ISO 9001:2026 is coming.
That means you’ll probably be starting to ask what your organisation actually needs to change. It’s a very sensible question. The key is to treat the ISO 9001:2026 update as a practical process update. Simply changing a few procedure titles and running a quick internal audit won’t necessarily mean passing your transition audit.
Use this as an opportunity not just to maintain your ISO certification but, even more importantly, to improve your quality management system (QMS).
All of these, and more, are valuable considerations. In this guide, our team of dedicated ISO consultants takes a comprehensive look at how to update your QMS for ISO 9001:2026.
Are you prepare for ISO 9001:2026?
Are your processes still suitable?
Are you managing risks well?
Are people actually using your system or just working around it?
Are your objectives meaningful?
About the author
Jodie Turner – Marketing Team Leader
During my time as ISO QSL, I’ve developed extensive knowledge of digital marketing alongside a strong understanding of the ISO standards that help organisations improve.
Start with how your QMS works now
Before you think about the new standard, look at your current system, not just your documents.
That means auditing how you manage the quality of your products or services across your organisation. Again, not just how they’re supposed to be managed, but what actually happens.
For example, how do customer requirements come in? How are jobs planned? How are suppliers approved? How are complaints handled? How are mistakes investigated? How do managers know whether the QMS is working?
This is all important because your ISO certification is tied to the effectiveness of your QMS. That’s always been the case with ISO 9001, but the 2026 update makes this holistic requirement even more explicit.
So, does your current QMS reflect what you actually do? At the end of your audit, you may find old forms no one uses, procedures that describe a previous way of working, objectives that don’t influence decisions, or risk registers that were created for an audit and then left alone.
That doesn’t necessarily mean your QMS is failing. It means it needs to be brought back into line with the business, either through rewrites, adjustments, expansions or by deleting sections that are no longer needed.
Don’t rewrite everything for the sake of it
Having said that, keep your rewrites proportionate and within scope. Just because a new version of ISO 9001 is coming out, you don’t automatically need a completely new QMS. In fact, you almost certainly don’t, especially if you’re already certified to ISO 9001.
If your ISO 9001:2015 system is working well, build on it. Your processes, document control, internal audits, management reviews, corrective actions and improvement activities should already give you a solid foundation.
You don’t need to rewrite or reorganise every policy, procedure, form and record. All that does is create unnecessary work. Worse, it can make your QMS harder to use, which can lead to more nonconformities in a transition audit.
Instead, perform a gap analysis on each part of your system. Decide whether it needs to be kept as it is, clarified, simplified, expanded, removed or replaced. Use a working spreadsheet or similar document to keep track of your assessment and resulting actions.
Decisions are deeper than documents
Quality management is full of decisions. Which suppliers do you use? Which risks matter most? Which customer issues need escalation? Which process changes need formal review? Which training gaps are most urgent? Which objectives deserve management attention?
Your QMS should help your people make those decisions consistently.
So, when reviewing your system for ISO 9001:2026, don’t just ask whether you have a procedure. Ask whether the procedure helps someone make the right decision at the right time. You should also ask whether your people use the QMS for this reason.
For example, a supplier approval process shouldn’t just say ‘suppliers must be approved’. That doesn’t help anyone. Different people will take different approaches. The QMS should help your team understand what makes a supplier acceptable, what evidence is needed, how performance is reviewed and when action is required.
Also, a corrective action process shouldn’t just record that something went wrong. It should help people understand the root cause, decide what needs to change, and check whether the action worked.
When you update your documents, don’t unnecessarily fill them with technical jargon. As long as your people understand and consistently apply your processes, your QMS is doing its job.
Bring process owners into the update
Your quality manager shouldn’t have to update the QMS alone. In fact, they probably can’t.
A quality manager can guide the transition, interpret requirements, support the gap analysis and help make sure the system remains coherent, while taking responsibility for the update schedule and implementation. But the people who own and operate the individual processes need to be involved.
