ISO 17025 2017 Training Course and Changes

Chapter: 1 Overview to 1S0/IEC 17025:2017 Standards
1.0 1S0/IEC 17025 History - Background information

ISO/IEC 17025 was first issued in 1999 by the International Organization for Standardization
(ISO) and the International Electro-technical Commission (IEC). It is the single most important
standard for calibration and testing laboratories around the wortd, with more than 50.000
Jaboratpries accredited, globally.
At the International Laboratory Accreditation Cooperation (ILAC) General Assembly in October

2013 the Laboratory Committee (which is composed of stakeholder representatives of
accredrted testing and calibration) recommended that ILAC request that ISO/CASCO establish
a new work rtem to comprehensively revise ISO/IEC 17025:2005. CASCO is the ISO
committee that works on issues relating to confonnity assessment. CASCO develops policy
and publishes standards related to confonnity assessment; rt does not perfonn conformity
assessment activrties. CASCO's standards development activities are carried out by wort(ing
groups made up of experts put forward by the ISO member IJodies. The experts are individuals
who possess specific knoWledge relating to the activrties to be undertaken by the wort(ing
group.
The 6" ' ISO/CASCO WG 44 meeting was held on July 10-12, 2017 in ISO Central Secretariat,
Geneva. The deliverable of this meeting was the FDIS version of the new ISO/IEC 17025
version. The ISO/IEC 17025-2017 standard was released in end November 2017
2.0 Overview to the 1S0/IEC 17025 standards
Laboratory accreditation is a procedure by which an authoritative body gives fonnal recognition
of technical competence for specific tests/ measurements, based on third party assessment
and following international standard.
In the current global scenario an essential pre-requisrte of trade is that any product or seivice
is accepted fom1ally in one economy, must also be free to circulate in other economies without
having to undergo extensive re-testing. WTO recognises that non acceptance of test results
and measurement data is a Technical Barrier to Trade. Global sourcing of components calls
for equivalence of measurement, which can be facilrtated by a chain of accredited calibration
laboratories. Accreditation is considered as the first essential step for facilrtating mutual
acceptance of test results and measurement data.
Confidence in accredrtation is obtained by a transparent system of control over the accredrted
laboratories and an assurance given by the accreditation body that the accredited laboratory
constantly fuKils the accreditation criteria.
Accredrted laboratories can objectively state confom1ance of product or seivice to specified
requirements. It is important for the purchaser, regulator, government, and the public to be
able to identify accredited testing and calibration laboratories.
2.1 Benefits of Accreditation
Fonnal recognition of competence of a laboratory by an Accreditation bocly in accordance

with international criteria has many advantages:
Increase of confidence in Testing/ calibration data and of personnel perfonning work.
Better control of laboratory operations and feedback to laboratories as to whether they
have sound Quality Assurance System and are technically competent.
Chapter: 1 Overview to ISO/IEC 17025:2017 Standards
• Potential increase in business due lo enhanced customer confidence and satisfaction.
Customers can search and identify the laboratories accredited by the accreditation
body for their specific requirements from the accreditation body Web-srte or Directory
of Accredited Laboratories.
Users of accredited laboratories will enjoy greater access for their products, in both
domestic and international markets, when tested by accredrted laboratories.
Savings in tem1s of time and money due to reduction or elimination of the need for re-
testing of products.
2.2 International Linkages
The accreditation body maintains its linkages with the international bodies like International
Laboratory Accreditation C0--0peration (ILAC) and Asia Pacific Laboratory Accreditation Co-
operation (APLAC). The accreditation body is a full member of both ILAC & APLAC and
regularly takes part in the Technical Committee Meetings of both ILAC & APLAC, engaged
upon development and updating of guidelines connected with accreditation activities.
For the ultimate goal of being mutually recognized by foreign accreditation bodies and to
overcome Technical Barriers to Trade for free trade of goods, the accreditation body became a
signatory to ILAC as well as APLAC Mutual Recognrtion Arrangements (MRA). The MRA is
I,ased on mutual evaluation and acceptance of other MRA partner laboratory accreditation
systems. Such international arrangements facilitate acceptance of tesU calibration results
between countries to which MRA partners represent.
In order to achieve the objective of the acceptance of tesV calibration data across the national
borders, the accreditation body operates and is commrtted to update its laboratory
accredrtation system as per international norms. For laboratories and users of laboratory
services, occasionally there is misunderstanding and confusion about the objectives and
function of "accreditation" based on ISO/IEC 17025:2017 General requirements for
competence of testing and calibration Laboratory
It is designed to made image and integrity of conforrnrty assessment to clarify the key
distinctions between the two different types of recognition of laboratories by erther accreditation
bodies or certification bodies.
At present many laboratories are not having very accurate masters, facilities or competent
person. They operate from residence or part of some other factory. In such environment you
as a customer will always like to visrt and see their facility or demand for accredrtation /
certification to enhance qualrty of your products.
2.3 What do the standards specify?

The ISO/IEC 17025:2017 standard was developed as a special purpose standard for
laboratories to specify the general requirements for their technical competence. While the
standard is generic, rt also recognizes that for accreditation purposes, (i.e. for independent
recognition of a laboratory's competence to perform specific tests, or calibrations) the standard
may require development of guidelines to explain rts use in specific areas of testing or
measurement.
ISO/IEC 17025:2017 has five major clauses, namely General requirements, Structural
requirements, Resource requirements, Process requirements and Management system
requirements. The management system requirements are written in language relevant to
lal,oratory operation but were developed to meet the systems requirements of ISO 9001.
For accreditation against ISO/IEC 17025 the emphasis is to establish the technical
competence of laboratory for defined set tests, measurements or calibrations. In doing so
however compliance with the standard's management requirements is also assessed.
However, accreditation against ISO/IEC 17025 should not be interpreted to be the same as
certification against ISO 9001.
Because laboratory accreditation aims to recognize specific technical competence, team

comprising relevant technical experts and assessors able to evaluate compliance with the
management s,-stems requirements of ISO/IEC 17025 conduct the assessments of laboratory.
3.0 Why ISO/IEC 17025:2017? : -

Improved quality
Improved efficiency, productivity and effectiveness
Improved level of motivation, co--0peration, workmanship and quality awareness
Improved communication and quality infom1ation and greater quality awareness
Greater control of processes and activities throughout organisation.
An onward journey of improvement is possible on an On-<JOing basis
Provide hot tips on anal,-sis of data as well as measure uncertainty and perfect record
keeping.
Provide guideline for doing testing and measurement in detail.
Provide guidelines and lietter control for maintenance of instruments, environment
control, preservation of test records etc
Establish the best system for the product storage and handling.
Helps in dealing with issues of implementing the OSHA (Occupational, Safety, Health
Assessment) laboratory standards as well as the accreditation body accreditation.
Provide guidance for emergency response of lalioratory for fire, radiation, chemical
spillage, biological spill, and personal injury as well as reduce accidents.
Helps in making complete training manual with details of all test procedures and it helps
in training any new staff as well as consistency of Quality of testing is maintained in
spite of high staff turnover
4.0 Why not ISO/IEC 17025:2017?
1. Do not want to spend money.
2. Monopoly laboratory.
3. Do not want to expand.
4. Customers do not care.
5. Do not believe in involving people.
6. Have other sources of income and don't want to grow.
7. Do not want to train employees.
i
8. Enjoy f re fighting and quick fixes.
9. Believe - Quality does not pay.
1O. Do not want to commrt anything on paper.
11. Expect miracles to overcome challenge
5.0 ISO/IEC 17025:2017 documentation: -
The total documentation for a comprehensive management system under ISO/IEC 17025:2017
can be represented by the four-tier system in a pyramid shown in the figure-1.
1. Quality Manual {Optional\:- It states the Quality Policy and describes the macro level
Management system including details for how the standard requirements shall be fulfilled in
the company. It also includes Quality policy and ol>jectives as well as organizational chart and
optional for the laboratory to maintain it.
2. Quality Procedures: - It is normally called as middle management hand book and describes
requirement related activity for a system approach to supply consistent Quality in testing and/or
calibration services. They are considered to be the core of the system documentation and
confidential documents. They describe how the tasks and functions of the various departments
should be performed to meet the requirements of the ISO/IEC 17025:2017 standard and the
Quality Policy of the company.
3. Work Instructions/ Operating Procedure: - These documents are required for the Testing
and or calibration purpose otherwise affects Quality of testing and or calibration
4. Quality Records. Forms:- Forms, records etc. are supporting documents used by the
company to record infom1ation for different procedures followed.
The global objectives of the implementation of ISO/IEC 17025:2017 are: -
To establish Quality in testing and reliability

To prevent risk
To detect deviations
To correct errors
To improve efficiency
To ensure data quality and integrity
6.0 Steps for installation of 1S0/IEC 17025:2017 management system: -
1. Conduct awareness programmes (Top+ Middle+ Bottom Level).
2. Form a task force for documentation.
3. Prepare documents of management system.
4. Implementation and train all personnel in the use of procedures and formats.
5. Train internal auditors.
6. Assess the system through an internal audit.
7. Take corrective actions for non-compliances.
8. Apply for certification.
9. Assess the system through second round of internal audit.
1O. Avail pre-certification audit of certifying body.
11. Take actions on suggestions given by them.
12. Maintain and improve the system by third round of internal audit.
13. Final audit by certifying body.
7.0 Accreditation Procedure
Application for Accre<litation

(by laboratory)
JI
Acknowledgement & Scrutiny of
Application (by the Accreditation Member .
Body Secretariat)
Jl Feedback
Adequacy of Quality Manual
to
(by lead Assessor)
Laboratory
Jl and
Pre-Assessment of laboratory Necessary
(by lead Assessor) . Corrective
Jl Action
Final Assessment of Laboratory by
(by Assessment Tearn)
Laboratory
Jl
Scrutiny of Assessment Report
(by the Accreditation Member Body
Secretariat)
Jl
Recommendations for Accreditation
(by Accredttation Committee)
Jl
Approval for Accreditation
(by Chaim1an, the accreditation member
body)
.H
Issue of Accreditation Certificate
(by the accreditation member body
Secretaliat)
Accreditation Procedure
Application for Accreditation

