What to expect when you’re expecting….a NATA audit
So you’re facing a NATA audit and it’s being done to the new 17025. You’ve probably read various bits and pieces online that have given you an idea about the significant changes. An ISO 9001-friendly structure, new emphasis on impartiality, confidentiality and customer complaints, decision rules, and a lot of stuff about risk management.
A few years ago, inspection bodies were going through their transition to a new standard. It involved a lot of the same changes. I was auditing these facilities during that time, and I want to share from my experience some of the questions that I was asking. I hope it will get you thinking about what to expect at your transition audit.
Does your 9001 certification cover the scope of your accredited work?
I’ve come across some departments in large companies that think they are working under an ISO 9001 certified system, but what they do is actually not listed on the scope on the ISO 9001 certificate.
Or the location isn’t listed and therefore not covered by the certification.
Or there was some other technicality that means NATA had to audit the quality system in its entirety.
It might be something you can sort out easily with your ISO 9001 certification provider before NATA comes in for your assessment… check!
Have you anticipated what threats to impartiality your staff may encounter in their work?
Part of the philosophy of the new ISO 17025 standard is about getting labs to consider risks in a proactive way. Be prepared to talk about risks to impartiality at higher levels. These might be issues such as ownership and governance.
The other activities your organisation undertakes could potentially impact impartiality. There’s also risks from conflicts of interest at a personal level such as relationships staff have with clients.
Remember that nobody is accusing you of doing anything wrong! You just have to demonstrate that you have thought about potential threats to impartiality. You’ll also need to explain what you have put in place to mitigate the risks. Also, how do you review these risks on an on-going basis?
How do you ensure outcomes of customer complaints are independently reviewed if you are a 1-2 person lab?
There’s a whole new requirement for complaints. Someone independent of the testing relating to the complaint must have determined or reviewed it.
If you’re a small lab, this might be tricky! Maybe there’s someone suitable in another department, or even external to the organisation.
What if the complaint is of a technical nature? Do you need to have access to someone who can review the technical aspects of the investigation?
And the big one: What do you have in place to identify and manage risks?
You don’t need to have a formal risk management procedure in place nor do you need to carry out complex risk assessments. However, you will have to demonstrate how you’ve thought about risks in the context of your lab’s result output. Then you’ll have to explain what you’ve done to eliminate or mitigate the identified risks.
If you’re thinking its a few changes in wording in your quality manual and procedures… well, you could get away with that I suppose. But you’re going to struggle answering difficult questions at your next audit. More importantly, you are going to miss opportunities to make real improvements.
Be prepared for the many subtle and not-so-subtle changes in ISO 17025 by engaging a professional.
- Perform a gap analysis of your systems to identify what changes you will have to make to comply to the new standard
- Help you interpret changes within the context of your industry and lab
- Help you implement changes
- Train staff in the new standard and your new policies/procedures
- Prepare for and even attend your NATA ISO 17025 transition audit
- Help address nonconformances identified by NATA at your transition audit.
Remember, you don’t have to do this alone!