Introduction

If your FDA-regulated work relies on electronic records, whether that means experiment data, sample records, or safety documentation, those records need to hold up under scrutiny the same way a signed paper document would.

That standard does not change because the record is digital. What changes is the regulatory framework that defines what "trustworthy" means in that context. 21 CFR Part 11 is the FDA regulation that establishes exactly that: the criteria under which electronic records and electronic signatures are considered reliable, attributable, and legally equivalent to their paper counterparts. It applies across FDA-regulated industries, including pharmaceutical, biotech, and clinical research organizations, wherever electronic systems are used to create, modify, maintain, or transmit records that fall under FDA requirements. 

And the stakes are concrete: electronic records that do not meet Part 11 requirements may be questioned during an FDA inspection, putting your data integrity and regulatory standing at risk.

What is 21 CFR Part 11?

21 CFR Part 11 is a regulation issued by the U.S. Food and Drug Administration, sitting within Title 21 of the Code of Federal Regulations under Part 11: Electronic Records and Electronic Signatures. It establishes the technical and procedural criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records and handwritten signatures in the eyes of the FDA.

The regulation applies to any organization operating in an FDA-regulated industry that uses electronic systems to create, modify, maintain, archive, retrieve, or transmit records that are required under FDA regulations. In practice, that scope covers pharmaceutical manufacturers, biotech companies, contract research organizations, clinical research sites, and any other regulated entity whose records fall under FDA oversight. It does not apply only to drug manufacturers. If your organization uses electronic systems for record keeping, you need to understand where Part 11 requirements apply to your workflows. That includes teams managing laboratory data, sample records, or safety documentation. Practically, the key question is not only what system holds the record, but whether the record is required under FDA predicate rules or submitted to the FDA in electronic form.

The regulation itself is organized around two core areas: controls for closed and open systems used to create and maintain electronic records, and requirements for electronic signatures, including how they are created, applied, and protected from reuse or falsification. Achieving 21 CFR Part 11 compliance means the electronic systems a lab uses must meet those controls consistently, not selectively. The scope depends on whether the electronic record is required under FDA predicate rules or submitted to the FDA, not simply on the size of the organization generating it.

What 21 CFR Part 11 compliance requires

Part 11 includes several practical control areas: validated systems, accurate and complete record copies, reliable record retention and retrieval, access controls, audit trails, and authority checks. It also includes electronic signature controls and system documentation controls.

One accuracy point worth stating clearly here: system validation is the regulated lab's responsibility. It must be performed and documented for the lab's own specific intended use. A software vendor can support that process by providing documentation such as validation protocols, test scripts, and technical specifications, but a vendor cannot complete validation for the customer's specific intended use.  That responsibility stays with the organization generating the records. The same principle applies across GLP and GMP compliance frameworks, where validated systems and documented procedures are consistently the lab's obligation to establish and maintain.

The 21 CFR Part 11 compliance checklist below breaks down what each requirement means in practice and what to check for in a system that is expected to meet it.

How Part 11 applies differently to research and EHS records

Part 11 does not apply by record label alone. When a record is in scope, the same requirements apply whether it’s an experiment entry or an inspection report. Those requirements include validated systems, attributable audit trails, controlled signatures, and retention for the applicable required period. . What changes is what "the record" actually refers to in each context, and that distinction has practical implications for how labs assess the systems managing those records.

On the research side, the records that fall under Part 11 scrutiny are experiment data, sample records, and protocol sign-offs captured in an electronic lab notebook or LIMS. Each of those record types needs to be created in a validated system, logged with a secure audit trail that preserves previous entries, and signable in a way that locks the record and attributes the signature to a specific individual. A sample record that can be altered after the fact without leaving a trace, or an experiment entry signed under a shared login, does not meet that standard, regardless of how accurate the underlying data is.

On the EHS side, the records in scope look different: safety data sheets, inspection reports, training completions, and incident documentation. These are the record types that lab safety software is responsible for capturing and maintaining. EHS records can be in scope when they are predicate-rule records, submitted electronically to FDA, or relied on for FDA-regulated activities.  An inspection report that cannot be traced back to the individual who completed it, or a training completion record stored in a system without proper access controls, carries the same compliance risk as a deficient experiment record.

This distinction matters when evaluating systems. The research stack and the EHS stack each need to meet Part 11 on their own terms. When assessing EHS software for your lab, apply the same Part 11 evaluation criteria you would use for any research records system: validated use, secure audit trails, attributable signatures, and reliable retention.

