Table 1. ISO/IEC 17025:2017's parts that relate to and drive LIMSpec requirements.
|
ISO/IEC 17025:2017 part(s)
|
Associated LIMSpec requirement
|
In plain terms ...
|
ISO/IEC 17025:2017 7.3.3
|
1.9 The system shall be able to define the collection and sampling details for registered samples or specimens, including container size and type, number of containers, collection date and time, temperature, name of the collector, lot number, storage location, preservation method, collection methods used (standard and nonstandard), sampling methods used, safety concerns, and retention period.
|
Complete capture of data and metadata about a registered sample: A laboratory can better comply with ISO/IEC 17025 requirements if the lab's LIMS allows the lab to completely capture the details of incoming samples or specimens (herein shortened to simply "sample"). There are numerous data and metadata aspects of sample or specimen collection, and the LIMS should be flexible enough to capture any necessary details as part of entry into the system.
|
ISO/IEC 17025:2017 7.4.2
|
1.13 The system shall assign each sample registered in the system a unique identifier using methodologies such as an ID with an incrementing integer or a user-defined naming format.
|
Unique sample identifiers: A laboratory can better comply with ISO/IEC 17025 requirements if the lab's LIMS allows a unique and perpetual identifier to be assigned to each sample, including any sub-samples collected from the main sample.
|
ISO/IEC 17025:2017 7.4.3
|
1.16 The system should provide a means to document any undesirable or unexpected characteristics of a submitted sample.
|
Free-form reception-based sample data: A laboratory can better comply with ISO/IEC 17025 requirements if the lab's LIMS allows an authorized user to enter free-form data as it relates to a registered sample, including the state of the sample upon arrival and what, if anything, was wrong with the sample when received.
|
ISO/IEC 17025:2017 7.4.2
|
2.8 The system should allow for the accurate identification of a physical sample or specimen in the system via barcode or RFID technology.
|
Barcode and RFID support: A laboratory can better comply with ISO/IEC 17025 requirements if the lab's LIMS provides a means of issuing a unique barcode or some other scannable identifier—typically for improving automation or workflows—to a sample or sub-sample, all while linking the complete sample record to that barcode or scannable identifier such that it can be reviewed upon scanning by an authorized individual or acted upon by an automated system.
|
ISO/IEC 17025:2017 7.7.2
|
2.11 The system shall allow samples, specimens, and tests to be created and used specifically for capturing data related to unique forms of sampling and testing such as representative sampling, calibration testing, quality control testing, preventative maintenance testing, stability testing, sterility testing, remediated testing, compatibility testing, identity testing, proficiency testing, and service-event-related testing.
|
Support a sufficiently wide selection of unique sampling and analytical test methods: A laboratory can better comply with ISO/IEC 17025 requirements if the lab's LIMS is flexible enough to support, at a bare minimum, a wide variety of sampling and test methods, particularly those mandated by standards and regulations. More optimally, the LIMS will come preconfigured to a wide array of sampling and test methods, while allowing authorized users to easily and efficiently add new sampling and test methods to meet regulatory and laboratory business goals.
|
ISO/IEC 17025:2017 6.2.6 ISO/IEC 17025:2017 7.7.1 ISO/IEC 17025:2017 7.8.1.1
|
4.4 The system shall provide one or more levels of review, as well as interpretation and documentation of results—whether entered manually or via an automated process—before release.
|
Multi-level review of test results: A laboratory can better comply with ISO/IEC 17025 requirements if the lab's LIMS can programmatically require an analytical test result to be held in the system, unable to move on through the workflow, until one or more levels of review and approval have been made, whether it be by authorized human or automated process.
|
ISO/IEC 17025:2017 7.5.1 ISO/IEC 17025:2017 7.8.1.1 ISO/IEC 17025:2017 7.8.2.1 ISO/IEC 17025:2017 7.8.3.1
|
6.5 The system shall substantiate the status of verified results by using tools like a certificate of analysis, which shall include details like unique identifiers; analysis procedures used; reference intervals; environmental conditions; who provided the results; additional comments, opinions, and interpretations and who provided them; and applicable times and dates.