The laboratory shall apply to the accreditation body in the prescribed application, in prescribed
copies along with prescribed copies of the laboratory's quality manual that describes the
management system in accordance with ISO/IEC 17025:2017. The application shall be
accompanied with the prescribed application fee as detailed in the application form. Laboratory
has to take special care in filling the scope of accredttation for which the laboratory wishes to
apply.
Acknowledgement and Scrutiny of Application
The accredttation body Secretariat on receipt of application forms, the quality manual and the
fees shall issue an acknowiedgement to the laboratory. After scrutiny of application for its
completeness in all respects, a unique customer registration number shall be allocated to the
laboratory, which shall be used for correspondence with the laboratory.
Adequacy of Quality Manual
The preliminary scrutiny of the application and quality manual is done by the accreditation body
Secretariat. The Secretariat may ask for additional information/ clarification(s), if found
necessary. If there are gross inadequacies, the quality manual will be returned to the
lalioratory for re-writing. If this is seen to be generally in order, a copy of the qualfy manual
along with a copy of the application of the laboratory shall be forwarded to the lead assessor to
study in depth and verify the compliance in accordance with ISO/IEC 17025:2017 and relevant
spec ic cmeria. The lead assessor shall submn a report to the accreditation body indicating
inadequacies (if any) in the qualfy manual.
Pre-Assessment
In case there are no inadequacies in the quality manual or after satisfactory corrective action
by the laboratory, a pre-assessment visit of the laboratory shall be organised by the
accredttation body. Laboratories must ensure their preparedness by carrying out ns internal
audtt and a management review before the pre-assessment.
The Pre-assessment of the laboratory is conducted to:
Have a better understanding of the documentation;
• Familiarise h the facilities, sttes/ location, circumstances and to have better
knowledge of operations;
Make the methodology to be adopted for the assessment;
Check the preparedness of the laboratory to undergo assessment;
Review the scope of accreditation and to ascertain the requirement of the number of
assessors/ experts and the duration of assessment
The lead assessor shall submit a pre-assessment report to the accreditation body
Secretariat wtth a copy to the laboratory wtthin 1Odays of completion of pre-assessment. The
laboratory shall comply with the inadequacies of the documented management system and its
implementation and sulimn a corrective action report to the accred tion body Secretariat.
Assessment
After the laboratory confirms removal of inadequacies, the accreditation body shall propose
constnution of an assessment team. The team shall include the lead assessor (already
appointed), the assessor(s)/ technical expert(s) in order to cover valious disciplines within the
scope of accreditation sought. Thereafter the accred tion body shall fix up dates for on ne
assessment of the laboratory in consultation with the laboratory, the lead assessor and
assessor(s).
The assessment team reviews the laboratory's documented management system and vefifies
i1s compliance with the requirements of ISO/IEC 17025:2017 and specific criteria. The
documented management system, SOPs, wor1< instructions, test methods etc. are assessed
for its implementation and effectiveness. The laboratory's technical competence to perform
specific tests / calibrations is also adjudged. The non-compliances, ii identified are reported in
the assessment report.
The assessment report shall contain the evaluation of technical manpower, all relevant material
examined, test wi1nessed; compliance to ISO/IEC 17025:2017 and relevant specific criteria and
the non-conformances, if any.
It shall also provide a recommendation towards grant of accredi1ation or otherwise. The
assessment report is prepared by the lead assessor, in the formats prescribed in published
document. The details of the non-conformances observed during the assessment, is handed
over to the laboratory by the Lead Assessor and the detailed assessment report is sent to the
accredi1ation body.
Scrutiny of assessment report
The assessment report shall be examined by the accredi1ation body, which shall communicate
the outcome of the assessment to the laboratory and shall ensure that the non-conformances
raised by the assessment team, which were not closed during the assessment, are well
understood by the laboratory.
Laboratory shall take necessary corrective action on the remaining non-conformance(s)/ other
concerns and shall submit a report lo the accreditation body Secretariat within a maximum
period of 3 months. The accreditation body shall moni1or the progress of closing of non-
conformances. When there are significant noo-confom1ance(s) identified during the on-si1e
assessment, the accreditation body may arrange for a verification visit for the closure of the
non-conformance(s).
Accreditation committee
After satisfactory corrective action by the laboratory, the Accredi1ation Committee examines
the assessment report, additional information received from the laboratory and the consequent
verifications.
In case the Accredi1ation Committee finds deficiencies in the assessment report to arrive at the
decision, the Secretariat obtains clarification from the Lead Assessor / Assessor/ Laboratory
concerned. In case everything is in order, the Accreditation Committee shall make appropriate
recommendations regarding accreditation of a laboratory to the Chaim1an, the accreditation
body.
Issue of accreditation certificate
When the recommendation results in the grant of accredi1ation, the accreditation body shall
issue an accredi1ation certificate which shall have unique number, discipline, and date of
validity alongwi1h the scope of accredi1ation.
The accredi1ation certificate on testing laboratories shall define field of test, materials/ products
tested, specific tests pertormed, specification/ standard method or technique used, range of
testing/ limit of detection and accuracy.
The accreditation certificate on calibration laboratories shall define the calibration field,
producV item calibrated, range of measurement, calibration measurement capability and
measuremenV calibration equipment used.
The applicant laboratory must make all payments due to the accreditation body, before the
certificate(s) is/ are issued to the laboratory.
All decisions taken by the accreditation body regarding grant of accreditation shall be open to
appeal by the laboratory, to chairman the accredrtation body.
Surveillance and re-assessment
Accreditation to a laboratory shall be valid for a period of two or three years. The accreditation
body shall conduct and annual surveillance of the accredited laboratories. The laboratories
may enhance and reduce the scope of accreditation during Surveillance.
The laboratories may apply for renewal of accredrtation, atleast six months before the expiry of
validity of accreditation for which a Re-assessment shall be conducted.
Chapter: 2 1S0/IEC 17025:2017 Requirements
ISO/IEC 17025:2017 Requirements
1.0 Overview of requirements
The details of ISO/IEC 17025:2017 requirements are given in the published copy of the
standard and all users are advised to purchase the copy of standards from ISO web site and
review applicability of requirements to their organization. For ready reference summary of
changes in ISO/IEC 17025:2017 is given IJelow. This chapter is prepared for training purpose
for our participants to understand the requirements
Changes in the structure of standard, as earlier there were only 2 main clauses were there,
such as 4.0 Management requirements and 5.0 Technical requirements. Now in this new
standard the structure is modttied as below to align it wrth all management system standard as
below;
4.0 General requirements, includes the sub clause of impartiality and confidentiality,
5.0 Structural requirements, as per the earlier requirements of clause no. 4.1.5,
6.0 Resource requirements, includes the sub clause of Personnel, Facilities and
environmental conditions, Equipment, Metrological traceability (Earlier it was
measurement traceability), Externally provided products and services (Earlier it was
purchasing),
7.0 Process requirements, includes the sub clause of Review of requests, tenders and
contracts, Selection, verification
i
and validation of methods, Sampling, Handling of test
or calibration rtems, Techn cal records (Separated as specific requirements under this
clause), Evaluation of measurement uncertainty (Separated as specific requirements
under this clause), Ensuring the validrty of resutts (Changed the title from quality of
results to validity of results), Reporting of resutts, Complaints, Nonconfonning work,
Control of data-lnfonnation management (introduction of some new requirements
alongwith the earlier requirements of control of data).
8.0 Management system requirements, includes the sub clause of Options having Option
A and Option B, in this case the;
• Option A is having specific management system requirements to be implemented by
laboratory to comply with the requirements of this revised standard. The requirements are
Management system documentation, Control of management system documents, Control of
records, Actions to address risks and opportunities (New requirements introduced for better
improvement and establishing control on the risks), Improvement, Corrective action, Internal
audrts, and Management reviews.
• Option B can be optioned by laboratory, in this case the laboratory has to establish and
maintain a management system, in accordance with the requirements of ISO 9001 and need to
certified as per ISO 9001 through certifying body app.-oved by IAF, and that is capable of
supporting and demonstrating the consistent fu ilment of the requirements of clauses 4 to 7 of
ISO/IEC 17025 also fulfils at least the intent of the management system section requirements
(clauses 8.2 - 8.9).
Apart from the above major changes, there are few functional as well as implementation
requirements, Which are improvement for the laboratory.
The revised ISO/lEC 17025 standard focuses on the lisk based approach and continual
performance improvement in the laboratory activities. Hence by this the major focus area of
the laboratory will be improved and will get more benefit out of the implementation.
This requires in-<lepth involvement of the people in each and every activity for better
improvement and benefit out of the activities.
2.0 About the New Standard- 1SO/IEC 17025:2017
The format of the new standard has been significantly changed to be more in line with new ISO
formatting guidelines. The basic format is similar to other new standards such as ISO/IEC
17020 and ISO/IEC 17065.
The new standard is now structured as follows:
1. Scope
2. Normative references
3. Terms and definitions
4. General requirements
5. Structural requirements
6. Resource requirements
7. Process requirements
8. Management requirements
Annex A - Metrological Traceability (Informative)
Annex B - Management System (Informative)
Bibliography
General Information
According to International Accredrtation Forum (IAF) and the International Laboratory
Accreditation Cooperation (ILAC), accreditation is defined as "the independent evaluation of
conformity assessment bodies against recognized standards to ensure their impartiality and
competence.'
This standard was developed wrth the objective of promoting confidence in the operation of
laboratolies and contains requirements for laboratolies to enable them to demonstrate that
they operate in a competent and impartial way and that they are able to provide valid results.
During rts development phase rt has been tlied to align the standard wrth the plinciples of ISO
9001, although this was not alwa','S practically possible. Still rt is a fair statement to make that
the laboratories complying with the standard will also, in general, comply wtth the principles of
ISO9001.
The standard can be used for accreditation purposes, for self-assessment of the laboratories
and for second party assessments by laboratory customers, regulatory authorities,
organizations and schemes using peer-assessment.
Its requirements are applicable to any organization that performs the activities of testing and/or
calibration and/or sampling associated wtth subsequent testing or calibration. Therefore,
accredrtation to the new standard can be also achieved by organizations offering sampling
associated with subsequent testing or calibration. When the standard uses the term
"laboratory" is referring to any of the 3 options mentioned above (testing, calibration, and
sampling).
Chapter: 2ISO/IEC 17025:2017 Requirements
The potential of perfom1ing only sampling activities is a new element in the standard. 11, for
example, a laboratory is performing tests and takes samples by its own capacity, it should
meet all requirements related to both: sampling and testing. On the other hand, if any
organization performs only sampling and then the samples are forwarded to a laboratory for
testing, then this organization should comply with new standard requirements regarding
sampling and rts management system should ensure that the sampling activity doesn1 affect
negatively on test results. Requirements for sampling organizations are similar to testing and
calibration laboratories: personnel shall be competent, equipment has to be maintained and
calibrated, sampling procedure has to be validated, quality of sampling has to be assured etc.
Confirmation of competence of organization to provide sampling can be provided through
accredrtation against the new ISO/IEC 17025.
Guide 99 ISO/IEC, International vocabulary of metrology - basic and general concepts and
associated tem1s (VIM), is referenced in the standard as a normative reference. The definitions
also given in ISO/IEC 17000 are applicable. In addrtion, the standard provides the detailed
definitions of the terms impartiality, complaint, interlaboratory comparison, intralaboratory
comparison, proficiency testing, laboratory, decision rule.
30 Comoarison of 1S0/IEC 17025·2005 and 1S0/IEC 17025·2017
Performance asked by revised IS0/IEC 17025:2017 and comparison of standard
As we all of know that the ISO/IEC 17025 has been revised in the year 2017, and all laboratories
(CAB - Conlom1ity Assessment Bodies) have to amend the present accreditation (ISO/IEC
17025:2005) to ISO/IEC 17025:2017. The previous standard and rts requirements were talking
aliout the conformance to the standard, which have been replaced by the perfom1ance
improvement during the entire process with conformance. Total restructuring of the ISO/IEC 17025
is done and new requirements are introduced. Please find below the changes/ introduction etc. in
the comparison ol lSO/IEC 17025:2017 to ISO/IEC 17025:2005.
IS0/IEC
1S0/IEC 17025:2017 Requirements with title of clause Modification /
17025:2005.
introduction
clause no.
General requirements Introduction with
4.1 Impartiality the incorporation
4.0 of some of
4.2 Confidentiality requirements of
clause no. 4.1
Modification with
5.0 Structural requirements 4.1
introduction.
Resource requirements
6.1 General 5.1 Modification
6.2 Personnel 5.2 Modification
6.0 6.3 Facilities and environmental conditions 5.3 Modification
6.4 Equipment 5.5 Modification
6.5 Metrological traceability 5.6 Modification
6.6 Externally provided products and services 4.6 Modification
Process requirements
7.1 Review of requests, tenders and contracts 4.4 Modification
7.0 Modification with
7.2 Selection, verification and validation of 5.4 changes in the
methods
words
7.3 Sampling 5.7 Modification
7.4 Handling of test or calibration items 5.8 Modification
Modification with
7.5 Technical records 4.13.2 introduction
7.6 Evaluation of measurement uncertainty 5.4.6 Modification
Modification with
7.7 Ensuring the validity of results 5.9 changes in the
words
7.8 Reporting of results 5.10 Modification
7.9 Complaints 4.8 Modification
1SO/IEC
Modification/
1SO/IEC 17025:2017 Requirements with title of clause 17025:2005,
introduction
clause no.
7.10 Nonconforming work 4.9 Modification
Modification with
changes in the
7.11 Control of data-Information management 5.4.7 word and
introduction of new
requirements
Management system requirements --------·-- ----·------
8.1 Options -----·----- New introduction
Management system documentation (Option Modification with
8.2 4.2 introduction.
A)
8.3 Control of management system documents
(Option A) 4.3 Modification with
introduction.
Control of records (Option A) 4.13 Modification with
8.4 introduction.
8.0 8.5
Actions to address risks and opportunities
(Option A)
--·-----·--- New introduction
Modification with
8.6 Improvement (Option A) 4.10 introduction.
4.11 Modification with
8.7 Corrective action (Option A) introduction.
Modification with
8.8 Internal audits (Option A) 4.14 introduction.
Modification with
8.9 Management reviews (Option A) 4.15
introduction.
The changes are done to align the clause numbers with the other management system
standard also. In majority of the cases, new requirements are introduced.
One more option given in this revised standard is that, if laboratory wishes to go for ISO 9001
certification then they may not have to implement the requirements given in the clause no. 8.0.
In this situation, laboratory can have 2 certificates. One is ISO 9001 management system
certification certificate and other is ISO/lEC 17025:2017 accreditation certificate.
Chapter: 2 ISO/IEC 17025:2017 Requirements
4.0 General requirements
Impartiality and Confidentiality requirements are discussed in clause 4. The risk-based thinking
is evident throughout the standard. It should l>e noted Iha! lhe new standard expects from the
laboratory to plan and implemenl actions to address risks and opportunities. Although
addressing risks and opportunities is laboratory's responsibility, the standard sets specific
requirements. The firs! requirement of such risks and opportunities that is needed to be
addressed is menlioned in clause 4, where the laboratory is required to identify and eliminate
or minimize risks related lo impartiality, on an on1ioing basis.
The confidentiality requirements indude, among others, the responsibility of the laboratory to
inform its customer in advance, of the information it intends to place in the public domain. It is
also discussing how to handle the release of confidential infom1ation required by law or
authorized by contractual arrangements. The confidentially requirement is also extended to
laboratory personnel, including any committee members, contractors, personnel of external
bodies, or individuals acting on the laboratory's behalf, even in the case that information is
obtained from sources other than the customer (e.g. complainant, regulators).
4.1 Impartiality
Safeguarding impartiality and undertake laboratory activities (structured, managed and
impartial way)
Management commitment for impartiality
Responsible for impartiality and not allow commercial, financial or other pressures.
Identify risk on an ongoing basis to impartiality (Include risk arises from activities,
relationships and personnel)
If risk is identified then demonstrate to eliminate or minimize risk to impartiality
4.2 Confidentiality
Proprietary information to be kept confidential as per legally enforced commitment like
contract terms
Inform customer/ concerned individual to release confidential information, if required by
law or authorized by contractual arrangement
All personnel including contractors and individual acting on the laboratory's behalf to
keep infom1ation confidential for laboratory activities except by law
5.0 Structural requirements
In clause 5, main requirements are defined, including: Legal status of the laboratory,
organization and management structure, identification of management, range of lal,oratory
activities, documenting its procedures, availability of personnel responsil>le for the
implementation and maintaining the integrity of the management system.
It should be noted that the new standard clearly requires (see clause 5.3) that the laboratory
shall only claim conformity with this document for this range of laboratory activities, which
excludes externally provided lal,oratory activities on an ongoing basis. This means that the
lal,oratory is expected to be accredited, and include in the scope of accreditation only
testing/calibration/sampling activities that is providing by utilizing its own resources.
In its 2005 version the standard allowed to sulicontract tests and calibrations in the case that
the laboratory was not in position to perform them. According to the new standard the
lal,oratory can be accredited only for those laboratory activities, for which it is competent.
Subcontracting is allowed only for outstanding situations, like ove oad of wor1(, sickness of
personnel, maintenance of equipment or other similar cases.
Laboratory to be legal entity or part of legal entity
Identification of Laboratory management with overall responsibility
Defining and documenting range and scope of laboratory activities. Exclude external
provided activities
Identifying wor1( (calibration and or testing) at pem1anent facilrties and at other site or
mobile facilities or at a customer's facility
Define the organization and management structure, Managerial and technical
personnel having authorities and resources to implement, maintain and improve the
management system. Specify the responsibility, authority and
Ensure communication for effectiveness of system and the importance of meeting
customers' and other requirements
Change management and maintain integrity of system
6.0 Resource requirements
Resource requirements are considered to include personnel, facilrties, equipment, systems and
support services necessary to manage and perform the laboratory activrties. It is expected that
all internal or external personnel of the laboratory shall be competent and act impartially. The
standard doesn't refer at this clause to All personnel, but only to personnel who could influence
on the results of laboratory activities. This is not only personnel who is directly involved in
testing/calibration/sampling activities, but also personnel who is indirectly involved, like
technical personnel. For example, it can be personnel that perfom1 maintenance of the
equipment, or management system personnel, who evaluate suppliers and/or maintain the
management system including internal auditing activities.
The competence requirements, which are expected to be documented, include education,

