Academia.eduAcademia.edu

Practical hand Book ISO 17025

Complying with ISO 17025 A practical guidebook for meeting the requirements of laboratory accreditation schemes based on ISO 17025:2005 or equivalent national standards Complying with ISO 17025 A practical guidebook for meeting the requirements of laboratory accreditation schemes based on ISO 17025:2005 or equivalent national standards UNITED NATIONS INDUSTRIAL DEVELOPMENT ORGANIZATION Vienna, 2009 This document has been produced without formal United Nations editing. The designations employed and the presentation of the material in this document do not imply the expression of any opinion whatsoever on the part of the Secretariat of the United Nations Industrial Development Organization (UNIDO) concerning the legal status of any country, territory, city or area or of its authorities, or concerning the delimitation of its frontiers or boundaries, or its economic system or degree of development. Designations such as “developed”, “industrialized” and “developing” are intended for statistical convenience and do not necessarily express a judgment about the stage reached by a particular country or area in the development process. Mention of firm names or commercial products does not constitute an endorsement by UNIDO. ii iv Contents Foreword ........................................................................................................................................ iii Preface ............................................................................................................................................. x Acknowledgements....................................................................................................................... xi Acronyms ...................................................................................................................................... xii 1. Introduction................................................................................................................................ 1 1.1 History and status of ISO 17025:2005 ..............................................................................................1 1.2 International recognition of accreditation................................................................................................2 1.3 Selection of a suitable accreditation body by laboratories.........................................................................3 1.4 Scope of accreditation............................................................................................................................3 1.5 Relationship between ISO 17025 and ISO 9001 ................................................................................4 1.6 Summary.............................................................................................................................................5 2. Organisation and management [4.1] ....................................................................................... 6 2.1 General points .....................................................................................................................................6 2.2 Legal identity of laboratory [4.1.1].......................................................................................................6 2.3 Body allocating resources [4.1.5]...........................................................................................................7 2.4 Technical management [4.1.5] .............................................................................................................7 2.5 Quality manager [4.1.5]......................................................................................................................7 2.6 Deputies [4.1.5]..................................................................................................................................9 2.7 Other posts [4.1.5]..............................................................................................................................9 2.8 Qualifications and job descriptions [5.2.4]..........................................................................................10 2.9 Influences, confidentiality and independence [4.1.4, 4.1.5]...................................................................10 3. The quality system and its components ............................................................................... 12 3.1 Key questions .....................................................................................................................................12 3.2 Purpose of a formal quality system [4.2.1]..........................................................................................12 3.3 Elements of the quality system [4.2.1]................................................................................................13 3.4 Document control [4.3] ......................................................................................................................15 v 4. Monitoring and maintenance of the quality system............................................................ 20 4.1 Key questions .....................................................................................................................................20 4.2 Reasons for monitoring quality system.................................................................................................20 4.3 Quality audit and review [4.14, 4.15] ...............................................................................................20 4.4 Distinction between audit and management review...............................................................................20 4.5 Planning the audit and review programme [4.14.2, 4.15.1] ................................................................21 4.6 Quality auditing ................................................................................................................................22 4.7 Quality system management review [4.15.4] .......................................................................................25 4.8 Corrective action [4.11]......................................................................................................................26 4.9 Preventive action and improvement [4.10, 4.12] .................................................................................27 4.10 Client complaints, quality incidents and other feedback......................................................................28 4.11 Quality incidents, control of non-conforming work [4.9, 4.11] ...........................................................29 5. Personnel [5.2].......................................................................................................................... 31 5.1 Key questions .....................................................................................................................................31 5.2 Staff records [5.2.5]...........................................................................................................................31 5.3 Staff training and assessment of competence [5.2.1, 5.2.2] ..................................................................33 5.4 Re-assessment of training and competence [5.2.1, 5.2.2]......................................................................34 5.5 Training policy and review of training needs [5.2.2] ............................................................................35 5.6 Action when employees leave...............................................................................................................36 5.7 Other entries in the staff records..........................................................................................................36 6. Accommodation and environmental conditions [5.3] ....................................................... 37 6.1 Key questions .....................................................................................................................................37 6.2 Some specific considerations.................................................................................................................37 6.3 Access to laboratories and security ......................................................................................................40 6.4 Health and safety...............................................................................................................................41 7. Test and calibration methods, method validation and quality control [5.4, 5.9]............ 42 7.1 Key questions .....................................................................................................................................42 7.2 Choice of method [5.4.2, 5.4.3, 5.4.4]...............................................................................................42 7.3 Review of requests, tenders and contracts [4.4] ....................................................................................43 vi 7.4 Method validation [5.4.5]..................................................................................................................45 7.5 Assuring the quality of test and calibration results [5.9] .....................................................................46 7.6 Application of quality control and managing response to results [5.9] ..................................................51 7.7 Documentation of methods [5.4.1, 5.4.4] ...........................................................................................54 7.8 Suggested format for in-house methods documentation [5.4.4] ..............................................................54 7.9 Authorisation to deviate from documented procedure [4.1.5] ................................................................57 8. Equipment [5.5] ....................................................................................................................... 59 8.1 Key questions .....................................................................................................................................59 8.2 Equipment records [5.5.5].................................................................................................................59 8.3 Commissioning of new equipment [5.5.2]............................................................................................59 8.4 Service and calibration schedule [5.5.2] ..............................................................................................60 8.5 Responsible persons ............................................................................................................................61 8.6 Routine operation of the equipment log [5.5.5]....................................................................................61 8.7 Other components of the equipment log [5.5.5]....................................................................................61 8.8 Smaller items of equipment.................................................................................................................61 8.9 Equipment labelling and sealing [5.5.4, 5.5.12] ................................................................................61 8.10 Equipment in use before formal records are implemented....................................................................62 9. Traceability of measurement [5.6] ......................................................................................... 63 9.1 Key questions .....................................................................................................................................63 9.2 Meaning of traceability.......................................................................................................................63 9.3 Acceptability of calibrations to accreditation bodies ..............................................................................64 9.4 Measurements not traceable to si units ................................................................................................65 9.5 Some other calibration issues ..............................................................................................................66 10. Administration of work and sample tracking.................................................................... 69 10.1 Key questions ...................................................................................................................................69 10.2 Receipt of samples or calibration items [5.8] .....................................................................................69 10.3 Identification and storage of items [5.8.2, 5.8.2, 5.8.4] ....................................................................69 10.4 Internal information transfer [4.1] ...................................................................................................70 10.5 Compilation of reports [5.10, 5.4.7] ................................................................................................70 vii 10.6 Retention and disposal of items [5.8]................................................................................................71 11. Recording of results and associated data [5.4.7, 4.13]...................................................... 72 11.1 Key questions ...................................................................................................................................72 11.2 General principles of data recording [4.13.2] ....................................................................................72 11.3 Worksheets .....................................................................................................................................72 11.4 Notebooks.......................................................................................................................................73 11.5 Other types of data...........................................................................................................................73 12. Computer systems ................................................................................................................. 75 12.1 Key questions ...................................................................................................................................75 12.2 General issues..................................................................................................................................75 12.3 Control of software...........................................................................................................................75 12.4 Computer networks..........................................................................................................................76 12.5 Computer systems managed by other departments ..............................................................................76 12.6 Data integrity on computers [5.4.7]..................................................................................................77 12.7 Computers which are a part of instrumentation .................................................................................78 12.8 Some considerations on laboratory information management systems (LIMs) ......................................79 12.9 Backup of data on computers [5.4.7] ...............................................................................................79 13. Reporting requirements 5[.10] ............................................................................................. 81 13.1 Key questions ...................................................................................................................................81 13.2 Report format [5.10.2, 5.10.3, 5.10.4]...........................................................................................81 13.3 Some further comments on opinions and interpretations [5.10.5] .......................................................84 13.4 Authorisation of reports [5.2.1].......................................................................................................84 13.5 Transmission of reports [5.10.7, 5.10.1] .........................................................................................85 13.6 Amendment of reports [5.10.9]........................................................................................................85 13.7 Response to reporting of suspect data [4.9, 5.10.9] ...........................................................................85 14. Purchasing services and supplies [4.6]................................................................................ 86 14.1 Key questions ...................................................................................................................................86 14.2 Requirements...................................................................................................................................86 14.3 Approved suppliers [4.6.4] ..............................................................................................................86 viii 14.4 Inspection [4.6.2] ............................................................................................................................87 14.5 Administration [4.6.4]....................................................................................................................87 14.6 Starting up the approved suppliers list...............................................................................................88 14.7 Operating within a tendering system..................................................................................................88 15. Sub-contracting [4.5] ............................................................................................................. 89 15.1 Key questions ...................................................................................................................................89 15.2 Requirements [4.5.3, 4.5.2] ............................................................................................................89 15.3 Administration................................................................................................................................90 16. Guidance on writing a quality manual................................................................................ 91 16.1 Some general considerations ..............................................................................................................91 16.2 An outline for a quality manual.......................................................................................................92 Bibliography .................................................................................................................................. 98 Appendix: Self-examination .....................................................................................................100 ix Preface Complying with ISO 17025 is a guidebook written to assist testing and calibration laboratories set up a quality management system that conforms to ISO 17025:2005, the international standard for laboratory quality systems. Compliance with this standard provides a globally accepted basis for laboratory accreditation. The standard specifies the management and technical requirements to be met by testing and calibration laboratories in both their organisation and their management of quality. Complying with ISO 17025 will enable laboratories to identify where their current operations meet the requirements of ISO 17025 and, in those areas where they do not, it will guide them in developing systems to achieve such compliance. The guidebook’s coverage of the requirements of the standard is comprehensive and detailed, and its guidelines on implementing systems and procedures to meet these requirements are practical, specific and clearly linked, item by item, to the detailed specifications of the standard, with numbers in square brackets after each sub-heading cross-referring to the relevant sections in the standard. Chapter 1 gives a history of the development of ISO 17025, its relevance to laboratory accreditation and its relationship with other standards. The following fifteen chapters then cover everything related to compliance with the standard. This ranges from guidelines in Chapter 2 on how to write a correct description of the legal status of the laboratory, its ownership and its relationship to any parent or subsidiary organisations, and, in Chapter 3, on how to maintain appropriate accommodation and environmental conditions to dealing with sub-contracting issues in Chapter 15 and how to write a quality manual in Chapter 16. A full overview can be found in the Contents pages. Complying with ISO 17025 aims to engage its users in addressing compliance issues in the concrete reality of their own laboratory. Most chapters begin with a set of key questions to help users focus on specific areas covered in that chapter where they may not be in compliance with the standard. The Appendix then presents a self-examination questionnaire with the kind of questions that they should ask themselves in making a comprehensive assessment of how compliant they are with ISO 17025 and, most importantly, how ready they are to seek accreditation. x Acronyms APLAC Asia Pacific Laboratory Accreditation Cooperation: the forum for discussion seeking to ensure consistency between accreditation bodies in the region. AQC Analytical Quality Control: usually used in the context of AQC samples, meaning samples where the expected result of the analysis has been established so that they can be used to check the performance of the method of analysis. CRM Certified Reference Material: materials whose composition is internationally recognised and expressed on a certificate of analysis recognised worldwide. The term may refer to single substances or to matrix reference materials which are samples of the type of materials normally analysed but whose composition, and hence the expected analytical result, is accepted internationally so that they can be used to confirm the accuracy of analysis. EAL European Cooperation in Laboratory Accreditation: the forum for discussion seeking to ensure consistency between accreditation bodies in the region. ILAC International Laboratory Accreditation Cooperation: the international forum which seeks to ensure consistent interpretation and application of ISO 17025 by national accreditation bodies. ISO 17011 The international standard for the management system of accreditation bodies; used as the basis of mutual recognition agreements between national accreditation bodies. ISO 17025 The international standard for quality systems in testing and calibration laboratories; used as the basis for accreditation of laboratories. LIMS Laboratory Information Management System: usually meaning a computer system used to register samples and record and process results of analyses. Uses may be extended to cover all aspects of laboratory management, including operation of the quality system and the issuing of reports. MRA Mutual Recognition Agreement: an agreement between national accreditation bodies whereby they agree that test and calibration certificates issued by either body will be accepted as valid in both their countries. SADCA Southern Africa Development Community in Accreditation: the forum for discussion seeking to ensure consistency between accreditation bodies in the region. xii Acknowledgements Complying with ISO 17025 is published by the United Nations Industrial Development Organisation (UNIDO). It was developed under the auspices of the Trade Capacitybuilding Branch of UNIDO, led by Mr. Lalith Goonatilake, Director, and was coordinated by Mr. Ouseph Padickakudi, Programme Manager, Trade Capacity-building Branch, UNIDO. The book was written by Dr. Alan G Rowley, Fellow of the Royal Society of Chemistry and Principal of Alan Rowley Associates, who has over twenty-five years experience in providing consultancy services to industry and the public sector on laboratory management, quality systems, analytical chemistry, laboratory testing for regulatory control, laboratory testing for conformity assessment and environmental monitoring. Dr Rowley has worked with a wide range of clients in many countries. These include the United Kingdom of Great Britain and Northern Ireland, Ireland, the Democratic Socialist Republic of Sri Lanka, the Republic of Mauritius, the Islamic Republic of Pakistan, the People’s Republic of Bangladesh, the Russian Federation, Ukraine, the Republic of Hungary, the French Republic, the Kingdom of Belgium, the United States of America, the Federal Democratic Republic of Ethiopia, the Kingdom of Saudi Arabia, the Kingdom of Norway, the former Yugoslav Republic of Macedonia, the Socialist Republic of Viet Nam, the Kingdom of Cambodia, the Federal Democratic Republic of Nepal, the Republic of Maldives and the Republic of Trinidad and Tobago. Dr. Rowley is an expert on ISO 17025, ISO 9001, the United Kingdom Environmental Agency laboratory recognition (MCERTS), ISO 15189 (medical laboratory accreditation), and ISO 17011 (the quality standard for laboratory-accrediting bodies). The text was edited by Mr. Malachy Scullion, UNIDO consultant editor. xi 1. Introduction 1.1 History and status of ISO 17025:2005 Prior to the issuing of ISO 17025:1999 there was no internationally accepted standard for laboratory quality systems that could provide a globally accepted basis for accreditation. Accreditation was based on national standards. However, there was a considerable level of uniformity between the requirements expressed in these various standards due to the existence of ISO Guide 25, a document drawn up by the ISO Council Committee on Conformity Assessment (CASCO) in response to a request by the International Laboratory Accreditation Cooperation (ILAC) held in Auckland, New Zealand, in October 1988. The declared purpose of ISO Guide 25, taken from its foreword, is to establish the principle that "third party certification systems [for laboratories] should, to the extent possible, be based on internationally agreed standards and procedures". ISO guides are intended to be used by local standards institutions when preparing their own national standards. By this means, it is hoped to achieve a high degree of compatibility between standards prepared in different countries "so as to facilitate bilateral and multilateral agreements". (Quotations from the foreword to ISO Guide 25, 3rd Edition.) The document now known as ISO 17025 began life as a revision of the third edition of ISO Guide 25, but during the revision process it was decided to convert the guide to a standard, so providing a truly global basis for accreditation. It was also decided to introduce as much compatibility as possible between ISO 17025 and the generic quality management system standard ISO 9001, which was also under revision at the same time. The objective appears to have been to create a logical connection between ISO 9001 and ISO 17025 such that the former would be seen as a master standard with ISO 17025 being a specific application of that standard to testing and calibration laboratories. ISO 17025: 1999 was accepted by ISO subscribing countries in late 1999 and came into effective use during the first quarter of 2000 after its adoption as a national standard by most countries around the world. The new version of ISO 9001, the 2000 edition, was accepted at a later date. The exercise intended to harmonise ISO 17025 and ISO 9001 was, in the event, regarded as imperfect, especially in that ISO 9001 placed great emphasis on continual improvement in the quality system. Although this was included in ISO 17025, its importance as a part of the standard was not strongly emphasised. Hence a revision of ISO 17025 was undertaken and this led to ISO 17025:2005 which was adopted as an ISO standard in late May of 2005. There are no fundamental differences between ISO 17025:1999 and ISO 17025:2005 and nothing which impinges essentially on the technical requirements. The main differences can be summed up as follows:̇ ̇ ̇ Insistence on a demonstrated commitment to continually improve the quality management system and identified mechanisms for achieving this. Greater emphasis of the need to communicate with customers and, especially, to actively solicit feedback on service quality and ensure the resulting information is used as the basis of action to improve the management system. Greater emphasis of the need to use information from quality control data to evaluate the performance of the quality system and to identify opportunities for improvement. Page 1 The transitional period between ISO 17025:1999 and ISO 17025:2005 lasted two years, with the two standards running together. In May 2007 ISO 17025:1999 became defunct and existing laboratories who had not been assessed against the 2005 version ceased to be accredited. 1.2 International recognition of accreditation Accreditation of laboratories is generally performed by national accreditation bodies. The primary function of such bodies is, of course, to provide assessment of laboratories in their respective countries against ISO 17025. However, they will also often respond to requests to carry out assessments in other countries, especially if the requesting laboratory is in a country without its own national accreditation body. Where there is a national accreditation body in the country and a laboratory seeks to use a body from another country, the incoming accreditation body will normally, as a matter of courtesy, seek approval from the resident body before operating in the country. A laboratory may prefer to use an accreditation body other than its domestic organisation when the latter has either no international recognition or where it lacks recognition in parts of the world relevant to the laboratory’s operations. International recognition of accreditations awarded by national bodies is based on the conclusion of Mutual Recognition Agreements (MRAs) between national bodies. The mechanism is that the bodies seeking to agree to recognise each other’s accreditations will audit each other’s operations against ISO 17011: Conformity assessment—General requirements for accreditation bodies accrediting conformity assessment bodies. This is the international standard to which assessment bodies are expected to adhere. MRAs may be multi-lateral (i.e. involving more than two bodies) but even so they can be rather cumbersome and it can take many years for a new national body to establish significant international recognition. However, this rather cumbersome process is being rapidly streamlined by means of regional laboratory accreditation conferences linked through ILAC (see section 1.1). The regional body applies rules for membership, including compliance with ISO 17011, and audits national bodies for compliance. Mutual recognition is then organised between the regional bodies, so simplifying the whole system and shortening the timescale. Key regional groupings are the Asia Pacific Accreditation Cooperation (APLAC), the European Cooperation for Accreditation of Laboratories (EAL) and the Southern Africa Development Community in Accreditation (SADCA). This regionalisation of international recognition is developing rapidly but has not been fully established, and it is still possible to find accreditation bodies who are members of regional groups who prefer to pick and choose which of the other members they will recognise. In this context of national accreditation bodies and mutual recognition it has to be noted that not all countries choose to establish their own domestic accreditation service. In the case of smaller countries with only limited numbers of laboratories, this may make little economic sense. In such instances the country uses other national bodies, either on the basis of an agreement with a particular body to provide the service to the country or on an ad hoc basis where each laboratory chooses its own accreditation service. Currently attempts are being made to develop arrangements where several countries club together to have a single regional accreditation body. It seems likely that initiatives of this type will bear fruit in southern Africa. Page 2 The recent World Trade Organisation initiatives to deal with technical barriers to trade have sought to address the question of global acceptance of test data as part of quality issues in international trade. The agreement can be summarised as a recognition that, when deciding whether data from a particular laboratory is acceptable, a key criterion should be compliance of the laboratory with ISO 17025. This has been widely interpreted as meaning that countries all need to establish a national ISO 17025 accreditation body for laboratories. However, in this context, the following points need to be noted:̇ ̇ ̇ Accreditation must have credibility, which means, in practice, that the accreditation body must apply ISO 17025 rigorously and itself operate to ISO 17011. Simply having an accreditation body is not, in itself, a solution. The credibility of the accreditation body on an international scale needs MRAs, especially with countries which are recipients of trade goods needing testing support. The credibility of individual laboratories can be established by their direct assessment by either customers or accreditation bodies from trading partners. A national accreditation body is not essential. 1.3 Selection of a suitable accreditation body by laboratories As should be clear from the foregoing discussion, the key issue in selecting an accreditation body is to ensure that it has recognition in the context in which the laboratory’s data needs to be used. Where a laboratory operates purely in a domestic market and where the data is used only within the country, for example for local food safety or environmental protection, then a national accreditation body, even one with no international recognition, will normally be entirely suitable. However, if the laboratory is servicing exporters who need to present its data internationally, it is critical that the accreditation body is recognised by importing countries. Hence the laboratory needs to establish the range of MRAs held by the accreditation body and especially which other countries, other than the home country of the accreditation body, will recognise accreditation awarded by it. 1.4 Scope of accreditation Although ISO 17025 is written as though all the methods used by a laboratory are covered by the standard and hence included in any accreditation against the standard, this is rarely the case. In practice, any particular laboratory will have only some of its methods accredited and perhaps not even the majority. In spite of this, an accreditation body will often make a formal statement to the effect that it expects to see a comprehensively operating quality system. In reality, however, any assessment will focus on the scope of methods and on the equipment used to deliver them and take little interest outside this scope. In this sense the term ‘accredited laboratory’ is inaccurate. We should rather talk of a laboratory accredited for a specific list of methods. The laboratory will need to select methods to offer as part of the scope when it makes its application for accreditation. The following criteria should be born in mind:̇ ̇ Methods which are performed infrequently, for example less than 12 times per annum, are difficult to accredit since it is impossible to demonstrate a track record of performance. If such methods have to be included in the accreditation, a large level of quality control will be required by the assessors. Methods with little objective content are unlikely to be able to be accredited since consistency in application cannot be guaranteed. Page 3 ̇ ̇ Commercial laboratories should select methods on a purely commercial basis. If there is no commercial advantage in accreditation of the method, then the cost and effort may not provide a return. In many countries data generated for environmental, food safety or legal reasons must be covered by accreditation to be acceptable. Overall, the laboratory should select a scope of methods which includes those it performs routinely and those where either commercial or legal issues make accreditation advantageous. Accreditation bodies differ in precisely how they define scope and some will allow a more generic definition in some areas of activity. In such instances they will assess the laboratory for a particular application of a method plus a procedure to be followed when extending the method to other areas. For example, a laboratory may have accreditation for trace metals in certain types of foods with a procedure for how the recovery checks will be done and evaluated if the method is applied to a hitherto untried matrix. 1.5 Relationship between ISO 17025 and ISO 9001 As discussed above, ISO 9001 is the general standard which specifies the requirements for a quality management system. Laboratories which meet the requirements of ISO 17025 also operate in accordance with the requirements of ISO 9001 that are relevant to calibration and testing activities. What this means in practice is that an organisation which holds ISO 9001 certification may use a laboratory accredited against ISO 17025 as a supplier of test data without the need to carry out its own audit of the laboratory’s quality system. The question often arises of whether laboratories should be accredited/certified to ISO 9001 or to ISO 17025. In general it is agreed that the appropriate accreditation for commercial testing and calibration laboratories is to ISO 17025. As a result of agreements with laboratory accreditation bodies many ISO 9001 certification bodies will not allow their certification to be cited by commercial testing or calibration laboratories in support of their services. What this means in reality is that if you are an ISO 9001 certified organisation with an inhouse laboratory which forms part of your quality control system, the laboratory will be included in the ISO 9001 external audit. However, if you then want to sell the services of that laboratory to outsiders as a testing service you cannot advertise it as an ISO 9001 accredited/certified laboratory. You would need to obtain accreditation to ISO 17025. It is not uncommon, however, for organisations with laboratories used purely for internal quality control purposes to seek to accredit the laboratory to ISO 17025. This is generally done to enhance the laboratory’s, and hence the overall quality control system’s, credibility or as part of the application of an ISO 9001-compliant system. ISO 9001 external auditors will not usually do a detailed audit of such an internal laboratory if it holds a current ISO 17025 compliant accreditation. The quality system in the laboratory is largely taken for granted for ISO 9001 purposes. Since laboratory accreditation procedures leading to ISO 17025 accreditation are explicitly designed for laboratories, they can be easier to interpret for the laboratory as opposed to the rather more diffuse requirements of ISO 9001, which are designed for a more general context. The other advantage of accrediting an internal quality control laboratory is that it will generally reduce the number of audits by customers and this is often a key reason for Page 4 seeking accreditation. Frequent audits by a range of customers can be disruptive to operations. There are certainly a number of significant omissions from ISO 9001 as compared to ISO 17025 although, as already discussed, there is a general ISO move to bring the standards closer together. The additional requirements in ISO 17025, as opposed to ISO 9001, include participation in proficiency testing, adherence to documented, validated, methodology and specification of technical competence, especially on the part of senior laboratory personnel. There is also a difference in the method of scrutiny of laboratories under ISO 9001 as compared to ISO 17025 assessment. ISO 17025 assessment bodies will always use technical assessors who are specialists and who carry out a peer review of the methods being used by the laboratory and the way in which those methods are applied. An ISO 9001 external audit to determine suitability for certification does not include this peer review of technical aspects and the auditors are not required to be technical specialists. They confine their attention to the quality management system. From the point of view of a laboratory’s clients, laboratories meeting the requirements of ISO 17025 fulfil all the relevant requirements of ISO 9001 when acting as subcontractors. The practical effect of this is that if an organisation which is certified to ISO 9001 is using an ISO 17025 accredited laboratory as a sub-contractor, it can treat it as an ISO 9001 certified sub-contractor for any work within the laboratory’s scope of ISO 17025 accreditation. There will, for example, be no necessity to carry out quality audits of the sub-contractor. 1.6 Summary The general view to be taken of these various guides and standards is that ISO 9001 is the overall standard for quality management systems and ISO 17025 provides specific guidance on the application of the ISO 9001 principles to laboratories. This correspondence is becoming increasingly apparent with the development of both standards, especially as the language and terminology is converging. When seeking to select or establish an accreditation body for laboratories, the key standard is ISO 17011 which is the basis on which international acceptance of an accreditation body, and hence its client laboratories, is achieved. Page 5 2. Organisation and management [4.1] 2.1 General points It is extremely unlikely that any properly constituted laboratory will need to change its management structure in any fundamental way in order to comply with the requirements of ISO 17025. The management system will, however, have to be formally described in the quality manual and shown on an organisation chart. In the case of each level of management or individual post, there must be job descriptions to describe the responsibilities to be discharged and the authority given, plus the supervisory responsibilities of each grade. The usual practice is to include key job descriptions in the quality manual, for example laboratory manager (or equivalent), quality manager, or senior staff with specific responsibilities, but to retain other job descriptions in a separate file or in staff record files. Be sure that responsibilities and authority match each other at all levels. There is no point in stating that someone has the responsibility for organising interlaboratory calibrations, for example if they do not have the authority to require staff to do the necessary work and to sanction appropriate expenditure. The following sections give guidance on the important points to be considered when defining the management structure. 