‍

Common Part 11 compliance gaps to watch for

The most common Part 11 compliance gaps usually come from using tools that were never designed for governed electronic records.

Spreadsheets are the clearest example. Excel is widely used for tracking samples, reagents, and inventory across research and EHS functions, but a standard spreadsheet setup is not designed to provide Part 11 audit trails, signature controls, or protected record locking without additional governed controls. The same applies to general-purpose note-taking tools like Microsoft OneNote. They can capture data, but they are not designed to attribute a regulated electronic signature to a specific individual, enforce Part 11 record controls, or produce the kind of audit trail expected for regulated electronic records.

Shared logins create a separate but equally concrete problem. Part 11 requires that electronic signatures be uniquely linked to one person and cannot be reused or reassigned. If your team shares a single login to access a records system, that requirement becomes impossible to satisfy, regardless of how well the underlying system is built.

Finally, exported copies can be acceptable if controlled, complete, accurate, and not used as an uncontrolled working record. When records are exported or copied into an uncontrolled spreadsheet,  shared drives, or an email attachment, and those copies become the working record, the audit chain can break. The exported copy has no record of who handled it after the transfer, making it unsuitable as a Part 11-compliant record even if the source system was fully configured and validated to support Part 11-compliant use.

Euroimmun US experienced this directly before implementing SciSure, relying on Excel spreadsheets and undocumented institutional knowledge for sample management, with sample status spread inconsistently across multiple document versions. While this isn’t a Part 11 case study by itself, it illustrates the operational risk behind uncontrolled spreadsheet workflows.

Read the full Euroimmun US story.

How SciSure supports 21 CFR Part 11 compliance

SciSure supports configurations and workflows that can help customers operate Part 11-compliant electronic records when the system is validated and governed for its intended use. 

On the research side, SciSure's ELN captures experiment documentation in structured, version-controlled records with automatic audit trails. Signed experiments are locked read-only, digital signature and timestamp are visible, two-step verification is available, and witness signatures can be required. Relevant actions taken on a record, including edits, comments, and status changes, are logged with a timestamp and attributed to the individual user who performed them. Those logs are designed to preserve change history and user attribution. When an experiment is ready to be finalized, electronic signatures lock the record from further changes. An optional second signature supports approval workflows where a supervisor or principal investigator needs to countersign before a record is considered complete.

SciSure's LIMS software applies the same audit trail and access control logic to sample records and inventory data. Relevant sample actions, including sample information changes, location moves, and dispatch events  are logged automatically with user attribution and timestamp. Role-based access controls determine which users can view, edit, or approve specific records, making it possible to enforce the access restrictions Part 11 requires without relying on informal conventions or shared credentials.

Role-based permissions apply across both systems, allowing organizations to configure access at a granular level based on user role and group. 

Arctic Therapeutics, a biotechnology and drug development company, uses SciSure's controlled access, signing, and record locking to maintain audit-ready records in its ISO 15189 certified environment. ISO 15189 is not the same framework as FDA 21 CFR Part 11, but the underlying record integrity requirements overlap significantly: attributable actions, locked records, and traceable access. The features that support Arctic Therapeutics' regulatory environment are the same ones SciSure provides to support Part 11-compliant use. R

ead the full Arctic Therapeutics story.

What SciSure does not do is perform system validation on a customer's behalf. Validation remains the regulated lab's responsibility, performed and documented for its own intended use. SciSure supports that process by providing the technical documentation organizations need to conduct their own validation, but the obligation to validate sits with the organization operating the system.

‍

Part 11 compliance is a system property over a one-time checklist

Part 11 compliance is an operating state supported by the system, procedures, training, access controls, and validation documentation. If your lab selects a compliant system, completes its initial validation, and then makes no further checks, that doesn't mean you're staying compliant. Part 11 compliance should also be revisited when the system or its intended use changes. Software updates, new modules, revised workflows, additional record types, or changes to user roles can affect whether the original validation still reflects how the system is being used. Regulated teams should handle those changes through documented change control and, where needed, perform targeted revalidation or testing before relying on the updated workflow for in-scope electronic records. 

What that means practically is that compliance needs to be verified as an ongoing condition rather than confirmed once at implementation. The questions worth returning to regularly are whether audit trails are still capturing every relevant action, whether access controls reflect current team structures and roles, whether signatures are still attributable to specific individuals, and whether any records are leaving the system in ways that break the audit chain.

