Everything You Need To Know About ISO 17025

Speaker/Author:

Benny R. Smith
Inchworm Solutions
Santa Rosa, CA. 95404
(707) 575-0659
(e-mail: benny@inch-worm.com)

ABSTRACT

Have you ever read the text of ISO 17025, “General Requirements for the Competence of Testing and
Calibration Laboratories?” If so, this paper will reinforce your understanding and provide insight into some
subtle issues that you may not have considered. If you have never read the standard, perhaps out of fear or
procrastination, this paper will de-mystify it and give you the understanding that you need to make
decisions about the standard within your organization. It will also dispel some myths that have grown up
around the standard.

Ten Questions
The following list of questions is designed to open your mind for the following answers. These answers
will provide everything you need to know about ISO 17025.

What are ‘standards’?

Definition: Standard (n.) A degree or level of requirement, excellence or attainment.

Examples: ANSI Z540

ISO 17025
ISO Guide 25
MIL-STD 45662A

These represent quality standards that are applied to organizations.

©National Conference of Standards Laboratories. Duplication without written consent is prohibited.

What are ‘quality standards’?
Quality is defined as a degree or grade of excellence, or as fitness for use.

If quality standards apply to products, they are descriptions of how the product must look or perform before
it is sent to the customer. If they apply to organizations, then they are prescriptions for behavior. They
dictate how things are done within a compliant organization.

Example: ISO 17025 Para. 4.3.1 “The laboratory shall establish and maintain procedures to control
all documents that form part of its quality system…”

Why are quality standards necessary?

1. There are dishonest people in this world who will offer a service or product that does not meet its
claims or specifications. They hope that you will not detect the discrepancy.
2. Incapable or incompetent customers cannot verify the product or service for themselves.
3. Suppliers and customers often disagree about the specific definition of quality and/or the level of
quality that is sufficient.

What is the hidden assumption implied by quality standards?

The hidden assumption is that verifying and certifying a process guarantees that the product or
service will perform or provide as advertised (meet its specifications).
ISO 17025 deals with calibration. Any assessment of a laboratory’s compliance to ISO 17025 will
seek proof that the laboratory’s calibration system is actually functioning as prescribed in the
laboratory’s documentation and that that documentation complies with ISO 17025.

Are there alternatives to quality standards and assessments/audits?

Yes. Verification of the product or service by the customer or by a knowledgeable, certified,
credible third-party. Certification of this third-party is usually beyond the capability of most
customers. Hence, the popularity of standards organizations such as ISO.

What is ISO 17025?

ISO 17025 (1999) is “General Requirements for the Competence of Testing and Calibration Laboratories”.
It is a process-control standard containing all of the requirements to insure that testing and calibration
laboratories have a quality system in place, are technically competent and are able to perform valid
measurements.

The Standard can be applied anywhere that testing and/or calibration is done. Although it seems to be
designed for accreditation of high-level calibration labs and standards labs, nothing in the standard prevents
its use in manufacturing or in routine calibration of general purpose instrumentation. The American
Association for Laboratory Accreditation (A2LA) instructs applicants for ISO 17025 certification to
“…evaluate how the criteria [of ISO 17025] apply to your laboratory; identify clauses that do not apply, or
that apply only to a limited extent, and identify the reasons for their non-applicability.”

©National Conference of Standards Laboratories. Duplication without written consent is prohibited.

What are the requirements of 17025?
The requirements of the standard are contained in Sections 4.0 and 5.0.

4.0 Management Requirements

Organization
Quality System
Document Control
Contract Review
Subcontractors
Purchasing
Service to the Client
Complaints
Corrective Action
Control of Records
Internal Audits
Management Reviews

5.0 Technical Requirements

Personnel
Environmental Conditions
Test and Calibration Methods and Method Validation
Equipment
Measurement Traceability
Sampling
Handling of Calibration and Test Items
Assuring the Quality of Results
Reporting Results

Here are my interpretations of the key areas of the Management Requirements:

4.2.1 Documentation
Describe your quality system and your business processes with just enough documentation supported by a
lean, efficient retrieval system. Over-documenting leads to confusion and wastes money.

4.3 Document Control

Review and approval are essential to the credibility of your documentation. Authorization and control of
revisions is necessary to prevent actual processes and their documentation from diverging from one
another. Auditors will expect to see proof that only the latest revisions of process documents are in use.

4.10 Corrective Action

Everyone makes mistakes. It is important to acknowledge this fact by having a system that promptly
identifies and analyzes mistakes and discrepancies, and changes the process to prevent recurrence. It is
important to show that you never repeat a mistake.

4.13 Internal Audits

Periodic internal audits are required by ISO 17025. They are the most effective way to fine-tune your
quality system and they prepare your staff for audits by external agents. Audit results will pinpoint where
effort is needed. Start auditing early and audit often. The results will show you exactly where to put your
improvement effort. Have an experienced auditor show you how to use internal audits as a tool to uncover
weaknesses in your processes.

