37.1 Question on ISO/IEC 17025:2017 7.2.1.3 MDHS methods – flexible scope

If a newer version appears for MDHS and ASTM standards, the old version is no longer available on the website. The review is usually annual, so how can it be granted a 5-year accreditation status? Flexible scope ? Or is there any other options ?

There is no assumption that a scope shall remain constant for an entire accreditation cycle. If standards change, especially if one is stated to be replaced by another, then the laboratory needs to seek a change to their accreditation. This may or may not require a visit, routine or special and depends on the level of flexibility.

A flexible scope describing the technical boundaries of the assessed competence may help in some cases but not when the lab or stakeholders require to see a precise reference to a standard on a scope.

40.4 Question on 7.8.7

Is the Accreditation Body required to comply with Section 7.8.7. (assessment, interpretation) to be included in the scope of accreditation?

The answer to the question can be found in the clarification given in EA document EA 4-23 clause 8:
“To aid the customers of CABs that are looking for accredited opinion and interpretation it would be of benefit for the accreditation to be shown on the schedules of accreditation (if used) or shown on the certificate of accreditation.
If this is not the preferred option of the accreditation body, then the extent of opinion and interpretation across the CAB will need to be clearly understood and the contract review aspects of assessment thoroughly examined to ensure that the process is being well managed. »

41.4 Question on Withdrawn standard methods

Don’t we need a harmonized EA policy regarding the accreditation of withdrawn standard (testing/calibration) methods?

We can understand that in some cases – e.g. legislation refers to standards dated version; testing or calibrating a device manufactured 50 years ago maybe not consistent with the application of the current version of a standard – it may be impossible to avoid the use of withdrawn standard methods.
However, those cases should be clearly identified as potential exceptions being the default policy the impossibility to maintain accredited those methods beyond a given timeframe.

The laboratory shall ensure that it uses the latest valid version of a method unless it is not appropriate or possible to do so, as required by ISO/IEC 17025.

Nevertheless there are cases where the laboratory may use a superseded or withdrawn standard either if the revised standard requires some changes in the laboratory (transition from the old to the new version) or in exceptional circumstances (e.g. regulatory requirements, a running contract, etc.).

In case a new version of the standard replaces an old one, a transition time should be required to upgrade equipment or update the training/competence of laboratory’s personnel, etc.; if a standardization body does not specify a transition period for the replacement of a superseded standard we should expect that the AB will do it in order to prevent potential unfair competition among laboratories.

Exceptional circumstances for the use of a superseded standard can be accepted only if the laboratory can prove that the request is based on clear and valid reasons, i.e. mandatory requirements from regulators, a running contract, legislation referring to dated versions of a standard, etc..; records of the contract review shall give evidence of a clear agreement with the customer.

However, if the accreditation scope includes only the previous version of a standard, this should be very clearly marked in the scope as obsolete or superseded, taking into account that the standard method could be no more available.

36.1 Question on Laboratory information management system (LIMS)

According to p.7.11.4 from the new standard ISO/IEC 17025:2017 when the laboratory information management system (LIMS) is maintained through an external provider the laboratory shall ensure the provider – how this should be documented? Only with a contract or some extra documents are needed?

According to cl.7.11.4 the external provider shall comply with all applicable requirements of cl. 7.11

• The lab shall ensure through its procedure (cl 6.6.2) and the criteria set how the evaluation and monitoring of the performance of the external provider shall be done so, to conform to the relevant requirements in particular of cl. 7.11 (as per 6.6.2c). A contract could be acceptable if before accepting the contract the criteria of selection of the provider are adequately set and if the lab has proper competence and is able to evaluate that the provider conforms with them
• On site monitoring could be another option if the lab is able to visit on site and ensure the provider’s compliance, with cl. 7.11.2 and 7.11.3
• In any case the software of LIMS shall always be documented and validated for its functionality before implementation by the lab

41.3 Question on Statements of Conformity

Are statements of conformity (and, indirectly, decision rules) applicable to non-dichotomic cases?
For example, in situations where a sample may be classified in several classes (A, B, C, D), depending on the testing results, should a decision rule be established and applied when categorizing a specific sample in a specific class?

Background:
ISO/IEC 17025 includes an acceptable definition for decision rule (rule that describes how measurement uncertainty is accounted for when stating conformity with a specified requirement), although ambiguous regarding the possibility of establishing that uncertainty can be took into account by stating that it is to be ignored – this should also be harmonized at EA level.
However, there is no Statement of conformity definition.
ISO/IEC 17025 weakly introduces the concept of Statement of conformity (7.1.3 When the customer requests a statement of conformity to a specification or standard for the test or calibration (e.g. pass/fail, in-tolerance/out-of-tolerance) …), and the best that we can find in the CASCO toolbox comes from ISO/IEC 17000 itself, namely:
7.3 attestation issue of a statement, based on a decision (7.2), that fulfilment of specified requirements (5.1) has been demonstrated
Note 1 to entry: The resulting statement, referred to in this document as a “statement of conformity”, is intended to convey the assurance that the specified requirements have been fulfilled. Such an assurance does not, of itself, provide contractual or other legal guarantees.

A.4.1 “Review” (see 7.1) constitutes the final stage of checking before taking the important “decision” (see 7.2) as to whether or not the object of conformity assessment has been reliably demonstrated to fulfil the specified requirements. “Attestation” (see 7.3) results in a “statement” in a form that most readily reaches all of the potential users. “Statement of conformity” is a generic expression used to include all means of communicating that fulfilment of specified requirements has been demonstrated.

It can be argued, both from the examples in ISO/IEC 17025 and from the wording in ISO/IEC 17020, that the idea behind the concept of Statement of conformity is that either the fulfillment of specified requirements has been demonstrated or not (or that nothing can be affirmed) and that this is not the case when you classify an object of conformity assessment according to multiple options.
However, from a formal logic perspective, multiple options can be reduced to several nested Yes/No decisions.

Non-dichotomic cases as described in the question can be considerd a kind of classification as results on the tested items are compared with the limits defining the different classes. This means that the attribution of the class can be considerd as a statement of conformity and therefore the appropriate aspects of ISO 17025:2017 to be considered.

Where further inferences are made by including knowledge and professional judgement of a technically qualified person, then the laboratory declaration should be considerd as an Opinion and Interpretation.

42.2 Question on Statements of Conformity

ISO/IEC 17025:2017 states with respect to statement of conformity in clause 7.1.3 “When the customer requests a statement of conformity to a specification or standard for the test or calibration (e.g. pass/fail, in-tolerance/out-of-tolerance), the specification or standard and the decision rule shall be clearly defined. Unless inherent in the requested specification or standard, the decision rule selected shall be communicated to, and agreed with, the customer.” To this clause a note is added “For further guidance on statements of conformity, see ISO/IEC Guide 98-4”.

Question:
What does “shall be communicated to, and agreed with, the customer” exactly mean? Does it mean that a laboratory is free to develop a decision rule at its own discretion (e.g., develop its own procedure containing a decision rule) and offer it to the customer, or does it mean that a customer should be informed about statements on conformities set out in ISO/IEC Guide 98-4 and offer him an appropriate rule?

The decision rule shall be agreed by the parties, independently from who is proposing it; see also cl. 7 of ILAC G8.

47.1 Question on 7.8.6 Reporting statements of conformity for accredited laboratories

Statement of conformity is not defined in ISO/IEC 17025. Decision rule describes how measurement uncertainty is accounted for when stating conformity with a specified requirement. Statement of conformity is not a default requirement I ISO/IEC 17025.

In many published normative documents (standards, regulatory framework) there is no decision rule, and the difficulty is a matter of contract review.

We see CABs report test results and MU with reference to limits in specification or standard without stating conformity, or describing how MU is accounted for. The discussion is if this is considered as a statement of facts, or if its any possibility of misunderstanding for the customer.

So, when a CAB reports the limits from specifications/standards, but not a statement of conformity, is this still subject to 7.8.6 and requirements of reporting the decision rule applies?

Is there any difference between testing- and calibration laboratories regarding statement of conformity?

When a CAB reports the limits from specifications/standards but not a statement of conformity and the client did not ask for a statement of conformity, subject 7.8.6, and other requirements of reporting, the decision rule are not applicable, but it is mandatory to include in the report all the information necessary for the client to check the compliance with the specifications as appropriate (for instance the uncertainty).

However, if the result is indicated in some other way (for instance, green letters, bold letters, red highlighted, marked *,…), it would be understood as a statement of conformity and all the relevant requirements are applicable.
No difference between testing- and calibration laboratories regarding statement of conformity.

44.1 Question on Different interpretation of EA Members of ILAC P8 – At least one test performed for issuing a classification report

In November 2020, an EGOLF Member made a question at EGOLF helpdesk asking if there is an existing rule about the requirement for having done at least one test in order to issue classification report of a product. A larger discussion started in the helpdesk forum and it was clear that there are no clear rules on this subject. EGOLF thinks that it is essential that rules are clear so all labs treat clients in the same way.

Our Egolf member asked his national accreditation body for their opinion about this topic and they said: It is a requirement to have done at least one test in order to write a classification report. This because ILAC P8, which is mandatory for all accreditation body’s under EA (due to INF 01), describes:
7.1 Customers of an accredited CAB may request endorsed reports or certificates which contain, or are based upon, some results of conformity assessment activities not performed under the CAB’s scope of accreditation. If an accreditation body allows an accredited CAB to include results, or outcomes based on results, for conformity assessment activities not covered by the scope of accreditation in its endorsed reports or certificates, in order to ensure that results cannot be interpreted as being for conformity assessment activities covered by the scope of accreditation, the policy of the accreditation body shall include:
a) a requirement that the accreditation symbols cannot be used, and that neither reports nor certificates nor any enclosed letters (including the paper on which they are printed) can include any reference to accreditation, if none of the results are for conformity assessment activities within the scope of accreditation; and
b) a requirement that, where any endorsed reports or certificates which contain, or are based upon, some results of conformity assessment activities not performed under the CAB’s scope of accreditation, the reported results or outcomes are clearly identified by a disclaimer (e.g. “The conformity assessment activities marked * are not covered by the scope of accreditation.”; “The result/conclusion is based on conformity assessment activities outside of the scope of accreditation.”)

During the last EGOLF meeting it became clear that not all accreditation bodies had the same interpretation. At least, one NAB allows national labs to issue accredited classification reports based on tests from other accredited labs without having done at least one test.

So what is EA´s opinion? Does EA requirement ILAC P8 clause 7.1 mean that it is mandatory to have done at least one test to perform an accredited classification report?

Similar decisions have been taken elsewhere:
CIRCABC – GNB CPR Guidance Base APPROVED ITEMS item 0014 (only applies to notified bodies) has taken the following decision:

Furthermore, EN 15725 general requirements for EXAP will be revised so there is the following requirement:
Extended application shall be undertaken by an organization accredited for the relevant fire test according to EN ISO 17025 and having also carried out at least one test. If test data are to be used from more than one organization, then the extended application may be undertaken by an organization accredited for the relevant fire test and consultation shall be made with the other organization(s) that performed the test.

The question is about a CAB that is issuing an accredited classification report without perfoming any test, but subcontracting all the tests to another accredited CAB.
Can the CAB issue a classification report as covered by accreditation without performing any test?

It should be reminded the according to the decision taken during the LCM42, “accreditation of classification and EXAP standards shall be restricted to those tests the lab is accredited for.”

The question can be splitted in two parts.

1) CAB’s accreditation scope
ILAC P8 cl. 7.1 requires that :
Customers of an accredited CAB may request endorsed reports or certificates which contain, or are based upon, some results of conformity assessment activities not performed under the CAB’s scope of accreditation.
The accreditation symbols cannot be used, and that neither reports nor certificates nor any enclosed letters (including the paper on which they are printed) can include any reference to accreditation, if none of the results are for conformity assessment activities within the scope of accreditation.
As stated in the paragraph, the requiremnt relates to the CAB’s scope, not to the scope of other accredited subcontracted CABs.
So the first conclusion is that the report can be issued as covered by the accreditation (with the Mark or references to it) if the CAB’s scope covers at least one of the tests included in the report.