|
Support for certificates of analysis or similar verification documents: A laboratory can better comply with ISO/IEC 17025 requirements if the lab's LIMS is pre-configured to build out certificates of analysis (COAs) and other results verification documents. The COA and other verification documents will ideally be populated with data and metadata relevant to meeting specific industry or regulatory needs, in a format that is consistent and legally durable for its recipient.
|
ISO/IEC 17025:2017 7.8.8
|
6.9 The system shall clearly identify a changed, amended, or re-issued report as being such, and clearly identify any change of information and reason for change in such a report.
|
|
ISO/IEC 17025:2017 5.3 ISO/IEC 17025:2017 5.5 ISO/IEC 17025:2017 8.3.2
|
7.1 The system shall be capable of creating, managing, and securely holding a variety of document types, while also allowing for the review and approval of those documents using version and release controls.
|
|
ISO/IEC 17025:2017 (throughout)
|
7.2 The system shall have the ability to readily provide authorized access to electronic documents such as standard operating procedures, quality manuals, laboratory management plans, instrument manuals, employee medical records, material safety data sheets, information exchange agreements, confidentiality agreements, and other applicable documents to designated personnel and officials.
|
|
ISO/IEC 17025:2017 7.5.2 ISO/IEC 17025:2017 8.3.2
|
7.3 The system shall be able to clearly provide the most current version of a document and archive prior versions.
|
|
ISO/IEC 17025:2017 6.5 ISO/IEC 17025:2017 7.2.1.3 ISO/IEC 17025:2017 7.3.1–2
|
7.5 The system shall allow the creation, approval, rejection, and management of sampling and test methods performed at the laboratory, capturing details about the test method, method reference, specifications, assigned limits, holding times, etc. as required by a reference method or regulation.
|
|
ISO/IEC 17025:2017 6.2.6 ISO/IEC 17025:2017 7.2.2.1 ISO/IEC 17025:2017 7.2.2.4
|
7.6 The system shall provide a means for recording validation information for modified existing or new in-house test methods, either as a method itself or through some other means. Validation information such as procedures used, specifications, performance characteristics, and results obtained shall be allowed as input.
|
|
ISO/IEC 17025:2017 6.2.2 ISO/IEC 17025:2017 6.2.3 ISO/IEC 17025:2017 6.2.5 ISO/IEC 17025:2017 6.2.6
|
7.7 The system shall maintain training and certification records for personnel and allow the assignment of available training paths and certifications to specific personnel, such that only trained, certified, and experienced personnel are able to perform assigned tasks.
|
|
ISO/IEC 17025:2017 8.3.2
|
7.10 The system shall be capable of uniquely identifying documents created in and added to the system.
|
|
ISO/IEC 17025:2017 7.9
|
8.2 The system shall allow authorized personnel to document complaints and problems reported to the laboratory or production facility.
|
|
ISO/IEC 17025:2017 6.2.2 ISO/IEC 17025:2017 6.2.3 ISO/IEC 17025:2017 6.2.5 ISO/IEC 17025:2017 6.2.6
|
8.8 The system shall map available system tasks (such as approved test methods) or sample types (such as select agents and toxins) to available training paths and certifications, such that only trained, certified, and experienced personnel are able to perform assigned tasks.
|
|
ISO/IEC 17025:2017 6.4.7 ISO/IEC 17025:2017 6.4.8
|
10.7 The system shall allow for the configuration of calibration and maintenance frequency and time frames for—as well as the manual and automatic scheduling of calibration or maintenance of—equipment, instruments, and systems. Available intervals should include days, weeks, months, and years.
|
|
ISO/IEC 17025:2017 6.4.4 ISO/IEC 17025:2017 6.4.9
|
10.9 The system shall clearly identify any instrument that is out-of-calibration, beyond its preventative maintenance due date, or under investigation and prevent it from being selected for use.
|
|
ISO/IEC 17025:2017 6.4.8
|
10.10 The system shall be able to show all instances of scheduled calibration, preventative maintenance, and service dates for an instrument.
|
|
ISO/IEC 17025:2017 6.4.13 ISO/IEC 17025:2017 6.5
|
10.11 The system shall be able to link a calibration activity to certified reference material or designated measurement processes.
|
|
ISO/IEC 17025:2017 6.4.8 ISO/IEC 17025:2017 6.4.13
|
10.13 The system shall be able to uniquely identify each instrument and any associated components and maintain that and other information—such as manufacturer, model number, serial number, and calibration and maintenance history—within the system.
