About A2LA
Yes. For a comprehensive list of our domestic and international recognitions, visit our recognitions page.
A2LA is governed by a Board of Directors. Day-to-day operation of the organization is handled by the staff members at A2LA Headquarters in Frederick, MD.
Accreditation decisions are made by the accreditation council, which is made up of impartial parties qualified to review assessor findings.
A2LA is a signatory to the ILAC Mutual Recognition Arrangement (MRA). This means that A2LA has been found to be compliant with ISO/IEC 17011, the standard by which accrediting bodies are to operate, and has been found to accredit other organizations in a manner consistent with other MRA signatory accreditation bodies around the world.
Yes, A2LA was one of the original 28 signatories to the ILAC MRA in November 2000 in Washington D.C. This means that your A2LA accreditation is accepted by our partners in over 70 countries around the world as being equivalent to the accreditations issued within their own countries. Accreditation by an organization that is not an ILAC MRA signatory can make no such statements and there is no basis for its recognition or acceptance in other countries, or even within the United States, by other accreditors.
Participation within ILAC is not mandatory for all accreditors. Indeed, not every accreditor would be found to meet the stringent requirements for signatory status within the ILAC MRA and so they make the “business decision” not to seek this important recognition.
There are three membership categories for national standards bodies (see description below).
- Full members (or member bodies) influence ISO standards development and strategy by participating and voting in ISO technical and policy meetings. Full members sell and adopt ISO International Standards nationally.
- Correspondent members observe the development of ISO standards and strategy by attending ISO technical and policy meetings as observers. Correspondent members can sell and adopt ISO International Standards nationally.
- Subscriber members keep up to date on ISO’s work but cannot participate in it. They do not sell or adopt ISO International Standards nationally.
The American National Standards Institute (ANSI) is the U.S. member body to ISO. ANSI coordinates the development of voluntary consensus standards in the United States and represents the needs and views of U.S. stakeholders in standardization forums around the globe. ANSI’s membership is comprised of a broad range of businesses and industrial organizations, standards setting and conformity assessment bodies, trade associations, labor unions, professional societies, consumer groups, academia and government organizations for the purpose of enhancing global business competitiveness and improving the quality of life for the world’s citizens. A2LA has been an active member on several ANSI committees for decades and, through this involvement, has been instrumental in the development of ISO standards.
Peer evaluation is the means by which an accreditation body (or accreditor) is found competent and acceptable for consideration as an ILAC MRA signatory. All ILAC MRA signatories have been rigorously evaluated by their fellow signatories to ensure their compliance with ISO/IEC 17011 (“General Requirements for Accreditation Bodies Accrediting Conformity Assessment Bodies”) and to ensure that they are implementing ISO standards within the accreditation programs they offer in a manner that is consistent world-wide.
Ask yourself: “Who has accredited my accreditor?” Signatory status within an international MRA, such as ILAC, is the only answer you should accept. Otherwise, what assurance do you have that your accreditor is competently operating a program for assessment of and accreditation to ISO standards?
ILAC (the International Laboratory Accreditation Cooperation) is an international cooperation of accreditation bodies (or accreditors) formed more than 30 years ago to help remove technical barriers to trade. When first started in 1977, the aim was to develop international cooperation for facilitating trade by promoting the acceptance of accredited test and calibration results. In 1996, ILAC became a formal cooperation with a charter to establish a network of mutual recognition agreements (MRAs) among accreditors that would fulfil this aim. The ILAC Arrangement (first signed in November 2000) provides significant technical underpinning to international trade. The key to the Arrangement is the global network of accredited laboratories and inspection bodies that are assessed and recognized as being competent by ILAC Arrangement signatory accreditation bodies. The Arrangement’s accreditation body signatories have, in turn, been rigorously peer-reviewed and shown to meet ILAC’s criteria for competence.
A2LA is peer-evaluated by other accreditation bodies. A peer evaluation is the internationally accepted mechanism used to formally evaluate and recognize the competency and credibility of accreditation bodies.
During our peer evaluations, representatives from peer accreditation bodies (fellow signatories to an international MLA or MRA) visit A2LA for a week or more at a time, and review the following aspects of A2LA:
- Competence of staff
- Management system and administration of our accreditation system
- Compliance to ISO/IEC 17011
- Recruitment, training, and monitoring of our assessors
- Performance of assessors via scheduled witness visits to organizations being assessed
- Establishment of technical committees
- Decision making process for accreditation
- Proficiency testing and inter-laboratory comparisons
- Traceability and measurement uncertainty
A comprehensive report, including non-conformities and concerns, is always prepared.
The accreditation body under evaluation must then resolve the non-conformities, and in some cases, must be re-evaluated. Once a resolution is complete, the report is submitted to an approval panel made up of other peer accreditation body representatives for voting to determine if the accreditation body will be invited to sign a mutual recognition arrangement. All signatories must be re-evaluated on a periodic basis.
The process is rigorous, and rightfully so. It is imperative that the signatories to an MRA or MLA have mutual confidence in the accreditation being granted by other signatories since signatories are obligated to promote the accreditation of the other accreditation bodies as equivalent to their own.
The goal of accreditation is to facilitate the acceptance of data in both domestic and international markets. In order to ensure that A2LA accreditation offers the greatest value possible, A2LA has endeavored to establish the widest recognition, both domestically in its own economy, and with cooperating accreditation bodies throughout the world.
Accreditation Process
Yes, however, under A2LA’s multilateral recognition arrangement (MRA) obligations in the International Laboratory Accreditation Cooperation (ILAC) community and the rules governing international commerce, A2LA must encourage international organizations to pursue accreditation with accreditation bodies in their local economies wherever possible. If you can demonstrate that local accreditation bodies cannot meet your needs for whatever reason, A2LA can accredit your organization. ILAC full-member (MRA Signatory) organizations may be found at the ILAC website (www.ILAC.org).
Please note that all document submissions to A2LA must be in English. For international customers, we will work to the best of our ability to find an assessor local to you who is fluent in your language.
International travel by A2LA assessors may be limited at certain times or to certain locations due to travel advisories, safety concerns, or other factors beyond our control.
Exceptions to the A2LA Traceability Policy can be made for Measuring and Test Equipment (M&TE) for which an acceptable accredited source of calibration is not currently available or when an acceptable accredited source of calibration is currently available but special circumstances regarding the nature of the calibration precludes the laboratory from obtaining an accredited calibration. These exceptions are evaluated on a case-by-case basis and require that the organization seeking an exception maintain documentation to support traceability of the calibration results received from the unaccredited provider.
An acceptable accredited source includes recognized National Metrology Institutes, such as NIST, and calibration laboratories accredited by A2LA or one of our mutual recognition partners.
The most important factor in determining the number of assessors that will be assigned is the size and breadth of the proposed Scope of Accreditation.
For example, if a conformity assessment body (CAB) is seeking accreditation for only one field of testing, one calibration discipline, or a single area of inspection, usually one assessor will suffice.
If the CAB is seeking accreditation in multiple fields of testing, multiple calibration disciplines, or multiple conformity assessment standards, multiple technical experts may be needed to cover all the tests, types of tests, calibrations, inspections, etc. that are being proposed for the Scope(s).
Other factors include the size of the facility and the level of measurements being made (especially in calibration).
Each decision is handled on a case-by-case basis after careful review of the application and the desired Scope(s) of Accreditation.
You can discuss the number of assessors being assigned in more detail with your assigned Accreditation Officer (AcO).
All A2LA staff, assessors, and technical experts involved in the assessment and accreditation process must sign a conflict of interest and confidentiality policy to ensure that the confidentiality of our customers is maintained.
All information in relation to a customer’s application is kept in strictest confidence and may only be released under written approval by the customer. In cases where review by a broader audience is required, documents are stripped of any identification of the organization or excerpts are taken to ensure confidentiality.
Terms such as “quality system registration” or “audit to the intent of” convey a process of verifying that the organization in question is following a documented quality management system in accordance with the quality system elements of standards (e.g. ISO 9000). These processes do not normally assess technical competence. Auditors used for such processes may have general experience in the type of business being audited, but are normally not technical experts. Technical competence is not evaluated during these processes.
In general, a well-prepared applicant can complete the accreditation process in three to six months. If you have a specific timeline or a crucial deadline to meet, please let your accreditation officer and assessor know. Every effort will be made to accomodate your needs. Applicant readiness is the most important factor in determining the time it will take to obtain A2LA accreditation. Applicants who have taken the time to prepare for assessments and who respond quickly to assessment deficiencies can complete the process in a timely manner.
Delays in the accreditation process are most frequently related to:
- Incomplete application packages
- Measurement uncertainty budget issues
- Delays in responding to deficiencies
A2LA is one of the most transparent organizations in the business when it comes to our fee structure. There are no hidden fees; no “document fees” or other extraneous costs. When you contact A2LA for an estimate on the cost of our accreditation, you can be confident that you are receiving a complete picture and that you will not be hit with additional fees as you progress through the program.
The cost to obtain accreditation will vary significantly depending on the size of the organization seeking accreditation, the size of the scope(s) of accreditation, and the organization’s readiness for assessment. Upon request, A2LA will provide a free, no-obligation estimate of costs associated with accrediting your organization. Get An Estimate.
Following your on-site assessment, the process can move quite quickly, but this is very dependent on how quickly you can address any non-conformities that were identified during the assessment. If non-conformities were not identified, accreditation can be completed in a matter of days.
If non-conformities are identified, the time needed will depend on how quickly your organization moves through the corrective action process and how quickly you are able to provide evidence to A2LA of the resolution of any non-conformities cited. However, A2LA will ensure that you receive prompt responses to questions and that your corrective actions receive thorough and expeditious review, typically within one week. Once all non-conformances have been addressed and reviewed by an official review board, A2LA can complete your accreditation paperwork in a matter of days.
A2LA’s general Metrological Traceability Policy requires that all measuring and test equipment that must be calibrated
be conducted by all of the following:
- Recognized accredited calibration laboratories
- Recognized National Metrology Institute (NMI)
- A State Weights and Measures facility with a current certificate of measurement traceability
Recognized accredited calibration laboratories are those whose accreditation bodies are part of the international mutual
recognition arrangements (MRAs) for IAAC, ILAC, and APLAC; and from NMI’s recognized through the CIPM MRA. The purpose
of an international MRA is to ensure a comprehensive on-site peer evaluation of an accreditation body against the
requirements ISO/IEC 17011.
