Here’s what I’ve learned after reviewing hundreds of ISO 15189 audit reports across medical laboratories: non-conformities don’t mean failure — they mean discovery.
Every finding tells you something about how your system really works when no one’s watching. Yet most labs panic when assessors point them out. They rush to “fix” things just to close the finding, instead of pausing to understand why it happened in the first place.
ISO 15189 isn’t designed to punish mistakes; it’s designed to expose weak spots so your system gets stronger. In fact, some of the most reliable laboratories I’ve ever worked with were the ones that had plenty of findings early on — because they treated every non-conformity like free feedback.
In this guide, I’ll walk you through the most common ISO 15189:2022 audit non-conformities we see year after year:
Why they keep showing up,
What assessors are actually looking for, and
How to prevent them from happening again.
By the end, you’ll know how to turn every finding into proof that your quality management system doesn’t just meet ISO 15189 — it lives it.
Understanding What Counts as a Non-Conformity in ISO 15189:2022
Before we dive into the most common findings, let’s get clear on what a non-conformity (NC) actually means under ISO 15189. Because I’ve seen too many labs treat every note from an assessor as a catastrophe — when sometimes, it’s simply an opportunity to improve.
What a Non-Conformity Really Is
A non-conformity is any instance where your lab’s process, record, or practice doesn’t meet a requirement of ISO 15189 — or your own documented procedure. In simple terms: it’s when you said you’d do something a certain way, and the evidence shows you didn’t.
That might sound harsh, but it’s actually helpful. Every NC reveals where your system isn’t working as designed — and fixing that brings you closer to true control.
The Three Types of Non-Conformities
Type
Meaning
Example in a Lab Context
Major Non-Conformity
A serious issue that could directly affect result quality, impartiality, or compliance.
Using uncalibrated equipment or missing key validation records.
Minor Non-Conformity
A smaller deviation that doesn’t immediately affect reliability but needs correction.
Outdated SOPs, missing staff signatures, incomplete records.
Observation / Opportunity for Improvement (OFI)
Not a violation, but a suggestion for better control.
Assessor notes that a process could be simplified or made traceable.
Pro Tip: Don’t panic when you see “minor” or “OFI” findings. They’re actually your best friends — small tweaks that prevent big problems later.
How Assessors Evaluate Them
Assessors don’t just check compliance; they evaluate system maturity — how well your lab identifies, investigates, and fixes its own issues. When they see repeated findings from previous audits, it signals that your corrective actions aren’t effective. That’s what turns small issues into bigger ones.
Common Mistake: Treating findings as personal criticism instead of process feedback. It’s not about blame — it’s about demonstrating that your system learns and adapts.
The Right Mindset
Here’s what I tell my clients: You can’t eliminate all non-conformities — and you shouldn’t try to. What matters is that you respond quickly, understand the root cause, and prevent recurrence. That’s what ISO 15189 assessors are really looking for: control, awareness, and continuous improvement.
Most Frequent Non-Conformities by Clause (with Real-World Examples)
After reviewing dozens of ISO 15189:2022 audit reports, certain non-conformities show up again and again — regardless of the lab’s size, specialty, or country. They’re not random. Each one traces back to weak system control under specific clauses of the standard.
Below is a clause-by-clause snapshot you can use as a self-check before your next audit.
Clause
Focus Area
Typical Non-Conformity Example
Clause 4 – Structural Requirements
Defines your organization’s structure, impartiality, and defined roles.
The quality manager’s authority isn’t clearly documented. Some staff can override QC without approval.
Clause 5 – Resource Requirements
Covers personnel, facilities, and equipment.
Competency records missing for new hires. Equipment calibration certificates expired or incomplete.
Clause 6 – Process Requirements
Describes the technical flow from sample collection to result reporting.
No traceability of samples in pre-examination stage. Test reports released before QC verification.
Clause 7 – Management System Requirements
Focuses on document control, internal audits, CAPA, and management review.
Outdated SOPs still in use. CAPA log not closed or missing evidence of follow-up.
