Search results

ISO 17025 clauses

You asked

"Which management team centric clauses require processes set up early in all cases, which can wait?

It is effective to establish organisational structure (clause 5), personnel roles and responsibilities (clause 5 and 6.2), quality policies (clause 8.2) and document and record control (clause 8.3, 8.4) upfront.

You also asked

Also which significant clauses/ groups of clauses do existing test houses adopting 17025 have most issues implementing suitably, so need most care/ time to develop, to get right first time?

Besides the performance of methods in term of method validations, attention and time should be allocated to Personnel (clause 6.2) requirements and  Equipment (clause 6.4) requirements as there a large number of evaluations and record-keeping involved.

For more information see my reply to another question https://community.advisera.com/topic/common-challenges-in-accreditation-process/

Laboratory space

In Article 2 GDPR – Material scope – the first paragraph states that “This Regulation applies to the processing of personal data […] which form part of a filing system or are intended to form part of a filing system”. Thus, if the video feed is not recorded anywhere, this processing of personal data is not subject to GDPR regulation.

For more information:

• EU GDPR Article 2 – Material scope: https://advisera.com/eugdpracademy/gdpr/material-scope/
• Is the GDPR applicable to our company? : https://advisera.com/eugdpracademy/knowledgebase/who-needs-to-be-gdpr-compliant-an-easy-explanation/

Performing Measurement Uncertainty and Business Opportunities

You asked

"1. How to perform Measurement Uncertainty

ILAC, the international organisation for accreditation bodies has a guideline ILAC  LAC G17:01/2021 ILAC Guidelines for Measurement Uncertainty in Testing available from https://ilac.org/publications-and-resources/ilac-guidance-series/ It provides references and guidance for approaching measurement uncertainty to conform with ISO/IEC 17025:2017. It offers some common approach es for laboratories.

For the chemistry sector, see the Eurachem guideline Quantifying Uncertainty in Analytical Measurement, 3rd Edition, available at https://www.eurachem.org/index.php/publications/guides/

For microbiology, there is the recently revised ISO 19036:2019 Microbiology of the food chain - Estimation of measurement uncertainty for quantitative determinations.  

Then it may be useful to see my reply at https://community.advisera.com/topic/uncertainty-measurement/

Trust this is of some assistance.

You also asked

2. How to perform Identify Business Opportunities

Identifying business opportunities starts with the standard practices of evaluating feedback from clients and personnel. Also from evaluating risks. It will involve evaluating processes and identifying activities where the benefit to cost or negative risk of adoption ratio is favourable. This is a qualitative analysis by looking at the resources or cost of a change, and any negative impact (e.g could affect another activity negatively, or adoption by personnel could be a challenge). This is weighed up with the possibility of an adopted change being successful and the positive impact.

You also asked

3. How to manage risk prioritizing"

Prioritise the high risks as those that impact your quality objectives or test results. For more information, have a look at the Webinar How to manage risks in laboratories according to ISO 17025 at  https://advisera.com/17025academy/webinar/iso-17025-risk-management-how-to-manage-it-free-webinar-on-demand/

ISO 17025 audit

You asked

How to correctly audit against ISO 17025 standard?

Effective auditing against ISO 17025 criteria involves knowledge by the auditor, of mandatory and nonmandatory requirements of ISO 17025. Auditing skill and competency is also required.

You also asked

What to look for when auditing this standard?

To audit the entire standard, go sequentially through the standard requirements using an audit checklist. Advisera has an  ISO 17025 document template: Internal Audit Checklist available at https://advisera.com/17025academy/documentation/internal-audit-checklist/ 

If ISO 17025 requires a document or record, request an example of such a document and check if it meets the requirements. If not, the finding is raised as a nonconformance. For information on the mandatory requirements have a look at the Whitepaper Checklist of mandatory documents required by ISO 17025:2017 at https://info.advisera.com/17025academy/free-download/checklist-of-mandatory-documents-required-by-iso-17025 

Also, have a look at the answer to a question at https://community.advisera.com/topic/is-personnel-in-iso-17025-required-to-have-training-and-certificate-before-starting-auditing-the-lab/

You also asked 

3. Is there a difference between auditing techniques when auditing 9001 and 17025"

Auditing techniques are common for all Quality management systems. Have a look at the whitepaper How to perform an internal audit using ISO 19011 available from Advisera at https://info.advisera.com/free-download/how-to-perform-an-internal-audit-using-iso-19011 

For 17025 there is a large technical component.  Have a look at my answer at https://community.advisera.com/topic/iso-17025-auditing/  and  

ISO 17025 technical internal audit: The basics https://advisera.com/17025academy/blog/2020/11/10/iso-17025-technical-internal-audit-the-basics/

Important questions to be asked during audit

I am not sure if you are performing management and technical assessments ? Either way it is important to define the scope before the audit and then set the appropriate audit criteria (checks) with the purpose to assess the extent to which mandatory requirements have been put in place.

For assistance, a have a look at my answer https://community.advisera.com/topic/iso-17025-audit/

Does 17025 standard applicable to Legal Metrology Activities

Only national law on legal metrology on legal metrology is not sufficient. 17025 must be a mandatory requirement. 

Unable to edit the project plan

Your understanding is correct.

Pos implementation updates of the ISMS should be done by means of corrective actions, in the nonconformity module. This allows a better tracking of actions and responsible personnel (this level of detail is not available in the project t planning document).

An alternative you can use is to update a project plan document to your conformio environment. For that, you can use this free available download: https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-iso-22301-implementation-msword

ISO 27001 Internal Auditor Exam - Expert Question

 ISO 27001 does not prescribe how to relate impact and likelihood to define risk, so both approaches are acceptable.

For further information, see:

• How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#section3

ISO 27001 Suppliers relationships for small company

I’m assuming that by online audit you mean online assessment since an audit is not part of the risk assessment process.

Considering that, for supplier risk management this approach (online assessment, internet, and social media search and site review) is acceptable for certification purposes.

Regarding NDA and awareness training, please note that these are alternatives for risk treatment, not a risk assessment. These would be applicable if you identify relevant risks that can be treated by them, or in case you have legal requirements (e.g., laws, regulations, or contracts) demanding their implementation.

As for online resources for supplier risk assessment and audit, please take a look at these resources:

• Risk Assessment Table https://advisera.com/27001academy/documentation/risk-assessment-table/
• Internal Audit Checklist https://advisera.com/27001academy/documentation/internal-audit-checklist/

ITIL to improve IT Service Management in Organizations

During my (ITIL) trainings, I noticed that participants lack the knowledge about ITIL, its purpose and applicability. That's one of the reasons. Additionally, they think „it's complex and complicated“. They also don't know where to start. Training fixes some of the issues. Additionally people think they need a lot of human resources and they don't see benefits. There are some additional challenges that companies face. See the article „5 excuses why IT organizations avoid ITIL implementation here: https://advisera.com/20000academy/blog/2015/08/25/5-excuses-why-it-organizations-avoid-itil-implementation/.