In some states, cannabis testing facilities must undergo a third-party audit as a condition for obtaining their license. This may involve obtaining an ISO/IEC 17025 accreditation, which requires an evaluation from a qualified auditor. Alternatively, some laboratories may undergo a voluntary audit in certain regions to showcase their competency.
ISO/IEC 17025 is a widely acknowledged global benchmark for the expertise of testing and calibration laboratories. It establishes guidelines for laboratories to showcase their technical proficiency and ability to produce precise and trustworthy results.
For cannabis testing laboratories, obtaining ISO/IEC 17025 accreditation can offer a significant edge over their rivals. Such accreditation can result in several advantages, such as improved credibility, lower operational expenses, better conformity with local and state regulations and more efficient cross-border trade.
Integrating any standard into a regulated enterprise can be a complex undertaking and ISO/IEC 17025 is no exception. This standard puts a strong emphasis on quality by requiring laboratories to exhibit their impartiality, consistency and proficiency in all aspects of their work. Compliance with ISO/IEC 17025 necessitates timely and secure data retrieval, which is difficult to achieve without an information management system. Therefore, laboratories are increasingly turning to laboratory information management systems (LIMS) to modernize their practices, improve quality and meet ISO/IEC 17025 compliance standards. This article explores the critical factors that laboratory managers and staff should consider when selecting a LIMS that can help them fulfill the demands of ISO/IEC 17025. However, let’s first discuss the sections the ISO/IEC 17025 requirements are classified into.
ISO/IEC 17025 Requirements
The ISO/IEC 17025 requirements are divided into five sections:
- General Requirements (Section 4): The fourth section of the ISO/IEC 17025:2017 standard details the general conditions that laboratories must follow. This section is primarily concerned with two critical aspects: impartiality and confidentiality. The impartiality requirement mandates laboratories to remain unbiased and take measures to prevent any potential bias. Similarly, the confidentiality requirement mandates that any information collected or generated during laboratory operations must be treated as private and safeguarded adequately to prevent unauthorized access. In instances where the release of confidential information is necessary by law or contract, the laboratory must communicate such release in an appropriate and timely manner.
- Structural Requirements (Section 5): In order to achieve the three key objectives of competence, impartiality, and consistent operations, this section addresses the fundamental organizational requirements of a laboratory. This entails being a legal entity with well-defined management responsibilities and documenting all activities, procedures and methods that fall within the standard’s scope. It highlights the importance of human resources by requiring laboratories to provide individuals with the necessary authority and resources to identify and rectify deviations from procedures, methods and the quality management system.
- Resource Requirements (Section 6): This section highlights the crucial role of resources in helping a laboratory achieve its objectives and maintain high standards. The section covers five areas, namely personnel, facility and working environment, equipment, metrological traceability and third-party products and services. To meet the standard’s requirements, personnel must demonstrate competence and impartiality, and lab personnel must record their current training status. Lab staff should also be provided with adequate resources to perform their duties. The facility and working environment should be suitable for generating accurate analytical results, while equipment must be properly calibrated and maintained. Metrological traceability is important to establish the connection between measurement results and a reference. Additionally, it is essential to thoroughly evaluate and approve third-party products and services to ensure their suitability. Clear communication of the requirements to third parties is also necessary in this regard.
- Process Requirements (Section 7): This section of the standard outlines 11 essential processes that aim to improve efficiency in laboratory operations. The processes include evaluating requests, tenders, and contracts, as well as selecting, verifying and validating methods. This section covers areas such as sampling, test item handling, and technical record-keeping. Other requirements include reporting outcomes, managing complaints and non-conforming work and controlling data and information management, which is especially important in the current digital era.
- Management System Requirements (Section 8): Section 8 deals with the laboratory’s management system, which must support consistent adherence to the standard’s requirements while ensuring the quality of the laboratory results. The section offers two options for the management system: Option A for new systems and Option B for existing systems driven by ISO 9001. The section consists of eight tasks which involve activities such as documenting the quality management system (QMS), identifying and addressing potential risks and opportunities, implementing measures for improvements and taking corrective actions. The final clause of the section involves conducting an internal audit of the laboratory’s management system to ensure it complies with the standard’s requirements.
