ISO 17025 Decision Rule Explained: Statements of Conformity, Tolerance, and Measurement Uncertainty

When a calibration lab calls something a pass or fail, there’s a lot riding on that decision. An ISO 17025 decision rule is just a documented approach that spells out how you use measurement uncertainty to decide if a calibration result meets the spec. Without a clear decision rule, labs could make the wrong call—leading to failed audits, unhappy customers, or even dangerous equipment getting a green light.

A scientist in a lab coat examining precise measurement instruments in a clean laboratory environment considering how to use the ISO 17025 decision rule

ISO/IEC 17025:2017 wants labs to define and share their decision rule whenever they make conformity statements. It’s not enough to just compare a measured value to a tolerance and say pass or fail. You’ve got to factor in measurement uncertainty. The decision rule you pick changes how conservative your results are—and how much risk you’re willing to take on letting something slip through or rejecting something that’s actually fine.

It’s worth knowing your way around decision rules if you want to deliver accurate reports, keep assessors happy, and protect your lab (and your customers) from messy fallout. Whether you’re in aerospace, manufacturing, healthcare, or some other regulated field, applying the right decision rule keeps your conformity statements solid and defensible.

Key Takeaways

  • A decision rule spells out how you use measurement uncertainty to make pass/fail calls on calibration results
  • ISO/IEC 17025 says you’ve got to document and share your decision rule before handing out conformity statements
  • Different decision rules juggle the risk of wrongly accepting or rejecting something, based on uncertainty

Watch: ISO 17025 Decision Rule Explained

Before diving into the detailed guidance below, watch this video walkthrough for a practical explanation of the ISO 17025 decision rule and how it affects statements of conformity.

In the video, I explain the difference between a measurement result and a pass/fail decision, when a decision rule is required, and how tolerance limits, acceptance limits, guard bands, and measurement uncertainty work together. I also demonstrate how a measured result can fall within the specification limit while its uncertainty extends beyond that limit—and what this may mean for the laboratory’s conformity decision.

You will also see examples of how decision-rule language may appear on a test report, calibration certificate, or certificate of conformance. After watching the video, continue through the article for additional examples, documentation guidance, common audit findings, and practical steps for making your laboratory’s conformity decisions clear, consistent, and defensible.

Need help making your ISO/IEC 17025 technical records audit-ready?

Schedule Your Free 45-Minute Consultation

What Is an ISO 17025 Decision Rule?

A decision rule is basically a written method that tells you how to use measurement results (and their uncertainties) to decide if something meets the requirements. When you calibrate or test, the decision rule connects your data to a clear pass/fail answer.

ISO 17025 expects you to document and apply decision rules if your customer wants statements of conformity. These rules must address measurement uncertainty and the level of risk you’re willing to take.

So what’s the decision rule really doing? It answers: How do you decide if a result is good enough when every measurement comes with some uncertainty?

Your decision rule needs to be:

  • Clearly defined and written down
  • Statistically reasonable
  • Agreed upon with your customer before starting
  • Applied the same way each time for similar measurements

Decision rules handle two main risks: False acceptance (calling a nonconforming item “good”) and false rejection (failing something that actually passes).

Key Components of a Decision Rule:

ComponentPurpose
Measurement resultThe value you got from testing
Measurement uncertaintyThe wiggle room or doubt in your result
Specified limitsThe tolerance or acceptance range
Risk levelHow much uncertainty you’re okay with

The decision rule you use decides how much you shrink the acceptance zone to account for uncertainty. You’ve got to tell customers which rule you applied on the calibration certificate, so they know how you came to your decision.

Why ISO 17025 Decision Rules Matter

A lab technician in a white coat examines test results on a digital tablet in a modern laboratory with scientific instruments in the background considering how to use the ISO 17025 decision rule

Decision rules help keep your lab from making bad calls on conformity. When you say something passes or fails, you’re making a decision that affects your customer and their products—sometimes in a big way.

The risk of getting it wrong is real. Without the right decision rules, you could end up with false accepts or false rejects. False acceptance means you pass something that should’ve failed; false rejection means you fail something that actually meets the requirements.

These errors even have official names. PFA is the probability of false accept. PFR is the probability of false reject. Both are headaches, but false acceptance is especially risky for consumers, since bad products could slip through.