2) Provided that the CAB has at least one of tests included in its accreditation scope, the second issue is if the CAB shall perform at least one accredited test of those included in the test report covered by accreditation or if it can subcontract all the tests to an accredited CAB.
Two related questions have already been discussed during LCM23 and LCM30, where it was agreed that ISO/IEC 17025:2005 does not prohibit the use of external services (there is an acknowledgement that subcontracting is allowed); the same conclusions can be extended to the application of the new edition of ISO/IEC 17025:2017.

It is deemed that the following approach shall be followed:
A classification report is based on the results of one or more tests. To ensure coherence between testing and classification, classification reports shall be drawn up by the laboratory conducting the tests.
Consequently, laboratories accredited for the purpose of notification shall only draw up classification reports on the basis of testing conducted fully or partially by themselves, unless otherwise justified by extraordinary circumstances.

37.2 Question on Ensuring the validity of results

Paragraph 7.7.1 of the ISO 17025:2017 is about the monitoring of the validity of results. The following sentence is written in the standard (English version): ‘This monitoring shall be planned and reviewed and shall include, where appropriate, but not be limited to:’

How shall we interpret this clause? Does the monitoring has to be done when it is appropriate for the test for all the relevant points (a to k) that are described in the standard or can the monitoring be done for only some of the relevant points (for instance, only point a and b, the other points should then not be done)?

Moreover, the French version seems to be less strict than the English version: ‘Cette surveillance doit être planifiée et revue et peut inclure le cas échéant, sans s’y limiter, les pratiques suivantes:’
They have “may include” instead of “shall include”

There is now a long list of possible activities. This was deliberate, in order to provoke thought about what a laboratory might do. These are more examples than explicit individual requirements.Somew overlap or duplicate others.

«appropriate» is the clue here. That is taken to be when it is suitable, a good choice amongst others, available, effective, good value, representative, meaningful etc.

The choice may be affected by the activities chosen under external meaures (cl 7.7.2) as some are more or less effective in detecting systematic (bias) rather than just random (often just SD) components of uncertainty.

We should be assessing that the laboratory has a valid and considered approach to internal and external QA activities..

38.1 Question on Importance of ILC’s

Importance of ILC’s seems to be reduced in New version of standard and updates of EA documents. Why? ILC’s should be supported as much as PT’s to improve the competence of different size laboratories.

In the new version of ISO/IEC 17025:2017

• ILCs and PTs are well defined (3.5 and 3.6)- actually is the ISO/IEC 17043 definition
• In clause 7.2.2.1 ILCs are referred in the Note 1 as a technique useful for method validation
• In clause 7.7.2 b, ILCs are equally to PTs referred as ways of monitoring of the performance of the laboratory.

So the importance of ILC’s does not seem to be reduced in the new version of the standard ISO/IEC 17025:2017 (either autonomously or in comparison to PTs).

Regarding the use of ILCs in accreditation of calibration, testing laboratories and in addition of inspection bodies and PT providers:

• In document EA 02/02 (2.2.1.4) it is said that a National Accreditation body shall ensure that it meets the relevant requirements for proficiency testing activity (EA and ILAC applicant and signatory NABs: see ILAC P9),
• The ILAC P9:2014 clause 4 there is a comprehensive analysis regarding the use of PTs ans ILCs.

So, in addition to the new version, EA policy is harmonized with the ILAC policy and hasn’t changed regarding the fit for purpose use of ILCs.

40.5 Question on Validation / Verification of methods

ISO/IEC 17025:2017 requires in article 7.2.2.1 that the laboratory shall validate non-standard methods, laboratory-developed methods and standard methods used outside their intended scope or otherwise modified. Because of this all standard methods just have to be verified due to article 7.2.1.5.
Within this context the definition of standard methods seems to be very important.
Article 7.2.1.4 gives an idea of the intention, because there is mentioned that when the customer does not specify the method to be used, the laboratory shall select an appropriate method and inform the customer of the method chosen. Methods published either in international, regional or national standards, or by reputable technical organizations, or in relevant scientific texts or journals, or as specified by the manufacturer of the equipment, are recommended.
Also the note within article 7.2.1.3 gives an idea that international, regional or national standards or other recognized specifications that contain sufficient and concise information on how to perform laboratory activities do not need to be supplemented or rewritten as internal procedures if these standards are written in a way that they can be used by the operating personnel in a laboratory.

a) If the customer of a laboratory states in the order that a specific method written by this customer (factory standard of e.g. a car manufacturer, railway company, power plant operator) or by an assocoation of manufacturers or other technical organizations, this specific method is then to be regarded as standard methods within the meaning of ISO/IEC 17025, which only be need to be verified?
b) Or are such customer-specific methods to be validated by each laboratory, knowing full well that the laboratories must work uniformly according to this procedure?

A method can be considered as a “standard” method if it meets the criteria included in the definition stated in ISO/IEC Guide 2:2004 cl. 3.2 and EN 45020:2006 cl. 3.2:
“Standard: document, established by consensus and approved by a recognized body, that provides, for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context
NOTE Standards should be based on the consolidated results of science, technology and experience, and aimed at the promotion of optimum community benefits.”

Standard methods are expected to include an indication of their performance characteristics and should be publicly available.

37.5 Question on Risk of impartiality

How often and when shall the Laboratory determine the risk of impartiality? For a client – with each request or once a year?

As given for the Risk Identification question, this needs to be ongoing and may in some cases pre-empt a new job arising. For example, a change of ownership of the lab, or of staff relationships, can be seen in advance of a job and steps taken to protect future jobs.

With the mechanisms inbuilt to the lab philosophy and practices, it becomes apparent how often and to what extent activity needs to occur. A fixed interval of once per year is very unlikely to be considered compliant.

43.2 Question on impartiality

ISO/IEC 17025:2017 requires in section 4.1.4/4.1.5, that the laboratory shall identify risks to its impartiality on an ongoing basis and, if risks are identified, shall be able to demonstrate how it eliminates or minimizes such risks.

Question:
With respect to this, is it only the laboratory, who is in charge to “manage” such risks and have procedures
to demonstrate (to the national accreditation body) that this risk management is taking place?

