When NATA or UKAS auditors assess your laboratory, non-conformance tracking is one of the most scrutinised elements of your quality management system. Auditors are not simply looking for a list of problems - they want evidence of a functioning, closed-loop system that identifies issues, investigates root causes, applies corrective actions, and verifies that those actions worked. A lab that tracks non-conformances well demonstrates the kind of continuous improvement culture that ISO 15189 is fundamentally built around.

TL;DR

• ISO 15189 requires laboratories to document, investigate, and close out non-conformances with verified corrective actions.

• NATA and UKAS auditors look for evidence of systematic tracking, not just incident logs.

• Common non-conformance failures include incomplete documentation, missing root cause analysis, and unverified corrective actions.

• A purpose-built non-conformance reporting system removes the administrative burden and creates an auditable trail automatically.

• Rezibase includes a dedicated accreditation module purpose-built for respiratory and sleep labs pursuing ISO 15189 compliance.

About the Author: This article is written by the Rezibase team, specialists in clinical physiology lab operations and ISO 15189 compliance, with over 37 years of combined experience supporting respiratory and sleep laboratories across Australia, New Zealand, the UK, and Ireland.

What Does ISO 15189 Actually Require for Non-Conformance Management?

ISO 15189 is the international standard governing quality management and technical competence in medical laboratories [immqas.org.uk]. Under this standard, laboratories must establish a systematic process for identifying non-conforming work, managing the consequences, and ensuring the issue does not recur [ukas.com].

Specifically, the standard requires:

• Detection and documentation of any work or process that does not conform to established procedures or requirements.

• Responsibility assignment so a designated person evaluates the significance of the non-conformance.

• Corrective action proportionate to the risk and root cause of the issue.

• Monitoring and review to confirm that corrective actions were effective and that the non-conformance has been resolved.

The 2022 revision of the standard further integrates risk-based thinking, meaning non-conformances must now be assessed not just for what went wrong, but for what could go wrong if the root cause is not addressed [poctify.com]. This shifts the expectation from reactive documentation to proactive risk management.

What Do NATA and UKAS Auditors Specifically Look For?

Auditors from both NATA and UKAS assess non-conformance management as part of a broader evaluation of your laboratory's quality management system laboratory infrastructure. According to published guidance from NATA, the most common assessment non-conformances relate to documentation gaps - specifically, failures to maintain internal policies, procedures, and forms that reflect actual practice [nata.com.au].

Based on what accreditation bodies consistently flag, auditors want to see:

NATA assessments result in detailed reports that classify findings as either major or minor non-conformances [odwyeraccreditation.com.au]. Major non-conformances - those that fundamentally undermine the reliability of your results or your quality management processes - can delay or jeopardise accreditation. Minor issues, if left unresolved across multiple assessment cycles, can escalate.

For labs pursuing UKAS accreditation requirements, the expectations are closely aligned. ISO 15189 accreditation through UKAS verifies a laboratory's integrity, impartiality, and capability, and auditors use non-conformance records as a proxy for the lab's overall quality culture [ukas.com].

Why Do Laboratories Fail Non-Conformance Audits?

Most laboratories are not failing because they have too many non-conformances. They are failing because they cannot demonstrate what they did about them.

Research examining ISO 15189 assessment findings in medical laboratories identified that documentation failures - not technical errors - represent a dominant category of non-conformance during audits [pmc.ncbi.nlm.nih.gov]. In other words, the problem is not the science, it is the paper trail.

The most common failure points include:

• Incomplete records: The non-conformance was logged but the investigation and corrective action were never documented.

• No root cause analysis: The "fix" addressed the symptom, not the underlying cause.

• Unverified close-out: The corrective action was marked as complete but no evidence exists that it worked.

• Disconnected documents: The non-conformance sits in one spreadsheet, the corrective action in an email, and the procedure update in a shared drive folder nobody can find.

• No trend review: Individual incidents were handled, but no one reviewed whether the same issue kept recurring across different staff or testing areas.

This last point is particularly important for clinical laboratory quality management. A single non-conformance may be an isolated incident. Three of the same type in six months is a system problem.

