General Accreditation GuidanceISO/IEC 17025:2017 Gap analysisApril 2018

Copyright National Association of Testing Authorities, Australia 2018This publication is protected by copyright under the Commonwealth of Australia Copyright Act 1968.NATA’s accredited facilities or facilities seeking accreditation may use or copy this publication or print or email this publication internally for accreditationpurposes.Individuals may store a copy of this publication for private non-commercial use or copy a reasonable portion of this publication in accordance with the fairdealing provisions in Part III Division 3 of the Copyright Act 1968.You must include this copyright notice in its complete form if you make a copy of this publication.Apart from these permitted uses, you must not modify, copy, reproduce, republish, frame, upload to a third party, store in a retrieval system, post, transmitor distribute this content in any way or any form or by any means without express written authority from NATA.

General Accreditation Guidance - ISO/IEC 17025:2017 Gap AnalysisISO/IEC 17025:2017 Gap analysisPurpose and background informationThis document serves as an informative guide correlating the clauses in ISO/IEC 17025:2017 to the previous 2005 version of the standard.CASCO is the ISO committee concerned with the development of policy and publishes standards related to conformity assessment, which includesISO/IEC 17025.ISO/CASCO specifies the minimal mandatory content of those standards it maintains or develops. This includes the structure and mandatory requirementsrelating to impartiality, confidentiality, complaints / appeals and management systems.ISO/IEC 17025:2017 has adopted the revised structure specified by ISO/CASCO. Accordingly the structure of the new standard is different to the 2005version as noted below:Informative preliminaryTitle pageTable of contentsForewordIntroduction (including relationship to other standards)Normative GeneralTitleScopeNormative referencesNormative TechnicalTerms and definitionsStructural requirementsResource requirements (including human resources)Process requirements (including operational functions)Management system requirementsNormative annexesInformative supplementaryAny further explanations that are not part of the normative processInformative annexesBibliographyIndexesEven though the structure of the standard is different to the previous version, the requirements now included have been adopted in a more direct(simplified) and clearer manner. With the exception of a few requirements, most of the changes in the standard are of an editorial nature.April 2018Page 3 of 42

General Accreditation Guidance - ISO/IEC 17025:2017 Gap AnalysisThe main changes compared to the previous edition are as follows: the risk-based thinking has enabled some reduction in prescriptive requirements and their replacement by performance-based outcomes;there is greater flexibility in the requirements for processes, procedures, documented information and organisational responsibilities;a definition for “laboratory” has been added;the mandatory adoption of the ISO/CASCO structure and requirements relating to impartiality, confidentiality, complaints / appeals and managementsystems;the requirements in the 2005 version of the standard relating to “Purchasing services and supplies” and “Subcontracting of tests and calibrations”have been combined;the “decision rule” to apply when reporting a statement of conformity now is to be confirmed with the customer at the review of request stage and forthe rule to be included in the report.April 2018Page 4 of 42

ISO/IEC17025:2017Clause No.CorrespondingISO/IEC17025:2005 ClauseNo.Emphasis ofChangeSummary of text/extract from ISO/IEC17025:2017Comments11ScopeThe text has been simplified and duplicationremoved. For example, the relationship withISO 9001 is now included in the Introductionsection only.22Normative ReferencesReference to ISO/IEC 17000 has beenremoved. ISO/IEC 17000 is, however,referenced in “Terms and definitions”.ISO/IEC Guide 99 (VIM) is also a newreference.33Terms and definitions4General oratory to manage and structure its activities tosafeguard impartiality.4.1.5b) ,d) ,e) & f) management to be committed toimpartiality. laboratory is responsible for the impartiality ofits activities with impartiality not to be compromisedby commercial, financial or other pressures.NewOn an ongoing basis, the laboratory must identifyrisks to impartiality, including those arising from itsactivities or relationships or the relationships of itspersonnel.4.1.4April 2018“Laboratory activities” is used throughout thedocument and refers to testing, calibrationand sampling (where conducted as astandalone activity) associated withsubsequent testing or calibration.Page 5 of 42

