This breakdown is available for paid subscribers. Only paid subscribers get regular full access to our breakdowns and other analyses. If you’re not already a paid subscriber, you can upgrade here.

Want to stay out of our warning letter breakdowns? Contact us to access our global network of 3,250+ consultants and 250+ former FDA employees. We run audits, mock inspections, and remediation for 17 of the top 25 life science firms.

On September 23, 2025, the CDER issued a warning letter to Persōn & Covey, Inc., following an inspection conducted from January 27 to February 6, 2025.

The letter cites CGMP violations under 21 CFR Parts 210 and 211 and flags two marketed products—Xerac AC and Drysol—as unapproved new drugs based on intended-use claims. The FDA also reminds the firm that any cosmetics produced at the facility must comply with the FD&C Act and MoCRA.

The FDA found the company’s February 19, 2025 483 response and subsequent correspondence inadequate, citing a lack of supporting documentation and evidence of corrective actions.

Read the full warning letter

This warning letter caught our attention as it reflects a lot of the problems we find in our own audit and mock inspection work—and offers a few under-the-radar lessons teams might want to internalize.

QU authority and data integrity read as performative more than functional

21 CFR 211.22 obviously requires a quality unit with actual control. In this case the FDA found repeated OOS assay failures on a Xerac AC bulk intermediate (Aluminum Chloride Hexahydrate) were disregarded until a later sample passed. Earlier failures were not investigated by QU.

Also, the lab software had only a “System Administrator” user type. Shared passwords were used for Windows and instrument software. Audit trails weren’t independently reviewed on any defined cadence and raw/electronic data weren’t reviewed. (Password sharing is a huge problem we see in audits all the time—don’t do this!)

The firm admitted there was no formal data integrity procedure and offered to write one, but didn’t assess the extent of documentation deficiencies or their impact on product quality.

Unique user access, role-based permissions, and independent audit-trail review aren’t “nice to haves.” The FDA will almost always treat missing controls as systemic QU failure, not a clerical gap.

Ask yourself:

• Do all GxP systems use unique, role-based accounts with shared logins disabled and no default admin use?

• Are audit trails independently reviewed on a defined cadence by QU with documented outcomes and follow-ups?

• Can any material move forward after multiple OOS just because a later test passed, or do hard stops prevent “testing into compliance”?

• Do we have a trained, enforced data integrity SOP that covers electronic and raw data review end-to-end?

• Have we run a firm-wide data integrity risk assessment on products already distributed and within expiry?

QU governance broke down when a rejected batch was quietly reworked

The warning letter documents that a Solbar Zinc Sunscreen batch dispositioned for destruction on Nov. 18, 2021, due to high pH was later reworked in March 2022.

A few specific problems here:

• No pre-approved rework protocol (required by the firm’s own procedure).

• No contemporaneous batch record for the rework.

• A post-hoc internal memo omitting critical details (added component lots, equipment, mixing parameters, yields, sampling, container/closure, expiry).

• QA wasn’t involved in reversing the “destroy” decision. A QC email later announced release.

The FDA asked for a full QU remediation plan that reestablishes decision rights and oversight—robust procedures, QU presence across operations, complete final batch review before disposition, proper investigation oversight, and proof of top-management support and resourcing.

Any reversal of a destruction disposition without a formal, approved rework protocol and full documentation is a direct hit to governance and traceability.

Ask yourself:

• Is it technically impossible in our eQMS to rework without a pre-approved protocol and QU approval?

• Can a destruction disposition be reversed without QA involvement and executive sign-off?

• Do rework batch records capture all contemporaneous details: components, equipment, parameters, yields, sampling, container, expiry?

• Do we require stability and labeling impact assessments for any rework before release?

• How many redispositions or off-procedure reworks occurred in the last ~24 months (and did Quality investigate each one)?

Investigations seemed to die at Phase I even when trends were obvious

Under 21 CFR 211.192, the FDA found late-stage failures during long-term room temperature stability for three OTC products without timely, thorough root cause work:

• Solbar Zinc Sunscreen had multiple high pH failures across two batches. Retests confirmed failures and unrelated batch retains were tested to suggest a formulation issue. The form’s Phase II required? field was left unanswered.

• DHS Zinc Shampoo stability showed pH above range at all temps across all months for one lot. The form concluded “further investigation needed” yet answered “No” to Phase II.

• DHS Tar Shampoo OOS for coal tar assay: assay suitability was floated then rejected without pursuing a Phase II or verifying method validity.

In the warning letter, the FDA is asking for a retrospective, independent review of all invalidated OOS results for products still within expiry, with clear outcomes. Where lab error is conclusive, the firm needs to justify it and remediate similar methods. Where inconclusive/no lab root cause exists, they’re asked to perform a full production review (records, steps, equipment/facility, raw-material variability, process capability, deviation/complaint/batch-failure history) and identify manufacturing root causes.

Closing at Phase I without conclusive lab error (especially amid clear trending) signals a broken investigation system.

Ask yourself:

• What objective criteria in our SOP auto-trigger Phase II when Phase I is inconclusive or when trends appear?

• How do we detect and escalate stability trends like pH or assay drift across lots and timepoints, not just single results?

• What percent of OOS closed at Phase I citing lab error without conclusive evidence?

• When lab root cause is inconclusive, do we always perform a full production review (records, equipment, raw material variability, deviations, complaints)?

• Does QU independently verify investigation scope and CAPA adequacy before closure?

Reformulated products without validation, then process drifted on the floor

Under 21 CFR 211.100(a), the FDA found the firm changed formulations (e.g., different inactives) for shampoo products between July 2013 and May 2018 without process validation (PPQ) to show a reproducible commercial process nor stability data to support expiry.