Last Updated on September 25, 2025 by Melissa Lazaro

ISO/IEC 17043:2023 Structural Requirements (Clause 5) – Explained

Let’s be real—when most proficiency testing (PT) providers think about ISO/IEC 17043, they zero in on the technical stuff. Scheme design. Statistical models. Homogeneity and stability testing. That’s where the heavy lifting seems to happen.

But here’s the surprising truth I’ve seen again and again: many nonconformities and audit findings don’t come from technical failures—they come from structural issues.

Things like:

• Vague responsibilities
• Missing impartiality safeguards
• Poor role clarity
• No formal assignment of authority

And that’s exactly what Clause 5 of ISO/IEC 17043:2023—Structural Requirements—is here to address.

This clause is the foundation of your PT organization. It ensures you’re not just technically capable but also legally accountable, transparently governed, and ethically managed. In this article, I’ll walk you through what Clause 5 requires, why it matters, and how to meet these expectations in a way that actually strengthens your operations—not burdens them.

What Are Structural Requirements, and Why Do They Matter?

Think of structural requirements as the internal scaffolding of your PT operations.

They ensure:

• You’re legally recognized and clearly accountable
• Your staff know their roles and who has the final say
• Impartiality isn’t just claimed—it’s actively protected
• You’re resourced with competent people and clear oversight

If your organization is unclear about who does what, who signs off, or how bias is managed, then even the best-run PT schemes can fall apart during assessment.

In short: structure supports everything else—from trust to traceability to technical validity.

Clause 5.1 – Legal Entity and Responsibility

This requirement is straightforward, but essential: your PT provider must be a legally identifiable organization, and it must take full responsibility for the activities covered under ISO/IEC 17043.

So what does that actually mean?

It means:

• You must be registered—either as a standalone legal entity (like a company or institution) or as a defined part of a parent organization.
• You must be accountable for every aspect of your PT activities, from planning and participant communication to data management, performance evaluation, and final reporting.

Why this matters:

If something goes wrong—an incorrect assigned value, a data breach, or a participant complaint—there must be a clear legal body that takes ownership. Accreditation bodies can’t grant recognition to an undefined or informal group with no legal standing.

Real-world risk:

I once worked with a group of laboratories collaborating on PT schemes. Technically, they were solid. But they hadn’t formalized their structure or created a legal entity. When they tried to apply for ISO/IEC 17043 accreditation, the accreditor couldn’t proceed—because no one could legally sign off as “the provider.” They had to pause, create a formal entity, and restructure the operation before even beginning the assessment.

Clause 5.2 – Organizational Structure, Roles, and Authority

This clause builds on the first. Once you’ve established who you are legally, the next question is: how are you organized internally?

You need to:

• Define your organizational structure
• Assign roles and responsibilities clearly
• Document who has the authority to make decisions—especially around approving schemes, reviewing results, and issuing reports

This includes having:

• An organizational chart that shows reporting lines
• Job descriptions or role summaries for each key position
• A record of delegation (if authority is shared or passed along)

Practical example:

Let’s say your scheme results are ready for release. Who approves them? Is it the technical manager, a scheme coordinator, or someone in top management? If this isn’t written down—and clearly understood—you’re exposing your process to risk, inconsistency, and potential audit findings.

What auditors want to see:

They want to trace every key function (like assigning values, handling complaints, releasing reports) to a named, qualified person with documented authority. If your org chart is outdated or your approvals are based on informal discussions, that won’t cut it.

Clause 5.3 – Management Responsibility for Impartiality

This clause turns the spotlight on top management—whoever that is in your PT organization. ISO/IEC 17043:2023 makes it clear: protecting impartiality is not optional. It’s a core responsibility.

Here’s what you’re expected to do:

• Establish an impartiality policy that reflects your values and process
• Identify potential sources of bias—whether organizational, financial, or personal
• Monitor risks to impartiality continuously—not just once a year
• Take action when risks arise—before they become conflicts

What this looks like in practice:

• You have a conflict-of-interest log where staff disclose external activities, financial interests, or relationships that could affect impartiality.
• You review that log during management reviews and internal audits.
• If someone involved in scheme evaluation has ties to a participant lab, you document how the risk was handled—maybe by assigning a different reviewer.

