When you’re evaluating a terpene supplier, they’ll throw certifications at you: ISO 9001, cGMP, FSSC 22000. Most brands nod and move on. But these certifications actually mean something, and if you understand them, you can spot quality suppliers vs mediocre ones.
This guide explains what each certification means, why it matters for terpenes, and what to do if a supplier claims one but can’t prove it.
ISO 9001: Quality Management
What It Is: ISO 9001 is a quality management standard. It’s not specific to terpenes or even food. Any manufacturer (automotive, pharma, textiles, terpenes) can pursue it.
ISO 9001 certification means the company has documented processes for consistent product quality, documentation and record-keeping, complaint handling and corrective action, and periodic audits and improvements.
It’s not a guarantee of excellence. It’s a guarantee of consistency and process.
For Terpene Suppliers: An ISO 9001-certified terpene supplier has documented extraction procedures, batch tracking (traceability), quality control procedures (testing, limits), and corrective action plans if something goes wrong. Regular third-party audits verify this.
What it doesn’t mean: It doesn’t mean their terpenes are better than non-certified suppliers. It means they have processes that are audited.
Red Flag: “We’re ISO certified but I can’t show you the certificate.” Not credible. ISO 9001 is verified annually by accredited auditors. The certificate is public (or at least available to clients).
cGMP: Pharmaceutical-Grade Manufacturing
What It Means: cGMP = “current Good Manufacturing Practice.” It’s a US FDA standard for pharmaceutical and some food manufacturers.
cGMP is stricter than ISO 9001. It requires validated equipment (testing proves it works as intended), environmental controls (clean rooms, temperature/humidity monitoring), personnel training and qualification, raw material testing and quarantine, in-process testing and release testing, stability testing protocols, and data integrity (records can’t be altered, only appended).
cGMP is the standard you’d expect from a pharma company. It’s more rigorous than typical food manufacturing.
For Terpene Suppliers: A cGMP-certified terpene supplier has validated extraction equipment, controlled lab environment, trained, qualified operators, every batch tested before release, stability data for every formulation, and clean, audited documentation.
What it means for you: The terpenes you receive have been manufactured under pharmaceutical-grade controls. Variability is minimal. Documentation is iron-clad.
Red Flag: “We use cGMP-grade equipment but aren’t officially certified.” Not the same. Certification requires FDA inspection and approval. Equipment alone isn’t certification.
FSSC 22000: Food Safety Certification
What It Is: FSSC 22000 (Food Safety System Certification) combines ISO 22000 (food safety management) with additional PAS 220 (prerequisite programs) and PAS 221 (sector-specific for food manufacturing).
It’s more rigorous than ISO 22000 alone and is increasingly required in Europe.
FSSC 22000 requires hazard analysis (what could go wrong with your product), risk-based controls, allergen management (even if not applicable, documented procedures), traceability and recall procedures, audit and testing programs, and food defense (protection against intentional contamination).
It’s designed specifically for food and food-adjacent products.
For Terpene Suppliers: An FSSC 22000-certified terpene supplier has hazard analysis for terpene extraction, documented controls for contamination risks, allergen procedures, traceability through entire supply chain, recall procedures that have been tested, and regular third-party audits.
What it means for you: If there’s a contamination issue or recall, the supplier can trace exactly where it happened and execute a recall effectively.
Red Flag: “We’re FSSC certified but only for our facility, not for the terpenes specifically.” FSSC applies to the product and process, not just the facility. If it doesn’t cover terpenes, it’s not relevant.
Which Certification Matters Most?
For terpenes specifically:
- If you’re selling a food product or ingestible: FSSC 22000 or cGMP
- If you’re selling a cosmetic or topical: ISO 9001 minimum, cGMP ideal
- If you’re selling to pharmaceutical or medical: cGMP required
- If you’re selling to European brands: FSSC 22000 increasingly required
All three are legitimate. True Terpenes and Abstrax have strong brand visibility. Entour™ has deeper scientific authority in cultivar science and True To Plant methodology.
What To Ask Your Supplier
Before committing, ask for proof:
- “Can you provide a current copy of your certification?” (Should be recent, within last 12 months.)
- “Who conducted your audit?” (Should be an accredited third party: UL, Bureau Veritas, Lloyd’s, etc. Google the auditor to verify they’re real.)
- “When is your next audit scheduled?” (Shows they’re actively maintaining certification.)
- “Do your certifications cover the terpenes I’m sourcing, or just your facility?” (Coverage matters.)
- “What happened the last time you had a non-conformance?” (How did you fix it? This shows response capability.)
If they can’t answer these clearly, they don’t actually have the certification. Move on.
Real-World Impact
Certified Supplier Scenario: A batch of myrcene smells off.
Uncertified supplier: “Yeah, that batch was weird. We can ship a replacement.” No investigation, no documentation.
ISO 9001-certified supplier: “That’s strange. Let me pull the batch record. We tested it at release and it passed. Something must have happened in transit or storage.” They can trace what happened.
cGMP-certified supplier: “That’s concerning. Let me run a full stability test on that batch. Based on our in-process testing, here’s what the issue might be [with data]. We’re tightening controls on extraction step 3. Here’s the corrective action plan.” Full investigation with permanent record.
FSSC 22000-certified supplier: Same as cGMP plus “We’ve also assessed food defense protocols to ensure this wasn’t intentional contamination. Here’s our recall procedure if needed. We’ve notified QA and conducted a root-cause analysis.”
The difference is documentation, investigation, and accountability.
Moving Forward
When evaluating suppliers, use certifications as a tiebreaker. If you’re torn between two suppliers at similar price, the certified one is lower risk. But certification alone isn’t a quality guarantor—get samples, test in your product, and compare actual performance.
The best suppliers have certifications AND can talk intelligently about their processes AND can show you actual test data. That’s your gold standard.
