ISO/IEC 17025 2017 Major Updates

The International Organization of Standardization and International Electrotechnical Commission (ISO/IEC) are a joint committee formed to create standards for information technology and communications. To be more specific, ISO/IEC 17025:2017 refers to a set of standards put forth for laboratory operation. Compliance to this standard helps to ensure competence, impartiality, and consistency when reporting results. The 2017 version is the most recent update made to the ISO/IEC rules. To better assist you, we’ll go through the requirements and explain what you need to know.

The clauses outlined in the standard define what is necessary for an ISO/IEC certified lab. Starting from clause four, labs have to help ensure impartiality of their results. This means risk assessment for possible breaches of impartiality, risk reduction (by eliminating or reducing factors contributing to it), an action plan for this implementation, and a signed document from management to show commitment to this plan of action. Additionally, labs should put forth this information for customers. Finally, tests are generally assumed to be confidential. Any changes the lab makes must mention if they wish to make testing public. Lab staff must all sign a confidentiality agreement.

In clause 5, the rules explain what is necessary to be structurally defined as compliant. And no, this doesn’t mean constructing a new wing to get licensed! The meaning of ‘structural compliance’ is that the organization and management structure have certain requirements. This also includes the kinds of laboratory activities permitted, documentation on these procedures, who will be responsible for this implementation, and the integrity of this system itself. Boiling this down, we see that what ISO/IEC requires is who is keeping track in this lab, what is being done and how, and how the system integrity is being monitored.


When it comes to subcontracting testing methods that are within the laboratory’s accreditation scope (e.g. methods the lab would like accredited or has accredited), the new standard only allow subcontracting that work  if staff become sick, if there’s too much work, or if equipment maintenance or malfunction prevents it. This means that subcontracting is now only allowed for extenuating circumstances. In the new version, deputies are no longer necessary, but the lab must record their activities.

Clause 6 includes rules on resources in the lab. This means it’s necessary to track resources such as lab personnel, equipment, or facilities and evidence showing how each resource is impartial. This doesn’t mean everyone who works in the lab, but anyone who could influence the lab activities, like tests or results.

The standard also requires  a guarantee of competency. This means the lab can show evidence of education, training, skills, technical knowledge, experience, and qualification were considered to measure competence in the lab. Besides these methods, there must also be a trail of how this is being monitored. It can be by training records, by supervision, selection for training, authorization, and monitoring employees who are competent enough to train. The standards also define who's allowed to receive this sort of training. Unlike the 2005 version of the standard, job descriptions and efficiency of the training is no longer monitored. This means that according to the 2017 version, you no longer need a separate assessment to determine whether or not an associate can do a particular procedure well following training. But, monitoring and supervising personnel is now required in the 2017 version. In this way, a supervisor is now in charge of making sure an associate is doing their job effectively.

Recording certain environmental factors for tests is now required, but isn’t the same across all labs. A factor like weather (sunny vs. overcast) may be of tremendous importance to a facility growing plants, but not to a lab creating paints and dyes. Part of this means controlling what a lab can and recording what it cannot. This means controlling something like whether or not a testing solution is past its best buy date, and recording, if necessary, meteorological contions if they affect certain tests.

Clause 6.3 details a lab can control who accesses the labs or keeping the work areas free from contamination and that in fact it must, but this hasn’t changed since the 2005 version. Clause 6.4 dictates that between the past and present versions of these guidelines, standards, materials, references and software are now considered equipment. Rules are also put forth for maintenance and calibration. Procedure for handling, transporting, using, and the planned maintenance for anything classified as equipment must be recorded. This helps to track dependable results in your lab, and traceability of inventory.

Clause 6.5 defines metrological traceability. It’s defined as “the property of a measurement result whereby the result related to a reference through a documented unbroken chain of calibrations, each contributing to the measurement uncertainty” (1). In layman's terms, it’s a discussion of the uncertainty of any given lab factor. By keeping track of this, not only are results more reliable, they tend to be more impartial and consistent.

Clause 6.6 discusses subcontracting and includes it along with purchasing. It asks that labs have a system in place for a lab to assess, reassess and check subcontractors to make certain that they, too, are reliable. This is new and required in the 2017 version for all labs. There must be clear documentation about what's bought, competence records for subcontracting, activities performed in that lab, and so on.

In clause 7.1, there’s a discussion of requests, tenders, and contracts. How can a lab meet the requirements of a customer? What can your lab do to meet these requirements and which requirements does it currently fulfill? What kind of controls are in place for other providers if the need arises to subcontract? What methods should be used to meet the customer’s needs? And, most importantly, the 2017 version now requires that any subcontractors can work only with permission from your customers, then and only then can your lab subcontract.

