Eurachem Blog

ISO/IEC 17025:2017 – First impressions

17025 2017The new version of ISO/IEC 17025 - General requirements for the competence of testing and calibration laboratories - has slipped in under the wire to become ISO/IEC 17025:2017. What can laboratories expect to see when they read the new Standard? We take a look.


A new structure

At first sight, the Standard looks completely different from the 2005 edition. It has a new structure, closely aligned with all recent 17000-series standards from the CASCO stable. The 2005 edition was split into Management requirements and Technical requirements, appearing in that order. More recent CASCO standards have five sections: General requirements (which cover impartiality and confidentiality); Structural requirements, covering the nature and legal status of the organisation accredited; Resource requirements, a substantial section dealing with personnel, facilities, laboratory environment and equipment issues; Process requirements, which include contract review, many of the familiar method selection, validation, measurement uncertainty and reporting requirements and, finally, Management requirements.

New emphasis

The large difference in structure does not, however, signal great changes in most of the familiar technical elements of 17025. Laboratories are still expected to train staff, to calibrate equipment properly, to validate their methods, and to evaluate and report measurement uncertainty where appropriate. The distinction between reporting requirements for calibration and testing remains. What does seem to have changed is the emphasis on different elements. The most prominent example of this is the new emphasis on metrological traceability (see our Eurachem Guide on Traceability for more on this topic). In 17025:2005, the term ‘metrological traceability’ barely made an appearance; metrological traceability was addressed by requirements for calibration. In 2017, metrological traceability has a whole new subclause of its own, tucked into Resource requirements, and a two-page informative Annex. We’ll return to metrological traceability below.

We also see an emphasis on conformity assessment; instead of the 2005 edition’s occasional reference to statements of compliance with specifications (for example in the reporting requirements), conformity assessment, too, has a detailed subclause on reporting statements of conformity and – unlike the 2005 edition – the detail applies in full to both testing and calibration certificates. Although the practical change is not large, we do notice an explicit requirement to document the decision rule used in conformity assessment. Establishing clear decision rules is a key element of Eurachem’s guidance on the use of uncertainty in compliance assessment. Another, smaller, shift in technical emphasis is on sampling, where we see clearer more detail in the requirement for sampling and pre-treatment and a clearer set of factors to be recorded. The standard also has a stronger focus on information technologies and (according to the ISO News release) “ … incorporates the use of computer systems, electronic records and the production of electronic results and reports”.

New management system options

The big changes, however, are in the management system parts of the Standard. The most obvious change is that two broad options are now set out (labelled as options A and B). The first option is to comply with an explicit list of requirements, which broadly follow those in the 2005 edition. The second is important for laboratories already meeting ISO 9001 requirements for management systems; it simply requires a 9001-compliant management system that meets all the relevant requirements of the new 17025. We think that this makes it simpler for laboratories to manage implementation of the two standards; it is much clearer that a laboratory can cover many of the management system requirements using 9001-compliant processes and documentation, with no need for a separate set of documentation for 17025. This is also aided by the “process approach”, emphasised by the section on “process requirements”, which matches that of newer standards such as ISO 9001 (quality management), ISO 15189 (quality and competence of medical laboratories) and ISO/IEC 17021-1 (requirements for audit and certification bodies).

The other substantial shift – mainly affecting management system requirements – is the appearance of a strong emphasis on “risk-based thinking”. The word “risk” appears over 30 times in the document, compared to only four appearances in the 2005 edition. In the 2017 edition, risk identification is included in management reviews, and there is a whole new subclause, “Actions to address risks and opportunities”, listing management system requirements for considering risks and opportunities. As a result of this shift to risk-based thinking, there is no longer any reference to “preventive actions”; this is essentially replaced by the new clause on addressing risks and opportunities. Although a Note makes it clear that there is no requirement for formal risk assessment methodologies, this new emphasis on consideration of risk will clearly have assessors looking for evidence of compliance with the new clause. We do not think that this will necessarily place a new load on laboratories; those who already undertake regular management reviews that look at improvement opportunities are, we think, likely to find that they already meet most of the requirements here. But the idea of risk-based thinking does, according to the Standard’s Foreword, “… [enable] some reduction in prescriptive requirements and their replacement by performance-based requirements”. It remains to be seen whether laboratories will be able to use this extra flexibility in practice.

More - or more visible - metrological traceability

Returning to technical issues, we have already drawn attention to the new and explicit emphasis on metrological traceability. The main technical requirement, of course, is the same; laboratories are expected to calibrate their equipment appropriately, and that requirement already implied a need to demonstrate that suitable measurement references had been chosen. The new Standard, however, includes a very clear requirement to have documentation of the calibration chain(s). This new paragraph may need some interpretation; if over-interpreted, it could have laboratories scrambling to prepare new, intricate, charts of traceability chains all the way back to the national measurement institute. This is clearly unreasonable – testing laboratories simply do not have that information – so we think that this is not the intent. Rather, we think this new requirement can largely be met from existing documentation. Laboratories already have to document the source of their measurement standards, calibration and CRM supplies in order to show that they meet the 17025:2005 requirements; this already makes it possible to show a documented chain of calibrations from measurement results to the standards used in the laboratory. And 17025:2017’s new, informative Annex does make it clear that evidence such as supplier accreditation to ISO 17025 can be taken as evidence that the supplier has established metrological traceability, making it unnecessary for the laboratory to assemble further documentation.

Supplier conformance to conformity assessment standards also appears in relation to reference material producers and proficiency testing providers. For both of these, notes in the new 17025 state that suppliers conforming to ISO 17034 and ISO 17043, respectively, can be taken as competent. In the case of ISO 17034:2016, a rather recent standard, this may take some time to establish unless accreditation bodies consider Guide 34 compliance in the transition period.


In summary, 17025:2017 differs much less from 17025:2005 than it appears at first sight. There are structural changes in the document, but the technical changes do not seem to be large, and most simply clarify existing requirements. As the CASCO working group convenor, Steve Sidney, explains on video, “A lot of the content of the standard is very similar”, while the changes in management system requirements, risk-based thinking and process orientation should leave laboratories with more flexibility in implementing the standard.

Steve Ellison
Kyriacos Tsimillis