The main goal of these MRAs is the acceptance of test data across national and international trade barriers. All
signatories must have established their credibility in their countries and have confidence in the competency and
credibility of the other signatory accreditation bodies. In order to do this, all signatories must participate—hence the
peer evaluation and approval process.
Recognition signifies mutual confidence that the laboratories accredited by the signatories have been equivalently
assessed and are competent in the fields for which accreditation has been granted. Signatories to the MRAs continuously
harmonize the assessment and accreditation processes used by the accreditation bodies to ensure acceptance
internationally.
Non-accredited calibrations performed by accredited or non-accredited laboratories do not meet the A2LA Traceability
Policy. To qualify as an accredited calibration , the capability must be included on the accredited laboratory’s scope
of accreditation issued by the accreditation body and an endorsed report is received.
Specific Traceability Policies include:
P102a – Policy on Reference Material Traceability for Life Sciences Testing Laboratories
P113 – A2LA Policy on Measurement Traceability for Life Sciences Testing and Forensic Conformity Assessment Bodies
(CABs)
A2LA now publishes all proficiency testing (PT) requirements applicable to all fields of testing/calibration in one document, the A2LA General Requirements for Proficiency Testing for Accredited Testing and Calibration Laboratories.
The requirements for which a CAB is normally assessed includes:
- Internationally-recognized conformity standard (e.g. ISO/IEC 17025);
- A2LA policies including:
- Making reference to A2LA accredited status;
- Measurement traceability;
- Proficiency testing;
- General requirements;
- Specific requirements in certain fields (where applicable).
seeking accreditation;
CABs that achieve A2LA accreditation meet a higher standard than the conformity assessment standard (e.g., ISO/IEC
17025, ISO/IEC 17020, ISO 17034, etc.) alone.
A2LA has developed a short document entitled I105 – Typical Steps in Preparing for the Accreditation Process, which provides an overview of accreditation with A2LA. The process will vary slightly depending on what accreditation program you are pursuing.
To begin, the laboratory completes and returns the application for accreditation, including all supporting documentation specified within the application form. A2LA staff reviews the submitted application to ensure that it is complete and then proposes an assessor (team) based upon the laboratory’s desired scope of accreditation. The laboratory is informed of the proposed assessor (team) and is provided with bios to ensure that there is no actual or potential conflict of interest in having the assessor (team) visit the laboratory. Once the assessor (team) has been agreed to, the application package is provided to the assessor (team).
The (lead) assessor contacts the applicant to discuss the scheduling of the assessment and, at that time, requests additional management system documentation to aid in the assessor’s document review, which is done in advance of the assessment. (Laboratories do have the option of undergoing a pre-assessment, during which the assessor will point out any areas that are not currently in compliance with the requirements prior to the full assessment.) A full assessment is performed which includes, among other things, an entry briefing, review of management system documentation and records, examination of sample handling processes, interviews of technicians, observation of tests being performed, review of technical records and reporting processes. A written assessment report, including a report of any areas of non-conformance, is provided to the laboratory at the closing meeting of the assessment.
The laboratory then responds to any non-conformities cited by providing A2LA with a detailed corrective action response. A2LA staff reviews the corrective action response to ensure completeness and corresponds with the laboratory directly if any additional information is required. Once the laboratory’s response is complete, all information related to the assessment is forwarded to a panel of the A2LA Accreditation Council for a vote. Accreditation is granted upon receipt of affirmative votes from the Accreditation Council and once any concerns raised by the Council have been addressed.
On average, new applicants complete the accreditation process within 5 months, from start to finish. Keep in mind that this is greatly dependent upon the laboratory’s readiness, preparation and responsiveness.
An A2LA assessment includes a thorough examination of an organization’s compliance with:
- the requirements of the relevant standard
- the organization’s own internal policies and procedures
- any applicable state or local requirements
How your assessment is conducted will depend upon the standard you are seeking accreditation to and your scope of accreditation, which is a list of all the tests or inspections for which your organization is seeking to become accredited. A2LA assessors perform an assessment of the methods or inspections listed on the scope to ensure that the organization is technically competent to perform them. It is important to note that this technical assessment is limited to activities directly related to the tests and/or inspections on the proposed scope of accreditation, allowing applicants to manage the areas they wish to have assessed. Organizations may apply for as many or as few tests and/or inspections as they wish.
In general, A2LA’s assessors will cite laboratories with a deficiency in cases when calibration services fail to use an accredited lab or a national metrology institute (such as NIST). However, exceptions can be granted if there is no accredited calibration provider available or if there is some other extraordinary circumstance. In order to receive an exception, the laboratory must have the appropriate documentation to support traceability of the calibration results provided by the unaccredited calibration provider. This documentation will be reviewed by the assessor during the onsite assessment and may also require review by A2LA staff.
Before assigning any assessor, A2LA will submit an assessor proposal to the applicant with short bio-sketches of each assessor outlining their background and experience. If any of the assessors present a conflict of interest for the applicant, they can identify the conflict to A2LA and request that an alternate assessor be proposed.
Conformity assessment accreditation is defined as formal recognition of a conformity assessment body’s (CAB’s) technical competency to perform specific conformity assessment activities such as tests, calibrations, product certifications, and reference material production. For example, the general requirements for laboratory accreditation are contained in ISO/IEC 17025. This standard contains management system requirements and technical requirements. Laboratory accreditation requirements, however, go beyond ISO/IEC 17025.
The assessors used to conduct the conformity assessments must be technical experts in their fields. The assessors must verify the CAB’s capabilities, which are then listed on a “scope of accreditation.” CABs must also participate in proficiency testing (when applicable) on a regular basis to demonstrate their competency.
A quality management system (QMS) is a compilation of organizational documents that establishes the policies and procedures needed to direct and control an organization with regard to quality. It relates to general management activities, the provision and management of resources, the pre-procedure, test/calibration and post-procedure processes and evaluation and continual improvement. The policies, procedures, SOPs and records that make up a QMS provide proof of goals, assign responsibility, describe how those responsibilities are to be performed and provide evidence of past accounts or occurrences of compliance. A QMS captures the requirements of an organization and structurally provides a roadmap that explains who, what, when, where and how sustainable and repeatable outcomes will be achieved.
A standard is a document that provides requirements, specifications, guidelines or characteristics that can be used consistently to ensure that materials, products, processes and services are fit for their purpose. ISO International Standards ensure that products and services are safe, reliable and of good quality. They are strategic tools that reduce costs by minimizing waste and errors and increasing productivity. They help companies to access new markets and facilitate free and fair global trade.
Government and industries around the world have been using international standards for more than half a century to facilitate trade, establish a technical base for regulation and safeguard consumers.
A Conformity Assessment Body (CAB) is defined in the general requirements for accreditation bodies (ISO/IEC 17011) as a “body that performs conformity assessment services and that can be the object of accreditation.” This is meant to encompass the variety of organizations that A2LA accredits (i.e., laboratories, inspection bodies, product certification bodies, reference material producers, proficiency testing providers) and provides for a shared vernacular when discussing accreditation topics.
The list of specific tests, types of tests, calibrations, product certifications, etc. for which a Conformity Assessment Body (CAB) is found competent is listed in a scope of accreditation. The final content of the scope must be approved by the assessors and the selected members of the A2LA Accreditation Council. Scopes don’t always include all of the CAB’s capabilities. This is either because the CAB requests to limit the scope, or because the assessors have not been able to affirm the CAB’s competency in all areas for which the CAB was seeking accreditation. Capabilities that are not listed on the scope are not covered by the CAB’s A2LA accreditation.
A2LA assigns a dedicated accreditation officer to every single applicant. This person is your point of contact for the lifetime of your accreditation, providing assistance and support as needed. Customers and prospective customers also have access to our helpful customer care team, available by phone, chat, or email 8am – 8pm eastern time. A large library of documents and resources are available on our Documents page.
Laboratories that intend to apply in the near future should enroll in available proficiency testing (PT) programs as soon as possible. In most cases, A2LA requires at least one PT activity prior to accreditation to demonstrate competency. It can take several weeks before a PT program can include you on the sample distribution list, and this could delay your final accreditation.
There are five accreditation bodies (ABs) in the United States that are signatories to one or more Mutual Recognition Arrangements (MRAs) for the accreditation of calibration laboratories. In addition to A2LA, other acceptable ABs may be found at www.ILAC.org. Calibration laboratories accredited by these organizations can be used to meet the A2LA Traceability Policy. Use of a U.S. calibration laboratory accredited by one of our international MRA partners is also acceptable. Finally, you can use a national metrology institute (NMI) such as NIST in the United States.
The introduction to ISO/IEC 17025 notes that accreditation bodies can use the standard as a basis for their accreditation. As A2LA is an accrediting body that is a signatory to the ILAC mutual recognition arrangement, some additional requirements, such as metrological traceability, proficiency testing, and use of the accredited symbol, are enacted by all AB signatories to the arrangement. In certain fields, additional specific technical requirements are developed to complement the ISO/IEC 17025 requirements.
Calibration
No. Contributions to the uncertainty stated on the calibration certificate shall include contributions that can reasonably be attributed to the customer’s device. The exclusion option only applies for the uncertainty calculation that supports the calibration and measurement capabilities (CMCs) on the Scope of Accreditation.
The definition of Calibration and Measurement Capability (CMC) implies that, within its accreditation, a laboratory is not entitled to claim a smaller uncertainty of measurement than the CMC. This means that the laboratory shall be required to state a larger uncertainty than that corresponding to the CMC whenever it is established that the actual calibration process adds significantly to the uncertainty of measurement. Typically, the equipment under calibration may give a contribution. The actual uncertainty of measurement can never be smaller than the CMC.
In general, no. CMCs are usually calculated based on optimistic (but realistic) estimates of the uncertainty contributors. Unless the conditions of an actual calibration match the assumptions used to estimate the CMC, the calibration uncertainty will generally be larger than the CMC.
The uncertainty of reported measurements has to be stated as the actual uncertainty of the measurement, not as the accredited CMC unless that CMC actually applies. An indiscriminate use of the CMC as the uncertainty of an actual calibration is not justified.
On the other hand, some calibration labs will calculate CMCs based on the worst conditions that they’re likely to see. In these cases, the CMC on the scope of accreditation will be large enough to cover all of those conditions. This is why some labs quote their accredited CMCs for most of their work. Although this method is acceptable, it has the disadvantage that it doesn’t allow the lab to quote a smaller uncertainty if a calibration is performed under conditions better than were assumed for the scope of accreditation.
