ISO/IEC 17025:2017 Training Online

ISO 17025:2017

Article Overview: Fluke Calibration offers free, online ISO/IEC 17025 training to address the 2017 changes in the form of previously-recorded, on-demand webinars. This page briefly describes ISO/IEC 17025, provides an overview of the
2017 changes, and offers links to free training webinars.

ISO/IEC 17025 training online – free educational webinars

Following is a list of four free ISO/IEC 17025 training webinars by Fluke. Each of these webinars could be considered a mini ISO/IEC 17025 training course. Each webinar is in the format of training video where Jeff Gust, Chief Corporate Metrologist at
Fluke, or one of his metrologists, walks you through their PowerPoint (ppt) presentation. Each webinar concludes with a pre-recorded questions and answers session. The training webinars are each approximately one hour long and have been pre-recorded
so that you can watch them online at your convenience.

A description of ISO/IEC 17025 and the topics of the online webinars are briefly introduced below.

What is ISO/IEC 17025? Why is it important?

ISO/IEC 17025 is an international quality standard for calibration laboratories. This standard can be used by any calibration laboratory, accredited or not, to ensure competency in the calibration laboratory. However, attainingaccreditation to this standard
allows your lab’s test and calibration results to be accepted globally through the International Laboratory Accreditation Cooperation (ILAC). The document focuses on measurement quality and integrity. It ensures technical competence and provides requirements
for organizational structure to ensure consistency and clear output for clients. The document was updated in 2017 (ISO/IEC 17025:2017), and ILAC approved a three-year transition period for accreditation bodies to align themselves to the new standard.

Fortunately, there have been very few changes to the overall requirements. The 2017 version of the document represents a restructuring of the existing clauses in the 2005 version with a few key differences. Notable changes include improved alignment with
ISO 9001:2015, clarification on “stand-alone” sampling, newly outlined “decision rules” for pass/fail decisions, and considerations for “risk and opportunity” throughout.

How the 2017 Version Maps to the 2005 Version

The 2005 version of the document (ISO/IEC 17025:2005) was focused on managing risk through “checkbox” requirements. It required accredited labs to have a quality manual, policies, procedures, job descriptions, top management requirements, a quality manager,
and technical manager. A lab was required to show that it was organized in a certain way, and an assessor would check that those requirements were met.

ISO/IEC 17025:2017 shifted focus from prescriptive requirements to outcomes. This means that the document no longer requires as many procedures and policies and instead focuses on the general level of care for the customer. In this case, the assessor
will want to see what actions your lab is taking to comply with the requirements, rather than simply reviewing existing policies, to ensure that you’re achieving the expected result.

Here is an example clause highlighting the change in focus from requirements to outcomes:

ISO/IEC 17025 – 2005 Version
Lab shall have policies and procedures to ensure protection of confidential information, including electronic storage and transmission of results.

ISO/IEC 17025 – 2017 Version
The lab shall ensure the protection of confidential information, including electronic storage and transmission of results.

Otherwise, the document looks very similar to prior versions, though many of the sections had been moved in order to comply with the International Organization for Standardization (ISO) Committee on Conformity Assessment (CASCO) formatting requirements,
and to establish the clauses around a natural process flow for the laboratory . Here is a useful map that explains where old sections may be found in the new version of the document:

ISO/IEC 17025: 2005 map to ISO/IED 17025: 2017

The new document’s format is:

Foreword

Introduction

1 Scope

2 Normative References

3 Terms and Definitions

4 General Requirements

5 Structural Requirements

6 Resource Requirements

7 Process Requirements

8 Management Requirements

Annex A

Annex B

Bibliography

Would you like a more in-depth training and overview of the changes? Chief Corporate Metrologist Jeff Gust may be able to offer additional clarity in his free, online webinar: Introduction to ISO 17025 – 2017 Revision.

