Last Updated on September 24, 2025 by Melissa Lazaro

How to Control and Validate Your Lab Processes for ISO 15189 2022 Compliance

Let’s be honest—when most labs think about process control or validation, they immediately picture stacks of SOPs, complicated forms, and a race to be “audit-ready.” But here’s what I’ve noticed after helping more than 40 labs transition to ISO 15189:2022: most teams are overwhelmed not because they don’t care about quality—but because they’re unclear on what ISO is really asking for.

In my experience, the labs that succeed with ISO 15189 don’t just follow rules—they understand the why behind each requirement. They build systems that work in real life, not just on paper. And when it comes to process control and validation? That mindset is everything.

Because this isn’t just about compliance. It’s about making sure your results are reliable, your risks are under control, and your team has confidence in the systems they’re using every day.

So if you’ve been wondering things like:

• “Which processes do we actually need to validate?”

• “What does ‘control’ really look like?”

• “How do we document it all without drowning in red tape?”

You’re in the right place.

In this article, I’ll walk you through what the ISO 15189:2022 standard actually expects, how to apply it without overcomplicating things, and how to document your controls and validations in a way that makes sense to both your team and your assessor.

Let’s break it down—clearly, practically, and with real lab experience behind every step.

Understanding Process Control vs. Process Validation (Yes, There’s a Big Difference)

Before we dive into the how-to, let’s get something straight—process control and process validation are not the same thing. I’ve seen plenty of labs use the terms interchangeably, and it usually ends with confusion (or worse, nonconformities during an audit).

Here’s how I explain it to my clients:

• Process control is all about keeping a process consistent. You’re monitoring things, checking performance regularly, and jumping in when something looks off. Think of it like cruise control in your car—you’re still steering, but the system keeps speed steady.

• Process validation, on the other hand, is about proving that a process actually works before you put it into full use. It’s your chance to say, “Yes, this method/equipment/software delivers reliable results in our lab, with our people and our samples.”

What ISO 15189:2022 actually says

The standard doesn’t give you a long-winded explanation, but it does emphasize a few key points—especially in Clauses 7.1, 7.3.2, and 7.7:

• Labs need to validate all non-standard methods, lab-developed tests, and major modifications to existing processes.

• They must also maintain control over all processes—whether they’re validated or not.

• Evidence of performance must be documented, monitored, and reviewed.

It’s not just about ticking a box. It’s about building confidence in your system—and being able to demonstrate that confidence with data.

Real-world example:

I once worked with a lab that introduced a new digital pathology platform. The manufacturer had a validation report, so they thought they were covered. But their own samples weren’t producing consistent results due to lighting variations and scanner calibration issues. Until they ran an internal validation and adjusted their settings, they were on shaky ground.

Bottom line: If you’re not sure whether something needs to be validated, ask yourself:

Does this process directly impact test results, data integrity, or patient safety?
If yes, validation is probably necessary.

Which Lab Processes Need Validation (And Which Don’t)

This is the part that trips up a lot of labs—figuring out what exactly needs to be validated versus what can just be controlled through regular monitoring. Let’s clear that up.

Here’s the simple rule I give my clients:

If the process affects patient results and isn’t already covered by a recognized, validated method—validate it.

ISO 15189:2022 makes this pretty clear, especially in Clause 7.3.2. But the challenge is applying that principle to real-life workflows without overdoing it or missing something critical.

Processes that almost always require validation:

• Non-standard or lab-developed methods
  If you created it or modified it significantly, validation is non-negotiable.

• New equipment that impacts test results
  Even if the manufacturer says it’s plug-and-play, you need to confirm it works in your lab.

• Software or LIMS that processes or calculates patient data
  That includes middleware, auto-verification algorithms, and custom spreadsheets.

• Modified procedures or changes to reagents
  Even small changes—like switching brands—can impact performance.

• Critical pre- or post-examination processes
  For example, specimen transport conditions, centrifuge timing, or barcode label verification.

Processes that typically don’t require full validation:

• Standardized methods used exactly as prescribed
  Think of procedures with published standards, like CLSI methods or unmodified manufacturer kits—though verification may still be required.

