ISO/IEC 17025:2017: Computerized Systems and Equipment
In this article, we analyze the changes and requirements introduces by ISO/IEC 17025:2017 regarding Equipment and Computerized Systems
The impartiality, competence, and confidence in the operation of the laboratories are guaranteed by the ISO/IEC 17025 standard, whose revision was published in December 2017. This document replaces the 2005 edition and incorporates relevant modifications on the requirements that the laboratories to generate valid results.
With a greater focus on information technologies, the standard now recognizes and incorporates the use of computer systems, electronic records and the production of electronic reports and results. Therefore, the changes introduced by ISO/IEC 17025 regarding Equipment and Computerized Systems, acquire special relevance, which is why we review the clauses that affect the management of the computerized environment in the laboratory.
ISO/IEC 17025 – Equipment
Regarding the requirements on resources, and understanding that the new standard offers a flexible framework oriented towards achievement, ISO/IEC 17025 incorporates the concepts of access and availability to resources, allowing the laboratory to choose the route it considers most appropriate, always considering the level of risk you want or can take.
Regarding personnel (Human Resource 6.2) and facilities and environmental conditions (6.3), no significant changes are presented.
But in Equipment (6.4), the changes introduced by ISO/IEC 17025 are significant. Within the Equipment, consumables are now incorporated, especially reagents.
Regarding the conformity of the equipment, ISO/IEC 17025 establishes:
6.4.4 The laboratory will verify that the equipment complies with the specified requirements before placing it or putting it back into service.
6.4.5 The equipment used for the measurement must be able to achieve the accuracy of the measurement and/or the measurement uncertainty required to provide a valid result.
Regarding the equipment calibration status:
6.4.8 All equipment that requires calibration or has a defined validity period should be labeled, coded or otherwise identified to allow the user of the equipment to easily identify the status of the calibration or the period of validity.
Reorder the data that should be kept as activity control records:
6.4.13 Records of equipment that may influence laboratory activities shall be maintained. The records shall include the following, when applicable:
a) the identity of the equipment, including the software and firmware version;
b) the name of the manufacturer, identification of the type and serial number or other unique identification;
c) evidence of verification that the equipment meets the specified requirements;
d) the current location;
e) calibration dates, calibration results, adjustments, acceptance criteria and expiration date of the next calibration or calibration interval;
f) documentation or reference materials, results, acceptance criteria, relevant daters and validity period;
g) the maintenance and maintenance plan carried out to date when it is relevant to the performance of the equipment;
h) details of any damage, malfunction, modification or repair of the equipment.
Concerning Metrological Traceability, a review of the options for their demonstration and establishment is presented.
ISO/IEC 17025 – Computerized Systems
The introduction of computerized systems for the treatment of data and information is one of the main changes introduced by ISO/IEC 17025. And it does so as a way of aligning the standard with the ISO 9001:2015 quality management and cover all technical changes, technical developments, and developments in IT techniques that the industry has seen since the last version of the 2005 standard.
Regarding the technical records, it establishes:
7.5.1 The laboratory should ensure that the technical records of each laboratory activity contain the results, report and sufficient information to facilitate, if possible, the identification of the factors that affect the measurement result and its associated measurement uncertainty and allow the repetition of laboratory activity in conditions as close as possible to the original. The technical records must include the date and identity of the personnel responsible for each laboratory activity and to verify the data and results. The observations, data and original calculations will be recorded at the time they are made and will be identifiable with the specific task.
Regarding the requirements of the laboratory information management system, the novelty is contained in clause 7.11, which deals with “Data control and information management” and clarifies that these requirements must be extended to external suppliers:
7.11.3 The laboratory information management system(s) shall:
a) be protected from unauthorized access;
b) be protected against manipulation and loss;
c) be operated in an environment that meets the specifications of the supplier or the laboratory or, in the case of non-computerized systems, provide conditions that safeguard the accuracy of recording and manual transcription;
d) maintained in a manner that ensures the integrity of the data and information;
And on the validation of the laboratory information management system, ISO/IEC 17025:2917 requires:
7.11.2 The laboratory information management system(s) used for the collection, processing, registration, notification, storage or retrieval of data shall be validated for functionality, including the proper functioning of the interfaces within the laboratory information management system or systems before its introduction. Whenever there is a change, including the configuration of the laboratory software or modification to standard commercial software for general use, they must be authorized, documented and validated before implementation.
NOTE In this document, “laboratory information management system(s)” includes the management of data and information contained in computerized and non-computerized systems. Some of the requirements may be more applicable to computerized systems than to non-computerized systems.
As the ISO/IEC 17025 standard focuses more on information technologies, the secure management of data and the solutions that guarantee its integrity around electronic records and the production of electronic reports and results gain importance.
At Oqotech, we can help you secure lab processes and automate your management, as well as validate your computerized systems as we have already helped clients like Korrot, Laboratories Quinton, Edefarm or Cosmoral. Contact one of our consultants to receive the advice you need.