All laboratories involved in testing and calibration strive to produce valid results for their customers, and it is a significant key performance indicator (KPI). Laboratory accreditation as per the globally accepted standard, ISO/IEC 17025, “General Requirements for the Competence of Testing and Calibration Laboratories,” plays a vital role to meet this KPI. The fundamental objective to develop this standard was to promote confidence in the operation of laboratories and contains requirements for laboratories to enable them to demonstrate their competency and generate valid results. Implementation of this standard requirement in laboratories does not only facilitate the development of a robust structure of a laboratory management system (LMS), but also lays down a strong foundation for the operational excellence model. As of 2017, standard requirements encompass a complete supplier-input-process- output-customer (SIPOC) cycle and end-to-end laboratory processes. It is the single most widely employed standard by calibration and testing laboratories throughout the globe to obtain the accreditation. This is a generic standard for any laboratory and can be implemented in any laboratory regardless of the nature of testing and number of people. It covers testing, calibration, and sampling performed using standard, nonstandard, and laboratory-developed methods and sampling associated with subsequent testing and calibration. Additionally, this standard is being used by various stakeholders in different ways. A laboratory uses this standard to develop a LMS, the accreditation body uses it in confirming or recognizing the competence of laboratories, and customers use it as a reference to ensure the competency of the laboratory.
History and transition
The third edition of the standard was published in November 2017 as ISO/IEC 17025:2017. Historically, ISO/IEC 17025 was first released in 1999 to replace ISO Guide 25. The second edition was released in 2005 to include management requirements in line with ISO 9001:2000, which was subsequently reaffirmed in 2010. A three-year transition period has been given for accredited laboratories to transition to the 2017 version of ISO/IEC 17025. During this transition period, ISO/IEC 17025:2005 and ISO/IEC 17025:2017 will be equally valid and applicable. At the end of the transition period, accreditation of a laboratory to ISO/IEC 17025:2005 will not be recognized under the International Laboratory Accreditation Cooperation arrangement. The standard is developed by ISO’s Committee on Conformity Assessment (CASCO). Primarily, in the 2017 version, there are obligatory changes as per the ISO/CASCO Chairman’s Policy and Coordination Group, philosophical changes, structural changes, and the addition of new definitions.
A new definition of laboratory is introduced by virtue of which laboratory accreditation scope has been expanded to cover testing and/or calibration laboratories, which are only involved in the sampling associated with subsequent calibration and testing.
The format of the third edition has been profoundly changed and the current version is similar to the 17000 series standards from CASCO, such as ISO/IEC:17020 and ISO/IEC:17065, and aligned to the ISO 9001:2015 principles on resources and processes. The structure of the new standard is as follows:
- Normative references
- Terms and definitions
- General requirements
- Structural requirements
- Resource requirements
- Process requirements
- Management requirements
- Annex A—Metrological Traceability (Informative)
- Annex B—Management System (Informative)
There is a significant shift from prescriptive requirements to performance-based requirements by the introduction of the concept of risk-based thinking. In the new version, more focus is given to the outcomes of processes than merely having policies and procedures. As a result, there is greater flexibility, considering its own opportunities and risk to the laboratory than the previous edition in the requirements for processes, procedures, documented information, and organizational responsibilities.
Terms such as “quality manager,” “technical manager,” and “quality manual” have been removed. As per the new requirements, there is no obligation to formally appoint a quality manager or technical manager. Additionally, there is no explicit requirement to develop a quality manual.
A few terms are replaced with new ones, such as “accommodation by facility” and “preventive actions by risk and opportunities.” In most cases, “test and/or calibration” is replaced with “laboratory activities.”
Purchasing services and supplies and subcontracting is combined and considered as an externally provided service. New definitions are added, such as those for laboratory, intra-laboratory comparison, decision rule, and impartiality. Most of the nonvalue-added notes from the older version are either removed, moved to an annex, or added to the standard requirement. The new standard has a stronger focus on information technologies to address the increasing use of information technology to handle documents and records in the laboratory. The new version clearly acknowledges the use of ISO 9001 as a basis of use for conformity to ISO/IEC 17025.
Equal weighting has been given to internal and external processes. Replicate tests/calibrations, intralaboratory testing, and blind tests are introduced in addition to proficiency testing and inter-laboratory testing. Requirement of a decision rule is added in the newer version, while providing a statement of conformity to a specification or standard for the test and/or calibration. Customer focus is emphasized by introducing new requirements under complaints, agreement on a decision rule, and approval on externally provided services to the customer.
Basically, “risk-based approach” means to evaluate the potential risk as well as the opportunities. Risk-based thinking is not a new concept and was implicitly addressed in the 2005 version, whereas in the 2017 version of the standard, it became very prominent and incorporated throughout the standard. Therefore, the laboratory should apply risk-based thinking from the conception of the LMS and spread it out over the planning, execution, and performance-monitoring phases. In fact, risk-based thinking replaced preventive action, which had a special clause in the 2005 version. The standard does not require any formal method of risk management or a documented risk management procedure; rather, it is expected to be an integral part of all laboratory processes. Moreover, the standard does not state how to determine and analyze potential risks. However, ISO 31000, “Risk Management Guidelines,” is a very useful reference for understanding. To address this requirement, the laboratory should identify the risk proactively in the planning phase, understand the consequences, and implement effective preventive measures to eliminate or reduce the adverse impact on the laboratory operation. There are several formal and advanced tools available to identify the risk; however, a less formal approach that considers the frequency of occurrence, the severity of a situation, and a risk category can be adopted in the laboratory. For example, one of the potential risks to impartiality is financial pressure from customers to provide results in their favor. In this case, the source of risk would be laboratory personnel involved in testing or decision-making. Preventive measures to eliminate or minimize risk can include signing a conflict of interest declaration form on a yearly basis to reiterate the commitment to impartiality, evaluating employee background history prior to recruitment, and executing a laboratory ethics policy. The likelihood of occurrence can be decided on the historical frequency and severity can be decided on the gravity of adverse impact. A similar approach can be adopted to evaluate the potential risk in other contexts related to laboratory operation.
Process approach to the standard requirements
The paradigm shift of ISO/ IEC 17025 from the 2005 version to the 2017 version is a prescriptive approach to the performance-/ process-based approach. If the laboratory is considered as a process, principle process input would be a sample and customer requirements and expected output would be results/reports. When it is viewed through the SIPOC window, secondary processes could be man, machine, method, environment, or supplier. This approach will facilitate stakeholders to understand and interpret the standard requirements to design and develop the LMS for seamless implementation and further improvement. Additionally, an amalgamation of process requirements and system requirements can be screened.
This is the first change to ISO/ IEC 17025 in 12 years. Though there is a significant structural change in ISO/IEC 17025:2017 compared to ISO/IEC 17025:2005, the technical changes are comparatively less in magnitude and the content of the standard is very similar to the old version. The introduction of a risk-based approach and process orientation has shifted the prescriptive approach of the standard to the performance-based approach, which brought more flexibility in implementation and subsequent improvement. To ensure a smooth transition to ISO/IEC 17025:2017, each laboratory will prepare a transition plan compatible with the accreditation body’s policy on transition and time frame. The laboratory should identify the gaps, revise policies and procedures to accommodate new requirements, train laboratory personnel, and approach the accreditation body for assessment within a transition period of three years. While working on the transition to the 2017 version, the laboratory needs to continue to conform to the 2005 version requirements.