ISO/IEC 17025:2017 Changes

from the 2005 Version

Welcome and objectives
By J.E.J. (Ned) Gravel
 Course Outline

Welcome and objectives

Structure of the 2017 Revision
Changes to Organisation/Process Requirements
Changes to Technical measurement requirements
Changes to Management system requirements
 Welcome!!

• Aims of this Course

– To provide laboratory staff and assessors with a
good understanding of the new requirements in
ISO/IEC 17025:2017
• Expected Results of this Course
– Your ability to better appreciate all aspects of the
changes made to the laboratory QA/QC standard
used in accreditation
 Written Materials

You will not do well in this course if you do not have your
own copy of ISO/IEC 17025:2017. Please stop here and
resume when you have your copy with you.

The following materials are available to assist participants

in this course.
• 17025 Joint Communiqué
• ILAC P10 (Traceability)
• APLAC TC 002
• APLAC TC 003
 Course Grading

Participants who wish to receive a Certificate

of Successful Completion must obtain 70% on
the end-of-course quiz.
ISO/IEC 17025:2017 Changes
from the 2005 Version
Structure of the 2017 Revision
By J.E.J. (Ned) Gravel
 Course Outline

Welcome and objectives

Structure of the 2017 Revision
Changes to Organisation/Process Requirements
Changes to Technical measurement requirements
Changes to Management system requirements
 New Structure of 17025

2005 Version 2017 Version

1-Scope 1-Scope
2-Normative References 2-Normative References
3-Terms & Definitions 3-Terms & Definitions

4-General Requirements
CHANGES!!
5-Structural Requirements
4-Mgt Requirements 6-Resource Requirements
5-Technical Requirements 7-Process Requirements
8-Management Requirements

Annex A – 9001 Cross Annex A – Metrological Traceability

References Annex B – Management System
Annex B – Guidelines for
Applications
 New Structure of 17025

2005 Version 2017 Version

4.1 Organization -> 5 Structural
4.2 Mgt System -> 8.2
4.3 Document Control -> 8.3
4.4 Review of Requests -> 7.1
4.5 Subcontracting -> 6.6
4.6 Purchasing -> 6.6
4.7 Service to Customer -> Throughout ????
4.8 Complaints -> 7.9
4.9 NCW -> 7.10, 8.7, (8.5 Risks and Opportunities)
4.10 Improvement -> 8.6, (8.5 Risks and Opportunities)
4.11 Corrective Action -> 8.7
4.12 Preventive -> (8.5 Risks and Opportunities)
4.13 Control of Records -> 7.5, 7.11, 8.4
4.14 Internal Audit -> 8.8
4.15 Management Review-> 8.9
 New Structure of 17025

2005 Version 2017 Version

5.2 Personnel -> 6.2

5.3 Accommodation & Environ -> 6.3
5.4 Methods -> 7.2
5.5 Equipment -> 6.4
5.6 Traceability -> 6.5, 7.6
5.7 Sampling -> 7.3
5.8 Handling of Samples -> 7.4
5.9 Quality Assurance -> 7.7
5.10 Reporting -> 7.8 (7.8.6 “Decision Rule”)
ISO/IEC 17025:2017 Changes
from the 2005 Version
Organisation / Process Requirements
By J.E.J. (Ned) Gravel
 Course Outline

Welcome and objectives

Structure of the 2017 Revision
Changes to Organisation/Process Requirements
Changes to Technical measurement requirements
Changes to Management system requirements
 CHANGES - ORGANISATION CLAUSES

4.1 – Impartiality:
• This definition given is circular – the thing
describes itself = not very good.
• Consider impartiality to mean the following:
Impartiality is about decisions being made (or work
being done) are based solely on the objective
criteria related to the conformity assessment issues
under consideration and no other. No other
consideration is allowed to influence the outcome,
the work or any related decisions.
 CHANGES LEADING TO NEW CLAUSES

4.2 – Confidentiality:
4.2.1 legally enforceable commitments with all
parties, staff, subcontractors, etc
4.2.2 specific conditions regarding release of
information
4.2.3 not to reveal sources of information
4.2.4 everyone agrees to the rules.
 CHANGES LEADING TO NEW CLAUSES

5 – Structural Requirements:
• Not very much different than Clause 4.1 of the
2005 version.
• Names of top management, technical
manager and quality manager removed.
• Responsibilities allocated to persons
“however named.”
 CHANGES LEADING TO NEW CLAUSES

