Quality assurance (QA) and quality control (QC) are two distinct parts of quality management. QA focuses on the processes used to create a product or deliver a service, while QC focuses on inspecting the final output to confirm it meets standards. Think of QA as building the right system so things go well, and QC as checking afterward to make sure they actually did.
Both exist in virtually every industry, from pharmaceutical manufacturing to software development to healthcare. Understanding how they work together helps explain why some organizations consistently deliver reliable results and others don’t.
How QA and QC Actually Differ
The simplest way to separate them: QA is proactive, QC is reactive. QA sets up the rules, training, documentation, and workflows before any work begins. It asks, “Is our process designed to produce the right outcome?” QC happens after work is done. It asks, “Did this specific product or result actually meet the standard?”
QA covers nearly the entire quality system. It includes writing standard operating procedures, training staff, auditing workflows, and validating that equipment is properly calibrated. QC is a subset of those activities, focused specifically on testing, measuring, and inspecting outputs. In a factory, QA would be the documented procedure for assembling a component. QC would be pulling finished components off the line and measuring whether they fall within acceptable tolerances.
Auditing is a core QA activity. An audit reviews whether the processes in place are actually being followed and whether they’re effective. QC, by contrast, doesn’t review the process. It reviews the product. A QC technician doesn’t care how the assembly line is organized. They care whether the widget in front of them passes or fails.
What This Looks Like in Practice
In healthcare, QA might involve designing a protocol for how nurses administer medication, including double-check steps and electronic verification. QC would be reviewing medication error reports to see if the protocol is working. Hospitals that track metrics over time often use statistical process control charts, which plot data points like blood glucose levels, blood pressure readings, or treatment response times on a graph with upper and lower limits. When data points stay within limits, the process is stable. When they drift outside, something needs attention.
One well-documented example: hospitals tracking “door-to-needle time” for patients having heart attacks used control charts to identify that their initial process was wildly inconsistent. After analyzing the process and making changes (a QA activity), the treatment times dropped significantly and stayed within a narrow, predictable range. The control chart (a QC tool) confirmed the improvement was real and sustained.
Patients with asthma have even been asked to chart their own breathing function daily using similar methods. This gives both the patient and their doctor a visual picture of whether the current treatment plan is maintaining stable lung function or whether something is shifting.
Why Both Matter for Safety
Poor quality carries enormous costs. The World Health Organization estimates that around 15 percent of hospital spending in high-income countries goes toward correcting mistakes in care or treating infections patients acquired during their hospital stay. One in ten patients in high-income countries is harmed during medical treatment. In low- and middle-income countries, 10 percent of hospitalized patients develop an infection during their stay, compared to 7 percent in wealthier nations. The broader economic toll of poor quality care, including disability and lost productivity, runs into trillions of dollars annually.
These numbers illustrate why inspection alone (QC) isn’t enough. You can catch errors after they happen, but if the underlying process keeps generating them, you’re just playing catch-up. QA addresses the root cause by redesigning how work gets done. QC then verifies that the redesign is holding.
The Role of Standards and Regulations
Most regulated industries rely on formal standards that define what QA and QC must look like. In pharmaceutical manufacturing, Good Manufacturing Practices (GMP) require that drugs are consistently produced and controlled to quality standards appropriate for their intended use. GMP spells out requirements for both production processes and quality control testing, covering everything from personnel qualifications to facility design to documentation practices.
Medical laboratories follow ISO 15189, a standard specifically for lab quality and competence. The most recent version, published in 2022, consolidated requirements for point-of-care testing into the main standard and gave laboratories until December 2025 to transition. For labs, QA includes things like method validation, staff competency assessments, and internal audits. QC includes running known control samples alongside patient samples to verify that instruments are producing accurate results.
Common QA Methodologies
Several structured frameworks help organizations build effective QA systems. One of the most widely used is the Plan-Do-Study-Act (PDSA) cycle, which works in four stages. First, you identify a goal and plan a change. Then you implement it on a small scale. Next, you compare what actually happened to what you predicted. Finally, you use that data to refine the plan and try again. The cycle repeats, each pass producing a more reliable process. PDSA is intentionally small-scale at first so problems can be caught and corrected before a change rolls out broadly.
Six Sigma is another approach, more data-heavy, that uses statistical analysis to reduce variation in a process. Where PDSA is flexible and iterative, Six Sigma is structured around measuring defects per million opportunities and systematically eliminating their causes. Many organizations combine elements of both.
How Technology Supports QA and QC
Modern quality management relies heavily on software, particularly in laboratories and manufacturing. Laboratory Information Management Systems (LIMS) tie together samples, test methods, instrument outputs, deviations, and approval records into a single traceable chain. Every result stays connected to the sample it came from, the method used to test it, and the person who approved it.
Key features include audit trails that automatically record who did what and when, role-based access so only authorized staff can approve results, and structured data capture that keeps information consistent across different testing runs. The goal is to build quality evidence into everyday work as it happens, rather than reconstructing it after the fact. When sample history has to be pieced together from memory or scattered records, errors and gaps are almost inevitable.
Putting QA and QC Together
Neither QA nor QC works well in isolation. A perfectly designed process (strong QA) still needs verification that it’s producing correct results in practice (QC). And catching defects through inspection (QC) is inefficient and expensive without a well-designed process (QA) that minimizes defects in the first place. The most effective organizations treat them as complementary: QA builds the system, QC tests it, and the data from QC feeds back into QA to drive continuous improvement.
In practical terms, if you work in any field where consistency and accuracy matter, you’re already doing some version of both. QA is every checklist, training session, and standard procedure you follow. QC is every time you check a finished product, review a report for errors, or verify that a measurement falls within an acceptable range. The formal frameworks just make those habits systematic, measurable, and repeatable.