What Is a Quality Agreement and Why Life Sciences Teams Need One

What Is a Quality Agreement and Why Life Sciences Teams Need One

TLDR: A quality agreement is a written contract between a life sciences company and an outsourced partner, such as a contract manufacturer, supplier, or testing laboratory, that defines each party's GMP responsibilities. Regulatory frameworks including the FDA's 2016 guidance on contract manufacturing, ICH Q10, and ISO 13485 clause 7.4 all point to quality agreements as a foundational requirement. Without one, organizations face undefined accountability, audit failures, and supply chain breakdowns. This article covers what a quality agreement must contain, when it is required, common gaps that lead to FDA 483 observations, and how to keep agreements current through structured version control.

What Is a Quality Agreement?

A quality agreement is a comprehensive written contract between two or more parties involved in outsourced activities, such as contract manufacturing, testing, packaging, or distribution, that formally defines how each party will fulfill its obligations under applicable Good Manufacturing Practice (GMP) regulations.

The FDA's 2016 guidance document, "Contract Manufacturing Arrangements for Drugs: Quality Agreements," describes it as an agreement that "defines and establishes each party's manufacturing activities in terms of how each will comply with cGMP." In plain terms, a quality agreement answers one critical question: when something goes wrong, or when a regulatory action is required, who is responsible?

The document is not a commercial contract. It focuses specifically on quality-related responsibilities: testing, release, change control, deviations, corrective actions, audits, documentation, and regulatory notifications. It sits alongside the commercial agreement but serves an entirely different function.

For pharmaceutical, biotechnology, and medical device companies, a quality agreement is one of the most consequential documents in the supplier quality management program. Its absence, or its poor maintenance, is a recurring theme in FDA inspections and warning letters.

The Regulatory Basis for Quality Agreements

Quality agreements do not exist in a vacuum. They are shaped by, and rooted in, a network of global regulatory frameworks that life sciences organizations must navigate.

FDA 21 CFR Part 211 and the 2016 Guidance

The FDA's current GMP regulations for finished pharmaceuticals under 21 CFR Part 211 do not use the phrase "quality agreement" explicitly, but they establish the compliance expectations that make these agreements necessary. Section 211.68, which governs automatic, mechanical, and electronic equipment, is one example. It requires that any software or automated system used in manufacturing be validated for accuracy and reliability, and it places the burden of compliance on the owner of the drug product, regardless of whether a contractor operates that equipment.

The FDA's 2016 guidance on contract manufacturing arrangements formalized the agency's expectations. It describes which cGMP activities each party should own, how ownership should be documented, and how to handle situations where both parties share a responsibility. The guidance is non-binding in the strictest legal sense, but FDA inspectors routinely cite its absence or inadequacy as a basis for FDA Form 483 observations. (FDA.gov)

ICH Q10

The International Council on Harmonisation's Q10 guideline, "Pharmaceutical Quality System," dedicates a section to outsourced activities and purchased materials. It requires that a pharmaceutical quality system extend to all outsourced activities, including those performed by contract manufacturers, testing labs, and service providers. ICH Q10 calls for documented agreements that define quality responsibilities and that are periodically reviewed to ensure they remain current and effective. (ICH.org)

Quality agreements operationalize the ICH Q10 principle that the owner of the product never delegates ultimate regulatory responsibility. The CMO or contract lab takes on defined tasks; the owner retains accountability for product quality and patient safety.

ISO 13485 Clause 7.4

For medical device companies operating under ISO 13485:2016, clause 7.4 covers purchasing and supplier controls. Clause 7.4.1 requires that organizations evaluate and select suppliers based on their ability to meet specified requirements. Clause 7.4.2 requires that purchasing information clearly describe the product or service being procured, including applicable quality requirements.

ISO 13485 does not use the term "quality agreement" specifically, but its requirements for documented supplier arrangements, including quality requirements, change notifications, and records of conformance, map directly onto what a quality agreement contains. Notified bodies and regulators consistently expect to see formal quality agreements with critical and high-risk suppliers when auditing ISO 13485-certified organizations. (ISO.org)

When Is a Quality Agreement Required?

The short answer: any time a regulated activity is outsourced to a third party.

