ISO/IEC 17021 – EQRAS LLC

Jul 14 2020

Choosing and Using an ISO Consultant

Why use an ISO Consultant?

The strategic decision by any business to implement a quality management system, or any other kind of ISO management system and achieve ISO Certification is one that will have a profound effect on the organization. The decision to implement an ISO management system is often taken when the company is seeking to expand, or trying to enter new markets so is already under a point of stress.

Organizations and their leaders will rightly want to take ownership of the process and may allocate the task to an existing person who has shown the right level of interest, experience or sits logically in the structure. However, all too often, the implementation of a management system may get bogged down in the detail, or day-to-day pressures take over. The process stalls and the decision to achieve recognition and certification is put off.

The root causes of these situations are related to either a lack of resources or a lack of competency. If the organization does nothing, it’s failed at the first hurdle. The ISO standards stipulate within the clauses concerned with competency (Clause 7.2), that an organization should ‘take action to acquire competence’, or in relation to ‘resources (Clause 7.1) that the ‘organization determines and provides the resources needed..’ to implement the management system.

The benefits of using a reputable and experienced ISO Consultant who has good knowledge of the relevant ISO standards and industrial sector are that you will achieve Certification with an effectively implemented management system and operated by people that understand how to continue to achieve continual improvement.

5 good reasons to use an ISO Consultant

Here’s a top five of the benefits of using a good ISO Consultant:

Consultants bring you a ‘fresh eyes’ approach to your processes. They can bring insights to how ‘best-practice’ can be used, as well as highlighting if legal minimums are being missed
Consultants provide you with knowledge and expertise quickly and efficiently. In particular, they will help you understand the ISO standards.
Consultants apply their experience to ensure you develop bespoke solutions that reflect your circumstances and aspirations
Consultants help you deliver within the time-frame, as they won’t be distracted by other tasks.
Consultants bring you knowledge and insights to ‘best practice’ and effective solutions that have worked elsewhere in industry

What to look for in an ISO consultant?

When you find an ISO Consultant, it is important that you apply the same criteria as you would with any employee before you employ them. The majority of ISO Consultants will work with integrity, be trustworthy and have relevant industry experience, but like all employees, you should ask questions that satisfy you and your management team that you will have the right support.

You should be able to ask questions about the Consultant’s qualifications and experience, their team-working ability, their approach to the work and success rate, as well as any broader benefits you may receive if they are employed by a larger Consultancy business. Be clear in your own mind as well about what you want to do if things don’t go to plan – ask for experiences of where the Consultant has had problems with other Clients and what they did to resolve the situation.

What role will the ISO Consultant have?

Be clear about what you are trying to achieve with the Consultant. There is not one style of consultancy, and people will have different expertise. Ultimately, the Consultant is looking to help you improve your current situation, but there are several roles that they may adopt in achieving this, for example:

The Leader:
If you need someone to take a lead on a project, and focus on achieving your desired outcomes, the Consultant will take on this role. Being an external resource, they will not be clouded by internal politics but instead, be task-focused and bring people together to get the project on-track.

If you have a project that has many elements, a Consultant will provide the co-ordination to ensure that people work together and deliver the project, or work collaboratively to develop and deliver process outcomes.

The Subject Matter Expert (SME):
The SME will provide the intelligence and information to the project team, who can use it to make the decisions that are appropriate for the organization. All the ISO management systems are open to interpretation and there is no single method that is appropriate to every organization. A strong management system will take the requirements into account and apply them in an appropriate manner.

The Worker:
The Worker will be an ISO Consultant that gets involved in the detail. The Worker will be the person who is writing procedures late into the night. Be careful though, an ISO Consultancy may charge anywhere between £100 to £1000 a day, so make sure you are getting the right value for the money you spend. Don’t ask someone earning the same as a Lawyer to do what could easily be passed to an administrator to complete.

How do I manage an ISO Consultant?

At any point in any project, an ISO Consultant may fill one or many of the roles we’ve outlined above. It is important therefore, that you have a clear idea of the project, and what the milestones are that will be achieved. Be clear about those with your Consultant and agree a timed plan with them. This will help you balance the input they provide you and ensure that the assistance is appropriate.

What is the view of ISO 17021?

Certification Bodies have to comply to their own quality management systems; although they may use a system based on ISO 9001 to manage their operations, they are actually certified against ISO 17021, which is the ISO standard for bodies providing audit and certification of management systems.

In ISO 17021, the definition of consultancy is the ‘participation in designing, implementing or maintaining a management system’ and cites examples such as the preparation of manuals and procedures, or giving specific advice or instruction towards the development and implementation of a management system.

admin 0 Comments

Sep 12 2019

How to manage competence in a laboratory according to ISO 17025

The primary purpose of ISO 17025 is to guide laboratories to be competent – meaning they can generate valid test or calibration results and work consistently. The challenge is how to manage competence. This is because, in ISO 17025, the term refers to all aspects of laboratory competence, and a specific approach is not prescribed. There may also be differences in language interpretations and translations.
This article will help by providing an overview of what is needed to comply with ISO 17025 requirements for competence, focusing on personnel competence.

How to manage personnel competence according to ISO 17025:

Document each key laboratory activity.
Document the competence requirements.
Document the procedure.
Review personnel appointments.
Establish a training program.
Establish a training record.
Evaluate and assign a competence level.
Monitor personnel competence.

