ISO 5667-24:2016

INTERNATIONAL ISO
STANDARD 5667-24
First edition
2016-04-01
Water quality — Sampling —
Part 24:
Guidance on the auditing of water
quality sampling
Qualité de l’eau — Échantillonnage —
Partie 24: Lignes directrices pour l’audit de l’échantillonnage de la
qualité de l’eau
Reference number
©
ISO 2016
© ISO 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2016 – All rights reserved

Contents Page
Foreword .v
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Multiple audits . 4
5 Auditing objectives . 5
6 Internal audit objectives . 6
7 External audit objectives . 6
8 Identification of the critical factors in the water quality sampling process.6
8.1 Identification of critical operational steps . 6
8.2 Audit prioritization exercise . 7
8.3 Unscheduled observations. 7
8.4 Follow-up actions. 8
9 Risk-based versus judgement-based approaches to auditing . 8
9.1 General . 8
9.2 Risk-based auditing. 8
9.3 Judgement-based auditing . 9
9.4 Auditing assumptions . 9
10 Document auditing . 9
10.1 Sampling programme and sampling practitioner/operative instruction documents . 9
10.2 Sampling manual . 9
10.2.1 General. 9
10.2.2 Contents . .10
10.2.3 Format .11
10.2.4 The laboratory interface.12
10.3 Training policy .13
10.4 Sampling record sheets .13
10.5 Labels .13
10.6 Chain of custody records .14
10.7 Laboratory receipts .15
10.8 Assessment of documents before the field assessment.15
10.9 Assessment of completed documents .15
10.10 Policy on statements of uncertainty .16
11 Real-time audit .16
11.1 Audit forms .16
11.2 Field observation .16
11.3 Real-time risk-based auditing (see also 9.2) .17
11.4 Real-time judgement-based auditing (see also 9.3) .17
11.5 Evidence of internal audits .17
12 Design of an audit plan.17
12.1 Consultation with the responsible person .17
12.2 Pre-audit questionnaire .17
12.3 Plan design .18
12.4 Audit practice .18
12.4.1 Staff competence assessments.18
12.4.2 Supervision .18
12.4.3 Equipment .19
12.4.4 Handling of samples . .19
12.4.5 Individual sample records .19
12.4.6 Tracking of samples .20
12.5 Quality assurance and control issues (see ISO 5667-14) .20
13 Conduct of field assessments .20
13.1 General .20
13.2 Sample location verification .21
13.3 Identification .22
13.4 The use of photographs in field assessment.22
14 Audit methodology .22
14.1 General .22
14.2 Conduct of the audit .22
14.3 Reviewing the audit plan .23
14.4 Real-time assessment .24
14.4.1 General.24
14.4.2 Pre-audit meeting .24
14.4.3 Opening meeting .24
14.4.4 Traceability assessments before real-time audit .24
14.4.5 Observation procedures .24
14.4.6 Assessing conformity with temperature control during the audit .25
14.4.7 Auditing of photographic evidence .25
14.4.8 Interpretation of audit data .26
14.4.9 Recording nonconformity .26
15 Assignment of the audit report and the closure meeting .26
16 The audit report and statement of findings .27
16.1 The report .27
16.2 Statement of findings . .28
16.3 Audit conclusions .28
16.4 Statement of recommended actions .28
17 Outline flow diagram of audit process .30
Annex A (informative) Audit forms .32
Annex B (informative) Suggested procedures for monitoring temperature control .95
Annex C (informative) Measurement of uncertainty associated with sampling practices .96
Bibliography .97
iv © ISO 2016 – All rights reserved

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical
Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/TC 147, Water quality, Subcommittee SC 6, Sampling
(general methods).
