Handbook PDF

Download as pdf or txt
Download as pdf or txt
You are on page 1of 77

Co-Authors

Diana Baldi Heather Wade

Innovation Training & Consulting, Inc. Heather Wade Group, LLC


[email protected] [email protected]
www.InnovationTrainer.com www.HeatherWadeGroup.com
011-267-935-9399 011-734-275-4400

DISCLAIMER
Innovation Training & Consulting, Inc. (ITCI) publishes this document for informational and
educational purposes. This material is not intended to provide definitive answers to specific individual
circumstances and as such is only intended to be used as a guide. ITCI recommends that you always
seek independent expert advice relating directly to any specific situation. ITCI accepts no
responsibility for anyone placing sole reliance on this material.

COPYRIGHT
Copyright © 2020 Innovation Training & Consulting, Inc. All rights reserved. For permission to
reproduce, please contact [email protected].

1
Table of Contents
PREFACE ..................................................................................................................................... 4
THE AUTHORS ............................................................................................................................ 6
Diana Baldi ...................................................................................................................................... 6
Heather Wade ................................................................................................................................. 7
EBOOK OVERVIEW....................................................................................................................... 8
Purpose ........................................................................................................................................... 8
Target Audience .............................................................................................................................. 8
Key Objectives................................................................................................................................. 8
Chapter 1: Overview of the ISO/IEC 17025 Revision ................................................................... 9
What is ISO/IEC 17025?.................................................................................................................... 9
Why has ISO/IEC 17025 been revised? ............................................................................................. 9
What is the general transition period for Accreditation? ................................................................. 9
Can Accreditation Bodies define a different transition period? .................................................... 10
Who’s Who on the International Stage? ........................................................................................ 10
Chapter 2: New Structure and Concepts of ISO/IEC 17025:2017 .............................................. 15
What has changed? ....................................................................................................................... 15
Risk-based thinking ............................................................................................................ 15
New structure and style...................................................................................................... 15
What are the highlights of changed requirements?........................................................................ 16
Annex A Metrological traceability ...................................................................................... 16
Annex B Management system options ............................................................................... 16
Chapter 3: Introductory Sections ............................................................................................. 17
Foreword....................................................................................................................................... 17
Introduction .................................................................................................................................. 17
1. Scope ............................................................................................................................. 17
2. Normative references..................................................................................................... 17
3. Terms and definitions .................................................................................................... 18
Chapter 4: ISO/IEC 17025:2017 Clause 4 – General Requirements............................................. 19
4.1 Impartiality .................................................................................................................... 19
4.2 Confidentiality ............................................................................................................... 20
Chapter 5: ISO/IEC 17025:2017 Clause 5 – Structural Requirements ......................................... 21
Structural Requirements............................................................................................................... 21
Chapter 6: ISO/IEC 17025:2017 Clause 6 – Resource Requirements .......................................... 22
6.1 General........................................................................................................................... 22
6.2 Personnel ....................................................................................................................... 22
6.3 Facilities and environmental conditions ........................................................................ 23
6.4 Equipment ..................................................................................................................... 23
6.5 Metrological traceability ................................................................................................ 28
Historic advancements in metrological traceability ......................................................... 28
6.6 Externally provided products and services .................................................................... 30
Chapter 7: ISO/IEC 17025:2017 Clause 7 – Process Requirements ........................................... 32
7.1 Review of requests, tenders and contracts .................................................................... 32
7.2 Selection, verification and validation of methods ......................................................... 33
7.2.1 Selection and verification of methods ................................................................... 33

2
7.2.2 Validation of methods ............................................................................................ 35
7.3 Sampling ........................................................................................................................ 36
7.4 Handling of test or calibration items.............................................................................. 37
7.5 Technical records ........................................................................................................... 38
7.6 Evaluation of measurement uncertainty........................................................................ 38
7.7 Ensuring the validity of results ....................................................................................... 40
7.8 Reporting of results........................................................................................................ 41
7.8.1 General .................................................................................................................... 41
7.8.2 Common requirements for reports (test, calibration or sampling) ...................... 41
7.8.3 Specific requirements for test reports ................................................................... 43
7.8.4 Specific requirements for calibration certificates ................................................. 43
7.8.5 Specific requirements for reporting sampling ...................................................... 44
7.8.6 Reporting statements of conformity...................................................................... 44
7.8.7 Reporting opinions and interpretations ................................................................ 46
7.8.8 Amendments to reports ......................................................................................... 46
7.9 Complaints..................................................................................................................... 47
7.10 Nonconforming work ..................................................................................................... 48
7.11 Control of data and information management .............................................................. 49
Chapter 8: ISO/IEC 17025:2017 Clause 8 – Management System Requirements ....................... 50
8.1 Options .......................................................................................................................... 50
8.2 Management system documentation (Option A) ........................................................... 51
8.3 Control of management system documents (Option A) ................................................. 51
8.4 Control of records (Option A) ......................................................................................... 52
8.5 Actions to address risks and opportunities (Option A) ................................................... 52
8.6 Improvement (Option A) ................................................................................................ 53
8.7 Corrective actions (Option A) ......................................................................................... 55
8.8 Internal audits (Option A)............................................................................................... 55
8.9 Management reviews (Option A) .................................................................................... 56
Annex A Metrological traceability ...................................................................................... 57
Annex B Management system options ............................................................................... 57
Chapter 9: Summary and Next Steps ....................................................................................... 58
9.1 Summary........................................................................................................................ 58
9.2 Next Steps ...................................................................................................................... 58
9.3 Engage Support Systems ............................................................................................... 59
Appendix: Detailed list of Changes from ISO/IEC 17025:2005 to ISO/IEC 17025:2017 .............. 61

3
PREFACE

Common questions asked by management are “Why go through all the trouble to have internal and/or
external vendor laboratories be accredited to ISO/IEC 17025? Isn’t registration to ISO 9001 enough?”
Let’s explore a few reasons to help you decide.

1. When you see a reported value, how much do you trust that value as accurate? In accounting, we
are taught to think that way. Accountants see numbers that are exact. On a balance sheet, the
income and expenses match to the penny, right? When laboratories report measurement values,
however, there is a range of uncertainty around the reported values. For example, a value of 10
might be represented as 10 +/- 1. This means the answer should be between 9 and 11.

One key difference between ISO 9001 and ISO/IEC 17025 is whether a measurement value is
reported as a single value or includes the possible measurement range (XX +/-y) with a statistical
level of confidence. This range “y” around a value “XX” is called measurement uncertainty. The
measurement uncertainty is very helpful in determining whether the reported values are within
product specifications or not. You wouldn’t want to release product out of specifications, right? Or
reject good product! Neither decision is good for business.

2. If you sent your sample to another laboratory for testing or calibration, what is the likelihood you
would get a similar data and make the same decisions when using the other lab’s data? ISO/IEC
17025 requires a laboratory to participate in inter-laboratory comparisons or proficiency sample
sets to give them and their accrediting body feedback on how well their data compares with other
laboratories. This is valuable feedback to identify potential blind spots in their testing practices so
corrections can be made. Or the feedback confirms confidence in the lab’s reported results. We
celebrate that!

3. Are you a stickler for verifying whether something you bought with a brand name on it is
authentic? Or are you okay with paying a high price for knock-offs? Well, with ISO 9001, a
laboratory can write an internal procedure and their registration auditor will verify that they are
following that procedure. With ISO/IEC 17025, the accreditation body verifies the laboratory
procedure has been validated and is appropriate for use, in addition to being followed. That
means the procedure follows approved methods or verifies any custom procedure the lab
develops meets strict validation protocols. The ISO/IEC 17025 assessors are required to have
direct knowledge of the testing method they review. Under ISO 9001, auditors with only general
knowledge of test methods may be allowed to assess to ISO 9001.

4. Another key difference between ISO 9001 and ISO/IEC 17025 is the determination of staff
competence and its impact on resulting measurement data validity. While ISO 9001 has reference
to competency, ISO/IEC 17025’s main focus is on technical competency. After all, “competence” is
in the title of ISO/IEC 17025!

These are a few of the many reasons why you want to understand what is required by ISO/IEC 17025
and use it as a benchmark for any laboratories you use. ISO 9001 is for management systems for any
organization. Whether you seek formal accreditation or not is a separate question. When you see the

4
extra protections to ensure competency of the laboratory and reliability of the lab’s results which are
built into ISO/IEC 17025, you will not be satisfied with ISO 9001 alone.

For more information about the benefits of maintaining ISO/IEC 17025 accreditation over ISO 9001
registration, see ILAC: The Advantages of Being Accredited. A screen shot of a page from the
document is below. Here is the full document link: https://ilac.org/?ddownload=898

5
THE AUTHORS

Diana Baldi
Diana is president of Innovation Training & Consulting, Inc.
(ITCI), founded in 2006. She started ITCI after a successful
career as quality manager, supply chain manager, laboratory
assessor, certified auditor and trainer for several ISO
standards. Her early experiences doing quantitative
environmental analyses and field work gave her insights on
how polluted the air and water was in her hometown in the
Ohio River Valley. That experience sparked a degree in
Environmental Science, environmental engineering graduate
work, and 11 years of service at the US Environmental
Protection Agency Region III. Her government work led to
extensive knowledge of conducting a variety of test methods
for metals, volatile and semi-volatile organics, pesticides and
herbicides via Gas Chromatography (GC), GC/Mass Spectroscopy (GC/MS), microbiology, and
bioassays. She also led teams completing data validation for dioxin and other analyses. She assessed
laboratories and audited systems within engineering firms, state programs, and suppliers of
proficiency samples and standards.

Among Diana’s proudest accomplishments are:

• Directly managing millions of dollars of complex analytical testing for a global chemical company.
The projects included negotiation of national contracts, forming model partnerships, delineation
of contamination and site cleanup, monitoring bioaccumulation within a watershed, coordination
with multi-disciplinary teams, data validation, and evaluation of treatability studies.
• Being Quality Assurance Manager for a corporate department conducting air testing via mobile
lab, treatability studies, industrial hygiene testing, and other standard and state of the art testing.
• Conducting chemistry and environmental testing assessments for the American Association of
Laboratory Accreditation (A2LA) for many years and 3rd party audits for other ISO standards.
• Being an industry representative during the 10-year development of the National Environmental
Laboratory Accreditation Program (NELAP).
• Training thousands of individuals on how to interpret and perform systems audits to the ISO
standards for laboratory management, quality, environmental, health and safety, laboratory
management, and Responsible Care®, the American Chemical Council (ACC) standard.

Diana has a unique combination of expertise in development and implementation of integrated


management systems, emphasizing that business processes serve the organization and its customers.
She has direct experience in the Baldridge Framework for Excellence, ISO/IEC 17025 (testing and
calibration laboratories), ISO 14001 (environmental), ISO 9001 (quality), ISO 45001 (health and safety),
and Responsible Care®. She has worked with a wide variety of sectors including manufacturing,
service, nonprofit, testing laboratories, healthcare, and government.

6
Heather Wade
Heather A. Wade, ASQ-CCT, ASQ-CQA, and President of Heather
Wade Group, LLC, is a proud metrology nerd and internationally
sought expert whose passion is applying her knowledge,
industry experience, listening skills, and relentless energy to
effectively solving your company’s measurement and laboratory
management issues.

A graduate of the University of Michigan with a B.S. in Biology,


Heather has worked as a microbiologist, filter test specialist,
laboratory compliance officer, extraction chemist, and an
analytical chemist before moving full-time into metrology.

Heather really found her calling when she had the opportunity to
develop and standardize a one-person calibration lab into a
high-performing, multi-functional metrology and asset
management team. She helped instill quality metrology
practices across NSF International’s multiple chemistry, microbiology, and physical engineering test
labs, which, in turn, improved their measurements and upheld the integrity of NSF’s testing by
reducing out-of-conformance tests and the resulting costly retesting and possible recalls for NSF’s
customers.

Among Heather’s proudest accomplishments are:

• Transforming the calibration lab activities from paper-based to all electronic-based system to
improve retrievability, protection and security, and saved money and space by not having to
buy more file cabinets, paper, and storage space.
• Standardizing calibration procedures, training program, and training records to enhance
efficiency, reproducibility, reliability, and for documenting and tracking staff competence.
• Enhancing the calibration team’s responsiveness and customization of in-house provided
calibrations, which resulted in minimizing or eliminating downtime of test instruments.
• Investing in calibration standards (6 months to 2 years Return On Investment (ROI) by moving
outsourced calibrations in-house), allowing for more responsive and customized calibrations
while saving the company time and money.
• Transforming external audits from receiving findings to receiving written commendations.
• Realizing an on-going and ever-growing annual savings of >$1,000,000 in outsourced
calibration costs for her employer. This changed the perspective of the calibration team from
a cost-center to a cost-saving center.

Heather credits her on-going participation and leadership in the world’s leading quality, standards,
and metrology communities for continually learning, networking, and presenting ideas as an
internationally sought subject matter expert and speaker.

7
EBOOK OVERVIEW

Purpose
This ebook is designed to do the following:
• Provide an overview of the ISO/IEC 17025:2017 standard,
• Explain the main authorities related to laboratory accreditation,
• Summarize the reasons and types of changes from ISO/IEC 17025:2005 to 2017 edition,
• Review the requirements of ISO/IEC 17025:2017 General Requirements of Testing and
Calibration Laboratories,
• Describe the timeframe for implementing ISO/IEC 17025:2017, and
• Review the accreditation process for laboratories to ISO/IEC 17025.

Target Audience
This ebook is designed for people who need to be familiar with the requirements of the ISO/IEC 17025
standard such as, but not limited to, the following:

• Senior management and leaders responsible for the transition of their organization’s
laboratory management system to meet the new requirements,
• Those implementing a new laboratory management system or updating an existing system,
• ISO/IEC 17025 assessors and laboratory specialists,
• Quality managers or technical managers for laboratories,
• Internal assessors,
• Operations personnel, and
• Trainers and consultants.

Key Objectives
We invite you to benefit from this ebook in the following ways:

1. Learn about the ISO/IEC 17025:2017 requirements in the main chapters of this ebook,
2. Practice applying concepts to your laboratory,
3. Evaluate your own laboratory and practices to confirm conformance or identify gaps,
4. Evaluate the non-accredited testing and calibration suppliers for your organization to identify
any actions needed to meet the requirements of ISO/IEC 17025:2017,
5. Understand the players and their roles,
6. Recognize the details of what has changed from ISO/IEC 17025:2005 in the Appendix,
7. Use the Appendix to help your internal assessors confirm conformance to make the transition
to the 2017 revision and better understand points raised by 3rd party Assessors,
8. Identify and prioritize your next steps to enhance your laboratory management systems, and
9. Get to know Diana and Heather as reliable and competent resources to assist you.

8
Chapter 1: Overview of the ISO/IEC 17025 Revision

What is ISO/IEC 17025?