And what is the task of the national accreditation body in this respect?

Do the NAB just assess the existence and functioning of the risk management regarding to risks of impartiality or do the AB judge the outcome of the ongoing risk management of the laboratory?

In particular: May the national accreditation body determine or require that certain risks related to impartiality or certain relationships of the laboratory or its staff with clients or customers are unacceptable or need to be eliminated in general?

Similarly to the question on cl. 8.5 of ISO/IEC 17025 discussed during the Warsaw ISO/IEC 17025 transition workshop and the consequent answer agreed during the LC M40 (September 2020), it is deemed that the assessor should not judge the method applied by the Laboratory to perform its risk assessment but the compliance with the requirement of clause 4.1.4 should be evaluated. As stated in the standard, relationships do not necessarily present a laboratory with a risk to impartiality.
Where the assessor find that a risk is not identified by the laboratory or if a risk is not properly assessed or reviewed, and there is a proof that it affects the impartiality, then a finding should be raised.

38.3 Question on using proficiency testing items as reference materials

Is it acceptable using proficiency testing items as reference materials?

It is the laboratory’s responsibility to understand the purpose and potential limitations of such materials; it is recognised that use of materials is potentially valuable depending on what they are used for and whether other Reference or Certified Reference Materials are available.
Limitations of such materials include the potential lack of information regarding the long-term stability of the materials and the reliability of any assigned value/supporting information.

43.1 Question on Measurement Uncertainty

Our question is related to the interpretation of clause 7.6.3. Measurement Uncertainty, in particular with focus on NOTE 1.
Clause 7.6.3 NOTE 1 states “…where a well-recognized test method specifies limits to the values of the major sources of measurement uncertainty and specifies the form of presentation of the calculated results the laboratory is considered to have satisfied 7.6.3 by following the test method and reporting instructions.”
In Official Medicinal Control Laboratories (OMCL) most of the testing on medicines are carried out to verify the compliance with authorised specifications, laid down in Pharmacopoeias or in the approved Marketing Authorisation dossier of the manufacturer. Such testing is performed using well-established, fully validated test methods for which the uncertainty budget has been evaluated during method validation. Therefore, the method performance including accuracy (confidence interval and bias) and precision (as intermediate precision or reproducibility) is well-known and taken into account for setting the specification limits. The compatibility of the validation data with the proposed limits is assessed by the competent authorities during the approval of the Marketing Authorisation Dossier.
Regarding NOTE 1, compliance testing in OMCLs is performed using well-established test methods, which means compendial methods (elaborated by Group of Experts of the Pharmacopoeias and approved by the European Pharmacopoeia Commission) or methods developed and validated by the manufacturer and subsequently approved by the competent authorities. The test method (compendial method or manufacturer method) specifies all conditions and requirements for used equipment, consumables, reagents, reference standards etc., as well as the limits to the values of the major sources of measurement uncertainty (i.e. system suitability criteria) and the form of presentation of the calculated results. Additionally, the testing result is considered valid only after the repeatability is evaluated against pre-defined acceptance criteria (based on the method validation data).
Considering all the above, in our understanding the ISO/IEC 17025:2017 requirements for evaluation of measurement uncertainty (clause 7.6.3) are fulfilled for compliance testing, if the results are obtained by using well-recognized test methods (compendial method or method given by the manufacturer), provided that the described analytical procedure and reporting instructions are followed, and all uncertainty contributors are under control. This means that testing is performed by qualified personnel using suitable reference standards and calibrated/qualified equipment, system suitability criteria are fulfilled and the repeatability is evaluated against pre-defined acceptance criteria.
Consequently, according to NOTE 1, in case of compliance testing, it is considered that the OMCLs fulfil the clause 7.6.3. and are exempted from any request of evidences of systematic calculation of the measurement uncertainty, on the basis of the following elements:

1. Compliance testing is performed by following the test method and reporting instructions described in well-established methods, which have been validated by the manufacturer and subsequently approved by the competent authorities.
2. The applied test method specifies all conditions and requirements, as well as the limits to the values of the major sources of measurement uncertainty and the form of presentation of the results.
3. The validity of test result and control of uncertainty contributors are ensured by the OMCL via the fulfilment of the system suitability criteria and pre-defined repeatability acceptance criteria.

Glossary:
Compliance testing: tests performed, using well established official or validated analytical procedures to verify that a pharmaceutical substance or medicinal product examined conforms to the specification limits given in the monograph or in the marketing authorisation dossier.
Marketing Authorisation Dossier: the dossier for marketing authorisation (called Marketing Authorisation Application (MAA) in the European Union) contains all data for the registration of the pharmaceutical drug, proving that the candidate drug has quality, efficacy and safety properties suitable for the intended pharmaceutical use. During the Marketing authorisation process the evidence to support a medicinal product, in relation to its marketing, finalised by granting of a licence to be sold are reviewed and assessed. This process is performed within a legal framework defining the requirements necessary for successful application to the regulatory authority, details on the assessment procedure (based on quality, efficacy and safety criteria), and also the circumstances where a marketing authorisation already granted may be withdrawn, suspended or revoked.
System suitability criteria: performance limits designed to ensure the adequate performance of the analytical procedure. These criteria are to be fulfilled before proceeding to the analysis of the sample.

From ISO/IEC 17025:
7.6.3 A laboratory performing testing shall evaluate measurement uncertainty. Where the test method precludes rigorous evaluation of measurement uncertainty, an estimation shall be made based on an understanding of the theoretical principles or practical experience of the performance of the method.
NOTE 1 In those cases where a well-recognized test method specifies limits to the values of the major sources of measurement uncertainty and specifies the form of presentation of the calculated results, the laboratory is considered to have satisfied 7.6.3 by following the test method and reporting instructions.

According to the definition given in ISO/IEC Directives Part 2 §24, the Notes in a standards are used for giving additional information intended to assist the understanding or use of the text of the document; in fact the document shall be usable without the notes. Notes shall not include any requirements (shall) or any information con¬sidered indispensable for the use of the docu-ment, any recommendations (should) or any permissions (may).
Notes cannot overrule any requirement stated in the standard.