General Accreditation Guidance - ISO/IEC 17025:2017 Gap AnalysisISO/IEC17025:2017Clause No.CorrespondingISO/IEC17025:2005 ClauseNo.4.1.5Emphasis ofChangeNew4.24.2.1Summary of text/extract from ISO/IEC17025:2017The laboratory must be able to demonstrate how itminimises or eliminates the risks it identifies.Confidentiality4.1.5c)MajorThe laboratory is responsible, through legallyenforceable commitments, for the management ofinformation obtained or created during its activities.If the laboratory intends to place information in thepublic domain, it must inform the customer inadvance. Unless agreed between the laboratoryand customer or the customer makes theinformation publicly available, all other informationis to be regarded proprietary and confidential.4.2.2NewWhen the laboratory is required by law orauthorised by contractual arrangements to releaseotherwise confidential information, the customer orindividual is to be notified (unless the notification isprohibited by law).4.2.3NewInformation about the customer, obtained fromother sources, is to be regarded as confidential.The source is to remain confidential to the customerunless otherwise agreed to by the source.4.2.4NewPersonnel must keep confidential all informationobtained or created during the performance oflaboratory activities, except as required by law.55.1April 2018Comments4.2.1 expands on the requirements relatingto confidentiality of customer information.Laboratories are now to advice customers ofthe information they will make publicallyavailable.4.2.1, 4.2.2, 4.2.3 and 4.2.4 significantlyexpand on the confidentiality requirementsconcerning customer information cover by4.1.5c) in ISO/IEC 17025:2005.Structural requirements4.1.1EditorialThe laboratory is to be a legal entity or a definedpart of a legally entity and be legally responsible forits activities.Page 6 of 42

General Accreditation Guidance - ISO/IEC 17025:2017 Gap AnalysisISO/IEC17025:2017Clause No.5.2CorrespondingISO/IEC17025:2005 ClauseNo.Emphasis ofChange4.1.5e), f), h) & i);Summary of text/extract from ISO/IEC17025:2017CommentsEditorialManagement who have overall responsibility for thelaboratory need to be identified.Specific reference to technical managementand a quality manager as covered byISO/IEC 17025:2005 has been removed.NewThe laboratory needs to define and document therange of activities which it claims conformity to theStandard. The range of activities cannot includeexternally provided laboratory activities on anongoing basis.EditorialLaboratory activities need to meet the requirementsof the Standard, its customers, regulatoryauthorities and organisation providing recognition.It is responsible for activities at its permanentfacilities, at sites away from its permanent facilities,mobile facilities or at a customer’s facility.EditorialThe laboratory must:a) define the organisation and managementstructure of the laboratory;b) specify the responsibility, authority andinterrelationship of all laboratory personnelwhose work affects the laboratory results;c) document its procedures to assure theconsistent application of its activities andvalidity of results, to the extent necessary. & f);4.2.1April 2018The requirement for documentation (point c)is less prescriptive than that of ISO/IEC17025:2005.Page 7 of 42

General Accreditation Guidance - ISO/IEC 17025:2017 Gap AnalysisISO/IEC17025:2017Clause No.5.6CorrespondingISO/IEC17025:2005 ClauseNo.Emphasis ofChange4.1.5a);EditorialLaboratory personnel to have the authority andresources needed to carry out :a) implementation, maintenance andimprovement of the management system;b) identification of deviations from themanagement system or procedures forlaboratory activities;c) actions to minimise deviations;d) reporting on the management system;e) ensuring the effectiveness of laboratoryactivities.EditorialLaboratory management needs to ensure:a) communication on the effectiveness of themanagement system and customerrequirements;b) management system integrity.4.2.2e);;4.2.7Summary of text/extract from ISO/IEC17025:20176Resource .2.1The laboratory to have available the necessaryresources to perform its laboratory activities.Personnel4.1.4;4.1.5b) &d);EditorialCommentsCombination of some clauses of theManagement System and Personnel clausesof ISO/IEC 17025:2005.All personnel are to act impartially, be competentand adhere to the laboratory’s managementsystem.5.2.1;5.2.3April 2018Page 8 of 42

General Accreditation Guidance - ISO/IEC 17025:2017 Gap AnalysisISO/IEC17025:2017Clause No.6.2.2CorrespondingISO/IEC17025:2005 ClauseNo.Emphasis ofChange5.1.2;EditorialThe competence requirements for each functioninfluencing the results of laboratory activities mustbe documented.Reference to specific job descriptions as inISO/IEC 17025:2005 has been removed.MinorIt must be ensured that personnel are competent toperform the activities for which they are responsibleand to evaluate the significance of deviations.Emphasis is now on staff’s ability to not onlyidentify departures from procedures, but alsoto evaluate the significance of these.MinorDuties, responsibilities and authorities shall becommunicated to personnel.MajorProcedures and records need to be maintained forpersonnel covering:a) determination of competence requirements;b) to e) selection, training, supervision andauthorisation; andf) monitoring of competence.Changed emphasis to include recordscovering selection, supervision and ongoingmonitoring.MajorPersonnel must be authorised to perform specificactivities including:a) develop, modify, verify and validatemethods;b) analysis of results, statements ofconformity and opinions / interpretations;c) report, review and authorise results.Now explicitly includes method validation /verification and analysis of results /statements of conformity.5.2.1;Summary of text/extract from ISO/IEC17025:2017Comments5.2.4; &; 2018Facilities and environmental conditionsEditorialThe facilities and environmental conditions need tobe suitable to the activities performed and notadversely affect the validity of results.Page 9 of 42

General Accreditation Guidance - ISO/IEC 17025:2017 Gap AnalysisISO/IECCorrespondingISO/IEC17025:2005 ClauseNo.Emphasis ofChange6. requirements for suitable facilities andenvironmental conditions to perform laboratoryactivities shall be documented. laboratory shall monitor, control and recordenvironmental conditions in accordance with therelevant specifications, methods and procedures orwhen they influence the validity of results.;MinorMeasures to control facilities are to beimplemented, monitored and periodically reviewedand include:a) access;b) prevention of contamination;c) effective separation of incompatibleactivities.Emphasis now also placed on periodicreview.Editorial5.3.1The requirements related to facilities andenvironmental conditions also apply to activitiesperformed at facilities outside the laboratory’spermanent control.Clarity provided that the requirementsapplicable to facilities and environmentalconditions also apply to activities performedat locations outside of the laboratory’spermanent control.6.45.5Equipment6.;17025:2017Clause No.5.3.3;;EditorialThere must be access to equipment required for thecorrect performance of the laboratory activities andwhich can influence the results.EditorialEquipment outside the permanent control of thelaboratory shall be capable of satisfying therequirements in the standard. 20185.5.1Summary of text/extract from ISO/IEC17025:2017CommentsMinor change in emphasis from thelaboratory having access to equipmentrather than being furnished with equipment.Page 10 of 42

General Accreditation Guidance - ISO/IEC 17025:2017 Gap AnalysisISO/IEC17025:2017Clause No.6.4.3CorrespondingISO/IEC17025:2005 ClauseNo.Emphasis ofChange5.4.1;EditorialA procedure for the proper handling, transport,storage, use and planned maintenance to ensureproper functioning of equipment and to preventcontamination must be maintained.EditorialBefore being placed in or returned to service, thelaboratory shall verify that equipment complies withspecified requirements.;5.5.3;Summary of text/extract from shall be capable of achieving themeasurement accuracy or measurementuncertainty (MU) required to provide a valid result.Clarity provided that the equipment’scapability is also to consider the MUcontribution to the results of the laboratoryactivity, even if accuracy is not in question.ISO/IEC 17025:2005 stated that equipmentshall comply with specifications, whichimplied that the MU had to be considered.;EditorialMeasuring equipment must be calibrated when themeasurement accuracy or measurementuncertainty affect the validity of results or ifmetrological tracea