ISO 5667 consists of the following parts, under the general title Water quality — Sampling:
— Part 1: Guidance on the design of sampling programmes and sampling techniques
— Part 3: Preservation and handling of water samples
— Part 4: Guidance on sampling from lakes, natural and man-made
— Part 5: Guidance on sampling of drinking water from treatment works and piped distribution systems
— Part 6: Guidance on sampling of rivers and streams
— Part 7: Guidance on sampling of water and steam in boiler plants
— Part 8: Guidance on the sampling of wet deposition
— Part 9: Guidance on sampling from marine waters
— Part 10: Guidance on sampling of waste waters
— Part 11: Guidance on sampling of groundwaters
— Part 12: Guidance on sampling of bottom sediments
— Part 13: Guidance on sampling of sludges
— Part 14: Guidance on quality assurance and quality control of environmental water sampling and handling
— Part 15: Guidance on the preservation and handling of sludge and sediment samples
— Part 16: Guidance on biotesting of samples
— Part 17: Guidance on sampling of bulk suspended solids
— Part 19: Guidance on sampling of marine sediments
— Part 20: Guidance on the use of sampling data for decision making — Compliance with thresholds and
classification systems
— Part 21: Guidance on sampling of drinking water distributed by tankers or means other than
distribution pipes
— Part 22: Guidance on the design and installation of groundwater monitoring points
— Part 23: Guidance on passive sampling in surface water
— Part 24: Guidance on the auditing of water quality sampling
vi © ISO 2016 – All rights reserved

Introduction
The sampling and analysis of drinking water supplies is one of the key elements in the protection of
public health. Environmental sampling from rivers and other surface waters; sampling of discharges
such as treated sewage effluents and trade discharges; and sampling of water used for non-potable
purposes can also have a significant impact on public health, occupational hygiene and asset durability.
One of the major sources of error in gathering water quality monitoring data can be the sampling
process. Poor sampling practices create problems for those interpreting results and can lead to costly
and incorrect decisions. Failure to manage factors such as Cryptosporidium levels in drinking water,
pneumonia caused by Legionella and heating system corrosion are examples of where failures of quality
control/assurance in the sampling process can lead to expensive and potentially life-threatening
consequences.
Auditing of water quality sampling identifies both positive and negative attributes of the management
chain. Thus, the goal of a sampling audit is to emphasize the effectiveness of “best practice” and to build
up a knowledge base to allow its dissemination within the organization.
No audit is ever intended to cover every aspect of water quality sampling and it is advisable to adopt
a risk-based approach to designing the audit programme to ensure that high-risk issues are covered
more frequently, and in greater depth, than low-risk issues. For example, it is essential that all high-level
documentation, which covers sampling policy and strategy, training policy and health and safety policy,
is checked during the first audit, along with its implementation on the ground. Where implementation
documents are also produced at a high-level (sampling manuals, training manuals, etc.) they might be
regarded as high-level documents for the purpose of designing the audit programme. Providing there
are no issues arising, this documentation would only need detailed checking on subsequent audits if
any changes have been made during the interim. However, it would still be prudent to check that any
issues identified during the initial audit have been addressed satisfactorily; that any other changes are
appropriate; and that the circumstances of sampling have not changed in such a way that a revision of
these high-level documents is needed.
Larger organizations might wish to either audit fully high-level documentation at regular interims
(e.g. every four years) or to audit different parts of the documentation on a rolling programme. They
might also wish to consider a regular programme of auditing the dissemination of changes to high-level
documentation as these could take time to work their way down to the sampling practitioners/operatives
and their managers, especially where there is a large geographical spread and sampling is not the main
function. This is rarely a problem in small organizations where the person responsible for writing the
high-level documents is usually also responsible for managing, if not carrying out, the sampling.
Risks of nonconformity at sampling locations can vary markedly, and the frequency and extent of each
audit needs to reflect this. Some organizations sample only in very closely controlled environments,
where purpose-built sampling taps are provided. Here the risk of nonconformity is very low, but, at
the same time, a very high degree of conformity can be expected. Other organizations take samples in
environments which vary and which are often far from ideal, making compromise necessary. The audit
might identify a number of risks of nonconformity with the documented procedures, but allowances
have to be made for any guidance given to the sampling practitioner/operative and the process by
which a satisfactory compromise is reached and recorded.
