|
For Certification Body Professionals & ISO Auditors
Monthly News on
ISO Standards, Events & Tech
Issue No. 2 · June 2026
|
|
|
|
Lead Story
Global ACI's Unified MRA Takes Effect, Replacing the IAF MLA and ILAC MRA
The accreditation landscape that certification bodies and auditors have navigated for three decades has been formally consolidated. Existing accreditations issued under the ILAC MRA and/or IAF MLA will continue to be recognized as arrangements transition to the Global Accreditation Cooperation Incorporated MRA, with no service interruptions as accreditation bodies, conformity assessment bodies, scheme owners and regional groups continue operating as normal through the transition. The new MRA replaces the former ILAC MRA and IAF MLA, offering a single, simplified framework to support international recognition and confidence in accredited conformity assessment, and Global ACI held its first full round of committee meetings in Prague during the week commencing 20 April 2026, marking an important milestone in moving from transition to delivery. The Prague mid-term meetings brought together more than 300 representatives from accreditation bodies and regional cooperation groups to finalise the operational architecture now reaching CBs.
For certification bodies, the immediate implications are administrative but consequential. The legacy IAF MLA and ILAC MRA marks are anticipated to be phased out over three years as the Global ACI MRA mark is adopted, a behind-the-scenes change managed between accreditation bodies and certification bodies. CBs should expect updated mark-usage guidance from their AB, plan certificate template and IAF CertSearch metadata updates, and brief audit teams on the unified scope language now governing management systems, products, personnel, inspection and testing under one arrangement. Auditors working across borders gain a cleaner recognition pathway, but witnessed-assessment and surveillance cycles continue under ISO/IEC 17011 and the relevant 17021-series requirements unchanged. The unified structure also positions emerging schemes — including AI management systems under ISO/IEC 42001 and sustainability assurance — to enter international recognition through a single endorsement route rather than parallel IAF and ILAC processes.
|
|
|
News
UPDATE ISO 9001:2026 FDIS issued ahead of September publication
The release of ISO/FDIS 9001:2026 marks the final draft stage before formal publication, expected in September 2026, with the 2026 edition replacing ISO 9001:2015. The FDIS confirms that many changes are editorial clarifications to the 2015 edition, while introducing a stronger emphasis on certain themes for quality management. Certification bodies should finalise auditor briefings, examination updates, and transition timetables now so client programmes can move smoothly once the standard is published and the three-year transition window opens.
NEW ISO 14001:2026 published with three-year transition to May 2029
The transition period for ISO 14001:2026 is three years, and certificates issued to ISO 14001:2015 must transition to the new edition before May 2029 to remain valid. ISO 14001:2026 maintains the same core Annex SL structure but introduces new terminology and refined clauses replacing ISO 14001:2015. CBs accredited for environmental management should schedule witness audits, qualify EMS auditors against the revised competence criteria, and ensure transition audits are sequenced well before the 2029 cut-off to avoid certificate withdrawal risk.
ALERT Global Accreditation Cooperation Incorporated takes over from IAF and ILAC
From 1 January 2026, the international accreditation system has moved to a new, unified structure with the launch of Global Accreditation Cooperation Incorporated. One global Cooperation, one MRA — the Global Accreditation Cooperation Incorporated's MRA covers the scopes previously recognised under the ILAC Mutual Recognition Arrangement and the IAF Multilateral Recognition Arrangement. CBs should update marketing materials, certificate footers, and accreditation references to reflect the single MRA mark, while monitoring forthcoming Global ACI mandatory documents that will succeed legacy IAF MDs.
NEW ISO/IEC 27701:2025 becomes standalone PIMS standard with new CB requirements in ISO/IEC 27706:2025
ISO/IEC 27706:2025 specifies the requirements for bodies that audit and certify Privacy Information Management Systems (PIMS) based on ISO/IEC 27701, providing both mandatory requirements and practical guidance. The 2025 edition of ISO/IEC 27701 became a standalone standard with no ISO 27001 prerequisite, reduced the required controls to 29 selected from ISO 27001's 93 controls, and streamlined controller and processor requirements. CBs offering PIMS certification must align scheme rules, auditor competence, and certification documents with ISO/IEC 27706:2025 and accommodate clients seeking 27701 certification independently of an existing 27001 certificate.
UPDATE ISO/IEC 42001 adoption accelerates as AI governance becomes contractual baseline
By mid-2026, "Are you ISO 42001 certified or implementing it?" is showing up in roughly 40% of enterprise AI vendor RFPs in the EU and around 25% in North America. ISO/IEC 42001 certification remains voluntary, with organisations choosing it when they want independent confirmation that their AI management system meets the requirements of the standard. CBs should expand AIMS auditor pools, calibrate sector-specific interpretation guides for high-risk AI use cases, and prepare for surging demand driven by procurement requirements rather than regulator mandates alone.
|
|
|
Market Intelligence
The 2024 ISO Survey confirms that global certification volumes are continuing to expand at pace, with ISO 9001:2015 reaching 1,474,118 valid certificates and remaining the dominant management system standard worldwide source. ISO/IEC 27001 was the year's standout, with valid certificates source and certified sites reaching 179,877, reflecting the run-up to the 31 October 2025 transition deadline for the 2022 revision source. ISO 14001 likewise posted a genuine net expansion, climbing well above its previous 2022 peak of 529,853 certificates as sustainability moves from disclosure to assured management system territory source. When normalised against 2022 baselines to strip out the 2023 reporting anomaly, ISO 9001 growth stands at roughly 23% over two years, with ISO 14001 and ISO 45001 expanding 29% and 37% respectively, indicating sustained underlying demand rather than a one-off correction source.