• Administrative or non-clinical processes
  Things like staff scheduling systems, general email platforms, or basic recordkeeping tools.

• Minor updates to SOPs
  If the change doesn’t impact how the task is performed (like correcting a typo), validation isn’t needed—but do document the revision.

A real-world scenario:

A lab I supported in Dubai installed a new automated coagulation analyzer. They assumed the vendor’s data was enough. But during internal testing, they found the results were drifting slightly with temperature variation in their specific lab setup. Good thing they checked—it could have led to false INR readings. Their validation process not only caught the issue but helped them adjust their SOPs and temperature controls.

Pro tip: Create a quick-reference checklist for your team that flags which types of changes automatically trigger validation. It takes the guesswork out of it—and makes your life easier during audits.

Steps to Control a Process the Right Way

Now that we’ve talked about what needs validation, let’s talk about how to control the rest of your lab processes—the ones that don’t require full validation but still need to stay in check day after day.

Because here’s the thing: even validated processes can drift over time if you’re not actively controlling them. I’ve seen labs pass validation beautifully and then fail an audit six months later because nobody was watching the day-to-day performance.

So what does “control” actually mean in ISO 15189:2022?

At its core, process control means you:

• Know what “normal” looks like,

• Monitor it regularly,

• And act when something goes off-track.

Here’s how I break it down with clients:

1. Start with a solid SOP
   If your staff are guessing their way through a process, you don’t have control. Your SOP should be clear, practical, and reflect what’s actually done—not just what sounds good on paper.

2. Train and assess your staff
   Competence is a key part of control. Make sure your team understands the process and can perform it consistently. (And yes, document that.)

3. Use internal quality controls (IQC)
   This applies to everything from pipettes to automated analyzers. Built-in controls, third-party materials, duplicate runs—whatever fits the process. The point is to detect small shifts before they become big problems.

4. Track and trend your indicators
   You can’t control what you’re not measuring. Choose indicators that actually reflect process health—like turnaround time, sample rejection rates, or error frequency. Keep it simple, but consistent.

5. Have a response plan
   What happens if something goes wrong? Don’t wait until it does to figure that out. Build your triggers and corrective actions into the SOP or a separate deviation log.

A client story that stuck with me:

I worked with a busy histopathology lab that had rising slide re-cut requests. No one was flagging it formally, but techs were quietly repeating work every week. Once we set up a simple control chart to track re-cuts, we saw the trend—and traced it back to a microtome calibration issue. Fixing it reduced their workload and improved turnaround time by two days.

Key takeaway:

You don’t need a lab full of dashboards and software to control a process—you need clarity, consistency, and follow-through. ISO 15189:2022 expects your processes to be reliable over time. That only happens if you’re paying attention, documenting well, and acting quickly when things slip.

How to Validate a New or Modified Process (Without Overcomplicating It)

Let’s be real—validation can sound intimidating. I’ve seen plenty of labs either overdo it with mountains of unnecessary data, or underdo it with a vague “we tested it once and it worked” kind of approach. Neither one is going to fly during an ISO 15189:2022 audit.

Validation doesn’t have to be painful. It just has to be planned, relevant, and documented. Here’s how I help my clients get it right the first time.

Step-by-step: A Simple Validation Workflow That Works

1. Create a Validation Plan
   This should answer: What are you validating? Why now? What’s the risk if it fails? Who’s responsible? And how will success be measured?
   Example: “Validating a new urine chemistry analyzer for routine use in outpatient testing.”

2. Test Under Real Lab Conditions
   Use your actual staff, your real patient samples (or quality controls), and run it the way you would on a normal day. Include both typical and borderline cases when possible.

3. Compare and Analyze Results
   This could mean comparing to a previously validated method, known values, or a gold standard. You’re looking for consistency, accuracy, and acceptable performance within defined limits.

4. Get Approval Before Use
   Don’t roll it out mid-validation. Wait until someone qualified—like the lab director or quality manager—signs off that the process is validated and fit for purpose.