The key point in designing an audit programme is to ensure that the effort spent on auditing is
proportional to the risk and the size of the organization. The programme is therefore refined in the
light of experience.
INTERNATIONAL STANDARD ISO 5667-24:2016(E)
Water quality — Sampling —
Part 24:
Guidance on the auditing of water quality sampling
IMPORTANT — It has been assumed in the preparation of this International Standard that the
execution of its provisions will be entrusted to appropriately qualified and experienced people,
for whose use it has been produced.
1 Scope
This part of ISO 5667 provides an audit protocol to monitor conformity with declared, or assumed,
practices in all areas of water quality sampling. Specifically, this part of ISO 5667 provides guidance on
the systematic assessment of sampling practices and procedures in the field, and assessing conformity
with those given in the organization’s sampling manual. It is applicable to the audit of sampling activities
from the development of a sampling manual through to the delivery of samples to the laboratory.
NOTE 1 The design of the sampling manual is the prerogative of the data user and this part of ISO 5667 is not
intended to deliver criticism of a manual’s structure.
This part of ISO 5667 is applicable to sampling practices associated with wastewaters, including
discharges to water bodies, environmental monitoring, potable water supplies from source to tap,
commercial and industrial uses of water, and power generation.
This part of ISO 5667 is applicable to the auditing of sampling practices relevant to the management
of water stored in containers, such as temporary supply tanks and bottled supplies. However, it is not
applicable for the auditing (or calibration and maintenance) of on-site test equipment or kits.
NOTE 2 BS 1427 covers water test kits used “in the field”.
The following sampling occasions are excluded from both the field- and desk-audit procedures set out
in this part of ISO 5667:
a) chemical and microbiological incidents, which are investigated by agencies such as the emergency
services, e.g. where an immediate risk to the health of the sampling practitioner/operative is evident;
b) radiochemical sampling of water quality, other than that specified as a routine requirement under
[9][10][11][12]
the UK Water Supply (Water Quality) Regulations, i.e. radiochemical incidents which
are investigated by agencies such as the emergency services.
Informative Annex A contains a series of forms to assist with auditing. These are for guidance only.
Informative Annex B gives procedures for monitoring temperature control, while Informative Annex C
provides guidance on measuring the uncertainty associated with sampling practices.
2 Normative references
There are no normative references cited in the document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
audit
formal examination of the organization’s processes and procedures as a means of identifying critical
operational risk to sample and data integrity generated during the collection of samples
Note 1 to entry: ISO 19011 can be used for auditing of sampling.
Note 2 to entry: ISO/IEC 17025:2005, 5.7, introduces specific requirements for sampling.
3.2
audit conclusion
overall conclusion of the impact of water quality sampling practice on data quality
Note 1 to entry: Such a statement can be judgemental rather than based on any statistical consideration, and
depends on the audit plan.
3.3
audit coordinator
member of the audit team nominated to liaise with the responsible person and to coordinate the overall
audit process where an audit involves more than one auditor
3.4
audit detection risk
probability that the audit will not identify a nonconformity during the period of assessment
Note 1 to entry: BS 4778–3.1:1991 defines risk as a “combination of the probability, or frequency, of occurrence
of a defined hazard and the magnitude of the consequences of the occurrence.” A mathematical interpretation of
this definition is risk = hazard × probability of the hazard happening.
3.5
auditor
person who undertakes an audit of the organization’s documented water quality sampling practices
and procedures and reports on conformity to these
Note 1 to entry: Ideally, the auditor will have operational experience of the type of work being carried out by
those being assessed.
3.6
audit plan
plan designed to evaluate conformity with a predetermined set of criteria
Note 1 to entry: The plan can be solely or a combination of risk-based and judgemental components.
