ISO/IEC 17043:2023 Gap Analysis: Clause-by-Clause Comparison
ISO/IEC 17043:2023 Gap Analysis: Clause-by-Clause Comparison
Last Updated on September 25, 2025 by Melissa Lazaro
ISO/IEC 17043:2023 Gap Analysis: Clause-by-Clause Comparison
If your organization is already accredited to ISO/IEC 17043:2010, you’ve probably heard the buzz around the updated 2023 version. And maybe you’re wondering: How much has really changed? Do we need to overhaul our whole system?
Let me be clear—while some parts of the standard remain familiar, the structure, terminology, and expectations have shifted significantly. Without a proper gap analysis, it’s incredibly easy to overlook new requirements or misunderstand how your current procedures map to the revised clauses.
I’ve worked with numerous PT providers navigating standard revisions over the years. The ones that stay ahead don’t just rewrite documents—they analyze, compare, and plan strategically. This article is going to walk you through exactly how to do that, clause by clause.
Why Conduct a Clause-by-Clause Gap Analysis?
ISO standards evolve not just to add complexity, but to align with best practices, international frameworks, and current risks. The 2023 revision of ISO/IEC 17043 brings it in line with Annex SL, the high-level structure used in most modern ISO standards.
Here’s what that means for you:
- New clauses, especially in risk-based thinking, impartiality, and communication.
- Reorganized structure—you won’t find the same clause numbers or grouping.
- Broader emphasis on management systems and strategic leadership.
A clause-by-clause gap analysis helps you:
- Identify where your system already complies
- Spot what’s missing or outdated
- Assign responsibility for updates
- Build confidence before reassessments or surveillance audits
What Changed in ISO/IEC 17043:2023?
Let’s start with the structural shift.
The 2010 version grouped content into five main clauses:
- 4: General requirements
- 5: Structural requirements
- 6: Resource requirements
- 7: Process requirements
- 8: Management system requirements
The 2023 revision aligns with the ten-clause Annex SL structure, similar to ISO/IEC 17025 and ISO 9001:
- Scope
- Normative references
- Terms and definitions
- General requirements
- Structural requirements
- Resource requirements
- Process requirements
- Management system requirements
- Risk-based thinking
- Improvement
The wording and sequencing have changed. More importantly, some completely new expectations have been introduced—especially around risk, impartiality, and documented information.
Clause-by-Clause Comparison: 2010 vs. 2023
Here’s a summary mapping of major clauses:
| 2010 Clause | 2023 Clause | What’s New or Different |
|---|---|---|
| 4 – General | 4, 9 | Split between general principles and new risk-based thinking |
| 5 – Structural | 5 | More emphasis on top management responsibilities |
| 6 – Resource | 6 | Enhanced clarity on personnel competence and infrastructure |
| 7 – Process | 7 | Additional focus on communication, scheme design, and results interpretation |
| 8 – Management System | 8, 10 | Split between system requirements and improvement activities |
Key New Concepts Introduced in 2023:
- Formal risk-based thinking (Clause 9)
- More structured documentation control
- Clearer impartiality evaluation and mitigation
- Reinforced leadership commitment
- Stronger connection to continual improvement
You’ll need to revisit not just the format of your QMS—but the intent behind it.
How to Use This for Your Internal Gap Analysis
Here’s how to tackle your gap analysis in a manageable, structured way:
- Create a comparison table. List the 2010 clauses side-by-side with the 2023 ones. Identify overlaps and gaps.
- Review your current documents. Map your policies, procedures, forms, and records to the 2023 clauses. Note any that are missing or outdated.
- Assess compliance for each clause. Use a simple rating system:
- Fully compliant
- Partially compliant
- Not compliant
- Assign responsibility. Make sure every clause or gap has a process owner who can review and address it.
- Set realistic deadlines. Prioritize clauses with new content (e.g. Clause 9 on risk) and give yourself time to rewrite and review with your team.
- Update your audit checklists. Align internal audits and management reviews to the new structure so you’re not caught off guard during reassessment.
Real Example:
One PT provider I worked with found they had no structured process for reviewing risks related to scheme operation. This was acceptable under the 2010 version, but the 2023 revision required documentation, review frequency, and demonstrable action. They developed a quarterly review process and linked it to their impartiality log—problem solved, and easily defendable during audit.
Pro Tips
- Pro Tip: Don’t try to retrofit the old structure into the new one. Accept the format shift and use it as a chance to streamline.
- Pro Tip: Use color-coded checklists for quick visual indicators of compliance status.
- Pro Tip: Involve your technical coordinators early—they often hold key insights that help interpret new clause expectations.
- Pro Tip: Review regional accreditation body guidance—they often issue transition documents or webinars with clause mapping tools.
Common Mistakes to Avoid
Assuming Structural Changes Are Cosmetic
Many teams assume it’s just a formatting shift—so they update titles but skip deeper changes. This leads to audit findings.
Not Assigning Clear Responsibilities
Gap analyses without accountability fall flat. Every clause needs an owner who understands the requirement and can verify compliance.
Ignoring the Intent Behind New Clauses
Clause 9 on risk-based thinking isn’t just a checklist item—it’s about real-time awareness and strategic response. Treating it like a documentation exercise misses the point.
FAQs
Q: Is a gap analysis required by ISO/IEC 17043:2023?
It’s not mandated by name—but assessors expect to see how you’ve identified and addressed differences between versions. A gap analysis is the cleanest way to show this.
Q: How long does a full clause review take?
It depends on your size and documentation. Most providers I’ve worked with complete it in 2 to 6 weeks, depending on resource availability.
Q: Can I reuse my old procedures?
Some, yes—with updates. But others (like risk management, impartiality handling, or leadership responsibility) may need entirely new approaches.
Don’t Just Update—Re-Align
Upgrading to ISO/IEC 17043:2023 is about more than editing documents. It’s about realigning your quality system with current international expectations.
The providers I’ve seen handle the transition smoothly all started with the same thing: a clause-by-clause gap analysis. They didn’t guess, rush, or wing it. They compared, planned, and executed with clarity.
If you want to reduce transition stress and build long-term compliance confidence, start with the structure. I’ve created a downloadable Gap Analysis Worksheet mapped to ISO/IEC 17043:2023—let me know if you’d like a copy.
It’ll save you hours—and maybe even your next surveillance audit.
Melissa Lavaro is a seasoned ISO consultant and an enthusiastic advocate for quality management standards. With a rich experience in conducting audits and providing consultancy services, Melissa specializes in helping organizations implement and adapt to ISO standards. Her passion for quality management is evident in her hands-on approach and deep understanding of the regulatory frameworks. Melissa’s expertise and energetic commitment make her a sought-after consultant, dedicated to elevating organizational compliance and performance through practical, insightful guidance.