2.2 Legal identity of laboratory [4.1.1] You will need to describe the precise status of the laboratory. Typical examples might be: - An independent commercial testing laboratory carrying out measurements for clients in return for a fee. - A laboratory which serves a regulatory authority and provides data to that authority for enforcement purposes. - A laboratory which is part of a bigger organisation and which provides an internal service solely within that organisation. The latter would include company quality assurance laboratories and laboratories providing in-house environmental control compliance monitoring. You will have to prepare what you feel is a correct description of your particular laboratory. The description should also include a statement of the ownership of the laboratory and its relationship to any parent or subsidiary organisations. This relationship should be shown on a chart. ISO 17025 includes an explicit requirement that, where the laboratory is part of an organisation which performs activities other than testing and/or calibration, the responsibilities of all staff in the organisation who have influence on the testing/calibration work are defined in order to identify potential conflicts of interest. This clause seeks to ensure that the organisation thinks very clearly about any potential conflicts of interest and, presumably, seeks to minimise or eradicate them. A clear definition of authority and responsibilities in the quality manual can certainly make a contribution here. The sort of policy statement necessary would be one which places a responsibility on the laboratory to generate and report data objectively. This would then be backed up by a statement that no staff have authority to take any action or to require any action to be taken which interferes with the laboratory in discharging this responsibility, irrespective of the normal line of management. Since the quality manual is endorsed from the highest level in the organisation, the laboratory staff may then rely upon this stated policy to protect them from any undue influences. Page 6 2.3 Body allocating resources [4.1.5] In your description of the management structure it is essential that you identify the body in the organisation which makes decisions on policy and allocates resources. This will normally be the board of directors or an equivalent body with financial control. This body must endorse the quality policy statement which appears in the quality manual and must express a commitment to the provision of resources to implement and maintain the quality system. The quality policy and the quality manual should normally be issued on the authority of the chief executive of the organisation. 2.4 Technical management [4.1.5] There is no requirement in ISO 17025 to identify a specific technical manager, but the technical management structure has to be specified. This must make clear who is responsible for technical management and the scope of their responsibilities. For example, if different technical areas have different managers, this needs to be specified and their range of responsibility clearly defined. It is generally expected that in any specific laboratory there will be a distinct laboratory manager, but in larger organisations with several technically distinct laboratories there may be several laboratory managers with specific technical briefs and with no overall defined technical manager. The technical management must be clearly distinct from the role of the quality manager and the quality management structure, but the technical management still has an obligation to ensure that technical activities are conducted in accordance with the requirements of the quality system. As is discussed in section 2.5, although the quality manager has overall responsibility for quality, this is discharged through monitoring and advising and not by managing quality control and assurance of technical activities directly. The description of the technical management structure must also make clear how supervision arrangements work. Typical laboratory structures include technical staff and professional staff. The general division of labour is that professional staff have responsibility for method selection, for development of new methods and for interpretation of data, whereas the actual bench work is done by technical staff, although professional staff may also be involved. Overall, the professional staff are responsible for the ultimate quality of the data so the structure must show how they discharge this responsibility by supervision of the technical staff. This does not necessarily mean direct supervision but will typically involve explaining how instructions are passed down to the bench and how data is passed back and checked. A key component of this responsibility is likely to come with the involvement of professional staff in interaction with customers of the laboratory through the process of review of requests, contracts and tenders—see section 7.3. 2.5 Quality manager [4.1.5] This is the only post required to be defined by ISO 17025. You do not have to use the actual title but you must identify the person responsible for the functions. The quality manager is responsible for implementing and operating the quality system on a day-to-day basis. He or she is normally responsible for administering the controlled document system, for compiling the quality manual and for organising the review and audit of the quality system—see section 4. Page 7 Much of the work required of the quality manager is administrative in nature but he or she is also, in the last analysis, responsible for the effective enforcement of the quality policy. He or she is also expected to advise management on quality issues by virtue of his or her close familiarity with the standard and the organisation’s quality management system. The quality manager must have direct access to the highest level of management in the organisation, i.e. the body described in section 2.3 above, and to the laboratory technical management. An accreditation body will generally regard the quality manager as the person who provides day-to-day guardianship of the quality standard and so represents their interests within the organisation. The post of quality manager may be filled in a number of ways depending upon the organisation. 2.5.1 Full time quality manager Few laboratories can support a full time quality manager, and it is doubtful whether the post requires the full time commitment of one person in laboratories with fewer than 100 staff. In large organisations which have several quality systems running, for example ISO 17025 and ISO 9001, it may be relevant to have an overall quality manager covering all systems, in which case a full time quality manager may make sense. This can work well but only if the quality manager has some laboratory background. Although, in theory, managing the quality system does not need technical expertise, in practice it is very difficult for a quality manager with no relevant technical insight to operate with laboratories. One system which can be effective is to have an overall, possibly full time, quality manager plus quality representatives at laboratory level. These can be individuals who are involved in laboratory management but who are given a specific brief to manage quality. They provide local quality expertise and administrative support to the quality system and assist the quality manager. Clearly, in this arrangement the quality representatives may have a dual reporting line: the normal lines to the laboratory manager on technical issues and a line to the quality manager on quality issues. 2.5.2 Using a senior scientist as quality manager This type of structure would use one of the senior staff from the tier below that of laboratory manager to manage the quality system. This, of course, means that the quality manager occupies a line management position below that of the laboratory manager. This should present no problems provided that it is stated in the documentation that, on matters of quality, the quality manager has direct access to the level of management described in section 2.3 above. This then provides the quality manager with a line of action in the unlikely event that the laboratory manager is contravening the quality policy and attempts to subvert the quality manager by using line management authority. This type of structure operates effectively in many organisations and is probably the commonest scenario found in medium sized laboratories. There is often some initial discomfort with such an arrangement in highly hierarchical organisations, but it is usually found to be workable in practice. 2.5.3 Other possibilities for quality manager Alternatives to the scenarios already discussed include the use of a staff member who is not involved in laboratory work but who has the necessary technical background. Such Page 8 persons are typically found amongst individuals who have been promoted into managerial posts from the laboratory. The senior management tier described in Section 2.3 may contain such individuals. The use of such a person not only provides an independent form of quality management but underlines the commitment of the highest level of management to quality. In small organisations it may be difficult to separate the quality management and technical management functions completely, and some laboratory managers may function as their own quality managers. This is not disallowed by the standard so long as the responsibilities are clearly defined. Generally, assessors are understanding on this issue in small laboratories and will recognise genuine attempts to achieve the necessary separation within local limitations. 2.6 Deputies [4.1.5] There should be provision for deputies for all key posts, especially those of quality manager and laboratory manager, so that their functions can still be discharged in their absence. A common scenario is for the laboratory manager and quality manager to deputise for each other where the quality manager has appropriate technical expertise, but you can make whatever arrangements are suitable for your particular situation. The point to concentrate on is that you must create a structure such that the laboratory is never going to be paralysed because it is not clear who can give an authorisation or perform a function in the absence of a principal. ISO 17025 recognises that in small organisations it may not be practicable to have designated deputies for all posts. This does not alter the fact, however, that if the laboratory does not have suitable arrangements for decision making in the absence of key staff there is a danger of running into a situation where work may have to stop if a nonconformance with the quality system is to be avoided. Look at your quality manual and analyse the responsibilities allocated, especially with authorising activities. Consider the implications of the person to whom the responsibility is allocated being absent. Would this create a problem in operating? If the answer is yes, then make arrangements to cover the absence by showing where the responsibility is reallocated. 2.7 Other posts [4.1.5] Apart from the requirement to define the quality manager and the technical management structure, ISO 17025 requires no other post to be defined. You should, however, look at your situation and describe how it is structured. For each level you should have an appropriate name, for example chief chemist, senior microbiologist, materials scientist, technical officer, laboratory Assistant or whatever titles your organisation is familiar with. You should define, for each level, the reporting structure both going upwards and downwards, for example each chemist reports to a senior chemist and technical officers report to a materials scientist. Page 9 2.8 Qualifications and job descriptions [5.2.4] For each of the levels which you have described under section 2.7, you should decide upon and record in the quality manual the qualifications and experience necessary to fill the post. There should be similar specific descriptions for the technical management posts and the post of quality manager. From a quality point of view these descriptions represent a commitment to provide staff of defined capabilities at appropriate levels in the organisation and to take on suitably qualified and experienced staff to replace those leaving. You should be careful not to make the criteria too restrictive but do choose criteria which demonstrate a genuine commitment to have properly trained and qualified staff. Do not fall into the trap of listing the qualifications and experience of the present incumbents. The chances of your finding a perfect clone to replace them are remote. Think in terms of the minimum necessary qualifications and experience for the post and allow for using someone with appropriate experience and perhaps minimal qualifications. The description of the post should include a brief job outline describing the duties to be carried out and the level of responsibility to be accepted, including responsibility for supervision. The minimum content of the job descriptions should cover responsibilities for performing tests/calibrations; planning of tests/calibrations and evaluation of results; method development and modification, and validation of new methods; expertise and experience; qualifications and training programmes; and managerial duties. The list below provides a useful model which effectively aligns staff, for technical operational purposes, into several levels. Any individual may, of course, operate at more than one level. ̇ ̇ ̇ ̇ ̇ Those providing support and who never take responsibility for any data. Those who carry out routine work; such staff do not evaluate the data for release but will normally be expected to do any initial checks required against precisely defined quality control criteria. Staff who exercise professional judgements and evaluate data—normally those who can take responsibility for the release of data. Staff responsible for training and evaluating the expertise of trainees. Staff responsible for selecting and validating methods. 2.9 Influences, confidentiality and independence [4.1.4, 4.1.5] The organisation and management of the laboratory must be such that the scientific staff are completely free to exercise their professional scientific judgement. There must be no commercial or financial pressures which might influence the quality of the work. This does not mean that you cannot insist on a reasonable work rate from your staff, but it would not, for example, be acceptable to pay them on the basis of the number of samples analysed. All staff must be instructed that they are required to keep confidential anything which they may learn as a result of their work and any information which they are given in order to help them to carry out their duties. The quality manual should contain a statement to this effect. Page 10 Some organisations require staff to sign a confidentiality agreement. This is not essential but is generally to be recommended. There should be instructions to staff on the course of action to be taken if they believe that an attempt has been made to subvert their judgement. The general instruction should be that the staff member must inform the management as soon as possible and the management should arrange to have the work in question passed to another employee, wherever possible. It is emphasised that this is not done as a reflection on the integrity of the staff member concerned but is required in defence of the laboratory's reputation and to remove any possibility of a suggestion that the approach might have been successful. Page 11 3. The quality system and its components 3.1 Key questions For any particular result from your laboratory, can you produce documentary evidence to demonstrate:¬ The work was done by a properly qualified person who had been trained in the relevant technical operations and had access to all information necessary to the proper execution of the work? ¬ The method used was technically sound and appropriate to the sample and to the requirements of the client? ¬ The equipment used was properly maintained and calibrated at the time the data was generated? ¬ All appropriate quality control checks were carried out and the results of such controls fell within the specifications? With respect to your management and organisation:- ¬ Are there clearly assigned responsibilities for management of quality? ¬ Are procedures in place specifically designed to ensure quality is maintained? ¬ Are these procedures documented? ¬ Do you have a mechanism for approval of this documentation and for ensuring that all copies issued are kept up to date? ¬ Do you monitor the arrangements for managing quality to ensure they are fully implemented and being followed by all? ¬ Where quality problems occur do you have a mechanism for taking corrective action which seeks to develop the quality system so that a recurrence of the problem is unlikely? ¬ Do you have a mechanism for identifying potential quality problems and taking action to prevent them materialising? ¬ Do you have a mechanism for identifying opportunities to improve the effectiveness of your quality system? 3.2 Purpose of a formal quality system [4.2.1] A professional will always take precautions to secure the integrity of the data generated by his or her laboratory. These will typically include calibration of instruments, checks on the calibration, testing of samples in duplicate and the testing of quality control (QC) samples for which the expected results are known. Most of these operations come under the heading of quality control. That is, they are designed to check that nothing has gone wrong. A formal quality system will certainly include quality control procedures but it is much more orientated towards quality assurance. By quality assurance we mean procedures and management methods which are designed to minimise the chances of anything going wrong in the first place. The emphasis is on error prevention rather than on error detection. In the laboratory, the quality system must not only deliver quality data but must also provide for the maintenance of records which enable the quality of any result to be Page 12 demonstrated historically. The laboratory which can produce such supporting evidence will, without doubt, have far more credibility than a competitor who cannot. Having said all of this, we must not lose sight of the fact that the purpose of the quality management system is to maintain and, where necessary, improve quality. Any records and documentation must help towards this end. What we seek to do by formalising the quality management system and its associated documentation and records is to ensure that quality management is applied comprehensively, appropriately and consistently. We also seek to establish an audit trail such that if something should go wrong we can track the error and make modifications to the system that will reduce the likelihood of a recurrence, i.e. implement corrective action which addresses the root cause of the problem. 3.3 Elements of the quality system [4.2.1] Management of quality should be simply one facet of each aspect of managing the laboratory. However, quality management is so vital that it is usual to identify a separate quality management structure. This will define clearly how responsibility and authority for dealing with problems of quality are allocated in the laboratory. This management structure is obviously the key element of the quality system. This is the mechanism for doing things. 3.3.1 Quality documentation [4.2.2, 5.4.1] Documentation is important but it is critical to realise that it is not, in itself, the quality system. Because the major obstacle that you see when you decide to adopt a formal quality system is the production of the documentation, it is easy to fall into this trap. The documentation is simply one of the tools of the system and has two main roles:̇ ̇ It is a mechanism for defining the quality system so that there is a consistent and secure basis for monitoring the system; in short, unless the system is clearly specified it is difficult to monitor whether it is being used. It is a means of communication within the laboratory so that all staff know their responsibilities and the procedures to be followed. The key piece of quality documentation is the quality manual. This is the document which describes in detail the policy on quality and the quality management structure and describes or refers to the procedures which constitute the working quality system. The quality manual is, typically, prepared and checked by laboratory management, usually under the overall co-ordination of the quality manager. It should, however, be formally authorised for issuing from as high a point in the management hierarchy as possible; chief executive, director general, chairman are typical points. This ensures that the manual has the strongest authority and also shows, to the accreditation body, a commitment on the part of the senior management to the quality system. It is critical that the quality manual is seen to be a working document. It should be available to all staff and they must be instructed to read it and to use it to guide them in all aspects of their work. It will then be a vital force for the consistent and comprehensive operation of the quality system. The quality manual may be completely comprehensive and self-contained or it may make reference to subsidiary documents which describe procedures. Whatever the case, the quality manual must be the primary source for all aspects of the operation of the quality system and must either contain all necessary information or must explain clearly where Page 13 such information is to be found. Guidance on the preparation of the quality manual is given in section 16. Laboratories will normally require documentation of technical procedures in addition to the quality manual. The key part of the technical procedural documentation will be the documentation of the test or calibration methods themselves. The level of detail for these methods documents should be such as to enable a trained practitioner to carry out tests and calibrations in a proper and consistent fashion. The technical procedural documentation should also contain, or refer to, operating details for all of the instrumentation used to carry out tests. These details can be provided either as part of the description of appropriate methods or as separate descriptions of operating procedures. Such descriptions may refer to instrument manufacturers’ manuals or other sources of information and, provided these sources are available, the information need not be repeated in documentation prepared in-house. It may, for example, be appropriate to have general operating instructions for a spectrophotometer, which are then cross-referenced by methods which require measurements with the instrument. It is not essential for the laboratory to write up all methods and operating procedures. Where standard methods are used, then, provided these are adequately documented to enable the method to be performed properly and consistently, the requirement for a method description can be met by making available to staff a copy of the standard specification, for example a national or international standard. See section 7.7 for further discussion of methods documentation. Similarly, equipment operating instructions may be made available entirely in the form of manufacturers’ manuals if these provide all of the information necessary. A combination of the two approaches is often used, with in-house-produced documentation being produced to refer to, amplify and clarify standard specifications and manufacturers’ manuals. Whatever the approach, the available documentation must either contain all necessary technical information for carrying out the laboratory's scope of tests and calibrations or must make clear where the relevant information is to be found. The emphasis must be, as already stated, such that all staff have a source of reference to enable them to work properly and consistently. Consistency is particularly important to the accreditation body since it is accrediting the laboratory and not the individual staff members. An important function of the quality management system is that it should ensure this consistency, and a key feature is to start with a clear written definition of what everybody should be doing as regards both quality management and technical procedures. 3.3.2 Quality system records [4.13.1, 4.13.2] The records kept should consist of: ̇ ̇ All original observations, raw data, calculations and derived data in the form of work sheets, notebooks, instrument output, etc.; these must be dated and should all be traceable to the person who made the observation or measurement and to the equipment used—see section 11. Records of installation, maintenance, calibration and checks carried out on instruments and other equipment; this should be in the form of an individual Page 14 ̇ ̇ ̇ ̇ ̇ equipment log for each major item of equipment, or composite logs for smaller items, such as balances, thermometers, glassware. See section 8. Copies of all reports issued by the laboratory. See section 13.2. Records of staff qualifications, training and review of training in the form of a staff register. See section 5. Records of all audits and reviews of the quality system, including records of corrective and preventive action taken. See section 4. Records of all customer complaints and response to non-conforming work, and details of follow-up and any corrective action taken. See section 4.10. Records of suppliers and sub-contractors. See sections 14 and 15. The key objective in keeping records should be to ensure that the source of any error can be traced and that any test or calibration can be repeated in a manner as close to the original as possible. Records must be kept in such a way that they can easily be retrieved if necessary and they must be secure, held in confidence and reasonably protected from destruction. There should be a documented policy on the period of retention of records. ISO 17025 has no actual period specified but the laboratory must commit to a policy. Accreditation bodies usually have their own regulations and these vary from body to body. However, a typical requirement is connected with the practice of most accreditation bodies of carrying out a full re-assessment of a laboratory every four years. The normal requirement then becomes that all records for the past four-year period must be available. After the re-assessment, most records for the four previous years can be disposed of. The only rider to this is that any records which are relevant to ongoing issues need to be kept for at least the duration of that issue. What this means in practice is that records relating to individual items of equipment, for example, need to be kept for however long the equipment is in use plus whatever period is necessary to reach the next re-assessment. Similarly, staff records are kept so long as staff are employed plus the time to the next re-assessment. In reality, most laboratories retain records far longer than will be required by most accreditation bodies. 3.4 Document control [4.3] A key aspect of the operation of a quality system is that staff should be fully informed of their responsibilities and the way the various procedures, including the test and calibration procedures themselves, are to be operated. The main vehicle for passing on this information is the documentation described in section 3.3.1 above. This documentation needs to be ‘controlled’. A scenario all too often seen is that laboratories create an unnecessarily elaborate document control system which neither does the job required very well nor actually meets the laboratory’s needs. There are only three reasons why the document control system is needed. They are:̇ ̇ To ensure that management is aware of, and has approved, all documents used by staff to guide them in their work To ensure that all documents specifying procedures have been checked by someone with appropriate knowledge to ensure they are accurate, technically sound and unambiguous. Page 15 ̇ To ensure there is a record of the issuing of all copies of documents, so that if documents need to be reviewed, withdrawn or amended all copies can be subjected to the same procedure. The system established to achieve this needs to consider the following:̇ ̇ ̇ The people reviewing documents before they are issued should be those with the relevant knowledge. This is not an issue of management hierarchy. For example, if the issue is whether a document is a correct and clear description of a bench procedure, the best person to review it might well be a technician who routinely does the work. Documents may need to be issued and amended quickly and this should be done by the most appropriately qualified person. For example, the issue or amendment of a method is simply a matter for the laboratory technical management, who should be free to act. Passing such issues through the sort of committee structure sometimes seen for operating document control achieves nothing except a slow response. If document issues and revisions do have cross department implications and so need some discussion, the procedure for reaching agreement needs to be streamlined and made efficient and not excessively bureaucratic. Remember that the purpose of the document control system is to allow appropriate and accurate documents to be issued, amended and withdrawn. Far too often, systems are encountered which actually obstruct the issuing of documents. 3.4.1 Scope of the document control system The document control system must be described in the quality manual. This system must cover all documents used in the operation of the quality system. These include obvious items, such as the quality manual, associated procedural documentation, technical methods documentation and work instructions. Less obvious items which must be included in the document control system are masters of pro-formas used for record keeping, textbooks, posters, notices, calibration tables, memoranda, drawings and plans. Indeed any document which provides information or instructions for use in technical or management procedures must be controlled. This includes items posted on notice boards and memoranda, for example of instrument settings, which may be pinned to the laboratory wall. There is no reason why you should not still have that list of certified values for your DTA-Differential Thermal Analysis standards on the wall, but it must now have a signature and date showing it is approved by management and has been checked as correct. Controlled documents will generally include both in-house-produced material, published material and other externally produced information, such as instrument manuals. Inhouse-produced material is frequently issued to individuals, whereas other documents are typically made available by placing them in defined locations in the laboratory. There is, however, no reason why in-house material cannot also be made available by being issued to storage locations. The onus will be on the laboratory to show assessors that documentation is controlled and available and that staff know where to find it. The term “document” should be interpreted with the broadest meaning as covering information in all forms, including computer files, software and other electronic or digital information. It is an increasingly common practice for laboratories to make their documentation available on a computer network. This can make control much easier and updating a very simple exercise. Obviously, such files must be read-only for users and only capable of being amended by authorised persons. They should also be prevented Page 16 from being printed without authorisation and recording, since this will generate unrecorded copies of the document, which will be missed by the updating process. On a related point, the quality manual must include an instruction that controlled documents, other than masters of pro-formas (see section 3.4.4), must not be photocopied by staff. The enforcement of this is essential to maintain the integrity of the system since the document control system must know of every copy of a document in circulation in order to ensure that all are reviewed and updated when necessary. Proliferation of unofficial photocopies will undermine the control system completely. Some organisations seek to protect themselves from photocopying of controlled documents by using paper of a distinctive colour or by using paper with coloured logos or footer bands. A rule can then be made that any copies of controlled documents which lack the distinctive colour are not to be used by staff and must be destroyed if discovered. It is also possible to obtain paper which prevents photocopying but this is expensive. These expedients do provide protection but they are not without cost and should not be necessary in a well disciplined and audited organisation Allowance should be made in the quality manual for the issuing of uncontrolled copies of controlled documents but only outside the organisation. This covers the need, which sometimes arises, to provide customers with copies of, for example, quality manuals. There is normally no necessity to provide regular updates to such issues and therefore no need to commit to this in the quality manual. Documents issued in this way should be clearly marked as uncontrolled, for example by a suitable stamp, and the quality manual should include instructions that such uncontrolled copies are not to be released within the laboratory and that, if they are encountered by staff, they are not to be used as work instructions. 3.4.2 Practicalities of controlled documents and their organisation The issuing and amendment of each controlled document must be assigned as a responsibility to an individual or specified group of individuals. No other person may make alterations to the document or authorise its issue. As already emphasised, the assigned individuals should be those with the relevant knowledge to evaluate the document, irrespective of line of management. Each hard copy of a controlled document should carry a cover sheet which shows the following: ̇ ̇ ̇ ̇ ̇ A clear indication that the document is a controlled document. A version number and/or the date of the current version so that the most recent version can be clearly distinguished. An individual identifier of the copy of the document, such as a copy number, the date of issue of the copy and either the name of the person to whom the copy was issued or the storage location for the copy. The name, position and signature of the person(s) on whose authority the document is issued. An expiry or review date for the document. Any controlled document should also provide information which enables a user to check that it is complete. Either it should be paginated in the form ‘Page n of nn’ or the number of pages should be shown on the cover sheet. It is a good idea, when paginating a large controlled document such as a quality manual, to paginate it in separate sections rather than continuously throughout. This avoids the necessity to replace the entire document if a page has to be added. Under these circumstances, each page should show Page 17 the section number, the page number and the total number of pages in the section, and there should be a page of contents listing the sections. The operation of the controlled document system is normally one of the responsibilities of the quality manager, although the actual day-to-day administration of document control and record keeping may be delegated to administrative staff, for example in a library or document control centre. In the case of each controlled document, there must be a record which shows either the name of the holder or the storage location of each numbered copy. When an amendment is authorised by the appropriate person, the quality manager can then ensure that every copy of the document is amended. The simplest way to achieve this is to collect all of the copies of the document and to amend and reissue them. In larger organisations this may not be practicable, and an alternative arrangement is to issue the amended pages with instructions for the action to be taken by the document holders. The pages should be accompanied by an amendment sheet which describes exactly which pages are to be discarded and which are to be inserted. This sheet should be placed in the copy of the document so that there is a full record of amendments. ISO 17025 contains a specific requirement that there be a master list or equivalent procedure so that staff can check that they have the current version of a document. This provides an additional safeguard but, provided the document control system is working, there should be no obsolete versions around. ISO 17025 requires that, ‘where practicable’, new or altered text be identified in amended or revised documents or in attachments to the documents. The idea is that attention should be drawn to the specifics of any changes so that staff can identify the key points and determine easily whether changes in procedures are required or whether the changes are simply corrections of textual significance only, for example removal of typographical errors. In the case of in-house documents, this is easily achieved with modern word processing software which usually permits the use of distinctive typefaces, and indeed colours, to highlight amendments. In the case of published material not generated inhouse, it will normally be necessary to provide an attachment to the document when issuing it, pointing out the areas where changes have occurred. It is emphasised that the main point should be to make it clear to staff when the amendment will require them to change the way they carry out a procedure and when it is simply a textual change. Amendment to controlled documents can be done by hand provided that the amendment is authorised by the person responsible for the document. Normally, this will require their initials and a date on the amendment. Hand amendment is really only practicable in small organisations where only one or two copies have to be amended. ISO 17025 contains a requirement that hand amended documents shall be formally reissued as soon as practicable. In practice, it is preferable to avoid hand amendment since it tends to lead to a sloppy approach to document control and almost always results in variations creeping in between different copies of a document. The quality manager should hold copies of all versions of each controlled document so that, if necessary, the content at any point in its history can be determined. These copies can be in the form of computer files, provided they are properly protected by backing up. 3.4.3 Keeping documents up to date There should be a procedure to ensure that controlled documents are reviewed from time to time. There is no set interval for this in ISO 17025, but an annual review is Page 18 typical. All copies of a controlled document should show a review date so that users can immediately see whether the document is overdue for review. The review requirement is met if the person responsible for the document makes a record that the review has been done and either authorises amendment to the document or records that the version as issued is confirmed as still relevant and requires no revision. Some published documents, for example ISO or national standards describing technical methods, are subject to revision by the issuing body. The laboratory will need to assure the assessors that there is a mechanism for ensuring that such revisions are noted and the laboratory's copies of the documents have been replaced with the updated versions. The simplest way is to have a list of all the documents in this category and to check with a subscribing library or with the issuing body on a six monthly basis and, of course, to record the checks. This system for ensuring documents are updated should encompass documents issued by the accreditation body. It may sometimes be necessary to retain copies of older versions of documents, for example standards describing methods, for instance if clients wish the previous version to be used. The requirement to update the documents does not preclude this but care must be taken to ensure that the appropriate method is used for each client. Documents which are obsolete for general use but which are retained for specific purposes must be suitably marked. The marking should either specify the scope of use of the document or simply warn that it is not for general use and refer the reader to an authority, for example the quality manager, who can provide information on when it is to be used. 3.4.4 Some issues specific to pro-formas For the first time in laboratory quality management standards, ISO 17025 introduced the requirement to control pro-formas used for record keeping. To be strictly correct, what is being controlled is the format of the pro-forma. The best way to meet this requirement is to have a master set of pro-formas and to insist that any copies made for use are always made from the masters and not from copies of the masters. The masters may be hard copies or, more usually these days, a set of computer files. There may be more than one set of masters but, as with all controlled documents, each set must be numbered and records kept of holders or location. This system then ensures that, if a pro-forma is amended, the amendment comes into use immediately. Staff have to be weaned away from the common habit of keeping a stock of forms in a drawer or, which is worse, keeping a set of their own ‘masters’, from which they make copies as needed. The masters, and hence any copies of pro-formas, must show a version number/date of issue, the identity of the person authorising the issue, and a date when review of the proforma is due. Page 19 4. Monitoring and maintenance of the quality system 4.1 Key questions ¬ Do you have a mechanism for checking that your arrangements for quality management are being operated on a day-to-day basis by all staff? ¬ Where this is found not to be the case, do you have a mechanism for taking corrective action to ensure that the situation is remedied and not likely to recur? ¬ Do you use the information from any quality problem to enable you to identify where the quality system can be improved and do you act on this? ¬ Do you have mechanisms to monitor trends in quality performance so that failures can be anticipated and dealt with before they become critical? ¬ Do you have mechanisms in place to scrutinise the quality system for areas where improvements might be possible? ¬ Do you review the performance of your quality system to determine whether it is delivering the objectives which you have identified for it? 4.2 Reasons for monitoring quality system A laboratory must take active steps to check that its quality system is being operated properly and that it is achieving the required standard of quality. Quality control provides some feedback on these issues but this is not, in itself, sufficient to meet the requirements of ISO 17025. The system must be pro-active and provide assurance of quality. Moreover, the quality system itself must be under constant scrutiny. ISO 17025 requires audit and review of the system on a planned and regular basis, plus ongoing monitoring to detect quality problems and even to anticipate and prevent problems. These are all strategies designed to detect actual or potential nonconformances with the quality management system before they impact on data quality. Where there are no problems, the activities provide a record that the quality management system has been scrutinised and found to be satisfactory. 