qualification, training, technical knowledge, skills (like capacity to evaluate the significance of
laboratory activities deviations) and experience. In addition, pcocedure and records are
expected for selection, training, supeivision, authorization and monrtoring of competence of
personnel. The standard also defines the cases where it is expected for the laboratory to
autholize personnel to perform specific laboratory activities.
It is expected for the requirements for facilities and environmental conditions surtable for the
laboratory activities to be documented, including the conditions related to monitoring,
controlling and recording environmental conditions. The standard sets requirements to those
environmental conditions which can effect on the results of laboratory activities. Depending on
the nature of laboratory activrties the same parameter can be or cannot be important for the
testing results. For example, the value of the relative humidity that can be critical and
i
shall be
controlled during some textile testing, it is usually not critical during routine mechan cal tests of
plastics. Measures to control facilities may include access to and use of areas affecting
laboratory activities, prevention of contamination and effective area separation, including sites
or facilities outside of laboratory's permanent control.
A procedure for handling, transport, storage, use and planned maintenance of equipment is
required. Equipment requirements are applicable to hardware, software, measurement
standards, reference materials, reference data, reagents, consumables or auxiliary apparatus
- whatever is required for achieving correct results during laboratory activrties. It is also
expected that the equipment used for measurement should achieve the required measurement
accuracy or measurement uncertainty. The calibration requirements are described in details in
clauses 6.4.6-6.4.13 including the requirements for relevant records.
The standard is giving great attention to metrological traceability issues. In addition to the main
requirements which are described in details in clause 6.5, an informative annex (Annex A) is
available providing additional infom1ation, including guidance on how to establish and
demonstrate metrological traceability.
Requirements related to the control of and communication with, external organizations

providing products and services affecting laboratory activities are described in clause 6.6.
Procedure and records are required to define, review and approve the IaI,oratory's
requirements for externally provided products and services (purchasing requirements), setting
the criteria for evaluation, selection, monitoring of pertonnance and re-evaluation of the
external providers, ensuring that they confonn to requirements and taking appropriate actions
in the case that they don't.
6.1 General
Must have resources in terms of;
• Personnel,
• Facilities.
• Equipment,
• Systems and support services necessary to manage and perform the laboratory
activities
6.2 Personnel
All the personnel (Internal and External) perfonn impartially, be competent and work in
accordance with the system,
Document the competence requirements considering, 1. Education, 2. Qualification, 3.
Training, 4. Technical knowledge, 5. Skills (like capacity to evaluate the significance of
laboratory activities deviations), and 6. Experience,
Communicate duties, responsibilities and authori1ies to the personnel,
Document procedure and records for detennining competency, selection of personnel,
training, supervision, authorization and monitoring competence,
AUlhorize personnel to perform laboratory activities such as,
• Develop, modify, verify and validate methods,
• Perfonn specific laboratQfY activities,
• Analyze results and giving statement of confonnity I opinions,
• Report, review and authorization of results
6.3 Facilities and environmental conditions

Facilities and environmental conditions suitable for laboratory activities and validity of
results,
The technical requirement for facilities and environmental condition documented,
Environmental condition to be monitored, controlled and recorded as per specifications,
methods, procedures etc
Measures to control facilities implemented, monitored and periodically reviewed for
Access, Use of areas, Prevention of contaminations, effective separation for
incompatil>le activities etc.
6.4 Equipment
All equipments must be available as listed below for the correct perfonnance of
laboratory activities and which can influence the result;
• Measuling instruments
• Software
• Measurement standards, reference materials (recommendation !Of manufacturer
must have ISO 17034)
• Reference data, reagents, consumables
• Auxiliary apparatus
If equipment is used outside permanent control, the laboratory to ensure that the
requirements for equipment is meet
Document and implement procedure for handling, transport, storage, use and planned
maintenance of equipment to prevent contamination or deterioration
Verify that equipment conforms with specified requirements before being placed or
returned into service
The equipment must lie capable of achieving the measurement accuracy or
measurement uncertainty required to provide a valid result
Periodic calibration of measuring equipment to ensure validity and metrological
traceability of reported results
Establish a caliliration programme review and adjust accordingly,
Identify calibration status for reference to user
Ove oading or mishandling and or defective equipment is identified and isolate until
repaired and verified. Examine effect of defect or deviation and initiate procedure of
non conforn1ing work
Intermediate check as per procedure
Application of reference values or correction factors as given in calibration data
Take measures to prevent unintended adjustments of equipment from invalidating
results.
Retaining records for each equipment.
6.5 Metrological traceability
Establish and maintain metrological traceability of measurement results by means of a
documented unbroken chain of calibrations,
To ensure calibration and measurement made by the laboratory are traceable to the
international system of units (SI) through,
a. calibration provided by a competent (ISO/IEC 17025 accredited) laboratory,
b. certified values of certified reference matelials provided IJy a competent producer
(ISO 17034) to the SI,
c. direct realization of the SI units ensured by comparison, directly or indirectly, with
national or international standard
6.6 Externally provided products and services
Ensure that only suitable externally provided products and services that affect
laboratory activtties are used.
Have procedure and retain records for
Review and approve purchasing,
• Selection, evaluation and re evaluation of external provider
Inspection or vefification
• Taking actions arising from evaluations, monitoring of perfom1ance and re-
evaluations
Communicate tts requirements to external providers, for:
• The products and services to be provided;
• The acceptance criteria;
Competence, including any required qualification of personnel;
• Activities that the laboratory, or its customer, intends to perfom1 at the external
provide(s premises.
7.0 Process requirements
7.1 Review request, tenders and contracts

