Checklist of mandatory documents

required by ISO 17025:2017

Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.

Copyright © 2019 Advisera Expert Solutions Ltd. All rights reserved. 1
Table of Contents

Introduction ............................................................................................................................................ 3
Which documents and records are required? .......................................................................................... 4
Commonly used non-mandatory documents ........................................................................................... 7
How to structure documents and records................................................................................................ 8
Conclusion............................................................................................................................................. 12
Useful materials .................................................................................................................................... 12
References ............................................................................................................................................ 13
About the author................................................................................................................................... 13

Copyright © 2019 Advisera Expert Solutions Ltd. All rights reserved. 2

Introduction
Some of most common questions related to the latest changes in ISO/IEC 17025, the world-leading
standard for laboratories, are about how to update mandatory documentation. What has changed in the
2017 revision, compared to the 2005 version, and are there more or fewer mandatory documents now?
As the 2017 revision of ISO 17025 now has five requirements clauses, compared to the two of the previous
standard’s edition, one might be concerned that the number of mandatory documents has also increased.
The good news is that the 2017 revision actually offers more flexibility in documentation requirements.
The application of risk-based thinking resulted in a reduction in the number of mandatory documents.
The emphasis is on the retention of data, records, and information that a laboratory can provide as
evidence to interested parties to assure them of the laboratory’s competence.

In this white paper, you will find clarity on which documents and records are mandatory, so that you can
implement ISO 17025 effectively and, at the same time, not waste resources on generating unnecessary
documents.

For additional information regarding ISO 17025, refer to these articles: What is ISO 17025:2017? and ISO
17025:2005 vs. ISO 17025:2017 revision: What has changed?

Copyright © 2019 Advisera Expert Solutions Ltd. All rights reserved. 3

Which documents and records are
required?
These are the documents and records required for your management system to meet the general
requirements of ISO 17025:2017. Records are generated to demonstrate compliance with the standard
and related internal procedures and serve as evidence during audits.

Mandatory Documents

Document ISO 17025:2017 Clause

Document and Record Control Procedure 8.2.1; 8.3; 8.4; 7.5

Quality Policy and Objectives 8.2.; 8.2.2

Competence, Training and Awareness Procedure 6.2.5

Externally Provided Products and Services Procedure 6.6.2

Facilities and Environmental Control Procedure 6.3

Equipment and Calibration Procedure 6.4.3; 6.5

Customer Service Procedure 7.1.1; 8.6

Test and Calibration Method Procedure 7.2.1; 7.2.2

Quality Assurance Procedure 7.7.1; 7.7.2; 7.7.3

7.3; 7.5 & 7.8.5, applicable only

Sampling Procedure
to laboratories that do sampling

Handling of Items Received for Testing Procedure 7.4

Complaint, Nonconformity and Corrective Action Procedure 7.9; 7.10; 8.7

7.8.2; 7.8.3, applicable to testing

Testing Report Procedure laboratories that write test
reports

7.8.2; 7.8.4, applicable to

Calibration Report and Certificate Requirements Procedure calibration laboratories that
write calibration certificates

Copyright © 2019 Advisera Expert Solutions Ltd. All rights reserved. 4

Mandatory Records

Document ISO 17025:2017 Clause

Quality Objectives 8.2.1

Training Program 6.2.3

Training Record and Performance Monitoring 6.2.2

Record of Attendance 6.2.2

Competence Approval and Authorization Record 5.6; 6.2.5 e

Supplier Evaluation and Approval Record 6.6.2 a

List of Approved Suppliers of Products and Services 6.6.2 a

Record of Laboratory Environmental Controls 6.3.3

List of Laboratory Equipment 6.14.13 a

Calibrated Equipment Record 6.14.13 a

Calibration Record 6.14.13 e

Equipment Maintenance Record 6.14.13 g

Customer Order Review 7.1.8

Report of Customer Satisfaction 8.6.2

Test Method Development, Verification and Validation Register 7.2.1.2

Test Method Development, Verification and Validation Record 7.2.2.4; 7.6.3

Measurement Uncertainty Record 7.6.3

Internal Quality Control and Proficiency Testing Record 7.7.2; 7.7.3

LIMS Validation Register 7.11

LIMS Validation Record 7.11

Sampling Plan 7.3.1

Sampling Report 7.3.3

Test or Calibration Item Registration Log 7.4

Corrective Action Report 8.7.3

Copyright © 2019 Advisera Expert Solutions Ltd. All rights reserved. 5

Mandatory Records

Complaint, Nonconformity and Corrective Action Report Log 8.7.3

List of Internal and External Documents 8.2.4; 8.3.1

List of Types of Records 8.4

Registry of Records for Retention/Central Archive 8.3.2 f; 8.4.1

Internal Audit Program 8.8.2 b

Internal Audit Report 8.8.2 e

Management Review Records 8.9.2

Copyright © 2019 Advisera Expert Solutions Ltd. All rights reserved. 6

Commonly used non-mandatory
documents
To drive improvement, you should also maintain any other documents and records that you have
identified as being necessary to ensure your management system can be maintained efficiently and
improve over time.

