Laboratory Compliance (GLP)

TalkFDA Knowledge Hub from Industry Experts

GLP compliance governs laboratory studies to ensure data integrity and scientific reliability. It includes study design, execution, documentation, and reporting. Regulators focus on whether laboratory systems produce accurate, traceable, and reproducible data that can support regulatory decisions.

Categories

  • 483 Observations & Response
  • Aseptic Processing
  • Audit Management
  • Batch Records & Documentation
  • CAPA & Root Cause Analysis
  • Cleaning Validation
  • Computer System Validation
  • Data Integrity
  • Deviation / OOS / OOT
  • Environmental Monitoring
  • FDA Inspections
  • GCP Compliance
  • GMP Compliance
  • Laboratory Compliance (GLP)
  • Medical Device Submissions
  • Process Validation
  • Quality Systems / QMS / QMSR
  • Regulatory Submissions
  • Risk Management
  • Supplier Qualification

What does GLP compliance require?

Good Laboratory Practice (GLP) compliance is a regulated quality system governing nonclinical laboratory studies that ensures all work is planned, executed, recorded, reviewed, and archived in a way that produces data regulators can trust. In practical terms, it requires that every result can be traced back to raw data, linked to a defined protocol, attributed to trained personnel, generated using controlled equipment, and independently verified through quality oversight. Under frameworks such as FDA 21 CFR Part 58 and OECD GLP, compliance is demonstrated not by documentation alone, but by the ability to reconstruct the entire study lifecycle and defend the integrity of the data.

1. Protocol-driven study conduct and controlled execution

GLP requires studies to be governed by an approved protocol that defines objectives, methods, test systems, and data handling.


  • Studies are executed strictly against an approved protocol, with any deviation formally recorded, justified, and assessed for impact on study validity
  • The Study Director holds single-point accountability for study conduct, data integrity, and the final report, not just coordination
  • In inspections, gaps appear when procedures are followed informally, deviations are undocumented, or staff operate outside protocol-defined roles
  • Weak execution typically shows up as undocumented method changes, inconsistent sample handling, or unexplained differences between planned and actual activities

2. Data integrity and full traceability (ALCOA+ in practice)

GLP expects data to be attributable, contemporaneous, original, accurate, complete, consistent, enduring, and available across the entire lifecycle.

  • Raw data must be recorded at the time of activity with clear attribution to the individual or system generating it
  • Corrections must preserve the original entry, include justification, and be traceable through signed or electronic audit trails
  • Electronic systems must be validated with enforced access controls, time stamps, and audit trails that cannot be disabled or overwritten
  • Common failures include backdated entries, overwritten electronic records without audit trails, shared logins, and “unexplained” data transformations between instrument output and reported results

3. Documentation and archiving enabling full study reconstruction

GLP requires that a study can be independently reconstructed from archived records without relying on memory or informal explanations.

  • The final report must link directly to raw data, protocols, amendments, and deviations, with a clear audit trail from observation to conclusion
  • All study records, including raw data, metadata, and supporting documentation, must be retained in secure, access-controlled archives
  • Archiving systems must track who accessed or retrieved records and prevent loss, deterioration, or unauthorized modification
  • Inspection findings often arise when raw data cannot be located, data sets are incomplete, or there is no clear linkage between reported results and underlying records

4. Defined personnel responsibilities and competency control

GLP requires clearly defined roles, documented responsibilities, and demonstrable competency across all personnel involved in study execution.

  • Test facility management is responsible for ensuring resources, systems, and independence of quality assurance
  • The Study Director is accountable for scientific integrity and ensuring all personnel follow procedures and are adequately trained
  • Study personnel must have documented training, role-specific competency, and clear authorization to perform assigned tasks
  • Common weaknesses include outdated training records, personnel performing tasks outside qualification, and lack of clarity on who is responsible for critical decisions

5. Equipment control and facility suitability

GLP requires that all equipment and facilities used to generate data are controlled, maintained, and suitable for their intended purpose.

  • Equipment must be calibrated, maintained, and verified according to written procedures, with complete records retained
  • Facilities must prevent cross-contamination, ensure environmental control, and segregate activities where necessary
  • Changes to equipment, software, or facility layout must be assessed for impact on ongoing studies and documented
  • Typical inspection issues include missing calibration records, use of out-of-tolerance instruments, or environmental conditions not monitored or recorded

6. Independent quality assurance oversight

A defining feature of GLP is the requirement for an independent Quality Assurance Unit (QAU) that monitors compliance without being involved in study execution.

