2. • 8.1.Options
• 8.2.Management System Documentation
• 8.3.Control of Management System Documents
• 8.4.Control of Records
• 8.5.Actions to address risks and opportunities
• 8.6.Improvement
• 8.7.Corrective Actions
• 8.8.Internal Audits
• 8.9Management Reviews
8 Management system requirements
3. • Option A
As a minimum, the management system of the laboratory shall
address the following:
o — management system documentation (8.2);
o — control of management system documents (8.3);
o — control of records (8.4);
o — actions to address risks and opportunities (8.5);
o — improvement (8.6);
o — corrective actions (8.7);
o — internal audits (8.8);
o — management reviews (8.9).
8 Management system requirements
4. • Option B
A laboratory that has established and maintains a management
system, in accordance with the requirements of ISO 9001, and
that is capable of supporting and demonstrating the consistent
fulfilment of the requirements of Clauses 4 to 7, also fulfils at
least the intent of the management system requirements
specified in 8.2 to 8.9.
8 Management system requirements
5. • 8.1.Options
• 8.2.Management System Documentation
• 8.3.Control of Management System Documents
• 8.4.Control of Records
• 8.5.Actions to address risks and opportunities
• 8.6.Improvement
• 8.7.Corrective Actions
• 8.8.Internal Audits
• 8.9Management Reviews
8 Management system requirements
6. • 8.2 Management system documentation (Option A)
8 Management system requirements
8. • What is The difference bet. the Document, Record& Form?
• Document
Information and its supporting medium
Documents are documented information that is “maintained”.
• Record
A document stating results achieved or providing evidence of activities
performed
Records are documented information that is “retained”
A form is a document, when the form is filled out it becomes a record.
Document Design
9. • 8.2 Management system documentation (Option A)
Laboratory management shall establish, document, and
maintain policies and objectives for the fulfillment of the
purposes of this document and shall ensure that the policies and
objectives are acknowledged and implemented at all levels of the
laboratory organization.
The policies and objectives shall address the competence,
impartiality and consistent operation of the laboratory.
8 Management system requirements
10. • 8.2 Management system documentation (Option A)
• Does the laboratory “say” what it do.
Do they have written documents (policies, procedures,
arrangements) that meet the requirements of ISO 17025.
• Does the laboratory “do” what they say.
Are they in compliance with their own management system and ISO
17025.
• And can they “prove” it with their records.
From training records to standards preparation to work books to
customer reports to audit reports and everything in between.
• Compliance does not always require best practices
8 Management system requirements
11. • 8.1.Options
• 8.2.Management System Documentation
• 8.3.Control of Management System Documents
• 8.4.Control of Records
• 8.5.Actions to address risks and opportunities
• 8.6.Improvement
• 8.7.Corrective Actions
• 8.8.Internal Audits
• 8.9Management Reviews
8 Management system requirements
12. • 8.3 Control of management system documents (Option A)
“Documents” can be policy statements, procedures,
specifications, manufacturer’s instructions, calibration tables,
charts, text books, posters, notices, memoranda, drawings, plans,
etc. These can be on various media, such as hard copy or digital.
8 Management system requirements
13. • Why documentation ?
• Verbal instruction:
o Not heard
o Misunderstood
o Quickly forgotten
o Ignored
8 Management system requirements
14. • What is the concept of document control?
System for ensuring that:
Only current document used
Easy review and updating
Unique identification
Approved for use by authorized personnel
Current version available
Obsolete version removed, identified
Master list available
8 Management system requirements
15. • 8.3 Control of management system documents (Option A)
The laboratory shall ensure that documents :
a) approved prior to issue by authorized personnel;
b) periodically reviewed, and updated
c) changes and the current revision status are identified;
d) relevant versions are available at points of use and, where
necessary, their distribution is controlled;
e) uniquely identified;
f) the unintended use of obsolete documents is prevented,
8 Management system requirements
16. • 8.1.Options
• 8.2.Management System Documentation
• 8.3.Control of Management System Documents
• 8.4.Control of Records
• 8.5.Actions to address risks and opportunities
• 8.6.Improvement
• 8.7.Corrective Actions
• 8.8.Internal Audits
• 8.9Management Reviews
8 Management system requirements
17. • 8.4 Control of records (Option A)
• The laboratory shall implement the controls needed for:
identification,
storage,
protection,
back-up,
archive,
retrieval,
retention time, and
disposal of its records.
