A Certificate of Analysis (COA) is one of the most important documents in modern quality assurance — yet it is frequently misunderstood, misread, or accepted at face value without proper scrutiny. Whether you are a purchasing manager sourcing raw ingredients, a regulatory affairs specialist preparing a drug dossier, or a quality control chemist verifying a shipment of industrial solvents, understanding the COA in front of you is not optional. It is a professional competency that directly affects product safety, regulatory compliance, and supply chain integrity.
This guide covers everything you need to know: what a COA contains, why each section matters, how to read and verify one, the differences between a COA and a Certificate of Conformance, how digital COAs are evolving, and — critically for laboratories and manufacturers — how to obtain a COA from an accredited contract testing laboratory. If you need to find a contract laboratory for COA testing, ContractLaboratory.com connects you with thousands of accredited facilities worldwide.
What Is a Certificate of Analysis (COA)?
A Certificate of Analysis is a formal document, prepared and issued by a quality assurance / quality control (QA/QC) department or an independent accredited testing laboratory, that records the results of one or more analytical tests performed on a specific batch or lot of a product, raw material, or substance. It confirms that the analyzed item meets pre-defined specifications and is safe and suitable for its intended use.
Unlike marketing claims, a COA is backed by verifiable data. Each result is tied to a specific lot number, a specific test method, and a specific analyst or authorized signatory. This traceability is what makes the document legally and commercially meaningful.
The COA is used across a remarkably wide range of industries — from pharmaceutical drug substance testing to food and beverage ingredient analysis, from industrial chemical purity verification to dietary supplement potency certification. The underlying purpose is always the same: to provide an objective, documented assurance that the product is what it claims to be.
Key Components of a Certificate of Analysis
A well-structured COA is not simply a table of numbers — it is a controlled document with distinct sections, each serving a specific function for quality assurance, traceability, and regulatory compliance. Below are the components you should expect to find in any credible COA, along with an explanation of what each section tells you.
1. Product Identification
This section anchors the COA to a specific physical item. It should include the product name, generic or chemical name, catalog number, lot or batch number, manufacturing date, and — where relevant — expiry date or retest date. The lot number is the most critical field: it is the link between the test results on the page and the material in your facility. Before reviewing any other section, always verify that the lot number on the COA matches the lot number on your container or shipment label.
2. Manufacturer and Testing Laboratory Information
The COA should clearly identify who manufactured the product and which laboratory conducted the testing. These may be the same entity (an in-house QC lab) or different entities (a contract manufacturer using an independent third-party testing laboratory). For third-party COAs, the laboratory’s full name, address, and — critically — its accreditation details should be prominently displayed.
3. Laboratory Accreditation and Certification Number
A COA is only as trustworthy as the laboratory that produced it. Credible COAs will reference the laboratory’s accreditation body and certification number, most commonly ISO/IEC 17025 for testing and calibration laboratories. ISO/IEC 17025 is the international standard for laboratory competence and is recognized by regulatory agencies worldwide, including the FDA and EMA. A COA from a non-accredited laboratory should be scrutinized carefully; for regulated industries, it may not be acceptable at all.
4. Test Methods
This section identifies the analytical procedures used to generate each result. Common methods include high-performance liquid chromatography (HPLC), gas chromatography-mass spectrometry (GC-MS), inductively coupled plasma (ICP) for heavy metals, UV-Vis spectroscopy, and microbial enumeration. The method reference should ideally cite a recognized compendial standard (e.g., USP, EP, AOAC, ASTM) or a validated in-house method. Validated, standardized methods are the foundation of reproducible, legally defensible results.
5. Specifications and Test Results
This is the analytical core of the document. For each parameter tested, the COA should show three things: the specification (the acceptable limit or range), the actual result obtained, and a pass/fail or conformance designation. Common parameters include purity or assay percentage, water or moisture content, pH, heavy metals concentration (arsenic, cadmium, lead, mercury), microbial limits (total aerobic count, yeast and mold, pathogens), residual solvents, and appearance or color. Reading this section is a matter of comparing the result against the specification and verifying that every parameter is within its acceptable range.
6. Compliance Statement
Many COAs include an explicit statement that the product conforms — or does not conform — to its specified standards. This summary statement is useful for regulatory submissions and audit documentation because it provides a single, clearly worded attestation of product status without requiring the reader to interpret individual test results. When reviewing a COA for a regulated product, ensure this statement references the relevant standard (e.g., USP monograph, FDA specification, customer specification).
