Chain of custody (CoC) is foundational not only for quality assurance (QA) and regulatory compliance, but for preserving sample integrity, defensibility of results, and overall credibility of the testing services provided. Maintaining an effective chain of custody isn’t a single procedure—it’s a framework that integrates documentation, personnel training, and digital systems to ensure samples can be traced with full confidence.
What is Chain of Custody?
Chain of custody refers to the documented, chronological sequence of transfers, storage, handling, and disposition of samples (or items) from the moment of receipt (or collection) through analysis to final reporting or disposal. In essence, it answers who, what, when, where, how (and under what conditions) a specimen or sample changed hands.
In the laboratory environment, this includes, but is not limited to, the following:
- Identification of the sample (unique sample ID, container, lot/batch, matrix)
- Documentation of when, where, and by whom the sample was collected (if applicable), transported, and accepted into the laboratory
- Verification of storage conditions during transit and while in the lab (temperature, security, integrity of container/seal)
- Tracking of any subsampling, splits, or aliquots, and who performed each step
- Logging of all transfers between locations or personnel, including disposal or archiving
- Ensuring the sample integrity (preventing mix-ups, tampering, contamination, mis-labelling)
For contract testing laboratories, maintaining an unbroken, auditable chain of custody is essential for regulatory, accreditation, and legal defensibility.
Why Chain of Custody Matters for Third-Party Labs
Integrity of Results & Defensibility
When a contract or third-party laboratory issues test data to a client (and often to regulatory bodies, auditors, or end-users), that data must rest on a foundation of properly handled and documented samples. If the chain of custody is broken, questions arise about the authenticity of the sample, whether it was compromised, or if procedures were followed. In regulated or litigated contexts, such as forensic, environmental, pharmaceutical, or food testing, a broken chain of custody can render results inadmissible or expose the laboratory to challenge.
Regulatory & Accreditation Compliance
Many accreditation standards (for example, the ISO/IEC 17025 for testing and calibration laboratories) expect sample traceability, documented sample transfer, storage, and handling. Moreover, regulatory authorities require that a laboratory “properly collect, identify, and maintain samples from the time they are collected until they are delivered to the private laboratory.”
In the TIC realm, contract laboratories are often asked to demonstrate that their chain of custody procedures are robust—this may form part of audit queries, customer due diligence, or regulatory inspection readiness.
Risk Management for Contract Labs
Maintaining the chain of custody mitigates risks for labs: sample mix-ups, loss, contamination, mislabelling, or misinterpretation become far more likely when custody is not tracked. From a liability and reputational standpoint, the effort invested in CoC systems is essential. Controllers and QA managers in labs should view CoC not just as a paperwork requirement, but as a critical quality control element within their overall management system.
Key Elements of a Robust CoC Program for Third-Party Labs
1. Scope, Definitions, and Roles
- Define the scope of what kinds of samples and materials require full chain-of-custody logging (e.g., customer-supplied samples, trace forensic evidence, calibration standards, reference materials, field-collected specimens). Some samples may need less stringent tracking, but should still have basic identification.
- Clearly define roles and responsibilities. Sample submitter, courier/shipper, receiving clerk, sample control/logistics, analytical personnel, QA/Records, archives—the lab must document who is responsible for each step.
- Define materials of sample containers, seals, labels, split/aliquot containers, barcode or RFID tags if used.
2. Sample Receipt, Identification, and Logging
- On receipt at the laboratory, each sample must be checked against the submission documentation: sample ID, quantity, condition of container, temperature (if cold chain), integrity of seals, packaging damage, and so on.
- A unique lab accession number should be assigned and linked to the client’s sample ID, matrix, date/time of receipt, condition, and initial handler’s signature or electronic log.
- The receipt record becomes part of the chain of custody documentation.
3. Tracking Transfers, Storage, and Handling
- Physical movement, change of location, subsampling, aliquoting, or any transfer of the sample should be logged: date/time, from whom, to whom, purpose of transfer, sample/vial ID.
- Freezer, refrigerated, ambient, locked shelf—the exact storage locations need to be documented and controlled (temperature monitoring, access control).
- Broken seal, container compromised, or any evidence of tampering should trigger an investigation and be logged.
4. Documentation and Forms
- Labs should use standardized chain of custody forms (paper or electronic) that include the following minimum elements, such as sample ID, client ID, date/time of transfer, signature/initials of person releasing custody, date/time of custody received, signature of person receiving, description of sample, location, and purpose of transfer.
- Where a laboratory information management system (LIMS) is used, the system/software should record the same data, plus audit trails. A good CoC program uses either paper or digital systems, but ensures no gaps.
- All documentation must be retained for a period consistent with client contracts, accreditation requirements, regulation or internal policy.
5. Security, Integrity, and Chain-Break Indicators
- Physical security should include locked storage areas, restricted access to authorized personnel, the use of sealed containers, and tamper-evident packaging to prevent unauthorized handling or substitution of samples.
