HandbookISO/IEC 17025:2017Page 1 of 32

General considerationsThis new standard ISO/IEC 17025 includes some noteworthy changes related to its structureand scope that should be mentioned before we go into greater details of each section of thestandard. Structure:The new structure of the standard is no longer based on the two main chapters (four forManagement requirements, and five for Technical requirements) we were used to; to beharmonized with the rest, this one follows the CASCO guidelines for conformity assessmentstandards, and the structure is more process oriented: Structure requirementsResource requirementsProcess requirementsManagement system requirementsThe standard also includes two Annexes that were not included in the previous version: Informative Annex A, related to metrological traceability Informative Annex B, related to the different options of the laboratory managementsystem Wording:A stronger process orientation and the implementation of risk-based thinking are reflected in achanged way of formulating the requirements. While in the previous edition of ISO/IEC 17025specific provisions for the implementation in the laboratory have been expressed, the newchoice of words is more performance-based and therefore much more abstract. The result orthe purpose of certain processes is now embedded in the formulations (performance-basedrequirements), while the concrete design of the processes (the "how") is left up to the users;consequently, the description of individual process steps has been abandoned. Scope:A new definition of the term “laboratory” and its activities has been included. In the newversion, a laboratory has been defined as an organization that can perform testing, calibrationand/or sampling associated with subsequent testing or calibration. The term “laboratoryactivities” has been introduced. The resulting new definition of the term “laboratory” makesclear that laboratory activities do not only include testing and calibration but also sampling,provided that this is in connection with a subsequent test or calibration. For the user, it isimportant that the appropriate requirements are applied to all three activities whenever thestandard speaks of laboratory activities.In the following, this handbook identifies the major innovations of ISO/IEC 17025:2017, oftenin comparison to the previous version, gives suggestions on how to implement the novelties,and recommends further readings on the particular clauses, especially to the CookBooks.Page 2 of 32

RISK BASED THINKINGCross referenceISO/IEC /IEC 17025:2005Clausebased N/ATitleN/AIdentification of changesThis document requires the laboratory to plan and implement actions to address risks andopportunities. Addressing both risks and opportunities establishes a basis for increasing theeffectiveness of the management system, achieving improved results and preventing negativeeffects. The laboratory is responsible for deciding which risks and opportunities need to beaddressed.Suggestions on how to implement the noveltiesThe objectives of risk assessments in the laboratory (8.5) are to:“a) give assurance that the management system achieves its intended results;b) enhance opportunities to achieve the purpose and objectives of the laboratory;c) prevent or reduce undesired impacts and potential failures in the laboratory activities; andd) achieve improvement.”Risk based thinking in a laboratory is not a novelty, but it is promoted in the new standard,although the standard does not stipulate a complete risk management system (RMS), forexample conforming to the requirements of ISO 31000. The laboratory is expected to planand implement actions for addressing risks and opportunities. It is therefore useful to get anoverview of the specific risks as well as the corresponding opportunities for the laboratory andto document the results of the risk analysis. Both the risks of producing invalid resultsincluding the provision of an invalid statement of conformity (7.8.6) and impartiality risksshould be considered (4.1.4). Additionally, risk levels regarding non-conforming work (7.10)and invalid statements (, such as false accept and false reject as well as statisticalassumptions, should be defined for instance by a three-stage quotation system. Anacceptable risk should be classified as such.This risk analsysis as well as adequateness of the resulting actions shall be implemented inthe management system; it is therefore recommended to address this during themanagement review (8.9.2).Further readings CookBook Nº18 An introduction to risk consideration CookBook Nº8 Determination of Conformance CookBook Nº7 Management Reviews ISO 31000 Risk management -- GuidelinesPage 3 of 32

4. GENERAL REQUIREMENTSIMPARTIALITY AND CONFIDENTIALITYCross referenceISO/IEC lityISO/IEC 17025:2005Clause4.1.4/ c)TitleOrganizationOrganizationIdentification of changesNew harmonized text has been included, so these are completely new clauses.Suggestions on how to implement the novelties Regarding impartiality (4.1)It is recommended to write down a document in which, depending on the needs, the followingsteps should be included: Analysis of potential impartiality risks, including risks arising from the laboratoryactivities, its relationships and the relationships of its personnel Measures to eliminate or minimice risks concerning impartiality Action plan: design and implement pertinent actions Commitment of the laboratory to its integrity, through the signature of a statement bythe top managementThis analysis should be reviewed at the Management review and, if necessary, revised. Regarding confidentiality (4.2)The customer should be informed in writing if the laboratory intends to make publicly availableany information about an assignment. This information should be provided before starting theactivities. and should therefore be included in the offer/contract or other similar documentused by the laboratory. It is common practice that information about customer assignmentsare kept confidential.The laboratory personnel, providers, external personnel etc. should also sign a confidentialitydeclaration.Further readings CookBook Nº11 Induction of New Staff Members CookBook Nº19 Impartiality and ConfidentialityPage 4 of 32

5. STRUCTURAL REQUIREMENTSCross referenceISO/IEC 17025:2017ClauseTitle5Structural RequirementsISO/IEC 17025:2005Clause4TitleOrganizationIdentification of changesThe requirements have been restructured. The most important changes are: The term “quality manager” is not mentioned, even though the functions are still includedin the standard. (5.6) The term “technical manager” is not mentioned, even though the functions are stillincluded in the standard. (5.2) It is no longer necessary to have deputies for key positions. The laboratory is obliged to write down the range of activities (5.3, 5.4). The range ofactivities does not include those activities that have been permanently subcontracted. Following the new ISO 9001:2015 clause 5.7. a) requires adequate communicationprocesses regarding the effectiveness of the management system.Suggestions on how to implement the noveltiesIt is suggested to adapt existing documents in the laboratory and to write down a briefsummary of the activities fulfilling ISO/IEC 17025. If there are any other activities(permanently subcontracted activities etc.), they can also be included in this document, butthey have to be clearly marked.Regarding the communication requiremements, it is suggested to communicate the results ofthe management review addressing the effectiveness of the MS to the personnel concerned.Further readingsPage 5 of 32