There are several processes and procedures that need to be established; however, the ISO 17025 standard
does not require them to be written down. Even so, in order to generate and retain suitable records as
evidence of effective implementation, many companies choose to do so. To decide whether you need to
document a process or not, answer this question first – is there a chance that the process won’t be carried
out as planned if not documented? If the answer is yes, then it’s best to document it. In most cases, this
is the best way to ensure that your Quality Management System is effectively implemented. So, let’s see
the list of commonly used ISO 17025 non-mandatory documents.

Non-mandatory documents and records

Document or Record ISO 17025:2017 Clause

Addressing Risks and Opportunities Procedure 8.5.2; 8.5.3

Evaluation of Measurement Uncertainty Procedure 7.6

Measurement Uncertainty Checklist 7.6.1

Internal Audit Process Checklist 8.8.1

Internal Audit Procedure 8.8.2

Management Review Procedure 8.9

Registry of Key Risks and Opportunities 8.5.2

Copyright © 2019 Advisera Expert Solutions Ltd. All rights reserved. 7

How to structure documents and records
The sections that follow provide an overview of each requirement, as well as recommendations on how
to structure the ISO 17025 documents and records:

Document and Record Control Procedure. This procedure is crucial, as it applies to all documents and
records, whether digital or paper-based, that relate to the activities of performing testing and/or
calibration in the laboratory. To ensure that personnel have access to the latest version of
information required to perform their tasks, this procedure is used to specify who is responsible and
how documents and records are created, approved, distributed, used, reviewed, revised, retained,
protected, and disposed of. Effective control is supported by a master register of internal and
external documents, along with a record register and a registry of documents for retention.

For more help, see the template for the Document and Record Control Procedure.

Quality Policy and Objectives. The Quality Policy is the core document that drives service quality and
improvement. It is written to state the laboratory’s commitment to competence, consistency, and
impartiality of activities. It works best as a standalone document where the policy statements are
listed, along with a description of how these will be achieved.

Objectives are measurable short- and long-term plans for the laboratory, derived from the Quality
Policy statements. A record of objectives is used for planning, monitoring, and measuring the
objectives. It assists with employee awareness and keeping focus on performance and targets.

For more information, see the following articles, which explain ISO 9001 requirements but are also
applicable to ISO 17025: How to Write a Good Quality Policy and How to Write Good Quality Objectives.

The ISO 17025 document templates Quality Policy and Quality Objectives can also help.

Competence, Training and Awareness Procedure. This procedure is central to ensuring personnel
competence and reducing human error. As the standard requires laboratories to follow a risk-based
approach to controlling activities, the focus is on all personnel knowing their responsibilities and
reducing the risk of not meeting the objectives that they influence.

Here there is a need to establish procedures and retain records. This document specifies how
personnel requirements are met, including the training needs and specific competence criteria for
each personnel function that influences laboratory results. A clear description of training needs,
supervision, competence evaluation, authorization, and ongoing competence monitoring is included.

Also applicable to ISO 17025, see the article How to ensure competence and awareness in ISO 9001:2015.

Help yourself further with a document template: Competence, Training and Awareness Procedure.

Externally Provided Products and Services Procedure. A laboratory needs to ensure that all goods,
supplies, and services used in laboratory activities, including equipment, laboratory consumables,

Copyright © 2019 Advisera Expert Solutions Ltd. All rights reserved. 8

and external providers of laboratory services, are suitable. Although this procedure does not
specifically need to be documented, the standard does require the criteria for evaluation, selection,
monitoring, and re-evaluation of the suppliers to be documented, and the best way to do it is through
a procedure.

For more information, see this ISO 9001 article, which is applicable to ISO 17025: Purchasing in QMS
– The Process & the Information Needed to Make it Work.

See also a document template: Externally Provided Products and Services Procedure.