The following is taken from R218 – Applications for Calibration Scopes of Accreditation as adapted from ILAC-P14:11/2010 ILAC Policy for Uncertainty in Calibration:
The term “best existing device” is defined as a device to be calibrated that is commercially or otherwise available for customers, even if it has a special performance (stability) or has a long history of calibration.
In the formulation of CMC, laboratories shall include a contributor due to the performance of the “best existing device” which is available for a specific category of calibrations, however, it is recognized that for some calibrations a “best existing device” does not exist or contributions to the uncertainty attributed to the device significantly affect the uncertainty. If such contributions to uncertainty from the device can be separated from other contributions, then the contributions from the device may be excluded from the CMC statement under the following conditions:
- Documentation of the contribution to the CMC from the device shall be included as part of the record of CMC calculation.
- Documentation of the justification for the exclusion of the contribution of the “best existing device” from the CMC shall be included as part of the record of CMC calculation.
- The scope of accreditation shall contain a footnote that clearly identifies that the contributions to the uncertainty from the device are not included.
Example 1: “The contributions from the ‘best existing device’ are not included in the CMC claim.”
Example 2: “The CMC for this Parameter/Equipment applies for performance verification of the ‘best existing’ device under test and not for the assignment of reference values, and therefore certain characteristics of the ‘best existing’ device under test (e.g., resolution) are not included in this CMC estimate.”
The following is taken from ILAC-P14:11/2010 “ILAC Policy for Uncertainty in Calibration”:
In the context of the CIPM MRA and ILAC Arrangement, and in compliance with the CIPM-ILAC Common Statement, the following definition is agreed upon:
A CMC is a calibration and measurement capability available to customers under normal conditions:
- As described in the laboratory’s scope of accreditation granted by a signatory to the ILAC Arrangement; or
- As published in the BIPM key comparison database (KCDB) of the CIPM MRA.
The CMC is normally stated numerically, but where the CMC is a function of the quantity to which it refers (or any other parameter), it should be given in the form of an equation. For example, the dominant uncertainty contributor for calipers is often resolution. In these cases, the best way to represent uncertainty is as a function of the resolution (e.g., U = 0.6R) where “R” is the resolution in microinches. Similarly, gage blocks often quantify uncertainty based on length (e.g., U = 4 + 3L) where “L” is the length of the block in inches.
Clinical
Assessor teams are selected based upon a laboratory’s desired Scope of Accreditation.
Absolutely. A peer evaluation team is selected to cover all areas for which an accreditor is seeking recognition under the ILAC MRA. Therefore, each team selected to evaluate A2LA includes at least one member with internationally-recognized expertise in the clinical field. This individual then systematically examines all aspects of the A2LA clinical laboratory accreditation program, including observation of one or more actual A2LA on-site assessments of a clinical laboratory to ISO 15189.
For more information about ILAC, peer evaluation, and A2LA’s formal recognitions, see the “About A2LA” category of the FAQ.
A2LA assigns assessors with the education and expertise to complement a laboratory’s desired Scope of Accreditation. All of our clinical assessors have extensive experience in assessing CLIA laboratories and have been found to meet A2LA’s stringent requirements for being contracted members of our assessor corps. A lead assessor is assigned as are additional assessors depending on the extensiveness of the laboratory’s desired Scope of Accreditation. The time spent on-site by our assessors is not only commensurate with the desired Scope and but also takes into account the time necessary for a thorough review of the laboratory’s management system. All of our assessors, while undeniably technical experts, also undergo extensive training on the assessment of all QMS elements. A2LA approaches this training as an ongoing investment to ensure the high caliber of our assessor corps. All assessors are observed and evaluated performing actual assessments and this evaluation process occurs at regular intervals throughout the term of their contract with A2LA, ensuring a continual level of consistency and expertise.
ISO 9001 is a registration of a quality management system and serves as the basis for many of the other ISO standards because of its intentional generalness.
Similar to how you expect your customers to select a laboratory based upon their qualifications and credentials, so should you when choosing an ISO 15189 accreditor. Anyone can self-declare competence in offering ISO 15189 accreditations, but you need to ask yourself: “What are their credentials and who has accredited them?” When it comes to A2LA, the answer is easy. A2LA’s over 45 years of experience in accrediting specifically to ISO standards and our signatory status within the ILAC MRA for the accreditation of clinical laboratories to ISO 15189 speak for themselves. Our technical expertise is second-to-none as is our experience with management systems and ISO standards. We not only accredit laboratories to these standards, but we are expert enough in their development and implementation to train others in how to utilize them to better their laboratory’s performance.
ISO 15189 is an internationally-recognized standard, with over 40 ILAC-recognized accreditation bodies offering ISO 15189 accreditation programs. In some countries it is the standard by which laboratories are reimbursed. Although ISO 15189 is not mandatory in the U.S., an increasing number of clinical labs have recognized the benefit of being accredited by an internationally-recognized accreditation body (such as A2LA) along with their CLIA accreditation.
Although accreditation to ISO 15189 by an accreditor that is not a signatory to the ILAC MRA cannot be accepted as equivalent to A2LA accreditation, we strive to make the transfer process as little of a burden financially and otherwise as possible. Often, review of the on-site assessment report from another accreditor can be used as a starting-point in the A2LA assessment process, which may save you time and on-site assessor expenses. Every situation is different and so we encourage you to contact us directly (info@A2LA.org or 301 644 3248) and we will be happy to walk you through the transfer process.
No, this is not true. The ILAC MRA includes and A2LA accredits all types of testing laboratories, not just product testing laboratories. This includes, for example, environmental testing, biological testing, forensic examination, pharmaceutical testing and clinical testing. A2LA has established accreditation programs in each of these areas, all of which are included in our Scope of Recognition under the ILAC MRA.
Absolutely. Rest assured that any organization recognized to accredit clinical laboratories is accepted into the ILAC MRA or maintains CMS deemed status unless they have been rigorously evaluated and found competent to do so.
An A2LA clinical laboratory assessment is a three-tiered approach. First, it includes a thorough examination of the clinical laboratory’s compliance with the requirements of ISO 15189. Second, it includes an in-depth review of the clinical laboratory’s own policies and procedures and their adherence with them. Finally, for each applicant to the A2LA clinical program, a Scope of Accreditation is drafted. This document outlines all of the specialties and sub-subspecialties (along with the specific tests performed within each) for which the clinical laboratory is seeking accreditation. A2LA assessors then perform a technical assessment against the Scope to ensure that the clinical laboratory is technically competent to perform every test listed.
ISO 15189 is a standard that provides the specific requirements for quality and competence that are particular to clinical laboratories. The standard promotes global harmonization of clinical practices by ensuring laboratories are in compliance with quality management system and technical requirements. It protects the health and safety of patients and healthcare providers, supports efficient exchange of information and protection of data and improves the overall quality of care. ISO 15189 is used by laboratory customers, regulatory authorities and accreditation bodies to ensure competence.
Our International Recognition
A2LA is the largest, multi-discipline accreditor in the United States. We are a full signatory to the ILAC Mutual Recognition Arrangement (MRA), which is crucial for several different reasons:
- As an ILAC MRA signatory, A2LA undergoes periodic and rigorous peer evaluations by fellow MRA signatories to ensure that it remains in compliance with ISO/IEC 17011, “General Requirements for Accreditation Bodies Accrediting Conformity Assessment Bodies”. This is the ISO standard that sets out the rules and requirements for the operation of an accreditor. Without a system of peer evaluation and mutual recognition, there is no guarantee that an accreditor is operating to the highest possible standard and there is no guarantee that an accreditor is assessing and accrediting laboratories in a competent manner.
- Included in A2LA’s Scope of Recognition through ILAC is the accreditation of clinical laboratories to ISO 15189. This provides an independent attestation of A2LA’s competence to offer these accreditations and A2LA is the only accreditation body in the U.S. that is internationally-recognized for ISO 15189 accreditation.
- A2LA’s ILAC recognition for the accreditation of clinical testing laboratories to ISO 15189 means that your laboratory’s ISO 15189 accreditation through A2LA will be accepted internationally, breaking down restrictive barriers to trade and offering greater opportunities than accreditation through an organization that is not recognized beyond its own customer base.
Our Experience and Access to Expertise
A2LA has gained tremendous experience in accrediting laboratories to ISO standards over the past 45 years. A2LA launched its ISO 15189 clinical accreditation program in November 2007. We have been instrumental in the revision of the standard and we currently accredit against the 2012 and 2022 versions. We are not new to this business and we are certainly not new to the use of ISO standards. ISO standards can be challenging to interpret and implement and so you should partner with an accreditor that knows them and has been working with them for 45 years. Our experience also spans all possible levels of expertise needed by a full service clinical laboratory, not just a single area such as pathology.
An A2LA clinical assessment is no “coffee cup audit”. Only so much can be expected of a volunteer assessor corps because they are, after all, volunteers. A2LA’s assessors, on the other hand, are paid, contracted clinical experts and they are required to undergo intensive training (including a week-long orientation course and written exam) and periodic oversight to ensure they are conducting our clinical assessments in accordance with A2LA’s procedures and strict expectations for thoroughness and professionalism. Once A2LA accreditation is achieved, you and your customers can be assured that you have demonstrated competence at the highest level, as confirmed by one of the recognized world leaders in accreditation.
A2LA has an established Medical Testing Advisory Committee (MedTAC), which is active in the development of accreditation and assessment guidelines for clinical testing laboratories in accordance with ISO 15189. The MedTAC is composed of experts in the clinical field and also affords your laboratory a chance to be heard and to be instrumental in the furtherance of the A2LA clinical laboratory accreditation program.
Our Services
Because we are a multi-discipline accreditor, A2LA can serve as a “one stop shop” for all of an organization’s accreditation needs. We understand and accommodate the fact that many organizations do not offer just one type of testing or one type of service. A2LA can accredit for any type of testing in addition to services offered by proficiency testing providers, reference material producers, product certifiers and more. All of this can be done by one accreditor, A2LA, during one on-site visit, saving you time and money.
Do not mistake our multi-discipline nature as being a “watered down” approach to determining competence in each area for which we offer accreditation. Each of our accreditation programs is given the same attention to detail, is held to the same expectations for thoroughness and top-level expertise, and is operated with the same customer service which sets us apart from our competitors.
Documents
A2LA publishes general documents online at https://portal.a2la.org/documents/. For current applicants and customers, documents related to your organization’s field of accreditation are located in the Customer Portal within the open current assessment and in the Documents Library.
A2LA publishes general documents online at https://portal.a2la.org/documents/. You may also request assistance using the Contact Us feature on the A2LA website.
