Skip to main content

LabWare LIMS Validation Guide: IQ, OQ, PQ, and CSA for the World's Most-Installed LIMS

How to validate LabWare LIMS in a regulated pharmaceutical QC laboratory — covering GAMP 5 classification, configured master data, calculation engine testing, instrument interfaces, and FDA Computer Software Assurance (CSA) principles.

Written by: Sundar , Director, GoVal
GAMP 5 CSA · FDA Final Guidance 2025 21 CFR Part 11 EU Annex 11 LIMS Validation
Quick Answer

What GAMP 5 category is LabWare LIMS, and what does validation actually require?

LabWare LIMS does not sit in a single GAMP 5 category. The base platform and database are Category 1 infrastructure; unmodified out-of-the-box features are Category 3; your configured specifications, sample workflows, security groups, and calculation formulas are Category 4; and any custom code written in LIMS Basic, LabWare's proprietary scripting language, is Category 5. Validation effort should concentrate on your configured master data and on independently verifying every calculation formula, since calculation errors flow directly into batch release decisions. Under CSA, LabWare's supplier IQ documentation can be leveraged for the installation layer, freeing your team to focus testing on configuration, calculations, instrument interfaces, and any LIMS Basic scripts.

How to Validate LabWare LIMS: Step-by-Step

6 steps from GxP scope definition through ongoing version and master data change control — applying GAMP 5 classification and CSA.

Step 1

Define GxP Scope and Classify Under GAMP 5

Validation scope for LabWare is determined by which modules create or modify records relied upon for product release, stability commitments, or regulatory filings. Because LabWare implementations mix unmodified platform, configured master data, and custom code, each layer needs its own classification rather than a single blanket category.

In ScopeSpecification & Test Method Management

Specification limits, test method definitions, and sampling plans drive pass/fail decisions on every batch. Configuration of these master tables is GMP-relevant and must be validated.

In ScopeSample Workflow & Result Entry

Sample login, test assignment, result entry, and review/release workflow states control how a result becomes an approved GMP record. Workflow configuration and security routing require validation.

In ScopeCalculation Engine

Assay, potency, dissolution, and impurity formulas configured in LabWare directly determine release decisions. Every formula requires independent verification, not visual spot-checking.

In ScopeInstrument Interfaces & CoA Generation

Direct or middleware-based instrument data capture, and certificate of analysis generation and release, are GMP record-creating processes requiring functional and data-integrity testing.

Typically Out of ScopePersonal Report Layouts

User-level report column ordering, saved search filters, and dashboard widget arrangement carry no GMP record consequence and are excluded with documented rationale.

Typically Out of ScopeNon-GxP Sample Types

Exploratory R&D samples logged in a non-GxP project area with no connection to a release specification fall outside validation scope.

GAMP 5 Classification for LabWare LIMS

ComponentGAMP 5 CategoryValidation approach
Platform & database infrastructureInfraSupplier qualification: LabWare IQ scripts, server/DB qualification
Unmodified out-of-box featuresCategory 3Leverage supplier testing; limited customer verification
Configured specs, workflows, security groups, formulasCategory 4URS + FRA + OQ/PQ required, with calculation logic independently verified
Custom LIMS Basic scripts & interfacesCategory 5FS, DS, code review, unit testing, and full IQ/OQ/PQ required
Step 2

Leverage LabWare's Supplier IQ Documentation

LabWare provides installation qualification scripts and infrastructure documentation for each licensed version, covering server and client installation, database connectivity, and baseline software verification. This is supplier-level evidence for the platform layer — it is not a substitute for testing your configuration.

The correct approach under CSA is to leverage this package rather than re-authoring infrastructure-level IQ from scratch:

  • Obtain the version-specific IQ documentation and installation scripts from LabWare for your licensed release
  • Execute or verify the supplier IQ scripts in your environment to confirm correct installation of server, client, and database components
  • Document a gap assessment confirming the supplier package covers your specific deployment architecture, including any clustered or multi-site server configuration
  • Perform a supplier qualification assessment of LabWare Inc., documenting their SDLC practices and support history, in place of authoring infrastructure-level evidence from first principles
Under CSA: Leveraging supplier IQ evidence for the installation layer is appropriate and expected. The output your QA function must produce is a documented rationale explaining why the supplier evidence is sufficient for your environment — referencing the specific document version reviewed — not a generic statement that "vendor documentation exists."
Step 3

Author URS and Risk-Assess Master Data and Calculations

The URS for a LabWare implementation must describe your configured behaviour as testable requirements — specific specification limits, workflow states, and formula logic — not a restatement of generic LIMS capability.