If any of those checks surface a gap, the fix may need to start with system configuration, SOPs, training, validation documentation, or data handling practices.

‍

FAQ

What is 21 CFR Part 11 compliance?

21 CFR Part 11 is the FDA regulation that defines when electronic records and electronic signatures are considered trustworthy and legally equivalent to paper records and handwritten signatures. It applies to any organization in an FDA-regulated industry that creates, modifies, maintains, or transmits records under FDA requirements, including pharmaceutical, biotech, and clinical research organizations. Compliance means the electronic systems used to manage those records meet the technical and procedural controls the regulation specifies.

What does my ELN/LIMS need to do to be 21 CFR Part 11 compliant?

The system needs to support validated and documented use for its intended purpose, maintain secure audit trails with timestamps and user attribution, and retain records in a format that remains accessible and readable by people for as long as required. It also needs electronic signature controls that tie each signature to one individual, show the signer's name, date, time, and meaning of the signature, and link the signature to the signed record. Access controls that restrict who can create, modify, or sign records are also required.

Is SciSure 21 CFR Part 11 compliant?

SciSure supports Part 11-compliant use, but compliance depends on configuration, SOPs, training, access controls, validation, and the customer's intended use. It supports this through automatic audit trails that log relevant record actions with timestamps and user attribution, role-based access controls that enforce record-level permissions, and electronic signatures that lock experiment records from further changes once signed.

‍

Like an unannounced visit from your in-laws, chemical regulators usually show up when you're least prepared and often throw your whole operation into a panic.

One of the best ways to be prepared for a chemical regulatory inspection is to perform regular internal audits of your chemical inventory and safety management. Internal audits can help your team identify gaps in your processes, procedures, and inventory before they get flagged (and possibly fined) by an outside regulator. Internal audits can also uncover hazards that could lead to accidents or injuries. What's more, they can help your organization operate with greater efficiency on a day-to-day basis.

There's an added reason to take internal audits seriously right now: the rules underneath them have moved.

The regulatory background to chemical audits

In 2024, the Occupational Safety and Health Administration (OSHA) updated its Hazard Communication Standard to align primarily with the seventh revision of the Globally Harmonized System of Classification and Labelling of Chemicals (GHS.) Thios changed how chemical hazards get classified and written onto labels and Safety Data Sheets (SDS). The first compliance deadline for manufacturers and distributors was set for January 2026, then pushed back to May 19, 2026, with later deadlines moved out by four months too.

On top of that, the federal hazardous chemical inventory report many labs file every March, the 2024 editions of the National Fire Protection Association's lab and fire codes (NFPA 45 and NFPA 1), and the 2024 International Fire Code all lean on the same thing. I.e., an accurate, current picture of what chemicals you have and where they are. An internal audit is how you check whether that picture matches reality before a regulator does.

So which issues should you look for during an internal chemical audit? Each organization will look a little different depending on the types of research performed and the chemicals on site. However, there are a few common problems that pop up frequently. To help you on your next internal audit, we've compiled a list of five common issues to watch for.

5 Common issues to look for during an internal chemical audit

1. Incompatible chemicals stored together
2. Expired peroxide formers
3. Flammables stored in a regular fridge or freezer
4. Chemical inventory is out of date
5. Chemicals from other groups or spaces found

1. Incompatible chemicals stored together

Internal audits can help identify these kind of critical storage issues before problems occur: acids stored with bases, or oxidizers stored with flammable solvents. Storing incompatible chemicals together can lead to fires, explosions, or hazardous gas leaks. Much of the time, these issues may be easy enough to spot that you can have several different inspectors keep an eye out for them. This both reduces the risk of accidents without creating more work for your team.

There are also some controls you can put in place to prevent these situations from happening at all. It starts with educating your user base on proper storage procedures. Make sure researchers know how to identify problematic chemical pairs, how to properly store chemicals, and what to do if they find chemicals stored incorrectly.

It also helps to remember that the hazard classes on each chemical's SDS are what tell you which pairs fight. The updated GHS-aligned labels coming through under the 2024 HazCom rule make those classes easier to read at a glance. Appointing a point person in each group can help confirm these procedures are being followed and provide some much-needed accountability.