The approach explained in Note 1 is already reported in the GUM, focusing the attention on the case where a well-recognized test method is used and sources of uncertainty are minimized (by use e.g., of measuring instruments with maximum permissible errors within specified limits, environmental influences, such as temperature and relative humidity maintained within specified limits, well-documented control of laboratory procedures, and well-documented competency of measurement personnel).
By controlling those sources of variability within prescribed limits, the measurement uncertainty associated with a best estimate of the measurand is assumed to be negligible, is not explicitly evaluated, and plays no role in an accept/reject decision.
The main issue of the Note is then about the significance of MU with respect to decision rules, rather than the MU itself, as reported in the question that relates to compliance testing.

Even where conditions of Note 1 occur, the following shall be fulfilled in any case:

1. Even if it is deemed that the laboratory is not required to evaluate measurement uncertainty systematically (meaning for each measurement result), the laboratory shall in any case ensure that it can properly perform the methods, achieve and maintain the required performances (cl. 7.2.1.5 of ISO/IEC 17025).
2. Even if cl. 7.6.3 is considered satisfied, clause 7.6.1 is still a requirement to be fulfilled: the laboratory shall identify the contributions to measurement uncertainty with respect to its specificity because, although information on MU contributions are available in the test method (which specifies all conditions and requirements, as well as the limits to the values of the major sources of measurement uncertainty and the form of presentation of the results), there can be other sources of uncertainties due to laboratory specificity.
   These contributions, if existing, will need to be identified to demonstrate that the measurement uncertainty of the externally validated method, as applied by the laboratory, remains compatible with the objective of the method and in that case the laboratory cannot be exempted from the obligation to assess its measurement uncertainty.
3. Cl. 7.8.3.1.c of ISO/IEC 17025 is still a requirement to be fulfilled by the laboratory.
   MU shall be evaluated, because it shall be reported in the test report ,when:
   – it is relevant to the validity or application of the test results
   – a customer’s instruction so requires
   – the measurement uncertainty affects conformity to a specification limit.

40.6 Question on Confidentiality by using common computer platforms

ISO/IEC 17025:2017 requires in article 4.2.1 that the laboratory shall be responsible … for the management of all information obtained or created during the performance of laboratory activities. … all (other) information is considered proprietary information and shall be regarded as confidential.

If a laboratory operates a common computer platform with another legal entity, the question arises as to how comprehensive this confidentiality should be considered.
a) Is permitted that the other legal entity can see the name, address etc. of the laboratory´s customer on the common computer platform if there are legally enforceable commitments on confidentiality toward third parties with the other legal entity?
b) Is permitted that the other legal entity can see also test results, test reports etc. if there are legally enforceable commitments as above mentioned.
c) If (a) or (b) are answered with “Yes” shall be the laboratory´s customer be informed in advance, since this considered as “placed in public domain”? (article 4.2.1: The laboratory shall inform the customer in advance, of the information it intends to place in the public domain)
d) Would the answers with respect to the questions as mentioned as above be identical or different if the laboratory is part of the same legal entity with which it shares the common computer platform but this other organizational unit is not part of the accredited area?

If a laboratory operates a common computer platform with another legal entity then the requirements set in ISO/IEC 17025:2017 about confidentiality shall apply: legally enforcement commitments shall be in place between the laboratory and the providers of the common computer platform and access to records shall be consistent with the confidentiality commitments agreed with the customer or established by legal obligations (cl. 4.2 and 8.4.2).

According to cl. 4.2.1 ISO/IEC 17025, if the laboratory intends to place information in the public domain then the customer shall be informed.

41.1 Question on Management Review clause 8.9.3 b)

By auditor standpoint, what is it expected to find in practices in a laboratory fulfilling the clause 8.9.3 b)? “The outputs from the Management Review shall record all decisions and actions related to at least: ..b) Improvement of laboratory activities related to the fulfilment of the requirements of this document.”

Records shall give evidence that the laboratory’s management has pursued the achievement of the improvement of laboratory activities already established in the management review, with respect to the ISO/IEC 17025 requirements.

As an example, the management review has certain inputs required, if we take internal audit, the management will discuss the implementation of the programme and concerns raised overall, trend analysis etc. This may well lead to the management team implementing changes to laboratory activities to improve the performance and compliance with external and internal requirements, this will need to be recorded as an output and this would address the clause as detailed in 8.9.3(b).

It is also important to state that there may well be no output from the management system review related to improving laboratory activities, this fully depends on the status of the system at the time. You have to balance the inputs with regards to the expected outputs.

42.4 Question on Externally provided products and services

ISO/IEC 17025:2017 permits the laboratories to use externally provided products and services. So, ISO/IEC 17025:2017 gives in section 6.6.1 a note with examples for these products and services (e.g. calibration services, sampling services, testing services, facility and equipment maintenance services, proficiency testing services and assessment and auditing services).

Question: Does these section permits this use of services just in special cases like sudden breakdown of personnel or equipment, or does these section permits the laboratories to be free in choosing if these services will be done permanently by an external service provider if this service provider meets the requirements given by ISO/IEC 17025?

Relevant requirements can be found in the following clauses of ISO/IEC 17025:

Cl. 5.3
The laboratory shall only claim conformity with this document for this range of laboratory activities, which excludes externally provided laboratory activities on an ongoing basis.

Cl. 6.6.1
a) are intended for incorporation into the laboratory’s own activities;
b) are provided, in part or in full, directly to the customer by the laboratory, as received from the external provider;
c) are used to support the operation of the laboratory.

Cl 7.1.1.
c) where external providers are used, the requirements of 6.6 are applied and the laboratory advises the customer of the specific laboratory activities to be performed by the external provider and gains the customer’s approval;
NOTE 1 It is recognized that externally provided laboratory activities can occur when:
— the laboratory has the resources and competence to perform the activities, however, for
unforeseen reasons is unable to undertake these in part or full;
— the laboratory does not have the resources or competence to perform the activities.

In application of cl. 5.3 of ISO/IEC 17025, the CAB can’t claim accreditation for externally provided laboratory activities performed on an ongoing basis.
The laboratory can choose to have pemanent externally provided services as those defined in the Note of cl. 6.6.1 of ISO/IEC 17025; Note 1 of Cl. 7.1.1.c will also apply.

