ISO 17025 Internal Auditor Requirements

[Vader22]

Do ISO 17025 Internal Auditors have to to have official ISO 17025 Lead Auditor training to perform audits?

I couldn't find a requirement in the standard, but may have missed it. TIA


8.8 Internal audits (Option A)
8.8.1 The laboratory shall conduct internal audits at planned intervals to provide information on whether the management system:
a) conforms to:
— the laboratory’s own requirements for its management system, including the laboratory activities;
— the requirements of this document;
b) is effectively implemented and maintained.
8.8.2 The laboratory shall:
a) plan, establish, implement and maintain an audit programme including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the importance of the laboratory activities concerned, changes affecting the laboratory, and the results of previous audits;
b) define the audit criteria and scope for each audit;
c) ensure that the results of the audits are reported to relevant management;
d) implement appropriate correction and corrective actions without undue delay;
e) retain records as evidence of the implementation of the audit programme and the audit results.
NOTE ISO 19011 provides guidance for internal audits.

 

[qualitymanagerTT]

Well, I don't know about "ISO 17025", but ISO/IEC 17025 clauses 6.2.2 and 6.2.5 should be considered for an area as important as Internal Audits.

 

[SeanN]

Quick answer: No. I am, and I don't.

 

[ralphmartin]

The internal auditor training requirements were clear in the 2005 version of the standard. It indicated that the internal auditor needed to be qualified to conduct an internal audit. Even in that requirement, there was no actual requirement for the internal auditor to receive a formal internal auditor certification. That being said, in the current version, with the introduction of risk-based thinking and impartiality requirements, the emphasis is on whether the internal auditor is not biased to the area that is being audited. In other words, the purchasing agent should not audit section 6.6 of the standard, which is externally provided products and services. As an external auditor myself, I would just make sure that the internal auditor has been trained to the labs internal audit procedure and ensures there is not risk to impartiality during the internal audit. I am a certified ISO/IEC 17025 auditor and have been on both sides of the fence. There is no formal requirement for the internal auditor to be certified in any way, shape or form. I hope this helps.

 

[itsbiodiversity]

The internal auditor training requirements were clear in the 2005 version of the standard. It indicated that the internal auditor needed to be qualified to conduct an internal audit. Even in that requirement, there was no actual requirement for the internal auditor to receive a formal internal auditor certification. That being said, in the current version, with the introduction of risk-based thinking and impartiality requirements, the emphasis is on whether the internal auditor is not biased to the area that is being audited. In other words, the purchasing agent should not audit section 6.6 of the standard, which is externally provided products and services. As an external auditor myself, I would just make sure that the internal auditor has been trained to the labs internal audit procedure and ensures there is not risk to impartiality during the internal audit. I am a certified ISO/IEC 17025 auditor and have been on both sides of the fence. There is no formal requirement for the internal auditor to be certified in any way, shape or form. I hope this helps.

Good day! For a small company with few local vendors of internal audits, would you have an issue with the QM performing the internal audit if they can prove they are unbiased? I would believe that so long as the audit is performed according to procedure and findings documented and acted on there would be minimal risk. Looking forward to your thoughts!

 

[david7763]

Do ISO 17025 Internal Auditors have to to have official ISO 17025 Lead Auditor training to perform audits?

I couldn't find a requirement in the standard, but may have missed it. TIA


8.8 Internal audits (Option A)
8.8.1 The laboratory shall conduct internal audits at planned intervals to provide information on whether the management system:
a) conforms to:
— the laboratory’s own requirements for its management system, including the laboratory activities;
— the requirements of this document;
b) is effectively implemented and maintained.
8.8.2 The laboratory shall:
a) plan, establish, implement and maintain an audit programme including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the importance of the laboratory activities concerned, changes affecting the laboratory, and the results of previous audits;
b) define the audit criteria and scope for each audit;
c) ensure that the results of the audits are reported to relevant management;
d) implement appropriate correction and corrective actions without undue delay;
e) retain records as evidence of the implementation of the audit programme and the audit results.
NOTE ISO 19011 provides guidance for internal audits.

As others have confirmed, ISO/IEC 17025 provides no requirement for auditors to be certified. It is clause 6.2.5 where you should look to determine the competencies of your auditors. It is also helpful to consult ISO 19011 section 7.2, which provides a great deal of guidance for auditor competence. Ultimately, the standard requires that an organization itself shall determine the competencies required of auditors and then demonstrate that its auditors have those competencies.

ISO/IEC 17025 provides no requirement for a Lead Auditor, although ISO 19011 assumes that organizations will have at least one lead auditor. There is nothing that prevents a small organization from having only a single auditor who may fulfill the ISO 19011 roles of audit program manager, lead auditor, and auditor.

I always recommend to my clients that they pursue any training offered by their chosen accreditation body, whether that is a basic overview of the standard or an auditing course. This provides you (the auditee) with insight into how your accreditation body (the auditor) interprets and audits the standard. Very useful understanding to have and it addresses the recommendation of ISO 19011 clause 7.1d that auditors continually improve their competence.

 

[david7763]

Good day! For a small company with few local vendors of internal audits, would you have an issue with the QM performing the internal audit if they can prove they are unbiased? I would believe that so long as the audit is performed according to procedure and findings documented and acted on there would be minimal risk. Looking forward to your thoughts!

If I were auditing an organization where the Quality Manager was also the internal auditor, I would have no issue with that based on the requirements of the standards. ISO/IEC 17025 only requires that personnel that could influence the laboratory activities shall act impartially, be competent and work in accordance with the laboratory's management system. I would look closely at the audits to make sure there is no evidence of bias or undue influence and I would review the organization's own definition of auditor competence and verify records that show the QM has those competencies.

As an aside, I have been the Quality Manager and simultaneously the Lead Internal Auditor for labs in the past. At least two US Accreditation Bodies have accepted this arrangement without concerns.

ISO 19011, in clause 4e, recognizes that it may not always be possible for internal auditors to be fully independent of the activity being audited, so allowance is made for this as long as objectivity and impartiality are maintained.