Risk Based Thinking and the Impact on 17025

Featuring our invited presenter: Melanie Ross, Training Products Specialist for ANAB
 YOUR QUALTRAX PRESENTER

• All-in-One Compliance Management

Solution
• ISO 9001:2015 Certified Organization
• Founded in 1993
• 97% customer renewal rate
• Headquartered in Blacksburg, VA
Karen Arrivillaga
Account Executive
 YOUR
OURQUALTRAX PRESENTER
INVITED PRESENTER

• All-in-One Compliance Management

Solution
● Develops and Delivers Training on
• ISO 9001:2015
Variety Certified Organization
of Topics
•● Founded in 1993
15+ years working with Quality
Assurance,
• 97% customerControl
renewaland
rateManagement

Melanie Ross •● Headquartered in Blacksburg,

Managed accounts VA
of global
Training Product Specialist certification organizations
ANSI National Accreditation Board (ANAB)
Risk-based Thinking
Process Approach to Risk Assessment

ANSI National Accreditation Board

Goals
• Define risk

• Identify standard requirements related to risk

• Identify risk-based controls of the standard

• Application of risk-based thinking in the laboratory

• What to expect during an assessment

Risk resources
• ISO 31000 Risk management guidelines

• ISO/IEC 31010 Risk management-risk assessment techniques

NOT REQUIRED BY ISO/IEC 17025 STANDARD

Risk in the context of ISO framework
• ISO documents provide
• Requirements, specifications, guidelines, or characteristics

• Intent is to ensure materials, products, processes and

services are fit for purpose

RISK RELATES TO DOUBT IN REACHING THIS INTENT

What is risk?
• Effect of uncertainty

• Risk is the deviation from the expected cause by a shortage of

information, misinformation, or misinterpretation of
information

• Effects may be both positive and negative

• Negative effects: nonconformities
• Positive effects: opportunities for improvement
Risk in ISO/IEC 17025:2017
• 4.1.4 risks to impartiality
• 4.1.5 eliminating risks to impartiality
• 7.8.6.1 level of risk associated with decision rules
• 7.10.1 actions taken for nonconforming work
• 8.5 actions to address risks and opportunities
• 8.7 corrective action
• 8.9 management review
Clause 4.1.4 & 4.1.5
• Identify risks to impartiality on an ongoing basis
• Laboratory relationships
• Relationships of personnel

• Eliminate or minimize identified risks

Clause 7.8.6.1
• Reporting of results
• Level of risk associated with decision rule
• False accept/reject
• Statistical assumptions
Clause 7.10.1
• Actions for nonconforming work based on risk levels

• Established before nonconforming work occurs

Clause 8.5.1
• Consider risks and opportunities to
• Assure management system achieves intended results
• Enhance opportunities to achieve objectives
• Prevent or reduce undesired impacts
• Achieve improvement
Clause 8.5.2
• Laboratory shall plan
• Actions to address identified risks and opportunities
• How to
• Integrate and implement these actions
• Evaluate effectiveness
Clause 8.5.3
• Actions
• Proportional to the potential impact on validity of results
Clause 8.7.1
• Corrective action
• Update risks and opportunities determined during planning
• Make changes to the management system
Clause 8.9
• Management review
• Include results of risk identification
Inherent risk-based controls
• Contract review: ability to provide service, decision rules

• Process review: selection, verification, and validation of

methods

• Externally provided products and services: supplier selection

• Testing or calibration: review of work, assuring quality

Inherent risk-based controls
• Internal audit: frequency, audit schedule prioritization

• Nonconforming work: response based on risk

• Corrective action: initiating/depth of investigation

• Management review: monitoring system performance

Addressing risk in the lab
• Identify the risks and opportunities

• Plan response

• Incorporate response into management system

• Evaluate effectiveness of response

Risk-based thinking
• Preventive action as part of the routine operation

• Risk-based thinking can identify opportunities

• Included in development of management system processes

• Authority and responsibility of appropriate staff
• Level of details of procedures required for consistent
application
What is at risk in the laboratory?
• Internal context
• Within the management system

• External context
• Based on management system outcomes
Simple risk-based approach
• Identify risks and opportunities – it depends on context
• Analyze and prioritize risks and opportunities
• What is acceptable?
• What is unacceptable?
• Plan actions to address risks and opportunities
• Accept the risk
• Avoid or eliminate the risk
• Mitigate the risk
Simple risk-based approach
• Implement the plan – take action
• Check the effectiveness of the actions – did it work?
• Learn from the experience – improvement
Performance based standard
• Risk-based thinking
• Reduction in prescriptive requirements
• Performance-based requirements

• Greater flexibility
• Less prescription
• More discussion
Is a documented procedure needed?
• No procedure is required

• Most likely however there will be a record trail to identified

risks and opportunities
Would a procedure be useful?
• Ensure consistency
• Is risk-based thinking method used new?
• Are new people involved in the process?
• Will it make integration easier?
• Will it help when reviewing for effectiveness?
Assessment considerations
• Demonstrate risks and opportunities were
• Identified
• Evaluated
• Mitigated, minimized, or accepted

• Document risks and opportunities

What should the lab do?
• Identify the risks and opportunities for the organization

• Standard does not require a full, formal risk assessment, of to

maintain a risk register

• ISO 31000 Risk Management-Principles and guidelines may be

useful as a reference (but not mandated)
 How Qualtrax Plays a Role in Risk Based Thinking

• Proactive and Reactive

• Promotes Employee Accountability

• Centralized location for all audit data

• Visibility to identify risks and opportunities for improvement

• Configurable Process Automation

- Corrective Actions
- Management Review
 All -In-One Quality Management System

“We are a lean organization – constantly trying to improve our processes while cutting away the waste,” explains Todaro. “That’s what
drives us to improve our quality each and every day.”

Jim Todaro
Quality Assurance Manager
 Benefits to Qualtrax Workflows

• Process Control

• Automated, Role-Based Tasks and Alerts

• Records in one place

• Reporting/Visibility

• Configurable
 Some Workflows Used Today

● Corrective Action ● Approved Vendors ● Improvement Action ● Authorizations

Request ● Deviation Request ● Production Approval ● Literature Review Log
● Internal Audit ● LIMS Change Request ● Safety Work Order ● Outstanding
● Safety Work Order ● Customer Feedback ● Accident/Near Miss ● PTO Request
● Accident Reporting ● Drug Reagent & Report ● IT Request
● Employee Onboarding Chemical Prep ● Forklift Certification ● Planning Meetings
● Performance Evaluation ● Quality Incident Log ● Glass Breakage Record ● Staff Holiday Parties
● Management Review ● DNA Inventory ● Training/Certification ● Suggestion Box
● Chemical Preparation ● Court Testimony Log Record ● Quality Memo
● Vendor Evaluation & ● Authorizations ● Instrument ● Archive Request
Approval ● Audit - Safety Certification ● Unexpected Data Log
● Purchase Request ● Audit - Surveillance ● Engineering Change ● Equipment Inventory
● Validation Visits Order ● Outstanding
● Customer Complaint ● Preventative Actions ● CAPA/NCR Communications
● Validation ● Security Access ● Pigment Approval ● Error Log
● Proficiency Testing Request ● Assemble to Stock ● Employee Termination
Registration is closing soon!
go.qualtrax.com/SuperQUC
 Questions?

Melanie Ross Karen Arrivillaga

Training Product Specialist Account Executive
ANSI National Accreditation Board Qualtrax, Inc.
(ANAB) karen@qualtrax.com