ISO/IEC 17025 is an international standard that specifies the requirements for a laboratory
management system. The standard contains a set of requirements enabling laboratories to improve
their ability to produce consistently valid results. It applies to both testing laboratories and calibration
laboratories.

Why has ISO/IEC 17025 been revised?


Many management systems have come into use worldwide over the last twenty-five years. All ISO
standards are scheduled for review every five years or so to establish whether a revision is required to
keep them current and relevant for the marketplace. Organizations that use multiple management
systems standards are increasingly demanding a common format and language that is aligned
between those standards. ISO/IEC 17025:2017 responds to the latest trends for laboratories and to be
more compatible with other standards that are related to conformity assessment (i.e., ISO/IEC 17000
series of standards).

Where are we in the revision process?


The ISO/IEC 17025:2017 standard was published November 2017.

Year Standard
1987 ISO 9001:1987 (first edition)
1990 ISO/IEC Guide 25
1994 ISO 9001:1994 (first minor revision)
1999 ISO/IEC 17025:1999 (renumbered Guide 25)
2000 ISO 9001:2000 (first major revision)
2005 ISO/IEC 17025:2005
2008 ISO 9001:2008 (second minor revision)
2010 ILAC/SABS requested CASCO workgroup to revise ISO/IEC 17025
2015 ISO 9001:2015 (second major revision)
2017 ISO/IEC 17025:2017
Nov 2020 ISO/IEC 17025:2005 will be withdrawn

What is the general transition period for Accreditation?


The laboratories worldwide have a period of three years from the date of publication to transition to
the new version. The impact of this revision will be greater than the 2005 edition. Eighteen months
from the date of publication, any new accredited certifications issued will be to ISO/IEC 17025:2017. As
of November 2020, ISO/IEC 17025:2005 will be completely withdrawn and all labs with ISO/IEC 17025

9
accreditation will need to be accredited to ISO/IEC 17025:2017.

Figure 1: General Transition Period for Accreditation

Can Accreditation Bodies define a different transition period?


Yes. For example, the Standards Council of Canada has noted that they may allow laboratories to
continue to be assessed to the 2005 version under extenuating circumstances. Examples of valid,
extenuating circumstances include, but are not limited to, the following:

• Corporate/Group accreditation laboratories that are working on a consolidated approach to


implementing the revised standard, or
• Laboratories that hold two or more accreditations from different accreditation bodies, who
are required to meet different transition and implementation plans developed by the
accreditation bodies.

Who’s Who on the International Stage?


The four international bodies responsible for metrology, accreditation, and standardization
worldwide are the following:

1. BIPM = The International Bureau of Weights and Measures (www.BIPM.org):

a. Is the coordinator of the world-wide measurement system,;


b. Provides a forum for Member States to act together on matters related to measurement
science and measurement standards; and
c. Publishes the SI Brochure, which defines the International System of Units (SI).

10
2. OIML = The International Organization of Legal Metrology (www.OIML.org). Legal metrology is the
application of legal requirements to measurements and measuring instruments. Legal metrology
encompasses, in part, how items are measured for sale and trade. OILM Is an intergovernmental
treaty organization which:

a. Develops model regulations, standards, and related documented use develops model
regulations, standards and related documents for use by legal metrology authorities and
industry;
b. Provides mutual recognition systems which reduce trade barriers and costs in a global
market;
c. Represents the interests of the legal metrology community within international
organizations and forums concerned with metrology, standardization, testing,
certification and accreditation;
d. Promotes and facilitates the exchange of knowledge and competencies within the legal
metrology community worldwide; and,
e. Cooperates with other metrology bodies to raise awareness of the contribution that a
sound legal metrology infrastructure can make to a modern economy.”

3. ILAC = The International Laboratory Accreditation Cooperation (www.ILAC.org)


a. “ILAC is the international authority on laboratory, inspection body, reference material
producer and proficiency testing provider accreditation, collectively known as Conformity
Assessment Bodies (CABs), with a membership consisting of accreditation bodies and
stakeholder organizations throughout the world.”

b. The International Laboratory Accreditation Cooperation (ILAC) is the international


organization for accreditation bodies operating in accordance with ISO/IEC 17011 and
involved in the accreditation of Conformity Assessment Bodies including calibration
laboratories (using ISO/IEC 17025), testing laboratories (using ISO/IEC 17025), medical
testing laboratories (using ISO 15189) and inspection bodies (using ISO/IEC 17020).
ISO/IEC 17011:2017 specifies requirements for the competence, consistent operation and
impartiality of accreditation bodies assessing and accrediting Conformity Assessment
Bodies.

4. ISO = The International Organization for Standardization (www.ISO.org)


a. ISO is an “independent, non-governmental international organization with a membership
of 164 national standards bodies” that through its members, “brings together experts to
share knowledge and develop voluntary, consensus-based, market relevant International
Standards that support innovation and provide solutions to global challenges.”

b. The Council Committee on Conformity Assessment (CASCO) is the ISO committee that
works on issues related to conformity assessment.

11
What do these four organizations do?

In November 2018, these four organizations issued a Joint Declaration on Metrological Traceability
emphasizing that “Metrological traceability is one of the elements that establishes international
confidence in the worldwide equivalence of measurements.”

These four bodies collaborate, with other international stakeholders, in the Joint Committee for
Guides in Metrology (JCGM) responsible for developing common documents. Two JCGM documents
key to this Declaration are:

1. Uncertainty in Measurement - Part 3 - Guide to the Expression of Uncertainty in Measurement


(GUM) – JCGM 100. Two related documents are OIML G 1-100 and ISO/IEC Guide 98-3. All three
documents promote a consistent and common approach to the evaluation of measurement
uncertainty in a variety of metrological situations

2. International Vocabulary of Metrology - Basic and General Concepts and Associated Terms (VIM) –
JCGM 200. Two related documents are OIML V 2-200 and ISO/IEC Guide 99.

The latest versions of these and related publications can be downloaded free of charge from the BIPM
website.

Who Publishes ISO/IEC 17025:2017?

ISO/IEC 17025:2017 is published by ISO and the International Electrotechnical Commission (IEC). IEC is
one of the three global sister organizations (IEC, ISO, and ITU 1) that develop International Standards
for the world.

IEC is the world’s leading organization for the preparation and publication of
International Standards for all electrical, electronic and related technologies.

ISO is an “independent, non-governmental international organization with a


membership of 164 national standards bodies” that through its members, “brings
together experts to share knowledge and develop voluntary, consensus-based,
market relevant International Standards that support innovation and provide
solutions to global challenges.” Source: www.ISO.org.

1
ITU is International Telecommunication Union and is a specialized agency of the United Nations that is
responsible for issues concerning information and communication technologies.

12
Who Oversees Accreditation to ISO/IEC 17025:2017?

International Laboratory Accreditation Cooperation (ILAC) is the international


authority on laboratory, inspection body, reference material producer and proficiency
testing provider accreditation, collectively known as Conformity Assessment Bodies
(CABs), with a membership consisting of accreditation bodies and stakeholder
organizations throughout the world.

ILAC maintains a formal list of signatories on their Mutual Recognition Agreement


(MRA). The accreditation bodies that are signatories to the ILAC MRA have been peer
evaluated in accordance with the requirements of ISO/IEC 17011 to demonstrate their
competence. The ILAC MRA signatories agree to accept the results of each
other’s accredited Conformity Assessment Bodies under the ILAC MRA. Hence, the
results from the Conformity Assessment Bodies accredited by the ILAC MRA signatories
are able to be recognized internationally. The aim being, “Accredited Once, Accepted
Everywhere.” Source: www.ILAC.org.

BEWARE OF UNRELIABLE MARKS

Here are two examples of UNRELIABLE seals that imply


ISO/IEC 17025 “approval”. Be sure to understand the
difference between certification and accreditation.
Accreditation is the proper term to use. Confirm the
authorizing authority on any testing or calibration
certificates you use is listed on ILAC’s Mutual Recognition
Agreement list.

Who Works Along with ILAC in the Realm of Accreditation?


“The International Accreditation Forum (IAF) is the world association of Conformity
Assessment Accreditation Bodies and other bodies interested in conformity
assessment in the fields of management systems, products, services, personnel and
other similar programs of conformity assessment. Its primary function is to develop a
single worldwide program of conformity assessment which reduces risk for business
and its customers by assuring them that accredited certificates may be relied upon.
Accreditation assures users of the competence and impartiality of the body
accredited.”

In short, IAF ensures that “its accreditation body members only accredit bodies that
are competent to do the work they undertake and are not subject to conflicts of
interest.” Source: www.iaf.nu. Another way to express this is that IAF ensures
accreditation bodies are competent and impartial.

13
Figure 2: ILAC Regional Cooperation Bodies

What is the scope of accreditations worldwide?


• Over 87,000 accredited Conformity Assessment Bodies (CABs)
• Over 103 economies represented

14
Chapter 2: New Structure and Concepts of ISO/IEC 17025:2017

What has changed?

Risk-based thinking

Risk-based thinking was added (Clause 8.5), which enabled reducing the
prescriptive requirements in 2005 version. More performance-based
guidelines were added in 2017. This leads to more flexibility in
documentation and shifts responsibility to the laboratory to manage
identified risks.

New structure and style


The 2017 standard allows flexibility to recognize core management systems requirements common to
other ISO standards like 9001, 14001, 45001, etc. The 2017 standard has simplified language and
writing styles to aid understanding and consistent interpretations of its requirements. There is more
flexibility in how laboratory processes are documented. The 2005 standard had stringent
documentation requirements and tried to “dictate” how to manage the laboratory. Now, the standard
shifts responsibility to manage risk to the laboratory. The 2017 standard is written more from the
perspective of the laboratory and less for regulators and assessors.

Terminology in the standard was updated to recognize that electronic records are more
commonplace as an alternate or supplement to hard copy records. The Scope was expanded to allow
accreditation for sampling associated with subsequent calibration and testing.

The location of laboratory-specific requirements is now in the front of the standard with general
management systems requirements in the back (opposite to the 2005 version with Clause 4 as General
Requirements and Clause 5 as Technical Requirements).

The structure of the new standard has significantly changed to be in line with the conformity
assessment standards (Series ISO/IEC 17000). There will, however, be no requirement for an
organization’s laboratory management system to mirror the flow and terminology of the Standard.

The structure of ISO/IEC 17025:2017 is as follows:

1. Foreword
2. Introduction
3. Scope
4. Normative References
5. Terms and Definitions
6. General Requirements
7. Structural Requirements
8. Resource Requirements

15
9. Process Requirements
10. Management System Requirements
11. Annex A: Metrological Traceability
12. Annex B: Management System Options

The requirements themselves are now set out in Clauses 4 through 8 instead of Clauses 4 (General
Requirements) and 5 (Technical Requirements) in the 2005 version.4 .

What are the highlights of changed requirements?


Highlights of the changed requirements are listed below. See the Appendix for more detail of the types
of changes and correlation of the requirements between the 2005 and 2017 revisions of ISO/IEC 17025.

• Impartiality (Clause 4.1) and Confidentiality (Clause 4.2) requirements are more detailed
• Procedure to evaluate competency is needed instead of qualification and monitoring (Clause
6.2)
• Requirement for monitoring service providers (Clause 6.6)
• Reporting results (Clause 7.8)
• More robust complaints process (Clause 7.9)
• Risk management for all laboratory activities (Clause 8.5)
• Document “range of laboratory activities” (Clause 5.3)
• Decision rules for data and statements of conformity (Clauses 7.1 and 7.8.6)
• Records for Verification of New Methods (Clause 7.2)
• Records for functionality of Laboratory Information Management Systems (LIMS) to be fit for
intended use (Clause 7.11)
• More robust Management Review (Clause 8.9)
• Annexes A and B are new in this standard

Content in the Annexes are not intended to add requirements. However, laboratories are encouraged
to review the content and determine applicability to their operations.

Annex A Metrological traceability

The clause structure and some of the terminology have been changed to improve alignment with
other management systems standards. It is stressed that organizations do not need to use the
structure and terminology of the standard in their own documentation, but they can choose terms to
suit their operations.

Annex B Management system options

This new clause focuses on explaining key concepts in the standard, such as “continual”, “ensure” and
“interested party” to prevent misunderstanding. It provides options for organizations to leverage
other management systems to support ISO/IEC 17025 accreditation. Each accrediting body may
establish policies for what they will accept.

16
Chapter 3: Introductory Sections

Foreword
The Foreword was updated to revise references to patents, give credit to CASCO as author of the
standard, and list three main changes. The changes are the following:

1. Addition of risk-based thinking to reduce prescriptive requirements,


2. Greater flexibility in documentation and organizational responsibilities, and
3. Addition of the definition of laboratory.

Introduction
The Introduction has been shortened significantly and simplified to be easier to read. It also defined
key verbs used throughout the standard:

• “shall” indicates requirement


• “should” indicates recommendation
• “may” indicates permission
• “can” indicates a possibility or a capability

1. Scope
The Scope was significantly reduced in length yet technically expanded to allow accreditation for
sampling associated with subsequent calibration and testing. It states the intention of the standard to
be specifying the general requirements for the competence, impartiality, and consistent operation of
laboratories.

The scope notes applicability to all organizations performing laboratory activities, regardless of the
number of personnel. It also specifies a variety of potential users to recognize or confirm laboratory
competency, such as customers, regulators, accreditation bodies, and other users of laboratory data.

2. Normative references
What does it mean to be a normative reference? ISO/IEC DIR 2, Edition 8.0 2018-05; ISO/IEC Directives
Part 2 (Principles and rules for the structure and drafting of ISO and IEC documents), defines the
inclusion of a normative reference as, “This conditional element shall give a list of the referenced
documents… in such a way as to make them indispensable for the application of the document.”

The following two normative references are listed in ISO/IEC 17025:2017. They contain important
information to be able to properly understand and apply the requirements of the standard.

1. ISO/IEC 17000, Conformity assessment — Vocabulary and general principles

17
2. ISO/IEC Guide 99, International Vocabulary of Metrology — Basic and General Concepts and
Associated Terms (VIM).

ISO/IEC Guide 99 is also known as JCGM 200 “International Vocabulary of Metrology – Basic
and General Concepts and Associated Terms.” The JCGM 200 is available for free download
from https://www.bipm.org/en/publications/guides/

3. Terms and definitions


Definitions were added to the 2017 standard for the following terms:

Impartiality Complaint
Interlaboratory Comparison Intra-laboratory Comparison
Proficiency Testing Laboratory
Decision Rule Verification
Validation

The above terms are also defined in ISO/IEC Guide 99, International Vocabulary of Metrology — Basic
and General Concepts and Associated Terms (VIM). See Clause 2 above for alternative reference
(JCGM200).

When a term is defined within an ISO standard, that definition must be used. If a term is not
defined, an approved dictionary definition may be used.