Decision Rules

As defined in section 3.7 of the ISO/IEC 17025:2017, a decision rule is a rule that describes how measurement uncertainty is accounted for when stating conformity with a specified requirement. Decision rules explain how we deal with uncertainty and what
level of risk we have during the measurement (calibration or test) process. Before the 2017 revision, ISO/IEC 17025 stated simply that a statement of compliance (pass/fail) must take uncertainties into account.

Most customers who submit a device for test or calibration want to know if their instrument is good or bad, but the previous standard has no wording to help address that need. The previous version did not require the laboratory to involve customers in
choosing an acceptable degree of risk. ISO/IEC 17025:2017 requires the lab to agree with the customer on the level of risk associated with pass/fail decisions, so your customers will also need to be involved in choosing the decision
rule.

Decision rules are based on acceptable degrees of measurement decision risk. In calibration, we focus on two types of measurement decision risk: false accept and false reject. When an instrument is declared out-of-tolerance, but the instrument is actually
in-tolerance, it is referred to as a false reject. A false rejection can lead to unnecessary adjustment, repair, or replacement. When an instrument is declared in-tolerance, but the instrument is actually out-of-tolerance, it is referred
to as a false accept. A false accept runs the risk of putting out-of-tolerance equipment into the field, which can be a tremendous safety or quality risk.

Section 7.8.5.1 – When a statement of conformity to a specification or standard is provided, the laboratory shall document the decision rule employed, taking into account the level of risk (such as false accept and false reject and statistical
assumptions) associated with the decision rule employed and apply the decision rule.

The amount of acceptable measurement decision risk usually depends on the application of the product being calibrated. For example, an airline may need an extra small degree of false accept risk, because lives could be lost if mistakes are made. A less
precise process may be able to accept a higher degree of measurement decision risk. Often, customers will ask for as close to 0% measurement decision risk as possible, and it may be necessary to remind them that 0% measurement decision risk can incur
infinite costs. The chance of making a false accept or false reject can be understood as a probability, which is usually expressed as a percentage. When a customer requests a calibration, they typically don’t consider the false reject risk, but they
are concerned about the false accept risk. Some customers may specify a maximum acceptable risk, and others may require that you use a specific decision rule as a means to control that risk.

Section 7.8.6.2 The laboratory shall report on the statement of conformity such that the statement clearly identifies:

to which results the statement applies,
which specifications, standards, or parts thereof are met or not met, and
the decision rule applied (unless it is inherent in the requested specification or standard).

There are many different decision rules available for use. As long as you agree to them and document them, you can use any given decision rule. Most decision rules fall into two types: 1) rules that control risk by specifying a minimum uncertainty and
2) rules that control consumer risk by testing to a value that is smaller than the specification. Commonly used decision rules include:Where the decision rule is prescribed by the customer, regulations, or normative documents, a further consideration
of the level of risk is not necessary.

ISO 14253
Simple pass/fail
N:1 Rules
By Legislation
Documented by method
Industry expectation
Client required
Specified risk (e.g. PFA)
Others

For more training about decision rules, check out Jeff Gust’s on-demand webinar on the subject: Decision Rules and ISO/IEC 17025.

Managing Risk

ISO/IEC 17025:2017 requires a laboratory to plan and implement actions to address risks and opportunities. Addressing both risks and opportunities establishes a basis for increasing the effectiveness of the management system, achieving improved results,
and preventing negative effects. The laboratory is responsible for deciding which risks and opportunities need to be addressed.

8.5.1 The laboratory shall consider the risks and opportunities associated with the laboratory activities in order to:
a.) give assurance that the management systems achieves its intended results;
b.) enhance opportunities to
achieve the purpose and objectives of the laboratory;
c.) prevent or reduce undesired impacts and potential failures in the laboratory activities; and
d.) achieve improvement

A summary of new risk requirements includes:The actions taken to address risks and opportunities should be proportional to the potential impact on the validity of laboratory results. Options to address risk may include identifying and avoiding threats,
raking risks in order to peruse an opportunity, eliminating the risk source, changing the likelihood of consequences, sharing the risk, or retaining risk by informal decision.

