A certificate of analysis (COA, sometimes CoA) is a signed laboratory document that reports the measured chemical identity, purity, and contamination profile of a specific sample. In the peptide, anabolic, SARM, and GLP-1 markets, a COA is the only objective signal you have that what is in the vial matches the label. This guide explains what a COA contains, how to read one, and how the document differs between independent labs and vendor-issued reports.
Lumen Labs is an independent third-party laboratory based in Manila, Philippines. We issue an encrypted, publicly verifiable COA for every test using HPLC, mass spectrometry, ICP-MS heavy metals, LAL endotoxin, and USP <61> sterility methods.
What is a certificate of analysis
A COA documents three things at minimum: what was measured, the method used, and the result with measurement uncertainty. A complete COA also includes the date of analysis, the analyst signature or identifier, the sample identity (lot, source if disclosed, physical form), and a verification reference. Without those fields, the document is marketing copy, not a COA.
The COA is the standard deliverable across pharma, food safety, clinical labs, environmental analysis, and now the harm-reduction analytical space serving athletes, biohackers, GLP-1 self-administered users, and vendors.
What a COA contains
A defensible COA reports each of these fields:
- Sample identity: physical form (vial, tablet, raw powder), claimed compound, claimed dose or concentration, sample reference assigned by the lab.
- Method: HPLC, LC-MS, GC-MS, ICP-MS, CHNS elemental analysis, LAL endotoxin, USP <61> sterility, or a combination. The method name allows another lab to reproduce the result.
- Identity confirmation: mass match (LC-MS), retention time match, spectral match against a reference standard. This proves the compound is what the label claims.
- Purity: HPLC peak area at the target wavelength, expressed as percent. Anything above 95 percent is typical for finished pharmaceutical-grade material.
- Quantitation: measured amount in mg, IU, or mg/mL versus the claimed amount. A 5 mg semaglutide vial that measures 4.95 mg passes; a 10 mg tirzepatide vial that measures 8.4 mg is underdosed.
- Contamination screen: heavy metals (As, Cd, Pb, Hg via ICP-MS), endotoxin (LAL), microbial limits (TAMC + TYMC).
- Uncertainty range: the analytical method has known measurement error. A defensible COA publishes it.
- Verification reference: a unique key plus a public URL (in our case /pages/verify) so any third party can confirm the report has not been altered.
How to read a peptide COA
Most readers focus on a single number (purity percentage) and miss the rest. Here is the order to read the document:
- Identity match first. The mass spec result must match the expected compound. If the compound is not what the label claims, every other number is irrelevant.
- Quantitation second. Compare measured amount against claimed amount. Significant under-dosing (more than 10 percent below claimed) is a red flag. Modest over-dosing can also indicate poor quality control at the source.
- Purity third. Less than 95 percent on a finished peptide product warrants investigation; less than 90 percent is a reject. Note that purity above 99 percent on a peptide is rarely achievable by any commercial vendor.
- Contamination fourth. Heavy metals above ICH Q3D limits, endotoxin above 0.5 EU/mg for injectables, or microbial counts above USP <61> limits make the product unsafe to inject regardless of identity and purity.
- Methodology last. Confirm the method is appropriate for the analyte. HPLC alone cannot confirm peptide identity; LC-MS or co-injection with a reference standard is required.
A COA without the method, the uncertainty range, and a verification key is a flyer. Reject it.
Independent vs vendor-issued COAs
Two kinds of COA circulate in this market:
| Type | Issued by | Conflict of interest | Defensibility |
|---|---|---|---|
| Vendor COA | The seller or their contracted lab | Direct: the issuer profits from sales | Low. Easy to fabricate, often missing methods or uncertainty. |
| Independent third-party COA | A separate analytical lab with no commercial relationship to the vendor | None | High. Standard practice in pharma, food safety, environmental. |
The harm-reduction community has converged on independent third-party COAs because the vendor incentive structure is unreliable. Lumen Labs has no equity, partnership, kickback, or referral relationship with any vendor we test. Our incentive is to report numbers correctly so users come back.
Methods Lumen Labs uses
Every Lumen Labs COA names the analytical method. Here is the full list and what each one is used for:
- HPLC (High-Performance Liquid Chromatography): primary purity measurement. Separates the compound from impurities and degradants. Reports percent peak area at the target wavelength.
- LC-MS (Liquid Chromatography Mass Spectrometry): identity confirmation. Reports the measured molecular mass and matches it against the expected mass. Standard for peptide identification.
- GC-MS (Gas Chromatography Mass Spectrometry): volatile compound and contaminant screening. Used for residual solvents and certain pharma actives.
- ICP-MS (Inductively Coupled Plasma Mass Spectrometry): heavy metals at parts-per-billion sensitivity. Reports arsenic, cadmium, lead, mercury per ICH Q3D guidelines.
- CHNS elemental analysis: bulk composition for raw powders. Confirms carbon, hydrogen, nitrogen, sulfur ratios match the molecular formula.
- LAL (Limulus Amebocyte Lysate) endotoxin: bacterial endotoxin detection. Required for any injectable to be considered safe.
- USP <61> microbial limits: total aerobic microbial count plus total yeast and mold count. Sterility screen for injectables.
Every method is double-read by a second qualified analyst before the COA is issued. The methodology and uncertainty range are printed on every report.
How to verify a Lumen Labs COA
Every Lumen Labs report carries a task number and a unique verification key, both printed on the document. To verify:
- Open /pages/verify.
- Enter the task number and unique key from the document.
- The original analytical data displays directly from our database.
If the document has been altered (PDF tampering, edited values, fake header), the verification page will not return the matching record and the document is rejected. Verification is database lookup, not visual inspection.
Anonymized records of every test are also published in our public results database, so anyone can search by compound or vendor letter and see the analytical pattern across submissions.
Frequently asked questions
What does a certificate of analysis prove?
A COA documents what was measured, by what method, and the result with measurement uncertainty. It does not prove a product is safe or therapeutic. It proves the lab tested a specific sample and reports those numbers honestly.
How do I read a peptide COA?
Look for: compound identity (mass match), purity percentage (HPLC peak area), measured amount versus claimed amount, contamination screen (heavy metals, endotoxin), method name (HPLC, LC-MS, etc.), analyst signature, and a verification key. Reject any COA that hides the method or shows only a pass/fail with no numbers.
Are vendor COAs trustworthy?
Vendor-issued COAs have a conflict of interest. The same party that profits from sales also reports purity. An independent third-party COA from a separate lab eliminates that conflict. Lumen Labs has no commercial relationship with any vendor we test.
How long is a COA valid?
A COA reports the sample at the time of analysis. It is valid indefinitely as a record of that sample. It does not guarantee future batches from the same vendor or storage stability of the tested product.
Can I verify a Lumen Labs COA?
Yes. Every Lumen Labs COA carries a task number and unique verification key. Visit /pages/verify, enter both, and the original analytical data displays. Records are immutable in our database, so a forged or altered document will fail the match-or-fail lookup.