Understanding Clause 6.6 of ISO/IEC 17025:2017

Let’s start with where it all comes from—Clause 6.6 of ISO/IEC 17025:2017. This clause is all about how a laboratory manages products and services it receives from external sources. That could be anything from subcontracted testing and calibration to reference materials, reagents, or maintenance services. The goal is simple: you’re responsible for the quality of anything that affects your lab’s results, even if it comes from outside.

That’s exactly why the procedure for externally provided products and services in ISO 17025 is a requirement—not a suggestion. The standard expects labs to control these external elements just like they would their in-house activities.

Now, you might be wondering: what exactly counts as an “externally provided” product or service? Here are a few common examples:

• Subcontracted calibration of lab instruments

• Certified reference materials from external suppliers

• Laboratory software or data systems maintained by a third party

• Outsourced testing of specific parameters (like microbiological or chemical analysis)

• External maintenance or repair services for key equipment

Under the procedure for externally provided products and services in ISO 17025, you’re expected to evaluate, select, monitor, and re-evaluate your suppliers. That means more than just picking someone based on price—it means making sure they meet your technical and quality standards.

The standard also emphasizes traceability and documentation. You need to be able to show that your external providers were approved based on objective criteria, and that their performance continues to meet your requirements over time.

So when we talk about the procedure for externally provided products and services in ISO 17025, we’re really talking about building a consistent, evidence-based way to manage the things your lab depends on—but doesn’t directly control. It’s about accountability, reliability, and making sure every outside input supports the accuracy and validity of your lab’s work.

Documenting the Procedure for Externally Provided Products and Services in ISO 17025

So now that we’ve covered what Clause 6.6 is all about, let’s get into what your lab actually needs to document. One of the key expectations under the procedure for externally provided products and services in ISO 17025 is that everything is clearly written down—not just done informally or “understood” among staff.

ISO/IEC 17025 doesn’t just want labs to manage their suppliers well—it wants to see how they do it. That means your procedure should be a practical, working document that outlines how your lab handles the entire lifecycle of externally provided products and services.

Here’s what your documented procedure should typically include:

• Selection criteria: What qualifications or requirements must a supplier meet before you even consider working with them?

• Evaluation process: How does your lab assess whether a supplier is competent and reliable?

• Approval and authorization: Who decides if a supplier is approved for use?

• Monitoring and re-evaluation: How do you ensure a supplier remains compliant over time?

• Records: What documentation do you keep as evidence that your process is being followed?

The procedure for externally provided products and services in ISO 17025 should also explain how your lab defines the requirements for each external product or service. For example, if you’re outsourcing calibration, your procedure should specify things like:

• The calibration standard or method to be used

• Acceptable uncertainty levels or tolerances

• Whether the provider must be ISO/IEC 17025 accredited

It’s also important to be clear on how you verify conformity once the service or product is received. Your procedure should explain how your team checks that what’s delivered meets your requirements—before it’s used in any testing or calibration work.

The point here isn’t to create extra paperwork. The goal is to give your team a clear, repeatable process to follow—so you can trust that every external product or service supports your lab’s accuracy and credibility. And during audits, this documented procedure for externally provided products and services in ISO 17025 gives you the proof you need to show that nothing is left to chance.

Evaluating and Selecting External Providers

Once you’ve documented your procedure for externally provided products and services in ISO 17025, the next step is putting that procedure into action—starting with how you evaluate and select your external providers. This part isn’t just about choosing who to buy from; it’s about making sure every provider you rely on can support your lab’s quality and technical requirements.

Think of it like building a trusted team outside your organization. Even if they don’t work in your lab, their performance affects your results—and that means your reputation too.

Approval Criteria and Documentation

According to the procedure for externally provided products and services in ISO 17025, your lab must set specific criteria for approving suppliers. These criteria could include:

• Technical competence (like being accredited to ISO/IEC 17025)

• Past performance and reliability

• Turnaround time and responsiveness

• Quality of documentation, such as calibration certificates or test reports

• Traceability and compliance with your lab’s specifications

The procedure should clearly state who is responsible for approving external providers and what records need to be kept. This could be as simple as an approved supplier list with supporting evaluation forms, email confirmations, or supplier audits—whatever works best for your lab’s size and complexity.

Ongoing Monitoring and Re-Evaluation

Now here’s the part that often gets overlooked. The procedure for externally provided products and services in ISO 17025 isn’t a “set it and forget it” rule. Labs are expected to continuously monitor supplier performance and re-evaluate them at regular intervals.

What does that look like in practice?

• Reviewing calibration certificates for completeness and traceability

• Noting late deliveries or inconsistent results from subcontractors

• Recording complaints or nonconformities related to the supplier

• Conducting periodic reviews of supplier qualifications

If a provider fails to meet expectations, your lab should have a plan in place—whether that means corrective action, additional oversight, or finding an alternative supplier.

By following a structured approach to supplier evaluation, your procedure for externally provided products and services in ISO 17025 becomes more than just a requirement—it becomes a tool to strengthen your lab’s consistency and credibility. And when external inputs are solid, your lab can deliver results you’re proud to stand behind.

Ensuring Conformity of Purchased Items

So you’ve selected your suppliers, documented your approvals, and everything looks good on paper—but what happens when the product or service arrives at your lab? This is where another critical part of the procedure for externally provided products and services in ISO 17025 comes into play: making sure what you receive actually meets your requirements.

Just because something has been ordered from an approved provider doesn’t mean it can be used without checking. ISO/IEC 17025 expects labs to verify that externally provided items conform to specified requirements before they’re used in any testing or calibration activities.