AI governance has rapidly become the most watched new scheme on the certification body roadmap, with 76% of organisations in a 2025 Cloud Security Alliance compliance benchmark indicating they plan to pursue ISO/IEC 42001 in the near term source. Early commercial adoption is already visible, with technology vendors such as Cornerstone announcing ISO/IEC 42001 certification in December 2025 against the world's first certifiable AI management system standard, published in December 2023 source. For certification bodies, the practical implication is competitive: ISO/IEC 42001 stacks alongside existing ISO/IEC 27001 and ISO/IEC 27701 portfolios, opening combined-audit revenue opportunities while requiring rapid build-out of qualified AI auditor cadres. Bodies that secure accreditation scope early are positioned to capture the integrated 27001/27701/42001 information governance bundle that buyers increasingly request in a single procurement cycle.
Auditor capacity remains the binding constraint across multiple schemes, and pricing is responding accordingly. In the United States defence sector, fewer than 85 authorised C3PAOs are tasked with assessing a pipeline of roughly 80,000 contractors requiring CMMC Level 2, with less than 1% of the defence industrial base certified by the end of 2025 source. The picture in the UK is similar for information security, where a genuine shortage of qualified UKAS Lead Auditors combined with residual ISO/IEC 27001:2022 transition workload is driving sharp increases in audit-day rates source. At the buyer end, a 2025 Certiget study found that over half of companies are now selecting their certification body under significant time pressure, a dynamic that depresses due diligence on accreditation status and inflates premiums for bodies with available scheduling slots source. The broader ISO certification services market is projected to expand at a 15.0% CAGR from a 2024 base of USD 10.26 billion, suggesting the auditor squeeze will tighten before it eases source.
Infrastructure for digital assurance continues to mature alongside the demand surge. The IAF CertSearch API launched in April 2025, giving certification bodies and regulators a programmatic route to verify the validity of accredited certificates at scale, and in August 2025 IAF Members voted to extend the Multilateral Recognition Arrangement to include ISO 14067 as a Level 5 sub-scope, opening accredited carbon-footprint verification to global mutual recognition source. Strategically, IAF and ILAC confirmed in 2025 their merger into a single global accreditation organisation, Global Accreditation Cooperation Incorporated, simplifying the recognition architecture that auditors and scheme owners navigate source. On the practitioner side, AI-assisted tooling is shifting from pilot to standard kit, with audit firms reporting that machine learning is now routinely used to interrogate full populations rather than samples and to automate evidence citation source. For certification body operations, the practical priorities for the second half of 2026 are clear: deepen accredited scope on 42001 and 14067, redeploy auditor hours freed by AI-assisted review toward higher-judgement work, and lock in capacity contracts ahead of the next wave of transition deadlines.
|
|
|
Upcoming Events
6–7 July 2026 | UN Global Dialogue on AI Governance — Geneva, Switzerland
The first session of the Global Dialogue on AI Governance takes place on 6–7 July 2026 at Palexpo in Geneva, convening stakeholders to shape international AI governance frameworks. Certification bodies and auditors working with ISO/IEC 42001 and JTC 1/SC 42 outputs should track the policy direction emerging here, as it will inform future conformity assessment expectations for AI management systems.
7–10 July 2026 | AI for Good Global Summit — Geneva, Switzerland
The summit is held in Geneva alongside the WSIS Forum 2026 and ITU's AI for Good Global Summit, with a single media accreditation providing access to all three events. "Day Zero" of the AI for Good Global Summit on 7 July will feature live demos, interactive exhibits, startup competitions and hands-on workshops, with the summit's Centre Stage officially opening on 8 July. The event is co-organized with ISO and IEC and offers auditors direct insight into emerging AI standards and certification pathways relevant to ISO/IEC 42001 implementation.
10 July 2026 | IIA RISE Virtual Internal Audit Conference — Virtual
The RISE Virtual Internal Audit Conference runs on 10 July 2026 from 10:00 a.m. to 4:30 p.m. ET, offering 7.2 CPE in a high-impact, one-day program designed for Chief Audit Executives and senior audit leaders navigating AI disruption. The sessions translate directly into competency building for certification body audit programme managers responsible for keeping technical teams current on emerging risk topics.
20–21 July 2026 | UKAS ISO/IEC 17021-1 Technical Assessors Course — Virtual
UKAS is delivering its ISO/IEC 17021-1 Technical Assessors course on 20–21 July 2026 in a virtual classroom format. The two-day programme is essential for technical assessors and certification body personnel responsible for demonstrating competence against the requirements UKAS and other accreditation bodies apply during management system CB assessments.
|
|
|
TIC Operating System Changelogs
NEW CRM module first draft
TIC OS now includes a CRM module providing a client overview with primary and additional contacts, linked applications, audits, and signed contracts, plus internal notes visible only inside the portal. CBs can show or hide sections to align the module with their existing client operations workflow.
NEW Client activity tracking on applications
Application views now show whether a client opened the application, what fields were filled in, whether the quote was viewed, and which language was selected, all with timestamps. This gives CBs concrete visibility into client engagement and helps auditors prioritise follow-up before formal review.
UPDATE Custom contract and quote templates
CBs can now create their own contract templates in document templates, name them, and replace the default contract from the CB profile, with the same flow available for quotes. A new automated email also confirms when a contract has been signed, keeping CBs informed on lead status without manual checks.
|
|
|
|
|
.svg)
%201.svg)
.svg){kind=small}
.svg)