5. Document Everything
   Validation plan, raw data, calculations, charts, conclusions, and final approval—keep it all together. If an assessor asks, you want to hand them one file and say, “Here’s our validation record.”

Real-life example:

A molecular lab I supported was rolling out a new RT-PCR kit for respiratory panels. Instead of validating the full panel, they focused on the top five high-volume pathogens they actually test for weekly. They ran 20 known samples, matched results against their existing method, tracked Ct value shifts, and documented the findings in a concise report. Validation done, risk covered, audit passed.

What counts as a “modification” that needs revalidation?

• Switching reagent brands

• Changing major steps in an SOP

• Adjusting instrument settings

• Moving from manual to automated versions

• Even relocating equipment in some cases (yes, that happens)

Pro Tip: Keep a running log of validations with process name, date, validation lead, and outcome. That way, when it’s time for a revalidation—or the auditor asks—you’re not digging through email chains or loose paperwork.

Documenting and Retaining Validation Evidence (So You’re Ready When the Auditor Walks In)

You’ve validated a process—great. Now comes the part that often gets rushed or forgotten: documenting it in a way that actually proves you did it right.

Let’s be honest—most labs don’t struggle with doing the validation. They struggle with showing it clearly and consistently during audits. I’ve seen smart, well-run labs get hit with nonconformities simply because their documentation was disorganized or incomplete.

Here’s what good validation documentation should include:

1. Validation Plan

   • What are you validating?

   • Why is it being validated now?

   • Who’s responsible?

   • What criteria define success?

2. Test Records and Raw Data

   • Sample IDs, dates, staff initials, measured values

   • QC material results

   • Any instrument logs, calibration reports, etc.

3. Result Analysis and Interpretation

   • Did the process meet acceptance criteria?

   • Were any anomalies found and resolved?

   • What does the data tell you about performance?

4. Final Summary or Report

   • A clear statement: “This process has been validated and is approved for use.”

   • Sign-off from a qualified person (typically the lab director or QA manager)

5. Related Documents and Version Control

   • Reference the SOP number

   • Note if it replaces a previous process or method

   • Store it where it’s linked to your QMS—not floating in someone’s inbox

A practical approach I’ve seen work:

In one diagnostic lab in Kenya, we created a simple validation folder structure—digital and paper-based—for every department. Inside each folder:

• A cover sheet listing all validations (with status: draft, complete, expired)

• Individual folders for each validated item

• An annual index updated every January

It wasn’t fancy, but it made answering audit questions fast and painless. More importantly, staff knew exactly where to look—and that’s half the battle.

What auditors expect:

They’re not looking for a novel. They want to see:

• That you followed a structured plan

• That your data supports your conclusions

• And that the right people reviewed and signed off on it

Pro Tip: Add a validation checklist to the end of every report. Just five or six items. It’s a subtle way to show your system is consistent—and it helps catch gaps before they reach the audit table.

Monitoring Validated Processes Over Time (Because Validation Isn’t a One-and-Done Deal)

Let’s get something straight—validation isn’t a finish line. Just because a process was validated six months ago doesn’t mean it’s still performing today. ISO 15189:2022 makes that pretty clear: you need to keep an eye on your validated processes to make sure they’re still doing their job.

And in my experience? The labs that treat validation as an ongoing process—not a one-time event—are the ones that sail through audits and catch issues early.

What does “ongoing monitoring” actually look like?

It’s not as complicated as it sounds. You’re basically:

• Watching for drift or inconsistent results

• Tracking key indicators tied to that process

• Flagging and investigating anomalies

• Revalidating when needed

Tools and techniques that work:

1. Quality Indicators
   Set specific indicators that reflect process performance. For example:

   • % of rejected samples

   • Repeat test rate

   • EQA/PT pass rate

   • Internal QC failures

   If those start trending in the wrong direction, it might be time to reassess the process.

2. Proficiency Testing and EQA
   External results are great feedback on how your processes are holding up. Don’t just file them—analyze them. If your PT scores dip, that’s a signal.

3. Routine Internal Audits
   Build questions about validated processes into your audit checklist. Are SOPs being followed? Has anything changed since validation? Are results still within expected ranges?

