Diagnosis of clause of ISO/IEC 17025:2017, “Actions to address the risk and opportunity (Option A)” ~ Part-2
Here with furnishing clause 8.5.2 and 8.5.3 in this part-2
Before going for diagnosis of clause, it is suggested to read the clause in full without understanding the words and line by line.
8.5.2 The laboratory shall plan:
a) Actions to address these risks and opportunities;
b) how to:
— integrate and implement these actions into its management system;
— evaluate the effectiveness of these actions.
8.5.3 Actions taken to address risks and opportunities shall be proportional to the potential impact on the validity of laboratory results.
NOTE 1 Options to address risks can include identifying and avoiding threats, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.
NOTE 2 Opportunities can lead to expanding the scope of the laboratory activities, addressing new customers, using new technology and other possibilities to address customer needs.
To address this clause first check NOTE under clause 8.5.2,
Diagnosis-1: So, at first instant we find that NOTE states, there is no requirement for formal method and documented procedure.
But next, it state that, laboratories can decide whether or not to develop a more extensive risk management methodology than is required by this document, e.g. through the application of other guidance or standards.
Diagnosis-2: Here we have to refer other guidance and standards and so suggested for various tools like SWOT analysis, PESTEL and standards like ISO 31000 and ISO9001:2015.
Diagnosis-3: Actions to address these risks and opportunities; integrate and implement these actions into its management system and to evaluate the effectiveness of these actions, this all requirement to be fulfilled with use of and maintaining a “Risk Register”
In this risk register, identify risk and write detailed description of risk and “Risk Factor (RF)” is calculated as product of Probability (P) and Impact (I) of that risk.
If RF found to be on higher side (the RF set will be vary from organization to organization) then take control measure on the basis of,
- What is in place to prevent, detect and mitigate risk?
- Carried out the Risk Treatment(s) on basis of category as avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing likelihood and consequence, share risk source and retaining the risk by informed decision.[Ref Note1].
This before and after calculated “Risk Factor”, use to compare and evaluate the effectiveness of the actions taken.
The clause wise various risk mentioned in the standard may be address through risk register and for reference, clause and content in brief detailed as below:
4.1.4 The laboratory shall identify risks to its impartiality on an on-going basis.
4.1.5 If a risk to impartiality is identified, the laboratory shall be able to demonstrate how it eliminates or minimizes such risk.
22.214.171.124 When a statement of conformity to a specification or standard is provided, the laboratory shall document the decision rule employed, taking into account the level of risk (such as false accept and false reject and statistical assumptions) associated with the decision rule employed, and apply the decision rule.
7.10.1 b) actions (including halting or repeating of work and withholding of reports, as necessary) are based upon the risk levels established by the laboratory
Reference source: ISO/IEC 17025:17