- Environmental controls must ensure that all samples are maintained under the required storage temperature and conditions, with systems in place to prevent unauthorized access and detect any anomalies such as leakage, damage, or seal breaches.
- Integrity safeguards should prevent sample mix-ups, substitutions, contamination, or mislabeling through clear labeling systems, barcode verification, and double-check procedures at critical handling steps.
- Indicators of chain-breaks—such as missing signatures, unrecorded transfers, or damaged containers—should trigger an internal investigation to determine the impact on sample integrity and whether re-sampling or corrective action is required.
6. Integration into Quality Management & Accreditation
- The chain-of-custody procedures should be incorporated into the laboratory’s overall quality management system and aligned with ISO/IEC 17025, GLP, and applicable regulatory standards.
- Internal audits must routinely evaluate the accuracy, completeness, and timeliness of custody records.
- Audit findings should be documented, and corrective and preventive actions (CAPA) should be implemented promptly to address identified deficiencies.
- Management reviews should assess custody metrics and determine whether additional training, technology, or resources are needed for compliance.
7. Staff Training and Awareness
- All personnel involved in sample handling must receive formal training on chain-of-custody procedures, documentation accuracy, and escalation protocols.
- Training should emphasize the regulatory and legal consequences of custody failures and highlight best practices for traceability.
- Competency assessments must be conducted periodically to verify that staff can apply custody procedures correctly.
- Refresher training should be provided whenever new methods, regulations, or systems are introduced.
8. Technology, Automation, and LIMS Integration
- Digital tools such as LIMS, barcoding, and RFID tracking can enhance custody documentation by reducing manual entry errors.
- Automated timestamping and secure electronic signatures provide reliable traceability of each custody event.
- These systems must be validated to comply with data integrity requirements such as the FDA 21 CFR Part 11 and ISO/IEC 17025.
- Laboratories should ensure that system configurations capture all custody-related actions, including sample login, transfer, and disposal.
9. Disposition, Archiving and Record Retention
- After testing is completed, the laboratory must follow documented procedures for sample disposition, including return, archiving, or disposal.
- Each disposition action must include the date, time, authorization, and personnel responsible for execution.
- Archived samples and custody records should be stored under controlled conditions and indexed for efficient retrieval.
- Disposal of samples and documentation must comply with environmental, biosafety, and hazardous material regulations.
10. Continuous Improvement and Audit-Ready Posture
- Chain-of-custody systems should undergo periodic review to identify weaknesses and implement preventive improvements.
- Internal and external audit findings should be analyzed to guide process updates and staff training initiatives.
- Custody documentation should always be maintained in an audit-ready state, accessible for inspection at any time.
- Laboratories should measure performance indicators such as error frequency, documentation completeness, and audit results to drive continuous improvement.
Practical Considerations for Third-Party Labs
Client Sample Reception & Field Shipment
For many third-party labs, clients may submit samples collected elsewhere (field-collected, shipped by courier, or on-site collection). The lab should provide clear submission instructions outlining how the client or field collector must initiate the chain, including sample labelling, container integrity, documentation, shipping conditions, and covering forms.
The lab should then perform an acceptance check upon sample receipt: Verifying packaging, temperature, seals, sample ID consistency, quantity, and condition. If the sample fails acceptance—due to reasons like, but not limited to, out-of-specification temperature, split missing, or poor labelling—the lab should document it and decide whether to reject or quarantine the sample. This may impact the CoC status and potentially the reportability of results.
Splitting, Aliquoting, and Secondary Transfers
The sample submitted may often be aliquoted. Contract labs must ensure that the transfer of subsamples is tracked, from parent container to child container, with unique identifiers linking them, and custody logs for each transfer. This is especially important when outsourcing parts of the work. Without clear traceability, the integrity of the entire result may be questioned.
Subcontracting, Cross-Laboratory Transfers, and Outsourcing
Third-party labs frequently subcontract testing or send samples to specialized reference labs. In such cases, the chain of custody must extend beyond the primary lab. That means,
- The subcontracted lab must also document receipt, handling, storage, and disposal.
- The contract laboratory must maintain records linking the sample forwarding to the subcontractor (date/time, sample ID, carrier, condition, tracking of receipt).
- The laboratory’s own CoC procedures must address how subcontracting is controlled, documented, and audited.
Digital Data, Electronic Records, and LIMS
Modern contract labs often rely on digital systems. The “custody” concept also extends to data derived from the sample: raw data files, instrument outputs, electronic logs, and report archives. Although classic chain of custody deals with physical samples, laboratories must ensure that data integrity and audit trails are maintained. This is increasingly important given regulatory focus on data integrity and traceability.