4. Staff Feedback
   Your techs know when something’s off. Create a culture where they feel safe flagging issues—especially if they notice patterns or performance shifts.

When should you revalidate?

Here are some clear triggers:

• You changed the method, equipment, or reagents

• A key staff member left, and the process is now being handled differently

• Your QC or EQA performance dropped

• You moved the process to a new location

• It’s been a year or more, and performance hasn’t been reviewed

Real story: One client of mine saw a sudden spike in sample rejection due to hemolysis. It turned out their centrifuge settings had been tweaked slightly during a maintenance visit. It was a small change—but it threw off the process. They caught it early through indicator monitoring and revalidated the updated parameters. Crisis averted.

The takeaway:

Validation proves the process works. Monitoring proves it still does. Don’t skip this step—because this is where most labs let things slide. And assessors are absolutely looking for it.

Common Mistakes and FAQs About Process Control and Validation

After working with dozens of labs on ISO 15189 transitions, I’ve seen the same issues pop up over and over. And they’re not usually about doing the work—they’re about how it’s approached and what gets overlooked.

Let’s break down the biggest missteps, so you don’t make them in your lab.

Common Mistakes Labs Make

Mistake 1: Treating validation like a one-time formality
Validation is not a checkbox. If you treat it like one, you’re missing the whole point—and likely setting yourself up for repeat issues (or audit findings).

Mistake 2: Using vendor validation as your only evidence
Yes, manufacturer data is helpful. But it doesn’t replace your own validation. ISO wants to see the process proven in your lab’s conditions, with your staff, samples, and environment.

Mistake 3: Not documenting deviations or failures during validation
Validation isn’t about perfect results—it’s about honest results. If something fails, document it, explain the fix, and show what you changed. That builds trust with auditors.

Mistake 4: Forgetting software and LIMS updates
I can’t count how many labs forget this one. If your software update affects data processing, result interpretation, or reporting, you’ve got to validate it—or at least verify that nothing broke.

Mistake 5: Over-validating processes that don’t need it
Not everything needs a full validation package. Don’t waste time validating an admin logbook or refrigerator log process. Use risk and impact as your guide.

Frequently Asked Questions

Q1: How do we know when to validate versus just verify a process?
If it’s a brand-new process, significantly modified, or has no recognized standard—validate it. If it’s a known, standardized method you’re applying in your lab, verification may be enough. The key difference is novelty and risk.

Q2: What happens if we don’t catch a validation issue until after implementation?
Fix it, document it, and assess any impact. Then revalidate. ISO 15189:2022 doesn’t expect perfection—but it does expect transparency, accountability, and corrective action.

Q3: Can the same person perform and approve a validation?
Ideally, no. You want some level of independence. At minimum, the validation plan and final approval should be reviewed by someone other than the person who conducted the testing.

Build Processes That You—and Your Auditors—Can Trust

Let’s bring it all home.

Controlling and validating your lab processes isn’t just a requirement in ISO 15189:2022—it’s how you protect your results, your reputation, and your patients. And honestly, when it’s done right, it doesn’t have to be overwhelming.

In my experience, the labs that succeed in audits (and in day-to-day operations) do a few things consistently:

• They understand the difference between control and validation—and apply both where they belong.

• They plan their validations, instead of rushing them.

• They keep documentation clear and simple—not perfect, but practical.

• And they keep an eye on things after validation—because that’s when problems tend to surface.

You don’t need a massive QMS overhaul. You need structure, consistency, and a team that understands why this matters—not just how to check a box.

If you’re looking for a place to start, start here:

• List the processes you’ve added or changed in the last 6–12 months.

• Ask yourself: Have we validated these? Are they being monitored?

• If not, make a plan—and get your team involved.

Want help building a validation process that’s lean, effective, and fully aligned with ISO 15189:2022?
That’s what we do at QSE Academy. Whether you need templates, training, or full-on consulting support, we’ve helped labs just like yours turn process chaos into confidence.

Let’s make your next audit smoother—and your operations stronger.