Like all infrastructures, quality standards are composed of intertwined elements, and even small changes to them can have far-reaching effects. We're all aware of how "minor changes" to traffic routing or flight schedules can cause temporary chaos. So when ISO/IEC 17025:2005--"General requirements for the competence of testing and calibration laboratories" was recently issued as an update of ISO/IEC 17025:1999, some concern was to be expected. However, the updated standard, which better serves users and aligns more closely with widely used standards such as ISO 9001, created much more confusion than was warranted by the relatively modest changes made to its content.
What was the root cause of so much distress? This article will answer that question in the hopes of allaying some of the concern and enabling a smoother transition between the older standard and its updated edition.
Protocol established by the International Organization for Standardization requires that all ISO documents be reviewed roughly every five years to ensure that documents maintain their usefulness. The review determines whether:
• The document should be cancelled and withdrawn because it has ceased to serve its intended purpose, or
• The document continues to serve a need, and no modification is required or justified before it's reissued, or
• A need continues to exist, but the document should be amended to better serve users and stakeholders before it's reissued.
A survey by the International Laboratory Accreditation Cooperation, whose prominent international members use ISO/IEC 17025 as the base criteria for their accreditations, found the 1999 version to fall into the last category.
After ILAC determined the need for an amendment, the next step was to design or define the extent and focus of the changes. Labs responding to ILAC's survey petitioned for little or no change because some respondents were still refining their approach to issues such as measurement uncertainty and traceability that arose during the transition from Guide 25 to ISO/IEC 17025:1999. About 25 percent of respondents wanted to make a quick transition to ISO/IEC 17025:2005. Acknowledging the ILAC survey responses, the ISO/IEC 17025 revision committee pursued minor changes, an approach that ultimately proved to be a source of confusion.
Another source was the different interpretations applied to the term "align." Many overviews and presentations stated that ISO/IEC 17025:2005 "aligned" with ISO 9001:2000. That's much too broad a definition for what really happened. The key to understanding the caliber of updates is found in the introduction to ISO/IEC 17025:2005. It states, "In this second edition, clauses have been amended or added only when considered necessary in light of ISO 9001:2000… to incorporate all those requirements of ISO 9001 that are relevant to the scope of testing and calibration services.…"
In other words, elements of ISO/IEC 17025:1999 were modified to include specific ISO 9001:2000 requirements, but the latter standard's context of process-based concepts and management approach were neither intended nor provided.
The limited-requirements approach of ISO/IEC 17025:2005 doesn't preclude an organization from advancing to, and benefiting from, the process-approach paradigm; but ISO/IEC 17025:2005 by itself isn't sufficient for such a transformation. Outlining the significant effort required for that goal lies beyond this article's scope. We'll focus instead on understanding ISO/IEC 17025:2005 in its present form and providing a few recommendations.
Slow, gradual change is to be expected for documents such as ISO/IEC 17025. The standard's content and use, particularly the resulting test results or calibration certificates, are critical to establishing satisfaction with statutory and regulatory requirements, objective evidence for litigation and judgments, due care during research, and accurate data for process and product control. Until changes to the standard have been validated through use, they have a potentially disruptive effect on risk management and the acceptability of laboratory results as sustainable, objective evidence. Additionally, new approaches in the standard could create different results from prior approaches, and those results might need to be re-examined for sustainability.
ISO/IEC 17025:2005's first drafts suffered from an unprecedented lack of copyediting, which was inconsistent with the sponsoring organizations' longstanding reputation for clarity and attention to detail. This was a disservice to the many competent professionals who volunteered thousands of hours during ISO 17025:2005's development with the understanding that appropriate copyediting of the document would follow. Few laboratories would escape criticism if they produced a document of this haphazard quality. Inevitably, people who read the standard word-for-word and inferred special significance or changes from the variations in font or bolding were confused.
Confusion specifically resulted from several types of recurring errors:
• A few passages (4.2.1 line 2, 5.2.1 line
2 and 5.5.1 line 2) begin with text followed by several inches of white space, followed by more text in a different font. This created uncertainty and prompted the question, "What's missing?" This was a particular concern for users who didn't have access to ISO/IEC 17025:1999 for comparison purposes.
• Inconsistent fonts and bolding for some clauses, subclauses and note titles occasionally give more prominence to the notes, which consequently make them seem more important than the requirements. Some pages contain four or five font and/or bolding combinations that could lead readers to overlook vital information, such as the requirements of subclauses 4.7.2 and 126.96.36.199, because more prominent (though less important) notes upstage them.
• Inconsistent paragraph alignment that varies from left-aligned to justified prompts the questions, "Does this indicate a change? If not, what's the reason behind the variation?"
Confusion and frustration hampering a rapid transition to the new standard can also be attributed to users' backgrounds or perspectives. Accordingly, different action plans for reviewing the standard might be beneficial.
Appropriate copyediting should eliminate these inconsistencies before more copies of the standard are produced.
• Users familiar with ISO 9001:2000 but not with ISO/IEC 17025:1999 might be confused initially by ISO/IEC 17025:2005's consolidation of most management system items under clause 4 and technical considerations under clause 5. This works quite well with a modular-model approach, once familiarity with the standard is established. However, because ISO/IEC 17025:2005 doesn't fully embrace the process-model approach (including the plan-do-check-act cycle, eight management principles or other concepts found in ISO 9001), it's a waste of time trying to find them. Users would be better served by simply studying ISO/IEC 17025:2005 and knowing that much of the terminology in clause 4, and all of it in clause 5, is based on ISO/IEC 17000 and the Vocabulary International--Metrology (VIM). Neither of these documents, however, are listed in the ISO/IEC 17025 bibliography, nor are versions cited.
• Users familiar with ISO/IEC 17025:1999, but not with ISO 9001:2000, might find the apparently large number of changes in ISO/IEC 17025:2005 overwhelming (as seen in the figure below). The best way to address this is to either compare the old and new versions of ISO/IEC 17025 to identify what really changed or obtain your accreditor's guidance on the changes. Users who aren't accredited could review the members list at www.ilac.org to find accreditors from their countries, and then consult these accreditors' Web sites for information, identify accreditors from Quality Digest's online database or simply visit the public pages at www.a2la.org.
• Users unfamiliar with ISO/IEC 17025:1999 or ISO 9001:2000 will make the most effective progress through a combination of the above-mentioned recommendations. Read the new document without trying to link it fully to ISO 9001:2000's concepts or structure, and review information from accreditors.
• Users with comprehensive ISO/IEC 17025:1999 and ISO 9001:2000 knowledge will quickly notice the lack of comprehensive ISO 9001 detail and concepts, and so should simply read the document to identify true changes, which their accreditors can verify.
During the development of ISO/IEC 17025:2005, much copyediting and some shuffling of subclauses occurred along with the few substantive changes noted below. General changes included an introduction to customer focus, more definition of top management's responsibilities and the identification of internal communication needs. It should be remembered that standards reflect minimum requirements. Some supplemental accreditor requirements or customer-specific activities--automotive "layered audits," for example--might apply to specific laboratories. Other items in the standard may prove sufficiently useful for implementation as a common practice for more robust systems. However, it's your decision as to which added requirements are appropriate beyond specific accreditor and customer contract requirements.
The specific intended changes are:
• 4.1.5 is added and requires that personnel be aware of the relevance and importance of their activities and how they contribute to achieving the objectives of the management system.
• 4.1.6 is added and requires top management to ensure that appropriate internal communication processes are established and the management system's effectiveness is communicated within the laboratory.
• 4.2.3 is added, repositioning the old 4.2.3 into the new 4.2.5, and requires top management to provide evidence of its commitment to developing and implementing the management system and continually improving its effectiveness.
• 4.2.4 is added, repositioning the old 4.2.4 into the new 4.2.6, and requires top management to communicate the importance of meeting customer as well as statutory and regulatory requirements.
• 4.2.7 is added and requires top management to ensure that the management system's integrity is maintained when changes are planned and implemented.
This could prove troublesome because ISO/IEC 17025's language arises largely from ISO/IEC 17000 and VIM, which use the terms "plan," "planned" or "planning" sparingly. A little common sense could help avoid a lot of tension created by a too-literal interpretation of this requirement.
• 4.10 is added, repositioning the old 4.10 into the new 4.11, and requires the laboratory to continually improve the effectiveness of its management system through a quality policy and objectives, audit results, analysis of data, corrective and/or preventive actions, and management review.
This requirement could be greatly simplified if laboratories voluntarily adopted the measurable objectives of ISO 9001:2000 while satisfying ISO/IEC 17025:2005's clause 4.2.2. Labs might use descriptive directional goals or targets instead of specific numerical targets that encourage unnecessary statistical game-playing and "managing by imaginary numbers," as W. Edwards Deming termed this fairly common, nonvalue-added exercise.
• 5.9.2 is added and requires that quality data are analyzed and planned action taken when data are found to be outside predefined criteria.
As you develop a deeper knowledge of ISO/IEC 17025:2005, along with a more holistic system perspective, some items in the standard will simultaneously haunt you while helping you identify opportunities. Some users might consider these items as anomalies within the document, but they actually reflect the interfaces of the differing modular- and process-management models. The previous
section concerning specific requirements provides some examples of identifying and dealing with management-model interface situations.
The following discussion demonstrates process-based systems, concepts and management offering a multitude of perspectives and opportunities to explore. As you develop applicable knowledge specific to your situation, your perspectives should include local strategies, conditions, policies, competencies, technology and financial resources that will add value to your organization in addition to improving customer focus.
Management reviews (MRs) are useful examples. Because ISO/IEC 17025:2005 requires enhanced internal communications and more involvement of top managers, they should become more aware of existing conditions within the organization. As top managers gain awareness, more specific and useful information can be forwarded to them. Expectations of improved management effectiveness aren't unreasonable, although top management might be overwhelmed by the increased information or unable to fully understand it. A key to success is transforming data into understandable, actionable information for all involved parties. The MRs or a series of specific-topic reviews can help clarify the information. However, a minimum MR frequency of every 12 months, as suggested by subclause 4.15.1, note 1, is inadequate if an organization wants to receive significant benefits from this activity.
During an MR the primary questions might be, "Now that we've collected this data, what do they mean in strategic and/or operational terms, and what should we do?" Because plans without resources create only frustration, confusion and conflict, a follow-up question might be, "Now that we've decided what to do, do we have the resources and time to accomplish it?" This question also highlights the importance of linking MRs with business reviews or planning meetings. Assuming all proceeds as planned, an organization might also see if a proposed plan satisfies any additional requirements of ISO/IEC 17025:2005. Even if it doesn't, the company can take pride in complying with subclause 4.15.1, note 2, which stipulates that the results of an MR should be integrated into the planning system.
Unfortunately, ISO/IEC 17025:2005 doesn't address an overall planning system per se. However, there's no point in wasting the efforts produced by your MR, so you might voluntarily develop a procedure or flowchart to show how MR results re-enter the "system" as assignments. These should be monitored closely.
Your organization deserves congratulations if it performs this bit of voluntary extra effort for MRs or other areas. The effort represents a modest beginning to process-approach management. It will also give you a head start on complying with the expected changes to ISO/IEC 17025:2005 in five or six years as it continues to align more closely with the context of ISO 9001:2000.
Douglas L. Berg and William M. Harral each possess CQA, CQE, CQMgr and CRE, QS-LA certifications, and are ASQ Fellows, past directors and long-term professional volunteer leaders/authors/speakers at local and national levels. Currently, they are voting members of the ASQ Automotive Division Council, U.S. TAG
to ISO TC 176, AIAG committees and A2LA officers.
Berg joined EPA after attaining a bachelor's degree in mathematics and a master's degree in industrial/systems engineering. He recently retired from GM Powertrain but continues work as a consultant, trainer and contract auditor. Contact Berg at (248) 348-2765.
Harral spent twenty years with Ford Motor Co. in engineering, manufacturing, testing and corporate quality after earning a bachelor's degree in industrial/systems engineering and an MBA. He founded Arch Associates LLC productivity/quality consultancy in 1983. Harral can be reached at (734) 420-0122.