The lab that tests is not the lab that synthesizes.
Every batch we receive from synthesis is shipped — at our cost — to an independent ISO/IEC 17025:2017 accredited contract laboratory for HPLC, ESI-MS and LAL endotoxin assay. The COA is theirs, not ours.
Six handoffs that keep the verification independent.
Independence is not a slogan. It's a procedural chain — sample chain-of-custody, separate ownership, calibrated instruments, audited methods, signed reports, archived raw data. Each step is documented and traceable.
-
01
Synthesis batch released
Synthesis facility completes the batch, passes its own internal QC, and packages a sealed, labelled aliquot for external testing. The vial is sealed in tamper-evident packaging and accompanied by a chain-of-custody slip with batch ID, date, theoretical sequence and MW.
-
02
Sample receipt at the contract lab
Lab logs the seal integrity, batch ID, weight, and date of receipt. Sample is given a blind internal ID — the analyst running the assay does not see the synthesis facility name or any prior result. Sample stored in a controlled-access freezer.
-
03
Three independent assays
Reverse-phase HPLC (purity), ESI-MS (identity), kinetic chromogenic LAL (endotoxin) — each run on calibrated, validated instruments by qualified analysts. Each assay's raw data is captured by the LIMS, time-stamped and tied to the blind sample ID.
-
04
Internal cross-check
Results are reviewed by a second analyst before any draft COA is generated. Anomalies — purity below floor, MW out of window, endotoxin near ceiling — trigger automatic re-acquisition or escalation to the QC manager. No single operator can sign a result.
-
05
Signed COA & archive
QC manager signs the COA on the lab's letterhead. Raw data files (chromatogram, mass spectrum, kinetic LAL plate) are archived with retention ≥ 5 years. PDF transmitted directly from the lab to IGF1 Shop, lot-traceable.
-
06
Release decision & shipment
IGF1 Shop reviews the signed COA against release criteria. Pass: lot is listed as available, the COA travels with every order. Fail: lot is destroyed and the synthesis batch is investigated. The COA on file is the same one the customer downloads.
What "ISO/IEC 17025 accredited" actually says on paper.
Not all 17025 claims are equal. The certificate document spells out the accreditation body, the scope, the standard version, the validity dates, and the conformity statement. Anything outside that scope is not covered — and it's the part most vendors quietly omit.
Standard & accreditation No.
<b>ISO/IEC 17025:2017</b> is the current revision — anything pre-2017 is obsolete. The accreditation number ties the lab to its scope file and lets you verify status with the issuing body directly.
Scope of accreditation
The three assays we need — <b>HPLC purity, ESI-MS identity, kinetic LAL endotoxin</b> — are listed individually. Anything outside this scope is not covered, even if the lab runs it. We only commission assays inside the scope.
Validity & surveillance
Certificates have a fixed validity (typically 4 years), but the accreditation body conducts annual surveillance audits in between. We re-verify the lab's status before each calendar quarter's first batch.
The four management blocks behind a single signed COA.
17025 is not a marketing badge. It is a 33-clause technical standard covering management, technical competence, sample handling and reporting. Here is the short version of what's audited.
Management requirements
| Impartiality | Documented, no ownership conflicts |
|---|---|
| Confidentiality | Sample data not shared outside chain-of-custody |
| Internal audits | Annual, by qualified non-line staff |
| Management review | Annual, scope and effectiveness |
| Corrective actions | Documented root-cause + closure |
| Risk-based thinking | Required at every process |
Personnel & equipment
| Analyst qualification | Documented training + competency check |
|---|---|
| Equipment ID | Unique, traceable, log-bound |
| Calibration cadence | Documented schedule, NIST-traceable |
| Maintenance | Logged, preventive + corrective |
| Software qualification | Validated, version-controlled |
| Environment monitored | Temperature, humidity, light where relevant |
Method validation
| Specificity | Demonstrated against blanks & placebos |
|---|---|
| Linearity | r² and residual analysis on standards |
| Accuracy & precision | Spike recovery + replicate RSD |
| LOD & LOQ | Statistical, not eyeballed |
| Range | Bracketing the working concentration |
| Robustness | Method tolerates documented variability |
Reporting & data integrity
| Raw data archive | ≥ 5 years, electronic + paper |
|---|---|
| Audit trail | Time-stamped, immutable in LIMS |
| Two-analyst rule | Result + review by separate qualified staff |
| Certificate format | Standard fields, scope reference, signature |
| Uncertainty | Expressed where requested |
| Proficiency testing | Inter-lab participation, ≥ annual |
Not every "lab tested" claim means the same thing.
The COA on the homepage of a peptide vendor can be many things. From "we ran our own HPLC and stamped it" to "the lab is independently audited by ILAC signatories" is four orders of magnitude of evidence. Here's the spectrum.
Synthesis facility runs its own QC and signs its own COA. Cannot detect its own systematic errors. The dominant model in grey-market peptides.
Generic management system standard. Audits the org's process discipline, not the technical competence of the analytical methods. Necessary, not sufficient.
The international standard for analytical lab competence. Methods, equipment, personnel, calibration and reporting all audited by an external accreditation body. Required floor for our partners.
17025 plus active proficiency testing rounds against other accredited labs. Statistical proof the methods produce comparable results in practice — not just on the audit checklist.
The eight things an ISO/IEC 17025 surveillance audit checks.
An accreditation body sends an assessor in once a year. They are not auditing the lab's marketing, they are auditing the technical and procedural chain that produces a number on a certificate. These are the artifacts they ask for.
Four findings that suspend or revoke a 17025 scope.
Surveillance audits are not pass/fail in the marketing sense — they produce findings that have to be closed. These four classes of finding are serious enough to suspend or revoke an accreditation scope outright.
Method validation gaps
An assay in the accreditation scope must have a current validation report covering specificity, accuracy, precision, range, LOD, LOQ and robustness. A missing or outdated validation report suspends the scope item until re-validated.
Broken calibration chain
Every result on a COA traces back to a calibrated instrument, which traces back to a NIST-equivalent reference. If the chain is interrupted (lapsed cert, lost record, untraceable standard), any result produced after the gap is invalidated retroactively.
Proficiency-testing outlier
Inter-laboratory PT rounds compare blind results across accredited labs. A z-score outside ± 3 (sometimes ± 2 with action) is a "questionable" or "unsatisfactory" result that requires immediate root-cause analysis and corrective action; repeated failures suspend the scope.
Unresolved internal audit findings
Open findings from internal audits past their closure deadline are themselves an external-audit finding. A pattern of unclosed nonconformities indicates a breakdown in the management system and can lead to suspension of the entire accreditation, not just one scope item.