|
For Certification Body Professionals & ISO Auditors
Monthly News on
ISO Standards, Events & Tech
Issue No. 1 · May 2026
|
|
|
|
Lead Story
ISO/FDIS 9001 Enters Final Ballot, September Publication on Track
The Final Draft International Standard for ISO 9001 has reached the formal approval stage, with the FDIS registered on 20 April 2026 and an eight-week ballot now underway among ISO member bodies. The text follows the Draft International Standard approved by ISO member bodies with a 97% approval rate in December 2025, after which ISO/TC 176/SC 2 processed national-body comments and consolidated the FDIS in Mexico City. ISO/FDIS 9001 is expected to be published in April 2026, with the revised standard targeted for publication in autumn 2026, and the revised version of ISO 9001 is expected to be published in September 2026, replacing the 2015 edition that currently anchors more than a million certificates worldwide.
For certification bodies, the FDIS milestone marks the point at which requirements are effectively frozen, allowing scheme owners, training functions and audit teams to finalise transition products with confidence. A three-year transition window for organizations moving from ISO 9001:2015 to ISO 9001:2026 is expected to open on publication, subject to IAF confirmation, and CBs should anticipate the customary IAF resolution and accompanying mandatory document setting auditor competence, witness assessment and conversion-audit expectations. The revision retains the Annex SL high-level structure but sharpens emphases relevant to current audit practice, including climate-related issues, ethical behaviour, change management and the role of digital tools and emerging technologies within the QMS. Practical priorities for the coming months include updating internal auditor training, briefing technical reviewers on terminology shifts in Clause 3, recalibrating audit-time justifications where digital evidence and remote techniques are deployed, and engaging clients early so that surveillance cycles and recertification dates can absorb the upgrade audit without disruption once the standard is formally issued.
|
|
|
News
NEW ISO 14001:2026 Released, Replacing the 2015 Edition
The revised environmental management systems standard has been published, introducing clarified requirements on context analysis, climate resilience, biodiversity, and sustainable resource use while retaining the Harmonized Structure. A three-year transition period applies, with all certificates issued to ISO 14001:2015 needing to migrate to the new edition before May 2029 to remain valid. Certification bodies should begin auditor upskilling and update transition planning communications with clients now to avoid late-cycle bottlenecks.
UPDATE ISO/FDIS 9001 Moves Toward Publication
The Final Draft International Standard for ISO 9001 has progressed through ballot, with publication of ISO 9001:2026 anticipated later this year and a three-year transition window expected to follow IAF guidance. Changes are moderate rather than radical, emphasizing quality culture, ethical behavior, clearer risk and opportunity treatment, and explicit climate change consideration in clauses 4.1 and 4.2. Auditors should prepare to verify how organizations have assessed the relevance of climate-related issues and justify determinations where they are deemed not relevant.
NEW ISO/IEC 27701:2025 Becomes a Standalone Privacy Management Standard
The revised privacy information management systems standard, published in October 2025, can now be implemented and certified independently of ISO/IEC 27001, replacing the 2019 extension model. Organizations may pursue PIMS certification on its own footing, and certification bodies will need updated scopes, competence criteria, and audit programs aligned with the standalone requirements. Expect rising demand as data-protection regulators increasingly reference the standard in accountability and demonstrability expectations.
ALERT ISO/IEC 42001 AI Management System Accreditation Expands
Accreditation bodies continue to onboard certification bodies for ISO/IEC 42001, the only certifiable AI management system standard, as enterprise demand accelerates alongside emerging AI regulation. CBs entering this scheme should ensure auditors meet competence requirements covering AI risk, lifecycle controls, and impact assessment, and align with applicable IAF mandatory documents. Witness audits and Stage 1/Stage 2 approaches are maturing quickly, making early investment in auditor training a competitive differentiator.
UPDATE IAF MD 4 Issue 3 Governs Use of ICT in Audits
The updated IAF mandatory document on the use of information and communication technology for audit and assessment purposes remains the primary reference for hybrid and remote audit delivery across management system schemes. CBs should verify that risk assessments, ICT capability checks, and justification records for remote audit portions are documented in line with the current issue, particularly as accreditation bodies tighten oversight of remote-only renewals. Integration of AI-assisted evidence review tools is permissible but must remain under qualified auditor judgment and confidentiality controls.
|
|
|
Market Intelligence
The 2024 ISO Survey, released in September 2025, reset the baseline for global certificate volumes, with ISO now reporting a total of 1,479,165 ISO 9001 certificates, up 76.7% over the prior year's total of 837,049 certificates, although the previous year was an outlier because China had not contributed data. Stripping out that reporting artifact, the cleaner 2022-to-2024 comparison shows year-to-year growth of just over 50%, driven nearly entirely by China and, secondarily, by India (source). Environmental and occupational safety standards moved in lockstep, with ISO 14001 totals reaching 651,851 in the 2024 survey, a 23% increase over the two-year period, while the adjusted increases for ISO 45001 came in at 37%(source). Information security saw the sharpest single-year jump of any major scheme, as the number of valid ISO/IEC 27001 certificates nearly doubled, jumping from 48,671 in 2023 to 96,709 in 2024, with certified sites reaching 179,877 (source). For certification bodies planning 2026 capacity, this points to sustained tailwinds in cyber and sustainability scopes well above the underlying QMS growth rate.
