The International Organization for Standardization (ISO) has released the most recent version of the ISO/IEC 17025 standard-the 2017 edition. The development of this standard became necessary as it is geared towards achieving the goal and purpose of promoting confidence, accuracy and trustworthiness in the operation of testing and calibration laboratories. The ISO/IEC 17025 standard contains general requirements for the competence of testing and calibration laboratories, which help them increase the effectiveness of their activities.
The ISO/IEC 17025 standard helps laboratories to provide reliable data and technically valid results to their customers, so as to be deemed competent. It is important to mention that this standard is also applicable to all organizations performing laboratory activities such as universities, research centers, and others, and can be used by inspection bodies and/or other conformity assessment bodies. It also helps to promote continual improvement of data quality and laboratory effectiveness.
After the implementation of the revised international standard, the laboratory will be able to demonstrate that it operates within the new framework using the recent technology and IT techniques. Furthermore, the format of this standard has been significantly changed to be more in line with new ISO formatting guidelines. The standard takes into consideration the latest version of the ISO 9001 standard, so as to facilitate the implementation of ISO/IEC 17025 in laboratories that have already met the requirements of ISO 9001.
Adopting the requirements of ISO/IEC 17025, like other conformity assessment standards such as ISO/IEC 17043, ISO/IEC 17020, ISO/IEC 17021-1, ISO/IEC 17065, etc., will not only promote competence but will also reduce undesired impacts and potential failures in the laboratory activities.
1. The evolution of ISO/IEC 17025
2. Main terms and definitions
Body that performs one or more of the following activities:
– sampling, associated with subsequent testing or calibration.
Source: ISO/IEC 17025, clause 3.6
*Note: The term “laboratory” has been included in the ISO/IEC 17025:2017 standard.
Organization, performance and evaluation of measurements or tests on the same or similar items by two or more laboratories in accordance with predetermined conditions.
Source: ISO/IEC 17043, clause 3.4
Organization, performance and evaluation of measurements or tests on the same or similar items within the same laboratory in accordance with predetermined conditions.
Source: ISO/IEC 17025, clause 3.4
Determination of one or more characteristics of an object of conformity assessment, according to a procedure.
Source: ISO/IEC 17000, clause 4.2
Proficiency testing: Evaluation of participant performance against pre-established criteria by means of
Source: ISO/IEC 17043, clause 3.7
Provision of a sample of the object of conformity assessment, according to a procedure.
Source: ISO/IEC 17000, clause 4.1
3. Accreditation based on ISO/IEC 17025 requirements
According to ISO/IEC 17000, accreditation is defined as a “third-party attestation related to a conformity assessment body conveying formal demonstration of its competence to carry out specific conformity assessment tasks.”
A laboratory aiming to obtain accreditation will need to demonstrate conformity with the requirements of ISO/IEC 17025:2017 as administered by the Accreditation Body.
According to ISO, it is estimated that across the world there are approximately 100,000 laboratories that are using the ISO/IEC 17025 standard as the main source for their laboratory accreditation. In addition, the accreditation of a laboratory ensures effective testing, calibration, and measurement of laboratory samples, processes and equipment. It is important to mention that this standard positively impacts the quality of results delivered by laboratories in a number of ways:
- Meeting the requirements for the competence of the personnel;
- Participation of the laboratories in proficiency test schemes;
- The use of certified reference materials with known values traceable to national, regional or international standards;
- The calibration and maintenance of laboratory equipment; and
- The overall processes that laboratories use to generate their data.
4. What are the benefits of the ISO/IEC 17025:2017 standard?
- By adopting or implementing the ISO/IEC 17025 standard requirements and achieving accreditation, a laboratory will gain national and international recognition, thereby making it easier for customers to readily identify and select reliable laboratories;
- By choosing an accredited laboratory, clients will experience reduction in the costs of re-testing their products;
- By complying with the requirements of the ISO/IEC 17025 standard, the laboratory will have a better control over its activities;
- When performing testing/calibration services, the laboratory managers/technicians will be able to access better and updated technologies, which will increase the confidence in generating valid results;
- An accredited laboratory will experience an increase in revenues and profits due to the laboratory’s proficient capability to provide reliable and technically valid results;
- The laboratory will ensure the validity of standard, non-standard and laboratory developed test methods which impact the provision of reliable data to their clients.
5. The main changes in the 2017 version of the ISO/IEC 17025 standard
With respect to the changes that ISO has made on the 2017 version of the ISO/IEC 17025 standard, laboratories that are already accredited to the 2005 version of the ISO/IEC 17025 standard need to transition within a period of three years, from the date of the publication of the ISO/IEC 17025:2017 standard.
Table 1: ISO/IEC 17025:2005 to ISO/IEC 17025:2017 comparison matrix
*Note: See Annex A for a more detailed comparison matrix between ISO/IEC 17025:2005 and ISO/IEC 17025:2017.
It is important to note that the ISO/IEC 17025:2017 standard contains substantive changes, including:
The process approach of ISO/IEC 17025:2017 now matches that of more recent standards, such as ISO 9001:2015 (Quality Management Systems).
The scope of the ISO/IEC 17025 standard covers all the laboratory activities including testing, sampling, and calibration.
Furthermore, the new version of the ISO/IEC 17025 standard focuses more on information technology, which incorporates the use of computer systems, Laboratory Information Management System software, and the provision of electronic test results.
The standard also focuses on the concept of risk-based thinking, whereby the laboratory takes a proactive approach towards addressing risks that can prevent the laboratory from achieving its objectives. This involves an elaborate risk management process which includes risk identification, analysis and evaluation, risk monitoring and risk control measures; though the standard does not require formal risk management methods or documented risk management processes. It is the laboratory’s key responsibility to decide which risks and opportunities need to be addressed.
Although the recent version of the ISO/IEC 17025 standard presents a new structure, the key technical requirements are as important as ever. Laboratories still have to carry out equipment calibration and method validation, participate in interlaboratory comparisons via proficiency testing and estimate uncertainty of measurement. A key distinction however is the greater emphasis on some requirements such as sampling (7.3), metrological traceability, which has a new sub clause of its own (6.5) under Resource Requirements, and additional information regarding it in Annex A.
6. The main clauses of ISO/IEC 17025:2017
As displayed in the comparison matrix above, the 2005 version of the ISO/IEC 17025 standard included two main requirements: the management requirements and the technical requirements. The 2017 version of the ISO/IEC 17025 standard, on the other hand, includes the following requirements:
1. General requirements: This clause highlights two main elements: impartiality and confidentiality. This clause ensures that the laboratory is committed to impartiality and that the risks related to impartiality are identified on a continuous basis. Meanwhile, confidentiality ensures that prior to the release of the information into a public domain, customers are informed. Confidentiality also entails not releasing the information obtained from a source other than the customer, as well as the source of the information to the customer unless it has been authorized by the source. Additionally, this clause emphasizes the release of confidential information when required by law or authorized by contractual arrangements. The laboratory should commit to ensure information confidentiality during all processes, treatments and interactions.
2. Structural requirements: This clause emphasizes the legal status of the laboratory, the structure of the laboratory, the identification of the personnel and the management, as well as the availability of the personnel responsible for implementing and maintaining the integrity of the management system. It also emphasizes the documentation of procedures to the extent necessary to ensure consistency in the application of laboratory activities and the validity of the results.
3. Resource requirements: This clause establishes the need for laboratories to ensure the availability of personnel, facilities, equipment, systems and support services required for the smooth performance/operations and management of all its activities. Calibration of equipment shall be done when measurement accuracy or measurement uncertainty affects the validity of reported results and this will further assist in establishing the metrological traceability of the reported results. The laboratory shall also ensure that it communicates to its customers on all externally provided products and services i.e. subcontracting activities, purchasing services and supplies with requirements and controls in place.
4. Process requirements: This clause represents the procedures and other methods for the review of requests, tenders, and contracts. The clause covers the requests of the customers, the decision rule and the differences between tenders and requests that should be applicable to customers before any other laboratory activity takes place.
It also covers the selection, verification, and validation of methods. This ensures that the laboratory will use appropriate methods and procedures for its activities. Furthermore, the laboratory will ensure that it is using the most recent methods which cover the latest technological developments.
Through the use of relevant or current technology or methodology, the laboratory will be able to develop a sampling plan when it intends to carry out sampling of substances, materials or products for subsequent testing or calibration. Other elements captured by the clause are: handling of test or calibration items, technical records, evaluation of measurement uncertainty, ensuring the validity of results, reporting of results, complaints, nonconforming work, control of data, and information management.
