7 Common Compliance Issues Labs Need to Watch Out For

For most labs, audit prep tends to focus on the big-picture items: accreditation standards, training schedules, and instrument validations. 

But an analysis of the 470 FDA Warning Letters issued in 2025 shows that many laboratory compliance findings don’t stem from policy gaps. They come from the small procedural breakdowns that were overlooked because the lab was busy and everything seemed to be working fine.

The issues covered here recur across CAP, CLIA, ISO 17025, and state-regulated labs. In this guide, we’ll share the most common compliance issues that labs face, and what tools and software your lab can use to mitigate them.

The Most Common Compliance Issues For Labs Today

While the manifestations of these compliance gaps will vary based on your industry, compliance standards, and tests, we find that the following tend to be the most common across labs:

• Out-of-date or incomplete SOPs
• Missing competency records
• QC failures
• Equipment calibration and maintenance gaps
• Chain of custody breakdowns
• Corrective action that never closes
• Data integrity and audit trail gaps

We’ll explore each of these in more depth and share the best tools you can use to mitigate them.

Out-of-Date or Incomplete SOPs

If there’s one finding that appears at virtually every type of lab audit, it’s this one: standard operating procedures that haven’t been reviewed on schedule, that are missing approval signatures, or that no longer reflect how the lab actually runs the test.

Most labs have SOPs – missing them is rarely the issue – but many labs allow their SOPs to fall out of date once they are written. Change happens all the time: instruments are updated, new test methods are introduced, and new software systems are purchased. Your workflows are likely in constant flux, but those SOPs have remained static since the moment they were first printed. 

Auditors check review dates, approval signatures, and whether the version staff is using matches the current controlled copy. When those things don’t line up, it’s a finding. What makes this issue so dangerous is that everything in your lab could otherwise be running fine: tests could run successfully day-to-day, but your staff having access to and following outdated SOPs is a safety issue, not just a minor documentation gap.

Missing or Incomplete Competency Records

There’s a meaningful difference between a training record and a competency assessment, and many labs document one without the other. 

A training record says an employee attended a session or read a procedure. A competency assessment documents that they can perform the test correctly, and it requires specific evidence to satisfy CLIA and CAP requirements.

Under CLIA, competency assessment for testing personnel must be completed within 6 months of hire and annually thereafter. It has to include six specific evaluation methods: 

1. Direct observation
2. Monitoring of QC results
3. Testing of previously analyzed specimens
4. Problem-solving exercises
5. Observation of instrument maintenance function checks
6. Assessment of test result reporting. 

Checking “completed annual training” on a spreadsheet doesn’t satisfy that requirement. Meanwhile, labs that adhere to ISO 17025 have a similar requirement in clause 6.2: they must document the specific competency requirements – such as education, training, skills, and experience – for every role that influences laboratory results. 

The documentation gap that generates findings is the same: training on file, competency assessment not.

QC Failures and Trend Blind Spots

Running QC is only half of the work required for labs; you also need to document it, review it systematically, and act on what it tells you, which is where many labs fall short.

The issue here isn’t just that QC is out of range. Auditors are often more concerned with the work “behind the scenes” to audit and document results to explain why results are what they are. The absence of this is a serious cause for concern and leaves you open to scrutiny by inspectors. Auditors want to see evidence that someone monitors trends over time, not just when test results fall out of spec. 

Proficiency testing is a related failure point. Failing a PT event isn’t automatically a compliance catastrophe, but how the lab responds is scrutinized closely. If the corrective action is vague (“reviewed procedure with staff”) or if the same analyte fails in consecutive PT events, that becomes a significant finding.

Equipment Calibration and Maintenance Gaps

Instruments should be regularly serviced. But are those service records documented in a way that satisfies accreditation requirements?

For ISO 17025-accredited labs, this is particularly common. ISO 17025 requires that calibration trace back to national or international standards, with documentation supporting that chain. A service technician’s sign-off on a maintenance form isn’t the same as a calibration certificate referencing a traceable standard. Labs that maintain equipment on schedule but can’t produce the calibration documentation auditors are actually looking for end up with findings on equipment they’ve been servicing correctly all along.

Chain of Custody Breakdowns

Chain of custody is often at the center of compliance and legal requirements, yet labs that rely on spreadsheets or paper-based systems risk missing it entirely.

It’s rarely a single dramatic error that exposes this issue. It’s the series of informal workarounds that accumulate over time: 

• Samples were hand-transferred between technicians without a logged receipt.
• Temperature excursions that get noticed but are not formally documented.
• Rejection criteria that exist in the SOP but aren’t enforced consistently in practice.

While your lab staff may carry the context for each sample with them individually, that context is lost across your entire lab. What should be a carefully woven tapestry of auditable data is nothing more than a mess of broken threads. By the time the chain of custody record gets written, it’s reconstructed from memory rather than recorded in real time. Even if that reconstructed record is accurate, auditors have no way to confirm it, and that gap is a finding.

Corrective Action That Never Closes

Far too many labs view CAPA (corrective and preventative actions) as a reactive process rather than a proactive exercise.

Opening a nonconformance is the easy part. The finding that shows up at audits is a CAPA that was opened after the previous inspection, documented with a note like “staff reminded of procedure,” and closed without evidence of root cause analysis or effectiveness verification. 

The more damaging version is a recurring finding. An issue that appeared in the previous audit and reappears in the current one tells the auditor the corrective action didn’t work – or more commonly, that it was never meaningfully implemented. That signals a systemic quality management problem, not a one-time mistake.

Internal audit findings are a related issue. Labs that identify problems during self-inspection but don’t formally enter them into the QMS end up in a position where the auditor finds notes on a desk with no corresponding corrective action record. The expectation is consistent whether you’re under CAP, CLIA, ISO 17025, or FSMA: problems get formally documented, investigated, and closed, not managed informally and filed away.

