This is the fifth in a series of posts about the transition to ISO/IEC 17025:2017, General requirements for the competence of testing and calibration laboratories.
In the first post on the ISO/IEC 17025:2017 standard, we provided an overview. Then, we discussed clauses 3 through 5 of ISO/IEC 17025, covering terms and definitions, general requirements, and structural requirements. The third post focused on resource requirement detailed in clause 6. The fourth post was about process requirements. Today, we turn to management system requirements.
Clause 8 – Management System Requirements
The laboratory can choose between implementing a management system in accordance with option A or B. Option A lists the minimum requirements for implementation of a management system in a laboratory. Option B allows laboratories to establish and maintain a management system in accordance with the requirements of ISO 9001.
The requirements for documentation related to the operation of the management system have been significantly reduced. They are:
- Management system policies and objectives
- Analysis of customer feedback
- Corrective actions, nonconformities related records
- Internal audit and results records
- Management review input and output record
There are no requirements for documented procedures related to management system activities or a quality manual.
Much of what is different in the standard is a matter of focus rather than additional requirements. It is less prescriptive (using risk-based thinking) and more focused on the outcomes of processes. While it may appear during the initial review of ISO/IEC 17025:2017 that several requirements are no longer present, the concepts remain. Risk-based thinking requires the laboratory to consider the risks and opportunities associated with the laboratory activities, which are described throughout the standard and include risks related to impartiality, statements of conformity, nonconforming work, and corrective actions. The standard doesn’t require a formal approach to risk-based thinking or a documented risk management process.
I the final post of this series, we look at considerations for the transition to ISO/IEC 17025:2017.