ISO 17025 2017 - Internal auditor training work book

Name of participant: AKSHAY PRATAP SINGH

Phone: 900 200 1238

Email: akshaysingh@spectrolab.in

MODULE 1 - IMPLEMENTING THE MANAGEMENT SYSTEM

Activity 1 - Impartiality
List 4 threats that can affect the impartiality of laboratory activities
Threat Controls to be implemented
1- Results shared to client/third party Customer communication details have not
customers through unethical mode access to analyst/technicians in laboratory
like via telephonic way. management system ONLY HODs of the
departments have access of this information.
2- Department Head take bribe from/to Proper HR Policy signed by employees
clients/analyst to manipulates it’s
results
3-

Activity 2 - Competency
List the competency requirements for the following positions
Position Qualification Experience Skills/Competency

Activity 3 – Environmental conditions

How will you identify the environmental factors that will have effect on testing activities? List
the environmental factors affecting the tests conducted at your lab.
Test Environmental factor Value Monitoring frequency

Activity 4 – Equipment documents & records

List the key equipment related documents/information to be maintained as part of
ISO 17025 2017 - Internal auditor training work book

management system documentation

Activity 5 – Selecting external providers
List the key criteria that you will use for the selection of the following types of external
providers/suppliers. List the controls that will be used to ensure that the services or products
supplied meet the requirements of the lab.
Type of product/service Selection criteria Controls
Equipment
Calibration service
Proficiency testing

Activity 6 – Review of test requests

A customer has approached your lab for conducting tests. List the key points that you will
verify before accepting the request.

Check point Points to be verified

Test request
Sample
Resources
Method

Activity 7 – Calculating uncertainty of measurement

Calculate the uncertainty of measurement using the data provided below. Express it as an
expanded uncertainty with 95% confidence level.
Test results – 10.05mm, 9.95mm, 9.98mm, 10.02mm, 10.02mm
Uncertainly from calibration certificate – ±0.12, coverage factor=2, with 95% confidence level.
Activity 8 – Identifying the documents and records
List the mandatory documents & records to be maintained in the laboratory related to the
following to ensure compliance to ISO 17025 2017 standards
Area/activity Document name and clause number
Personnel (human resources)
Externally provided services
Equipment
Customer complaints
Validity of test results
Activity 9 – Identifying risks
Identify minimum 3 risks and control measures related to the following laboratory activities
Area/Activity Risk Probabilit Severity Risk Control measures
y (1-3) (1-3) rating
Equipment
ISO 17025 2017 - Internal auditor training work book

Testing
Externally provided
products and
services
Human resources
Reporting
Activity 10- Identifying the clauses
Identify the corresponding clauses in ISO 17025 2017 laboratory quality management system
standard for the requirements stated below
a. Resolution of customer complaints –
b. Control of records –
c. Quality objectives –
d. Selection, verification and validation of test methods –
e. Evaluation of measurement uncertainty
f. Reporting of results –
g. Corrective action –
h. External services and supplies –
i. Non conforming work -
Activity 11- Match the definitions
A. Document 1. Provision of objective evidence that a given item Answer
fulfils specified requirements
B. Inter laboratory comparison 2. Presence of objectivity
C. Verification 3. Specified way to carry out an activity or a process
D. Complaint 4. Information and its supporting medium
E. Validation 5. Evaluation of participant performance against pre-
established criteria by means of inter laboratory
comparisons
F. Correction 6. Document stating results achieved or providing
evidence or activities performed
G. Record 7. Action to eliminate a detected nonconformity
H. Corrective action 8. Action to eliminate the cause of a detected
nonconformity
9. Or other undesirable situation
I. Impartiality 10. System to establish policy and objectives and to
achieve
11. Those objectives
J. Procedure 12. Organization, performance and evaluation of
measurements or tests on the same or similar items
by two or more laboratories in accordance with
predetermined conditions
K. Proficiency testing 13. Where the specified requirements are adequate for
ISO 17025 2017 - Internal auditor training work book

an intended use
L. Management system 14. Expression of dissatisfaction by any person or
organization
Activity 12 – Preparing test report

You have issued a test report and later made an amendment to it. Prepare a test
report format which includes the details of sampling, testing, statements of conformity
and amendment.

Activity 13 – Writing standard operating procedure

Refer clause 6.4 Equipment in the IS0 17025 standards.
Write a standard operating procedure for handling, transport, storage, use and
planned maintenance of equipment in order to ensure proper functioning and to
prevent contamination or deterioration.
MODULE 2 – AUDITING THE MANAGEMENT SYSTEM

Activity 1 – Audit process

Try and arrange headers in Section A in a logical sequence of an audit. Then write
activities in Section B under these headers in a logical process to explain the sequence
of activities that are involved in a generic management system audit.

