2005, American Idol was on TV, Star Wars was in the theaters, YouTube was the hit on the internet and the general requirements for the competence of testing and calibration laboratories (ISO/IEC 17025) was updated. Now, twelve years later ISO/IEC 17025 has been updated again to take into account new practices, the evolution of technology, and compatibility with ISO 9001.

Laboratories wishing to demonstrate their technical competence can do so via conformity with the international standard ISO/IEC 17025 ‘General requirements for the competence of testing and calibration laboratories’. If you are a lab currently accredited under ISO/IEC 17025:2005 the big questions are, “what has changed and what do I need to do to maintain my accreditation?”

What has changed?

While there are plenty of minor changes (structural and definitions) there are a few major changes. First, the management system requirements have been expanded (clause 4.2 in 17025:2005 vs clause 8 in 17025:2017), but there is good news – you have options!

Option A states that at a minimum your management system must address the following which are further defined in the standard:

• Management system documentation
• Control of management system documents
• Control of records
• Actions to address risks and opportunities
• Improvement
• Corrective action
• Internal audits
• Management reviews

Option B states that your laboratory is in compliance if

• You have established and maintain a management system in accordance with the requirements of ISO 9001
• You are capable of supporting and demonstrating the consistent fulfilment of the general requirements, structural requirements, resource requirements and process requirements (clauses 4-7 of 17025:2017)
• The intent of the management system documentation and management review requirements (clauses 8.2 and 8.9 of 17025:2017) are fulfilled.

The bottom line is, if you are ISO 9001:2015 registered you may choose Option B which allows for much more flexibility as you implement 17025:2017.

Other key changes have been adopted with consideration to the latest version of other standards. There is an overall theme and new section specifically on risk-based thinking which replaces prescriptive requirements with performance-based requirements. This systematic approach to risk again aligns 17025:2017 with the 2015 revision of ISO 9001.

Additionally, 17025:2017 puts the emphasis on the results of a process instead of the detailed description of its tasks and steps. This process approach now matches that of other newer standards such as ISO 9001 (quality management), ISO 15189 (quality of medical laboratories) and ISO/IEC 17021-1 (requirements for audit and certification bodies).

Finally, there is a stronger focus on information technologies with a new section devoted to the use of computer systems, electronic records and the production of electronic results and reports. This section contains the note: commercial off-the-shelf software in general use within its designed application range can be considered to be sufficiently validated, so while the language was added to the standard, most modern day laboratories should be in compliance.

So, what is the big take away from the revision? Much like pop-culture from 2005 versus today’s pop-culture, there has been an evolution, but things are not drastically different. The standard was updated to reflect progress that has been made, and for the most part, as your operations have changed you have already implemented many of the changes – especially if you are using ISO 9001:2015.

What are the accreditation steps?

If you are currently a 17025:2005 accredited laboratory here is a generalized outline for getting your accreditation updated to the new standard.

• Conduct an awareness program for the revision.
• Review all of your documentation and identify changes that will need to be made to meet the new requirements.
• Determine and document your risks and opportunities and begin promoting the use of risk-based thinking.
• Review your quality policy and establish quality objectives.
• Revise your documentation and Quality Manual to meet the new requirements.
• Train internal auditors on the new requirements.
• Perform an internal audit to assess your system for compliance.
• Take corrective actions on identified non-conformities.
• Apply for a revision to your certificate to your existing accreditation body.
• Final audit.

How long do I have to make this happen?

On November 30, ISO published the revision with the provision that laboratories have three years to demonstrate conformity through third party accreditation. During this transition period, it is important to note that both ISO/IEC 17025:2005 and ISO/IEC 17025:2017 are equally valid and applicable, so you have plenty of time to prepare and update your documentation. BUT, don’t wait too long November 29, 2020 will be here before we know it!

ISO/IEC 17025:2017 specifies the general requirements for the competence, impartiality and consistent operation of laboratories. It is applicable to all organizations performing laboratory activities, regardless of the number of personnel. Visit ISO.org to purchase a full version of the new standard.

IndySoft has been supporting the software needs of Commercial Labs for twenty years. Please contact sales@IndySoft.com if you would like information on how IndySoft can support the information management requirements of ISO/IEC 17025:2017.