|
|
ISO/IEC 17025:2017 6.4.4–5 ISO/IEC 17025:2017 6.4.13
|
10.15 The system shall be capable of chronologically logging details for scheduled and unscheduled calibration and maintenance activities for each instrument, including calibration status, calibration standard, date and time of calibration or maintenance, work performed, who conducted it, and signatures of those verifying the completed activities.
|
|
ISO/IEC 17025:2017 7.2.1.7 ISO/IEC 17025:2017 7.2.2.1 ISO/IEC 17025:2017 7.10.2 ISO/IEC 17025:2017 8.7
|
16.3 The system shall be able to record instances of identified nonconformance and method deviation, as well as the actions required to restore the process to conformity. In the case of a planned deviation, the system shall require documentation, justification, proof of validation, adjusted reference intervals, and authorization for the deviated process.
|
|
ISO/IEC 17025:2017 7.7.1
|
18.1 The system should allow authorized users to configure the generation of statistical trending and control charts.
|
|
ISO/IEC 17025:2017 8.8.2
|
19.7 The system shall allow for the documentation and management of internal and external audit activities, while allowing samples, methods, tests, results, reports, documents, and more to be clearly associated with that corresponding audit activity.
|
|
ISO/IEC 17025:2017 8.4.2
|
27.3 The system shall provide a means to choose—based on date and type of data—electronic data and metadata to archive.
|
|
ISO/IEC 17025:2017 8.4.2
|
27.4 The system shall provide a guaranteed means to retrieve and restore archived data and metadata that is readable and accurate.
|
|
ISO/IEC 17025:2017 8.4.2
|
27.11 The system’s data storage tools shall provide data backup and retrieval functions that meet or exceed industry best practices, including producing exact and complete backups that are secure and encrypted from manipulation and loss.
|
|
ISO/IEC 17025:2017 6.3.3 ISO/IEC 17025:2017 6.3.4
|
30.9 The system should allow for other types of facility monitoring (such as alarm, light, lock, and door statuses) and send notifications when necessary with recommendations for immediate and corrective action. The system should also maintain a log of all such monitored systems and their status changes.
|
|
ISO/IEC 17025:2017 6.3.3 ISO/IEC 17025:2017 6.3.4 ISO/IEC 17025:2017 7.4.4
|
30.11 The system should allow for environmental control and monitoring of equipment (such as incubators and freezers) and send notifications when necessary with recommendations for immediate and corrective action. The system should also maintain a log of all such monitored equipment and their associated status changes.
|
|
ISO/IEC 17025:2017 8.4.2
|
31.4 The system shall have a mechanism to securely retain data in the system for a specific time period and enable protections that ensure the accurate and ready retrieval of that data throughout the records retention period.
|
|
ISO/IEC 17025:2017 4.2.1 ISO/IEC 17025:2017 7.11.3
|
32.22 The system shall provide a security interface usable across all modules of the system that secures data and operations and prevents unauthorized access to data and functions.
|
|
ISO/IEC 17025:2017 7.11.5
|
33.4 The system should be well documented by the vendor in comprehensive training material for all aspects of system use, including administration, operation, and troubleshooting.
|
|
ISO/IEC 17025:2017 7.11.2
|
33.5 The system shall be validated initially and periodically, with those validation activities being documented, to ensure the accuracy, consistency, and reliability of system performance and its electronic records.
|
|
ISO/IEC 17025:2017 7.8.7.1 ISO/IEC 17025:2017 7.11.3 ISO/IEC 17025:2017 8.3.2
|
34.4 The system shall support the ability to define, record, and change the level of access for individual users to system groups, roles, machines, processes, and objects based on their responsibilities, including when those responsibilities change. The system should be able to provide a list of individuals assigned to a given system group, role, machine, process, or object.
|
|
ISO/IEC 17025:2017 7.11.3
|
34.7 The vendor shall restrict logical access to database storage components to authorized individuals. If providing a hosted service, the vendor should also restrict physical access to database storage components to authorized individuals. (In the case of an on-site solution, the buyer is responsible for limiting physical access to database storage components to meet 21 CFR Part 11, HIPAA, and CJIS guidelines.)
|
|