Checklist of mandatory documents required by ISO 17025:2017
Introduction
Some of most common questions related to the latest changes in ISO/IEC 17025, the world-leading standard for laboratories, are about how to update mandatory documentation. What has changed in the 2017 revision, compared to the 2005 version, and are there more or fewer mandatory documents now? As the 2017 revision of ISO 17025 now has five requirements clauses, compared to the two of the previous standard’s edition, one might be concerned that the number of mandatory documents has also increased. The good news is that the 2017 revision actually offers more flexibility in documentation requirements. The application of risk-based thinking resulted in a reduction in the number of mandatory documents. The emphasis is on the retention of data, records, and information that a laboratory can provide as evidence to interested parties to assure them of the laboratory’s competence.
In this white paper, you will find clarity on which documents and records are mandatory, so that you can implement ISO 17025 effectively and, at the same time, not waste resources on generating unnecessary documents.
Which documents and records are required?
These are the documents and records required for your management system to meet the general requirements of ISO 17025:2017. Records are generated to demonstrate compliance with the standard and related internal procedures and serve as evidence during audits.
Mandatory Documents
Document ISO 17025:2017 Clause
Document and Record Control Procedure 8.2.1; 8.3; 8.4; 7.5
Quality Policy and Objectives 8.2.; 8.2.2
Competence, Training and Awareness Procedure 6.2.5
Externally Provided Products and Services Procedure 6.6.2
Facilities and Environmental Control Procedure 6.3
Equipment and Calibration Procedure 6.4.3; 6.5
Customer Service Procedure 7.1.1; 8.6
Test and Calibration Method Procedure 7.2.1; 7.2.2
Quality Assurance Procedure 7.7.1; 7.7.2; 7.7.3
Sampling Procedure 7.3; 7.5 & 7.8.5, applicable only
to laboratories that do sampling
Handling of Items Received for Testing Procedure 7.4
Complaint, Nonconformity and Corrective Action Procedure 7.9; 7.10; 8.7
7.8.2; 7.8.3, applicable to testing
Testing Report Procedure laboratories that write test
reports
7.8.2; 7.8.4, applicable to
Calibration Report and Certificate Requirements Procedure calibration laboratories that
write calibration certificates
Mandatory Records
Document ISO 17025:2017 Clause
Quality Objectives 8.2.1
Training Program 6.2.3
Training Record and Performance Monitoring 6.2.2
Record of Attendance 6.2.2
Competence Approval and Authorization Record 5.6; 6.2.5 e
Supplier Evaluation and Approval Record 6.6.2 a
List of Approved Suppliers of Products and Services 6.6.2 a
Record of Laboratory Environmental Controls 6.3.3
List of Laboratory Equipment 6.14.13 a
Calibrated Equipment Record 6.14.13 a
Calibration Record 6.14.13 e
Equipment Maintenance Record 6.14.13 g
Customer Order Review 7.1.8
Report of Customer Satisfaction 8.6.2
Test Method Development, Verification and Validation Register 7.2.1.2
Test Method Development, Verification and Validation Record 7.2.2.4; 7.6.3
Measurement Uncertainty Record 7.6.3
Internal Quality Control and Proficiency Testing Record 7.7.2; 7.7.3
LIMS Validation Register 7.11
LIMS Validation Record 7.11
Sampling Plan 7.3.1
Sampling Report 7.3.3
Test or Calibration Item Registration Log 7.4
Corrective Action Report 8.7.3
Mandatory Records
Complaint, Nonconformity and Corrective Action Report Log 8.7.3
List of Internal and External Documents 8.2.4; 8.3.1
List of Types of Records 8.4
Registry of Records for Retention/Central Archive 8.3.2 f; 8.4.1
Internal Audit Program 8.8.2 b
Internal Audit Report 8.8.2 e
Management Review Records 8.9.2
Commonly used non-mandatory documents
To drive improvement, you should also maintain any other documents and records that you have identified as being necessary to ensure your management system can be maintained efficiently and improve over time.
There are several processes and procedures that need to be established; however, the ISO 17025 standard does not require them to be written down. Even so, in order to generate and retain suitable records as evidence of effective implementation, many companies choose to do so. To decide whether you need to document a process or not, answer this question first – is there a chance that the process won’t be carried out as planned if not documented? If the answer is yes, then it’s best to document it. In most cases, this is the best way to ensure that your Quality Management System is effectively implemented. So, let’s see the list of commonly used ISO 17025 non-mandatory documents.