Section A –Audit processes Section B – Activities under audit

processes
1. Conducting audit activities 1. Performing review of documented
2. Conducting audit follow-up information
3. Completing audit 2. Audit planning
4. Initiating audit 3. Assigning work to audit team
5. Preparing and distributing audit report 4. Preparing audit report
6. Preparing audit activities 5. Distributing audit report
6. Preparing documented information for
audit
7. Establishing contact with auditee
8. Determining feasibility of audit
9. Assigning roles and responsibilities of
guides & observers
10.Generating audit findings
ISO 17025 2017 - Internal auditor training work book

11.Conducting opening meeting

12.Reviewing documented information
while conducting audit

Answer

Section A- Correct sequence Section B – Activities under each audit

processes
1.
2.
3.
4.
5.
6.
Activity 2 - Audit roles & responsibilities

Section A – Roles
1. Top management
2. Auditee
3. Auditor
Section B – Responsibilities
Group A
• Plan the audit and make effective use of resources
• Prepare checklist
• Keep to the timetable
• Document all findings
• Providing clarification or assisting in collecting information
• Prevent and resolve conflicts
Group B
• To ensure reasonable facilities are made available
• To ensure auditee are made available
• To resolve problems as the audit progresses
• To action the audit report findings
Group C
• To be co-operative and answer questions
• To provide samples as requested
• Try not to have distractions/calls/interruptions etc.
ISO 17025 2017 - Internal auditor training work book

• To assist in reaching audit findings

• To assist in identifying areas of improvement
• To answer truthfully and respectfully
Answer

Section A Section B
1. Top management
2. Auditee
3. Auditor
Activity 3 - Audit plan

You are planning to conduct and internal audit as per ISO 17025 2017 standards.
Create an audit plan that can be communicated to all auditees.

Internal audit number: 1 Audit Criteria: Audit method:

Audit objective: Audit scope:

Departmen Applicable Audit date & Auditee Auditor

t clauses
Time

From To date -
date -

Activity 4 - Audit findings

Review the scenario & answer below questions

1. Is there any potential nonconformity implied in the incident? If so against
which clause of the standard?
2. What is the potential impact of the incident for the auditee organization?
3. Do you have sufficient evidence to raise a non conformity at this stage?
4. Complete the non conformity report if it is a non conformity
Audit scenario
ISO 17025 2017 - Internal auditor training work book

A laboratory publishes all the test reports that it issues to its clients on its website so
that anyone can verify the details. When asked if the clients have been informed about
the same, quality manager replied that it is not required since this is only to help the
clients and they will be happy.

What is the What is the potential impact Do you have sufficient evidence to
potential of the incident for the raise nonconformity at this stage?
nonconformity auditee organization?
implied in the
incident?

Non conformity report

To be filled by the auditor

Auditee : Department : NC No:

NC Type: ,Major/Minor/OFI

Auditor (s): Standards: Audit No:

Date:

Details of Discrepancy: Clause :

Document Reference :

To be filled by the auditee

Root Cause:

Details of corrective actions: Proposed completion date:

To be filled by the auditor during the follow-up audit

Follow-up audit observations, if any NCR Cleared/Pending

Auditor (Signature)

Name:
ISO 17025 2017 - Internal auditor training work book

Date:

Activity 5 – Auditor competency

Top management is planning to prepare a list of internal auditors and requested you
to verify whether your have the necessary competency. Now review yourself using the
auditor competency review checklist.

Please use the ratings from 1- Poor to 10 – Excellent against the following requirements
1. Ethical
2. Open minded
3. Diplomatic
4. Observant
5. Perceptive
6. Versatile
7. Tenacious
8. Decisive
9. Self reliant
10. Able to act with fortitude
11. Open to improvement
12. Culturally sensitive
13. Collaborative
14. Audit principles, processes & methods
15. Management system standards
16. The organization and its context
17. Applicable statutory & regulatory requirements & other requirements
18. Discipline & process specific competence
19. Plan the audit & assign audit tasks
20. Discuss strategic issues with top management
21. Manage the audit process
22. Effective communications
23. Reach the audit conclusions
24. Prepare & complete the audit report
Total
Write 3 functions you would like to audit and the relevant clauses of the management system
standards
Functions/Department Clauses

Activity 6 – Document review

You are provided with the list of documents available in a laboratory. Identify if any
more documents are required to ensure compliance to ISO 17025 standards.
ISO 17025 2017 - Internal auditor training work book

Following documents are maintained in the lab you are auditing

List of documents and records

Approved Supplier list

Employee list

Job description

Organisation chart

Communication plan

Master list of documents

List of services

Equipment List

Preventive maintenance plan

Equipment checklist

Proficiency test plan

IQC record

Intermediate check record

Corrective action record

List of documents and records

Test register

Non compliance report

Test report form

Risk register

Change record
ISO 17025 2017 - Internal auditor training work book

Lab software verification record

Environmental conditions monitoring record

List of procedures

Procedure for managing personnel

Facilities and environmental conditions

Externally provided products and services

Review of requests, tenders and contracts

Selection, verification and validation of methods

Answer

Document not provided Requirements as per ISO 17025 2017 and clause
number
ISO 17025 2017 - Internal auditor training work book

Activity 7 – Audit checklist

You are required to audit your laboratory's management system to check compliance
to ISO 17025 2017 standards.