That includes managers, supervisors, team leaders and anyone responsible for core activities such as sales, purchasing, production, service delivery, customer support, HR, compliance and leadership.
Why? Because they know how their processes work. They know where the delays happen. They know which forms are useful and which ones are ignored. They know where errors keep appearing. They know where customers get frustrated. They know whether the current controls are helping or getting in the way.
If you update the QMS without them, you risk creating a nicely polished system that doesn’t match the reality of your operations. A better approach is to run short process review conversations. Take one process at a time and ask the relevant process owner:
- What’s changed since we last reviewed this?
- What could go wrong?
- What information do we rely on?
- What do customers, regulators, suppliers, or internal teams expect from this process?
- What evidence do we already keep?
- What needs to be clearer?
Record the answers and take action where needed. Don’t forget to keep evidence of this work.
Review risks and opportunities
Risk-based thinking is already part of ISO 9001:2015, so this shouldn’t be new. But the ISO 9001:2026 update is a good time to ask whether your approach to risk is useful.
Some organisations have a risk register, but it sits separately from everyday management. It gets reviewed once or twice a year, usually before an audit, and then disappears again.
That’s not especially helpful.
Instead, we recommend a more practical approach that supports both your QMS’s effectiveness and your future ISO 9001:2026 compliance. Connect your risks and opportunities to how your processes are run. For example:
- In purchasing, risks might include supplier delays, poor-quality materials, single-supplier dependency or missing supplier evidence.
- In customer service, risks might include slow response times, unclear communication, repeated complaints or failure to capture customer feedback.
- In production or service delivery, risks might include equipment failure, staff shortages, unclear specifications or inconsistent checks.
Like the rewrites mentioned above, the point here isn’t to create a huge risk document. The point is to show that your organisation understands what could affect quality and how, and that you have sensible control measures in place.
Make change control easier to follow
QMS updates might reveal a weakness around change management. Once again, this comes down to consistency.
For instance, when suppliers or processes change, what happens with regard to quality? Are the changes implemented in the same way across different suppliers or processes? Do the replacements face the same checks and management processes?
This applies to far more situations, too. Software updates. Team structures. Customer requirements. Production methods. Staff or manager turnover.
Of course, we’re talking about change management within the context of your QMS. The only things your QMS should address are how these changes impact quality and what measures you take to rectify these risks.
That doesn’t mean every small adjustment needs a formal meeting. But it does mean your organisation should have a clear way to consider the impact of important changes.
For example, before changing a supplier, you might need to review quality history, delivery performance, certification evidence, customer requirements and approval criteria. Before changing a process, you might need to consider training, equipment, inspection points, documentation, risks and communication. The same principle applies to other important changes.
Check whether your QMS protects knowledge
When updating your QMS for ISO 9001:2026, it’s worth asking whether important knowledge is being captured, shared and protected.
This is especially important if your organisation depends on experienced staff, technical know-how, customer-specific requirements, supplier knowledge, regulatory understanding or specialist processes.
The simplest starting point is what would happen if a key person left tomorrow? Would the process still work? Would someone know where to find the right information? Would customer requirements still be met? Would records, specifications and instructions be clear enough?
This doesn’t mean you need to document every tiny detail. But you should know where important knowledge lives and how it’s maintained.
Useful evidence might include training records, process notes, customer specifications, work instructions, lessons learned, handover notes, competence matrices, meeting minutes or controlled technical documents.
Use internal audits as a learning tool
Internal audits are often treated as a compliance exercise. For the ISO 9001:2026 transition, they can be much more useful than that. Instead of auditing only against clauses, audit how your QMS behaves.
Choose a process and follow it from start to finish. Look at inputs, outputs, responsibilities, records, risks, controls, customer requirements, competence, communication and improvement.
This gives you a much better view of whether that specific aspect of your QMS is working.
For example, rather than simply asking whether a purchasing procedure exists, follow a recent purchase through the system. Was the supplier approved? Were requirements clear? Was the order checked? Was delivery monitored? Was any issue recorded and resolved? Did the process protect quality?