Add to that a good chemical inventory system that gives you real visibility, and you'll be well-positioned to pass your next compliance inspection. A system that stores hazard and regulatory data alongside each container, like SciSure's ChemTracker, makes incompatibilities easier to catch, because you can sort and review chemicals by hazard class and storage group instead of reading every label on every shelf.

Read More: The 5 Best EHS Software Platforms in 2026

2. Expired peroxide formers

While peroxide formers are stable under normal conditions, expired peroxide formers can degrade and become unstable explosive materials. Like any hazardous chemical, expired peroxide formers need to be identified and disposed of properly. This includes peroxide formers that are opened without "date opened" marked on the bottle.

As we said before, the hallmark of an effective chemical safety management program is education. Make sure everyone who uses peroxide formers (or works in a lab where they are used) has been trained on the correct procedures for adding dates, checking dates, and disposing of expired chemicals.

The right chemical inventory system helps you both locate peroxide formers, and also stores information about containers and users, manages training, and sends reminders about proper handling procedures. It also keeps the current SDS attached to the container, which matters more than it used to. As manufacturers reissue Safety Data Sheets under the 2024 HazCom update, you want the latest hazard information sitting with the actual bottle, not buried in a document folder somewhere.

Handling peroxide formers well comes down to tracking, training, and timing, and a system that ties those together makes the rest of your chemical safety program easier to run.

3. Flammables stored in a regular fridge or freezer

Another common (and dangerous) issue frequently seen in research spaces is flammable substances, such as ether, stored in a conventional fridge or freezer instead of an explosion-proof one. Sometimes, this happens because a particular lab doesn't have an explosion-proof fridge or freezer. Other times, it's an oversight, a lack of knowledge, or simple complacency ("This chemical doesn't really need to be stored in that fridge down the hall, does it?").

This is also where the fire code comes in. NFPA 45, the National Fire Protection Association's standard for labs that use chemicals, and the building and fire codes your local authority enforces set limits on how flammables are stored. They also drive the maximum allowable quantity (MAQ), which is the amount of a hazardous material you can keep in a given space before extra fire protection measures are required. Those limits shift with the building: floor level, sprinklers, and approved storage cabinets all change the math. A quantity of flammable liquid that's fine in one lab can put another lab over its limit, so improper cold storage creates both a safety problem, while also quietly pushing a control area out of compliance.

It's worth adding this item to your regular inspection checklist so it doesn't get overlooked. You can also assign self-inspections to members of a group to specifically check for this issue. Making this the lab personnel's responsibility improves awareness and accountability.

Your equipment tracking system should help you quickly locate labs that don't have an explosion-proof fridge or freezer, and you can cross-reference that with the information from your chemical inventory system to identify the labs that also appear to have flammable substances that should be refrigerated.

When you inspect these labs, you can quickly double-check the regular fridge or freezer to make sure there aren't any flammables stored improperly, and talk to the lab members to see if there is anything you can do to help them store their chemicals safely.

4. Out-of-date chemical inventory

Whatever the reason, if your internal audits don't catch out-of-date chemical inventory, it can lead to a serious violation or fine from a regulator depending on the infraction.

It's also the issue most likely to surface in your regulatory reporting. Many labs have to file a federal Tier II hazardous chemical inventory report by March 1 each year, submitting it to their state emergency response commission, their local emergency planning committee, and their local fire department. The reporting thresholds are lower than people often assume: EPA guidance sets them at 500 pounds or the threshold planning quantity (whichever is lower) for extremely hazardous substances, and 10,000 pounds for most other hazardous chemicals.

The form itself asks for the maximum and average daily amounts you had on hand during the year, how each chemical is stored, and where it's located. If your inventory is stale, your Tier II report is wrong, and that's exactly the kind of mismatch an inspector or emergency planner will notice.

As with most things, an ounce of prevention is worth a pound of cure. In the same way that it's much easier to keep your house clean if you put your dishes in the dishwasher after every meal instead of letting them pile up, it'll be much easier to keep your chemical inventory tidy if you have routine workflows for entering and updating information.

To do that, you'll need a chemical inventory system that can accurately quantify your inventory and also let scientists and inventory specialists access, manage, and share information. When it comes to chemical inventory, the volume of work is simply too large to rely on hacked-together systems that aren't carrying a great deal of the administrative burden for you.