4.3 Quality audit and review [4.14, 4.15] The organisation of audits and reviews is the responsibility of the quality manager, although he or she will normally involve other staff in actually carrying out audits. The quality manager is also responsible for checking that any corrective action agreed is adequate, is carried out and is effective. The frequency of audit and review of the systems is not mandated in ISO 17025, but a note in the standard expects that that each aspect of the system will be audited at least annually and that reviews will, likewise, be conducted at least annually. 4.4 Distinction between audit and management review An audit is concerned with checking that the quality system as specified in the quality manual and associated documentation has, in fact, been implemented and being operated. To put it simply, the documentation describes what is supposed to be done while the audit checks that it is actually being done and in the way specified. Page 20 Review is a management function where the key members of the laboratory management examine the performance of the quality system as a whole. The object is to decide whether the system is delivering what is required. The requirements will be, as a minimum, compliance with ISO 17025 but may also include any local policy requirements thought relevant by management. The review and audit processes are distinct but interact in the sense that the review will consider, amongst other things, the audit reports. These will provide important information about where the quality system is weak and in need of revision. In this respect, review includes an element of preventive action—see section 4.9. 4.5 Planning the audit and review programme [4.14.2, 4.15.1] This is the responsibility of the quality manager, but the future plan should be considered and approved at the quality system review meeting. See section 4.7 below. An annual plan should be prepared and the proposed timing of audits should be marked on the plan and, when an audit is complete, the actual date and name of the auditor should be added. The quality manager should be given complete authority to ensure that the plan is adhered to. The audits and reviews should be treated as an important issue and not put off for any reason whatsoever. Experience shows that, once a programme falls behind, it is difficult to catch up. Audits, in particular, are a crucial issue in an ISO 17025 quality system since the whole philosophy is that the laboratory designs and implements the quality management system and then carries out audits to ensure that it is working properly. In the absence of audits, problems will only be detected when they lead to quality failures. This is a quality control approach aimed at error detection; an ISO 17025 compliant quality management system is focused on error prevention through quality assurance, and it is only through the audit that the laboratory can be sure that the system is working. Nothing will make assessors more uneasy than the impression that a laboratory does not take its audits seriously. A pattern of audits being carried out late relative to the audit plan will send the wrong message to assessors, and statements such as, “We had to put off October’s audits until September because we had so much work in.” are likely to be interpreted by assessors as demonstrating a low priority approach to the quality system. 4.5.1 Frequency of audit and review [4.14.1, 4.15.1] General practice is that an audit programme should be organised on a rolling basis such that, in any one year, each aspect of the quality system will be covered at least once. There should also be at least two vertical audits in any one year. In a vertical audit the auditor, rather than examining one aspect of the system, tracks a specific sample or samples through the laboratory, from receipt to reporting of results, and checks that the documented procedures have been followed and all records kept. There is actually nothing in ISO 17025 which precludes an annual, one-off, audit of the whole system, but this is not regarded as good practice except perhaps in very small organisations where external auditors have to be used. The rolling system described, where audit is seen as an ongoing part of management, is generally to be preferred. Annual management reviews are generally enforced by accreditation bodies and it is unlikely that this will change. Page 21 These timescales should be used on a routine basis, but it is strongly recommended that the frequency be doubled during the first year of operation of a new quality system, i.e. a six-month rolling audit programme supported by a six-monthly review. The audit programme should be phased in during the implementation of the various elements of the quality system and not postponed until it is all in place. This provides a valuable check on the elements of the quality system as they are established. A settling in period of two to three months should be allowed for each part of the system and then that part audited. An efficient and responsive audit system is a powerful tool in establishing the quality system. Inevitably people will tend to forget to do things required by the quality system from time to time but, if they learn that any omissions will be picked up quickly and corrections asked for, they will rapidly acquire good habits and make fewer mistakes. 4.6 Quality auditing 4.6.1 Choice of auditors [4.14.1] The responsibility for audits lies with the quality manager, who may carry out audits directly but will normally delegate at least some of them to suitable individuals. Auditors should be familiar with the principles of auditing and must be independent in the sense that no one may audit an area of activity in which they are directly involved or for which they have immediate supervisory responsibility. ISO 10011, parts 1 to 3, provides useful guidance on auditor's responsibilities and the organisation of audit programmes. ISO 17025 does imply that, when resources are not adequate, the independence requirement of auditors can be relaxed, but experience suggests that accreditation bodies will take some persuading on this issue. In most laboratories it is usually possible to do all auditing with internal staff, but there is no reason why outside persons cannot be used. People from other parts of the organisation to which the laboratory belongs are often suitable. A typical situation in a small laboratory is that the quality manager carries out most audits but some other senior staff member is brought in to audit those areas where the quality manager has personal involvement. An auditor need not have a detailed knowledge of the technical aspects of the work of the laboratory but some background is essential. The quality manager is responsible for ensuring that auditors are properly trained and should maintain training records for them. These records can form part of the overall training records—see section 5.3. Training can be given in-house or by outside agencies, such as consultants, can be used. A commonly applied strategy is for the quality manager to undergo formal training in auditing and then for he or she to train the internal auditors. It is sometimes appropriate, especially with very small laboratories, to use external auditors to achieve independence. These will normally need to be approved by the accreditation body, but there is usually little problem with this since the accreditation body is happy to see steps towards effective and independent auditing. Page 22 4.6.2 Conducting an audit It needs to be clearly understood that a quality audit is solely concerned with checking that what is actually happening matches the documentation. Before starting an audit, therefore, it is essential to agree on the documentation to be audited against. Normally, this will be a part of the quality manual with, perhaps, some associated documentation. The auditor should begin by looking at the documentation and should plan exactly what is going to be examined during the audit. The best approach is to prepare a checklist of questions to be answered, documents to be examined and inspections to be made. The checklist should be used as the basis of the audit and should be covered comprehensively. Any questions which the audit raises and which require further investigations should be addressed only after the checklist has been covered. Too many diversions are likely to result in the audit not being completed or being very protracted. The manner in which an audit is approached is important. It should be seen by the laboratory as an opportunity to reveal any potential problems before they lead to a quality failure and not as an inquisition to be borne. The auditor should be seen as a valuable helper in ensuring that quality is maintained. This atmosphere is best achieved if the auditor remembers at all times that his or her job is to audit the quality system and not the people. Avoid any actions or statements which might be taken to suggest that blame is being apportioned. If human error has occurred, the approach must be to seek to modify the quality system to make this less likely in the future. The audit should be a forward-looking process, orientated to ensuring that any problems do not recur. Past problems should only be analysed for the information which they provide and not as part of a witch hunt to find a culprit. Remember at all times that auditing is as much about confirming the satisfactory operation of the system as it is about finding problem areas. This means that auditors must carefully record details of the systems, records and items examined, especially if the report finds no evidence of non-conformance. 4.6.3 Audit Reports [4.14.2, 4.14.3, 4.14.4] The auditor must make a written report on every audit. Other documents should be appended as necessary. It is customary and helpful for a copy of the auditor’s checklist and notes to be attached to the report. Some audit report formats make provision for auditors to obtain a confirmatory signature from laboratory staff for their observations. The idea is to confirm factual observations so that these do not become a matter for later debate. The point needs to be made to the staff confirming the observations that they are only agreeing to the facts and not accepting that a non-conformance has occurred. It is only at the second stage of the process of audit that the auditor will decide whether an observation is to be reported as a non-conformance. The practice of having observations confirmed is not an essential component of auditing and whether it is adopted is a matter for the individual organisation and will be very much determined by the prevailing culture. It does, however, reduce the possibility of contentious disputes since at least the facts of what was observed will not be at issue. The audit report must detail exactly what was examined during the audit and the findings of each examination. Positive reports are required as well as negatives since, to stress the Page 23 point again, the audit is as much concerned with establishing that the system is working properly as it is with finding problems. The auditor must be in a position to provide objective evidence for any conclusion reported. A general impression that all is not well in an area is not an adequate basis for a report. When auditing, be objective at all times and be in a position to prove your point without the need to debate the question. Some systems incorporate the concept of levels of non-conformance, for example major, minor etc. This is not recommended since every non-conformance requires addressing with corrective action. A debate on whether it is major or minor is not relevant and merely time consuming. The format of an auditor’s report on a non-conformance must be objective and clear. In essence it should state “In section 123 of your quality manual there is a requirement to operate in the following manner. Here is an example which I have found where this is not being done.” At the end of an audit, the auditor should hold an exit meeting with interested parties. This will normally be the laboratory management plus any other staff with supervisory responsibility in the area audited. The auditor should give a verbal report on the findings, both positive and negative. At this meeting there should be agreement on any corrective action required and this should be recorded. The record should show what action was agreed, the person responsible for carrying it out and the timescale. This record can be part of the audit form, but many organisations prefer to have a separate corrective action record since this can serve generally. A need for corrective action can arise from causes other than audit findings, for example client complaints or detection of non-conforming work. In determining the corrective action, the objective should be to eliminate the root cause of the non-conformance and to reduce the likelihood of a recurrence. To emphasise this, it is recommended that audit report forms include a section where the root cause has to be entered. This aspect is strongly emphasised in ISO 17025 but, in practice, assessors have always required such an approach. A quick fix for a problem with no attempt to eliminate the fundamental weakness in the system will not meet with approval. The quality manager has overall responsibility for checking that corrective action is taken and for making a record of the completion. Follow-up arrangements should also be made to ensure that the action has been effective. These arrangements should also be made by the quality manager. In the case of many non-conformances, the follow-up should include a partial re-audit, at least, to be scheduled after an appropriate lapse in time so that the working of the modified system can be tested. Typically, one to two months should be considered. The plans for follow-up and the confirmation of its successful completion need to be recorded as part of the corrective action. The completed audit reports should be filed by the quality manager and will need to be available to assessors. It should be appreciated that assessors’ prime interest in the audit reports will be to check that corrective action has been taken and followed through and not to use them as a means of detecting the laboratory’s weaknesses. 4.6.4 Audit summaries It is good practice for the quality manager to summarise the results of audits. His summary should collate the numbers and types of non-conformances, classified by the Page 24 area of the quality system to which they pertain. The summary should be presented at the management review meeting. The value of the summary is that it will highlight the areas of the quality system which fail most frequently and so help to focus the review. The summary can be particularly useful in multi-department laboratories where it brings all the audit findings together and can help to identify quality problems that are common to several departments. Such problems are often most effectively addressed at the higher management level rather than by individual departments. 4.6.5 Additional audits [4.11.5] In addition to the planned audit programme there may be a need for audits in response to any occurrences which indicate non-conformances with the quality system or with ISO 17025. These would include internally reported quality problems, including detection of non-conforming work, client complaints and actual quality failures which come to light in any way whatsoever. The audit should be organised to address all the relevant parts of the quality system. The follow-up is exactly the same as for planned audits, with appropriate corrective action being taken and its completion and effectiveness verified. 4.7 Quality system management review [4.15.4] 4.7.1 Composition of the review committee This should consist of, as a minimum, the quality manager and the laboratory manager with someone present who represents the most senior level of management of the laboratory where decisions on allocation of resources are made. This could be a representative from the board of the company or the equivalent policy making body. The presence of such a representative is key since the there may be resource implications in the findings of the committee. Any other persons who might make a contribution should be present. These would typically include senior professional staff and, perhaps, chief technicians. In a small laboratory with only two or three staff, it is usually most effective to involve everyone in the review. 4.7.2 Administration [4.15.1] The quality manager is responsible for arranging the meeting and for compiling and distributing the agenda. He or she should also ensure that all relevant documents are available. These should include but not be limited to: ̇ ̇ ̇ ̇ ̇ ̇ ̇ ̇ All audit reports and summaries, including reports by external assessors and any by customers; Feedback from customers; The proposed audit and review programme for the following year; Details of in-house quality control checks; Reports on quality failures and follow-up action; Reports on customer complaints and follow-up action; Preventive action records; Results from participation in proficiency tests and other interlaboratory trials. The meeting must be minuted and a list of action points prepared. The quality manager is responsible for ensuring that all of the actions agreed at the review meeting are carried Page 25 out, but the meeting should agree on who will carry out each action and the timescale. This should include the updating of any documentation. 4.7.3 Meeting agenda [4.15.1] The purpose of the review meeting is to look at the performance of the quality system over the past year and to decide on any modifications needed to secure improvements. The meeting should also consider any modifications needed to meet any changes to the quality management standard to which the laboratory adheres and any changes needed to address new policy objectives set by the organisation. The meeting should cover, at least, the following topics: ̇ ̇ ̇ ̇ ̇ ̇ ̇ ̇ ̇ ̇ ̇ ̇ ̇ Quality matters arising from the last review meeting and a report from the manager confirming that all actions have been taken; Report on any surveillance or assessments by the accreditation body; Discussion of the results of all audits, both internal and external; Review of the quality manual and decisions on any changes required; Performance in proficiency tests and any similar interlaboratory exercises; plans for future participation in such exercises; In-house quality control checks; Complaints from customers and follow-up action; Results from customer surveys and plans for future surveys; Quality incidents and follow-up action; Review of staff training and plans for the following year; Adequacy of staff, equipment and other resources to maintain quality; Future plans for staffing, equipment, premises etc.; Agreement on action points and date of next meeting. 4.8 Corrective action [4.11] Corrective action will be required whenever a quality problem is identified. The audit is an obvious mechanism for determining whether corrective action is necessary, but there are other potential sources of information and all of these should be used. Obvious sources are complaints from clients, information passed on from laboratory staff about quality problems, detection of non-conforming work, and direct detection of quality failures as a result of quality control monitoring. Interlaboratory proficiency testing and feedback from external assessors and auditors would also come into the category of useful sources from outside the organisation. 4.8.1 Records [4.11] Because of the variety of sources giving occasion for corrective action, it is useful to separate the record system for reporting quality problems from the system for planning and recording corrective action. This allows the same corrective action management and recording system to serve for all sources of information on quality problems. The audit, for example, is reported on a form dedicated to that purpose, and this is cross referenced to the corrective action requests. Page 26 The corrective action record system should provide for the recording of the reason for the action and for a detailed description of the proposed corrective action, with an explanation of how it addresses the root cause of the problem. The responsibility for the action should be assigned and a timescale agreed. There should also be a record of the arrangements proposed to verify the effectiveness of the corrective action. This will normally mean some type of audit, possibly of restricted scope, covering only the immediate area of the quality system involved in the action. The quality manager should be required to confirm when the action is complete and should also be responsible for ensuring that the verification of effectiveness is carried out and recorded. 4.9 Preventive action and improvement [4.10, 4.12] ISO 17025, as compared to previous laboratory accreditation standards, introduces a requirement for preventive action. This is sometimes confused with corrective action but, although there are grey areas, the two concepts are essentially different. ̇ ̇ Corrective action is a response to a finding of a non-conformance or a quality failure, i.e. what you do to put right something that has gone wrong and, where possible, to make sure it does not go wrong again. Preventive action, on the other hand, is occasioned when circumstances are identified where a quality failure or non-conformance is a possibility or where an opportunity is identified to strengthen the quality system. In this respect, preventive action is a total quality management concept and contains elements of quality improvement. There are two distinct streams of preventive action:̇ ̇ Actions in response to a scrutiny of the quality system which identifies areas where the system could be strengthened; such actions are, in a sense, voluntary for management since the response can consider the degree of risk as opposed to the benefit. This recognises that any quality system can always be improved, but there will be associated costs, some direct and some indirect, for example reduced efficiency. If management decides not to take an opportunity for preventive action on such a basis, justification needs to be recorded. Actions in response to identified trends showing deterioration in performance; these include trends in data but also encompass general performance indicators, for example turnaround times. There is sometimes debate about whether this is preventive or corrective action. This is not fruitful. Action is needed; the attached label is irrelevant. The point is that the laboratory is using a mechanism to pick up incipient quality failures before they actually impact. The essential requirement of ISO 17025, as interpreted by most accreditation bodies, is that the laboratory must have mechanisms for identifying when preventive action is opportune, in the sense of opportunities for improving the quality system and responding to unsatisfactory trends in performance. A typical set of approaches is as follows: ̇ ̇ The brief of auditors should be extended to invite suggestions for where improvements to quality management might be achieved within the area which they are auditing. This activity, it should be stressed, is distinct from the audit and should be reported separately. Staff in general should be encouraged to offer suggestions for improvements in quality management or where quality can be made more secure. This can be via an Page 27 ̇ anonymous suggestions system if it suits the culture of the organisation to proceed this way. There should be regular formal scrutiny of trends in data, especially quality control data, by the laboratory management. This should include interlaboratory proficiency testing results. The objective should be to identify trends which indicate potential failures, for example bias developing on a Shewhart chart. This kind of scrutiny can be achieved by a regular meeting of senior laboratory personnel, for example the laboratory manager and senior scientists. The frequency of the meeting will depend on the volume of work, but monthly meetings are commonly held. 4.9.1 Records [4.12, 4.13] There should be a preventive action record form. This should carry the suggestion for preventive action followed by an evaluation by management and an explanation if the action is thought inappropriate. It should be noted, however, that the 2005 version of ISO 17025 has a specific requirement for the laboratory to ‘continually improve’ its quality system, so arguments against the implementation of preventive action in response to identified weaknesses are likely to be difficult to sustain in future. If action is to be taken, the proposed action should be detailed, responsibility allocated, and a date for completion set. The quality manager should receive a copy of the form and should be responsible for following up to ensure that the proposed action is completed and to record this. 4.10 Client complaints, quality incidents and other feedback 4.10.1 Complaints [4.8] This is always a somewhat delicate subject, but the reality is that no laboratory goes very long without some queries or complaints from its clients. In order to comply with ISO 17025, the laboratory is required to record all client complaints, to investigate them systematically and to record the result of the investigations and any corrective action taken. This is not intended to create a body of evidence to be used against the laboratory but is rather a recognition of the fact that such complaints provide a valuable source of feedback on the operation of the quality system. After all, the main object of the quality system is to ensure that clients are properly served. 4.10.2 Learning from client complaints [4.8] The laboratory should approach client complaints as a source of information and they should be investigated in the same manner as any other quality incident. If there is no substance in the complaint, this can be recorded, with supporting evidence. If the complaint has substance, then the laboratory should be able to provide a record which shows the corrective action taken to rectify the problem and, most importantly, what has been done to reduce the likelihood of a recurrence. The investigation will often require an audit of some part of the quality system. The investigation of such complaints is the responsibility of the quality manager although, in most instances, active participation of the laboratory management in investigating the complaint will be required. Page 28 4.10.3 Administration The laboratory quality documentation should state clearly which staff members are allowed to respond to complaints. This will normally be the laboratory manager and, perhaps, other senior staff members. The person responding must record the complaint and the details of any response, plus a record of any corrective action already taken or intended. The record must then be passed to the quality manager, who should evaluate the action already taken. The quality manager should decide whether the action taken is adequate or whether further investigation and corrective action is needed. In particular the quality manager must decide whether an audit is required. Overall, it is the responsibility of the quality manager to ensure that the complaint has been properly dealt with, that corrective action has addressed the root cause and that any lessons learnt have been incorporated into the quality system. He or she is also responsible for ensuring that the record of any corrective action is made—see section 4.8. The quality manager should also follow-up to establish that the action has been effective. 4.10.4 Other client feedback [4.7.2] Pro-active soliciting of client feedback is now required by ISO 17025 since the 2005 edition. Both positive and negative feedback are required. At the time of writing it is not clear what mechanisms assessors will expect to see for acquiring such feedback, but the kind of thing generally expected is annual client surveys or feedback forms sent out with test results. In practice, such surveys will cover aspects of the laboratory’s client services that lie outside the technical area, since experience suggests that it is more than likely that client feedback will address issues other than data quality, for example turnaround times and sample collection. 4.11 Quality incidents, control of non-conforming work [4.9, 4.11] Any quality incident should be investigated and used as a source of information on weak points in the quality system. It is recommended that laboratories have a form for recording quality incidents, i.e. situations where quality comes into question or actually breaks down. These forms can be used to record complaints, internally detected quality anomalies, detection of non-conforming work and other quality failures. The quality manager can then process these forms and determine whether further action, for example audit or corrective action, is required. The form should provide for reporting the incident and should identify how it came to light, for example complaint, detection of non-conforming work, etc. There should then be a section for a report on any action already taken. An incident will normally require corrective action, so there should be a section to cross reference any corrective action requests as described in section 4.8. If no corrective action is proposed, then the reason why it is considered unnecessary should be recorded. The report should be passed to the quality manager, who must review it to determine whether the response is satisfactory. If necessary, the quality manager should raise a further request for corrective action. 4.11.1 Control of non-conforming work Detection of non-conforming work is a particular example of a quality problem which is given special emphasis in ISO 17025. Non-conforming work is any work which does not meet the laboratories’ stated standards, either with respect to mode of execution or outcome, for example quality of data. Page 29 There needs to be guidance in the quality manual on how such problems are handled. The system needs to address the following issues. ̇ ̇ ̇ ̇ ̇ When non-conforming work is detected, then work must stop and management be informed. There must be an investigation and report on the quality incident. Corrective action must be taken and recorded. When corrective action has been effected, only then may the work be repeated or resumed. The system must make clear who is responsible for determining that the problem has been resolved and that work may be started again. This will typically be the laboratory manager or quality manager. As with all such systems in ISO 17025, the emphasis is on learning from experience and strengthening the position for the future. Page 30 5. Personnel [5.2] 5.1 Key questions ¬ Do you have a record of the qualifications and experience of your staff, with objective evidence of their qualifications, for example copies of certificates? ¬ Do you have a clear record with regard to your proposed scope of accreditation of which members of staff are authorised to conduct each test or calibration? ¬ Do you have a documented procedure for training staff in quality issues and technical procedures, including tests? ¬ Do you have a documented procedure for conducting evaluation of the competence of staff after training and before authorising them for the procedure in which they were trained? ¬ Do you have a system for recording training, including objective evidence of competence? ¬ Do you have a mechanism for identifying which staff conducted each procedure, test or calibration? 5.2 Staff records [5.2.5] It is necessary for the laboratory to have staff training and competence records. These should include the following elements, at least. ̇ ̇ ̇ A record of each staff member’s formal qualifications, previous experience and date of recruitment; all qualifications should be verified by inspection of certificates or equivalent evidence. This can be done by the personnel department or the laboratory management, but the record should include a declaration, signed by an appropriate person, of the evidence seen. This could be a personnel manager, the laboratory manager or the quality manager. A list of the activities for which the staff member has been trained; this should include not only tests and calibrations for customers but any in-house calibrations and other activities, such as quality auditing and administrative activities, for example receiving samples. Sections 5.2.1 to 5.2.3 and section 5.3 below deal in detail with the content and format of the training record. A record of regular re-assessment of the staff member’s competence at each of the listed activities. This is dealt with in detail in section 5.4. The training record should also provide for the recording of any outside courses attended by the staff member and for personal certifications or memberships of relevant professional bodies. Since the last two are often renewable by annual subscription, there should also be provision for recording checks on this renewal by the laboratory management. One purpose of the training records is to provide a source of reference by supervisors who wish to ensure that the person whom they intend to allocate to a task is properly trained and that their training is up to date. They also form an essential part of the audit trail since, as we shall see later, all raw data must be traceable to the person who generated it. The training records complete the loop by enabling a check to be made that the person doing the work was adequately trained and checked as competent. All entries in training records should be made and initialled by the laboratory manager or quality manager and, in the case of authorisations to carry out tests or calibrations, Page 31 should be countersigned by the employee. By so doing the employee acknowledges that he or she appreciates the extent and limitation of their authorisations. It should be emphasised that, since the training records need to be accessible to supervisory staff, internal quality auditors and assessors, it is extremely unlikely that normal personnel records, even if they include all the necessary training details, will be suitable for use in this context. Normal personnel department records are likely to contain sensitive personal information unsuitable for such wide scrutiny. The training records must be available in the laboratory. Assessors will not accept training records held in the personnel office at head office! 5.2.1 Initiation of the staff records for new employees The laboratory management will need to initiate a staff record and institute a training programme for each new employee. Obviously, the content will depend on the employee’s previous experience and known level of competence. However, irrespective of whether the new recruit is of the highest general competence, it will be necessary for him or her to be trained in the laboratory’s methods and procedures. This is not to question an experienced new employee's basic competence, but is principally designed to ensure that the employee is familiar with the quality system, the way tests and calibrations are done and how results are recorded in this particular laboratory. The object is to achieve a maximum of consistency between measurements made by different staff members. The new employee must have his or her competence assessed exactly as for a trainee and must be observed carrying out the procedures for which he or she is to be registered to ensure that the documented procedure is being followed—see section 5.3 below. In the case of a highly experienced new recruit, this assessment of competence may not need to be preceded by extensive training, but there must be a formal familiarisation with the laboratory’s procedures and an opportunity to read the documentation. 5.2.2 Starting the staff records for existing employees Most laboratories starting up staff records will have existing employees with known areas of competence. There is no need to create a retrospective record of training for such persons. The management should prepare an initial list of authorisations for existing staff and should note that they were regarded as competent at the start of the record. There is no need for assessment of competence for existing employees; they will be covered during the first re-assessment of competence—see section 5.7. 5.2.3 Routine operation of the staff records The staff records will become a complete record of the training, promotion, assessment and re-assessment of competence for each employee. Each record needs to show the dates over which the training was given, the identity of the trainer, the identity of the person assessing competence and the date when authorisation to carry out the procedure unsupervised was given. The entries must be confirmed by the laboratory manager or quality manager and must be signed by the employee. The areas of competence listed in the record may be defined in any way suitable to the laboratory’s operations, but for test/calibration methods there should be a direct correspondence between the accreditation scope and the training records. From the Page 32 assessment body’s perspective, there are no grey areas. Either an employee is trained and competent to carry out a test/calibration in the scope or is not. Remember that, especially for new employees, the training must include familiarisation with the quality system and with basic laboratory arrangements, such as sample numbering, storage of samples and the mechanisms for recording data and reporting within the organisation. Where it is possible, objective evidence demonstrating the employee’s competence should be attached. This might be a set of data obtained by the employee on standards or reference samples, or perhaps data which has been cross checked by repetition of the test by a staff member already trained for the procedure. The person assessing competence should sign such data as acceptable and reference should be made to the source of authentication, for example a calibration certificate for a reference material or the data from repeat determinations. 