Weak — describes the platform, not your configuration:

"The system shall calculate assay results."

Better — testable configuration requirement:

"For Product X Assay (Test Method TM-204), the system shall calculate % Assay using the configured formula referencing standard weight, sample weight, and dilution factor, round the result to one decimal place per the pharmacopeial method, and flag the result as Out of Specification if the calculated value falls outside 95.0%–105.0%."

The Functional Risk Assessment should score every configured requirement for severity, occurrence, and detectability. For LabWare, the highest-severity items are consistently:

  • Calculation formulas feeding release-decision results — assay, potency, dissolution, impurities, content uniformity
  • Workflow states controlling sample review, result release, and CoA approval, including who is permitted to act at each state
  • Specification limit configuration and the OOS/OOT flagging logic that depends on it
  • Instrument interface data mapping between the analytical instrument and the correct sample/test record

Lower-severity items — saved report layouts, dashboard preferences, non-GxP project areas — can be covered with a documented CSA rationale rather than scripted test cases.

Step 4

Execute OQ and PQ for Configuration, Calculations, and Instrument Interfaces

LabWare validation effort concentrates here. The platform has been engineered by LabWare; your configuration, your formulas, and your instrument connections have not been tested by anyone until you test them.

Configuration Testing (OQ-level)

Confirms each configured element behaves as specified under controlled conditions, including boundary and negative-path scenarios.

  • Specification limits: results at, just inside, and just outside the limit correctly trigger pass/fail and OOS flags
  • Calculation formulas: independently verified against hand-calculated or alternative-tool values at minimum, mid-range, and maximum inputs, with rounding confirmed against the pharmacopeial method
  • Workflow routing: each review/release state requires the configured role; an incorrect role is blocked at the system level
  • Security groups: negative-path testing confirms users are denied actions outside their assigned permissions
  • Instrument interface mapping: data lands against the correct sample and test record with no value alteration
End-to-End PQ Scenarios

Complete process flows executed by actual analysts and reviewers in the validated environment with representative samples.

  • Sample login → test assignment → result entry → calculation → review → release → CoA generation
  • Out-of-specification result: flagging, OOS workflow trigger, and investigation linkage
  • Stability sample pull: scheduled timepoint testing and trend reporting against specification
  • Instrument disconnection mid-transfer: confirm the interface fails safely with no silent data loss
  • Result amendment after release: confirm audit trail captures the change and re-approval is enforced
Step 5

Validate Audit Trail and E-Signature for 21 CFR Part 11

LabWare maintains audit trail logging at the master table level and supports configurable electronic signature steps. Both must be explicitly configured and tested — neither is compliant by default.

Control What it covers GxP validation requirement
Audit Trail (Master Table Log) Field-level changes to results, specifications, master data, and security settings, captured per table with user, timestamp, and before/after value. Confirm audit logging is enabled on every GxP-relevant master and result table. Test that the log cannot be disabled or edited by application users.
Electronic Signature Configurable signature steps requiring re-authentication and a meaning statement, typically applied at result review, release, and CoA approval. Test that authentication is enforced, the meaning statement displays at the point of signing, and the signed record links permanently to the signature event.
Security Groups & Access Control Role-based permission sets controlling which users can view, enter, review, release, or amend records. Test both positive-path access and negative-path denial for each security group against every restricted action.
Key point: Inspectors verify that the meaning statement is enforced within the LabWare signature configuration itself, not described only in a surrounding SOP. A signature step that does not display a configured meaning statement at the moment of signing does not satisfy §11.50 regardless of procedural documentation.
Step 6

Establish Change Control for Version Upgrades and Master Data Changes

Two distinct categories of change recur in a validated LabWare environment, and each needs its own controlled process: platform version upgrades, and day-to-day master data changes such as adding a new test method or amending a specification.

For Version Upgrades
  • Obtain the updated supplier IQ documentation and release notes from LabWare for the new version
  • Perform a formal impact assessment identifying which configured master data and, critically, which LIMS Basic scripts may be affected by platform-level changes
  • Re-test custom scripts in full, since upgrades are the most common point at which custom code requires rework
  • Run risk-based regression OQ/PQ on configured workflows, calculations, and interfaces affected by the upgrade
  • Test the upgrade in a non-production environment and obtain QA sign-off before promoting to production
For Master Data Changes
  • Any new specification, test method, calculation formula, or workflow change requires a documented change request
  • Perform a change impact assessment against the validated URS before implementation
  • Test the change in a non-production LabWare environment, including independent verification of any new or modified calculation formula
  • Reference LabWare's audit trail entry for the master data change in the change control record rather than recreating the evidence manually
  • Update validation documentation to reflect the new baseline after the change is approved

Periodic review — at least annually — should confirm that security group assignments are current, calculation formulas in active use match the validated baseline, and no undocumented master data changes have occurred since the last confirmed validated state.