Checking Goods and Services on Arrival

Your procedure for externally provided products and services in ISO 17025 should clearly explain how your lab verifies incoming items. This could include:

• Reviewing calibration or test certificates for completeness and accuracy

• Checking that equipment or materials match the specifications in the order

• Inspecting physical goods for damage, labeling, or expiration dates

• Verifying that the supplier’s documentation includes traceability information, when applicable

This doesn’t have to be overly complicated—but it should be consistent. A simple checklist or acceptance form can go a long way in ensuring nothing is missed, especially when multiple team members are involved.

What to Do When Something Goes Wrong

Even with good systems in place, mistakes can happen. That’s why your procedure for externally provided products and services in ISO 17025 should also include steps for managing nonconforming items. If something isn’t right—maybe the wrong chemical batch was delivered, or a calibration certificate is missing critical info—you need to have a plan.

That plan might include:

• Quarantining or tagging the nonconforming item

• Notifying the supplier and requesting replacement or correction

• Recording the incident in your nonconformance log

• Evaluating the impact on ongoing lab activities

It’s all about protecting your lab’s integrity. The last thing you want is to use an unverified or faulty input that could throw off your test results or create compliance issues during an audit.

By including clear, simple steps in your procedure for externally provided products and services in ISO 17025, you’re ensuring that your lab stays in control—even when working with outside suppliers. And that kind of proactive approach helps build trust, both inside your lab and with your clients.

Integrating the Procedure for Externally Provided Products and Services in ISO 17025 with the QMS

By now, it’s clear that the procedure for externally provided products and services in ISO 17025 isn’t something that sits off in a corner by itself. It’s actually woven into your entire quality management system (QMS). To keep everything running smoothly—and compliantly—you need to make sure this procedure connects with other key processes in your lab.

Let’s walk through how to make that integration seamless and practical.

Linking with Purchasing, Quality, and Technical Records

When you’re managing external suppliers, you’re often interacting with other parts of your lab’s system: purchasing, quality control, equipment maintenance, and even test reporting. That’s why the procedure for externally provided products and services in ISO 17025 should link directly to:

• Purchasing procedures – so orders are placed only with approved suppliers

• Equipment and calibration records – to track the use of externally calibrated instruments

• Test methods and technical procedures – especially if you’re using external reference materials or subcontracted tests

• Document control – ensuring the procedure itself stays current and accessible

By making these links intentional, you reduce the risk of oversight or inconsistency—and make audits much easier to manage.

Internal Audits and Management Review

Here’s another often-overlooked area: internal audits. Your internal audit program should include a review of how well your lab is following the procedure for externally provided products and services in ISO 17025. That means checking:

• Are suppliers being evaluated and approved as planned?

• Are conformity checks being recorded and reviewed?

• Are nonconformities being followed up appropriately?

Then, during your management review, it’s a good idea to bring in supplier performance as part of the discussion. For example, if you’ve had delays, recurring nonconformities, or communication issues with an external provider, that’s valuable input for decision-making and potential improvement actions.

So don’t treat the procedure for externally provided products and services in ISO 17025 as a stand-alone document. It works best when it’s fully integrated into the day-to-day systems that keep your lab compliant, efficient, and trustworthy. The more connected it is, the more useful—and audit-ready—it becomes.

Final Notes on Procedure for Externally Provided Products and Services in ISO 17025

At the end of the day, the procedure for externally provided products and services in ISO 17025 is all about control—knowing where your lab’s critical inputs are coming from, how they’re being verified, and what to do if something doesn’t meet expectations. It’s not about making life more complicated; it’s about making sure nothing slips through the cracks.

Whether it’s a subcontracted test, a calibration certificate, or a batch of reference materials, your lab is still responsible for the results that depend on them. That’s why ISO/IEC 17025 places so much emphasis on having a clear, documented procedure for externally provided products and services in ISO 17025—because strong control over external inputs builds confidence in your internal outcomes.

Here’s a quick reminder of what this procedure should help you do:

• Select competent, reliable suppliers using defined criteria

• Keep clear records of approvals, monitoring, and re-evaluations

• Verify that incoming products and services meet your lab’s requirements

• Manage nonconforming items with a plan, not guesswork

• Connect this process to your broader QMS for visibility and accountability

The great thing is, once your procedure for externally provided products and services in ISO 17025 is properly in place, it becomes second nature. Your team knows what to check, what to expect, and how to respond. And when auditors come knocking, you’ll have everything you need to show that your lab doesn’t just hope for quality—you manage it, from start to finish.

So if you haven’t reviewed or refreshed this part of your system in a while, now’s a great time. A solid external supplier procedure isn’t just a requirement—it’s a powerful tool to protect the reliability of your lab’s work, every single day.

Levy M.

I hold a Master’s degree in Quality Management, and I’ve built my career specializing in the ISO/IEC 17000 series standards, including ISO/IEC 17025, ISO 15189, ISO/IEC 17020, and ISO/IEC 17065.

My background includes hands-on experience in accreditation preparation, documentation development, and internal auditing for laboratories and certification bodies.

I’ve worked closely with teams in testing, calibration, inspection, and medical laboratories, helping them achieve and maintain compliance with international accreditation requirements.

I’ve also received professional training in internal audits for ISO/IEC 17025 and ISO 15189, with practical involvement in managing nonconformities, improving quality systems, and aligning operations with standard requirements.

At QSE Academy, I contribute technical content that turns complex accreditation standards into practical, step-by-step guidance for labs and assessors around the world.

I’m passionate about supporting quality-driven organizations and making the path to accreditation clear, structured, and achievable.