6 – Resource Requirements:
• This applies to
• People (with the Skills and Knowledge)
• The Environment (with the Facilities and
Equipment)
• Work done by other organisations on behalf of
the lab (4.5 and 4.6 of 2005 version)
• Note that Metrological Traceability is in this
Clause, but we will deal with it under Technical
Measurement Requirements.
 CHANGES LEADING TO NEW CLAUSES

7 – Process Requirements:
• Differences are:
7.1.3 Statement of conformity to specification =
Decision Rule
7.2 Verification of published methods
differentiated from validation of those not
published.
7.3 Sampling requirements now more prescriptive
7.5 Technical records modified to remove bias for
use of paper
 CHANGES LEADING TO NEW CLAUSES

7 – Process Requirements:
• Differences are:
7.7 Imported from 5.9 of the 2005 version with different
specifications. Internal QA and external PT – with
citation of ISO/IEC 17043 in the note.
7.8 Almost identical to 5.10 of the 2005 version with the
exception that customer supplied data is not the
responsibility of the lab. It is the responsibility of the
customer.
Decision Rule – see section on Technical Measurement
Requirements
ISO/IEC 17025:2017 Changes
from the 2005 Version
Technical Measurement Requirements
By J.E.J. (Ned) Gravel
 Course Outline

Welcome and objectives

Structure of the 2017 Revision
Changes to Organisation/Process Requirements
Changes to Technical measurement requirements
Changes to Management system requirements
 FEW TECHNICAL CHANGES

• More specificity in the wording regarding

evaluation of uncertainty of measurement
• Slight modification to the Traceability wording
• Significant modification to wording around
“statement of compliance to specification.”
 UNCERTAINTY OF MEASUREMENT

Clause 7.6 provides more specificity to meet the

requirements for uncertainty of measurement.
• Evaluation of uncertainty means full mathematical
rigour in the identification of contributors and their
contributions
• Estimation of uncertainty means identification of
uncertainties from theoretical models and practical
experience.
 TRACEABILITY OF MEASUREMENT

Clause 6.5 provides more specificity to meet the

requirements for traceability of measurement and This
follows the approach given in ILAC P10
Acceptable sources of calibration are:
–Competent calibration service providers
–Competent reference material producers
–Direct realisation of the SI
Annex A provides non-normative (informative) guidance.
 TRACEABILITY OF MEASUREMENT

A calibration laboratory can demonstrate conformance to 17025 by the

following means. See Annex A, Clause A.3.1:
Laboratories are responsible for establishing metrological traceability in
accordance with this document. … … Calibration results from laboratories
conforming to this document provide metrological traceability.
There are various ways to demonstrate conformity with this document:
• Third party recognition (such as an accreditation body),
• External assessment by customers, or
• Self-assessment.
Assessors from accreditation bodies may wish to consider which of these
methods provides evidence of the competence of the lab producing the
calibration results. Laboratories may wish to consider which of these
methods provides them with formal recognition of demonstrated
competence.
 STATEMENTS OF COMPLIANCE

Decision Rule Definition, ISO/IEC 17025,

Clause 3.7:
rule that describes how measurement
uncertainty is accounted for when stating
conformity with a specified requirement.
 STATEMENTS OF COMPLIANCE

Implementation of the Decision Rule: ISO/IEC 17025,

Clause 7.1.3 (Get ready to use it):
When the customer requests a statement of conformity to a
specification or standard for the test or calibration (e.g.
pass/fail, in-tolerance/out-of-tolerance), the specification or
standard and the decision rule shall be clearly defined.
Unless inherent in the requested specification or standard,
the decision rule selected shall be communicated to, and
agreed with, the customer.
 STATEMENTS OF COMPLIANCE

Implementation of the Decision Rule: ISO/IEC 17025,

Clause 7.8.3.1 b) (Reporting it):
In addition to the requirements listed in 7.8.2, test reports
shall, where necessary for the interpretation of the test
results, include the following:
b) where relevant, a statement of conformity with
requirements or specifications (see 7.8.6);
 STATEMENTS OF COMPLIANCE

Implementation of the Decision Rule: ISO/IEC 17025,

Clause 7.8.3.1.c) (Reporting Uncertainty):
In addition to the requirements listed in 7.8.2, test reports
shall, where necessary for the interpretation of the test results,
include the following:
b) where applicable, the measurement uncertainty presented in the
same unit as that of the measurand or in a term relative to the
measurand (e.g. percent) when:
— it is relevant to the validity or application of the test results;
— a customer's instruction so requires, or
— the measurement uncertainty affects conformity to a specification
limit;
 STATEMENTS OF COMPLIANCE