Clause 4 – Structure and Responsibilities
Many labs still lack a clearly documented quality structure. Assessors often find unclear reporting lines or overlapping responsibilities. When people don’t know who approves what, accountability breaks down.
Fix it: Update your organizational chart, job descriptions, and authority matrix. Make sure your quality manager has documented independence to make decisions on compliance.
Clause 5 – People and Equipment
This clause produces the bulk of audit findings. Incomplete training files, missing competency evaluations, and unverified calibration records are common.
Example: A hematology lab was cited because their technician retraining log didn’t include a competency check after switching analyzers.
Pro Tip: Always link training → competency → authorization to work independently. If it isn’t linked, it’s incomplete in the eyes of assessors.
Clause 6 – Process Control
This is where operational discipline gets tested. Common issues include inconsistent sample tracking, missing temperature records, or releasing results before QC review.
Fix it: Set up daily process checklists and assign accountability. If you handle high sample volumes, automate traceability using barcode or LIS integration.
Clause 7 – Management System
Clause 7 findings usually come down to documentation and follow-through. Labs either don’t update documents on time, skip internal audits, or fail to verify CAPA effectiveness.
Example: One assessor noted that a lab had five open CAPAs — all marked “closed,” but none had evidence of verification.
Pro Tip: When you close a CAPA, attach proof of completion — a photo, updated record, or training sign-off. That single habit eliminates repeat findings.
These patterns don’t just reveal where labs go wrong — they show where you can get ahead. If you review these four clauses systematically before your audit, you’ll eliminate 80 % of the findings most labs struggle with.
The Top 7 Repeated ISO 15189 Audit Findings (and How to Fix Them)
After years of preparing labs for ISO 15189 audits, I can tell you—these seven findings appear like clockwork. Different assessors, different countries, same root problems. The good news? Every one of them is fixable once you understand why they happen.
1. Outdated or Uncontrolled SOPs
Old versions of procedures floating around the lab are audit magnets. Sometimes it’s a hard copy posted months ago, sometimes a technician’s personal printout. Either way, assessors will note it as a document control failure.
Why it happens: No centralized system for version control or poor communication when updates are made.
Fix it fast: Use a document master list. Archive obsolete versions immediately and clearly label controlled copies. If your lab uses digital SOPs, restrict editing rights and track version history.
Pro Tip: Add a visible “Current Version” date on every SOP footer. It shows instant control.
2. Incomplete Staff Competency Records
ISO 15189 doesn’t just care about training—it requires proof of competence. Yet most labs stop after attendance sheets or orientation forms.
Why it happens: Training and competency aren’t linked. Managers assume “trained” equals “qualified.”
Fix it fast: Pair each training record with a competency assessment (observation, quiz, or checklist). Sign off authorization only after successful evaluation.
Example: A molecular diagnostics lab cut repeat findings by adding a one-page “skills validation” form for every new method. It took five minutes to fill out—and saved hours during audits.
3. Equipment Calibration and Maintenance Gaps
Unverified calibration records are one of the most common major findings. Labs often assume that “it was calibrated last year” is good enough. It’s not.
Why it happens: Maintenance logs are decentralized or depend on service providers without internal tracking.
Fix it fast: Create a calibration and maintenance schedule for all instruments with due dates and responsible persons. Keep certificates organized chronologically, labeled with equipment ID.
Pro Tip: Stick color-coded calibration labels directly on equipment—green (valid), yellow (due soon), red (expired). Assessors love visual control.
4. Inadequate Quality Control (QC) Review
QC is the heartbeat of laboratory reliability, but it’s also one of the easiest areas to overlook. I’ve seen labs with excellent QC data but no documented review.
Why it happens: Supervisors rely on verbal confirmation instead of recorded sign-offs.
Fix it fast: Implement a QC review log where each batch or run is checked, dated, and signed by an authorized reviewer. Look for trends, not just pass/fail results.
5. Missing Risk Assessments
ISO 15189:2022 emphasizes risk-based thinking throughout the standard. Still, many labs can’t produce a single documented risk analysis during an audit.