5. Chemicals from other groups found

A container sitting in the wrong room throws off your MAQ count for both spaces, and it leaves your emergency responders with a hazard they don't know about. When a fire marshal or first responder asks what's in a given control area, the honest answer needs to match what's physically on the shelf. At best, containers get misplaced and people waste time looking for what they need. At worst, hazardous materials end up unaccounted for or "temporarily" stored in a dangerous location.

Each chemical should have a designated storage area and be returned there after use. Of course, that's easier said than done. Regular reminders can help researchers remember to put things back, and they can also help build better habits over time. By automating these reminders with chemical inventory software, you can dramatically improve compliance.

Regular internal audits can also help to uncover chemicals that are out of place. However, taking inventory with a pen and clipboard can be a time-consuming exercise, especially if you have hundreds or thousands of containers. Using chemical inventory software along with barcoding or radio-frequency identification (RFID) speeds up the process and makes auditing far more sustainable.

This is another good place to use self-inspections, since the personnel in research spaces might have an easier time recognizing when that tub of salts they borrowed or lent out last week wasn't returned.

What audit preparedness looks like in practice: San Diego State University

It's one thing to talk about audit readiness in the abstract. It's another to watch a real EHS team go from flying blind to walking into an inspection with the answers ready. That was the situation at San Diego State University. Before adopting SciSure, Jennifer Ramil, the university's director of Environmental Health and Safety, was, in her words, vexed by the unknown.

"I had no idea how many lab spaces we had, or what they were working with.

She could have spent months compiling that picture by hand, but as she put it, the minute it was generated it would be out of date. "It was out of date yesterday."

Her team started with the SciSure platform and door signs, then added ChemTracker and Safety Data Sheets, followed by hazardous waste and radioisotope management. The new visibility surfaced exactly the kind of finding an internal audit is meant to catch. One of the first reactions Ramil recalls was a blunt, "Wow, didn't know that chemical was stored in that particular building, which is not sprinklered." The difference was that now they knew, and could act on it.

With real-time, accurate information about labs, occupants, and hazards, the team could finally answer the questions inspectors and administrators ask. Across 99 lab groups and 500 research spaces, they could report to the Chancellor's office with confidence that 100% of the spaces where chemicals are used had been inspected, and identify exactly which labs were working with specific hazards. In Jennifer's words:

"Having that sort of insight, so chemicals can be stored in the appropriate places, was such a game-changer for us."

That's the practical version of audit readiness: the same chemical inventory data that keeps the lab safe day to day is the data you reach for when a regulator, fire marshal, or your own leadership comes asking. You can read the full San Diego State University story here. Here's a breakdown of their concrete results after implementing SciSure's Health & Safety features:

‍

Acing your next audit comes from the right prep

The labs that handle inspections best are the ones that keep chemical identity, quantity, location, hazard class, and SDS data current as part of ordinary operations. So that when someone asks what you have, where it is, and what it means, the answer doesn't depend on who last opened the spreadsheet.

Internal audits might not be the most welcome, but they're a useful tool to identify common issues such as incompatible chemical storage, expired or missing chemicals, and out-of-date inventory. With the right chemical inventory management technology, you'll be better prepared for a quicker, simpler internal audit process. What once took weeks can now be done in a single day, and you end up with a safer, better-organized research environment, and a much shorter scramble the next time a report is due.

SciSure's chemical inventory system was built by scientists, for scientists. Built on a chemical database with roots at Stanford University, ChemTracker helps EHS teams keep chemical safety management accurate, connect inventory to the SDS and reporting work that sits on top of it, and produce the figures a regulator actually asks for. It scales to fit your lab, whether you're running one bench or 500 research spaces.

So if you're ready for a quicker, less harrowing chemical safety audit, get in touch with us for a personalized demo to see how SciSure fits your lab's workflows.

According to the Chemical Incident Tracker, there have been at least 1453 hazardous chemical incidents since January 2021 to present. That's an average of approximately five incidents every week. With the Coalition to Prevent Chemical Disasters tracking these numbers, their methodology also cautions that these reported incidents err on the conservative side. How come? Because not every chemical incident is reported publicly.

For life science labs, that's the uncomfortable backdrop behind fire code compliance. Fire codes and their associated maximum allowable quantities (MAQs) often get relegated to paperwork, but they're part of the system that helps protect researchers, facilities, first responders, and surrounding communities.

Even so, complying with the regulations can be downright painful. Not to mention the reports, inspections, audits, and fire marshal questions that come with them. In this post, we'll look at the common challenges life science labs face with fire code compliance and MAQs, what's changed in the regulatory landscape, and where software can help turn a scramble into a repeatable process.