Sector demand signals around AI governance are now translating into billable assessment work. The information-security certification market alone was valued at USD 18.59 billion in 2025 and is expected to reach USD 74.56 billion by 2035, implying a CAGR of 15.2%(source), and adjacent AI-management demand is following a similar curve as ISO/IEC 42001 moves from pilot to mainstream procurement requirement. Early-mover dynamics remain pronounced: Swimlane was identified as one of the first 30 companies in the world to earn ISO 42001 certification in June 2025 (source), and KPMG International became the first Big Four international entity to attain ISO 42001:2023 certification, the world's first international standard for AI Management Systems (source). With the EU AI Act timeline tightening, current marketplace compliance trends point to 2025 matching, if not exceeding, the rise in popularity and demand of ISO 42001 seen as 2024 progressed (source), suggesting CBs that have not yet scoped ISO 42001 onto their accreditation should expect to lose mandates to those that have.
Auditor capacity and skills are tightening at exactly the wrong moment for that demand surge. Vision 2035 identified expanding internal audit's skills as a key challenge, with 42% of respondents reporting that they lacked needed skill sets within their teams (source), and the cyber-audit talent gap is widening fastest: the skills gap has widened by 8% from 2024 to 2025, with the public sector particularly affected, as 49% of organizations report lacking the workforce to meet their cybersecurity objectives, a 33% increase from 2024 (source). Buyer-side price sensitivity is also rising, with businesses switching certification bodies for better pricing or service quality up roughly 18% in 2023–24 (source), narrowing margins on commoditized QMS surveillance work even as fees for AI, cyber, and integrated audits hold firm. The strategic implication is bifurcation: routine ISO 9001 surveillance is becoming a price-led business while specialty scopes remain capacity-constrained and value-priced.
Digital and AI-assisted audit tooling is the most credible response to that capacity squeeze, and adoption curves have steepened sharply over the past twelve months. A Wolters Kluwer survey found that 27% of respondents identified access to dedicated AI-powered internal audit technologies as the key driver behind AI adoption, while 15% cited the need for robust business-wide governance, and 54% reported that AI will drive efficiency and productivity gains for internal auditors in the next 12 months (source). On the practitioner side, KPMG reports that about 60% of the companies it works with have AI tools they use every day, while others have no AI or are still experimenting (source), and credentialing is catching up: ISACA has launched the Advanced in AI Audit (AAIA) certification, open to holders of an active CISA, CIA, or CPA, covering AI governance and risk, AI operations, and AI auditing tools and techniques (source). The accreditation infrastructure beneath all of this is itself consolidating, as IAF and ILAC have merged into one global accreditation organization, Global Accreditation Cooperation Incorporated, a decision first taken in joint meetings in 2019 and confirmed in 2025, with both legacy bodies ceasing operations on 1 January (source) — a structural change CBs should be watching closely as MLA/MRA scope mappings are reissued through 2026.
|
|
|
Upcoming Events
3 June 2026 | EA Workshop on the EU Methane Regulation — Online
The online workshop, held on 3 June 2026 from 09:00 to 12:00 CEST, will see National Accreditation Bodies share information and views on accrediting verifiers for methane emission reports under Regulation (EU) 2024/1787. The session is essential for CBs scoping new GHG verification activities and for assessors preparing for accreditation of energy-sector verifiers.
16–18 June 2026 | ETSI/IQC Quantum Safe Cryptography Conference 2026 — Ottawa, Canada
The conference will be hosted physically by Carleton University on 16–18 June 2026 in Ottawa, Canada, and is designed for members of the business, government, and research communities with a stake in cryptographic standardisation. Auditors working with ISO/IEC 27001, ISO/IEC 27002 and emerging post-quantum requirements will gain practical insight into migration roadmaps that are increasingly surfacing in certification audits.
20–28 June 2026 | APAC Annual Meeting 2026 — Bali, Indonesia
The APAC Annual Meeting runs from 20 to 28 June 2026 in Indonesia, convening regional accreditation bodies, conformity assessment stakeholders, and IAF/ILAC liaisons. The event is described as a forum to strengthen cooperation among APAC members, making it a key gathering for CBs operating across Asia-Pacific MLA/MRA scopes.
25 June 2026 | Quality Live 2026 and International Quality Awards — London, UK
Quality Live and the International Quality Awards return on Thursday 25 June 2026 at Convene, 133 Houndsditch, London, with the CQI's leading conference and awards programme bringing together thought leaders and quality professionals for a full day of continuous professional development. The programme offers ISO auditors and CQI/IRCA-certified auditors direct access to current thinking on quality assurance, audit practice and the evolving competence requirements of the profession.
|
|
|
ISO OS Changelogs
NEW Audit execution linked to the audit plan
The audit execution module is now connected to the audit plan, presenting both a timeline view and the order structure, and allowing auditors to add notes, mark conformities and nonconformities, attach text, images, and documents, and navigate between related clauses and controls. This gives auditors a single working environment during fieldwork and reduces the need to switch between planning and execution tools.
NEW Customizable email templates per certification body
Each certification body can now create and customize its own email templates, with support for English, German, Italian, and Turkish, configurable CC/BCC and subject lines, full HTML editing, global branding translatable per language, test sending with desktop and mobile preview, and dynamic global variables. CBs can align all system communications with their own brand and language requirements without relying on platform defaults.
UPDATE Expanded ISO standard coverage for calculations
Calculations are now supported for ISO 27001, ISO 9001, ISO 14001, ISO 45001, ISO 37001, and ISO 50001, including integration calculations across multiple standards and per-standard cost adjustments reflected in quotes and contracts. CBs handling multi-standard scopes can produce accurate, transparent pricing breakdowns for clients directly within the platform.
|
|
|
|
|
.svg)
%201.svg)
.svg){kind=small}
.svg)
