ISO 9001:2026 has not yet been published, but the committee work is advanced and the direction of travel is clear. Five confirmed change areas give forward-thinking organisations a practical head start — here's what we know, and what you should be doing now.
ISO 9001:2026 is currently in the committee draft (CD) and draft international standard (DIS) stages of the ISO development process. The standard is being developed by ISO Technical Committee 176 (ISO/TC 176), which is responsible for quality management and quality assurance standards. Publication is anticipated in 2026, though the precise date has not been confirmed.
ISO 9001 is the world's most widely adopted management system standard, with over one million organisations certified in more than 170 countries. The current version, ISO 9001:2015, introduced a number of significant changes from the 2008 edition, including the High Level Structure (HLS), risk-based thinking, and a strengthened focus on context and interested parties. The 2026 revision builds on this foundation rather than overturning it.
Importantly, ISO 9001:2015 certificates remain fully valid. There is no need to take any action to maintain your current certification while the revision is in development. However, organisations that understand the anticipated changes and begin voluntary preparation will be in a significantly stronger position when the transition period begins.
Our Commitment
Charis Management Systems is tracking the ISO 9001:2026 development process closely. We will update this page as the standard progresses through publication. Our clients will receive direct notification when the standard is published and when transition timelines are confirmed.
These five areas have been confirmed through the committee draft process. Each represents a meaningful evolution of the standard — and a preparation opportunity for forward-thinking organisations.
The most universally anticipated change in ISO 9001:2026 is formal accommodation of digital and cloud-based QMS platforms. The 2015 standard was largely written for an era of paper-based or locally-hosted systems, creating persistent ambiguity around electronic records, digital signatures, cloud storage, and automated controls.
The 2026 revision is expected to explicitly recognise digital QMS infrastructure as fully compliant, provide clearer requirements for ensuring the integrity, availability, and security of electronically held documented information, and address the management of quality records held in third-party cloud environments.
For organisations already using digital QMS platforms (such as Ideagen, Qualsys, or similar tools), this change largely validates existing practice. The practical work will involve documenting how digital controls satisfy the standard's requirements — a task that many organisations have been doing informally for years. Organisations still operating paper-based systems may wish to use the transition as a catalyst for digitalisation.
Risk-based thinking was the headline innovation of ISO 9001:2015, replacing the preventive action clause with a more pervasive, system-wide approach to risk management. ISO 9001:2026 is expected to sharpen and formalise these requirements, moving from the relatively open-textured 2015 requirements toward more structured expectations for how organisations identify, assess, and treat quality-related risks.
Specifically, the committee work suggests expectations for: more systematic risk identification processes linked explicitly to context and interested party requirements; clearer risk assessment methodologies appropriate to the organisation's complexity; documented risk treatment plans with assigned responsibilities and timescales; and more rigorous linkage between risk assessment outputs and quality objectives.
For organisations that currently treat risk-based thinking as a documentation exercise — producing a risk register that is reviewed annually without genuinely influencing operational decision-making — the 2026 revision will represent a meaningful challenge. The goal is risk-based thinking embedded in business processes, not a standalone document that satisfies auditors.
The COVID-19 pandemic accelerated the adoption of remote auditing across the ISO certification community, but neither ISO 9001:2015 nor the accreditation standards governing certification bodies fully anticipated or addressed remote audit methods. ISO 9001:2026 is expected to formally recognise and set standards for remote and hybrid audit approaches.
For internal auditors, this means the standard will explicitly acknowledge that an audit programme may include remote document review, video-conference interviews, and screen-shared process walkthroughs alongside traditional on-site observations. The requirements around maintaining audit trail integrity, evidence collection, and auditor objectivity in remote settings are expected to be specifically addressed.
For many SMEs, this is a positive development — remote internal audit approaches reduce travel time and cost, and can increase audit frequency by making the activity more accessible. Organisations that have already adopted remote internal audit practices will largely find their approach validated. Our internal audit service already incorporates hybrid delivery where appropriate.
The customer focus principle has been central to ISO 9001 since its earliest editions, but the requirements around customer satisfaction measurement and feedback have often been implemented in minimal, compliance-only ways. ISO 9001:2026 is expected to broaden the standard's customer requirements from transactional satisfaction measurement toward more holistic customer experience management.
This is anticipated to include: more explicit requirements for systematic collection of customer feedback across the customer journey (not just post-delivery satisfaction surveys); expectations for organisations to demonstrate how customer feedback influences quality objectives, process improvement, and product/service development decisions; and clearer linkage between customer experience metrics and management review inputs.
The change responds to two decades of customer experience (CX) research demonstrating that single-point satisfaction surveys are a poor proxy for customer loyalty, repeat purchase, and recommendation — the commercial outcomes that quality management is ultimately intended to support. Organisations that already run robust Voice of Customer programmes will be well-placed; those relying solely on annual satisfaction questionnaires should begin developing a more systematic approach now.
The disruptions of the early 2020s — pandemic-related supply shortages, semiconductor shortfalls, geopolitical trade disruptions — exposed significant fragility in global and regional supply chains. ISO 9001:2026 is anticipated to substantially strengthen supplier management requirements in response, adding resilience and continuity considerations alongside the existing quality performance requirements.
Expected changes include: risk-based supplier classification with more differentiated requirements for critical versus non-critical suppliers; explicit requirements for supply chain risk assessment including single-source dependencies, geographic concentration, and financial stability of key suppliers; expectations for supply continuity planning for critical inputs; and stronger requirements for monitoring ongoing supplier performance rather than relying on initial qualification assessments.
For SMEs with lean supplier management processes, this represents one of the most significant preparation areas. The goal is not a bureaucratic supplier audit programme, but a genuinely risk-based approach to supplier management that is proportionate to the organisation's supply chain complexity and the criticality of different suppliers to product and service quality. We can help you build a supplier management framework that satisfies the anticipated requirements without unnecessary overhead.
Your current certificate is valid and valuable. Maintain it actively — don't let your system drift while waiting for the new version.
Review your current risk register and risk-based thinking approach. If it's a document exercise rather than a live business tool, address this now.
Map your critical suppliers, assess single-source risks, and ensure your supplier monitoring process generates meaningful performance data.
Move beyond annual surveys. Establish regular, structured ways to gather and act on customer feedback throughout the service lifecycle.
If you're still using paper or spreadsheet-based QMS management, evaluate digital platforms now — transition is a natural trigger for modernisation.
Sign up to our updates (via the contact form) to receive direct notification when ISO 9001:2026 is published and when transition timelines are confirmed.