What does it mean to manage competence in a laboratory?

Let us start by understanding what competence is. As one of the core definitions of ISO Quality Management System standards, competence is “the ability to apply knowledge and skills to achieve intended results” ISO 9000:2015 Quality management systems – Fundamentals and vocabulary).
Ensuring competence is crucial for implementing and maintaining compliance with ISO 17025 regulatory and safety requirements.

General requirements for the competence of testing and calibration laboratories

A laboratory must manage both internal and external competence. Internal competence involves the laboratory’s skills and knowledge. On the other hand, external competence is ensuring the skills of the laboratory’s service providers.
The table below represents the internal and external competence requirements of a laboratory.

Internal competence (ISO 17025 clause 6.2)	External competence (ISO 17025 clause 6.6)
Knowledge and skills of laboratory personnel to: Perform customer-requested laboratory tests or calibrations Operate equipment Develop, change, verify, and validate methods Use suitable reference standards Analyze test or calibration results, including statements of conformity and interpretations Record, review, and authorize the release of results Perform internal audits	Knowledge and skills of external providers of products and services: Calibration laboratories performing calibrations for testing laboratories Reference material producers (RMPs) Proficiency and interlaboratory testing schemes providers General service providers (g., training providers’ qualifications)

Internal competence (ISO 17025 clause 6.2)

External competence (ISO 17025 clause 6.6)

Knowledge and skills of laboratory personnel to:

Perform customer-requested laboratory tests or calibrations
Operate equipment
Develop, change, verify, and validate methods
Use suitable reference standards
Analyze test or calibration results, including statements of conformity and interpretations
Record, review, and authorize the release of results
Perform internal audits

Knowledge and skills of external providers of products and services:

Calibration laboratories performing calibrations for testing laboratories
Reference material producers (RMPs)
Proficiency and interlaboratory testing schemes providers
General service providers (g., training providers’ qualifications)

Use personnel competence levels as a methodology to manage competence

The mandatory ISO 17025 requirements for managing personnel are some of the most prescriptive in the standard. This is because people are a key contributor to the overall competence of a laboratory. In a laboratory, you typically need a range of competences. It helps to assign competence levels from basic to expert level to each job function.

8 steps to manage personnel competence

A suitable approach for managing personnel competence is defined in the following eight steps.
Step 1: Document each key laboratory activity that contributes to:

- Technically valid results (e.g., method development, validation, metrological traceability, quality control, proficiency testing),
- Consistent operation (e.g., proactive and monitoring activities – equipment maintenance, risk assessments, internal audits), and
- Achieving other laboratory policies and goals (e.g., safety, marketing).

Step 2: Document the competence requirements for each function listed in step one. Include the required competence level, education, qualification, skills, technical knowledge, training, and experience requirements. Review and revise the laboratory’s job descriptions. While the focus is often on specific qualifications or technical abilities, it is also important to consider general and soft skills. For example, an internal auditor needs to be an effective communicator, a good listener, and an observer.

Step 3: Document the procedure for selection of personnel, training, supervision, authorization, and monitoring competence.

Step 4: Review personnel appointments. Refer to job descriptions and personnel records (detailed curriculum vitae, training, and competence) and assess the suitability of existing personnel. Meet with each person and discuss specific responsibilities, duties, and authorities. Discuss any gaps, opportunities for development, and training needs.
Consider recruiting additional personnel or assigning existing personnel to different roles if there are risks that cannot be corrected through training.

Step 5: Establish a training program for the laboratory. Because training requires resources and funding, plan in time to budget for the following financial year. A training program record should include suitable information such as the activity, proposed dates, objectives, name of trainer, trainee names, and a list of the resources needed (for example, financial, venue).

Step 6: Establish a training record for each activity. Include the criteria to deem training successful (e.g., passed test with >85%). For each person, indicate if the training was successful. If not, specify the action to be taken.

Step 7: Evaluate and assign a competence level. Establish a competence and authorization record for each person. Include the information from the training record, plus the competence details such as monitoring period and record of evaluation. Competence criteria should be linked to expected behaviors or abilities and expected outcomes for the laboratory.
An example of a behavioral (non-technical) personnel competence is client focus. Here, one of the competence criteria would be the person’s ability to understand clients’ needs and provide advice. The demonstrated competence will come from observation and feedback from clients.
An example of technical competence is accurate testing and reporting. Competence can be demonstrated by the technician’s participation in a proficiency testing scheme, where the technician achieves an acceptable performance as defined by the provider and/or laboratory.

Step 8: Monitor personnel competence to ensure consistent operation and improvement in the laboratory. Set goals for maintaining or increasing the level of competence for all personnel.
Competence can easily be assessed during two existing laboratory activities:

Internal audits, during witnessing of audits and observation of personnel
Management review – review the risks and plan training or other actions to reduce risk; for example, by automating a system, you could reduce the skill required to perform the task

The reward for your effort is a robust management system

By setting aside time to manage your laboratory competence requirements systematically, you can rest assured: your entire management system will benefit from fewer nonconforming events. By following these eight steps, the management system will be more robust, and personnel more confident that they can contribute to the laboratory’s goals.