Internal audits should have a specific objective (not just ‘Is the QMS working?’). They’re also a key part of preparing for your transition audit and maintaining certification. And getting ahead with these internal audits, then acting on their findings, helps avoid a last-minute transition rush.
Make management review more useful
It may be tempting to treat a management review as a small section of a formal meeting where everyone takes a quick glance at a report overview and agrees that the QMS is fine. A management review should be so much more than that. It should be a fundamental part of leadership decision-making.
So, as you update your QMS, review whether management review is doing its job. Does it cover useful information? Does it lead to actions? Does it influence objectives, resources, risks, customer satisfaction, supplier performance, process improvement and business priorities?
As with many other aspects in this guide, you don’t need to add details or long meetings just for the sake of it. We’ve found that most organisations work better with shorter, more frequent reviews. Others prefer a structured quarterly or annual meeting. The format doesn’t really matter too much. What’s important is whether it supports your QMS’s role and leads to actionable outputs.
A useful management review should help answer questions like:
- Are we meeting our quality objectives?
- Where are customers unhappy?
- Where are processes under pressure?
- Do we have the resources we need?
- Are risks changing?
- Are corrective actions working?
- What needs to improve next?
Train people on what affects them
When the time comes to communicate ISO 9001:2026 changes, avoid giving everyone the same generic training. Most people don’t need a clause-by-clause explanation of the standard.
Rather, they need to understand what’s changing in their area and what they’re expected to do differently. Here are some examples:
- Senior leaders need to understand their role in direction, resources, quality culture, objectives, risks and performance.
- Process owners need to understand updates to responsibilities, controls, records, performance measures and change management.
- Operational staff need simple guidance on updated forms, instructions, checks, escalation routes or customer requirements.
- Internal auditors need more detailed training so they can audit the revised system.
At ISO QSL, we help you provide dedicated training for your individual staff members, based on their roles and responsibilities.
Keep evidence natural
One of the best ways to make your QMS easier to manage is to use evidence that already exists.
You don’t always need a new form. Sometimes the evidence is already in your CRM, project management system, job files, emails, meeting notes, inspection records, complaints log, supplier reviews, HR records or software.
When updating your QMS for ISO 9001:2026, check what evidence you already create, how reliable it is, and how easy it is to find. Then, ask whether it shows the process was controlled and how decisions were made.
Instead of creating duplicate records for the sake of ISO, you can point to the records your organisation naturally uses. That said, natural evidence still needs control. It should be clear, accessible, protected, and retained where needed.
Build a sensible transition plan
You need a plan. Something you can use to track your progress and stay on track and within scope. That plan doesn’t have to be complicated. A sensible transition plan might include:
- Reviewing the final ISO 9001:2026 requirements once published
- Comparing them with your current QMS
- Identifying genuine gaps
- Prioritising changes by risk and business impact
- Updating processes with process owners
- Communicating changes to affected staff
- Training internal auditors
- Auditing the updated system
- Reviewing progress through management review
- Preparing for your transition audit
Although at the time of writing, ISO 9001:2026 hasn’t yet been officially released, it’s expected later this year. After it’s released, certified organisations are expected to have a transition period of up to three years to implement changes and schedule their transition audit.
The key is to avoid leaving everything until the end of the transition period. If you wait until your certification body tells you the deadline is approaching, you’ll have to rush the update. If, on the other hand, you start early, you can make changes steadily and use them to improve your business.
Prepare for ISO 9001:2026 updates with ISO QSL
The organisations that benefit most from ISO 9001:2026 won’t necessarily be the ones with the most documents. They’ll be the ones that use the update to build a clearer, stronger and more effective QMS.
And that’s where we come in. At ISO QSL, we’ll help you understand what ISO 9001:2026 means for your organisation and support you through a practical, manageable transition. Whether you need a gap analysis, internal audit support, documentation updates, staff training or wider QMS guidance, we’ll help you prepare. To learn more about how we support your business’s QMS and ISO certification, reach out today for an obligation-free consultation.