3.7
audit prioritization
process where, for the purposes of constructing an audit plan, a single or multiple risk factor is identified
in the sampling regime as requiring further investigation
3.8
conformity
occasion when the observed practice matches the objectives and prescribed techniques set out in the
relevant sampling procedure/policy
3.9
controlled document
document controlled as part of a quality assurance scheme
3.10
data quality risk
expression of a failure in sampling practice(s) likely to impact on the results of the sample testing
and/or their interpretation
2 © ISO 2016 – All rights reserved

3.11
data user
person who uses information gathered during the sampling process
3.12
delivery
transport and custody transfer of the sample as accounted for by a documented process
Note 1 to entry: This can take the form of a sign-off sheet (including that for field measurements) or a vehicle log.
Where unattended overnight storage of the samples is deemed the point of handover to the laboratory, custody
proof of delivery is regarded as documentary evidence of deposit.
3.13
information provider
person, who can be the responsible person, from whom an auditor can obtain information during the
execution of an audit
3.14
judgement-based auditing plan
plan where the audit detection risk cannot be measured statistically
3.15
laboratory
location where a sample is assessed or analysed for the parameter of interest
Note 1 to entry: This could include, for example, the point at which a field test is performed, and covers mobile
laboratories. BS 1427 distinguishes between tests that can be performed without a dedicated room as on-site
tests and tests that need a designated test room/facility because the tests require high temperatures, hazardous
reagents, etc.
3.16
nonconformity
occasion when the observed practice does not meet the objectives and prescribed techniques set out in
the sampling policies and procedures, and requires mitigation
3.17
real-time audit
audit processes separate from document auditing
Note 1 to entry: For example, observing practices and processes in the field.
3.18
responsible person
person nominated by the organization to provide the appropriate interface with the auditor
Note 1 to entry: The responsible person may or may not have overall control of sampling quality and logistics.
Note 2 to entry: A responsible person in the context of ISO 5667-24 is not the same as the responsible person
under good manufacturing practice.
3.19
risk-based auditing plan
plan where the audit detection risk can be statistically measured
3.20
sampling
collection of water or related material for quality determination purposes
3.21
sampling manual
document or series of written protocols which set out the manner in which samples are to be collected
Note 1 to entry: A sampling manual, which precisely defines how the data will be collected by the sampling
practitioner/operative(s) is necessary to ensure the data are provided in the correct form to conform to a
sampling programme. It is prescriptive to the organization and provides detailed instructions to the sampling
practitioner/operative taking the samples. The document(s) may or may not be controlled.
3.22
sampling occasion
process of collecting a sample from a designated point, starting at the point of receiving an instruction
to take the sample and ending with the delivery of the sample to a laboratory
3.23
sampling operative
person who takes samples, but not necessarily at practitioner level
3.24
sampling practitioner
person who specifies the sampling requirements, but is also able to take samples
3.25
sampling programme
scheme which sets out a data need and how it is to be used
3.26
sampling schedule
written instruction which defines the number and type of samples to be taken within a defined
geographical area over a predetermined period of time, usually based on the sampling programme
3.27
uncontrolled document
document not controlled as part of a quality assurance scheme
3.28
unscheduled action
breach of procedure documented in the sampling manual, which has not been identified as a risk factor
but which (in the judgement of the auditor) represents a nonconformity
EXAMPLE For example, a sampling practitioner/operative might carry out a practice which (in the opinion
of the auditor) is a risk to sample integrity but is not prohibited by the sampling manual.
3.29
unscheduled observation
observation made by the auditor to allow a categorical statement to be made in the audit report to
address a specific concern
EXAMPLE Stating that a particular process was completed satisfactorily on all observed occasions.
