It is important to note that the ISO/IEC 17025:2017 standard contains substantive changes, including:
The process approach of ISO/IEC 17025:2017 now matches that of more recent standards, such as ISO 9001:2015 (Quality Management Systems).
The scope of the ISO/IEC 17025 standard covers all the laboratory activities including testing, sampling, and calibration.
Furthermore, the new version of the ISO/IEC 17025 standard focuses more on information technology, which incorporates the use of computer systems, Laboratory Information Management System software, and the provision of electronic test results.
The standard also focuses on the concept of risk-based thinking, whereby the laboratory takes a proactive approach towards addressing risks that can prevent the laboratory from achieving its objectives. This involves an elaborate risk management process which includes risk identification, analysis and evaluation, risk monitoring and risk control measures; though the standard does not require formal risk management methods or documented risk management processes. It is the laboratory’s key responsibility to decide which risks and opportunities need to be addressed.
Although the recent version of the ISO/IEC 17025 standard presents a new structure, the key technical requirements are as important as ever. Laboratories still have to carry out equipment calibration and method validation, participate in interlaboratory comparisons via proficiency testing and estimate uncertainty of measurement. A key distinction however is the greater emphasis on some requirements such as sampling (7.3), metrological traceability, which has a new sub clause of its own (6.5) under Resource Requirements, and additional information regarding it in Annex A.
6. The main clauses of ISO/IEC 17025:2017
As displayed in the comparison matrix above, the 2005 version of the ISO/IEC 17025 standard included two main requirements: the management requirements and the technical requirements. The 2017 version of the ISO/IEC 17025 standard, on the other hand, includes the following requirements:
1. General requirements: This clause highlights two main elements: impartiality and confidentiality. This clause ensures that the laboratory is committed to impartiality and that the risks related to impartiality are identified on a continuous basis. Meanwhile, confidentiality ensures that prior to the release of the information into a public domain, customers are informed. Confidentiality also entails not releasing the information obtained from a source other than the customer, as well as the source of the information to the customer unless it has been authorized by the source. Additionally, this clause emphasizes the release of confidential information when required by law or authorized by contractual arrangements. The laboratory should commit to ensure information confidentiality during all processes, treatments and interactions.
2. Structural requirements: This clause emphasizes the legal status of the laboratory, the structure of the laboratory, the identification of the personnel and the management, as well as the availability of the personnel responsible for implementing and maintaining the integrity of the management system. It also emphasizes the documentation of procedures to the extent necessary to ensure consistency in the application of laboratory activities and the validity of the results.
3. Resource requirements: This clause establishes the need for laboratories to ensure the availability of personnel, facilities, equipment, systems and support services required for the smooth performance/operations and management of all its activities. Calibration of equipment shall be done when measurement accuracy or measurement uncertainty affects the validity of reported results and this will further assist in establishing the metrological traceability of the reported results. The laboratory shall also ensure that it communicates to its customers on all externally provided products and services i.e. subcontracting activities, purchasing services and supplies with requirements and controls in place.
4. Process requirements: This clause represents the procedures and other methods for the review of requests, tenders, and contracts. The clause covers the requests of the customers, the decision rule and the differences between tenders and requests that should be applicable to customers before any other laboratory activity takes place.
It also covers the selection, verification, and validation of methods. This ensures that the laboratory will use appropriate methods and procedures for its activities. Furthermore, the laboratory will ensure that it is using the most recent methods which cover the latest technological developments.
Through the use of relevant or current technology or methodology, the laboratory will be able to develop a sampling plan when it intends to carry out sampling of substances, materials or products for subsequent testing or calibration. Other elements captured by the clause are: handling of test or calibration items, technical records, evaluation of measurement uncertainty, ensuring the validity of results, reporting of results, complaints, nonconforming work, control of data, and information management.
Figure 1: Example of the operational process of a laboratory as described in Clause 7 Process requirements.

5. Management system requirements: This clause now provides two distinct options (Option A and Option B) for establishing a management system.
Option A
Option A provides a minimum set of requirements the laboratory shall meet, that is by addressing clauses 8.2 to 8.9 of ISO/IEC 17025 in order to establish a management system.
The minimum requirements for the implementation of a management system, as per option A, are as follows:
-
Clause 8.2 Management system documentation
-
Clause 8.3 Control of management system documents
-
Clause 8.4 Control of records
-
Clause 8.5 Actions to address risks and opportunities
-
Clause 8.6 Improvement
-
Clause 8.7 Corrective actions
-
Clause 8.8 Internal audits
-
Clause 8.9 Management reviews
Organizations that implement clauses 4 to 7 and Option A of clause 8 of the ISO/IEC 17025 standard can be adjudged to meet up with the general principles of ISO 9001.
