Last Updated on September 25, 2025 by Melissa Lazaro

Mandatory Procedures for ISO/IEC 17043:2023 Compliance

If you’re a proficiency testing (PT) provider transitioning to ISO/IEC 17043:2023, you’ve probably asked this question:

“Which procedures are actually mandatory?”

And it’s a fair question—because the 2023 version, aligned with Annex SL, doesn’t include a checklist of required procedures. That shift has left many labs confused.

In my experience helping labs through ISO/IEC 17043 audits, the ones that succeed have one thing in common: a well-documented, clause-aligned set of procedures that not only comply—but actually support the way they work.

So in this guide, I’ll break down exactly what the standard expects, which procedures are non-negotiable, and how to structure them so you’re ready for your next assessment.

Understanding “Mandatory” in the Context of ISO/IEC 17043:2023

Let’s clear something up.

ISO/IEC 17043:2023 doesn’t give you a tidy list titled “mandatory procedures.” Instead, the requirements are embedded in phrases like:

• “The organization shall establish…”
• “The organization shall implement and maintain…”
• “Documented information shall be available…”

When you see language like that, it implies you need a documented procedure or a controlled process that produces records.

In short: if the standard says you “shall establish” or “shall maintain,” that’s a strong indicator that documented procedures are required.

Clause-by-Clause Breakdown of Implied Mandatory Procedures

Let’s walk through each clause and highlight where procedures are expected:

Clause 4: General Requirements

• Impartiality and Confidentiality Procedure
  You need a documented process that defines how impartiality risks are identified and managed, and how confidential information is protected.
• Conflict of Interest Management
  Whether it’s a standalone policy or embedded in your impartiality procedure, it must be clear who evaluates conflicts and what actions are taken.

Clause 5: Structural Requirements

• Organizational Structure and Responsibilities
  You should describe reporting lines, roles, and responsibilities—typically in your quality manual or as a separate procedure.

Clause 6: Resource Requirements

• Personnel Competence Procedure
  This includes how staff qualifications are defined, training is conducted, and competence is evaluated and maintained.
• Equipment Maintenance and Calibration
  If you use measuring equipment, you must show how it’s maintained, calibrated (if needed), and tracked.

Clause 7: Process Requirements

This is the most detailed clause—and where most of your procedures will live.

• PT Scheme Design and Validation Procedure
  You must show how schemes are developed, validated, and approved before use.
• Sample Preparation and Handling
  Document how you prepare, store, and distribute PT items to ensure homogeneity and stability.
• Data Collection and Evaluation
  How are participant results collected? What statistical methods are used to evaluate performance?
• Reporting Procedure
  Detail how final reports are reviewed, approved, and shared with participants. This includes timelines and formatting.
• Complaints and Appeals Handling Procedure
  This is explicitly required. You need a procedure that includes how you receive, investigate, and respond to complaints and appeals.
• Subcontractor Management
  Any work you subcontract (e.g., logistics, lab testing) must be managed through a documented approval and monitoring process.

Clause 8: Management System Requirements

This clause brings everything together—and if you’re using the standard’s Option A, you need to document all of the following:

• Document Control Procedure
• Record Control Procedure
• Internal Audit Procedure
• Management Review Procedure
• Nonconformity Control
• Corrective Action Procedure
• Improvement Actions
• Risk and Opportunity Management Procedure

These aren’t optional. Whether you bundle some of them into one document or keep them separate, the system must show how each one is implemented and tracked.

Highly Recommended (But Not Explicitly Required) Procedures

These might not be called out directly, but I’ve found them extremely helpful in practice—and auditors often expect them:

• Customer Communication Procedure
  Especially for scheme announcements, result clarification, or corrective feedback
• Supplier Evaluation Procedure
  Covers how you qualify and monitor external service providers
• Change Control Procedure
  Helps manage revisions to scheme design, documents, or software
• Version Control of Scheme Materials
  Prevents outdated instructions or forms from being used

How to Structure and Control Your Procedures

Here’s what I’ve seen work best:

• Use clear titles that map to clauses or processes
  e.g., “Procedure for PT Scheme Design (Clause 7.1–7.6)”
• Include revision numbers, dates, and approvers
  Don’t skip document control—this is often the first finding in an audit
• Create a procedure index or clause matrix
  That way, you can prove every requirement has an associated procedure or record
• Make sure procedures are accessible to staff
  Whether digitally or in print, everyone should know where to find them

Pro Tips

• Pro Tip: Write procedures so someone new could follow them—not just the person who already knows the job.
• Pro Tip: Include who is responsible, what records are generated, and what tools or forms are used.
• Pro Tip: Conduct a mock audit of your procedures—can you trace each one to a clause in the standard?
• Pro Tip: Bundle your risk, improvement, and nonconformity processes into a single “Continual Improvement” procedure if it suits your workflow.

Common Mistakes to Avoid

Mistake #1: Thinking Annex SL Means Fewer Procedures

Annex SL gives flexibility, not freedom from documentation. Key procedures are still expected.

Mistake #2: Using Generic Templates

Many PT providers copy templates from ISO/IEC 17025 or ISO 9001 without adapting for PT-specific activities like statistical evaluation or scheme setup.

Mistake #3: Outdated Procedures

Auditors spot inconsistencies quickly. If your complaint procedure references old ISO clause numbers, that’s a red flag.

Mistake #4: Having Procedures but No Records

A procedure without implementation means nothing. You need evidence: logs, forms, emails, reports.

FAQs

Q: Can we use flowcharts instead of text procedures?
Yes, absolutely—as long as the flowchart clearly shows responsibilities, sequence, and outputs. Many assessors prefer visual formats.

Q: Are we required to have separate procedures for every clause?
Not necessarily. You can combine related topics (e.g., internal audit and management review), but make sure the procedure still fully addresses each requirement.

Q: Can we just adapt our ISO/IEC 17025 procedures?
Partially. But don’t forget the unique aspects of PT schemes—statistical design, homogeneity testing, and result evaluation are not covered in 17025.

Build a System That Works for You

ISO/IEC 17043:2023 compliance isn’t about having a mountain of paperwork—it’s about building a system that’s documented, usable, and reflective of what you actually do.

The best PT providers I’ve supported didn’t have the most complicated procedures. They had clear, well-written, practical ones that staff understood and assessors respected.

If you’d like a clause-to-procedure mapping table, I’ve got one ready—just let me know and I’ll send it your way.

Ready to start organizing your system? You’re already on the right path.