The more practical answer covers the following situations:

Contract Manufacturing Organizations (CMOs). If an external party manufactures, packages, labels, or tests a drug product or medical device on your behalf, a quality agreement is required. This covers API synthesis, drug product formulation, fill-finish operations, labeling, and secondary packaging.

Contract Testing Laboratories. Any third-party laboratory performing release testing, stability testing, environmental monitoring, or microbial testing on behalf of a regulated company requires a quality agreement. FDA 483 observations have been issued specifically for the absence of quality agreements with contract testing labs, particularly for microbial testing of APIs and water systems.

Raw Material and Component Suppliers. Not every supplier requires a full quality agreement. Risk-based approaches, consistent with ISO 13485 clause 7.4.1 and ICH Q10, are appropriate. High-risk or critical suppliers, including those providing components that directly contact the product or affect patient safety, warrant formal quality agreements. Commodity suppliers with no impact on product quality may require only a supplier questionnaire and purchase order terms.

Distributors. Companies that store or distribute finished drug products or medical devices under regulated conditions, such as cold chain or controlled substance storage, should have quality agreements covering handling, storage, documentation, and incident reporting.

Clinical Trial Material Suppliers. Clinical-phase companies often overlook quality agreements for investigational product manufacturing. FDA expectations for CGMP in clinical manufacturing apply from Phase 1 onward, and quality agreements with clinical CMOs are strongly advisable.

What a Quality Agreement Must Contain

An effective quality agreement defines responsibilities with enough specificity to prevent disputes and enable compliance. Based on the FDA's 2016 guidance and industry best practices, the following elements are standard:

Scope and purpose. A clear description of the products or services covered, the applicable regulatory standards, and the purpose of the agreement.

Responsibilities matrix. A detailed allocation of who owns each cGMP activity, including manufacturing, testing, release, labeling, storage, and shipment. Each activity should be assigned to the Owner, the Contract Facility, or jointly owned, with no ambiguity.

Change control. A section specifying how changes at either party, including process changes, equipment changes, facility changes, and personnel changes, are communicated and approved before implementation. This connects directly to the process change notification process each party must maintain.

Deviation and CAPA management. Who investigates deviations at the contract facility? Who approves the root cause investigation and the resulting deviation CAPA actions? The quality agreement must answer these questions explicitly.

Regulatory notifications. Timelines for notifying the owner of regulatory inspections, warning letters, import alerts, or significant compliance findings at the contract facility.

Audit rights. The owner's right to conduct for-cause or periodic audits of the contract facility, including notice requirements and access to records.

Data integrity and record access. Who maintains batch records, testing records, and electronic data? How will the owner access records in the event of a dispute, investigation, or regulatory inspection? Requirements under 21 CFR 211.68 for validated electronic systems and accurate data output should be reflected here for facilities using automated equipment or software.

Dispute resolution. A defined process for resolving disagreements on batch release, out-of-specification results, or investigational findings.

Term and termination. Duration of the agreement, renewal provisions, and exit provisions covering what happens to in-process batches, records, and materials if the relationship ends.

Common Gaps That Lead to FDA 483 Observations

Quality agreements are frequently present on paper but incomplete or outdated in practice. The following gaps appear most often in FDA inspection findings and warning letters:

Outdated documents. A quality agreement signed three years ago that has never been reviewed since. The CMO has changed its manufacturing process, updated its equipment, or changed personnel, none of which triggered a formal review or amendment to the agreement.

Missing coverage for contract labs. Many companies maintain quality agreements with their CMOs but fail to execute them with the contract testing laboratories those CMOs use. This creates a blind spot in the chain of quality oversight.

Vague responsibility assignments. Language such as "the parties will cooperate" or "as appropriate" in the responsibilities matrix is not sufficient. Inspectors look for unambiguous ownership of each cGMP task.

No change notification provisions. Agreements that do not define how and when the contractor must notify the owner of changes to processes, equipment, or facilities leave the owner unable to assess impact before the change occurs.

No audit trail requirement. Agreements that do not specify data integrity and electronic records expectations fail to satisfy FDA expectations under 21 CFR 211.68 and 21 CFR Part 11.

No periodic review schedule. Agreements with no defined review frequency are effectively frozen documents that quickly become obsolete.

