You know the assessment date is coming. You are confident the testing itself is sound. What is harder to say is whether every record that proves it is complete, current, and in the form an assessor expects on the day they ask. That gap, between running good point-of-care testing (POCT) and being able to evidence it on demand, is where most services lose marks. Not because the science was wrong, but because the paperwork lived in three places and one log was a month out of date.

This POCT audit checklist turns that vague dread into a concrete list. It covers what assessors most often flag, the documents and records they ask to see, and how to make the audit trail assemble itself rather than chasing it across spreadsheets, paper folders and shared drives.
This article is for operational and educational purposes and is not medical advice.
Start with the findings assessors raise most often
If you read nothing else, self-diagnose against these. They account for a large share of POCT non-conformities in UK and EU assessments:
- Internal quality control (IQC) without defined acceptance rules. QC was run, but there is no documented rule for what passes, what fails, and what action follows a failure.
- Lapsed competency. Training certificates exist, but the periodic reassessment is overdue, or an operator on the result list is not on the competency register.
- An SOP that does not match practice. The written procedure describes an old device, an old lot-handling step, or a version no one is following.
- Reagent lot and storage gaps. No record linking results to the lot used, or fridge and room temperature logs with unexplained breaks.
- EQA returns filed but not reviewed. The service participates, but there is no signed review of performance and no action recorded when a result was an outlier.
Almost every item below maps back to one of these five.
Your POCT audit checklist, document by document
A current SOP for every test
Each test on your menu needs a standard operating procedure that matches the device and reagents actually in use. It should be version-controlled, dated, authorised by a named role, and available where testing happens. A good POCT SOP template helps standardise this, but the template is only as good as the review that keeps it current. Assessors frequently ask an operator to perform a test and compare what they do against the SOP word for word.
Verification records before first patient use
Before a new device or test goes live, you verify it performs in your hands as the manufacturer states. Manufacturer performance claims are obtained under ideal conditions, so verification confirms they hold with your operators, your environment and your sample types. For a quantitative test such as HbA1c, that usually means precision checks and a comparison against your existing or reference method, with pre-set acceptance criteria and a documented conclusion. Keep the raw data, not just the sign-off.
IQC logs with acceptance rules
This is the record most likely to be examined line by line. Assessors want to see: the QC material and lot, the expected ranges, the rule set you apply (for example, action limits and a multi-rule approach), Levey-Jennings style trending, and, crucially, the action taken when QC was out. Run QC at a defined frequency, after a new reagent lot, and after maintenance, and record who reviewed the chart and when. A log of numbers with no acceptance rule and no failure actions reads as data collection, not quality control. For a marker like CRP, define what a fail looks like before you run, not after.
EQA participation and documented review
External quality assessment (EQA) is participation in a recognised scheme plus evidence that you act on the returns. File the reports, yes, but also record a dated review: was performance acceptable, what was the trend, and what action followed any poor or outlier result. Unreviewed EQA is one of the most common easy marks to lose.
Training and competency files
For every operator you need initial training, a competency assessment against the current SOP, and periodic reassessment at a defined frequency. The register should reconcile exactly with the operators who appear on your result records. If someone is producing results and is not signed off, that is a finding waiting to happen.
Reagent lot and storage traceability
You should be able to take any single result and say which reagent lot produced it, that the lot was in date, and that storage conditions held. That means lot and expiry capture, new-lot verification or crossover, and temperature monitoring for fridges and rooms, with logged excursions and the actions taken.
Result reporting and the audit trail
For each result, an assessor may ask: who performed the test, on which device, using which reagent lot, with which QC in date at the time, what the result and units were, against which reference range, when, and who authorised release. Critical result handling and result amendments should be traceable too. This is the single thread that ties the whole file together.
Risk assessments
Expect to show documented risk assessments covering reagent handling (including COSHH where relevant), sample and sharps safety, device failure, and the clinical risk of an incorrect result, each with mitigations and a review date.
Management review minutes
Quality is meant to be governed, not just performed. Minutes of a periodic management review should cover QC and EQA performance, incidents and complaints, audit findings, competency status, and resourcing, each with owners and actions you can show were closed. An assessor will often ask you to demonstrate that last year’s actions actually happened.
How ISO 15189:2022 Annex A frames POCT
In the current landscape, point-of-care testing requirements sit within ISO 15189:2022, whose Annex A describes additional requirements specific to POCT. It replaced the earlier standalone POCT standard. In plain terms, Annex A expects clear governance and responsibilities for POCT, controlled procedures, trained and competent operators, quality control and external quality assessment, and traceable records linking devices, reagents and results. UK services are typically assessed against this by UKAS. Describe and apply it in your own quality system, and consult the official standard for the exact wording rather than relying on summaries.
Where readiness usually breaks: records in three places
Most services are not failing on testing. They are failing on retrieval. The competency register is a spreadsheet, the QC is a paper log by the analyser, lot numbers are on a whiteboard, fridge temperatures are on a clipboard, and results sit in the device or a separate system. When an assessor asks you to trace one result back through QC, lot and operator, you are stitching four sources together in real time, and any one of them being out of date becomes the finding.
A digital POCT record changes the shape of the problem. When the result, the operator, the device, the reagent lot, the QC status at the time, and the timestamp are captured together as testing happens, the audit trail assembles itself. POCTIFY provides digital solutions for point-of-care testing tailored to each clinic’s needs, and it works with the devices and systems you already use, so the people who tested, the lot they used, the QC that was in date and the result they produced sit on one record instead of across spreadsheets, paper and shared folders. Pulling the evidence for an assessment becomes a search, not a scavenger hunt.
A short pre-assessment dry run
Two weeks out, do a timed exercise. Pick three recent results at random and try to produce, within ten minutes each, the full trail: operator and competency, device, reagent lot and expiry, QC in date at the time, result and reference range, and authorisation. Then pull your last EQA review and your most recent management review minutes. If any of these takes real digging, you have found your gap while you still have time to close it. For a deeper refresher on the QC side, see our guide to internal quality control in POCT.
Talk to POCTIFY
If your audit trail currently lives across paper logs, spreadsheets and shared drives, that is exactly the gap a digital record is meant to close. Talk to POCTIFY about tailored support for your test menu and the assessment you are preparing for. No pressure, just a practical look at where your evidence sits today and how to make it assemble itself.
Frequently asked questions
What documents do POCT assessors ask to see first?
Typically a current SOP for each test, IQC logs with defined acceptance rules, EQA participation and review records, operator competency files, and reagent lot and storage traceability. Many assessors then ask you to trace a single result back through its QC, reagent lot and operator.
What is ISO 15189:2022 Annex A and how does it apply to POCT?
ISO 15189:2022 is the standard for quality and competence in medical laboratories, and its Annex A sets out additional requirements specific to point-of-care testing. It replaced the earlier standalone POCT standard. Apply it within your own quality system and consult the official standard for the exact wording.
What is the difference between IQC and EQA in POCT?
Internal quality control (IQC) is testing known control material in your own setting to confirm the method is performing day to day. External quality assessment (EQA) is participation in an independent scheme that compares your results against other sites. Assessors expect both, each with documented review and action.
How long should we keep POCT QC and competency records?
Retention is set by your accreditation body and your organisation’s records policy. Many UK services keep QC, EQA and competency records for at least two years, but confirm the period that applies to your scheme rather than assuming a single figure.
How often should POCT operator competency be reassessed?
Initial competency is assessed before independent testing, then reassessed at a defined frequency, commonly annually, and after significant changes such as a new device or a revised SOP. The competency register should match the operators who appear on your result records.