To confirm whether a term has been defined by ISO and/or IEC, refer to their terminological
databases for use in standardization at the following addresses:

• ISO Online browsing platform: available at http://www.iso.org/obp


• IEC Electropedia: available at http://www.electropedia.org

18
Chapter 4: ISO/IEC 17025:2017 Clause 4 – General Requirements

Clause 4 has 2 subsections:

4.1 Impartiality
4.2 Confidentiality

Clause 4 contains enhanced and clarified requirements that were previously in Clause 4.1
Management Requirements in the 2005 standard.

4.1 Impartiality
The requirements for ensuring impartiality have been significantly enhanced. This clause sets
expectations that impartiality shall be safeguarded. The activities of the laboratory shall be structured
and managed to support impartiality.

This includes a commitment to impartiality by the laboratory management. Commercial, financial or


other pressures that might compromise impartiality must be managed. The risks of these types of
pressures can vary from one organization to another, so the standard requires each laboratory to
identify potential risks to impartiality. Once identified, the laboratory must be able to demonstrate
how it manages (i.e., eliminates or minimizes) these risks.

The Note in Clause 4.1 gives examples of relationships with other parties (ownership, governance,
contract terms, sales commissions, shared resources, etc.) that might influence impartiality.

Risks to impartiality must be reviewed on an on-going basis to keep up with changing conditions.

APPLY THE CONCEPT OF IMPARTIALITY AND CONTROLS

To give you a few ideas, the table below lists a few types of laboratories, example risks to
impartiality, and possible controls.

Type of Laboratory Risks to Impartiality Possible Controls


Embedded laboratory Pressure to release non- Independent
within manufacturing site conforming product to organizational structure
meet sales and production
goals

19
Type of Laboratory Risks to Impartiality Possible Controls
For profit privately owned Time pressure to finish Base contract on meeting
commercial laboratory projects; cost cutting quality criteria, not time
measures deadline

Government laboratory Public health pressures Prevent media from


(EPA, USDA, FDA, etc.) (e.g., news media coverage contacting lab staff
of recalls, sick people)
Publicly traded commercial Majority shareholders Whistleblower hotline to
laboratory influence allow internal reporting of
pressures

Brainstorm other examples and identify other risks to impartiality that your laboratory
would need to address.

4.2 Confidentiality
The laboratory is responsible for managing all information received or
generated by the laboratory and safeguarding the information as
proprietary and confidential. Breaches of confidentiality are subject to
legally enforceable commitments. Exceptions can be made if the
laboratory and customer have agreement, such as customer releasing
information to the public or if responding to complaints.

If the laboratory is compelled by contract or law to release


confidential information, the customer or individual concerned must
be notified which information was provided. An exception to this
notification is when notification is prohibited by law.

There are times when a laboratory might receive information about their customer from other
sources. In these cases, the source of the information is held in confidence by the laboratory. The
source is not shared with the customer unless the source agreed to the release to the customer.
All persons acting on behalf of the laboratory shall keep information confidential. This includes
employees, contractors, external visitors (e.g., accreditation assessors).

In summary of Clause 4-General Requirements, the risks to impartiality and confidentiality may be
very different for the wide variety of laboratories. Each laboratory must evaluate their circumstances
and implement appropriate controls to effectively maintain impartiality and confidentiality. Although
these topics were in the 2005 standard, the requirements were strengthened in the 2017 revision. You
will want your laboratory’s practices to stand up if challenged in court.

20
Chapter 5: ISO/IEC 17025:2017 Clause 5 – Structural Requirements

Structural Requirements
There are no titled subsections within this clause. Parts of the 2005 standard from clauses 4.1
Organization and 4.2 Management System have moved here.

The laboratory is required to be a legal entity or part of a legal entity. The entity is legally responsible
for the activities of the laboratory.

The management with overall responsibility for the laboratory must


be identified.

The range of the laboratory activities must be defined and


documented. The laboratory must perform these activities. Work
performed by external providers on an ongoing basis must not be
included in the list of laboratory activities. The requirements apply to
permanent locations, mobile locations, work performed at customer
site or other temporary locations.

The organizational structure and connections within other organizations (e.g., parent company) must
be defined. The responsibilities, authorities, and relationships across support services, management,
and operations must also be defined. This includes all personnel who are involved in managing work,
doing work, or verifying the laboratory work.

To ensure consistency and validity of results, the laboratory is required to document their procedures.
The laboratory has discretion to decide what level of detail and type of documentation is appropriate
for their laboratory.

Personnel must have the authority and resources necessary to complete their duties. Specific
authority must be designated for several types of duties, such as:

• Implementing, maintaining, and improving the laboratory management system;


• Ensuring deviations from procedures or other management system requirements are
identified, prevented or minimized;
• Reporting laboratory performance to management and recommending improvements; and/or
• Ensuring the laboratory activities are effective.

Management of the laboratory is responsible for communicating the importance of meeting all the
requirements of this standard, customer agreements, and other commitments. Laboratory
Management is expected to ensure communication about the effectiveness of the management
system takes place.

Management is responsible to manage changes to the management system and ensure the integrity of
the management systems is maintained.

21
Chapter 6: ISO/IEC 17025:2017 Clause 6 – Resource Requirements

Clause 6 Resource Requirements has the following subsections:

6.1 General
6.2 Personnel
6.3 Facilities and environmental conditions
6.4 Equipment
6.5 Metrological traceability
6.6 Externally provided products and services

The current content in Clause 6 has been restructured from several Clauses in ISO/IEC 17025:2005.
See Appendix for detailed list of changes.

6.1 General
This clause is straightforward and requires the laboratory to have necessary resources to manage and
perform its laboratory activities, such as: people, places, things (equipment), systems and processes,
and support services.

6.2 Personnel
Personnel (internal or external) who could influence the laboratory activities must be competent, act
impartially, and adhere to the laboratory’s management system. The responsibility for competency
falls upon the lab management to have competent personnel perform lab activities.

Personnel competency records shall be maintained and include requirements of what proves their
competency including: education, experience, training, qualifications, certifications (as appropriate),
as well as any specific skills or knowledge.

Additionally, the laboratory must have procedures and records that confirm what the competency
requirements are, and the authorization of personnel to perform certain functions based on their
fulfillment of those competency requirements.

While having and meeting competency requirements is critical, the lab management also needs to
inform these personnel of their approved duties, responsibilities, and authorities. For this, procedures
and records of the selection, training, supervising, authorizing, and monitoring the continued
competency of personnel are required. Special authorizations include development of and changing
methods, verification and validation of methods, determining valid analysis of results including
interpretations and opinions, reviewing reports and authorizing release of results, and evaluating the
significance of deviations.

22
6.3 Facilities and environmental conditions
The validity of results must not be adversely affected by the laboratory facilities and the
environmental conditions within the laboratory. Additionally, when lab activities occur outside its
permanent control, these requirements still apply. Examples of factors that could compromise validity
of results can include the following:

• Temperature,
• Humidity,
• Contamination (microbial, chemical, dust, etc.),
• Electrical supply,
• Sound,
• Vibration, and
• Radiation.

The relevant identified necessary conditions for valid results must be met, documented, monitored,
controlled and recorded.

Periodically, the laboratory shall review their measures to control laboratory conditions. These
measures include at least: access to and use of the laboratory, contamination prevention measures,
and separation of incompatible activities.

6.4 Equipment
Equipment that is needed to correctly perform the laboratory activities and that can influence results,
must be accessible. “Accessible” includes equipment that is rented, borrowed, newly bought, leased,
or otherwise obtained. When a lab uses equipment that has been outside of its direct control, the
requirements of this standard still apply. For example, when equipment is received, either as new or
returned from repair, service, or calibration, it must be checked to ensure it meets the equipment
requirements of this standard.

Measuring equipment and instruments, as well as other types of items, are included as equipment.
Examples of other items considered to be equipment are:

• Auxiliary apparatuses,
• Software,
• Reference data,
• Reagents, and
• Measurement standards (e.g., reference materials, certified reference materials, reference
standards, calibration standards, quality control materials).

Software was cited in the both the 2005 and 2017 versions as being equipment. The planned and
documented validation of software to correctly perform and produce valid results, whether developed
or modified in-house or purchased as off-the-shelf, is something that will be more scrutinized.
There are several useful ISO standards related to reference materials:

23
• ISO 17034: General requirements for the competence of reference material producers can be
used to evaluate producers of reference materials,
• ISO Guide 33: Reference materials – Good practice in using reference materials, and
• ISO Guide 80: Guidance for the in-house preparation of quality control materials (QCMs)
provide helpful information.

Proactive protection of equipment to prevent contamination or other misuse from handling,


transporting, and storing is expected and be backed by a procedure. Ongoing and planned oversight
of equipment using preventive maintenance is required, as appropriate, for the type of equipment.

Processes to verify proper operation are to be applied before the equipment


is used to report results. Records of confirmation are part of the verification
process. This applies when using equipment outside the laboratory’s direct
control, when initially put into service or when returned to service such as
after maintenance, calibration, service, repair, or, if necessary, inactivity.

To ensure valid results, the measurement equipment used must be of


sufficient measurement accuracy and acceptable uncertainty of the
measurements. “Acceptable” can be interpreted as being within stated method specifications (if
applicable). Customer contract terms may also specify uncertainty limits, decision rules, accuracies,
etc.

The frequency of equipment calibration is dependent upon the type of equipment, its use, its history,
as well as the risk determined by the laboratory. Calibration must be done to support confirmation
that the measurement accuracy or measurement uncertainty are within the requirements. Calibration
is also required when metrological traceability of the laboratory results is required.

EXAMPLES OF TYPES OF EQUIPMENT THAT CAN AFFECT


VALIDITY OF LABORATORY RESULTS

• Direct measurement equipment


• Equipment used to generate correction factors to adjust data (e.g., temperature)
• Multiple measurements used to calculate another measurement result

Calibration schedules are to be defined, reviewed, and periodically updated to confirm the calibration
of equipment is reliable.

The status of calibration for pieces of equipment must be readily identifiable. There are several ways
to accomplish this: the equipment itself can be labelled, time limits can be established, software can
provide notification, etc. This is because not all equipment can be labeled easily. For example, a piece
of test equipment used in destructive testing might damage its label during the testing. That piece of
equipment needs to be uniquely identified so it can be tracked and linked to its calibration schedule

24
and traceability to test results. This can be done by color-coding, engraving, or other means of
identification. The intention is that persons authorized to use the equipment can easily verify its
calibration status and/or the time or use limit that triggers recalibration.

When equipment has been mishandled or overloaded, is not performing as expected, appears to be
giving unexpected results, or is performing outside expected ranges (e.g., quality control limit
exceeded), the equipment must be labeled or taken out of service until reverified to meet
requirements. Before returning the equipment back into service, it must be verified. Regardless if the
equipment is able to be returned to service, it is imperative and required that the lab evaluate any
possible effects of the deviation, defect, or errors on by initiating their management of nonconforming
work procedure (see Clause 7.10 Nonconforming Work).

EXAMPLE SCENARIO

For a calibration standard that was damaged or giving suspect results and confirmed that it
was found to be out of tolerance, action is required. The lab must identify the equipment
that were calibrated by that calibration standard and investigate impact for every
subsequent test/calibration performed by these identified equipment since the last known
in-tolerance calibration.

This can turn into quite the investigation and require lab resources and investigation
documentation. This is also part of a lab’s risk-mitigation. For equipment calibrated by an
out-of-tolerance calibration standard, each subsequent calibration of that equipment and
its effect on further calibrations and test must be identified and evaluated by competent
and authorized personnel.

One way to mitigate these risks is to perform periodic intermediate checks. This can also be called
check standards, quality control, verifications, etc.; however these intermediate checks are named,
they must be performed according to a procedure. The determination for and frequency of these
intermediate checks is up to the lab to define based on their risk appetite, if not already defined by a
standard. These checks can be dependent upon the test or calibration method being used, as well as
on the equipment itself or the equipment on which it has an impact.

Sometimes, calibration data or reference material data may include correction factors or reference
values. The lab must update and implement these correction factors or reference values and ensure
this has been done. A lab may use these correction factors or reference values to meet specified
requirements. A procedure for how to do these updates is not required in the 2017 version, however it
may be useful so that lab personnel know how to do it. Records of the updates and implementation
are required, however.

25
EXAMPLE OF THE CONCEPT OF CALIBRATION

A lab using metrologically traceable calibrated weights to calibrate a balance can use the
calibrated mass values instead of the nominal weight value when comparing the balance’s
displayed values.

• Nominal mass = 100.000 g


• Calibrated mass = 100.003 g (corrected for local acceleration of gravity difference
between location where it was calibrated and location where it is being used)

The lab uses 100.003 g when calculating the difference of a balance’s displayed value.
Applied Balance Difference Tolerance Pass/Fail Uncertainty
mass display
100.003 g 100.005 g 0.002 g + 0.005 g Pass + 0.00033 g

Some types of equipment may be able to be adjusted, such as a pressure gauge, by an


internal or external adjustment screw that can shift the displayed value. Some types of
equipment may be able to be adjusted by internal programming. This is different than
zeroing a balance before use. Using the digital balance example, a balance may have an
external adjustment program function that allows for the calibration personnel to reset the
nominal mass with an associated calibrated weight value.

Using the above example, the calibration personnel may perform an external adjustment
on the balance (where the balance’s value at 100.000 g is now set to 100.003 g to match the
applied mass value). This is a more accurate way of adjusting and calibrating the balance
rather than setting the balance’s value at 100.000 g. Otherwise when the user does their
periodic verification of the balance (perhaps also using a weight that has a calibrated value
of 100.003 g,) while the balance IS in tolerance (within + 0.005 g), it may trigger
unnecessary warning level for the user that it is approaching the tolerance threshold.

What other examples of calibration can you think of for your laboratory?

Regardless of how equipment may be adjusted, the lab must take practicable measures to prevent
unintended equipment adjustments that could invalidate results. Note that the word is “practicable,”
which is different from “practical.” Practicable means it is able to be done or put into practice
successfully. Practical means likely to succeed or be effective in real circumstances. (Both definitions
from Oxford Dictionary).

Some practicable measures could include a tamper-evident seal over the pressure gauge’s
adjustment screws or setting up a passcode on the balance to prevent a user from intentionally or

26
accidentally changing the nominal mass reference value.

For equipment that can have an influence on laboratory activities, what information needs to be
recorded about them? An equipment inventory is one way a laboratory can meet the requirements to
maintain records of these equipment needed to generate valid results. These records must contain
the applicable details from the list below:

• Equipment identification and, for software, version and firmware version;


• Equipment manufacturer’s name, model number, and serial number or other type of
information suitable for unique identification;

APPLY THE CONCEPT OF UNIQUE IDENTIFICATION

This means a non-repeating identity name/number that can easily identify that specific
equipment, large or small. Here are 2 examples.