8 Management system requirements
18. • 8.1.Options
• 8.2.Management System Documentation
• 8.3.Control of Management System Documents
• 8.4.Control of Records
• 8.5.Actions to address risks and opportunities
• 8.6.Improvement
• 8.7.Corrective Actions
• 8.8.Internal Audits
• 8.9Management Reviews
8 Management system requirements
19. • 8.5 Actions to address risks and opportunities (Option A)
The laboratory shall consider the risks and opportunities
associated with the laboratory activities in order to:
a)assurance that management system achieves its intended results;
b)enhance opportunities to achieve the purpose and objectives of
the laboratory;
c) prevent, or reduce, undesired impacts and potential failures in
the laboratory activities;
d)achieve improvement.
8 Management system requirements
20. • 8.5 Actions to address risks and opportunities (Option A)
The laboratory shall plan:
a)actions to address these risks and opportunities;
b)how to:
— integrate and implement these actions into its manag. system;
— evaluate the effectiveness of these actions.
8 Management system requirements
21. • 8.5 Actions to address risks and opportunities (Option A)
o Options to address risks can include
o identifying and avoiding threats, taking risk in order to pursue an
opportunity, eliminating the risk source, changing the likelihood or
consequences, sharing the risk, or retaining risk by informed
decision.
o Opportunities can lead to expanding the scope of the laboratory
activities, addressing new customers, using new technology and
other possibilities to address customer needs.
8 Management system requirements
22. • 8.1.Options
• 8.2.Management System Documentation
• 8.3.Control of Management System Documents
• 8.4.Control of Records
• 8.5.Actions to address risks and opportunities
• 8.6.Improvement
• 8.7.Corrective Actions
• 8.8.Internal Audits
• 8.9Management Reviews
8 Management system requirements
23. • 8.6 Improvement (Option A)
The laboratory shall identify and select opportunities for
improvement and implement any necessary actions.
Opportunities for improvement can be identified through the
review of the operational procedures, the use of the policies,
overall objectives, audit results, corrective actions, management
review, suggestions from personnel, risk assessment, analysis of
data, and proficiency testing results.
8 Management system requirements
24. • 8.1.Options
• 8.2.Management System Documentation
• 8.3.Control of Management System Documents
• 8.4.Control of Records
• 8.5.Actions to address risks and opportunities
• 8.6.Improvement
• 8.7.Corrective Actions
• 8.8.Internal Audits
• 8.9Management Reviews
8 Management system requirements
25. • Corrective action: Action to eliminate the cause of a detected non-
conformity or undesirable situation
o There can be more than one cause for a non-conformity
o Corrective action is taken to prevent recurrence
o There is a distinction between corrective action and correction
8 Management system requirements
26. • Correction
o Action to eliminate a detected non-conformity
• Risk mitigation
o Action to eliminate a potential risk
o Mitigation action is a substitute of preventive action
8 Management system requirements
27. • 8.7 Corrective actions (Option A)
a)react to the nonconformity and, as applicable:
— take action to control and correct it;
— address the consequences;
a) evaluate the need for action to eliminate the cause(s) of the
nonconformity, in order that it does not recur/occur elsewhere, by:
— reviewing and analysing the nonconformity;
— determining the causes of the nonconformity;
— determining if similar N.C exist, or could potentially occur;
8 Management system requirements
28. • 8.7 Corrective actions (Option A)
c)implement any action needed;
d)review the effectiveness of any corrective action taken;
e)update risks and opportunities determined during planning, if
necessary;
f)make changes to the management system, if necessary.
8 Management system requirements
29. • 8.7 Corrective actions (Option A)
The laboratory shall retain records as evidence of:
a) the nature of the nonconformities, cause(s) and any subsequent
actions taken;
b) the results of any corrective action.