A common mistake:

Saying “We are impartial” in a policy is not enough. You need to show your impartiality is managed, not just assumed.

Clause 5.4 – Competence, Resources, and Supervision

Now we move into staffing and oversight. This clause says your PT provider must have:

• Competent personnel with the knowledge and skills to run reliable schemes
• Adequate resources (facilities, time, budget, support staff)
• Supervision and technical oversight, especially for less experienced or newly assigned staff

Key expectations:

• Documented training programs for PT staff
• Defined competence criteria for each role
• Procedures for supervising work and verifying it before release
• Resources to ensure PT schemes are not rushed, underfunded, or poorly supported

What this protects against:

I once reviewed a PT provider where one person was designing schemes, evaluating results, and preparing reports with little to no oversight. They were experienced—but human. When they made a small statistical error, no one caught it before results went out. It damaged trust with participants and raised red flags during their accreditation audit.

You don’t need layers of bureaucracy—but you do need oversight.

Pro Tips – Making Clause 5 Work in Practice

Here’s how to make Clause 5 requirements part of your system without turning your organization into a paperwork machine.

Pro Tip 1: Keep your organizational chart and responsibilities in sync

Your org chart is only useful if it matches reality. If people move roles or take on new responsibilities, update the chart, job descriptions, and approval protocols at the same time.

Pro Tip 2: Document impartiality risks, even if they seem minor

If someone on your team reviews a scheme for a client they used to work with, log it—even if it’s no longer a conflict. It shows awareness and proactive risk management.

Pro Tip 3: Include structure-related issues in management review

Don’t just focus on KPIs and complaints. Discuss:

• Role changes
• Staffing needs
• Training gaps
• Risk of impartiality breaches
  That’s part of Clause 5, too.

Pro Tip 4: Create a digital “Clause 5 compliance folder”

Include:

• Legal registration
• Org chart
• Role definitions
• Conflict-of-interest log
• Impartiality policy
• Training records
  This makes audits easier and internal reviews faster.

Common Mistakes That Trip Up PT Providers

• No documentation of who approves final scheme reports
• Impartiality policy exists, but no one can explain how it’s enforced
• Competence is assumed based on years of experience—but not documented
• Job roles haven’t been reviewed or updated in years
• Staff wear multiple hats, but there’s no plan to manage conflicts of interest

These aren’t hard to fix—but they can be easy to overlook.

FAQs – Quick Answers

Q: Do I need to be a registered company to comply with Clause 5?
Not necessarily. But you must be a legally identifiable organization with defined responsibility for PT activities.

Q: What does “top management” mean in a small team?
Whoever holds final responsibility. Even if it’s just one person, their accountability must be documented.

Q: What if I subcontract parts of my scheme?
You’re still responsible. Clause 5 expects you to define oversight, manage quality, and maintain control—no matter who’s doing the work.

Q: Do I need to train experienced staff?
Yes. Even experienced staff need role-specific training, documented competence evaluations, and ongoing supervision where appropriate.

Structure Isn’t Boring, It’s Strategic

Clause 5 of ISO/IEC 17043:2023 may seem administrative, but it’s really your foundation. It tells accreditation bodies, participants, and your own team that your PT activities are legally backed, ethically managed, clearly structured, and built to last.

Strong structure supports better schemes. It reduces risk. It helps you grow with confidence—and respond to challenges with clarity.

So here’s your next step:
Take an hour this week to review your current organizational structure, role definitions, and impartiality safeguards. If anything is out of date or unclear—fix it now, not during an audit.

Need help reviewing your structure or preparing for ISO/IEC 17043 accreditation? I’ve helped PT providers build systems that don’t just pass audits—they run better because of them. Reach out and let’s strengthen your foundation together.