©National Conference of Standards Laboratories. Duplication without written consent is prohibited.

Here are my interpretations of the key areas of the Technical Requirements:

5.2 Personnel
Selection and training of personnel for calibration lab work is a critical task. Expect a third-party auditor to
look closely at the records for your personnel. Where a repetitive test process has been developed and
certified by engineers, it is not necessary to have skilled calibration personnel as operators. It is sufficient
to show that the process is being executed exactly as specified in the process documents, whether manually
or automatically. Discrepancies in test results are then handled by the engineering staff.

5.4.2 Selection of Methods

A third-party ISO 17025 assessor will understand measurement and will be interested in how and why you
chose the measurement methods in your procedures. Be prepared. Document the reasons for your choices.

5.4.5 Validation of Methods

Without validation, no process has credibility. It is important to validate your measurement processes
before you begin to use them. The validation process must include a thorough analysis, statistical
verification, and, where possible, results from another method or measurement approach as a reality check.

5.4.6 Estimation of uncertainty of measurement

At the very least, this process must follow the internationally-recognized ISO-GUM method. A third-party
auditor will ask to see the uncertainty analysis and for proof that the estimated uncertainty is being applied
to measurement results.

5.5 Measurement Traceability

This is the bedrock upon which your entire measurement system is built. State-of-the-art equipment and
methods are lost-in-space without a solid, documented, traceability path to national or international
standards.

How do you get to be “certified” or “accredited” to ISO 17025?

You must schedule and pass an assessment by a third-party registrar who is accredited by ISO. Depending
on the size of your operation, this assessment could last one day or several days. The registrar will assign
an assessor who understands the technical foundation of your business. The assessor will methodically
apply a detailed checklist that covers all of the requirements of ISO 17025.

A simple, ten-step process for achieving ISO 17025 accreditation is available. It was the subject of a paper
given at the Measurement Scince Conference in 2004. The title is “Achieving ISO 17025 Certification in
10 Easy Steps”. A copy is available at www.inch-worm.com.

This paper outlines a proven approach. If you have no experience with ISO 17025 or with being audited
for quality standards, you may want to hire an expert to get you going.

What should you watch out for?

Beware of bogus help. Select your consultants and accrediting agency (registrar) carefully. Interview them
as you would a prospective employee. Ask about their work and ask to see evidence that they know what
they are talking about. Ask to speak with their prior customers.

Beware of short cuts. The ISO 9000 and 17025 standards focus on your “quality system”. Make certain
that you have one and that it works before you spend your money on an assessment effort. If you leave

©National Conference of Standards Laboratories. Duplication without written consent is prohibited.

something unattended or undocumented, it very likely will be found by the assessor. This will delay your
certification and cost extra time and money.

Beware of “creeping complexity”. A quality system and its documentation do not have to be complicated.
Keep things as simple as possible and maintain a clear, overall outline of the quality system. While
manufacturing or service processes themselves may be complicated, the quality system to manage them
must be straightforward, logical and written in plain language.

What are the common myths associated with ISO 17025?

Compliance with ISO 17025 is free for the customer. Requiring a supplier to comply with the standard
will not increase the cost of the delivered product or service.
Just because a supplier provides a calibration certificate that claims compliance to ISO 17025 does
NOT mean that they have been accredited to the standard. Accreditation costs money. If the
supplier does not already have a quality system in place, creating one will cost money as well. Both
will inevitably be reflected in the price of the product or service.

ISO 17025 requires that only the most accurate test equipment and standards available be used.
The standard only requires that the test equipment be adequate for the measurements at hand.

ISO 17025 assessors will demand to see your business plans and profit/loss statements.
If they do, they are simply being nosey. ISO 17025 contains no mention of business issues or
profitability.

ISO 17025 is totally different from ANSI-Z540.

The standards are more alike than different. A key difference regards measurement uncertainty.

Under ANSI-Z540, documented and defined uncertainty analyses may be used in verifying the
measurement process When they are not used, ANSI-Z540 requires that the collective measurement
uncertainty of the measurement standards should not exceed 25% of the acceptable tolerance for the
measured parameter (i.e., the test-accuracy ratio (TAR) must be ≥ 4:1).

ISO 17025 requires a comprehensive uncertainty analysis for each measurement, regardless of the
test accuracy ratio.

ISO 17025 requires you to comply with all of the requirements of ISO 9000 as well.
This is NOT a myth! Paragraph 1.6 of ISO 17025 requires compliance with ISO 9001 and/or ISO
9002. Annex A of ISO 17025 gives a cross-reference of the provisions of ISO 9001/9002 to ISO
17025. However, ISO 17025 stops short of actually requiring certification/registration to ISO
9001/9002.

©National Conference of Standards Laboratories. Duplication without written consent is prohibited.