A procedure is required to address issues such as the level of understanding of requirements;
laboratory's capability and resources to meet the requirements; implementation of appropriate
control over external providers used (if any); and selection of appropriate methods to meet the
customers· requirements. It is expected that the laboratory shall inform the customer when the
required testing/calibration/sampling method is considered to be inappropriate or out of date.
When a statement of confom1ity to a specification or standard is required, the decision rule
(which specifies pass/fail criteria) selected shall be communicated to, and agreed with, the
customer. Contract review procedure shall be applied also for any changes in the
contract/lender/request. Relative review records are required.
Establish and maintain procedure for review of request, tenders and contracts which ensure
that;
• The requirement including the methods are adequately defined, documented and
understood,
Implementation of appropriate control over external providers used (if any);
• The capability and resources to meet requirements
• The use of appropriate test methods or procedures and capability to meet the
requirements
• Records for review should maintained which includes any subcontracted v,011< and
customer approval for perfom1ing such activity from external laboratory
• Inform the customer when the method requested by the customer is considered to be
inappropriate or out of date
• If customer requests a statement of conformity to a specification or standard and
decision rule Which specifies pass/fail criteria) selected to be communicated to, and
agreed with, the customer
• Any differences between the request or tender and the contract is resolved before
laboratory activtties commence and accepted by both
• Inform to customer for any deviation from the contract
• Follow contract review for amendments and Inform both for any amendments
Cooperate the customers
• Maintain records for review, changes and amendments and customer discussion
7.2 Selection, verification and validation of methods
The tem1 "method' in the standard is used to identify calibration method, testing/measurement
procedure, sampling procedure. The laboratory is expected to ensure that it uses the latest
valid version of a method, unless tt is not appropriate or possible to do so. Methods used can
include methods published in international, regional or national standards, or by reputable
technical organizations, or in relevant scientific texts or journals, or as specified by the
manufacturer of the equipment or laboratory-developed or laboratory-modified methods. The
laboratory shall verify that tt can property perfonn selected methods. Deviations from methods
shall occur only if the deviation has been documented, technically justified, authorized, and
accepted by the customer. Non-standard methods, laboratory-developed methods and
mod ied standard methods are expected to be validated, and relevant records are expected to
be kept.
Selection and verification of methods - The tenn "method' in the standard is used to
identify calil>ration method, testing/ measurement procedure, sampling procedure.
Use appropriate methods and procedures
All methods, procedures and documentation are kept up to dale and available
Ensure use of the latest valid version of a method and supplemented with addttional
details
If customer not specfy the method, the laboratory select an appropriate method and
infonn customer and use any published or lab developed method
Verify laboratory can properly perfom1 methods before introducing them by ensuring
that tt can achieve the required perfonnance and maintain records of verification.
Follow same step after revision
Method development is planned activity by competent personnel with adequate
resources and periodic review. The modifications to the development plan shall be
approved and authorized
Deviations from methods allowed, if the deviation has been documented, technically
justified, authorized, and accepted by the customer
Validation of methods
• The laboratory shall validate:
1. Non standard methods
2. Laboratory designed/ developed methods
3. Standard method used outside the intended use
4. Ampl ication and modifications of standard methods
• When changes are made to a validated method, the influence of such changes is
detennined and if affect the original validation, a new method validation to l>e
perfonned
• The perfom1ance characteristics of validated methods is assessed for the intended
use, relevant to the customers' needs and consistent with specified requirements
• Maintain records of validation
Techniques used for method validation (Any one or more methods from listed below to
be used);
• Calibration or evaluation of bias and precision using reference standards or
reference materials
• Testing method robustness through variation of controlled parameters such as time
temperature, volume dispensed, etc.
• Comparison of results achieved with other validated methods;
• Inter laboratory comparisons;
• Evaluation of measurement uncertainty of the results based on an understanding of
the theoretical principles of the method and practical experience of the performance
of the test method
• Systematic assessment of the factors influencing the result
• The validation is done for procedure of sampling, testing, handling and
transportation of test or calibration items.
7.3 Sampling
The requirements of this clause are applicable to the laboratories which perfom1 just sampling
activities as well as for testing and calibration laboratories which are responsible also for
sampling. A sampling plan and a sampling method are expected to lie available and
implemented when the laboratory carries out sampling of substances, materials or products for
subsequent testing or calibration. Records of sampling data should be retained per standard
requirements.
i
This requ rements is mainly applicable to the testing laboratories (independent or
inhouse laboratory of organization) engaged in the sampling of the products from the
lot of product to be tested.
Use sampling plan and method and available at place of use. Method to address the
factors to be controlled to ensure the validity of results. The Sampling plans, may be
based on appropriate statistical methods
The sampling method describe:
• the selection of samples or sites;
• the sampling plan;
• preparation and treatment of sample for subsequent testing or calibration
Retain records of sampling data
Contents of Sampling records, it includes;
• Reference of the sampling method used
• Date and time of sampling
• Data to identify and describe the sample
• Identification of the personnel performing sampling
• Identification of the equipment used
• Environmental or transport conditions
• Diagrams or other equivalent means to identify the sampling location when
appropriate
• Deviations, additions to or exclusions from the sampling method and sampling plan.
7.4 Hanctling of test or calibration items
A procedure for the transportation, receipt, handling, protection, storage, retention, and
disposal or return of test or calibration items should be drafted including a system for the
identification of test or calibration items. Deviations from specified conditions are expected to
be recorded and the customer to be consulted for next steps. In the case that some items have
to be stored or conditioned under specified environmental conditions, these conditions shall be
maintained, monitored and recorded
Document the procedure for the
Transportation,
• Receipt,
• Handling,
• Protection,
• Storage,
• Retention and or disposal of test and calibration items
• Protection of the test or calibration rtems
Precautions to be taken to avoid deterioration, contamination, loss or damage to the
rtem during handling, transporting, storing/Waiting, and preparation for, testing or
calibration. Handling instructions provided with the item is followed
Establish S)'Stem for identification of test and or calibration items. The identification
should be appropriate and followed for sub division of rtems
Upon receipt of the test or calibration item, deviations from specified conditions are
recorded. If an item does not confonn to the description provided then consult customer
and record the results of this consultation. Include a disclaimer in the report indicating
which results may be affected by the deviation due to specified conditions
When items have to be stored or conditioned under specified environmental conditions,
these conditions to be maintained, monitored and recorded
7.5 Technical records
Requirements to retain technical records are in place to ensure the traceability of laboratory
activities and to provide infonnation for potential decision making. The technical records are
expected to contain the results, report and sufficient information to facilitate, if possible,
identification of factors affecting the measurement result and its associated measurement
uncertainty and enable the repetition of the laboratory activity if required, providing traceability
to previous versions or to original observations if amended.
The laboratory ensure that technical records are in place to ensure the traceability for
each laboratory activity and contain the results, report and sufficient information to
facilitate factors affecting the measurement result and its associated measurement
uncertainty. Include the date and the identity of personnel responsible for each
laboratory activity and for ched<ing data and results. The records include:
• Record of original observations and calculations
• Derived data
• Information to established an audit trail
• Calibration records
• A copy of each test report or calibration certificate issued
Performance of each test and or calibration and checking of results
Ensure that amendments to technical records can be tracked to previous versions or to
original observations. Both the original and amended data and files is kept, including
the date of alteration, an indication of the altered aspects and the personnel
responsible
7.6 Evaluation of measurement uncertainty
• Identify all the contributions Which are of significance (including sampling) to
measurement uncertainty
• For calibration laboratories it is expected to evaluate the measurement uncertainty for
all calibrations considering all contributions which are of significance, including those
arising from sampling.
• For testing laboratories rt is expected to evaluate measurement uncertainty considering
all contriliutions Which are of significance, including those arising from sampling
• For testing laboratory evaluate measurement uncertainty, where the test method
precludes rigorous evaluation of measurement uncertainty, an estimation is made
based on an understanding of the theoretical pfinciples or practical experience of the
performance of the method.
7.7 Ensuring the validity of results
A procedure and records are required for monitofing the validity of results, Which can include,
among others: use of reference materials or QC materials; use of alternative traceable
instrumentation; functional checks; use of standards wrth control charts; intem1ediate checks;
replicate tests or calibrations; retesting or recalibration; correlation of results; review of
reported results; intra-laboratory comparisons; testing of blind samples. Participating in PT's
(Proficiency Tests) and/or ILC's (inte aboratory comparisons) is expected Where available and
appropliate. SUch activities, according to the standard, must be planned and reviewed.
• Document procedure for monrtoring the validrty of results. The resulting data is
recorded and trends are detectable, use statistical techniques is applied to review
results. The monitofing to be planned and reviewed and include:
use of reference materials or quality control materials;
use of alternative instrumentation that has been calibrated to provide traceable
results;
functional check(s) of measuring and testing equipment;
• use of check or working standards with control charts, Where applicable;
intermediate checks on measufing equipment;
• replicate tests or calibrations using the same or different methods;
retesting or recalibration of retained items;
• correlation of results for different characteristics of an item;
• review of reported results;
• intra-laboratory comparisons;
Testing of blind sample(s).
Monrtor laboratory performance by comparison wrth results of other laboratories, Where
available and appropriate:
participation in proficiency testing;
• participation in inter-laboratory comparisons other than proficiency testing
Participating in PT's (Proficiency Tests) and/or ILC's (interlaboratory comparisons)
is expected Where available and appropriate
• Data from monrtofing activrties are analyzed and used to control. If the results of the
analysis of data from monrtoring activities are found to be outside pre-<lefined critefia,
appropriate action taken to prevent incorrect results from being reported.
7.8 Reporting the results
i
Laboratory activity results shall be reported. The standard sets requ rements for results review
and authorization as retained in the relative technical records. The common information
required to be included in the test, calibration or sampling reports is presented in details in
clause 7.8.2. In addition, the specific information for test reports is presented in clause 7.8.3,
for calibration certificates in clause 7.8.4, for reporting sampling in clause 7.8.5, for reporting
statements of conformity in clause 7.8.6, for reporting opinions and interpretations in clause
7.8.7 and for amendments to reports in clause 7.8.8.
Review and authorize the result prior to release. The results of each test, calibration
carried out to be reported;
1. Accurately
2. Clearly
3. Unambiguously
4. Ol>jectively
i
5. Include spec fi c instructions in the test or calibration methods
6. Include the information requested by the customer
When agreed with customer, the results may be reported in a simplified way
Lal>oratory activity results shall be reported.
The standard sets requirements for results review and authorization as retained in the
relative technical records.
• common information required to be included in the test, calibration or sampling
reports 7.8.2.
• test reports 7.8.3,
• calibration certificates 7.8.4,
• reporting sampling 7.8.5,
• reporting statements of conformity 7.8.6,
• reporting opinions and interpretations 7.8.7 and
• amendments to reports 7.8.8.
Each test report or calibration certificate include following information:
• Atitle
• The name and address of the laboratory
• the
location of performance of the laboratory activities
• Unique identification of the report
• The name and contact infom1ation of the customer
• Identification of the method used.
• A description of item
• The date of receipt, sampling and validity date of results
• The date(s) of performance of the laboratory activity
• The date of issue of the report
Reference to the sampling plan and sampling method
• A statement to the effect that the results relate only to the items tested, calibrated
or sampled;
• Each test report or calibration certificate include following information;
The units of measurement;
Additions to, deviations, or exclusions from the method;
• Identification of the person(s) authorizing the report;
Clear identification When results are from extemal providers
Data provided by a customer is clea y identified. In addition, a disdaimer is put on
the report when the information is supplied by the customer and can affect the
validity of results
If sampling is not done by the laboratory then specify in the repo
• The test report include following (if required or necessary!
Deviations from, additions to or exclusions from the test method, specific test
conditions
• A statement of compliance / non compliance with requirements and or
specifications
A statement on the estimated uncertainty of measurement ff required
• Opinions and interpretations
Additional information required by specific methods, authorities, customers
If sampling is done by the laboratory then put all information for interpretation of test
results
• Calibration Certificates - specific requirements
The conditions
The uncertainty of measurement and or statement of compliance
• The measurement traceability
• The results before and after any adjustment or repair, if available
the results before and after any adjustment or repair, ff available
• where appropriate, opinions and interpretations
• the results before and after any adjustment or repair, if available
If sampling is done by the lal,oratory then put all information for interpretation of
caliliration results
• Reporting sampling - specific requirements
Where the laboratory is responsible for the sampling activity certificate include;
• The date of sampling;
• Unique identification of the item or material sampled
The location of sampling, including any diagrams, sketches or photographs;
A reference to the sampling plan and sampling method;
Details of any environmental conditions during sampling that affect the
interpretation of the test results;
lnfom1ation required to evaluate measurement uncertainty for subsequent testing or
calibration
Chapter: 2 ISO/IEC 17025:2017 Requirements
RePOrting statements of conformity
When a statement of confonnity to a specification or standard is provided, document
the decision rule employed and consider the level of risk
Report on the statement of confonnity such that the statement clearly identifies:
• to which results the statement of confom1ity applies;
• which specifications. standards or parts thereof are met or not met;
• the decision rule applied (unless rt is inherent in the requested specification or
standard).
RePOrting opinions and interpretations
Autllorized personnel can give opinions and interpretations and document basis
Opinions and interpretations are based on the results obtained and clearly identified
Record dialogue with the customer for direct communication of opinions and
interpretations
Amendments to reports
Amended or re-issued any change of information is clearly identified with reason
Amendments to a report after issue is documented with the statement:
"Amendment to Report, serial number. . (or as otherwise identified]"
When necessary to issue a complete new report, this shall be uniquely identified and
shall contain a reference to the original that rt replaces
7.9 Complaint
A documented process is required for receiving, evaluating and making decisions on
complaints. This process is expected to be available to any interested party upon request. The
outcomes to be communicated to the complainant shall be made by, or reviewed and approved
by, individual(s) not involved in the original laboratory activities in questiion.
Document a process to receive, evaluate and make decisions on complaints
The complaint handling process is made available to interested party if requested. The
laboratory is made responsible for all decisions at all levels of the handling process for
complaints
The process for handling complaints must include description of process, tracking and
recording and ensuring actiion taken
Gather and verify all necessary infom1ation to validate the complaint
Acknowledge receipt of the complaint, and provide the complainant with progress
reports and the outcome
Independent person to communicate outcomes of the complainant
Give fonnal notice of the end of the complaint handling to the complainant
7.1 O Nonconforming work
A Nonconfom1ing wor1< procedure is expected to be in place ensuring that the responsibilities
and authorities for the management of nonconforming wor1< are defined, subsequent actions
are taken considering the risk levels; an evaluation is made of the significance of the
nonconforming wor1<; a decision is taken on the acceptability of the nonconfonning wor1<; the
customer is notified, if possible; wor1< is recalled, if needed; and the responsibility for
authorizing the resumption of wor1< is defined. Halting or repeating of wor1< and withholding of
reports, as necessary can be considered among the required actions. Records of
nonconfonning wor1< and relative actions are expected to lie retained.
• Document and implement procedure for any aspect of laboratory activities or results do
not conform to own procedures or the agreed requirements of the customer
• Retain records of nonconfonning work and actions implemented
• For recurring repeated nonconfonning work take corrective action.
Procedure is expected to ensure that:
• The responsibilities and authorities for the management of nonconforming work are
defined,
• Subsequent actions are taken considering the risk levels;
An evaluation is made of the significance of the nonconforming work;
• A decision is taken on the acceptability of the nonconfonning work;
• The customer is notified, if possible;
• Work is recalled, if needed; and
• The responsibility for authorizing the resumption of work is defined.
• Halting or repeating of work and withholding of reports, as necessary can be
considered among the required actions.
• Records of nonconfonning work and relative actions are expected to be retained.
7.11 Control of data-Information management
This clause sets requirements for the laboratory infonnation management system(s) used for
the collection, processing, recording, reporting, storage or retrieval of data.
• Sets requirements for the laboratory infonnation management system(s) used for the:
• 1-Collection, 2-Processing, 3-Recording, 4-Reporting, 5--Storage, Retrieval of data.
Give access to the data and infonnation needed to perfonn laboratory activities
• lnfonnation used for the collection, processing, recording, reporting, storage or retrieval
of is validated for functionality and interface. For any changes in software, implement
the change management including authorization, documentation and configuration
management IJefore implementation
Estabush controls like protection, data tempering, accuracy, integrity, immediate actions
for business continuity in case of failure etc. to implement laboratory infonnation
management system
• If the laboratory information management system is managed by external provider then
he also has to follow the requirements
• Ensure that instructions, manuals and reference data relevant to the laboratory
information management system are made readily available to personnel
Calculations and data transfers shall be checked in an appropriate and systematic
manner.
8.0 Management system requirements
The laboratory can choose between implementing a management system in accordance with
option A or option B. Option A lists the minimum requirements for implementation of a
management system in a lalioratory. care has been taken to incorporate all those
requirements of ISO 9001 that are relevant to the scope of laboratory activities that are
covered by the management system. Option B allows laboratories to establish and maintain a
management system in accordance with the requirements of ISO 9001. Laboratories that
implement option B will therefore also operate in accordance with ISO 9001. Conformity of a
laboratory to the requirements of ISO 9001 does NOT, by itseK, demonstrate the competence
of the laboratory to produce technically valid data and results. This is accomplished only
through compliance to ISO/IEC 17025.
The requirements for documentation have been significantly reduced in clause 8. The
documentation requirements related to the operation of the management system per clause 8
are:
Management System poficies and olijectives (8.2.1)
• Analysis of Customer feedback (8.6.2)
Corrective actions, non-conformities related records (8.7.3)
Internal aud and results records (8.8.2)
• Management review input and output record (8.9.2)
It should be noted that there are no requirements any more for documented procedures related
to management system activities referred in clause 8. There is also no requirement for Oual y
Manual.
By introducing the risk-based thinking in the standard some reduction in prescriptive