7. Authorized Signature and Date
A COA must be signed (manually or electronically) and dated by a qualified, authorized representative of the issuing organization — typically a Quality Assurance Manager or Director of Laboratory Operations. The FDA’s Current Good Manufacturing Practice (cGMP) regulations explicitly require that COAs for pharmaceutical products be signed and dated by authorized personnel from the manufacturer’s or distributor’s quality unit. An unsigned or undated COA is a serious red flag.
Industries That Rely on Certificates of Analysis
The COA is a universal document, but its specific content and regulatory requirements vary significantly by industry. Here is a sector-by-sector overview:
Pharmaceuticals and Biopharmaceuticals
In pharmaceutical and biopharmaceutical manufacturing, COAs are mandated by regulatory frameworks including the FDA’s 21 CFR Part 211 (cGMP) and the European Medicines Agency’s Good Manufacturing Practice guidelines. Every batch of active pharmaceutical ingredient (API), excipient, and finished drug product must be accompanied by a COA before it can be released. Parameters typically include identity, purity, potency, sterility (for injectables), and limits for specified impurities.
Food and Beverage
Food manufacturers and ingredient distributors use COAs to verify food safety and quality prior to production and to support compliance with the FDA Food Safety Modernization Act (FSMA), USDA standards, and international standards such as ISO 22000. Key parameters include microbiological testing (Salmonella, Listeria, E. coli O157), allergen testing, heavy metals, pesticide residues, nutritional composition, and moisture content. COAs are also routinely required for import and export documentation.
Chemicals and Petrochemicals
In chemical manufacturing and distribution, COAs confirm that raw materials and intermediates meet purity and composition specifications before use in production. A COA for a reagent-grade solvent, for example, will typically specify minimum assay percentage, water content (Karl Fischer), acidity or basicity, and limits for specific trace metal impurities. For specialty chemicals, the COA may also include spectroscopic data (IR or NMR spectrum) as a fingerprint for identity confirmation.
Dietary Supplements and Nutraceuticals
The supplement industry relies heavily on COAs to substantiate label claims for potency and purity. The FDA requires Current Good Manufacturing Practices for dietary supplements under 21 CFR Part 111, which mandate testing of identity, purity, strength, and composition for all incoming ingredients and finished products. A COA for a vitamin D supplement will typically include the verified IU or mcg per serving, as well as limits for microbiological contamination and heavy metals.
Cannabis and CBD Products
COAs for cannabis products are particularly detailed, covering cannabinoid potency (THC, CBD, CBN, and others by HPLC), terpene profiles, microbiological contamination, pesticide residues, heavy metals, residual solvents, and mycotoxins. In the United States, COA requirements for cannabis are driven by state law, meaning requirements vary considerably by jurisdiction. For CBD products derived from hemp, COAs have historically served the function of confirming that delta-9 THC content is within the 0.3% dry-weight limit established by the 2018 Farm Bill. Note: In November 2025, P.L. 119-37 significantly revised the federal definition of hemp. Effective November 12, 2026, hemp will be defined using a total THC standard (including THCA) at or below 0.3% on a dry-weight basis, and finished hemp-derived cannabinoid products will be subject to an additional cap of 0.4 milligrams of total THC per container. Organizations active in the hemp and CBD space should monitor this evolving regulatory landscape closely and update their COA testing protocols accordingly.
Cosmetics and Personal Care
Cosmetic ingredient suppliers and formulators use COAs to verify the purity and safety of raw materials, including preservatives, emollients, actives, and fragrances. While cosmetics are not subject to pre-market approval in the United States, the FDA’s Modernization of Cosmetics Regulation Act (MoCRA) of 2022 introduced new safety substantiation and adverse event reporting requirements that increase the importance of documented quality testing.
Environmental and Industrial Testing
COAs are generated for environmental samples, including soil, water, air, and waste materials, tested against regulatory thresholds set by the EPA, state agencies, or international bodies. These COAs are critical for environmental compliance reporting, site remediation projects, and industrial discharge monitoring.
