Why ISO Standards Do Not Stay the Same Forever
If you hold an ISO certificate, you have probably wondered at some point what happens when the standard you are certified to gets updated. It is a fair question, and one that causes genuine confusion for a lot of businesses. The short answer is that ISO standards are living documents. They are reviewed, revised, and sometimes completely rewritten to keep up with changes in technology, business practice, and global risk. When that happens, your certificate is affected, and you need to understand what that means for your organisation.
On this page
This article walks you through exactly how ISO standards get updated, who is involved in that process, what the different types of revisions look like, and most importantly, what your obligations are as a certified business when a new version is released.
How the ISO Standard Update Process Actually Works
ISO does not just rewrite standards on a whim. There is a structured, multi-year process governed by technical committees made up of national standards bodies, industry experts, government representatives, and other stakeholders from around the world. In Australia, Standards Australia participates in this process on behalf of Australian industry.
The process follows a defined set of stages, and ISO publishes these stages publicly on its website. Here is a simplified breakdown of how it works in practice.
The Systematic Review Cycle
Every ISO standard is subject to a systematic review at least once every five years. During this review, the relevant technical committee decides one of three things: the standard remains current and does not need changing, the standard needs a minor update or amendment, or the standard needs a full revision. This five year cycle is why you often see standards with year references in their titles, such as ISO 9001:2015 or ISO 14001:2015. The year tells you when that version was published.
Who Drives the Changes?
Changes to standards come from multiple directions. Technical committees receive input from national bodies, industry feedback, changes in regulation, emerging risks, and lessons learned from how the standard has been applied in practice. For example, the upcoming revision of ISO 9001 has been heavily influenced by feedback from users around the world who found certain clauses unclear or difficult to apply in service industries. You can read more about what is expected from that revision in our article on ISO 9001:2026 and what is changing.
Types of Updates: Amendments vs Full Revisions
Not every update is a full rewrite. There are several types of changes that can occur.
- Corrigenda: These are minor technical corrections, such as fixing an error in wording or a formula. They do not change the requirements of the standard in any meaningful way.
- Amendments: These add to or modify specific sections of the existing standard without replacing it entirely. They are used when only part of the standard needs updating.
- Full revisions: These replace the entire standard with a new version. This is what happened when ISO 9001:2008 was replaced by ISO 9001:2015, and it is what is happening again with the expected ISO 9001:2026 revision.
- Withdrawals: Occasionally a standard is withdrawn entirely, either because it has been absorbed into another standard or because it is no longer relevant.
The type of update matters a great deal for certified organisations, because it determines what you are required to do in response.
What Happens to Your Certificate When a Standard Is Updated?
This is where most businesses get anxious, and understandably so. You have invested time and money into achieving certification. The last thing you want is to find out that your certificate is suddenly invalid because ISO published a new version.
Here is the reality: a new version of a standard does not immediately invalidate your existing certificate. However, it does trigger a transition process, and you need to understand what that involves.
The Transition Period
When a major revision is published, ISO and the International Accreditation Forum (IAF) work together to define a transition period. This is typically three years from the date the new version is published. During this period, certified organisations can continue operating under the old version, but they must transition to the new version before the deadline. Once the transition period ends, certificates issued under the old version are no longer valid.
The three year window sounds generous, but it goes faster than most businesses expect. If your surveillance audit falls within that window, your certification body will typically expect you to demonstrate progress toward transition. By the time your recertification audit comes around, you will usually need to be fully compliant with the new version.
How Your Certification Body Manages the Transition
Your certification body plays a key role here. They will notify you of the transition timeline and explain what is expected. Most certification bodies will conduct transition audits as part of your scheduled surveillance or recertification visits, rather than requiring a completely separate audit. This keeps costs manageable.
That said, not all certification bodies communicate this process well. If you have ever felt like your certification body leaves you to figure things out on your own, you are not alone. It is one of the most common complaints we hear from businesses. If you are unsure whether your current provider is giving you adequate support, it is worth reading about why Australian businesses are switching certification bodies.
What Changes You Need to Make
The extent of the work required depends on how significant the revision is. For a minor amendment, you might only need to update a few documents and records. For a full revision like the move from ISO 9001:2008 to ISO 9001:2015, the changes were substantial. New concepts like risk-based thinking, context of the organisation, and the needs of interested parties required businesses to build entirely new processes and documentation.
For the expected ISO 9001:2026 revision, early indications suggest the changes will be more moderate than the 2015 overhaul, but there will still be meaningful updates to address. Your management system will need to be reviewed, gaps identified, and updates implemented before your transition audit.
A Real World Example: The ISO 9001 Transition From 2008 to 2015
To make this concrete, it is worth looking at what actually happened when ISO 9001:2015 was released. The new version was published in September 2015. ISO and IAF set a transition deadline of September 2018, giving certified organisations three years to make the switch.