Identify risk to impartiality (4.1)
Eliminate risk to impartiality (4.1)
Level of risk in statement of conformity (7.8)
Non-conforming work – action based on risk level (7.10)
Corrective action – update risks and opportunities (8.7)
Management review – results of risk identification (8.9)
Consider the risks and opportunities (8.5.1)
Plan actions to address risks and opportunities (8.5.2)
Plan how to integrate and implement these actions into its management system (8.5.2)
Plan how to evaluate the effectiveness of these actions (8.5.2)
Be proportional to the potential impact (8.5.3)

Refocusing on risk identification allows the document the freedom to focus on outcomes. It is important to note that, although this ISO/IEC 17025:2017 specifies that the laboratory must address risk, there is no requirement for formal methods for risk
management or a documented risk management process. Laboratories have the freedom to decide whether or not to develop a more extensive risk management methodology than is required by ISO/IEC 17025:2017.

This on-demand webinar on managing risk by Frank Liebmann covers several tools for addressing risk, including a comprehensive overview of Failure Mode and Effect Analysis (FMEA). Other options include: risk register, flowcharts, monte-carlo, root cause analysis, probability and impact matrix (risk screening), and pareto diagrams.

Improved ISO 9001 Alignment

ISO 9001 is another common quality standard, but conformity of the management system within which the laboratory operates to ISO 9001 requirements does not in and of itself demonstrate the laboratory’s competence to produce technically valid data and
results. This is accomplished through compliance with clauses 4 to 7 of ISO/IEC 17025:2017. Because many laboratories seek accreditation to both standards, the new ISO/IEC 17025 has largely been aligned with ISO 9001 for requirements and terms.

ISO/IEC 17025:2017 offers two options for calibration labs. Option A allows laboratories to use 17025 directly, and option B allows laboratories to use ISO 9001 while ensuring that the management system meets the technical requirements of ISO/IEC 17025.
Ultimately, there has not been much change except for better alignment, which will eliminate the need to be audited twice if your lab is registered to ISO 9001.

Management System Options
1.2 Option A lists the minimum requirements for implementation of a management system in a laboratory. Care has been taken to incorporate all those requirements of ISO 9001 that are relevant to the scope
of laboratory activities that are covered by the laboratory’s management system. Laboratories that comply with clauses 4 to 7 of ISO/IEX 17025 and implement option A of clause 8 will therefore also operate in accordance with the principles
of ISO 9001.

1.3 Option B allows laboratories to establish and maintain a management system in accordance with requirements of ISO 9001 in a manner that supports and demonstrates the consistent fulfillment of clauses 4 to 7 of ISO/IEC 17025. Laboratories
that implement option B of clause 8 will therefore also operate in accordance with ISO 9001.

For more information and training on the improved alignment with ISO 9001, we suggest watching Jeff Gust’s overview of ISO/IEC 17025:2017 in this on-demand webinar.

Principles of Internal Auditing to ISO/IEC 17025

The purpose of an internal audit is to verify that the laboratory complies with its stated quality system requirements. ISO/IEC 17025 requires that internal audits are conducted at planned intervals to ensure conformance to ISO/IEC 17025 and the laboratory’s
documented policies.

A well-organized internal audit with clearly written nonconformities greatly benefits the laboratory’s conformance to requirements, keeps customers satisfied through the conduct of sound technical practices and minimizes efforts required by the laboratory
for external laboratory accreditation assessments.

For more information and training on Principles of Internal Auditing to ISO/IEC 17025, we suggest watching Jeff Gust’s overview on internal auditing in this on-demand webinar.

Summary

ISO/IEC 17025:2017 should look very similar to the 2005 version. Primary differences revolve around decision rules, customer communication, and risk management. The calibration lab must communicate with the customer in order to build an understanding
of what the calibration service will provide. Both parties should agree on a decision rule, communicate the level of risk associated with it, and report that information on the calibration certificate. The lab and customer should also agree on acceptable
degrees of risk and attempt to document risks and opportunities anywhere they may exist in the business.