42.3 Question on Resource Requirements

ISO/IEC 17025:2017 requires in section 6.1 “The laboratory shall have available the personnel, facilities, equipment, systems and support services necessary to manage and perform its laboratory activities.”

Question: In case that the laboratory is using external personnel, facilities, equipment etc, does “available” means that the laboratory has access to this as personnel, facilities, equipment etc. or does this require written contracts describing a certain power of disposal with respect of personnel, facilities, equipment etc.?

The agreement for the use of external sources like personnel, facilities, equipment, systems and support services shall be recorded (ref. 8.4 ISO/IEC 17025) and shall demonstrate that all of them are available to the laboratory for the maintenance of the accredited status and are operated according to all the requirements set in ISO/IEC 17025.
The agreement shall also not be in contrast with any of the requirements set by ISO/IEC 17025, by the NAB and by national laws.

40.2 Question on In-house calibration

As per Clause 6.4.6 of ISO 17025:2017:
6.4.6 Measuring equipment shall be calibrated when:

• the measurement accuracy or measurement uncertainty affects the validity of the reported results, and/or
• calibration of the equipment is required to establish the metrological traceability of the reported results.

It follows that as long as the above criteria are applicable, a laboratory will have to calibrate the measuring equipment. The laboratory may opt to perform the above mentioned calibration(s) in-house. The laboratory would then need to comply to the requirements of ISO 17025:2017, for these in-house calibrations.
Do the accreditation bodies agree that when a laboratory performs in-house calibrations for such measurements, then the laboratory will also need to comply with the below requirement in relation to participation in applicable interlaboratory comparisons?
7.7.2 The laboratory shall monitor its performance by comparison with results of other laboratories, where available and appropriate. This monitoring shall be planned and reviewed and shall include, but not be limited to, either or both of the following:
a) participation in proficiency testing;
b) participation in interlaboratory comparisons other than proficiency testing.
7.7.3 Data from monitoring activities shall be analysed, used to control and, if applicable, improve the laboratory’s activities. If the results of the analysis of data from monitoring activities are found to be outside pre-defined criteria, appropriate action shall be taken to prevent incorrect results from being reported.

ISO/IEC 17025:2017 cl. 7.7.2 requires laboratories to monitor the performances of their activities by comparing their results with other laboratories, where available and appropriate. This is true for all lab activities, including internal calibrations.
The laboratory shall plan its participation in PTs using a risk-based approach (ISO/IEC 17025:2017 cl. 8.5) taking into account also internal calibration, and ILAC P9 and EA-4/18 do not give additional rules concerning in-house calibration.
As a consequence the appropriate approach of the laboratory to PT for internal calibration will depend on the specific context and activity performed and on the outcome of the risk assessment performed by the laboratory.
If there is a calibration PT not covering the calibration of auxiliary measurands (done as internal calibration, not offered to customers as accredited calibration) then an additional PT should be planned for this particular internal calibration on a risk-based approach.
It is also acknowledged that there are lab activities where participation in PT for in-house calibration would be critical or would be the unique available choice, i.e. where calibration is the dominant factor for bias’s result.
Furthermore, the choice of participating in PT for internal calibration should not be based merely only on economic reasons and shall ensure that the customer requirements and needs are met.
In any case all the 17025 requirements shall be applied in same way for internal or external calibration.
The standard requires participation in PTs “where appropriate” (cl. 7.7.2) that is taken to be when it is suitable, a good choice amongst others, effective, good value, representative, meaningful etc.

 36.2 Question on §5.3 Range of activities: what level of detail can be required?

Referring to clause 5.3 in ISO/IEC 17025:2017, what is a sufficient level of detail in a CABs documented and registered range of laboratory activities for which they claim compliance to the standard?

Does the documented range of activities need to contain details in line with ISO/IEC 17011:2017 clause 7.2.1c and clause 7.8.3? If so, can NABs define the limits of capability, where applicable, to be included (such as objects, instrumentation, parameters, measurement ranges, measurement uncertainties, etc…)?

ISO/IEC 17025:2017 requires a laboratory claiming conformity with the Standard to express a scope defining the boundary of the competence claimed. If a laboratory is involved also in Accreditation this will equal or exceed the scope agreed with the Accreditation Body, but need not necessarily be expressed in such detail as the Accreditation Body and ISO/IEC 17011 may require for the scope of accreditation.

An important point is that no CAB may depend on an AB for its conformity. It follows therefore that the Lab may use the scope given by the AB as its description if it wishes but this should be presented directly and kept up-to-date. It should not be just a link to the AB’s website as this would constitute a dependency

40.3 Question on Requirements for test reports

Is it necessary to report within the test report the method used including date of issue or the revision (regardless if test methods based on standards or SOPs)?
Background:
ISO/IEC 17025:2017 requires in article 7.8.2.1: “Each report shall include at least the following information, unless the laboratory has valid reasons for not doing so, thereby minimizing any possibility of misunderstanding or misuse: … f) identification of the method used”.
Therefore it is necessary to clarify if within the test report the identification of the method used shall include the date if issue or its revision. Within this above mentioned article the date of issue is not required in detail (like some other very detailed requirements).
As some surveys have given as results in some countries the used tests methods (standards, SOPs) are always reported including date of issue, in other countries this is not done.
In some interpretation it is found as a requirement (interpretation of above mentioned article 7.8.2.1 f): “The results of test are only useable, meaningful and useful if the methods used are specified. The unique name of a method shall include at least the short title ant the date of issue. This applies regardless of whether it is a standard, an assimilated method or an in-house test procedure.”
Also the ISO/IEC 17025:2017 permits to do not so in case of valid reasons. What are “valid reasons” to do not so?
Further the accreditation certificate includes sometimes the test method including the date of issue (e.g. Germany, Italia, Poland, UK) and sometimes not (e.g. France, Netherlands, Spain, Sweden).