Fire code basics for labs

Fire codes are regulations designed to protect lives and property by setting requirements for building construction, fire prevention, emergency access, fire protection systems, hazardous materials handling, storage limits, ventilation, alarms, sprinklers, and emergency planning. While not every fire code requirement applies directly to every lab, many do, especially for labs that store or use hazardous chemicals, flammable liquids, compressed gases, oxidizers, corrosives, toxics, water reactives, peroxide formers, pyrophorics, or other high-hazard materials.

In the United States, labs may need to account for several overlapping sources of requirements, including:

• The International Fire Code (IFC) and International Building Code (IBC), as adopted and amended locally
• NFPA standards such as NFPA 1 and NFPA 45
• State and municipal fire codes
• Local authority having jurisdiction (AHJ) interpretations
• Landlord, insurer, campus, or institutional requirements

That last piece matters. Model codes are not always the same as enforceable local law. A jurisdiction may be using a previous code edition, adopting only portions of a model code, or adding local amendments. The 2024 International Fire Code, for example, is the current ICC edition and includes requirements related to the storage and use of hazardous materials, as well as evolving topics such as lithium-ion batteries, energy storage systems, and A2L refrigerants. But whether that edition applies to your lab depends on your local adoption path.

In other words: know the model codes, but work with your AHJ.

Maximum allowable quantities (MAQs) of hazardous materials

MAQs establish how much of a hazardous material can be stored, used, or handled in a defined space before additional requirements are triggered. Those requirements may involve occupancy classification, control areas, fire-rated separation, ventilation, storage cabinets, gas cabinets, sprinklers, alarms, emergency power, permits, or other fire protection measures.

The exact MAQ depends on more than the name of the chemical. It can depend on:

• Hazard class
• Physical state
• Whether the material is in storage, open use, or closed use
• Whether the building has automatic sprinklers
• Whether chemicals are stored in approved cabinets or exhausted enclosures
• Floor level above or below grade
• Control area layout
• Occupancy classification
• Local code edition and AHJ interpretation

This is where things get tricky. A lab may be "under the limit" in one building and over the limit in another with the same chemicals, simply because the control areas, floor level, sprinklers, cabinets, or local code interpretation are different.

Why MAQs matter more now

Recent regulatory changes make the quality of your fire code inventory data more important than ever. First, OSHA updated the Hazard Communication Standard in 2024 to align primarily with GHS Revision 7 and improve how chemical hazards are communicated through labels and safety data sheets. On January 15, 2026, OSHA extended the compliance dates by four months, moving the first substance-related deadline to May 19, 2026 and extending the remaining deadlines as well. For labs, the practical takeaway is to make sure chemical records, SDSs, and hazard classifications are clean enough that updated hazard information can actually flow to the right containers, spaces, and people.

Second, EPA's EPCRA Sections 311-312 reporting obligations continue to put inventory accuracy in front of local emergency planners and fire departments. Covered facilities must submit annual hazardous chemical inventory reports by March 1 to the State or Tribal Emergency Response Commission, Local or Tribal Emergency Planning Committee, and local fire department. EPA's Tier II guidance also notes that Tier II information includes chemical names, maximum and average daily amounts, storage details, and locations. State, tribal, and local requirements may vary.

Third, the codes themselves keep moving. The 2024 editions of NFPA 1 and NFPA 45 are now in circulation, and the 2024 IFC continues to evolve around changing fire risks. But code adoption is uneven, so a lab may need to understand a current standard while still complying with an older locally adopted edition.

Put simply: the compliance question is shifting towards, "Can we trust the data well enough to make fire code, SDS, emergency planning, and regulatory reporting decisions from it?"

Common fire code compliance challenges for labs

For life science labs, navigating fire code compliance and MAQs can be particularly daunting because research environments change constantly. New projects begin, old containers linger, shared spaces shift ownership. Or maybe a solvent-heavy workflow gets scaled, a startup moves into a new suite, or a compressed gas cylinder appears where there was not one last month. Here are some of the most common challenges you might run into and how you can address them.

1. Different codes specify different limits and prevention measures

"One of the key challenges is that there's the International Fire Code (IFC), there's NFPA, there's any additional rules your landlord imparts - all of which may have some different nuances or cover different aspects," explains Jeffrey Foisel, Lab Process Safety Specialist at DEKRA North America and former R&D Lab Process Safety Technology Leader at the Dow Chemical Company.

