Skip to main content

Pillar 01Verifying Authenticity

Third-Party Tested vs COA on Request: What's Verified

Peptide third party testing decoded: how to tell a genuine, batch-matched independent COA from in-house QC and vague "on request" claims.

Published 26 June 2026Byline labowned editorialVersion v1.0

"Third-party tested." "COA available on request." "Lab verified." These phrases appear on peptide listings so often that they have stopped carrying any fixed meaning. This guide decodes that marketing language against the formal standards it borrows from, so you can separate genuine independent testing from routine in-house quality control, and understand why a certificate you have to ask for is weaker than one that is published, batch-matched, and issued by a laboratory with no stake in the sale. By the end you will have a short checklist you can apply to any test claim.

What "third-party" actually means

The term is not marketing invention; it comes from conformity assessment vocabulary. ISO/IEC 17000:2020 defines a first-party conformity assessment activity as one performed by the provider of the object being assessed, a second-party activity as one performed by a party that has a user interest in the object (for example a purchaser), and a third-party activity as one performed by a person or organization that is independent of the provider and has no user interest in the object. That last definition is the entire basis for calling testing "independent" or "third-party."

Read against that standard, "in-house QC" is, by definition, a first-party activity. A manufacturer testing its own product is doing legitimate and necessary work, but it is not third-party testing, and describing it that way blurs a line the standard draws deliberately. The first decode, then, is simple: ask whether the laboratory named is actually independent of the seller, or whether internal quality control is being relabeled as independent verification.

What a Certificate of Analysis is supposed to be

A Certificate of Analysis (COA) is an official document issued by a quality-control laboratory that reports the actual test results for a specific, uniquely numbered batch or lot, measured against predetermined specifications. Each COA corresponds to a unique batch number and documents the testing performed on that specific lot, not representative or historical data from an earlier run. That single-lot correspondence is what gives the document its value; a certificate that could describe any batch describes none in particular.

The broader discipline of reading laboratory reports and interpreting biomarker data is covered in depth at rawmarkers.com, which is a useful grounding for anyone learning to treat a lab document as evidence rather than decoration.

"COA available on request" versus a published, batch-matched COA

This is where the language matters most. A COA is only meaningful if it is tied to the exact lot in front of you. When a certificate is merely "available on request," several things are left unresolved: whether the document you eventually receive matches the batch you are actually looking at, whether it was issued by an independent laboratory or generated internally, and whether it reports current results or a sample tested long ago.

Regulators treat this gap seriously. Under US current good manufacturing practice, 21 CFR 211.84 requires at least one specific identity test on each lot of a drug-product component, and it allows a manufacturer to accept a supplier's certificate or report of analysis in lieu of other testing only if the manufacturer also establishes the reliability of the supplier's analyses through appropriate validation at appropriate intervals. The same principle is spelled out in the FDA's questions and answers on controlling components. In other words, even inside a regulated supply chain, a supplier's COA is not accepted at face value.

A published, batch-matched COA closes most of that gap in one step. The batch number on the certificate matches the batch number on the vial, the results are the actual results for that lot, and, when the certificate comes from an independent laboratory, the party reporting the numbers has no interest in the sale. "On request" defers all three of those questions to a moment when you can no longer easily check them.

The methods behind an honest peptide COA

For proteins and polypeptides, the international reference point for what a specification should contain is ICH Q6B (reference CPMP/ICH/365/96, effective 1 September 1999), which treats identity, purity, impurities, contaminants, quantity, and potency as distinct specification attributes. A COA that collapses all of that into a single unexplained purity figure is reporting far less than the standard contemplates.

Identity

ICH Q6B states that an identity test should be highly specific for the drug substance and should be based on unique aspects of its molecular structure, and it notes that more than one test (physicochemical, biological, and/or immunochemical) may be necessary to establish identity. One method it names for confirming structure at lot release is peptide mapping: selective fragmentation of the molecule, with the fragments analyzed by HPLC or other procedures and identified by techniques such as amino acid analysis, N-terminal sequencing, or mass spectrometry. In practice, mass spectrometry confirms identity by measuring the molecular weight of the compound and comparing it to the expected molecular weight of the labeled peptide.

Purity

ICH Q6B notes that purity is determined by a combination of methods chosen to separate the desired product from product-related substances and impurities. HPLC is the standard method for quantifying purity, separating the target peptide from related impurities such as deletion sequences, truncated fragments, and synthesis by-products. So a credible peptide COA typically shows two complementary numbers: an identity confirmation by mass spectrometry and a purity percentage by HPLC. A certificate that reports only one of these, or that states a purity figure with no method named, is thinner than it looks.

Accreditation: the layer above competence

Performing the right tests is one thing; demonstrating that the laboratory is competent to perform them is another. ISO/IEC 17025 (current version 2017) is the main international standard for the competence of testing and calibration laboratories. Accreditation to it means an independent accreditation body has attested to a laboratory's technical competence and to its operation under a documented quality system. The standard explicitly applies to first-, second-, and third-party laboratories, which means accreditation and independence are separate questions: a laboratory can be independent without being accredited, and accredited without being the third party in a given transaction.

That distinction matters when reading claims about named laboratories. As a concrete example, Janoshik Analytical, operated by the Czech company Janoshik s.r.o. (ICO 17668727, registered office in Prague), is a laboratory that analyzes samples of performance-enhancing compounds, including peptides, submitted directly by members of the public. Its core peptide workflow uses HPLC with UV detection to measure purity and mass spectrometry (LC-MS/MS) to confirm identity, and the authenticity of a report can be checked independently at the laboratory's public portal by matching the report or test identifier, peptide name, purity percentage, and date shown on the certificate. That public verifiability is a genuine strength. At the same time, published accounts note that Janoshik is not ISO/IEC 17025 accredited for peptide purity testing, which illustrates the point that independence and public verification are not the same thing as formal accreditation.

What even a clean third-party COA does not tell you

A purity and identity certificate answers two questions: is this the molecule it claims to be, and how much of the sample is that molecule rather than related impurities. It does not, by default, answer questions about sterility or contamination. A standard Janoshik COA, for instance, reports identity and purity but does not by default cover endotoxin, sterility, heavy metals, residual solvents, or bioburden, so a clean purity and identity result does not certify that a sample is sterile or free of contaminants. Reading a high purity number as a guarantee of safety is one of the most common misreadings of a COA, and it is a gap that no amount of marketing language can close.

A practical checklist for reading test claims

  • Independence: is the laboratory named actually independent of the seller, or is first-party in-house QC being described as third-party testing?
  • Batch match: is the COA published and tied to a specific lot number you can compare against the physical product, rather than "available on request"?
  • Methods: does the certificate name its methods (mass spectrometry for identity, HPLC for purity) and report an actual purity percentage for that specific lot?
  • Verifiability: can the report be confirmed at the issuing laboratory, independently of the seller?
  • Scope: do you understand what the certificate does not cover, such as sterility, endotoxin, or heavy metals?

None of these checks require specialist equipment. They require only reading the words carefully and holding each claim to the standard the word borrows from. "Third-party tested" and "COA on request" are not synonyms for verified; a published, batch-matched, independently issued certificate is.