5.3 Staff training and assessment of competence [5.2.1, 5.2.2] Training of staff to carry out particular tests or calibrations must be an organised and formal process. The management must give the responsibility for carrying out the training to a specific person who is already authorised for the relevant test and who will act as training officer. Staff undergoing training must not carry out work on clients' samples or items for calibration except under the direct supervision of the training officer. The training officer must take direct responsibility for the quality of the work and must countersign all worksheets and results in recognition of this responsibility. When the training officer is satisfied that the employee is properly trained, the laboratory manager should be informed. The laboratory manager must now arrange to carry out a competence test on the employee, under direct observation by either the laboratory manager or a suitable senior staff member appointed by the laboratory manager. Ideally, the test or calibration should be on items for which the results are already established, for example references or items previously tested or calibrated. In order to accept the employee as competent to be authorised for the test, the laboratory manager must be satisfied that the documented procedure is being followed, that results and all other relevant observations are being properly recorded and that the results being obtained are correct as judged by the known values and normal quality control checks operated by the laboratory. The general criterion for the acceptability of a staff member’s competence should be that they can be confidently expected to follow the documented procedure and consistently produce data which falls within the laboratory’s known performance band. The laboratory manager may delegate the competence assessment to another member of staff, but this should be an explicit process and the laboratory manager must confirm the delegee’s assessment of the data generated by the trainee. Ideally, assessment of competence should not be conducted by the training officer appointed for the particular training being assessed. However, where specialist areas of expertise are concerned, this may be unavoidable as the training officer may be the only person with adequate knowledge to conduct the assessment. In some quality systems the competence checks are actually assigned to the quality manager as a responsibility. This is perfectly permissible under the standard and has Page 33 much to recommend it, but only if the quality manager has the appropriate technical expertise. In addition to authorisations to carry out tests/calibrations, it may be necessary to have training and competence tests on particular instruments or routine operations. This will depend to some extent on the experience of the staff concerned and should be at the discretion of the management. For example, in the case of junior staff with little or no experience, it is entirely possible that they will require training in the use of basic equipment such as volumetric glassware, balances and thermometers. The onus is on the laboratory to show that its staff are properly trained, and the management should approach all questions of authorisation and competence testing with this in mind. Once the management is satisfied that the trainee is competent, an appropriate entry must be made in the staff records; this should be signed by the laboratory manager or quality manager and, in the case of tests and calibrations, the employee. The entry must be supported by a brief report stating that the employee was observed carrying out the test and giving a list of the operations performed, for example weighing samples, colorimetric measurement, titration, etc. Copies of worksheets or notebook entries completed by the trainee and copies of any instrumental output should be attached. These should be dated and signed by the person conducting the competence assessment. 5.3.1 Multi-level authorisations It is becoming increasingly common for accreditation bodies to expect to see competence assessment being dealt with in a multi-tier system with equivalent multi-level authorisations. In such systems the initial assessment of competence leads to an authorisation to work unsupervised, but the work is then subjected to further checks and, usually, countersignature by a supervisor. Subsequently, a second competence assessment is conducted and, if this is satisfactory, the authorisation is extended to a second level and the checks and countersignature dispensed with. 5.4 Re-assessment of training and competence [5.2.1, 5.2.2] Competence of staff must be regularly reviewed and, normally, re-assessed. The general practice is that the authorisation of a member of staff to carry out a particular test or calibration should be reviewed at least annually. The key reason for the re-assessment is to maintain consistency between data from different workers, so, in disciplines where interpretation by staff is an important input, for example textile testing and some areas of microbiology and histology, assessors may require more frequent re-assessment. Intervals of less than three months between formal re-assessments are unlikely to be required. A useful strategy is to maintain a record which summarises, for each employee, how often they perform a test and whether the data was acceptable or not under the laboratory’s normal quality control requirements. This record has the dual purpose of monitoring competence on a regular basis and checking that the staff member continues to have regular practice in the procedure—see later in this section for further discussion on this point. However, such a record must always be supplemented by a more formal re-assessment as described in the next paragraph. This record can easily be filled in when data is checked before release since the worksheets or other form of recording data must identify the person executing the test. The formal re-assessment should take exactly the same form as the competence test described in section 5.3 above. That is, the employee should be observed carrying out the test to check that the documented procedure is being followed, and results should be Page 34 scrutinised and, ideally, checked by a second person. Alternatively, reference samples can be used. A common strategy for re-assessment is to have the employee carry out one of the determinations which form part of the laboratory’s interlaboratory proficiency test or measurement audit programme. The re-assessment of each employee's authorisation should be planned at the beginning of each year by the management. The re-assessment should be supported by documentary evidence in exactly the same form as described for the competence assessment in section 5.3 above, i.e. a report by the person observing and copies of results and instrument output. If the review is unsatisfactory, the management must withdraw the authorisation pending retraining of the employee and performance of a satisfactory competence test. A laboratory management should always be aware that an employee, although formally trained for a test, might not perform it for a period due to balance of work. Under these circumstances, and depending on the complexity of the operation, it might be appropriate to take the view that the employee’s authorisation should be withdrawn pending a refresher course of training and re-assessment of competence. It is impossible to set hard and fast rules for determining when competence should be regarded as having lapsed; the complexity of the procedure is clearly an important factor. As a rule of thumb, however, any test not performed over the past year would be a reasonable candidate for refresher training. 5.5 Training policy and review of training needs [5.2.2] ISO 17025 contains an explicit requirement that the laboratory have policy and procedures for identifying training needs and providing training of personnel. This requirement is, essentially, focused on identifying the needs of the laboratory rather than on the professional development of individual staff. The annual review of the quality system (see section 4.7) would provide one suitable forum for identifying training needs. Such needs generally arise at one of two levels. Firstly, there is the question of whether existing staff need to be trained to increase their versatility within the current skill base in order to enhance the laboratory’s flexibility and ability to cope with the workload for each test or calibration. Secondly, there is a necessity to consider training needs for any planned expansion of the laboratory’s capabilities. A suitable policy is to review the overall picture as part of the annual quality review, but this should be supplemented by specific reviews at regular intervals by the laboratory manager and the quality manager. In addition to this routine review, whenever there are staff changes, whether due to resignations or new recruitment, a review of the implications of these changes and any resulting training requirements should be made by the management. The other occasion when the management should review training requirements is when the laboratory is introducing new methods or instrumentation. Such changes will, almost inevitably, have implications for training or for, possibly, recruitment of new staff with appropriate skills not currently available in the laboratory. These reviews must be recorded. The record should show the reason for the review, identification of the participants, the date and a summary of the conclusions reached, including any proposed action. Obviously, training needs may become apparent ad hoc; for example the laboratory may have an unexpectedly high demand for a particular test and will need to train extra staff Page 35 to meet the need. The training requirements review is not intended to replace such normal management response but rather to introduce a pro-active aspect into dealing with training requirements. 5.6 Action when employees leave When an employee leaves, the appropriate entry must be made in the staff record. The records for the ex-employee must be retained since they constitute a part of the laboratory quality record and may need to be referred to if data is called into question. See section 3.3.2 for details of appropriate retention periods for records. 5.7 Other entries in the staff records The information discussed so far constitutes the minimum requirement of staff records. The management should feel free to insert any other information on members of staff which is relevant to their competence. This can include copies of reports on their progress in the organisation and records of promotion or experience gained on particular projects. Such entries may be of any format but should be signed and dated by the laboratory manager or quality manager and inserted in chronological order. In some areas, for example non-destructive testing, staff need to hold personal certifications which may be subject to re-assessment or renewal by subscription. Where this is the case, the training record must include details which show that the certification is current, and the laboratory must have a mechanism to check that the renewals or reassessments are carried out as required and are recorded. Page 36 6. Accommodation and environmental conditions [5.3] 6.1 Key questions ¬ Have you considered whether there are any environmental factors in your laboratory which might impact on the validity of tests or calibrations? ¬ Are you conducting any tests or calibrations where the published procedure which you claim to follow includes a requirement for the work to be done under specific environmental conditions, for example temperature or humidity? ¬ If there are such factors, do you have procedures in place to control and monitor them? ¬ Do you have any activities which need to be separated to avoid, for example, cross contamination? ¬ Do you have procedures in place which will create an objective, auditable record that environmental conditions which might affect tests or calibrations are controlled and monitored? ¬ Do you have clear instructions to staff on actions to be taken when conditions move out of specification? 6.2 Some specific considerations 6.2.1 Chemical testing In the case of chemical analysis, the cross contamination between samples and possible environmental contamination of samples are likely to be the overriding considerations. Another concern is that chemical testing requires standards often comprised of pure samples or concentrated solutions of materials which are being tested for at trace levels. It is common to monitor the temperature of chemistry laboratories, although this is rarely necessary. It can be argued that volumetric measurements, in particular, are affected by temperature but, in practice, the variations in modern borosilicate volumetric glassware over a temperature range in which staff will be comfortable is not significant relative to other sources of uncertainty of measurement. The only reason for monitoring the temperature in your laboratory is if data will be affected if a specific range of temperature is not observed. You must then ensure that work stops if the temperature is out of specification. The widely observed practice of monitoring and recording the temperature in the chemistry laboratory every day as an exercise in itself and with no justifiable need for operations to be carried out in a specific temperature range and hence no need for a response to the monitoring results is a pointless exercise. The following general rules should be observed for good practice in general chemical testing work:̇ Provide segregated areas with their own glassware for the storage of standards and the preparation of concentrated solutions. Operate rules to ensure that only very diluted solutions of standards necessary for calibration of equipment are ever introduced into areas where samples are being handled and processed. Take precautions to avoid spillage of standards, for example by carrying them inside double containers. Page 37 ̇ ̇ ̇ ̇ Where samples containing high levels and low levels of the same targets are being handled, for example pesticide formulations and samples for residues analysis, carry out the sample preparation work and, where possible, the instrumental analysis in well separated rooms with their own glassware. Where possible, provide segregated washing up facilities for glassware with segregated uses. If this is not possible, then ensure a management regime such that glassware is not interchanged, for example use clearly labelled baskets to deliver it to and collect it from the washroom. Enforce good housekeeping and tidiness by general management pressure; have a designated time each week for cleaning and tidying the laboratory. Have a system for reporting and recording all spillages. Where foreseeable, have a documented procedure for dealing with specific types of spillage. 6.2.2 Microbiology In the case of activities such as microbiology, the assessors will look very closely to see that the laboratory is designed so that it is easily kept clean and any spillages can be contained and thoroughly cleaned up. Impervious bench tops with good seals against walls and floor and around fittings such as sinks will be expected. Floors need to be continuous sealed surfaces. In practice, microbiology laboratories will need to be airconditioned with split type units and all windows sealed to prevent opening. Entry to the laboratory should always be double doored with a vestibule and changing/washing area. An issue often raised in microbiology is that of whether reference cultures of organisms should be held for control purposes, bearing in mind the danger of contamination of the laboratory by organisms which are the subject of tests on samples. There is no doubt that positive controls are essential, so laboratories have to work with them. The following precautions are needed, however:̇ ̇ ̇ Segregate storage of reference cultures in their own dedicated refrigerators and freezers. Have a segregated area for handling the references, ideally with a laminar flow cabinet. Use dedicated laboratory coats and overshoes/shoes for work in the segregated area. The following will be expected in an accredited microbiology laboratory:̇ ̇ ̇ ̇ ̇ ̇ Clear segregation of samples, references and media storage. Dedicated laboratory coats and footwear with a changing area where staff can wash. A planned cleaning regime for the laboratory, covering benches, floors, windows, light fittings, ventilation grills, air conditioners, water baths and autoclaves. The frequency and actual scope of these activities is a matter of debate between different experts, but accreditation bodies will normally have technical guidance documents specifying their particular expectations. Regular monitoring of the environment with surface swabs and air plates. A weekly regime is typical. Documented procedures for dealing with spillages and records of spillages and action taken. Monitoring of temperature and humidity: limits need not be stringent but humidity above 50% and temperatures above 25°C can lead to problems of mould growth. Page 38 6.2.3 Materials and product testing laboratories Into this category fall activities such as textile testing, leather testing, paper testing and some mechanical and electrical testing. Often the test procedures in these areas require that samples be pre-conditioned and then tested under specified atmospheric conditions. If these conditions are not met, then the test procedure is not being followed and cannot be accredited. Laboratories working in these fields will need to have specialised equipment to control temperature and possibly humidity. Moreover, the conditions will need to be independently monitored and recorded to provide a record that any given test was, in fact, performed under the correct conditions. The best way to do this is to have a continuous recorder, such as a thermohydrograph, so that a chart or computer record is generated which can be archived. Such equipment must, of course, be calibrated. It is not unusual to find laboratories with temperature and humidity control where the control equipment is only operated during working hours. Often such laboratories have a separate atmospheric control cabinet, which is run continuously and where samples are pre-conditioned. This mode of operation is possible in an accredited laboratory but is not entirely satisfactory. Moreover, careful records are required as follows:̇ ̇ The atmospheric parameters must be recorded continuously so that the time when they were in specification is clearly established. The start and end time of each test must be recorded so that it is possible to audit this against the atmospheric condition record. 6.2.4 Calibration laboratories Environmental conditions in calibration laboratories are absolutely key to ensuring that work can be conducted to acceptable and known levels of measurement uncertainty. Most calibrations are affected by temperature and many by humidity. Moreover, calibrations often take considerable time to perform, so stability of environmental conditions is vital to control uncertainty of measurement within reasonable limits. Typically, the temperature of a calibration laboratory must be stable to within at least one degree centigrade and relative humidity to within three units. This requires high specification air conditioning equipment and control systems and careful design of the laboratory. Normal air conditioning systems in buildings are never adequate for calibration laboratories, and dedicated systems with appropriate capabilities need to be installed locally. All doors to the controlled area need to be double and, ideally, calibration laboratories should have no windows, especially in tropical climates. Admitting sunlight places an additional load on air conditioning and, more seriously, may cause hot spots. Temperature and humidity must be monitored continuously by equipment which generates a chart or computer record so that audit is possible. It is also necessary, in calibration laboratories, to maintain the atmospheric conditions continuously. The compromise of running air conditioning only during working hours discussed above, section 6.2.3, for testing laboratories is not acceptable in calibration laboratories. This is because much calibration equipment and, especially, references need to be equilibrated with the laboratory atmosphere so that they are in a stable and reproducible condition. Since many items used, for example reference masses, gauge blocks and standard resistors, are quite massive, such equilibration can require periods of several days of continuous maintenance of the conditions. Page 39 In addition to the atmospheric conditions, other considerations will be relevant to some calibrations. For example, mass calibrations require a vibration free environment, and procedures involving electronic measuring and reference equipment may be susceptible to electromagnetic effects which must be eliminated. 6.3 Access to laboratories and security A laboratory will need to have a policy on access to laboratories by persons other than those normally working there. This includes members of staff, perhaps working in other sections, management and outside personnel, including customers. ISO 17025 has little to say explicitly on visitors to laboratories except that in clause 4.7 (Service to the customer), laboratories are encouraged to allow clients access to monitor the laboratory’s performance in relation to their work, provided confidentiality of work for other clients is not compromised. The key factors to consider when allowing access to laboratories are confidentiality and any factors which might affect the validity of data, for example contamination. There should be a policy which ensures that:̇ ̇ ̇ ̇ ̇ ̇ It is clear who may authorise access to the laboratory by persons other than staff. This will normally be a senior person in the laboratory, such as the laboratory manager. The person giving the authorisation should be clearly assigned the responsibility of ensuring confidentiality is preserved. It is clear which staff from departments of the organisation other than the laboratory and ancillary staff such as cleaners have access. Such access is normally permitted where necessary for efficient working but should otherwise be restricted. Where there are areas needing to be protected from unauthorised access, for example areas where there are hazards for untrained persons or contamination risks, such areas have active controls and that digital locks with restricted access to codes are widely used. Where contamination is a possible issue, for example in microbiology laboratories, any visitors to the laboratory are bound by the same rules about wearing laboratory overalls and footwear as are workers in the laboratory. Any clients or other outside visitors are accompanied at all times when in the laboratory. Some relaxation of this is normally operated with service engineers who may be working in the laboratory for long periods and where continuous supervision is impracticable. The best practice is to ensure that the engineer is advised of the areas of the laboratory where he or she is permitted access. The engineer should also have a clearly assigned person on the laboratory staff to liaise with and who can be approached if the engineer needs access to other areas. It is common to have a signing in system for visitors to laboratories. Often local safety regulations require this. This practice is encouraged since it formalises access although, of itself, it provides no particular barrier. Overall, security of the laboratory is necessary not only to protect confidentiality but also to ensure the integrity of samples and data. There should be a clear barrier between public areas of the organisation and the laboratory and, ideally, a physical barrier such as a door with a digital lock with, possibly, a doorbell for non-laboratory staff wishing to enter. Out of working hours, laboratories should be locked or covered by active security. Samples, in particular, should be separately secured, ideally in locked storage, and data Page 40 should, at least, be tidied away into drawers or cupboards. In the case of laboratories where integrity of samples may be called into question, for example forensic laboratories, this is particularly important and a formal chain of custody for samples may be needed. 6.4 Health and safety Comfort of staff and compliance with health and safety legislation is not an explicit concern of ISO 17025, although some national accreditation standards include compliance with local laws on health and safety as a condition of accreditation. On the other hand, assessors will certainly not be impressed with a dangerous looking laboratory nor one where working conditions are poor. The rules of most accreditation bodies, moreover, allow assessors to refuse to enter areas which they consider dangerous Page 41 7. Test and calibration methods, method validation and quality control [5.4, 5.9] 7.1 Key questions ¬ Do you have a set of methods specified as acceptable for use in your laboratory? ¬ Are they documented to the extent necessary to ensure they are applied properly and consistently? ¬ Does your laboratory use standard methods which are published and widely accepted? ¬ If not, have you evidence to show that the methods you are using are fit for the purpose claimed and acceptable to your clients? ¬ Have you determined the accuracy, precision and, where relevant, the limit of detection of the methods which you use, including standard published methods? ¬ Do you run routine quality control samples and evaluate the results before releasing data? ¬ Do you monitor trends in quality control results in order to anticipate possible problems? ¬ Have you tested your methods and laboratory by use of certified reference methods and/or interlaboratory comparison? 7.2 Choice of method [5.4.2, 5.4.3, 5.4.4] ISO 17025 requires that the laboratory use appropriate methods which meet the needs of the client and, where possible, methods published as national, regional or international standards by reputable technical organisations or in relevant scientific texts or journals. Where it is necessary to employ non-standard methods, these must be agreed with the client and must be fully validated and documented. Laboratories can develop their own methods, but these will have to be fully validated to show that they are appropriate and fit for purpose. In practice, methods used by laboratories fall into one of three categories: ̇ ̇ ̇ Standard methods which are published as standard specifications, for example ISO standards, ASTM (American Society for Testing and Materials) and national standards, or are published in the scientific literature; where laboratories claim these as part of their scope they must be followed precisely without variation from the published specification. The laboratory will not have to carry out full method validation but will have to have data to show that it can achieve the level of performance which the standard specification claims for the method or, failing that, a level of performance appropriate for the purpose for which the measurement is being made. Documented in-house methods which are the laboratory’s own methods; these must be subject to a high level of validation. The accreditation body will need to see the validation data, and assessors will have to be presented with data to satisfy them that the method is technically sound, suitable for the purpose claimed and acceptable to clients. Documented in-house methods based on standard specifications; this category makes up a major part of many laboratories’ scopes since it avoids the commitment of being pinned to the fine print of the standard specification whilst maintaining the credibility provided by the standard specification. Placing an in-house method in this Page 42 category will generally reduce the amount of validation which a laboratory has to do. The degree to which this is true, however, will depend on the extent of the departure from the standard specification. Care needs to be taken, when reporting data from such methods, to recognise the variation from the standard specification. It is also necessary to ensure that clients are aware of the variation and accept the resulting data as still being suitable for their purposes. An issue which often arises is where a standard specification has been revised but the laboratory, or its clients, wishes to continue to use the old version. The general rule is that clients of the laboratory who request a test to a particular standard specification are entitled to assume that the laboratory will use the current version and, if it is using an older version, then they must be informed and advised of the differences. Whether to proceed then becomes the client’s decision. On the other hand, if the client specifies an older version, then the laboratory must respect the client’s wishes, subject to the requirement to draw the client’s attention to any limitations introduced by this choice. Any report must, of course, specify exactly which method was used and note any deviations from the standard procedure. The accreditation body will often be reluctant to allow an older version of a standard method to be quoted on a scope but there is nothing in the current version of ISO 17025 which precludes this absolutely. An out-of-date standard should be included amongst the laboratories documentation only with care, and the document should be clearly marked with details of when it is appropriate to use it, for example for work for a particular client. The laboratory will have to demonstrate to the assessors that there is no danger of the method being used in error as the current version. In cases where a client requests a particular method, ISO 17025 places an explicit onus on laboratories to inform the client when they consider the method to be inappropriate or out-of-date. Of course, the client may still insist on the method in spite of the laboratory’s reservations. In such circumstances the laboratory may proceed but should advise the client, in writing, of the limitations on the applicability of the data which will result from the choice of method, and should reflect its views in any report issued. The laboratory quality manual should have a statement that the laboratory conforms to the policy of using standard methods wherever possible and should quote a list of examples of sources regarded by the laboratory as appropriate to its type of work. There should also be a general policy statement on the laboratory's perception of its own area of expertise. 7.3 Review of requests, tenders and contracts [4.4] The requirement for recorded contract review in ISO 17025 formalises the process of interaction with the client on the selection of a method. The onus is on the laboratory to ensure that, as far as it is possible to ascertain, the client receives a service which meets their needs. Moreover, the laboratory must be satisfied, before accepting the work, that it has the capability and resources to conduct it. In practice, any responsible laboratory will go through this process anyway, but ISO 17025 requires it to be formalised and recorded. The sequence of events in contract review should be something like this:1. A request is received from the client. Page 43 2. The laboratory determines whether the request is clear in that it either identifies specifically the test or calibration procedure required or makes clear the client’s objective in requesting the work. 3. The laboratory identifies whether the requested work is routine, in the sense that it has a validated, documented and appropriate procedure. If the work is identified as routine, then all that is necessary is for the laboratory to ensure that it can meet the client’s requirements on turnaround. There might, though, be an issue here if the work requested involves an abnormally large number of samples, for example. 4. If the work is not identified as routine, then it will be necessary for the laboratory to determine whether it can accept it. This will require an assessment of whether the necessary equipment and expertise is available. A method will also have to be identified and arrangements made to validate it. In the case of work not obviously routine or where instructions are not clear, however, and always on the initial interaction with a new client, a full review will need to be conducted and recorded. This complete process of contract review will normally involve interaction with the client, culminating in the laboratory communicating its intentions to the client and seeking their approval. All of this must be recorded, including notes of telephone conversations, and correspondence attached. The laboratory should have a simple standard pro-forma for recording the steps in the contract review. The pro-forma should identify who conducted the review, the client details and contact information, and details of the work requested, either explicitly or by reference to an attachment such as a purchase order. A part of the pro-forma should require and record an assessment of whether the work is routine, in the sense that it can use one of the laboratory’s standard methods. If work is identified as routine, then the record can stop there, but the pro-forma should provide for further review and records. These should include identification of the capabilities needed to carry out the work: expertise, equipment, method selection and validation, in particular. Finally, there should be provision for recording the client’s approval of the laboratory’s proposed approach to the work. There is no absolute requirement to seek such approval in writing, but the pro-forma should identify who gave approval on behalf of the client and the means, for example in writing, by telephone, etc. The quality manual should document the procedure for contract review and assign responsibility. The key aspect should be to specify who may conduct the initial assessment of whether work is routine or not. It will then normally be necessary to identify who has the responsibility for determining whether a request for non-routine work will be accepted and to assign authority to evaluate and commit the necessary resources. Typically, the laboratory’s normal process for receiving requests or samples from clients will form the front end of the process, and relatively junior staff can operate this system and even contact clients for clarification of unclear requests. However, the decision on acceptance of non-routine or high volume work will usually have to be referred to management. The standard does not require the full contract review process to be conducted every time an individual piece of work is received. It recognises that repeat work from established clients need only be subject to contract review at the initial setting up of the programme or, subsequently, if there are any significant changes. For such repeat work, the requirement to record contract review is satisfied by recording the receipt of the work, the date and the identity of the person conducting the work. Page 44 It is a fairly common situation for laboratories to receive routine samples from regular clients with little or no information included on the work required. The laboratory knows the client, knows what they normally want, and the client assumes this. This can lead to questions from accreditation bodies about how the laboratory communicates the clients’ usual requirements to staff receiving and processing samples and, especially, how any changes in the clients’ requirements are communicated. The best way to cover this is for a laboratory to have a set of documents in the sample reception office which show the current requirements for each regular client. These can then be referred to by staff. Such documents will form part of the controlled document system and are updated as necessary when client requirements change. It may be necessary to revisit the contract review during the work if any significant amendments are required, perhaps as a result of changes requested by the client or, more commonly, as a result of problems with the test or calibration items themselves. The laboratory is under an obligation to inform the client of any deviations from the contract and to obtain approval. This must be recorded. A final note on sub-contracting: contract review is required even if the laboratory subcontracts work. In this instance, the review will involve the selection of an appropriate sub-contractor and agreement with the client to the sub-contract. See section 15 for further discussion of sub-contracting. 7.4 Method validation [5.4.5] 7.4.1 What is method validation? Method validation can be seen as a two stage process, with the stages roughly equating to the somewhat outmoded concepts of establishing precision and accuracy. In the first instance, the laboratory needs to establish the extent to which it can reproduce measurements and hence show that it can deliver consistent data within known limits. This is only the first phase, however, since a laboratory which can reproduce measurements well might still have a bias in its data. It could, so to speak, be consistently wrong. In order to address this issue, the laboratory will have to look outside and test itself against agreed reference points. In calibration, the equivalent to method validation is the establishment of the ‘best measurement capability’. This is a measure of the smallest measurement uncertainty which the laboratory can achieve for the specific calibration under ideal circumstances. Clearly the reproducibility of the measurement is a key factor in limiting the best measurement capability, but there must also be a test to establish whether there is any bias which will also impose limitations. The ‘ideal circumstances’ referred to above pertain to a situation where the only source of uncertainty is that arising from the calibration procedure and references, and where there is no contribution from the item being calibrated. Clearly this represents a practically unachievable ideal, but it is a useful concept in that it sets a lower limit on the uncertainty of the calibration. Any real calibration must have an uncertainty of greater than the best measurement capability. 7.4.2 Extent of method validation The key to determining how much validation is needed for a method is to be found in the ‘fit for purpose’ requirement. The onus is on the laboratory to show that the method as applied by it is suitable for the purpose claimed or demanded by clients. If the laboratory has devised the method itself, then adequate validation might well be a very complex and involved process requiring a demonstration of the scope of Page 45 applicability of the method in terms of samples and numerical range, selectivity, robustness in use, accuracy, precision, bias, linearity, detection limit and any other relevant characteristics. If the method is a standard published method, however, most of these factors will already have been investigated and specified as part of the method documentation. However, whatever the origin of the method, some validation will be required to establish that the performance of the method in that particular laboratory is satisfactory. Even if typical accuracy and precision data is published with the method, and the method is followed precisely as written down in the literature, a laboratory cannot automatically assume that it will reproduce these figures. There is no guarantee that the laboratory’s skills or the performance of its instruments are of the same standard as those used to generate the standard validation data. The laboratory must always test its own capability directly. Assuming the method is being applied to the same types of samples and in the same measurement range as specified in the published method, then, as a minimum, the laboratory has to determine what its precision and accuracy are for the method and, if relevant, any limit of detection. 7.4.3 Relationship between method validation and quality control Method validation is typically an exercise undertaken when a laboratory devises or adopts a method. Having established the performance characteristics of the method, it is necessary to put measures in place to ensure that the demonstrated performance is maintained in routine use and to detect deviations from the ideal performance. These measures are generally encompassed by the term quality control. Quality control is a discipline-specific activity but, in general terms, the ideal approach to it is to have samples or calibration items available for which the expected result is known. These are passed through the test or calibration process along with normal items for test or calibration and the data generated from the controls is compared with the expected values. Approaches to quality control and the evaluation of quality control data are discussed further in section 7.5. 