Thursday, March 7, 2013

Is ISO “Compliance” cheating?

Is ISO “Compliance” cheating?

I find myself in the middle of a moral dilemma.  On the one side I feel perfectly comfortable with what we are doing.  On the other side, I have spent a lot of time and voice and ink arguing the other side.

I operate a university based medical laboratory proficiency testing program focused on microbiology.  We have been in operation across Canada for many years.  We provide a unique service that closely mimics clinical specimens because standards including ISO15189, ISO/IEC17025, and ISO17043 and WHO all clearly recommend that proficiency testing should, to the extent possible, highly look like and act like the samples they are challenging. 

That makes infinite sense to me.  If you want to know that a laboratory can process a certain type of sample, then you have to give them something that duplicates that sample.  If they meet the requirement we can call them proficient; if they can not, then they have work to do.  If they get a PT sample that requires all sorts of manipulation and special processing, then you may be able to argue you have measured a level of technical competency, but that is something very different from proficiency. 

But I digress.   I will get back to the issue at hand.

Long before there were guidelines and standards for proficiency testing Quality, there was only  the quintessential Quality requirement: ISO9001.  That was the document that we adopted as the basis for our Quality system.  We are externally assessed against the document every year.  We have a lot of confidence in our Quality system.

In 2008 ISO CASCO decided to create a new document specifically to address competency for proficiency testing programs.  It was a collaborative effort with international accreditation bodies and when published was known as ISO17043:2010 (Conformity assessment - General Requirements for Proficiency Testing).  A number of proficiency testing programs from across the spectrum of testing laboratories were included in the writing committee.  We were a part of that process.  

When it was done 17043 was a pretty good document; its management side was not as complete as 9001, but its technical side was a vast improvement and much more appropriate than ISO/IEC17025 (Competency for testing and calibration laboratories).

Our program has looked at 17043 a number of times, and has implemented it as part of our own technical and management performance efforts.    We declare ourselves to be compliant, but to date we are not accredited. 

Our problem is strictly one of budget.  We can not afford to pay an accreditation body what they charge, especially since we know that our laboratories trust our ISO9001 certification, and don’t seem to care if we consider the new standard.  

Were we to decide to add the new accreditation, we would have to add the cost to our fees and pass the expense on to the laboratories. 

And then a new problem manifested today.

We got a request from a laboratory outside Canada, asking for samples, but also asking if we are “compliant to 17043”.  Our response was to the affirmative, but left out the part about no accreditation.  I don’t know if she knew what she was asking, if she understood that there is a difference between being accredited to a document and being compliant with the document.  At the time I didn't feel like getting into the discussion, but now I am concerned that we might be seen as being a little deceptive.  Perhaps we lead her astray.  That is never a good way to start off a new relationship.

What we gave was an honest answer, but arguably a little incomplete.  What we probably should have said is:  “Yes, we are knowledgeable of 17043 and self-declared as compliant, but as of yet not accredited.  Our Quality system is assessed in the context of our activity, which means that the assessor factors in that we provide Quality Assessment products and services.   
We invite organizations  to come and do their own site visit, and assess us for themselves.  The only provisos are that they arrange in advance for an appointment, come at their own expense and do a focused assessment."

If she calls back we will tidy up any confusion that we may have caused.
She may not care, but I will.

note: edited post release for grammatical errors - Mar 8, 2013 


  1. Your decision is both ethical and logical, and unfortunately all too rare in business today.

    If accreditation to 17043 is truly a requirement for this customer, why risk poisoning the relationship for all time by giving half-truths? This is one instance in which it is not better to beg forgiveness than ask permission.

    In a former life, I worked at a medical supply factory. Their focus was exclusively on paper accreditation, but not true quality. When they switched from a Quality Control system to a Quality Assurance system, the only thing that changed materially was their email signature.

    Good on you for coming to the ethically correct, but difficult, conclusion!

  2. Thanks Jason
    Nice to see your take on my dilemma.
    The bottom line is that this potential customer always has a choice to work with us or not. We too have a choice, to be transparent or not.
    The difference is that my choice carries the risk of having a very strong influence on theirs.


Comments, thoughts...