ISO/IEC 17025:2017

O v e r v i e w, C o n t e n t , a n d
C h a n g e s f r o m 2 0 0 5 e d i ti o n
Presentation Outline

• 01: Introduction
• 02: ISO 17025:2017 – Key Changes
• 03: Terms and Definitions
• 04: General Requirements
• 05: Structural Requirements
• 06: Resource Requirements
• 07: Process Requirements
• 08: Management System Requirements
• 09: Conclusion & Summary

2
ISO/IEC 17025:2017
I n t r o d u c ti o n & O v e r v i e w
01: Introduction

ISO/IEC: 17025:2017 - General requirements for the competence of testing

and calibration laboratories – serves the purpose of:

1) Promoting confidence in the operation of laboratories through an

transparent international standard
2) Giving laboratories an instrument to show that they are able to operate
competently, and more importantly generate valid results living up to
international standards
3) Providing laboratory in question with the tools to plan assess risks and
opportunities and implement actions to address them
4) Enhance the corporation between laboratories and other bodies, and
thereby assisting in the exchange of information and experience -
harmonizing standards and procedures – while simultaneously ensuring
the validity of results through comparison of baseline results
4
02: ISO 17025:2017 – Key Changes
Key Structural Changes from ISO/IEC 17025:2005-2017 include:

• Alignment with the layout of other recent 17000-series

standards and the structure of ISO 9001:2015
• Management requirements (Chapter 4) and technical
requirements (Chapter 5) in the 2005 version are replaced by:
• 4 General requirements
• Mandatory sections on impartiality & confidentiality common to new 17000
standards
• 5 Structural requirements
• 6 Resource requirements
• 7 Process requirements
• 8 Management requirements

5
02: ISO 17025:2017 – Key Changes Cont.
Chapter 8 - Management system
requirements has been changed to provide
improved flexibility through 2 options
• Option A – a management system
meeting the requirements of the
management system requirements
specified in the standard
• Option B – a management system in
accordance with the requirements of ISO
9001 and capable of supporting the The developments of ISO 9001 and ISO/IEC 17025
requirements of ISO/IEC 17025

6
02: ISO 17025:2017 – Key Changes Cont.
Key Content-Based Changes from ISO/IEC 17025:2005-2017 include:
– An increased and more explicit focus on risk-based thinking
– Increased flexibility in terms of the requirements for processes,
procedures, documented information and organizational
responsibilities (e.g. section 7.10 Non-conforming Work (previously
4.9) and clause 8 Option A & B)
• Enhanced focus on the developments of Information Technology:
Risks, data integrity, confidentiality, validation of software,
considering electronic documents
• A more explicit focus on “Metrological traceability”

7
ISO/IEC 17025:2017
Content:
0 3 : Te r m s a n d D e fi n i ti o n s
03: Terms and Definitions (Changes)
3.4: Intralaboratory comparison
• “Organization, performance and evaluation of measurements or tests on
the same or similar items, within the same laboratory (3.6), in accordance
with predetermined conditions”
3.5: Proficiency testing
• “Evaluation of participant performance against pre-established criteria by
means of interlaboratory comparisons (3.3)”
3.6: Laboratory
• New to the 2017 edition is that the term laboratory has been defined as:
“body that performs one or more of the following activities: calibration,
testing, sampling, associated with subsequent calibration or testing.”
3.7: Decision rule
• “A rule that describes how measurement uncertainty will be
accounted for when stating conformity with a specified requirement” 9
ISO/IEC 17025:2017
Content: 04: General Requirements
04: General Requirements
4.1: Impartiality
Impartiality is one of the KEY clauses in 17025 as the failure for any entity
to comply with this clause could potentially put into question the validity
and objectivity of all previous and future results and outputs
• New/changed requirements: “Identifying risks to impartiality on an on-
going basis and Addressing risks to impartiality

4.2: Confidentiality
This clause requires the entity to respect the confidentiality (legally) of
information received from both customers and in all lab procedures (4.2.1)
–unless legally obligated to do so, in which case the individuals in
questions shall be notified (4.2.2)
• New/changed requirements: “Stronger emphasis on customer
awareness, More detail regarding specific cases where confidentiality
could be affected” 11
ISO/IEC 17025:2017
Content: 05: Structural Requirements
05: Structural Requirements
05: Structural Requirements; Overview and Purpose

Clause 5 refers to the high-level structure of the lab, and the

requirements are in its essence related to the lab conforming to the
ISO/IEC 17025:2017 document. (5.1-5.4) and being a “legal entity”.

