Mediconomics – für individuelle CRO-Lösungen.

Certificate of Analysis (CoA)

Synonyms: Certificate of Analysis, Analytical Certificate, Test Certificate, CoA

Definition: A Certificate of Analysis (CoA) is a documented record that summarises the results of defined quality tests (e.g. identity, purity, content, microbiological quality) for a specific batch or lot release timepoint and confirms that pre-established specifications have been met.

What is a CoA used for?

A CoA serves as a central quality record across the supply chain: it accompanies active pharmaceutical ingredients (APIs), excipients, intermediates or finished medicinal products and supports batch release. In regulated environments, it demonstrates to internal Quality functions, sponsors and authorities that the scope of testing and acceptance criteria were defined and met.

Typical contents of a CoA

Common elements include batch details (batch number, manufacturing/testing date), the test method or reference used (e.g. Ph. Eur., USP, a validated in-house method), specifications and measured results, and a release statement. Sampling information, storage conditions, shelf-life/retest date and the signature of a responsible person from Quality Control/Quality Assurance are also frequently included.

CoA in the GMP context

In the GMP environment, the CoA is closely linked to specifications, test instructions and the batch record. It should be possible to trace which methods were used and whether any deviations or OOS/OOT results occurred. A CoA does not replace the overall documentation, but it is a condensed, auditable results document.

Distinction from similar documents

A CoA is not equivalent to a Batch Manufacturing Record (BMR) or a Certificate of Conformance (CoC). While the BMR documents the manufacturing steps and a CoC usually only states conformity without detailed measured values, a CoA typically contains concrete test results. Which form is accepted depends on the product, the supply chain role and contractual/regulatory requirements.

In quality management, a clear trace between specification, method, result and release decision is good practice. This allows a rapid assessment, in the event of deviations, of whether there is a risk to patient safety, efficacy or data interpretation, and which CAPA measures are necessary.

Interfaces are also relevant: where multiple parties are involved (e.g. sponsor, manufacturer, contract laboratory), responsibilities, test plans, data formats and review steps should be aligned contractually and procedurally. This reduces the risk of inconsistent assessments.

Data integrity principles (ALCOA+) also play a role in the creation and review of such documents: data should be attributable, legible, contemporaneous, original and accurate. This helps to investigate deviations traceably and to ensure traceability across the lifecycle of a product or a study.

Practical note: When documenting and reporting in regulated environments, definitions, roles (sponsor, CRO, site) and timelines should be clearly set out in SOPs. Consistent application improves the comparability of data and reduces queries during audits and inspections.

For quality assurance, it is also important that the underlying primary data (e.g. raw laboratory data, medical findings, timing, dosing information) remain traceably available. Summary documents are helpful but do not replace complete data integrity and controlled document control.

In practice, many errors arise from inconsistent use of terminology or unclear boundaries. A brief definitional check (What is the trigger? Which criteria apply? Who makes the final decision?) helps to stabilise processes and simplify internal communication.

If specifications, reference information or reporting pathways change during a project, these changes should be versioned and communicated. This makes it possible to trace which rules applied at which point in time and how decisions were justified.

In quality management, a clear trace between specification, method, result and release decision is good practice. This allows a rapid assessment, in the event of deviations, of whether there is a risk to patient safety, efficacy or data interpretation, and which CAPA measures are necessary.

Interfaces are also relevant: where multiple parties are involved (e.g. sponsor, manufacturer, contract laboratory), responsibilities, test plans, data formats and review steps should be aligned contractually and procedurally. This reduces the risk of inconsistent assessments.

Data integrity principles (ALCOA+) also play a role in the creation and review of such documents: data should be attributable, legible, contemporaneous, original and accurate. This helps to investigate deviations traceably and to ensure traceability across the lifecycle of a product or a study.

Practical note: When documenting and reporting in regulated environments, definitions, roles (sponsor, CRO, site) and timelines should be clearly set out in SOPs. Consistent application improves the comparability of data and reduces queries during audits and inspections.

For quality assurance, it is also important that the underlying primary data (e.g. raw laboratory data, medical findings, timing, dosing information) remain traceably available. Summary documents are helpful but do not replace complete data integrity and controlled document control.

In practice, many errors arise from inconsistent use of terminology or unclear boundaries. A brief definitional check (What is the trigger? Which criteria apply? Who makes the final decision?) helps to stabilise processes and simplify internal communication.

If specifications, reference information or reporting pathways change during a project, these changes should be versioned and communicated. This makes it possible to trace which rules applied at which point in time and how decisions were justified.

FAQ

Who issues a Certificate of Analysis?

As a rule, the manufacturer or a contracted Quality Control laboratory issues the CoA. A qualified person/function from QC/QA is responsible and releases the test results.

Must a CoA contain original data?

No. A CoA is a summary of results. However, the underlying raw data must be available and auditable (e.g. laboratory notebooks, chromatograms, instrument reports).

How current must a CoA be?

It relates to a specific batch and the point in time of testing or release. Updated CoAs may be required for retests or requalification.

What is the difference between a CoA and a CoC?

A CoA typically contains specifications and measured values. A CoC usually only confirms that requirements have been met, often without detailed values.

Sources

  • ICH E6(R2): Good Clinical Practice – section on Safety Reporting / AE/SAE (R2 Addendum). https://database.ich.org/sites/default/files/E6_R2_Addendum.pdf
  • EMA: Clinical safety data management: definitions and standards for expedited reporting (ICH E2A). https://www.ema.europa.eu/en/ich-e2a-clinical-safety-data-management-definitions-standards-expedited-reporting
  • EU CTR/CTIS overview (EU 536/2014): Safety reporting in the clinical trial context. https://health.ec.europa.eu/medicinal-products/clinical-trials/clinical-trials-regulation-eu-no-5362014_en

For sponsors and investigational sites, it is also important that coding (e.g. MedDRA), the assessment of expectedness (Investigator’s Brochure/SmPC) and timelines (e.g. 7/15 days for SUSARs) are clearly described in the Safety Management Plan. This reduces queries from authorities and improves data quality.

Scroll to Top