How to Transition From an Old ISO Standard Version to a New One

Why ISO Standards Get Updated and What It Means for Your Certificate

ISO standards are living documents. They get reviewed and revised every few years to reflect changes in technology, industry practice, regulatory expectations, and global risks. When a new version is published, certified organisations do not get to ignore it indefinitely. They are required to transition to the updated standard within a defined period, or risk losing their certification entirely.

Transitioning from an old ISO standard version to a new one is one of the most common challenges businesses face after they achieve initial certification. It is not as complex as getting certified from scratch, but it does require proper planning, gap analysis, updated documentation, and a dedicated transition audit. Done well, it is an opportunity to strengthen your management system. Done poorly, it leads to major nonconformances, failed audits, and wasted money.

This guide walks you through exactly how to approach an ISO standard version transition, what the process looks like in practice, and how to avoid the most common mistakes businesses make along the way. If you are currently certified to an older version of a standard and a new version has been published, this is where you start. You might also want to read our article on how ISO standards are updated and what happens to your certificate for useful background context.

Understanding the Transition Timeline

When ISO publishes a revised standard, the International Accreditation Forum (IAF) works with national accreditation bodies to establish a transition period. This is typically three years from the date the new standard is published, though it can vary depending on the standard and the extent of the changes involved.

During the transition period, certification bodies are authorised to issue certificates against both the old and new version. Once the transition deadline passes, certificates issued against the old version are no longer valid. Your certification body will usually notify you well in advance, but it is your responsibility to understand the deadline and plan accordingly.

A practical example: when ISO 9001:2015 was published in September 2015, the transition deadline for organisations certified to ISO 9001:2008 was September 2018. Any business that had not transitioned by that date had their certificate withdrawn. The same principle applies to every major standard revision.

Right now, ISO 9001 is undergoing another revision. If you want to understand what is coming and how much time you will have, our article on how long you have to transition to ISO 9001:2026 covers the current timeline in detail.

Step 1: Obtain and Read the New Standard

This sounds obvious, but many businesses skip it entirely and rely on a consultant to tell them what changed. That is a mistake. You need at least one person in your organisation who has actually read the new standard, compared it to the old version, and understands the differences at a conceptual level.

You can purchase the new standard directly from the ISO online store or through your national standards body. In Australia, that is Standards Australia. The cost is typically between $100 and $300 AUD depending on the standard.

When reading the new version, pay particular attention to:

• New or modified clauses that did not exist in the previous version
• Changes to terminology or definitions
• New mandatory documented information requirements
• Clauses that have been removed or significantly restructured
• Any new concepts introduced, such as risk-based thinking in ISO 9001:2015 or the climate change additions in recent amendments

Many standards also publish a publicly available “what has changed” document or transition guide. ISO and national standards bodies often release these alongside the new standard, and they are worth downloading before you start your gap analysis.

Step 2: Conduct a Formal Gap Analysis

A gap analysis is a structured comparison between what your current management system does and what the new version of the standard requires. It is the foundation of your transition plan. Without it, you are guessing at what needs to change.

The gap analysis should be done clause by clause. For each requirement in the new standard, you assess whether your current system fully meets it, partially meets it, or does not address it at all. The output is a prioritised list of actions needed to close the gaps.

What a Good Gap Analysis Covers

A thorough gap analysis for a version transition should examine the following areas:

• Documentation: Are all required documents and records present? Do they reference the correct version of the standard? Do they reflect any new requirements?
• Processes: Have any processes been affected by new or changed requirements? Do process owners understand what has changed?
• Policies and objectives: Does your quality, environmental, or safety policy need updating to reflect new language or commitments?
• Risk and opportunity registers: Have new risks been introduced by the updated standard that need to be assessed?
• Competence and training: Do staff who operate within the management system understand the changes in the new version?
• Internal audit programme: Does your internal audit programme reflect the new clause structure?

For smaller organisations, a gap analysis might take one to two days. For larger, more complex businesses it can take a week or more. If you are using a consultant to help with the transition, this is where their time is most valuable.

Step 3: Update Your Management System

Once you know your gaps, you need to close them. This is the implementation phase of the transition, and it is where most of the actual work happens.

Updating Documentation

Start with your core documents: your management system manual if you have one, your policy, your scope statement, and your procedures. Every document that references the old version of the standard needs to be updated to reference the new one. More importantly, documents that describe processes or requirements that have changed need to be revised to reflect those changes, not just have the version number swapped out.

Pay careful attention to your controlled documents register. Every document you update needs to go through your document control process, including version numbering, review and approval, and distribution. This is not optional. An auditor will check your document control during the transition audit, and finding documents with mismatched version references is a common nonconformance.

For more on how to manage this process correctly, our article on what controlled documents are and how to implement them is a useful reference.

Training Your Team

Any change to a management system is only effective if the people who work within it understand what has changed and why. After you update your documentation, you need to communicate the changes to relevant staff and provide training where required.

This does not need to be a formal training course in every case. For minor changes, a team briefing and updated work instructions may be sufficient. For significant changes, such as the introduction of risk-based thinking in ISO 9001:2015, more structured training is warranted. The key is that you can demonstrate awareness and competence during your transition audit.