1. Serial numbers can be used alone unless they are identical among same or different
types of equipment. For example, the serial number of a liquid-in-glass thermometer
may be the same serial number as a dimensional hand tool. In this case, the laboratory
may want to use the serial number combined with the type of equipment or its units of
measure or some other designation to create a unique identifier. A liquid-in-glass
thermometer will display results in temperature units while a dimensional hand tool
will display results in linear dimensions.

2. Numbers imprinted on equipment may be used unless they are identical among same
types of equipment, such as the serial number or model number imprinted on liquid-
in-glass thermometers of the same or overlapping temperature range. In these
instances, an alternate unique identifier must be created and used, such as color-
coding paint on the top of the thermometer where it doesn’t interfere with the user’s
ability to read the thermometer.

• Proof the equipment has been verified that it works as intended and meets specified
requirements;
• Location of the equipment (either where it is stored or used, or both);
• Date the equipment was calibrated and its next calibration due date (or calibration interval),
the results of calibration (including any adjustments), and the acceptance criteria;
• Reference materials also require their results, acceptance criteria, and relevant dates and
period of validity to be recorded, as well as the documentation received with the reference
material. Reference materials can become invalid based on time from opening, time between
uses on equipment, lot expiration date, etc., so periods of validity are also necessary;
• Some equipment needs maintenance. This maintenance must be a planned activity. For
equipment where the maintenance is relevant to the equipment performance, records of

27
completed maintenance as well as the plan for maintenance of equipment are required.
Maintenance logs are common to record the required details of damage, repairs,
modifications, or other notable malfunctions, as appropriate to the type of equipment. The
format of maintenance logs can be highly variable due to the variety of equipment types;
• Sometimes gravity happens (items are dropped), as do power surges. Regardless of how
equipment may be damaged, malfunction, be modified or repaired; these details must also be
recorded for the respective equipment.

6.5 Metrological traceability


ISO/IEC 17025:2017 requires that the laboratory shall ensure that their measurements results are
traceable to the SI through:

• A competent calibration laboratory performs the calibration (i.e., Accredited to ISO/IEC 17025
by an ILAC-MRA 2 Accreditation Body or otherwise meeting the requirements of ISO/IEC 17025),
• Certified reference materials provided by competent producer (i.e., Accredited to or otherwise
meets requirements of ISO 17034) provide confirmation that they have maintained traceability
to the SI, or
• Direct realization of the SI where proven by comparison, directly or indirectly, with
comparison with national or international standards.

When not technically possible to assure traceability to the SI, the laboratory must confirm metrological
traceability by alternate means for that type of measurement. For example, comparison of certified
reference material values from a competent source of certified material or use of consensus standards
that are suitable for use and proper comparisons are made.

Historic advancements in metrological traceability

In November 2018, a historic step forward in metrological traceability occurred. Years of research and
international scientific advancements resulted in all base units of the International System of Units
(SI) to be based on natural physical constants. The kilogram was the last base unit to have been
defined by a physical artifact – a platinum iridium cylinder known as “Le Grande K.” The history of
these developments and science are enough for another book into itself. For the purposes of this
ebook, we will cover the base units of measurement at a very basic level.

There are seven base units of measurement known as the International System of Units (SI). Each of
these base units are defined by natural physical constants, meaning they are known values and
reproducible anywhere in the world. This worldwide agreement in units eases and facilitates trade,
commerce, and consistency in everyday measurement expectations. Almost every quantitative
measurement in the world can be linked to one or more of these base units.

2
ILAC-MRA = International Laboratory Accreditation Cooperation – Mutual Recognition Agreement
https://ilac.org/ilac-mra-and-signatories/

28
BIPM has created a colorful image to illustrate the updated base SI and the natural physical constants
that now define them.

DEFINE INTERNATIONAL SYSTEM OF UNITS

Base Units Defining Constants of the SI


Mass (kilogram, kg) the Planck constant h
Length (meter, m) the speed of light in vacuum c
Time (second, s) the caesium hyperfine frequency ∆vCs
Electric current (ampere, A) the elementary charge e
Thermodynamic temperature (Kelvin, K) the Boltzmann constant k
Amount of substance (mole, mol) the Avogadro constant NA
Luminous intensity (candela, cd) the unit of luminous intensity in a given
direction; Kcd

There are various types of derived units of the SI. See Coherent Derived Units in the BIPM SI Brochure
Version 9:

• Table 4: The 22 SI with special names and symbols


• Table 5: Coherent derived units in the SI expressed in terms of base units
• Table 6: SI coherent derived units whose names and symbols include SI coherent derived units
with special names and symbols

Some commonly coherent derived units are:


• Area (A) square meter, m2
• Volume (V) cubic meter, m3
• Speed, Velocity (v) meter per second, m/s or m s-1
• Acceleration (a) meter per second squared, m/s2 or m s-2

29
• Force (N) newton = kg m s-2
• Frequency (Hz) hertz = 1/s or s-1
• Pressure, stress (Pa) pascal = kg m-1 s-2
• Luminance (Lv) candela per square meter, cd/m2, cd m-2
• Mass concentration (p, γ) kilogram per cubic meter, kg/m3
• Amount of substance concentration, concentration (c) mole per cubic meter, mol/m3, mol m-3

6.6 Externally provided products and services


Laboratories depend on many types of externally provided
products and services. These products and services are to be
managed so that they are suitable and that they do not
adversely affect lab activities. These externally provided
products and services shall also be suitable if they are to be
incorporated into the laboratory’s own processes or activities.

Products and services received from external providers are to be provided by the laboratory, in part or
in full, directly to the laboratory’s customers. These requirements also apply for products and services
that provide general support to laboratory operations.

Note that there is overlap within this Clause for equipment and products and services. For some types
of testing, the examples provided under equipment may be considered under this category of
products and services (e.g., auxiliary equipment). Other examples of products and services include,
and are not limited to, proficiency testing services, auditing or assessment services, facility and
equipment maintenance services, and consumable materials and reference materials.

Since there are so many types of products and services that could be important for a laboratory, the
laboratory must establish procedure(s) to define what is important to their types of testing,
calibration, or other laboratory activities, as well as defining the criteria for external providers.
Records are required showing proper authorization, the initial and on-going criteria for
approval/acceptance, verification that required monitoring was completed, and confirmation of
meeting these defined requirements prior to use or delivery to the laboratory (as the customer of the
external provided products and services).

The results of the oversight of these products and services must be used to manage the oversight
process. This could include updating the evaluation process and triggering appropriate re-evaluations
of the external providers.

To ensure effective communication with these external providers, the laboratory is required to
unambiguously state requirements and any acceptance limits. This is required whether the product or
services to be provided are at the laboratory’s location (i.e., on-site services or product use) or the
external provider’s location (i.e., outsourced calibration or repair). The requirements aren’t limited to
the equipment or services; the external personnel performing these services or providing these
products must have their competence or required qualifications defined by the laboratory.

30
APPLY THE CONCEPT OF MANAGING ESSENTIAL RESOURCES

Based on the variety of requirements related to resources, what are the resources most
critical to your organization’s type of activities? Here are a few below:

• People
• Facilities and working conditions
• Equipment
• Traceability of measurements
• External providers of services
• External providers of products
• Personnel providing external products and/or services

Which practices have been helpful to manage essential resources? Which challenges does
your laboratory expect regarding resources?

31
Chapter 7: ISO/IEC 17025:2017 Clause 7 – Process Requirements

7.1 Review of requests, tenders and contracts


7.2 Selection, verification and validation of methods
7.3 Sampling
7.4 Handling of test or calibration items
7.5 Technical records
7.6 Evaluation of measurement uncertainty
7.7 Ensuring the validity of results
7.8 Reporting of results
7.9 Complaints
7.10 Nonconforming work
7.11 Control of data and information management

The current content in Clause 7 has been restructured from several Clauses in ISO/IEC 17025:2005.
See Appendix for detailed list of changes.

7.1 Review of requests, tenders and contracts


The laboratory must have a procedure that ensures the requirements for the review of requests,
tenders and contracts. This procedure is to ensure that the requirements of customer work requests
are clearly defined and documented, and that the laboratory must understand the requests for work
and have the resources and capability to fully meet the request before entering into a contract. The
selected methods or procedures are to be appropriate and capable to meet the customers’
requirements. If a customer requests an outdated or otherwise inappropriate method, the laboratory
must communicate that to the customer.

When the laboratory uses external providers to meet customer requests, the external providers must
meet the requirements of 6.6 as well as the laboratory must be clear with the customer about the
activities to be subcontracted and gain the customer’s approval.

Among customer requests may be requests for a statement of conformity to a specification (for either
a test or calibration), such as pass/fail or in-tolerance/out-of-tolerance. To make a statement of
conformity, a decision has to be made to say whether a measurement is “in-tolerance” or “out-of-
tolerance” or “indeterminate” or other such designation. This “‘decision rule”‘ must be clearly
defined.

ISO/IEC 17025:2017, Clause 3.7 defines “decision rule” as “a rule that describes how measurement
uncertainty will be accounted for when stating conformity with a specified requirement.”

This is a new requirement in ISO/IEC 17025:2017. Unless the decision rule is already included within
the method, specification, or standard (such as a standard method), the decision rule(s) to be used
must be communicated to, and agreed upon with, the customer.

32
For further guidance on statements of conformity, there are two helpful documents:

1. ISO/IEC Guide 98-4: Uncertainty of measurement – Part 4: Role of measurement uncertainty in


conformity assessment
This document is the same as JCGM 106:2012 Evaluation of measurement data – The role of
measurement uncertainty in conformity assessment. JCGM106:2012 is free to access from BIPM:
https://www.bipm.org/utils/common/documents/jcgm/JCGM_106_2012_E.pdf

2. ILAC G8:09/2019 Guidelines on Decision Rules and Statements of Conformity


This guidance document has been significantly revised to assist laboratories in the use of decision
rules when using statements of conformity to a specification or standard as required in the 2017
edition of ISO/IEC 17025. In addition, this document also provides an overview for assessors,
regulators and customers when considering decision rules and conformity with requirements.
https://ilac.org/publications-and-resources/ilac-guidance-series/

Change is the nature of business. When there is a difference or deviation in a request and/or contract,
the laboratory and the customer must resolve these differences prior to work commencing. When
evaluating differences or deviations in requests and/or contracts, the laboratory must continue to
uphold the integrity and validity of the measurement results. The laboratory must keep the customer
informed of any changes from the contract terms. If subsequent changes occur after work has started,
another round of contract review must occur and any changes communication to all affected
personnel.

Proof of the review(s) and agreements must be retained, along with records of any changes that were
agreed upon.

7.2 Selection, verification and validation of methods


7.2.1 Selection and verification of methods

Methods and procedures must be appropriate. This applies to all activities of the laboratory. For those
methods that require measurement uncertainty to be estimated and/or methods that incorporate
statistical techniques to analyze data, the laboratory will incorporate these practices into their
procedures.

The documents such as methods, procedures, forms, instructions, reference manuals, reference data,
etc. must be kept current and be readily accessible to personnel. This includes externally supplied
documentation in addition to in-house written documents. The latest valid versions are to be used
unless it isn’t appropriate or possible. For example, lab accreditation bodies may define their own
policies for how labs they accredit may use obsolete, historical, or otherwise out-of-date versions and
have them listed on their accreditation scope(s). Likewise, a customer may request an older version
for valid purposes, especially if they are concerned with comparability of data with historical records
or comparability with another laboratory using the older method. This would be addressed in contract
review.

33
ISO/IEC 17025:2017 specifically notes that published, recognized methods (e.g., international,
national, etc.) may already contain sufficient information to perform the method. ISO/IEC 17025:2017
states in a NOTE for 7.2.1.3 “that if sufficient, the methods do not need to be rewritten into a
laboratory-specific procedure.” Supplementing the method with other information may be helpful for
laboratory personnel. The laboratory must decide whether additional details or steps need to be
defined to ensure consistency.

The laboratory is responsible for selecting an appropriate method if the customer doesn’t specify
which method to be used. In this case, the laboratory must also inform the customer of the method
selected. ISO/IEC 17025:2017 does not specify when this notification must occur, nor does it indicate
that the lab must gain and document customer approval. For example, a calibration lab receiving an
instrument for calibration, with the instructions to “please calibrate this,” may calibrate it to the
approved method on their scope of accreditation and provide the calibration certificate, including the
method reference, with the return of the instrument.

How does a lab determine which methods to use and where to get them? Methods published by
technical authorities or manufacturers, and methods accepted internationally, nationally, or
regionally are recommended. Acceptable methods can include laboratory-developed methods or
validated modified methods. When selecting a method, the laboratory is required to use appropriate
methods, verify proper performance of the method and keep records of the verification prior to
performing the method for (customer) use. If the method is modified by the issuing body, the method
verification is to be repeated unless the change does not have impact on the method performance.

EXAMPLE OF USING AN APPROPRIATE METHOD

A digital multimeter is used to make electrical


measurements. Therefore, a digital
multimeter would have a calibration of its
electrical parameters.

While it is possible to provide a traceable


calibration by weighing a digital multimeter,
weighing is an inappropriate measurement
method for calibrating a digital multimeter.

Method validation (such as method development) shall be planned and performed by competent
personnel with appropriate and adequate resources. Reviews and checks of the method validation
progress are to be performed to confirm customer needs are still being met. From these reviews and
checks, changes to the method validation may occur and these also need to be reviewed, approved,
and authorized. One quality tool for this would be PDCA (Plan – Do – Check – Act).

34
When a laboratory must develop one of their own methods or use a non-standard method, there are
specific requirements to ensure validity of the method. The validation process steps, or check points,
must be planned. Changes in the plan must be approved. Competent persons with appropriate
resources are to be involved in the development and the approval at designated points. The approval
must confirm the customer requirements are being fulfilled.

When unusual circumstances arise and a technically justified method deviation is needed for a
laboratory activity, these deviations must be documented. Appropriate laboratory authorization and
customer acceptance are also required. When the deviation is expected in the planning stages (e.g.,
analysis of similar types of samples has already completed the approved deviation process), the
deviation can be agreed upon in the contract.

7.2.2 Validation of methods

Methods must be validated to the extent necessary to meet the determined needs for use, and this
validation must be documented in the following situations:

• A standard method is to be used in a non-standard manner or outside its stated scope or


range.
• A non-standard method is used.
• A laboratory develops a method.

The validation must be conducted and documented. The type of testing will influence the
requirements of the validation. The validation is intended to confirm the method is adequate for the
intended use and meets the specified requirements. Indicators of this confirmation can include the
following:

• Estimate of bias and precision using reference materials or reference standards or calibration
using these sources,
• Assessment of factors that could influence results in a systematic manner,
• Repeatability of controlled parameters over a range (e.g., temperature of bath, delivered
volumes of solutions),
• Comparison with validated methods,
• Interlaboratory comparisons, and/or
• Estimates of measurement uncertainty based on sound theory and practical experience.

Once a method is validated, changes in the method must be re-assessed to determine if the nature or
type of change would justify a new method validation to reconfirm validity.

To ensure the validated method meets the customer’s needs and agreed upon requirements, the
performance characteristics must be relevant to the customer’s needs and consistent with the
specified requirements. Performance characteristics may vary and are highly dependent upon their

application. Examples of performance characteristics may include the following:

35
• Linearity,
• Detection limit (LOD),
• Quantitation limit (LOQ),
• Range of testing,
• Measurement uncertainty, and/or
• Interferences within the sample matrix.

The records of method validation must be retained and contain the following:

• Procedure used to complete the validation process,


• Specific information that describes the agreed upon requirements or specifications,
• Performance characteristics of the method and how they were determined,
• Actual results obtained during the validation,
• Statement how the method is fit for its intended uses, and
• Summary statement confirming the validity of the method.

7.3 Sampling
When laboratory activities include selecting samples for testing or calibration, the sampling plan must
be defined and controlled. The sampling plan must define those factors requiring control for the
sampling and measurement data to be valid. Statistical techniques may be required to establish
validity. The defined sampling process is called a sampling plan. The sampling plan must be
accessible where the sampling is performed.

The types of information required to be defined for a sampling method include how samples or
sample sites selection are identified, the overall sampling plan (e.g., number and types of samples),
and how the samples are prepared or treated (if needed) prior to testing or calibration.

Records must be maintained to affirm the sampling process was followed. This information is relevant
to the testing or calibration performed to confirm validity. The records must include the relevant
details of the sampling information, including identification of the following:

• Sampling method used,


• Each sample and description (can be coded),
• Equipment used, and
• Sampler(s).

Other required sampling information includes the following:

• Date and time of sampling,


• Environmental conditions or transport conditions,
• Diagrams of sampling locations (when this is appropriate), and
• Description of any deviations or exclusion from the original plan or methods for sampling.

36
EXAMPLE OF SAMPLING FOR A TEST

Sampling usually applies to sampling for testing and not to calibration. For example, a test
lab receives a lot of material to be tested against a standard. A plan for selecting
representative pieces of material from the lot of material would need to be defined and
followed. How to do this is subject of many other knowledgeable consultants, fine books
and references and beyond the scope of this ebook.

7.4 Handling of test or calibration items


During the process of a test or calibration, an item may be transported and handled by many different
people. Each of these handlings has a risk of causing damage or deterioration to the item. Therefore,
the integrity of the test and calibration items is to be maintained throughout their journey from
original location, transportation, receipt, storage, handling, retention, and either disposal or return to
customer. The laboratory must anticipate potential risks to the test and calibration items during
laboratory activities and take proactive actions to prevent contamination, loss, deterioration, or other
damage by having a procedure defining these risks and instructions for handling. This procedure must
be followed. Also, any handling instructions that are provided with the test or calibration item shall
also be available and be followed. Any deviations from the handling instructions are to be
documented. (See Clause 7.10, Nonconforming Work)

Test or calibration items are to be uniquely identified to prevent and avoid potential confusion and to
maintain a linkage of activities involving that item. This unique identification is to carry forward with
the item throughout the laboratory activities. If items are sub-divided, each portion of the original
item must be uniquely identified. The identity of the items is to be physically evident (e.g., on the item,
tagged, or other suitable means) and evident in records associated with each test or calibration item.

When test or calibration items are received by the laboratory, each item must be verified to confirm
that it conforms to the specified conditions or description. Did the customer send the correct item for
testing or calibration? Is everything included that is supposed to be there? Was it damaged during
transportation? Any deviation must be noted, and the customer must be consulted to determine
appropriate actions (e.g., cancel order if unresolvable, continue with approved deviation, etc.). The
decisions reached with the customer must also be recorded. Any agreed upon deviations must carry
forward to personnel conducting the test or calibration and be included as a disclaimer in the final
report to customer.

For items that must be maintained under specified environmental conditions, these conditions must
be maintained and monitored, with proof of conditions kept as records.

37
7.5 Technical records
The lab must record observations, measurements, calculations, and other lab activities at the time
they occur, with sufficient details that the factors contributing to the measurement result and its
associated measurement uncertainty are identified. The purpose of these records is so the activity can
be replicated under as close to the original conditions as possible.

The technical records shall:

• Be recorded at the time they are made;


• Be traceable to the persons making the entries, verifying the data, or approving the records;
• Include the date the records were generated or approved;
• Include original observations, data, and calculations that are traceable to the tasks being
performed. Data forms are useful to ensure all required information is captured at the time
tasks are performed.

Any amendment or changes to technical records must be controlled. An easy way to plan for control is
to ensure initial or previous entries and the persons who make the entries or changes are associated
with the measurement data throughout the laboratory activities. The original data, amended data,
and associated files are to be retained as part of the records. The date of any changes, the reason for
the change and who authorized the changes must also be part of the records.

APPLY CONCEPT OF TECHNICAL RECORDS

How much and which information is necessary? The laboratory is responsible for
maintaining sufficient information about the laboratory activities to allow for the process
to be repeated under the same conditions and yield the same measurement results.

These technical records are critical as they also identify contributors to its measurement
uncertainty (which is required for metrological traceability).

These technical records also enable the information to be checked for errors and identify
possible contributing factors that could affect the measurement data.

7.6 Evaluation of measurement uncertainty


Whenever a measurement is made, there is always uncertainty associated with the measurement. Just
the act of making a measurement changes that measurement. Contributors to measurement
uncertainty include differences in the item being measured, who’s making the measurement, what is
being used to make the measurement, how the item is being measured, and the steps or procedure of
measurement, handling, and the environment in which the measurement is made. This is by no means

38
a comprehensive list, but a simplified list of basic contributors.

Laboratories are required to identify factors that contribute to measurement uncertainty and then
evaluate those that are significant contributions. For laboratories that perform sampling (see Clause
7.3 Sampling), the contributions from sampling activities must be included in the uncertainty
evaluation.

Calibration laboratories must evaluate uncertainty for all calibrations performed, including when they
calibrate their own equipment.

Testing laboratories must also evaluate measurement uncertainty. When a test method makes it
impossible to evaluate measurement uncertainty, an estimation still needs to be made using an
understanding of theoretical principles or practical experience of how the method has been
performed.

Each accreditation body can have policies on conditions where additional test measurement
uncertainty is not required to be estimated based on defined criteria (i.e., the test method already
includes measurement uncertainty in the test method, or the test method is qualitative and not
quantitative).

ILAC-G17:2002 Introducing the Concept of Uncertainty of Measurement in Testing in Association with


the Application of the Standard ISO/IEC 17025 is currently under revision at the time this ebook was
published. This ILAC Guide is the basis for each Accreditation Body’s policy. Visit ILAC’s website for the
most recently published version of any of their Publications & Resources. https://ilac.org/publications-
and-resources/

The estimate of uncertainty can be used for the method after verification, while the essential
contributing factors are verified to be maintained in control. The measurement uncertainty is
estimated based on the process not needing to be repeated for individual measurement results.

For more information about measurement uncertainty, see the following:

• ISO/IEC Guide 98-3: Evaluation of measurement data – Part 3: guide to uncertainty in


measurement (GUM),
• ISO 21748: Guidance for the use of repeatability, reproducibility and trueness estimates in
measurement uncertainty evaluation,
• the ISO 5725 series of standards, and
• for chemical and microbiological measurement uncertainty guidance:
o CITAC.CC (Cooperation on International Traceability in Analytical Chemistry) and
o ISO 29201:2012 Water quality – The variability of test results and the uncertainty of
measurement of microbiological enumeration methods.

39
The ISO 5725 series consists of the following parts, under the general title Accuracy (trueness and
precision) of measurement methods and results:

• Part 1: General principles and definitions


• Part 2: Basic method for the determination of repeatability and reproducibility of a standard
measurement method
• Part 3: Intermediate measures of the precision of a standard measurement method
• Part 4: Basic methods for the determination of the trueness of a standard measurement
method
• Part 5: Alternative methods for the determination of the precision of a standard measurement
method
• Part 6: Use in practice of accuracy values
• Annex A forms an integral part of this part of ISO 5725.
• Annexes B, C and D are for information only.

7.7 Ensuring the validity of results


Performing tests or calibrations create data and results. How do we know that the results we get are
valid? Looking at the individual results gives a limited view of the data. Looking at trends in the data
and/or analyzing the data gives a more reliable confirmation that individual results are valid. The
laboratory must record data to be able to detect trends. The means to detect trends will be highly
dependent upon the types of testing performed. The laboratory must identify appropriate means to
monitor and evaluate trends for their laboratory activities. This monitoring must be a planned activity.
The results of the information must be reviewed. Information to support trending may include the
following indicators or other indicators suitable for the test method:

• Reference materials or quality control materials,


• Cross-check of an item by calibrating it with different instrumentation that also has a
traceable calibration,
• Using a check or working standards and charting the results on control charts,
o (e.g., weight to verify balance before use, response of check standard done
periodically during a set of samples, etc.)
• Intermediate checks on the test & measurement equipment,
• Repeating tests or calibrations using the same or different methods for comparison,
• Use of retained samples or equipment and retesting or recalibrating them,
• Comparison of results for different characteristics of an item to verify correlating
relationships,
• Ongoing review of results,
• Round-robin comparison samples within the laboratory (intra-laboratory comparison), and/or
• Testing a blind sample(s) (where the analyst does not know it is a special sample).

Comparisons with other laboratories provide additional information to meet the requirement to
monitor its own performance. To ensure the validity of results, this must also be planned and
reviewed. This can be done through formal proficiency testing or other means. Many accrediting
bodies have defined their specific requirements for proficiency testing according to the type of testing.

40
See their policies on proficiency samples on the accreditation body’s websites.

Trending data and doing the cross-checks to verify validity of results is meaningless unless the
information and knowledge gained from the review is used to control and/or improve the laboratory
performance. When the monitoring data is found to be outside the expected or defined limits, action is
to be initiated. Incorrect measurement results must be prevented from being released to the
customer.

7.8 Reporting of results


7.8.1 General

All reports must be reviewed and approved by authorized personnel before being released to the
customer. The reports must contain the following:

• All information agreed upon with the customer,


• Information necessary for proper interpretation of the results, and
• Information required to be reported by the methods used.

The review must include verification of accuracy of results. The report must be presented in an
objective and understandable manner, without ambiguity.

The word “certificate” can be used as well as “report.” Issued reports can be hard copy or electronic
and must be retained as technical records. All requirements apply to the reports, regardless of format
or means or transmission.

The information required in Clauses 7.8.2 and 7.8.7 must be kept and readily available. The actual
reports to customers can be agreed upon to be in a simpler format that meets their needs.

7.8.2 Common requirements for reports (test, calibration or sampling)

How can you avoid being fooled by an inauthentic


report for Sampling, Calibration or Testing? It may not
be as obvious as the misspelling on this stamp!

Confirm each of the required contents is included for a


complete report. See these requirements listed in
Clauses 7.8.2 (common requirements), 7.8.3 (testing
reports), 7.8.4 (calibration certificates) and 7.8.5
(sampling).

41
The following table highlights the requirements and 2017 changes in requirements of report contents
for test, calibration and sampling reports.

Requirement Change
A title (e.g. Test Report, Calibration Added option for sampling report
Certificate, or Report of Sampling)
Name and address of laboratory None
Location where the tests and/or calibrations Separated into distinct criteria
were performed, if different from the
address of the laboratory
Unique identification of the report or Requirement reworded and allows some
certificate and confirmation of the end of flexibility beyond page x of y, or end of
the report so that each part can be report being stated on last page
confirmed by the customer
Name and contact information of the Address changed to contact information;
customer client changed to customer
Identification of method used Modified from “an identification of the
standard specification used or a brief
unambiguous description of the method”
Description, unambiguous identification of Added ‘the condition of the item’
the item(s) tested or calibrated; when
necessary the condition of the item
Date of receipt of test or calibration item(s) Date of sampling added when needed to
and date of sampling when critical to verify validity of results
validity or applicability of the results
Date(s) of performance of the test or Separated into distinct criteria (was
calibration where relevant to the validity combined with date of receipt)
and application of the results
Date report is issued New
Reference to sampling plan and sampling None
method used by the laboratory or other
bodies where these are relevant to the
validity or application of the results
Where relevant, a statement to the effect None
that the results relate only to the items
tested or calibrated
Test or calibration results with units of None
measurement
Changes from the methods (additions, New
exclusions, or deviations)
Identification of person(s) authorizing the No longer requires signature and function of
test report or calibration certificate authorizing person

42
Requirement Change
Clear identification of results from external Moved from 5.10.6 Results from
providers subcontractors in 2005 standard

7.8.3 Specific requirements for test reports


In addition to the requirements in Clause 7.8.2, the laboratory must consider whether the following
requirements apply to the type of testing and, if so, include the applicable information in the test
report:

• Environmental or other conditions during testing;


• Decision about conformity or not to specifications or requirements (e.g., pass, fail,
indeterminate, etc.);
• Measurement uncertainty in same units of measure as the measurement results (e.g., when
needed to interpret test results, is required by customer contract, or affects interpretation of
conformity decision);
• Opinions or interpretations; and/or
• Other information required to be reported to conform with test method.

When the laboratory activities include responsibility for sampling, any information required to
properly interpret results must be included. See Clause 7.8.5.

7.8.4 Specific requirements for calibration certificates

In addition to the requirements in Clause 7.8.2, calibration reports must also include the following:

• Measurement uncertainty in either the same units as the measurement results or relative to
the measurement result (e.g., percent);
• Environmental conditions when the calibrations were completed, where they affect the
measurement results;
• Statement of how the metrological traceability was established (see Annex A);
• Results of measurement on the item to be calibrated “as found” and “as left” after any
adjustments or repairs were made to the item;
• Statement on conformity with specifications or stated requirements (e.g., pass, fail,
indeterminate), when this is relevant; and
• Opinions and interpretations, where appropriate.

When the laboratory activities include responsibility for sampling, any information required to
properly interpret results must be included. See Clause 7.8.5.

Unless agreed upon with the customer, the laboratory may not recommend any calibration interval.
This includes unauthorized placement of calibration interval on the report or on any labels on the
items. The rationale for this prohibition is that the laboratory does not know the conditions of use of
the item, which may affect the length of time the calibration is valid. It may be appropriate for the
customer to shorten or extend a calibration interval to best fit their needs and manage the risk of an

43
out of tolerance “as found” condition at the next calibration. When this occurs, the laboratory must
evaluate impact of the out of tolerance impact on reported data.

7.8.5 Specific requirements for reporting sampling

In addition to the requirements in Clause 7.8.2, sampling reports have additional requirements within
this standard. The customer may have also added their own requirements, normally communicated in
the contract or sampling plan. The laboratory must define what information is required to enable
valid interpretation of the results. The laboratory must decide whether the following requirements
apply to the sampling and if so, include the applicable information:

• Date of sampling;
• Unique identifiers of each item or material sampled (For equipment sampled, it may be
appropriate to specify serial number, manufacturer, model number or other appropriate and
relevant identifiers);
• Supporting information to confirm location of sampling (e.g., diagrams, photographs, etc.),
• Reference to sampling plan and sampling method;
• Environmental condition details during sampling that affect interpretation of results; and/or
• Information that contributes to subsequent measurement uncertainty for the test or
calibration.

7.8.6 Reporting statements of conformity

Sometimes test or calibration data are reported in a WYSIWYG (“what you see is what you get” format
with no relation to what it may mean (i.e., “the temperature result was 25.2 °C + 0.5 °C”). Laboratories
may be asked to declare a decision about whether a test or calibration result is within specification
limits or a defined standard. The laboratory must define the decision rule applied. The decision rule
must consider the risk of incorrect decision such as false pass (nonconforming item accepted) or false
fail (rejecting good item). When the decision rule is already defined within the customer contract,
regulations, or other required document, the laboratory may accept and follow those defined decision
rules.

The laboratory report must be clear in identifying to which items or measurement results the pass/fail
decision applies. The specification being applied must be included in the report. Unless already
apparent by the specification being applied, the laboratory must include the decision rule within the
report.

44
ILLUSTRATION OF THE CONCEPT OF DECISION RULE

See ILAC-G7:09/2019 Guidelines on Decision Rules and Statements of Conformity


Below is Figure 3 from that document, to illustrate measurement decision risk.

NOTE: Decision rules and statements of conformity could fill a handbook by themselves.
For the purpose of this ebook, acknowledgement of decision rules and statements of
conformity are being made. Please contact either Heather Wade or Diana Baldi for more
guidance on decision rules for your company and situation.

Figure 3: Illustration of Measurement Decision Risk

“Each measured value has an associated measurement uncertainty. Figure 1 shows two
identical measurements but with different measurement uncertainties. The expanded
measurement uncertainty in the lower result (case A) lies entirely within the tolerance
limit. The upper result (case B) has a significantly larger measurement uncertainty. The
measurement uncertainty reflects the range across which the actual measured value may
occur. The risk of falsely accepting a result in case B is higher due to the larger
measurement uncertainty and the measurement uncertainty extending beyond the Upper
Limit.” Source: ILAC-G8:2009/2019, section 3.

Before a measured value is stated to be within


specifications, the uncertainty of the
measurement must be considered using the
decision rule as illustrated above.

45
7.8.7 Reporting opinions and interpretations

Given the potentially subjective nature of reporting opinions and interpretations, the laboratory must
manage and limit authorizations of opinions and interpretations to competent people. The report
must contain the underlying basis for opinions and interpretations.

Note that opinions and interpretations are distinct from statements of inspections, product
certifications, and reporting conformity decisions. See the following documents:

• ISO/IEC 17020 Conformity assessment – Requirements for the operation of various types of
bodies performing inspection,

• ISO/IEC 17065 Conformity assessment – Requirements for bodies certifying products,


processes and services, and

• Clause 7.8.6 Reporting of conformity.

The results obtained from a tested or calibrated item and those that are the basis of the opinions and
interpretations must be identifiable as such in the report.

When reports are verbally communicated with the client, a record of the communication must
become a part of the retained laboratory records. Verbal or electronic discussion are common formats
for communication (e.g., conversation, email, etc.).

7.8.8 Amendments to reports

Sometimes after a report is issued to the customer, changes to the original report are necessary. When
it is necessary to revise, reissue, or amend a report that has already been released to the customer,
the process to control and manage the change process is required.

The actual changes in the report must be clearly evident and understandable. Wording on the
amended report, or on a completely new report for the same event, is required in order to identify it as
the amended report and it must contain reference to the original report.

The amended report may state the reason for the change, as appropriate. Regardless of the extent of
an amended report.

All the requirements for reporting (Clause 7.8) apply to the amended report.

46
7.9 Complaints
Feedback to the laboratory may include compliments or
complaints. Soliciting feedback is discussed in Clause 8.6
Improvement (Option A). Whether a complaint is provided
spontaneously or as part of requested feedback, the
requirements related to complaints apply. The process of
handling complaints must be defined and documented.
The process must include how to receive, evaluate, and
make decisions.

A description of the complaint process must be available


upon request to those interested in the laboratory
activities. Normally, this includes customers, regulators,
accrediting bodies, and may include others.

When the laboratory receives a complaint, the laboratory must determine whether the complaint
relates to activities within their control and take appropriate action. The laboratory is responsible for
all the decisions made by the laboratory throughout the complaint management process.

The complaint handling process must include the following:

• How a complaint is received and validated,


• How a decision is made about whether the complaint is within laboratory scope of activities,
• How investigations of the cause of the complaint are performed,
• The authority for deciding next actions throughout the complaint process (e.g., various levels
of decisions), and
• Complaints must be documented and tracked to closure, including steps taken to resolve the
issue(s).

It is the laboratory’s responsibility to seek valid information to confirm the facts related to the
complaint.

When the complainant makes themselves known as the source of the complaint (rather than an
anonymous complaint), it is a good practice, whenever possible, to confirm with the complainant that
their complaint was received, provide appropriate updates on progress to resolve the complaint, and
communicate the outcome.

The laboratory must adhere to impartiality when communicating the outcome to the complainant.
This communication must be done by, or have been reviewed and approved by, person(s) not
involved in the laboratory activities for which the complaint was made. If necessary, this can be done
by contracting or using external personnel.

47
7.10 Nonconforming work
Work activities do not always go as planned and may be considered a deviation. Deviations can occur
at any point in any process, with varying levels and potential types of impact. The effect of a deviation
(such as in Clause 6.4.9) is managed by a nonconforming work procedure. This procedure is to define
how to manage the activities and/or work products that do not conform with their internal
requirements, agreed upon requirements with the customer, and other specified requirements (e.g.,
method requirements, etc.).

A common example of nonconforming work is when a lab uses a piece of test equipment that is past
due for its calibration. This nonconforming work procedure must be followed, (with records retained)
to determine the impact on data and actions necessary for the resumption of use of this test
equipment.

(Option A) 8.5 Actions to address risks and opportunities provides a framework for laboratories to
consider a variety of potential risks and evaluate the importance or impact of the risk. Once the risks
are identified, the appropriate actions to recognize and control the risk can be defined within the
related process. Nonconforming work is a risk to a laboratory.

The laboratory may also define one or more general processes to manage nonconforming work that
will cover the rest of the laboratory activities. Where required in ISO/IEC 17025:2017, records must be
retained.

Appropriate actions to manage nonconforming work may involve the following and, where applicable,
be based on laboratory-defined acceptable risk:

• Stopping work;
• Repeating the work;
• Preventing release of the related work product to the next step in the process;
• Resuming work;
• Evaluating the impact on measurement results in progress and/or the level of control of the
laboratory activity (note that only authorized personnel may determine to accept the
nonconforming work);
• Evaluating the impact on previously reported results, including decision whether to recall
reports and notify the customer; and/or
• Initiation of corrective action process (see Clause 8.7 Option A).

Responsibilities and authority for identifying and managing the types of nonconforming work must be
defined. Authority to resume work and/or make a decision whether the initial deviation or subsequent
work can be accepted must be defined. When related to performance of testing or calibration, the
method itself or the monitoring of trend data (see Clause 7.7 Ensuring the validity of results) may
specify required actions.

48
7.11 Control of data and information management
The data and related information needed for all the
laboratory activities must be accessible to the laboratory. The
laboratory information management system (LIMS) may take
a variety of forms, depending upon the size, scope, and
automation of the laboratory (e.g., from a simple paper trail to
a sophisticated computer system). A commercial software
system used within its defined application can be considered
as validated. Otherwise, the laboratory must validate the LIMS
process to confirm validity of the end-to-end data processing
(e.g., collection, processing, and reporting of data) prior to
using the LIMS for production of measurement results without
supplemental confirmation. Modifications, configurations to
interface equipment, and non-commercial software (e.g., developed in-house) must be validated
before use. The documentation related to the LIMS (e.g., manufacturer instructions, reference data,
etc.) must be accessible to personnel who use the LIMS.

Unauthorized access to the LIMS must be prevented. The LIMS must be safeguarded to prevent
corruption and/or loss of information, whether by unauthorized or authorized access. The LIMS
environment must be operated within applicable specifications of either the LIMS provider or the
laboratory. The laboratory must manage manual data entry, data transfers, and calculations and have
defined process to verify accuracy in appropriate and systematic process(es). Detected errors and
system failures must be recorded. In the event of a system failure, appropriate and immediate
corrective actions must be sought. See 7.10 Control of non-conforming work and 8.7 Corrective
Actions (Option A).

If an electronic LIMS is located off-site and managed by an external provider, the requirements in this
section still apply.

49
Chapter 8: ISO/IEC 17025:2017 Clause 8 – Management System
Requirements

8.1 Options
8.2 Management systems documents (Option A)
8.3 Control of management system documentation (Option A)
8.4 Control of records (Option A)
8.5 Actions to address risks and opportunities (Option A)
8.6 Improvement (Option A)
8.7 Corrective actions (Option A)
8.8 Internal audits (Option A)
8.9 Management reviews (Option A)

8.1 Options
In general (8.1.1), the laboratory must have an established management system that can reliably meet
the requirements of ISO/IEC 17025.

Option A (8.1.2) specifies eight topics that must be addressed. Each of these topics are discussed in
more detail in Clauses 8.2 to 8.9 below:

• Management system documentation (see Clause 8.2)


• Control of management system documents (see Clause 8.3)
• Control of records (see Clause 8.4)
• Actions to address risks and opportunities (see Clause 8.5)
• Improvement (see Clause 8.6)
• Corrective actions (see Clause 8.7)
• Internal audits (see Clause 8.8)
• Management reviews (see Clause 8.9)

Option B (8.1.3) One of the most significant changes from ISO/IEC 17025:2005 to ISO/IEC 17025:2017 is
the potential flexibility to recognize an existing management system that meets the requirements
within Clause 8. This recognition may allow Conformity Assessment Bodies (CABs) that both register
organizations to ISO 9001 and accredit laboratories to ISO/IEC 17025 to streamline their assessment
process. However, for CABs accredited to only ISO 17011, the full assessment of requirements in
Option A must be completed to meet the ILAC Mutual Recognition Agreement (MRA) requirements.
Check with individual accrediting bodies to confirm their process and requirements to allow Option B
recognition.

Regardless of whether Option A or B is used, the requirements defined in Option A apply to the full
range of laboratory activities.

50
8.2 Management system documentation (Option A)
Documentation of the laboratory management system creates the framework to define their
organizational objectives to ensure a consistent approach is deployed throughout the organization.
Documentation provides clear expectations so that valid and reliable measurement results are
achieved. Laboratory management must determine what information is needed to control their type
of organization and its laboratory activities. Once identified, the information must be documented
(whichever format is suitable to the organization), communicated (acknowledged) and fully deployed
across the entire laboratory.

The primary focus of organizations, however, should be on the effective implementation of the
laboratory management system and on laboratory performance, not on complex documented
information.

The documented information for the laboratory management system may be integrated with other
information management systems implemented by the organization. It does not have to be in the
form of a manual or be a series of standalone documents.

The documentation will vary depending on the size and complexity of the organization and
competence of personnel.

The organization’s laboratory management system must do the following:

• Include objectives and commitment to the laboratory management system implementation


and on-going improvement in organizational effectiveness;
• Address competency, impartiality and consistency (e.g., reliability);
• Identify the specific documentation related to the laboratory management system (note: this
requirement keeps the laboratory-related documentation visible even in integrated
management systems);
• Have relevant portions of the documentation and related information accessible to everyone
involved; and
• Include documents internally generated as well as essential documents received from outside
the organization (e.g., references, published methods, regulations, customer specifications,
etc.).

8.3 Control of management system documents (Option A)


The requirement to control documentation applies to both internally generated documents and
documents from outside the organization that are needed to perform the laboratory activities and to
confirm conformance with the requirements of this standard.

The primary focus of organizations should be on the effective implementation of the laboratory
management system and on laboratory performance, not on a complex documented information
control system. The types of control are likely to be different for the variety of types of documents.
Documentation can be in a variety of forms such as paper, electronic files, posters, reference data,

51
software, communications, etc.

Documented information originally created for purposes other than the laboratory management
system may be used. The documented information for the laboratory management system may be
integrated with other information management systems implemented by the organization.

The following are key controls for maintaining an effective laboratory management system:

• Authorization of the documentation by authorized personnel,


• Periodic review and revision to keep the information current,
• Distinct identifier of the documentation (e.g., title, number, etc.),
• Identification of most current version,
• Identification of changes so everyone can be kept informed (e.g., revision log, font difference,
or another visual indicator),
• Accessibility to personnel who must follow the instructions,
• Prevention of outdated or obsolete documentation from being used inappropriately, and
• Management of historical information (e.g., archive, suitably mark them, etc.).

8.4 Control of records (Option A)


The laboratory must maintain proof of meeting the requirements that are:

• Specified throughout this standard, and include


• Additional records specified in other applicable commitments or agreements.

This proof involves maintaining legible records, commonly in a variety of forms and formats.

The controls related to record management are the following:

• Identification of the formal records,


• Proper storage and access to retrieve them,
• Protection from unauthorized access and from loss,
• Back-up and retrieval systems, and
• Defined retention times and proper processes to manage disposal.

8.5 Actions to address risks and opportunities (Option A)


Each process within the laboratory has the potential to fail (risk) or be improved (opportunity). The
magnitude of the risks and opportunities are quite varied across the range of laboratory activities.
Clause 8.5 requires the laboratory to review their activities, appropriately manage risks, and pursue
relevant opportunities. The laboratory has flexibility to design an approach that fits their needs and
supports achievement of their intended results.

Managing risks prevents failures and/or reduces the negative impact of the risk on the validity and
reliability of the laboratory. The laboratory has the flexibility to determine how the risks and

52
opportunities are evaluated to identify priorities. For those priorities, the laboratory must act to
manage them considering the laboratory’s commitment to comply with all requirements of ISO/IEC
17025 and evaluate the effectiveness of the actions taken.

Managing risk may involve the following:

• Controlling the underlying processes,


• Avoiding the risk by eliminating the activity (if not required),
• Reducing/controlling the impact of the failure,
• Increasing monitoring to predict potential failures,
• Changing the likelihood of the failure,
• Sharing the risk,
• Retaining risk based on decision of authorized personnel, and/or
• Accepting risk to pursue relevant opportunity.

