News & Commentary on ISO Management System Standards

    Combining ISO 17025 & ISO 9001 for Laboratories Isn't Easy

    Laboratory team-1-1

    Having the simultaneous certification of your Lab to both Standards is not unusual. But are you doing it effectively and efficiently?

    It’s not uncommon for Laboratories to be certified to more than one standard. For example, a Calibration Laboratory may be accredited to ISO 17025, the ISO standard for calibration of testing laboratories, and certified to ISO 9001, the ISO standard for quality management systems.

    This is because the former is the de facto international standard for test and calibration laboratories and the latter for historical reasons in that long-established customers are more comfortable with it. Another example would be a dairy testing laboratory within a cheese-making factory where ISO 17025 covered lab testing in one small, isolated area while ISO 9001 related to activities throughout the entire site.

    How then should the requirements of the two standards be most effectively managed within the Laboratory?

    Compliance with both ISO 17025 and ISO 9001 requirements

    Combining the requirements of the two standards is a source of many FAQs in our ISO 17025 Courses and Section 8.1 of ISO 17025 only 'adds fuel to the fire'. 

    Some QHSE Managers take both pride and pleasure in developing management systems that meet the requirements of two or more management system standards. While synergies exist to develop integrated management systems (IMS) for standards such as ISO 14001 (environmental) and ISO 45001 (OH&S), the same can’t be said for ISO 17025 being paired with ISO 9001. For the latter two standards, the scope and the topics concerned are significantly different – customer satisfaction for ISO 9001 and validity of laboratory results for ISO 17025.

    If you choose to develop a combined management system, you can expect concerns to be voiced by external auditors. They will likely consider that a lazy approach has been taken in fulfilling both sets of requirements, and this will immediately draw their focus to the internal auditing and management review processes.

    Option A vs. Option B of ISO 17025 implementation can confuse the issue

    Unique among ISO Management System Standards, ISO 17025 offers a choice when implementing the management system aspects, namely Option A or Option B.

    Option A states (clause 8.1.2) …

    As a minimum, the management system of the laboratory shall address the following:

    management system documentation (see 8.2);

    — control of management system documents (see 8.3);

    — control of records (see 8.4);

    — actions to address risks and opportunities (see 8.5);

    — improvement (see 8.6);

    — corrective action (see 8.7);

    — internal audits (see 8.8);

    — management reviews (see 8.9).

    And Option B states …

    A laboratory that has established and maintains a management system in accordance with the requirements of ISO 9001, and that is capable of supporting and demonstrating the consistent fulfillment of the requirements of Clauses 4 to 7, also fulfils at least the intent of the management system requirements specified in 8.2 to 8.9.

    Option A is straightforward – you implement processes to satisfy ISO 17025 Clauses 8.2 to 8.9.

    The trap to be avoided lies in Option B. You cannot assume that compliance with the requirements of ISO 9001 means that the corresponding requirements of ISO 17025 are met. The last part of ISO 17025 Clause 8.1.3, i.e., ‘also fulfills at least the intent of the management system requirements specified in 8.2 to 8.9’, means that there are additional requirements in ISO 17025, over and above those of ISO 9001, that must be met.

    Free ISO 17025 Gap Analysis tool

    A combined Internal Audit is possible but not advised

    A combined audit schedule that meets the requirements of both standards has obvious attractions especially in reducing the amount of time that will be needed. This is likely to be a false economy as external auditors will audit separately against the detailed requirement of both standards. Unless you have been just as rigorous in your internal audits there are details that your auditors may have easily missed. Also, the competency of your auditors to audit against both standards simultaneously will be challenged.

    Auditing against each standard separately makes it easier to demonstrate that the importance of the laboratory activities concerned has been suitably prioritized as opposed to the priority of management system processes generally.

    Bear in mind also the very different nature of the two standards. ISO 9001 has a lot of focus on the completeness of documents and of record-keeping while ISO 17025 has much focus on how the work is conducted in the laboratory and on the close observation of analysts and technicians carrying out their tests and checks.

    And a combined Management Review is possible but not advised

    A combined review is certainly possible and the risk of omitting prescribed inputs and outputs is reduced. However, the focus of each standard is, as we have said, quite different. ISO 9001 addresses customer satisfaction while ISO 17025 is concerned with the validity of laboratory results. Two separate meetings, each with its own agenda (similar to each other but not identical) are a good and constructive use of management time.

    The ISO 17025 Lead Auditor Extension Course will save you time and money


    How to Combine ISO 9001 and 17025 Efficiently

    For best efficiency and a reduced risk of noncompliances when subject to external audits, we recommend the following when combining ISO 9001 and ISO 17025.

    1. Have a single Document Control Procedure covering both ISO 17025 and ISO 9001.
    2. Have a single Record Control Procedure covering both ISO 17025 and ISO 9001.
    3. Have separate Risk Management Systems for each standard - for ISO 9001 focus on threats to the business and customer satisfaction and for ISO 17025 focus on the validity of laboratory results.
    4. Have a combined Improvement Procedure covering both standards.
    5. Have a single Corrective Action Procedure covering both standards.
    6. Have a single Internal Audit Procedure covering both standards but with a separate Audit Programme/Schedule for each.
    7. Have a single Management Review Procedure covering both standards but with separate meetings and agendas for each Standard.

    View our ISO 17025 Courses


    Related Courses

    Related Articles


    deGRANDSON Global is an ISO Certified Educational Organization

    In October 2021 we secured certification to three education-related ISO Standards.  We now have a university-grade management system in place conforming to the requirements of  …

    • ISO 21001, Educational Organizational Management System,
    • ISO 29993, Learning Services outside formal Education,  and
    • ISO 29994, Learning Services – additional requirements for Distance Learning.

    We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment.  It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.


    Written by Dr John FitzGerald

    Director & Founder of deGRANDSON Global. Spent 15 years in the manufacturing industry and 25 years training, consulting & auditing management systems
    Find me on:

    Subscribe to Email Updates

    Recent Posts