For example, NFPA 45 outlines requirements for laboratories using chemicals, while IFC/IBC-based requirements may drive occupancy, hazardous material quantity, and control area considerations. NFPA 1 may apply as a broader fire code framework. Local codes may adopt one model, borrow from another, or add amendments that matter in very practical ways.

Your lab should work closely with their AHJ, facilities team, landlord, and EHS leadership to understand which codes apply, which edition is enforceable, and how local interpretations affect the lab.

2. Fire codes vary by state and municipality

Like most laws, many jurisdictions base their fire codes on nationally recognized model codes, but local adoption can lag by years. Municipalities may also add ordinances that reflect local building stock, emergency response capabilities, seismic risks, density, weather, or industrial history.

For a biotech company operating in Massachusetts, New York, and California, the practical reality may be three different compliance pictures. One site may be reviewed under a more recent model code. Another may be governed by a local amendment. A third may have state-specific reporting expectations layered on top of federal EPCRA requirements.

That creates a real operational problem: EHS and Lab Operations teams need enough standardization to run a company-wide safety program, but enough local flexibility to comply with each jurisdiction.

Read More: How to Standardize Research Across Global Labs

3. Regulatory reporting overlaps with fire code, but it's not the same thing

Fire code compliance and regulatory reporting often use the same source data: chemical identity, quantity, storage, hazard class, location, and ownership; but the reporting logic is not identical.

EPCRA Tier II, for example, is focused on emergency and hazardous chemical inventory information. EPA guidance says covered facilities report chemicals that meet threshold quantities, including 500 pounds or the threshold planning quantity for extremely hazardous substances, whichever is lower, and 10,000 pounds for most other hazardous chemicals. Tier II forms look at maximum and average daily amounts during the previous calendar year, storage type, and location.

MAQs, on the other hand, are a fire and building code concept. They look at hazardous material quantities by hazard class, control area, physical state, storage or use condition, and building characteristics.

So a lab should not assume that "We did Tier II" means "We understand our MAQs," or vice versa. Both depend on accurate inventory, but they answer different questions.

Read More: The 5 Best EHS Software Platforms for Labs in 2026

4. Your building design matters

The design of your building impacts everything from the number of occupants to the amount of chemicals allowed in a space. Which floor your lab is on, where fire-rated walls are located, whether the building is sprinklered, and whether the lab uses approved storage cabinets can all affect MAQs. For certain hazard categories, the use of approved cabinets, sprinklers, or both can change allowable quantities. For other hazards, the details may be more restrictive.

For example, a lab unit on the first floor of a building may be allowed to store more of a flammable liquid than a lab unit on an upper floor. If your building was constructed before modern sprinkler requirements were common, the numbers can become more restrictive. If a control area is not clearly defined, it may be hard to know which rooms and cabinets count together.

Having access to information about the location and characteristics of each space is crucial for compliance

5. Labs encompass diverse activities, processes, and chemicals

Life science labs are dynamic research environments with a wide range of chemicals, processes, and people, but this diversity can make both hazard classification and reporting difficult. For example, one lab may use small quantities of flammable solvents. Another may store compressed gases. Another may use oxidizers, corrosives, toxic materials, cryogens, lithium-ion battery prototypes, or experimental mixtures that do not map cleanly to a standard catalog entry.

This mean you need to know what each container is, where it is, how much is present, what hazards apply, whether the SDS is current, and whether that container contributes to a reporting threshold or MAQ calculation. The National Academies' Prudent Practices in the Laboratory makes the point bluntly: an organization cannot adequately manage safety, security, emergency planning, or waste disposal without knowing what chemicals are on-site and where they are stored.

SciSure's ChemTracker helps by connecting container-level inventory to chemical hazard and regulatory data, SDS records, barcode and RFID workflows, and reports. This is especially useful for shared spaces, incubators, universities, and fast-growing biotech teams where multiple groups may operate within the same building or control area. Here's a non-exhaustive list of the features you get with SciSure's chemical inventory tracking.

‍

6. Change introduces new risks

"When you're growing, you're typically introducing a lot of new risk - new chemicals, or energy, or technology," said Sarah Eck, PE, CCPSC, Sr Process Safety Engineer, DEKRA North America. This is true for:

• A startup scaling from one bench to a full suite,
• A university onboarding a new principal investigator,
• A shared lab facility accepting a new resident company,
• Established companies when a new workflow changes the amount of flammable liquid, compressed gas, oxidizer, or reactive material in a control area.