Option B
Option B gives a provision of establishing and maintaining a management system in accordance with ISO 9001 requirements.
This option points out that a laboratory that has already established and maintained a management system in compliance with the requirements of ISO 9001, with satisfactory evidence of compliance to clauses 4 to 7 of the ISO/IEC 17025 standard can be adjudged to fulfill, at least the intent of the management system requirements set out in clauses 8.2 to 8.9 of the ISO/IEC 17025 standard. This option makes it easier and practicable for laboratories to simultaneously manage the implementation of ISO 9001 and ISO/IEC 17025. In summary, if a laboratory has already implemented ISO 9001, Option B may allow for greater flexibility in implementing ISO/IEC 17025:2017.
Both options are intended to achieve quality results in the performance of the laboratory’s management system and its compliance with clauses 4 to 7 of the ISO/IEC 17025 standard.
Laboratories only need to conform to one of the options above, not both.
7. The implementation methodology
PECB has developed a methodology for implementing a management system so as to ensure that all certification/accreditation and standard requirements are captured, thus aiding step-by-step systematic deployment and use. It is called the “Integrated Implementation Methodology for Management Systems and Standards (IMS2)” and it is based on international best practices. This methodology is based on the guidelines specified in ISO standards, which also meets the requirements of ISO/IEC 17025:2017.
Figure 2: Integrated Implementation Methodology for Management Systems and Standards – ISO/IEC 17025
IMS2 is based on the PDCA cycle, which is divided into four phases: Plan, Do, Check and Act. Each phase has a number of steps which are further divided into activities and tasks. This ‘Practical Guide’ considers the key phases in the organization’s implementation project from start to finish. Constructively, it suggests the appropriate ‘best practice’ for each step while directing the organization as it embarks on its ISO/IEC 17025 journey.
By following a structured and effective methodology, an organization can ensure that it covers all the minimum requirements for the implementation of the management system. As stated above, whatever methodology used, the organization must adapt it to its particular context. The key to a successful implementation relies on a contextualized and adaptable approach by the respective organization.
8. Training and certifications of professionals
PECB has created a training roadmap and personnel certification schemes which are strongly recommended for implementers and assessors of a laboratory who wish to become certified against ISO/IEC 17025. The certification of individuals serves as documented evidence of professional competency, while also providing evidence that the individual has attended one of the related courses and successfully completed the exams. It also proves that the certified professional has the expertise to assist a laboratory in successfully obtaining an ISO/IEC 17025 accreditation.
Personnel certifications demonstrate that the professional possesses the defined competencies based on best practices. It also allows laboratories to make an informed decision on the selection of employees or services based on the competencies that are represented by the certification designation. Finally, it provides opportunities for the professional to constantly improve his/her skills and knowledge, and also serves as a tool for employers to ensure that training and awareness have indeed been effective.
PECB training courses are offered globally through a network of authorized training providers; they are available in several languages and include the following: Introduction, Foundation, Lead implementer, and Lead Assessor courses. The table below provides a short description of PECB’s official training courses for the competence of testing and calibration of laboratories based on ISO/IEC 17025.

Although a specified set of courses or curriculum of study is not required as part of the certification process, the completion of a recognized PECB training course or program of study will significantly enhance the chances of passing a PECB certification examination as the examination is based on PECB’s training material.
The list of approved organizations that offer PECB official training sessions can be found on our website:
www.pecb.com.
Annex A
Table A.1: Detailed ISO/IEC 17025:2005 to ISO/IEC 17025:2017 comparison matrix table
Principal Author
-
- Eric LACHAPELLE, PECB
-
- Faton ALIU, PECB
-
- Albina OSMANI, PECB
-
- Jetë SPAHIU, PECB
Contributors
-
- Sanja Rojčević - Croatian Accreditation Agency (Croatia)
-
- Ogunranti Feyisara- Standards Organisation of Nigeria (Nigeria)
-
- Mehdi EL ARBI - LE PLUS (Tunisia)
-
- Phoebe Okochi - Standards Organisation of Nigeria (Nigeria)
-
- Dr.-Ing Wassim Mansour - SMART-TEC (SMART Training, Engineering & Consulting) (Tunisia)
-
- Ali Meniari - DXC Technology (Morocco)
-
- Abdoulhayou Moumouni - Agence pour la Sécurité de la Navigation Aérienne en Afrique et à Madagascar (ASECNA) - Burkina Faso
-
- Vincent B. Mokaya - Diverse Management Consultancy Ltd (Kenya)
-
- Innocent Atasie - G2GFM Consulting (Nigeria)
-
- Olusegun Adekoya - Boulos Enterprises Limited (Nigeria)
-
- Oladotun Bolade - EN2SOL PNP LTD/COVENANT UNIVERSITY (Nigeria)