What Makes a Non-Conformance Tracking System Audit-Ready?

A genuinely audit-ready non-conformance corrective action workflow is not a spreadsheet. It is a structured process that connects detection, investigation, action, and verification in a single traceable record.

The key characteristics of a robust non-conformance reporting system include:

• Centralised logging with fields for date, category, description, risk level, and staff member involved.

• Structured investigation templates that prompt users to document root cause analysis.

• Action plan assignment with owners, due dates, and status tracking.

• Effectiveness review steps built into the workflow before close-out.

• Automatic linkage to relevant procedures, documents, and training records.

• Audit-trail export that presents the full lifecycle of each non-conformance to an assessor.

When these elements are embedded in laboratory quality control software, auditors can trace the complete history of any incident in minutes. That readiness is itself evidence of a mature quality system.

How Does Rezibase Support ISO 15189 Non-Conformance Requirements?

Rezibase includes a dedicated accreditation module built specifically for respiratory and sleep laboratories operating under TSANZ/NATA Standards and ISO 15189. Rather than bolting compliance onto a general platform, the module was designed by respiratory scientists who have lived through accreditation assessments themselves.

The accreditation module covers:

• Non-conformance tracking with structured workflows for logging, investigation, corrective action, and close-out.

• Action plan management linked directly to non-conformances.

• Document management with ISO 15189 document control and version history built in.

• Training records to demonstrate staff competency as required under the standard.

• Internal audit management to support ongoing self-assessment between external assessments.

• Quality control using Westgard methods, natively integrated.

Because Rezibase is cloud-based, the entire audit trail is accessible from anywhere, version-controlled, and always up to date. There is no server to maintain, no local software to update, and no risk of losing records in a hard drive failure.

For labs currently using another system such as Respiro, transitioning to Rezibase is straightforward. Data migration is handled as part of the onboarding process, so your existing records come with you.

Frequently Asked Questions

What is a non-conformance in ISO 15189?
A non-conformance is any instance where a process, procedure, or result does not meet the requirements defined in your quality management system or the ISO 15189 standard.

How many non-conformances are acceptable for accreditation?
Accreditation bodies do not penalise laboratories for having non-conformances. They assess whether those non-conformances are properly managed, investigated, and resolved.

What is the difference between a major and minor non-conformance?
Major non-conformances represent fundamental failures that could compromise patient results or laboratory integrity. Minor non-conformances are isolated gaps that do not immediately threaten the reliability of the laboratory's output [odwyeraccreditation.com.au].

Does ISO 15189 require a formal non-conformance reporting system?
Yes. The standard requires a documented process for identifying, recording, evaluating, and resolving non-conforming work, including corrective action verification.

What is root cause analysis and why does it matter?
Root cause analysis identifies the underlying reason a non-conformance occurred, not just what went wrong. Without it, corrective actions address symptoms rather than causes, and the same issue tends to recur.

How does ISO 15189 document control relate to non-conformances?
When a non-conformance reveals a procedural gap, the relevant document must be updated. ISO 15189 document control ensures those updates are version-controlled, approved, and linked back to the original finding.

Can a cloud-based system satisfy NATA and UKAS audit requirements?
Yes, provided the system maintains a complete, auditable record of all quality activities. Cloud-based platforms like Rezibase are increasingly preferred because they offer reliable access, automatic backups, and real-time collaboration.

About Rezibase

Rezibase is Australia's most advanced respiratory and sleep reporting platform, trusted by over 35 sites including the NHS in the UK and NSW Health in Australia. Built by respiratory scientists with over 37 years of experience, Rezibase is a cloud-based SaaS solution that covers the full clinical and administrative workflow for respiratory and sleep laboratories. Its accreditation module is purpose-built to support ISO 15189 compliance, covering non-conformance tracking, document control, training records, internal audits, and Westgard-based quality control in a single, vendor-neutral platform.

Ready to see how Rezibase can make your next NATA or UKAS assessment straightforward? Visit rezibase.com to book a demo or start your 30-day free trial.