ISO/IEC 17025 are the general requirements for the competence of testing and calibration laboratories and is the main standard used by testing and calibration laboratories. The most recent version is from the year 2017. The previous version was dated 2005. This blog post discusses the changes.
When ISO/IEC 17025 was revised in 2017, it did more than shuffle clause numbers. It modernized how laboratories demonstrate competence, moving from a prescriptive, document‑heavy model to a flexible, risk‑based approach that fits today’s testing and calibration environment (17025Store, 2020; PJLA, 2018; EPPO, 2020; Advisera, 2019).
From Procedures to Performance
The 2005 edition told laboratories in detail how to run their management system: have a Quality Manual, specific documented procedures, and clearly prescribed controls (Advisera, 2019; 17025Store, 2020).
The 2017 edition keeps the what (reliable, technically valid results) but gives more freedom on the how, emphasizing performance and outcomes over rigid formats (Advisera, 2019; 17025Store, 2020; PJLA, 2019).
In practice, this means a lab can design processes that fit its size, technology, and risk profile, as long as it can show consistent, technically valid results and compliance with the requirements (Advisera, 2019; 17025Store, 2020).
The result is intended to be less box‑ticking and more focused on whether the system actually works in daily operations (Advisera, 2019; PJLA, 2019).
New Structure, Same Core Purpose
ISO/IEC 17025:2005 organized requirements into two big blocks: management (Clause 4) and technical (Clause 5) (17025Store, 2020; PJLA, 2018; PJLA, 2019).
The 2017 edition adopts a structure that mirrors modern ISO standards, especially ISO 9001:2015, and spreads requirements across five main sections (Clauses 4–8) (17025Store, 2020; PJLA, 2018; PJLA, 2019).
These sections cover general requirements, structural requirements, resource requirements, process requirements, and management system requirements (17025Store, 2020; PJLA, 2018).
This process‑oriented layout intends to make it easier to integrate ISO/IEC 17025 with an existing quality management system and to see how responsibilities, resources, and processes connect to final test and calibration results (17025Store, 2020; PJLA, 2019).
Management System: Less Paper, More Options
Under the past 2005 version, a formal Quality Manual and a defined set of documented procedures were explicitly required, even for small laboratories (Advisera, 2019; 17025Store, 2020).
The 2017 standard removes the explicit Quality Manual requirement and treats documentation more broadly as “documented information,” allowing labs to use digital tools, integrated systems, or lean documentation as appropriate (Advisera, 2019; 17025Store, 2020; PJLA, 2019).
A key innovation is the introduction of “Option A” and “Option B” for the management system (17025Store, 2020).
Option A means following the management system requirements directly from ISO/IEC 17025, while Option B lets labs leverage an existing ISO 9001‑compliant system (or equivalent) to meet those requirements, reducing duplication for organizations already certified to ISO 9001 (17025Store, 2020; PJLA, 2019).
Risk‑Based Thinking
The 2017 revision brings risk‑based thinking into the heart of the standard, reflecting broader ISO strategy and industry practice (17025Store, 2020; PJLA, 2018; PJLA, 2019).
Where the 2005 version mentioned risk only indirectly, the 2017 standard refers to it repeatedly and introduces a dedicated clause on actions to address risks and opportunities (17025Store, 2020; PJLA, 2018; PJLA, 2019).
Instead of prescribing preventive action as a separate concept, risk‑based thinking pushes labs to identify where things could go wrong, prioritize what matters most, and design controls that are proportionate to the impact (17025Store, 2020; PJLA, 2019).
For a lab, this might mean focusing more effort on high‑risk methods, complex measurements, or critical customers, rather than applying the same level of bureaucracy to everything (17025Store, 2020; PJLA, 2019).
Impartiality, Confidentiality, and Modern IT
The 2017 edition strengthens requirements for impartiality and confidentiality, giving them clear, standalone visibility early in the standard (17025Store, 2020; PJLA, 2018).
In the 2005 version, these topics were present but woven into general management and organizational requirements, making them less prominent (17025Store, 2020; PJLA, 2018).
The revision also acknowledges the reality of modern laboratories: computer systems, electronic records, and electronic reports are now addressed (PJLA, 2018; PJLA, 2019). This covers how labs manage data integrity, control access, and ensure reliable electronic outputs—areas that were much less explicit in 2005 but are critical now for both technical validity and trust (PJLA, 2018; PJLA, 2019).
Scope and Process Requirements
Another important shift is in how the scope and core processes are framed.
The 2017 version clearly states that it applies not only to testing and calibration, but also to sampling associated with those activities, reflecting the real workflow many labs follow (PJLA, 2018; PJLA, 2019).
Process‑related requirements—such as method selection and validation, sampling, handling of items, evaluating measurement uncertainty, ensuring validity of results, reporting, complaints, and nonconforming work—are grouped together in a “Process requirements” clause (17025Store, 2020; PJLA, 2018).
This helps laboratories think holistically about the life cycle of a sample or item—from request to report—and align controls along that chain instead of treating them as isolated requirements (17025Store, 2020; PJLA, 2019).
Postscript