Figure 1: Example of the operational process of a laboratory as described in Clause 7 Process requirements.
5. Management system requirements: This clause now provides two distinct options (Option A and Option B) for establishing a management system.
Option A provides a minimum set of requirements the laboratory shall meet, that is by addressing clauses 8.2 to 8.9 of ISO/IEC 17025 in order to establish a management system.
The minimum requirements for the implementation of a management system, as per option A, are as follows:
- Clause 8.2 Management system documentation
- Clause 8.3 Control of management system documents
- Clause 8.4 Control of records
- Clause 8.5 Actions to address risks and opportunities
- Clause 8.6 Improvement
- Clause 8.7 Corrective actions
- Clause 8.8 Internal audits
- Clause 8.9 Management reviews
Organizations that implement clauses 4 to 7 and Option A of clause 8 of the ISO/IEC 17025 standard can be adjudged to meet up with the general principles of ISO 9001.
Option B gives a provision of establishing and maintaining a management system in accordance with ISO 9001 requirements.
This option points out that a laboratory that has already established and maintained a management system in compliance with the requirements of ISO 9001, with satisfactory evidence of compliance to clauses 4 to 7 of the ISO/IEC 17025 standard can be adjudged to fulfill, at least the intent of the management system requirements set out in clauses 8.2 to 8.9 of the ISO/IEC 17025 standard. This option makes it easier and practicable for laboratories to simultaneously manage the implementation of ISO 9001 and ISO/IEC 17025. In summary, if a laboratory has already implemented ISO 9001, Option B may allow for greater flexibility in implementing ISO/IEC 17025:2017.
Both options are intended to achieve quality results in the performance of the laboratory’s management system and its compliance with clauses 4 to 7 of the ISO/IEC 17025 standard.
Laboratories only need to conform to one of the options above, not both.
7. The implementation methodology
PECB has developed a methodology for implementing a management system so as to ensure that all certification/accreditation and standard requirements are captured, thus aiding step-by-step systematic deployment and use. It is called the “Integrated Implementation Methodology for Management Systems and Standards (IMS2)” and it is based on international best practices. This methodology is based on the guidelines specified in ISO standards, which also meets the requirements of ISO/IEC 17025:2017.
Figure 2: Integrated Implementation Methodology for Management Systems and Standards – ISO/IEC 17025
IMS2 is based on the PDCA cycle, which is divided into four phases: Plan, Do, Check and Act. Each phase has a number of steps which are further divided into activities and tasks. This ‘Practical Guide’ considers the key phases in the organization’s implementation project from start to finish. Constructively, it suggests the appropriate ‘best practice’ for each step while directing the organization as it embarks on its ISO/IEC 17025 journey.
By following a structured and effective methodology, an organization can ensure that it covers all the minimum requirements for the implementation of the management system. As stated above, whatever methodology used, the organization must adapt it to its particular context. The key to a successful implementation relies on a contextualized and adaptable approach by the respective organization.
8. Training and certifications of professionals
PECB has created a training roadmap and personnel certification schemes which are strongly recommended for implementers and assessors of a laboratory who wish to become certified against ISO/IEC 17025. The certification of individuals serves as documented evidence of professional competency, while also providing evidence that the individual has attended one of the related courses and successfully completed the exams. It also proves that the certified professional has the expertise to assist a laboratory in successfully obtaining an ISO/IEC 17025 accreditation.
Personnel certifications demonstrate that the professional possesses the defined competencies based on best practices. It also allows laboratories to make an informed decision on the selection of employees or services based on the competencies that are represented by the certification designation. Finally, it provides opportunities for the professional to constantly improve his/her skills and knowledge, and also serves as a tool for employers to ensure that training and awareness have indeed been effective.
PECB training courses are offered globally through a network of authorized training providers; they are available in several languages and include the following: Introduction, Foundation, Lead implementer, and Lead Assessor courses. The table below provides a short description of PECB’s official training courses for the competence of testing and calibration of laboratories based on ISO/IEC 17025.
Although a specified set of courses or curriculum of study is not required as part of the certification process, the completion of a recognized PECB training course or program of study will significantly enhance the chances of passing a PECB certification examination as the examination is based on PECB’s training material.
Table A.1: Detailed ISO/IEC 17025:2005 to ISO/IEC 17025:2017 comparison matrix table