Why it happens: Labs think risk management applies only to safety, not quality.
Fix it fast: Create a simple risk register listing potential risks, their impact, likelihood, and mitigation actions. Include technical, data, and supply-chain risks—not just accidents.
Pro Tip: Review your risk register during management meetings—it shows continual improvement.
6. Weak CAPA Management
Assessors quickly spot when a lab is just closing findings on paper. A CAPA without root-cause evidence or verification will always trigger follow-up questions.
Why it happens: Pressure to “close” findings quickly rather than investigate them properly.
Fix it fast: Use the 5 Whys method to dig deeper into causes. Verify CAPA effectiveness through follow-up audits or trend checks.
Example: A biochemistry lab reduced recurring findings by linking its CAPA tracker to internal audit data, showing proof of improvement over time.
7. Incomplete Management-Review Evidence
This one surprises many labs. ISO 15189 doesn’t just require a meeting—it requires evidence that decisions were based on data: audit results, CAPA status, QC performance, and risk reviews.
Why it happens: Management reviews become routine checkboxes instead of analytical discussions.
Fix it fast: Structure your review agenda around ISO 15189’s required inputs and outputs. Record meeting minutes and action items clearly, with follow-up accountability.
When assessors see these seven issues handled properly, they immediately sense system maturity. It’s not about perfection—it’s about proving your lab’s processes are controlled, consistent, and capable of self-correction.
Root-Cause Analysis Techniques That Actually Work
Here’s something I’ve noticed over the years — most labs think they’re doing root-cause analysis, but they’re really just describing the problem. They stop at “human error” or “staff forgot,” and move straight to corrective action. That’s not analysis — that’s labeling. And it’s exactly why the same non-conformities keep showing up every audit cycle.
A proper root-cause analysis digs deeper. It asks why something happened, not just who did it. It connects the issue to a system weakness — training, communication, process design, or management oversight. That’s what ISO 15189 assessors want to see: your system learning from itself.
1. The 5 Whys Method (Simple but Powerful)
This is my go-to for small and medium-sized findings. Start with the problem, and ask “Why?” until you reach the real cause.
Example:
Problem: Temperature logs were incomplete. Why? → The technician forgot. Why? → The reminder sheet was outdated. Why? → No one updated it after the new equipment was installed. Why? → There’s no process for reviewing control sheets quarterly. Root cause: Lack of system for document review, not technician negligence.
Pro Tip: Stop when your “why” leads to a process or system failure. That’s where change makes the biggest impact.
2. The Fishbone Diagram (Ishikawa)
For more complex or recurring problems, the fishbone diagram helps visualize all possible contributing factors. You categorize causes under key areas like Man, Machine, Method, Material, Measurement, and Environment.
Example: If your lab had repeated QC failures, your diagram might reveal:
Man: staff not trained on new reagents
Machine: analyzer not calibrated properly
Method: unclear SOP steps
Material: expired controls
Environment: temperature fluctuations
You’ll quickly see it’s not one cause — it’s a cluster. Fixing just one symptom won’t make the issue disappear.
Pro Tip: Involve your staff in this exercise. They often know where the process truly breaks down.
3. Pareto Analysis – Focus on What Matters Most
When your lab has multiple findings, it’s easy to feel overwhelmed. Pareto analysis helps you prioritize — based on the 80/20 rule. Focus on the 20% of causes that create 80% of your problems.
How to use it:
List all non-conformities from your internal and external audits.
Count how often each type appears (e.g., documentation errors = 12, equipment maintenance = 8, training = 5).
Tackle the ones with the highest frequency first.
You’ll be amazed how quickly overall performance improves once the recurring issues are eliminated.
4. Avoid the “Human Error” Trap
“Human error” sounds neat, but it’s lazy root-cause analysis. People make mistakes because of system weaknesses — unclear instructions, poor supervision, fatigue, or design flaws. If you stop at “staff forgot,” you’ll see the same issue again next year.
