This is the second in a series of posts about ISO/IEC 17025:2017, General requirements for the competence of testing and calibration laboratories, the global reference for laboratories carrying out calibration and testing activities worldwide.
In our previous post, we gave a general overview of the 2017 version of the standard. This post focuses on clauses 3, 4, and 5.
Clause 3 – Terms and Definitions
Terms and definitions have been updated to include the terminology of ISO/IEC 17000, Conformity assessment— Vocabulary and general principles, and ISO/IEC Guide 99, International vocabulary of metrology — Basic and general concepts and associated terms. Definitions of the following terms are also included: impartiality, complaint, inter-laboratory comparison, intra-laboratory comparison, proficiency testing, laboratory, decision rule, verification, and validation.
The definition of laboratory includes testing, calibration, and sampling (associated with subsequent testing or calibration activities).
The acknowledgement that some organizations may perform only sampling activities is a new concept in the standard. Use of or accreditation to the standard can provide confirmation of competence of an organization providing sampling services.
If an organization performs only sampling and samples are forwarded to a laboratory for testing or calibration, then the sampling organization can be recognized by using the standard regarding the organization’s sampling activity and management system. This would ensure that the sampling activity doesn’t affect the related test or calibration results. Requirements for sampling organizations are similar to those for testing and calibration laboratories: A management system must be in place, personnel must be competent, equipment must be calibrated and maintained properly, sampling procedures must be validated, and the quality of sampling must be assured.
Clause 4 – General Requirements
Clause 4 covers impartiality and confidentiality requirements. While these concepts were mentioned in the 2005 version of the standard, there are now clearer requirements.
Risk-based thinking is used throughout the standard. While there are clauses addressing risks and opportunities, the standard also identifies specific requirements to use risk-based thinking with respect to impartiality. The first specific reference is in clauses 4.1.4 and 4.1.5, which require the laboratory to identify and eliminate or minimize risks related to impartiality on an ongoing basis.
Confidentiality requirements include management of all information obtained or created during performance of laboratory activities. The standard also discusses how to handle the release of confidential information when required by law or authorized by contractual arrangements. The confidentially requirement extends to laboratory personnel, including any committee members, contractors, personnel of external bodies, and individuals acting on the laboratory’s behalf. Confidentiality is to be maintained when information is obtained from sources other than the customer (e.g., complainants or regulators), in which case the source of the information is to be considered confidential to the laboratory and shall not be shared with the customer, unless agreed by the source.
Clause 5 – Structural Requirements
Clause 5 defines main requirements, including the legal-entity status of the laboratory, organization and management structure, identification of management, definition and documentation of the range of laboratory activities, documenting procedures, and availability of personnel responsible for implementing and maintaining the integrity of the management system. There are minimal changes from the previous version of standard, mainly rephrasing and clarification.
In our next post, we turn our attention to clause 6 of ISO/IEC 17025:2017 on resource requirements.