requirements and their replacement by pertorrnance-based requirements was possible. Clause
8.5 that is dedicated on actions to address risks and opportunities is a new element added in
the recent revision of the standard. This dause requires from the laboratory to consider the
risks and opportunities associated with the laboratory activities. These activities are described
throughout the standard and include risks related to impartiality (4.1.4), statements of
conformity (7.8.6), nonconforming work (7.10.1), and corrective actions (8.7.1). It should be
noted that the standard doesn't require a fom1al/specific method for risk management or a
documented risk management process. Useful information can be found in ISO 31000, Risk
management - Principles and guidelines, which is included as a reference in the bililiography.
8.1 Options
Establish, document, implement and maintain a management system in accordance with
option A or option B
Option A - The laboratory is not certified to ISO 9001 IJut implement and address clauses 8.2
to 8.9. It lists the minimum requirements for implementation of a management system in a
laboratory.
Option B - The laboratory has established and maintained the system to ISO 9001 and fulfils
at least the intent of the management system section requirements 8.2 to 8.9.
8.2 Management system documentation (Option A)
The requirements for documentation have been significantly reduced in clause 8.
The documentation requirements related to the operation of the management system per
clause 8 are:
Management System policies and objectives (8.2.1)
Analysis of Customer feedback (8.6.2)
Corrective actions, non-confom1ities related records (8.7.3)
Internal aud and results records (8.8.2)
Management review input and output record (8.9.2)
There are no requirements any more for documented procedures related to management
system activities referred in clause 8.
There is also no requirement for Quality Manual.
Establish, document, and maintain policies and objectives and acknowledge at all levels
The policies and objectives address the competence, impartiality and consistent operation of
the laboratory
provide evidence of commitment to the development and implementation of the management
system and to continually improving its effectiveness
All documentation, processes. systems, records, related to the fulfillment of the requirements
of this document is linked or referred in the system
Personnel have access lo lhe parts of the management system documentation and related
information that are applicable to their responsibilities
8.3 Control of management system documentation (Option A)
Control internal and external documents used in the system
Ensure documents are approved for adequacy
Documents are periodically reviewed, and updated
Ensure changes and the current revision status of documents are identified;
Ensure relevant versions of applicable documents are available at points of use and
control, their distribution
Documents are uniquely identified;
Identify obsolete documents and prevented from unintended use
8.4 Control of records (Option A)
Establish and retain legible records to demonstrate compliance to requirements of the
standard
implement the controls needed for the identification, storage, protection, back-up,
archive, retrieval, retention time, and disposal of its records.
retain records for a period consistent with contractual and legal obligations
Follow confidentiality commitments in giving the access and maintain records
8.5 Actions to address risks and opportunities (Option A)
Consider the risks and opportunities associated with the laboratory activities
Make risk management plan induding:
Actions to address risk and opportunities
How to implement the actions and evaluate the effectiveness of this actions
Actions taken to address risks and opportunities to be proportional to the potential
impact on the validity of laboratory results.
To address risks and opportunities is a new element added in the recent revision of the
standard.
This clause requires to consider the risks and opportunities
Associated with the laboratory activities.
These activities are descrilied throughout the standard and include risks related to:
• Impartiality (4.1.4),
• Statements of conformity (7.8.6),
• Nonconforming work (7.10.1), and
• Corrective actions (8.7.1).
8.6 Improvement (Option A)
• Identify and select opportunities for improvement and implement actions
Take feedback, both positive and negative, from customers. The feedback is analyzed
and used to improve the system, laboratory activities and customer service. Examples:
• Satisfaction survey
Communication records
• Report reviews with custom
8.7 Corrective action (Option A)
• Requires documented procedure and nee to;
react to the nonconfom1ity and, report the nonconfom1ity:
• take immediate action to control and correct the nonconformity.
• address the consequences of nonconformity and then take appropriate actions;
• Root cause analysis to evaluate the need for action to eliminate the cause(sJ of the
nonconformity, in order that it does not recur or occur elseWhere, by:
• reviewing and analyzing the nonconformity;
• determining the causes of the nonconformity;
determining if similar nonconformities exist, or could potentially occur;
• implement identified corrective action needed to prevent recurrence of the
nonconformity;
review the effectiveness of any corrective
i
action taken after defined implementation
period to ensure that the correct ve action taken is effective and similar types of
nonconformity is not repeated after implementation of corrective action;
• update risks and opportunities determined during planning, if necessary;
• make changes to the management system documentation based on the corrective
action, if necessary.
8.8 Internal audit (Option AJ
Planned internal audits are to determine whether Management system:
• Conforms to requirements of the ISO/IEC 17025 standard?
• Conforms to the laboratory's own requirements for management system, including the
laboratory activities?
• Is effectively implemented and maintained?
• Plan, establish, implement and maintain an audit programme including the frequency,
methods, responsibilities, planning requirements and reporting and address all
elements of management system
Define the audit criteria and scope for each audit;
• Ensure that the results of the audits are reported to management
• Implement appropriate correction and corrective actions without undue delay:
• Retain records as evidence of the implementation of the audit programme and the audit
results.
8.9 Management review (Option A)
The system and calibration and or test activities must be reviewed by top management at
planned intervals
• At predetermined schedule and procedure
• To ensure continuing suttability adequacy and effectiveness
• To introduce necessary changes or improvements
9.0 The input to management review is recorded and include information related to
the following:
• Changes in internal and external issues relevant to the laboratory;
• Fulfilment of objectives;
Suttabilfy of policies and procedures;
• Status of actions from previous management reviews;
• outcome of recent internal audtts;
• corrective actions;
assessments by external bodies;
• changes in the volume and type of the wor1< or in the range of laboratory activities;
• customer and personnel feedback;
• complaints;
effectiveness of any implemented improvements;
• adequacy of resources;
• results of risk identification;
outcomes of the assurance of the validity of results; and
• other relevant factors, such as monitoring activities and training.
• Record Output to the management review which incltxle:
• The effectiveness of the management s,istem and processes
Improvement of the laboratory activities related to the fulfilment of the requirements of
this document
• Resources required
Need of changes
For further detailed requirements, please purchase the 1SO/IEC 17025 standard from
ISO.org web site.
Chapter: 31S0/IEC 17025:2017 Documentation
1.0 INTRODUCTION: -
ISO/IEC 17025:2017 is a generic document and it does not specify "hovl' to do, but only states
"What" to do. As per the standard, the Management system should be documented and be
demonstrable in the manner consistent with the requirements of ISO/IEC 17025:2017. The
total demonstration in the Management system consists of four tiers of documents.
1. Laboratory Quality Manual (optional)
2. Procedure Manual
3. Work Instruction / Operating Procedure Manual
4. Fonns, Records
The amount of documentation should support and efficient quality assurance system without
creating a paper bureaucracy. The detail for documenting above four tiers of documents is
described in this paper. The total documentation needed for ISO/IEC 17025:2017 comprises of
four tiers as shown in Annexure-1. The pyramid shows documents required for a management
system.
2.0 NEED FOR DOCUMENT CONTROL: -
The Management system consists of a number of documents. Some system should be
provided for safe keeping of complex records. It is important to clear1y define as to where they
should be kept and for how long, and who is responsible for them. Each written procedure
should be checked and signed by an authorised person, with issue number and issue date.
Quality Manager should have a list of all completed procedures, applicalile to the individual
departmental activities. Against each listed document tile number should be shown together
with the date of the latest change. It is also called a "Master Copy". It is a yardstick against
which any other controlled copy can be judged.
From time to time tile Committee for Management Review and Corrective Action may put
forward recommendations for change in the procedure. The Quality Manager should be
responsilile for implementing tile change. For making a change, the new page should be
circulated to the keeper of the controlled copy of the document with an instruction to insert tile
new page in order and return tile replaced page to the Quality manager. Thus outdated
documents will be removed from circulation. The change, which has been made, should be
known to the staff and everyone should implement tile new procedure. When a number of
major changes have been made, a complete new manual has to be issued. The retention
period for these records can be decided either contractually or by the policy and it is to be
mentioned in tile Quality Manual.
3.0 QUALITY MANUAL (1 s t tier of documentation) This is optional and not cornulsory
3.1 WHAT IS QUALITY MANUAL: -
Quality Manual states the Quality Policy and describes tile Management system of an
organisation. It may relate to an organisation's total activities or to a selected part of it, e.g.
spec ied requirements depending upon the nature of services, processes, contractual
requirements, governing regulations etc. Quality Manual is a typical fom1 of main document
used in drawing up and implementing a management system. It is expected to provide an
adequate description of tile Management intention to fulfil system requirement while serving as
a permanent reference for implementation and maintenance of the system.
3.2 WHY QUALITY MANUAL: -
This question may arise in the mind of readers especially when detailed infom1atioo is given in
other tiers of documentation like procedures and work instructions.
Quality Manual is needed for the followina reasons:
Chapter: 3ISO/IEC 17025:2017 Documentation
(1) It describes the objectives of top management for different clauses of ISO/IEC
17025:2017 standard applicable to all departments of the company and thus seives as
guideline for planning and documenting the procedures.
(2) Change is a perpetual process in an organisation. Unless there is a Wlitten description
of each task function, rt will be difficult to make any reasoned evaluation of any
proposed change or rt outcome.
(3) It is used as basic for adequacy audrt of Management system and thus is also used as
a basic for effective implementation of the management system.
(S) It is also used lo rationalise one's own management system.
3.3 WHAT TO INCLUDE IN A QUALITY MANUAL: -