Non-mandatory documents and records
Document or Record ISO 17025:2017 Clause
Addressing Risks and Opportunities Procedure 8.5.2; 8.5.3
Evaluation of Measurement Uncertainty Procedure 7.6
Measurement Uncertainty Checklist 7.6.1
Internal Audit Process Checklist 8.8.1
Internal Audit Procedure 8.8.2
Management Review Procedure 8.9
Registry of Key Risks and Opportunities 8.5.2
How to structure documents and records
The sections that follow provide an overview of each requirement, as well as recommendations on how to structure the ISO 17025 documents and records:
Document and Record Control Procedure. This procedure is crucial, as it applies to all documents and records, whether digital or paper-based, that relate to the activities of performing testing and/or calibration in the laboratory. To ensure that personnel have access to the latest version of information required to perform their tasks, this procedure is used to specify who is responsible and how documents and records are created, approved, distributed, used, reviewed, revised, retained, protected, and disposed of. Effective control is supported by a master register of internal and external documents, along with a record register and a registry of documents for retention.
For more help, see the template for the Document and Record Control Procedure.
Quality Policy and Objectives. The Quality Policy is the core document that drives service quality and improvement. It is written to state the laboratory’s commitment to competence, consistency, and impartiality of activities. It works best as a standalone document where the policy statements are listed, along with a description of how these will be achieved.
Objectives are measurable short- and long-term plans for the laboratory, derived from the Quality Policy statements. A record of objectives is used for planning, monitoring, and measuring the objectives. It assists with employee awareness and keeping focus on performance and targets.
For more information, see the following articles, which explain ISO 9001 requirements but are also applicable to ISO 17025: How to Write a Good Quality Policy and How to Write Good Quality Objectives.
The ISO 17025 document templates Quality Policy and Quality Objectives can also help.
Competence, Training and Awareness Procedure. This procedure is central to ensuring personnel competence and reducing human error. As the standard requires laboratories to follow a risk-based approach to controlling activities, the focus is on all personnel knowing their responsibilities and reducing the risk of not meeting the objectives that they influence.
Here there is a need to establish procedures and retain records. This document specifies how personnel requirements are met, including the training needs and specific competence criteria for each personnel function that influences laboratory results. A clear description of training needs, supervision, competence evaluation, authorization, and ongoing competence monitoring is included.
Also applicable to ISO 17025, see the article How to ensure competence and awareness in ISO 9001:2015.
Help yourself further with a document template: Competence, Training and Awareness Procedure.
Externally Provided Products and Services Procedure. A laboratory needs to ensure that all goods, supplies, and services used in laboratory activities, including equipment, laboratory consumables,
and external providers of laboratory services, are suitable. Although this procedure does not specifically need to be documented, the standard does require the criteria for evaluation, selection, monitoring, and re-evaluation of the suppliers to be documented, and the best way to do it is through a procedure.
Facilities and Environmental Control Procedure. This document addresses the requirements to ensure that the laboratory facilities and environmental conditions are suitable to perform the required testing or calibrations, so that the validity of the results is not adversely affected. Suitable records are used to monitor environmental conditions, to provide evidence that the controls are in place and effective.
Equipment and Calibration Procedure. Key technical requirements and competencies are dependent on this document, clearly describing the processes to ensure proper functioning of equipment. The procedure includes requirements for handling, transport, storage, use, and planned maintenance of equipment in order to prevent contamination or deterioration. A record of all equipment that can influence the correct performance of the laboratory’s activities and its results is mandatory. The calibration program for all equipment is documented, in cases where metrological traceability is required, or when measurement accuracy and measurement uncertainty could affect the validity of the reported result.
Customer Service Procedure. This procedure is used to document the requirements of the customer by defining the scope and recording customer requests, tenders, and contracts. It is valuable to include a diagram of the process flow. This procedure also specifies the importance of keeping records of any communicated dialogue and agreed changes to the original contract.
The best way to ensure customer satisfaction is to include all activities related to the customer service process in the one procedure. Linked to this procedure are the Customer Satisfaction Questionnaire and Report of Customer Satisfaction. Customer complaints are best addressed in the subsection Complaint, Nonconformity and Corrective Action Procedure.
Test and Calibration Method Procedure. The choice of methods, the verification and validation process, techniques, as well as records kept, are documented in this procedure. This ensures that requirements and controls are specified to ensure that the correct test and calibration methods are chosen to meet customer requirements. The status of all methods is effectively represented in a register, and a record is
used for detailing the Test Method Development, Verification and Validation process and performance results.
Quality Assurance Procedure. This procedure details the activities required to maintain a quality assurance system that ensures valid results from all testing and calibration activities. This includes specifying requirements and controls measures for effective data information management and quality control. To assure the quality control activities, the procedure should include the available options, including the use of certified reference materials and participation in proficiency testing. These activities are essential for the control of activities and to drive improvement.
To ensure all activities are planned and evaluated, this procedure links to evidence through the use of suitable registers and records used to track activities and performance, such as external quality control (proficiency testing) and Laboratory Information Management System (LIMS) validation activities.
Sampling Procedure. This document describes the process of systematic sampling of a smaller population of materials or parts from the chosen source, under controlled conditions using statistically valid methods. The records of the Sampling Plan and Sampling Report provide effective control and evidence of following the procedure.
Handling of Items Received for Testing Procedure. This procedure covers the requirements to protect the integrity of all test and calibration items used for testing or measurement. It is written to protect the interests of the organization and its customers, specifying how items should be handled during transport, receipt, handling, protection, storage, retention, and disposal. The Test or Calibration Item Registration Log is used to ensure item traceability.
Complaint, Nonconformity and Corrective Action Procedure. This procedure defines the activities that take place to manage complaints, nonconforming work, and when corrective actions are required. It is written to be applicable to all laboratory activities that may be the subject of complaints or nonconformities. The Complaint, Nonconformity and Corrective Action Report (CAR) Log is an effective way to keep an eye on the status of the issue being addressed, while the Corrective Action Reports provide the detail, including cause analysis.
Testing Report Procedure. This document is used to outline the requirements for writing test reports, for both external and internal use, to meet the requirements of ISO 17025:2017 for reporting test results. Specific requirements for various reports are included, as may be relevant. The document provides the
controls needed to assure traceability of administrative and technical information within test reports, as well as the numbering of reports and associated records.
Calibration Report and Certificate Requirements Procedure. This procedure applies to all calibration reports and certificates issued for both external and internal use. The document outlines the requirements for writing calibration reports and certificates to meet the requirements of the ISO 17025 standard. It also controls the traceability of information used to generate and issue certificates, as well as the process of numbering certificates.
Internal Audit Procedure. This procedure describes all the audit-related activities: writing the audit program, selecting an auditor, conducting individual audits, and reporting. It applies to all laboratory activities that fall under the scope of accreditation including the management of the laboratory, sampling, tests and/or calibrations, reports, and records.
Addressing Risks and Opportunities Procedure. This is a new requirement of the standard to specifically identify and address risks and opportunities associated with activities of the laboratory. Although a proactive approach is required to support risk-based decision making, there is no need for a formal risk management program, nor a mandatory documented procedure. Considering, however, the importance of meeting this requirement effectively, it is recommended that you document your approach in a procedure. State your methodology, such as brainstorming, and record assessments and actions in a risk register / matrix.
Management Review Procedure. Management review requirements are more detailed in the new revision of the standard. Although a documented procedure is not mandatory, and only the records of input for review and documented decisions are mandatory, the importance of this process justifies a documented procedure, to tie all the activities together. This is to ensure effective systematic and periodic review of the Quality Management System (QMS) in order to evaluate possibilities for improvement and needs for changes, including the effectiveness of the management system and its processes, improvement of laboratory activities, and provision of required resources. This procedure is written to be applicable to all processes within the laboratory QMS. A Management Review Record provides the control and evidence of undertaking the management review.
Conclusion
ISO 17025 implementation can be a difficult and drawn-out project if it is not implemented correctly from the beginning. Processes need to be established and defined, while addressing risks, driving improvement, and establishing documentation. Documentation that is required by the standard, along with additional non-mandatory documents, makes up a significant part of the QMS implementation. Knowing what mandatory documentation the standard requires is crucial to a successful implementation and positive outcome of the laboratory’s accreditation audit.
Laboratories can use a Project Plan to define how to incorporate both mandatory and non-mandatory documents to meet the intent and purpose of the ISO 17025 standard. By following this approach, you can efficiently meet the process requirements as well as provide recorded evidence of competence to ensure valid, consistent work.
Muayad
No comments:
Post a Comment