Labs

ISO 15189 and Software Validation: What Labs Need to Know

Understanding the software validation requirements of ISO 15189:2022 and how to implement them efficiently in your laboratory.

ISO 15189:2022 and Software

The 2022 revision of ISO 15189 (Medical laboratories - Requirements for quality and competence) places greater emphasis on information management and software validation than its predecessor. For accredited laboratories, this means every piece of software used in the examination process must be validated before use - and re-validated after significant changes.

What Counts as "Software" Under ISO 15189?

The standard casts a wide net. Validation requirements apply to:

  • LIMS - Your core laboratory information management system
  • Middleware - Software bridging instruments and LIMS
  • Instrument firmware - Especially when configurable
  • Spreadsheets and databases - Yes, that critical Excel workbook counts
  • Cloud-based applications - SaaS tools used in the examination workflow

If it processes, stores, or transmits examination data, it needs validation.

The Validation Process

A pragmatic validation approach includes:

  1. Validation plan - Define scope, acceptance criteria, responsibilities, and timeline.
  2. Requirements specification - What must the software do? Document functional and non-functional requirements.
  3. Installation qualification (IQ) - Confirm the software is installed correctly in your environment.
  4. Operational qualification (OQ) - Verify that features work as specified under normal conditions.
  5. Performance qualification (PQ) - Test with real-world data and workflows to confirm fitness for purpose.
  6. Validation report - Summarize results, document deviations, and formally approve for use.

Proportionate Effort

Not every tool requires the same depth of validation. A risk-based approach is both acceptable and recommended:

  • High risk (results interpretation, auto-verification): Full IQ/OQ/PQ with documented test cases.
  • Medium risk (data transfer, report generation): Focused testing on critical functions.
  • Low risk (scheduling, non-clinical admin): Simplified verification sufficient.

Ongoing Compliance

Validation is not a one-time event. You must re-validate when:

  • Software is upgraded or patched
  • Operating environment changes (e.g., new server, OS update)
  • Workflows that depend on the software change
  • Issues are identified during routine use

Maintain a software register listing all validated systems, their current version, and next review date.

Practical Tips

  • Leverage vendor documentation - Good vendors provide validation support packages. Use them as a starting point.
  • Automate where possible - Scripted test cases are repeatable and save time during re-validation.
  • Train your team - Everyone using validated software should understand their role in maintaining its validated state.

Summary: ISO 15189:2022 makes software validation non-negotiable for accredited labs. A risk-based, well-documented approach keeps you compliant without drowning in paperwork.

Related Articles

Computerized System Validation (CSV) for Laboratories: A Lifecycle Approach

Let's talk about your lab

Whether you're modernizing your infrastructure, navigating compliance, or building new software — we can help.

Book a 30-min Call