• Quality manual should normally contain, or refer to: -
(A) The title, scope and the field of application,

(B) The table of contents of the manual,
(C) The introductory pages aliout the laboratory concerned and the manual itself,
(0) The quality policy of the organization,
(E) The organization,
(F) Elements of the management system,
(G) A definitions section, if appropriate,
(H) Guide to the quality manual, if appropriate.
Note: - The order of qualrty manual structure is optional to user needs.
(A) Title, Scope and Field of Application: -

The title and scope of the quality manual should clearly reflect its field of application. This
section of the quality manual should also define the application of the management system
elements. To ensure darity and avoid confusion, the use of disclaimers (e.g. what is not
covered by a qualrty manual and srtuations where it should not be applied) may also lie
appropriate. Some or all of this information may also be located on the title page.
(B) Table of contents: -

The table of contents of qualrty manual should show the titles of the sections within rt and how
they can lie found. The numbering / coding system of section, subsections, pages, figures,
exhibits, diagrams, tables etc. should be clear and logical.
(C) Introductory pages: -
The introductory pages of a qualrty manual should provide general information about the
organisation concerned and the quality manual itself.
The minimum information about the organization should be rts name, location and means of
communication. Additional infom1ation about the organization such as its line of business, a
brief description of its background, history, size, etc. may also be included.
The information about the quality manual itself should include: -
(1) The current issue amendment number, date of issue or effectively and affected
contents,
(2) A brief description of how the quality manual is revised and maintained, Who reviews its
contents and how often, who is authorized to change the quality manual, and who is
authorized to approve it. This infom1ation may also be given under the system element
concerned. A method for determining procedure change history may be included,
appropriate.
(3) A brief description of the procedure used to status and controls the distribution of the
quality manual, Whether or not it contains confidential infom1alion, Whether it is used
only for the organization's internal purpose or Whether it can be availal>le externally,
(4) Approval signatures (or other means of approval) of the authorized people responsible
for implementation of the content of the quality manual.
(D) Quality Policy: -
The management system policies related to quality, including a quality policy statement, shall
be defined in a quality manual. The overall objectives shall be established, and reviewed
during management review. The quality policy statement shall be issued under the aUthority of
top management. It shall include at least the following:
The management's commitment to good professional practice and to the quality of its testing
and calibration in seivicing s customer. The management's statement of the standard of
seivice. The purpose of the management system related to quality. A requirement that all
personnel concerned with testing and calibration activities within the laboratory familiarise
themselves with the quality documentation and implement the policies and procedures in their
worl<; and the management's comm ment to comply with this International standard and to
continually improve the effectiveness of the management.
(E) Organization: -
This section of a quality manual should provide a high level description of the internal structure
of the organization. SUbsections within this section or in a system element procedure should
provide details of the responsil>ilities, authorities and hierarchy of those functions, Which
manage, perform and verify worl<-affecting quality.
(F) Elements of the Management system: -
This will form the most important section of the Quality Manual. It gives brief description of
broad activities for each clause. It also gives information on how the requirements stipulated in
the clauses of the standard are applicable and fulfil by the company. The description should be
divided into logical sections revealing a well aH>rdinated management system.
This international standard cannot be used to define a unique format for the description of
management system elements, which can be applied to all (or even most) products and
seivices. Requirements for elements of management system are provided by the ISO series
standards or the applicable standard used by the organization. It is recommended that
whenever applicable, these elements be used for the creation of the management system and
that the description of the elements of the management system l>e in a fom1at similar to their
sequencing in these standards.
(G) Definitions: -
Although ii is recommended when practical, to use standard definitions and terms which are
referenced in recognized quality tem1inology documents or in general dictionary usage, this
section of a quality manual should contain the definitions of terms and concepts that are
uniquety used within that quality manual. Special attention should be given to words that have
different meaning to different people or specific meaning to specific sectors of businesses. The
definitions should guarantee a complete, unijorm and unambiguous understanding of the
contents of the quality manual. The use of references to existing concepts, terminology,
definitions and standards (e.g. ISO: 8402) is highly recommended.
(H) Guide to the Quality Manual: -

Consideration may be given to the inclusion of an index or section giving a cross--<eference
between subjects / keywords to section / page numbers or other such quick guide to "What
and where in the quality manual". If included, it should provide a description of the organization
of the quality manual and short abstract of each of its sections. Readers who are interested
only in parts of the quality manual should be able to identify, with the aid of this section, which
parts of the quality manual contain the information in which they are interested.
3.4 STEPS TO BE FOLLOWED IN PREPARING QUALITY MANUAL: -
(1) A "Quality Policy" should be first evolved by the Chief Executive. He can take the help
of senior managers.
(2) A person from the steering committee who is from the top management should write
the Quality Manual. In most of the cases, the Quality Manager, himself writes the
manual.
(3) Based on the company's Quality Policy, the broad objectives and activities for each
department have to be decided and fitted into the relevant clauses. For this, the
department heads should give draft write-up of the activities in their department Then
ii should l>e meticulously scrutinised to ensure that the system is sufficient to achieve
the company's Quality Policy objectives or benchmarks. The clauses applicable to each
department of the company are identified.
(4) Organisation chart should be chalked out and the responsibility and authority of each
personnel mentioned in the organisation chart should be documented. Personnel
authorised to take decisions must be included in the organisation chart. Preparation of
the chart will help in identifying and documenting the responsibility for activities under
each clause.
(5) A suitable numbering system, department wise and Clausewise should be decided
which can be made applicable to the remaining tiers of documentation. This will help in
cross-referencing Quality Manual with other tiers of documentation like, procedures,
work instructions and records. It is very important that all the tiers should have cross
linkages with each other.
(7) After preparing the draft of Quality Manual it should be circulated to all department
heads lo ensure that there is no discrepancy or that no important activity ii left out.
(8) After their approval, tile final draft should be prepared. The final draft should have
company name and logo, issue number, issue date, controlled-copy identification on
each page, page number and signature of preparing and approving authority.
Chapter: 31S0/IEC 17025:2017 Documentation
3.5 THE PROCESS OF QUALITY MANUAL APPROVAL. ISSUE AND CONTROL: -
(1) Poor to issuing the manual, the document should be subjected to a final review by
responsible individuals to assure clarity, accuracy, suitability and proper structure. The
intended users may also have the opportunity to comment on the usability of the
document. The release authorization, by the level of management responsible for
complete implementation of the new quality manual or rts individual sections, should
then be granted and incorporated in all copies.
(2) The internal distribution of the manual, Whether in total or by section, should assure that
all users have appropnate access. Proper distribution and control can be assured by
numencal numbering of copies for recipients. Management should assure individual
familiarity with manual content appropriate to each user within the organization.
(3) A method of providing for the development, control and incorporation of change to the
manual should be provided. This task should be assigned to an appropriate document
control function. The same rules and procedures used in developing the basic manual
should apply to the processing of changes.
nd
4.0 WHAT IS A QUALITY PROCEDURE MANUAL 12 tier of documentation)?: -
It is a manual comprising of a number of quality procedures, each procedure being

independent in rt. Procedure manual should be made department wise / element wise.
Generally these quality procedures are prepared by the Quality Manager and Technical
Manager. They are considered to be the core of the system documentation for quality
attainment and assurance. The list of procedure required by IS0/IEC 17025:2017 is given in
Annexure-1.
rd
5.0 WORK INSTRUCTIONS / STANDARD OPERATING PROCEDURE (3 TIER OF
DOCUMENTATION)/ NATIONAL STANDARDS: -
This is the third tier of the documentation. The standard requires wor1< instructions / standard
operating procedures (may cover test methods/ calibration methods) to be available, where
the absence of such instruction would adversely affect qualrty of testing and I or calibration. In
the practical sense, wor1< instruction may be written, drawings, photographs, computer menu
options, machine care/ operation, etc. These are practical documents. Hence the authority for
the initiation of wor1< instructions should be given to the worl<ing committee, i.e. to the concern
person of the particular area in which he/ she is worl<ing. The final draft of the wor1< instruction
/ standard operating procedures should be checked and approved IJy the Head of the
department.
6.0 QUALITY RECORDS, FORMS/ FORMATS ANO OTHER DOCUMENTS (4 th TIER OF

DOCUMENTATION): -
Forms / Fom1ats, records etc. are supporting documents used by the company to record
information for different procedures followed. They belong to the last and fourth tier of
documentation. They fink the activities written in the procedure to the records kept in the
department. Quality Records can be represented as QR. This documentation serves to
demonstrate that the Management system is operating efficiently to produce the product in
accordance wrth specified requirements of the Management system. These records should be
computensed or written neatly with an ink/carbon pen and not with a pencil. They should be
legible, easily retrievable and available when asked for IJy the auditor. Annexure - IV gives a
list of Records required to make a system transparent. On all the forms identification no. and
issue no. Of the fom1 shall be required to establish proper document control on them. The list
of records required by IS0/IEC 17025:2017 is given in Annexure-2.
Annexure-1 Procedures reauired bv ISO/IEC 17025-2017

A. List of Procedures
5.5 Assure the consistent application of its laboratory activities and the validity of the results
6.2 Personnel and training
6.3 Maintain laboratory environmental condition
6.4 Handling, transport, storage, use and planned maintenance of equipment
6.4 Intermediate checks
6.5 Measurement traceability and calibration
6.6 Procurement of externally provided products and services
7.1 Review of requests, tenders and contracts
7.2 Method validation
Transportation, receipt, handling, protection, storage, retention, and disposal or return of
7.4
test items
7.2.1.1/
Evaluation of measurement uncertainty and statistical techniques for analysis of data
7.6
7.7 Ensuring the validity of results
7.9 Receive, evaluate and make decisions on complaints
7.10 Control of no nfom1ing work
7.11 Control of data
8.3 Document and data control
8.4 Control of records
8.5 Risk assessment
8.7 Corrective action
8.8 Internal audit
8.9 Management review
B. List of Documents Required by 1S0/IEC 17025-2017
5.3 Define the scope with range
6.2.2 Document the competence requirements
6.4.13
Documentation of reference materials, results, acceptance criteria, relevant dates and the
period of validity
6.5.1 Maintain metrological traceability of its measurement results
7.1.1 Contract review requirements
7.6 Decision rule to give statement of conformity to a specification or standard
7.8.7.1 Document the basis upon Which the opinions and interpretations have been made.
7.11 Any changes in data to be documented and authorized
8.1.1 Document the system to plan and implement
8.2.1 Document, and maintain policies and objectives
Annexure-2 List of records