  • QAU reviews protocols, audits ongoing and completed studies, and verifies that procedures are followed in practice, not just on paper
  • Inspections include both document review and observation of actual study conduct, such as dosing, sampling, or data recording
  • The final report must include a QA statement confirming whether the study complied with GLP and identifying any exceptions
  • Weak systems treat QA as document review only, leading to missed issues such as unrecorded deviations or inconsistent lab practices

What companies often misunderstand

  • Treating GLP as a documentation exercise rather than a system that must demonstrate real-time control and traceability
  • Assuming that having SOPs equals compliance, while actual lab practices deviate from written procedures
  • Believing data integrity is limited to electronic systems, ignoring paper-based issues such as backdating or undocumented corrections
  • Underestimating the role of the Study Director, leading to fragmented accountability across teams
  • Using QA as a retrospective checker instead of an active oversight function embedded in study execution
  • Assuming that archiving is storage only, rather than a controlled system that ensures long-term accessibility and reconstruction

Practical takeaway

GLP compliance is proven when a laboratory can take any reported result and show, without gaps, how it was generated, who performed the work, under what conditions, using which equipment, and how it was reviewed and approved.

A compliant system is not defined by the presence of protocols, SOPs, or reports. It is defined by:

  • continuous, contemporaneous data capture with full traceability
  • enforced controls on people, processes, and systems
  • independent QA visibility into actual practice
  • complete, retrievable records that withstand regulatory inspection

When these elements are weak, the study is not just noncompliant. It becomes scientifically unreliable and unacceptable for regulatory decision-making.

How are laboratory systems controlled?

GLP laboratory systems are controlled through a closed, traceable workflow that links sample receipt, method execution, equipment control, data generation, review, and archival into a single reconstructable record. Under frameworks such as 21 CFR Part 58 and OECD GLP, the expectation is not just procedural compliance but demonstrable control, where every result can be traced back to qualified equipment, approved methods, trained personnel, and verified raw data.

1. Controlled sample receipt and chain-of-custody

What is done
Samples are received, uniquely identified, logged into controlled systems (LIMS or registers), and placed under defined storage conditions with continuous monitoring.

Who does it
Sample management staff or study personnel under SOP control, with QA visibility.

What commonly goes wrong
  • Duplicate or unclear sample IDs leading to traceability breaks
  • Missing or incomplete chain-of-custody entries during internal transfers
  • Storage excursions not recorded or not assessed for impact
  • Co-mingling of test items and controls causing contamination risk

2. Study protocol activation and method control

What is done
An approved study protocol and supporting SOPs define all test methods, acceptance criteria, and data handling rules before testing begins. Methods are validated or scientifically justified for intended use.

Who does it
Study Director owns the protocol, analysts execute methods, QA verifies readiness.

What commonly goes wrong
  • Use of partially validated or unofficial methods outside protocol scope
  • Analysts applying “lab practice” instead of SOP-defined steps
  • Protocol ambiguities around endpoints or calculations leading to inconsistent execution
  • Unauthorized method changes not captured as deviations or amendments

3. Equipment qualification, calibration, and status control

What is done
All critical equipment undergoes IQ/OQ/PQ as applicable, with routine calibration and maintenance tied to defined schedules. Equipment status is clearly visible before use.

Who does it
Metrology or engineering teams maintain systems, analysts verify status before use.

What commonly goes wrong
  • Instruments used past calibration due date or without visible status labeling
  • Out-of-tolerance calibration events not linked to impacted data
  • Incomplete qualification documentation for computerized or analytical systems
  • Shared equipment lacking clear ownership and accountability

4. Controlled test execution and real-time data recording

What is done
Testing is performed strictly per protocol and SOPs, with all observations recorded as raw data at the time of activity. Electronic systems are validated and maintain audit trails.

Who does it
Analysts generate data, supervisors oversee execution.

What commonly goes wrong
  • Backdated entries or delayed transcription from unofficial notes
  • Missing analyst attribution or timestamps in raw data
  • Overwriting electronic data without audit trail visibility
  • Environmental or system parameters (temperature, humidity, instrument conditions) not recorded

Data integrity expectations align with ALCOA+: attributable, contemporaneous, original, accurate, complete, consistent, enduring, and available. Failures here are a primary inspection trigger.

5. Data review, reconciliation, and investigation

What is done
Data undergo layered review: analyst self-check, supervisory or peer review, then Study Director assessment. Discrepancies, OOS results, or anomalies are formally investigated.

Who does it
Analysts, technical reviewers, Study Director, with QA oversight.

What commonly goes wrong
  • Reviews limited to checking calculations rather than scientific validity
  • Failure to reconcile raw data against reported values
  • Superficial OOS investigations with pre-determined conclusions
  • Missing documentation of review dates, decisions, and rationale

6. Deviation and change control

What is done
Any departure from protocol, SOP, or expected conditions is formally documented, assessed for impact, and approved. Protocol amendments are prospective and controlled.

