Do you happen to know if if these standards are applicable (or even necessary) for small operators? Those prices would be crippling for sole operators or for small providers - of which there are a lot in this field.
I don't, my feeling was that it hadn't been decided yet - the price is still going to be pretty steep for individuals &/or small labs, but the less people there are the cheaper & easier it will be - as Yunus says. My personal experience is more of ISO 27001, 20000 and 9001. You can pick up 9001 now for around £1500 for a 1-3 person organisation (
You might find it beneficial to get ISO9001 prior to 17025 as a way of reducing effort and cost … I wouldn't like to comment on how much it might save, but it would certainly be easier than starting from scratch !
As I said in my article ( wow - the arrogance ! ) shop around for your accreditor - there is movement in the market, although there aren't as many around in the UK as there are in the US I fear - so the rates tend to be closer - competition isn't rife yet ! Yunus - if you want to open a UK branch - now is the time to do it ! 😉
Azrael,
In regards to your cost break down, is the pre-assessment optional? In the US many of the ABs offer preassessment, but it is not a required step. Also, is the post assessment visit mandatory? I know in some cases it is needed, for example the equipment wasn't there when the assessor was there or the lab requested to add additional tests half way through the accreditation process, but we typically do not send people out for a second visit. Also, I believe there is only accreditation body per country in Europe correct? This may affect the price as well. In the US there are a few of us, so the prices are a bit smaller.
Also, one thing I would point out is that the management section (section 4) of ISO/IEC 17025 has the same requirements as ISO 9001, so it would be like paying twice for the same thing if a lab were to get registered to ISO 9001 and then later get accredited to ISO/IEC 17025. If a customer demands that the lab be ISO 9001 registered, then they may need to. But, in my experience, most customers prefer ISO/IEC 17025 once you explain to them that the management system section is the same as ISO 9001.
If a lab is starting from scratch (no quality manual or anything) then hiring a consultant may be a cheaper option. They can review your system (perform a preassessment) and make recommendations on how to write the quality system documents. Do to conflict of interest, an accreditation body can identify problems, but can't tell a lab how to fix them.
Another option would be to buy the standard (ISO 17025, 17020, 15189, etc) and go through each clause line by line asking themselves, "do I meet this requirement?" In this way, the lab can develop their own system and save money on a consultant and a preassessment.
Just a few thoughts,
Karin
In regards to your cost break down, is the pre-assessment optional? In the US many of the ABs offer preassessment, but it is not a required step.
It is optional, however, in the majority of cases it is optional with a very lower case o. The pre-assessment is effectively an assessment to highlight areas where you would fail in a real assessment - you either choose the pre-assessment, or, you trust that you have it all right and go straight for the real thing. Think of it like a mock exam - you get to learn all the areas that you need to brush up on without failing ! ( Incidentally, this is the one area that I have found people are willing to negotiate on - they'll do free pre-assessment days, so long as you sign up to the assessment, registration, re-certification etc. )
Also, is the post assessment visit mandatory? I know in some cases it is needed, for example the equipment wasn't there when the assessor was there or the lab requested to add additional tests half way through the accreditation process, but we typically do not send people out for a second visit.
It can be mandatory, it might not be required. As you say, it could be because something wasn't available for examination or perhaps because there is currently insufficient documentary evidence for a process that happens only periodically. ( Again, as an aside, I wouldn't look at certifying a lab that was starting from scratch in less than 6 months because of the requirements on sufficient documentary evidence of process - I don't think that a 3 month period is long enough. )
Also, I believe there is only accreditation body per country in Europe correct? This may affect the price as well. In the US there are a few of us, so the prices are a bit smaller.
There are several, but few. The European Union laws mean that effectively you can go with one from another country - the one I liked most was Danish.