Each A2LA document contains a revision history table at the end of the document which identifies the document changes for the revision. For your reference, dated revision history information is available in the table for the last two years of document revisions.
A2LA sends monthly document update notification emails to current customers designated in the A2LA Customer Portal as Authorized Representative and Corporate Representative account holders. These representatives may access all updated documents at any time in the Customer Portal Documents Library.
Filing a Complaint
You may file a complaint via online submission here which will route directly to A2LA’s Quality Manager. Acknowledgement and follow-up communication will occur to clarify details and obtain additional information if not filed anonymously.
For A2LA to investigate and assist in resolving concerns, please submit as much information as possible about the problem or incident, including the precise nature of your concern, names of individuals involved and dates of events (when possible), and relevant documentation to support the claim.
If you are seeking resolution for an issue with an A2LA-accredited entity, your first action for resolution is to contact the subject accredited entity for consideration prior to reporting the issue to A2LA. To verify that this consideration has been provided, A2LA may request objective evidence of complaints made to the subject accredited entity prior to launching any investigations. ISO standards require accredited entities to have a defined complaint management process and to address complaints in a timely manner. Under ISO/IEC 17011 requirements, A2LA has limited ability to intervene in the accredited entity’s complaint management process unless a formal complaint made directly to the accredited entity is ignored and/or not adequately addressed.
Forensic
A2LA does not charge fees for such activities. However, if review by a technical assessor or an on-site assessment is needed to confirm the continued compliance of your facility, you may be invoiced for the assessor’s time and travel expenses. In such cases, A2LA would notify you in advance of any potential cost to you before moving forward.
The organization as a whole is required to meet A2LA R103 – General Requirements – Proficiency Testing for ISO/IEC 17025 Laboratories. R103 requires organizations to participate in external PT where available and appropriate. Individual analysts/examiners; however, are not subject to R103’s external PT requirement. Instead, A2LA R221 and R318 each have separate monitoring requirements for personnel that reference the participation of either commercial PT, intralaboratory comparisons, OR interlaboratory comparisons annually for each discipline in which they are authorized. All authorized sub-disciplines shall be covered in a four-year period.
All A2LA staff, assessors, and technical experts involved in the assessment and accreditation process must sign a conflict of interest and confidentiality policy to ensure that the confidentiality of our customers is maintained.
All information in relation to a customer’s application is kept in strictest confidence and may only be released under written approval by the customer. In cases where review by a broader audience is required, documents are stripped of any identification of the organization or excerpts are taken to ensure confidentiality.
All assessment documentation is housed in A2LA’s secure, NIST-compliant database.
A2LA serves the forensic community through attendance and presentations at meetings and through participation on committees and commissions.
A2LA staff maintain memberships with numerous forensic associations including the Association of Forensic Quality Assurance Managers (AFQAM), ASTM Committee E30 on Forensic Sciences, OSAC Quality Task Group and Seized Drugs Subcommittee, Scientific Working Group on Digital Evidence (SWGDE), ILAC AIC Working Group 10, NFPA Fire Investigation Units (FIU) Committee, the International Association for Identification (IAI), and the Maryland Forensic Laboratory Advisory Committee (FLAC).
A2LA contracted assessors maintain memberships with ASTM forensic committees and forensic scientific working groups (SWGs) as well as continuing to work in their respective fields.
ISO 9001 is a registration of a quality management system and serves as the basis for many of the other ISO standards because of its intentional generalness.
ISO/IEC 17020 incorporates the essential elements of ISO 9001 and adds technical competency factors relevant to inspection bodies. Its primary application is to improve the management and technical structure of inspection bodies. ISO/IEC 17020 accreditation (as opposed to ISO 9001 registration) includes both an assessment of the Management System and an evaluation of the technical competency of the Inspection Body.
ISO 9001 is a registration of a quality management system and serves as the basis for many of the other ISO standards because of its intentional generalness.
ISO/IEC 17025 incorporates the essential elements of ISO 9001 and adds technical competency underpinnings relevant to testing and calibration laboratories. Its primary application is to improve the management and technical structure of testing and calibration laboratories. ISO/IEC 17025 accreditation (as opposed to ISO 9001 registration) includes both an assessment of the Management System and an evaluation of the technical competency of the testing and/or calibration laboratories.
In a June 2006 memorandum of understanding between the European Network of Forensic Institutes (ENFSI) and the European Cooperation for Accreditation (EA), the ISO/IEC 17020 standard was selected as the most appropriate for accreditation of crime scene inspection activities. While the ISO/IEC 17025 standard applies to all types of testing, it was noted that the process of inspecting, diagraming, and collecting items at a crime scene was not addressed. The evaluation of a crime scene requires a high level of professional judgment based on education, training, and experience and it was found that the ISO/IEC 17020 standard addressed these concerns. Since this time, accreditation of crime scene and related units to ISO/IEC 17020 has increased internationally and within the United States.
Disciplines identified as being the most appropriate for ISO/IEC 17020 accreditation include those where the examination process and final determination of results is made through the professional judgment of the forensic science practitioner. Such disciplines include crime scene analysis and reconstruction, latent print and fingerprint analysis, firearms and toolmarks, and digital forensics.
To receive a copy of the white paper discussing the differences between ISO/IEC 17020 and ISO/IEC 17025 accreditation for forensic organizations, please refer to the Forensic Examination Accreditation Program.
ISO/IEC 17025 is an internationally-recognized standard, with over 80 International Laboratory Accreditation Cooperation (ILAC)-recognized accreditation bodies offering ISO/IEC 17025 accreditation programs. Although ISO/IEC 17025 is not mandatory in the U.S., an increasing number of forensic organizations have recognized the benefit of being accredited by an internationally-recognized accreditation body (such as A2LA).
A2LA does allow for the transfer of accreditation, provided that the requesting organization is accredited by an accreditation body that is a full member signatory to the International Laboratory Accreditation Cooperation (ILAC) Mutual Recognition Arrangement (MRA). In many cases, the transfer can be processed quickly and requires only a review of records and documentation and an accreditation decision by the A2LA Accreditation Council. However, every situation is different and so we encourage you to contact us directly (info@A2LA.org or 301 644 3248) and we will be happy to walk you through the transfer process.
Before assigning any assessment team, A2LA will submit an assessment proposal to the applicant with short bio-sketches of each assessor outlining their background and experience. If any of the assessors present a conflict-of-interest for the applicant, they can identify the conflict to A2LA and an alternative assessor will be proposed.
The Federal DNA Identification Act allows for the collection and indexing of DNA Profiles and sets requirements for the maintenance of the system including the laboratories that may perform testing and the accreditation bodies that may accredit them. A2LA underwent rigorous review by the NDIS Procedures board including a review of all program materials, peer evaluation of A2LA performing an FBI QAS assessment, and evaluation of A2LA DNA assessors, and was found to meet the requirements as set forth in the Federal DNA Identification Act, thus approving A2LA to assess and accredit laboratories that would like to take part in the system.
If you have a need to be assessed within a set time frame, A2LA will make every effort to ensure that the assessment occurs within that time frame.
The benefit of using contracted assessors is that they keep days available on their personal schedules to perform assessments throughout the year and at times, at short notice. Assessors can be assigned and can turn around in short order only after receipt of a complete application and management system documentation. They also need to complete a thorough document review to properly prepare for assessment.
Internal procedures may be listed on A2LA Scopes of Accreditation provided they meet the requirements of ISO/IEC 17025 and the laboratory has shown through demonstration and a review of documentation and records, that they are able to perform work in accordance with that internal procedure.
A2LA is happy to provide a free non-binding quote to interested forensic laboratories and units upon request. In addition, fixed price and not-to-exceed options are available.
As an applicant to the A2LA forensic accreditation program, you are asked to identify the activities which you would like to include within your scope of accreditation. A2LA does not place limitations or requirements on what activities at your facility must be accredited and we work with you to ensure that all requested areas that are deemed compliant are captured on your scope.
In addition, A2LA has a well-documented system for processing requests for scope expansion and reduction and will work with you to ensure a swift and stress-free process. A2LA does not charge fees for scope expansions; however, if a significant amount of data must be reviewed or if an on-site assessment is needed, you would be charged for the technical assessor’s time. In all cases, A2LA will communicate with you to ensure that you understand any potential costs prior to moving forward.
A2LA recognized that all phases of the forensic process are critical and that these may not include testing or
examinations. Such activities are identified in A2LA document R318 – Specific Requirements – Forensic ExaminationAccreditation Program-Inspection and include:
- The evaluation and documentation of a scene;
- The collection of evidence;
- The transport and storage of evidence;
- The inspection of evidence for compliance with known samples (e.g. bullet/cartridge case comparison, fingerprint comparison);
- The submission of evidence to accredited testing laboratories for analysis; and
- The determination of events based on inspection and testing results (e.g. scene reconstruction).
For those activities performed in support of forensic work, these may be accredited under the ISO/IEC 17025 or ISO/IEC 17020 standard, as applicable.
Yes. A2LA does not require that your full laboratory obtain accreditation. In addition, if you only require accreditation for a single test or small selection of tests, A2LA will assess and accredit you for only those tests.
Following your on-site assessment, the process can move quite quickly, but this is very dependent on how quickly you can address any non-conformities that were identified during the assessment. If non-conformities were not identified, accreditation can be completed in a matter of days.
If non-conformities are identified, the time needed will depend on how quickly your organization moves through the corrective action process and how quickly you are able to provide evidence to A2LA of the resolution of any non-conformities cited. However, A2LA will ensure that you receive prompt responses to questions and that your corrective actions receive thorough and expeditious review, typically within one week. Once all non-conformances have been addressed and reviewed by an official review board, A2LA can complete your accreditation paperwork in a matter of days.
The A2LA Forensic Examination Accreditation Program has been evaluated and recognized by the states of Louisiana, Maryland, Missouri, North Carolina, and Texas. In addition, the National DNA Index System (NDIS) Procedures Board has reviewed and formally approved the designation of A2LA as an accrediting agency under the United States Federal DNA Identification Act (42 U.S.C. 14132).
Through legislative mandate, the A2LA forensic accreditation program is also recognized in Alabama, California, Hawaii, Idaho, Illinois, Indiana, and Minnesota.
You can add testing to your scope during your on-site assessment or between assessments by completing and submitting a request for scope expansion form (A2LA document F108 – Request for Expansion of Scope of Accreditation – Testing).
