Technical: Iso/Tr 22758

TECHNICAL ISO/TR
REPORT 22758
First edition
2020-05
Biotechnology — Biobanking —
Implementation guide for ISO 20387
Biotechnologie — Biobanking — Guide de mise en oeuvre de l'ISO
20387
Reference number
ISO/TR 22758:2020(E)
© ISO 2020
ISO/TR 22758:2020(E)

COPYRIGHT PROTECTED DOCUMENT

© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: [email protected]
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved

ISO/TR 22758:2020(E)

Contents Page
Foreword...........................................................................................................................................................................................................................................v
Introduction................................................................................................................................................................................................................................. vi
1 Scope.................................................................................................................................................................................................................................. 1
2 Normative references....................................................................................................................................................................................... 1
3 Terms and definitions...................................................................................................................................................................................... 1
4 Background information for the development of ISO 20387.................................................................................. 1
4.1 General............................................................................................................................................................................................................ 1
4.2 Intended audience for ISO 20387 and this document........................................................................................... 2
4.3 Implementation of ISO 20387.................................................................................................................................................... 2
5 Fitness for the intended purpose (FIP) (ISO 20387:2018, 3.24) in biobanking.................................. 3
5.1 General............................................................................................................................................................................................................ 3
5.2 Fitness for the intended purpose and biological material and/or associated data
(BMaD) life cycle..................................................................................................................................................................................... 3
5.3 Factors affecting fitness for the intended purpose................................................................................................... 4
5.4 Determination of the pre-arranged requirements for FIP................................................................................. 5
5.5 Decision whether the biological material and associated data is truly fit for an
intended purpose................................................................................................................................................................................... 5
6 Process landscape................................................................................................................................................................................................ 5
7 Conformity with ISO 20387........................................................................................................................................................................ 7
7.1 Scopes of Conformity.......................................................................................................................................................................... 7
7.1.1 General...................................................................................................................................................................................... 7
7.1.2 Determination of the scope of conformity.................................................................................................. 7
7.2 Conformity Assessment (CA) Practices (General aspects and applicability for biobanks)... 8
8 Guidance on the interpretation of selected ISO 20387:2018 text parts...................................................... 8
8.1 General Requirements (ISO 20387:2018, Clause 4)................................................................................................ 8
8.1.1 General...................................................................................................................................................................................... 8
8.1.2 Impartiality (ISO 20387:2018, 4.2).................................................................................................................. 9
8.1.3 Confidentiality (ISO 20387:2018, 4.3)........................................................................................................... 9
8.2 Structural requirements (20387:2018, Clause 5)..................................................................................................... 9
8.2.1 General...................................................................................................................................................................................... 9
8.2.2 ISO 20387:2018, 5.1...................................................................................................................................................... 9
8.2.3 ISO 20387:2018, 5.3...................................................................................................................................................... 9
8.2.4 ISO 20387:2018, 5.5...................................................................................................................................................... 9
8.2.5 ISO 20387:2018, 5.7................................................................................................................................................... 10
8.2.6 ISO 20387:2018, 5.8, a)............................................................................................................................................ 10
8.2.7 ISO 20387:2018, 5.9................................................................................................................................................... 10
8.3 Resource requirements (ISO 20387:2018, Clause 6).......................................................................................... 11
8.3.1 General................................................................................................................................................................................... 11
8.3.2 ISO 20387:2018, 6.1.2............................................................................................................................................... 11
8.3.3 ISO 20387:2018, 6.2.1.2.......................................................................................................................................... 12
8.3.4 ISO 20387:2018, 6.2.1.4.......................................................................................................................................... 12
8.3.5 ISO 20387:2018, 6.2.2.1.......................................................................................................................................... 12
8.3.6 ISO 20387:2018, 6.2.2.3.......................................................................................................................................... 12
8.3.7 ISO 20387:2018, 6.2.3............................................................................................................................................... 12
8.3.8 ISO 20387:2018, 6.2.3.3.......................................................................................................................................... 12
8.3.9 ISO 20387:2018, 6.3................................................................................................................................................... 12
8.3.10 ISO 20387:2018, 6.3.2............................................................................................................................................... 13
8.3.11 ISO 20387:2018, 6.3.3............................................................................................................................................... 14
8.3.12 ISO 20387:2018, 6.3.5............................................................................................................................................... 14
8.3.13 ISO 20387:2018, 6.3.7............................................................................................................................................... 14
8.3.14 ISO 20387:2018, 6.4.1.1.......................................................................................................................................... 14
© ISO 2020 – All rights reserved iii

ISO/TR 22758:2020(E)

8.3.15 ISO 20387:2018, 6.4.1.5.......................................................................................................................................... 14

8.3.16 ISO 20387:2018, 6.4.1.6.......................................................................................................................................... 15
8.3.17 ISO 20387:2018, 6.5.1............................................................................................................................................... 15
8.3.18 ISO 20387:2018, 6.5.3............................................................................................................................................... 15
8.3.19 ISO 20387:2018, 6.5.6............................................................................................................................................... 15
8.3.20 ISO 20387:2018, 6.5.10............................................................................................................................................ 15
8.3.21 ISO 20387:2018, 6.5.11............................................................................................................................................ 15
8.3.22 ISO 20387:2018, 6.5.12............................................................................................................................................ 15
8.4 Process requirements (ISO 20387:2018, Clause 7).............................................................................................. 16
8.4.1 General................................................................................................................................................................................... 16
8.4.2 ISO 20387:2018, 7.1.1............................................................................................................................................... 16
8.4.3 ISO 20387:2018, 7.2.1.1.......................................................................................................................................... 16
8.4.4 ISO 20387:2018, 7.2.3.4.......................................................................................................................................... 16
8.4.5 ISO 20387:2018, 7.3.1.1.......................................................................................................................................... 16
8.4.6 ISO 20387:2018, 7.3.2.4.......................................................................................................................................... 17
8.4.7 ISO 20387:2018, 7.3.2.5.......................................................................................................................................... 17
8.4.8 ISO 20387:2018, 7.3.3.2.......................................................................................................................................... 18
8.4.9 ISO 20387:2018, 7.4.2............................................................................................................................................... 18
8.4.10 ISO 20387:2018, 7.4.5............................................................................................................................................... 18
8.4.11 ISO 20387:2018, 7.6.2............................................................................................................................................... 18
8.4.12 ISO 20387:2018, 7.7.1............................................................................................................................................... 18
8.4.13 ISO 20387:2018, 7.7.3............................................................................................................................................... 19
8.4.14 ISO 20387:2018, 7.7.5............................................................................................................................................... 19
8.4.15 ISO 20387:2018, 7.7.7............................................................................................................................................... 19
8.4.16 ISO 20387:2018, 7.8.1.2.......................................................................................................................................... 19
8.4.17 ISO 20387:2018, 7.9.1.1.......................................................................................................................................... 20
8.4.18 ISO 20387:2018, 7.10.5............................................................................................................................................ 20
8.4.19 ISO 20387:2018, 7.12.2.1....................................................................................................................................... 20
8.4.20 ISO 20387:2018, 7.13.2............................................................................................................................................ 20
8.5 Quality management system requirements (ISO 20387:2018, Clause 8).......................................... 20
8.5.1 General................................................................................................................................................................................... 20
8.5.2 ISO 20387:2018, 8.1.1, 8.1.2 and 8.1.3........................................................................................................ 20
8.5.3 ISO 20387:2018, 8.3.1............................................................................................................................................... 21
8.5.4 ISO 20387:2018, 8.4.1, 8.4.2 and 8.4.3........................................................................................................ 21
8.5.5 ISO 20387:2018, 8.5.1, 8.5.2 and 8.5.3........................................................................................................ 22
8.5.6 ISO 20387:2018, 8.6.1............................................................................................................................................... 22
8.5.7 ISO 20387:2018, 8.8.1 and 8.8.2...................................................................................................................... 22
Bibliography.............................................................................................................................................................................................................................. 23
iv © ISO 2020 – All rights reserved

ISO/TR 22758:2020(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/
iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 276, Biotechnology.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
© ISO 2020 – All rights reserved v

ISO/TR 22758:2020(E)