Key Considerations for Selecting a Cannabis Lab Testing Software or LIMS
Before selecting a Laboratory Information Management System (LIMS) for your cannabis testing lab, it is crucial to comprehend the informatics requirements of your laboratory. This involves understanding analysis necessities, limitations on reporting and data sharing, demands for instrument interfacing, requirements for sample barcoding and tracking, and procedures for ensuring quality assurance. Once all this is in place, a laboratory should take into account the following considerations:
Technology Considerations
When considering technology options, it’s important to consider future growth, data management and security and regulatory responsibilities. If a laboratory expects to grow in the future, it should consider investing in technologies that could enhance data management practices and security. The laboratory must also take into account how compliance with ISO/IEC 17025 will impact its future expansion and technological needs. To determine hardware and software investment, the laboratory must consider the type of work it will be performing and the associated regulatory and customer-centric responsibilities. It is also essential to identify the person or team responsible for addressing any potential technological problems, like setting up and maintaining software. If the laboratory wants to avoid procuring IT infrastructure and hiring IT personnel for maintaining LIMS, they should deploy a cloud-based LIMS that eliminates the need to have an elaborate IT infrastructure or dedicated IT staff.
Cybersecurity Considerations
As the need for cybersecurity continues to grow in various industries, it has become apparent that cannabis testing laboratories are also vulnerable to cybersecurity threats regardless of size. Therefore, it is important to consider additional cybersecurity measures for these laboratories. Although the ISO/IEC 17025 standard does not explicitly mention cybersecurity, it does address the proper control of data in section 7.11. The standard emphasizes that LIMS, whether hosted locally or in the cloud, should be protected from unauthorized access and tampering. To comply with the ISO/IEC 17025 standard, laboratories should integrate cybersecurity considerations into their LIMS selection process. This can be achieved by creating a cybersecurity plan and including cybersecurity controls in the user requirements specification (URS) for LIMS software. Using a pre-built URS that includes cybersecurity controls can simplify the process of evaluating and selecting informatics software for laboratories. It is important to maintain the LIMS to ensure data and information integrity, recording any security breaches or non-conformance and addressing them promptly.
Regulatory Compliance Considerations
Meeting well-designed standards like ISO/IEC 17025 can enhance a laboratory’s operational culture and assure the reproducibility and accuracy of test results. If a laboratory is considering purchasing a LIMS solution and is unsure about how it can align with ISO/IEC 17025 and other regulations and standards, they can refer to resources like ASTM E1578-18 Standard Guide for Laboratory Informatics for guidance. The laboratory’s own requirements list can then be used as a checklist for vendors.
System Agility
Laboratories should consider if the LIMS under consideration can handle adding other types of testing, protocols, and workflows in the future. A flexible LIMS that allows for configuring various aspects of the system, such as sample registration screens, test protocols, labels, reports, and measurement units, is essential. When evaluating a vendor’s system, it’s important to understand what makes it user-configurable and how easy it is to make changes. Moreover, you must check if you can make changes in the system without requiring programming skills.
Cost Concerns
For a laboratory to have a clear understanding of what is included in the sales agreement, it is important to provide an estimate or statement of work (SOW) that outlines the details of the anticipated elements with as much specificity as possible. These elements should include the cost of licensing or subscription, core items needed to comply with regulations, the total cost of optional items, and the required services such as LIMS implementation, maintenance, technical support, training, product upgrades, and add-ons. There are two main pricing models for LIMS solutions: a one-time license fee and a subscription fee for cloud-hosted LIMS. If a laboratory has an internal IT team, it may prefer the one-time fee, but a SaaS subscription may be more cost-effective if they don’t have an IT team and want to save on hefty upfront cost. To accurately reflect the various pricing nuances, the estimate or SOW should specify whether the costs are for monthly or annual subscription services, hourly support and training, or a one-time fixed cost.
The ISO/IEC 17025 accreditation offers several benefits, including improved credibility, lower operational costs, and better conformity with local and state regulations. However, integrating ISO/IEC 17025 requirements into a laboratory’s practices can be challenging. That’s where a cannabis lab testing software comes in. Laboratory managers and staff must consider several critical factors when selecting a LIMS to meet the requirements of ISO/IEC 17025. Key considerations for selecting a LIMS to meet ISO/IEC 17025 requirements with ease include technology considerations, cybersecurity considerations, regulatory compliance considerations, system agility and cost considerations. By meeting the compliance requirements of the ISO/IEC 17025 standard, cannabis testing laboratories can ensure the quality of their results and provide trustworthy services to their customers.