EUROLAB “Cook Book” – Doc No.

19

IMPARTIALITY AND CONFIDENTIALITY

IMPARTIALITY

Introduction
In earlier versions of ISO/IEC 17025 the issue of a laboratory´s impartiality has not been a big issue. In
ISO 17025:2005 [1] Impartiality is only mentioned in notes and conflict of interest is only mentioned
once. However, in the revised version of the standard ISO/IEC 17025:2017 [2] there is a new section 4.1
dealing with impartiality emanating from ISO general requirements. It is therefore now more important for
laboratories to show how they have handled the issue about impartiality. In 4.1.1 it is stated “Laboratory
activities shall be undertaken impartially and structured and managed so as to safeguard impartiality”
and later “The laboratory shall be responsible for the impartiality of its laboratory activities”.

It is important for the laboratory to be sure that there are no commercial, financial or other pressures
which may compromise impartiality and if there any try to eliminate or minimize the risk. Examples of
such risks are ownership, employee contracts etc.

Commitment
The laboratory management shall be committed to impartiality. Two possible ways to show this is to
have a special impartiality policy or involve a statement about impartiality in the quality policy and to
discuss impartiality on the management review and to include the discussions and decisions in the
minutes of meeting. A combination is possible.

There are other documents than a policy and minutes from the management review where a statement
of commitment to impartiality may be done e.g. articles of association for the company if the laboratory
has limited (Ltd) responsibility.

Identifying risks to impartiality

In 4.1.4 it is stated that “The laboratory shall identify risks to its impartiality on an on-going basis”. The
laboratory shall make be a risk analyses. In the analyses contract reviews (to identify if there is risk
connected to the customer or the activity), management reviews, internal audits and performance
reviews (to identify any risk connected to personnel) could be used as input. Since this shall be an
ongoing activity it is important to identify changes in the laboratories activities that may become a risk.
Even if there are no changes in the laboratories activities the impartiality risk analyses should at least be
reviewed during the management review. This shall include those risks that arise from its activities, or
from its relationships, or from the relationships of its personnel.

A relationship that threatens the impartiality of the laboratory can be based on ownership, governance,
management, personnel, shared resources, finances, contracts, marketing (including branding), and
payment of a sales commission or other inducement for the referral of new customers, etc.

Eliminating or minimising risks to impartiality

In the new standard, there is a requirement for the laboratory to eliminate or minimise the identified risk
to impartiality. Note that there no requirement to totally eliminate the risk. There are many possibilities to
eliminate or minimize risks, e.g.
- Letting other parts of the laboratory perform the test if the initial part is compromised by any
reason,
- Change the personnel if the initial personnel are compromised,
- Quarantine time for compromised personnel (it is recommended to decide on the length of
quarantine time for personnel in general),
- Employment contract,
- Make changes in the activity e.g. take away the most critical part.

1
2017
EUROLAB “Cook Book” – Doc No. 19

Even though impartiality is especially mentioned in ISO 17025 and design may be a risk for impartiality
laboratories are allowed to test prototypes and new products without any compromise to its impartiality.
The laboratory shall be able to show how it has handled the issue of impartiality so these activities shall
be documented.

CONFIDENTIALITY

Introduction
Even though the new version of ISO 17025 is including a lot more text about confidentiality the basic
requirements from ISO17025:2005 have not changed but is more detailed. The main requirement is that
the laboratory should have policies and procedures to ensure the protection of its customers' confidential
information and proprietary rights, including procedures for protecting the electronic storage and
transmission of results which was stated in ISO 17025:2005.

Handling
ISO 17025:2017 require that the laboratory shall legally commit itself to keep information obtained or
created during the performance of assignment for client secret. If any information will be made publicly
available either by the customer, by an agreement between laboratory and customer or by requirements
in the law the laboratory shall inform the customer in advance.

Information about the customer obtained from sources other than the customer as well as the provider of
the information shall be confidential between the customer and the laboratory.

Personnel shall keep customer information confidential. This may be handled in the employment
contract.

It is preferable if the laboratory is regulating all issues concerning confidentiality in the contract. As a
general rule customer information should be kept confidential.

References
[1] ISO/IEC 17025:2005, “General requirements for the competence of testing and calibration laboratories”
[2] ISO/IEC 17025:2017, “General requirements for the competence of testing and calibration laboratories”

2
2017