Last Updated on October 17, 2025 by Melissa Lazaro

Why Every Medical Laboratory Needs an ISO 15189 Internal-Audit Checklist

Here’s what I’ve noticed after helping dozens of clinical laboratories prepare for ISO 15189 accreditation:
the internal audit is the moment that separates labs that are truly ready from those just hoping they are.

Many labs approach internal audits as a formality—a few checkboxes, a couple of signatures, and it’s done. But when the external assessor walks in, small oversights suddenly turn into findings. That’s when panic sets in.

An internal audit isn’t about catching people doing things wrong. It’s about catching your system before it catches you.
Done right, it gives you the same level of confidence assessors want to see: control, consistency, and proof that your management system works.

That’s exactly why we built this ISO 15189:2022 internal-audit checklist.
It’s designed to help you:

• Review every clause that matters—without missing hidden gaps.

• Identify weak points early, from document control to equipment records.

• Save time preparing evidence for your next accreditation audit.

In short, it’s the same checklist format we use when coaching laboratories across Asia, Africa, and the Middle East through ISO 15189 accreditation.
And you can download it right below—ready to customize for your own lab.

Understanding Internal Audits under ISO 15189:2022 Requirements

In my experience, most labs understand why audits matter—but few understand what ISO 15189 actually expects from them.
Clause 8.8 of ISO 15189:2022 lays it out clearly: internal audits aren’t optional. They’re your proof that the management system isn’t just written—it’s alive, consistent, and improving.

Think of it this way: the internal audit is your rehearsal before the big performance.
You’re testing whether your quality management system (QMS) can stand up to an external assessor’s scrutiny.
It’s where you catch small cracks before they become compliance gaps.

When planning internal audits, every lab should ask three simple questions:

1. Are we doing what we say we do? (Conformance check)

2. Is it working? (Effectiveness check)

3. Can we do it better? (Improvement check)

If your audit plan doesn’t answer all three, you’re not getting full value from the process.

Pro Tip:
Plan your internal audits around your busiest seasons. For example, if your laboratory handles high patient volumes during flu season, schedule audits after the rush. That way, your team can give full attention to the findings and corrective actions.

Common mistake:
Many labs assign audits only to technical staff. While they know the procedures, they might overlook system-wide issues—like document control or training effectiveness. Include someone with a management-system lens to keep the audit balanced.

The bottom line?
Internal audits aren’t about finding faults. They’re about proving that your lab’s foundation—its processes, people, and data integrity—meet ISO 15189 standards every single day.

Step-by-Step Internal Audit Process for Clinical Laboratories

Here’s something I’ve learned after guiding labs through hundreds of internal audits:
when you follow a clear structure, everything feels manageable.
When you don’t, the audit turns into a scavenger hunt.

ISO 15189 doesn’t prescribe a single “correct” way to run an internal audit, but the best laboratories follow a consistent rhythm.
Here’s the step-by-step process that actually works in practice:

Step 1: Plan the Audit

Start by defining the scope, criteria, and schedule.
Decide which departments, clauses, and processes you’ll review.
Make sure auditors are independent from the areas they assess—impartiality matters more than people realize.

Pro Tip:
Use a 12-month audit calendar. Spread out your audits instead of cramming them into one month before accreditation.
That way, findings have time to be corrected and verified properly.

Step 2: Conduct the Audit

This is where you gather evidence. Review documents, observe workflows, and interview staff.
Ask simple questions like:

• “Show me how you record sample temperatures.”

• “Where do you keep calibration certificates?”

You’re not interrogating people—you’re validating the system.

Common Pitfall:
Auditors who rush through checklists without really listening to answers.
Real improvement happens when you understand why a process fails, not just that it did.

Step 3: Report the Findings

Summarize what you observed—both strengths and weaknesses.
Use clear categories like Conformity, Observation, Minor NC, Major NC.
This helps management see where to focus attention immediately.

Pro Tip:
Keep your audit report concise. One strong finding with evidence is better than five vague observations.