Common Inspection Findings for LabWare LIMS

These patterns recur in FDA 483 observations and EMA inspection reports for pharmaceutical QC laboratories using LabWare LIMS.

  1. Calculation formulas tested with a single happy-path value. A formula confirmed only with one passing result has not been validated. Inspectors expect evidence of testing at minimum, mid-range, and maximum input values, with rounding behaviour checked against the pharmacopeial method.
  2. LIMS Basic scripts validated as standard configuration. Custom code written in LIMS Basic is Category 5 and requires code review and unit testing. Treating it as Category 4 configuration — testing only the visible behaviour with no code-level review — is a frequently cited gap.
  3. Instrument interface testing limited to successful transfers. Inspectors look for evidence that disconnection, timeout, and malformed-data scenarios were tested, confirming the interface fails safely rather than silently dropping or corrupting a result.
  4. E-signature meaning statements documented only in an SOP. If the LabWare configuration itself does not display and enforce a meaning statement at the signing step, the procedural instruction in the SOP does not satisfy the regulation.
  5. Master data changes implemented without change control evidence. New specifications and test methods added directly through the master file interface, without a preceding documented change request and impact assessment, are treated as uncontrolled changes during inspection.

Frequently Asked Questions

What GAMP 5 category is LabWare LIMS?

LabWare spans multiple GAMP 5 categories within a single implementation. The unmodified platform and database are Category 1 infrastructure; out-of-the-box features used without configuration are Category 3; your configured specifications, workflows, security groups, and formulas are Category 4; and any custom code written in LIMS Basic is Category 5, requiring functional specification, design specification, code review, and full IQ/OQ/PQ.

Does LabWare provide IQ documentation, and what does it cover?

Yes. LabWare supplies installation qualification scripts and infrastructure documentation for each licensed version, covering server, client, and database installation verification. This covers the platform installation layer only — it does not test your specification master data, configured workflows, calculation formulas, or LIMS Basic scripts, which remain your validation obligation through OQ and PQ.

How do you validate the calculation engine and result formulas in LabWare LIMS?

Every configured calculation formula must be independently verified against a hand calculation or alternative validated tool, tested at minimum, mid-range, and maximum input values, with rounding confirmed against the pharmacopeial method and unit conversions checked on the certificate of analysis. A single happy-path test is not sufficient — calculation errors flow directly into batch release decisions, which is why inspectors treat this as a high-risk test area.

What is required to validate instrument interfaces in LabWare LIMS?

Interface testing must confirm data arrives complete and correctly mapped to the right sample and test under normal conditions, at boundary values such as results at the specification limit, and under failure conditions — disconnection mid-transfer, duplicate submission, and out-of-range values — to confirm the interface fails safely rather than silently corrupting data. Interfaces built through LIMS Basic scripts additionally require code-level review as Category 5 custom code.

How do you validate LIMS Basic custom scripts versus standard configuration?

Standard configuration through LabWare's supported master file interface is Category 4, validated through OQ/PQ testing of configured behaviour. LIMS Basic scripts are Category 5 custom code requiring a functional specification, a design specification or documented code structure, a code review against your coding standards, and unit-level testing in addition to integrated OQ/PQ. Treating LIMS Basic scripts as standard configuration — skipping code review — is one of the most common under-validation gaps in LabWare implementations.

How do you handle a LabWare version upgrade in a validated GxP environment?

A version upgrade requires a documented impact assessment identifying which configured master data and LIMS Basic scripts are affected, since custom scripts are the components most likely to need rework after an upgrade. Full retesting of custom scripts, risk-based regression of configured workflows and calculations, testing in a non-production environment, and QA sign-off before production deployment are all required before the new version goes live.

Does LabWare LIMS automatically satisfy 21 CFR Part 11?

No. LabWare provides the technical capability — an audit trail master table, configurable e-signature steps, and security group-based access control — but none of it is compliant by default. Your organisation must configure audit trail logging on every GxP-relevant table, configure e-signature steps with enforced meaning statements at result release, and test that security groups correctly restrict access, then review these settings periodically.

What are common validation findings in LabWare LIMS inspections?

The most common findings are: calculation formulas tested with only a single passing value; LIMS Basic scripts validated as standard configuration with no code review; instrument interface testing limited to successful transfers with no failure-mode testing; e-signature meaning statements described only in an SOP rather than enforced in the LabWare configuration; and master data changes implemented without a preceding documented change control record.