Implementation of the Decision Rule: ISO/IEC 17025,

Clause 7.8.4.1 e) (Reporting Calibration):
In addition to the requirements listed in 7.8.2, calibration
certificates shall include the following:
b) where relevant, a statement of conformity with
requirements or specifications (see 7.8.6);
 STATEMENTS OF COMPLIANCE

Implementation of the Decision Rule: ISO/IEC 17025,

Clause 7.8.6.1) (Specifying the Rule):
When a statement of conformity to a specification or standard
is provided, the laboratory shall document the decision rule
employed, taking into account the level of risk (such as false
accept and false reject and statistical assumptions) associated
with the decision rule employed, and apply the decision rule.
NOTE Where the decision rule is prescribed by the customer,
regulations or normative documents, a further consideration of
the level of risk is not necessary.
The Risk associated with this Decision is assumed by others!!
 STATEMENTS OF COMPLIANCE

Implementation of the Decision Rule: ISO/IEC 17025,

Clause 7.8.6.2) (Specifying the Reporting):
The laboratory shall report on the statement of conformity,
such that the statement clearly identifies:
a) to which results the statement of conformity applies;
b) which specifications, standards or parts thereof are met or
not met;
c) the decision rule applied (unless it is inherent in the
requested specification or standard).
ISO/IEC 17025:2017 Changes
from the 2005 Version
Management System Requirements
By J.E.J. (Ned) Gravel
 Course Outline

Welcome and objectives

Structure of the 2017 Revision
Changes to Organisation/Process Requirements
Changes to Technical measurement requirements
Changes to Management system requirements
 MANAGEMENT SYSTEM OPTIONS

ISO/IEC 17025 Introduces the Concept of

Two QMS Options for Labs (Reason 1)
There was an increased need to convince
management system registrars (and their
clients) that laboratories operate a system
that is seen as conforming to ISO 9001, as
well as to ISO/IEC 17025.
 MANAGEMENT SYSTEM OPTIONS

ISO/IEC 17025 Introduces the Concept of Two QMS Options

for Labs (Reason 2)
There has also been, since the 17025:1999 a strong push
from the certification industry to allow registrars to certify labs
to 17025, because the wording in Clause 4 of that standard
mirrored the 1991 version 9001.
Experience proved that the Joint IAF-ILAC-ISO Communique
on 17025 regarding equivalence was not enough. The 2017
version of that declaration is published on (
http://ilac.org/?ddownload=120917)
 MANAGEMENT SYSTEM OPTIONS

ISO/IEC 17025 Introduces the Concept of Two QMS

Options for Labs (Reason 3)
The two-option requirement is also now part of the
mandatory requirements of all CASCO standards
contained in the CASCO Required Common
Elements document, QS-CAS-PROC/33.
ISO/CASCO WG 44 was not allowed to eliminate it.
 MANAGEMENT SYSTEM OPTIONS

WHAT ARE THE OPTIONS?

OPTION A – Implement all of 8.2 to
8.9.
OPTION B – Implement a QMS in
accordance with the requirements of
ISO 9001.
 MANAGEMENT SYSTEM OPTIONS

WHAT ARE THE CONDITIONS?

OPTION A – None. All current 17025 QMS processes

remain virtually unchanged (two notable differences)
OPTION B – Implement a system that is capable of
supporting and demonstrating the consistent fulfilment of
the requirements of Clauses 4 to 7, and also fulfils at least
the intent of the management system requirements
specified in 8.2 to 8.9.
 MANAGEMENT SYSTEM OPTIONS

WHAT ARE THE IMPLEMENTATION LIMITATIONS?

OPTION A – Labs must now understand Risk components

of the QMS (see primarily 8.5)
OPTION B – Labs must now be able to provide evidence of
intent (which is OK for policies but does not work for
procedures or records) or labs must implement 8.2 to 8.9.
See OPTION A above.
 MANAGEMENT SYSTEM OPTIONS

WHAT ARE THE ASSESSMENT LIMITATIONS?

OPTION A – Assessors must now understand

Risk components of the QMS (see primarily 8.5)
OPTION B – Assessors must now be able to
assess against intent (which we cannot do) or
assess against 8.2 to 8.9. See OPTION A above.
 MANAGEMENT SYSTEM CHANGES

WHAT ARE THE CHANGES TO QMS?

8.2 – QMS Documentation:

• QMS need only contain policies and objectives for
fulfilment of requirements. Procedures no longer
specified.
• Policies and objectives need only address the
competence, impartiality and consistent operation of the
laboratory. “Consistent operation” really means
procedures.
 MANAGEMENT SYSTEM CHANGES

WHAT ARE THE CHANGES TO QMS?