Introduction
This document is intended to be a supplement to, rather than a substitute for, ISO 20387; as such, it is
not a stand-alone document. It can be helpful for the reader to first review ISO 20387, and refer to this
technical report in parallel or thereafter.
The following is noted in regards to the contents of this document:
— A technical report, by definition, contains no requirements. For this reason, the language is
intentionally non-prescriptive to avoid the introduction of new requirements.
— This document does not address those clauses and subclauses of ISO 20387 which are considered to
be self-explanatory (e.g. ISO 20387:2018, Clauses 1, 2, and 3, and Annexes A, B, and C, etc.).
— Clauses 4, 5, 6 and 7 of this document address some general concepts that underlie the requirements
of ISO 20387.
— Clause 8 of this document addresses a selection of the specific requirements in ISO 20387, as
noted above.
— Examples are provided throughout the text of this document, and are used to illustrate a non-
exhaustive list of possibilities.
— Acronyms are used to simplify the text:
1) BMaD: ISO 20387 defines biological material (ISO 20387:2018, 3.7) and associated data
(ISO 20387:2018, 3.3). For the purpose of this document the terms are combined as "biological
materials and/or associated data" (BMaD). There are places where references are made to
either biological material or associated data. The term is spelled out in these cases.
2) FIP: Fit for purpose or fitness for intended purpose (ISO 20387:2018, 3.24) is also defined by
ISO 20387. For the purpose of this document this term is denoted by FIP.
The term biobank has been previously defined in a number of ways and no single definition has yet
been universally accepted by the scientific community.
ISO 20387 defines a biobank (ISO 20387:2018, 3.5) as a legal entity or part of a legal entity that performs
biobanking, and the term biobanking (ISO 20387:2018, 3.6) as the process of acquisitioning and storing,
together with some or all of the activities related to collection, preparation, preservation, testing, analysing
and distributing defined biological material as well as related information and data. For the purposes of
this document, the term biobank includes the personnel performing biobanking activities on behalf of
the biobank, as well as the entity itself.
Biobanks can vary widely in:
— domains that are managed, e.g., human, animal, fungus, microbial, and/or plant, etc. or a multiple
of these;
— types of biological material and data in the biobank, e.g. nucleic acids, tissue, etc.;
— activities being performed;
— types of organizations that are involved; and
— structure, governance, oversight, and operation.
At the time of acquisition, biobanks can perform acquisition, processing and storage of BMaD for not-
yet-identified future use(s). In these cases, the biobank can acquire the BMaD according to standard
operating procedures (SOPs) appropriate for the projected end-use(s). Alternatively, biobanks can
acquire BMaD in response to a request from a user. The user can specify criteria for the BMaD and/or
SOPs developed or applied for that specific use.
vi © ISO 2020 – All rights reserved

ISO/TR 22758:2020(E)

Biobanks can acquire BMaD for investigators studying new methods of collecting, storing, or processing
biological materials and the effects of these new methods on various analytes. In these cases, the
biobank can tailor the procedures to specifically meet the investigator’s needs rather than following
widely-accepted SOPs for handling of the BMaD.
Biobanks vary in the types of activities they perform. They can either perform the full range of
activities included in the definition of biobanking in ISO 20387, i.e. collecting/acquisitioning, preparing,
preserving, testing, storage, analysing and distributing BMaD or a subset of these activities for example
collecting/acquisitioning and distributing.
Biobanks can involve different types of organizations. They can be independent legal entities or reside
within governmental entities, academic institutions, hospitals, non-profit or commercial organizations.
Biobanks can include multiple sites of operation and can sometimes involve parties at multiple
institutions or organizations. In addition, they can involve sites of operations within different regions
or sometimes even different countries.
It is up to the biobank to identify the scope of biobank activities for which it wants to implement
ISO 20387.
© ISO 2020 – All rights reserved vii

TECHNICAL REPORT ISO/TR 22758:2020(E)
Biotechnology — Biobanking — Implementation guide for

ISO 20387
1 Scope
This document provides guidance to biobanks on how to implement the quality management,
management, and technical requirements of ISO 20387. It expands on aspects of ISO 20387 and
provides examples for illustration purposes. The aim of this document is to assist biobanks to address
competency of personnel and appropriate quality of biological material and data collections. This
document is equally applicable to newly established and existing biobanks.
This document is applicable to all organizations performing biobanking, including biobanking
of biological material from multicellular organisms (e.g., human, animal, fungus and plant) and
microorganisms for research and development.
This document does not apply to biological material intended for feed/food production, laboratories
undertaking analysis for food/feed production and/or therapeutic use.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 20387:2018, Biotechnology — Biobanking — General requirements for biobanking
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 20387 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://w ww.iso.org/obp
— IEC Electropedia: available at http://w ww.electropedia.org/
4 Background information for the development of ISO 20387
4.1 General
ISO 20387 was developed to benefit biobanks of all sizes, types, resources and levels of maturity and/or
complexity as covered by the scope.
The motivation for the development of ISO 20387 was to enable robustness and reliability of research
undertaken with these BMaD, supporting quality and reproducibility in research and development. This
in turn can contribute to increased and broader utilization of biological materials and associated data.
It is intended that conformity to ISO 20387 can help demonstrate a commitment to professionalism
within biobanking, promoting trust for key stakeholders, such as the public, donors, patients, users,
or funders. Benefits such as increased efficiency of biobank operations and interoperability among
biobanks, and improved marketability can result from a commitment to ISO 20387. These benefits can
also facilitate sustainability at a time of increasing complexity of research requirements.
© ISO 2020 – All rights reserved 1

ISO/TR 22758:2020(E)

4.2 Intended audience for ISO 20387 and this document

Because ISO 20387 covers a wide variety of biobanks, the intended audience is broad. This document
serves as a tool to assist with implementation of ISO 20387 for the spectrum of biobanks and their
activities, such as:
a) multicellular organism (e.g., human, animal, plant) and microorganism biobanks (for
implementation and self-assessment);
b) biobanks with a wide range of processes such as collecting/procuring and/or acquiring and
receiving, tagging, accessioning/logging, cataloguing/classifying, examining, preparing,
preserving, storing, managing data, destroying, packaging as well as safeguarding, distributing
and transporting (ISO 20387:2018, 4.1.1);
c) biobanks with a focus on some of the above processes such as acquisition and storage;
d) biobanks at different stages of implementation, such as newly established and existing biobanks;
e) biobanks located in countries of diverse economical scales, such as high, middle or low-income
countries;
f) biobanks, assessors and others interested in biobanking conformity assessment schemes, such as
first party (self-declaration), second party (contract/agreement), and third party (certification/
accreditation) approaches;
g) biobanks that wish to incorporate innovative approaches such as biological material-related data
repositories (virtual biobanking).
Biological material from multicellular organisms and microorganisms share many common
requirements in the implementation of ISO 20387, but each of these fields has its own needs. Domain
specificity can influence biobanking and subsequently the quality management due to the different
nature of biological material, special regulations, ethical guidelines, procedural needs or scientific and
user-based requirements. More specific biobanking-related standards are currently under development
in ISO/TC 276 Biotechnology.
4.3 Implementation of ISO 20387

Implementing ISO 20387 and the guidance as set out in this document can provide confidence in the
quality of the samples and subsequent data analysis. However, implementing the standard will require
resources. A gap analysis of a biobank’s current practice against these standard requirements can be
beneficial, and can lead to a plan for implementation of requirements. This can be done in a phased
approach and can take some time, particularly for smaller organizations where resources can be
constrained.
Each biobank can identify and implement corresponding requirements according to its defined and
documented individual activities (ISO 20387:2018, 5.7). ISO 20387, as a conformity assessment enabling
standard, can be described as having three types of requirements – general, QMS, and competence:
a) General requirements are found in all standards by definition. By demonstrating that a product
or service meets specific requirements in a standard, a potential user has a basis for assessing a
product’s fitness for an intended purpose.
b) A Quality Management System (QMS) addresses quality policies and objectives in its processes,
thus enabling the demonstration of efficient use of resources, improved risk management, and
increased robustness of practices, plans, and records, all of which serves to further increase user
confidence.
c) Technical competence adds the assessment of personnel to the evaluation, and provides means of
demonstrating that an entity has the ability to apply knowledge and skill to successfully achieve an
intended result, such as meeting the requirements in a standard. Technical competence provides
opportunity to the biobank to demonstrate that not only is it able to meet requirements, but its
2 © ISO 2020 – All rights reserved