Clause 7.2 discusses the method recording for tests, calibration, and taking samples. This means detailing what methods are used specifically for tests, calibration and taking samples, and that if there is a newer, more effective way to do so, it is used. This ensures unless inappropriate or impossible, the latest methods used for these tests. In the updated version, the customer must also accept these changes to the standard methods. Record-keeping for all these is of the utmost importance, as always. This is especially the case for lab-created processes.

Clause 7.3 goes more in-depth about sampling processes. Sampling methodology must be recorded for the sake of continued need for written logs. It also notes that you should include uncertainty when taking samples.

Clause 7.4 details the need for test calibration and testing in and of itself. This means every level needs to be drafted, as well as a system for all the information needed. How assignments are moved, handled, stored, retained, or disposed of are all things recorded for customers. Additionally, this clause includes the stipulation that if the customer requests data with deviations included, it's included and a disclaimer added.

7.5 discusses technical records, to give information for making decisions about the lab and testing. They contain results and the report, and contain information that can affect results. If necessary, these records should show whether a test bears repeating or any previous version of the test performed. The updated version contains information on reporting errors and mistakes, and any changes indicated in the records.

Clause 7.6, explores evaluating measurement uncertainty. This means factoring anything that could cause significant uncertainty in the testing, and if the lab is taking steps to control this. In a lab intended for calibration, all contributions to this are considered significant. Thus, it is especially important in these labs. The only major change is that if the uncertainty was already found and verified, there’s no need to find it for each result so long as factors causing it are under control.

Within clause 7.7 there is a discussion of the validity of results. This can mean using reference materials, traceable instrumentation, test replication, or control charts. There are many more methods that work to help verify tests, and these are merely a few methods. Proficiency tests and interlaboratory comparisons expected where appropriate. All activities must be reviewed and planned for validity. The 2017 version indicates that there must be different monitors in place. There must be a strategy for review of said monitors to ensure impartiality.

Clause 7.8 goes over the reporting of results for lab activities. Lab activities reported, and the guidelines for doing so are contained here. The updated rules include giving simplified reports to any customer who asks instead of internal ones. It now also requires the date of the report and the signature of the person who released it. Disclaimers about sampling when a lab doesn’t provide it and information provided to the customer must be included. Amendments, statements of conformity, and reporting opinions reported, if created.

7.9 details the process of the complaints when it comes to testing. This contains guidelines for filing complaints, and how the lab itself can deal with the complaint. This process and end result must be confirmed and approved by the original party. The original party must also be informed of the end result of the complainant as a result of said complaint. In this manner, a final action can be understood by all parties.

Clause 7.10 cover nonconforming work. It is not fulfilling a requirement for a procedure, for example not reporting a result correctly. This clause is more detailed than previous editions and details what must occur in cases where a nonconformance is found. Actions taken are based on the specific issue and whether or not it causes risk, and how it impacts the significance. Repeating these lab activities or withholding reports may be required.

The final rule of the 7th clause is the control of data and information management. This is a brand new chapter that now discusses electronic information. The system must become valid and its data protected. This rule doesn’t only apply to LIMS, but to any electronic information in a system. It sets up guidelines for every step of the process like reporting, recording, and retrieving. As an example, QBench is compliant with all the rules of 17025 for LIMS.

Clause 8 discusses the management systems for laboratories. There are two main options detailed for this, A and B. The main difference is whether a lab is already compliant with ISO 9001 or not. A assumes that the lab is already following the 9001 rules, B assumes it is not. However, if it follows the 9001 rules and clauses 4-7, then it can follow option B.

For the 8th clause, rules for management and management system documentation as well as  access have been softened. However, it does contain a new clause for this edition which details the lab finding risks and opportunities within it. This means the management should give assurances, enhance opportunities, reduce or prevent undesired impacts, and achieve improvement when it can. A facility should also plan actions to address or reduce risks and how to implement these changes.

Changes to corrective actions have been made like determining nonconformities and updating risks and opportunities. Some of the internal auditing in the 2017 version is eliminated as opposed to the 2005 version. The final change made in the 2017 version of 17025 is that management reviews have been revised. These include some language changes. There are some additions in input (like results of risk identification). Finally, there have also been details added to output such as management effectiveness and needs for change.

In general, the importance of watching for risky behaviors is placed on all staff rather than a few. This allows for fewer mistakes and better results in the lab. These rules come together to make sure that a customer can confidently say their results make sense. It makes the customers happy and it helps your lab.

Hopefully, this has helped you understand the guidelines for ISO/IEC 17025’s most recent update. Many of these rules can be a challenge to understand and even worse to try to implement in your lab. With any luck, it’s a little bit easier to wade through all of them.

Citations: World Meteorological Organization Commission for Instruments and Methods of Observation “Metrological Traceability for Meteorology”. Retrieved from