4 Multiple audits
Most audits are likely to involve a single auditor. However, situations might arise when an audit
involves more than one auditor; for example, where multidisciplinary audits or multiple audits are
being carried out. In such cases, a member of the audit team should be nominated to liaise with the
responsible person and to coordinate the overall audit process. They would be the main point of contact
between the audit team and the responsible person and would be responsible for arranging the various
meetings, for consolidating the audit report, and for coordinating responses to any follow-up actions on
recommendations arising from the audit.
4 © ISO 2016 – All rights reserved

Prior to the audit the audit coordinator and the responsible person would need to set out the audit
objectives, which would then be communicated to the other members of the audit team along with an
outline audit plan. The audit team would then need to prepare a consolidated pre-audit questionnaire
so that the audit coordinator can arrange with the responsible person for the various documents to be
distributed as appropriate. Each team member would be responsible for completing the relevant audit
assessment forms for their section(s) of the audit and the completed forms would be brought together
by the audit coordinator to form the audit report and statement of findings. All members of the audit
team should attend the opening and closure meetings.
5 Auditing objectives
Before drafting an audit plan, the auditor (or audit coordinator in the case of an audit team) and the
responsible person need to agree on the objectives of the audit. This would usually take the form of an
iterative process between both parties.
The primary purpose of setting such objectives is to determine whether the process of sampling imposes
any adverse impacts on data integrity. Thus, the objectives should be specific to the organization,
although, in general, auditing objectives tend to fall into two categories, namely:
a) those for internal audits used to examine the efficacy of standard operating procedures and
management control of a sampling process;
b) those for assessing conformity with stated objectives by a third party, such as an accreditation
body, or a different department within an organization.
The depth of the proposed audit also needs to be agreed; for example, establishing whether the audit is
intended to be a high-level assessment of the management system or a specific assessment of training
uptake in the field. A modular approach might therefore be more appropriate. This would reduce the need
for unnecessarily frequent reviews of the entire management process, where a shortened audit for routine
operator screening would be sufficient. It is recognized that some auditing objectives represent standing
issues, irrespective of the organization’s specific needs. For example, the need to ensure data integrity to
achieve the organization’s primary function (e.g. maintenance of public health). Conversely, a floating, or
transient, objective might be to concentrate the audit on the influences of a particular parameter grouping,
such as sampling for pesticides or microbiological quality in relation to a standing objective.
The objectives for an audit being carried out by an external body are likely to be defined by a need
to assess conformity with minimum requirements, possibly set out in a contract or as a statutory
obligation. However, for internal use the auditor is likely to be assessing matters for related, but
different, reasons (for example, determining training needs, or process preparedness in advance of an
external audit, or in response to a management objective for key performance indicators). Both external
and internal audits have the same primary objective of determining whether the process of sampling
imposes any adverse impacts on data integrity.
Examples of possible objectives are given as follows, although this is not an exhaustive list or a minimum
set of criteria:
a) to examine the efficacy of standard operating procedures and management control of a sampling
process for both routine and non-routine sampling;
b) to follow an audit plan designed to evaluate conformity with a predetermined set of criteria;
c) to identify strengths and weaknesses in training;
d) to check on the efficacy of established processes and protocols;
e) to address a particular problem identified through some other means, e.g. data quality issues;
f) to ensure that appropriate procedures and practices exist for different sample types;
g) to take account of sampling practitioner/operative health and safety;
h) follow-up from a previous audit to determine whether actions put in place have addressed
nonconformities identified;
i) in the case of external audits, for assessing conformity with stated objectives by a third party, such
as an accreditation body, or a different department within an organization;
j) to assess conformity to minimum requirements, possibly defined in a contract or as a statutory
obligation.
It is recommended that audit objectives are documented within the audit plan, using, for example,
Form A2 in Annex A.
6 Internal audit objectives
Internal audit objectives should recognize the need to improve sampling efficiency in terms of logistics,
while ensuring that sample integrity is maintained. Internal audit objectives should also include
consideration of the health and safety of the sampling practitioners/operatives. While these factors are
important to an organization, they might not be the primary concerns of a third party auditor whose
brief is to consider sampling in the context of a specific goal of the organization.
When planning an internal audit, agreement should be reached between the auditor and the manager
responsible for sampling so that the organization can gain the maximum benefit from the exercise.
For example, if a stated objective of the audit is to identify training needs, then it is important to have
prior agreement with the line manager on how the outcome of the audit is reported, so that staff
communication issues can be managed effectively.
It is equally important to establish audit objectives for conformity with the needs of opportunistic or
unscheduled sampling; for example, an incident involving a trade effluent spillage. Given the relative
rarity of such occasions, the process should always be evaluated if such an event occurs during an
internal audit.
7 External audit objectives
Third parties are likely to have undisclosed criteria for the detail of the audit and are unlikely, therefore,
to discuss detailed objectives with line managers. However, it is reasonable to expect broad audit
objectives to be given, which are either stated or obvious; for example, the protection of public health
though sampling integrity.
8 Identification of the critical factors in the water quality sampling process
8.1 Identification of critical operational steps
The auditor should identify critical operational steps in the sampling manual and adopted technical
guidance to highlight the most vulnerable sampling step in terms of:
a) chain of custody, as appropriate;
b) sample integrity;
c) introduction of unnecessary deviations of uncertainty;
d) whether the sample is representative of the body being sampled;
e) data transfer to data users;
f) storage, sample container, transport, sample conditions, and time from sample collection and analysis;
g) maintenance of sampling locations and sample characteristics.
6 © ISO 2016 – All rights reserved

NOTE These steps are not listed in any particular order.
8.2 Audit prioritization exercise
Before the real-time audit commences, it is recommended that the sampling process is examined as a
paper exercise in order to identify clearly the primary technical factors to be assessed during an audit.
Each step identified in the various data capture forms can then be allocated an audit prioritization.
Examples of such forms (A3, C1, C2 and C3) are provided in Annex A.
Ideally, the allocation of significance to these steps should be based on high or low risk to sample
integrity if the operation is not carried out as intended.
EXAMPLES
— High risk: washing preservative from a pre-prepared sample container.
— Low risk: the use of ice packs in a cool box, rather than a specified temperature-controlled compartment
in a vehicle.
The final assignment of significance should be based on the professional judgement of the auditor,
taking into account the specific sampling practice under examination. In the case of a multiple audit, the
auditing team would need to adopt a uniform approach towards their calibration of risk prioritization
in order to avoid introducing personal bias. This exercise could be carried out as a one-off occurrence
by an auditor or audit team and the risk levels assigned in advance for all subsequent audits, to be
reviewed periodically as required (e.g. at the beginning of a major audit exercise or when the audit
team changes).
Consideration of health and safety matters requires qualification of special risk assessments;
specifically, whether safety considerations compromise the sampling event, or vice versa. No sample is
worth breaching health and safety requirements.
Audit prioritizations should be documented and recorded within the data capture forms in order to
gain maximum benefit, especially if corrective actions are required. They should also link back to the
audit objectives (see Annex A, Form A2).
The auditor (or audit team) needs to look at situation-specific audit prioritizations when carrying
out the pre-audit exercise, as these might identify critical deviations that require immediate action
on completion of the audit. This is in contrast to other nonconformity rankings, which would need
amendment before the subsequent assessments.
EXAMPLES
— Correcting a particular sampling practitioner/operative’s habit of washing preservatives from a
pre-prepared bottle (high priority ranking) compared to certain types of labelling errors, which
might attract a lower ranking.
— Illegible labelling of routine samples, while a nuisance to the organization, can be regarded as a low
risk to data quality, because it is detectable and would allow the laboratory to reject the sample.
It is also recommended that the audit prioritization exercise includes a comparison by the auditor(s) of
the sampling locations visited against records and assessments made by the organization as part of its
sampling manual.
8.3 Unscheduled observations
During the course of an audit, situations could arise that are not covered fully by the audit obj
...