ISO/TR 22758:2020(E)

personnel has the ability to consistently support the quality environment to promote further user
confidence.
The combined implementation of all three elements above can result in increased robustness and
confidence in biobanking operations and the resultant biobanking output. It is recognized that the
implementation of all these elements can be both complex and expensive, and the pursuit of all three
of these elements may or may not have sufficient business justification from the point of view of the
biobank. It can be prudent to build up the implementation of ISO 20387 in steps. Therefore, as a step
towards implementation of some parts or all of the standard, a biobank can choose to address certain
requirements earlier than others, e.g.:
— Emerging biobanks have the opportunity to initially implement only certain sections of ISO 20387
and can then later implement other sections.
— Specialized biobanks can decide to implement only the portions of ISO 20387 (ISO 20387:2018, 5.7)
that are relevant to their activities.
— Biobanks that have already implemented a robust QMS can choose to complement their efforts with
requirements of ISO 20387.
Biobanks can choose to differentiate themselves from competitors by pursuing the demonstration of
technical competence (e.g., through third party conformity assessment, or accreditation).
Note that the technical competence element cannot be implemented in isolation from the other two
elements, as the assessment of competence can only be done if there are other requirements to assess.
5 Fitness for the intended purpose (FIP) (ISO 20387:2018, 3.24) in biobanking
5.1 General
The driving force for the development of ISO 20387 was the necessity for BMaD of appropriate quality
for an intended purpose, to enable robust and reliable research and development. While the concept
of fitness for an intended purpose (FIP) can be new to some, it underpins many of the requirements in
ISO 20387. Quality is often considered a key target for the individual outputs from biobanks. Fitness
for the intended purpose is broader in that it incorporates quality management and quality control,
specifically targeting an intended purpose or end-use. This can extend to legal or ethical requirements,
resource availability, biological characteristics of the BMaD, and other factors.
As the biobank evolves its understanding of potential FIP, it can also evolve the way it treats the BMaD,
thus adding value in the context of an intended purpose. The user, when known, can also provide input.
The term 'fit for purpose', or 'fitness for the intended purpose', is defined in ISO 20387:2018 (3.24).
5.2 Fitness for the intended purpose and biological material and/or associated data
(BMaD) life cycle
Considerations related to FIP can come into play during the design and various stages of biobanking.
Figure 1 traces the progression of BMaD and the potential for continual revisions of the definition of
FIP. During all stages of the life cycle, processing and analysis are important as they contribute to the
FIP criteria. During all steps, relevant documentation will be maintained.
While Figure 1 is drawn as a linear progression, steps can be repeated, skipped, or ordered differently
than shown. This customization of BMaD and its intended end-use can be further supported by continual
refinement related to FIP by both the biobank and the user (or the projected range of intended end-use
where a user has not yet been identified).

ISO/TR 22758:2020(E)

Figure 1 — The progression of BMaD and associated FIP criteria over its life cycle
Biological materials and associated data are subject to research, development and/or many other
forms of utilization over time. The range of these potential uses is dependent on the known and
documented condition of the biological materials and associated data. BMaD users and biobanks can
play complementary roles during this life cycle.
Biobanks usually cover only parts of the BMaD life cycle and contribute mutually with the users of BMaD
to their sustainable research and utilization. Each biobank has an individual share on the life cycle.
While BMaD is under the control of the biobank, there is the opportunity to support and add value by a
range of means, such as tightly controlling the environment, enriching data and analysis, maintaining
a chain of custody, and minimizing degradation through the use of appropriate long-term preservation
and storage. The addition of value through these activities can extend the useful life of BMaD and
broaden the range of potential end-uses, i.e., expand BMaD fitness for the intended purpose. Whether
the specific end-use and/or user is known or unknown, a biobank can still establish and refine FIP
criteria and/or activities over time, focusing on BMaDs and the range of potential end-uses.
From a user’s perspective, BMaD life cycle can take a wide range of paths, but often begins with
identification or sourcing of materials based on a research purpose or intended application and leading
to BMaD utilization — the criteria that are set for the BMaD relate to fitness for the intended purpose.
The user can design its research plan to tie requirements to intended end-use, and later assess both
whether established requirements have been met, and whether these established requirements render
the BMaD as fit for purpose for the intended end-use.
Early and/or iterative communications between the biobank and end-user can often result in BMaD
that are optimally fit for an intended end-use.
Examples of possible pre-arranged requirements to ensure fitness for the intended purpose are
documented in ISO 20387:2018, Annexes A and B, and can include choice of BMaD (including selection of
specific data variables), testing methods, storage conditions, handling, and choice of consumables, etc.
5.3 Factors affecting fitness for the intended purpose

Given the wide variety of biobanks, their nature and purpose, and the biological materials and
associated data therein, the factors affecting FIP will be context-specific. Requirements (or anticipated
requirements) to ensure FIP can be affected by study design, analytical techniques, ethical/legal, and
other factors.
EXAMPLE 1 If the purpose of the biobank is to provide biological material from which DNA can be extracted
for molecular analysis, then handling the biological material according to International Standards (ISO 20166-3,
CEN/TS 16826-3 (soon ISO 20184-3), ISO 20186-3, CEN/TS 17305 or best practices for molecular techniques can
help to ensure fitness for purpose (unless the end-use involves evaluation of exploratory approaches for DNA
extraction).
Considerations for the determination of FIP for a particular use might include pre-analytical variables,
the characterization of the biological material, the level of understanding of the specimen’s and its
data’s provenance, and/or other factors as appropriate.

ISO/TR 22758:2020(E)

Fitness for one application does not necessarily imply fitness for other applications.
EXAMPLE 2 Formalin fixed biological material can be of sufficient quality for histological assessment and
immunohistochemical stains. However, some evidence suggests that these specimens might not always be
suitable (fit for purpose) for RNA analysis due to RNA degradation.
Quality of the BMaD is only one component of FIP. Other components that allow a specific purpose or
user’s needs to be met include sufficient quantity of BMaD to meet an intended need/analysis; access
and distribution policies and procedures; ethical or legal requirements, etc.
5.4 Determination of the pre-arranged requirements for FIP

Both the biobank and its user (when known) can influence the choice of requirements to ensure FIP
either individually or cooperatively. This can be based on the purpose and nature of the biobank and
evidence-based criteria, where available, for the intended analyses. In cases where the user has not been
identified prior to collection/acquisition of the BMaD, the choice can lie with the biobank. Distribution
of these responsibilities is dependent on many factors, including biobank type, size, function, user base,
management, etc. and can vary from collection to collection and from project to project.
BMaD can be collected for a pre-identified user. In such cases, the user defines a set of pre-arranged
requirements, often in collaboration with the biobank, potentially including the acceptable
characteristics of the BMaD and an acceptable range of quality, related to the purpose of the research
and the various analyses to be performed. Conversely, when users have not been individually pre-
identified, BMaD can be collected and stored for anticipated future applications, as in many classic
biobank models. In such cases, a set of requirements is established upfront for the collection, storage,
distribution and use of the biological materials and associated data based on the anticipated needs of
users. In that sense, the biobank can forecast and pre-determine the requirements for FIP.
5.5 Decision whether the biological material and associated data is truly fit for an
intended purpose
Ultimately, the user decides whether BMaD is truly acceptable for an intended use, but this decision can
also be made in collaboration with the biobank. Fitness for the intended purpose can change over time;
factors such as long-term storage, technology evolution, increased understanding of requirements for
a specific use, and evolution of the original intended use can all affect BMaD fitness for a specific use.
This can be facilitated through close and continual interaction between the biobank and its user. It is
ultimately up to the user to decide whether to use the BMaD for the intended purpose.
6 Process landscape
While the life cycle covers the range of key activities in the lifespan of a BMaD, process landscapes are a
process-oriented view of a biobank’s individual portfolio and provide an overview of its main processes
and their interdependencies. They enable all involved parties to understand the function/ mandate of a
biobank and how the biobank supports the involved parties in gaining access to biological material and
associated data fit for an intended purpose.
Each phase of the life cycle of biological material and associated data is characterized by specific
processes, as shown in Figure 2. These processes can be arranged in a hierarchical order so that certain
process areas can be broken down into detailed procedures and requirements. The process portfolios
of a biobank are usually structured into three process types:
a) Biobanking core processes directly create and/or add value for the users. They reflect the life cycle
of biological material and associated data from collection, analysis, preservation and storage to
distribution.
b) Biobanking support processes accompany and are used by the core processes. Typical examples
include quality control, management of information, control of nonconformities, transport and
traceability.

ISO/TR 22758:2020(E)

c) Biobanking management processes implement the governance of a biobank by defining structural

requirements, managing resources, establishing reports and documentation and assuring
impartiality and confidentiality.
The process landscape model in Figure 2 illustrates the overall requirements of ISO 20387 and
identifies clauses with relevant individual processes. It is complemented by the application of a quality
management system established according to ISO 20387. It is up to the discretion of a biobank to define
its own path through the landscape according its individual activities and to incorporate its processes
in an appropriate management system.
Figure 2 — Components of the biobanking process and its related support and management
processes, with encircled numbers corresponding to Clauses of ISO 20387:2018
Each biobank can evaluate its quality management system, encompassing the various requirements
for biobanking, supporting fitness of BMaD for intended purpose(s). Biobank management can take the
first step in building a quality management system leading to compliance with ISO 20387 by setting
appropriate priorities based on their providers' and users' needs, their resources, and their local,
regional and national mandates.
It is acknowledged that certain geographical locations can have specific regulations or requirements
applicable to professional personnel, their activities, and their responsibilities in this domain. Where
biobanking requires adherence to specific standards (e.g., ISO 15189, ISO/IEC 17020) or specific
regulations (e.g., Nagoya Protocol[16]), the biobank seeking such recognition can obtain additional
appropriate guidance relating to those standards and or regulations. International, national or regional
guidance documents also help a biobank in meeting both local requirements as well as those in
ISO 20387.