Requirements concerning methods used by laboratories are set in ISO/IEC 17025:2017:

• laboratories shall ensure that they use the latest valid version of methods (cl. 7.2.1.3 )
• test/calibration report shall include the identification of the method used (cl. 7.8.2.1.f)
• the results shall be provided accurately, clearly, unambiguously and objectively (cl. 7.8.1.2)

Requirements for accreditation scopes in the field of testing are defined in ISO/IEC 17011:2017, but no references to issuing date /revision status are mentioned.
Taking into account the above mentioned requirements, even if it is not explicitly required to include the issuing date/revision status of standard methods in test reports, it is believed that it should be a good practice, at least for standard methods, to report it in order to improve comparability of test results among laboratories.
It is clear that this approach doesn’t apply to laboratory developed methods, but in that case the traceability of the revision status is ensured by the lab document control (it is always possible to find what version was used at the issuing of the report),
The “valid reasons not to include the information” recalled in cl. 7.8.2.1 concern to very specific cases where the issue/revision date of the method cannot be specified in the test report for mandatory reasons (i.e. like stakeholder Regulations, WADA); if it is the case, any deviations shall be agreed in the contract.
Note: it should be highlighred that cl. 7.8.1.3 gives the possibility to laboratories to report results in a simplified way.

40.8 Question on Test report / separated test reports for each sample

Sometimes laboratories receive requests from customers to emit separate test reports under a single request of testing on different samples and different tests. For example, the customer requests series of tests to verify compliance to different national legislation on different samples. Instead of having a unique test report separated test reports are required for each sample and each legislation, as well as for each single test.
Those kind of requests are sometimes due to different testing duration: one test can be completed in one single day, others in weeks or months; Sometimes since it is necessary to show to the final customer, and they can be in different countries, compliance to the interested legislation, and not on legislation of other countries, of the single sample they are ordering.
Is it admissible or the laboratory have to issue a unique test report with all results, or at least a comprehensive test report and then other separated ones?

If the customer requests the laboratory to issue separate test reports for the same sample being analysed, then the contract between the lab and the customer should clarify all the details of the agreement (ref. 7.1.1 & 7.8.1 ISO/IEC 17025:2017).

Where different test reports for the same sample are issued to comply with legislation from different countries, then those reports shall include the same information concerning the sample being analysed, the activites performed and the obtained results, with a cross reference linking each other.

The practice of issuing separate test reports for the same samples shall be managed in order to avoid or minimize any possiiblity of misunderstanding or misuse (ref. 7.8.2.1 ISO/IEC 17025:2017).

42.1 Question on Reporting – ISO/IEC 17025:2017 Cl. 7.8.2.1 l)

A laboratory issues test reports under accreditation, and includes a unique serial number of the product tested in the test report. A statement as required by ISO 17025:2017 Cl. 7.8.2.1 l (a statement to the effect that the results relate only to the items tested) is not included. The laboratory states that the serial number is a unique identification of the sample tested.

• Is this in compliance with ISO/IEC 17025:2017?

When the answer is No:

• Is this acceptable when the laboratory agrees with the customer (in writing) that the statement can be waived? (also refer to ISO/IEC 17025:2017 Cl. 7.8.1.3)

No, the required statement is needed in all test reports to make clear to any user that the results cannot be extended to other items (i.e. cannot be interpreted as lot approval, product certification or inspection activities).

45.1 Question on Test Reports, ISO /IEC 17025 Clause 7.8

The standard ISO/IEC 17025 does not specify in clause 7.8 if it possible to issue more than one test report following a single test.
This happens if one or more customer submits a joint test request, (e.g., in order to reduce the costs of expensive tests) but asking then to have, for each of the customer, a separate test report.
So, is it possible to issue separate test reports for the different customers, having conducted a single test, and under which conditions?
Please, consider that there are interpretation documents, issued by European Laboratory association (EGOLF) where this is considered acceptable and regulated

Clause 7.8.2.1 of EN ISO/IEC 17025:2017 requires reports to contain information to minimize any possibility of misunderstanding or misuse of results.

For this reason, when reporting results from a joint request to mutliple customers, it can be regarded as useful to ensure that:
– each receiver obtains an identical »original« copy of the report, containing a statement regarding the joint ownership/request and including a clear, transparent disclosure of the identification of all joint sponsors involved and the details regarding the specimen/item/componens tested.
– when an additional, separate individual report is issued to a specific sponsor/customer, such report should contain a reference to such »original« report and a clear indication of the item/object the reported results are relating to.

45.2 Question on Amendments to Test Reports, ISO/IEC 17025 Clause 7.8.8.1

The standard ISO/IEC 17025 specifies in clause 7.8.8.1 that if it is necessary to change, amend or re-issue an already issued test report, any change of information shall be clearly identified and, where appropriate, the reason of such modification shall be included in the report (“When an issued report needs to be changed, amended or re-issued, any change of information shall be clearly identified and, where appropriate, the reason for the change included in the report.”).

Nevertheless, the standard does not specify which reasons are “acceptable” to reissue a test report.
Even on the light of document EA 2014 (33) 31 with respect to reissuance of test reports when the trade name / trademark of the tested product has changed, it is noted in this resolution just, in which cases test reports “shall” be reissued (“Test reports shall be reissued only for the correction of errors and the inclusion of omitted data available at the time of test.”)

Does this resolution limits the reasons for reissue the test report “correction of errors” and the “the inclusion of omitted data available at the time of test” or which reason can be considered as proper for the reissue of a test report?

Resolution EA 2014 (33) 31 is superseded by TMB Resolution 2021 (03) 01, which includes a reference to the relevant clause 7.8.8 of EN ISO/IEC 17025 :2017.

This resolution does not limit the possible reasons for reissuance of test reports, and other considerations regarding the reasons for reissuance of test reports are possible in the light of clause 7.8.8.1 in EN ISO/IEC 17025:2017.

It should be noted that any change, amendment or reissuance of reports requested by the customer shall not impact the integrity of the laboratory and any amendments to the reported results for whatever reason must be related to the item tested, calibrated or sampled, e.g. no data can be added / changed if not related to the actual item detailed in the initial report.

37.3 Question on Risk identification

At what level should the risk identification be made from the Laboratory according to the new standard ISO/IEC 17025:2017? On a more global scale or in detail for all processes?

Any and all risks to the validity of results should be considered and the activity required will depend if it is relevant only to narrow areas or to the activities of the lab as a whole.

