The Value of ISO 17025 and cGMP Quality System Standards

The Pharmaceutical, Medical Device and Consumer Product industries continue to increase the scope and volume of services they outsource. The ability to achieve cost savings coupled with the opportunity to outsource unique needs to others providers that have a greater degree of specialization in certain service areas certainly can offer a competitive advantage especially in times of economic instability. However, it is important from a regulatory standpoint to understand that the quality standards excepted are the full responsibility of the company directing the outsourcing of testing, packaging, development and manufacturing. Understanding this responsibility is the first step to insuring the work you are outsourcing is done to acceptable standards. Two keys areas to focus on when qualifying an outsourcing partner are Good Manufacturing Practices (GMP), and ISO 17025 quality standards. This article will review basic components of each quality system standard as a means to refresh and enhance your current knowledge level.

GMP – Good Manufacturing Practices

Virtually anyone working within an FDA regulated industry understands, and appreciates, the value of the cGMP (Current – Good Manufacturing Practices) notation. cMP, as outlined in the FDA “Guidance for Industry – Quality System Approaches to Pharmaceutical GMP Regulations” (September 2006) is based upon the implementation of the regulations as outlined in 21 CFR Parts 210 and 211. In essence, a cGMP quality system is one that is based upon a comprehensive approach to all aspects of the development and manufacturing process. While the guidance and the regulations speak of key components of the system – management responsibilities, quality manual design, corrective and preventative actions – the key principle of cGMP relies on clearly stating your intent and following a process that aligns with that intent. cGMP is “say what you are going to do and do what you say”.

As part of meeting the 21 CFR Part 210 requirements, having a standard operating procedure in place that outlines the use of outsourced vendors is a basic requirement. The key component of this standard operating procedure must be that “any and all outsourcing agents or companies used, must be cGMP with respect to quality system operations. Inclusive of this is the process of being registered and regulated by the FDA for GMP compliance. Once you confirm that an outsourced service provider is FDA regulated, you must clearly define a process to qualify them for use under your quality system. In its simplest form, this can be an audit questionnaire or this can be a complete cGMP onsite audit and inspection. The decision about which approach to take should be based upon the critical nature of the work you are expecting them to perform on your behalf. At the basic core, if your company operates under a GMP quality system, all supporting vendors providing services would be expected to meet the same criteria.

ISO 17025

In addition to meeting the FDA required cGMP compliance, companies seeking to outsource their testing and calibration services should consider vendors that have earned ISO 17025 accreditation. ISO/IEC 17025 outlines general requirements for the competence of testing and calibration laboratories and is an important accreditation of competence and quality. Vendors that are willing to make the investment in ISO 17025 are making a strong statement on the high value they place in overall quality.

First issued in 1999 and later updated in 2005, ISO 17025 is a significant standard of worldwide acceptance for testing and calibration laboratories. Meeting the ISO 17025 standard signifies that a vendor has committed to and paid for a third party audit and inspection of technical competence that demonstrates they can produce precise and accurate test and calibration results. Meeting ISO 17025 standards is an ongoing process that requires an annual review and inspection for renewal.


While there are many aspects of cGMP and ISO 17025 that overlap, a vendor that has implemented a quality system based upon the components of each quality directive is displaying a strong commitment to overall quality. As with any quality system, the process is one of continual improvement. cGMP and ISO 17025 do not replace the need for on-site audits of the subcontractor. However, in most instances an auditor will find that companies committed to third party accreditation like ISO 17025 are generally in a better overall quality state and display a much deeper understanding of the value (and need) quality plays in the development and manufacturing process.