Home
Reference Material
Reference documents and regulatory information relevant to ISO 17025 compliance.
ISO/IEC 17025:2017
Structured integration of ISO/IEC 17025:2017, providing a reference for testing and calibration laboratory requirements. The official ISO PDFs remain the primary authoritative source.
4 General requirements
4.2 Confidentiality
The laboratory shall ensure the confidentiality of all information obtained or created during laboratory activities, except as required by law or agreed upon with the customer.

Reference Material
Reference documents and regulatory information relevant to ISO 17025 compliance.
- ISO/IEC 17025:2017
  Structured integration of ISO/IEC 17025:2017, providing a reference for testing and calibration laboratory requirements. The official ISO PDFs remain the primary authoritative source.
  - Foreword
  - Introduction
    This document establishes requirements for laboratories to ensure competence, confidence, and valid results, aligning with ISO 9001 principles. It emphasizes risk-based planning, cooperation, and harmonization of standards while outlining key terminology usage.
  - 1 Scope
    This document defines the general requirements for laboratory competence, impartiality, and consistent operation, applicable to all organizations conducting laboratory activities.
  - 2 Normative References
    This section lists documents that are referenced in the text as requirements. Dated references apply to specific editions, while undated references apply to the latest version, including amendments.
  - 3 Terms and Definitions
    This section defines the terms used in this document. It references ISO/IEC Guide 99 and ISO/IEC 17000, along with additional terms specific to this standard.
  - 4 General requirements
    - 4.1 Impartiality
      Laboratory activities shall be undertaken impartially, with proper management and identification of risks that could compromise impartiality.
    - 4.2 Confidentiality
      The laboratory shall ensure the confidentiality of all information obtained or created during laboratory activities, except as required by law or agreed upon with the customer.
  - 5 Structural requirements
  - 6 Resource requirements
  - 7 Process requirements
  - 8 Management system requirements
  - Annex A (Informative) Metrological Traceability
  - Annex B (Informative) Management System Options
    This annex provides additional information on the management system options available to laboratories, ensuring conformity to ISO 9001 while fulfilling the requirements of this document.

4.2 Confidentiality

The laboratory shall ensure the confidentiality of all information obtained or created during laboratory activities, except as required by law or agreed upon with the customer.

4.2.1 Responsibility for Confidentiality

The laboratory shall be responsible, through legally enforceable commitments, for managing all information obtained or created during laboratory activities.

The laboratory shall inform the customer in advance of any information it intends to place in the public domain. Except for:

Information the customer makes publicly available
Information shared with the customer’s agreement (e.g., responding to complaints)

All other information is considered proprietary and shall be regarded as confidential.

4.2.2 Legal and Contractual Disclosure

When the laboratory is required by law or authorized by contractual agreements to release confidential information, the customer or individual concerned shall be notified of the information provided, unless prohibited by law.

4.2.3 Customer Information from External Sources

Information about the customer obtained from sources other than the customer (e.g., complainants, regulators) shall remain confidential between the laboratory and the customer.

Note:

The provider (source) of this information shall be confidential to the laboratory and shall not be shared with the customer unless agreed upon by the source.

4.2.4 Confidentiality Obligations of Personnel

Personnel, including committee members, contractors, personnel of external bodies, or individuals acting on the laboratory's behalf, shall keep confidential all information obtained or created during the performance of laboratory activities, except as required by law.