For many businesses, the transition required significant work. The 2015 version introduced the High Level Structure (now called the Harmonised Structure), which reorganised the clauses in a way that aligned with other management system standards like ISO 14001 and ISO 45001. It also introduced requirements that had no direct equivalent in the 2008 version, including formal risk assessment, documented understanding of organisational context, and explicit consideration of interested parties.
Businesses that left the transition to the last minute found themselves scrambling. Some missed the deadline and had their certificates lapse. Others rushed through the transition without properly embedding the new requirements, which created problems at subsequent surveillance audits. The lesson from that experience is clear: start your transition planning early, well before your certification body is pushing you to act.
What Happens If You Miss the Transition Deadline?
If you do not complete your transition to the new version before the deadline, your certificate will lapse. This is not a technicality. An expired or lapsed certificate is not valid, and using it to claim certification status is misleading. In some industries and tender contexts, this can have serious commercial consequences.
If your certificate lapses, you will need to go through a fresh certification audit against the new version of the standard. This is effectively starting the process again, which costs more time and money than a managed transition would have.
It is also worth noting that accreditation bodies like JASANZ in Australia oversee the accreditation of certification bodies, and they monitor compliance with transition deadlines. Certification bodies that continue issuing certificates under withdrawn versions of standards risk losing their accreditation.
Standards That Are Withdrawn Without a Replacement
Occasionally a standard is withdrawn and not replaced by a new version. This is less common for the major management system standards, but it does happen for more technical or product specific standards. When a standard is withdrawn without replacement, any certification to that standard becomes meaningless over time, because there is no longer a recognised benchmark against which conformance can be assessed.
If this happens to a standard you are certified to, your certification body should notify you. In practice, the commercial impact depends on why you held the certification in the first place. If it was a contractual requirement, you will need to discuss with your clients or customers what alternative standard or approach is acceptable.
How to Stay Ahead of Standard Updates
Waiting for your certification body to tell you about changes is not the best strategy. By the time they formally notify you, the transition clock may already be ticking. Here are some practical steps to stay informed.
Monitor ISO and Standards Australia Directly
ISO publishes its work programme publicly. You can track the status of any standard, including whether it is under review or revision, directly on the ISO website. Standards Australia also publishes updates relevant to the Australian market. Setting up alerts or checking periodically takes very little time and keeps you ahead of the curve.
Engage Your Certification Body Proactively
Do not wait for your annual surveillance visit to ask about upcoming changes. Contact your certification body and ask directly whether any standards you are certified to are currently under review. A good certification body will be able to give you a clear answer and help you understand the likely timeline and impact.
Work With a Consultant Who Keeps Up With Changes
If you work with an ISO consultant, they should be tracking standard revisions as part of their professional practice. A consultant who is not aware of upcoming changes to the standards they work with is not doing their job properly. When evaluating consultants, it is worth asking specifically about their awareness of current and upcoming revisions. Our guide on how to select the best ISO consultant covers the key questions you should be asking before you engage anyone.
Review Your Management System Annually
Your management review process, which is a requirement of most ISO management system standards, should include a standing agenda item on changes to external requirements, including standard revisions. This ensures that leadership is aware of upcoming changes and that resources are allocated in advance rather than at the last minute. If you are unsure whether your system is functioning as it should, our article on how to check if your ISO management system is actually working is a useful reference.
The Cost of Transitioning to a New Standard Version
One question businesses always ask is how much a standard transition will cost. The honest answer is that it depends on the scope of the changes and how well your existing system is documented and maintained.
For a minor amendment, the cost may be negligible. A few hours of a consultant's time to review the changes, update relevant documents, and brief your team is often all that is needed.
For a full revision, the cost can be more significant. You may need a gap analysis against the new requirements, updates to your management system documentation, training for your team, and potentially additional audit time. If your certification body charges separately for a transition audit rather than folding it into your scheduled visit, that adds to the cost as well.
The best way to manage transition costs is to start early and treat it as a planned project rather than an emergency. Businesses that engage a consultant six to twelve months before a transition deadline typically spend considerably less than those who leave it to the last few months.
Finding the Right Support for Your Transition
Whether you are approaching a standard transition for the first time or you have been through it before, having the right support makes a significant difference. The combination of a responsive certification body and an experienced consultant who understands your industry is the most effective setup.
If you are not confident that your current certification body or consultant is equipped to support you through an upcoming transition, it is worth getting a second opinion. CertBetter connects businesses with verified ISO consultants and accredited certification bodies across Australia and globally. You can submit one enquiry and receive up to three competing quotes from providers who have been vetted for experience and industry knowledge. The service is completely free for businesses, and it takes the guesswork out of finding someone you can actually rely on.