A management system, as required by ISO/IEC 17020:2012, is a compilation of organizational documents that establishes the policies and procedures needed to direct and control an organization with regard to quality. It relates to general management activities, the provision and management of resources, the pre-inspection, inspection, and post-inspection processes and evaluation and continual improvement. A management system captures the requirements of an organization and structurally provides a roadmap that explains who, what, when, where and how sustainable and repeatable outcomes will be achieved.
ISO/IEC 17020 Conformity assessment – Requirements for the operation of various types of bodies performing inspection is a standard that provides the specific requirements for quality and competence that are particular to inspection bodies. In the context of forensic sciences, forensic inspection is defined as the examination of an item or location and, on the basis of professional judgment, the determination of conformity with proposed events or known conditions. Of particular importance is the concept of professional judgment based on education, experience, and training and how this judgment is used in determining which collection methods and processes to use at crime scenes, when developing latent prints, and when making critical decisions in relation to identifying evidence.
To receive a copy of the white paper discussing the differences between ISO/IEC 17020 and ISO/IEC 17025 accreditation for forensic organizations, please refer to the Forensic Examination Accreditation Program.
ISO/IEC 17025 General Requirements for the competence of testing and calibration laboratories is a standard that provides the specific requirements for quality and competence that are particular to testing and calibration laboratories. The standard promotes global harmonization of testing and calibration. ISO/IEC 17025 is used by laboratory customers, regulatory authorities and accreditation bodies to ensure competence.
A2LA was one of the original signatories to the International Laboratory Accreditation Cooperation (ILAC) Mutual Recognition Arrangement (MRA) and since that time has been very actively involved on ILAC committees, working groups and task groups to assist in the growth and promotion of the ILAC MRA and accreditation. In addition, A2LA maintains accreditation programs in multiple standards and disciplines and has options for dual accreditation and joint assessments. A2LA is also the only accreditation body in the United States that is internationally-recognized for ISO 15189 (clinical) accreditation and which has been recognized by the Centers for Medicare & Medicaid Services (CMS) for clinical laboratory accreditation under CLIA. A2LA is also the only accreditation body in the United States that is recognized by the United States Government for their FedRAMP program for IT Cloud Computing accreditation (ISO/IEC 17020).
A2LA contracts with technical experts working in forensic fields to assist in the performance of assessments; ensuring that the most experienced and technically competent individuals are selected to act as A2LA assessors.
A2LA is a professional society run for and by its members. Membership in A2LA is open to all interested parties, not just accredited customers (e.g. specifiers, regulators, end users) and comes with many benefits, including the right to vote on officers and directors of the Association and discounts on A2LA training programs. An organization does not have to be a member to become accredited, and accreditation by itself does not confer A2LA membership.
The Forensic Examination Advisory Committee (FEAC) is open to all interested parties and meetings are held in person and through webinar and teleconference to allow options for participation by full Committee membership. The FEAC is tasked with the development of accreditation and assessment guidelines in accordance with the ISO/IEC 17025 and ISO/IEC 17020 requirements and with reviewing and reaching consensus on how relevant technical methods, procedures, protocols, techniques and/or guidelines are to be interpreted and assessed.
A2LA continues to grow its programs through research, community participation and interaction with technical experts to provide customers with comprehensive accreditation offerings.
A management system consists of policies, procedures, SOPs, and records, all of which provide proof of goals, assign responsibility, describe how those responsibilities are to be performed and provide evidence of past accounts or occurrences of compliance.
Key requirements incorporated into the ISO/IEC 17020 standards are:
- Documentation of the management system
- Documented competency requirements and formal authorizations of staff
- Documented training and oversight program for all inspectors
- Continued evaluation of risks to impartiality and documented actions to eliminate risks
ISO/IEC 17020
No. ISO/IEC section 8.6.3 requires that the inspection body conduct internal audits. With the understanding that it is the inspection body’s responsibility to conduct their own internal audit, third party audits of the organization are not acceptable for meeting any portion of this requirement of the standard. Only internal audits completed by the inspection body staff or contracted consultants of the organization are acceptable.
Not necessarily – The standard calls for the inspection body to “verify that it fulfills the requirements of this International Standard, and that the management system is effectively implemented and maintained.” An inspection body must provide evidence that their internal audit consists of at least the following:
- Determination of compliance with all ISO/IEC 17020 requirements;
- Determination of compliance with all policies, procedures, inspection processes, instructions, etc. that form your management system;
- Determination of compliance with all relevant A2LA policies and requirements.
This can be done on the C301 checklist by confirming compliance and providing detailed notes on the objective evidence reviewed in making that determination. Where such detailed information on the C301 is not provided, the inspection body must maintain additional evidence that all requirements noted above were audited.
For the purposes of A2LA accreditation, accredited Inspection Bodies are required to own or have direct access to, and have under their document control system, current versions of the normative documents that are vital to maintaining their accreditation and to perform their inspection activities.
These documents include all relevant regulations, standards and/or technical methods, etc. related to the inspection activities. Additionally, ISO/IEC 17020:2012, general A2LA policy documents, and the specific A2LA program requirement documents relating directly to their field of accreditation. A2LA does not consider “terminology documents”, such as ISO/IEC 17000 and the VIM, to be normative documents that an organization must control within their system.
For inspection bodies the A2LA normative documents are as follows:
R301 – General Requirements: Accreditation of ISO/IEC 17020 Inspection Bodies
R102 – Conditions for Accreditation
R105 – Requirements When Making Reference to A2LA Accredited Status
P102 – A2LA Policy on Metrological Traceability (only when inspections require the use of traceable measuring equipment) or
P113 – A2LA Policy on Measurement Traceability for Life Sciences Testing and Forensic Conformity Assessment Bodies (CABs)(for Forensic organizations)
ILAC P15-Application of ISO/IEC 17020:2012 for the Accreditation of Inspection Bodies (This document can be found at ILAC.org)
Specific program requirements (examples):
R310 – Specific Requirements: Special Inspection Agencies Inspection Body Accreditation Program (only for special inspection agencies)
R311 – Specific Requirements: Federal Risk and Authorization Management Program (only for FedRAMP)
R318 – Specific Requirements: Forensic Examination Accreditation Program (only for forensic inspection)
R332 – Specific Requirements: NFPA Field Evaluation Bodies (only for NFPA field evaluation bodies)
Determining the cause of nonconformity is deemed equivalent to root cause analysis. Root cause analysis can be the most challenging part of the corrective action process and should be used as a tool for continuous improvement, which may reduce or eliminate the likelihood of future deficiencies. Understanding why an event occurred is the key to developing effective corrective actions. In some cases, the root cause is singular and easily discerned; in most cases it is not, and there may be multiple root causes. Because of this, there is no single ‘recipe’ that can be followed. While it is impossible to create a procedure that would apply to all scenarios, there are some guiding principles which can be employed, the most important of which is that the root cause should address the question: “Why did this deficiency occur?”.
Other points to consider:
- Statements of root cause which are essentially a restatement of the nonconformity provide no new information beyond the facts of what was found and are not considered to be an acceptable response.
- Each non-conformance should be evaluated independently.
- While each non-conformance and its associated root cause should be approached individually, trends in the identified root causes for a group of non-conformances is a strong indicator that further investigation is needed. For example, upon conclusion of an assessment during which 8 non-conformances were cited, it is determined that the root cause of 6 of the 8 non-conformances pertain to employee training. In this example, additional investigation into the employee training program would be prudent and should be evident in a response.
Additional resources that may be of help are found at:
- “Presentation on Root Cause Analysis”, found under “A2LA Guidance Documents” in the Document Finder on the A2LA website.
- The February 2007 Issue of the A2LA Newsletter, found under the “Publications” tab, and “Newsletter Archive” menu item on the A2LA website.
In some instances external requirements, standards and specifications provide specific requirements for the retention of records. If there are no specifics provided then per A2LA requirement document R102-Conditions for Accreditation, item 4 states, “Retain all quality records and technical records supporting reported results throughout the period between A2LA full assessments bearing in mind that adequate records must be available to demonstrate full compliance with the requirements for accreditation.” Therefore, at minimum records shall be retained for the period of time from one full assessment to the next.
ISO/IEC 17025:2017
The standard does not state a frequency, nor mandate one be documented by the lab. However, the Standard expects the laboratory to be constantly aware and prepared to identify and manage risks to impartiality.
There are always risks to impartiality (see clause 4.1.3 and Note to this clause 4.1.4 for some examples) and the laboratory is required to identify them, be structured and managed to safeguard impartiality (4.1.1.) However, the Standard does not specify which risks require mitigating action. At a minimum, the laboratory must clearly include a statement in the management review input documentation (see 8.9.2.m) stating that no new risks were identified requiring action. If previous actions were put in place, this is also where the laboratory is expected to discuss the status of effectiveness of those actions (see 8.5.2.b, bullet 2, and 8.9.3.a)
The Standard does not include expectations on timeliness of records demonstrating mitigation actions.
At a minimum, the risk that was identified must be recorded in the laboratory’s next management review (see 8.9.2.m), and the laboratory must also be prepared to discuss what plan(s) of action are being readied to address the risk (see 8.5.2).
‘Legally enforceable agreements” are records of understanding between two or more parties regarding services provided or received. For purposes of this clause, A2LA determines a “legally enforceable agreement” to be a record which indicates responsibilities for maintaining confidentiality and repercussions for breaches of that responsibility.
If the laboratory were to obtain information about the customer other than from the customer itself, the laboratory shall not reveal this information to any other party other than the customer. The laboratory shall also protect the source of the information if the information about the customer is shared with the customer.
The laboratory may be a public, governmental or private entity, an established business or corporation, or an identifiable division or in-house activity of a business or corporation, which meets the applicable legal requirements of the jurisdiction in which it conducts business.
If a laboratory has or has access to all of the resources and processes necessary to perform a test, then the laboratory may claim it as part of the range of activities a laboratory can perform. The laboratory must demonstrate it retains the proficiency necessary to perform the test through an interlaboratory comparison, proficiency test, or demonstrate proficiency during an assessment.
The reason for the statement, “which excludes externally provided laboratory activities on an ongoing basis” was for laboratories that do not maintain the competence and resources to perform the laboratory activity. If the laboratory demonstrates competency and have the resources necessary to perform the activity during the assessment, then this meets the intent of the Standard. In addition to the verification of competency during the assessment, the laboratory may also demonstrate competency through proficiency testing and/or interlaboratory comparisons.