The hard part is that change often shows up first as an operational detail: a new purchase, a move request, a shipment, a cabinet reassignment, a container that was never archived, or a local chemical entry that was linked incorrectly. By the time it becomes a report problem, it may already be an inspection problem.

Read More: 5 Common Questions from Chemical Regulators & How to Address Them

7. SDS and hazard communication data are moving targets

Fire code compliance depends on both volume and hazard classification. OSHA's Hazard Communication Standard requires chemical hazards to be classified and communicated through labels, SDSs, and employee training. For laboratories, OSHA requires incoming container labels not to be removed or defaced, SDSs to be maintained and readily accessible, and laboratory employees to receive information and training.

The 2024 HazCom update makes this even more relevant. As manufacturers update labels and SDSs under the revised standard, labs need a way to keep SDSs connected to the right inventory records. Otherwise, the update lives in a document repository while the lab continues operating from stale container data.

SciSure's SDS auto-match helps reduce that gap by attaching SDSs to chemical containers where the system can identify the appropriate match. Combined with ChemTracker's chemical database, this helps teams move from "we have an SDS somewhere" to "the relevant SDS and hazard context are connected to the container record."

Risks of non-compliance with fire safety regulations

The obvious risk is harm to people and property. Inadequate chemical controls can contribute to fires, explosions, toxic releases, evacuations, injuries, and facility damage.

There's also an emergency response risk. If first responders cannot quickly understand what hazards are present, where materials are located, and how much may be involved, response becomes harder and more dangerous. EPCRA reporting exists in part because local planners and responders need chemical identity, quantity, storage, and location information before something goes wrong.

Non-compliance can also disrupt business operations. A fire, inspection finding, stop-work order, failed occupancy review, or unresolved MAQ issue can delay research, slow a move-in, interrupt funding milestones, or create expensive remediation work.

And then there are the financial, legal, and reputational risks. "If we knew that sprinklers were a good idea and we had money sitting around and we chose not to sprinkle the lab and then there's a fire and people die, there'll be a conversation about whether or not that was the appropriate use of funds," explains John DeLaHunt, MBA, ARM, Assistant Director of Safety and Risk Management at The University of Texas at San Antonio. "Anyone who doesn't want to be on the wrong end of that conversation, at the news podium, or in the boardroom should be prioritizing fire prevention measures."

That is the heart of it. Fire code compliance is a leadership responsibility, more than just a technical exercise.

How SciSure helps EHS & Lab Ops teams stay ahead

The hardest part of fire code compliance is maintaining the data needed to apply them as labs, people, spaces, and chemical inventories changeSmartLabs is a good example of what this looks like in practice. As a flexible lab provider, the SmartLabs team needed safety and operations workflows that could scale across many research spaces without forcing EHS and Lab Operations teams to rebuild inventory and reporting records by hand.

After implementing SciSure's Health & Safety features across chemical inventory, SDS access, inspections, safety training, equipment management, biosafety, medical surveillance, and MAQ tracking, the results were concrete. SmartLabs reported that inventory search went from 15 minutes to 1-2 minutes, inventory reconciliation for an entire research center went from an all-day task to as little as 20 minutes, and chemical inventory reporting went from about 30 minutes to about 1 minute.

‍

That's the practical benefit of connected chemical inventory: EHS and Lab Operations teams can spend less time rebuilding the same story from spreadsheets and more time reviewing the exceptions that actually need judgment. For fire code and MAQ work, that means the system of record is closer to what is physically happening in the lab.

Don't treat fire code review as a once-a-year cleanup

Navigating fire code compliance and MAQs is crucial for protecting researchers, first responders, facilities, and communities. But the work is getting harder as lab operations become more dynamic, reporting expectations become more data-dependent, and hazard communication requirements continue to evolve. The labs that manage this best will be the ones that keep chemical identity, quantity, location, SDS, hazard class, control area, and reporting data current as part of ordinary lab operations.

Because when a fire marshal, emergency planner, auditor, or internal leader asks, "What do we have, where is it, and what does it mean?" the answer should not depend on who last opened the spreadsheet.

If this sounds like a lab you'd like to build, get in touch with us to explore how SciSure's Health & Safety features can help you develop one that's audit-ready at all times.