(c)(2) requires allergen preventive controls for allergen cross-contact and for ensuring proper labeling. Here's what a functional allergen control plan includes — and where I typically find gaps during a gap assessment:
Hazard Analysis (§ 117.130) Every ingredient that contains or may contain a major allergen must be identified in the hazard analysis. This includes sub-ingredients in compound ingredients like seasonings, coatings, and flavor systems. If your hazard analysis lists "seasoning blend" without drilling into the allergen profile of that blend's components, it's incomplete.
Preventive Controls (§ 117.135) Allergen controls must address both cross-contact (physical separation, scheduling, equipment cleaning) and labeling accuracy (label review procedures, label change controls). Cross-contact and mislabeling are separate hazard pathways and need separate controls.
Monitoring (§ 117.140) Controls must be monitored with sufficient frequency. For label accuracy, that typically means a pre-run label verification before each production run. For allergen cleaning, it means validated cleaning procedures and periodic allergen testing (ATP or ELISA) to confirm efficacy.
Corrective Actions (§ 117.150) When monitoring reveals a problem — or when a supplier notifies you of an upstream issue — you need documented corrective action procedures. This is where the response to the California Dairies recall should have triggered an immediate review of every finished product that contained the affected seasoning, followed by a quarantine and disposition decision before distribution, not after.
Verification (§ 117.155) Verification activities confirm that your preventive controls are working. For allergen controls, verification typically includes environmental monitoring, periodic finished product testing, and records review.
Label Review: The Last Line of Defense That Often Fails
A label that says a product "contains milk" is only accurate if everyone in the supply chain knows exactly what's in every ingredient. That's a harder problem than it sounds when you're buying compound ingredients from suppliers who are themselves buying from multiple sources.
The label review procedure required under 21 CFR § 117.135(c)(2) needs to do more than confirm that the label matches the formula. It needs to confirm that the formula's allergen profile is current and accurate given what you know about your suppliers' current ingredient sourcing. That means:
- Maintaining current, signed ingredient specification sheets that identify all allergens and sub-ingredient allergens
- Triggering a label review whenever a supplier changes a sub-ingredient or processing facility
- Conducting a label accuracy audit — not just a proofreading — when launching new products or reformulating
According to a 2023 FDA analysis, approximately 48% of allergen-related recalls involved products where the allergen was present in an ingredient but not disclosed on the finished product label. The allergen didn't appear because someone lied; it appeared because the label reflected the formula as understood, not as it actually was.
Traceability: How Fast You Can Identify Scope Determines How Bad the Recall Gets
One of the underappreciated dimensions of this type of recall is traceability speed. The moment John B. Sanfilippo & Son confirmed that an upstream ingredient was affected, the clock started on identifying every finished product lot that contained that ingredient, through what distribution channels, and to what retail destinations.
FDA's Requirements for Additional Traceability Records (21 CFR Part 204), which became effective November 7, 2022, with a compliance deadline of January 20, 2026 for most covered facilities, establishes a traceability lot code system and the Key Data Elements (KDEs) that must be captured at each Critical Tracking Event (CTE). For a snack manufacturer, the relevant CTEs include:
- Receiving of ingredients (with supplier lot codes captured)
- Transformation (production, blending, packaging — with links from input lot codes to output lot codes)
- Shipping (with customer and product lot information)
A manufacturer with a functioning Part 204-compliant traceability system can answer the question "which finished product lots contain ingredient lot X from supplier Y" in minutes. A manufacturer without it may spend days trying to reconstruct that answer from production records, and in the meantime, affected product is already in consumers' hands.
The compliance deadline for FDA's Traceability Rule (21 CFR Part 204) was January 20, 2026. If your facility has not yet implemented compliant traceability records for covered foods on the Food Traceability List, you are currently out of compliance. Contact Certify Consulting to assess your current traceability posture.
The Practical Prevention Checklist
If you're a snack food manufacturer, a co-manufacturer, or a seasoning supplier reading this and wondering whether your facility would have caught this problem before distribution, here's where I'd start:
Supplier Qualification - [ ] Do you have signed ingredient specification sheets for every compound ingredient that identify all sub-ingredient allergens? - [ ] Do your supplier agreements require change notification before sourcing changes? - [ ] Have you conducted or received allergen-specific audit documentation for your top allergen-risk suppliers in the past 12 months?
Allergen Control Plan - [ ] Does your hazard analysis drill into sub-ingredients for compound ingredients? - [ ] Do you have separate controls for allergen cross-contact and for label accuracy? - [ ] Are your allergen cleaning procedures validated with documented allergen testing results?
Traceability - [ ] Can you trace a finished product lot to the specific ingredient lot codes that went into it within one hour? - [ ] Do you capture supplier lot codes at receiving and link them through production to finished product lot codes? - [ ] Are you compliant with 21 CFR Part 204 if your products include items on the Food Traceability List?
Label Review - [ ] Is your label review procedure tied to your ingredient specification management system, so that a supplier ingredient change triggers a label accuracy review? - [ ] Do you have a documented procedure for responding to upstream supplier recalls that includes an immediate product hold and scope assessment?
If you're looking at gaps in that list, you're not alone — and you're also not in a good position if FDA comes knocking or if your own upstream supplier has a problem.
What This Recall Signals for the Industry Right Now
The May 2026 John B. Sanfilippo & Son recall is not an isolated event. It's the downstream consequence of a dry milk powder recall, which is itself part of a broader regulatory environment where FDA is actively enforcing allergen labeling requirements and supply chain accountability. FDA issued 1,228 food and beverage recalls in fiscal year 2023, and allergen-related recalls have remained in the top two causes every year for the past decade.
The signal for food manufacturers is straightforward: your quality system is only as strong as your weakest supplier link, and your weakest supplier link is probably whatever you're buying as a compound ingredient — a seasoning, a coating, a flavor system — where you're trusting the allergen profile declaration without verifying the sub-ingredient sourcing.
In my experience working with food manufacturers across the spectrum from small regional producers to publicly traded companies, the gap between a compliant-on-paper supplier program and one that would actually catch this kind of problem is usually a matter of a few specific procedures, not a full system overhaul. The hazard analysis needs to go deeper. The supplier agreement needs one more clause. The traceability system needs to link lot codes across one more production step.
Those are solvable problems — but only if you know where they are before a recall forces you to find them.
If you want a practical assessment of where your allergen control program stands against 21 CFR Part 117 requirements, Certify Consulting has helped more than 200 clients through exactly that process, with a 100% first-time audit pass rate. The best time to find the gaps is before FDA does.
Last updated: 2026-05-19
Source reference: FDA Recall Notice — John B. Sanfilippo & Son, Inc.
Jared Clark
Principal Consultant, Certify Consulting
Jared Clark is the founder of Certify Consulting, helping organizations achieve and maintain compliance with international standards and regulatory requirements.