ISO/TR 22758:2020(E)

7 Conformity with ISO 20387
7.1 Scopes of Conformity
7.1.1 General
Conformity assessment requires an established scope with relevant objective(s), addressing process
goals and the method(s) being used. Each biobank determines the processes or activities that are
performed to ensure BMaD FIP in the context of fulfilment of requirements in ISO 20387. This set of
compliant processes constitutes the biobank’s scope of application, or scope of conformity, of ISO 20387.
This scope can be different for every biobank, and addresses each of the following:
a) the range of BMaD pertinent to the biobank. This can include BMaD from multicellular organisms
and microorganisms, such as DNA, cell cultures, tissues, viruses, blood, bone marrow, urine, living
cultures, seeds, plants and/or data such as characteristics and intended purpose(s);
b) various biobank activities such as acquisition, collection, preparation, preservation, testing,
analysis, storage, and distribution;
c) procedure(s) corresponding to the biobank activities including in-house method, standard method
and/or cited method for, e.g., snap freezing, deep freezing freeze drying or other preservation
techniques, isolation, sequencing, STR DNA Typing, ELISA, PCR, microscopy, stability tests.
NOTE Procedures can include examination technique/method, type of test/analysis, or test/analysis
parameters.
For the classification of the biological material, a biobank can choose to follow Globally Unique Identifiers
such as Life Science Identifiers[17] or another appropriate source to facilitate interoperability across
application domains. Similarly, for the associated data, biobanks can choose to use internationally
recognised ontologies such as Minimum Information About BIobank data Sharing (MIABIS).
Figure 3 shows how this translates into practice for an example biobank.
Figure 3 — Scope of conformity in a biobank
7.1.2 Determination of the scope of conformity
An assessment of conformity to ISO 20387 provides an opportunity to demonstrate competence within

a defined scope. The scope is defined by the biobank and includes all activities that the biobank wishes
to have assessed.

ISO/TR 22758:2020(E)

The following is an example of a scope of conformity for a biobank that handles microorganisms:
a) acquisition;
b) preparation and testing:
1) inoculation;
2) sequencing;
3) microscopy;
c) preservation and long time storage:
1) freeze drying;
2) liquid nitrogen;
3) ultra-low temperature;
d) distribution.
7.2 Conformity Assessment (CA) Practices (General aspects and applicability for
biobanks)
There are three levels of attestation, or demonstration, of conformity as shown in Table 1. ISO 20387
can be used as a tool for attestation at all three levels of conformity assessment (CA). There are a
number of sources that provide guidance on the application of conformity assessment – some of these
can be found in the CASCO Toolbox[18].
Table 1 — Levels of possible CA attestation for ISO 20387

Examples of evidence of
Type Party performing CA
attestation
Manufacturer or service provider
First party CA Self-declaration of conformity
(e.g., biobank)
Purchaser or user (e.g., medical
Second party CA Conformity assessment report
researcher)
Third party CAa Accreditation body Certificate
a Accreditation is a form of third party CA.
Third party assessment for technical competence, which involves an objective independent body
evaluation, is known as accreditation. In this case, a certificate of conformity is issued, giving written
assurance that a product, process or service conforms to specified requirements.
Links to additional resources materials, including international and national standards settings and
accreditation bodies, are provided in the bibliography.
8 Guidance on the interpretation of selected ISO 20387:2018 text parts
8.1 General Requirements (ISO 20387:2018, Clause 4)
8.1.1 General
Clause 4 of ISO 20387:2018 contains a number of general requirements. This document provides further
elucidation on the primary concepts treated in ISO 20387:2018, Clause 4.

ISO/TR 22758:2020(E)

8.1.2 Impartiality (ISO 20387:2018, 4.2)
ISO 20387 defines impartiality as presence of objectivity (according to ISO/IEC 17021-1:2015, 3.2).
Biobanks can address the requirements for impartiality by basing actions on objective criteria, thereby
avoiding any potential bias, prejudice and/or conflict of interest. Conflicts of interest can arise when the
interests of a party could compromise the independent, impartial and objective exercise of an activity.
It can be challenging to avoid conflict of interest in a biobank where quite often the projects are
based on scientific collaboration. In many instances the principal investigator is collecting BMaD for a
research project in which biobank personnel are co-authors. In such cases, impartiality in biobanking
can be supported by following policies and instructions that enable access to biological resources in a
fair and equitable manner. Mechanisms for mitigation can include oversight by advisory boards such
as science advisory boards, biological material access committees, etc. Additionally, these policies can
help support transparency.
8.1.3 Confidentiality (ISO 20387:2018, 4.3)
The requirement to protect confidential information relating to BMaD and involved parties is part of
the legal and ethical duty of the biobank. The types of confidential information and its management can
vary according to the specific BMaD. Appropriate handling of confidential information can be defined
in collaboration with relevant interested parties, considering any legal and/or ethical constraints.
8.2 Structural requirements (20387:2018, Clause 5)
8.2.1 General
The organizational, financial, governance and other structural components of a biobank are often
interdependent. Clause 5 of ISO 20387:2018 addresses requirements related to these components. This
document provides elucidation on selected sub-clauses treated in ISO 20387:2018, Clause 5.
8.2.2 ISO 20387:2018, 5.1
As long as applicable legal requirements are met, a biobank can be any of the following:
a) a public, private, or other legal entity,
b) an identifiable division or in-house activity of a public, private or other legal entity. The biobank
can be part of one or more of the following list: governments, institutions, universities, hospitals,
pharma enterprises or non-governmental organizations, etc.
8.2.3 ISO 20387:2018, 5.3
The complexity of the biobank is frequently reflected in the composition and scope of the governance
body or advisory board.
8.2.4 ISO 20387:2018, 5.5
In this context, a liability is a legal consequence of a biobank activity.

Examples of potential courses of action are:
a) creation of a statement/agreement of limits of liability;
b) consultation with appropriate legal professionals; or
c) development of a clause within a contract that addresses liability.
Internal audit systems can contribute to risk mitigation. Possession of legal liability insurance or
governmental protection from liability can also be appropriate.

ISO/TR 22758:2020(E)

A biobank that uses externally provided processes, products and services to conduct any portion of its
activities can also consider how to address any associated potential liability issues.
See ISO 20387:2018, 6.4 for externally provided processes, products and services.
8.2.5 ISO 20387:2018, 5.7
The biobank is not obliged to include its entire spectrum of activities under the range of activities
for which it conforms to ISO 20387. Typically, a biobank determines the specific activities for which
it wishes to claim conformance with ISO 20387; this is also known as the scope of conformity. For
example, a biobank can have the ability to perform activities A, B and C; however, it can decide only
to claim conformity with ISO 20387 for activity A. The scope of conformity is further addressed in the
introduction of this document.
8.2.6 ISO 20387:2018, 5.8, a)
Scientific direction, policy development and implementation, decision making, sponsorship, and
oversight are examples of considerations that can help define the governance structure. The structural
organization and management components illustrate how functions and responsibilities are assigned,
controlled and coordinated in the biobank. The position of the biobank in a parent/host/governing
organization (e.g., in a hospital or university), if applicable, is an important part of this assignment.
Structure definition may include partnership and interrelationship between partners, in particular
when policy responsibilities are shared. An organizational chart and/or a matrix can support the
biobank to illustrate and describe its structure.
8.2.7 ISO 20387:2018, 5.9
Depending on the organizational structure of the biobank and/or available resources (such as time,
access to relevant information, tools, and management), duties can be distributed among multiple
people rather than being assigned to a single person.
If the duties laid out in ISO 20387:2018, 5.7 are covered by more than one person, coordination among
these people is important to avoid gaps or overlaps that can threaten consistency affecting quality and
quality management.
The biobank can also consider section ISO 20387:2018, 4.2 Impartiality, and ISO 20387:2018, 6.2
Personnel, for further guidance.
This clause addresses the need to ensure that tools, such as the process approach or the Plan-Do-Check-
Act (PDCA) cycle (see ISO 20387:2018, 8.2 to 8.9), are consistently applied to strive for continuous
improvement and to achieve compliance with the requirements of ISO 20387.
According to ISO 9001:2015, the PDCA cycle can be briefly described as follows:
— Plan: establish the objectives of the system and its processes, and the resources needed to deliver
results in accordance with users’ requirements and the organizations policies, and identify and
address risks and opportunities;
— Do: implement what was planned;
— Check: monitor and (where applicable) measure processes and the resulting products and services
against policies, objectives, requirements and planned activities, and report the results;
— Act: take actions to improve the performance as necessary.
The anticipation and consideration of risks and opportunities is an inherent part of the quality
management system planning (i.e., setting objectives, defining processes). Examples include:
a) Addressing risks;

ISO/TR 22758:2020(E)