Decision rules give you a framework for including measurement uncertainty when you make conformity calls. Every measurement has some uncertainty. If you ignore that, you’re just inviting mistakes.

ISO 17025 pushes you to document and use decision rules for good reasons. They help you:

  • Stay consistent across tests and calibrations
  • Let your customers know what the risks are
  • Protect your lab from liability
  • Meet accreditation requirements
  • Keep trust in your measurement results

When customers want conformity statements, they need to know how you got there. Decision rules provide that transparency and show you took uncertainty into account before making the call.

Decision Rule vs. Statement of Conformity: What Is the Difference?

Two professionals discussing documents and data in a modern office setting with charts and technical reports on the table considering how to use the ISO 17025 decision rule

A statement of conformity tells your customer if an item passed or failed. The decision rule is the method you use to make that call. The decision rule factors in measurement uncertainty and sets your acceptance criteria, but the statement of conformity is what actually shows up on your certificate as the final answer.

What Is a Statement of Conformity?

A statement of conformity is your lab’s official answer on whether a measured item meets the requirements. You put this on the calibration certificate—usually as a simple pass or fail. It’s a straightforward answer: does it meet the spec, or not?

ISO/IEC 17025:2017 says that when you provide these statements, you need to document how you got there. Typical statements are “Conforms,” “Does Not Conform,” or “Indeterminate.” These carry both technical and legal weight for your customer.

Your conformity statement has to show whether you considered measurement uncertainty. You can’t just say pass or fail without explaining how you reached that conclusion. This protects both you and your customer from arguments down the road.

What Is a Decision Rule

A decision rule is the documented method you use to interpret measurement results for conformity. It defines how you factor in measurement uncertainty when comparing results to the limits. The rule should be statistically valid and used consistently.

You pick a decision rule based on the risk level that fits the job. Guard banding is a popular approach—it narrows the acceptance zone by the uncertainty. Other options include simple acceptance, shared-risk models, or probability-based rules from ILAC G8 or JCGM 106.

ISO/IEC 17025 expects you and your customer to agree on the decision rule before starting the work. You need to document which rule you used and stick with it for similar measurements.

Simple Difference

The decision rule is how you get there. The statement of conformity is the final answer.

You use the decision rule during analysis to decide if the measured value falls within acceptable limits after accounting for uncertainty. When you finish, you put the statement of conformity on the certificate. One is the process, the other is the outcome.

Without a decision rule, your conformity statement doesn’t have a technical foundation. Without a conformity statement, the decision rule doesn’t really mean much to the customer. You need both to meet ISO/IEC 17025 requirements for conformity assessment.

When Is a Decision Rule Required Under ISO/IEC 17025?

Laboratory technicians in white coats working with precision measurement instruments and analyzing data on digital screens in a modern lab considering how to use the ISO 17025 decision rule

You need a decision rule under ISO/IEC 17025:2017 whenever you provide a statement of conformity in your test or calibration reports. Basically, if you’re telling a customer whether their item passed or failed, met the spec, or was in/out of tolerance, a decision rule is required.

Clause 7.1.3 says that when a customer wants a conformity statement, you must clearly define both the spec or standard and the decision rule. You’ve got to communicate the decision rule to the customer and get their sign-off, unless it’s already included in the requested spec or standard.

When a customer requests a pass/fail, complies/does-not-comply, or in-tolerance/out-of-tolerance statement, the applicable decision rule should be clarified during the ISO 17025 tender request process before the work begins.

Clause 7.8.6 says you need to document your decision rule when you provide a conformity statement. You’ve got to consider the risk level and apply the rule consistently.

You don’t need a decision rule if you:

  • Just report measurement results and uncertainty, with no conformity statement
  • Don’t tell customers if items passed or failed
  • Don’t compare results to specs or limits

You do need a decision rule if you:

  • State pass/fail on test reports
  • Declare in tolerance/out of tolerance on calibration certificates
  • Say whether something meets or doesn’t meet the spec
  • Compare measurement results to acceptance criteria

This applies to both test and calibration labs. You should document your decision rule in your reports—usually in the notes, comments, or disclaimer section.

