Going Through Changes
Recently, ISO/IEC 17025 was overhauled—what’s different?
by Bob Mehta
When working in a highly-regulated environment such as the medical technology (med-tech) industry, there is one basic concept all quality and regulatory professionals can take to the proverbial bank: regulations will change.
For med-tech professionals, however, the current environment is considerably more volatile than at any other point in recent history. ISO 13485:2016 has been released and implemented, the medical device single audit program is an ongoing challenge, the medical device directives in the European Union are slowly moving toward obsolescence as the medical device regulation is taking hold, and now, ISO/IEC 17025 is migrating to the 2017 version.
Unlike the migration to ISO 13485:2016, the changes made to ISO/IEC 17025:2017(E) are substantive. This column discusses the changes that will affect the med-tech industry for the foreseeable future. Labs currently in compliance with ISO/IEC 17025:2005 have until Nov. 29 to comply with the latest version of the standard. ISO/IEC 17025:2017—General requirements for the competence of testing and calibration laboratories is widely accepted as the industry bible for facilities tasked with performing calibration labs around the globe. In fact, most med-tech establishments require their metrology labs to be ISO/IEC 17025 compliant or certified.
Industry experts agree that as technology continues to evolve, so does the need for improving the technical capabilities and operational frameworks for calibration and testing labs. ISO 17025:2017 has become the change agent for labs worldwide.
Management system changes
So what are the significant changes identified in ISO/IEC 17025:2017? For starters, it focuses on: competence, impartiality and the consistent operation of calibration and testing labs, and the elements that support these three principles. In support of these principles, the revised standard:
- Updates the terms and definitions (clause 3).
- Aligns the standard with ISO 9001:2015—Quality management systems—Requirements from a process perspective.
- Revises the scope (clause 1).
- Integrates the need to consider risk while implementing the standard.
- Considers technological advances, such as IT capabilities.
- Offers two options for implementing a management system.
The changes are substantive and too numerous to discuss in one column. The discussion on the influence of the last point—the implementation options—however, is worthy of additional exploration. Clause 8—Management system requirements, provides two pathways for compliance: Option A, which states that a lab’s management system should, at a minimum, address the following:
- Management system documentation.
- Control of management system documents.
- Control of records.
- Actions to address risks and opportunities.
- Corrective action.
- Internal audits.
- Management reviews.
Simply put, labs that want to comply with the standard but do not have an accredited quality management system (QMS) must ensure all of the elements associated with a QMS are implemented.
Option B requirements state: “A laboratory that has established and maintains a management system in accordance with the requirements of ISO 9001, and that is capable of supporting and demonstrating the consistent fulfillment of requirements of Clauses 4 to 7, also fulfills at least the intent of the management system requirements specified in 8.2 to 8.9.”1
Calibration and testing facilities that retain a valid ISO 9001:2015 certification may select Option B as their ISO/IEC 17025:2017 compliance pathway.
Regardless of the pathway chosen, labs still must comply with:
- Clause 4—General requirements.
- Clause 5—Structural requirements.
- Clause 6—Resource requirements.
- Clause 7—Process requirements.
Last, but certainly not least, are revisions made to annexes A and B. In the 2005 version of the standard, Annex A was called Annex A—Nominal cross-references to ISO 9001:2000, and Annex B was called Annex B—Guidelines for establishing applications for specific fields. In the 2017 version of the standard, the annexes were revised to Annex A—Metrological traceability and Annex B—Management system options.
From a high-level perspective, the restructuring of the standard and significant changes are listed in Online Table 1.
Online Table 1 (PDF)
How much is enough?
It is fairly easy to conclude that the latest revision to ISO/IEC 17025 introduces significant changes. In many cases, the changes strengthen the quality and regulatory environment associated with calibration and testing labs. Highly regulated industries, such as med-tech, aerospace and defense, will benefit from the increased oversight that ISO/IEC 17025:2017 provides.
Additionally, aligning ISO/IEC 17025 with ISO 9001 is a step in the right direction. But is ISO 9001 strong enough to support ISO/IEC 17025:2017? Med-tech professionals align themselves with ISO 13485 and aerospace professionals with AS9100, so why not consider these standards suitable partners in support of ISO/IEC 17025?
There always will be an abundance of change as advancements in technology force changes in standards to ensure an appropriate level of oversight. As a quality professional, I want to leave you with one final thought: When does the change become too much to manage? How much change is enough?
- International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC); ISO/IEC 17025:2017—General requirements for the competence of testing and calibration laboratories, clause 8.
Bob Mehta is a principal consultant at GMP ISO Expert Services in Mission Viejo, CA, for the FDA-regulated industry. He earned a master’s degree from California State University, Dominguez Hills, in Carson and an MBA from Pepperdine University in Malibu, CA. Mehta is an ASQ fellow, recipient of the ASQ Los Angeles Section’s Simon Collier Quality Award, co-author of Practical Process Validation (ASQ Quality Press, 2016) and author of Implementing ISO/IEC 17025:2005: A Practical Guide (ASQ Quality Press, 2013). He is an ASQ-certified hazard analysis and critical control points auditor, quality manager, software engineer, biomedical auditor, reliability engineer, auditor, engineer and Six Sigma Black Belt.