Compliance Public Resources and References

Federal agencies, standards bodies, and government data repositories publish an extensive body of free, publicly accessible materials covering quality control requirements across US industries. This page catalogs those primary sources — official codes, agency guidance portals, court record systems, and open datasets — that practitioners, auditors, and researchers use to verify regulatory obligations and benchmark compliance programs. Understanding which source type answers which question prevents costly misinterpretation of secondary or paraphrased guidance. The material here supports the broader QC Regulatory Framework for the US and connects directly to agency-specific requirements covered under US Federal Quality Regulations.

Court system and legal references

Federal court decisions interpret how agencies apply quality-related statutes, and those interpretations carry binding or persuasive weight depending on the circuit and procedural posture. The three primary access points for US legal references are:

1. U.S. Government Publishing Office (GPO) — eCFR: The Electronic Code of Federal Regulations at ecfr.gov presents all active federal regulations in their current codified form. Title 21 (Food and Drugs), Title 29 (Labor/OSHA), and Title 40 (Environmental Protection) are the three titles most frequently referenced in quality and compliance audits.

2. PACER (Public Access to Court Electronic Records): Maintained by the Administrative Office of the US Courts at pacer.uscov, PACER provides access to federal district, appellate, and bankruptcy court filings. Consent decrees, injunctions, and enforcement actions against manufacturers are retrievable by company name or docket number.

3. FDA Warning Letters Database: The Food and Drug Administration publishes every issued warning letter at fda.gov/inspections-compliance-enforcement-and-criminal-investigations/compliance-actions-and-activities/warning-letters. These letters identify specific 21 CFR violations observed during inspections and function as agency-acknowledged interpretations of what constitutes a departure from current Good Manufacturing Practice (cGMP).

A key contrast exists between administrative enforcement actions (warning letters, consent decrees) and judicial enforcement actions (civil or criminal complaints filed in federal court). Administrative actions are issued by the agency and do not require judicial approval; judicial actions require filing with a federal district court and become part of the PACER record. Auditors interpreting a facility's enforcement history must distinguish which category applies, because the remediation obligations and public record locations differ substantially.

Open-access data sources

Government data portals aggregate inspection records, violation histories, and industry performance benchmarks at no cost.

• FDA Establishment Inspection Reports (EIRs): Available through Freedom of Information Act (FOIA) requests via fda.gov/regulatory-information/freedom-of-information. EIRs document investigator observations and are distinct from the Form 483 list of objectionable conditions issued at inspection close-out.

• OSHA Inspection Data: OSHA publishes establishment-level inspection and citation data at osha.gov/pls/imis/establishment.html. The dataset includes citation classifications (Serious, Willful, Repeat, Other-Than-Serious), penalty amounts, and abatement status. The maximum civil penalty for a Willful or Repeat OSHA violation is $156,259 per violation as adjusted under the Federal Civil Penalties Inflation Adjustment Act (OSHA Penalty and Debt Collection).

• NIST Standards Portal: The National Institute of Standards and Technology publishes the NIST Cybersecurity Framework, measurement standards, and quality-adjacent technical guidance at nist.gov. NIST Special Publication 800-series documents, while primarily cybersecurity-focused, include process control and documentation requirements that intersect quality system audits.

• EPA ECHO (Enforcement and Compliance History Online): Available at echo.epa.gov, ECHO provides facility-level compliance and enforcement records for air, water, and hazardous waste programs — relevant to quality operations in chemical, pharmaceutical, and manufacturing environments.

• SAM.gov (System for Award Management): Federal contractor exclusions and debarments, which can result from quality-related compliance failures on government contracts, are searchable at sam.gov.

How to navigate the resource landscape

Locating the authoritative source for a specific compliance question follows a logical hierarchy:

1. Identify the enabling statute — The statute passed by Congress authorizes the agency to regulate. Statutes are codified in the US Code (USC) and searchable at uscode.house.gov.
2. Locate the implementing regulation — Agencies issue regulations under statutory authority. Regulations appear in the CFR via eCFR. The CFR section number (e.g., 21 CFR Part 820 for FDA Quality System Regulation) is the operative compliance obligation.
3. Read agency guidance documents — Guidance clarifies how an agency intends to enforce the regulation. Guidance is not legally binding but represents agency policy. FDA guidance documents are indexed at fda.gov/regulatory-information/search-fda-guidance-documents.
4. Review enforcement history — Warning letters, consent decrees, and OSHA citations show how the regulation has been applied to real facilities.
5. Consult consensus standards — Organizations like ASTM International, ISO (adopted domestically through ANSI), and ASME publish technical standards referenced by regulations. Many are available through technical libraries or by purchase at the issuing body's website.

This hierarchy matters because guidance documents and consensus standards occupy different legal positions than CFR text. A facility cited for noncompliance is measured against the CFR, not against guidance, though guidance informs the inspector's interpretation. Full understanding of compliance scope depends on correctly mapping each obligation to its authoritative source tier.

Official starting points

The following named portals serve as authoritative entry points organized by agency function:

• FDA MedWatch and Device Databases: fda.gov/safety/medwatch — adverse event and recall data, relevant to product recall and withdrawal compliance.
• FTC Business Guidance: ftc.gov/business-guidance — covers advertising and labeling standards that intersect product conformance requirements.
• CPSC Regulations, Laws & Standards: cpsc.gov/Regulations-Laws--Standards — Consumer Product Safety Commission requirements for product testing and conformance certification.
• ISO/IEC Standards Catalog via ANSI: ansi.org — the US national body for ISO adoption; ISO 9001:2015 (Quality Management Systems) and ISO/IEC 17025:2017 (Testing and Calibration Laboratories) are the two standards most referenced in domestic quality audits.
• GPO Federal Register: federalregister.gov — all proposed and final rules, including quality-related rulemakings, with public comment records and preamble text that explains regulatory intent.