Incomplete SCAR process. When a supplier fails to meet quality requirements, the path from identification to resolution, including the Supplier Corrective Action Request process, should be explicitly defined in the quality agreement.

How to Maintain Quality Agreements with Version Control

A quality agreement that is signed once and filed away provides little ongoing compliance value. These documents require a structured lifecycle: creation, approval, periodic review, amendment, and retirement.

Establish a review cadence. The standard industry practice is an annual review of active quality agreements, with triggered reviews any time a significant change occurs at either party. ICH Q10 explicitly calls for periodic review of outsourced activity agreements.

Tie amendments to change control. Any change at the contract facility that affects a responsibility defined in the quality agreement, such as a new manufacturing building, a new batch release process, or a new testing instrument, should initiate a formal amendment. The amendment process should mirror the same change control rigor applied to internal process changes.

Maintain a version history. Each version of a quality agreement should carry a version number, effective date, a summary of changes from the prior version, and signature lines for both parties. The superseded version should be archived but accessible for inspection.

Align with your document management system. Quality agreements are controlled documents. They belong in the same document control system as SOPs, validation protocols, and batch records. Storing them in email inboxes or shared drives without access controls creates data integrity risk and makes retrieval during inspections difficult.

Cloudtheapp's Documents app provides a centralized, FDA-validated document management environment where quality agreements can be drafted, reviewed, approved with electronic signatures, version-controlled, and automatically archived. Periodic review tasks can be assigned to responsible owners with due-date notifications, eliminating the risk of agreements becoming stale without detection.

Quality Agreements and Supplier Qualification

A quality agreement is a downstream document in the supplier relationship. It documents responsibilities once a supplier is selected and engaged. Supplier qualification is the upstream process that determines whether a supplier is eligible for selection in the first place.

The two are complementary. A robust supplier quality management program qualifies suppliers through questionnaires, audits, risk assessments, and approval processes before a quality agreement is executed. Once the agreement is in place, it governs the ongoing relationship.

A common failure is to treat them as sequential rather than integrated. Suppliers that pass initial qualification can drift in quality performance over time. The quality agreement's audit rights and change notification provisions are the mechanism for detecting that drift early.

Cloudtheapp's Supplier Qualification Management app unifies both stages in one platform. Suppliers are onboarded, assessed, approved, and then linked to active quality agreements, all within the same system. When a supplier's performance risk register changes, the system surfaces the relevant agreement for review. The built-in SCAR feature lets quality teams issue Supplier Corrective Action Requests directly from the platform and track resolution through to closure, without leaving the system or relying on email chains.

The Change Management app ties into this workflow as well. When a supplier notifies the organization of a process change, a change record is opened in the system, linked to the relevant quality agreement, routed for impact assessment, and approved or rejected through a documented workflow. Nothing falls through the cracks.

Manage Quality Agreements at Scale with Cloudtheapp

For pharmaceutical, biotech, and medical device teams managing a complex supplier network, quality agreements are not a one-time task. They are living documents that require active governance: creation, approval, periodic review, amendment tracking, and integration with deviation management, change control, and SCAR processes.

Cloudtheapp's AI-powered, FDA-validated Quality Management platform gives life sciences organizations a single environment to manage the entire quality agreement lifecycle alongside every related quality process. From supplier qualification to document control to CAPA, every activity connects.

Ready to see how Cloudtheapp can bring structure and control to your supplier quality program? Request a Demo at cloudtheapp.com.

Conclusion

A quality agreement is more than a compliance checkbox. It is the operational backbone of every outsourced quality relationship in a regulated life sciences organization. When it is well-written, current, and integrated into a broader quality management system, it protects the organization from regulatory risk, supply chain disruptions, and accountability gaps. When it is absent, outdated, or vague, it becomes one of the most common sources of FDA 483 observations and warning letters.

The regulatory expectation is clear: FDA, ICH Q10, and ISO 13485 all point to documented, specific, and maintained quality agreements as a non-negotiable element of a compliant pharmaceutical quality system. Life sciences teams that treat quality agreements as living, managed documents, rather than one-time signatures, are better positioned to pass inspections, resolve quality events quickly, and build supplier relationships built on defined accountability.