Risk identification needs to be built in to the lab MS and ongoing. This requirement features throughout the Standard and is now a basic and innate philosophy. Steps required will depend on the structure and nature of the lab and of the risk found.

Note that not all risks shall necessarily result in changes, maybe some will be accepted and steps taken to minimize the impact rather than minimizing the likelihood of occurrence.

Identification by top management at Management Review is unlikely to suffice. This should be open to all staff who are involved and may be generated by mechanisms to suit the nature of the lab organization.

40.7 Question on Judgement of risk-based approach

Is it within the assessment of CABs a requirement to judge the risk-based approach of the CABs or just to check if it was done and that within the assessment no findings have been identified which would not be occurred if the risk based approach would have been done in a proper way?
In several standards like ISO/IEC 17025 or other standards within the ISO/IEC 17000 family there are requirements concerning risk-based approaches. The CABs are requested identifying and analysing these risks and if they are concerned about some of these risks, they have to initialize action to avoid or minimize these risks. But in none of these standards an information is given with respect of the necessary level of documentation, the necessary level of analysing risks, a distinction between “critical” or “non-critical” risks or that this approach or analysis are to be judged by the NABs with regards to the content.

The question has been discussed during the Warsaw ISO/IEC transition workshop: the assessor should not judge the method applied by the Laboratory to perform its risk assessment but the compliance with the requirement of clause 8.5 should be evaluated.
Where the assessor find that a risk is not identified by the laboratory or if a risk is not properly assessed, and there is a proof that it affects the validity of the results to then a finding should be raised.

40.1 Question on Soil sampling

Background information
This questions rising during the accreditation of environmental testing of soils and formulating the scope of accreditation for sampling in accordance with the requirement of ISO 18400 series of standards.
Fig.1 (page VІІ) „Links between the essential elements of an investigation programme“ of ISO 18400-102 “Soil quality – Sampling – Part 102: Selection and application of sampling techniques” and the similar fig.1 (page VІІI) of ISO 18400-104 “Soil quality – Sampling – Part 104: Strategies”, describing sequence and subordination of essential elements for soil testing.
We would like to ask following questions:

1. What part of this standard give the requirements for sampling method? ISO 18400-102 “Soil quality – Sampling – Part 102: Selection and application of sampling techniques” give requirements for the sampling method, or give requirements only for sampling devices?
2. What part of this standard is mandatory to assess (to witness) during the accreditation process (onsite assessment) for “sampling method” of soils? What part of this standard should be given in the scope of accreditation for “sampling method” of soils?
3. Granting accreditation for soils sampling only according to ISO 18400-104 “Soil quality – Sampling – Part 104: Strategies” (without granting accreditation for ISO 18400-102 “Soil quality – Sampling – Part 102: Selection and application of sampling techniques”) is correct, or this part (ISO 18400-104) gives only design of sampling programmes?

ISO 18400 Standard part 104 gives only design of sampling programmes (planning) and should be accredited always in combination with ISO 18400 part 102 (or other similar standards) which give the sampling methods (techniques) and not only requirements for equipment.

Note: the ISO 18400 series will probably replace the ISO 10381 series soon.

38.2 Question on ISO/IEC 17025:2017 5 Structural requirements

In the case of accreditation of multiple site laboratories, can the head of the central laboratory transfer the power to approve and issue the test report to the head of the site laboratory?

There is no such requirement in the Standard that in the case of multisites test reports are approved and issued only by the head of the central laboratory (nor who can perform this activity in any case).

The laboratory (management) shall ensure which personnel have the competence to report/review results and authorise the test report as per cl. 6.2.6 and 7.8.2.1o. In multisites it makes more sense that this authorisation is given to personnel that are on site and involved in the day to day activities.

As multi sites, nowadays, normally are linked with LIMS with the central laboratory and personnel from there could be authorised to have access to the data and information (as per cl. 7.11) then test reports could be approved and issued by an authorised personnel from the central lab, if needed.

However, we shall take in mind that there might be areas that are regulated and there are legislative requirements that define who is responsible for authorising test reports.

41.2 Question on Facilities and equipment outside the labs permanent control

ISO/IEC 17025 permits the laboratories to use facilities and equipment outside its permanent control. So, ISO/IEC 17025 requires in section 6.3.5 “When the laboratory performs laboratory activities at sites or facilities outside its permanent control, it shall ensure that the requirements related to facilities and environmental conditions of this document are met” and in section 6.4.2 “When the laboratory uses equipment outside its permanent control, it shall ensure that the requirements for equipment of this document are met.”

Does these section permits this use of facilities or equipment just in special cases like, breakdown of own equipment, very special equipment, which is for example just at the producers facilities, or does these section permits the laboratories to be free in choosing if the tests will be done with its own equipment or for example with the equipment of some other, if the requirement for the facility (e.g. like environmental conditions) or the equipment (e.g. like calibration) meets the requirements given by ISO/IEC 17025 and the special test requirements?

ISO/IEC 17025 does not prevent the use of facilities or equipment that are outside the laboratory permanent control; therefore, as long as all ISO/IEC 17025 relevant requirements are fullfilled, laboratories can choose which equipment and/or facilities can be used.

However, the accredited laboratory will be still fully responsible for ensuring that the environment and equipment are suitable for the intended use, and that a risk based approach has been applied to the specific issue, covering also impartiality.

37.4 Question on ISO/IEC 17025 :2017 7.2.2.1 Standard methods used outside their intended scope

If a CAB wants to use a standard method outside their intended scope, is there any boundaries for that? (e.g. a water standard for fuels, or salted peanuts)?
Does it have to be flexible?
Our National Standardization Body has a problem with extension: in their opinion, it isn’t possible, only if CABs use their own method name. What are your experiences?

In this application, it could not be considered and described simply as a standard method. It would need to be described as : in-house method« adapted from» or «based on ».

The accredited scope (whether it is fixed or flexible) would have to be drafted to show whatever boundaries of competence had been assessed and agreed with the laboratory.

In any case the proposed method would need to be » validated « for use in the intended application especially as any standard method «validation» would have been conducted in very different circumstances.