Products

Resources

Company

Sign in

Contact us

The gap between compliance and control in cold logistics

Many organizations are compliant with cold chain requirements but lack actual control. Learn what separates documentation from reliability.

February 18, 2026

A healthcare professional holds a smartphone while standing beside a sealed temperature-controlled shipping container on a clinical receiving counter, representing the combination of hardware and software in cold chain control.
A healthcare professional holds a smartphone while standing beside a sealed temperature-controlled shipping container on a clinical receiving counter, representing the combination of hardware and software in cold chain control.
A healthcare professional holds a smartphone while standing beside a sealed temperature-controlled shipping container on a clinical receiving counter, representing the combination of hardware and software in cold chain control.

Imagine the following situation. The audit results were fine. Every item on the checklist was checked off. Each form was filled out and every procedure was followed perfectly. The auditor left, seemingly pleased.

Three weeks later, a $40,000 therapy shipment arrives compromised. The temperature log shows an excursion that nobody caught in time to do anything about.

Compliance was met, but control failed. 

If you’ve experienced enough compliance audits and continue to see failures occurring afterward, you’re likely aware that something isn’t quite adding up. The paperwork says one thing. Operations says another. This article will attempt to name this gap and discuss possible ways to bridge it.

What compliance actually means

Compliance is about meeting documented requirements. Within the context of the cold chain, this typically means:

  • Qualified packaging for your specific temperature range and duration has been validated.

  • Procedures have been established, documented, and approved. 

  • Documentation exists that proves you did exactly as you stated you’d do. 

  • Your organization meets the requirements established in the GDP guidelines, USP standards, and FDA regulations for the cold chain.

The regulatory framework is extensive. FDA’s 21 CFR Part 211 outlines cGMP requirements for the control of temperature during the storage and transport of pharmaceuticals [1]. The EU’s Good Distribution Practice (GDP) guidelines include the requirements for temperature mapping, calibration of monitoring equipment, and alarm systems to indicate deviations from acceptable conditions [2]. USP Chapter 1079 includes detailed information regarding maintaining acceptable conditions throughout the entire supply chain [3].

Compliance is a necessity. It’s the minimum standard. It’s what auditors inspect. Additionally, compliance is a completely backward-looking metric. It answers the question “Did we follow the rules?”

It’s not meant to be a criticism. Backward-looking accountability is important, but it should be recognized that compliance informs us only so much.

What control actually means

Control is about maintaining the desired condition in real-time. It’s a different set of capabilities:

  • Knowing the status of all shipments in transit. 

  • Detecting and responding to deviations as they occur, not after the fact. 

  • Having the ability to intervene prior to a deviation becoming a complete failure. 

  • Having a plan for recovering from a stressful event to the system.

Control is forward-thinking. It answers the question “What’s happening right now, and what can I do about it?”

The EU GDP guidelines illustrate this differentiation. The guidelines require distributors to demonstrate, upon request, that products have complied with temperature storage conditions [2]. However, demonstrating compliance post-event is not equivalent to controlling the product during transit.

The gap between them

Many organizations are compliant but lack control. These issues are common among many operations managers:

Incidents are investigated after-the-fact

Typically, awareness of excursions only happens when the shipment arrives, and not while it is in transit. At that point, the opportunity for intervention has expired. All that can be done is document and discard.

Success is dependent on heroic efforts

When incidents occur, recovery is based on a quick-acting employee who recognizes the issue and acts to correct it. The system does not provide a mechanism for recovery – the employee does. As long as the employee who usually identifies the potential issue is present, it works. If the employee is absent, success is uncertain.

Near misses remain hidden

Those shipments that remained within the acceptable range due to chance appear indistinguishable from those that maintained the range by design. The data cannot differentiate between them, so you don't know how close you came.

Audit readiness doesn't equal confidence

Even with compliant documentation, there's uncertainty about what actually happened during transit. Proving control is harder than proving compliance.

Why this is a larger issue today

Although the gap between compliance and control has always existed, several forces are making it harder to ignore.

The stakes are rising

Products such as cell and gene therapies, specialty biologic drugs, and mRNA-based vaccines have tight temperature ranges and high replacement costs. A compliance-focused approach that accepts some percentage of failures becomes untenable when each failure costs tens of thousands of dollars.

Networks are fragmenting

With decentralized clinical trials, mobile sample collections, and direct-to-patient shipping, there are more opportunities for temperatures to drift. Compliance frameworks designed for simpler supply chains don't inherently scale to more complex networks created by fragmentation.

Regulators are asking different questions

The language used in guidance documents has changed. The EU GDP requirement to “demonstrate that products have complied with temperature storage conditions” [2] creates a push toward providing evidence of control rather than simply complying with the process. Auditors are increasingly looking to understand what would happen if an incident occurred mid-transit, not what was done after the fact.

The technology gap is closing

Continuous monitoring used to be expensive and complex, making "we couldn't know” a reasonable answer. That reason is less true now. When continuous monitoring is provided at a reasonable cost, the justification for not knowing is eliminated.

Compliance and control are interdependent  

Organizations that seem to navigate this shift well tend to focus on a few things. (Though there are plenty of approaches that work.)

Visibility before compliance

Know what's happening first. Record it second. If you have real-time visibility into your shipments, documenting the details becomes relatively easy. If you have documentation without visibility, you have a paper trail without the assurance.

Intervention capability

Being able to detect problems isn't enough. What happens next? Will the alerts be sent to the right people? Has a response protocol actually been practiced? Are recovery options available before they are needed?

Systems thinking

All parts of the system must work together – hardware, software, and operations. Excellent packaging with no monitoring is incomplete. Excellent monitoring with no response protocol is also incomplete. In the cold chain, everything is interdependent. The strongest supply chains will learn and adapt.

Honest measurements

Measure what indicates control rather than what is easiest to report. Recovery rates are more indicative of control than excursion counts. Response times are more indicative of control than investigation times. Can you intervene and prevent the excursion from resulting in a complete failure is a better measure than whether the shipment arrived in a usable condition.

Some things to consider

Assess your visibility gaps

During transit right now, which shipments can you see? Which shipments are opaque? How long are the opaque periods? During which handoff?

Map your intervention options

If you identified a problem during transit today, what could you actually do? Who would receive the alert? How quickly? What responses would be possible?

Determine your metrics

Which metrics do you track because regulatory bodies demand them? Which metrics do you track because they inform you about the degree of control your organization has over its operations? Recognizing this distinction is important.

The distinction matters

Compliance and control are not mutually exclusive. The best supply chains are adapting to ensure compliance is met and the temperature is controlled.

Organizations that recognize this distinction build cold chain operations that are both audit-ready and perform reliably. The paperwork looks good and the products arrive safely. Not due to chance, but because someone has continuously monitored the products throughout their journey.

This is the second in our series of articles on System Reliability. Up next: Why Most Cold Chain Failures Occur Between Handoffs.



Sources

[1] U.S. Food and Drug Administration. "21 CFR Part 211: Current Good Manufacturing Practice for Finished Pharmaceuticals." https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=211

[2] European Commission. "Guidelines on Good Distribution Practice of Medicinal Products for Human Use (2013/C 343/01)." https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=oj:JOC_2013_343_R_0001_01

[3] U.S. Pharmacopeia. "USP General Chapter <1079>: Good Storage and Distribution Practices." https://www.usp.org