Appendix 1 — Gap Analysis Checklist
Parent procedure: 01 – Project Plan
Purpose
To provide a structured tool for evaluating the laboratory's current level of compliance with each requirement of ISO/IEC 17025:2017. The completed checklist serves as the basis for the implementation timeline and resource allocation.
Instructions
- The Quality Manager, supported by the Technical Manager, reviews each requirement listed below.
- For each requirement, assess the current status:
- C — Compliant: the requirement is fully met with documented evidence.
- PC — Partially compliant: some elements are in place but gaps remain.
- NC — Not compliant: the requirement is not currently met.
- Record the evidence of compliance (where it exists) and the actions needed to achieve full compliance.
- Assign a priority (High / Medium / Low) based on the effort required and the criticality of the requirement.
- Use the completed checklist to inform the implementation timeline (Appendix 2).
Adapt this template
This checklist covers the main clauses of ISO/IEC 17025:2017 at a summary level. Laboratories may expand individual rows into more granular sub-requirements as needed. Your accreditation body may also provide its own assessment checklist — use both for completeness.
Checklist
Clause 4 — General requirements
Guiding questions:
- Does the laboratory have a documented policy or commitment statement on impartiality? How are risks to impartiality identified and managed on an ongoing basis?
- Are there situations where commercial, financial, or other pressures could compromise impartiality (e.g., pressure to produce favorable results)? What safeguards exist?
- Is there a documented policy on confidentiality? Does it cover all forms of information (paper, electronic, verbal)?
- Are confidentiality agreements or obligations in place for all personnel, including contractors and external parties who may access laboratory information?
- How is confidential information protected during storage, transmission, and disposal?
| Clause | Requirement summary | Status (C / PC / NC) | Evidence / current practice | Actions needed | Priority | Responsible | Target date |
|---|---|---|---|---|---|---|---|
| 4.1 | Impartiality | ||||||
| 4.2 | Confidentiality |
Clause 5 — Structural requirements
Guiding questions:
- Is the laboratory a legal entity, or a defined part of one? Can it be held legally responsible for its laboratory activities?
- Is there a documented organizational structure (e.g., an organigram) that shows reporting lines and the relationship between management, technical operations, and support services?
- Has management defined the scope of laboratory activities that will conform to ISO/IEC 17025?
- Are the roles, responsibilities, and authorities of all personnel clearly defined, documented, and communicated — including the Quality Manager, Technical Manager, and Laboratory Director?
- Are there documented procedures to ensure the integrity of laboratory activities and consistent operation of the management system?
- Has the laboratory established communication processes to ensure that personnel are informed of changes to the management system, procedures, or other matters that affect their work?
| Clause | Requirement summary | Status (C / PC / NC) | Evidence / current practice | Actions needed | Priority | Responsible | Target date |
|---|---|---|---|---|---|---|---|
| 5(a) | Legal entity or defined part of a legal entity | ||||||
| 5(b) | Management and organizational structure | ||||||
| 5(c) | Scope of laboratory activities conforming to ISO/IEC 17025 | ||||||
| 5(d) | Roles, responsibilities, and authority of personnel | ||||||
| 5(e) | Procedures to ensure impartiality and consistent operation | ||||||
| 5(f) | Communication processes for the management system |
Clause 6 — Resource requirements
Guiding questions:
- Does the laboratory have access to the personnel, facilities, equipment, systems, and support services necessary to manage and perform its activities?
- Are competence requirements defined for each role that influences laboratory results? Is there a process for identifying training needs and evaluating the effectiveness of training?
- Are personnel authorized to perform specific tasks (e.g., operating equipment, signing reports)? Is this authorization documented and based on demonstrated competence?
- Are personnel supervised appropriately — especially those in training or performing tasks for which they are not yet fully competent?
- Are the facility conditions (temperature, humidity, lighting, cleanliness, vibration, noise, etc.) monitored and controlled where they can affect results? Are requirements documented?
- Is access to areas that affect laboratory activities controlled?
- Is all equipment needed for laboratory activities available, properly functioning, and capable of achieving the required accuracy?
- Is there a documented program for calibration, verification, and maintenance of equipment? Are calibration records maintained?
- Are equipment records maintained (identification, manufacturer, serial number, location, calibration dates, maintenance history)?
- Is metrological traceability established for all measurement results? Can calibrations be traced to SI units or other recognized references through an unbroken chain?
- Are reference standards and reference materials traceable, and are certificates of analysis or calibration certificates available?
- Does the laboratory evaluate and select external providers (suppliers of calibration services, testing services, reference materials, equipment, consumables)? Are approved suppliers recorded?
- Is externally provided work covered by suitable agreements, and are results from external providers verified before use?
| Clause | Requirement summary | Status (C / PC / NC) | Evidence / current practice | Actions needed | Priority | Responsible | Target date |
|---|---|---|---|---|---|---|---|
| 6.1 | General (resources availability) | ||||||
| 6.2 | Personnel competence, training, supervision | ||||||
| 6.3 | Facilities and environmental conditions | ||||||
| 6.4 | Equipment | ||||||
| 6.5 | Metrological traceability | ||||||
| 6.6 | Externally provided products and services |
Clause 7 — Process requirements
Guiding questions:
- Is there a documented process for reviewing customer requests before accepting work? Does it confirm that the laboratory has the capability, resources, and methods to meet the requirements?