Who does it
Analysts raise deviations, Study Director evaluates impact, QA reviews.

What commonly goes wrong
  • Deviations recorded late or not at all
  • Retrospective “justification” of unplanned changes
  • Failure to assess impact on study validity or data integrity
  • Informal workarounds becoming routine practice without control

7. Final reporting and QA oversight

What is done
A final report is prepared linking conclusions directly to raw data and documented methods. QA performs independent inspections and issues a formal statement confirming GLP compliance.

Who does it
Study Director authors and signs the report, QA provides independent verification.

What commonly goes wrong
  • Reports summarizing results without traceable linkage to raw data
  • QA statements treated as boilerplate rather than evidence-based
  • Incomplete documentation of inspections performed during the study
  • Discrepancies between raw data and reported conclusions not resolved

8. Archival and long-term data control

What is done
All study materials, including raw data, protocols, reports, and relevant samples, are transferred to controlled archives with defined retention, access, and retrieval procedures.

Who does it
Archive personnel manage storage, QA ensures compliance.

What commonly goes wrong
  • Missing or incomplete transfer of electronic raw data
  • Archived records not retrievable or readable over time
  • Uncontrolled access to archives compromising data integrity
  • Lack of linkage between archived materials and study records

Common execution gaps across the system

  • Weak handoffs between sample management, analysts, and QA leading to fragmented traceability
  • Over-reliance on SOP existence without verifying actual execution in the lab
  • Inconsistent linkage between equipment status, method execution, and generated data
  • Data review treated as administrative sign-off instead of critical scientific verification
  • Deviation systems used defensively rather than as true control mechanisms
  • QA audits focused on documentation completeness instead of data credibility

Practical takeaway

A controlled GLP laboratory system is not defined by the presence of SOPs, protocols, or audit trails. It is defined by whether an independent reviewer can reconstruct the entire study from sample receipt through final report and reach the same scientific conclusions without ambiguity.

In weak systems, documentation exists but connections are missing. Samples cannot be traced cleanly, methods drift from defined procedures, equipment status is unclear, and data reviews confirm formatting rather than truth.

In controlled systems, every element is linked: the sample identity, the method applied, the equipment used, the data generated, the review performed, and the final conclusion all align without contradiction. That coherence is what regulators test, and it is where most failures are exposed.

What are common GLP violations?

Across FDA GLP inspections, Form 483 observations, and warning letters from 2023–2026, most violations are not isolated technical errors. They are repeatable system failures tied to data integrity, documentation discipline, study control, and oversight breakdowns. These weaknesses tend to appear together and signal that the GLP system is not functioning as intended under 21 CFR Part 58 and OECD GLP principles.

1. Missing or Non-Reconstructable Raw Data

This is one of the most serious and frequently cited failures.

  • Original instrument files, chromatograms, or electronic datasets are missing, while only processed printouts or summary spreadsheets are retained
  • Raw data exist but are incomplete, for example missing audit trails, deleted sequences, or partial lab notebook entries
  • Data are stored in uncontrolled locations such as local drives or loose paper, preventing QA access or inspection review

Why it is weak
The study cannot be reconstructed, violating a core GLP requirement that all results must be traceable to original observations.

What regulators infer
Data may have been selectively reported, manipulated, or fabricated. This is treated as a systemic data integrity failure, not a documentation lapse.

2. Undocumented Changes and Backdated Records

Inspectors consistently identify non-contemporaneous documentation and invisible data changes.

  • Corrections overwrite original values without justification, date, or signature, or without preserving the original entry
  • Entries are clearly recorded after the fact, with identical handwriting, timestamps, or batch updates across multiple records
  • Protocol changes, calculation adjustments, or report edits are made without formal amendment or traceable history

Why it is weak
It violates ALCOA+ principles such as contemporaneous, attributable, and original data. The record no longer reflects what actually occurred.

What regulators infer
Intentional data manipulation or uncontrolled practices. Even if unintentional, the data are considered unreliable.

3. Incomplete Study Documentation and Weak Deviation Control

Documentation gaps are repeatedly cited across the full study lifecycle.

  • Protocols lack critical detail such as test frequency, acceptance criteria, or defined endpoints
  • Deviations from protocol or SOPs are either not recorded or documented informally without justification or approval
  • Final reports omit deviations, unexpected events, or conditions that could affect data quality

Why it is weak
GLP requires full transparency of how the study was conducted, including all deviations and their impact.

What regulators infer
The final report may misrepresent actual study conduct. This raises concerns about scientific validity and regulatory submission reliability.

