Lab Standards and Certifications: A Complete Overview

Introduction

Laboratories operate under a web of standards and regulations. Knowing which ones apply to your lab - and how they relate to each other - is the first step toward compliance. This article provides a practical overview of the most important standards for testing, calibration, and diagnostic laboratories.

EU In Vitro Diagnostic Regulation (IVDR 2017/746)

What it is: EU regulation governing in-vitro diagnostic medical devices, including standalone software.

Who it applies to: Manufacturers, importers, and distributors of IVD devices sold in the EU. Labs developing or modifying their own diagnostic software may also fall under its scope.

Key requirements:

• Risk-based device classification (Class A through D)
• Conformity assessment by a Notified Body (Class B and above)
• Quality Management System (typically ISO 13485)
• Technical documentation including clinical evidence
• Post-market surveillance and vigilance reporting
• Unique Device Identification (UDI)

Transition: Extended deadlines through 2028 for certain device classes, but Notified Body capacity is limited.

Relevance for lab software: Any software that provides information used for diagnostic decisions is likely an IVD device under IVDR.

IEC 62304 - Medical Device Software Lifecycle

What it is: International standard for the lifecycle of medical device software.

Who it applies to: Any organization developing or maintaining software classified as a medical device (or part of one).

Key requirements:

• Software safety classification (Class A, B, C)
• Software development planning
• Requirements analysis with traceability
• Architectural and detailed design documentation
• Implementation with code reviews
• Verification and validation at each level
• Software release and maintenance processes
• Configuration and change management

Relationship to IVDR: IEC 62304 compliance is effectively mandatory for software that falls under IVDR. It defines how to build the software; IVDR defines what regulatory obligations apply.

ISO/IEC 17025 - Testing and Calibration Laboratories

What it is: International standard for the competence of testing and calibration laboratories.

Who it applies to: Any lab performing testing, sampling, or calibration - environmental, food safety, materials, pharmaceutical QC, forensic, and more.

Key requirements:

• Impartiality and confidentiality mechanisms
• Personnel competence and ongoing training
• Controlled facilities and environmental conditions
• Equipment calibration traceable to national/international standards
• Method validation and measurement uncertainty evaluation
• Quality control through proficiency testing
• Clear, unambiguous result reporting
• Management system (standalone or ISO 9001-based)

Accreditation: Granted by national accreditation bodies (RvA, UKAS, DAkkS, etc.) for typically 4-5 years with annual surveillance.

Software angle: All software used for calculations, data acquisition, and reporting must be validated (Clause 7.11).

ISO 15189 - Medical Laboratories

What it is: International standard specifically for medical (clinical) laboratories.

Who it applies to: Laboratories performing examinations on materials derived from the human body for clinical purposes.

Key requirements:

• All ISO 17025 technical requirements, plus clinical-specific additions
• Pre-examination processes (sample collection, transport, preparation)
• Examination procedures with biological reference intervals
• Post-examination processes (result review, reporting, advisory)
• Laboratory information management (including software validation)
• Patient safety and ethical considerations

Relationship to ISO 17025: ISO 15189 builds on ISO 17025 concepts but is tailored for clinical labs. A lab can hold both accreditations if it performs both clinical and non-clinical testing.

2022 revision: Greater emphasis on risk management, information systems, and software validation.

ISO 13485 - Medical Device Quality Management

What it is: Quality management system standard for medical device organizations.

Who it applies to: Manufacturers, suppliers, and service providers in the medical device supply chain.

Key requirements:

• Process-based QMS with risk management throughout
• Design and development controls
• Purchasing and supplier management
• Production and service provision controls
• Monitoring, measurement, and improvement
• Regulatory compliance documentation

Relationship to IVDR: IVDR does not mandate ISO 13485 by name, but the QMS requirements in IVDR Annex IX align closely. Most organizations use ISO 13485 as the foundation.

ISO 14971 - Risk Management for Medical Devices

What it is: Standard for applying risk management to medical devices, including software.

Who it applies to: Medical device manufacturers, including software developers.

Key requirements:

• Risk management plan and process
• Hazard identification and risk estimation
• Risk evaluation and control measures
• Residual risk evaluation
• Risk management report
• Production and post-production monitoring

Why it matters: Risk management is referenced by nearly every other standard in this list. It is the thread that ties regulatory compliance together.

Quick Reference Table

Standard	Scope	Lab Types	Software Relevant?
IVDR 2017/746	IVD devices and software	Diagnostic labs	Yes - standalone software may be a device
IEC 62304	Software development lifecycle	Any lab developing medical software	Yes - defines how to build it
ISO 17025	Testing and calibration competence	Environmental, food, materials, pharma, forensic	Yes - software must be validated
ISO 15189	Medical laboratory competence	Clinical/diagnostic labs	Yes - software validation required
ISO 13485	Medical device QMS	Device manufacturers, labs building devices	Yes - covers design controls
ISO 14971	Risk management	All medical device contexts	Yes - applies to software risks

How They Fit Together

For a diagnostic lab building custom software:

• IVDR sets the regulatory framework
• IEC 62304 governs your development process
• ISO 13485 provides your quality management system
• ISO 14971 drives your risk management
• ISO 15189 covers your laboratory operations

For a testing lab using commercial software:

• ISO 17025 governs your operations and requires software validation
• Your vendors should comply with relevant development standards
• You are responsible for validating software in your specific environment

Tip: Start with the standard that your accreditation body or regulators require. Then work outward to the supporting standards. Trying to implement everything at once is a recipe for overwhelm.