Common pitfalls in ISO/IEC 17025 assessments - and how to avoid them
How to avoid common nonconformities in your ISO/IEC 17025 UKAS assessment
ISO/IEC 17025 is the international standard that details general requirements for the competence of testing and calibration laboratories. It defines the requirements that laboratories must comply with to demonstrate their ability to produce valid and reliable results. In achieving accreditation to international standards, organisations can build confidence in the validity of results, maintain trust across supply chains, and show stakeholders that the laboratory operates to the highest internationally recognised standards. Accreditation involves a rigorous assessment process by impartial experts who evaluate technical competence by observing procedures, interviewing staff, and reviewing documentation to ensure the laboratory meets the requirements of the ISO/IEC 17025 standard.
Many laboratories underestimate the demands of ISO/IEC 17025 or assume that their long-standing procedures already meet requirements. But the standard is continually evolving, and so are best practices in laboratory management, equipment maintenance, risk management, and staff competence. Even experienced laboratories can struggle to keep pace, and many fall into the same avoidable pitfalls. This guide highlights those common pitfalls, explains why they can happen, and offers advice on how to avoid them, so your laboratory can approach accreditation with confidence.
By becoming a UKAS accredited laboratory, you demonstrate not only competence but also integrity, traceability, and commitment to continual improvement. Accreditation is a statement to your customers that you take quality seriously – and avoiding these pitfalls will help you get there.
Many laboratories can have a large turnover of staff over time this can dilute the understanding of the standard requirements by the staff that are responsible for the maintenance of the quality management system and technical procedures within the laboratory. Often, understanding of the standard is concentrated among senior staff while technicians and junior employees are unclear on its relevance to their roles. Lack of clear communication, insufficient training, and failure to periodically review processes contribute to this gap.
Example
A laboratory’s procedures have been updated by personnel that are new to the organisation and accreditation requirements and the procedures were deviating with regards to compliance with the standard. During assessment, staff explained that the processes were updated to streamline the business, and they were not made aware of the standard requirements for some aspects including impartiality and risk-based thinking
How to avoid
Provide regular, targeted training on the current standard for all staff.
Assign responsibility for monitoring and communicating updates.
Include discussions on compliance during reviews and team meetings.
Suitable training can ensure the correct messages regarding the standard are communicated to staff.
Internal audits and management reviews are often treated as task that must be completed rather than an opportunity to improve, with audits relying on outdated checklists and reviews focusing only on confirming compliance rather than identifying improvements. Auditors may neglect to observe processes or speak with staff due to minimal audit training, and reviews may fail to fully analyse trends, customer feedback, or risk data. Without thoughtful input and structured follow-up, these processes lose their value.
Example
An internal audit reused the same checklist year after year, and there is very little change in the reporting due to a “tick list approach”, this overlooks observation of processes being implemented. Management reviews concluded the system was “performing as required” without fully examining trends, risks, or improvement actions and acting on them.
How to avoid
Create a culture that treats audits and reviews as opportunities to identify weaknesses and improve.
Train auditors to ask probing questions and observe processes directly. The UKAS Academy Lab Internal Audit course can
Use meaningful data, customer feedback, and risk assessments to inform decisions.
Laboratories will often treat control of documentation as an administrative task rather than a critical element of their management system. Staff may keep informal records, allow obsolete documents to persist, or fail to track changes and approvals properly. This undermines traceability and effectiveness of the documented systems and will ultimately lead to improvements being required following assessment.
Example
An assessor found outdated test methods in use even though the current scope detailed the new versions. This led to incorrect specifications being used across the testing area and incorrect specification limits being reported to the customer.
How to avoid
Ensure only controlled, current documents are in use.
Audit records regularly for completeness and version control.
Train staff in the purpose and importance of documentation.
When job roles are vague and training inconsistent, staff may not fully understand their responsibilities or the impact of their actions on compliance. Temporary staff and new hires are especially at risk if they lack induction and ongoing evaluation. Without feedback and supervision, even experienced staff can develop bad habits.
Example
A laboratory assigned critical testing to a temporary technician with minimal checks on their competence with poor supervision, resulting in errors.
How to avoid
Clearly define and communicate roles and responsibilities.
Maintain up-to-date competence records for all staff.
Create a culture of openness where questions and feedback are encouraged.
Many laboratory investigations do not fully get to the root cause of the problems, for example they often identify “human error,” without looking deeper into systemic causes such as unclear procedures, poor training, or resource constraints. A lack of familiarity with root cause analysis tools and pressure to resolve issues quickly can lead to superficial fixes.
Example
After a technician made a mistake in recording some information, the laboratory identified this as human error with action put in place to remind the technician to take more care. If investigated further it would have been identified that there were extreme time pressures to complete the analysis and they didn’t have time to complete the checks that should have been done.
How to avoid
Use structured root cause analysis methods like 5 Whys or fishbone diagrams.
Address systemic issues rather than assigning blame.
Follow up corrective actions to ensure they are effective.
Some labs see risk management as a compliance exercise instead of an ongoing practice. Risks to impartiality, validity, and reliability are often overlooked, especially if staff fail to consider environmental, technical, and operational factors. Risk registers can become outdated and forgotten.
Example
A laboratory moved into a new facility but this was not included in the risk register in relation to the testing to be undertaken. As risks were not identified,aspects related to temperature control and humidity were not checked, leading to invalid results.
How to avoid
Identify and assess risks regularly.
Update risk assessments when processes, equipment, or personnel change.
Develop mitigation plans and review them periodically.
Laboratories sometimes don’t consider the criticality of the external supplies, and this can lead to a lack of formal verification. Without clear criteria, monitoring, and documentation, poor-quality subcontracted services can compromise results. Cost-driven decisions exacerbate the risk.
Example
A lab used an unaccredited calibration service as they deemed the service and not critical to the testing being undertaken, this was not the case and led to errors that invalidated results, damaging client trust.
How to avoid
Define criteria for approving all suppliers.
Monitor and review supplier performance regularly.
Keep records of evaluations and corrective actions.
Staff under time pressure or lacking clear instruction may omit critical details – such as operator identity, environmental conditions from records, or they may fail to check records before submission. Incomplete records undermine traceability and can cast doubt on the results reported.
Example
An assessor found raw data records missing operator names, environmental data, and uncertainty calculations. This meant that there was a lack of traceability as to the provenance of the data and a lack of compliance with requirements.
How to avoid
Specify clearly what information must be recorded and allow appropriate time for the activity.
Train staff to complete records fully and accurately.
Audit records regularly for completeness and quality.
Assess your laboratory’s readiness for ISO/IEC 17025 accreditation.
In addition to the guidance in this document, we recommend using the UKAS Academy’s free readiness assessment tool. This quick, structured diagnostic helps you evaluate your current processes against the standard’s key requirements and highlights priority areas for improvement.
By addressing these pitfalls, laboratories can strengthen readiness, reduce findings, and improve credibility. Accreditation is not just about passing an assessment – it is about embedding a culture of competence, trust, and continual improvement.
