Planning for internal audits under the ISO/IEC 17025:2017 standard may be different for your laboratory.
The biggest change in the requirements for internal audits comes in clause 8.8.2 (a) which states that laboratories “…shall take into consideration the importance of the laboratory activities concerned, changes affecting the laboratory, and the results of previous audits.” This clause is about risk-based thinking. When planning your audits under the 2017 version of the standard, you need to apply risk-based thinking and decide what areas of the laboratories and specific procedures need to be included in the audit.
So, what do you need to consider? First of all, the importance of the laboratory activities concerned. Which procedures, both technical or part of the management system, are critical to the work your laboratory does? This may mean tests that are the main source of your income, or that are conducted for critical clients.
Changes affecting the laboratory also need to be considered. This could be changes to the standard method, test method, equipment, staff, supplier, etc.
Results from the previous audit is also included as a consideration. What findings or areas of concern were included on the audit or assessment report?
It is up to the laboratory to include an assessment of these three criteria when planning an audit and to decide what should be included on their audit. Assessors may be asking you to describe how you plan your audit and how you make decisions about what is included in the audit. How do you decide what procedures are important to your laboratory’s activities? How do you assess change and the impact of that change on your laboratory activities? How do use the information from previous audits/assessments to plan the upcoming audit? They will also be looking for how you ensure your full management system, including all technical tests, is audited over a reasonable time period. Your accreditation body may have additional requirements, such as what constitutes a “reasonable time period” to cover all technical tests methods, and ensuring your audit includes tests and techniques that are representative of the methods on the scope of accreditation. (See details on CALA's requirements in P07-2017 CALA Application of Requirements in ISO/IEC 17025:2017)
How do you make your decisions on what to include in your internal audits? Join the conversation by leaving a comment below.
For more information on auditing under ISO/IEC 17025:2017 check out the webinar, Auditing Against the Revised ISO/IEC 17025:2017 standard.
If you want to learn how to plan and lead an internal audit to ISO/IEC 17025:2017, plan to attend the Lead Auditor for ISO/IEC 17025:2017 course.