4. Unvalidated or Poorly Controlled Analytical Methods

Method control failures continue to appear in GLP findings, often linked to data reliability concerns.

  • Analytical methods used for study endpoints lack documented validation for accuracy, precision, specificity, or robustness
  • Method transfers between labs occur without documented verification or comparability assessment
  • System suitability checks are skipped, inadequately defined, or fail without triggering investigation

Why it is weak
Without validated or controlled methods, there is no assurance that generated data are accurate or reproducible.

What regulators infer
Even if data appear consistent, they are not scientifically defensible. The entire dataset may be rejected.

5. Poor Sample Traceability and Chain-of-Custody Gaps

Sample control failures directly undermine study credibility.

  • Samples, animals, or test systems are not uniquely identified, or labeling is inconsistent across records
  • Chain-of-custody logs are missing for sample transfers, storage, or reanalysis
  • Sample mix-ups, reassignments, or re-sampling events are not documented or investigated

Why it is weak
There is no reliable link between the reported result and the actual test article or subject.

What regulators infer
Results may be assigned to the wrong sample or group, making conclusions scientifically invalid.

6. Inadequate Training and Undefined Responsibilities

Training failures are a consistent cross-cutting deficiency in recent inspections.

  • Personnel perform GLP tasks without documented training on SOPs, study protocols, or data integrity expectations
  • Training records are missing, outdated, or not aligned with current methods and systems
  • Roles such as Study Director, analyst, or QA are not clearly defined, leading to unauthorized actions or missed responsibilities

Why it is weak
GLP relies on clearly defined roles and documented competence before work is performed.

What regulators infer
Errors are likely systemic, not isolated. Untrained staff increase the risk of undocumented changes, missing data, and protocol deviations.

7. Ineffective QA Oversight and Weak QA–Study Director Interface

Quality Assurance Units often exist formally but fail operationally.

  • QA inspections are limited to document review and do not include raw data verification or observation of study conduct
  • Critical phases of studies are not inspected, or inspection coverage is incomplete
  • QA findings are not escalated to management or the Study Director, and corrective actions are not documented or tracked
  • QA statements in final reports are generic and do not reflect actual inspection findings

Why it is weak
QA is intended to provide independent assurance that studies comply with GLP and that data are reliable.

What regulators infer
The quality system is ineffective. Management oversight is weak, and noncompliance is likely recurring across studies.

8. Incomplete or Misleading Final Reports and Record Retention Failures

Final report integrity remains a recurring inspection focus.

  • Final reports exclude deviations, omit adverse events, or fail to describe conditions affecting data quality
  • Changes to reports are made without formal amendments, obscuring the history of revisions
  • Archived records are incomplete, missing critical elements such as raw data, audit trails, calibration records, or training documentation

Why it is weak
GLP requires that the final report provides a complete and accurate account of the study and that all supporting records are retained for reconstruction.

What regulators infer
The study cannot be independently verified. This raises concerns about both data integrity and regulatory intent.

Failure Pattern Summary

These violations rarely occur in isolation. Missing raw data often coincides with poor sample traceability, undocumented changes, and weak QA review. Inadequate training enables improper documentation practices, while ineffective QA fails to detect or escalate them. The result is a system where studies cannot be reconstructed, deviations are hidden or ignored, and final reports present an incomplete or misleading picture.

Regulators interpret this combination as a breakdown of the GLP framework itself rather than individual errors. This significantly increases the likelihood of escalation from 483 observations to warning letters or rejection of study data.

Practical Takeaway

Most GLP violations begin as small, tolerated gaps such as incomplete entries, informal changes, or weak QA follow-up. When these are not corrected early, they accumulate into systemic data integrity and oversight failures.

Teams should focus on early detection of these signals
  • raw data not routinely reviewed or archived in original form
  • deviations handled informally instead of through controlled processes
  • training records not aligned with actual responsibilities
  • QA findings not driving corrective action

Addressing these early prevents escalation into inspection-critical deficiencies that compromise the credibility of the entire study.

What do inspectors focus on in labs?

During GLP inspections under 21 CFR Part 58 and OECD GLP principles, investigators do not assess laboratories as static systems. They actively test whether study execution, data, controls, and oversight align in practice. The inspection is built around one question: can the study be reconstructed from raw data, and does that reconstruction match the protocol, records, and reported conclusions?

The following areas consistently receive the most scrutiny.

1. Study conduct vs protocol requirements

Inspectors begin by anchoring the inspection to one or more studies and evaluating whether the work performed matches the approved protocol.