Communication with Clients and Reporting
Educating clients about the importance of chain-of-custody compliance can be a game-changer. Clear communication ensures that the client understands any CoC issues that may affect result interpretation. For example, if a sample arrives with a broken seal or a missing signature, the lab may issue a deviation/observation and may include disclaimers in the report.
Cost and Workflow Efficiency
While chain of custody tracking is essential, laboratories should design systems that balance robustness and operational efficiency. Over-burdensome paperwork, redundant logs, or overly complex transfers may slow workflow and increase error risk by staff skipping steps. Automation, using barcode scanning, mobile log-in, integrated LIMS, etc., and streamlined SOPs can help maintain efficiency and preserve integrity.
Common Pitfalls and How to Avoid Them
| Pitfall | Implication | Mitigation |
|---|---|---|
| Incomplete or lost documentation (missing signatures, dates) | Break in traceability → results may be challenged or invalidated | Standardize forms/fields, train staff, use electronic logs with required fields |
| Sample mix-up, mislabelling, wrong container | Integrity compromised, wrong result attributed | Use unique barcodes/RFIDs, double-check ID at critical steps, electronic scanning |
| Poor packaging/shipping controls (temperature excursions, damaged containers, unauthorized access) | Sample may degrade, contaminate, change matrix → invalid results | Provide clear shipping instructions, inspect upon receipt, log conditions, reject if “out-of-spec” |
| Splitting samples without traceable links or record | Downstream analysis may not link to original sample → gap in CoC | Use sample lineage tracking in LIMS, label aliquots, document transfers |
| Subcontracting without documented receipt/handling by third-party labs | Part of result chain may be untraceable → risk of non-defensibility | Have formal agreements, require subcontractor CoC documentation, include in audit scope |
| Manual-only systems (paper forms) with no audit trail or backups | Risk of lost forms, missing entries, inability to track edits | Consider digital systems, audit logs, backups, disaster recovery |
| Staff not trained or unaware of CoC importance | Human error higher, steps skipped, less or no awareness of chain breaks/gaps | Conduct training, refresher sessions, highlight legal/regulatory implications |
| Over-complex procedures causing delays or staff workaround | Staff bypassing steps reduces effectiveness | Review workflow for efficiency, use technology, remove unnecessary steps but maintain controls |
Auditing, Metrics, and Continuous Improvement
Contract laboratories should treat the chain of custody as a measurable quality process. Some key metrics might include:
- Percentage of samples with complete CoC documentation upon receipt
- Incidents of chain-breaks (missing signatures, transfers not logged)
- Number of rejected samples due to shipping/receipt conditions
- Audit findings relating to CoC non-conformities and corrective actions
- Time from receipt to analysis initiation with full CoC in place
Regular internal audits and external audits as part of accreditation should assess compliance with CoC procedures, record completeness, timeliness, and sample integrity. Audit findings should feed into CAPA and process improvement. For example, if frequent missing documentation is found for a particular client or shipping method, the lab may revise its client submission instructions or require additional controls.
Emerging Considerations and Technologies
- Electronic signatures and tamper-evidence: Digital logs with secure signatures reduce reliance on manual paper forms.
- Blockchain and distributed ledger approaches: Some research in forensic/evidence-handling domains proposes blockchain-based CoC tracking to provide immutable records. While still evolving, labs may monitor such technologies as they mature.
- Field mobile capture and real-time tracking: For labs receiving field-collected samples, investing in mobile apps or devices that capture GPS/time stamps, sample container(s) photos in real time, strengthens the custody record.
- Integration with IoT sensors: Temperature/humidity loggers in shipping containers that feed into the CoC record enhance traceability of storage conditions.
- Data integrity and digital chain of custody: As more tests involve digital data and remote instrumentation, labs must ensure chain of custody for data (who accessed, modified, transferred) just as much as for physical samples.
Assess Your Lab’s Chain of Custody Processes
Maintaining an unbroken, well-documented chain of custody is pivotal to laboratory quality, regulatory compliance, and result reliability/credibility. By defining roles, standardizing documentation, controlling transfers and storage, integrating chain of custody into the quality system, training staff, leveraging proper technology and continuously auditing and improving, third-party and contract labs can serve clients effectively, minimize risk, and meet accreditation and regulatory expectations consistently.
As the testing, inspection, and calibration (TIC) industry continues to evolve—with increasing complexity of sample types, more outsourcing/subcontracting, and heightened regulatory scrutiny—robust chain-of-custody systems differentiate laboratories that are prepared, reliable, and audit-ready.
If your laboratory is looking to review or upgrade its chain of custody protocols, consider conducting a gap assessment, followed by policy/procedure revision, training of staff, system implementation (digital or manual), and regular monitoring. This deliberate approach ensures that the chain of custody becomes an integral part of your lab’s operations and quality culture.
Connect with expert labs on the Contract Laboratory network for gap assessments or specialized regulatory assistance.
This article was created with the assistance of Generative AI and has undergone editorial review before publishing.