Facilities and Environmental Control Procedure. This document addresses the requirements to ensure
that the laboratory facilities and environmental conditions are suitable to perform the required
testing or calibrations, so that the validity of the results is not adversely affected. Suitable records
are used to monitor environmental conditions, to provide evidence that the controls are in place and
effective.

For help, see a document template: Facilities and Environmental Control Procedure.

Equipment and Calibration Procedure. Key technical requirements and competencies are dependent
on this document, clearly describing the processes to ensure proper functioning of equipment. The
procedure includes requirements for handling, transport, storage, use, and planned maintenance of
equipment in order to prevent contamination or deterioration. A record of all equipment that can
influence the correct performance of the laboratory’s activities and its results is mandatory. The
calibration program for all equipment is documented, in cases where metrological traceability is
required, or when measurement accuracy and measurement uncertainty could affect the validity of
the reported result.

The article What does ISO 17025:2017 require for laboratory measurement equipment and related
procedures? provides some good guidance on this requirement.

Also, check out this document template: Equipment and Calibration Procedure.

Customer Service Procedure. This procedure is used to document the requirements of the customer by
defining the scope and recording customer requests, tenders, and contracts. It is valuable to include a
diagram of the process flow. This procedure also specifies the importance of keeping records of any
communicated dialogue and agreed changes to the original contract.

The best way to ensure customer satisfaction is to include all activities related to the customer service
process in the one procedure. Linked to this procedure are the Customer Satisfaction Questionnaire and
Report of Customer Satisfaction. Customer complaints are best addressed in the subsection Complaint,
Nonconformity and Corrective Action Procedure.

For more help, see this document template: Customer Service Procedure.

Test and Calibration Method Procedure. The choice of methods, the verification and validation process,
techniques, as well as records kept, are documented in this procedure. This ensures that requirements
and controls are specified to ensure that the correct test and calibration methods are chosen to meet
customer requirements. The status of all methods is effectively represented in a register, and a record is

Copyright © 2019 Advisera Expert Solutions Ltd. All rights reserved. 9

used for detailing the Test Method Development, Verification and Validation process and performance
results.

For help, see the available document template: Test and Calibration Method Procedure.

Quality Assurance Procedure. This procedure details the activities required to maintain a quality
assurance system that ensures valid results from all testing and calibration activities. This includes
specifying requirements and controls measures for effective data information management and quality
control. To assure the quality control activities, the procedure should include the available options,
including the use of certified reference materials and participation in proficiency testing. These activities
are essential for the control of activities and to drive improvement.

To ensure all activities are planned and evaluated, this procedure links to evidence through the use of
suitable registers and records used to track activities and performance, such as external quality control
(proficiency testing) and Laboratory Information Management System (LIMS) validation activities.

For help, see these available document templates: Quality Assurance Procedure and associated
Proficiency Testing Record.

Sampling Procedure. This document describes the process of systematic sampling of a smaller population
of materials or parts from the chosen source, under controlled conditions using statistically valid methods.
The records of the Sampling Plan and Sampling Report provide effective control and evidence of following
the procedure.

See the document template Sampling Procedure for more help.

Handling of Items Received for Testing Procedure. This procedure covers the requirements to protect
the integrity of all test and calibration items used for testing or measurement. It is written to protect the
interests of the organization and its customers, specifying how items should be handled during transport,
receipt, handling, protection, storage, retention, and disposal. The Test or Calibration Item Registration
Log is used to ensure item traceability.

See the available document template: Handling of Items Received for Testing Procedure for more help.

Complaint, Nonconformity and Corrective Action Procedure. This procedure defines the activities that
take place to manage complaints, nonconforming work, and when corrective actions are required. It
is written to be applicable to all laboratory activities that may be the subject of complaints or
nonconformities. The Complaint, Nonconformity and Corrective Action Report (CAR) Log is an
effective way to keep an eye on the status of the issue being addressed, while the Corrective Action
Reports provide the detail, including cause analysis.

For more, see the available document template: Complaint, Nonconformity and Corrective Action
Procedure.

Testing Report Procedure. This document is used to outline the requirements for writing test reports, for
both external and internal use, to meet the requirements of ISO 17025:2017 for reporting test results.
Specific requirements for various reports are included, as may be relevant. The document provides the

Copyright © 2019 Advisera Expert Solutions Ltd. All rights reserved. 10

controls needed to assure traceability of administrative and technical information within test reports, as
well as the numbering of reports and associated records.

See the document template: Testing Report Procedure for more help.

