Advice for ISO17025 First Round of Internal Audits

[spacey]

I have created an ISO17025 Manual and QMS for the company I work for, we are applying for accreditation.

I now need to start auditing the system, before I start can anyone advise on which sections to start auditing from or any particular order to carry this out?

Was thinking of starting of auditing sections 4.1 to 4.8 then 5.1 to 5.10 and finishing with 4.9 to 4.15

Thank you.

 

[Stijloor]

A Quick Bump!

Can someone help??

Thank you very much!!

 

[AndyN]

I have created an ISO17025 Manual and QMS for the company I work for, we are applying for accreditation.

I now need to start auditing the system, before I start can anyone advise on which sections to start auditing from or any particular order to carry this out?

Was thinking of starting of auditing sections 4.1 to 4.8 then 5.1 to 5.10 and finishing with 4.9 to 4.15

Thank you.

Firstly, the requirements of the internal audit programme for ISO/IEC 17025 are very similar to ISO 9001. Doing "clause" audits as you propose isn't going to pass an accreditation auditor. The expectation is going to be "process".

Where should you start? What did ISO/IEC 17025 bring that's a new process/practice to your lab? New = risky. Risk based audit scheduling is the way to go.

 

[spacey]

AndyN thanks for your reply

I thought the processes would have been audited when auditing the clauses of the standard.

 

[AndyN]

AndyN thanks for your reply

I thought the processes would have been audited when auditing the clauses of the standard.

With the advent of ISO 9001, the "word on the street", zeitgeist or pure fashion is to now audit "processes" and NOT clauses of the standard... So, your plan is expected to reflect lab processes, not standard clauses.

Have you had auditor training, BTW?

 

[spacey]

Thanks for the reply.

Have had auditor training for 9001+14001, but not 17025

Have written the 17025 manual and had training to do this, but not auditing to 17025.

Aiming to complete first round of audits and management review then pre-assessment and go from there.

 

[AndyN]

Thanks for the reply.

Have had auditor training for 9001+14001, but not 17025

Have written the 17025 manual and had training to do this, but not auditing to 17025.

Aiming to complete first round of audits and management review then pre-assessment and go from there.

And your trainers didn't discuss the "process approach" to (internal) auditing? If you know the lab and have audited, the standard doesn't really matter. You'll be auditing the labs processes/methods anyway (the standard's not as important)

 

[spacey]

thanks, my training was years ago, I do cover process audits during 9001 audits.

We will be auditing the lab to IS017025 and auditing the process used during recognised testing standards.

 

[AndyN]

AndyN thanks for your reply

I thought the processes would have been audited when auditing the clauses of the standard.

The key issue with auditing clauses is that you can end up with fulfilling the clauses as "compliant", but miss the point as to whether the process(es) are effective! As auditors who audit clauses, we can draw incorrect conclusions about the system from JUST looking at clauses. Now, while it's true to say that nowhere does it mandate process MUST be looked at, you have to step back and ask yourself what's the principle reason for internal audits? (Not AB/CB audits, that's different)

The primary purpose of internal audits is the validation of the use of the management system (a system of processes) is being used to achieve the "planned results". If you ONLY look at clauses - and some will argue that's perfectly acceptable and compliant - the practical reality is that to confirm the processes are effective, the auditor must audit the process! And, in doing so, if you are gather information about the other parts of the management system which help to control the subject process, you'll cover a significant number of "clauses" at the same time!

 

[Hershal]

When I went into organizations to begin an accreditation assessment, I did not take the Clause approach (do it by rote, so to speak), and not the process approach. I took the systemic approach.

Hence I would begin with Command and Control, and monitoring. So, Clauses 4.15, 4.14, 4.8, 4.9, 4.13. Next would come 4.4, 4.6, 5.2, and 5.9. Within four hours I would know whether there were serious issues or not, other than traceability and uncertainty, which I would assess in the lab while observing the demonstrations. Then I would assess the technical operations. By the time I finished that, there were a few minor sub-Clauses to wrap up, but that would be all. Faster, more efficient, and more comprehensive.

Now, that does not mean there would not be other issues that resulted in a finding, but with the approach I used, it is difficult at best to conceal serious issues.

Just curious, may I ask the AB you have applied to?

Hope this helps.