The clause requires the lab in question to define and document:

• A management structure (5.5)
• Relevant procedures ensuring the validity of results (5.5)
• The responsibilities of the personnel (5.6)
• A communication system which ensures the effectiveness of the
management system / living up to all requirements (5.7)
13
ISO/IEC 17025:2017
Content: 06: Resource Requirements
6: Resource Requirements
6: Resource Requirements; Overview and Purpose
The overall purpose of clause 6 is to ensure - the customer – that the lab
in question has the necessary resources to produce valid test outputs
living up to international standards.
The resources needed for this are divided in to 6 different requirements:
6.1. General
6.2. Personnel
6.3 Facilities and Environmental Conditions
6.4 Equipment
6.5 Metrological traceability
6.6 Externally provided products and services
15
6.1: General & 6.2: Personnel
The essential clauses are defined as:
• The availability of personnel, facilities, equipment, systems and
support services. (6.1)
• Personnel (6.2) The personnel are required to:
• Act impartially (4.1), be competent and work in accordance with lab’s
management system (8)
• There needs to be evidences of the competence requirements (through either
education, qualification, training, technical knowledge ,skills and experience)
• Proven competence to carry out laboratory activities and to evaluate the
significance of deviations (to ensure valid results)
• All of the above shall be documented in a detailed manner (6.2.5)

16
6.3 Facilities and environmental
conditions
The overall purpose of clause 6.3 is to ensure that the test outputs of
the lab are valid and that neither the environment or facilities tampers
with the test results:

• The location must be suitable for laboratory activities and not

adversely affect the validity of results

• Measures to control facilities and environment shall be implemented,

monitored and periodically reviewed Monitor, control and record
environmental conditions

17
6.4 Equipment
The overall purpose of clause 6.4 is to ensure that the laboratory has access to the
required equipment, and that the equipment is up to date, and calibrated correctly
to ensure the validity of the test result. All of this must be well documented.
• Special attention should be put to 6.4.6 which identifies two criteria that
determines when equipment is require to be calibrated:
• The measurement accuracy or measurement uncertainty affects the validity of
• The reported results, or calibration of the equipment is required to establish the
metrological traceability (6.5) of the reported result

6.4 specifies the requirements on the

following:

• Available and function properly • Calibration status

• Conform with specification before place into • Action for out of service
service • Intermediate checks
• Capable to achieve required accuracy • Update/implement correction factors or
• Calibration of measuring equipment reference values
• Establish calibration program • Measures to prevent unintended
• Equipment records adjustment
18
6.5 Metrological traceability
6.5 requires the laboratory to establish and maintain metrological
traceability of all measurements results.
Metrological Traceability is defined as: “the property of a measurement result
whereby the result can be related to a reference through a documented unbroken
chain of calibrations, each contributing to the measurement uncertainty”

In essence it refers to a direct link between something measured in the

field and a result of the best possible measurement made in a calibration
laboratory. The link ensures that different measurement methods and
instruments used in different countries at different times produce
reliable, repeatable, reproducible, tracible, compatible and comparable
measurement results.

19
6.5 Metrological traceability Cont.
The specific requirements of 6.5 include:
• To establish and maintain metrological traceability of its measurement
results
• To ensure that measurement results are traceable:
• Competent laboratory;
• Competent producer;
• Comparison, directly or indirectly with national or international standards.
• To demonstrate metrological traceability to an appropriate reference:
• Competent producer;
• Suitable comparison.

It should be noted that the Terminology and requirements have been updated
in the revision to reflect current practice in traceability and that Additional
explanatory information is included in Annex A of the document
20
6.6 Externally provided products
and services
The essence of Clause 6.6 is to ensure that externally provided
products and services do not have an impact on the (validity)
results of the laboratory.
Specifically the clause requires the laboratory to:
• To ensure that suitable externally provided products and services
are used when products and services:
• Are intended for incorporation into the laboratory’s own activities;
• Are provided ,in part or in full, directly to the customer by the laboratory
as received from the external provider;
• Are used to support the operation of the laboratory.
Changes:
6.6 combines 4.5 Subcontracting and 4.6 Purchasing services and
supplies from 2005 version – and focus more on communication
with the customer 21
ISO/IEC 17025:2017
Content: 07: Process Requirements
7: Process Requirements
7: Process Requirements; Overview and Purpose
The overall purpose and goal of clause 7 is to establish a Standard
Operating Procedure (SOP) which ensures that the validity of the product
can not be questioned – and in the end that the customer is happy with
the product
The process of clause 7 can be seen below:

