[This series of articles discusses the ISO 17000 family of standards, which are often obscure and complex. For links to the full series of articles, click here.]
ISO 17025 is the most complicated standard of the ISO 17xxx family, and one that presents the most difficulty in implementation. This is because it covers dual ground — applying to both calibration laboratories and test labs — and then presents some complex requirements which must be interpreted differently for either type of lab.
For the calibration side, the typical application is for a third-party laboratory that performs calibration on client devices or tools, with the intent of providing an official “calibration certificate” for each device. Such labs need to ensure their resulting certifications are accurate, and that all measurements are traceable to national standards.
A less common application, but nonetheless useful, is for companies that have an in-house calibration department that wants to ensure its own results and methods. Applying ISO 17025 to an internal calibration department is more common in large companies, of course, but this does seem to be growing in popularity.
For the test laboratory side, ISO 17025 is aimed at companies that provide contract product testing which results in a formal test report that, again, is traceable to national standards. The problem here is that (as I wrote previously) there is a lot of overlap between this and the standard for inspection bodies (ISO 17020), as well as the standard for product certification (ISO 17065.) This causes endless confusion. The rule of thumb — and it’s wobbly, so don’t hold it as gospel — is that if you issue a test report but do not certify the product, then ISO 17025 is applicable. If you certify an entire line of products, and not simply test a given batch or individual unit, then ISO 17065 is probably the right standard. If you only perform inspection, and issue an inspection report without any other need for certification or traceability, then ISO 17020 might be the right choice — maybe. (Yes, it’s a mess. Click the image at right for a decision helper graphic on this subject.)
As with many of the ISO 17xxx standards, it might be worth having a consultation on how to implement ISO 17025 within your organization, or to understand if it’s even the right standard to use.
The ISO 17025 Requirements
ISO 17025 requirements include:
- Impartiality: the laboratory must have controls (best addressed via procedures) that ensure it can issue its reports and certificates fairly and impartially. This then rolls into control and management of conflicts of interest.
- Confidentiality: Labs have access to confidential information related to their clients, such as when a device is out of calibration or a product fails a given test. As a result, the laboratory must have controls in place (again, procedures are likely necessary) to ensure the management of confidentiality, to ensure this information does not escape into the wild.
- Structural Requirements. ISO 17025 understands that many user organizations may be part of larger organizations, introducing possible conflicts of interest. The standard addresses this by requiring that the calibration or test lab be able to prove it operates independently of any other part of the organization, such as a manufacturing or production division. The standard then defines some other minimal organizational requirements for user labs.
- Personnel & Competence. ISO 17025 goes on to require that the lab has sufficient staff to carry out the full range of duties under the scope of its activities. Then, it requires the lab to define the competency requirements for these staff members, and provide training or other actions to ensure that competency.
- Equipment. ISO 17025 goes into some significant detail on requirements related to equipment, since faulty or inaccurate equipment can lead to dubious calibration or test results. Readers of other ISO 17xxx standards will notice that this standard increases the requirements in this area, accordingly. Of specific note are the requirements that the lab set up its own calibration system, that it maintain significant equipment-related records, and that equipment is used and handled properly. Again, the requirements here are numerous, and best supported by documented procedures.
- Metrological Traceability. Here ISO 17025 defines how the lab’s devices and standards must be traceable to national standards or other equivalent “known good” sources. This is to ensure the resulting certificates can be trusted, by demonstrating an unbroken chain of accuracy.
- Complaints. Unlike other ISO 17xxx standards, ISO 17025’s section on complaints is rather slim. Nevertheless, it requires a method for handling customer complaints. I find that very simple procedures (using ISO 10002 as guidance on complaints handling) work great, and tying them into the lab’s corrective action system makes it very easy to manage, without needing to create an entirely separate complaints tracking tool.
- Process Requirements. The largest section of the standard is dedicated to requiring the lab to define its activities, and ensure they comply with numerous rules. Here is where things can deviate dramatically between calibration and test laboratories. This article won’t go into all the requirements here, but I will point out ones that present the heaviest amount of work:
- Determination of Methods. The lab must determine its methods for conducting calibration or testing, and define them. For calibration labs, this is generally easier, while test labs may find they have a bit more challenge here. When the methods are selected, they must be documented and validated; that last point is a common stumbling block.
- Sampling. If sampling is used, the lab must have formal sampling plans that are statistically valid.
- Measurement Uncertainty. Probably the hardest part of any ISO 17025 implementation comes from the requirement to develop formal uncertainty budgets for the calibrations or tests performed. This often requires the use of a professional uncertainty expert (Oxebridge maintains one on contract just for this purpose), and cannot be done by people with only a smattering of experience in the area. While not called out specifically, the work here ties into another document, called the Guide to the Expression of Uncertainty in Measurement, or the “GUM.” Individual accreditation bodies, such as ANAB or A2LA, will then have additional, bolt-on requirements related to uncertainty measurement. Depending on the number of devices or tests provided, the amount of work required for uncertainty budgets can be very, very significant, and can often represent a significant portion of the final implementation budget. User organizations must set their expectations accordingly when preparing for ISO 17025 implementation.
- “Ensuring Validity of Results.” Next to uncertainty, this clause presents another heavy lift for companies pursuing ISO 17025. In short, labs must implement methods to ensure the validity of calibrations and tests performed. While this clause allows for some different methods here, it then goes on to specifically require “interlaboratory comparisons” and/or “proficiency testing.” These latter activities are often complex, slow, and can be costly. To clarify:
- Interlaboratory Comparison suggests you will engage in some formal method to use other labs to correlate and validate the results of your methods.
- Proficiency Testing assumes you will enroll in a formal “PT” program subject to ISO 17043. PT essentially means you will be provided an object to test or measure, and that object then moves on to other labs enrolled in the program, your results are then analyzed in comparison with the other participants to determine if you are within a common range, or if your results are wildly outside of the range. Engaging in PT programs puts your ISO 17025 implementation timeline at the mercy of the program’s participants and timing, which can delay things significantly (up to a year, in some cases.) However, there’s often no other option, especially for calibration labs.
- Reports. ISO 17025 then splits into different sections, providing minimum details for calibration certificates and, then, test reports. It then goes on to define requirements for when such documents may include “opinions and interpretations” and/or “statements of conformity.”
- MS requirements. ISO 17025 demands a minimum quality management system be implemented alongside all of its other requirements. Like many standards within the ISO 17xxx family, they allow two options: implementing ISO 9001 in full, or implementing key QMS elements (which, anyone would notice, were lifted from ISO 9001 anyway.)
- Policies & objectives
- Defining roles, responsibilities, and authorities
- Document control
- Record control
- Management of risks and opportunities
- Control of nonconforming service
- Corrective Action (I typically add “preventive action” on top of this)
- Internal Audits
- Management Review
- Continual improvement
Accreditation to ISO 17025
If you opt to pursue ISO 17025, you would later become accredited by one of the many traditional Accreditation Bodies, such as ANAB, A2LA, UKAS, etc.
A wonky, but crucially important, point here is that while some other ISO 17xxx standards put the user under International Accreditation Forum (IAF) oversight, ISO 17025 puts users under the International Laboratory Accreditation Cooperation (ILAC) oversight instead. This means that your selected accreditation body will be subject to additional ILAC requirements, which will then be flowed down to you. In a practical sense, this means there will be AB and ILAC procedures that you will be required to comply with, on top of all the ISO 17025 requirements.
Oxebridge can help implement ISO 17025; for more information, click here.
About Christopher Paris
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.