- Are differences between the request and the laboratory's capability resolved before work begins? Is the customer informed of any deviations?
- Are the methods used for testing and calibration appropriate, current, and validated or verified for their intended use? Are they documented and available to personnel?
- When the laboratory develops or modifies methods, is there a documented validation process that confirms the method is fit for purpose?
- Where sampling is part of the laboratory's activities, is there a documented sampling plan and procedure? Are sampling records maintained?
- Is there a documented procedure for receiving, handling, transporting, storing, and disposing of test or calibration items? Does it protect item integrity and the interests of the customer?
- Are items uniquely identified throughout their time in the laboratory? Is the identification system traceable to the customer's request?
- Do technical records contain sufficient information to repeat the laboratory activity under conditions as close as possible to the original? Are they created at the time the activity is performed?
- Has the laboratory identified the sources of measurement uncertainty for each test or calibration? Are uncertainty budgets documented and kept up to date?
- Does the laboratory monitor the validity of its results through quality assurance activities (e.g., proficiency testing, use of reference materials, replicate testing, retesting of retained items)?
- Are results from quality assurance activities analyzed, and are actions taken when predefined criteria are not met?
- Do test reports and calibration certificates contain all the information required by ISO/IEC 17025 and the applicable method? Are they reviewed and authorized before release?
- Is there a documented process for handling complaints? Are complaints tracked to resolution?
- Is there a documented procedure for managing nonconforming work? Does it include stopping work, evaluating significance, notifying customers when appropriate, and authorizing resumption of work?
- How does the laboratory ensure the integrity of data — including data entry, storage, transmission, and processing? Are systems validated? Is access controlled?
| Clause | Requirement summary | Status (C / PC / NC) | Evidence / current practice | Actions needed | Priority | Responsible | Target date |
|---|---|---|---|---|---|---|---|
| 7.1 | Review of requests, tenders, and contracts | ||||||
| 7.2 | Selection, verification, and validation of methods | ||||||
| 7.3 | Sampling | ||||||
| 7.4 | Handling of test or calibration items | ||||||
| 7.5 | Technical records | ||||||
| 7.6 | Evaluation of measurement uncertainty | ||||||
| 7.7 | Ensuring the validity of results | ||||||
| 7.8 | Reporting of results | ||||||
| 7.9 | Complaints | ||||||
| 7.10 | Nonconforming work | ||||||
| 7.11 | Control of data and information management |
Clause 8 — Management system requirements
Guiding questions:
- Has the laboratory chosen Option A or Option B for its management system? Is this decision documented?
- Has the laboratory established, documented, and implemented a management system that is capable of supporting and demonstrating the consistent fulfilment of ISO/IEC 17025 requirements?
- Does the management system documentation include a quality policy, quality objectives, and procedures necessary for assuring the quality of results?
- Is there a documented procedure for controlling management system documents (creation, review, approval, distribution, revision, and withdrawal of obsolete documents)?
- Are records identified, stored, protected, backed up, and retrievable? Is there a defined retention period? Are amendments traceable?
- Has the laboratory identified risks and opportunities associated with its activities? Are actions to address them planned, implemented, and evaluated for effectiveness?
- Does the laboratory actively seek opportunities for improvement — from audit results, data analysis, corrective actions, management reviews, personnel suggestions, and customer feedback?
- Is there a documented corrective action process? When a nonconformity is identified, does the laboratory investigate root causes, implement corrections, and verify effectiveness?
- Does the laboratory conduct internal audits at planned intervals? Do audits cover all elements of the management system? Are auditors independent of the activities being audited?
- Does management review the QMS at planned intervals? Does the review cover audit results, customer feedback, complaints, corrective actions, resource adequacy, risk management, and improvement opportunities?
| Clause | Requirement summary | Status (C / PC / NC) | Evidence / current practice | Actions needed | Priority | Responsible | Target date |
|---|---|---|---|---|---|---|---|
| 8.1 | Management system options (Option A or B) | ||||||
| 8.2 | Management system documentation | ||||||
| 8.3 | Control of management system documents | ||||||
| 8.4 | Control of records | ||||||
| 8.5 | Actions to address risks and opportunities | ||||||
| 8.6 | Improvement | ||||||
| 8.7 | Corrective actions | ||||||
| 8.8 | Internal audits | ||||||
| 8.9 | Management reviews |
Summary
| Status | Count |
|---|---|
| Compliant (C) | [Enter] |
| Partially compliant (PC) | [Enter] |
| Not compliant (NC) | [Enter] |
| Total requirements assessed | [Enter] |
Gap analysis conducted by: [Name, role] Date completed: [Date] Reviewed by: [Name, role]