Updating Your Internal Audit Programme

Your internal audit schedule and audit checklists need to be updated to reflect the new clause structure and requirements. If you are still auditing against the old version of the standard, you will miss gaps that the transition auditor will find. Update your checklists before you run your next internal audit cycle, and make sure at least one full internal audit against the new version is completed before your transition audit takes place.

Step 4: Run an Internal Audit Against the New Version

Before your certification body comes in to conduct the transition audit, you need to run at least one complete internal audit cycle against the new version of the standard. This serves two purposes. First, it helps you identify any remaining gaps that were not caught during the gap analysis. Second, it provides evidence to your auditor that your management system is operating effectively under the new requirements, not just documented to meet them.

Your internal audit results, including any nonconformances raised and corrective actions taken, need to be reviewed at a management review meeting. That management review needs to cover the new standard requirements and demonstrate that top management is engaged with the transition.

If your internal audit capability is limited, this is a reasonable point to bring in external support. A consultant or experienced internal auditor can run the internal audit for you, or review the results before your certification body visits. Our guide on how to run ISO internal audits that actually find problems covers the practical approach in detail.

Step 5: Notify Your Certification Body and Schedule the Transition Audit

Your certification body needs to know you are ready to transition. Contact them well in advance of the transition deadline, ideally at least six months before the deadline if your system is reasonably mature, and earlier if you have significant gaps to close.

The transition audit is typically conducted as part of your regular surveillance or recertification audit cycle. In many cases, your certification body will schedule a combined audit that covers both your ongoing compliance with the current version and the transition to the new version. This reduces cost and disruption compared to scheduling a separate standalone audit.

What the Transition Audit Covers

During a transition audit, your auditor will specifically review:

• Evidence that you have conducted a gap analysis and addressed the identified gaps
• Updated documentation that reflects the new version requirements
• Evidence of internal audits conducted against the new version
• Management review records that address the transition
• Staff awareness and competence in relation to the changes
• Any new requirements introduced by the updated standard, such as new risk considerations or documented information requirements

If the auditor is satisfied that your system meets the requirements of the new version, your certificate will be reissued against the new standard. If major nonconformances are found, you will be given time to address them before the certificate is updated.

Common Mistakes That Derail Transitions

Having audited and consulted on dozens of version transitions, the same mistakes come up repeatedly. Here are the ones that cause the most problems.

Leaving It Too Late

The most common mistake is simply not starting the transition process until the deadline is close. Organisations assume they have plenty of time, then find themselves scrambling in the final six months. If your management system has significant gaps relative to the new version, six months is not enough time to implement changes, run an internal audit, and schedule a transition audit with your certification body. Start as early as possible.

Treating It as a Documentation Exercise Only

Some businesses update their documents to reference the new standard without actually changing anything in how they operate. An experienced auditor will see through this immediately. If the new standard introduces a substantive new requirement, your system needs to actually meet it, not just mention it in a procedure.

Not Involving Top Management

Version transitions require leadership engagement. New requirements often affect strategic direction, risk management, or resource allocation. If top management is not involved, the transition tends to be superficial and the management review records will show it. Auditors pay close attention to whether leadership genuinely understands and supports the updated system.

Underestimating the Cost

Transitions are not free. There are consultant fees, internal staff time, training costs, and audit fees to consider. If you want a realistic picture of what a transition typically costs, our article on how much it costs to transition to a new ISO standard version breaks down the numbers honestly.

Transitioning Multiple Standards at Once

If your organisation holds certification to more than one standard, such as ISO 9001, ISO 14001, and ISO 45001, you may find that multiple standards are revised within a similar timeframe. This is not uncommon, particularly as ISO moves towards aligning standards through the High Level Structure framework.

In this situation, it is worth considering whether you can combine your transition audits. Most certification bodies are willing to conduct integrated audits that cover multiple standards simultaneously. This reduces audit time, cost, and disruption. However, it does require that your gap analysis and implementation work covers all the relevant standards, and that your internal audit programme addresses all of them.

If you are running an integrated management system, the transition process is broadly the same, but you need to ensure that common elements such as context of the organisation, risk management, and leadership requirements are updated in a way that satisfies all the standards simultaneously.

Getting Help With Your Transition

Many businesses handle version transitions with internal resources, particularly if they have a dedicated quality, safety, or environmental manager. Others bring in a consultant to help with the gap analysis, documentation updates, and internal audit preparation.

Whether you need external help depends on the complexity of your system, the extent of the changes in the new version, and the capability of your internal team. For a straightforward quality management system with minor changes, an experienced internal team can often handle the transition without external support. For more complex systems, or where the new version introduces significant new requirements, a consultant adds real value.

If you are looking for help with a version transition and want to compare quotes from verified consultants and certification bodies, CertBetter makes that process straightforward. You submit one form and receive up to three competing quotes from vetted providers who understand transition audits. The service is free for businesses, and it saves you the time of researching and contacting multiple providers individually.