Cross-referenced confusion

Q: I need an outsider’s opinion for the following quality management system (QMS) scenario. There are three companies, Company A, B and C, and they agreed to execute a project under a consortium arrangement.

 All three companies are certified to ISO 9001:2008. It was also agreed that for the execution of the work, the QMS of Company A will be used. The project is scheduled for about 12 months with the potential to be expanded up to three years. A project quality plan (PQP) will be developed to execute the project.

In addition to these requirements, the client also has a requirement that the consortium implements all supplements of ISO/TS 29001 (the QMS standard for the petroleum, petrochemical and natural gas industries) in the QMS. It also is required that ISO 10005 (which provides guidelines for quality plans) be considered in preparing a quality plan, and the plan should be structured in accordance with ISO 10005. The client has insisted on cross-referencing these standards to show that the consortium meets the requirements of ISO 9001:2008 and meets all elements of supplementary ISO/TS 29001 in the QMS.

 It seems the client confused QMS and PQP. In business practice, the PQP is the second level of a QMS (cascaded down from the QMS). Based on experience and business practice, the cross-reference is intended to show the certification body to verify whether a company meets the requirements of ISO 9001 or ISO/TS 29001, and it is not implemented for the PQP.

Would you please provide your perspective on this?

Kemas Fachruddin

A: There is disagreement between the consortium and the client regarding the use of cross-references.

First, let’s clarify a misconception about the cross-references. The QMS and PQP are implemented to benefit the company and its clients. Cross-references between the PQP and other documents in the QMS help the company demonstrate to the client how the requirements will be met. See ISO 10005, section A.2.1 for an example of how a table in a PQP references QMS documents. While the cross-references may be helpful to the certification body, they should not be developed solely for their benefit.

Why is there disagreement about the requirements at this stage? Because the companies in the consortium are certified to ISO 9001:2008, they all should have a contract review process that provides for resolving ambiguous or unclear requirements. The opportunity to sort out the differences before signing an agreement was missed.

So what should you do now? Work it out. Keep in mind that the project is scheduled for 12 months with the potential to be extended for three years. Although you believe that the client is confused about the relationship between the PQP and the QMS, you should work in cooperation with the client to meet its requirements even if it is in conflict with your own experience. With the objective of obtaining the three-year commitment, the consortium and your client should find common ground in which to develop a PQP that is acceptable to all parties.

Ken Cogan
Senior project manager
OneMain Financial


Adhering to multiple standards

Q: I have assumed responsibility for my organization’s certification program to ISO standards. We have ISO 9001:2008 and ISO/IEC 17025 certification. Is it typical to have one quality and procedural manual?

A: Yes, it is typical to have one quality manual. There is a section in most quality manuals that lists all the standards and regulations to which the company claims compliance.

This specific question provides an opportunity to review the similarities and differences between ISO 9001—Quality management systems—Requirements and ISO/IEC 17025—General requirements for the competence of testing and calibration laboratories to prepare a quality manual and procedures that address the requirements of both.

ISO 9001 and ISO/IEC 17025 have different purposes. ISO 9001 is a certification standard, which means it summarizes a set of quality management system requirements and is used to evaluate the compliance of quality systems to those requirements. ISO/IEC 17025 is an accreditation standard that is used to evaluate the technical competence of labs in terms of personnel, equipment, environment, procedures and handling of data. ISO/IEC 17025 is needed because a lab’s certification to ISO 9001 offers no certainty that the lab’s test results or calibrations will be accurate and reliable.

Despite the differences in purpose and scope, there are many similarities between the two standards. ISO/IEC 17025 was last revised in 2005 as a second edition, and therefore, cross-references ISO 9001:2000 in its Annex A. ISO 9001 was revised in 2008 as a fourth edition, then in 2009 as a corrected version. The fifth edition was just released in 2015. 

Despite the more recent revision of ISO 9001, the cross-reference list in ISO 17025 can be useful. To demonstrate similarities in requirements, the following are three examples of the overlap in content between ISO 17025 and ISO 9001:2008 (because this is the version you are currently certified to):

Management system. ISO/IEC 17025 states that the lab shall establish, implement and maintain a management system appropriate to the scope of its activities (section 4.2.1). The quality system shall be defined in a quality manual (4.2.2), and be continually improved (4.10). ISO 9001:2008 requires the same things in its section 4.

Control of records. In ISO/IEC 17025, the lab shall establish and maintain procedures for identification, collection, indexing, access, filing, storage, maintenance and disposal of quality and technical records (4.13). In ISO 9001:2008, the same requirements are stated in section 4.2.4.

Personnel. ISO/IEC 17025 states that lab management shall ensure competent and trained personnel. Personnel performing specific tasks shall be qualified on the basis of appropriate education, training, experience and demonstrated skills, as required (5.2.1). ISO 9001:2008 has the same requirements in 6.2.1 and 6.2.2.

Despite the generic quality system requirement similarities, much of ISO 17025, as stated at the end of its Annex A, covers several technical competence requirements not covered by ISO 9001. Among these technical requirements are selection of methods, validation of methods, control of data, measurement traceability and sampling.

Compliance to ISO 9001 and ISO 17025 provides a well-rounded approach to providing excellent technical results within the framework of a comprehensive quality system.

If your organization is planning to transition to and implement ISO 9001:2015, you will want to reassess the similarities and differences between current revisions of the standards to ensure continued compliance.

Scott A. Laman
Senior manager, quality engineering
and risk management

Teleflex Inc.
Reading, PA

Average Rating


Out of 0 Ratings
Rate this article

Add Comments

View comments
Comments FAQ

Featured advertisers