7.5 Assuring the quality of test and calibration results [5.9] 7.5.1 Use of certified reference materials An important way for methods to be calibrated by laboratories is the use of certified reference materials (CRM). A CRM is a sample for which the test results are firmly established and agreed, ideally on an international basis. They are sold by some national standards bureaux and similar organisations and usually verified by highly respected reference laboratories or by interlaboratory calibration. Acceptable procedures for certification of reference materials are detailed in ISO Guide 35:1989, Guide to general and statistical principles for the certification of reference materials. This source also contains much information that can be equally applied in the production of in-house reference materials. The effective use of certified references and the evaluation of data generated by their use is covered by ISO Guide 33, Guide to the use of certified reference materials. A laboratory which wishes to calibrate its methods can periodically check its performance by testing the CRM and so establish traceability. Laboratories which are able to achieve correct results with the CRM should, in theory, agree on any other test for the same parameters in the same matrix. Page 46 In order to be effective, a CRM must be typical of the samples which the laboratories are testing on a routine basis. A method for effluents will, ideally, require a CRM which is a typical effluent. Needless to say, CRMs must be stable and highly homogeneous as well as of established composition or properties. This is readily achieved in some areas, such as in the chemical analysis of alloys, the measurement of physical properties such as mass, dimension, etc., and with some geological samples, but things are not so simple in other areas of testing. Materials testing, for example, often presents a particular difficulty since samples are usually totally destroyed in testing. The best that can be achieved here, therefore, is to have a large number of samples from the same source, for example cut from the same plate of metal or drawn from the same concrete mix, and to test a statistically significant number to arrive at an agreed figure for the whole batch. Microbiology provides a different sort of problem since sample stability is virtually impossible. However, in microbiology there are, at least, certified reference cultures which provide a definition of particular organisms so that laboratories can verify that their test systems are adequately selective. Some moves are in progress which it is hoped will lead to the ability to prepare quantitative microbiological references. These are generally based on the impregnation of cultures onto plastic supports of controlled surface porosity. Where certified reference materials are not available there are several alternative strategies, but the main approach is participation in interlaboratory proficiency exercises—see section 7.5.5. Such schemes, at least, give a laboratory a measure of its data relative to other similar laboratories and, if organised properly, provide a very effective alternative to the use of certified references. Accreditation bodies will generally expect participation in appropriate schemes but, where certified references are available, these will be expected to be used as well. Many basic test methods, especially in analytical chemistry, are intrinsically traceable. There is no need to have a certified reference for most titrations, for example. Here, traceability is provided via the calibrations of the balance and volumetric apparatus. The purist may argue that certification of the purity of the reagents which are weighed or measured is necessary but, provided the origin of the compounds is known and they are of known specification, it would be a harsh interpretation of the standard to insist upon this. 7.5.2 Use of spikes [5.9] Spikes are widely used for method validation and calibration in chemistry and microbiology. They provide a reasonable alternative to certified references, if the spiking material is adequately authenticated, ideally by certification of its purity. On the face of it, a spike has the advantage that the laboratory can spike into a matrix which is absolutely typical of its normal sample stream. The counter argument is to question whether a material spiked into the sample artificially is really present in the same distribution and speciation as the actual target. The strength of this argument depends on the matrix. A metal ion spiked into a water sample might well be regarded as a valid approach, but a pesticide spiked into a food sample may be questioned on the grounds that the pesticide in real samples was, perhaps, systemically absorbed by the crop used to make the food and so may be bound into the cell structure. However, in complex matrices the spike may be the only alternative, however imperfect it may be suspected to be. A spike is generated by taking a real sample and adding a known amount of the target in question. Ideally, the base sample for the spike should have little or none of the target Page 47 present before spiking. If this is not possible, the spike level should be large compared to the natural level present. Of course, the natural level must be known in this instance. The spike must be thoroughly mixed and distributed homogeneously throughout the matrix. available. The spike does not provide true traceability but it can be reasonably assumed that laboratories which are able to demonstrate good recoveries of spikes have good accuracy and hence will tend to agree. The use of spikes is especially important where laboratories are carrying out tests in complex matrices which may affect the results. Examples are water analysis where matrix effects are common and microbiology where components of the sample may well affect the viability of organisms. The spike, at the very least, demonstrates that the laboratory would detect the material or organism being sought if it were present. 7.5.3 References in calibration The process of calibration involves the direct comparison of the item to be calibrated against a reference. It is, therefore, the reference itself which provides the guarantee of accuracy, and so it is critical that the reference itself is maintained and checked regularly. This will often only be possible by sending the reference for calibration. However, in many instances, the calibration laboratory can work with a hierarchy of standards whereby a reference standard is maintained and used only for occasional checks on working standards. In calibration of balances, for example, this is common. The laboratory will have a reference set of masses and, possibly, several working sets which are compared with the reference regularly. The reference is, perhaps, calibrated externally annually. 7.5.4 The use of quality control samples [5.9] Quality control samples are used in exactly the same way as spikes and CRMs. They are merely samples for which the laboratory has established values and acceptance limits. They are tested along with unknown samples as a performance check. The laboratory may establish the values of the analytical quality control samples by repeated testing, but they should, ideally, be confirmed by at least two other laboratories. If possible, quality control samples should be calibrated against CRMs. In this instance they become transfer standards, and the quality control sample provides traceability. This strategy is frequently adopted when expensive CRMs are needed since the laboratory can use the quality control sample routinely and check it only occasionally against the expensive CRM. ISO Guide 35 is a useful source of information on procedures for validating in-house quality control samples and confirming their homogeneity. Although, strictly speaking, the Guide is intended to refer to the production of CRMs, similar principles apply to the production of in-house reference materials for use as quality control samples. As with the spikes, quality control samples which are not calibrated against CRMs do not provide traceability in themselves but demonstrate consistency of performance on the part of a laboratory. Such consistency, when combined with satisfactory results from interlaboratory exercises showing that the laboratory normally agrees with its peers, comes a very close second to establishing true traceability and is, in many situations, the only possible option. Page 48 The laboratory will need to have a policy on the use of quality control samples and for evaluating and responding to quality control results. Guidance on this is given in section 7.6. 7.5.5 The role of interlaboratory comparison [5.9] Laboratories using spikes and other forms of analytical quality control samples are effectively monitoring the consistency of their own performance. They should have a very good picture of their internal reproducibility. If they perform well on spikes and on any CRMs, they have also every reason to believe that their results are accurate. Nonetheless, it is in the interest of any laboratory to test this assumption from time to time by exchanging samples with other laboratories and comparing results. Such exercises are a very effective extension to the internal quality control programme of laboratories. They also provide an element of traceability when CRMs are not available since the more laboratories agree on results and the wider the range of samples on which they agree the more certain everyone can be of the accuracy of the collective results. This is further reinforced if agreement spans several analytical methods for the same determinand. Interlaboratory studies may be informal, in that a group of laboratories will exchange samples on an ad hoc basis, or may be formal exercises organised by a third party who circulates performance indicators. Irrespective of how it is done, the crucial part of the exercise is that the laboratory uses the data. This means reacting positively to any results which indicate that it is not performing as well as the other participants and carrying out remedial action. Participation in appropriate interlaboratory proficiency schemes will normally be required by accreditation bodies, and some bodies actually operate their own schemes. Although interlaboratory comparison is listed in ISO 17025 as only one of several quality maintenance options, most accreditation bodies will insist on its use wherever possible. If there are schemes available in a laboratory’s sphere of activity or opportunities for ad hoc exchanges with other laboratories operating in the field, the accreditation applicant will have to provide good reasons to the accreditation body for not participating in these activities. The accreditation body simply sees inter-comparisons as the most stringent test of a laboratory and wants to see the laboratory subject itself to such a test. The recently changed world security situation has resulted in severe difficulties in shipping samples for proficiency testing across national boundaries, especially by airfreight. This has, unfortunately, coincided with an increase in the insistence, by accreditation bodies and particularly by the regional laboratory accreditation conferences, on proficiency testing as an activity for accredited laboratories. As a result it is becoming almost essential for any national accreditation body to ensure that adequate proficiency testing is available within the country before it can seek international recognition through MRAs and conference membership. Accreditation will not normally be conditional upon any particular level of performance in interlaboratory comparison, but what will be required is for the laboratory to have a documented procedure for evaluating the results from its participation and for responding to any problems revealed. There must also be records showing that the results were evaluated and what action was taken to remedy problems. The accreditation body will not withdraw accreditation on the basis of isolated instances of poor interlaboratory proficiency performance. However, if a laboratory is consistently Page 49 failing in proficiency testing and not taking effective corrective action, accreditation will certainly be jeopardised. In the case of calibration laboratories, it is usual for accreditation bodies to organise interlaboratory comparisons. These are normally referred to as measurement audits. 7.5.5.1 Procedure for evaluating performance in interlaboratory comparisons This activity must be formal, as noted above. A suitable approach is for the senior laboratory staff to meet and to evaluate performance. The evaluation should consider the laboratory’s known uncertainty of measurement. Whenever the laboratory determines that the result which it has returned differs from the expected result or from the mean obtained by other participating laboratories, then an investigation to establish the reason for the problem and the initiation of appropriate corrective action is called for, together with measures to check that the corrective action was effective. See section 4.8 for discussion of corrective action. The meeting should be minuted and the agreed action and its expected outcome, recorded. Even if the meeting concludes that the laboratory’s performance was satisfactory, a record must be made. The accreditation body will expect to see a file of the reports on interlaboratory comparisons and, with each report, a record of evaluation of the data (the meeting minutes) and a report on any corrective action. 7.5.6 Other methods for assuring confidence in results [5.9] In the case of many methods, neither certified reference materials nor effective spikes are available. There may, however, be what are often referred to as consensus standards, recognised by all parties concerned. These would include many industry standards, such as those used in, for example petroleum source rock analysis or colour fastness measurements. Such standards may not be traceable in a strict sense but are used to ensure consistency of data within the industry sector and hence form a basis for agreement when testing against product quality standards. There is another approach to testing that is also recognised as a means of providing confidence in results, a well established one in analytical chemistry: determinations by different methods which lead to comparable answers, which are generally persuasive. Repeat determinations are also used to provide confidence in results. Such confidence may be misplaced since errors may be repeated, especially systematic errors resulting from poor design of the system or errors in making up reagents. Where repeat determinations can be valuable is if samples are retained over a relatively long timescale and then resubmitted, ideally blind to testing personnel, to check the consistency of the data. Correlation of results from different characteristics of an item is also mentioned as a quality assurance method in ISO 17025. The extent to which this is relevant will depend not only on the type of testing being carried out but also on whether the client has requested a range of tests rather than an isolated test. There is no explicit requirement for the laboratory to do additional tests to provide data for such correlations. Most laboratories will scrutinise data in this way where they can, for example in water analysis to confirm pH, the hardness, alkalinity, conductivity and dissolved solids present a consistent picture. This type of scrutiny should, however, be systematised and there should be guidelines in the methods documentation on the criteria to be used in the assessment so that it is made consistently. Page 50 7.5.7 Reference methods In the case of some determinands, different methods may give different results. This may arise because all of the available methods are more or less imperfect or because the method effectively defines what is measured. BOD is an example of the latter, and BOD5 at 20oC with measurement by Winkler titration is generally accepted as the definitive method. Many food proximate analyses also fall into the same category. Measurements of ‘fat’ or ‘fibre’, for example, are clearly method-dependent since they do not measure precisely defined chemical species. If ‘fat’ is determined by weighing the material extracted with pentane, for example, the definition we are adopting for ‘fat’ is that material which is extractable by pentane. In these cases, the ‘correct’ result is defined in terms of a reference method which is tightly specified, and traceability effectively means traceability to the reference method. Laboratories using methods other than the reference method should calibrate them against the reference method from time to time and would be under an obligation to demonstrate that any method which they choose to adopt gives data comparable to that from the reference method. Even where targets are clearly defined, it may be necessary to agree on a reference method. This will arise when there are several methods which typically return different results. Ideally, the technical problems implied by the inconsistency between methods should be resolved, the best method chosen and the rest discarded. Sometimes, however, it is not possible to come to a definitive answer on which method is technically superior and, especially where enforcement is the issue, one method is more or less arbitrarily defined as giving the correct result in order to solve the impasse. Under these circumstances, interlaboratory calibrations are essential since the method defines the reference values and this is meaningless unless all participating laboratories are able to produce results which agree when all use the reference method. 7.6 Application of quality control and managing response to results [5.9] Laboratories have traditionally approached quality control by including items of known properties in each test or calibration batch and evaluating the results against defined criteria to decide whether the data for the batch should be rejected or accepted. This approach has the virtue of simplicity and, provided the accept/reject criteria are set properly, it will defend the laboratory’s contention that released data continues to meet defined performance characteristics. However, if a laboratory only uses its quality control data in this fashion, it is failing to make full use of it. A laboratory might have a situation where all quality control samples are producing data which falls within the acceptance limits but always on one side, for example they may be consistently high relative to the expected value. This situation bears investigation since there should be a random scatter about the expected value. This bias, therefore, gives an early warning of a problem with the test or calibration system. What is really useful is that the problem has been detected before data is compromised. Increasingly, assessors expect laboratories to make use of their quality control data in this fashion. Paragraph 5.9.1 of ISO 17025 makes explicit reference to recording data in such a way that trends can be detected, which strongly implies the use of control charts. The Page 51 next section gives an introduction to the use of control charts which might be adopted by a laboratory which is new to the area of statistical quality control. 7.6.1 Statistical quality control and preventive action [5.9, 4.12] There should be an active co-ordination of quality control with a regular review of performance, and records should be kept of the results of reviews and of any action taken in response. This should provide a mechanism for anticipating problems with methods before they affect quality and as such is an important contribution to preventive action. See section 4.9 for further discussion of preventive action. The management should collect together the results from quality control samples for each method and plot the data on a control chart. The most common control chart format is the Shewhart, chart where the difference between the expected and found values for the quality control samples is plotted against time. The Shewhart chart (see next page) gives a general visual indication when any systematic drift in the values returned by quality control samples is setting in. A method which is being used under control should show a random distribution of the actual values about the expected result, and any trends developing which suggest a bias should be investigated. It is usual to mark the control chart with a warning limit at two standard deviations (2σ) and an action limit at three standard deviations (3σ). The standard deviation is generally derived from the performance data determined at method validation. The laboratory should, wherever possible, have a documented policy for deciding when the chart indicates a condition where the method should come under investigation, and this policy should be expressed quantitatively so that it will be applied consistently. In setting the rules for a particular method, the following widely accepted practice should be borne in mind. ̇ ̇ ̇ ̇ Approximately 5% of results may be expected to fall outside the 2σ warning limits. Any result outside the action limits requires investigation. Two consecutive results outside the warning limits need an investigation. A consistent run of successive results on the same side of the expected value should be investigated. It is widely accepted practice that a run of eight such successive results triggers an investigation although many laboratories would feel the need to respond rather earlier than this. Consideration should be given to updating the control limits at regular intervals. If the method is consistently delivering data inside the current warning limits, then this may indicate that the uncertainty being achieved in practice is improving relative to the data generated at validation. Conversely, if the method is slipping out of control too often, this suggests that the validation data is presenting an optimistic picture. Page 52 Shewhart Control Chart 1.9 Action Limit +3σ X 1.6 X X X Warning Limit +2σ X X X X X X 1.0 X X X X X X X X X X X X Date of test X X X Expected value 0.4 Warning Limit -2σ 0.1 Action Limit -3σ A common rule of thumb is to review the data every sixty points. If 1-6 (inclusive) points are found outside the 2σ limits, then the indication is that the limits are satisfactory. If more points are found outside, then the limits are optimistic and either they should be revised or the method investigated in order to bring it back to a level the performance required. If no points are found outside 2σ, then new limits should be set reflecting the enhanced performance. Some laboratories take the view in this last case that they will not reduce the limits since this will result in increased rejection of data. In these circumstances, the decision on whether to revise to tighter control limits will be determined by whether the un-revised limits are acceptable in the sense that they indicate that the method is fit for purpose. 7.6.2 Frequency of quality control checks [5.9] There is no simple answer to how frequently quality control items should be run. The trite answer is as often as necessary. A general rule of thumb is that they should be included at a minimum rate of one quality control item in twenty but ideally one in ten. Experience of a method in a particular laboratory may indicate that more frequent checks are required. In the case of methods which involve batch treatment of items, at least one quality control should be present in each batch. Some items can be tested or calibrated in duplicate as a check on the reproducibility of the method. It is far more useful, however, to expend the same effort in testing another Page 53 quality control standard since this not only checks consistency but also gives information on overall error. A method which can only be controlled by a high frequency of quality control checks should be looked at very carefully and seriously considered for replacement by a more stable method. 7.7 Documentation of methods [5.4.1, 5.4.4] Irrespective of whether the method is in-house or standard, the staff must have documentation to enable it to be applied properly and consistently. In the case of standard methods, this may be covered by providing staff with access to the standard specification. It will, however, normally be necessary to supplement this with instructions on the use of particular models of instrument and also with information on local quality control regimes and the quality control data to be collected. Another common situation where supplementary documentation is likely to be required is where a standard specification requires choices of procedure, based, for example, on sample or calibration item type. The laboratory must ensure that the option chosen will be selected consistently irrespective of the person doing the selecting. It may, therefore, be necessary to provide guidance on how to make the choice in the supplementary documentation since standard specifications are frequently less than explicit in this area. In-house methods will need complete documentation; section 7.8 contains a suggested format. This can also be used as a checklist for determining whether published documentation is adequate. If it does not cover all of the points noted in section 7.8, then any omissions will need to be provided for in in-house-generated documentation. Where the method is an in-house method based on a standard specification, there will need to be documentation specifying the variations from the standard and crossreferring to the specification. All the documentation of methods must be issued as controlled documents. This is typically done by compiling a methods manual consisting of in-house methods documentation, any supplementary documentation for standard methods and a list of standard methods used by the laboratory. The methods manual should also contain information on where the standard specifications can be found in the laboratory. It will normally also need to refer to the appropriate instrument manuals and instructions. 7.8 Suggested format for in-house methods documentation [5.4.4] Each page of the method must show the method number, the date of first issue and the date of the current version. Pages should be numbered in the format Page....of.... The method number is of critical importance since it provides an unambiguous identifier for the method. A suitable arrangement for the page header is: Method No. M/0001 Page 1 of 10 First issued: February 1066 This issue: March 1993 The following sections should be included in the documentation except where the quality manager decides a section is inappropriate. Page 54 7.8.1.1 Title The title should be brief but must include a reference to the property to be measured or the calibration objective. 7.8.1.2 Scope This should clearly identify the range of items to which the test or calibration is applicable and any limitations on the range of any parameters which are measured, for example suitable for measuring lead in wastewaters in the range ... to ....ppm. 7.8.1.3 Principles of the method A brief description of the principles behind the measurement or calibration must be given; for example a coloured complex is formed between the metal ions and dithiazone. The concentration is determined by comparison of the absorbance of the solution at 259nm with the absorbance produced by solutions of known concentration. 7.8.1.4 Sample requirements for test methods The type of sample to which the test can be applied must be noted here. This section also contains instructions for any special sampling techniques, sample handling and preservation, sample preparation or pre-treatment required. Alternatively, it can refer to other documents in which these procedures are described. 7.8.1.5 Materials Any materials or consumables used by the method must be specified together with any required standards of purity or performance. Any quality checks on reagents must be described or the method for carrying out the checks must be referred to. Avoid referring to specific suppliers or products in this section, unless the source is critical to obtaining the correct quality of material, otherwise you run the risk of having a non-conformance merely because your usual supplier had no stocks and you used an alternative. If you think that giving a supplier is useful to staff, then use a form of words such as: High performance liquid chromatography column, reversed phase ODS silica, 10cm, 5 mm i.d. A suitable product is Chromatography Supplies Cat. No. LC/98765/ODS. 7.8.1.6 Equipment and calibration A brief description of the equipment must be given, with instructions on whether calibration is required before each use and how this calibration is to be carried out. Calibration instructions need not be explicitly included in the method, but a reference to where they can be found is then essential. Routine calibration as described in the equipment log need not be covered here; only such calibration as is part of the method need be included. Instruction to check that calibration markings and labels are up to date is a wise precaution, however. Reference standards, including any certified reference materials, required for calibration should be specified. It is also appropriate here to specify any quality control standards used and to indicate the basis of their calibration, for example by checks against certified reference materials. 7.8.1.7 Setting up and checking Instructions for setting up the equipment must be given here, followed by instructions for any checks required to confirm that the equipment is operating properly prior to use. The criteria for passing the tests must be given and instructions included on the information to be recorded about the tests. Page 55 It should be clear from this section what action is required when check criteria are not met. This need not be a detailed description of how to remedy particular problems but might refer to a manual or merely instruct the user to refer the problem to, for example the laboratory manager. 7.8.1.8 Environmental factors Any environmental variables which should be taken into account or measured and recorded as part of the test or calibration must be noted. This would be relevant, for example, in the case of most calibrations and in materials testing where certain ambient temperature ranges may need to be adhered to for the test or, possibly, the temperature of the test may need to be recorded in the report. 7.8.1.9 Interferences Any interferences, for example spectral, chemical, physical, etc., which might affect the results should be detailed with any precautions to be taken to minimise such effects. 7.8.1.10 Procedure A detailed description of the procedure must be given, including any quality control measurements required, for example duplicate or reference measurements. The level of detail is difficulty to specify for any particular type of test or calibration but the assessors will have to be satisfied that the description defines the procedure adequately to enable it to be carried out in a consistent manner by different staff. You can, of course, assume that staff have been trained. There is no compulsion to attempt to produce a description that could be followed by a raw recruit. 7.8.1.11 Recording data This section must give precise instructions on the data to be recorded from test/calibration items and for quality control. The format of any tables for results must be specified. Where worksheets are used, an example should be included with specimen data filled in. 7.8.1.12 Calculations Full details of any calculations to be carried out must be included, with instructions on how calculations are to be checked, for example by a second person. Where calculations are done on a computer, for example by spreadsheet, there should still be a description of the calculations required and a clear identification of which sheet is to be used, for example file name. 7.8.1.13 Quality assessment This section must specify precisely the criteria to be used to judge when results meet the necessary quality standards. This may include details of the correspondence required between duplicates or the values required to be returned for quality control. The objective, again, is to achieve consistency. There should be enough detail here to ensure that any person using the guidelines will come to the same conclusions. This normally means defined quantitative criteria or reference to rules for interpreting statistical quality control data. Instructions on the response required to a failure in quality control must be given. This may simply be a requirement to re-run the test or calibration. Where this is not technically possible, it will normally be necessary for the laboratory manager to make a decision and, in most instances, to contact the client. Page 56 7.8.1.14 Performance characteristics (uncertainty) The known performance characteristics of the method should be given. This will generally be determined when the method was first validated but, where values are subject to review as part of the quality system, it may be necessary to refer to another document, for example records held by the laboratory manager on current performance. Either the uncertainty of measurement must be specified or instructions provided on how this is to be calculated in any particular instance. 7.8.1.15 Reports The data to be included in the formal report which will be sent to the client must be described. This section should include details of the units to be used and any qualifiers to be added to reports, for example uncertainty estimates. This section is not necessarily relevant to the person actually carrying out the test but is necessary in order to have a complete specification of the test for audit purposes. 7.8.1.16 Safety Any safety precautions to be taken and any hazards known to be associated with the method must be specified. An ISO 17025 assessment does not deal with safety, but the inclusion of safety information in methods is generally regarded as good practice. 7.8.1.17 Site use Where methods are carried out on site, any special precautions needed to ensure that data is valid must be noted. This should include checks on instruments or references to confirm that they have not suffered in transit. If site checks are not possible, then the equipment should be checked before leaving the laboratory and immediately upon its return. 7.8.1.18 References Reference must be made to any standard specifications or published methods of relevance. Any manuals, technical documents or other relevant sources of information must be listed. 7.8.1.19 Authorisation The signatures, with dates, of the laboratory manager and the quality manager, with dates, accepting the method for use, must appear. The laboratory manager is responsible for ensuring that the method is technically sound and that all relevant validation has been carried out and evaluated. The quality manager will normally carry out a check to ensure that all of this has been done and will, in addition, check that the level of documentation and its content complies with the requirements of the quality policy as expressed in the quality manual. 7.9 Authorisation to deviate from documented procedure [4.1.5] It is inevitable that occasions will arise when the documented procedure cannot be followed exactly. This normally happens when samples or calibration items are untypical and technical adaptations have to be made. This is not a problem provided that the decision to deviate from the documented procedure is made by an appropriately qualified person and that the details are recorded. If relevant to the interpretation of the results, the deviation must also appear on the report. In practice, all such deviations are likely to be relevant and so need to appear on the report except in clear and exceptional circumstances. Page 57 The laboratory must document in the quality manual who is authorised to approve deviations from standard methodology. This should normally be at the level of professional staff or even the laboratory manager. The objective should be to ensure that the decision is not made by a junior staff member who may well not understand the full technical or service implications. The person authorising the deviation should be made responsible for ensuring that the necessary records are made. Consideration should also be given to whether a deviation needs to be discussed with the client as part of the contract review requirement—see section 7.3. This will normally only be necessary where the deviation affects the utility of the data, for example when it calls into question whether the test method can still be regarded as complying with a standard specification. Page 58 8. Equipment [5.5] 8.1 Key questions ¬ Do you have a system for commissioning equipment and verifying its performance and calibration before it is used for test or calibration work? ¬ Do you have a plan for periodic calibration and verification of the performance of all equipment which affects the validity of measurements? ¬ Do you have records showing that this plan is followed and which enable the status of any equipment to be verified at any point in its history of use? ¬ Is equipment subject to regular checks or calibrations labelled so that its status can be seen immediately by users? 8.2 Equipment records [5.5.5] ISO 17025 effectively requires a complete history of each piece of equipment. This should start with details of the checks and calibrations carried out before the equipment is placed in service and continue with a detailed record of all calibrations, repairs, routine maintenance and performance checks. In this context, ‘equipment’ should be understood to encompass any items which may affect the validity of measurements or calibrations, including reference standards of measurement, such as standard weights and reference thermometers. The best way to keep these records is to institute an equipment log for each item which is, ideally, kept in the laboratory next to the appropriate equipment. In some cases, it may not be practical to keep the log next to the equipment, but it should be close by and readily accessible. Experience shows that maintenance actions are more likely to be recorded if the log is at hand. If staff have to look for it, they may put off making the record and perhaps forget altogether. In addition to the logs for each piece of equipment, the management should hold a master list of all of the equipment. There is no absolute requirement to issue a number to each piece of equipment, but this is strongly recommended, especially when several units of the same type are in use. Unique numbering of equipment by the laboratory avoids confusion. Serial numbers issued by manufacturers can be used, but these are often long and cumbersome and frequently not easily accessible. 8.3 Commissioning of new equipment [5.5.2] All new equipment must be checked for correct functioning before being placed in routine service. This should include checks against the manufacturer's specifications and checks to confirm that the equipment gives satisfactory results when used to make the measurements for which it is intended. Where equipment needs calibration, this must also be done before it is put in service. In this context, note that the fact that a piece of equipment is new does not mean it does not need calibration. Unless it is actually supplied with a certificate showing traceable calibration, it must be calibrated before it is used for the first time. Additionally, note that some pieces of equipment, for example balances, must be calibrated in situ, so even if these are shipped with a factory calibration certificate, calibration after installation and before use will be essential. Page 59 Where the equipment replaces or duplicates existing equipment, the checks should include a comparison of the results from each unit to establish the variations which might result. The basic details of the equipment and a report on the commissioning checks should be recorded as part of the equipment log. Supporting evidence such as results and instrument output should be attached. The laboratory manager should approve the checks and sign to accept the equipment into service. Equipment undergoing trials must either be segregated or clearly labelled as not to be used so that there is no possibility of its being inadvertently used for routine work until it is formally accepted. ISO 17025 paragraph 5.5.5 gives a list of information which must be on record for each piece of equipment. This information should appear as the initial page of the equipment log. 8.4 Service and calibration schedule [5.5.2] Before introducing any piece of equipment into service, the management should decide upon a service/maintenance, calibration and performance checking schedule. This will normally be a combination of service from the supplier and in-house checks and calibrations. There is no need to have outside service or service contracts, but there would be a general onus on the laboratory to satisfy any assessors that the arrangements are adequate to ensure proper and reliable functioning of the equipment. The proposed regime should be recorded in the equipment log and approved by the quality manager or other identified person as being technically acceptable and compatible with the quality policy. Having a definition of the proposed service/calibration schedule easily accessible in the log makes auditing easy since the proposed regime can be quickly checked against the actual records, which are also in the log. Servicing and preventive maintenance should be as recommended by the manufacturer who may also be able to carry out calibration checks and adjustments. Section 9.5.2 below deals with strategies for deciding on calibration intervals. Whichever strategy is used, the approach should be conservative in order to pick up any calibration problems before they affect data quality. In-house checks on equipment should be scheduled to cover the gaps between any service visits and calibrations. Some equipment is effectively checked each time it is used by means of reference samples which are run as part of quality control. Maintenance and calibration are then carried out on an as-needed basis when these checks show a performance deterioration. This is a perfectly legitimate strategy provided that the results from the reference samples are recorded either in the equipment log or along with the analytical data. Do not, however, lose sight of the fact that such checks can conceal underlying deterioration in performance. For example, a colorimeter may give perfectly acceptable results even if its wavelength calibration has shifted provided it is calibrated with the standards at each use. However, if you are no longer taking the reading at the absorbance maximum, your detection limit will certainly be degraded and precision will also suffer in most instances. Gas chromatography detectors can be coerced into performing by turning up the amplification, but this does not alter the fact that, as the detector becomes dirty, detection limit, signal to noise and dynamic range performance will be degrading. Page 60 For this kind of reason, most equipment will require some formal checks even if it is effectively checked with the standards at each use. 8.5 Responsible persons It is a good idea, especially in larger laboratories, for the management to appoint an individual to be responsible for each piece or class of equipment, and this person should have a deputy. The responsible person will have a watching brief over the equipment and will be responsible for ensuring that the necessary maintenance, calibrations and checks are carried out and recorded. 8.6 Routine operation of the equipment log [5.5.5] Every action taken—supplier's service, in-house trouble shooting, routine checks, etc.— must be recorded in this equipment record. Any supporting documentation, such as service reports, calibration certificates and output from performance checks, should be attached to the record. This document should become a complete history of the equipment so that its state of calibration and performance at any point in time can be demonstrated. 