smartly dressed man in an office working on a laptop looking at whats coming up in 2025 in terms of ISO updates
General

ISO’s Year Ahead: Exciting Updates for 2025 and Beyond

Published: January 16, 2025
smartly dressed man in an office working on a laptop looking at whats coming up in 2025 in terms of ISO updates
General

The world of ISO standards is set for exciting changes in 2025 and beyond, with updates to several key standards that impact industries worldwide.

2024 was a big year for ISO, especially with the appointment of Filiz Elmas-Arslan, Head of Strategic Development for Artificial Intelligence (AI) at DIN, as an ISO Fellow. This appointment is about driving forward international AI standardisation, which will likely lead to a bigger focus on ISO’s standards related to managing AI risks (such as ISO/IEC 42001:2023), integrating these standards into the wider landscape of management systems and risk standards.

In addition, we’ve seen a stronger focus on Environmental, Social, and Governance (ESG) principles. In February 2024, updates around climate change were introduced to management systems standards (MSS), and ISO continues to grow their focus on Environmental, Social and Governance (ESG) principles. This focus is reflected in the release of IWA 48:2024 – Framework for implementing ESG principles.  

Looking ahead, ISO 9001, ISO 45001, ISO 31000, and ISO 22000 have started their review processes, but they’re all at different stages of development. ISO 14001 will see some amendments, though it won’t undergo a complete revision. On the flip side, ISO/IEC 27001 and ISO 22301 aren’t currently under review, but their respective technical committees are actively working on multiple projects related to these standards.


ISO 9001 – Quality management systems

The review of ISO 9001 is ongoing, currently at the committee draft (CD) stage. Initially, the revised standard was expected to be released by December 2025, but due to some changes in the Working Group and extensive discussions, it has been pushed back to an anticipated date of September 2026.

Here’s what we’re expecting:

  • Additional requirements related to climate change are expected to be incorporated, continuing the work started with the February 2024 amendment.
  • Updates will reflect changes to the Harmonised Structure for MSS and results from ISO’s 2020 Customer Survey.
  • We’re expecting CD2 in early 2025 for more review, with the Draft International Standard (DIS) likely coming in July 2025. Review and discussion are expected through to March 2026, with the Final DIS (FDIS) released in April 2026 with discussion and voting expected until June 2026. 
  • The update isn’t expected to be a major rewrite of ISO 9001 but aims to adapt it to the current business environment. Key areas of focus will include organisational resilience, supply chain management, change management, sustainability, product quality, and delivery reliability. More guidance will be provided on risk and opportunity management (clause 6.1), organisational knowledge (clause 7.1.6), and planning of changes (clause 6.3).
  • The revisions will also consider the UN’s Sustainable Development Goals (SDGs) and ISO’s commitments to embed these into their standards, which are outlined in ISO/UNDP PAS 53002:2024.

ISO 14001 – Environmental management systems

With the growing importance of ESG, ISO 14001 is being reviewed for a significant amendment (AMD 2), likely arriving in late 2025. While the changes will be considered an amendment rather than a full revision, they will still be quite substantial.

Here’s a preview:

  • Expect a stronger focus on adopting a life cycle perspective when identifying and assessing an organisation’s aspects and associated impacts. We expect the language will shift from “consider a life cycle perspective” to something more directive.
  • There will also be a deeper focus on greenhouse gas emissions and climate change adaptation, although it won’t go as far as ISO 14090 – Adaptation to Climate Change.
  • ISO 14001 will align more closely with the revised Harmonised Structure, including the addition of clause 6.3 Planning of Changes to ensure management system changes are properly managed and that they consider how to maintain the integrity of the management system, the availability of resources for the change, and the allocation or reallocation of responsibilities and authorities to ensure that changes are carried out effectively. 
  • Terminology updates are coming too, such as replacing “outsourcing” with “externally provided,” further aligning ISO 14001 with ISO 9001.