Also, one thing I would point out is that the management section (section 4) of ISO/IEC 17025 has the same requirements as ISO 9001, so it would be like paying twice for the same thing if a lab were to get registered to ISO 9001 and then later get accredited to ISO/IEC 17025. If a customer demands that the lab be ISO 9001 registered, then they may need to. But, in my experience, most customers prefer ISO/IEC 17025 once you explain to them that the management system section is the same as ISO 9001.
You are spot on, this is true of 27001 and 20000 as well - because they are enhancements or refinements of 9001 - I've not calculated it, but I don't necessarily see it as paying twice - if it is cheaper and easier to comply with 9001 through a lower cost route, and then build on it to meet the additional requirements for 17025, then it might work out cheaper than trying to meet 17025 from scratch … I did say "might" rather than "will" !
If a lab is starting from scratch (no quality manual or anything) then hiring a consultant may be a cheaper option. They can review your system (perform a preassessment) and make recommendations on how to write the quality system documents. Do to conflict of interest, an accreditation body can identify problems, but can't tell a lab how to fix them.
Yep - I agree, and you can contact me on … -P ( Only joking people, I don't do 17025 )
A good consultant would remove a lot from that list - (s)he can do in house training, produce required documentation & evidence, do a pre-assessment and post-assessment mitigation etc. You end up paying her/him instead of your accreditation body - but you, as you say, get more value !
Another option would be to buy the standard (ISO 17025, 17020, 15189, etc) and go through each clause line by line asking themselves, "do I meet this requirement?" In this way, the lab can develop their own system and save money on a consultant and a preassessment.
Yes, they can, however at this point you start to rack up your staff costs instead … You'll still incur registration fees, assessment fees and possibly post-assessment fees but at this point you'd be getting closer to the $5000 that's been bounced around - ( £1200 registration + £2150 assessment should do it … ) - but your internal, "hidden" costs are significantly higher.
Kind Regards,
Azrael
Do you happen to know if if these standards are applicable (or even necessary) for small operators? Those prices would be crippling for sole operators or for small providers - of which there are a lot in this field.
I don't, my feeling was that it hadn't been decided yet - the price is still going to be pretty steep for individuals &/or small labs, but the less people there are the cheaper & easier it will be
Thanks - I think there is some consternation amongst individuals/small providers as no one seems to know if or when the ISO standards will be applicable. If they are applicable then the feeling is that the finances and resources necessary to achieve them could tip the balance between a viable business and one which is not; presumably not the desired effect!
Some other factors requiring clarification.
Firstly, what is the basis of civil 'liability' once Certification is granted
i) person (or will there be positive discrimination against this category to even get certification?)
ii) SME company
iii) Large company?
iv) Not necessarily incorporated?
v) Public sector?
Secondly, it would appear Simon Biles (Azrael) may have hit on to a concept that would be very useful to all, as opposed to a select number. He mentioned the ISO-9001 model costing £1500.00. Why has there not by not been widely promoted a mini version of ISO17020 and ISO17025 at £1500.00? At £1500.00 I would be more than happy to engage Simon Biles to come into my business and take me through the new requirements so as to be awarded Certification.
Thirdly, should it be made a 'Condition Precedent' recorded as a specific requirement to make it absolutely clear that such Certification does not qualify, nor does it provide qualification, that the person actually conducting scientific tests or interpreting the evidence is qualified to do so or that the tests performed are being done so correctly?
There is, to the best of my knowledge, no real alteration to liability - however in any given specific case, assuming you continue to perform according to your certification, you can at least argue that you are following industry best practice and it would strengthen your defence, at least insomuch as you'd be able to provide documentation to support your assertion !
Let me just clarify that the ISO9001 solution isn't provided by me at that rate…
If you follow the link in the article though you'll find someone who will. I can envisage though, should demand be great enough, that a similar solution will start to exist for other standards - ISO27001 would be a good one as well.
Your third point isn't strictly true though - given that these are all essentially "quality control" standards (albeit applied to specific areas) - there should be some level of assurance that the work meets certain quality criteria. However … As I understand it, these criteria are set by the organisation, not the certifying body - the criteria need to cover certain areas, but the assessment requirements are not defined.