8.7 Other components of the equipment log [5.5.5] In addition to the records, the equipment log can usefully contain, or be kept with, a copy of operating procedures for the equipment, including the manufacturer's manual. If it is not practicable to keep this information as part of the equipment log, then the Log should give the location of the operating instructions and manuals. In cases where equipment operation is described adequately in the methods documentation, there is no need to repeat this information in the equipment log. 8.8 Smaller items of equipment All equipment which affects the validity of measurements will have to be recorded, but for smaller items it is not essential to have a full equipment log. Examples would be such things as thermometers, volumetric glassware, timers and even balances. In these instances, a composite log covering, for example, all of the laboratory’s thermometers, would be appropriate. 8.9 Equipment labelling and sealing [5.5.4, 5.5.12] Each piece of equipment which is subject to regular checks or calibration should carry a conspicuous label which shows the date when it was last checked or calibrated and the date when next due. This should be signed by the laboratory manager or the person responsible for the calibration. The staff should be instructed, via the quality manual, that they must not use any equipment where the label shows that it is overdue for a check or calibration. Where there are limitations on the calibration of equipment, for example if it is not calibrated over its full range, there should also be a label indicating the limitations. In some laboratories there may be equipment which is only used for indication purposes and so is not rigorously calibrated. Such equipment should carry a label showing that it is not calibrated and hence not to be used for measurements where traceability is required. Examples might be rough balances or timers used in undemanding applications. Page 61 ISO 17025 is subject to some different interpretations in the area of labelling of uncalibrated equipment. Some schools of thought regard it as fatuous to label an item as uncalibrated. In practice, however, the onus will be on the laboratory to satisfy assessors that there is no danger of confusion leading to the use of uncalibrated equipment when calibrated equipment is required. The simplest way to achieve this is to label all indicator equipment as such. Equipment which is effectively calibrated at each use should carry a label to this effect with a reference to the calibration instructions, which might be within a method description. An example would be a pH meter which might be labelled ‘CALIBRATE AT EACH USE Ref. Method CA/001’ Some equipment is difficult to label in the conventional sense. Volumetric flasks and thermometers can be a particular problem. There is still a requirement to mark with the calibration status but this could be by means of a colour code or other marking. For example, all calibrated thermometers could have a piece of distinctively coloured tape wound round their stems and the laboratory could have a notice saying ‘CALIBRATED THERMOMETERS ARE CODED BLUE-Expiry date 31st May 2007’. Where equipment which is calibrated or verified at regular intervals has adjustment screws which should only be adjusted as part of the calibration procedure and are not needed in normal use, these should be sealed in some way, for example by signed labels, to prevent tampering, or at least prevent any tampering being unrecognised. 8.10 Equipment in use before formal records are implemented In practice, most laboratories will have an inventory of existing equipment before implementing equipment logs. Reasonable effort should be made to retrieve information to set up the logs, but assessors will recognise that not every piece of information will be available. For example, a reasonable estimate of the date when the equipment was received will be acceptable, and there is no need for extensive research to establish a precise date. Commissioning test information will similarly be typically absent, and the relevant part of the log should simply be endorsed: 'EQUIPMENT IN USE AT IMPLEMENTATION OF RECORDS', or some similar wording. Ongoing checks and calibration will establish the equipment's integrity from now on. If you do have any historical information on the equipment, however, for example copies of service reports, calibration history, commissioning reports, then include these in the equipment log. Page 62 9. Traceability of measurement [5.6] 9.1 Key questions ¬ Have you identified all the measuring equipment which is involved, directly or indirectly, in measurement or calibration and which, if not properly calibrated, would affect the validity of measurements? ¬ Is this equipment calibrated in a manner which provides traceability to the international measurement system? ¬ Do you have a management procedure to ensure that the calibration is maintained at all times, i.e. recalibration is conducted as necessary and, where possible, equipment is monitored so that any drift away from calibration will be detected? ¬ Do you have records which could be audited to confirm the calibration status of the equipment at any point in the past? 9.2 Meaning of traceability Basically ISO 17025 requires that a laboratory has in place a calibration system which ensures that, within known limits of uncertainty of measurement, any tests or calibrations which it makes are comparable with those of any other laboratory. The key element in achieving this is to ensure that all equipment, in all laboratories, which has an impact on the validity of calibrations or tests is calibrated in such a manner that there is an unbroken chain of comparisons which leads from the equipment to a recognised international standard of measurement. Wherever possible, this international standard is required to be the corresponding SI unit of measurement. The ideal way in which the system works in practice is that a country establishes a national metrology system where a central metrology laboratory holds the national standards for all measurements. This central laboratory establishes a link into the international measurement system by, from time to time, checking its standards against those of other countries and participating in interlaboratory measurement audit exercises. In the latter case, the laboratories circulate references, for example a mass or a thermometer, and all compare them with their own standards, so establishing a basis of agreement, or otherwise, between the national calibration laboratories. Laboratories and industry requiring calibrations can then go to their own national metrology laboratory to have their equipment calibrated in the knowledge that the calibration is internationally traceable. Such national metrology systems do not exist in all countries, and in these cases it will be necessary for laboratories seeking ISO 17025 compliance to establish traceability by having calibrations performed by agencies outside the country which are able to provide the necessary traceability. These could, for example, be a national metrology laboratory in a nearby country. Some equipment can be sent to the calibration laboratory for calibration and then shipped back to the laboratory, but many systems are either too bulky for this approach or they need calibration on site, for example balances, as calibration is invalidated by their being moved. This inevitably means bringing calibration personnel and references to the laboratory site. This extra-national approach to traceable calibration is both inconvenient and expensive, so it is in the interests of countries seeking to establish a network of ISO 17025 Page 63 compliant testing and calibration laboratories to seriously consider establishing a national metrology system. 9.3 Acceptability of calibrations to accreditation bodies It is obviously of crucial importance to laboratories seeking ISO 17025 accreditation that they derive their calibrations in a manner which will be acceptable to the accreditation body. The mere existence of a national metrology system claiming international traceability will not necessarily guarantee such acceptance. For an accreditation body to be satisfied with a calibration, they will need to know that the calibration service complies with all of the key requirements of ISO 17025. Ideally, the calibration service, even if it is a national metrology laboratory, should be accredited to ISO 17025 by an accreditation body acceptable to the body being engaged to assess laboratories which depend on the calibrations. If the calibration service is not so accredited, then the accreditation body will normally need to investigate it to satisfy itself that the calibrations are adequate and that traceability is intact. Unfortunately, different national laboratory accreditation bodies have widely divergent views on the calibrations which they will accept. Broadly speaking, it is more likely that calibrations will be accepted if obtained directly from a national metrology laboratory than if from a commercial calibration service drawing its calibrations from the same national metrology laboratory. Around the world, some national metrology services have established particular reputations, but even this does not guarantee acceptance by any specific accreditation body unless there is a formal mutual recognition agreement. However, calibrations from the national services in the Republic of Singapore, the Republic of Korea, the Republic of India, the Kingdom of Thailand, most EU countries, Japan, Australia, New Zealand, the Republic of South Africa, and NIST in the United States of America are generally well regarded at the time of writing. The key issues on which the accreditation body will need to be satisfied with in any calibration are as follows:̇ ̇ ̇ That the references used are properly calibrated and provide international traceability. That the calibration procedures being used are scientifically sound, of known performance characteristics, for example uncertainty of measurement, and subject to proper quality control. That staff carrying out the procedures are properly trained and competent in the calibrations performed. It is strongly recommended that any laboratory intending to use a particular calibration service, even a national metrology laboratory, enter into a dialogue with the body chosen as a potential accreditor for the laboratory along the following lines:̇ ̇ Determine whether the calibration service has ISO 17025 accreditation and who its accreditation body is. Ask the proposed accreditation body for your laboratory whether they have mutual recognition for calibration with the accreditation body of the calibration service. If the calibration service is not accredited, then ask the proposed accreditation body for your laboratory whether they have any policy on the acceptance of calibrations from the proposed calibration service. Page 64 ̇ If the issue is still unresolved, ask the proposed accreditation body for your laboratory what information they would require to make a decision on the acceptability, or otherwise, of calibrations from your proposed calibration service. What they will normally ask for initially is examples of calibration certificates; information on how the calibration service establishes its traceability; what arrangements the calibration service has for measurement audit or inter-comparisons with other calibration bodies; and whether it has a pro-active and auditable quality system. Essentially, the rule is to establish, at as early a stage as possible, that your proposed accreditation body will be likely to accept the calibrations you are proposing to rely upon. There is no point in spending time, money and effort on setting up calibrations which are simply rejected at assessment. 9.4 Measurements not traceable to si units 9.4.1 Industry and consensus standards There are many areas of testing, in particular where measurements are not strictly traceable to an SI unit. Many types of product testing fall into this category and rely not on a fundamental unit but on a recognised industry standard. For example, colour fastness in textiles is measured relative to a specific standard blue cloth. There is no SI unit of colour fastness. Similarly, measurements such as abrasion and pilling resistance rely on comparison with standard samples or photographs of samples. The basis of the comparison is universally accepted but it is not a fundamental unit as such. ISO 17025 allows for this in testing and in calibration through paragraphs 5.6.2.2.2 and 5.6.2.1.2 respectively. Here the idea of traceability to a certified reference material, a reference method or a consensus standard is accepted where relevant. A difficulty which sometimes arises in this area is that some accreditation bodies persistently refuse to apply these clauses of the standard and insist that they will only offer accreditation for calibrations and measurements which are traceable to SI units. Strictly speaking, this is a practice discouraged by ISO 17025, which frowns upon extensions to the standard, but nonetheless it can present a problem for laboratories seeking accreditation. If you have tests which fall into this category, then it is advisable to determine the attitude of your possible accreditation bodies before becoming committed to them as accreditor. 9.4.2 Reference materials In addition to industry standards there are increasing numbers of what are typically referred to as certified reference materials which are used to establish accuracy in measurements or calibrations. Some discussion of the use of certified references has already taken place in section 7.5.1. Such materials have a relevance, however, to traceability of measurement since they effectively represent a sample for which the correct answer is universally accepted. In this case, measurements are traced back to the certified reference rather than to an SI unit but provide the same basis in that they establish comparability between different laboratories. This is a particularly common practice in chemical analysis where, strictly speaking, the fundamental SI unit is the mole. However, realisation of the mole for every analytical target is hardly a practical proposition so the certified reference material serves as a suitable alternative. However, it is important to understand that under ISO 17025 the use of certified reference materials to show that measurements are acceptably accurate is not a substitute Page 65 for traceable calibration of instrumentation. It is tempting to argue that if you carry out a measurement on the certified reference and get the right answer, then this confirms that all is well with the method, including the calibration of any instruments used. There is some truth in this but, in practice, it is a very crude measure of acceptable calibration if only because it only tests the system at a single point. The certified reference only provides a broad brush test of the laboratory’s capability at specific tests and shows that nothing is grossly wrong with the instrumentation. 9.4.3 Understanding the hierarchy of reference materials A reference material is any material or substance where one or more property values are sufficiently homogeneous and well accepted that they can be used for checking methods or apparatus. Two key types of reference materials are a) single compounds or items of established purity or properties and b) matrix references which are specific types of sample where accepted values of one or more determinands have been established. The key to the reference material is in the acceptance. The highest level of acceptance is a certified reference material (CRM) but even this term is somewhat variable in meaning. Strictly speaking, the only certified reference material of impeccable pedigree is one complying with the definition of a CRM in ISO Guide 30, which means one produced according to ISO Guide 35 by an organisation complying with ISO Guide 34 and where the certificate complies with ISO Guide 31 The problem at present is that there is no accreditation system against these ISO Guides, which leaves the purchaser of reference materials with the responsibility of assessing compliance directly. What happens in practice is that suppliers of commercial reference materials make an evaluation, and purchasers rely on the credibility of the supplier and on the content of the certificates provided to give confidence that the values quoted for the reference material are reliable. Whether the reference material comes with enough information to enable it to be classed as a certified reference material (CRM) or only as a reference material (RM) is a matter of interpretation. The basis of any particular supplier’s interpretation of the terms can normally be found in their catalogue. Note that in the US the terms NIST Reference Material or Standard Reference Material (SRM) are generally regarded as equivalent to CRM. In practice, a reference material obtained from a reliable organisation, such as NIST, the EU Community Bureau of Reference (BCR) or the United Kingdom Laboratory of the Government Chemist (LGC), will be very widely recognised and can be regarded as a reliable basis for checking the accuracy of methods. 9.5 Some other calibration issues 9.5.1 In-house calibration It is acceptable for testing laboratories to be self-sufficient in calibration and not to use any external calibration services for their equipment. They will still, of course, need to interact with the international metrology system to achieve traceability. This will usually mean holding traceable calibrated references to be used as the basis of the in-house calibration system. For example, a testing laboratory might well hold a master reference thermometer which has a calibration certificate issued by an accredited calibration laboratory. The laboratory could then use this to calibrate all of its working thermometers according to a documented procedure. The body assessing the laboratory as a testing facility would include in its assessment an evaluation of the internal calibration system for thermometers and would need to be satisfied on the following points:Page 66 ̇ ̇ ̇ ̇ That the reference thermometer was acceptably and traceably calibrated by a body recognised by the assessment body as providing adequate calibration. That a sound and documented procedure was in place for carrying out calibration of working thermometers and that adequate quality controls were applied. That staff carrying out the internal calibrations were properly trained and seen to be competent. That there were auditable records showing that all of these criteria were being met on a routine basis. Note, too, that the internal calibration would also have to be subject to an evaluation of its uncertainty by the laboratory just as though it were carried out by an external accredited calibration service. In practice, laboratories typically carry out some calibrations in-house; thermometers, spectrometers and simple equipment, such as pH meters and conductivity meters, are examples. However, more complex calibrations, and especially those requiring expensive references which are themselves expensive to recalibrate, are typically carried out by outside services. For example, balance calibration is quite complex, needs only to be done fully once a year and needs expensive weights which have themselves to be calibrated annually. It is, therefore, more economical in most situations to use a commercial calibration service. Another point to consider is the question of adjustment of equipment found out of calibration. This can be a skill in itself and may well be outside the capability of the laboratory. Modern balances are a case in point. In these circumstances, the use of a service which calibrates and can, if necessary, service and adjust is likely to be an attractive option. 9.5.2 Intervals between calibrations Each laboratory must have a policy for determining calibration intervals, the object being to ensure that re-calibration takes place before the previous calibration has deteriorated to the point where the validity of the measurements is called into question. To some extent, routine quality control checks will provide information which could reveal instruments drifting out of calibration. However, wherever practicable, the laboratory should institute a regime for verification of calibration of equipment between formal calibration intervals in order to detect unexpected drift or malfunction. This is particularly important for key items such as balances where a loss in calibration would have far reaching consequences. Where it is not possible to carry out any simple routine verification to confirm that calibration is maintained, the laboratory will have to rely on setting specific calibration intervals. In the first instance, the laboratory sets an initial calibration interval based on the manufacturer's recommendations, the heaviness of use of the instrument, the accuracy required, the perceived risk of a loss of calibration and the magnitude of the impact, and local experience of similar instruments. The calibration is checked at the end of this interval and, if it is still correct, the interval is confirmed as adequate. Alternatively, the interval is reduced by 50% if the check shows that re-calibration is required. This process is continued until an appropriate and adequate interval is arrived at. Records must be kept so that, if necessary, the laboratory can justify the interval chosen. Page 67 The process may, conversely, provide evidence of the stability of equipment and hence a justification for reducing the frequency of calibration relative to the original estimate. Whatever the strategy for deciding calibration intervals, it must be consistent and documented. It should also take into account that it is not unusual for accreditation bodies to insist on minimum calibration intervals for some equipment, for example balances, which are typically calibrated annually. In some cases, the accreditation body is prepared to consider relaxations to longer calibration intervals, but the laboratory would have to provide convincing evidence that data validity is not being compromised by extending the interval. It should also be borne in mind that some test methods, for example construction materials testing, include requirements for verification of equipment calibration at specific intervals. These intervals must be complied with or the test method will be invalid. 9.5.3 Relaxation of calibration requirements Some relaxation on the traceability of calibrations is apparently permitted in ISO 17025 by paragraph 5.6.2.2.1, but only with testing laboratories. If it can be established that calibration uncertainty ‘contributes little to the total uncertainty of the test result’, then traceable calibration is not required and other methods of demonstrating confidence in the equipment may be adopted. In practice, this is not really a dispensation at all since there is still a requirement to show that the equipment provides the necessary uncertainty of measurement, and it is difficult to see how this can be done without at least some calibration. In any case, accreditation bodies have a tendency to take a narrow view of the traceability of calibrations, and it is not recommended that this clause be relied upon as an easy excuse to avoid traceable calibration. Page 68 10. Administration of work and sample tracking 10.1 Key questions ¬ Do you have procedure for logging samples into your laboratory? ¬ Are all samples uniquely numbered as soon as practicable after receipt? ¬ Does your system ensure that samples are stored securely and in a way that will preserve them against any changes which may affect data generated from them? ¬ Do you have a system for ensuring that the procedures required to be carried out on samples are clearly communicated to laboratory staff? ¬ Do you have a procedure to ensure reports are checked to make sure they correspond to the raw data? 10.2 Receipt of samples or calibration items [5.8] Before any work is begun, the contract review process described in section 7.3 must be complete. There must also be a check to confirm that any test or calibration items are appropriate for the procedure and in suitable condition. The documentation on sample/item receipt should specify which staff are authorised to receive and record items. The usual practice is to keep a receipt register. The information recorded should include details of the condition of items on receipt and should identify the person making the register entry. The ‘condition’ should cover any parameters which may affect the results, for example temperature, whether bottles are full or partially full, and any information on breakages or damage, spillages, leaks or lost labels. The person receiving the items should also be responsible for examining them to ensure that they are suitable for the intended test or calibration. If there are any problems, action must be taken to ensure that no work is done before the problems are resolved with the client. A record must be kept of any communications with the client, as described in section 7.3, since such communications involve amendment to the contract review. It should also be emphasised in the quality documentation that no work must be done until all matters of concern have been brought to the client's attention and clarified to mutual satisfaction, i.e. the contract review is complete. These may include problems with the items themselves or any lack of clarity about the work required. 10.3 Identification and storage of items [5.8.2, 5.8.2, 5.8.4] The laboratory should have a clearly documented policy on where items are to be stored. This may involve several storage locations for different types of items, but these should be clearly specified. Each storage location should have a book or record form in which items can be signed out and back in again. It should be understood that a particular type of item will be found in the storage location or can be located by reference to the book. The record in the book should identify the person taking the item and the date and time of removal. Similarly, return date and time should be recorded, if appropriate. The object is to create a complete history of the custody of the item. Page 69 All items must have a unique identifier which stays with them throughout their time in the laboratory. Although the standard does not actually require sample numbers, it is generally difficult to persuade assessors that, for example, using the client’s sample description as an identifier provides unique identification. Bear in mind that the ‘uniqueness’ must be retained over the period for which the laboratory retains its records, so a system over which the laboratory does not have direct control is immediately suspect as possibly leading to duplication. For the same reason, it is not adequate to retain a numbering system which repeats cyclically. It is not uncommon for laboratories to set sample numbers to unity at the start of a calendar year since they only expect to keep samples for a very short period. The records, however, will have a much longer currency, which must be allowed for in the numbering system. The numbering method can be chosen to suit the requirements of the laboratory, but it must be unambiguous. The laboratory sample number must be related to any client identification details. The simplest way to do this is to record the laboratory number and the client's identification in the sample receipt records. Both the laboratory number and the client's identification details will have to be included in any report sent out—see section 13. 10.4 Internal information transfer [4.1] There must be a clearly documented procedure which shows exactly how the client's requirements are passed to the person who will actually do the test or calibration work. This should normally be done in writing so that a traceable record is kept. This requirement is met, for example, by the person allocating work completing a worksheet and passing it to the laboratory staff. Once the work is complete, there must be a documented procedure showing how the data is checked and transcribed to the final report. It should be absolutely clear who is responsible for deciding whether the quality control criteria have been met and who can release the data. There is no problem with having checks performed at different levels in the management/technical structure, but the system must be clear and the quality control information must be recorded explicitly. A system where individual staff are given the initial responsibility of verifying that their data meets the quality control criteria is perfectly acceptable provided the information necessary to ensure that the checks are performed consistently is available to all who carry out the checks. This may be achieved, for example, by including details of the acceptance criteria in the methods documentation. However, the responsibility for the final release of data to clients must reside with clearly identified individuals. 10.5 Compilation of reports [5.10, 5.4.7] The procedure for compiling reports must be clearly documented, showing exactly which staff are responsible for putting reports together and authorising their release. There must be a documented requirement that all reports are checked against the raw data and the client's instructions before being issued. This should be done by the person authorising release of the report since they take responsibility for its contents. All checks should be recorded. Normally, this is achieved by the person carrying out the check signing and dating the documents involved. Page 70 10.6 Retention and disposal of items [5.8] This is only an issue for testing laboratories since items sent for calibration are invariably returned to the client. In this case, the laboratory’s obligation is to ensure that items are properly packed and transported to maintain the integrity of the calibration. Testing laboratories should have a clear policy on how long samples are kept. Wherever possible, samples should be retained for a period after the report is issued in case there are any queries which might be resolved by re-test. In the case of some determinands, of course, this is impractical in any case so the laboratory should reserve the right to dispose of samples immediately if their retention makes no technical sense. ISO 17025 specifies no minimum period for sample retention but one month after report issue is widely used where it is technically meaningful to re-test a sample. Clients should be made aware, for example through the laboratory’s standard terms of business, what the sample retention policy is so that there are no misunderstandings. It should be clearly documented who may authorise sample disposal and all disposals should be recorded. Page 71 11. Recording of results and associated data [5.4.7, 4.13] 11.1 Key questions ¬ Does your system ensure that all observations are recorded at the time when they are made? ¬ In this record, is the raw data always preserved so that any problems can be investigated ? ¬ Do you have a policy on how amendments to entries on laboratory records are to be made? ¬ Does the system allow the person making any record to be identified? 11.2 General principles of data recording [4.13.2] No set format for the recording of results is specified in the standard. Laboratories may adopt whatever system suits their needs. The two usual options are the use of worksheets or the use of laboratory notebooks, either personal or method-specific. In some instances both systems can operate together. Laboratories are also increasingly entering data directly into computer systems. The control of such systems is dealt with explicitly in section 12. The overall requirement from a quality point of view is that data must be recorded at the time of observation and in such a way that there is a complete audit trail so that errors can be traced and work can be repeated in a manner as near to the original as possible. It must be possible to trace a result to the person who made the measurement and the equipment used and to identify precisely the method used. This means that the audit loop can be closed, making it possible to check that the work was done by a trained member of staff, using appropriate methods, on correctly functioning and calibrated equipment. The record must be complete so there should be no use of scraps of paper. All data, calculations and observations must go on worksheets or in notebooks in non-water soluble ink or ball point pen. Pencils and water soluble felt tip pens should be banned from the laboratory. Corrections to notebooks and worksheets must be made in such a way that the original version can be read. The approved method is to cross out the original with a single line and write in the corrected version as near to it as possible. Corrections should be initialled and should, ideally, carry a note explaining the reason for the correction. Correction fluids should be banned from the laboratory completely. 11.3 Worksheets Worksheets are the best strategy for the routine laboratory. There should be a worksheet for each test or group of related tests. The worksheet should not only provide space for recording results but should also require all calculations to be done on it. In fact, wherever possible, the calculations should be laid out in outline ready for the variables and the results to be written in. This should include all calculations, even those required to calculate dilution of standards and weights derived by difference. The object is to have as much information as possible to support quality assurance and to provide for error tracking. A well designed worksheet should also reduce the likelihood of errors. Page 72 All entries must be initialled and all calculations should, wherever possible, be checked and initialled by the checker. The checking of all calculations is sometimes resisted by laboratories on the grounds that it duplicates work. ISO 17025 is specific in requiring calculations to be checked although it does not actually say that this must be by a second person. Whatever policy is adopted, the onus of proof will be on the laboratory to demonstrate that there is not a substantial error rate in calculations. One possible strategy is to check a sample percentage of calculations and, hopefully, as a result to build up a body of evidence that errors are not being made. However, not all assessors will find this acceptable. Finally, the worksheets should have space for signature by whoever is responsible for final quality control checks and a space to indicate pass or fail. This effectively releases data for inclusion in reports. 11.4 Notebooks If notebooks are used, they must be properly controlled. They constitute the raw data record belonging to the laboratory. Each book should be numbered. The laboratory manager should keep a record of the holder or use of each book. The books should have numbered pages so that a record can be referenced by notebook number and page and so that pages cannot be torn out without being detected. Staff should not be allowed to remove notebooks from the laboratory except for field work, and full books should be returned to management for archiving before a new one is issued. If the notebook system operates in conjunction with worksheets, then the worksheets should have a section for recording cross references to notebooks: book number and page number. Generally speaking, notebooks in isolation are not the ideal solution for use in a routine testing laboratory but can be a useful adjunct to worksheets. One problem which can arise with notebooks and, for that matter, with worksheets is that staff, anxious to be neat and tidy, record data in rough and then copy it over later. Strictly speaking, this practice is not a non-conformance as such, provided the rough notes, which now constitute the raw data, are retained as part of the laboratory record. It would also be necessary to have checks on the accuracy of the transfer of the data from the rough notes. It is preferable, however, for a laboratory to forbid this type of practice and to insist upon all data being recorded directly on worksheets or in official notebooks. This ensures consistency in practice and leaves no ambiguity about what constitutes the raw data. It also eliminates a data transfer step, which is a potential source of error. 11.5 Other types of data Many instruments now produce printed output. This should always be retained as part of the raw data archive. Ideally, it should be attached to worksheets but if this is impracticable it should be filed in a systematic manner so that it can be readily retrieved. Page 73 The printout must show the sample number and the operator of the instrument. Ideally, the operator should initial it to prevent misrepresentation. Any other relevant paperwork produced should be traceable in the same way and must be marked with the sample number and the name of the person generating it. Where instruments record data in computer files, these should, preferably, have provision for recording the operator and the sample number to which the file refers. If this is not accommodated, it will be necessary to institute a record book which is filled in with the sample number, the operator and the computer file identifier. Alternatively, the same information might be accommodated on worksheets or in notebooks. All computer files will need to be secured by appropriate backup regimes. See section 12.9 for details. Page 74 12. Computer systems 12.1 Key questions ¬ Do you have control of what software may be loaded onto any of your computers? ¬ Are all computer systems, including software, checked to ensure that they record and process data correctly? ¬ Is all software secured against unauthorised changes? ¬ Do you have records showing when software was updated and that checks were made on its correct functioning after update? ¬ Do you have a procedure for regular backup of data held on computers? 12.2 General issues Computers and associated software can obviously affect data validity and so need to be properly managed and controlled, whether they be part of instrumentation or systems simply used to store and process data. All computers must be introduced into use through a controlled system and must be subject to checks for correct functioning before being placed in routine use. This applies to all hardware and software and especially to software written in-house or applications developed on spreadsheets, for example. There should be records of the checks used to ensure correct functioning, as with any other piece of equipment. 12.3 Control of software There should be a defined person who is responsible for authorising any software to be used in the laboratory. This person must ensure that it is checked to show that it does not corrupt data or other information before it is released for use. This requirement must apply not only to new software but also to any updates or modifications. The responsible person should be the laboratory manager or someone to whom the responsibility is delegated by the laboratory manager. There is no reason why staff cannot set up spreadsheets, for example to carry out routine calculations and data processing, but they must have these checked and authorised before use. It is not acceptable to have staff setting up ad hoc applications and using them without their being accepted by the laboratory management as suitable for their purpose. One issue which must be addressed, however, is the question of whether spreadsheets and similar software which can contain set-up calculations may be corrupted and so lead to wrong results. Wherever possible, spreadsheets must be protected from alteration by using passwords reserved to the management. Where this is not possible, a set of sample data must be available, which can be loaded before the spreadsheet is used, to check that the calculated values are determined correctly. In order to ensure that the system for controlling software is effective and can be audited, each computer should have a log which shows the hardware and software installed. Any new software or modifications to existing software, including new releases of commercial packages, should be recorded in the log with the date when they came into use. It is then possible to determine which version of the software was in use at any particular time, should an error need to be traced. There should be regular audits of the actual software installed against the log and any unauthorised software should be removed. Page 75 It is must also be possible to recreate the previous versions of any software in case an error or query arises and it is necessary to determine whether the software was responsible. The simplest way to provide this backtracking facility is to ensure that, at each update, a copy of the previous version is retained on a removable medium such as tape or disc. Some larger commercial packages have a built-in facility to backtrack and this can be used, if available. 12.4 Computer networks Increasingly, laboratories use local area computer networks, especially if they are operating laboratory information management systems (LIMS). Such a network can make control of software easier since work areas can be established with restricted access and often with different levels of access. These networks should be exploited to control, for example, who can write new files to the network server. In general, the network should be operated as described above for stand alone computers, there should be a log of the software installed, and updates and new installations should be controlled as described. Care will need to be taken where the workstation machines also have local disc drives. The laboratory will need to have a policy on whether local software will be permitted. If local software is in use, then each work station will need its own log in addition to the network log. If local software is not authorised, then audits should check if any unauthorised material has been loaded. 