Pro Tip: Every time you write “human error” on a CAPA form, challenge yourself to rewrite it as:
“Human error caused by lack of visual checklist/training/update.” That’s where true prevention starts.
5. Always Document Your Analysis Process
Assessors don’t just want to see your conclusion — they want to see your reasoning. Show your steps, tools used, and participants involved. This transparency demonstrates maturity and reinforces your credibility.
The labs that master root-cause analysis rarely repeat findings. They fix problems at the source, document their thinking clearly, and prove continuous improvement. And that’s exactly what ISO 15189 is all about.
Turning Non-Conformities into Continuous Improvement
Here’s the mindset shift that separates average labs from exceptional ones: non-conformities aren’t just things to fix — they’re data.
Every finding tells you something about your system’s maturity, consistency, and blind spots. If you start treating non-conformities as lessons instead of embarrassments, your quality management system will evolve faster than any competitor’s.
From “Fix and Forget” to “Find and Improve”
Most labs close findings just to get the audit report off their desk. They update a form, send evidence, and move on. But if you don’t track trends, you’ll meet that same non-conformity again next year.
Here’s what works better:
Record every finding (internal or external) in a single master Non-Conformity Log.
Categorize them — documentation, equipment, training, process, QC, etc.
Review them quarterly to spot recurring patterns.
Pro Tip: Color-code your log by status (Open, In Progress, Closed, Verified). It turns chaos into clarity and instantly impresses assessors.
Integrate Findings into Your QMS Activities
Don’t treat CAPA as a side process — make it part of your lab’s daily rhythm.
Internal Audits: Use your NC trends to decide which processes to audit next.
Risk Management: Add recurring findings to your risk register and evaluate their likelihood and impact.
Management Review: Present trend graphs of NCs by category. Discuss how improvements reduced frequency or severity.
Example: One clinical lab reduced sample-labeling errors by 70% after linking their non-conformity data to staff refresher training schedules. The finding became the seed for a measurable improvement.
Build a Learning Culture, Not a Blame Culture
Here’s a hard truth: people stop reporting issues in labs where mistakes lead to blame. But ISO 15189 thrives on transparency. If your team feels safe admitting errors, you’ll catch and correct them long before an assessor does.
Pro Tip: During staff meetings, highlight improvements born from findings. Say things like, “Because we found this issue last quarter, we’ve now simplified the QC review process — and it’s saving everyone time.” That’s how you normalize learning.
Use Data Visualization for Impact
Numbers don’t lie — but visuals tell the story faster. Plot your NCs in simple charts:
By type
By department
By recurrence
By audit cycle
Even a basic Excel graph helps you see where the risks concentrate.
Common Mistake: Tracking NCs without analyzing them. A spreadsheet full of data means nothing if you’re not turning it into decisions.
Close the Loop
Continuous improvement isn’t just about fixing — it’s about proving effectiveness. Once a CAPA works, update the related SOP, communicate changes, and train your team. That closes the loop completely — and that’s what assessors love to see.
When you approach non-conformities this way, your lab shifts from reactive to proactive. You stop fearing findings and start using them as fuel. That’s when ISO 15189 stops being paperwork — and starts becoming culture.
FAQs – ISO 15189 Audit Non-Conformities Explained
Over time, I’ve noticed the same questions come up from lab managers, quality officers, and even technical staff right after an audit. Most of them aren’t about the findings themselves — they’re about what happens after. So here are the most important answers, based on real-world experience from hundreds of ISO 15189 audits.
Q1. What’s an “acceptable” number of non-conformities in an ISO 15189 audit?
There’s no official “pass or fail” number. Even high-performing labs get several findings during accreditation. What matters is severity and response, not quantity.
If you have one major non-conformity that affects patient results, it’s more serious than ten minors about paperwork. Accreditation bodies look at your system control and improvement response — how quickly and effectively you correct issues.
Pro Tip: Don’t aim for zero findings; aim for zero repeat findings. That’s what really shows improvement.