List of records
Records for detennining the competence requirements;
6.2.6 1. Selection; 2. Training 3. Supervision 4. Authorization 5. Monitoring of competence of
personnel
6.3 Record environmental conditions
6.4.13 Equipment records with manufacturer details and acceptance criteria
Record for externally provided product and services (Selection, evaluation, re valuation,
6.6
order, inspection and action on providers)
7.1.8 Records of contract reviews, discussions including any significant changes
7.2.1.5 Records of the verification of methods performance
7.2.2.4 Records of the validation
7.3.3 Records of sampling data
7.4.3 Records of deviations of sample conditions on receipt and customer consultation
i
7.4.4 Environmental cond ti ons monitoring records during storage
7.5.1 Original observations, data and calculations
7.6 Evaluation of measurement uncertainty and use of statistical techniques
7.7.1 Monitoring results and track the trend for the validity of results (QA)
7.8.1.2 All issued reports as technical records
7.8.7.3 Opinions and interpretations dialogues, decision rule applied
Customer complaint records for tracking and recording complaints, including actions
7.9.31l undertaken to resolve them
7.10.2 Records of nonconfonning work and action taken
7.11 Software validation, Data transfer checks and infonnation management records
8.6.2 Customer satisfaction surveys, communication records
Report on nature of the nonconformities, cause(s) and any subsequent corrective action
8.7.3
taken
8.7.31l Records for results of any corrective action
8.8.2e Records of the implementation of the audit programme and the audit results
8.9.2 &3 Inputs and output to management review-minutes of meeting
I Chapter:4Risk and Opportunity
1.0 Risk
Risk is the possibility of loss. It is a function of both probability of occurring of an adverse event
and rts impact on the various related things; the impact can occur in a combination of factors
like as time delay, performance loss, financial loss, etc.
A risk is a pre-cursor to a problem, Wllich has a probability to occur at any given point of time
in the lalioratory, occurrence of which will impact the predicted objectives and goals for a
laboratory with the available resources.
Risk cannot be eliminated from the laboratory, but rt can lie managed wrth a proper risk
mrtigation plan. Risk management is critical to the success of any laboratory and rt is always a
strategic side of lalioratories.
2.0 Risk Management

The management of risk is an integral part of a good management practices. There is a direct
relationship between risk and opportunity in all IJUsiness activities. An organization should be
able to identify, to measure and to manage risks in order to be able to caprtalize on those
opportunities and to achieve its goals and objectives.
A risk can be defined as any internal or external situation or event that has a potential to
impact upon organization, preventing the organization from successfully achieving rts
objectives, delivering rts services, caprtalizing on rts opportunities or carrying out rts events.
Risk management is simply the practice of systematically identifying and understanding risks
and the control mechanisms that are in place to manage them. Ultimately the process gels you
to a point of deciding Wllether, in the context of a particular strategy, activity or function, a risk
is acceptable or requires an action or not.
The risk management process does not encourage management team members / managers
to lie risk averse. In lac ii is designed to provide laboratory team members/ managers wrth a
degr'*! of confidence to be able to manage risk to an acceptable level and to take a level of
risk commensurate with the opportunity. The key element in managing risk is correctly
balancing risk and reward. An organization Wllich is risk averse will create inllexibilrty in the
business and erect barriers to the achievement of the organization's goals
2.1 What is Risk Management?

"Process of identifying, controlling and minimizing or eliminating laboratory risks that may
affect laboratory management systems, for an acceptable cost"
3.0 Risk Management Process

This section will define the details of the risk management for the risks, expected to arise.
Identifying possible risks is an important step in being prepared for potential problems that can
occur within the lalioratory. During the risk identification, a potential risk is identified, a
solutionor plan of action will also be developed.
Following are the fundamental risk management functions that are must be taken care to
effectively manage risks attached to a laboratory:
a. ldentify:Laboratory Team/ Manager will analyze classification of potential risks and make
applicable list of risks specific to the lal>oratory.
b. Analyze:Laboratory Team/ Manager will update the impact of risks on cost. schedule, and
product testing, quality, and customer satisfaction, followed by a discussion for reaching on
a common consensus for each risk. This will include following tasks:
a. Analyzing Risks
b. Prioritizing Risks
c. Plan:Laboratory Team/ Manager will prepare a plan in order to detennine what steps and
actions to be taken against risks. This will include identification of mitigation/ contingency
ptan and implementation of mitigation/contingency plan.
d. Track:Laboratory Team / Manager / Leader will continuous monijor the risks in the
laboratory
e. Control:Lalloratory Team / Manager will execute and implement the appropriate risk
mitigation plan upon identification of risk reached to ijs threshold value.
f. Communicate: Provide visibility and feedback data internal and external key interest
parties members on current and emerging risk activiities.
g. Report to Management:Discuss results of risk identttication in management review

meeting and take further actions
4.0 Risk Categories and Sources

Sources of risk and opportunities can 1,e organiZed into categories such as customer risk,
Human risk, technical (testing, equipment, wrong reporting) risk, and delivery risk. Within each
category, spec ic sources of risk can be identified and riskreduction techniques applied. Risk
categories are identified as below:
• Equipment related Risks
Business Impact Risks
Customer/User related Risks
Environment Risks
Process Issue Risks
Organizational Risks
• Staff size and Skill experience Risks
Technical Issue Risks
Reporting risks
Risks sources will be monitored for signs of risks materializing. Risk sources are fundamental
drivers that cause risks events to arise within organization. Risk sources may be updated
during depending upon laboratory nature of work.
5.0 Risk Identification Methods

Risks are identified based on categories and sources defined. Possible Risk identification can
be done by various methods like:
Brainstonning: This process encourages a group of people meeting face to face to put
forward all their thoughts and ideas on a specific topic. During a brainstonning session all
input is encouraged without evaluation. Evaluation of ideas occurs at the completion of the
session when the ideas are analyzed. The diversity of participants will have an impact on the
nature of the ideas and perspectives, so some thought will need to be given to who will
participate in the process.
Focus groups: A focus group is made up of individuals Who are invited to attend one or more
meetings in order to focus their attention and provide information and feedback on a specific
topic or area of concern.
Experience judgment: Is the infonnation or opinion given based on an individual's

experience and knowledge in their field of expertise?
Analysis of systems: This involves studying the way a system or process functions and
interacts within an organization in order to find any weaknesses. System may refer to the
management processes as well as to the policies and procedures that support those
processes. It may also refer to an operational system of interlinking procedures or processes.
Audits: This is the name given to the process of anaJyzing a management system, checking
to see that the documented procedures and operational methods are the same.
Scenario building: In this process a situation or condition is created either on paper or as a

model to reflect potential outcomes. These fictijious situations allow an analysis and treatment
option to be considered Where, for example, an event has not occurred before and no data is
available.
Accident investigation or failure analysis: This process involves looking at previous accidents
and incidents and analyzing them to detem1ine What went wrong or Why the process failed or
broke down. This will highlight risk areas for future situations.
Checklists: This involves using a list of ijems against which to check a situation, event,
scenario, process, etc.
Feedback and communication: This includes safety meetings, customer feedback fonns or
phone calls, complaints handling, etc.
Possible risk identification questions or checklist is prepared

6.0 Risk Assessment

This section will define the details of the procedure for risk assessment. Which will be
pe<fonned by the laboratory team member in the organization for monttoring the risks:
6.1 Risks Probability Definitions (Likelihood/ Probability)

This section will describe how to define probability, depending upon the criticalness of their
occurrence.
>- Risk Assessment- Oegree of Risk

The Likelihood of the a threat ham1ing business
This has to be identified and the suitable value has to be assigned, as per the below given
categorization:
Probability
# Category Rank Description
1 Rare 1 Risk Event not expected to occur

2 Unlikely 2 Risk Event less likely than not to occur
3 Possible 3 Risk Event may or may not occur
4 Likely 4 Risk Event more likely than not to occur
5 Almost Certain 5 Risk Event expected to occur
,:, Probability/ Likelihood

5 A very high probability band (continuous, every day, every batch etc.) Risk reduction is
essential, Whatever the cost
4 A high probability band (every supplier change, chemist change weekly, every material
unloads)
3 A medium probability band (monthly, product campaign end, seasonal).
2 A low probability band (yeMy, equipment change).
A very low probability band (never happened, once in lifetime).
•:• Risk Assessment Likelihood Example
Very low An event that is highly unlikely to occur ,if ever
Low An Event that is unlikely to occur, perhaps once every 3 years
Medium An event likely to occur relatively infrequently
High An event that is fairly probable, and could be expected to occur

several times a year
A highly frequent event. This event could reasonably expected

Very High
to occur at least every month or more frequentily
6.2 Risks Impact Definitions (Consequences/ Impacts)

This section will descril>e how to define impacts, across each of the potentially impacted areas
in the organization. This has to be identttied and the suijable value has to lie assigned, as per
the below given categorization:
) Risk Assessment - Impact
The degree of laboratOfY business harm and potential consequences likely to result from a
failure to protectbusiness interest
Severity/ Impact
5 A very high lisk band Where adverse lisks are intolerable whatever benefrts the activity may
IJring. Risk reduction is essential, Whatever the cost
4 A high risk band Where the lisk would not be generally acceptable unless there were
significant benefits
3 A medium lisk band Where costs and benefits are taken into account and
opportunities are balanced with potential adverse consequences.
2 A low risk band Where positive or negative risks are small and potential benefits can be
justified
1 A very low risk band Where risks are negligible and no risk treatment are necessary
Risk Assessment Severity Example
Business Impact on
Potential
Operations,
Legal and customer,
Regulatory reputation and Personal and
Business technical and human factor
Impact Obligations Loss of
Financial Health Goodwill
Little or no No Legal or Negligible No distress or
Disruption/ Regulatory obligation embarrassment Embarrassment
Very Low i
Financ al Loss within the caused
organization
Little or no Very small Legal or Minor and small distress or
Disruption/ Regulatory obligation limited Embarrassment
Low Financial Loss embarrassment caused
within the
organization
Detrimental to Technical breach of a Adversely affect Minor
business legal or regulatory relations with embarrassment or
Medium efficiency or obligation customers or distress to an
financial health shareholders individual
Cause serious Selious breach of Seriously affect Serious

disruption/ legal or regulatory relations with embarrassment or
High financial loss requirements customers and distress
shareholders
Could lead to Could lead to the Threaten the Widespread and

bankruptcy organization being future of the serious
Very High
closed down business embarrassment or
distress
7.0 Risk Management Approach

Dependent on type of Organization
Dependent on type of customers
Dependent on type of assets and processes and technical commitment
Management Commitment
Sample Risk Sheet
Process
Sub Risk Risks Associated l
i
k e
li
h ood Risk
Process (PO)
lll'f)>Ct
Value
Tech/ Customer Env. People Legal Others
Quality
8.0 Risk - Examples under ISO/IEC 17025:2017 for test/calibration laboratories

) Human
Non availabilitynong leave
lnadeQuate skill/competence
Impartiality issues
J;. Technical
Equipment out of order
Test metllod not followed/ Quality issue
Process failure or capability utilization
Delay in delivery
Failure of Network , Poor System peffom1ance
CRM expired/calibration expired
Sampling equipment not adeQuate
) Customer related
Delay in payment
Delay in communication and approval
J;. Physical
Theft, Willful Damage

) Environmental
Power failure, Fire, Water, Govt. authorny legal notice due to environmental issues
) lnfonnation Security
Information security failure, Fire, data security
Software validation
Back up not done
Software failure
Internet failure
;;. Others
Govt. autllorny legal notice due to environmental issues
Natural disaster
9.0 Risk Treatment
> Actions selected and implemented to reduce the risks to an acceptable level
Prevention Detective or Corrective
Identifying and avoiding threats
;;. Measures can be physical procedural or product
> Cost balance with Risks and Potential impacts
) Accept the risk with management approval
)- Transfer the risk for example insurance taken
) Taking risk in order to pursue an opportunity,
;. Eliminating the risk source, changing the likelihood or consequences,
> Sharing the risk, or retaining risk by infom1ed decision and management acceptance
10.0 Where Risk is addressed in ISO/IEC 17025:2017 Standard
The risk-based thinking
How many places the risk is identified in revised 1SO/IEC
17025:2017standard
10.1 Identify risks to its impartiality on an onijoing basis. Include those risks
• From its activities,
From its relationships with supplier, customer
• From the relationships of its personnel.
10.2 If a risk to impartiality is identified, then laboratory has to demonstrate how it eliminates or
minimizes such risk.
10.3 Reporting the result:

When a statement of confom1ity to a specification or standard is provided, the laboratory shall
document the decision rule employed, taking into account the level of risk (such as false
accept and false reject and i statistical assumptions) associated with the decision rule
employed and apply the decis on rule. If the decision rule is prescribed by the customer,
regulations or nonnative documents, a further consideration of the level of risk is not

necessary
10.4 Non confom1ing work

Actions (including halting or repeating of work and withholding of reports, as necessary) are
based upon the risk levels established by thelaboratory;
10.5 Actions to address risks and opportunities (OptionA){ldentify risk, plan action and
implement actions)
10.5.1 The laboratory has to consider the risks and opportuntties associated with the laboratory
activities in order to:
a) Give assurance that the management system achieves its intendedresutts;
b) Enhance opportuntties to achieve the purpose and ol>jectives of thelaboratory;
c) Prevent,orreduce,undesiredimpactsandpotentiattailuresinthelaboratoryactivities;and
d) Achieveimprovement.
10.5.2 The laboratory has to plan actions to address these risks andopportunities (Risk mttigation
plan) although the organization plans actions to address risks, there is no requirement for
formal methods for risk management (){ a documented risk management process
10.5.3 Actions taken to address risks and opportuntties are proportional to the potential impact on the
validity of laboratoryresutts. The Options to address risks can include identifying and avoiding
threats, taking risk in order to pursue an opportunity, eliminating the risk source, changing the
i
l kelihood or consequences, sharing the risk, or retaining risk by informed decision.
10.5.4 Improvement
Opportunities for improvement can be identified through the review riskassessment,analysis
of data,andproficiencytestingresutts
10.5.5 Corrective Action
Update risks and opportunities detem1ined during planning, ifnecessaryfor corrective action
10.5.6 Input to management review
Results of riskidentification to discuss in management review meeting;
Reference:
ISO 31000, Risk management- Principles andguidelines
Total 31 time risk word is used in the IS0/IEC 17025:2017 standard.
I Case: 1 Global INC Laboratory
Global INC Laboratory
Global INC Laboratory is a calibration laboratory engaged in calibration activities of

Mechanical, Electrical, Temperature and other Special Instrument in Gujarat. The laboratory
was set up by its Chairman Prem Kumar in Gujarat nealfy 14 years ago and has today reached
a turnover of Rs. 1 cores.
Now malket is demanding more accuracy in resutts, precession in calibration or testing. Also
laboratory is engaged in calibration of instruments of Pham1aceutical Industries,
Pham1aceutical Machine Manufacturing industries, Food Industries, Government Organization
Like (Air force, ONGC, Global Railway Etc.) and many Mechanical Industries. All the industries
are asking very high accuracy in results and higher compatibility of personnel engaged in
calibration activities.
Dr. George the son of the Chairman who is currently the Managing Director is a very dynamic
person. As soon as he got the information about ISO/IEC 17025:2017 he has read available
literature on IS0/IEC 17025:2017 and brought the standard of IS0/IEC 17025:2017 and attend
seminars on the subject. Soon after the first seminar he called a meeting of staff of all discipline
and discusses the matter. Naresh Oberoi Technical Manager has been appointed as the
Management Representative. The company engaged Global Manager Group a leading
consultancy in ISO/IEC 17025:2017 and TOM to help them in all consultancy. They have
already had several sessions of this steering group. As a result the company has developed a
strategic plan, qualtty policy, vision, mission and goals. An awareness programme has also
been done for all staff. The Quality Manual has been produced. The laboratory has also
trained some staff in internal audit.
You are one of the laboratory's officials who have been trained in internal audit for ISO/IEC
17025:2017 and are now asked to carry our compliance audit of the Management System.
THE AUDIT:
•:• During your audit you find the following irregularities: Write dovm is ii Non-conformity and if yes
under what clause no. Of ISO/IEC 17025:2017
1. The laboratory is using ISO/IEC 17025 Accreditation body symbol for all the discipline
though he got accredttation only for Mechanical discipline. The scope of measurement
parameters under accredttation covering range of laboratory activity is not documented.
2. The decision rule is not defined and agreed with customer in reporting the statement of
conformtty. Also level of risk associated with the decision is not considered in applying
the decision rule.
3. Temperature records and humidity records of environment monitoring for standard room
is not maintained though same was the requirements as per test method.
4. The responsibility of calibration engineer is not defined.
5. No risk and opportunities associated with the laboratory activities are considered to
enhance opportunities to achieve the purpose and objectives of the laboratory.
Case: 2 ISOnEC 17025:2017 - R o l e play-Risk Identification, Impartiality and Decision rule
Divide the participants in various teams to understand the impartiality and risk and decision rule
and perfom1 Role play.
Team-1- Risk Team:

The participants are selected and given the task to identify the risk in their lalloratolies and
mitigation plan and report minimum 5 risks and mitigation plans in the given excel sheet.
Team-2 - Impartiality Team:
The participants are selected and given the !ask to explain impartiality in 5 lines and explain how
this requirement is implemented in their laboratory
Team-3 - Decision rule team
The senior meml>er of this team is reviewing and approving the report and they had prepared
the decision rule. So explain w1lat your decision rule for identified test parameter is and how risk
is identified for such decision rule.
Real life Case=The calibration done for static Uniaxial Testing Machines and the error found during
calibration is 0.64% and expanded uncertainty is 0.50%. The machine can IJe classified as class 1
according to classification of static Uniaxial Testing Machines as per applicable method ISO 7500-
1:2004, Annex D.2.5. the relative error is less than 1%. Apply the decision rule and tell Whether this
machine is class 1 or not as per allove details.
I Workshop • 1
Workshop-1
ISO/IEC 17025:2017 Questionnaire
> Analyse the statement provided below and indicate in the box whether you consider the
statements is as per ISO/IEC 17025-2017 requirement or not? If you consider it is the
requirement then write "True" and if not part of the standard then write it as "False·.
> If you consider the statements to be "True", please indicate in the box the clause number
from ISO/IEC 17025:2017 which supports your decision.
No. Question True/ False

Laboratory needs to document the competence requirements for
each function influencing the results of laboratory activities,
1.
including requirements for education, qualification, training,
technical knowledge, skills and experience
If test items need to be stored or conditioned under specified

2. environmental conditions, these conditions shall be maintained,
monitored and recorded
The laboratory shall use procedures for all laboratory activities and,
3. where appropriate, for evaluation of the measurement uncertainty
as well as statistical techniques for analysis of data.
Positive pressure must be defined in the receiving and dispatching

4.
area.
laboratory shall identify risks to its impartiality on an on-going basis.

5. This shall include those risks that arise from its activities, or from its
relationships, or from the relationships of its personnel
6. The software use for testing and or calibration must be validated.
7. Sampling plan must be required for calibration of instruments
8. Technical Manager responsibility and authority must be defined.
Laboratory had to ensure documents are approved for adequacy

9.
prior to issue by authorized personnel
10. Contract for testing and or calibration are handle verbally.

I Workshop - 2
Workshop-2
ISO/IEC 17025:2017 Questionnaire
> Analyse the statement provided below and indicate in the box whether you consider the
statements is as per ISO/IEC 17025-2017 requirement or not? If you consider it is the
requirement then write "True· and if not part of the standard then write it as "False".
> If you consider the statements to be "True", please indicate in the box the clause number
from ISO/lEC 17025:2017 which supports your decision.
No. Question True I False
When a statement of confonnity to a specification or standard is

provided, the laboratory shall document the decision rule employed,
1. taking into account the level of risk (such as false accept and false
reject and statistical assumptions) associated with the decision rule
employed
The laboratory must take feedback from the customer and analyze
2. the same for improvement in the management system.
3. Organization is legally non-registered company.
Establish documented process to receive, evaluate and make

4. decisions on complaints
The laboratory shall have a procedure and retain records for

5. defining, reviewing and approving the laboratory's requirements for
externally provided products and services
6. List of trained auditor is not required
Laboratory has to ensure that instructions, manuals and reference

7. data relevant to the laboratory information management system are
made readily available to personnel
8. Inter laboratory comparison plan is not required for next one year.
The laboratory shall inform the customer when the method

9. requested by the customer is considered to be inappropriate or out
of date.
The input to management review meeting includes results of risk

10. identification and outcomes of the assurance of the validity of
results

ISO 17025 2017 Training Course and Changes

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISO 17025 2017 Training Course and Changes

Uploaded by

Copyright:

Available Formats

Chapter: 1 Overview to 1S0/IEC 17025:2017 Standards

1.0 1S0/IEC 17025 History - Background information

At the International Laboratory Accreditation Cooperation (ILAC) General Assembly in October

2.1 Benefits of Accreditation

Fonnal recognition of competence of a laboratory by an Accreditation bocly in accordance

2.3 What do the standards specify?

Because laboratory accreditation aims to recognize specific technical competence, team

3.0 Why ISO/IEC 17025:2017? : -

The global objectives of the implementation of ISO/IEC 17025:2017 are: -

To establish Quality in testing and reliability

Application for Accre<litation

Application for Accreditation

ISO/IEC 17025:2017 Requirements

1.0 Overview of requirements

2.0 About the New Standard- 1SO/IEC 17025:2017

The competence requirements, which are expected to be documented, include education,

Requirements related to the control of and communication with, external organizations

6.3 Facilities and environmental conditions

7.1 Review request, tenders and contracts

By introducing the risk-based thinking in the standard some reduction in prescriptive

3.2 WHY QUALITY MANUAL: -

3.3 WHAT TO INCLUDE IN A QUALITY MANUAL: -

(A) The title, scope and the field of application,

Note: - The order of qualrty manual structure is optional to user needs.

(A) Title, Scope and Field of Application: -

(B) Table of contents: -

(C) Introductory pages: -

The information about the quality manual itself should include: -

(D) Quality Policy: -

(F) Elements of the Management system: -

(H) Guide to the Quality Manual: -

3.4 STEPS TO BE FOLLOWED IN PREPARING QUALITY MANUAL: -

It is a manual comprising of a number of quality procedures, each procedure being

6.0 QUALITY RECORDS, FORMS/ FORMATS ANO OTHER DOCUMENTS (4 th TIER OF

Annexure-1 Procedures reauired bv ISO/IEC 17025-2017

Annexure-2 List of records

2.0 Risk Management

2.1 What is Risk Management?

3.0 Risk Management Process

g. Report to Management:Discuss results of risk identttication in management review

4.0 Risk Categories and Sources

5.0 Risk Identification Methods

Experience judgment: Is the infonnation or opinion given based on an individual's

Scenario building: In this process a situation or condition is created either on paper or as a

Possible risk identification questions or checklist is prepared

6.0 Risk Assessment

6.1 Risks Probability Definitions (Likelihood/ Probability)

>- Risk Assessment- Oegree of Risk

1 Rare 1 Risk Event not expected to occur

,:, Probability/ Likelihood

•:• Risk Assessment Likelihood Example

Very low An event that is highly unlikely to occur ,if ever

Low An Event that is unlikely to occur, perhaps once every 3 years

Medium An event likely to occur relatively infrequently

High An event that is fairly probable, and could be expected to occur

A highly frequent event. This event could reasonably expected

6.2 Risks Impact Definitions (Consequences/ Impacts)

Cause serious Selious breach of Seriously affect Serious

Could lead to Could lead to the Threaten the Widespread and

7.0 Risk Management Approach

8.0 Risk - Examples under ISO/IEC 17025:2017 for test/calibration laboratories

Theft, Willful Damage

10.3 Reporting the result:

regulations or nonnative documents, a further consideration of the level of risk is not