As state cannabis regulatory frameworks across the country continue to evolve, accreditation is becoming increasingly important. Because it provides consistent, turnkey standards and third-party verification, accreditation is quickly emerging as an important tool for regulators. For cannabis testing laboratories, this trend has been especially pronounced with the increasing number of states that require accreditation to ISO/IEC 17025.

As of 2017 there were nearly 68,000 laboratories accredited to ISO/IEC 17025, making it the single most important benchmark for testing laboratories around the world. ISO/IEC 17025:2005 specifies the general requirements for the competence to carry out tests including sampling. It covers testing performed using standard methods, non-standard methods and laboratory-developed methods. It is applicable to all organizations performing tests including cannabis labs. The standard is applicable to all labs regardless of the number of personnel or the extent of the scope of testing activities. Developed to promote confidence in the operation of laboratories, the standard is now being used as a key prerequisite to operate as a cannabis lab in many states.

There are currently 26 states in the United States (also Canada) that require medical or adult-use cannabis to be tested as of February 2019. Of those states, 18 require cannabis testing laboratories to be accredited – with the vast majority requiring ISO/IEC 17025 accreditation. States that require testing laboratories to attain ISO/IEC 17025 accreditation represent some of the largest and most sophisticated cannabis regulatory structures in the country, including California, Colorado, Maryland, Massachusetts, Michigan, Nevada and Ohio. As a consequence, many cannabis testing laboratories are taking note of recent changes to ISO/IEC 17025 standards.

ISO/IEC 17025 was first issued in 1999 by the International Organization for Standardization. The standard was updated in 2005, and again in 2017. The most recent update keeps many of the legacy standards from 2005, but adds several components – specifically requirements for impartiality, risk assessment and assessing measurement uncertainty. The remainder of this article takes a deeper dive into these three areas of ISO/IEC 17025, and what that means for cannabis testing laboratories.Objectivity is the absence or resolution of conflicts of interest to prevent adverse influence on laboratory activities.

Impartiality

ISO/IEC 17025:2005 touched on an impartiality requirement, but only briefly. The previous standard required laboratories that belonged to organizations performing activities other than testing and/or calibration to identify potential conflicts of interest for personnel involved with testing or calibration. It further required that laboratories had policies and procedures to avoid impartiality, though that requirement was quite vague.

ISO/IEC17025:2017 emphasizes the importance of impartiality and establishes strict requirements. Under the new standard, labs are responsible for conducting laboratory activities impartially and must structure and manage all laboratory activities to prevent commercial, financial or other operational pressures from undermining impartiality. The definitions section of the standard defines impartiality as the “presence of objectivity.” Objectivity is the absence or resolution of conflicts of interest to prevent adverse influence on laboratory activities. For further elaboration, the standard provides similar terms that also convey the meaning of impartiality: lack of prejudice, neutrality, balance, fairness, open-mindedness, even-handedness, detachment, freedom from conflicts of interest and freedom from bias.

To comply with the new standard, all personnel that could influence laboratory activities must act impartially. ISO/IEC 17025:2017 also requires that laboratory management demonstrate a commitment to impartiality. However, the standard is silent on how labs must demonstrate such commitment. As a starting point, some cannabis laboratories have incorporated statements emphasizing impartiality into their employee handbooks and requiring management and employee training on identifying and avoiding conflicts of interest.

Risk Assessment

Both the 2005 and 2017 versions contain management system requirements. A major update to this is the requirement in ISO/IEC 17025:2017 that laboratory management systems incorporate actions to address risks and opportunities. The new risk-based thinking in the 2017 version reduces prescriptive requirements and incorporates performance-based requirements.

Under ISO/IEC 17025:2017, laboratories must consider risks and opportunities associated with conducting laboratory activities. This analysis includes measures that ensure that:

The lab’s management system is successful;

The lab has policies to increase opportunities to achieve its goals and purpose;

The lab has taken steps to prevent or reduce undesired consequences and potential failures; and

The lab is achieving overall improvement.

Labs must be able to demonstrate how they prevent or mitigate any risks to impartiality that they identify.To comply with ISO/IEC 17025:2017, labs must plan and implement actions to address identified risks and opportunities into management systems. They must also measure the effectiveness of such actions. Importantly, the standard requires that the extent of risk assessments must be proportional to the impact a given risk may have on the validity of the laboratory’s test results.

ISO/IEC 17025:2017 does not require that labs document a formal risk management process, though labs have discretion to develop more extensive methods and processes if desired. To meet the requirements of the standard, actions to address risks can include sharing the risk, retaining the risk by informed decision, eliminating the risk source, pinpointing and avoiding threats, taking risks in order to pursue an opportunity, and changing the likelihood or consequence of the risk.

ISO/IEC 17025:2017 references “risks” generally throughout most of the standard. However, it specifically addresses risks to a laboratory’s impartiality in section 4.1. Note, the new standard requires that labs must not only conduct activities impartially, but also actively identify risks to their impartiality. This requirement is on-going, not annually or bi-annually. Risks to impartiality include risks arising from laboratory activities, from laboratory relationships, or from relationships of laboratory personnel. Relationships based on ownership, governance, shared resources, contracts, finances, marketing, management, personnel and payment of a sales commission or other inducements to perform under pressure can threaten a laboratory’s impartiality. Labs must be able to demonstrate how they prevent or mitigate any risks to impartiality that they identify.

Assessing Measurement Uncertainty With Decision Rules

ISO/IEC 17025:2005 required (only where necessary and relevant) test result reports to include a statement of compliance/non-compliance with specifications and to identify which clauses of the specification were met or not met. Such statements were required to take into account measurement uncertainty and if measurement results and uncertainties were omitted from the statement, the lab was required to record and maintain the results for future reference.

ISO/IEC 17025:2017 requires similar statements of conformity with an added “decision rule” element. When statements of conformity to a specification or standard are provided, labs must record the decision rule it uses and consider the level of risk the decision rule will have on recording false positive or negative test results. Like the 2005 version, labs must include statements of conformity in test result reports (only if necessary and relevant- see 5.10.3.1 (b)). Now, test result reports on statements of conformity must include the decision rule that was employed.

Moving Forward

Because many states require ISO/IEC 17025 accreditation for licensing, cannabis testing labs across the country would be well advised to closely monitor the implications of changes in ISO/IEC 17025:2017 related to impartiality, risk assessment and measurement uncertainty. If you run a cannabis testing lab, the best way to ensure compliance is education, and the best place to learn more about the new requirements is from a globally recognized accreditation body, especially if it is a signatory to the International Laboratory Accreditation Cooperation (ILAC) for testing laboratories, calibration laboratories and inspection agencies.

References

Facts & Figures

ISO/IEC 17025:2005: General requirements for the competence of testing and calibration laboratories

ISO/IEC 17025:2017: General requirements for the competence of testing and calibration laboratories