The range of laboratory activities, as defined by the Standard, are those tests, calibrations and sampling activities (with subsequent testing or calibration) a laboratory claims as enveloped under their ISO/IEC 17025:2017 conformant management system. These may be as generic as testing, calibration and/or sampling activities (with subsequent testing or calibration), as specific as particular activities, methods, measurement ranges, etc., or anything in between. This does not explicitly or implicitly reference or require the scope of accreditation. This Standard was not specifically written for accrediting bodies or accreditation.
The Standard does not require a document for this clause. However, if the laboratory does document the organization and management structure then clause 8.2.4 applies. Clause 8.2.4 states, “All documentation . . . related to the fulfillment of the requirements of this document shall be included in, referenced from or linked to the management system.”
The Standard does not require a job description and, therefore, does not require the responsibilities and authorities to be documented in a job description. See section 6.2 on Personnel for more information on the documentary requirements of responsibilities and authorities.
“Consistent application” means that when a procedure is written it must be detailed enough so that when it is performed by competent and authorized personnel, that undocumented steps or variances in its implementation do not adversely impact the validity of the laboratory activities and the validity of results.
Under this clause, records are not required for specific authorizations. This clause focuses on personnel having the authority to carry out their duties. Authorizations and records thereof are covered in clause 6.2.5.
Job descriptions are not required in the Standard. Competence requirements shall be documented and controlled within the laboratory’s management system. The Standard allows the laboratory to document its competency requirements in any manner it deems appropriate.
No, this clause in the Standard does not explicitly require the laboratory to document this authorization. The Standard states, “The laboratory shall ensure that the personnel have the competence . . . to evaluate the significance of deviations.” However, a record would be required, as per 6.2.5 e), for authorizing personnel.
No, the standard does not explicitly call out a record of communication for this requirement since communication may occur in a variety of ways, although many laboratories will keep track of this information communication via “job descriptions,” performance reviews, etc.
No, the Standard does not require “monitoring” to be a “defined” frequency. Frequencies might be defined and/or adjusted by the laboratory or required as part of a contract (7.1), regulatory requirement (5.4), or included as a means of mitigating a perceived risk in this process.
No, the Standard does not require, in this clause, that a laboratory keep records of monitoring or checking facility controls.
There is no requirement to document the review but any adjustments must be identifiable (8.3.2 c.)
No, there is not an expected frequency or time-period for re-evaluating external service providers per the Standard. However, including a frequency or time-period as a means of mitigating a perceived risk in this process may be considered.
It can be, but it is not exclusive to an electronic platform or software application. Within the industry the term ‘LIMS’ is typically associated with software used by laboratories to manage their data workflow; however, this is only one method that could be used to manage laboratory data.
A Laboratory Information Management System in the context of ISO/IEC 17025:2017 section 7.11 includes any approach a laboratory uses to manage its data. These approaches may take the form of a computerized, non-computerized, or hybrid systems. The actual implementation may take many forms using tools such as logbooks, hard copy data sheets, spreadsheets, or complete workflow automation systems. The applicability of some of the requirements in ISO/IEC 17025:2017 depends on the approach utilized and the actual implementation of the laboratory data management.
The Standard is silent on the “transfer” of original observations in 7.5 and 8.4. However, in clause 7.11.6 it states that “calculations and data transfers be checked . . .” The form of the original recording need not be maintained in the record system after transfer, i.e., the original form of the record may be disposed if the requirements of 7.5 and 8.4 are met in the system receiving the transferred result.
According to the words of the Standard, the monitoring shall include all the activities, that are appropriate to ensure the validity of the tests. Appropriateness is determined by the laboratory and may result in the laboratory choosing to only perform one activity despite the availability and seeming appropriateness of other options.
Yes. It is important to remember, however, clause 7.8.1.3 states, “Any information listed in 7.8.2 to 7.8.7 that is not reported to the customer shall be readily available.”
No, the Standard does not require the “complaint handling process” be “made publicly available.” The Standard requires that it “be available to any interested party on request.”
No, this clause does not require a record of acknowledgement. Communication of policies and objectives may occur through many avenues and so follows the acknowledgement by the recipients of the communication.
No, the laboratory is not required to record that it periodically reviewed controlled documents. The Standard only requires the laboratory to “ensure” they are periodically reviewed (see 8.9.2 c) and records regarding the suitability of policies and procedures).
Yes, the records might appear in any number of areas but, as a minimum, are required as part of the management review (8.9.2 and 8.9.3).
No, A2LA does not require that a complete internal audit be done prior to accreditation. Your documented internal audit program and any evidence of implementation shall be available for review at the time of the initial assessment and the progression of your audit per your audit schedule will be reviewed and confirmed during your surveillance assessment.
No, the standard does not require a defined time frame within which the laboratory will perform a ‘complete’ internal audit. A ‘complete’ audit is defined by the laboratory’s program under clause 8.8.2.b, and must include the scope (processes, clauses, areas, personnel, etc.) and criteria (requirements) that will be audited during a given audit.
The “planned intervals” required in clause 8.8.1. are synonymous with the “frequency” term used in clause 8.8.2.a, and might be defined by terms such as “monthly,” “quarterly,” or “yearly,” to give examples.
A “time frame” by definition includes fixed boundaries, and might be defined using terms such as “within a year” or “by the end of the quarter”. The standard does not use the term “time frame” as its intent is for laboratories to regularly perform these audits at a given frequency, with the scope and criteria decided upon and defined by the laboratory implementing a risk-based approach to determining scope and criteria for each audit it performs.
No, A2LA does not require that a complete management review be done prior to accreditation. The records from your management review and any evidence of implementing actionable outputs shall be available for review at the time of the initial assessment and will be reviewed and confirmed during your surveillance assessment.
No. The content of each management review should be considered by laboratory management based on the planned intervals (or, how much time passes between these reviews) – more frequent reviews may warrant less topics discussed at each meeting and all topics eventually being covered, while less frequent reviews may warrant every topic be discussed at each meeting.
The intent of this requirement is not to have a ‘checklist’ or agenda that laboratories must follow for this activity. Laboratories are expected to use this process, and its associated data, to drive continual improvement in its management system and laboratory activities.
If the method defines the decision rule and the laboratory follows the method, then the laboratory meets the intent of the Standard. Methods, in many cases, control the measurement process well enough to manage measurement precision and bias, but might not evaluate measurement uncertainty or define a decision rule for conformity statements. At this point, the Standard does not provide examples of decision rules other than Note (ISO/IEC Guide 98-4) but does require that one be selected and shall be communicated to and agreed with the customer. If the laboratory deviates from the method in 7.6.3 (under note 1), the laboratory is required to validate the method (section 7.2) and evaluate the impact on the decision rule as it pertains to making statements of conformance and the decision rule shall be communicated to and agreed with the customer.
There may be reasons for which a laboratory is not able to assemble or participate in ILCs. In the event the laboratory can justify the position that relevant and available interlaboratory comparison programs do not exist, the laboratory must still perform intra-laboratory comparisons (see 7.7.1). For example, if it is not appropriate for a laboratory to share artifacts with their competitors due to intellectual property or proprietary reasons or if the test method is proprietary, then the laboratory shall employ the means it used to validate the method, see 7.7.1.
ISO/IEC 17065
The Certification Body should compare the new product to be certified against those with which it has similar experience by examining the schemes (if different) used for performing the certifications, the technologies inherent in the products, the evaluation techniques which must be implemented to characterize the product to determine its compliance with the requirements in the certification scheme(s), and the technical knowledge of its own personnel in order to ensure that a knowledgeable review and decision on certification can ultimately be made.
The NOTE under this clause gives excellent guidance for the Certification Body to consider when comparing the new product they are being asked to certify against products they have certified in the past. Similar comparisons should also be made when a new certification scheme or new normative document (such as a different evaluation specification) is introduced to the Certification Body by their client.
If the certification body determines that the new product is of the same type as ones with which it has previous experience, no records are needed, but the Certification Body may be asked to explain its rationale in determining that the new product is of the same type as ones that were previously certified.
If the Certification Body cannot explain this rationale to an assessor’s satisfaction, a deficiency may be cited if the assessor can justify that a certification was not “of the same type” as certifications previously granted by the Certification Body (for example, by showing that the new product has substantial differences in technical underpinnings from those the Certification Body used in its comparison).
In order for expedite fees or volume discounts (or other financial considerations between certifier and client) to be considered non-discriminatory and justifiable, the availability of such fees and discounts should be made known to all potential clients, and a process for applying such fees must be clearly laid out so that all parties taking advantage of them are considered equally. (Clause 4.6(b) of ISO/IEC 17065 requires that descriptions of fees charged to clients be documented and made available to clients upon request.)
While not explicitly required by the standard nor A2LA, if a certification body wishes to offer special pricing structures, it may be good practice to consider specifying “categories” that a client would fall into for these special pricing structures (e.g. “Clients with 0 to 50 applications per year receive no discount; 50 to 100 receive a 5% discount; etc.” or “To include your application in our expedited workflow line, the fee is xxx dollars due upon application receipt”). These suggested clarifications may assist the certification body in supporting their position if any questions over discriminatory practices are raised.
The certifier must take care to ensure that no special treatments are given, for example, to one client over another if both clients are equivalent in all other senses (e.g. both have paid the same expedite fee, or both have been informed of the same pricing discount). The fees, and the application of them, must not be constructed or used in such a manner as to impede or inhibit access by an otherwise qualified applicant.
If a potential client were to issue a complaint about the prices charged by a certifier, A2LA expects the certifier to keep a record of those complaints received, and any subsequent actions, as required by section 7.13 of ISO/IEC 17065.
A2LA reads clause 7.6.4 to be more of a definition of what Organizational Control IS, rather than something a Certification Body must exert. As such, there are many instances where Organizational Control will not come into play for a Certification Body. There are three clauses in the standard which reference Organizational Control of an outside entity by the Certification Body. A2LA assessors are instructed to examine how each Certification Body implements the following clauses, and, if no related bodies are utilized in the implementation of these steps, then clause 7.6.4 is Not Applicable for the Certification Body.
7.6.3: The Certification Body is permitted to essentially “outsource” the certification decision, but only if the person/group of persons making the decision is employed by or contracted to the Certification Body itself, or an entity that the Certification Body holds more than 50% control in. If the person/group making the decision is not employed or contracted by the CB or an “organizationally-controlled” entity, the CB cannot utilize that person or group to make the final certification decision. Note that committees are excluded from this clause by virtue of the requirements in clause 5.1.4 of the standard.
