ISO-17025-blog

ISO/IEC 17025 Blog

ISO 17025 technical internal audit: The basics

Laboratories are required to have a program of internal audits to assess whether their operations comply with ISO/IEC 17025 requirements on an ongoing basis. This involves auditing both management and technical activities to identify gaps, and to drive improvements.

A positive audit culture is essential to ensure that internal technical audits are effective. Management should encourage an open, fair, collaborative effort between technical auditors and auditees. The technical auditors must clearly communicate with auditees that gaps will be identified together in order to drive improvement, not to find “fault” and cast blame.

In this article, I will provide an overview of the various technical audit techniques and the technical requirements covered in three types of technical audits.

Are technical audits similar to management audits?

The same professional behavior, general auditing skills, and good understanding of the ISO/IEC 17025:2017 standard is needed in both technical and management audits to ensure they are unbiased and meet their purpose. Technical auditors, just like lead management auditors, need to be independent, impartial, observant, perceptive, and focused on assessing the compliance of processes, procedures, and documented information against specific audit criteria. The ISO 19011 principles of auditing apply to both: for example, taking a risk-based approach and making evidence-based decisions on findings.

Technical auditors must, in addition, have good working technical knowledge of the particular technical activity to be audited. This could be a process (e.g., sampling) or method technique (e.g., HPLC).

What are the three types of audits?

There are three types of technical audits used to assess technical competence: witnessing, vertical, and horizontal.

ISO 17025 technical internal audit: The basics - 17025Academy

 

a) Witnessing

Witnessing involves observing an auditee performing a particular activity, for example, a specific test method, and assessing the degree of compliance. The auditor must be provided with the documented test method against which compliance is assessed.

During the witnessing, the auditor would assess compliance with applicable clauses, but only as they relate to the specific witnessing. This means, for example, only the witnessed auditee’s training records would be assessed, for the specific activity.

b) Vertical audits

A vertical technical audit involves selecting a single report or reported result and assessing compliance with applicable clauses, but only for the specific laboratory activities to get to the point of reporting the specific result. The auditor would either work systematically backward, from the report to the registration of the particular sample (or sampling, if included), or forward from the sample registration.

c) Horizontal audits

Horizontal audits involve assessing compliance with applicable clauses, but across all test methods or activities within the scope of accreditation.  For example, environmental controls (clause 7.7) or technical competency of personnel (clause 6.2). A horizontal audit could involve one or all technical clauses. It would be performed on a sampling basis. This means, for example, for personnel requirements (clause 6.2), although primary documents such as the procedure, training matrices, and form templates are assessed, not every personnel training record is included. Those that are selected, however, are assessed across all training activities.

Performing a technical audit

The technical audit involves a process and performance-based approach using suitable techniques to collect and verify supplied information, document observations, and record audit findings against technical audit criteria. The auditor must be able to assess whether the laboratory’s risk-based approach produces valid results for customers and meets ISO 17025 requirements for technical competence

Internal auditing techniques include the use of checklists, document review, questioning and listening during interviews, and witnessing of activities. Findings are then confirmed by the auditor as either meeting the requirement (conforming) or not (nonconforming).

Note that although certain audit techniques are more suitable for onsite audits, they can be adapted for remote audits. Whether remote or onsite, technical audits should be interactive to allow the auditor to engage with the auditees to develop an understanding of the critical technical issues at hand. The techniques should be chosen and combined based on the audit scope, objectives, and operational activities available for assessment.

Using checklists for performing a technical audit

Irrespective of the audit type, the auditor would use appropriate checklists and follow these steps:

  1. Seek objective evidence against the audit criteria.
  2. Document observations, recording audit findings, documents, and records supplied during the audit, including version.
  3. Justify confirmation of findings as compliant or noncompliant against the audit criteria.
  4. Discuss the noncompliant findings with the auditees and raise nonconformances (NC) using the process agreed to, either within the audit report or on a NC form.

Note that it is advisable to use the accreditation body checklists, to benefit from familiarity. Alternatively, the auditor could use in-house laboratory checklists, based on the accreditation body checklists.

The following audit criteria would be included in the technical audit checklists:

  • Personnel training, competency, and authorization records (of witness or identified operators) (clause 6.2)
  • Facilities and environmental conditions – suitability and recording (clause 6.3)
  • Sampling and handling of test or calibration items (clause 7.3 and 7.4)
  • Performance capability of selected methods (validation data) and evaluation of measurement uncertainty, indicating method adequate for intended use of the measurement result (clause 7.2 and 7.6)
  • Metrological traceability of measurement results – certificates and storage conditions of reference materials used; maintenance, calibration, and intermediate checks of equipment (clause 6.4 and 6.5)
  • Internal control procedure and acceptability of quality control results (clause 7.7)
  • Technical Records – auditor to record which data and calculations were checked (clause 7.5 and 7.11)
  • Reporting of results (clause 7.8).

How much time should be allocated for technical audits?

Typically, a half to full day is allocated for each witnessing or vertical audit, and up to two days for a horizontal audit covering all technical clauses. Depending on risk, the size of the laboratory, and the scope of accredited tests, at least one full horizontal audit, one witnessing, and one vertical audit should be included in each audit program, usually scheduled over 12 months.

A win-win activity

An effective technical internal auditing program is rewarding for both laboratory operations and personnel. By performing the different types of technical audits to assess conformity to ISO 17025, staff would gain new skills, while at the same time becoming more familiar and prepared for the external assessments by the accreditation body. On a day-to-day basis, the management system would become more robust against risks with fewer nonconforming events being experienced. Personnel will then see first-hand the value of effective technical audits to facilitate corrective actions, drive improvements, and control risks.

To learn more about technical and other requirements of ISO 17025, download this free white paper: Clause-by-clause explanation of ISO 17025:2017.

Advisera Tracey Evans
Author
Tracey Evans
Tracey Evans is an ISO 17025 expert with an MSc degree in Biochemistry, and more than 15 years’ experience in Laboratory Management Systems. This experience includes a variety of testing and calibration laboratories in the pharmaceutical, biotechnology, medical pathology, veterinary, engineering, mining, water and agricultural sectors. Tracey has used her insight into ISO 17025 and ISO 9001 to assist clients in developing and implementing systems, performing method validation and internal audits, addressing risks and opportunities, and achieving ISO 17025 accreditation. Tracey also has a working knowledge of GLP and GCP, and has expertise as an internal auditor for a GCP laboratory.