Calibration Software vs Spreadsheet: When to Switch (UK Decision Guide)
Published 20 June 2026
Most UK quality managers do not start with calibration software. They start with a spreadsheet — one row per instrument, a due-date column, a folder of certificate PDFs, and a calendar reminder. For a workshop with twenty instruments, that is a perfectly good system. The question this guide answers is the one that arrives later: at what point does the spreadsheet stop being good enough, and how do you tell before a surveillance audit tells you for you?
This is a decision guide, not a sales pitch. A spreadsheet is legitimate under ISO 9001 — the standard does not require software. So the honest framing is not "spreadsheets are wrong." It is "here are the specific things that get harder in a spreadsheet as you scale, mapped to the clauses an auditor checks, so you can judge where your own system sits."
What ISO Actually Requires — and Does Not
It helps to be precise about what the standards demand, because the answer is narrower than the marketing suggests.
Under ISO 9001:2015, Clause 7.1.5 (monitoring and measuring resources) requires that measuring equipment is calibrated or verified at defined intervals against standards traceable to national or international measurement standards, that the basis used for calibration is retained as documented information, that equipment is identified to determine its status, and that it is safeguarded from adjustments that would invalidate the calibration status. ISO 9001:2015 is the in-force edition — a revision (ISO 9001:2026) is in progress but not yet published, so nothing in this guide depends on it.
Under ISO/IEC 17025:2017 — the standard for accredited testing and calibration laboratories — there is an extra clause that matters here. §7.11 (control of data and information management) requires that the information management system used to collect, process, record, report, store, or retrieve calibration data is validated for functionality before use, protected from unauthorised access, and safeguarded against tampering and loss. A laboratory that keeps its calibration records in a shared spreadsheet has to demonstrate it has met §7.11 for that spreadsheet — which, as we will see, is the part a spreadsheet struggles with.
Neither standard names a vendor, a format, or a tool. What they require is the controls. The decision is whether those controls are easier to keep in a spreadsheet or in software at your scale. For the full clause-by-clause picture, the ISO/IEC 17025 requirements guide walks every relevant section, and the ISO 9001 Clause 7.1.5 guide covers the manufacturer's version.
The Five Things That Break First
In practice, a spreadsheet does not fail all at once. Specific things break in a predictable order as you scale.
1. Reminders Before the Due Date
A spreadsheet has no alarm. A due-date column is only useful if a human opens the file, sorts by it, and acts — every week, without fail. The first non-conformance most teams meet is a calibration that lapsed because nobody opened the file that month. Conditional formatting turns a cell red, but it does not email anyone. Dedicated software fires a reminder a configurable number of days before the due date, so a lapse is caught before the assessment rather than during it.
2. The Audit Trail
ISO/IEC 17025 §7.11 wants records safeguarded against tampering, and an ISO 9001 auditor will reasonably ask how you know a calibration value was not changed after the fact. A spreadsheet records the current state, not the history. If someone edits a due date, overwrites a result, or deletes a row, there is usually no record that it happened, when, or by whom. Version history on a cloud spreadsheet helps a little, but it is not an instrument-level audit trail an assessor can read. Software that logs who changed what, and when, on every record turns "trust us" into evidence.
3. Certificate-to-Instrument Linking
The certificate is the evidence the calibration happened. In a spreadsheet, the certificate is a separate PDF in a folder, linked — if you are disciplined — by a filename convention. When the auditor selects instrument #247 and asks for its full calibration history, the scramble is real: find the row, find the matching PDFs, hope none were renamed or lost. Software keeps the certificate attached to the instrument record, so the history is one screen, not a search.
4. More Than One Editor
A spreadsheet was designed for one person. The moment a second person edits it — a workshop supervisor updating a returned certificate, a colleague covering during leave — you get the familiar failure modes: two copies, a row overwritten, a formula dragged one cell too far. There is no role-based access to stop a read-only colleague changing a calibration value. Software gives real user roles, so the people who should only look cannot accidentally edit.
5. The Out-of-Tolerance Investigation
When an instrument comes back failed — out of tolerance — the question is not just "recalibrate it." It is "what did we measure with this instrument since its last good calibration, and are any of those results now in doubt?" A spreadsheet gives you no structured way to scope that affected period or record the disposition decision. This is one of the harder problems to retrofit into a spreadsheet, and one of the reasons a structured out-of-tolerance procedure is easier to run in software built for it.
So When Do You Switch?
There is no instrument count printed in the standard. But the switching signals are concrete, and if two or more are true for you, the spreadsheet is probably already costing more than software would:
- You have missed a calibration due date in the last year, or had a calibration non-conformance raised at audit.
- More than one person edits the calibration register.
- You manage more than roughly fifty instruments, or expect to soon.
- You spend real time before each audit reformatting the spreadsheet into something presentable.
- You cannot quickly answer "show me the full history of instrument #247" from one screen.
- You are accredited to, or working toward, ISO/IEC 17025 — where §7.11 makes the spreadsheet's lack of access control and audit trail an explicit gap.
None of these is about the calibration maths. They are all about the controls around it — which is exactly what the standards ask for and exactly what a spreadsheet was never built to provide.
What Switching Does Not Change
Worth being clear about the limits, because the sales version overpromises. Moving to software does not perform your calibrations — a calibration laboratory still does that. It does not write your procedures. It does not make a poorly-kept register clean; if your data is messy going in, you import messy data, which is why migrating from a calibration spreadsheet is worth doing carefully rather than in a rush. What it changes is the surrounding system: reminders that fire, a history that holds, an audit trail that stands up, and access that is controlled.
How CalProof Fits
CalProof was built for the team that has outgrown the spreadsheet but does not want an enterprise QMS. It keeps the equipment register, links each certificate to its instrument, fires recalibration reminders before due dates, logs every change to a record with who and when, and gives real user roles — the five controls above, in one place. You import your existing spreadsheet by CSV to start, and you can export the whole record set back out as CSV plus the underlying PDFs, so your compliance evidence is never locked in.
GBP pricing from £29 a month. No per-user fees on Pro and above. UK data hosting. No long-term contract.
To see the shape of the output before signing up, the sample audit pack is ungated and downloads as a single PDF.
Sources
- ISO 9001:2015 — Quality management systems — Requirements
- ISO/IEC 17025:2017 — General requirements for the competence of testing and calibration laboratories
This guide applies to UK manufacturers and laboratories under ISO 9001 or ISO/IEC 17025. It is general guidance based on the published standards; the requirements that apply to your organisation depend on your certification scope and your auditor's interpretation. Verify against your certification body or UKAS assessor. This is not legal or compliance advice.