They examine:
  • Execution of critical study elements such as dosing, sampling timepoints, test system handling, and endpoint measurements against the protocol
  • Documentation and approval of protocol amendments, including whether changes were prospectively authorised or introduced informally
  • Alignment between protocol, raw data, and final report to detect silent deviations or retrospective justification

What triggers concern:
  • Evidence of “protocol drift” where repeated deviations occur without formal amendment
  • Final reports reflecting conditions or results not traceable to the approved protocol version
  • Inconsistent timing, missing observations, or substituted methods not documented as deviations

Isolated vs systemic signal:
  • A single, well-documented deviation with QA visibility is typically contained
  • Repeated undocumented changes across studies indicate loss of study control and weak Study Director oversight

2. Raw data integrity and traceability

Raw data is treated as the primary evidence of compliance. Investigators spend significant time tracing reported results back to original records.

They examine:
  • Completeness of raw data including notebooks, electronic files, chromatograms, and instrument outputs
  • Traceability from final reported values to original measurements and intermediate calculations
  • Contemporaneous recording practices and integrity of corrections

What triggers concern:
  • Missing raw data, reliance on transcribed summaries, or absence of original electronic files
  • Backdated entries, overwritten records, or undocumented changes
  • Use of uncontrolled worksheets, loose papers, or unofficial data capture tools

Data integrity focus:
  • ALCOA+ failures such as lack of attributable entries, incomplete audit trails, or uncontrolled data modification
  • Electronic systems without audit trails or with disabled logging of changes

Isolated vs systemic signal:
  • A single documentation error with preserved original data is manageable
  • Patterns of missing, altered, or non-contemporaneous data are treated as fundamental data integrity breakdowns

3. Equipment control and data-generating systems

Inspectors verify whether instruments and systems used to generate data were in a controlled and qualified state at the time of use.

They examine:
  • Calibration, maintenance, and qualification records linked to study timelines
  • Status labelling and usage logs showing whether equipment was within valid calibration periods
  • Validation and control of computerized systems including access control and audit trails

What triggers concern:
  • Use of instruments past calibration due dates or without documented maintenance
  • Gaps between equipment logs and study usage records
  • Systems generating critical data without validated configurations or audit trail functionality

Isolated vs systemic signal:
  • A missed calibration with impact assessment may be contained
  • Widespread gaps in equipment control invalidate data reliability across multiple studies

4. Personnel training and role execution

Investigators assess whether personnel performing study activities are qualified and whether responsibilities are clearly executed.

They examine:
  • Training records demonstrating role-specific qualification, GLP training, and method competency
  • Understanding of SOPs through direct questioning of staff
  • Execution of Study Director responsibilities, including data review, deviation handling, and report approval

What triggers concern:
  • Personnel unable to explain procedures they perform or unaware of GLP responsibilities
  • Training records that are outdated, generic, or not aligned with current methods
  • Evidence that the Study Director does not exercise real oversight of study conduct

Isolated vs systemic signal:
  • A training gap for one individual is manageable if detected and corrected
  • Widespread lack of role clarity or ineffective Study Director control indicates systemic governance failure

5. QA audits and oversight effectiveness

The Quality Assurance Unit (QAU) is evaluated as an independent control function, not a documentation formality.

They examine:
  • QA inspection plans covering ongoing studies, critical phases, and data review points
  • QA reports, findings, and follow-up actions including CAPA effectiveness
  • QA statements in final reports confirming inspection coverage and findings

What triggers concern:
  • QA audits that exist on paper but do not reflect actual study oversight
  • Failure to detect or escalate protocol deviations and data issues
  • Recurring findings without effective corrective action

Isolated vs systemic signal:
  • A missed QA check can be contained if deviations are still controlled
  • Ineffective QA across studies signals loss of independent oversight and systemic GLP failure

6. Record retention and archive integrity

Inspectors verify whether the laboratory can reconstruct studies long after completion.

They examine:
  • Archival of protocols, raw data, amendments, reports, and QA records in a controlled system
  • Chain-of-custody from data generation to archive storage
  • Retrievability and indexing of archived materials

What triggers concern:
  • Missing archived records or inability to retrieve complete study files
  • Uncontrolled transfer of data to archives without verification
  • Mismatch between archived data and reported study outputs

Isolated vs systemic signal:
  • A single retrieval delay is minor if data integrity is intact
  • Incomplete archives or broken traceability indicate long-term data reliability risks

7. System consistency across SOPs, records, and practice

Beyond individual systems, inspectors actively cross-check whether documented procedures reflect actual laboratory behavior.