23
7.1 Review of requests, tenders and
contracts
Clause 7.1 requires the laboratory to have a procedure for the review of
requests, tenders and contracts.(7.1.1) and specifies the following:
• Have a procedure for the review • Repeat contract review if amended after work
• Inform customer when method requested by the and communicate to all affected personnel
customer is not appropriate or out of date • Cooperate with customers or their
• Clearly defined a statement of conformity when representatives in clarifying the customer’s
requested by the customer request and in monitoring
• Resolve any difference between the request or • the laboratory’s performance in relation to the
tender and the contract before commencing work performed
work • Retain records of reviews
• Inform customer if any deviation from the
contract

Changes include:
7.1.3 now requires statements of conformity and associated decision rules be addressed
during contract review
7.1.4 now states that deviations requested by the customer shall not impact the integrity
of the laboratory or the validity of the results 24
7.2 Selection, verification and
validation of methods
Clause 7.2 specifies the needed requirements to verify and validate
methods and procedures of the laboratory as follows:

• Use appropriate methods and procedures for all

laboratory activities
• Up to date methods, procedures and supporting
documents are kept and made readily available to
personnel
• Uses the latest version unless not possible to do
• Select appropriate method when customer does not
specify
• Retain records of validation
• Verify methods before introducing them to ensure it can
achieve the required performance.
• Have Action plan for method development
• Document, technically justify, authorize and accept by
the customer if any deviation from methods
• Validate non –standard methods , laboratory developed
methods and standard methods used outside their
intended scope or modify

Changes:
Terminology and organization of clause updated. 7.2.1.1 clarifies that
“method” as used in this document can be considered synonymous with
the term “measurement procedure” as defined in ISO/IEC Guide 99. 25
7.3 Sampling
Clause 7.3 specifies the procedures required for sampling to ensure
a valid test results and requires a:

1) Sampling plan (7.3.1)

2) Sampling method (7.3.2)
3) Retain records (7.3.3)

Changes:
• Definition of laboratory (3.6) clarifies that the sampling activity
is associated with subsequent testing or calibration

26
7.4 Handling of test or calibration
items
The essence of clause 7.4 is to ensure that the laboratory handles
test or calibration items according to international standards so as
to protect the integrity of the test or calibration item, and to
protect the interests of the laboratory and the customer. Clause
7.4. requires the laboratory to:

1) Have a procedure (7.4.1)

2) Have a system for unambiguous identification (7.4.2)
3) Records of the item (7.4.3)
4) Facilities to maintain items - so as they remain unaffected by external factors
such as environments (7.4.4)

Changes:
The requirement of 7.4.3 is new. 27
7.5 Technical records
Clause 7.5 states that the laboratory must ensure:

1) Sufficient information (7.5.1) Ensuring that the experiment can

be replicated to test the validity of the result if necessary
2) Amendment can be tracked to previous versions or original
observations (7.5.2)

28
7.6 Evaluation of measurement
uncertainty
Clause 7.6 – the requirement of measurement uncertainty - plays an
essential role in ensuring the validity of results produced by the laboratory.
All measurements are subject to uncertainty and a measurement result is complete only
when it is accompanied by a statement of the associated uncertainty, such as the standard
deviation (SD) (Through GUM method A or B) – which is why the requirement is central to
any laboratory wishing to ensure customers of valid test results.
7.6 states that the laboratory must:
• Identify the contributions to measurement uncertainty
• Evaluate for all calibrations (calibration lab)
• Evaluate measurement uncertainty where test method
precludes rigorous evaluation of measurement uncertainty
Changes:
• 7.6.1-3.
• 7.6.2, requires evaluation of measurement uncertainty for all calibrations, including those a laboratory
performs on its own equipment (i.e. “in-house” calibrations) 29
7.6 Evaluation of measurement
uncertainty Cont.
Measurement Uncertainty In Practice:
Uncertainty of measurement is: the doubt that exists about the result of any measurement. You might
think that well-made rulers, clocks and thermometers should be trustworthy, and give the right
answers. But for every measurement - even the most careful - there is always a margin of doubt. In
everyday speech, this might be expressed as ‘give or take’ ... e.g. a stick might be two metres long ‘give
or take a centimetre’.
Uncertainty is calculated by taking the
smallest division of what you are
measuring divided by 10. E.g. If your
measurement is centimeters, your
smallest measurement is 1 millimeters/10
= 0,01 cm. If you measure 2,6 mm, your
measurement should say 2,61 mm. (2,6
cm +- 0,01 mm).
The uncertainty (0,01 mm) also tells us
what direction we are leaning towards in Standard Deviation (SD): Variation/dispersion of data.
our measurement. In other words, we E.g. a low SD indicates that data is close to the ”Mean”
(expected value/average) – a high SD means the data is
believe the measurement is closer to 2,7 spread a wider range of values. SD is thus used to see if 30
cm than 2,5 cm. a data-set is “expected/standard” or “Unusual”
 7.7 Ensuring the validity of results
Clause 7.7 states that the laboratory shall have a procedure for
monitoring the validity of results (7.1.1)
One of the most essential aspects of clause 7.7. (and changes from
2005) is 7.7.2 which requires the lab to ” monitor its performance by
comparison with results of other laboratories”
This primarily done through proficiency testing (Refers to an evaluation
of participant performance against pre-established criteria by means of
interlaboratory comparisons)
Clause 7.7 requires the laboratory to:
• Have a procedure for monitoring the • Analyze and use data from monitoring to
validity of results control and improve the laboratory’s
• Monitor its performance by comparison activities
with results of other laboratories • Take action when data from the
monitoring are found to be outside pre-
defined criteria