Certificate of Analysis vs. Certificate of Conformance: Key Differences
The Certificate of Analysis (COA) and the Certificate of Conformance (CoC) are both quality assurance documents, but they are not interchangeable. Understanding the distinction matters when you are specifying supplier requirements, reviewing incoming goods, or preparing regulatory documentation.
| Attribute | Certificate of Analysis (COA) | Certificate of Conformance (CoC) |
| Definition | Document reporting actual test results for a specific batch | Statement declaring that a product meets specified requirements, without necessarily including test data |
| Data included | Quantitative results for each test parameter | Declaration of conformance — may reference tests without showing results |
| Issued by | QA department or accredited testing laboratory | Manufacturer, supplier, or authorized third party |
| Use case | Purchase order compliance, supplier qualification, and commercial contracts | Purchase order compliance, supplier qualification, commercial contracts |
| Regulatory weight | High — required by FDA cGMP, FSMA, and ISO standards for regulated industries | Moderate — accepted in non-regulated or low-risk commercial contexts |
| Specificity | Batch/lot-specific — tied to a unique lot number | May be generic or product-level, not always lot-specific |
In practice, for pharmaceuticals, food ingredients, and chemicals used in regulated applications, a COA is nearly always required. A CoC may be sufficient for lower-risk commercial transactions, but you should confirm this with your regulatory or quality team before substituting one for the other.
How to Read a Certificate of Analysis: A Step-by-Step Guide
Reading a COA for the first time can feel overwhelming, particularly for those who are unfamiliar with analytical chemistry terminology. The following step-by-step approach will help you systematically evaluate any COA you receive:
How to Read a Certificate of Analysis
- Verify the lot number.
Before reading a single test result, confirm that the lot number printed on the COA matches the lot number on your actual product container or shipping documentation. A COA from a different lot is not valid for your material, no matter how good the results look.
- Check the laboratory’s accreditation.
Look for an accreditation body and certification number, ideally referencing ISO/IEC 17025. If the COA is from an in-house lab, verify that the manufacturer operates under a recognized quality management system such as ISO 9001 or FDA cGMP.
- Confirm the test methods.
Ensure the analytical methods cited are recognized (USP, AOAC, ASTM, ISO) or internally validated. Unknown or unvalidated methods reduce confidence in the results.
- Review specifications against results.
For each test parameter, compare the specification (the acceptable range or limit) against the reported result. Every result should fall within its specification. Pay particular attention to potency/assay, purity, and any safety-related parameters such as heavy metals, microbial limits, or residual solvents.
- Look for a compliance statement.
A COA should explicitly state whether the product passes or fails. If you see any “fails” or the compliance statement is absent, investigate further before accepting the material.
- Check the date and signature.
Confirm the COA is signed by an authorized person and dated. Also, check that the COA date is consistent with the batch manufacturing date — COAs issued years after manufacturing may indicate retesting issues or documentation irregularities.
- Match the COA to your specification.
If you supplied a customer specification to your vendor, verify the COA tests and limits reflect your requirements — not just the vendor’s default specifications. These may differ, particularly for custom blends or specialty grades.
How to Verify a COA Is Legitimate: Red Flags to Watch For
As demand for documented quality assurance has grown, so has the incidence of fraudulent or misleading COAs — particularly in the cannabis, supplement, and specialty chemical markets. Here are the warning signs that should prompt deeper investigation:
- Unaccredited or unverifiable laboratory. If the laboratory name is unfamiliar or you cannot verify its accreditation status through the accrediting body’s public registry, treat the COA with extreme caution.
- Missing or incorrect lot number. Any COA that does not clearly reference a specific lot number, or whose lot number does not match your container, cannot be considered valid for that material.
- Suspiciously perfect results. In legitimate analytical testing, results rarely come back as exact round numbers or as exactly zero for contaminants. If every parameter shows “0.00” for heavy metals or “ND” (not detected) for all impurities with no method detection limits stated, this is a red flag.
- Outdated COA for a new batch. A COA from a prior lot presented as documentation for a new lot is a serious problem. Each lot requires its own COA.
- No test methods cited. A COA that shows results without referencing the analytical method used cannot be evaluated for method appropriateness or reproducibility.
- Unsigned or undated. As noted above, these are basic document control requirements. Their absence suggests poor quality management — or worse, document falsification.
- Inability to verify via QR code or laboratory portal. Many reputable laboratories now provide digital verification links or QR codes that allow recipients to confirm a COA’s authenticity directly against the laboratory’s own database. If a vendor claims this is available but the link does not work, investigate further.
If you have concerns about a COA’s authenticity or simply require independent verification, the most reliable solution is to commission your own testing through an accredited contract laboratory. This is particularly common practice in pharmaceutical incoming material testing, where regulatory guidance requires manufacturers to verify incoming COA data against the manufacturer’s specifications.
ISO/IEC 17025 and Laboratory Accreditation: Why It Matters for COAs
The international standard ISO/IEC 17025:2017 — General Requirements for the Competence of Testing and Calibration Laboratories — is the single most important quality standard for laboratories that issue COAs intended for regulatory or commercial use.
