Last Updated on December 23, 2025 by Melissa Lazaro

Why an ISO/IEC 17043 Transition Gap-Analysis Is No Longer Optional

If you’re honest with yourself, you probably feel compliant. Most PT providers do. Your system works. Your schemes run. Audits have gone reasonably well so far.

Here’s what’s changed.

Accreditation bodies are no longer just checking whether you comply with ISO/IEC 17043 in general. They’re checking how well you’ve transitioned from the 2010 edition to the 2023 version—even if your formal transition audit is still months away.

In my experience, the biggest findings don’t come from missing documents. They come from misaligned thinking. Processes that made sense under 2010 don’t always hold up under 2023 scrutiny.

This transition gap-analysis template exists to surface those issues early, while you still control the timeline—and the stress level.

How ISO/IEC 17043:2023 Transition Gap-Analysis Differs from a Standard Internal Audit

A transition gap-analysis is not a normal internal audit. Treating it like one is where many providers go wrong.

An internal audit asks, “Are we following our system?”
A transition gap-analysis asks, “Does our system still make sense under ISO/IEC 17043:2023?”

That’s a very different question.

Here’s what I’ve noticed in real audits. PT providers pass internal audits comfortably, then struggle during surveillance because the auditor applies 2023 expectations to a 2010-designed system.

This is important because accreditation bodies don’t want theoretical compliance. They want to see that you understand what changed—and why.

Pro tip:
If your gap-analysis results in zero gaps, that’s usually a red flag. The 2023 revision did raise expectations. A good gap-analysis reflects that reality.

ISO/IEC 17043 Transition Gap-Analysis Scope – What to Include and What Not to Overcomplicate

One of the biggest mistakes I see is over-engineering the transition.

You don’t need to rewrite your entire management system. You do need to review the areas where ISO/IEC 17043:2023 sharpened expectations.

A solid transition gap-analysis should cover:

• terminology and structural alignment,
• risk-based thinking and impartiality,
• competence and subcontractor control,
• PT scheme design, data analysis, and reporting,
• management system alignment (Option A or Option B).

What it should not become is a document rewrite project disguised as a checklist.

Auditors don’t reward volume. They reward clarity.

Real-world insight:
I’ve seen lean, 10-page transition analyses satisfy assessors far better than 200-page binders that no one actually understands.

Clause-by-Clause Gap-Analysis – ISO/IEC 17043:2023 vs 2010

This is the heart of the template.

Each clause is reviewed side-by-side:

• what the 2010 edition required,
• what the 2023 edition now expects,
• how your current system aligns,
• where gaps or partial compliance exist.

What matters here isn’t just identifying gaps—it’s how you describe them.

Avoid vague statements like “procedure needs updating.” Auditors don’t find that helpful.

Instead, describe gaps in operational terms:

• what currently happens,
• why it doesn’t fully meet 2023 expectations,
• what will change.

Pro tip:
If an auditor can read your gap statement and immediately understand the issue without asking questions, you’ve written it correctly.

Risk & Impartiality Gap-Assessment – A High-Risk Audit Area

Risk and impartiality deserve their own section for a reason. This is where accreditation bodies focus hard during transition.

Under ISO/IEC 17043:2023, risk isn’t abstract. It’s tied directly to:

• scheme credibility,
• result validity,
• participant confidence,
• and impartial decision-making.

I’ve seen PT providers challenged because they assessed general business risks but missed scheme-specific ones—like risks arising from sample sourcing or data evaluation handled by a single individual.

Your gap-analysis should ask simple, uncomfortable questions:

• Where could impartiality realistically be questioned?
• What could compromise confidence in results?
• Are controls documented, or just assumed?

What works well:
Plain-language risk statements tied to real PT activities. No buzzwords. No filler.

Competence & Subcontractor Control Gap-Analysis – People Matter More Than Procedures

ISO/IEC 17043:2023 places more weight on competence than many providers expect.

It’s no longer enough to say someone is qualified. You need to show:

• what competence looks like for each role,
• how it’s evaluated,
• and how it’s maintained over time.

This applies equally to subcontractors.

A common misconception is that using ISO/IEC 17025-accredited labs removes responsibility. It doesn’t. You remain accountable for how their work supports your PT scheme.

Pro tip:
Competence records don’t need to be complex. A clear role description, criteria, and periodic review evidence usually satisfy auditors.

PT Scheme Design, Statistics & Reporting Gap-Analysis

This section often produces the most meaningful gaps—and the most valuable improvements.

ISO/IEC 17043:2023 expects tighter alignment between:

• scheme objectives,
• statistical methods,
• performance evaluation,
• and how results are communicated.

I’ve reviewed PT reports where the statistics were technically sound, but the performance interpretation wasn’t clear to participants. Under 2023 expectations, that’s a gap.

Your analysis should challenge assumptions:

• Why was this statistical method chosen?
• Does it still fit the scheme objective?
• Would an informed participant understand the outcome?

Real-world lesson:
Good statistics alone don’t protect you in an audit. Clear justification does.

Management System Option A vs Option B Gap-Analysis

If you claim Option A, auditors expect a complete set of management system controls specific to PT activities.

If you claim Option B, they expect genuine integration—not references.

I’ve seen Option B claims fall apart because ISO 9001 systems didn’t actually control scheme planning, result review, or corrective actions tied to PT outcomes.

Your gap-analysis should confirm:

• which option you truly operate under,
• whether evidence supports that claim,
• and where alignment breaks down.

Practical advice:
Choose the option that reflects reality. Auditors care far more about honesty than ambition.

Transition Action Plan – Turning Gaps into Audit-Ready Progress

Finding gaps is only half the job. Acting on them is what builds audit confidence.

A good transition action plan:

• prioritizes high-risk gaps first,
• assigns clear responsibility,
• sets realistic timelines linked to audit schedules.

You don’t need everything closed immediately. What auditors want to see is control and direction.

Pro tip:
Even partial implementation, when well-planned and documented, is far better than last-minute fixes.

FAQs – ISO/IEC 17043 Transition Gap-Analysis

When should a PT provider perform a transition gap-analysis?
Ideally before your next surveillance audit. Waiting until a formal transition assessment is risky.

Can this replace internal audits?
No. It complements them. The purposes are different.

Will accreditation bodies ask to see it?
Not always—but when they do, a clear gap-analysis builds immediate confidence.

Conclusion – How to Use the ISO/IEC 17043 Transition Gap-Analysis Effectively

ISO/IEC 17043:2023 doesn’t demand perfection. It demands understanding.

A well-executed transition gap-analysis shows accreditation bodies that you know where your system stands, where it needs to improve, and how you’re managing the transition responsibly.

From what I’ve seen across real audits, providers who do this early avoid most painful findings later.

Handled properly, the transition becomes controlled, predictable, and far less stressful.