5 Principles of Corrective Actions for Non-conformances Found During ISO/IEC 17025 Audit

The ISO/IEC 17025 Standard is a global standard that starts with standards for testing and calibration laboratories competence. The International Organization of Standardization (ISO) first issued the standard in 1999, also with aim of getting product testing labs all around the world coordinate. The latest version that is applicable for testing and calibration laboratories is ISO/IEC 17025:2017 introduced by ISO in 2017.

During ISO/IEC 17025 Accreditation audits, there are one or many non-conformances found by auditors. It needs to be taken corrective actions against such non-conformities. While taking corrective actions against such non-conformances, the following are the key principle that needs to be followed and kept in mind for any management personnel.

Principle 1. Not all non-conformances need corrective action: A correction is a corrective activity taken to regulate and fix a non-conformance in the short term. Every non-conformance would receive a correction. For many laboratories, deciding whether rectification alone is sufficient seems to be a challenge.

Application:

Never overlook an occurrence, even if simply a correction is required. Keep a record of it and keep an eye on it for any recurrences or changes in the risk level.

After a correction, two basic reactive circumstances require corrective action:

When the non-conformance evaluation suggests that it is likely to happen again.

When there is a question concerning whether the laboratory's operations are compliant with its management system. For example, a lack of competency to satisfy ISO 17025 requirements or variance in the quality of operations.

Principle 2. A processing method and root cause analysis are both proactive and reactive tools.

Interlinking a process approach, proactive (risk), and reactive (corrective action) operations will enhance laboratories.

Application:

Processes should be well-understood and mapped, with each step's known inputs and desired outcomes. A laboratory should anticipate risks ahead of time and implement controls to decrease the likelihood of a nonconforming event to a manageable level.

Those who are only familiar with utilizing the fishbone diagram for root cause analysis should know that it (along with other cause-and-effect tools) can also be used to assess risk. Using current process expertise, the reasons are the same.

Standardized processes, procedures, documentation, and monitoring should all be part of a well-established management system to protect against unintended deviations (when something does not go as planned) or shortcomings (gaps). However, due to the intricacy of laboratory operations, there will always be a possibility of nonconforming events.

Principle 3. Non-conformances are hazards that have occurred.

A risk assessment is a very useful tool for evaluating nonconforming incidents. Non-conformance is divided into two categories: those identified as a risk before the current nonconformity and documented in the risk register, and those identified after the current nonconformity as a risk and registered in the risk register. Those who have not been identified as a risk and have not been entered into the ISO 17025 documentsfor the risk records.

Application:

Consider why the issue was not discovered and record it in the register. Review the process stages and prior analysis if it was found. Indicate in the register that the risk levels will be reassessed after the agreed-upon corrective action because of a nonconformance.

Principle 4. The cause is seldom a singular problem leading to a singular corrective action.

A nonconformance is frequently the result of a series of events. There is a higher chance of unsuccessful corrective action if a laboratory approaches cause analysis by hunting for a single root cause. The root should be regarded as a system rather than a single correct answer. Several contributory (causal) elements may be discovered throughout the evaluation.

Application:

Take the following procedures to address the affected laboratory activity and system:

Think about the steps and sequence of occurrences (what, who, when, how).

Identify various potential cause factors by looking for missing best practices or deviations from existing controls.

Using existing knowledge, determine the root cause of each of the factors - what caused that factor to have an effect.

Consider a variety of options for changing or introducing behaviours, actions, or conditions.

Choose the best options while keeping in mind the available resources and risk tolerance. These are the answers that are most likely to have a positive impact and influence, as well as reduce the chances of a repeat occurrence.

Principle 5. Monitoring and trend evaluation drive enhancement.

Application:

Because risks are not static, actions must be monitored, and risks should be adjusted following audits, client and employee input, and management evaluations. Keep an eye out for trends and changes in risk levels. For example, if many nonconformance were previously identified as risks but still happened, it may signal that controls need to be improved.

Iso 13485:2016 Medical Devices Quality Management System