ISO/IEC 17025 accreditation means that an independent accreditation body (such as A2LA in the United States, UKAS in the United Kingdom, or other bodies operating under the framework formerly known as ILAC — which merged with IAF into the Global Accreditation Cooperation Incorporated as of January 2026) has assessed the laboratory’s technical competence, method validation practices, measurement traceability, equipment calibration, personnel qualifications, and quality management system, and found them to meet the standard’s requirements. It is a third-party attestation of laboratory integrity.
For regulated industries, ISO/IEC 17025 accreditation is not merely preferred — it is often required. The FDA and EMA expect pharmaceutical companies to use validated analytical methods and to verify that the laboratories performing COA testing have appropriate quality systems in place. Many regulatory agencies will not accept COA data from non-accredited laboratories for high-risk applications.
When submitting a contract lab testing request, you can specify whether ISO/IEC 17025 accreditation is required as part of your laboratory qualification criteria.
The Future of COAs: Digital Verification, Blockchain, and AI
The traditional paper COA, or even a static PDF, is increasingly giving way to dynamic digital documents with built-in verification and traceability features. Several technologies are reshaping how COAs are issued, transmitted, and verified:
QR Codes and Digital Verification Portals
The most widely adopted innovation is the QR code-linked COA. Scanning the QR code on a product label or shipping document takes the recipient directly to a secure laboratory portal where the full COA — tied to that specific lot — can be viewed, downloaded, and confirmed as genuine. This simple approach dramatically reduces the risk of fraudulent or tampered COAs and is now standard practice among leading contract research organizations.
Blockchain-Based COAs
A small but growing number of laboratory networks and supply chain technology companies are piloting blockchain-anchored COAs. Each COA is cryptographically hashed and recorded on a distributed ledger, creating an immutable record that cannot be altered after issuance. Any change to the document after anchoring is immediately detectable. This approach is particularly attractive for high-value or high-risk supply chains, including pharmaceutical APIs and cannabis products, where document integrity is critical.
AI-Assisted COA Review
Artificial intelligence and machine learning tools are beginning to appear in the COA review space, offering automated comparison of COA data against customer specifications, flagging of out-of-specification results, anomaly detection (identifying statistically unusual results that may indicate testing errors or fraud), and extraction of structured data from PDF COAs for integration into ERP and LIMS systems. These tools are most mature in the pharmaceutical and specialty chemical sectors.
How to Obtain a Certificate of Analysis for Your Product
If you are a manufacturer, formulator, importer, or distributor who needs to obtain a COA for your own product or incoming raw materials, the process generally follows one of two paths:
Option 1: Internal QC Testing
If your facility operates a quality control laboratory equipped with the appropriate analytical instruments and validated methods, you can generate COAs internally. This requires a documented quality management system (at minimum ISO 9001, and ideally ISO/IEC 17025 if you are supplying regulated markets), calibrated and maintained equipment, trained analytical personnel, and a document control system for issuing and storing COAs.
Option 2: Outsourcing to a Contract Testing Laboratory
For companies without internal laboratory capabilities — or for testing methods that require specialized instrumentation — outsourcing COA testing to an accredited contract laboratory is the standard and often the more cost-effective approach. ContractLaboratory.com operates the world’s largest laboratory outsourcing network, connecting organizations with accredited testing laboratories across all industries and testing disciplines.
When selecting a contract laboratory for COA testing, consider the following criteria:
- ISO/IEC 17025 accreditation for the specific test methods you require
- Industry-specific experience (pharmaceutical, food, cannabis, chemical, etc.)
- Turnaround time and capacity for your testing volume
- Data management capabilities, including digital COA delivery and portal access
- Regulatory experience if you are testing for FDA, USDA, or international regulatory submissions
You can submit a laboratory testing request on ContractLaboratory.com to describe your testing needs and receive responses from qualified laboratories, or browse our directory to find labs by testing type or product category.
Frequently Asked Questions About Certificates of Analysis
A COA is used to verify that a product or material meets specific quality, purity, potency, and safety specifications before it is accepted, used in manufacturing, sold, or shipped. It serves as documented evidence of quality for regulatory submissions, incoming material release decisions, customer audits, and supply chain traceability. In regulated industries such as pharmaceuticals and food production, a COA is often a mandatory quality document required before a batch can be released to market.