31
 7.8 Reporting of results
Clause 7.8 requires the laboratories to report the findings of test results
in a detailed and well documented manner – mainly with the purpose of
ensure that the customer has the necessary information for the
interpretation of the results and all documentation
Clause 7.8 specifically refers to:
• Labs are required by the method used
• General – review and authorize prior to • Specific requirements for calibration
release certificates
• Common requirements for reports • Specific requirements for reporting
• Specific requirements for test reports sampling
• Reporting statements of conformity
• Reporting opinions and interpretations
• Amendments to reports
Changes/New requirements:
• 7.8.2.2 addresses data provided by a customer, including a disclaimer
when those data can affect validity of results
• 7.8.5 reporting sampling
• 7.8.6 reporting statements of conformity 32
 7.9 Complaints
The laboratory must have a documented process to receive , evaluate
and make decision on complaints (7.9.1) In its core, 7.9 is in place to ensure the customer
satisfaction with the product – no different that in quality management systems (ISO
9001). Having sufficient and well documented complaint mechanics in pace thus ensures
customer satisfaction but at the same time enhances the validity of any test result /
product. Clause 7.9 requires the laboratory to:
• Be responsible for all decisions at all levels of handling
process of complaints and made • Responsible for gathering and verifying all information
• availability of description of handling process for to validate the complaint
complaints to interested party • Acknowledge receipt of the complaint, and provide the
• Include at least the following elements and method: complainant with progress report and outcome
• Description of the process • Review, approve the outcomes by individual (s) not
• Tracking and recording complaints involved in the original laboratory activities in question
• Ensuring that appropriate action is taken • Give formal notice of the end of the complaint handling
to the complainant

Changes / new requirements:

7.9.2 requires a description of the complaints handling process be available to any
interested party upon request
7.9.6 requires the outcomes to be communicated to the complainant made by, or reviewed
and approved by, individual(s) not involved in the original laboratory activities in question 33
 7.10 Nonconforming work
Clause 7.10 requires the laboratory to have a (documented) procedure in place for
when any test or work does not conform to the defined criteria/goals – this procedure
ensures that corrective measure is taken and ensures that the validity of test outputs
can not be put in to question.
Clause 7.10 requires the lab to:
• Have procedure to ensure that: • Where necessary ,the customer is notified
• Responsibilities and authorities for the and work is recalled;
management of NC work are defined; • The responsibility for authorizing the
• Actions are based upon the risk levels resumption of work is defined.
established by the laboratory;
• An evaluation is made of the significance of • Retain records of NC work and actions taken
NC work, including an impact analysis on
previous results; • Implement corrective action where the
• A decision is taken on the acceptability of evaluation indicates that the NC work could
NC work; recur or is doubt about the conformity of
laboratory’s operation
Changes:
Risk has been incorporated into section
7.10 Nonconforming Work (7.10.1 (b))
34
 7.11Control of data and information
management
Clause 7.11 requires the laboratory to have access to the data and information needed to perform
laboratory activities (7.11.1). Additionally clause 7.11 aims to ensure that the software used by the
laboratory is up to date – no different that equipment requiring the correct calibration (7.11.2)
Clause 7.11 specifically requires the laboratory to:
• Have access to the data and information needed • Ensure the provider or operator of the system
to perform laboratory activities complies when manage and maintain off-site or
• Validate information management system for through an external provider.
functionality • Ensure that instructions, manuals and reference
• Protect from unauthorized access, safeguard data relevant to laboratory information system are
against tampering and loss, operate in suitable made readily available to personnel
environment , maintain integrity of data, record • Check calculations and data transfers in an
system failures and corrective actions appropriate and systematic manner