Q2. How long do we have to close our non-conformities after an audit?
Most accreditation bodies (like CAP, SANAS, or TAF) give you 30 to 60 days to submit evidence of corrective action, depending on the severity. However, it’s smart to act faster — auditors appreciate responsiveness.
If a finding needs more time (like equipment replacement), communicate clearly with the accreditation body and provide your action plan with deadlines.
Example: A lab once needed three months to replace a biosafety cabinet. They stayed compliant by submitting a documented timeline, purchase proof, and temporary risk control measures. Transparency counts.
Q3. Can a single major non-conformity stop accreditation?
Yes, it can — but only if it directly affects result reliability or patient safety. For instance, uncalibrated instruments, missing verification data, or testing without proper authorization are serious red flags.
The good news? You can still achieve accreditation once you correct the issue and provide verifiable proof. Accreditation bodies focus on system recovery, not punishment.
Q4. What’s the best way to write a non-conformity report?
Keep it short, factual, and evidence-based. Your report should clearly include:
Description of the finding – what was observed.
Clause reference – which part of ISO 15189 it relates to.
Root cause – what led to it.
Corrective action – what was done to fix it.
Verification – how you confirmed it worked.
Pro Tip: Avoid defensive language. Replace “It was human error” with “The procedure lacked a verification step, which has now been added.” Assessors value ownership and clarity.
Q5. How do we prevent the same finding from coming back next year?
Track your findings and analyze trends. If an issue reappears, your root-cause analysis wasn’t deep enough or your CAPA wasn’t verified. Schedule follow-up internal audits specifically targeting previously identified weak points.
Pro Tip: Treat your last audit report like your next audit checklist. That’s how mature labs turn past findings into tomorrow’s strengths.
When you understand how to handle findings — calmly, transparently, and systematically — you turn the audit process into an advantage. It stops being about passing or failing and becomes a cycle of refinement that keeps your lab strong, consistent, and trusted.
Prevent, Prepare, and Prove Control
Here’s what years of ISO 15189 consulting have taught me: non-conformities are not a reflection of failure — they’re a reflection of awareness. They show that your system is active, being tested, and learning from real situations. The problem isn’t having findings. The real risk is ignoring them or fixing them on paper without changing the system behind them.
The best laboratories don’t hide their weak spots; they manage them. They use findings as starting points for smarter processes, better training, and clearer accountability. That’s what separates a compliant lab from a resilient one.
Key Takeaways
Major vs. Minor: Focus less on labels and more on impact.
Root Cause: Always dig deeper than “human error.”
CAPA: Don’t close it until you verify effectiveness.
Trends: Track and review findings quarterly — patterns tell the real story.
Culture: Build a “learning lab,” not a “blaming lab.”
When assessors see that kind of transparency and control, it builds trust instantly. They stop viewing your lab as one that merely follows ISO 15189 — and start seeing it as one that embodies it.
Final Thought
Every audit, every finding, and every CAPA is a data point in your laboratory’s growth curve. The labs that embrace that mindset don’t just pass audits — they become benchmarks in their field.
So next time you review your audit report, don’t ask, “How many findings did we get?” Ask instead, “What did our system just teach us?”
Your Next Step
If you want to make this process easier, QSE Academy offers a ready-to-use ISO 15189 Non-Conformity & CAPA Tracker Template — the same framework we use to help labs manage findings systematically and stay audit-ready year-round.
[Download the ISO 15189:2022 CAPA Tracker Template] (insert CTA button or link)
Use it to organize, analyze, and close findings with confidence — and turn your next audit into a story of measurable improvement.
Melissa Lavaro is a seasoned ISO consultant and an enthusiastic advocate for quality management standards. With a rich experience in conducting audits and providing consultancy services, Melissa specializes in helping organizations implement and adapt to ISO standards. Her passion for quality management is evident in her hands-on approach and deep understanding of the regulatory frameworks. Melissa’s expertise and energetic commitment make her a sought-after consultant, dedicated to elevating organizational compliance and performance through practical, insightful guidance.