EXAMPLE The instability of RNA at room temperature leads to its storage at low temperatures, e.g., in
a -80° C freezer. Storing RNA in such a freezer is linked to the risk of freezer failure (e.g., due to power cut or
breakdown). Consequently, measures like temperature monitoring and alarm systems are implemented.
b) Addressing opportunities.
EXAMPLE The instability of RNA at room temperature led researchers to develop stabilizing methods.
Usage of such stabilizers provides the opportunity to prolong the time between sample collection and
processing start (at room temperature) without compromising the quality of RNA.
The risk-based approach is intended to systematically integrate considerations of risks and

opportunities into the planning of processes, and to link those to the expected quantity or quality of the
process output. This can lead to the observation that some activities in a process are less prone to have
a negative impact on the process output than others; consequently they are submitted to less control
than others. Or, it can be found out that a specific step in a process is extremely important to achieve
the intended sample quality, so that only trained staff and validated equipment can be used.
8.3 Resource requirements (ISO 20387:2018, Clause 6)
8.3.1 General
ISO 20387:2018, Clause 6 contains a number of resource requirements. Resources addressed include

personnel, as well as their training and competence, facilities, equipment, and externally provided
processes, products, and services. This document provides further elucidation of some primary
concepts treated in ISO 20387:2018, Clause 6.
Required resources can vary according to BMaD type, research type, and other activities being
performed by the biobank.
8.3.2 ISO 20387:2018, 6.1.2
ISO 20387 requires the biobank to document a strategy to address financial viability. This can be
incorporated within some or all of the following:
a) a strategic plan;
b) a business plan;
c) an agreement between the biobank and its funders;
d) a compendium of relevant needs;
e) a sustainability plan.
Periodic strategy reviews can provide an opportunity to assess and refine the needs of the biobank in
the context of its current and projected activities.
The biobank can develop a plan to fulfil these needs. Examples include:
— establishing a cost recovery strategy for the provision of services;
— establishing a plan for diversifying funding sources; or
— reviewing the scope of activities, relating this to the availability of resources over time, and adjusting
accordingly.
It is acknowledged that change occurs over time. Such changes can be availability of resources, funding
sources, scope, or user needs. In such cases, the biobank can adjust its activities accordingly (for
example, scaling down of activities, change in custodianship).

ISO/TR 22758:2020(E)

8.3.3 ISO 20387:2018, 6.2.1.2
Confidentiality in the context of biobanking is defined in section ISO 20387:2018, 4.3. Binding to
confidentiality can be achieved by requiring biobank personnel to sign a confidentiality agreement or
non-disclosure agreement.
8.3.4 ISO 20387:2018, 6.2.1.4
It is important that biobank personnel are informed of their duties, responsibilities and authorities. The
biobank can consider sharing a complete list of everyone’s job responsibilities among its personnel.
8.3.5 ISO 20387:2018, 6.2.2.1
Competent personnel contribute to proficient execution of biobanking tasks, including support

functions (e.g., IT, facilities infrastructures, human resources, legal). Job or task descriptions can
address any general, managerial and operational activities for which qualification is required.
Individual descriptions can include responsibilities, and authorities of biobank personnel, and skills or
competencies required to fulfil these activities. Any regulatory or statutory requirements can also be
considered (e.g., board certification for pathologists or veterinary pathologists).
These job or task descriptions can be regularly reviewed and updated as appropriate.
8.3.6 ISO 20387:2018, 6.2.2.3
Documented evidence of personnel competence can include job descriptions, training certificates and
competence declarations.
A matrix describing personnel and completed training can be useful in the demonstration of competence
(see ISO 20387:2018, 6.2.3.1). Consider that some information can be confidential (e.g., personnel
details). Auditors can require access even to such confidential information.
8.3.7 ISO 20387:2018, 6.2.3
Training plans aligned with biobank competence needs can be useful. Such training plans can be
established for all personnel in the biobank entity and/or for individuals. Identified training needs
can be fulfilled by internal training provided by personnel of the organization, or by external training
organizations. The biobank can periodically assess the effectiveness of the training, e.g., by a test or
evaluation.
8.3.8 ISO 20387:2018, 6.2.3.3
New personnel typically go through a multi-faceted orientation, parts of which are applicable to all (e.g.,
familiarization with the organization, principles of confidentiality and impartiality, use of information
and communication technology tools) and other parts of which are specific to the job (e.g., health
and safety requirements, job-specific tasks and tools). This orientation can conclude with approval
of the competence of the trainee, and formal authorization to perform the trained activities (see
ISO 20387:2018, 6.2.3.2). Depending on biobank competence criteria, the approval can be provisional
and subject to further on-the-job evaluation. For specific technical tasks (e.g., quality control tests)
it can be helpful to let the job holder perform the test and then compare the obtained results with
expected results.
8.3.9 ISO 20387:2018, 6.3
The biobank facilities and environmental conditions can have a significant impact on quality, integrity,
security, and FIP of BMaD as well as health and safety of personnel. Some potential considerations are
shown in Figure 4.

ISO/TR 22758:2020(E)

Figure 4 — Considerations related to Processes for Safeguarding Facilities and Environmental

Conditions
Facilities/dedicated areas and environmental conditions can include a number of structural and
organisational components, such as buildings, utilities and workspaces used for biobank operations
as well as biobank policies and practices. In addition, this includes equipment such as hardware and
software, information and communication technology, security and other services (environmental
monitoring, control and recording access, remote control, etc.). Any required redundancies (e.g., back-
up storage units, alternative energy supplies) whether or not the sole property of the biobank, can also
be included.
8.3.10 ISO 20387:2018, 6.3.2
A biobank can consider having a maintenance plan in place to ensure conformity with defined quality
control criteria.
A biosecurity policy can include restriction and controlled access to critical areas, biological resources,
and confidential data, as appropriate. A biobank’s access procedure can refer to records of external
visitors and appropriate visitor protection.
Further information on “fitness for the intended purpose” is found in Clause 5 of this document.

ISO/TR 22758:2020(E)

8.3.11 ISO 20387:2018, 6.3.3
Incompatible activities include any actions taken by personnel or any activities adversely affecting
the quality of BMaD within the biobank, e.g., cross-contamination. Each occurrence of an incompatible
activity can be evaluated and resolved on a case-by-case basis.
Separation of incompatible activities can be achieved by, for example:
a) performing such activities in separate rooms or dedicated areas;
b) performing such activities at different time points with adequate preparation (e.g., cleaning,
calibration, etc.); and/or
c) defining pathways that avoid crossing of incompatible BMaD.
If the biobank shares its infrastructure with other organizations, it is particularly important to assess
activities for potential incompatibilities. In addition to the measures mentioned above, a safety policy
can be established such as clear indication of infectious risks, appropriate decontamination, sterility,
and confinement regimes, etc. A collaboration agreement or operational procedure between the
biobank and the parties with which it shares the infrastructure can be implemented.
8.3.12 ISO 20387:2018, 6.3.5
Environmental conditions can impact the results of biobank activities and fitness for the intended
purpose of BMaD, and/or the health and safety of personnel. It is therefore helpful that the biobank
monitors and controls the relevant environmental conditions within its infrastructure.
The biobank can use a risk-based approach to identify environmental conditions (e.g., temperature,
humidity, air pressure, etc.) likely to affect BMaD, and/or health and safety of personnel. The biobank
can consider supplier specifications, relevant regulations, best practices, or other sources, including
those published in the literature.
The biobank can then develop and implement a monitoring and control plan for the identified
environmental conditions. Monitoring can be performed and recorded on a continuous basis or at
regular predefined intervals. The biobank can document actions taken for environmental conditions
outside acceptable ranges.
8.3.13 ISO 20387:2018, 6.3.7
The biobank can evaluate the risk of potential damage to BMaD. A contingency plan based on this risk
evaluation supports mitigation of the effects. Mitigation examples that can support a contingency
plan can include alternative storage sites, avoidance of basement and surface level storage, and post
disaster activities such as disinfection of environment, etc. Mitigation of the risk of data loss can also
be considered (such as an information back-up system). See also ISO 20387:2018, 7.7.1, 7.7.2 and 8.5.2.
Further references are given in ISBER Best Practices 4th Edition B5, B7, B8, C9, I2 and I12[19].
8.3.14 ISO 20387:2018, 6.4.1.1
Externally provided processes, products and services are characterized as being supplied by a legal
entity (or part thereof) that is not the biobank. An agreement between the provider and the biobank
can contribute to compliance with the requirements described in ISO 20387:2018, 6.4.
8.3.15 ISO 20387:2018, 6.4.1.5
Verification of compliance can be performed by the external provider according to agreed-upon

processes and/or by the biobank based on pre-determined quality control measures. Examples of how
external providers can be monitored are:
a) review of external provider internal audits (first party audits); and/or

ISO/TR 22758:2020(E)

b) biobank audits of the external provider (second party audits).
8.3.16 ISO 20387:2018, 6.4.1.6
For externally provided activities addressed in this sub-clause, validation is discussed in