Step 4: Follow Up

Audit results mean nothing unless they lead to action.
Track corrective actions (CAPAs), verify completion, and document evidence.
This loop—finding, fixing, and following up—is what keeps your system improving year after year.

Step 5: Management Review

Finally, feed audit results into your management review.
This is where leadership decides if the QMS is effective or needs major adjustments.

Pro Tip:
Always highlight recurring issues in your management review. Patterns tell a story—usually one your assessor will notice too.

When you treat audits as a continuous process rather than an annual chore, your lab shifts from reactive to ready.
And that’s the mindset external assessors immediately recognize during accreditation visits.

Key Audit Areas in ISO 15189:2022 (Clauses 4–8)

Every great internal audit starts with knowing where to look.
ISO 15189:2022 is divided into clauses that guide you from organizational structure all the way to management system performance.
If you build your checklist around these clauses, you’ll never miss the critical areas auditors focus on.

Here’s how I usually break it down when working with client laboratories:

---

Each of these clauses connects directly to the core of your QMS.
During your internal audit, go clause by clause—don’t jump randomly between departments. It helps you see patterns and link findings back to the right requirement.

Pro Tip:
Assign each clause to a different internal auditor.
When auditors specialize, they spot issues faster and with more context—especially in technical sections like validation or quality control.

Common mistake:
Labs often forget to include support processes like IT systems or external service providers.
If your LIS (Laboratory Information System) stores patient data, or if an external supplier calibrates your pipettes, both fall under audit scope. Assessors will ask for evidence of control.

Here’s the truth: if you structure your audit checklist around Clauses 4–8, you’re already 80% prepared for accreditation.
The other 20% comes from what you do after the audit—how you correct, review, and continuously improve.

Common Internal Audit Findings and How to Prevent Them

After sitting through so many lab audits, I’ve noticed something consistent — the same issues show up again and again.
They’re not always major nonconformities, but they signal weak spots that can grow into bigger problems if ignored.
Here’s what typically goes wrong — and what you can do to stay ahead.

1. Outdated or Uncontrolled Documents

Many labs still have old SOPs circulating, sometimes even conflicting versions on different computers.
When assessors see that, it immediately raises questions about version control and consistency.

Fix it fast:
Keep one master list for all controlled documents.
Make sure every revision is signed, dated, and accessible only in its latest version.

Pro Tip:
Use color-coded folders or digital tags (like “Current,” “Obsolete”) to make version tracking obvious to everyone.

2. Incomplete Training and Competency Records

ISO 15189 puts heavy emphasis on staff competence.
Yet, I often see labs with training records that stop at attendance sheets—no competency evaluations, no sign-offs.

Fix it fast:
Pair each training session with a simple competency test or observation checklist.
That way, you can prove your team isn’t just trained—they’re qualified.

Example:
One lab we worked with introduced a quick “skills spot check” form for each new method. During their audit, assessors praised the system for its clarity and traceability.

3. Equipment Maintenance Gaps

This one’s classic.
Calibrations done, but no evidence. Preventive maintenance overdue, but no reminder system.
By the time of audit, logs are missing—or worse, recreated.

Fix it fast:
Create a monthly maintenance tracker for all instruments, with automated reminders if possible.
Keep calibration certificates attached or scanned into the same file.

Pro Tip:
Auditors love seeing calibration records linked to results—like batch control or test runs. It shows you understand traceability.

4. Weak Nonconformity and CAPA Process

Some labs identify nonconformities but fail to analyze root causes.
They fix the symptom, not the system.

Fix it fast:
Always ask: Why did this happen? Then ask Why? again—at least three times.
The “5 Whys” method still works wonders in finding systemic issues.

Common mistake:
Closing CAPAs without verifying effectiveness.
Assessors expect you to demonstrate that the problem won’t recur.

5. Poor Record Retention

Missing temperature logs, sample-tracking sheets, or QC data? That’s a red flag for traceability and integrity.

Fix it fast:
Define how long each type of record must be kept and where it’s stored.
Electronic records should be backed up and access-controlled.

An effective internal audit checklist should flag these five areas automatically.
Once you start addressing them proactively, your next external audit becomes a confirmation of what you already know—your lab runs a tight, compliant operation.

How to Use and Customize the ISO 15189:2022 Internal-Audit Checklist Template

Here’s the part most labs get excited about — the checklist itself.
But before you download and start filling it out, let’s make sure you know how to use it strategically, not mechanically.

I’ve seen teams rush through a checklist just to “get it done,” and they miss its real purpose:
to help you see your quality system clearly — what’s strong, what’s weak, and what needs fixing before an assessor points it out.

Step 1: Download and Review the Template

The checklist is structured around Clauses 4 to 8 of ISO 15189:2022.
Each section has columns for:

• Requirement reference

• Audit question

• Objective evidence reviewed

• Findings (Conformity / Nonconformity / Observation)

• Corrective action / Follow-up

Take a few minutes to read through it before the audit begins.
Familiarity will help your auditors focus on substance, not formatting.

Pro Tip:
If you’re using Word or Excel, save a clean master copy.
Use duplicates for each audit so you can track year-over-year progress.

Step 2: Customize It for Your Laboratory

No two labs operate the same way.
You might have additional procedures, specialized testing areas, or different regulatory overlaps.

Adapt the checklist by:

• Adding department names or process owners in a new column.

• Including any local regulatory requirements (e.g., CAP, DOH, or CLIA references).

• Inserting rows for lab-specific processes like genetic testing, molecular diagnostics, or blood grouping.

Common Mistake:
Using a generic checklist straight from the internet without tailoring it.
Assessors can tell instantly—it shows a lack of ownership.

Step 3: Conduct the Audit and Record Evidence

During the audit, be specific.
Write down exactly what you saw, where, and who was involved.
“Observed record of calibration for centrifuge #3 — last performed on 03 May 2025 — compliant.”
Details like that show control and credibility.

Pro Tip:
If your audit is digital, attach photo evidence or link scanned records directly within the checklist.
It saves hours of searching later.

Step 4: Track Corrective Actions

Once findings are logged, track them in the same file or link to your CAPA log.
Include due dates, responsible persons, and verification signatures.

This is where many labs stop short.
Remember: your checklist isn’t just an audit record—it’s an improvement tracker.

Example:
One client used conditional formatting to highlight overdue actions in red.
By their next audit cycle, completion rates improved by 40%.

Step 5: Review and Update Regularly

After every audit, update the checklist with lessons learned.
Add new questions for recurring weak points or new requirements introduced by updates in ISO 15189 or local standards.

Pro Tip:
Schedule a “checklist review” twice a year.
Your system changes, and your checklist should evolve with it.

Once you start using the template this way, it stops being a form—and becomes a living tool that keeps your lab compliant, confident, and audit-ready all year round.

Maintaining Audit Records for Accreditation Readiness

Here’s something most labs don’t realize until the external audit is days away —
your internal audit records are often the first thing assessors ask for.
Not your methods, not your equipment files — your proof that the system monitors itself.

I’ve seen great laboratories stumble because they couldn’t find a signed audit report or had incomplete corrective-action logs.
That’s not a reflection of competence — it’s a sign of weak documentation control.
ISO 15189:2022 expects you to treat internal audit records as part of your quality evidence, not as background paperwork.

What Records to Keep

Your documentation should include:

• Approved internal audit plans and schedules

• Completed checklists with objective evidence noted

• Audit reports, including summaries and conclusions

• Corrective and preventive action (CAPA) follow-up logs

• Verification of effectiveness (sign-off by QA or management)

• Records of management review decisions based on audit results

Pro Tip:
Keep all these in a single folder (physical or digital) labeled clearly with the audit date.
Assessors appreciate quick access — it shows professionalism and control.

How Long to Keep Them

Retention depends on your national regulations, but generally, audit records should be kept for at least one full accreditation cycle (usually four years).
If findings are significant, keep related CAPA evidence longer — until you can prove the issue no longer recurs.