Where ISO 17025 Decision Rules Show Up in the Laboratory Process

Decision rules need to be part of your lab’s workflow at specific points to tick all the ISO 17025 boxes. They pop up from the first customer contact all the way through to the final certificate, and each step has its own requirements for action and documentation.

During Request, Tender, and Contract Review

You’ve got to sort out decision rules when you’re reviewing contracts—before you take on work that needs conformity statements. That’s when you figure out if the customer wants a pass/fail answer or a statement about meeting a spec. Your contract review should document which decision rule you’ll use and confirm the customer understands how measurement uncertainty plays into the conformity statement.

If the customer asks for a specific decision rule or acceptance zone, you need to check that your lab can actually deliver with your current uncertainty. If your uncertainty is too high compared to the tolerance, you might have to turn down the work or negotiate different criteria. Better to tackle that up front than argue later when results land in the gray zone near the spec limits.

During Method Selection and Technical Review

Your measurement method choice directly affects which decision rules you can realistically use. Methods with lower uncertainty give you more leeway and lower your risk of failing good items or passing bad ones. When you’re picking or validating a method, check if the uncertainty budget supports the decision rules your customers usually want.

Technical review needs to confirm the selected decision rule fits the method’s capabilities and the specified tolerance limits. If you’re using guard banding, make sure your acceptance zone (tolerance minus uncertainty) is wide enough for meaningful conformity statements. If your method’s uncertainty is close to or bigger than the tolerance, it might not be right for conformity statements at all.

During Measurement Uncertainty Evaluation

You need quantified measurement uncertainty for decision rules to work. You can’t apply guard banding or assess conformity risk if you don’t know the expanded uncertainty for each measurement. Make sure your uncertainty evaluation is complete and documented before making any conformity statement on reports or certificates.

The uncertainty budget sets your actual acceptance zone. With guard-banded rules, you subtract the expanded uncertainty from the spec limits to make those boundaries tighter. You have to do this for every measurement point where you’ll assess conformity—not just once per type of instrument.

Before applying a pass/fail or conformity rule, the laboratory needs a defensible evaluation of ISO 17025 measurement uncertainty, because uncertainty describes the doubt associated with the reported result.

During Reporting of Results

Test reports and calibration certificates need to state the decision rule you used whenever you include conformity statements. ISO 17025 expects you to show if you considered measurement uncertainty in the conformity assessment and mention exactly which rule or reference you followed. You might write something like: “Conformity determined using guard-banded limits per ILAC G8:09/2019.”

For calibration laboratories, the conformity statement and decision rule should also be reviewed as part of the broader ISO 17025 calibration certificate requirements.

Reports should lay out the measured value, expanded uncertainty, specification limits, and the conformity statement (“Conforms” or “Does Not Conform”). This way, customers and auditors can see exactly how you reached your conclusion. If you leave out uncertainty details or make things vague, you’ll probably confuse customers and risk audit findings.

Tolerance, Specification Limits, and Acceptance Limits Explained

Tolerance limits set what the customer wants, while acceptance limits are what you actually use to decide pass or fail. Sometimes these match, sometimes they don’t—it depends on your decision rule and how you handle measurement uncertainty.

Tolerance Limit or Specification Limit

A tolerance limit (or specification limit) is the maximum permissible error (MPE) that marks the edge of acceptable performance for a device. Usually, your customer or a regulatory standard defines this value. It’s just the upper or lower bound of what you’re allowed.

Say a voltage standard has a tolerance of ±100 μV—if you measure anything in that range, you’re within spec. Tolerance limits don’t factor in measurement uncertainty; they just say what’s acceptable for function or safety.

Manufacturers, industry standards, or contracts lay out these specification limits. They define “in-tolerance” and “out-of-tolerance” before you apply any decision rule.

Acceptance Limit

An acceptance limit is what your lab uses to decide conformity after you consider measurement uncertainty. This is the real cutoff for pass/fail. Sometimes the acceptance limit equals the tolerance limit (AL = TL), but often it’s tighter for a safety margin.

If you use a rule like guard banding, you make the acceptance zone narrower than the spec. For example, with a tolerance of ±100 μV and expanded uncertainty of 8 μV, your acceptance interval might shrink to ±92 μV. That leaves a rejection zone between ±92 μV and ±100 μV—results in that zone fail due to uncertainty, even though they’re inside the spec.