8 Management system requirements
30. • 8.1.Options
• 8.2.Management System Documentation
• 8.3.Control of Management System Documents
• 8.4.Control of Records
• 8.5.Actions to address risks and opportunities
• 8.6.Improvement
• 8.7.Corrective Actions
• 8.8.Internal Audits
• 8.9Management Reviews
8 Management system requirements
31. • 8.8 Internal audits (Option A)
The laboratory shall conduct internal audits at planned intervals
to provide information on whether the management system:
a) conforms to:
— the laboratory’s own requirements for its management system,
including the laboratory activities;
— the requirements of this document;is effectively implemented
and maintained.
8 Management system requirements
32. • 8.8 Internal audits (Option A)
The laboratory shall:
a) plan, establish, implement and maintain an audit
programme including the frequency, methods, responsibilities,
planning requirements and reporting, which shall take into
consideration the importance of the laboratory activities
concerned, changes affecting the laboratory, and the results of
previous audits;
b) define the audit criteria and scope for each audit;
8 Management system requirements
33. • 8.8 Internal audits (Option A)
The laboratory shall:
c) ensure that the results of the audits are reported to relevant
management;
d) implement appropriate correction and corrective actions
without undue delay;
e) retain records as evidence of the implementation of the audit
programme and the audit results.
8 Management system requirements
34. • 8.8 Internal audits (Option A)
The laboratory shall retain records as evidence of:
a) the nature of the nonconformities, cause(s) and any subsequent
actions taken;
b) the results of any corrective action.
8 Management system requirements
35. • 8.1.Options
• 8.2.Management System Documentation
• 8.3.Control of Management System Documents
• 8.4.Control of Records
• 8.5.Actions to address risks and opportunities
• 8.6.Improvement
• 8.7.Corrective Actions
• 8.8.Internal Audits
• 8.9Management Reviews
8 Management system requirements
36. • 8.9 Management reviews (Option A)
The laboratory management shall review its management system
at planned intervals, in order to ensure its continuing suitability,
adequacy and effectiveness, including the stated policies and
objectives related to the fulfillment of this document.
8 Management system requirements
37. • 8.9 Management reviews (Option A)
The inputs to management review shall be recorded and shall
include information related to the following:
a) changes in internal and external issues that are relevant to the
laboratory;
b) fulfillment of objectives;
c) suitability of policies and procedures;
d) status of actions from previous management reviews;
e) outcome of recent internal audits;
8 Management system requirements
38. • 8.9 Management reviews (Option A)
e) corrective actions;
f) assessments by external bodies;
g) changes in the volume and type of the work or in the range of
laboratory activities;
h) customer and personnel feedback;
i) complaints;
j) effectiveness of any implemented improvements;
8 Management system requirements
39. • 8.9 Management reviews (Option A)
k) adequacy of resources;
l) results of risk identification;
m) outcomes of the assurance of the validity of results; and
n) other relevant factors, such as monitoring activities and training.
8 Management system requirements
40. • 8.9 Management reviews (Option A)
The outputs from the management review shall record all
decisions and actions related to at least:
a) the effectiveness of the management system and its processes;
b) improvement of the laboratory activities related to the
fulfillment of the requirements of this document;
c) provision of required resource.
8 Management system requirements
41. • Conclusion:
• 8.1 Options
• General: The creation of the ISO 17025 Management System is
outlined in this clause. The lab establishes, documents, implements
and maintains a management system through a quality manual.
• Option A: free-standing Management System option that allows you
to retain existing structure.
• Option B: ISO 9001 Management System option.
• 8.2 Management System Documentation: There is a significant
difference in the Management System Documentation outlined in
ISO/IEC 17025:2017 from ISO 9001:2015.
8 Management system requirements
42. • Conclusion:
• 8.3 Control of Management System Documentation
All documents must be controlled.
Master list of all documents.
Unique identification, effective date and/or revision number, total
number of pages, authority for issue.
Reviewed and approved before issue
Right procedures are in the right areas.
Continually review (and revised).
Prompt removal of invalid/obsolete documents - they can't be used!
Archive obsolete documents.
Review and approve changes to documents.
8 Management system requirements
43. • Conclusion:
• 8.3 Control of Management System Documentation
Nature of change needs to be identified.
Computerized systems may be used to maintain documents.
• 8.4 Control of Records: Documents can be considered
living...Records can be considered dead and stored...exhumed once
in awhile, but generally out of sight.
• Records must be identified, collected, indexed, accessed, stored,
maintained and eventually disposed.
• Records must be legible, traceable, retrievable, held secure and in
confidence.
• Technical records are retained and contain sufficient information to
establish an audit trail.
8 Management system requirements
44. • Conclusion:
• 8.4 Control of Records: Observations, data and calculations are
recorded at the time they are made.
Mistakes crossed out, corrected and initialed/signed.
Keep records for measurements, observations and customer
information.
Use a pen.
Initial the records so that they are traceable and include date.
• 8.5 Actions to Address Risks and Opportunities: Consider the risks
and opportunities associated with lab activities.
• Plan actions to address risks and opportunities.
• Take actions to address risks and opportunities.
8 Management system requirements
45. • Conclusion:
• 8.6 Improvement: Laboratories will need to demonstrate continual
improvement. The quality program should provide for the process
and requirements for changing and improving the program. Levels
of authority and responsibility are delineated and the personnel
directly involved in the changes are identified. Quality program
documentation will need revision as changes in procedures are
made. Measurables for quality improvement should be established,
monitored, and reported to management. Each successive round of
assessment should result in the quality system itself becoming better.
8 Management system requirements
46. • Conclusion:
• 8.7 Corrective Action
• Cause Analysis -
• Selection and Implementation of Corrective Actions - deficiencies in
the management system are considered nonconformities
requiring corrective action(s). ISO 17025 must be in place for a
laboratory to be operational. Deficiencies or problems with these
systems would require correction, but not corrective action.
• Monitoring of Corrective Actions
• Additional Audits
8 Management system requirements
47. • Conclusion:
• 8.8 Internal Audits: The internal audit serves as the lab's way of
determining the correct implementation of its management system.
This audit is carried out in accordance with a defined procedure
and is conducted at predetermined dates. The essential outcome is to
determine whether the lab complies with its own management
system and the requirements of ISO 17025.
• Every lab should include performance and systems audits in its
quality assurance program. It is suggested that the following be
considered:
1. The use of trained auditors to conduct performance and system
internal audits, with performance audits conducted by lab
personnel independent of the activity audited and system audits by
an audit unit or Quality Assurance Officer reporting directly to a
level of management above the lab level.
8 Management system requirements
48. • Conclusion:
• 8.8 Internal Audits:
• 2. Performance audits covered on a regular basis for all analysts,
including such items as review of written analytical reports, oral
review of analytical reports on-site work reviews, check sample
examinations, and intra- and interlaboratory proficiency sample
review.
3. System audits be well planned and conducted by a trained audit
team in order to minimize the disruption of the lab's operations.
4. Audit observations be based on the standard against which the
lab is being audited.
5. The site visit be constructive and lab personnel be briefed on
observations before the team leaves.
6. The report of the audit be prepared as quickly as possible and
submitted to the facility for comment.
8 Management system requirements
49. • Conclusion:
• 8.8 Internal Audits:
• 7. The report highlight deficiencies in operations on a priority basis
and make recommendations for corrective actions.
8. Disagreements on findings be resolved before the report is
completed and submitted to management.
9. Follow-up site visits be conducted to see that appropriate
corrections were made.
• Labs that do not have the internal resources to complete an audit can
hire an outside auditor/consultant to perform their internal audits.
• 8.9 Management Review: Management reviews are ISO 17025's way
of ensuring that the laboratory is involved in continuous process
improvement. Like Preventive Action, management reviews tend to
seek out areas for improvement rather than simply responding to
issues of compliance.
8 Management system requirements