deGRANDSON Global Blog

Combining ISO 17025 and ISO 9001 for Laboratories is not easy

Written by Dr John FitzGerald | Oct 31, 2024

It is not unusual for your lab to be simultaneously certified to both standards. But are you doing it effectively and efficiently?

It's not uncommon for Laboratories to be certified to more than one Standard. For example, a Calibration Laboratory may be accredited to ISO 17025, the ISO standard for calibration of testing laboratories, and certified to ISO 9001, the ISO standard for quality management systems.

This is because the former is the de facto international Standard for test and calibration laboratories, and the latter is for historical reasons, in that long-established customers are more comfortable with it. Another example would be a dairy testing laboratory within a cheese-making factory where ISO 17025 covered lab testing in one small, isolated area while ISO 9001 related to activities throughout the entire site.

How, then, should the requirements of the two standards be most effectively managed within the Laboratory?

Compliance with both ISO 17025 and ISO 9001 requirements

Combining the requirements of the two standards is a source of many FAQs in our ISO 17025 Courses and Section 8.1 of ISO 17025 only 'adds fuel to the fire'. 

Some QHSE Managers take both pride and pleasure in developing management systems that meet the requirements of two or more management system standards. While synergies exist to develop integrated management systems (IMS) for standards such as ISO 14001 (environmental) and ISO 45001 (OH&S), the same can't be said for ISO 17025 being paired with ISO 9001. For the latter two standards, the scope and the topics concerned are significantly different – customer satisfaction for ISO 9001 and validity of laboratory results for ISO 17025.

If you choose to develop a combined management system, external auditors will likely voice concerns. They will likely consider that a lazy approach has been taken in fulfilling both sets of requirements, which will immediately draw their focus to the internal auditing and management review processes.

Option A vs. Option B of ISO 17025 implementation can confuse the issue

Unique among ISO Management System Standards, ISO 17025 offers a choice when implementing the management system aspects, namely Option A or Option B.

Option A states (clause 8.1.2) …

As a minimum, the management system of the Laboratory shall address the following:

management system documentation (see 8.2);

— control of management system documents (see 8.3);

— control of records (see 8.4);

— actions to address risks and opportunities (see 8.5);

— improvement (see 8.6);

— corrective action (see 8.7);

— internal audits (see 8.8);

— management reviews (see 8.9).

And Option B states …

A laboratory that has established and maintained a management system in accordance with ISO 9001 requirements and that is capable of supporting and demonstrating the consistent fulfillment of Clauses 4 to 7 also fulfills at least the intent of the management system requirements specified in 8.2 to 8.9.

Option A is straightforward – you implement processes to satisfy ISO 17025 Clauses 8.2 to 8.9.

The trap to be avoided lies in Option B. You cannot assume that compliance with the requirements of ISO 9001 means that the corresponding requirements of ISO 17025 are met. The last part of ISO 17025 Clause 8.1.3, i.e., 'also fulfills at least the intent of the management system requirements specified in 8.2 to 8.9', means that there are additional requirements in ISO 17025, over and above those of ISO 9001, that must be met.

A combined Internal Audit is possible but not advised.

A combined audit schedule that meets the requirements of both standards has obvious attractions, especially in reducing the amount of time that will be needed. However, this is likely to be a false economy, as external auditors will audit separately against the detailed requirements of both standards. Unless you have been just as rigorous in your internal audits, there are details that your auditors may have easily missed. Also, the competency of your auditors to audit against both standards simultaneously will be challenged.

Auditing against each Standard separately makes it easy to demonstrate that the importance of the laboratory activities concerned has been suitably prioritized instead of the priority of management system processes generally.

Bear in mind also the very different nature of the two standards. ISO 9001 focuses heavily on document completeness and record-keeping, while ISO 17025 focuses heavily on laboratory work and the close observation of analysts and technicians carrying out their tests and checks.

And a combined Management Review is possible but not advised.

A combined review is undoubtedly possible, and the risk of omitting prescribed inputs and outputs is reduced. However, as we have stated, the focus of each Standard is different. ISO 9001 addresses customer satisfaction, while ISO 17025 concerns the validity of laboratory results. Two separate meetings, each with its own agenda (similar but not identical), are a good and constructive use of management time.

The ISO 17025 Lead Auditor Extension Course will save you time and money

 

How to Combine ISO 9001 and 17025 Efficiently

For best efficiency and a reduced risk of noncompliance when subject to external audits, we recommend the following when combining ISO 9001 and ISO 17025.

  1. Have a single Document Control Procedure covering both ISO 17025 and ISO 9001.
  2. Have a single Record Control Procedure covering both ISO 17025 and ISO 9001.
  3. Have separate Risk Management Systems for each Standard. For ISO 9001, foStandardhreats to business and customer satisfaction, and for ISO 17025 focuses on the validity of laboratory results.
  4. Have a combined Improvement Procedure covering both standards.
  5. Have a single Corrective Action Procedure covering both standards.
  6. Have a single Internal Audit Procedure covering both standards but with a separate Audit Programme/Schedule for each.
  7. Have a single Management Review Procedure covering both standards but with separate meetings and agendas for each Standard.

Related Courses

Related Articles

 

deGRANDSON Global is an ISO Certified Educational Organization

In October 2021, we secured certification to three education-related ISO Standards. We now have a university-grade management system in place that conforms to the requirements of  …

  • ISO 21001, Educational Organizational Management System,
  • ISO 29993, Learning Services outside formal Education,  and
  • ISO 29994, Learning Services – additional requirements for Distance Learning.

We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which, in our opinion, are commercially compromised), it is based on independent third-party assessment. It is a 'University' grade' standard used globally by schools, colleges, and universities to demonstrate competence.

We offer Courses for ISO 9001, ISO 13485, ISO 14001, ISO 17025, ISO 27001, ISO 45001, Data Protection, Risk Management, and more.