There was a post earlier about how to manage OOC investigations.
But what if your service provider has its own deviation management system in its requalification protocol (don't think too big, sometimes it's a single 1-page form) ? It is surely comfortable for you to lean on that, but is it also compliant?
EU GMP Annex 15 says (section 2.8):
'Results which fail to meet the pre-defined acceptance criteria should be recorded as a deviation and be fully investigated according to local procedures. [...]'
In other words, you want to use your own deviation management process.
Why is it better (next to being compliant with Annex 15)?
You can document all necessary investigation elements in your familar environment:
proper, clear impact analysis,
root cause analysis (just deep enough, to cover the basics),
clear description of corrections,
clear decision about what steps to repeat, how to document them,
and the unavoidable QA approval.
And there is some added value here: based on the type of your qualification failure and you recurrence analysis, you also might want to reevaluate your requalification cycle time.