6. RESOURCE REQUIREMENTS6.2 PERSONNELCross referenceISO/IEC 17025:2017ISO/IEC 17025:2005ClauseTitleClauseTitle6.2Personnel4.1.5 f) -h)5.2OrganizationPersonnel/Identification of changesThere are no substantial changes. The most prominent are: The need to supervise (before authorisation) and to monitor (after authorisation) thepersonnel (6.2.5 c and f) has been taken up. The need to assess the efficiency of training has been erased. The need to document job descriptions has been erased. However, it is required to definecompetence requirements for each function (not only managerial functions but all of thosethat have an impact on the results of the laboratory).Suggestions on how to implement the noveltiesIn 6.2.5, the standard includes a list from a) to f) which should be considered in chronologicalorder.It is suggested to adjust existing documents in the laboratory to this new situation.Usually laboratories already have a monitoring plan for the personnel.The most frequently used supervision/monitoring methods are: measuring samples known: Reference standards, Intercomparison samples, etc. blind samples inter/intralaboratory comparisons exams (for intellectual knowledge)It is recommended to record these activities.Further readings CookBook Nº6 How to Assess the Competence of Staff CookBook Nº11 Induction of New Staff MembersPage 6 of 32

6. RESOURCE REQUIREMENTS6.3 FACILITIES AND ENVIRONMENTAL CONDITIONSCross referenceISO/IEC 17025:2017ISO/IEC ditionsClauseand 5.3TitleAccommodation andenvironmentalconditionsIdentification of changesThere are no significant changes. When tests are performed in facilities outside its permanentcontrol, the new standard requires that environmental and facilities related requirements bemet.Suggestions on how to implement the noveltiesIt is advisable to adapt formats to the environmental requirements, if any.Further readingsPage 7 of 32

6. RESOURCE REQUIREMENTS6.4 EQUIPMENTCross referenceISO/IEC 17025:2017ISO/IEC ipmentIdentification of changes Standards, reference materials, reagents, and software are now also considered asequipment (6.4.1).Conditions to calibrate equipment are set (6.4.6): if accuracy or uncertainty affect the validity of results if calibration is needed to establish metrological traceabilityReference to ISO 17034 has been included to emphasise the competence of RMproducers.Suggestions on how to implement the noveltiesAdapt and extend the equipment control system to reagents, standards, reference materials,auxiliary equipment, and software.This implies at least the following: identification inventary and storage calibration/verification, modification of maintenance plan, as applicable record of malfunction and reparationsBefore new software (developed by the laboratory or by an external provider) is used by thelaboratory, it has to be validated, except if it is standard off the shelf software. The validationactivities of new software have a lot in common with method validation and acceptance test ofnew equipment. In short, the validation shall demonstrate that the software is fitted for itsintended use. When software is included (built-in) in test equipment the validation should beincluded in the acceptance test and also be considered during calibration. However, in manycases built-in software could be considered as standard off the shelf software.Further readings CookBook Nº12 Use of Excel For Data Handling in LaboratoriesPage 8 of 32

6. RESOURCE REQUIREMENTS6.5 METROLOGICAL TRACEABILITYCross referenceISO/IEC O/IEC ntification of changesMost of the notes have been erased, and a new Informative Annex on metrologicaltraceability has been created. In Annex A, possibilities have been included on how toestablish and demonstrate traceability: through the use of a NMIaccredited calibration laboratoryothersSuggestions on how to implement the noveltiesWhenever possible and cost-efficient, it is easier for the laboratory to use accreditedcalibration laboratories or NMIs; however, if this is not possible, it is advisable to assess theircompetence based on ISO/IEC 17025.The main aspects of the assessment are: traceability of used standards used calibration procedure uncertainty evaluation procedureIf the results cannot be traced to SI the laboratory can use other recognised methods(reference laboratories, reference standards/materials, reference procedures, etc.)Further readings ILAC P10:01/2013 ILAC Policy on Traceability of Measurement Results ISO 17034 General requirements for the competence of reference material producers(or ISO Guide 34 as predecessor during transition period)Page 9 of 32

6. RESOURCE REQUIREMENTS6.6 EXTERNALLY PROVIDED PRODUCTS AND SERVICESCross referenceISO/IEC ISO/IEC 17025:2005Clauseprovided 4.5 and chasing servicesand suppliesIdentification of changesThis new item includes the previous concept of subcontracting, so purchasing andsubcontracting are now compiled in one clause.The laboratory should have a system to select, assess, monitor, and reassess externalproviders.The laboratory shall ensure that all purchased products and services fulfil the requirements.The laboratory shall make the following clear to the provider: what is to be bought, acceptance criteria, personnel competence needed, and activities that the laboratory intends to perform in the provider’s facilitiesThree different ways (6.6.1 a, b and c) describe which products and services can be providedexternally.The procedure for reviewing requests, tenders, and contracts shall include the laboratory’sinformation to the customer of externally provided activities, and the customer shall approvethe involvement of external providers before starting laboratory activities.Suggestions on how to implement the noveltiesThe laboratory shall ensure that the system to assess and control providers fulfils thestandard.When standardised off th