8.3 – Control of QMS Documents:

• No longer refer to hand-written amendments
• No “Master List” but still need records of location and
status.
• Still need to produce and provide evidence of some
method of creation, approval, review, update, and
obsolescence.
 MANAGEMENT SYSTEM CHANGES

WHAT ARE THE CHANGES TO QMS?

8.4 – Control of QMS Records:

• Technical records requirements are
now separate and contained in 7.5
• Legibility is still a requirement.
 MANAGEMENT SYSTEM CHANGES

WHAT ARE THE CHANGES TO QMS?

8.5 – Risks and Opportunities:

8.6 – Improvement:
• Read “feedback” and “preventive
action” from the 2005 version.
 NEW – RISK BASED THINKING

NEW Risk based thinking is throughout the revision to

17025. See ISO 31000: Risk Management, to view the
ISO approaches that impact how organisations can
implement the concept.
The Concept of Risk Management is a combination of
the SWOT analysis of strategic planning and the
processes normally used in lab continual improvement.
Good things (improvements = OFI) and bad things
(NCs/PNCs) are the issues to identify and then address.
 PROFOUND BUT ALREADY THERE

These approaches already existed in clauses 4.7 and

4.9 to 4.12 of the 2005 version but they were not well
written.

We did not know what we did not know.

 RISK BASED THINKING

Risk based thinking involves three considerations

and three actions. The considerations are:
• Risk is not only about things going bad (NC/PNC),
but includes doing things better
(Opportunity/Benefit).
• We cannot ignore risks that have been identified.
• Risk analysis is not a complex task.
 CONSEQUENCE COUNTS MOST

Consider the Consequence first.

The joy of paying very little for a test or calibration

today will be long forgotten but the customer’s pain
of getting a technically invalid result will last a long
time.
 SIMPLEST DEFINITION OF RISK

RISK =
MOST IMPORTANT OF THE TWO!!
Cost/Penalty/Benefit of the occurrence
(Monetary/organisation/personal loss or benefit)
Multiplied by
Probability of an occurrence
(could be a good occurrence or a bad one)
MOST IMPORTANT OF THE
TWO!!

Risk = (cost/benefit x 𝛔)
 SIMPLE EXAMPLES OF RISK

Case 1 (Adverse)
If consequence = injury of a person
And probability = once per year
Risk = injury of a person once every year.

Case 2 (Benefit)
If consequence = reduction of process cost by $10
And probability = once per day
Risk (Benefit) = $3,650 per year less cost.
 SIMPLE EXAMPLES OF RISK

Case 3 (Adverse)
If consequence = complaint against lab
And probability = every EMC or strength test result
Risk = Permanent loss of business for lab

Case 4 (Benefit)
If consequence = satisfaction of lab clients
And probability = every EMC or strength test result
Risk (Benefit) = Growth of lab business
 TREATING IDENTIFIED CONDITIONS

There are three simple actions used to treat identified conditions

that impart risk:
1. Identify conditions and circumstances from all sources that
may impact our operations, our successes, our corporate
objectives, and the integrity of our services.
2. Determine the impact of these conditions and circumstances
(risk analysis and evaluation) – the good and the not-so-good.
3. Take action to address them:
– Treat them (risk treatment).
– Reduce (mitigate) adverse affects (and record them).
– Enhance positive ones (and record them).
 TREATING IDENTIFIED CONDITIONS

Simplest Approach (from Continual Improvement)

• Identify the condition
• Take immediate remediation action (where required)
• Determine the risk or benefit presented by the condition
– Impact on integrity or enhancement of accreditations
– Impact on risk to business (reputation) or people (safety)
– Impact of cost, efficiency, effectiveness
– Amount of effort to address

• Determine any root cause

• Determine the permanent resolution (including those for any OFI)
• Document the permanent resolution
 MANAGEMENT SYSTEM CHANGES

WHAT ARE THE CHANGES TO QMS?

8.7 – Corrective Action:

• Almost the same as the 2005 version
• Include risk in identification,
determination and solution
 MANAGEMENT SYSTEM CHANGES

WHAT ARE THE CHANGES TO QMS?

8.8 – Internal audits:

8.9 – Management review:
• Almost the same as the 2005 version
• Internal audits now consider results of previous audits
• Ensure results of audits are reported to relevant
management (management review?)
• Management review now lists 15 inputs and 4
outputs. Need evidence for ALL of them.
 TAKE THE QUIZ

NOW IT IS TIME TO TAKE THE QUIZ AND E-MAIL IT TO:

J.E.J. (Ned) Gravel

Manager, Training.
International Accreditation Service
ngravel@iasonline.org