GMP Reference Standards: USP, Ph. Eur. and FDA/EMA Audits

Reference Standards in GMP: An Operational Guide for QC and QA between USP and the European Pharmacopoeia

Why Reference Standards are a “high inspection-risk” topic

In the QC laboratory, Reference Standards (RS) are not “consumables”: they are the metrological foundation on which assays, impurity testing, identity testing and, ultimately, data credibility are built.
If the standard is incorrect, degraded, expired, contaminated or not traceable, the inspector does not discuss the chromatogram — they question trust in the entire system.

In practice, poorly managed RS can lead to:

  • “false” OOS (Out of Specification) or OOT (Out of Trend) results
  • repeated deviations and lengthy investigations
  • delayed batch disposition risks
  • GMP and Data Integrity findings (ALCOA+)

The reference guide from which this article is derived delivers a clear message: RS management is a cornerstone of GMP compliance and is tightly linked to pharmacopoeial requirements (USP, Ph. Eur., JP, BP) and inspection expectations.

Types of standards: they are not all the same (and inspectors know it)

One of the most frequent root causes of non-compliance is treating “all standards” the same way. In reality, their role, documentation, risk level and controls differ significantly.

Table — Quick mapping of reference standards (skimmable)

Standard type Examples Typical use GMP expectation Risk if poorly managed
Primary compendial standard USP RS, Ph. Eur. CRS (EDQM) Compendial methods, calibration/qualification of secondary standards “Intrinsic” traceability (official source), expiry/validity management, correct storage High: undermines validity of the compendial method
Secondary standard (Working Standard) Internal API WS, excipient WS Routine QC (HPLC calibration curves, assay, content uniformity) Qualification vs primary standard, potency/assay assignment, retest date, internal certificate, QA approval Very high: systematic error across multiple batches
Impurity standards / CRM Impurities A/B/C, degradants; ISO 17034 CRM, NIST/LGC Impurity identification/quantification, response factors Robust CoA, purity/assay with uncertainty, fitness for purpose High: impurity underestimation or false OOS
Non-certified “analytical grade” standard “Research standard” (To be avoided in GMP without full characterization) Requires strong internal qualification/characterization and risk assessment Very high: not defensible in audit

These distinctions, and the primary/secondary/CRM framework, are central to the GMP practices described in the guide.

Practical regulatory framework: what FDA/EMA inspectors really look for

A dangerous myth is believing that inspectors are only interested in the “correct” regulatory reference. In reality, they want to see a controlled, coherent and repeatable system.

During audits, the most common issue I encounter is this:

…the laboratory can explain the theory (“we use USP RS / CRS”), but cannot demonstrate the control chain:

  • where is the standard registered (inventory / LIMS)?
  • who approved its use (QA)?
  • how are shelf-life and retest dates managed?
  • how is first opening and usage logging handled?
  • how are contamination and mix-ups prevented?
  • how is ALCOA+ data integrity ensured, with a complete audit trail?

When the answer is “we know it by heart” or “it’s in a personal Excel file”, the discussion deteriorates quickly.

Procurement & acceptance: the “chain of custody” starts before the lab

GMP management of reference standards begins at procurement:

  • Compendial standards: only official sources or authorized distributors (e.g. EDQM for CRS; USP for USP RS).
  • Impurity standards: prefer accredited producers (CRM, ISO 17034) or qualified suppliers with a complete CoA.
  • Transport conditions: assess cold chain, light protection, temperature indicators where applicable.

Acceptance checklist (SOP-ready)

  • Packaging and vial integrity (seals, breakage, moisture).
  • Label consistency: name, batch, validity/“valid use date”, storage conditions.
  • Goods-in registration (inventory) including:
    • unique internal code
    • storage location
    • status (quarantine until full registration completed).
  • Attachments: CoA (if applicable), compendial information sheet, evidence of official source.

These steps align with the operational best practices described in the guide (coding, registration, incoming checks).

The critical point: “compendial use” vs “off-monograph use”

Contrarian insight (myth to debunk)

Outdated myth:
“A compendial standard is universal: if it is USP or Ph. Eur., I can use it for any method and any purpose.”

Why this is risky (and inefficient):

  • A compendial standard is qualified by the issuing body for a specific purpose (method/monograph/general chapter).
  • Off-monograph use without fitness-for-purpose evaluation may introduce bias (purity, composition, chemical form, residual solvents, stability).
  • In audits, any unintended use triggers requests for evidence: comparability studies, risk assessments, approved documentation.

The guide clearly states that off-scope use requires caution and formal justification.

How to make off-monograph use defensible

When necessary (more common than many admit), implement:

  • Fitness-for-purpose evaluation
  • Mini comparative study (e.g. alternative standard vs intended standard)
  • Method/validation update (linearity, accuracy, recovery)
  • Risk assessment and QA approval
  • Change control if a GMP method is impacted

Data Integrity: controlled standards = defensible data

Reference standards are often a “blind spot” in Data Integrity. Practical expectations include:

  • records without erasures, with traceable corrections (ALCOA+)
  • electronic inventory: active audit trail, role-based access, backups
  • traceability: which standard (code/batch) was used for which test and when

Key reminder:
If you cannot reconstruct within 5 minutes which standard was used for a given batch, you have a system problem — not a memory problem.

The 7 most common inspection observations on Reference Standards (and how to prevent them)

  1. Expired standards or standards beyond retest date still “active”
    → Expiry alerts, physical segregation “EXPIRED”, LIMS blocking
  2. Working standards without qualification evidence
    → Approved protocol, archived raw data, internal QA-signed certificate
  3. Missing usage log / first-opening not tracked
    → Vial log sheet or electronic register
  4. Storage conditions not demonstrated
    → Continuous monitoring, periodic review, out-of-range management
  5. Off-monograph use not justified
    → Fitness-for-purpose + risk assessment + QA approval
  6. Mix-ups and insufficient labeling
    → Internal code, status label, opening date, retest date, storage conditions
  7. Correction factors ignored or incorrectly applied
    → Controlled worksheets, verified calculations, targeted training

“Gold-standard” mini-structure for a GMP RS system

A simple but robust system is built on six blocks:

  1. RS management SOP (purchase → receipt → use → re-qualification → disposal)
  2. Single inventory system (controlled Excel or LIMS)
  3. Working Standard qualification with protocol and internal certificate
  4. Controlled storage (temperature/light/humidity)
  5. Usage log and contamination prevention
  6. QA governance (approvals, internal audits, CAPA)

Reference standard management is a multiplier: done well, it makes the laboratory faster, more stable and truly audit-ready.
Done poorly, it generates investigations, loss of trust and findings that last for years.

If you want to implement a complete system (procedures, checklists, examples and inspection-driven structure), the full guide Reference Standards and QC Instrumentation: GMP Management between USP/Ph. Eur. Requirements and Inspection Expectations is available on guidegxp.com.

Back to blog

Looking for something specific?