12.5 Computer systems managed by other departments It often happens that the laboratory management does not have direct control of the network servers. These may be part of a general company network, for example, and so under the control of a computer section. The laboratory management will need to demonstrate to assessors that it knows what is being done by the network management on its behalf and that it is informed of any software updates so that it can carry out checks on correct functioning. The most convincing way for the laboratory to demonstrate its control is to have a written agreement between the laboratory and network management which specifies the division of responsibilities. This should cover at least the following points: ̇ ̇ ̇ ̇ ̇ The network management must agree to consult the laboratory management and obtain its agreement to make any new software accessible to laboratory staff. If necessary, the laboratory management must reserve the right to carry out checks on the software before accepting it. The network management must agree to inform the laboratory if it intends to update or otherwise amend any software used by the laboratory. It should be clear what checks the network management will carry out on the laboratory’s behalf and what checks will be carried out by the laboratory before the software revision is released. The key is to define clearly the responsibilities of each party in order to avoid inadequate checks when both parties suppose the other to be responsible. The responsibility for providing the ability to backtrack to the previous version of the software should be clearly agreed. The responsibility for keeping the log of software and updates should be agreed. There should be a clear mode and level of communication between the two parties. In particular, the network management must know who is authorised to request software changes on behalf of the laboratory and must not respond to requests from unauthorised members of the laboratory staff. Page 76 ̇ The arrangements for backing up the laboratory’s data on the network must be agreed. See section 12.9 for general guidance on backing up. 12.6 Data integrity on computers [5.4.7] Where a laboratory handles data on computers, there are particular considerations, mainly of data security and control of data alterations. From time to time there will be a need, for perfectly legitimate reasons, for a laboratory to alter data which has been recorded. Entries may, for example, have been made erroneously or quality control results may have indicated a need for a repeat measurement which then produces a different result,. The first thing that the laboratory should decide is whether the computer record constitutes the raw data, i.e. the data recorded at the time of making the observation. This will only be the case where data is logged into the computer directly from instruments or is entered at the bench. If data is recorded in notebooks or on worksheets prior to transfer to the computer, then these paper records are the raw data. Raw data must be preserved as part of the laboratory record. If there is a manual transfer to the computer, then the laboratory will have to convince assessors that there are adequate safeguards to check that this is done correctly and that, once the transfer is completed and checked, any alterations to data are under control and in compliance with the requirements of the standard. Manual entry of data into computers is clearly a potential source of error. Ideally, all such transfers should be checked by a second person. In critical cases, double entry of data can be practised, where the data is entered twice to create two files which can then be compared by appropriate software. The onus will be on the laboratory to demonstrate to assessors that it takes reasonable steps to check that data is entered correctly. At the very least, the laboratory should check a proportion of the data entered and, hopefully, build up a body of information that demonstrates that significant errors are not being made. A more fundamental problem arises with computers when it is possible to alter data without leaving a record of the alteration or of the original entry. This contravenes basic requirements that all alterations must be traceable to the person carrying them out and must be made in such a way that the original value is retrievable. Software specifically written for laboratory purposes usually incorporates an audit trail which logs alterations and the identity of the person making them through their user name. Such software will normally also retain a record of the original entry and may even require entry of the reason for making the change. Where there is an audit trail of this type, the laboratory will meet the requirements of the standard provided there is a mechanism for monitoring the audit trail as part of the quality checking procedure. Software not designed specifically for laboratories is unlikely to contain this audit trail facility and so other steps may need to be taken. The simplest option is to make a rule that all alterations must be recorded in a paper log. This should show the identity of the person making the alteration, the date of alteration and the old and new values. Ideally, there should also be facilities to record the reason for the change. Such a system, although simple, is not likely to be easy to present as compliant with the standard since it is, in most situations, unauditable. If someone makes an alteration to raw data in a computer and fails to fill in the log, then the failure cannot be detected. On the other hand, if the raw data exists on a work sheet, there will either be a discrepancy between the work sheet and the computer record or the work sheet will show an alteration to the new value. In this case, the system is auditable and acceptable. Note here the critical need to be clear about what constitutes the raw data. Page 77 If data in the computer can be protected by the software from alteration, for example by being given read-only status when entered, then the use of a paper log of amendments is much more secure. The laboratory should establish clear rules on who can authorise amendments to the data and they alone should be able to lift the read-only status of the data and make the amendment. The authorised person is responsible for filling in the log. Provided the authorisation for alteration of data is at a suitably senior level, the assessors are likely to be satisfied. An appropriate level would be at least senior technical staff. The discussion so far has been confined to raw data in computers, but the status of data changes as it moves through the laboratory and the degree of protection must be greater at each step. Raw data is first submitted to quality control scrutiny and, provided it passes, is then available for incorporation into reports. Up to this point, alterations, subject to the requirement for an alteration record to be generated in some form, may be permitted to be carried out fairly freely. However, once data has passed the quality control fence, only the most senior staff, normally the laboratory manager and designated senior professionals, should be able to authorise changes. This implies that data in computers must be protected from unauthorised alteration, either by being made readonly or by transfer to computers physically accessible only to authorised persons. A laboratory cannot comply with the requirements of ISO 17025 if quality controlled data can be altered freely by any member of staff, especially if no automatic audit trail is generated. It is also important to remember that the need to alter data after it has passed quality control automatically creates a situation where a quality incident, non-conforming work, has occurred and corrective action will be required. The situation escalates further once data has been released as a report. There would be a serious non-conformance if the laboratory’s record of data failed to reflect the report content. Specific procedures must be followed when reports have to be amended, and the original and amended data must both be available—see section 13.6. Once data has been reported, amendments to the laboratory’s archive must only be allowed at the highest level, by the quality manager and senior technical management, and so data on a computer must be totally protected from change by any other staff. It must also be impossible to generate a new version of the original report with altered data without meeting the requirements of the standard for report amendment—see section 13.6. The need for report amendments automatically requires a quality incident record and corrective action. Beware of falling into the following common trap: Data has been altered on a computer but not on the corresponding work sheet. If there is no record or audit trail for the alteration on the computer, a serious non-compliance arises since it is impossible to tell which data is valid. An initialled alteration on the work sheet to bring it into line with the computer value would have solved the problem. 12.7 Computers which are a part of instrumentation Computers which control or collect data from instrumentation should be treated as a part of the instrument and be checked as part of the operation of the overall system. Software changes and upgrades should be treated in the same manner as any other modification to the instrument, and must be checked for satisfactory functioning before their release for routine use. Particular care should be taken when instruments are serviced by suppliers since service engineers not infrequently load software patches and modifications. The laboratory management must make it clear to the service agency that it needs to be informed of any software changes so that they can be checked and recorded in the instrument log. Page 78 Computers attached to instruments can provide an excellent means of retaining raw data in a compact form. For example, chromatography data can be a problem to store as hard copy but archives on tape or compact disc are highly compact. However, secure backup regimes are essential to protect the data—see section 12.9. 12.8 Some considerations on laboratory information management systems (LIMs) LIMS systems are becoming increasingly common and can assist greatly in the operation of a quality management system. It is even possible to obtain systems which incorporate records of calibration intervals and training review in a manner that will prevent the entry of data generated on instruments past their calibration date or by staff whose training review is overdue. Some points about LIMS systems are worth noting, however, since they sometimes introduce the possibility of quality anomalies and may not be providing exactly what the laboratory management supposes they are. ̇ ̇ Most LIMS systems automatically stamp data entries with the identity of the person entering the data. The information is derived from that person’s computer user name when they log on to the system. In this case, it is essential that the laboratory enforces a rule that staff must only use terminals which they have logged into under their own name. They must not just use any terminal which happens to be logged on and available or the audit trail is destroyed. There should be an absolute rule that no terminals are left logged on and unattended; in any case, this has security implications. In most systems it is possible to set terminals to log off automatically after a period of inactivity. This should be exploited. It is not unusual for LIMS to only identify the person entering data and to designate them as the analyst. In many practical laboratory situations, data may be entered by someone other than the actual analyst. The laboratory needs to be absolutely clear about how to achieve an audit trail which identifies the person carrying out the analysis. If analysts always enter their own data, then the LIMS can provide the trail very simply. If this is not the case, the laboratory has to recognise that it is the person entering the data that the LIMS actually identifies, and must have some other means of providing the audit trail to the analyst, for example by initialling work sheets. In many instances it is simply a matter of making the position clear and communicating it properly, especially to assessors. Increasingly, LIMS permit separate identification of the analyst and the person entering the data. This provides maximum flexibility and should be made available whenever possible. 12.9 Backup of data on computers [5.4.7] This is obviously a critical area. It is also subject to the strange human perception of computers which leads to mildly illogical stances where one copy of data on paper is generally regarded as perfectly acceptable but once data is on machine readable media backup copies are required. The lack of logic is not, I hasten to add, in requiring backup of computers but in being happy with single paper copies! Generally speaking, a laboratory is under an obligation to ensure that it protects any data which it holds, especially if this is raw data or an essential part of the audit trail. Where a laboratory has raw data on computer, the backup regime must be extremely rigorous. The policy for backup should be such that, should there be a system failure where data not yet backed up is irrevocably lost, the laboratory would be in a position to recover it, either from worksheets or by repeating the tests. In the extreme situation where a laboratory is carrying out work which, by its nature, cannot be repeated and where the Page 79 only copy of the data is on computer, backup will need to be very frequent. A common strategy is for laboratories with LIMS to have dual disk drives on the main computer or network server, or even dual servers, and for all data to be recorded directly on both. This is further supplemented by regular tape or optical disc backups, sometimes twice a day. Most laboratories are not so exposed, and a daily backup will be sufficient; a good rule of thumb is to ensure that all data is backed up at the end of each working day and transferred to secure storage. This storage should be separated from the laboratory area by a fire break and, ideally, be provided with a fire proof safe designed for data storage. Fireproof safes designed for documents are not suitable since they reach too high a temperature to protect magnetic media. If data has to be kept in the laboratory, then a data safe is essential and its use must be rigorously enforced. When data is removed from on-line access, for example in order to regenerate capacity on the working computers, then two copies should be made and one stored off-site or as far from the laboratory areas as possible. The laboratory will need to be in a position to retrieve the archived data with reasonable ease, so it is advisable to ensure that some index of the archive is generated. Good LIMS systems will provide this automatically and will retain the index as part of the online system, enabling rapid identification of the location of the archived data for a particular sample. The archive or backup medium can be any medium which is convenient. Tape or floppy discs are perfectly acceptable but the increasing convenience of optical storage, for example writable CD and DVD drives, is now proving popular and such a facility should certainly be seriously considered as part of an LIMS. Page 80 13. Reporting requirements 5[.10] 13.1 Key questions ¬ Do you have a defined report format? ¬ Does this comply with the detailed requirements of ISO 17025? ¬ Does your system ensure reports always reach only those entitled to receive them? ¬ Does the report acknowledge subcontracted work ? ¬ Do you have a policy on how to deal with situations where it becomes apparent that suspect data has been reported? ¬ Do you have a clear identification of staff authorised to approve reports? 13.2 Report format [5.10.2, 5.10.3, 5.10.4] ISO 17025 is quite specific about what must appear on reports from the laboratory but also has a general requirement that the information must be reported accurately, clearly, unambiguously and objectively. It must also be in accordance with any specific instructions in standard test or calibration methods specifications. There is a relaxation of this if a laboratory is reporting within its own organisation or in the case of a specific written agreement with a client. In these circumstances, the report may be abbreviated but, nonetheless, all of the information required by the normal report format must still be available within the laboratory. Normally, the written agreement with clients to report in an abbreviated format should be concluded as part of contract review—see section 7.3. Requirements for test and calibration reports differ slightly but the following are common factors: 1. A title: Test Report, Calibration Certificate, Test Certificate and Calibration Report are all mentioned as appropriate terms in the standard but there is no compulsion to use these specific terms. 2. The name and address of the laboratory and the name and address of the client; if the test or calibration was carried out on site the location of the actual work must also appear. 3. A serial number or similar unique identification for the report which should appear on each page together with pagination in the form Page....of..... An alternative way of indicating the total number of pages is also permitted provided it allows the user to be certain about whether they have a complete document. 4. The client's identification details for the samples or calibration items and the identifiers used by the laboratory, for example sample numbers. There should also be a brief description of the items and a note of their condition. 5. The date of receipt of the items and the date(s) of testing or calibration. Strictly speaking, the date of receipt is only required when it is critical to the validity of the results, for example if testing needs to be done within a certain time of sampling or where samples or calibration items require conditioning before being worked on. In practice, there are few occasions where the date of receipt has no relevance, so it is recommended that it be incorporated routinely. Page 81 6. Identification of the method used and any sampling plan or method which is relevant to the data. These may be a direct reference to a standard specification or may refer to a documented in-house method. In the latter case, a brief outline of the procedure, including any sampling methods, should be included. In practice, many accreditation bodies permit a generic statement indicating that the laboratory’s standard procedures were used and offering the client a reference list on request. 7. A note of any deviations from a standard method and any environmental conditions which may bear upon the results. 8. The test or calibration results themselves with units. 9. The name, position and signature or other identification of the person accepting responsibility for the report and the report's date of issue; it is recommended that the person accepting responsibility initials each page of the report where this is practicable. It is up to the laboratory to decide who is identified as having authority to release data, i.e. sign reports. The onus will be to satisfy assessors that the person(s) so authorised have the appropriate skills to evaluate the data. 10. Where relevant, a statement that the results only apply to the items tested or calibrated. This is generally required in the case of product testing to prevent the results being applied inappropriately in support of general product or batch certification. 11. Preferably, a statement that the report shall not be reproduced, except in full, without the written permission of the laboratory. In addition to these general requirements, there are the following specific requirements for test reports:1. Details of any deviations from the standard test method and information on any relevant factors such as environmental conditions. 2. Where relevant, a statement on compliance/non-compliance with requirements or specifications. The key test of relevance here is whether the client requires the information. This will depend on the question asked by the client. If the request is to test for compliance with a specific requirement, then there is clear relevance. If the request is simply for data, then the statement does not have to be volunteered. 3. Where applicable, a statement of the uncertainty of the result; this is generally regarded as applicable where requested by the client, when it is relevant to the application of the test results and when uncertainty affects compliance with a specification. It is hard to see a situation where uncertainty does not affect compliance with a specification, but most accreditation bodies are currently not taking such a rigorous view. Note that even if uncertainty is not required in the test report, the laboratory is still required to have estimated it. This is a completely independent requirement. 4. Where appropriate and needed, opinions and interpretations. This is a developing area as ISO 17025 is the first standard for laboratory systems which covers requirements for opinions and interpretations. Previous practice was to exclude them from the standard and hence from the scope of accreditation. A disclaimer was then required when reports contained opinions and interpretations. Many accreditation bodies are still operating in this way as an interim measure while they develop procedures for assessing laboratory systems for managing quality of opinions and interpretations. The ‘when needed’ requirement is, however, regarded as being relevant to situations where the opinion or interpretation effectively constitutes the result. Examples include forensic investigations where the question posed may be a goodness of fit and this is based on various test results from which a conclusion Page 82 needs to be drawn. Whether an opinion or interpretation is required is an ideal issue to be clarified at contract review. 5. Any other specific information which may be specified by the method or requested by clients. 6. Reference to the method of sampling, the items sampled, the date of sampling, any relevant environmental conditions and other relevant factors when the laboratory undertakes sampling and an understanding of the sampling is relevant to interpretation of the results. The additional requirements for calibration reports are as follows:1. A record of any environmental conditions which have an influence on the measurement results. This normally means temperature, possibly pressure and sometimes humidity. 2. The uncertainty of measurement. Note that this is compulsory in calibration reports. The only exception is when a report is made about compliance or non-compliance with an identified meteorological specification. In this case, the uncertainty has to be considered when determining the compliance, so it is not explicitly needed in the report. However, the laboratory must still have a record of the uncertainty and the data used to determine compliance. 3. Evidence of traceability. This normally requires details of the references used and cross reference to their calibrations. 4. Where an instrument has been adjusted, the results before and after adjustment. This allows the client to estimate drift and perhaps to review calibration intervals. 5. Unless there is a legal requirement calibration reports should not carry any recommendations on a re-calibration interval or date since this might be taken to imply that the calibration has a specific time validity. Clearly the laboratory cannot offer any such guarantee once the item calibrated leaves its custody. This prohibition is relaxed if the client asks for a recommendation, but the laboratory should make it clear at contract review and in the wording of the report that this is only a recommendation and that no guarantees are being offered that the calibration will remain valid for the stated period. Other factors to be borne in mind when reporting are the inclusion of sub-contracted data in reports and the question of reports which contain results for work not included in the laboratory’s scope of accreditation. The general principle enforced by accreditation bodies is that these results must be identified clearly and that the laboratory must not seek to misrepresent its scope of accreditation or to represent sub-contracted data as having been generated in-house. In the case of calibration laboratories, there is an absolute requirement to supply the client with the report issued by a sub-contractor, but this is not required from testing laboratories. See section 15 for further discussion of subcontracting. ISO 17025 has nothing to say on the subject of reporting tests and calibrations not covered by the scope of accreditation since it does not address the issue of limited scope of accreditation at all. Perversely, the standard is written on the assumption that everything which the laboratory does is within the scope. This is rarely the case. The consequences of this deficiency in the standard are generally dealt with by regulations formulated by the accreditation body in order to prevent misrepresentation of the scope and hence the areas of activity which they underwrite. Some accreditation bodies require that a minimum proportion of the results, for example 50%, are within the scope of accreditation before their logo or reference to accreditation Page 83 can be used on the report. More commonly, a disclaimer, with clear marking of nonscope data, is permitted. However, if none of the reported data is within the scope of accreditation, the logo of the accreditation body and/or reference to accreditation may never be used on the report. 13.3 Some further comments on opinions and interpretations [5.10.5] Laboratories are required to be able to show that they have a documented basis on which professional judgements are made and that the qualifications and experience of those making them are appropriate. Appropriate information would be references to any general requirements, standards, technical requirements or contractual specifications which are being used as a basis for the judgement. In the case of judgements based on individual’s professional experience, assessors will need to be satisfied, on the basis of the staff records, that the person making the judgement is appropriately qualified. Wherever possible, laboratories should have guidelines for any routine interpretations and judgements which have to be made in order to ensure that they are made consistently over time and by different individuals. 13.4 Authorisation of reports [5.2.1] Authorisation of reports can be a problem area. The ideal situation is that all reports are signed documents. In practice, commercial laboratories often have to give data over the telephone or by fax. The status of faxed documents, even if signed, varies in different legal systems as does that of emails. The wisest strategy is to make it clear to clients, and in the laboratory’s quality documentation, that the only definitive report is the signed original transmitted in hard copy. All other transmissions, fax, electronic or verbal, are subject to confirmation. This should not, however, be a substitute for ensuring that data is only communicated after proper release. The laboratory should have a clear policy, for instance, on which staff are authorised to give results over the telephone, and this should only be permitted once the data has undergone all quality checks and is ready for inclusion in a formal report. Reports generated by computer are another area where careful control is required. Increasingly, laboratories produce large numbers of reports directly from laboratory computer systems and often in quantities where signing each report is totally impractical. ISO 17025 permits authorisation by means other than a signature, but the report must still identify an individual who takes responsibility for the data and his or her position. In the case of reports generated from a computer, it is essential to have security such that only authorised persons can generate reports. It is also essential to ensure that, once a report has been generated, it is not possible for an unauthorised person to alter the data in the computer and then to generate a changed version of the report. The security must be such that the rules for report amendment discussed in section 13.6 are observed, which effectively means that once a report is issued to a client the laboratory’s copy, even if a computer file, must never be altered. Amendment requires that a completely new report is issued. The security can be achieved physically but assessors will normally expect to see appropriate software protection. Section 12 deals specifically with the use of computers and ways of providing appropriate safeguards. The format and content of reports will come under very close scrutiny by accreditation bodies. It is the report, after all, which carries the accreditation body’s logo and, hence, its stamp of approval. It is in the interests of neither the accreditation body nor the accredited laboratories that this approval appears on an inadequate document. Page 84 13.5 Transmission of reports [5.10.7, 5.10.1] Normally, reports will be sent by post to the client's address. Where other means, for example fax, telephone or electronic transfers are used, there must be a documented policy to preserve confidentiality. This should normally specify that the client must agree, in writing, to the transmission and, where the telephone is used, that results should only be given to an individual who can be recognised by the laboratory as entitled to the results. It is good practice for the laboratory to require the client to confirm their own sample identifiers or some other information related to the samples before being given the results over the telephone in order to establish bona fides. Telephoned results should always be confirmed in writing. If the client requires the results to go to an address other than their normal address, or data to be given to an alternative telephone, fax or email location, the laboratory should ask for confirmation of this requirement in writing. 13.6 Amendment of reports [5.10.9] The rules for amendment of reports, once issued to the client, are quite specific. The original report cannot be destroyed and expunged from the system to be replaced by an extended or corrected version. A completely new report must be issued which complies with all of the normal reporting requirements, and it must be endorsed to show that it is an amendment, supplement or complete replacement of the previous version. The laboratory must retain copies of the original and the amended versions as part of its archive. Particular care is needed when report archives are computerised to ensure that the new version does not overwrite and obliterate the original. A need to issue an amended report will imply a prima facie quality failure—nonconforming work—and will need investigation and corrective action. 13.7 Response to reporting of suspect data [4.9, 5.10.9] When the laboratory discovers a case where suspect data has been released, for example if it emerges that an instrument is found to be out of calibration at a regular check and it is uncertain when it actually went out of calibration, the general requirement is that clients should be notified of any such questions about the data reported to them. There are obviously substantial commercial sensitivities here, and it is generally accepted that laboratories are only required to notify clients after they have carried out a full investigation and determined that there really is a problem. Accreditation bodies do, however, enforce this requirement rigorously and will not be swayed by arguments about the commercial damage which could result from writing to clients to tell them that their data may be wrong. Indeed, if the assessors find a problem, for example an un-calibrated instrument, they may well insist on notification of all clients whose data may have been affected as part of the action to clear the non-conformance. Note that this refers only to surveillance visits. Assessors cannot insist on such action at initial assessment since data released prior to accreditation is not covered by the accreditation requirements. Page 85 14. Purchasing services and supplies [4.6] 14.1 Key questions ¬ Do you take steps to control the quality of any purchased goods or services which might affect the validity of your data? ¬ Do you have a list of approved suppliers and a policy on their selection ? ¬ Do you keep this list under review and remove any suppliers found to be inadequate from a quality perspective? ¬ Do you have a system for checking all received materials against the order specifications? 14.2 Requirements The general requirement is that, where the quality of any outside services or supplies may have an impact on the quality of the data or calibrations emanating from the laboratory, there must be procedures to ensure that the quality of the services or supplies is adequate and consistently so. The two extremes of an approach to quality of supplies and services are for the laboratory to check everything on receipt or for only approved, preferably certified or accredited suppliers, to be used and checks to be dispensed with. In practice, elements of both extremes will be used. Laboratories have approved and trusted suppliers but also carry out checks, often as an integral part of methods, for example reagent blanks or calibration checks. The onus will be on the laboratory to demonstrate to assessors that it controls the quality of any input, service or supply which could impact data quality. In practice, the approved supplier position under ISO 17025 is not nearly so big an issue as it is under ISO 9001 since test and calibration methods generally contain quality control checks which, indirectly at least, monitor materials and services obtained outside. No laboratory is, for example, likely to want to argue that running checks, such as reagent blanks, can be dispensed with on the basis of the supplier’s specifications for a reagent, however impeccable the supplier’s quality management certification. It is when such checks are statistical that the laboratory has to be careful about assessment of suppliers, for example where, rather than running a blank each time a method is run, a batch of reagent is sampled and checked for suitability on receipt. The level of checks applied will then need to be defended and the quality assurance capabilities of the supplier will then be an issue. This may even mean different levels of checking being applied to the same materials obtained from different sources. 14.3 Approved suppliers [4.6.4] ISO 17025 requires policies for the selection and use of external services and suppliers and records both of the suppliers used and of their quality assurance approval. In practice, this means that the laboratory must have a list of approved suppliers with, where appropriate, a list of the goods or services which each is approved to supply. There should be a policy for approving suppliers which is normally administered by the quality manager. The policy should state that, wherever possible, the laboratory will use suppliers who hold ISO 9001 certification for their quality system, or relevant product Page 86 certification. Those with such certification would normally gain automatic accession to the approved list. It the case of non-certified suppliers, the laboratory will have to make its own assessment of their quality assurance capabilities and/or arrange appropriate checks on supplies on receipt. Indeed there is no reason at all why the quality manager cannot take the view that the checks carried out by the laboratory on receipt of materials or as a part of methods are such that the supplier’s quality assurance capability is irrelevant. However, if this is the position, it is still necessary to list the suppliers used and to note that their use is conditional on the continuation of relevant in-house quality checks on materials. Checks on the quality assurance status of suppliers who provide services such as instrument repairs must also be considered. Many service agencies and service departments now hold ISO 9001 certification, which simplifies this area considerably. Where there is no certification, the laboratory will need to carry out its own assessment. As with the supply of materials, there is rarely a major issue since a laboratory will generally be in a position to check an instrument before it is returned to service after a repair, and normal quality control within methods will provide additional security. There may, however, be quality issues surrounding response times to service requests, which will need evaluation. 14.4 Inspection [4.6.2] There should be a defined mechanism to ensure that any goods received are inspected before being released for use. This should involve a check against the order specification and should pay particular attention to factors such as specified purity of reagents or accuracy of calibration of equipment. An individual should be made responsible for carrying out the checks, and there should be clear segregation or labelling of goods to distinguish between those which have been checked and those which have not yet been released for use. In the case of services to equipment, an individual must be given responsibility for deciding on whether the work has been satisfactorily carried out before the serviced equipment is put back in use. In the case of laboratory instrumentation, this will typically be the duty of the responsible person. 14.5 Administration [4.6.4] The quality manager should review the approved suppliers list at least annually and should review any particular supplier immediately if problems become apparent. There must be a general instruction that any staff member who has problems with the quality of supplies, goods or services, must report them to the quality manager. This ensures that all of the information comes together at one point. It is not unusual in large organisations for a supplier to be giving small problems in different departments which, when brought together, add up to considerable concern about the supplier’s overall suitability. A simple strategy for ensuring that the reports reach the quality manager is to instruct that problems with suppliers are reported to the quality manager. A mechanism should be established to prevent orders being placed with non-approved suppliers. The usual practice is to require some person in the order processing chain to verify the order against the approved supplier list and to endorse it as satisfactory in this respect. The person charged with this responsibility can be either the person authorising the order or an administrator who processes the order. In either instance, the quality documentation should confirm the person's authority to intercept the order. Page 87 14.6 Starting up the approved suppliers list A laboratory which is installing a quality system for the first time will already have a number of suppliers which are routinely used. These should all be contacted with an explanation that the laboratory is seeking accreditation and asked to supply details of their quality management procedures or certifications. If they are unable to do this, the laboratory need not stop using them, provided that the quality manager is satisfied that the goods or services supplied will be of acceptable quality and/or adequately checked before use in a situation where the quality of data is set at risk. A history of use of the supplier with no problems can provide suitable evidence. In such cases, the quality manager should prepare a brief report on the supplier which details the history of use and which shows any supporting evidence for their acceptance. The key point from an assessment point of view is that the laboratory will have to convince the assessors that it has information about the suppliers’ ability to maintain quality and so can deal with any local checks needed before goods or services are released for use. 14.7 Operating within a tendering system One difficulty which sometimes arises is when laboratories operate in countries where purchases have to be via a transparent tendering system. This often means that the laboratory is not in a position to select suppliers nor, in some instances, influence the selection. The best way to deal with this problem is to defer evaluation of the supplier until the tendering system is complete. If the supplier is already on the approved list then there is no problem. If the supplier is not approved, the quality manager should evaluate whether the supplier is in compliance with approved supplier status. This means:̇ ̇ ̇ Determine whether the supplier has certifications. If the supplier has no certifications then the quality manager should determine what other assurances on quality are available. In the light of the information obtained, the quality manager should then decide on any checks on supplies that need to be made on receipt and before the supplies are released for use. The strategy to be adopted should then be recorded and communicated to relevant laboratory staff. Page 88 15. Sub-contracting [4.5] 15.1 Key questions ¬ Do you evaluate the suitability of any sub-contractors used against a defined set of criteria? ¬ Do you have a list of these approved sub-contractors? ¬ Do you have a mechanism which ensures that the use of any sub-contractors found unsatisfactory is discontinued ? ¬ Do you obtain clearance from clients before sub-contracting work? 15.2 Requirements [4.5.3, 4.5.2] ISO 17025 includes the specific statement that a laboratory is always responsible to the client for the work the subcontractor performs, although a dispensation is allowed where the client insists on a particular subcontractor. This is the key requirement and it implies that the laboratory investigates and approves its sub-contractors, as described in section 15.2.1. The overall need is to satisfy assessors that sub-contractors are selected after careful investigation and that the laboratory takes a responsible attitude to their selection and continued use. In practice, accreditation bodies do not apply this requirement with great rigour and they are reasonably understanding of commercial sensitivities. Sub-contracting should be covered by contract review as discussed in section 7.3. This also takes care of the requirement in the standard to ensure that the client is aware of the arrangement, although it should be noted that ISO 17025 specifically requires that the client be informed in writing of the arrangements for sub-contracting. In the case of reporting work from sub-contractors, a testing laboratory must simply acknowledge that it has been sub-contracted but calibration laboratories are required to supply the client with the sub-contractor’s report or certificate. There is no absolute requirement to notify the client of the identity of the sub-contractor, although the requirement for calibration laboratories to pass on the sub-contractor’s certificate rather negates this. Testing laboratories can, however, reserve this information. 