The steps and measures taken to address risks and opportunities will vary depending on the context of the laboratory. Although ISO/IEC 17025:2017 does not require a documented risk management process or formal risk management program, laboratories must consider and address risks that may impact on its activities and objectives. At the same time, laboratories must actively seek opportunities for improvement. Methods to identify risks and opportunities include subjective and objective techniques and can include brainstorming, common professional sense, historical events and use of analysis tools like SWOT analysis (process to identify strengths, weaknesses, opportunities, and threats.). As a minimum, a laboratory must perform risk assessment by identifying risks and opportunities, considering the potential impact on the validity of results, and treating the risks to the extent considered necessary. This can be recorded in a Risk Index.
Here the thinking must be extended beyond internal risks such as risks to your own customers, to an external context where you consider your customer’s customer or other external parties. For example, a calibration laboratory that performs calibrations for testing laboratories needs to consider the impact of inaccurate results or incomplete reports on the testing laboratory’s use of those results. This is because any errors generated by the calibration laboratory will be incorporated into the work of the testing laboratory, with a knock-on impact on the customers of the testing laboratory.
For more information, see these ISO 9001 materials that are relevant also for ISO 17025: