So you’re facing a NATA audit and it’s being done to the new 17025. You’ve probably read various bits and pieces online that have given you an idea about the significant changes. A 9001-friendly structure, new emphasis on impartiality, confidentiality and customer complaints, decision rules, and a lot of stuff about risk management.
A few years ago, inspection bodies were going through their transition to a new standard. It involved a lot of the same changes. I was auditing these facilities during that time, and I want to share from my experience some of the questions that I was asking. I hope it will get you thinking about what to expect at your transition audit.
Does your 9001 certification cover the scope of your accredited work?
I’ve come across some departments in large companies that think they are working under a 9001 certified system, but what they do is actually not listed on the scope on the 9001 certificate. Or the location is not listed and therefore not covered by the certification. Or there was some other technicality that means NATA had to audit the quality system in its entirety. It might be something you can sort out easily with your 9001 certification provider before NATA comes in for your assessment… check!
Have you anticipated what threats to impartiality your staff may encounter in their work?
Part of the philosophy of the new 17025 standard is about getting labs to consider risks in a proactive way. Be prepared to talk about risks to impartiality at higher levels. These might be issues such as ownership and governance. The other activities your organisation undertakes could potentially impact impartiality. There’s also risks from conflicts of interest at a personal level such as relationships staff have with clients. Remember that nobody is accusing you of doing anything wrong! You are just being asked to demonstrate that you have thought about potential threats to impartiality. You’ll also need to explain what you have put in place to mitigate the risks. Also, by the way, how do you review these risks on an on-going basis?
How do you ensure outcomes of customer complaints are independently reviewed if you are a 1-2 person lab?
There’s a whole new requirement for complaint. The outcomes must be determined/reviewed by someone independent of the testing relating to the complaint. If you are a small lab, this might be tricky! Maybe there is someone suitable in another department, or even external to the organisation.
What if the complaint is of a technical nature? Do you need to have access to someone who can review the technical aspects of the investigation?
And the big one: What do you have in place to identify and manage risks?
You are not being asked to have formal risk management procedures nor do a complex risks assessment. You will have to demonstrate how you have thought about risks in the context of your lab’s result output. Then you will have to explain what you have done to eliminate or mitigate the identified risks.
If you are thinking its a few changes in wording in your quality manual and procedures… well you can get away with that I suppose. But you are going to struggle answering difficult questions at your next audit. More importantly, you are going to miss opportunities to make real improvements.
There are many more subtle and not so subtle changes in 17025 and it’s best to be prepared. Engage a professional if you need help.
- Perform a gap analysis of your systems to identify what changes you will have to make to comply to the new standard;
- Help you interpret changes within the context of your industry and lab;
- Help you implement changes;
- Train staff in the new standard and your new policies/procedures;
- Prepare for and even attend your NATA 17025 transition audit;
- Help address non-conformances identified by NATA at your transition audit.