The acceptance criteria you pick sets your risk level when declaring conformity.

Why This Difference Matters

When you tighten acceptance limits compared to tolerance limits, you protect both yourself and your customer from false acceptance. If you just set AL = TL and ignore uncertainty, you and the customer share the risk—anything near the edge could go either way, and you can’t really know.

If you shrink the acceptance zone by the amount of uncertainty, you get statistical confidence in each conformity statement. This way, the chance of calling a nonconforming item conforming drops below 2% in consumer-risk models. Guard banding helps make sure every “pass” stands up in an audit.

Different industries want different levels of protection. Aerospace, for example, demands tight acceptance intervals, while general industrial calibration might be fine with shared-risk.

How Measurement Uncertainty Affects Statements of Conformity

Measurement uncertainty always affects your ability to make conformity statements. No measurement is truly exact. The real value sits somewhere within a range around what you measured.

Expanded uncertainty marks out this range at a certain confidence level. Usually, you report expanded measurement uncertainty at 95% confidence (U95 or C95). That tells you and your customer where the true value probably lies.

Understanding the Impact on Conformity Decisions

When you compare a result to a specification limit, uncertainty creates a gray area. If your result sits close to the limit, the expanded uncertainty might overlap the boundary. That overlap means you can’t say for sure if the item passes or fails.

Standard uncertainty is the basic value before you apply a coverage factor. You get expanded uncertainty by multiplying standard uncertainty by a coverage factor (usually 2 for a normal distribution).

Risk Considerations

Your Test Uncertainty Ratio (TUR) shows how your measurement uncertainty stacks up against the tolerance. A higher TUR means uncertainty doesn’t matter as much for your conformity decisions. When TUR is low, you’re more likely to make the wrong call.

There are two main risks with conformity statements: you might accept something that should fail, or reject something that should pass.

Your decision rule has to account for expanded measurement uncertainty when you state conformity. If you ignore uncertainty, you risk making false statements that could impact your customers and their products.

Common Types of ISO 17025 Decision Rules

Labs pick different decision rules based on their risk tolerance, industry, and the size of measurement uncertainty compared to the spec limits. Each rule deals with the zone of uncertainty in its own way, changing how you report pass, fail, or indeterminate results.

There is no single decision rule that is appropriate for every testing or calibration situation. The rule selected should reflect the applicable specification, customer requirements, regulatory requirements, measurement uncertainty, and the risk of an incorrect conformity decision. For more detailed guidance on guard bands, decision risk, decision-rule selection, and documentation, laboratories can refer to the ILAC G8 Guidelines on Decision Rules and Statements of Conformity.

Simple Acceptance Rule

With simple acceptance, you compare your measured value straight to the spec limits—no adjustment for uncertainty. If it’s inside, it passes. If not, it fails.

This is the easiest method. No tricky math or moving the boundaries. The risk of false acceptance or rejection is split between you and your client.

When to use: Simple acceptance makes sense when your measurement uncertainty is tiny compared to the tolerance. ILAC G8 and UKAS LAB 48 recommend it when the Test Uncertainty Ratio (TUR) is over 4:1.

Risk consideration: Consumer and producer risk are about equal. Your client accepts this shared risk when you both agree to use this rule in the contract.

Guard-Banded Decision Rule

Guard banding narrows your acceptance zone by subtracting measurement uncertainty from the spec limits. This gives you a safety buffer and lowers the chance of accepting something that doesn’t meet the standard.

Your acceptance limits get stricter than the actual spec. For an upper limit, subtract the expanded uncertainty; for a lower limit, add it. If results land in the guard band, you handle them specially.

Example application:

ElementValue
Specification limit90.0–110.0%
Expanded uncertainty (U)±2.5%
Guarded lower limit92.5%
Guarded upper limit107.5%

Results between 90.0–92.5% or 107.5–110.0% fall in the guard band. You usually report these as conditional or indeterminate, or maybe “pass*” with a note about the uncertainty overlap.

ILAC-G8:09/2019 and A2LA G136 both see guarded acceptance as a conservative move. This method puts consumer protection first by cutting down false acceptance risk.

