For testing and calibration laboratories seeking or maintaining accreditation, ISO/IEC 17025:2017 is the definitive benchmark. Published by the International Organization for Standardization, it sets out the requirements for competence, impartiality, and consistent operation that accreditation bodies — such as UKAS in the UK, A2LA in the US, and DAkkS in Germany — use to assess laboratories worldwide.
What many lab managers underestimate is how deeply ISO 17025 shapes the functional requirements of a Laboratory Information Management System (LIMS). The standard does not mandate specific software, but its clauses on data integrity, traceability, document control, and measurement uncertainty translate directly into LIMS capabilities that your system must either provide natively or support through integration.
This article maps the key ISO 17025 requirements to the LIMS features that satisfy them — giving you a clear framework for evaluating whether your current or prospective software is genuinely fit for purpose under accreditation.
What ISO 17025 actually requires — and why software matters
The 2017 revision of ISO 17025 introduced a more risk-based, process-oriented approach compared to its predecessor. It is organised around five major sections: general requirements, structural requirements, resource requirements, process requirements, and management system requirements.
Software-relevant obligations appear throughout the standard, but cluster most heavily in:
- Clause 5 — Resource requirements: covering equipment, metrological traceability, and externally provided products and services.
- Clause 6 — Process requirements: covering method validation, measurement uncertainty, sampling, handling of test items, and technical records.
- Clause 7 — Management system: covering document control, records management, internal audits, and management review.
The standard explicitly addresses software in Clause 6.4.7, which requires that “software used for the collection, processing, recording, reporting, storage or retrieval of data” be validated for intended use. This single clause has significant implications: it means you cannot simply purchase any off-the-shelf LIMS and assume compliance. You must demonstrate, with documented evidence, that the software performs as required in your specific laboratory context.
The full text of the standard is available from ISO.org. Accreditation bodies also publish their own interpretive guidance — the ILAC P10 policy on traceability is particularly relevant for laboratories managing calibration chains.
The core LIMS requirements mapped to ISO 17025 clauses
The table below maps the most software-relevant clauses of ISO 17025:2017 to the specific LIMS capabilities they demand.
| ISO 17025 clause | Requirement | LIMS must support |
| 6.4.7 | Software used for data handling must be validated for intended use | Validation documentation (IQ/OQ/PQ), version-controlled releases, audit trail of software changes |
| 6.6.2 | Technical records must include original observations, derived data, and identification of the person responsible | Immutable record creation, timestamped entries, user attribution on every record |
| 6.6.3 | Amendments to records must be traceable — who changed what, when, and why | Full audit trail with before/after values, mandatory reason field for amendments |
| 6.4.4 | Equipment records including calibration status and calibration due dates | Equipment register, calibration scheduling, automated alerts, integration with calibration certificates |
| 6.5 | Metrological traceability of measurements to SI units | Traceability chain documentation, linkage of test results to certified reference materials and instrument calibration records |
| 6.2 | Method validation records and measurement uncertainty budgets | Method and SOP library, structured uncertainty documentation linked to test results |
| 6.7 | Sampling records including date, sampler ID, environmental conditions | Sample receipt, labelling, chain of custody, storage condition logging |
| 8.3 | Document control — current versions available, obsolete versions identified | Version-controlled SOP/method library, document approval workflow, supersession management |
| 8.7 | Corrective action records linked to nonconformities | Nonconformance management module or integration with quality management system |
| 8.8 | Internal audit records and management review inputs | Audit scheduling, findings log, CAPA tracking |
Data integrity: the non-negotiable foundation
Every ISO 17025 requirement around records ultimately rests on a single principle: data must be trustworthy. The standard aligns closely with the ALCOA+ framework widely used in pharmaceutical environments — data must be Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, and Available.
For a LIMS to satisfy this, it must implement:
- Immutable original records. Once a test result or observation is entered, the original entry must be preserved. The LIMS should prevent deletion and require any correction to be made as a new entry with the original remaining visible.
