Risk Management

for the
New ISO/IEC 17025 Standard

Roger M. Brauninger
American Association for Laboratory Accreditation
Frederick, Maryland
April 20, 2017
Don’t Panic.
 ISO/IEC 17025
Major Changes
• Obligatory changes by CPC*
• Structure
• Philosophy
• New Definitions

*Chairman’s Policy Coordination Group

 ISO Process Flow
Feb 2015 Jun 2015 OCT 2015 MAR 2016 OCT 2016
Output of WD 1 Output WD2 & 3 CD1 Ballot CD2 Ballot Translation

Aug 2015 Feb 2016

Output CD1 Output CD2

DEC 2016 MAY 2017 JUL 2017

DIS Ballot DG FDIS?
20 Preparatory
OCT 2017 30 Committee
RELEASE?
40 Inquiry
50 Approval
Transition Event
FDIS Optional
 The Basic Format
• Similar to other new standards \
§ e.g., ISO/IEC 17020 and ISO/IEC 17065.
• Will be aligned to ISO 9001:2015 principles on
resources and process.
• Follows the new ISO 9001 philosophy
§ Requires less documented procedures and policies
§ Focuses more on the outcomes of a process.
• Example: no longer required to maintain a current job
description (2005 – 5.2.4) but focuses on communicating
to each person their duties, responsibilities and authorities
(CD2 – 6.2.4)
•
 ISO Obligatory Changes
• CPC Proc/33
§ Impartiality
• General (4.1), Resource (6.2)
§ Confidentiality
• General (4.2)
§ Complaints
• Process (7.9)
§ Management System (8)
• Option A : 17025:2005 section 4
• Option B : 9001 Registered/Certified Bodies

*ISO/CASCO Chairman’s Policy and Coordination Group

 Structure
17025:2005 17025:201X
1 Scope 1 Scope
2 Normative References 2 Normative References This doesn’t
3 Terms & Definitions 3 Terms & Definitions mean you have
4 General Requirements to change your
5 Structural Requirements Quality
4 Management Requirements 6 Resource Requirements Manuals!*
5 Technical Requirements 7 Process Requirements
8 Management Requirements

Annex A – Metrological Traceability

Annex A – 9001 Cross References
Annex B – Management System
Annex B – Guidelines for Applications
Bibliography
Bibliography
 Structure
4 General Requirements 4.1 Impartiality
4.2 Confidentiality
5.1 Legal entity (4.1)
5 Structural Requirements 5.2 Management (4.2)
5.3 Responsible for activities
5.4 Defined range of activities
5.5 Authority and resource availability
5.6 Communication & integrity
6.1 General
6.2 Personnel (5.2)
6 Resource Requirements
6.3 Laboratory & Environment (5.3)
6.4 Equipment (5.5)
6.5 External Products & Services (4.6)
6.6 Metrological Traceability (5.6)
 Structure
7.1 Review of RTC (4.4)
7 Process Requirements 7.2 Selection of Methods (5.4)
7.3 Sampling (5.7)
7.4 Handling of Customer Items (5.8)
7.5 Technical Records (4.13)
7.6 Evaluation of MU (5.4.6)
7.7 Quality Control (5.9)
7.8 Reporting of Results (5.10)
7.9 Complaints (4.8)
7.10 Nonconforming Work (4.9)
7.11 Control of Data (4.13)
 Structure