They examine:
  • Alignment between SOPs, training, and observed practices in the lab
  • Consistency between QA records, raw data, and study documentation
  • Integration of systems such as equipment control, training, and data management

What triggers concern:
  • “Paper compliance” where SOPs are well-written but not followed in practice
  • Conflicts between different records describing the same activity
  • Disconnected systems that do not reconcile during traceability checks

Isolated vs systemic signal:
  • A single inconsistency may indicate documentation error
  • Repeated mismatches across systems demonstrate lack of operational control

Inspection-level takeaway

Inspectors do not evaluate laboratory elements in isolation. They triangulate:

  • protocol → execution → raw data → QA oversight → final report → archive

Any break in this chain raises questions about data credibility. The inspection escalates quickly when multiple weak signals align, especially across data integrity, QA oversight, and Study Director control.

Practical implication for laboratories

To withstand inspection scrutiny, laboratories must ensure:

  • Studies can be reconstructed end-to-end using complete, contemporaneous, and traceable raw data
  • Protocol adherence is demonstrable, with all deviations formally documented and justified
  • Equipment, systems, and environments are controlled and verifiably qualified at the time of use
  • Personnel are trained, competent, and clearly executing defined responsibilities
  • QA operates as an active oversight function with real visibility into study conduct
  • Archives are complete, secure, and capable of reproducing the full study record years later
  • All systems align in practice, not just in documentation

Inspection readiness in GLP laboratories is not judged by the presence of systems, but by the consistency between what was planned, what was done, what was recorded, and what can still be proven.

When should lab results be invalidated?

Invalidation of test results in a GLP environment is a formal scientific and regulatory decision that a data point cannot be considered reliable, attributable, or representative of the test system. Under 21 CFR Part 58, OECD GLP, and WHO-aligned frameworks, invalidation is permitted only when there is clear, documented evidence that the result was generated under compromised conditions. It is not a corrective convenience and must follow a defined investigation, with full retention of the original data and rationale.

Decision criteria

1. Confirmed analytical error or instrument failure

The first decision point is whether the analytical system was functioning within its validated state.

Invalidation is justified when objective evidence shows the analytical process failed.

  • System suitability failure, calibration out of tolerance, unstable baseline, detector drift, or failed control samples during the run
  • Instrument malfunction identified during or after analysis, including retrospective discovery through QA review or audit trail
  • Documented analyst error such as incorrect reagent preparation, pipetting error, contamination, or use of expired or wrong reagents

Why it matters: Data generated outside validated system performance cannot be considered scientifically reliable.

Weak decision: Invalidating results without clear, documented evidence of failure, or using vague “instrument issue suspected” justifications.
Defensible decision: Linking the failure directly to the affected run with supporting raw data, logs, and investigation findings.

2. Sample integrity failure

A result is only as valid as the sample tested. If the sample is compromised, the result loses meaning.

Invalidation is required when the sample cannot be confirmed as a valid representation of the test condition.

  • Hemolysis, clotting, contamination, incorrect container, improper fill volume outside acceptance criteria
  • Storage or handling outside validated conditions such as temperature excursions or stability window breaches
  • Chain-of-custody breaks including mislabeling, sample mix-up, or untraceable sample identity

Why it matters: GLP requires traceability and scientific validity from sample collection through analysis.

Weak decision: Accepting results despite known sample handling deviations without impact assessment.

Defensible decision: Rejecting results where predefined sample acceptance criteria are not met and documenting impact.

3. Critical deviation from protocol or SOP

Not all deviations require invalidation. The key question is whether the deviation materially affects the result.

Invalidation is appropriate when a deviation compromises the scientific integrity of the data.

  • Incorrect dosing, wrong concentration, or incorrect test system conditions
  • Sampling outside defined time windows or under unvalidated conditions
  • Use of unapproved or modified methods without documented amendment or justification

Why it matters: Under GLP, the study protocol defines the conditions under which data are considered valid.

Weak decision: Treating critical deviations as minor or failing to assess their impact on endpoints.

Defensible decision: Documenting the deviation, assessing impact, and invalidating only the affected data when impact is demonstrated.

4. Data integrity failure (ALCOA+ breakdown)

If data cannot be trusted, it cannot be used. This is one of the most critical invalidation triggers.

Invalidation is required when the integrity of the data record is compromised.

  • Missing raw data such as chromatograms, instrument files, or lab notebook entries
  • Overwritten or altered electronic records without audit trail visibility
  • Backdated entries, undocumented corrections, or inconsistent timestamps
  • Unauthorized access or lack of access control leading to data manipulation risk

Why it matters: Regulatory authorities require data to be attributable, legible, contemporaneous, original, and accurate.

Weak decision: Attempting to reconstruct or justify results without original data.

Defensible decision: Invalidating results when data cannot be verified and documenting the integrity failure.