15.2.1 Approved sub-contractors [4.5.4] The laboratory must keep a list of approved sub-contractors, normally compiled by the quality manager. Laboratories which operate a quality system in compliance with ISO 17025 are automatically eligible to appear on this list. They may demonstrate their compliance by providing evidence of accreditation by an accreditation body constituted in accordance with ISO 17011. In the case of non-accredited laboratories, the quality manager will be required to carry out an appraisal, which might include a visit to the sub-contractor to carry out an audit, to establish to his or her satisfaction, that the laboratory is ISO 17025 compliant in relevant areas. The key issues would be to ensure that the laboratory is suitably equipped, has training procedures and records, calibrates its instruments traceably and has appropriate internal and external quality control procedures, including participation in relevant interlaboratory proficiency exercises. A report on the appraisal must be kept on file, and the authorisation should be reviewed at least annually. Page 89 A decision should also be made on whether it is necessary to carry out quality checks on the performance of sub-contractors by, for example, the blind submission of quality control samples. These checks may be appropriate when initially evaluating the subcontractor and may also be carried out on an on-going basis. At least occasional use of such checks is strongly recommended where possible, especially for non-accredited subcontractors, since it is likely that assessors will ask the laboratory whether they have any evidence of the quality of the sub-contractor’s work. Another approach sometimes used is to arrange for the sub-contractor to forward the results of any relevant interlaboratory proficiency exercises in which they participate. Willingness to do so, in itself, provides confidence in the sub-contractor. 15.3 Administration There should be a clearly stated policy on who may authorise sub-contracting. This is normally the laboratory manager. This person should have the responsibility of checking that the sub-contractor is on the approved list and should have the authority to refuse to authorise the sub-contracting if a non-approved sub-contractor is requested. The laboratory manager should review the performance of sub-contractors on a regular basis, and at least annually, and report any problems to the quality manager for investigation. Page 90 16. Guidance on writing a quality manual 16.1 Some general considerations There is no set format for a quality manual and it must, of necessity, be a document individual to the laboratory. It is the definitive document: it defines the quality management system and the procedures which implement it. Accreditation bodies often provide a guidance document suggesting a format, and there is something to be said for following their recommendations. Unfortunately, however, this can lead to a manual which is less than ideal from the laboratory’s point of view and perhaps has the appearance of being designed by a committee but it will be relatively easy for assessors to review; they can check it off against the guidance document and can hardly object to a manual which follows the document closely. The contents of the manual and the documents to which it refers will be the basis for all audits and assessments of the quality system. It is, therefore, important that the manual describes the system as it is actually operated. It must be a working document and not a description of an ideal world. Be particularly careful that you cover all eventualities. If you assign a responsibility to a post holder, remember that they may not always be available. The manual will need to provide an alternative, such as a deputy or another point of reference, in these circumstances. There should be a statement that all responsibilities ultimately revert to the laboratory manager who may delegate them again if necessary. The laboratory should always try to ensure that the laboratory manager and his or her deputy are never absent at the same time. Another important point to remember is that responsibility and authority go together. Whenever you assign a responsibility you must also assign the appropriate authority. In the context of quality management this may involve giving a quality manager authority on quality matters over a line management superior. The superior, in supporting the quality policy, should respect this authority. You should be careful in writing the manual not to create procedures and policies which are bound to fail. Within the limits of the standard, give yourself as much flexibility as possible. You may describe preferred courses of action but allow alternatives under defined circumstances provided that it is clear who has the authority to permit the alternative to be taken. For example, a supplier policy may state that the preferred suppliers would be ISO 9001 certified but that alternatives may be used where the goods are not available from such an accredited supplier. The policy might then go on to state that the quality manager may give approval for the use of an alternative provided that the goods are checked before being used. The next sections give one suggested outline for a quality manual that describes an ISO 17025 compliant system, with some notes on the contents of each section. It is not essential that the information described appear explicitly in the manual. Subsidiary documentation can be used and referred to. Be careful, however, not to create an unnecessarily complex documentation structure as this will be difficult to maintain. Another trap to avoid is that of duplicating information across different documents since Page 91 it is difficult to ensure that the versions in the various documents are all maintained together and remain consistent. Finally, remember that an assessment will be against your quality documentation in addition to against the standard. This means that if you make a commitment in your documentation which goes beyond the requirements of the standard and then fail to meet it you will still have a non-conformance, even if what you are actually doing is within the standard. For example, ISO 17025 requires an annual review of the quality system. If you were to enter a commitment to a six-monthly review in your quality manual but what you actually do is review annually, you would be meeting the standard but would still have a nonconformance against your documentation. The rule is not to commit to anything beyond the standard, even if you intend to go beyond the standard. In the example given, the quality manual should say that you will review ‘at least annually’. This gives you flexibility and conformance with the standard. 16.2 An outline for a quality manual 16.2.1 Quality policy statement and accreditation This should be made on the authority of the most senior management body for the laboratory. This must be at the level where decisions on resource allocation are made. It should contain a commitment to quality, to good professional practice and to a quality management system based on ISO 17025. It should also contain a commitment to provide resources to support this level of quality. It is also conventional to include a commitment to provide only one level of service for tests and calibrations within the accreditation scope. This requirement arises from a situation where some laboratories were offering to carry out work either to an accreditation standard or to a lower standard with a price differential. Accreditation bodies insist on a single level of service since, otherwise, a laboratory might use its accreditation to attract the work and then offer an inferior and cheaper service. It is, however, possible to be accredited for the same test or calibration to different levels of accuracy, for example, but it is hard to see any advantage in this in most cases. The policy statement should carry the name, position and signature of an appropriate representative of the senior management body, ideally the chief executive, and should explicitly give authority to the laboratory manager and the quality manager to implement and operate the quality system. It should also require all personnel to familiarise themselves with the quality documentation and to follow its requirements at all times. The policy statement should be followed by a reference to any accreditations held by the laboratory and a reference to an appendix containing the scope of accreditation or the scope which is the basis of any pending application for accreditation. 16.2.2 Organisation and Management This section should show the internal organisation of the laboratory and the relationship between the laboratory and any organisation of which it is a part. It is a good idea to include organisational charts. These charts should show that the quality manager has access to the highest level of management and to the laboratory manager. Each level of staff should be described, with an outline of the level of experience and qualifications required to fill each grade. The object of this is to set a minimum acceptable level of expertise at each level which the laboratory undertakes to maintain, Page 92 but the description should allow sufficient flexibility to admit staff with specialised but narrow capabilities, where required. The supervisory requirements at each grade should be defined, for example an assistant chemist must always work under the direct supervision of a chemist or higher, and the limits of responsibility and authority of each grade should be clearly explained. There should be a statement of the policy on the use of staff undergoing training and a requirement for their direct supervision. Reference should be made to the staff records or equivalent source as containing a list of the current post holders. 16.2.3 Job descriptions This section should contain full job descriptions of key staff. This must include the laboratory manager and the quality manager and their deputies. It should make clear what the responsibilities of each post are and what functions each performs. Any other key posts should be included. Some laboratories, for example, assign duties to a calibration officer who is responsible for calibrating all instruments and maintaining reference standards. 16.2.4 Approved signatories This section must define precisely, either by name, seniority or post, the individuals who are authorised to take responsibility for the laboratory's data. Only these individuals may authorise the release of work and sign test/calibration certificates. 16.2.5 Acceptance of work This section should make clear exactly who may accept work and commit the laboratory to a delivery date. It should state that the person accepting the work is under an obligation to ensure that the laboratory has the equipment and expertise to do the work and that they must not enter into a commitment unless they can be certain on this point. The formal contract review process can be described here. 16.2.6 Quality documentation The structure of the quality documentation should be defined. This will normally be a hierarchy, headed by the quality manual, which refers to the methods manual or equivalent technical and other procedural documentation. Reference should be made to the subsidiary records and documentation such as the equipment logs and the staff records. The purpose of each piece of documentation must be defined as well as the person responsible for maintaining it and authorising it to be issued. The availability of each document should be stated, for example whether it is issued and to whom, in whose custody it is kept, where it is kept and who has right of access. There should be an instruction to all staff to abide by the documented procedures. This should be qualified by allowing, for example, the laboratory manager to permit departures from documented procedures where technical considerations make this expedient, provided that he or she is confident that quality will not be undermined as a result. There must be an instruction that all such departures must be recorded and noted on reports, where relevant. Page 93 Staff inadvertently deviating from documented procedures must be instructed to bring this to the attention of the laboratory manager, who must decide whether quality is compromised and what action is needed. All such departures must be recorded. 16.2.7 Document control The controlled document system should be described and the responsibility and authority of the quality manager in this respect defined. 16.2.8 Scope of tests/calibrations This should state the laboratory's policy to use internationally recognised methods wherever possible, supplemented by fully validated and documented in-house methods. This section should also include or refer to a list of typical sources for methods appropriate to the laboratory's scope of activities. 16.2.9 Test/calibration methods There should be a description of the procedure for introducing a new method. This will generally involve the laboratory manager in arranging to validate and document the method. The quality manager should approve the validation and documentation before the laboratory manager releases the method. An outline of the format for in-house documented methods should be given, and a procedure for the withdrawal or amendment of a method described. 16.2.10 Equipment and reference standards This section should list the major items of equipment which the laboratory operates and the reference standards held. This can be expressed in general terms and reference made to the equipment logs as a full inventory. The format and operation of the equipment logs should be described and the procedure for checking and accepting a new piece of equipment into service, as well as the procedure for the withdrawal of equipment. 16.2.11 Calibration policy There should be a statement of the policy of the laboratory to achieve traceability of all measurements by the use of traceable (to SI units where relevant) standards of measurement and certified reference materials. Where this is not achievable there should be a commitment to interlaboratory calibration exercises and similar measurement audits. The policy that references are to be used for calibration only and not for routine purposes should be stated. 16.2.12 Calibration and maintenance of instruments There should be a general statement of the policy to calibrate at intervals such that the integrity of measurements is not set at risk. The preferred procedure for determining calibration intervals should be stated. Reference should be made to the procedural documents which describe instrument calibrations. The procedure for labelling equipment which requires calibration should be described and instructions not to use equipment which has an expired calibration must be given. A general responsibility should be placed on all staff to ensure that any instrument or piece of equipment which they suspect is out of calibration is not used until checked. The equipment must be clearly labelled as suspect and not to be used. The problem should be brought to the attention of the laboratory manager. Page 94 16.2.13 Methods and uncertainty of measurement This section should describe the laboratory's policy and procedures on the determination of method performance validation and on assessing uncertainty of measurement.. There should be a description of procedures to be used at initial validation of methods and a description of the responsibility of the laboratory manager for updating the information on the basis of QC data. The section should also give guidance on the general policy of the laboratory on the frequency of running QC samples, spikes and duplicates. 16.2.14 Quality control There should be a general statement on which level of staff or individuals are permitted to judge whether results meet quality control criteria. Reference should be made to the fact that methods documentation includes details of the quality control data to be collected and the criteria to be applied. The general responsibility of the laboratory manager to monitor and act upon quality control data should be stated. There should be a commitment to interlaboratory proficiency checking exercises and/or measurement audit and a list of such exercises in which the laboratory typically participates. 16.2.15 Procedure when data is suspect The procedure to be followed when a suspicion that faulty data has been released should be described. This will normally require investigation by the laboratory manager and quality manager and probably an audit. Corrective action would also normally be required. The laboratory's policy to inform clients as soon as possible of suspect data must be stated with a commitment to check the data and, if necessary, to issue an amended report. 16.2.16 Handling of samples and administration of work This section should have a complete description of the laboratory's procedures for receiving, storing and recording samples, sample numbering and labelling, allocation of work, recording of results, quality checking of results, preparation of reports and issuing reports. In writing this section try to describe in a systematic way the manner in which samples and results are managed through your laboratory. Pay particular attention to how the clients' requirements are communicated to the bench workers and how the bench workers pass the results back to the reporting process. 16.2.17 Recording of results This section should describe the use of worksheets and/or notebooks. Instructions on the use of ink and the way of making corrections should be given. 16.2.18 Disposal of samples and other waste The laboratory's policy on the length of time samples are kept should be stated, as should the policy on disposal, with a commitment to the responsible disposal of toxic materials. Page 95 16.2.19 Records The laboratory policy on the retention of records should be stated and the procedure to be followed in disposal of records must be given. This should define who may authorise disposal and require that an inventory be kept of the records disposed of. The policy on security of records, including computer data, must be stated, and the person responsible for archiving and computer back-up identified. 16.2.20 Reporting of results The minimum requirement for the contents of a report should be given (see section 13.2) and an example of the preferred layout included. The requirement to identify sub-contracted results must be stated. Where the laboratory holds accreditation there must also be a stated procedure for identifying results of methods not included in the accreditation scope. The procedure for retaining confidentiality when reporting results other than by post should be set out. Where reports have to be amended there must be a statement that this can only be done by the issue of a complete new version with an endorsement such as ‘Amendment to Certificate No.......’ 16.2.21 Quality incidents, complaints and control of non-conforming work The laboratory's policy to treat complaints positively and as a source of useful information should be stated. The persons authorised to deal with complaints should be identified and the procedure for recording complaints and following them up defined, including the requirement for corrective action. The system for dealing with internally detected quality problems and incidences of nonconforming work needs to be clearly described. This should include assignment of responsibility for ensuring work is suspended pending an investigation and the carrying out of corrective action. The person responsible for allowing work to be resumed needs to be identified. 16.2.22 Confidentiality The laboratory's policy to retain confidentiality should be stated. Instructions must be included that all staff must take all reasonable precautions to keep clients’ data and other information confidential. The requirement to ensure that no such information is left out in the laboratory overnight or in an unattended room should be stated. 16.2.23 Staff appointment, training and review The operation of the staff records must be described including their use for recording new staff and changes in the training or status of existing staff. The mechanism for selecting staff for training, carrying out the training and assessing competence and for issuing authorisations to carry out tests, calibrations and other procedures should be described. The mechanism for an annual review of staff capabilities must be laid out and the means of recording the results. Page 96 Staff should be generally instructed of their responsibility to carry out only operations for which they are authorised. It should be made clear that staff are entitled to refuse to do work for which they are not authorised. 16.2.24 Procedures for audit and review of the quality system All of the procedures for the audit and review of the quality system should be described together with the records to be kept, and the policy on frequency of audits and review included. 16.2.25 Corrective action The procedure for agreeing and recording corrective action should be described, as well as a description of the procedure for follow-up to ensure corrective action is complete and has been effective. 16.2.26 Preventive action and improvement The procedures for identifying preventive action and quality improvement opportunities should be described, and the responsibility for evaluating suggestions and carrying out the preventive action assigned. 16.2.27 Premises and environment The laboratory premises should be described and, ideally, a plan included. This section should also draw attention to any parts of the premises to which access is restricted and who is authorised to grant access, and should describe any areas subject to special environmental controls as well as the mechanism for monitoring, recording and maintaining such control. Where laboratories conduct activities which are incompatible, for example trace and high level analysis for metals, there should be a description of the facilities provided to ensure the necessary segregation. 16.2.28 Security of premises This section should describe the arrangements for the security of the premises during and outside working hours, identify the persons authorised to hold keys, describe the procedure for granting authorisation, and identify the person with overall responsibility for security. 16.2.29 Appendices There should be appendices covering, as a minimum, the following topics: a) A list of the scope of accreditation held or applied for. b) A list of holders of the quality manual. c) A list of all controlled documents and subsidiary documentation together with their scope of issue or storage locations. d) Examples of pro-formas for recording quality issues such as audits, corrective and preventive action and client complaints. e) An example of the laboratory’s proposed report format. Page 97 Bibliography ISO and other standards These publications are normally available from your national standards body, assuming it is ISO affiliated. ISO/IEC 17025: 2005; General requirements for the competence of testing and calibration laboratories. ISO/IEC 17011: 2004; Conformity assessment, general requirements for accreditation bodies accrediting conformity assessment bodies. This is the international standard to which assessment bodies are expected to adhere. ISO 100012-1: 2003; Measurement Management Systems—Requirements for measurement processes and measuring equipment. Provides a model for setting up a system for controlling measuring equipment and specifies the records to be kept; also gives guidance on strategies for setting calibration and confirmation intervals. ISO/IEC Guide 43, 2nd Edition, 1996. Deals with interlaboratory proficiency testing schemes. It is issued in two parts. Part 1 deals with the operation of schemes, and Part 2 with the selection and use of schemes by laboratory accreditation bodies. ISO Guide 35: 1989; Certification of reference materials—general and statistical principles, 2nd Edition. Deals with the role of reference materials in measurement science and the procedures for their certification. Many of the procedures are equally applicable to the calibration of secondary references against certified references, so it provides useful guidance for laboratories preparing their own in-house quality control standards. It is particularly useful in the area of homogeneity testing. ISO Guide 33: 1989; Guide to the use of certified reference materials. Covers the use of certified reference materials in assessing the performance of a method. It also has an interesting section on how practical measurement scales are realised. Other useful publications Practical statistics for the analytical scientist, Trevor Farrant, 1997, Royal Society of Chemistry (ISBN 0-85404-442-6). A really good introduction to statistics for the analyst, whilst covering advanced topics as well; a useful bench guide. Purchase directly from the United Kingdom laboratory of the Government Chemist or RSC. Statistics and Chemometrics for Analytical Chemistry, J N Miller and J C Miller, 4th Edition, 2000,Prentice Hall (ISBN 0 130 22888 5). The standard guide to statistics for analytical chemistry; a really good introduction and continuing source of reference. Covers everything a chemist needs to know about statistics. Earlier editions are also useful. Titles of editions 1 to 3 do not mention chemometrics. Purchase through bookseller. Applications of Reference Materials in Analytical Chemistry, V Barwick, S Burke, R Lawne, P Roper, and R Walker, 2001, LGC, Teddington, (ISBN 0 875404 448 5). In spite of the title, this book covers other issues, including uncertainty of measurement and statistics of comparison of data. Explanations assume a minimum of familiarity with statistics and are very clear. Purchase directly from the United Kingdom laboratory of the Government Chemist. Page 98 Traceability in Chemical Measurement, 2003, Eurachem. Covers key issues of method validation and also deals with uncertainty of measurement estimation. Quantifying Uncertainty in Analytical Measurement, 1995, 2nd Edition, Eurachem. A useful general guide but does lose the plot occasionally; contains several detailed worked examples of uncertainty estimations which provide a useful pattern which will be appreciated by laboratories working in a much wider area than analytical chemistry. Can be downloaded free from Eurochem site. Evaluating Uncertainty for Laboratories, Dr Alan G Rowley, Alan Rowley Associates. An introduction to the subject specially designed to meet the needs of the chemist with little in the way of statistical background. Available from the author. Useful websites ‘www.ilac.org’ This website describes fully the workings of international recognition of accreditation and also has a wide range of guidance documents for laboratories and accreditation bodies, which can be downloaded., ‘www.ukas.com’ UKAS is the United Kingdom laboratory accreditation body. They have all of their technical guidance documents available for free download. These are a useful source of information for laboratories needing to achieve technical compliance with ISO 17025 in a wide range of areas of expertise. ‘www.lgc.co.uk’ Laboratory of the Government Chemist, United Kingdom; has a collection of downloadable catalogues of reference materials and a searchable database of reference materials. The database is not comprehensive, however, and the catalogues should also be consulted. Also has contact information about where you can buy the publications mentioned above. ‘www.eurachem.ul.pt/index.htm’ Useful source of guidance documents which can be downloaded free. These include the guide to uncertainty of measurement mentioned above. ‘www.eptis.bam.de’ Searchable database of proficiency testing schemes in Europe. Many schemes operate globally. Note that the EPTIS database is not screened in any way, so look carefully as some schemes are neither frequent nor very active. ‘http://www.fasor.com/iso25/’ Very useful page with links to all kinds of ISO 17025 related issues, helpful sites and national accreditation bodies. Page 99 Appendix: Self-examination Self-examination for compliance with ISO 17025 The questions in the self-examination questionnaire in the following pages go through the key requirements of ISO 17025; they are the kind of questions which you should be asking yourself, as a laboratory, as you try to decide where you are ISO 17025 compliant. This will give pointers to where you need to make changes. It cannot be emphasised too strongly that there are no standard ways of achieving compliance; rather there are hundreds of approaches to complying with any particular requirement. You need to focus on the requirement itself and to find the most convenient and cost-effective way to meet it in your particular situation. With each question, tick one of the boxes numbered 1 to 4, based on the following code: 1 No we do not meet this requirement at all. 2 We meet some parts of this requirement. 3 We meet most parts of this requirement. 4 We meet this requirement fully. The numbers in brackets in the questionnaire refer to the relevant clauses in ISO 17025:1999. The higher your total score on this questionnaire, the less you will have to do to become compliant. However, this questionnaire is only intended to form an initial assessment in key areas and does not cover the whole of ISO 17025, so even if your answers are all 4s this does not mean that you already comply—but you are very well placed to make the final adjustments. The maximum score is 204 by the way ! Some general thoughts to bear in mind ISO 17025 is very much a standard to which you adhere by your own efforts. You document how you will meet the requirements of the standard and how you will manage your activities to maintain compliance. You then commit to monitoring your own compliance through audit and related activities and to taking corrective action when you move out of compliance. When you are assessed, the accreditation body will, of course, determine whether you are compliant on the day of assessment. However, the assessors will be far more interested in satisfying themselves that you have a robust management system which will maintain compliance on a routine basis. The assessors normally visit only once a year so the steps which you take to maintain and monitor compliance between visits are a key issue with them. A well managed quality system should pay for itself by reducing the amount of re-testing or re-calibration a laboratory needs to do and by improving its clients’ confidence and hence its success as a business. Page 100 Self-examination questionnaire Organisation Is the laboratory managed in such a way that it operates independently and is free from external influences? Management requirements (4.1.5, 4.2) Is senior management committed to a quality system, including compliance with ISO 17025, and agreed that resources will be provided to establish and maintain it? Do staff at all levels recognise that, irrespective of workload and other pressures, the requirements of the quality system must be followed at all times? Is there a person who is responsible for establishing and monitoring compliance with the quality system on a day-to-day basis? Is there a documented specification of the quality management system, for example in a quality manual, with clear assignment of authority and responsibility such that the managers who supervise work have authority to ensure the quality of the work which they supervise? Document control (4.3) Are there documents available that give work instructions so that staff have a source of reference to enable them to conduct their work properly and consistently? Are all documents1 controlled, which means can you answer ‘yes’ to the following: Are all documents giving instructions or used to record data authorised by defined management personnel? Is a record of the issue of all documents kept and procedures adopted so that, when amendments are made, every copy can be retrieved to be updated? 1 Note that the definition of ‘document’ in ISO 17025 is extremely broad. Please refer to ISO 17025: 1999, 4.3.1 Note 1 for a full list. Page 101 Subcontracting of tests and calibrations (4.5) Do you have a list of approved subcontractors? Do you have a record of the accreditations of the subcontractors? Where subcontractors are not accredited do you have other evidence that they are competent? Purchasing services and supplies (4.6) Do you have a list of approved suppliers and a policy for inclusion of a supplier on the list? Does this policy ensure that purchased materials and services will be good enough to ensure that the quality of your data is not threatened? Service to clients and complaints (4.7) Do clients know how to contact you and who to speak to about the progress of their work? Do you follow up complaints from clients and learn from them so that you can take steps to ensure that the problem does not happen again? Control of nonconforming work (4.9) Nonconforming work occurs when data or services are detected which do not meet the laboratory’s agreed standard of quality. This may be detected internally or externally. Do you have a procedure for ensuring that work, or release of data, is stopped immediately nonconforming work is identified? Do you follow up on nonconforming work in order to learn from it and take action to ensure that the problem cannot happen again? Corrective action (4.10) Where quality problems are identified do you have a procedure for ensuring that prompt corrective action is taken? Do you ensure that the corrective action taken addresses the root cause of the problem, i.e. do you think that you normally make it unlikely that the problem will happen again? Do you follow up to ensure that the corrective action has been Page 102 effective, for example after a period of settling in? Preventive action (4.11) Do you track trends in data so that you can respond to deterioration in quality before it reaches unacceptable levels? Do you hold regular meetings of senior technical staff to discuss areas of concern about quality and consider proposals for improvement? Do you track measurable items, for example turnaround times, numbers of re-tests necessary, and respond when performance appears to be deteriorating? Records (4.12) Where your documentation requires a procedure to be followed do you have records which show whether it was actually done or not? Would your records enable you to identify the person who did each piece of work? Would your records enable you to identify the equipment used? Would your records enable you to prove that the equipment was properly calibrated and functioning correctly? Internal audits and management review (4.13) Do you carry out and record regular inspections to check that the procedures which you have defined and documented are, in fact, being followed? Does senior management carry out reviews to determine whether the quality system continues to meet the needs of the organisation? Personnel (5.2) Do you have appropriate numbers and types of staff so that work can be carried out without having to rush so much that quality may be compromised? Do you formally check if all persons performing technical functions possess the required educational/professional qualifications and experience? Are there clearly defined job descriptions set out for each of the persons working in the laboratory? Page 103 Do you have a procedure for regular performance evaluation to assess their competence? Do you have a procedure for training staff in testing and/or calibration? Accommodation and environmental conditions (5.3) Does the accommodation provide adequate separation of functions to minimize the possibility of cross contamination? (Give a lab floor plan?) Are you confident that the conditions and standard of housekeeping in your laboratory are adequate to ensure that the quality of data is not being compromised? Are there measures to provide uninterrupted services (electricity, gas, water)? Are there measures to restrict the entry of unwanted materials and persons into the laboratory? Are there appropriate storage facilities to provide integrity of samples before and after testing? Test and calibration methods, validation and quality control (5.4, 5.9) Do you use only standard, internationally accepted methods for testing? Are all methods documented to the extent necessary to enable them to be performed properly and consistently? Do you have validation data which shows the performance characteristics, for example accuracy and precision, of all of the methods which you carry out? Are quality control procedures in place to ensure that the performance characteristics established for the methods continue to be met on a routine basis? Is the laboratory staff trained in sampling? Where these are available, does the laboratory make regular measurements on certified reference materials to confirm the accuracy of its measurements? Where available, does the laboratory participate in interlaboratory comparison exercises, i.e. exchange of samples with other laboratories and comparison of results? Page 104 Control of data and data integrity (5.4.7) Is all raw data recorded at the time of observation and traceable, for example by being signed, to the person who made the observation? Are transfers of data between documents, or between documents and computers, subject to checks? Equipment, calibration and traceability (5.5, 5.6) Are operational procedure charts available with each of the equipments? Where the concept is applicable, has equipment been calibrated to ensure traceability to the SI system of units through an unbroken and, if necessary, international chain? Are regular cleaning and maintenance checks performed? Do you have evidence to show that calibration is carried out often enough to ensure that drift between calibrations is not so large as to undermine data quality? Where practicable, is equipment checked between calibrations and records kept to confirm that it has not drifted and lost its calibration? Is all equipment which is subject to regular checks or calibrations labelled to show when the next calibration or check is due? Is there a record of all equipment and particularly of its cleaning, maintenance and calibration history? Handling of test and calibration items (5.8) Do you have a system for uniquely labelling and numbering items so that the number remains with all samples and sub-samples as the item moves through the laboratory? Do you have procedures for identifying samples which require special storage or preservation and for ensuring that appropriate action is taken? Reporting (5.10) The basic required contents of a report are as follows:(a) Name and address of the laboratory; (b) Name and address of client; (c) Unique identifier of certificate or report (such as serial number); (d) On each sheet of the certificate or report, a unique form of sheet Page 105 (e) (f) (g) (h) (i) (j) (k) (1) (m) (n) (o) (p) identifier (such as the serial number of the certificate or report, with a unique page number in the form "page -- of -- pages"); Date of receipt of calibration or test item, and date(s) of performance of calibration or test, as appropriate; Date of issue of certificate or report; Signature and legible name of approved signatory or signatories taking responsibility for the content of the certificate or report, or equivalent form of technical authorisation; Unambiguous identification of item(s) calibrated or tested (including name of manufacturer of item(s), any model or type designation and any relevant serial numbers, as appropriate); Any abnormalities or departures from standard conditions; Reference to calibration or test method and procedure used; Any standard or other specification relevant to the calibration or test method or procedure, and deviations, additions to or exclusions from the specification concerned; Where relevant to the validity or application of the calibration or test result(s), details of any sampling, item preparation, or data analysis; Calibration or test result(s); Any design or performance specifications met or failed; Estimated uncertainty of the calibration or test result (this information need only appear in test reports and test certificates where it is relevant to the validity or application of the test result, where a client's instructions so require, or where uncertainty affects compliance to a specification or limit); Any other available information requested by a client relevant to the validity or applicability of the calibration or test result. Check your typical reports against this list and assess the degree of compliance. Total Score Page 106 Printed in Austria V.09-86727—October 2009—500 UNITED NATIONS INDUSTRIAL DEVELOPMENT ORGANIZATION Vienna International Centre, P.O. Box 300, 1400 Vienna, Austria Telephone: (+43-1) 26026-3859, Fax: (+43-1) 26926-6840 E-mail: [email protected], Internet: www.unido.org