Five Steps to Prepare Cannabis Testing Laboratories for ISO 17025 Audits: Page 2 of 3

February 3, 2020
Abstract / Synopsis: 

This tutorial article outlines some of the steps that cannabis testing laboratories can take to prepare ahead of a third-party safety audit. It discusses several practical measures that facilities can take to boost their chances of passing an audit, including advice on time management, essential employee training, and laboratory management systems that can ensure a smooth and seamless audit process.

What Is Involved in a Third-Party Audit?

A third-party audit is carried out by a qualified representative of the auditing body—whether that is ISO/IEC or the state department responsible for regulating the local cannabis industry. The auditor has a checklist detailing all of the relevant requirements that the laboratory has to meet to demonstrate compliance and all of the documents and areas of the facility that the auditor must inspect and review.

The laboratory is expected to have copies of all of the relevant documents compiled and available for the auditor to inspect. After these documents have been combed through, the auditor makes recommendations where relevant, and notes any deficiencies they may have observed.

How to Prepare for an Audit

Step 1: Begin Preparations Well in Advance
Preparing for a third-party audit could take a couple of weeks or several months. The time line depends on the nature of the standards that a laboratory is hoping to achieve, the current standards of the operation, and also the extent of the operation. A laboratory that offers a more basic testing regimen will have fewer testing methods that need to be documented, reviewed, and updated where necessary.

Conducting a gap assessment, where the current operations of a laboratory are compared against the eventual audit checklist, can be helpful in assessing what needs to be improved before an audit. This assessment can also help in establishing a time line for how long audit preparations might take.

To prepare fully, it is important to identify all of the areas of operation that will be relevant to the auditing, so that they can be properly handled during the preparation time. It can also be helpful to identify any risks (3) that might affect the laboratory or its reputation—such as the potential for sample collection errors or incorrect data interpretation—so that steps can be taken to proactively lessen the risk of these errors occurring and improve the quality of operations.

Step 2: Get Organized
One of the most important parts of audit preparation is ensuring that all necessary documentation is present and up-to-date.

A large number of documents are required by auditors, including (but not limited to) a quality manual, a scope of accreditation, standard operating procedures (SOPs) for every procedure carried out by the laboratory, training records, and records detailing all testing and calibration procedures. Having all these documents available for the auditor or inspector reduces the time an assessment takes and helps make a good impression.

Good organization can also make it easier for laboratories to identify gaps in their documentation, or documents that have not been updated or reviewed recently.

Using a laboratory information management system (LIMS) (4) can be a great help in organizing the vast amount of documentation needed in a third-party audit. In addition to maintaining laboratory records, many LIMS systems also include functionality that can register and manage all information relating to samples in the laboratory, and support the easy entry and validation of test results data into the laboratory’s records. Using and maintaining an efficient LIMS correctly can make sure that all necessary audit documentation can be easily found during a third-party audit, and can be key in proving data integrity by hosting digital records of all laboratory data that can validate that no data has been tampered with (Figure 1).

Laboratories may also find it helpful to reorganize the audit criteria into a list of objectives, sorted by time frame. Some tasks, such as reviewing the laboratory quality system and documenting employee competency, are required only on an annual basis, where tasks like instrument verification will be required daily or near-daily. By separating the criteria into a list of objectives to complete annually, quarterly, or more frequently, laboratories can guarantee that they are meeting all of the frequency requirements inherent in quality control regulation, and be well prepared for future reassessments or reinspections when a certification needs to be renewed. A time-focused checklist can also help laboratories to roughly estimate how long their preparations for an initial assessment might take.

  1. A. Beadle, Analytical Cannabis, (2019),
  2. Colorado Department of Public Health and Environment, “Inspection of marijuana testing facilities,”
  3. Clinical Lab Products, “Exploring Risk Management in the Lab,”
  4. CloudLIMS, “Preparing for an ISO 17025 Audit: What to expect from a LIMS?”,
  5. Agilent, “Laboratory Audit Preparation,”

About the Author

Arun Apte is the CEO of CloudLIMS in Wilmington, Delaware. Direct correspondence to: [email protected]

How to Cite This Article

A. Apte, Cannabis Science and Technology 3(1), 52-55 (2020).