Skip to main content
18 June 2024

How more testing labs than just food safety can reduce risk by adopting HACCP principles and risk-based thinking

Matthew Sica

Technical Program Manager, Perry Johnson Laboratory Accreditation


Matthew Sica has over 30 years of experience in laboratory-related environments. He has gained expertise in management and quality systems, laboratory accreditation, project management, and process improvement.

Every business must minimise risk. In the laboratory testing world, risk management is of particular importance to the daily processes and operations of food & beverage safety labs. In this guest blog, Matt Sica of Perry Johnson Laboratory Accreditation, Inc. breaks down for us how FDA HACCP principles, combined with risk-based thinking from the ISO/IEC 17025:2017 standard, create a powerful toolset, one laboratories in other disciplines can also use to better mitigate risk.

Risk management and ISO/IEC 17025:2017 accreditation

ISO/IEC 17025:2017 mandates that laboratories develop and execute strategies to manage risks and identify opportunities to enhance operational effectiveness. The standard acknowledges that risk-based thinking has allowed for a decrease in rigid guidelines and their substitution with performance-based criteria.

Risk-based thinking is a structured approach you can use to help make informed decisions for your business by identifying, assessing, and managing risks. Risk-based thinking encompasses the methodical identification, assessment, and control of risks and has the potential to mitigate risk for laboratories of many disciplines.

Specific terms outlined in the ISO/IEC 17025:2017 standard urge organizations to factor in associated risks in order to fulfill requirements more efficiently. Terms such as “sufficient”, “suitable”, “prevent”, and “ensure” promote comprehensive risk assessment, proactive risk handling, and effective risk reduction plans to guarantee adherence to standards and operational success. Although analysing risks using these terms facilitates the application of risk-based thinking linked to those specific requirements, laboratories should also explore additional techniques or resources to reinforce risk-based thinking in all other aspects of their operations.

Hazard Analysis and Critical Control Points (HACCP)

Hazard Analysis and Critical Control Points (HACCP) is a US Food & Drug Administration (FDA) food safety management system that is utilised at all stages in the food chain to systematically recognise, evaluate, and control potential hazards that can compromise food or beverage safety. Although established for the food and beverage industry, HACCP principles offer value to laboratories of all disciplines. Combine HACCP principles with risk-based thinking, and you suddenly have powerful tools to help you actively address risks, uphold quality benchmarks, adhere to safety regulations, and boost operational effectiveness through your laboratory procedures.

Applying principles of the FDA HACCP food safety system to your laboratory operations can include processes such as performing hazard analysis, pinpointing critical control points, setting critical limits, setting up monitoring protocols, determining corrective actions, conducting verification, and keeping comprehensive records.

Let’s explore how you can adapt HACCP principles for your laboratory:

Conduct hazard analysis

This phase could be likened to performing risk assessment. The first step involves recognising potential risks within laboratory operations that might jeopardise the accuracy of testing or calibration processes. These risks could encompass issues such as equipment breakdowns, sample contamination, human mistakes, chemical hazards, or compliance concerns.

Identify critical control points

Critical control points (CCPs) are key junctures in laboratory procedures where control measures can be applied to prevent, minimise, or eradicate identified risks. Instances of CCPs within a laboratory could involve calibrating equipment, upholding sterile environments, confirming sample integrity, or validating testing protocols.

Set critical limits

Set specific critical limits at each CCP to define acceptable ranges for factors like temperature, time, cleanliness, calibration schedules, or even level of detail needed in documentation to obtain consistent results. This ensures that processes adhere to predetermined standards to mitigate risks.

Implement monitoring procedures

Monitoring procedures involve regularly observing, measuring, or recording parameters at CCPs to confirm that processes are operating within critical limits. This could involve routine equipment checks, quality control tests, environmental monitoring, data review, proficiency testing, or demonstrating ongoing competence of staff.

Establish corrective actions

In the event of deviations from critical limits or the identification of risks, your lab must take prompt corrective actions to rectify the situation. These actions might include process adjustments, equipment recalibration, sample retesting, and investigating the root causes of deviations to prevent their recurrence.


Verification ensures that the HACCP plan effectively controls risks and maintains safety in laboratory operations, while validation confirms the scientific soundness and adequacy of control measures. Verify the efficiency of control measures and corrective actions through validation activities, audits, trending of quality control, and reviews to confirm that critical control points operate effectively and that risks are managed appropriately.

Document and retain records

Maintaining detailed records of risk analyses, critical control points, critical limits, monitoring outcomes, corrective actions, verifications, along with other essential data to ensure compliance and support continuous improvement. Remember, ISO/IEC 17027:2017 requires that the results of risk identification are covered and recorded during management reviews.

Embrace risk-based thinking

ISO/IEC 17025 mandates that laboratories implement a methodical approach to risk management. By blending risk-based strategies with established methodologies such as HACCP, laboratories of any discipline can elevate risk management protocols, enhance operational effectiveness, and foster a safe and quality-driven environment. No matter what industries your testing laboratory serves, there are many approaches to successfully integrating risk-based thinking into your laboratory’s operations.

Perry Johnson Laboratory Accreditation, Inc. is a private third-party accreditation body based in the United States that validates the competency of testing and calibration laboratories, inspection bodies, reference material producers and sampling organizations through the use of international and national standards. To engage the team for assistance with incorporating risk-based thinking approaches or with regulatory compliance or accreditation, send email to [email protected].

With Clinisys Laboratory Solution™, your laboratory will have a solid foundation for compliance with government regulations and standards. Built for disciplined data management and reporting, the content packages for Clinisys Laboratory Solution™, like Clinisys Food & Beverage Laboratory™, incorporate the relevant standards, guidelines, and protocols for your industry into your workflows. Automatically align testing procedures, analytical methods, and data analysis with regulatory requirements. With its automated data validation processes, Clinisys Laboratory Solution also proactively flags potential issues or deviations, consistently documents all activities and modifications for exacting traceability and data integrity, and simplifies standards audits, laboratory certification, and regulatory reporting.

Let’s start a conversation about how your LIMS matters for mitigating risk, fostering innovation, and bolstering client and regulatory confidence. Connect with us today to build your lab of the future.

Related content