ISO 20387:2018, 7.9.2.
8.3.17 ISO 20387:2018, 6.5.1
The objective of controlled access is to be able to use equipment in a controlled way, at the time of need.
Before use, equipment can be checked to ensure fitness for purpose. This can for example be achieved
through an assurance that equipment is stable with respect to any characteristics that can affect BMaD
quality.
If the biobank does not have complete ownership of all equipment needed for accomplishing its tasks, it
needs to have access to equipment outside its ownership. In such circumstances, the biobank needs to
have adequate knowledge of the conditions under which it is being utilized, e.g., by verification.
8.3.18 ISO 20387:2018, 6.5.3
The manufacturer instructions can be sufficient as instructions for use.
8.3.19 ISO 20387:2018, 6.5.6
This task can be done by the supplier, a service contractor or the biobank.
8.3.20 ISO 20387:2018, 6.5.10
Metrological traceability supports comparability among biobanks. For example, many biobanks need
confidence in their temperature measurements during transport and storage. This confidence can be
established and quantified by comparison of the measurement result with that of a reference material
with a known (“true”) value and its related uncertainty.
For measurements based upon SI or SI-derived units, this comparison is achieved via internationally
acknowledged (standard or certified) reference materials (e.g., calibration of a balance with a reference
weight or a temperature probe calibrated against an international or national reference standard).
In the case of measurements not based upon SI or SI-derived units (e.g., Fluometric units), such
standards either do not exist or are not internationally recognized. In such cases, the biobank can
produce and use its own standards or reference materials to establish at least internal confidence of
constantly reliable measurements.
Participation in external quality assessment programs or proficiency testing programs can also be
appropriate.
NOTE Further information can be found in ISO 9001, ISO/IEC 17025, and ISO/IEC Guide 99:2007.
8.3.21 ISO 20387:2018, 6.5.11
The biobank can designate a person to be responsible for taking care of equipment which has been
found to be non-compliant. The designated person(s) can label such equipment as non-compliant and
take actions as appropriate.
8.3.22 ISO 20387:2018, 6.5.12
For example, during a calibration, personnel might notice that a thermometer has failed. Such a
discovery can imply that temperature measurements taken prior to discovery of the failure could be
compromised, warranting further investigation of historical measurements.

ISO/TR 22758:2020(E)

8.4 Process requirements (ISO 20387:2018, Clause 7)
8.4.1 General
ISO 20387:2018, Clause 7 contains process requirements for biobanking. This document provides
further elucidation on the primary concepts treated in ISO 20387:2018, Clause 7.
8.4.2 ISO 20387:2018, 7.1.1
The biobank can meet this series of requirements by describing all processes that occur during the life
cycle of a BMaD that potentially affect its FIP.
The life cycle stages typically include collection/acquisition, analysis, processing, storage, access,
and distribution, and can vary from biobank to biobank. BMaD life cycle is usually influenced by the
biobank’s scope, quality control requirements, and user agreements.
The biobank’s responsibility is limited to BMaD life cycle stages under its control, and includes internal
as well as external subcontracted processes, when applicable. A schematic workflow scheme supports
the biobank through a concise description of the processes and their sequence from collection to
disposal.
See 5.2 for more information.
8.4.3 ISO 20387:2018, 7.2.1.1
During collection and/or acquisition the biobank defines and acquires all relevant information regarded
as necessary to accomplish the objectives of the biobank. This can include information that supports
the achievement of fitness for an intended purpose.
Information such as taxonomic data, timestamp, date, place and procedure of collection or proliferation
is predetermined per ISO 20387:2018 and as documented in its Annex A with examples as shown in
its Annex B. Note that the date and timestamp are documented in a standard format according to
ISO 8601-1, where possible.
8.4.4 ISO 20387:2018, 7.2.3.4
A wide variety of ethical requirements can apply to biobanks, depending upon the nature and type of
biobank, the BMaD, and any applicable international, national and local regulations and policies. Ethical
requirements do specifically apply to biobanking of human BMaD and can include:
a) ethics committee review(s) and approval(s);
b) either informed consent from the patient/donor/legal representative, or waiver of informed
consent in certain circumstances.
In addition, other relevant requirements can apply to the associated data, such as those related to
privacy, confidentiality and data protection as well as specific data, such as medical record, and genetic
and genomic data.
Prior to collection of BMaD, biobanks can consult with appropriate regulatory and ethical officials to
determine any relevant ethical requirements.
8.4.5 ISO 20387:2018, 7.3.1.1
Different parties can be involved in the definition of the principles governing access to and distribution
of BMaD and can include, consistent with the established governance plan:
— the biobank manager and/or manager of a specific collection of BMaD;
— the “custodian” or an individual designated with decision-making authority on behalf of the biobank;

ISO/TR 22758:2020(E)

— institutional leadership; and/or

— those involved in the governance of the biobank.
Important principles to keep in mind when developing policies and procedures for access and
distribution of BMaD can include transparency, accountability, freedom from conflicts of interests, and
responsible use of resources.
Principles governing access to and distribution of BMaD can include scientific considerations such as:
a) appropriateness of the use of the biological materials;
b) scientific merit and potential impact of the use;
c) research design;
d) availability of funding, experience and qualifications of the investigators; and
e) availability and adequacy of research facilities and equipment, etc.
Ethical and legal considerations and requirements can also guide access to and distribution of BMaD.
These can include:
— compliance with ethical and regulatory requirements (such as human subjects, privacy and data
protection regulations or the Convention on Biological Diversity – Nagoya Protocol[16]);
— benefits and risks to donors, populations and society at large;
— protection of the privacy of donors and the confidentiality of their data;
— consistency of the research use with informed consent (where relevant);
— any contractual obligations associated with the use of the materials; and
— documentation of any regulatory approvals.
The principles governing access to and distribution of BMaD can be documented in a variety of ways
such as through SOPs, governance or custodianship plans and can be described and published on the
biobank website or any other appropriate media, particularly if the intent of the biobank is to provide
BMaD for research purposes beyond local (i.e., intra-institutional) use.
Biobanks can use a variety of ways to ensure that the documented requirements that are established
with interested parties comply with these principles. This can be achieved through the use of Material
Transfer or Data Use Agreements, or other contractual or non-contractual agreements that describe the
obligations of the user of the BMaD.
8.4.6 ISO 20387:2018, 7.3.2.4
The segregation of BMaD can be in assigned and/or marked areas. This segregation can be physical or
virtual, as long as it is identifiable. Quality compliance is further explored in ISO 20387:2018, 7.8.
8.4.7 ISO 20387:2018, 7.3.2.5
BMaD characteristics associated with 'fitness for the intended purpose' are defined and documented by
the biobank, and, when applicable, in conjunction with the recipient/user.

ISO/TR 22758:2020(E)

8.4.8 ISO 20387:2018, 7.3.3.2
These agreements can stipulate the conditions for each involved party relating to BMaD provision and
use, and can include:
a) definition of the BMaD and its intended purpose, including any boundaries of use (e.g., sharing with
third parties, prohibition of in vivo use in humans, biohazard precautions, etc.);
b) legal and ethical requirements with the supplied BMaD (e.g., confidentiality clauses, data privacy,
intellectual property and publication rights, etc.); and
c) other clauses relevant to the BMaD and/or involved parties (e.g., biobank acknowledgement in
publications, return of research data and/or BMaD to the biobank, disposition of the BMaD).
These documents can take the form of contractual agreements such as a Material Transfer Agreement
(MTA) or other legally binding non-contractual instruments.
8.4.9 ISO 20387:2018, 7.4.2
Chain of custody is defined in clause 3.12 of ISO 20387:2018 as responsibility for and control of BMaD as
they move through each step of a process. Information related to transport-related events and conditions
that can potentially affect the quality of the biological material can be recorded by personnel in each
entity handling the relevant biological material. Examples of the chain of custody during transport
can include transport within the biobank, shipping between the biobank and recipients, and reception
of biological material at the receiving biobank, etc. and can include processes employed by relevant
parties, including shippers. Critical chain of custody records including deviations from previously
defined parameters can be maintained by the biobank.
Chain of custody during transport is part of the agreements or legally binding documents between the
dispatcher and recipient.
8.4.10 ISO 20387:2018, 7.4.5
The required competence is influenced by the type of biological material, the contractual and legal
requirements for the shipment and the applicable dispatch procedures. The competence of the
personnel involved in preparation of biological material for shipment can be achieved according to the
provisions in ISO 20387:2018, 6.2.2.
8.4.11 ISO 20387:2018, 7.6.2
A risk-based approach can assist in defining critical activities as well as appropriate monitoring
parameters and measures of the preparation and/or preservation procedure in place. The
documentation of these procedures can be developed according to ISO 20387:2018, A.4.
Documentation of each preparation and preservation step permits tracking of the predefined critical
activities, e.g., for analysis, including pre-analytic variables, quality control, and/or demonstration of
the fitness for purpose.
8.4.12 ISO 20387:2018, 7.7.1
In case of a disaster (e.g., fire, earthquakes, flooding, failure of critical systems such as power supply,
etc.), usual methods of safeguarding biological material are probably not available and/or effective.
Alternative/complementary methods can be needed. The development and implementation of a disaster
protection plan can help mitigate the risk of damaging or losing BMaD during a disaster. This plan can
define actions and responsibilities, and can include alternative/complementary methods, systems,
infrastructure, and/or equipment.

ISO/TR 22758:2020(E)

8.4.13 ISO 20387:2018, 7.7.3
With reference to ISO 20387:2018, 7.1.1, 7.8.2.7, and Annexes A and B, it is for the biobank to determine
which activities are critical, and which parameters are relevant, during the life cycle of each type of
biological material that it handles. For a definition of 'critical', see ISO 20387:2018, 3.16.
When a biobank cannot record a parameter deemed critical by peer consensus, user request, or
normative requirements (either for a single biological material, or for an entire collection), the biobank
can choose to record the parameter as missing/not available, -1 (or other appropriate term), rather
than leaving the value blank. Unknown data in date-/time- stamps can be recorded as in the following
example: “9999/12/31”.
It is desirable that biobanks format dates and times according to ISO 8601-1, but it is also recognized
that common local practice can be different, or it can be impossible to implement ISO 8601-1 at the
source. A common format can support interoperability.
8.4.14 ISO 20387:2018, 7.7.5
For examples of guidelines, a biobank can refer to best practice guides such as the ISBER Best Practices
(B9 and C8)[19], NCI Best Practices for Biospecimen Resources[20], OECD Best Practice Guidelines
for Biological Resource Centres[22] or other guidelines such as those in the bibliography sections of
ISO 20387:2018 and this document.
8.4.15 ISO 20387:2018, 7.7.7
The biobank can define the required elements for the completion of its inventory. The biobank can
then define the procedures to periodically assess this inventory. This assessment can be based on
general principles and the inherent risks to or from the BMaD (e.g., health and safety, biosecurity, BMaD
integrity, etc.), its handling and storage. The biobank can define appropriate intervals and methods
(e.g., random sampling, analysis of operational sample retrieval and distribution data) reflecting the
risk assessment and the impact of the assessment on the biological material.
8.4.16 ISO 20387:2018, 7.8.1.2
Quality Control (QC) in biobanks typically involves the identification and assessment of quality
indicators of the BMaD life cycle stages relevant to the ‘fitness for the intended purpose’. These stages
can include collection, testing, transport, storage, processing, annotation and distribution. A biobank
can define, apply, and assess QC indicators related to any internal processes and externally-provided
processes. Where QC procedures can lead to corruption or unacceptable elimination of BMaD (e.g., in
the case of rare or legacy material) the biobank might wish to adjust QC procedures accordingly. A
possible approach to the identification of QC indicators is the development of a fishbone diagram, also
known as a Cause and Effect Diagram or Ishikawa diagram. Other forms of root cause analysis can also
be beneficial.
QC procedures performed on the BMaD in all stages of the life cycle are crucial to demonstrate that
BMaD is fit for the intended purpose.
QC for each stage of the life cycle of the BMaD is based on the:
a) specifications for the BMaD based on the (anticipated) end-use;
b) QC protocols;
c) assessment of QC indicators;
d) maintenance of the traceability chain.
The inability to complete QC procedures, e.g., in the case of rare or legacy BMaD, can be mitigated
through the reference to other data as it becomes available and can support the user assessment of FIP,
e.g., feedback from previous users.

ISO/TR 22758:2020(E)

8.4.17 ISO 20387:2018, 7.9.1.1
Validation aims to demonstrate that a product or process is fit for an intended purpose. Essential
input for validation of a method includes a statement of purpose, specifications to be achieved, and the
procedure(s) to be followed during the critical activity. Validation can be achieved through a variety of
means, including tests, peer-reviewed research, simulations, etc. to provide the required evidence for
the achievement of the fitness for an intended purpose. Such evidence typically includes specifications
for parameters such as identity, yield, purity, amplification, accuracy, and reproducibility.
Validation can provide documented evidence that the procedure or process in question consistently
produces the right product or process output, i.e., a product or process fit for the intended purpose.
Verification demonstrates that a product or process is compliant with pre-defined specifications and can
be the result of an inspection (ISO 9000:2015, 3.11.7) or other forms of determination (ISO 9000:2015,
3.11.1) such as alternative calculations or documentation review (ISO 9000:2015, 3.8.5). ISO 9000:2015
defines these terms as:
— Inspection: determination of conformity (ISO 9000:2015, 3.6.11) to specified requirements
(ISO 9000:2015, 3.6.4);
— Determination: activity to find out one or more characteristics (ISO 9000:2015, 3.10.1) and their
characteristic values.
8.4.18 ISO 20387:2018, 7.10.5
Access to a catalogue of the biobank’s available BMaD can be provided for interested parties through
electronic and/or non-electronic instruments (e.g., database, electronic catalogue, electronic files,
printed catalogue). Networks of biobanks can choose to develop shared catalogues. It is up to the
biobank to determine the contents and format of such catalogues. The cataloguing process can be
consistent with Confidentiality (ISO 20387:2018, 4.3), Interoperability (ISO 20387:2018, 7.10) and
Access Principles (ISO 20387:2018, 7.3.1.1).
8.4.19 ISO 20387:2018, 7.12.2.1
This clause in ISO 20387 is concerned with two concepts — the identification of valid reasons not to
include an item in the report as enumerated in items a) to l), and the means of documentation of these
valid reasons. The identification of valid reasons can be made on a case-by-case basis. These reasons
can be included within a procedure, or communicated via agreements with users or defined technical
conditions/arrangements (e.g., continuous data transfer separately from the transfer of the biological
material).
8.4.20 ISO 20387:2018, 7.13.2
The biobank can choose to develop a short summary of the biobank’s complaint process or SOP to be
shared with complainants and/or other involved parties.
8.5 Quality management system requirements (ISO 20387:2018, Clause 8)
8.5.1 General
Clause 8 of ISO 20387:2018 contains a number of quality management system (QMS) requirements.
This document further addresses the primary concepts treated in ISO 20387:2018, Clause 8.
8.5.2 ISO 20387:2018, 8.1.1, 8.1.2 and 8.1.3
ISO 20387 provides two options for a biobank to follow for its QMS. Both options seek to achieve the
same result in the performance of quality management, and require compliance with Clause 4 to 7 of
ISO 20387:2018.

ISO/TR 22758:2020(E)

Option A allows the biobank to demonstrate that it meets QMS requirements by direct fulfilment
of ISO 20387:2018, 8.2 to 8.9. Where ISO 9001 has already been implemented, or is planned for
implementation, Option B affords the biobank an opportunity to use appropriate portions of ISO 9001
to facilitate its demonstration of the above. In this case, the biobank confirms that all biobank activities
in the intended scope of accreditation are covered, and that the QMS is capable of supporting and
demonstrating compliance with the intent of ISO 20387:2018, 8.2 to 8.9.
8.5.3 ISO 20387:2018, 8.3.1
Document is defined in ISO 9000:2015 in 3.8.5 as information (ISO 9000:2015, 3.8.2) and the medium on
which it is contained.
EXAMPLE Record (ISO 9000:2015, 3.8.10), specification (ISO 9000:2015, 3.8.7), procedure, document,
drawing, report, standard.
NOTE 1 The medium can be paper, magnetic, electronic or optical computer disc, photograph or master
sample, or combination thereof.
NOTE 2 A set of documents, for example specifications and records, is frequently called “documentation”.
NOTE 3 Some requirements (ISO 9000:2015, 3.6.4) (e.g. the requirement to be readable) relate to all types of
documents. However, there can be different requirements for specifications (e.g. the requirement to be revision
controlled) and for records (e.g. the requirement to be retrievable).
8.5.4 ISO 20387:2018, 8.4.1, 8.4.2 and 8.4.3
Record is defined in ISO 9000:2015, 3.8.10 as document (ISO 9000:2015, 3.8.5) stating results achieved or
providing evidence of activities performed.
NOTE 1 Records can be used, for example, to formalize traceability (ISO 9000:2015, 3.6.13) and to provide
evidence of verification (ISO 9000:2015, 3.8.12), preventive action (ISO 9000:2015, 3.12.1) and corrective action
(ISO 9000:2015, 3.12.2).
NOTE 2 Generally records need not be under revision control.
Keeping in mind that record is a type of document, record management covers the methods of
identification, storage, protection, accessibility and disposal of records. The biobank can choose to
develop and implement a procedure to ensure traceability of records.
Records produced by the biobank can include but are not limited to:
a) original observations, raw data, calculations, test results, traceability data for equipment;
b) results from tests performed during the installation, maintenance, and control, including
calibration, of equipment;
c) evidence of personnel qualifications and participation in training courses (such as the course
designation, program, date, duration, and identification of the trainer) and resulting competencies
and authorizations;
d) reports of audits;
e) reviews of the quality management system;
f) report(s) of nonconformities (including complaints) and any actions taken to correct and avoid
recurrence of nonconformities (see ISO 20387:2018, 8.7.3).
The biobank defines the rules to control the records in order to keep them in such a way that they are
secure, held in confidence, reasonably protected from destruction, and easily retrievable. In addition,
changes to records are traceable. Archiving and destruction methods are dependent on the nature of
the records. Access to confidential records can be achieved with proper flagging and by limiting access
to authorized personnel, consistent with confidentiality arrangements.

ISO/TR 22758:2020(E)

8.5.5 ISO 20387:2018, 8.5.1, 8.5.2 and 8.5.3
It is up to the biobank to determine the method(s) to identify, assess, and mitigate/accept risks and
opportunities.
The biobank can choose to periodically re-assess risks and opportunities. Risk-based approaches or
other methods in the planning and/or decision making process can help direct the allocation of limited
resources such as personnel and funds according to the magnitude of the risk and/or opportunity. This
approach can help minimize the risk to critical biobank activities.
These concepts can be further explored in ISO 31000, ISO 9001, and ISO 35001.
8.5.6 ISO 20387:2018, 8.6.1
QMS improvement is a dynamic and important process. The biobank can collect, review and analyze
information on its QMS performance and use this information as a basis for improvement. Information
collected can include:
a) Results of internal audits (See ISO 20387:2018, 8.8 Internal Audits);
b) Analysis of quality performance indicators in fulfilment of QMS objectives;
c) Assessment of operational, support, and management processes;
d) Results of risk assessments (see ISO 20387:2018, 8.5 Actions to Address Risks and Opportunities);
e) Nonconformities (see ISO 20387:2018, 7.11 Non-conforming Outputs);
f) Corrective actions (see ISO 20387:2018, 8.7 Corrective Actions);
g) Proficiency-testing results, etc. (see ISO 20387:2018, 7.8.2 Quality Control of Processes);
h) Feedback, e.g. user assessment of whether BMaD was fit for the intended purpose (see
ISO 20387:2018, 8.6.2).
Additionally, the PDCA (see 8.2.7) cycle can also be used for QMS improvement.
8.5.7 ISO 20387:2018, 8.8.1 and 8.8.2
Internal audits can be facilitated by biobank personnel, external contractors, or a combination of both.
ISO 20387:2018, 6.2.2 applies to any personnel involved in conducting the audit. ISO 20387:2018, 6.4
applies when internal audits, or any part thereof, are contracted externally.
The concept of impartiality is a requirement according to the principles for auditing introduced in
ISO 19011, e.g., the auditor is independent of the activity being audited.

ISO/TR 22758:2020(E)

Bibliography
[1] ISO 8601-1, Date and time — Representations for information interchange — Part 1: Basic rules
[2] ISO 9000:2015, Quality management systems — Fundamentals and vocabulary
[3] ISO 9001, Quality management systems — Requirements
[4] ISO 15189, Medical laboratories — Requirements for quality and competence
[5] ISO 19011, Guidelines for auditing management systems
[6] ISO 20166-3, Molecular in vitro diagnostic examinations — Specifications for pre-examination
processes for formalin-fixed and paraffin-embedded (FFPE) tissue — Part 3: Isolated DNA
[7] ISO 20186-3, Molecular in vitro diagnostic examinations — Specifications for pre-examination
processes for venous whole blood — Part 3: Isolated circulating cell free DNA from plasma
[8] ISO 31000, Risk management — Guidelines
[9] ISO 35001, Biorisk management for laboratories and other related organisations
[10] ISO/IEC 17020, Conformity assessment — Requirements for the operation of various types of bodies
performing inspection
[11] ISO/IEC 17021-1:2015, Conformity assessment — Requirements for bodies providing audit and
certification of management systems — Part 1: Requirements
[12] ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories
[13] ISO/IEC Guide 99:2007, International vocabulary of metrology — Basic and general concepts and
associated terms (VIM)
[14] CEN/TS 16826-3, Molecular in vitro diagnostic examinations — Specifications for pre-examination
processes for snap frozen tissue — Part 3: Isolated DNA (will be replaced by ISO 20184-3)
[15] CEN/TS 17305, Molecular in vitro diagnostic examinations — Specifications for pre-examination
processes for saliva — Isolated human DNA
[16] Nagoya Protocol on Access to Genetic Resources and the Fair and Equitable Sharing of Benefits
Arising from Their Utilization 2010
[17] Jones A, White R, Orme E, Identifying and relating biological concepts in the Catalogue of Life.
J. Biomed semantics, 2, 7, 2011.
[18] https://w ww.iso.org/sites/cascoregulators/02_casco_toolbox.html
[19] ISBER, Best practices for repositories, 4th Edition, 2018
[20] National Cancer Institute Best practices for biospecimen resources, 2012
[21] Convention on Biological Diversity, 1992.
[22] OECD Best practice guidelines for Biological resources centres, 2007
[23] OECD Guidance for the operation of biological resources centres, 2008
[24] www.ariscommunity.com/process-landscape

ISO/TR 22758:2020(E)

ICS 07.080
Price based on 23 pages
© ISO 2020 – All rights reserved

Technical: Iso/Tr 22758

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Technical: Iso/Tr 22758

Uploaded by

Copyright:

Available Formats

TECHNICAL ISO/TR

COPYRIGHT PROTECTED DOCUMENT

ii ﻿ © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved ﻿ iii

8.3.15 ISO 20387:2018, 6.4.1.5.......................................................................................................................................... 14

iv ﻿ © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved ﻿ v

vi ﻿ © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved ﻿ vii

Biotechnology — Biobanking — Implementation guide for

3 Terms and definitions

4 Background information for the development of ISO 20387

© ISO 2020 – All rights reserved ﻿ 1

4.2 Intended audience for ISO 20387 and this document

4.3 Implementation of ISO 20387

2 ﻿ © ISO 2020 – All rights reserved

5 Fitness for the intended purpose (FIP) (ISO 20387:2018, 3.24) in biobanking

© ISO 2020 – All rights reserved ﻿ 3

5.3 Factors affecting fitness for the intended purpose

4 ﻿ © ISO 2020 – All rights reserved

5.4 Determination of the pre-arranged requirements for FIP

© ISO 2020 – All rights reserved ﻿ 5

c) Biobanking management processes implement the governance of a biobank by defining structural

6 ﻿ © ISO 2020 – All rights reserved

7 Conformity with ISO 20387

7.1 Scopes of Conformity

Figure 3 — Scope of conformity in a biobank

7.1.2 Determination of the scope of conformity

An assessment of conformity to ISO 20387 provides an opportunity to demonstrate competence within

© ISO 2020 – All rights reserved ﻿ 7

Table 1 — Levels of possible CA attestation for ISO 20387

8 Guidance on the interpretation of selected ISO 20387:2018 text parts

8.1 General Requirements (ISO 20387:2018, Clause 4)

8 ﻿ © ISO 2020 – All rights reserved

8.1.2 Impartiality (ISO 20387:2018, 4.2)

8.1.3 Confidentiality (ISO 20387:2018, 4.3)

8.2 Structural requirements (20387:2018, Clause 5)

8.2.2 ISO 20387:2018, 5.1

8.2.3 ISO 20387:2018, 5.3

8.2.4 ISO 20387:2018, 5.5

In this context, a liability is a legal consequence of a biobank activity.

© ISO 2020 – All rights reserved ﻿ 9

8.2.5 ISO 20387:2018, 5.7

8.2.6 ISO 20387:2018, 5.8, a)

8.2.7 ISO 20387:2018, 5.9

10 ﻿ © ISO 2020 – All rights reserved

The risk-based approach is intended to systematically integrate considerations of risks and

8.3 Resource requirements (ISO 20387:2018, Clause 6)

ISO 20387:2018, Clause 6 contains a number of resource requirements. Resources addressed include

8.3.2 ISO 20387:2018, 6.1.2

© ISO 2020 – All rights reserved ﻿ 11

8.3.3 ISO 20387:2018, 6.2.1.2

8.3.4 ISO 20387:2018, 6.2.1.4

8.3.5 ISO 20387:2018, 6.2.2.1

Competent personnel contribute to proficient execution of biobanking tasks, including support

8.3.6 ISO 20387:2018, 6.2.2.3

8.3.7 ISO 20387:2018, 6.2.3

8.3.8 ISO 20387:2018, 6.2.3.3

8.3.9 ISO 20387:2018, 6.3

12 ﻿ © ISO 2020 – All rights reserved

Figure 4 — Considerations related to Processes for Safeguarding Facilities and Environmental

8.3.10 ISO 20387:2018, 6.3.2

© ISO 2020 – All rights reserved ﻿ 13

ii © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved iii

iv © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved v

vi © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved vii

© ISO 2020 – All rights reserved 1

2 © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved 3

4 © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved 5

6 © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved 7

8 © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved 9

10 © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved 11

12 © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved 13

14 © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved 15

16 © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved 17

18 © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved 19

20 © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved 21

22 © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved 23

© ISO 2020 – All rights reserved