What is the Risk Management Requirement in the New Laboratory Standard ISO 17025:2017?

Assessment and management of risks in the laboratory are critical components of any high quality testing program. The new ISO 17025:2017 requires the laboratory to carry out actions that address risks and opportunities within the laboratory management program so that the operation can properly serve its purpose. These actions should be planned to improve the program so that testing can be performed properly, and most importantly to prevent failures in the laboratory.

Impact on Validity of Lab Results

No formal methods or documented processes are required for ISO 17025:2017 compliance, yet it prescribes that actions be taken to address risks and opportunities that are proportional to the potential impact on the laboratory results produced by the program. That is, the higher the risk and seriousness of the potentially negative impact on analytical data, the more aggressive the actions to prevent or reduce those risks should be.

Addressing Risks

A laboratory should identify potential risks encountered in a program, both as internal protocols are developed and carried, and as information regarding these risks are gathered from case studies of similar operations. A threat can be identified that potentially introduces the risk of contamination of samples by cross contamination of high concentration standards, or DNA contamination of polymerase chain reaction (PCR) reagents, for example. These risks can be reduced by providing dedicated spaces and separate preparation for the “clean” and “dirty” steps of the analysis.

In some cases, eliminating the source of contamination or limiting exposure of clean reagents to highly concentrated solutions and corresponding glassware can reduce the risk. Risk management involves decision-making based on the likelihood and severity of potential consequences from failure or error. Sometimes an informed decision can lead to certain risks becoming acceptable, and these risks should be monitored regularly.

Addressing Opportunities

Seizing opportunities for improvement in the laboratory goes beyond the limits of risk management. These opportunities should lead to better testing quality overall, and encompass a broad range of actions to optimize testing through superior technologies, newly published methods and quality assurance that reduces error in the entire process. In addition, actions to address opportunities can include improved customer management and satisfaction, as well as providing additional value to clients. Preventive action is part of addressing opportunities and often involves creating conditions that make it difficult for errors to occur. In some cases, redundancy of preventative measures may be necessary, including those that are safety related.

Integrating and Implementing Actions

The integration of risk management plans should be realistic, sustainable and efficient, without causing significant delay or increases in operational costs. As areas for improvement, potential risks, and error prone steps are identified, the laboratory must implement the solutions that are more likely to prevent or reduce these risks. Prioritizing the risk management areas according to the severity of risk posed and potential impact to results is important so that actions can be implemented where they are needed most, in a timely manner. At the same time, evaluating the likelihood of these risks to materialize can be useful in determining the frequency and timing of these actions.

Although these processes do not require extensive documentation, the laboratory must show that actions are not only planned but taken. Implementation of the actions should be based on concrete information, such as audit results, corrective action plans, and review of procedures to find weaknesses that may introduce risk. Gathering customer feedback and reviewing reports is helpful in finding ways to provide higher quality service.

Evaluating Effectiveness of Actions

Internal audits can reveal failure or success of actions that address risks and opportunities. The results of reviews should reveal ineffective actions when monitored over time, and therefore a risk management program is expected to continually improve. Corrective action investigations and root cause analysis can also serve to pinpoint areas that are weak and error prone. In any case, actions to address risks should theoretically and in practice prevent significant impact on laboratory results when successfully implemented. The results of these periodical evaluations should be used in adapting, eliminating, or introducing actions that address risks and opportunities.

The Bottom Line

Regardless of the compliance requirements for this standard item, taking a methodical and systematic approach to assessing and managing risks in the laboratory is wise. A well-documented process is in the best interest of the laboratory for consistency, is easier to evaluate by regulatory and accrediting agencies, and benefits the clients served by the establishment.