Calibration Report and Certificate Requirements Procedure. This procedure applies to all calibration
reports and certificates issued for both external and internal use. The document outlines the requirements
for writing calibration reports and certificates to meet the requirements of the ISO 17025 standard. It also
controls the traceability of information used to generate and issue certificates, as well as the process of
numbering certificates.

For help, see the document template: Calibration Report and Certificate Requirements Procedure.

Internal Audit Procedure. This procedure describes all the audit-related activities: writing the audit
program, selecting an auditor, conducting individual audits, and reporting. It applies to all laboratory
activities that fall under the scope of accreditation including the management of the laboratory, sampling,
tests and/or calibrations, reports, and records.

See the available document template: Internal Audit Procedure for more.

Addressing Risks and Opportunities Procedure. This is a new requirement of the standard to
specifically identify and address risks and opportunities associated with activities of the laboratory.
Although a proactive approach is required to support risk-based decision making, there is no need
for a formal risk management program, nor a mandatory documented procedure. Considering,
however, the importance of meeting this requirement effectively, it is recommended that you
document your approach in a procedure. State your methodology, such as brainstorming, and record
assessments and actions in a risk register / matrix.

For more information, see the following materials: Methodology for ISO 9001 Risk Analysis, which
is also applicable to ISO 17025.

See also this available document template: Addressing Risks and Opportunities Procedure.

Management Review Procedure. Management review requirements are more detailed in the new
revision of the standard. Although a documented procedure is not mandatory, and only the records
of input for review and documented decisions are mandatory, the importance of this process justifies
a documented procedure, to tie all the activities together. This is to ensure effective systematic and
periodic review of the Quality Management System (QMS) in order to evaluate possibilities for
improvement and needs for changes, including the effectiveness of the management system and its
processes, improvement of laboratory activities, and provision of required resources. This procedure is
written to be applicable to all processes within the laboratory QMS. A Management Review Record
provides the control and evidence of undertaking the management review.

See the available document template: Management Review Procedure for more details.

Copyright © 2019 Advisera Expert Solutions Ltd. All rights reserved. 11

Conclusion
ISO 17025 implementation can be a difficult and drawn-out project if it is not implemented correctly from
the beginning. Processes need to be established and defined, while addressing risks, driving improvement,
and establishing documentation. Documentation that is required by the standard, along with additional
non-mandatory documents, makes up a significant part of the QMS implementation. Knowing what
mandatory documentation the standard requires is crucial to a successful implementation and positive
outcome of the laboratory’s accreditation audit.

Laboratories can use a Project Plan to define how to incorporate both mandatory and non-mandatory
documents to meet the intent and purpose of the ISO 17025 standard. By following this approach, you
can efficiently meet the process requirements as well as provide recorded evidence of competence to
ensure valid, consistent work.

Useful materials

A number of documentation templates have been listed within this white paper. In addition, the following
materials are useful for further information:

 ISO 17025 Documentation Toolkit

 The checklist of ISO 17025 implementation steps

 Diagram of ISO 17025 implementation process

 Project plan for ISO 17025 implementation

Copyright © 2019 Advisera Expert Solutions Ltd. All rights reserved. 12

References
 ISO 17025:2017(en) General requirements for the competence of testing and calibration
laboratories

 17025Academy

 9001Academy

About the author

Tracey Evans is an ISO 17025 expert with an MSc degree in Biochemistry, and more
than 15 years’ experience in Laboratory Management Systems. This experience
includes a variety of testing and calibration laboratories in the pharmaceutical,
biotechnology, medical pathology, veterinary, engineering, mining, water, and
agricultural sectors. Tracey has used her insight into ISO 17025 and ISO 9001 to
assist clients in developing and implementing systems, performing method
validation and internal audits, addressing risks and opportunities, and achieving
ISO 17025 accreditation. Tracey also has a working knowledge of GLP and GCP and
has expertise as an internal auditor for a GCP laboratory.

Copyright © 2019 Advisera Expert Solutions Ltd. All rights reserved. 13

 Advisera Expert Solutions Ltd
for electronic business and business consulting
Zavizanska 12, 10000 Zagreb
Croatia, European Union
Email: support@advisera.com
U.S. (international): +1 (646) 759 9933
United Kingdom (international): +44 1502 449001
Toll-Free (U.S. and Canada): 1-888-553-2256
Toll-Free (United Kingdom): 0800 808 5485
Australia: +61 3 4000 0020

Copyright © 2019 Advisera Expert Solutions Ltd. All rights reserved. 14