I don't see a problem though in this being a publicly available document - so see no harm in requesting a copy from your provider for you to reassure yourself that they are meeting standards that you, as a consumer of the service, require.
Let me just clarify that the ISO9001 solution isn't provided by me at that rate…
Quality has its price! And rightly so.
I used Simon only as an analogy arising out of a concept from something he said about ISO-9001 and £1500.00. I do not know what you charge Simon and I wasn't suggesting you should work at that rate. I am saying if that was offered for single and small business that it would be attractive.
Jonathan you point out about "Quality has its price! And rightly so." But isn't there mix messages going on in this thread discussion? In earlier comments (generlly that is) the complaint was it was all too expensive for single and small business but now that isn't a problem anymore? Why?
With regards the Accreditation I do not see how it is possible to fully realise the goal - albeit it I see there are genuinely good intentions behind the roll out of this scheme.
- s69 PACE 1984 was repealed - so no longer any formal, upfront, overt statements on reliability (about the computer working properly) any longer. How will this scheme deal with this? It wont, it will merely side step the issue by implying it is covered because the company produced good paperwork.
- s129 CJA 2003 Category 3 is having to fight its cause because inexperience of those making statements to the courts have implied eg mobile phone evidence is generated by nothing more than simply plugging it in pressing a button and printing it out (Category 2). Yet we all know categorically know that is untrue. This is more akin to what could happen under the Accreditation scheme.
- If the *Judiciary are no longer interested in hearing about the scientific evidence what makes anyone think they will check any of the scientific or technical evidence at court. It will all be rubbered stamped because of this Accreditation Scheme. The lawyers wont be too bothered to argue on a subject they no little about and will rely on the Accreditation. It will all be rammed through using target based results as the argument (see R .v. C & H about lack of assessing risk of evidence)
*Quote from http//
"He said expert scientific evidence was not the "single silver bullet".
Lord Justice Leveson, who is the Senior Presiding Judge for England and Wales, said "It simply doesn't work like that".
He said there had been a huge increase in the use of expert witnesses, to the extent that they now "abound" in every field of law.
'Universal solution'
He went on "One problem with this increased use of expert evidence is that it could be tempting to think that experts are a panacea - a fixer, a universal solution to the evidence or lack of evidence in a particular case.
"Am I far fetched in wondering whether this view is more attributable in programmes like CSI?", he asked.
"There can be a temptation, certainly in the eyes of the public, to think there can be expert evidence to prove the essential point in a case to the extent that you don't need regular, old fashioned, normal witnesses anymore.
"And I fear that this has an impact on willingness to help the police to pursue their inquiries, 'DNA will do it', or whatever."
Exaggerating their evidence
Speaking at a conference of expert witnesses in London, the judge also hinted that some experts were exaggerating their evidence or straying into subjects in which they did not have specialist knowledge."
Thanks Greg, I didn't think that you were necessarily suggesting that - it just happened to be my first reading of it so I thought that I'd clarify before I got too many calls 😉
The trouble with any ISO standard is that the value isn't actually in the certification, rather what the organisational commitment is and the desire to do it well. One certification will be vastly different to another in terms of actual organisational impact - and that is my honest fear with the "enforced" certification of ISO 17025 - it will become a box ticking exercise that really misses the point of continual improvement, verification, quality control etc. It will also potentially create a false sense of security - "Oh, we're compliant, it must be allright" that avoids further work & controls.
You can see this typically in poor ISO27001 implementations, although there are ticks in all the boxes, the commitment, understanding and awareness of the real threats, risks and vulnerabilities are sadly very lacking …
Jonathan you point out about "Quality has its price! And rightly so." But isn't there mix messages going on in this thread discussion? In earlier comments (generlly that is) the complaint was it was all too expensive for single and small business but now that isn't a problem anymore? Why?
No mixed messages really, just maximising my revenue and minimising my costs.