8.1 Options (A & B)

8.2 Option A – Management System
Documentation (4.2)
8 Management Requirements 8.3 Option A – Control of Documents (4.3)
8.4 Option A – Records (4.13)
8.5 Option A – Risks & Opportunities (4.10)
8.6 Option A – Improvement (4.10, 4.12)
8.7 Option A – Corrective Action (4.11)
8.8 Option A – Internal Audits (4.14)
8.9 Option A – Management Reviews (4.15)
 Mapping (1/2)
17025:2005 17025 DIS
§ 4 – Management
>
4.1 Organization . . . . . . . . . . . . . . . §5 Structural
4.2 Management System . . . . . . . . > 8.2
>
4.3 Document Control . . . . . . . . . . . 8.3
>
4.4 Requests & Tenders . . . . . . . . . 7.1
>
4.5 Subcontracting . . . . . . . . . . . . . 6.5
>
4.6 Purchasing . . . . . . . . . . . . . . . . 6.6
>
4.7 Service to Customer . . . . . . . . . Entire document
>
4.8 Complaints . . . . . . . . . . . . . . . . 7.9
>
4.9 NCW . . . . . . . . . . . . . . . . . . . . . 7.10
>
4.10 Improvement . . . . . . . . . . . . . . 8.5, 8.6
4.11 Corrective Action . . . . . . . . . . .
> 8.7
4.12 Preventive Action . . . . . . . . . . .
> Removed
4.13 Records . . . . . . . . . . . . . . . . . .
> 7.5, 7.11, 8.4
4.14 Internal Audits . . . . . . . . . . . . .
> 8.8
4.15 Management Review . . . . . . . .> 8.9
 Mapping (2/2)
17025:2005 17025 DIS
§ 5 – Technical
5.2 Personnel . . . . . . . . . . . . . . . . > 6.2
5.3 Accom. & Environ . . . . . . . . .>. 6.3
5.4 Methods . . . . . . . . . . . . . . . . .> 7.2
5.5 Equipment . . . . . . . . . . . . . . .> 6.4
5.6 Traceability . . . . . . . . . . . . . . >. 6.6, 7.6
5.7 Sampling . . . . . . . . . . . . . . . . > 7.3
5.8 Handling of UUT . . . . . . . . . . .> 7.4
5.9 Quality Assurance . . . . . . . . .> 7.7
5.10 Reporting . . . . . . . . . . . . . . .> 7.8

> New
> 8.6 Risks & Opportunities
Risk management
 Risk management
§ Requires the laboratory to plan and implement
actions to address risks and opportunities.
• Establishes a basis for increasing the effectiveness of the
quality management system, achieving improved
results and preventing negative effects.
§ The laboratory is responsible for deciding which
risks and opportunities need to be addressed
What Does this Mean for You?

Identify: What can happen, when,

where why and how.
Assess: Determine existing controls,
determine likelihood and consequences
leading to estimate level of risk.
Evaluate: Compare against criteria,
Identify and weigh options, Decide on
response and establish priorities.
Control & Monitor: Mitigate by modify
process, document outcomes
 Philosophical Changes
• ISO 9001 Principles
§ Risk management (9001)
• Impartiality, Confidentiality, Complaints
§ Managed Processes to Process Management
§ “Fit for Use/Purpose” – Validation

• Conformity vs. Compliance

§ Added statements of conformity in 7.8.5

• Shall, Must, Should, Where . . .

§ Requirements = shall
§ Should and Where __ =
Philosophical Changes (cont)
• “Test and/or calibration”
§ Replaced with laboratory to reduce
confusion
§ Where appropriate, it was left in the
Standard

• Notes
§ If the NOTE did not provide value it was
removed, moved to an Annex, otherwise it
was moved to a requirement
 Impartiality (4.1)
• Safeguard against lack of…

• Establish structure

• Mitigate pressures

• Identify & manage risks (ongoing

basis)
 Confidentiality (4.2)

• Legally enforceable commitment

• Inform customer of if public

exposure of information

• 3rd party communication

requirement
 Complaints (7.9)

• Documented process to receive,

evaluate and make decisions
• Description of the handling process
available to any interested party
• Acknowledge receipt, provide
progress reports and the outcome
 Annex A, metrological
traceability
• Traceability established by:
§ Definition of the measurand
§ Unbroken chain of comparisons/cals
§ Measurement uncertainty
§ Performed in accordance with
documented information
§ Competence
 Annex A,
Metrological traceability
• Demonstration of Traceability
§ Evaluate the technical competence of the
calibration provider and claimed
metrological traceability as per the
requirements of this standard
§ CMCs peer reviewed by international
arrangement – CIPM MRA or ILAC
 8 Management
requirements
• Option A
§ At a minimum the laboratory addresses
8.2 – 8.9
• Option B
§ A laboratory that has established and maintains a
management system, in accordance with the
requirements of ISO 9001, and that is capable of
supporting and demonstrating the consistent
fulfilment of the requirements of clauses 4 to 7 of
ISO/IEC 17025
§ Also fulfils at least the intent of the management
system section requirements (8.2 - 8.9)
 Next Steps
• Writing group subcommittee meeting in
May 2017
• 6th Meeting scheduled for week of 10 July
2017
• Anticipate FDIS in fall of 2017
• Approval of FDIS by end of 2017
• 3 year implementation period from the
time of publication
For Further Information
Contact: Roger M. Brauninger
Phone: 301 644 3233
Email: rbrauninger@a2la.org

American Association for Laboratory Accreditation

5202 Presidents Court, Suite 220
Frederick, MD 21703

www.a2la.org