Changes:
One of the main changes with ISO/IEC 17025:2017 is that it bridges the gap in IT from 2005
by among other including the mention of Off-the-shelf (OTF) Software and modifications to
these (7.11.2). Additionally 7.11.4 now requires laboratories to ensure that off-site or external
provides of information comply with the ISO/IEC 17025 requirements 35
ISO/IEC 17025:2017
Content: 08: Management System
Requirements
8: Management System Requirements
8: Management System Requirements; Overview and Purpose
Completely new to the ISO/IEC 17025:2017 is the increased flexibility
gained through the introduction of two options – A and B

The core of clause 8 is that “The laboratory shall establish, document,

implement and maintain a management system that is capable of
supporting and demonstrating the consistent achievement of the
requirements of this document and assuring the quality of the laboratory
results.”(8.1.1)

Similarly to ISO 9001:2015 Quality Management Systems (QMS) – the

essence is quality assurance – which is in the end related to customer
satisfaction. The MS is put in to place in order to assure the customer of
the quality of the end product 37
 8.1 Options
• The new edition of ISO/IEC 17025 now provides two distinct options
(A or B) for establishing a management system
• Option A: As a minimum the management system of the
laboratory shall address the requirements in clauses 8.2 to 8.9
• Option B: Establish and maintain a management system in
accordance with the requirements of ISO 9001:2015
• Both options require that the management system is capable of
supporting and demonstrating the consistent achievement of the
requirements of ISO/IEC 17025:2017 clauses 4 to 7 and assuring the
quality of the laboratory results.
• Laboratories need only conform to one of the options (not both)

38
8.1.2 Option A
8.1.2 Option A
As a minimum the management system of the laboratory shall
address the following:
– management system documentation (see 8.2)
Similar to 2005 – control of management system documents (see 8.3)
version
– control of records (see 8.4)
– actions to address risks and opportunities (see 8.5) New
– improvement (see 8.6)
Aligned with
ISO 9001:2015
– corrective action (see 8.7)
– internal audits (see 8.8)
– management review (see 8.9) 39
8.1.3 Option B
Option B is very simply and is defined simply as:
• A laboratory that has established and maintains a management
system, in accordance with the requirements of ISO 9001, and
that is capable of supporting and demonstrating the consistent
fulfilment of the requirements of clauses 4 to 7 of ISO/IEC 17025
• Must also fulfil at least the intent of the management system
section requirements (8.2 - 8.9)

40
8.2 -8.9: Management System
Requirements Option (A)
• Similar to ISO 9001:2015 excerpt for:

• 8.4.2 The laboratory shall implement the controls needed for the
identification, storage, protection, back-up, archive, retrieval,
retention time, and disposal of its records. (7.5) The laboratory
shall retain records for a period consistent with its contractual
obligations. Access to these records shall be consistent with the
confidentiality commitments and records shall be readily
available.

41
8.2 -8.9: Management System
Requirements Option (A) Cont.
As mentioned before, ISO/IEC 17025:2017 incorporates “risked-
based thinking” – which can also be observed in 8.5 Actions to
address risks and opportunities (Option A):

• The laboratory is responsible for deciding which risks and

opportunities need to be addressed (8.5.2)
• There is no requirement for formal methods for risk
management or a documented risk management process
(8.5.2 note)
• Actions taken to address risks and opportunities shall be
proportional to the potential impact on the validity of
laboratory results (8.5.3)
42
09: Conclusion & Summary
Summing up, the changes from the 2005 – 2017 version of ISO/IEC 17025 can
be categorized as 1) being more flexible 2) Including a ”risk based thinking”
and 3) have received and update in terms of new IT advances since 2005
Other high level changes include:

• Structure (8 sections
instead of 5) • Decision Rules for
• Fewer Administrative Statement of
Procedures Conformity
• Stronger Competence • Risks and Opportunities
Requirements • Impartiality
• Laboratory Management
Management • Stronger Complaint
Handling