The most practical time is to make the transition coincide with your recertification, since your system will be fully vetted by then anyway. Although you have approximately until the third quarter of 2029 to make the transition, it's wise to conduct a gap analysis now so you don't find yourself under pressure at the last minute.
Yes, this is possible, but always consult with your certification body beforehand. They determine whether additional steps or time are needed for the transition. In previous standards changes, this was a common routine.
Certainly not. Just build your system based on the current ISO 9001:2015 standard. Everything you set up now will remain immediately usable and provide a solid, future-proof basis for the update to the 2026 version.
No, they don't have to – but they should no longer be separate worlds and should be well connected. The standard requires quality to be an integral part of your operations. You can achieve this by having your quality policy refer to your strategic goals, or by including your quality goals in a ‘Quality’-section in your annual plan. You can also integrate the management review into your regular business cycle – for example, as a fixed agenda item during your quarterly meetings with management. The goal is for the policy to ‘live’ rather than sit in a drawer until the next audit.
This is one of the issues many organizations struggle with, because you can't simply prove it with a document. An auditor will have conversations with teams during the audit to test whether the vision is really supported. You prove this with actions: onboarding programs, awareness sessions, and measuring behavior.
Although ethics is partly subjective, you can make it very concrete. It's about showing how you safeguard important values. Consider a clear code of conduct, transparency to customers when something goes wrong, and a safe organizational culture where reporting mistakes is allowed.
Only partially. ISO 27001 focuses on information security, while ISO 9001:2026 looks more broadly. You have to think about the impact of technology on your processes, your competitive position, and the relationship with your customers.
No, you can still exclude this particular paragraph (clause 8.3) if it does not apply. However, it is now broader in scope and more applicable to service delivery and agile practices. So look at it critically; it might be more relevant to your organization now than before – even if you don't have an R&D department.
The line from the previous revision continues: it's not about the amount of paper, but about traceability. Information must be traceable as proof, but the format is less important than the demonstrability of your processes.
AI is a great tool to save time when drafting texts, procedures, or a first draft of a gap analysis. But beware: when it comes down to the essence of the new standard – leadership, ethical behavior, the quality culture, and how your people think and act – AI cannot replace you. An auditor does not want to know if your documents are correct; he wants to see that quality awareness is in the minds and hearts of your employees. The evidence for that must come from your organization, not from a language model.
If you don't want to wait for implementation to read the updated standard, use the current Draft International Standard (DIS) via ISO.org or NEN.nl to study the new text already in outline . Although details may still change, the direction of the new standard is already firmly established.
Note: to read the draft international standard of the ISO 9001:2026 standard, you do have to pay a fee of €79.