5. Inability to reproduce or verify results

Reproducibility is a core expectation for valid scientific data.

Invalidation is justified when results cannot be confirmed through repeat analysis or reconciliation.

  • Repeat analysis under the same conditions produces significantly different results without assignable cause
  • Calculations, units, or reported values cannot be reconciled with raw data or source records
  • Result cannot be traced to specific method parameters, instrument settings, or reagent lots

Why it matters: GLP requires that results be reconstructable from raw data to final report.

Weak decision: Retaining unexplained inconsistent results without investigation.

Defensible decision: Invalidating results when reproducibility or traceability fails and no root cause can justify acceptance.

6. Investigation outcome confirms assignable cause

Regulatory expectation is clear: invalidation must follow a scientifically sound investigation.

Invalidation is appropriate only when the investigation identifies a clear assignable cause linked to the result.

  • Root cause analysis confirms laboratory error, equipment failure, or sample issue
  • Evidence directly connects the cause to the specific data point or run
  • Impact assessment shows the result is not representative of the true condition

Why it matters: FDA and GLP frameworks prohibit discarding results without documented justification.

Weak decision: Invalidating results based on assumption or to avoid OOS outcomes.

Defensible decision: Using structured investigation (OOS/OOT process) to support invalidation.

7. Failure to meet predefined acceptance or invalidation rules

GLP requires that acceptance and invalidation criteria are predefined, not created after results are seen.

Invalidation is justified when predefined criteria are clearly breached.

  • System suitability or QC criteria not met as defined in validated method
  • Sample acceptance criteria violated as defined in SOPs
  • Data review or QA checks reveal non-compliance with established procedures

Why it matters: Decisions must be consistent, objective, and predefined to avoid bias.

Weak decision: Creating post hoc justifications for invalidation.

Defensible decision: Applying written criteria consistently and documenting decisions.

When the wrong decision creates compliance risk

Improper invalidation decisions are a common inspection finding.

  • Discarding OOS results without investigation leads to FDA observations for data manipulation
  • Repeating tests until passing results are obtained without invalidating original data violates data integrity expectations
  • Invalidating results without retaining original records breaks traceability and ALCOA+ principles
  • Accepting results despite known sample or instrument issues leads to unreliable study conclusions
  • Failing to document rationale for invalidation results in inability to defend decisions during inspection

Regulators often focus less on the failure itself and more on how the laboratory handled the data.

Practical takeaway

A defensible invalidation decision in GLP laboratories follows a structured logic:

  • Start with predefined acceptance and invalidation criteria linked to methods and protocols
  • Identify whether a failure occurred in analytical system, sample integrity, protocol adherence, or data integrity
  • Conduct a documented investigation to determine root cause and impact
  • Invalidate results only when a clear, evidence-based assignable cause is confirmed
  • Retain all original data, including invalidated results, with full traceability and justification
  • Document the decision clearly so it can withstand QA review and regulatory inspection

Invalidation is not about removing inconvenient data. It is about protecting the scientific and regulatory credibility of the study by ensuring only reliable, verifiable results are used for decision-making.

What documentation is required in GLP labs?

In GLP environments, documentation is the primary evidence of compliance. Regulators assess whether a study can be fully reconstructed from planning through execution to archival using recorded data alone. Under 21 CFR Part 58 Subpart J and OECD GLP principles, documentation must demonstrate that study conduct, data generation, review, and reporting were controlled, traceable, and scientifically justified.

Core Required Records and What They Must Demonstrate

1. Study Protocols, SOPs, and Study-Level Control Documents

These define how the study was intended to be conducted and whether execution followed that intent.

  • Approved study protocols and amendments must define objectives, test systems, methods, endpoints, and statistical approaches, with version control and documented approvals
  • Protocol amendments and deviations must include scientific justification, timing, and impact assessment on study integrity
  • Standard Operating Procedures must cover all routine and critical operations including sample handling, analytical methods, equipment use, data handling, QA inspections, deviation management, and archiving
  • Master schedule of studies must list all GLP studies and align with reported GLP activities to prevent misclassification of non-GLP work

Regulators routinely cross-check protocol requirements against raw data and final reports to confirm consistency. Missing or poorly justified amendments are a common inspection finding.

2. Raw Data and Analytical Records

These are the foundation of GLP evidence and must allow reconstruction of every result.

  • Raw data must include original observations such as laboratory notebooks, worksheets, instrument outputs, electronic files, chromatograms, and imaging data
  • Analytical records must show complete run-level detail including calibration curves, system suitability, blanks, controls, calculations, and batch-specific results
  • Each data point must be traceable to a specific sample, analyst, instrument, and timepoint
  • Corrections must retain the original entry, include reason for change, date, and attribution

Inspectors frequently trace individual reported values back to raw data. Gaps such as missing chromatograms, unlinked electronic files, or undocumented transcription steps are treated as data reliability failures.