Shared Risk Decision Rule

The shared risk approach treats the uncertainty zone evenly around each spec limit. You accept results inside the limits, even if the uncertainty range spills a bit outside.

This rule splits producer and consumer risk more fairly than guard banding. If your measured value plus or minus uncertainty crosses a spec limit, you recognize the overlap but still make a binary decision based on the measured value alone.

Key characteristics:

  • Neither side takes on all the risk
  • Easier to explain than guard banding
  • Needs clear documentation of the shared risk agreement
  • Works when both parties want balanced protection

EUROLAB says you have to get explicit client agreement for this rule. Be sure to note the shared risk deal in your contract review and mention it on your test reports.

Binary Decision Rule

Binary decision rules give you just two options: pass or fail. You don’t report conditional results, even if uncertainty makes things fuzzy near the limits.

Your lab makes a clear conformity call using your chosen decision method (simple acceptance, guard band, etc.). The binary approach is simple, but you have to be careful about how you handle uncertainty.

Report format:

  • Conforming (pass)
  • Non-conforming (fail)

This fits in regulated industries where conditional statements aren’t allowed or just cause headaches. Pharmaceutical testing, for example, often needs a clear yes/no for batch release.

Be sure to say which decision rule you used (simple acceptance, guard band, etc.) to reach your conclusion. Without that, auditors and clients can’t tell if you handled uncertainty the right way.

Non-Binary Decision Rule

Non-binary rules let you report more than just pass or fail when uncertainty muddies the waters. You might say pass, fail, pass*, fail*, or indeterminate, depending on how the result and its uncertainty stack up against the spec limits.

Typical outcome categories:

OutcomeMeaning
PassResult clearly within specification, even with uncertainty
Pass*Result within specification but uncertainty extends beyond limit
Fail*Result outside specification but uncertainty extends into acceptable zone
FailResult clearly outside specification, even with uncertainty
IndeterminateCannot make reliable conformity statement with current uncertainty

ILAC G8 says non-binary reporting works when clients want to know about borderline results. This way, you can be upfront about what’s really going on with the measurement.

If you report pass* or fail*, explain what that means. Add a note like “uncertainty range overlaps specification limit” so clients get the conditional nature of your conclusion. Non-binary rules are best when clients can act on conditional results—maybe retest, do a risk assessment, or dig deeper with engineering review.

Frequently Asked Questions

Labs run into practical questions about decision rules every time they look at conformity. The answers depend on how you handle uncertainty, talk about risk, and document your approach in the quality system.

What is a decision rule and when must it be agreed with the customer?

A decision rule is just how your lab turns a measured result (plus its uncertainty) into a pass or fail against a spec limit. You have to agree on this rule with your customer during contract review, before you start testing or calibration.

ISO/IEC 17025:2017 wants you to document this agreement under clause 7.1.3. The agreement should cover the spec limit you’ll use, the uncertainty you’ll report, and how you’ll handle borderline results. If a product standard already spells out the rule, just use that and note it as the agreed basis.

You can’t change the decision rule after you issue results unless the customer agrees. Mixing different rules for items on the same report just confuses things and will raise eyebrows during audits.

How should measurement uncertainty be considered when making conformity decisions?

You have to factor measurement uncertainty into every conformity decision. Ignoring it isn’t an option.

The simplest way is to compare the measured value directly to the tolerance limit, without adjusting for uncertainty. It’s fast, but risky when results are close to the limit. A more cautious approach uses a guard band, shrinking the acceptance zone by the uncertainty amount.

Your lab should decide how to handle uncertainty before you even measure. Write down the expanded uncertainty value you’ll use, usually at 95% confidence. Stick with the same approach for all conformity statements in the same job.

What are common acceptance decision rules and how do they differ in risk?

The main decision rules are simple acceptance, guarded acceptance, and shared risk. Each one splits the risk of mistakes differently between you and your customer.

Simple acceptance says pass if the measured value is inside the tolerance, no matter the uncertainty. That gives you the biggest acceptance zone but ups the chance of accepting a non-conforming item near the edge.

Guarded acceptance applies a guard band equal to the expanded uncertainty. You only say pass if the result plus uncertainty is still inside the tolerance. This protects against false acceptance but means you’ll reject more results near the boundaries.