4.2.6: Any entity which the Certification Body has Organizational Control over is not permitted to design, manufacture, install, distribute, or maintain the product being certified. The Certification Body must be prepared to explain how they are ensuring that all related entities which are under Organizational Control are not performing any of these actions. Related entities NOT under Organization Control are not subject to these requirements, but are instead subject to examination for risks to impartiality under clauses 4.2.3 and 4.2.7.
7.6.5: The Certification Body must be able to demonstrate (with supporting record evidence) how it ensures that personnel in entities under organizational control are fulfilling the ISO/IEC 17065 requirements. Fulfillment of these requirements includes (but may not be limited to) requiring the existence of a contract with those personnel which meets the requirements of clause 6.1.3.
Yes, the Certification Body must address each required procedure under this clause, even if the certification activities being performed do not include those actions. For example, an organization operating a certification scheme which does not allow for extensions or reductions to the scope of certification must have documented some statement to the effect of, “We do not offer any extensions or reductions to our certifications.”
Does our Certification Agreement need to list who is responsible (our organization, or the client) for the evaluation of a product when the scheme allows or requires the product to be evaluated before an application for certification can be filed? Or is a verbal agreement sufficient?
Historically, verbal agreements are difficult, if not impossible, to legally enforce. As such, because the Certification Agreement must be legally enforceable and must address the responsibilities of each party, A2LA requires that the responsibilities of the client with regard to any evaluation of the product performed prior to filing the application for certification be clearly outlined in writing in the Certification Agreement. This is also encompassed by clause 4.1.2.2.c.1 which requires the client to “make all necessary arrangements for… the conduct of the evaluation and surveillance (if required)…”
In many instances, it may not be possible for a certification body to give a formal notice of complaint resolution to the complainant; one such example is if a complaint is received anonymously. Other examples where it may not be possible to formally notify a complainant could include the complainant not leaving any contact information for receiving feedback, or the complainant changing contact information either voluntarily (i.e. relocation) or involuntarily, (i.e. being dismissed from an employment position).
Possible evidence which would show that the certification body has performed their due diligence when the complainant is unreachable could include records of attempted emails with read receipts, phone logs, voicemails, certified postal mailings, or generalized resolution notices to alternate persons that are known to be related to the original complainant.
These examples, are not intended to be all-inclusive, nor are they mandatory actions that must be undertaken by the Certification Body.
Ultimately, the Certification Body must show evidence that they have done reasonable due diligence in attempting to contact or locate the original complainant, and these examples may be useful when considering what actions to undertake to notify the complainant of the outcome. In all cases, these attempts to contact the complainant must be part of the records associated with complaint resolution as required by clause 7.13.1.
No, A2LA does not require that a complete internal audit be done prior to accreditation. Your documented internal audit program and any evidence of implementation shall be available for review at the time of the initial assessment and the progression of your audit per your audit schedule will be reviewed and confirmed during your surveillance assessment.
No, A2LA does not require that a complete management review be done prior to accreditation. The records from your management review and any evidence of implementing actionable outputs shall be available for review at the time of the initial assessment and will be reviewed and confirmed during your surveillance assessment.
The Application Review stage of the certification process is a very fine line for Certification Bodies to walk when considering duties assigned to its personnel. The Application Review cannot be automatically assumed to be an Evaluation activity without further examination by an assessor. The assessor will sample certification records and will interview various persons within the Certification Process in order to collect evidence demonstrating whether or not the person taking part in the Application Review has performed activity which is considered Evaluation.
When the tasks performed by the Application Reviewer are found to be administrative in nature only (e.g. requesting missing pages from an evaluation report, requesting a missing signature on the certification agreement, or requesting a sample of the product to be certified), then no, the Application Reviewer is not considered as having performed any Evaluation tasks.
However, any work performed by the Application Reviewer which results in the selection of a product to be certified, or which results in data/information that is or could be used in determining whether or not a product meets certification requirements, is considered part of the Evaluation process. This work would then preclude the Application Reviewer from taking part in the formal certification Review (7.5) and Decision (7.6) phases of the certification process.
Clause 8.6.4(a) requires internal auditors to be competent in three areas – knowledge of the standard, knowledge of the certification process, and knowledge of auditing. The determination of auditor competence levels (that is, what an auditor needs to do to show they are “knowledgeable”) is the responsibility of the certification body, and records are required by A2LA to show that the auditors have demonstrated their knowledge to the certification body for whichever of the three aspects they are responsible for covering during an audit.
The standard requires the certification body to keep records of risks to impartiality that have been eliminated or mitigated, via clauses:
* 4.2.4 (the CB shall be able to demonstrate how it eliminates or minimizes such risk; the information shall be made available to the mechanism specified in 5.2),
* 5.2.1.c (the mechanism (for safeguarding impartiality) shall provide input on… matters affecting impartiality…), and
* 8.5.2c (inputs to the recorded management reviews shall include … feedback from the mechanism for safeguarding impartiality)
Note 2 of clause 6.2.2.1 states “Use of external personnel under contract is not outsourcing.”
If there exists a properly executed agreement (e.g. contract) between the department/personnel in question and the Certification Body which meets the requirements of clause 6.1.3, then no, the example given does not constitute “Outsourcing” of activities by the Certification Body. (This documentation also answers the question, “Is the resource under the direct control of the Certification Body?” for purposes of judging whether or not the entity in question is an Internal Resource of the Certification Body – see clause 6.2.1)
If the documentation linking the other department or its personnel to the Certification Body does not meet the requirements called out under clause 6.1.3, or if the Certification Body cannot provide evidence that the additional requirements stated under clause 6.1.2 are met for the personnel in question, then the actions taken by the Certification Body are considered “Outsourcing,” and the Certification Body must demonstrate that it complies with the requirements related to Outsourced activities.
The NOTE below clause 6.2.2.4 clarifies when a Certification Body may utilize accreditation as part of their qualification, assessment, and monitoring of an external resource.
In summary, A2LA permits a Certification Body to reference an external resource’s accreditation (e.g. to ISO/IEC 17025) only if this is clearly allowed within the scheme(s) being operated, the resource’s scope of accreditation is applicable to the evaluation activity being performed (including appropriate test or inspection methods), and the Certification Body has a documented frequency and supporting records for verifying the accreditation status.
If the scheme does not mention allowing the Certification Body to rely on accreditation without other qualification / assessing / monitoring activities of their own, A2LA requires the Certification Body to clearly state in their required policies and procedures how the qualification / assessing / monitoring activities are undertaken, and to keep records showing that those actions have been undertaken for all approved providers of outsourced services.
Not necessarily – The standard calls for the certification body to “verify that it fulfills the requirements of this International Standard, and that the management system is effectively implemented and maintained.” (emphasis added) A CB must provide evidence that their internal audit consists of at least the following:
- Determination of compliance with all ISO/IEC 17065 requirements;
- Determination of compliance with all policies, procedures, instructions, etc. that form your management system;
- Review of all Certification Process steps (i.e. application, evaluation, review, decision, certification documents, and
- surveillance, where applicable); and,
- Determination of compliance with all relevant A2LA policies and requirements.
My organization has invited numerous possible stakeholders to be part of our “Mechanism for Safeguarding Impartiality,” but all of those stakeholders have declined to participate. How can my organization show that we are maintaining the required balanced representation?
Note 2 to clause 5.2.1 and Note 1 to clause 5.2.4 of ISO/IEC 17065 both identify examples of mechanisms and potential invitees that the Certification Body may have overlooked during its invitation process, and should be examined prior to determining that all possible avenues have been exhausted.
The certification body must be able to demonstrate (e.g. by providing records) that they have ensured a balanced interest in their mechanism by identifying and inviting potentially interested parties, and that they have ensured that the composition of their Mechanism is such that no single interest predominates. In all cases, the certification body cannot hold more than 50% stake in this Mechanism – it is up to the certification body to take additional suitable actions to ensure that these balanced interest requirements are met.
Clause 6.2.2.4(f) requires the certification body to notify the client in advance of subcontracting in order for the client to have the opportunity to object to that action. A2LA understands that certification bodies may not always immediately know what outside entity will be used to perform evaluation tasks when taking on an application.
At a minimum, the certification body may issue a blanket statement (or make known in some other clear manner) of possible subcontracting to its clients and potential clients. The client then has an opportunity to object to the use of external resources, or to request clarification on the matter. If clarification is requested, the certification body is expected to answer the client’s question, and identify the potential entity that would be used before the evaluation activity takes place in order to allow the customer the opportunity to object to the use of that particular external resource, while still accepting the possible use of a different external evaluation resource.
Records of correspondence are required to demonstrate that the CB has given adequate notice to the client and, if necessary, has identified the specific subcontractor if so requested.
The critical idea in this clause is that the CB has given the client a reasonable opportunity to object to the use of outside evaluation resources, whether that be objecting to a specific entity (such as a chosen test lab) or objecting to the entire concept of outsourcing. (Note that ISO/IEC 17065 does not explicitly require the certification body to receive a written approval from the client to initiate the subcontracting, but it may be beneficial for a certification body to attempt to obtain this documented approval.)
At a minimum, A2LA requires each scheme for which the certification body is accredited to be included in their Internal Audit in order to ensure that the steps in the certification process, as well as the CB’s management system requirements are being properly implemented across all certification schemes offered.
The Internal Audit is considered incomplete if the organization fails to include all schemes during its internal audit. It is not required that every product type be addressed in one internal audit cycle, but it is recommended that different product types be reviewed from audit to audit.
As a reminder, Clause 8.6.2 requires the internal audit program to take into account previous audit findings – if any findings related to a specific product type were found at a previous audit, those must be taken into account when planning the current internal audit.
Our organization is considering operating a scheme where the scheme owner notifies the clients of changes to the certification requirements themselves, and does not require any re-verification of compliance until the current certification expires. Does clause 7.10.1 still apply to our organization, and if so how?
Clause 7.10.1 is required to be implemented by all certification bodies, regardless of what changes and subsequent action (or inaction) is stated by the scheme.
In all cases of certification changes, it remains the responsibility of the accredited certification body to be aware of these changes, to gain assurance that the changes have been communicated to clients in some manner, and to take some action to verify that the changes have been implemented by its clients. If the scheme specifies any further actions, such as mandating immediate re-evaluation of any certified product, then the certification body has further tasks to undertake.
In the case of a scheme owner sending out email notifications, actions taken by the CB to assure themselves that the communication has taken place may be minimal (but caution should still be taken in the event that a client is not receiving those notifications). In other cases, such as the CB being the scheme owner, a notification blast (e.g., via email or letter) to all clients could be submitted as evidence of the steps the CB has taken to comply with this requirement.
With regard to actions taken to verify implementation, these will depend on the instructions included (or not included) by the scheme owner. This might include re-evaluation of certified products (as mentioned previously), a re-review of currently certified product documentation and evaluation results to verify that the product continues to comply with certification requirements, an audit of client facilities, or even a simple evaluation of products at the next scheduled certification renewal point without taking immediate action.
However, in the event that the scheme or scheme owner is silent on actions to be taken, the certification body is still required to take some action of their own choosing to verify implementation of the changes by the client. This could include (for example) an analysis of the changes to determine whether or not re-evaluation is necessary, with a record of this analysis being kept. If any action is necessary, as per clause 7.10.3, it shall be performed in accordance with the appropriate part of section 7 of the standard, with records kept of those activities as required by section 7.12.
CASCO, the ISO Committee responsible for issues relating to conformity assessment policies and standards, has indicated that it is permissible for a Certification Body to offer consulting services in certain situations so long as the risks to the CB’s impartiality are identified and shown to be eliminated or mitigated in such a manner as to show that the CB has erred on the side of caution.
A2LA’s expectations on these scenarios are as follows:
1) In the case where the CB’s parent company offers consulting on the types of products being certified, two situations exist:
1.A) Offering of consultancy on the product types the CB certifies to NON-CERTIFICATION CLIENTS – A2LA considers this to be a 100% risk to the CB’s impartiality which must be documented and eliminated, with supporting records of the identification, elimination, and ongoing monitoring of the risk. At a minimum, A2LA expects to see the CB document how it ensures that the consulting client does not become a certification client for the types of products certified by the CB. Additional elimination and mitigating actions are at the discretion of the CB, but due to the significant risk to impartiality such a scenario presents, this minimum threshold must be met for this situation.
1.B) Offering of consultancy on the product types the CB certifies to clients which are, or intend to be, certification clients – This situation is expressly prohibited under clause 4.2.6 of ISO/IEC 17065. It is inherent that the CB ensure that its parent company consulting division is aware of existing or likely certification clients to prevent this non-conforming situation from occurring.
2) In the case where the CB’s parent company offers consulting on product types that are NOT being certified, the CB must still document this clear risk to its impartiality, and provide evidence of elimination / mitigating actions to ensure that the CB’s impartiality is not compromised.
The ISO/IEC 17021-1 (2015) standard (for Management System Certification Bodies) offers more information on the concepts and principles of impartiality (for example, see ISO/IEC 17021-1 section 4, and clauses 5.2.7, 7.3, and 9.1.1.e), as well as potential ideas for mitigating risks to impartiality, that a Product Certification Body may wish to consider implementing or augmenting.
A2LA assessors will not expect that an ISO/IEC 17065 accredited Product Certification Body follow these 17021-1 requirements for mitigating risks, unless the certification scheme requires the CB to implement them. However, in all cases, the offering of consultancy of any kind by the CB and/or its parent company is an acknowledged risk to the certification body’s impartiality (however minimal that risk may be), and is expected to be identified and mitigated with supporting records. The Certification Body must err on the side of protecting its impartiality in all situations.
The certification scheme operated by my organization requires that we re-evaluate products on a four month cycle. Does the language in this clause mean that we only have to keep records for 8 months total, in order to meet the “current and previous” cycle requirments?
Clause 8.4.2 of the standard indicates that the Certification Body’s procedures for record retention must be consistent with any contractual and legal obligations. Those legal and contractual obligations would take precedence over the shorter retention cycle given in the example above.
Above and beyond any legal or scheme obligations for record retention, A2LA requires, as one of the Conditions and Criteria for Accreditation (A2LA R102 – Conditions for Accreditation, clause 4), that the accredited (or applicant) organization must keep copies of records for the entire time period between on-site assessments. Legal and scheme obligations may require longer retention periods, but under no circumstances may the Certification Body dispose of records in any shorter time period.
There is a defined minimum amount of information required in clause 7.8 which must be published or made available upon request even if the scheme is silent on this subject. This minimum is “information … about the validity of a given certification,” as outlined in the final sentence of this clause (e.g. by answering “Yes, that is a valid certification”).
The certification body may certainly go above and beyond the scheme in making information publicly available, but must meet the requirements in section 4.5 of ISO/IEC 17065 (confidentiality) in those instances.
The certification scheme our organization operates uses a certification mark for ongoing certification, but is completely silent on the actual surveillance actions to be taken. How is this to be handled so that we meet the requirements of clauses 7.9.1 and 7.9.3?
While Note 2 under clause 7.9.1 indicates that criteria and processes for surveillance are to be defined by the certification scheme, A2LA realizes that many schemes are not written (or have not been updated) sufficiently to address the needs of the certification body.
In the case of a certification scheme being silent on any of the requirements for surveillance (e.g. frequency of surveillance, actions to be taken, percentages of certified products to be reviewed, etc.), and assuming that the Scheme Owner does not respond with any objective instruction for the certification body, A2LA requires the certification body to clarify how the surveillance will be performed, using a process similar to that called out in clause 7.1.3 for creating explanations for certification requirements. This information is then also to be made publicly available (upon request) pursuant to clause 4.6.a, as it relates to the certification scheme(s) being operated by the certification body.
The certification body must, at a minimum, define the actions taken to establish appropriate surveillance activities related to the product (e.g. how many products will be included, how they are to be acquired/selected, etc.), define the frequency of surveillance activities (e.g. per calendar year, in the first quarter of every year, etc.), and define the requirements which the product must meet (e.g. the product must meet original certification requirements in order to continue certification). The examples given in this paragraph are not meant to be all-encompassing, but should be taken as guidance in considering how to address the needs of the certification body and the ISO/IEC 17065 standard.
Additional guidance can be found in ISO/IEC 17067 for surveillance activities. A2LA encourages the use of this International guidance document for Certification Bodies which need to define their own surveillance activities.
The “applicable requirements” that an external resource must meet shall be defined and documented, and are considered to fall under the following hierarchy:
- Requirements should be defined by the Certification Scheme;
- If the requirements are not defined in the scheme, the Certification Body should define what requirements are or are NOT applicable in their quality system, with justification on any omitted clauses of the relevant International Standard(s);
- If the CB and/or Scheme do not define the “applicable requirements,” an A2LA assessor will assume that all requirement in the relevant International Standard(s) are applicable.
The “applicable requirements” that an internal resource must meet shall be defined and documented, and are considered to fall under the following hierarchy:
- Requirements should be defined by the Certification Scheme;
- If the requirements are not defined in the scheme, the Certification Body should define what requirements are or are NOT applicable in their quality system, with justification on any omitted clauses of the relevant International Standard(s);
- If the CB and/or Scheme do not define the “applicable requirements,” an A2LA assessor will assume that all requirements in the relevant International Standard(s) are applicable.
For the purposes of A2LA accreditation, accredited Certification Bodies are required to own or have direct access to, and have under their document control system, current versions of the normative documents that are vital to maintaining their accreditation and to perform their certification activities.
These documents include (in addition to relevant regulations, standards and/or technical methods, etc.) ISO/IEC 17065:2012, general A2LA policy documents, and the specific A2LA program requirement documents relating directly to their field of accreditation. A2LA does not consider “terminology documents”, such as ISO/IEC 17000 and the VIM, to be normative documents that an organization must control within their system.
For example, a Telecommunications Certification Body (TCB) would be expected to possess (or have direct access to) and have under its document control system current versions of the following A2LA documents:
- R307 – General Requirements – Accreditation of ISO-IEC 17065 Product Certification Bodies
- R105 – Requirements When Making Reference to A2LA Accredited Status
- R102 – Conditions for Accreditation
- R308 – Specific Requirements – 17065 – Telecommunication Certification Body Accreditation Program
Furthermore, such a TCB would be expected to control copies of all test methods called out in the certification schemes
being operated, as well as copies of the schemes themselves.
A certification body’s initial internal audit schedule should show that internal audits will be performed once in a 12 month period (or show that one full audit will be performed over a rolling 12 month period).f the certification body feels that they need to initially schedule more frequent audits, or if the results of any audit show the need to schedule a subsequent audit sooner than 12 months, the certification body should not hesitate to adjust their schedule accordingly.
Regardless of the period or frequency defined, any changes to the schedule of the audits as well as the rationale behind the decisions to change, must be documented and kept under record control by the certification body.
Any changes to reduce the frequency (that is, make the time span between internal audits longer) must be supported by records that demonstrate ongoing stability and effectiveness of the management system.
A2LA cannot define what “timely and appropriate” means for its certification bodies. The intent of this clause is for the organization to take action as soon as they are able, in order to ensure that the organization’s quality system is running smoothly, and that the certifications being offered are not negatively impacted. An assessor may cite a deficiency if there is evidence that the quality system or offered certifications are being affected by lack of action on an internal audit finding. The certification body is still responsible for meeting all requirements related to corrective actions (section 8.7) and preventive actions (section 8.8) when acting upon their internal audit findings.
For purposes of this clause, A2LA determines a “legally enforceable agreement” to be any signed or sign-able record between the certification body and its client/customer which meets the requirements of clause 4.1.2.2, and which (as stated in 4.1.2.1) takes into account the responsibilities of the two parties in that agreement. This record can be known by any name, but is typically referred to as a “Contract” for ease of reference.
A2LA assessors will not be determining, nor can they be held responsible for, the legality of the certification body / client agreements. Their purpose is solely to find facts as to whether or not an agreement is in place which accounts for the responsibilities of the two parties and the client compliance requirements listed in clause 4.1.2.2.
A2LA does not specify what form a record must take that would offer justification for undertaking a new type of certification. However, the records must show that the Certification Body has performed an analysis of the new certification to be performed, and compared the requirements of the new certification against the existing experiences and competencies of its resources to perform similar certifications, as well as verifying that the certification body is capable of performing the certification activities required by the new certification being undertaken.
The justification records should be sufficiently detailed such that the assessor can reach the same conclusions that the certification body reaches with respect to moving forward with the new certification. An assessor may cite a deficiency if there is, in his or her opinion, insufficient information in the justification records for undertaking the new certifications, or supporting evidence that the certifications were improperly granted as a result of insufficient or improper justification.
The Certification Body is responsible for determining what “adequate” levels are with respect to having liability coverage arrangements. As exemplified in this clause, such arrangement can include (but are not limited to) insurance and cash reserves. A2LA assessors may raise questions about the adequacy of these arrangements and how the organization felt they arrived at an adequate level of coverage. Additionally, A2LA assessors may raise questions about coverage for certain aspects of certification activities which are normally excluded from insurance policies.