3. Equipment Logs, Calibration, and Validation Records

These demonstrate that data were generated using controlled and suitable systems.

  • Equipment usage logs must document operation, cleaning, maintenance, and any malfunction events with impact assessment on affected studies
  • Calibration records must show defined intervals, acceptance criteria, standards used, results obtained, and responsible personnel
  • Qualification and validation records must confirm that instruments and computerized systems perform as intended
  • Computerized system documentation must include audit trails, user access controls, backup procedures, and validation evidence consistent with data integrity expectations

A common failure pattern is incomplete linkage between equipment logs and study data, where instruments used in a study cannot be shown to be in a qualified or calibrated state at the time of use.

4. Training and Personnel Records

These establish that individuals generating and reviewing data are competent and authorized.

  • Training records must document education, GLP training, method-specific qualification, and periodic refreshers
  • Role assignment records must clearly identify Study Director, QA personnel, and technical staff responsibilities
  • Training must be completed before performing GLP tasks and linked to specific procedures or methods

Inspectors often identify gaps where analysts perform work before documented training completion or where training records lack specificity to the methods used.

5. Deviations and Investigation Reports

These capture departures from planned or expected conditions and their impact on data.

  • Deviation records must describe the event, timing, root cause, and impact on study validity
  • Investigations must address out-of-specification or anomalous results with documented root cause analysis and scientifically justified conclusions
  • Corrective and preventive actions must be defined and tracked to closure

Weak investigations are a frequent issue, particularly where conclusions are not supported by data or where impact on previously generated results is not assessed.

6. Quality Assurance (QA) Audit Records and Final Reports

These provide independent oversight and formal study conclusions.

  • QA audit plans must define inspection schedules for critical study phases, raw data, and reports
  • QA reports must document findings, follow-up actions, and communication to management
  • Final study reports must include protocol summary, deviations, results, conclusions, and a signed QA statement confirming GLP compliance and inspection coverage

Regulators verify that QA inspections occurred at appropriate study phases and that findings were resolved before study finalization.

7. Archival and Retention Records

These ensure long-term traceability and reconstructability of studies.

  • Archive indexes must catalog all study-related materials including protocols, raw data, reports, QA records, training, and equipment documentation
  • Storage records must define conditions, access control, and preservation of both paper and electronic data
  • Retention schedules must comply with regulatory requirements and demonstrate that records remain readable and retrievable over time
  • Retrieval testing must confirm that archived electronic data can be restored with full metadata and audit trails intact

A common regulatory concern is archived electronic data that cannot be reprocessed or lacks sufficient metadata to reconstruct the study.

What Weak GLP Documentation Looks Like

  • Missing linkage between protocol requirements, raw data, and final report conclusions
  • Incomplete raw data sets, such as absent original instrument outputs or undocumented data transfers
  • Deviations recorded without scientific rationale or impact assessment
  • Equipment logs that do not align with study timelines or lack calibration evidence at time of use
  • Training records that are generic, undated, or not tied to specific procedures
  • QA audits performed retrospectively or lacking evidence of follow-up
  • Archive systems that store data but cannot demonstrate retrieval or integrity over time

These weaknesses prevent inspectors from reconstructing the study and directly undermine GLP compliance.

Data Integrity Implications

GLP documentation must meet ALCOA+ principles in practice, not just in policy.

  • Attributable failures occur when entries lack signatures, timestamps, or user identification in electronic systems
  • Legibility issues arise when original records are overwritten or obscured rather than corrected properly
  • Contemporaneous recording is challenged by backdated entries or delayed transcription from unofficial notes
  • Original data integrity is compromised when raw data are replaced by summaries without retention of source records
  • Audit trail deficiencies in computerized systems prevent detection of data changes or deletions
  • Access control failures allow unauthorized data modification without traceability

Regulators expect audit trails to be reviewed and deviations in data integrity to be investigated with the same rigor as analytical deviations.

Practical Takeaway

GLP documentation is inspection-ready only when it allows a regulator to reconstruct the entire study without relying on verbal explanations.

  • Every result must trace back to raw data, equipment state, method, and trained personnel
  • Every deviation must show scientific reasoning and documented impact on study validity
  • Every system used to generate data must have evidence of control at the time of use
  • Every record must be attributable, contemporaneous, and preserved in its original form

Presence of documents is not sufficient. Inspectors evaluate whether those records form a complete, consistent, and defensible narrative of the study.