- Full audit trails. Every create, read (where relevant), update, and delete action must be logged with a timestamp, user ID, and — for amendments — a mandatory justification. The audit trail must itself be protected from modification.
- User authentication and role-based access control. Each record must be attributable to a specific, authenticated individual. Role-based controls must prevent unauthorised modification of results, calibration records, or approved methods.
- Electronic signatures. For results released to clients, and for document approvals, the LIMS should support e-signatures that meet the requirements of the applicable jurisdiction. In many regulated markets this means alignment with FDA 21 CFR Part 11 or EU Annex 11, even when the primary standard is ISO 17025.
Accreditation assessors will typically request a live demonstration of the audit trail during an on-site assessment. A LIMS that logs only top-level actions — “result approved” — without capturing field-level changes is unlikely to satisfy a rigorous assessor.
Equipment and calibration management
Clause 6.4 of ISO 17025 requires laboratories to maintain records for each piece of equipment significant to the results it produces. This is one of the areas where a LIMS provides the most tangible operational value — and where gaps are most commonly found during assessments.
Your LIMS should provide or support:
- A centralised equipment register with unique identifiers, manufacturer details, serial numbers, firmware/software versions, and location.
- Calibration scheduling with automated alerts — the system should flag equipment approaching its calibration due date and, crucially, prevent or flag the use of out-of-calibration equipment in test workflows.
- Certificate storage and traceability linkage — calibration certificates should be stored and linked to the equipment record, and individual test results should be traceable back to the specific instrument used and its calibration status at the time of testing.
- Maintenance and service records — including corrective maintenance that may affect measurement capability, with links to any associated nonconformances.
The ILAC G24 guideline on calibration intervals provides useful context for laboratories determining how to schedule and document calibration activities within their LIMS.
Sample and chain of custody management
Clause 6.7 of ISO 17025 sets out requirements for the handling, transport, storage, retention, and disposal of test items. For any laboratory receiving samples from external clients or handling samples with strict integrity requirements, the LIMS chain of custody capability is critical.
Minimum requirements include:
- Unique sample identification — typically barcode or QR code labelling generated at receipt
- Logged sample receipt including condition on arrival, any observed deviations, and the receiving operator
- Storage location tracking with environmental condition logging (temperature, humidity) where relevant
- Subsampling and aliquot tracking with parent-child linkage
- Defined retention periods and automated alerts or disposal records at the end of retention
For laboratories handling biological samples, environmental samples, or materials with specific handling requirements, the LIMS should support conditional workflows — for example, flagging a sample for supervisor review if arrival conditions fall outside defined acceptance criteria, before any testing proceeds.
Document control and method management
ISO 17025 Clause 8.3 requires that the laboratory control documents — both internal and external — to ensure that only current, approved versions are in use. In practice, this means the LIMS must either include a document management module or integrate reliably with a Quality Management System (QMS) that provides this functionality.
Key capabilities:
- Version control with approval workflow. Every SOP, method, and work instruction must go through a defined review and approval process before it can be used. The LIMS should enforce this — test workflows should reference only approved, current method versions.
- Supersession management. When a new version is approved, the previous version must be clearly marked as obsolete and inaccessible for new work, while remaining readable for the purposes of historical result review.
- Test result to method linkage. Each test result record should reference the exact version of the method used. This is essential for demonstrating, in retrospect, that the correct procedure was followed at the time of testing.
| Assessor focus | During ISO 17025 assessments, document control is one of the most frequently cited areas of nonconformance. Assessors will verify that the version of a method referenced in a test record matches what was actually approved and available at the date of testing. |
Software validation: what “validated for intended use” means in practice
Clause 6.4.7’s requirement for software validation is not prescriptive about how validation must be conducted, but accreditation bodies expect documented evidence of a structured approach. The GAMP 5 framework from ISPE — widely used in pharmaceutical environments — provides a practical and widely accepted methodology that is increasingly referenced in ISO 17025 laboratory contexts as well.
