Integrating ISO 9001:2015 with ISO 17025

  • by gcarroll@fasttrackaust.com (Greg Carroll)
  • 11 Oct, 2016
It is not uncommon for laboratories to be saddled with maintaining both ISO 17025 and ISO 9001 certification. Although it is simpler to create and implement two QMS – and to "merge" those activities which can be merged – this approach is arduous, inefficient, and prone to mistakes.

Understanding the difference

ISO 17025 is an “Accreditation” standard which means the laboratory is authorised to issue “Certifications” i.e. they have the qualifications and capabilities to issue certificates of authentication from the tests they carry out.  ISO 9001 relates to the quality and reliability of service a customer can expect from the testing company.

It is possible that competence does not translate into good customer service.  In fact it is not uncommon for hear about end user complaints with collection services and response times.  Since these components of accredited laboratory services directly impact client functions and therefore their profitability, it is not uncommon for those organisations to also request laboratories to have ISO 9001 certification in addition to expecting ISO 17025 accreditation.

The original ISO 17025 was issued in 1999 and then revised in 2005 because it was realised that ISO 9001 was not sufficient for a laboratory accreditation. It was updated after ISO 9001:2008 was issued, and it should be envisaged that similarly, it will be updated again following the release of ISO 9001:2015.

 

Why implement ISO 9001 as well as ISO 17025

This is really a strategic argument verses an operational one.  As it is the customer who pays the bill, and it will be the customer who decides to which standard they wants to refer.  Therefore, it is not uncommon for laboratories to be saddled with maintaining both ISO 17025 and ISO 9001 certification.

In addition to customer requirements, executive management may look on the ISO 9001:2015 emphasis on continuous improvement, and risk management based approach to process optimisation (see PDCA is NOT Best Practice), as strategically necessary for remaining commercially viable in the “user-pays” competitive marketplace facing testing authorities today.

Integrating ISO 9001 with ISO 17025

Although it is simpler to create and implement two QMS, and to "merge" those activities that can be merged, ISO standard certification/accreditation is relatively simple, and not complex, and the expertise to do is most likely available.  To integrate both 9001 and 17025, the lab activities should be considered as processes, with specific requirements for the methods and the management, merged or integrated under the new “Operations” section of ISO 9001:2015.

In the end, it is much better to fashion one QMS that meets the requirements of both standards. It is also relatively easy to do.  We provide those simple, effective solutions, all the time.

For those who want to get ahead of the curve as a customer service, or for the likely incorporation in future revisions of ISO 17025, I have prepared a “nominal” cross-reference (see below) between the new ISO 9001:2015 standard and ISO 17025, along with comments on the key new principles introduced in ISO9001:2015.

Click here to request a copy of the cross reference.

As this is a subjective view of a new standard, I welcome any feedback on this cross-reference. If you would like a copy of my cross reference email me at: gcarroll@fasttrackaust.com

Compensating for SharePoint Document Control Deficiencies

by gcarroll@fasttrackaust.com (Greg Carroll) 5 April 2017
The benefits of SharePoint as a content management system and information portal tool are indisputable.  With great search functionality and user definable portal pages SharePoint is now the leading Content Management solution chosen by most IT departments. But what if your business demands strict document controls protocols, not just because it’s good practice but life depends on it?  Unfortunately there is generally a poor appreciation by IT departments of the importance of document control in mission critical business. 

The Future of Digital Transformation

by gcarroll@fasttrackaust.com (Greg Carroll) 15 September 2016
Senior management have to come to grips with the fact that Digital Transformation is not an Event but rather the operating environment of 21st century business. 

Misunderstanding Innovation

by gcarroll@fasttrackaust.com (Greg Carroll) 22 August 2016
Last week saw the latest in misguided innovation talkfests, the AFR Innovation Summit #Innovation16.  For several days academics, public servants, journalists, and corporate employees put forward their insights into how Australia can develop an Innovation culture. 

How to make Audit Management Effective

by gcarroll@fasttrackaust.com (Greg Carroll) 25 July 2016
Effectiveness is the holy grail of Compliance Management.  Whether regulatory or ERM, ensuring business is conducted as intended is the base requirement to optimising your organization’s performance.

Behind compliance management failures at Mitsubishi, VW, Target

by gcarroll@fasttrackaust.com (Greg Carroll) 17 June 2016
2016 has seen a virtual tsunami of compliance failures involving some of our largest companies. From Mitsubishi to VW, from ANZ to Target, almost weekly there have been media reports about some company employees having run amok – unbeknownst to their executives and boards. People are asking: “What happened to the compliance management systems that are supposed to monitor and prevent such abuses?” Executives and boards are naturally starting to question the entire compliance management function. 

Compliance Manager role in modern organizations-Empower decision makers

by gcarroll@fasttrackaust.com (Greg Carroll) 7 September 2015
The Compliance Manager’s role in the modern organization is to enable/empower decision makers to take action and leave the building defensive walls to the Risk Manager with his heat maps. So how can compliance managers start realising their value adding role?

How to Implement Risk Based Audits & Inspections

by gcarroll@fasttrackaust.com (Greg Carroll) 18 July 2015
With the release of the Final Draft of ISO9001:2015 this week and its focus on risk-based Compliance Management, I thought I would share our approach to Risk-Based Auditing from our experience with the likes of Defence Aviation and the Australian Quarantine Inspection Service, both leaders in the field.

The 4 Biggest Mistakes in Compliance Management

by gcarroll@fasttrackaust.com (Greg Carroll) 3 July 2015
Mere compliance with a Framework is an insufficient audit approach; it is critical to assess whether it is current, timely, communicated broadly, and meets the needs of the business. The 4 biggest mistakes are:       Not being Outcome focused      Not using Risk base targeting      Not Value Adding      Not being timely

Why Corporate Governance is broken and how to fix it

by gcarroll@fasttrackaust.com (Greg Carroll) 28 May 2015
Why, with the number of fertile minds that exist in our field, is it still a case of an irresistible force meeting an immovable object.  The paradox I believe, like our would-be entrepreneurs, is one of approach.

21 Best Practices in Workflow Management

by gcarroll@fasttrackaust.com (Greg Carroll) 22 April 2015
Return of Investment (ROI) does not come for automating a process but from using it to add value.  Value adding comes from targeting time and resources, risk based thinking, and Business Intelligence where they can deliver the greatest benefit to achieving the organisation’s strategic goals. 
Show More
Share by: