Search results

Client tolerances much wider than standards

Hello everyone,
A calibration laboratory states that in its calibration certificates it indicates conformity or non-conformity based on a tolerance specified by the customer. The tolerance values given by the customer are significantly wider than those implied by the relevant standard or industry norms. When questioned about 7.2.1.1 (“the laboratory shall use appropriate methods”), the argument is that the decision rule based on the customer’s tolerance is allowed by ISO/IEC 17025, referring to the note in 7.8.6.1: “Where the decision rule is prescribed by the customer, regulations or normative documents, a further consideration of the level of risk is not necessary.”
My concern is that using a much wider customer-specified tolerance may conflict with the requirement to use “appropriate methods”, since the conformity statement could be misleading when compared to the normative expectations.
In your interpretation, is relying solely on customer-specified tolerances (even if they are much wider than normative ones) acceptable under ISO/IEC 17025? Or should the laboratory ensure that the method and decision rule remain technically appropriate beyond simply following the customer’s prescription? Thanks in advance for your insights.

Clarification on Laboratory Evaluation Requirements (IATF 16949)

In the context of IATF 16949 requirements, is a formal evaluation of external calibration and testing laboratories required in addition to verifying ISO/IEC 17025 accreditation? If yes, then the applicable evaluation criteria for labs may differ from those used for raw material suppliers and may impact the supplier’s overall performance rating.

Use of a Single Quality Manual for a Group with Multiple Subsidiaries

Can a corporate group composed of three subsidiaries, each with its own name and legal information, use a single Quality Manual for all entities?

What is the main difference between ISO/IEC 27701:2019 and ISO/IEC 27701:2025 ?

The main difference is that ISO/IEC 27701:2025 is a stand-alone standard, whereas the 2019 version was an extension of ISO/IEC 27001. This means organizations can now be certified for their Privacy Information Management System (PIMS) without requiring an existing ISO/IEC 27001 certification. 

record about Phisical and Electronic correspondance

Risk level = 4, how to bring the residual risk at zero

Distributor traceability

When it comes to traceability, the AS9100 standard does not give detailed requirements on how to do this, but only says that you need to control the unique identity if that is a requirement, and retain documents necessary to ensure this traceability.

So, as per the standard, your question goes back to what your customer's requirements are. If your customer allows waivers on traceability, then that is acceptable, but if not, then it is not acceptable. As the standard is used by any organization within aerospace, the requirements only describe what needs to be done but need to be supplemented with the customer and legal requirements.

For a bit more on the traceability requirements in AS9100, see the article: How to meet traceability requirements in an AS9100D-based QMS, https://advisera.com/9100academy/blog/2019/06/05/as9100-traceability-requirements-how-to-meet-them/

Reviewing incidents in Conformio Management Review

We have the same problem here

UPDATE ADDRESS

Secure Development policy