Opportunities may include the following:

• Expanding the scope of laboratory activities into new testing or calibration technologies,
additional methods, customer service, etc.;
• Investing in new technology for business operations;
• Enhancing organizational knowledge; and/or
• Any other means to meet customer or internal needs.

8.6 Improvement (Option A)


This clause goes hand in hand with Clause 8.5. Opportunities and risks are often interrelated. The
laboratory is required to improve and has flexibility to choose where and how to focus their efforts.
Once an opportunity is identified and selected for action, follow-through to pursue the opportunity is
required.

Meaningful ideas for improvement may originate from a wide variety of sources. Examples include
strategic planning, internal audits, customer feedback, employee suggestions, formal risk assessment,
process monitoring data, proficiency sample results, trending non-conforming work, etc.

The laboratory is required to seek feedback from customers, analyze it and act to improve the
laboratory management system. The laboratory has flexibility in how the feedback is gathered,
analyzed, and prioritized for action.

53
APPLY THE CONCEPT OF PROCESS AND SYSTEMS THINKING

Laboratory processes are interconnected and have the potential to have a problem
anywhere. Review a series of steps involved in normal laboratory activities and identify
various types of risks or problems that might occur. Consider routine and special controls
that might be needed to manage the risks. The type of controls is often based on the
importance of the impact caused by the problem.

You should have a wide variety of ideas because each laboratory has unique types of
testing or calibration (different technologies), business volume, unique relationships with
their customers, etc.

Figure 4: Visual of process steps related to handling items

Figure 5: Visual of process steps from order request to delivering results

54
8.7 Corrective actions (Option A)
When problems or nonconformities (i.e., failure to meet a requirement) occur, actions must be
initiated to identify, contain and resolve the problem.

Records are required to be retained by the laboratory that include the basic information about the
nonconformities, identified causes, actions taken and other related results.

APPLY THE CONCEPT OF CORRECTIVE ACTION

The first actions normally stop the release of the failure to the customer and/or stop the
progression of the problem to the next step in the laboratory activity. There may be
immediate actions appropriate to correct the problem and try to resolve any impacts
caused by the problem.

The corrective action process involves learning from the problem. Investigation efforts are
to be commensurate to the magnitude of the problem. Why did it happen? Where else
could it happen? What can we do to prevent the same or related problem from occurring
again? After the investigation, the laboratory must confirm necessary actions and timelines
for completion, so implementation can be verified. Once the problem is thought to be
resolved, the laboratory must evaluate or confirm the actions taken were effective.

Learning from corrective actions also involves updating the risks and opportunities of the
laboratory. See Clause 8.5.

8.8 Internal audits (Option A)


The internal audit program is essential to verify that the planned actions and processes are being
deployed as intended and that the processes are functioning effectively. The laboratory has invested
significant effort to defining their management system, so the internal audits provide meaningful
feedback to keep the laboratory on track.

The internal audit program must provide feedback regarding conformance to the laboratory’s own
management system requirements as well as the requirements of ISO/IEC 17025. To be effective, the
internal audits must be planned, and the process(es) to complete the audits must be defined. Factors
such as how often audits are completed, how reporting the information is done, and confirmation of
the responsibilities of the auditors, auditees, and management are essential.

The scope of each audit and the criteria applied to evaluate conformance must be defined. Learnings
from the audit must be reported to laboratory management and acted on based on the importance of
any nonconformities identified. Records related to the audits and audit program are required.

55
8.9 Management reviews (Option A)
Management review is intended to be a high-level evaluation of how the entire laboratory
management system supports the overall strategic plan of the laboratory. The management team is
expected to evaluate by asking the following:

• Are all the requirements of ISO/IEC 17025:2015 being met (i.e., intent or suitability)?
• Does the laboratory management system fit our needs to fulfill the expectations of our
mission and delivering valid and reliable results to our customers (i.e., implementation or
adequacy)?
• How effective are our processes? Are we efficient and achieving our goals (i.e., effectiveness)?

The robustness of the evaluation is dependent upon the information brought to management. The
minimum information to be reviewed is the following:

• Changes to issues relevant to the laboratory, both with the organization and from outside the
organization (e.g., regulations, customer expectations, business conditions, staffing
challenges, etc.);
• Progress towards achieving our objectives;
• Progress towards resolving action items from prior management review;
• Suitability or usability of our documentation;
• Internal audit results;
• Corrective action learnings;
• Assessments by third party bodies (e.g., customers, regulators, accreditation bodies, etc.);
• Changes in workload, types of work, and changes in laboratory activities (e.g., additions,
deletions, upgrades, etc.);
• Feedback from personnel and customers at least and may include other feedback;
• Complaints;
• Evaluation of prior improvements to verify effectiveness;
• Evaluation of the various types of resources the laboratory activities require;
• Risk management processes;
• Information related to the validity of results (e.g., proficiency results, trending results,
monitoring results, etc.); and
• Anything else worthy of evaluation, including training.

A formal record of the decisions and planned actions must be retained for at least the following:

• Evaluation of the management system overall and the processes that support the
management system,
• Decisions of next planned improvements,
• Confirmation of resources necessary to achieve expectations and commitments, and
• Decisions regarding any other changes that need to be initiated.

56
Annex A Metrological traceability

The clause structure and some of the terminology have been changed to improve alignment with
other management systems standards. It is stressed that organizations do not need to use the
structure and terminology of the standard in their own documentation but can choose terms to suit
their operations.

Annex B Management system options


This new clause focuses on explaining key concepts in the standard, such as “continual,” “ensure” and
“interested party” to prevent misunderstanding. It provides options for organizations to leverage
other management systems to support ISO/IEC 17025 accreditation. Each accrediting body may
establish policies for what they will accept.

There is a bibliography at the end of ISO/IEC 17025:2017 listing thirty-five (35) associated laboratory
reference publications.

57
Chapter 9: Summary and Next Steps

9.1 Summary
Now that you have learned about the requirements in ISO/IEC 17025:2017, you are invited to apply
these requirements to the types of testing or calibration services you perform or use. This may be your
internal laboratory, suppliers of testing and calibration data you use to make decisions, or vendors
that calibrate your equipment. For our readers familiar with ISO 9001:2015, you will recognize
similarities, significant differences, and many additional requirements in ISO/IEC 17025.

For our readers familiar with ISO/IEC 17025:2005, you will notice a change in approach from very
prescriptive requirements to a more flexible approach based on recognizing and managing risks. The
expectation that all data are reliable and generated by competent staff remains firm.

The main chapters of this ebook provided an overview of the requirements in each section of ISO/IEC
17025:2017.

The Appendix provides details about the technical changes in requirements and structural changes
that show where requirements moved. The Appendix is intended to be helpful in the following ways:

• It provides the types of changes in a format similar to a checklist for laboratories working to
transition from the 2005 version of ISO/IEC 17025. It can be difficult to recognize changes in
paragraphs, especially with all the reorganization!

• Your internal assessors who are familiar with ISO/IEC 17025:2005 may find the table in the
Annex helpful to refresh their awareness of the changes.

• Even laboratories that have already been accredited to the 2017 version of ISO/IEC 17025, may
find the table beneficial to compliment your accreditation body assessors.

9.2 Next Steps


Remember that each Accrediting Body may apply additional requirements. Be sure to check their
website for more information.

To identify potential Accrediting Bodies for your laboratory, review the list of organizations that have
signed an ILAC Mutual Recognition Agreement (MRA) for your scope of testing or calibration. See
https://ilac.org/ilac-mra-and-signatories/

You will need an action plan to prioritize actions to fully comply if you are:

• Beginning to implement ISO/IEC 17025:2017,


• Transitioning from ISO/IEC 17025:2005, or
• Transitioning from ISO 9001:2015.

58
If you are using any non-accredited testing and calibration suppliers for your organization, identify
any actions needed for them to meet the requirements of ISO/IEC 17025:2017 or start looking for
alternate suppliers who are accredited.

9.3 Engage Support Systems


Fully conforming with ISO/IEC 17025 is complicated. Reading the words and understanding how to
apply the requirements to your field of testing or types of calibration is challenging. Especially when
trying to figure out what works for your laboratory. There is a wide variety of laboratories. From a 1-2-
person lab to a multinational network, interpretations of what can work differ.

Diana and Heather are trusted resources. Whether you seek getting nerdy in the details or keeping a
higher level view to integrate your laboratory with your wider business systems, we can help.
Schedule a discovery call to confirm your needs. We offer several types of services including the
following:

• Review of documentation and /or records (on or off site),


• Gap assessment on site with staff interviews,
• Training your staff to be competent assessors,
• Overview for leadership so they understand their roles in supporting implementation of
ISO/IEC 17025:2017, and
• Our ISO/IEC 17025 Insiders Facebook Group to build a community of lovers of all things
related to laboratories.

We genuinely hope this ebook becomes a treasured resource for you and that you reach out to stay
connected with us. Both Diana and Heather have valuable resources on their websites, blogs, and
ways to engage with them. We welcome hearing from you and sharing learnings about all things
ISO/IEC 17025. We love this subject!

Diana Baldi Heather Wade


Innovation Training & Consulting, Inc. Heather Wade Group, LLC

[email protected] [email protected]
www.InnovationTrainer.com www.HeatherWadeGroup.com
011-267-935-9399 011-734-275-4400

59
Get ready to dive into the details as we look closely into the changes from
ISO/IEC 17025:2005 to ISO/IEC 17025:2017 in the Appendix.

60
Appendix: Detailed list of Changes from ISO/IEC 17025:2005 to ISO/IEC 17025:2017

INTRODUCTION

The table below contains the clause numbers and descriptions for both the 2017 and 2005 versions of ISO/IEC 17025. 2017 is on the left side
and 2005 is on the right side. The middle column explains the main changes in the 2017 revision. Note that the first 1-2 words in each bullet
point indicates the nature of the change to help put the change into context. Examples of types of changes include expanded, added,
removed, defined, clarified, simplified, renamed, reorganized, enhanced, separated, shifted emphasis, or modified.

We hope this list of changes is helpful to you and your internal assessors to verify all the changes for the 2017 version have been addressed.

ISO/IEC Change ISO/IEC


2017 type
Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 17025:2005
Foreword Minor Editorial changes - Foreword

Introduction Minor Editorial changes - Introduction

1 Scope Minor Simplified and duplication removed (i.e., mention of ISO 9001 is in the 1 Scope
introduction section only).

2 Normative Minor Specified ISO/IEC Guide 99 for the VIM. 2 Normative


references References
3 Terms & New 9 terms are defined: impartiality, complaint, interlaboratory comparison, intra- 3 Terms and
Definitions laboratory comparison, proficiency testing, laboratory, decision rule, verification, Definitions
and validation.
"Laboratory activities” is used throughout the standard and refers to testing,
calibration, and sampling (where conducted as a standalone activity) associated
with subsequent testing or calibration.

61
ISO/IEC Change ISO/IEC
2017 Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 type 17025:2005
4 General Title 4 Management
requirements requirements
4.1 Impartiality Major 1. Emphasis changed from independence ("free from undue… pressures that 4 Management
may adversely affect quality of their work") to having on-going identification requirements
of risks to its impartiality and managing the risks. The laboratory must be
able to demonstrate how it minimizes or eliminates the identified risks.
2. Added that risks may also originate from the laboratory activities,
relationships, or relationships of its personnel.

4.2 Confidentiality Major 1. Significantly expands on the requirements related to confidentiality, 4 Management
including customer information. Lab must advise customer of customer requirements
information they will make publicly available.
2. Added legally enforceable commitments for managing information.
3. Added that when lab must release confidential information, the customer or
their designated contact must be notified (unless that notification is
prohibited by law).
4. Added that information about the customer (even if received from other
sources), must be kept confidential, including the source of the information.
5. Clarified that lab responsibility to keep information confidential also applies
to the individual persons within the scope of lab activities.

5 Structural New 1. Removed specific references to technical management and a quality 4.1 Organization
Requirements manager.
2. Shifted emphasis from prescriptive documentation to putting burden on lab
to decide how much documentation is needed to support generation of valid
and consistent results.

62
ISO/IEC Change ISO/IEC
2017 Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 type 17025:2005
5 Structural New 3. Added requirement to define and document the range of laboratory activities 4.1 Organization
(cont’d) Requirements which it claims conformity to ISO/IEC 17025. This range of activities must not
include any work that is completed by external provider on an ongoing basis.
It is unclear how accrediting bodies will interpret this change vs scope of
testing or calibration. It may intend to bridge this standard to ISO 9001
process approach.
4. Removed specific references to deputies for key managerial personnel.
5. Changed reference to “top management” to “laboratory management".

6 Resource Title - -
Requirements
6.1 General Minor Editorial changes 4.1 Organization

6.1 General Minor Editorial changes 5.1 General

6.2 Personnel Major 1. Added procedure and records to identify and document competency 5.2 Personnel
requirements for personnel.
2. Emphasis shifted from staff’s ability to recognize departures from procedure,
but to also evaluate the significance.
3. Emphasis shifted to include records of personnel selection, supervision, and
on-going monitoring.
4. Requires authorizations for specific activities:
a. develop, modify, verify, and validate methods
b. analyze results, including statements of conformity and opinions/
interpretations

63
ISO/IEC Change ISO/IEC
2017 Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 type 17025:2005
6.2 Personnel Major c. report, review and authorization of results 5.2 Personnel
(cont’d)
5. Added requirements for the communication of duties to respective
personnel.
6. Combined content from 2005 Clauses 4.2 Management System and 5.2
Personnel.
7. Removes reference to specific job descriptions.

6.3 Facilities and Minor 1. Emphasis shifted to also include periodic review of facility controls, in 5.3 Accommodation
environmental addition to implementing and monitoring these measures. and
conditions Environmental
2. Clarified that requirements do apply to facilities and environmental
Conditions
conditions where lab activities are performed, even when outside the lab’s
permanent control.
3. Removed housekeeping procedure reference.
4. Shifted list of potential environmental conditions from 2005 Clause 5.3.2 to
2017 Note in Clause 6.3.1.

6.4 Equipment Major 1. Minor edit to “lab having access” from “being furnished with equipment." 5.5 Equipment
2. Clarified the equipment’s capability is also to consider the measurement
uncertainty (MU), even when accuracy is not in question. 2005 stated the
equipment shall comply with specifications, which implied the MU had to be
considered.
3. Clarity added about when calibration is required (when the measurement
accuracy or measurement uncertainty affect the validity of results or if
metrological traceability is required).
4. Clarified the calibration program is to be reviewed and adjusted as necessary.

64
ISO/IEC Change ISO/IEC
2017 Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 type 17025:2005
6.4 Equipment Major 5. Removed “whenever practicable” caveat from the requirement for labeling, 5.5 Equipment
(cont’d) coding, or otherwise identifying the status of equipment’s validity for use.
6. States equipment includes reference data which clarifies that correction
factors are to include these data sets.
7. Equipment now includes reference materials.
8. Removed procedure requirement specific for correction factors.
9. Emphasis shifted from requirement for authorization to use equipment to
competency. See Clause 6.2.
10. Added records requirement for a) firmware, e) calibration date or calibration
interval and f) documentation of Reference Material result and acceptance
criteria.