Prepare an audit checklist which will contain the documents to be reviewed, auditees
to be interviewed, interview questions and the observations to be made as part of
collecting evidence.

Clause Interview questions Documents to be Observations to be made

number verified
4 General 1.Company Impartiality 1.Company All the documents related
requirements Documents, Detail of impartiality policy impartiality and
risks identified related signed document confidentiality have to
impartiality 2.Company circulated in all the
2. Confidentiality related confidentiality departments.
documents policy

5 Structural 1. Personal who is

requirements legally
responsible for
overall
laboratory
activities?
2. Company
registration
details like
GST/CIN no.
3.

6 Resource
requirements
7 Process
requirements
ISO 17025 2017 - Internal auditor training work book

8 Management
system
requirements
Activity 8 – Audit findings

Review the scenarios & answer below questions

1. Is there any potential nonconformity implied in the incident? If so against which

clause of the standard?

2. What is the potential impact of the incident for the auditee organization?

3. Do you have sufficient evidence to raise a nonconformity at this stage?

Scenario1

Auditor observes that the specific environmental conditions required for the test was
not maintained properly in the lab room. When asked about this testing personnel
replied that such variations may not always affect the test results.

Scenario 2

It is observed that 3 quality managers have changed within the span of 3 months just
before the audit. When the auditor asked what action management takes to ensure
integrity of management system in such frequent changes, the Technical Manager who
is the owner of the laboratory said no specific action is required for that as the lab has
a good reputation.

Scenario 3

While auditing an electronic product testing lab, before entering the testing area,
quality manager informed the auditor to wear anti-static aprons. When the auditor
asked for the documented information for such a practice, he informed that no such
documents are prepared as all staff are aware of the dress codes.

Scenario 4
ISO 17025 2017 - Internal auditor training work book

Auditor finds that the only authorised signatory of the lab is on maternity leave, and
the director said she will resume after one month, and management has no plans for
inducting a new person.

Scenario 5

You are reviewing corrective actions. The particular record reviewed identifies
nonconformity where an experienced and competent testing personnel had made a
mistake calculating a result for one of your most prestigious clients. Unfortunately it
was the client who identified the mistake to your company and complained directly to
the Managing Director. It appears from the corrective action that the technician was
unfortunately relieved of her duties and forced to depart the company. The evaluation
of effectiveness was signed off by the Managing Director stating: ‘Our most prestigious
client is now happy we have taken the most appropriate effective action in dealing with
this very costly mistake’.

On enquiring with the auditee, no other comments/entries/actions are made in the

record or carried out. On enquiring who is now dealing with this particular client’s
testing now, the response was: ‘that another experienced technician has been
allocated – who the client knows and respects’.

Scenario 6

When the auditor asked about the technical competency of the testing person, the
quality manager replied that the person is working in the lab for many years and every
one knows that he has very good knowledge and technical skills and no other details
are available.

Scenario 7

Minutes from the management review meeting, which is held every six months,
reported that six corrective actions from the internal audit were not yet closed from an
internal audit held five months earlier.

Scenario 8
ISO 17025 2017 - Internal auditor training work book

The laboratory is part of a big organisation which manufacturers various products. On

verifying the organisation chart it is found that the production manager and the
laboratory manager roles are handled by same person.

Scenario 9

The Auditor could find no evidence of planning for continual improvement

Scenario 10

The Auditor found that the testing equipment is under maintenance due to errors
found in test results. When asked about the impact of the defect, quality manager said
that the issue was noticed when a customer complained about it and they immediately
called the service engineer for repair. No other details are available.

Scenario 11

During the audit it is found that the laboratory has 2 customer complaints for which
appropriate corrective actions are taken. Auditor found that after resolving the
complaints, the laboratory personnel informed the customer about the outcome
through phone and email.

Scenario 12

A laboratory which is part of a parent organisation is managed by its operations

manager. The organisation chart of the laboratory is provided here. The operations
manager also handles the human resources, procurements and sales activities. There
is one laboratory personnel who is conducting the tests. The lab personnel and
production manager is reporting to the operations manager.
ISO 17025 2017 - Internal auditor training work book

Managing
Director

Operations
Manager

Production
Lab personnel
Manager

Scenarios Is there any potential What is the Do you have sufficient

nonconformity implied in potential impact of evidence to raise
the incident? If so against the incident for the nonconformity at this
which clause of the auditee stage?
standard? organization?
1
2
3
4
5
6
7
8
9
10
11
12