Shared risk splits the uncertainty down the middle. You say pass if the measured value is inside the limit, even if the uncertainty band crosses it. This balances consumer and producer risk, but you need a clear agreement with the customer.

How do you write a clear statement of conformity on a test or calibration report?

When you’re writing a statement of conformity, spell out the requirement you tested against, the decision rule you used, and the results the statement covers. Keep it straightforward and specific.

Begin with the specification reference—mention the document number, revision, and clause if that applies. Then, state the conformity in plain language: “The item meets the requirements of [specification]” or “The item does not meet the requirements of [specification].”

Right after your conformity claim, explain the decision rule. For example: “We evaluated conformity using a guarded acceptance rule; the item is compliant only when the measured value, including expanded uncertainty, stays within the specified limit.” If the results land in a boundary zone, you need to say the conformity status is inconclusive.

What is a practical example of applying a decision rule to specification limits?

Imagine you have a dimension with an upper tolerance limit of 50.00 mm, and the expanded uncertainty is 0.15 mm. Your lab measures 49.90 mm.

With simple acceptance, you just compare 49.90 mm to 50.00 mm. Since it’s inside the limit, you call it a pass. If you use guarded acceptance, you set an acceptance limit at 50.00 mm minus 0.15 mm (so, 49.85 mm). Then, you add the uncertainty to the measured value: 49.90 mm plus 0.15 mm equals 50.05 mm. That’s over the tolerance limit, so you can’t declare pass with the guarded rule.

Now, if you measure 49.80 mm with the same uncertainty, the guarded acceptance check is 49.80 mm plus 0.15 mm, which is 49.95 mm. That’s less than 50.00 mm, so you can declare pass. Which rule you use really changes things when results are close to the limit.

How do you document and justify the selected decision rule within the management system?

You’ll need to document the decision rule in at least three spots in your management system. First, define your available decision rules in a procedure that covers conformity statements. Second, record which rule you agreed on for each job in your contract review or job order records. Third, include the rule on the test or calibration report itself.

Your procedure should explain why each rule is on offer. Guarded acceptance helps reduce false accept risk, which is pretty important in safety-critical work. Simple acceptance might make sense if customers are okay with more decision uncertainty. It’s good practice to document your reasoning so auditors and customers see your logic.

Keep records of customer agreements in your contract review file. This record should lay out the specification limit, chosen decision rule, uncertainty basis, and any special instructions for results in the gray area. If a customer ever disputes a conformity decision, you can go back to this agreement to back up your call.

Conclusion

Decision rules give you a practical way to deal with measurement uncertainty when making conformity statements. They don’t just protect your lab—they help your customers avoid headaches from wrong calls.

Choosing the right decision rule? That depends on your customer’s needs and whatever the industry throws at you. Sometimes a basic acceptance rule is fine for quick screening, but if you’re working in a regulated space, you’ll probably need to use guard-banded methods that factor in uncertainty.

Your lab should document three main things:

  • Which decision rule you picked
  • How you worked measurement uncertainty into your decision
  • The conformity statement you put in your certificate

You need to talk with your customer up front—before you get started. Agree on the decision rule during contract review, then spell it out clearly in your report. This kind of transparency helps everyone stay on the same page and keeps auditors happy.

Guard banding shrinks your acceptance zone by the measurement uncertainty. It’s a cautious approach, but it keeps false acceptances to a minimum—which is pretty important if you’re calibrating for aerospace, defense, or medical devices.

Stick with the same rule type for similar measurements. Write down your procedures and make sure your team actually follows them.

When you use decision rules properly in your calibration certificates, they become a lot more meaningful. Your customers know exactly how confident they can be in your pass/fail calls. Assessors see you’re meeting ISO 17025 requirements for conformity assessment. And honestly, your lab gains credibility by making decisions that are transparent, well-documented, and actually line up with standards like ILAC G8 and JCGM 106.

🕒 Book Your Free 45-Minute Consultation

Have questions about ISO/IEC 17025 or ISO 9001 implementation or accreditation? Schedule a free 45-minute consultation with me to discuss your Company or laboratory’s needs and how we can achieve compliance together.

Schedule Your Consultation

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *