Recently, the standard ISO/IEC 17025, which governs the accreditation of testing and calibration laboratories, updated its contents in an effort to align itself with the processes of other ISO-based standards such as ISO 9001. The new revision also contains a greater focus on ensuring that laboratories consistently produce valid and reliable measurement results that will provide added confidence to their customers.
Overall, the new ISO/IEC 17025:2017 version of the standard is more risk and performance-based instead of specifying certain document requirements or laboratory roles. This allows laboratories the freedom to create a management system that best fits their processes, as long as they meet the established requirements and can consistently follow their written documentation.
For example, the 2005 revision specifically required a Quality Manual and Quality Policy statement, whereas in the 2017 revision, the standard only requires that the laboratory document and maintain the policies and ensure they are acknowledged and implemented within the laboratory organization.
One of the changes to the ISO/IEC 17025:2017 standard is in the structure of the document itself. Although there were only two main clauses in the 2005 revision, Management and Technical Requirements, the 2017 revision contains five clauses that organizes the laboratory activities into a more organized flow. The ISO/IEC 17025:2017 clauses are:
Some of the other major changes to the ISO/IEC 17025 standard include:
The Management System requirements in ISO/IEC 17025:2017 have been divided into two sections, Option A or Option B, depending on the management systems already in place within a laboratory. This was done to align the management system requirements with the ISO 9001 requirements.
Option A is for laboratories that may be new to implementing an ISO-based management system and outlines the main requirements for creating a management system for the laboratory that meets the requirements of ISO/IEC 17025. This option is also typically used by laboratories that were already accredited to revision ISO/IEC 17025:2005 and have transitioned to the ISO/IEC 17025:2017 revision.
Option B is for laboratories that already have a management system in place that is certified to the requirements of ISO 9001 or other ISO Quality Management Standard and are seeking accreditation to the ISO/IEC 17025:2017 standard. The ISO/IEC 17025 accreditation bodies will recognize the certification of the existing management system and the laboratory just needs to fulfill the technical requirements to achieve accreditation.
Both options are intended to achieve the same result, a management system that encompasses the requirements of ISO 9001 and a technical capability that demonstrates competence in performing the laboratory activities.
The ISO/IEC 17025:2017 revision incorporates a risk-based approach to the management system similar to ISO 9001. Laboratories are required to address both risks and opportunities associated with conducting their laboratory activities.
Laboratories must plan and take appropriate actions to identify and address risks and opportunities to eliminate or reduce negative consequences and possible failures in their activities. The goal of the risk assessment is to ensure that the management system is effective, is able to achieve its goals and objectives, and that the laboratory is continually improving its laboratory activities.
The standard does not specifically state the format or documentation required for the risk management process. Typically, laboratories will outline their laboratory activities and create a risk assessment for each of the activities. The assessment will identify areas where the risks are higher and action plans can be developed to mitigate those risks. The laboratory is also required to monitor those action plans on an ongoing basis and measure the effectiveness of those actions.
Although ISO/IEC 17025:2005 had requirements that mentioned impartiality throughout the standard, the impartiality requirement in ISO/IEC17025:2017 has been emphasized and expanded so that it now has its own clause.
To fulfill this clause, all laboratory personnel need to act impartially and laboratories must commit to and conduct their laboratory activities so that conflicts of interest and other commercial or financial pressures do not adversely influence those laboratory activities or the measurement results obtained.
To document this commitment, many laboratories will incorporate impartiality and code of conduct statements into their employee handbooks and have ongoing training for laboratory management and employees on identifying and avoiding conflicts of interest in the laboratory environment. Laboratories must also access the risks that impartiality may pose to the laboratory.
Another new addition to the standard is the application of the decision rule to statements of conformity, such as ‘pass or fail’. The decision rule is the criteria used to determine whether or not the measurement results conform to a specific tolerance range, such as a manufacturer specification or published standard. The most common types of decision rules are to only use the manufacturer specifications, called ‘simple acceptance’ or to use the measurement uncertainty values in conjunction with the manufacturer specifications to more tightly control the tolerance range.
The laboratory must record and document its decision rule. This is usually documented on the calibration certificate sent to the customer with the measurement data. The decision rule must consider the level of risk of recording false positive or negative test results before reporting whether or not it conforms to the specification.