Example:
One lab I worked with had recurring sample-labeling errors over two years.
They retained all audit and CAPA records until three consecutive audits showed no repeat findings.
That level of diligence impressed their assessors.

Digital vs. Paper Records

Both are acceptable under ISO 15189, as long as they’re secure, retrievable, and backed up.
If you’re moving digital (and most labs are), make sure your system:

• Restricts unauthorized edits

• Tracks version history

• Has regular data backups

• Uses clear naming conventions (e.g., Audit_2025_Q1_Report.pdf)

Common Mistake:
Storing files across multiple drives without version control.
During an audit, no one should wonder, “Which one’s the final report?”

Pro Tip:

Before every management review, run a quick “documentation drill.”
Ask someone not involved in the audit to retrieve three records at random.
If they can’t find them in under five minutes, you’ve got work to do.

When your audit records are well-organized, your entire quality system looks more mature.
And that’s exactly the impression every lab wants to make when accreditation assessors arrive.

FAQs – ISO 15189 Internal Audits Simplified

Over the years, I’ve heard the same few questions come up in almost every internal audit workshop.
Here are the ones that matter most—and the clear, no-nonsense answers your team should know.

Q1. How often should we perform internal audits under ISO 15189:2022?

At least once every 12 months, but that’s just the minimum.
If your lab introduces new equipment, methods, or staff—or if you’ve had major nonconformities—it’s smart to audit more frequently.

Pro Tip:
Use a rolling schedule.
Instead of doing one massive annual audit, spread smaller audits throughout the year.
You’ll catch issues early and avoid end-of-year chaos.

Q2. Can the same person who performs the tests also conduct the internal audit?

Ideally, no.
ISO 15189 emphasizes impartiality.
Auditors shouldn’t assess work they directly perform—it’s a conflict of interest.
If your team is small, rotate auditors between departments or invite an external consultant once a year for an unbiased review.

Example:
One small pathology lab I coached swapped audit duties between microbiology and hematology teams.
It not only solved the impartiality issue but also encouraged cross-learning between sections.

Q3. What should we do if we find major nonconformities during our internal audit?

Treat them with the same seriousness you would during an external audit.
Record the issue, identify the root cause, implement corrective actions, and verify effectiveness.
Never delete or hide findings—it’s better to show that you’ve addressed them.

Pro Tip:
Keep a simple CAPA tracker that links every finding to its root cause and action taken.
It’s one of the first things assessors will review to see how well your system learns from its mistakes.

Q4. How detailed should our internal audit checklist be?

Detailed enough to cover all clauses—but flexible enough to adapt.
A checklist should guide, not limit, your investigation.
If you find a recurring issue that’s not in the list, add it.
That’s how your audit tool evolves alongside your lab.

Internal audits aren’t meant to intimidate your staff—they’re meant to empower them.
Once your team understands these basics, you’ll start seeing audits as opportunities to improve, not as hurdles to clear.

Build Confidence Before Accreditation

Here’s the truth: an internal audit is your laboratory’s best insurance policy.
It’s what keeps you from walking into an external assessment blind.
When you run consistent, well-documented audits, you’re not just “complying” with ISO 15189—you’re building a culture of competence and accountability.

I’ve seen labs transform after taking their internal audit seriously.
One small facility in Malaysia went from receiving six major nonconformities in its first accreditation attempt to zero findings two years later.
The difference? They stopped treating the audit as paperwork and started treating it as a performance review for their entire system.

If you take one thing away from this article, it’s this:
Your internal audit isn’t a test—it’s a mirror.
It reflects how ready, organized, and confident your laboratory really is.

Your Next Step

You don’t need to start from scratch.
Download the ISO 15189:2022 Internal-Audit Checklist Template and customize it for your lab.
It’s built with the same framework QSE Academy uses to train and guide laboratories toward accreditation success.

[Download the ISO 15189:2022 Internal-Audit Checklist] (insert CTA button or link)

Use it, refine it, and make it part of your quality rhythm.
That’s how you turn audits from stress points into success stories.