A COA is issued by the quality assurance or quality control department of the manufacturer or supplier, or by an independent accredited testing laboratory. For regulated pharmaceuticals, the COA must be signed by authorized personnel from the manufacturer’s or distributor’s quality unit, as required by FDA cGMP regulations. Third-party COAs — issued by contract testing laboratories independent of the manufacturer — are often considered more objective and may be specifically required by customers or regulators
A COA includes actual quantitative test data (the results of specific analytical tests), while a Certificate of Conformance (CoC) is primarily a declaration that a product meets specified requirements, without necessarily including the underlying test data. A COA is generally considered more rigorous and is required in regulated industries. A CoC may be sufficient for lower-risk commercial transactions but should not be substituted for a COA in pharmaceutical, food safety, or chemical regulatory contexts.
Verify that the lot number matches your product, the issuing laboratory is accredited (check the accrediting body’s public registry), the COA is signed and dated by an authorized person, and test results are plausible (not suspiciously perfect). Many reputable laboratories now include QR codes that link to a secure digital verification portal, allowing you to confirm the COA is genuine. If in doubt, commission independent retesting through an accredited contract laboratory.
Yes, for pharmaceutical products, the FDA requires COAs under its Current Good Manufacturing Practice (cGMP) regulations (21 CFR Parts 210 and 211 for finished pharmaceuticals; 21 CFR Part 111 for dietary supplements). Note: 21 CFR Part 212 applies exclusively to Positron Emission Tomography (PET) radiopharmaceutical drugs and is not a general pharmaceutical cGMP reference. Manufacturers must test — or verify through supplier COAs and identity testing — all incoming raw materials before use. For food products, FDA’s Food Safety Modernization Act (FSMA) requires supplier verification programs, for which COAs are a key tool. While the FDA does not use the term “COA” universally across all regulations, the documentation requirements it mandates are functionally equivalent to what a COA provides.
ISO/IEC 17025 is the international standard for the competence of testing and calibration laboratories. A laboratory accredited to this standard has been independently assessed for its technical capability, method validation, measurement traceability, and quality management. COAs from ISO/IEC 17025-accredited laboratories carry significantly more regulatory and commercial weight than those from non-accredited facilities, and are often specifically required by pharmaceutical, food, and chemical customers and regulators.
A COA does not have a universal expiry date — its validity is determined by the product’s stability profile and retest date, which is based on stability data generated by the manufacturer. For raw materials and chemicals, a retest date is typically specified on the COA, after which the material should be retested before use. For finished pharmaceutical products, the expiry date on the label determines shelf life. An outdated COA (one that was issued for an earlier lot, or one used beyond the material’s retest date) is not valid and should be rejected.
Yes — and in many situations, a third-party COA is preferred or required. Independent accredited testing laboratories can perform COA testing for manufacturers, importers, and distributors who lack in-house analytical capability, who require an objective second opinion on supplier-provided COAs, or who need testing performed under a recognized accreditation such as ISO/IEC 17025. ContractLaboratory.com maintains a global network of accredited contract laboratories available for all industries and testing types.
If a product fails any parameter on a COA, the standard process under quality management systems is to quarantine the affected batch, investigate the root cause (whether a manufacturing deviation, sampling error, or testing error), and determine the appropriate disposition — which may include reprocessing, rework, rejection, or destruction. For pharmaceutical products, out-of-specification (OOS) investigations must follow FDA-compliant procedures. Failed COA results should never be ignored or overridden without documented scientific justification.
You can submit a testing request through ContractLaboratory.com by describing your product, the parameters you need tested, the applicable specifications or standards, and any regulatory requirements. Accredited contract laboratories in the network will respond with their capabilities, accreditations, and pricing. You can also browse the laboratory directory by testing type, product category, or geographic location to identify suitable testing partners directly.
Conclusion
A Certificate of Analysis is far more than a regulatory formality. It is the documentary bridge between the claim that a product meets its specifications and the evidence that it actually does. For anyone involved in quality assurance, procurement, regulatory affairs, or laboratory operations, the ability to critically evaluate a COA — understanding its components, verifying its authenticity, and recognizing when it falls short — is an essential professional skill.
As quality standards continue to rise across regulated and commercial industries, and as digital verification and AI-assisted tools become more widely available, the COA is evolving into a richer and more reliable instrument of supply chain transparency. Organizations that treat the COA as a living quality document — not just a checkbox — are better positioned to avoid supply chain failures, regulatory action, and the reputational damage that follows a product quality incident.
If your organization needs COA testing for pharmaceuticals, food ingredients, chemicals, cannabis, dietary supplements, or any other product type, ContractLaboratory.com can connect you with the right accredited laboratory. Simply submit a laboratory testing request, or browse our global directory of contract testing laboratories. For questions about COA testing requirements in your specific industry, contact our team for expert guidance.