Data Integrity and Audit Trail Gaps

As throughput scales, more and more labs are adopting hybrid systems that combine paper-based records with software for digital data management.

This is the right choice to make, but data spread across systems opens up a number of integrity gaps that can sink an inspection.

The specific concern is whether finalized records can be changed after the fact and whether those changes would be visible. Under ISO 17025 and FDA 21 CFR Part 11, labs are expected to have controls that prevent unauthorized data modifications and create a clear audit trail when corrections are made. A legitimate correction to a transcription error, properly documented with a reason, date, and signature, is acceptable, but repeatedly altered records without documentation constitute a data integrity violation.

You’d be surprised by how widespread issues like these are. We spoke with a lab developing cutting-edge medical technology that still tracked inventory and test result data in spreadsheets. As they secured more funding and throughput increased, they quickly realized that Excel was a fine starting point but not a feasible solution for maintaining data integrity across samples, inventory, and reagents.

Spreadsheet-based systems are at serious risk of this because cells can be edited without any log of who changed what and when. QBench LIMS, for example, locks records upon entry and generates a complete audit trail, meaning every edit is logged with a timestamp and user attribution, whether the change occurred in QC, sample records, or instrument logs.

What Software Can Labs Use To Better Manage Compliance?

If one thing is clear from the above, it’s that manual systems offer little in the way of monitoring and accounting for data at scale. 

You can only get so far if you manage sample data, inventory, or training records manually. These days, modern labs rely on specialized software to defend their data and provide a clear record to auditors. The two most common options that can help mitigate the above compliance issues are:

• QMS: A QMS (Quality Management System) is a software platform designed to help labs meet customer requirements and regulatory standards. This can ensure that your lab consistently and efficiently produces products and performs services.
• LIMS: A LIMS (Laboratory Information Management System) is a comprehensive software platform designed to manage and track samples, tests, and results throughout the entire lab workflow. 

Many labs may find they need a QMS (for quality management) and a LIMS (for data management, customer management, and reporting). This can quickly become an expensive endeavor if you are buying two separate systems. Personally, we recommend purchasing a LIMS with a built-in QMS (more on this later) to consolidate your software platforms and limit costs.

No matter what software you choose, we recommend considering the following:

• Cloud vs. on-premise: Cloud-based software offers faster implementation, lower upfront costs, automatic updates, and easier remote access.
• Configurability: Does the vendor require custom coding from a developer, or is it configurable so anyone on your team can log in and adjust settings to adapt the platform to your needs?
• Implementation timeline and approach: No LIMS comes “out of the box,” but some platforms are easier to implement than others. Fast is not always best; some vendors offer a quick implementation with months of work after your go-live date for extended services. 
• Expertise of the team: Look for a vendor who understands your needs because they’ve walked a mile or two in your shoes. For example, at QBench, we’re proud to employ many people who have worked in your shoes and understand what lab managers and staff go through each day.

Both a LIMS and a QMS can be great assets in improving data, document, and record management. Next, we’ll share how a LIMS can help your lab.

How the Right LIMS Reduces Compliance Risk

A LIMS can be a tremendous asset for organizing records and maintenance logs and centralizing your lab’s data in one place.

The issues above are driven more by systems that are insecure by design rather than careless or forgetful staff. Spreadsheets and the like require constant vigilance and reminders to enter the right data in the right place at the right time, every time. 

That works until it doesn’t, and it tends to stop when it matters most.

A modern LIMS like QBench addresses the root cause rather than relying on people to catch gaps after they’ve opened.

• SOP management: A LIMS enforces document control, including version history, required review intervals, approval workflows, and electronic signatures. Your staff will work from current procedures, and the LIMS can automatically flag SOPs approaching their review date before they fall out of compliance.
• Competency and training records: QBench supports centralized document storage, so that personnel records, competency assessment documentation, and certification expiration dates are all in one place.
• QC trend tracking: Rather than manually reviewing charts at the end of the month, a LIMS like QBench can flag trends before they become a control failure.
• Chain of custody: Thanks to barcode scanning, QBench LIMS ensures that every sample handoff is logged electronically at the time of the handoff. Temperature excursions and rejection decisions are documented in the system rather than reconstructed from memory after the fact.
• Corrective action workflows: With QBench, CAPAs are opened, assigned, tracked, and closed within the built-in QMS. Root cause documentation and effectiveness checks are built into the workflow.
• Audit-ready records: Labs running on a modern LIMS can generate the documentation package auditors need on demand. Labs running on paper or hybrid systems spend days before an inspection manually assembling records that still have gaps.

There is no comparison between a LIMS and manual methods like spreadsheets and pen and paper when it comes to managing compliance for your staff, tests, and sample data. A LIMS centralizes your lab’s data in one place, provides a secure system for document storage, and can automate entire workflows to make compliance a function of your lab operations rather than a sprint before an audit.

Get the Lab Compliance Guide and Build the Systems That Catch These Before Your Auditor Does

The seven issues covered here share a common thread: they’re not surprises. 

They come up consistently across lab types and accreditation bodies because they reflect the same underlying problem: processes that function informally but don’t hold up when they need to withstand scrutiny on paper.

But here's some good news: predictable problems are preventable ones. But preventing them requires more than a pre-audit checklist. It requires systems that make laboratory compliance a continuous process.  

If your team is still managing SOPs, competency records, CAPAs, and audit documentation across spreadsheets, paper records, and disconnected systems, our Lab Compliance Guide walks through the exact controls auditors expect to see and how leading labs are implementing them.

Fill out the form below to get your copy.