6.5 Metrological Editorial 1. Simplified and clarified the requirements and supported them by new Annex 5.6 Measurement
traceability A. Lists 3 ways to achieve traceability: a) calibration by competent lab, b) Traceability
clarified that traceability to the SI may be achieved through the use of
certified materials, or c) direct realization of the SI.
2. Removed statement of prohibition that Reference standards and reference
materials cannot be used for other purposes than only for calibration.

6.6 Externally Major 1. Combined Subcontracting and Purchasing Services and Supplies from 2005 4.5 Subcontracting of
provided as well as clarified intent and simplified text. tests and
products and calibrations
2. Adopted requirements for external providers in ISO 9001:2015.
services 4.6 Purchasing
3. Emphasis shifted to lab defining its requirements, selecting providers who Services and
meet them, and monitoring their performance. Supplies

65
ISO/IEC Change ISO/IEC
2017 Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 type 17025:2005
6.6 Externally Major 4. Removed requirement that lab is responsible to the customer for work from 4.5 Subcontracting of
(cont’d) provided external provider. tests and
products and calibrations
5. Emphasis placed on the lab to effectively communicate its requirements to
services 4.6 Purchasing
the external providers.
Services and
6. Moved requirement to inform and agree with customer when lab activity is Supplies
performed by external providers to Clause 7.1.1c.
7. Removed register of subcontractors.
8. Renamed subcontractors to external providers.

7 Process Title - -
Requirements
7. 1 Review of New 1. Requirement to inform and gain customer agreement when lab activity is 4.4 Review of
requests, tenders performed by external providers is moved here from 2005 Clause 4.5. Requests,
and contracts Tenders and
2. Added requirement that the lab must consider decision rules for conformity
Contracts
assessments at the time of contract review and include the agreed upon
decision rule in the report of lab results. Also see Clause 7.8.6. Note: 2005
Clauses 5.10.3 1b and 5.10.4.2 addressed statements of compliance in the
report of lab results.
3. Emphasis shifted to ensure deviations requested by the customer do not
impact the integrity of the laboratory or the validity of results.
4. Strengthened requirement from the laboratory being “willing to cooperate”
to “shall cooperate” in clarifying customer’s requests and allowing customer
to monitor the lab’s performance in relation to the work being performed for
them.

66
ISO/IEC Change ISO/IEC
2017 Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 type 17025:2005
7. 1 Review of New [Repeat of partial content to align with 2005 Clause 5.10: changes in 2017 Clause 5.10 Reporting the
requests, tenders 7.1 links to 2005 both 4.4 contract review and 5.10 reporting]. Results
and contracts
Added requirement that the lab must consider decision rules for conformity
assessments at the time of contract review and include the agreed upon decision
rule in the report of lab results. Also see Clause 7.8.6. Note: 2005 Clauses 5.10.3 1b
and 5.10.4.2 addressed statements of compliance in the report of lab results.

7. 2 Selection, Minor 1. Reorganized and separated requirements mainly to differentiate between 5.4 Test and
verification and when a lab must “verify” (7.2.1) it can properly perform methods versus when calibration
validation of the lab must “validate” (7.2.2) methods. methods and
methods method
2. Clarified in 7.2.1.5 that “properly operate” in 2005 means “verify".
validation
3. Emphasis shifted in 7.2.1.6 from 2005 requirement to update plans as method
development proceeded to 2017 requirement for periodic review as
development proceeds. Additionally, emphasis also shifted that validation be
assigned to “competent personnel” (2017) from “qualified personnel” (2005).
4. Two “Notes” in 2005 have moved to requirements; intention is same (5.4.5.2
Note 3and 5.4.5.3 Note 1).

7. 3 Sampling Minor 1. Moved “Note 2” in 2005 to requirements; intention is same. 5.7 Sampling
2. New note in 7.3.2 clarifies that sub-sampling (when further handling of test
item is required) is different from sampling.
3. Added record requirements: b) date and time of sampling; c) data to identify
and describe the sample; d) identification of personnel performing the
sampling; e) identification of equipment used; f) environmental or transport
conditions; and h) deviations, additions, exclusions from the method or
sampling plan.

67
ISO/IEC Change ISO/IEC
2017 Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 type 17025:2005
7.3 Sampling Minor 4. Removed requirement for procedure for recording sampling data. 5.7 Sampling
(cont’d)

7. 4 Handling of test Major 1. New requirement to include a disclaimer in the report if the item deviates 5.8 Handling of test
or calibration from specified conditions when it is received, and the customer requires the or calibration
items item to be tested anyway. items
2. See also Clause 6.3 for requirement to maintain integrity of the test or
calibration item when stored or conditioned, to maintain those conditions,
and to monitor and record the conditions.

7. 5 Technical records Minor Enhanced requirements for amendments of technical records. Now includes 4.13 Control of records
records and traceability to original data (all versions) and observations, the date
of alteration, what changed and the identity of personnel making changes.

7. 6 Evaluation of Minor Expanded to include measurement uncertainty (MU) contributions from 5.4 Test and
measurement sampling (when applicable). calibration
uncertainty methods and
method
validation

7. 7 Ensuring the Major 1. Separated requirements in Clauses 7.7.1 and 7.7.2 to distinguish intra- 5.9 Assuring the
validity of results laboratory and external activities respectively. quality of test and
calibration results
2. Added 5 additional quality control tools routinely adopted by labs (Clause
7.7.1 b, c, i, j, and k) to give more examples.
3. Proficiency testing (PT) and/or interlaboratory comparison (ILC) was not
mandatory in 2005 version. Each accrediting body defined their rules for
different types of testing. Now PT and/or ILC is mandatory where available
and appropriate.
4. Emphasis shifted to monitoring processes to be able to control and improve

68
ISO/IEC Change ISO/IEC
2017 Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 type 17025:2005
lab activities to align with the process approach in ISO 9001:2015.

7. 8 Reporting the New 1. Enhanced connection of requirement here and 6.2 to define authorization for 5.10 Reporting the
results review and release of reports. results
2. Implies loosening requirement of 2005 requirement of written agreement for
simplified reporting with the customer; 2017 states “when agreed upon with
the customer." However, the lab will need to be able to prove a record of the
agreement and still retain (ISO/IEC 17025) required information that is not
reported to the customer.
3. Expanded requirement to include customer contact information instead of
only name and address of customer.
4. Added 7.8.2.1 points j), n) and p).
5. Deleted where relevant” in 7.8.2.1 l “ (statement to the effect that the results
only relate to the items tested, calibrated or sampled.
6. Added editorial change to allow opinions and interpretations in calibration
reports.
7. Added requirement for calibration labs that do sampling to meet the
requirements in Clause 7.8.5 reports.
8. Added requirement to require evaluation of MU for subsequent testing or
calibration to be included.
9. Added requirements to include decision rule in the reports containing
statements of conformity and to take into account the risk of false accept or
false reject into consideration. See also 7.1.3.
10. Modified 2005 phrase “statement of compliance” to 2017 “statement of
conformity".

69
ISO/IEC Change ISO/IEC
2017 Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 type 17025:2005
7.8 Reporting the New 11. Added responsibility is upon the laboratory for all the information in the lab 5.10 Reporting the
(cont’d) results report, except for information provided by the customer. Customer data results
must be clearly identified.
12. Clarified that opinions and interpretations are to be based on the lab results.
13. Added previous 2005 Note (5.10.5 Note 3) as a requirement regarding keeping
records of dialogue with customer regarding opinions and interpretations.
14. Added when issued report needs changing, amendment, or reissuing, any
change must be clearly identified.
15. Added when report is changed, the amended report must include the reason
for the change (where appropriate).

7. 9 Complaints Major 1. Significantly expanded requirements for complaint handing process. Per 4.8 Complaints
ISO/CASCO wording, all requirements under 7.9 are mandatory.
2. Emphasis shifted from 2005 “resolution of complaints received” to 2017
“evaluating and making decisions."
3. Added requirement for description of the complaint handling process to be
available to any interested party upon request.
4. Added requirement for lab to confirm whether the complaint relates to the
lab activities. When it does, the lab is responsible for all decisions regarding
the complaint resolution.
5. Added requirement that lab is responsible for gathering and verifying all
information to validate complaint.
6. Added that whenever possible, the lab must acknowledge receipt of
complaint and provide progress reports and outcome to the complainant.
7. Added requirement for an impartial person to approve complaint resolution

70
ISO/IEC Change ISO/IEC
2017 Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 type 17025:2005
7.9 Complaints Major (who was not involved in the lab activities questioned). This will require a 4.8 Complaints
(cont’d) one-person laboratory to engage an external resource.
8. Added requirement for lab to give formal notice of the end of complaint
handling process to the complainant (whenever possible).

7.10 Nonconforming New 1. Added specific requirement to retain records related to Clause 7.10.1 b) to f). 4.9 Control of
work nonconforming
2. In relation to corrective action, specific procedures to Preventive Action are
testing and/or
no longer required.
calibration work
7.11 Control of data New 1. Clarified that changes or modifications to LIMS are made, they must be 5.4 Test and
and information validated. calibration
management methods and
2. Added requirement for ensuring an off-site or externally
method
managed/maintained LIMS complies with all applicable requirements of
validation
ISO/IEC 17025:2017.
3. Added specific requirement to maintain external documents related to LIMS
and to have them accessible to personnel (e.g., manuals, reference data sets).

8 Management Title 4 Management


System requirements
Requirements
8.1 Options Major 1. Added option for lab to use their ISO 9001 compliant management system, if - -
it fulfills all the requirements specified in 8.2 through 8.9 as well as Clauses 4
to 7.
2. Added requirement to identify risks and opportunities (see 8.5) to align with
ISO 9001 and removes the 2005 requirement for separate preventive action.

71
ISO/IEC Change ISO/IEC
2017 Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 type 17025:2005
8.2 Management Minor Eliminated prescriptive requirement for quality policy or a quality manual (but 4.2 Management
system kept requirement for commitment to a management system. System
documentation
(Option A)

8.3 Control of Minor Removed several requirements related to document control. Removed specific 4.3 Document
management procedure, master list, specific documentation identification issues, and hand Control
system amendments. Less prescriptive requirements.
documents
(Option A)

8.4 Control of records Minor Editorial changes 4.13 Control of records


(Option A)

8.5 Actions to New 1. Added significant change in emphasis from prescriptive control of lab to 4.1 Organization
address risks and requiring the lab to design and implement risk-based approach to managing
opportunities their activities. No formal risk assessment process is required; however, labs 4.2 Management
(Option A) may find the ISO 31000 standard helpful to guide them to design their System
process. This Clause is key to linking ISO/IEC 17025 to ISO 9001. Once risks
and opportunities are identified, the lab must decide which need to be
addressed to ensure valid and reliable results are generated.
2. Added once the lab identifies the risks and opportunities to be acted on, they
need to be acted on and integrated into the business/ laboratory processes
and evaluated to confirm they accomplish the lab’s intentions for managing
the risks and opportunities.
3. Added that the actions taken are to be proportional to the potential impact
on validity of the lab results.

72
ISO/IEC Change ISO/IEC
2017 Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 type 17025:2005
8.5 Actions to Minor 4. Added the requirement to identify opportunities, select appropriate ones, 4.10 Improvement
address risks and then implement appropriate actions to improve the management system,
opportunities laboratory activities, and customer service. 4.12 Preventive Action
(Option A)
5. Modified 2005 Clauses 4.7 Service to the Customer, 4.10 Improvement. and
4.12 Preventive Action and simplified the language.

8.6 Improvement Minor [Repeat of content to align with multiple Clauses of 2005 standard] 4.7 Services to the
(Option A) Customer
4. Added the requirement to identify opportunities, select appropriate ones,
then implement appropriate actions to improve the management system,
4.10 Improvement
laboratory activities, and customer service.
5. Modified 2005 Clauses 4.7 Service to the Customer, 4.10 Improvement. and
4.12 Preventive Action and simplified the language.

8.7 Corrective actions New 1. Reduced the prescriptive nature of the 2005 requirements for corrective 4.11 Corrective action
(Option A) actions. The principles remain the same.
2. Added link from impacts from nonconformities to re-evaluation of risks and
opportunities to keep this key driver for the management system up to date.
3. Removed “root cause” and required link to initiate internal audit if
nonconformities or departures from procedures cast doubt on lab’s
compliance with ISO/IEC 17025. The shift in emphasis allows more flexibility
for investigation of the cause(s) of the nonconformity.

8.8 Internal Audits Minor 1. Changed responsibility for internal audit program from Quality Manager in 4.14 Internal Audits
(Option A) 2005 to require authorization of specific personnel in 2017. More flexibility
but intention is the same.
2. Added requirement that results of previous audits be taken into account
when planning the internal audit program.

73
ISO/IEC Change ISO/IEC
2017 Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 type 17025:2005
8.8 Internal Audits Minor 3. Added requirement that each audit must have the scope and criteria defined. 4.14 Internal Audits
(cont’d) (Option A)
4. Removed the specific requirement to “address all elements of the
management system” and the Note stating the cycle for internal auditing
should normally be completed in one year.” With the change in mindset to be
risk-based, the laboratory may have more flexibility to plan the internal audit
program based on risk. Each accrediting body may have specific expectations
or requirements.
5. Removed specific procedure requirement and relies on audit program and
“schedule” to outline auditing process.
6. Changed “Schedule” to now be “planned intervals.”

8.9 Management New 1. Added additional topics for mandatory inputs to management review: a) 4.2 Management
Review changes in internal/external issues (to be consistent with ISO 9001), b) System
(Option A) fulfillment of objectives, d) action items from prior management review, k)
evaluation of effectiveness of implemented improvements, and m) results of
risk identification.
2. Added specific content that must be included in the records for management
review.

8.9 Management New 1. Added additional topics to mandatory inputs to management review: a) 4.15 Management
Review changes in internal/external issues (to be consistent with ISO 9001), b) Review
(Option A) fulfillment of objectives, d) action items from prior management review, k)
evaluation of effectiveness of implemented improvements, and m) results of
risk identification.
2. Added specific content that must be included in the records for management
review.
3. Removed specific Management Review procedure requirement.

74
ISO/IEC Change ISO/IEC
2017 Description of Changes from ISO17025:2005 to ISO/IEC 17025:2017 2005
17025:2017 type 17025:2005
8.9 Management New 4. Removed Note that recommended annual review. 4.15 Management
(cont’d) Review Review
(Option A)

Annex Metrological New Added additional detail to support Clause 6.5. - -


A traceability

Annex Management New Added overview of processes within a laboratory and establishes connections to - -
B system options ISO 9001.

N/A 5 Technical
Requirements

75

You might also like