At minimum, your LIMS validation documentation should include:
- User Requirements Specification (URS): what the system must do, in your specific laboratory context.
- Installation Qualification (IQ): evidence that the software was installed correctly in your environment.
- Operational Qualification (OQ): evidence that the system performs as specified under defined test conditions.
- Performance Qualification (PQ): evidence that the system performs correctly under realistic production conditions.
Many LIMS vendors provide partial validation packages — typically IQ/OQ — for their standard software. However, PQ documentation must reflect your specific workflows and use cases, which means it cannot be fully supplied by the vendor. Budget time and resource for this work during implementation.
Change control is equally important. Every software update — whether a patch, minor release, or major version — must be assessed for impact on validated functionality. Your LIMS vendor should provide release notes and a risk assessment to support your internal change control process.
Reporting: from raw data to accredited test certificate
ISO 17025 Clause 7.8 sets out detailed requirements for test and calibration reports. While the LIMS is not always the system that generates the final client report, it must ensure that the data feeding into reports is complete, traceable, and protected.
Report-relevant LIMS requirements include:
- Structured result capture that maps directly to the reporting fields required by the standard
- Automatic population of measurement uncertainty where applicable
- Reviewer and approver e-signature capture before a report is released
- Report version control — if a report is amended after release, the original must be preserved and the amendment clearly documented
- Audit trail linkage from the final report back to the raw data, instrument records, and method used
Laboratories using LIMS integration with LDAR/reporting tools or dedicated accreditation report templates should verify that the integration preserves all traceability requirements and does not allow data to be modified outside the LIMS audit trail during the transfer.
Choosing a LIMS for ISO 17025: key questions to ask vendors
Not all LIMS platforms are designed with accreditation environments in mind. Some are built primarily for research or pharmaceutical GMP contexts and may need significant configuration to satisfy ISO 17025 assessors. When evaluating vendors, the following questions are particularly relevant:
- Do you provide IQ/OQ documentation for your standard software? What does PQ support look like?
- Can the audit trail capture field-level changes with mandatory justification text for amendments?
- How does your system handle equipment calibration scheduling and out-of-calibration lockouts?
- How are method versions controlled, and how are test results linked to the specific method version in use at the time?
- What is your change control process for software updates, and what documentation do you provide to support our internal impact assessment?
- Do you have existing customers with ISO 17025 accreditation in our specific sector (environmental, food, calibration, construction materials, etc.)?
| Reference check | Always ask for a reference from a laboratory that has successfully maintained ISO 17025 accreditation through a surveillance or re-assessment cycle while using the vendor’s LIMS. This is the most reliable indicator of real-world suitability. |
The bottom line
ISO 17025:2017 does not prescribe software, but it sets a high bar for data integrity, traceability, and documented process control that translates directly into concrete LIMS requirements. A system that passes a sales demo is not necessarily a system that will satisfy an accreditation assessor on audit day.
The safest approach is to map your LIMS evaluation against the specific clauses of the standard that apply to your laboratory type, require vendors to demonstrate each capability with live evidence rather than slide decks, and treat software validation as an ongoing programme rather than a one-time project.
For laboratories just beginning to evaluate LIMS options, our Best LIMS Software guide provides an independent review of leading platforms. For a broader view of the buying process, see our 10 Questions to Ask Before Buying a LIMS and our guide to LIMS validation explained.
Sources & further reading
• ISO/IEC 17025:2017 — Testing and Calibration Laboratories
• ILAC P10 — Policy on Metrological Traceability of Measurement Results
• ILAC G24 — Guidelines for the Determination of Calibration Intervals
• ISPE GAMP 5 Guide (2nd Edition) — A Risk-Based Approach to Compliant GxP Computerized Systems
• FDA 21 CFR Part 11 — Electronic Records; Electronic Signatures
• ISO 9001:2015 — Quality Management Systems