 

UPDATE – ISO released the draft amendments on 4 February 2025, introducing several key changes:

  • Updates to the introductory sections clarify the standard’s intent and emphasise the growing importance of effective environmental management in influencing other operational areas, such as financial performance and health and safety objectives.
  • Restructuring of Clause 6.1 (Actions to address risks and opportunities): Provides additional clarification on identifying and assessing risks and opportunities affecting the EMS, their relation to environmental aspects and impacts, and the environmental impact of emergency situations. A new draft note in Clause 6.1.2 (Environmental aspects) offers further guidance on considering a life cycle perspective.
  • New Clause 6.1.4 (Risks and opportunities): Requirements previously in Clause 6.1.1 are now moved here. Additionally, Clause 6.1.4 (Planning action) is renumbered as Clause 6.1.5.
  • Addition of Clause 6.3 (Planning and managing changes): Aligns with the harmonised structure and guides organisations in implementing EMS changes in a planned manner.
  • Restructure of Clause 9.3 (Management review): Now includes distinct clauses for management review inputs (9.3.2) and management review outputs (9.3.3).
  • Restructure of Clause 10:
    • Clause 10.2 (Nonconformity and corrective action) becomes Clause 10.1.
    • Clause 10.3 (Continual improvement) becomes Clause 10.2, incorporating some requirements from the original Clause 10.1.
  • Language adjustments: The majority of changes in the draft amendment relate to small changes in language, such as:
    • “Maintained as documented information” is now “be available as documented information.”
    • “Fulfil its compliance obligations” is now “meet its compliance obligations.”

Additional refinements are included to enhance clarity and consistency throughout the standard.

The draft is open for comments until 28 April 2025. 


ISO 45001 – Occupational Health and Safety management systems

An approved proposal to revise ISO 45001 is in the early drafting stages by the Technical Committee. While specific details are scarce, the revision may include:  

  • Updates to align with the revised Harmonised Structure, especially incorporating the ‘Planning of Changes’ clause (6.3). This change, similar to the update to ISO 14001, will require organisations to ensure that changes to the management system are implemented in a planned and controlled manner and that they consider how to maintain the integrity of the management system, the availability of resources for the change, and the allocation or reallocation of responsibilities and authorities to ensure that changes are carried out effectively. This is different to ISO 45001:2018’s clause 8.1.4 Management of change, which focuses more on changes to the organisation’s operations that do or may impact the health and safety of workers. 
  • Changes in terminology, including potentially shifting from “outsourcing” to “externally provided” and updating clause 6.1.3 from “Legal requirements and other requirements” to “compliance obligations” to align ISO 45001 with other MSS.
  • There may be further updates regarding risk and opportunities, as well as change management to clarify the intent of each of these clauses.
  • Another area of potential focus includes the calibration of monitoring and measuring equipment, which have minimal specification in ISO 45001:2018’s Monitoring, measurement, analysis and evaluation clause (clause 9.1). While this has not been confirmed by the Technical Committee, we expect it may align more with the level of detail included within ISO 9001’s clause 7.1.5 Monitoring and measuring resources.
  • We may also see further updates to ISO’s commitments in relation to the UN SDGs. This may include additional requirements for organisations to consider the health and safety implications of climate change related matters on their workers, such as the impacts of rising temperature or weather events (also, see updates on ISO/AWI PAS 45007 below). 
  • There also may be increased requirements in the revision on psychological health and safety and the management of psychosocial risks, incorporating some of the guidance already provided in ISO 45003 to a Type A or certifiable standard. This may also include additional consideration of diversity characteristics, aligned with ISO’s further commitments around diversity and inclusion, and the ability of health and safety management systems to improve health and wellbeing, rather than focusing primarily on harm minimisation.

    The full release of ISO 45001’s updated version is not expected until at least late 2027.

    Other updates to standards in the 45000 series include:

    • ISO/AWI PAS 45007 – Occupational Health and Safety Management – OH&S risks from climate change and climate action is in the early stages of development. A new project has been registered to create a working draft of the standard for further review, development, and discussion by the technical committee and working group. The standard is expected to provide guidance to organisations for assessing and managing the risks associated with climate change to workers. 
    • ISO/WD 45008.2 – Occupational health and safety management – Guidelines for remote working has had its second working draft study initiated and is open to comments from the working group and technical committee. The standard is intended to provide guidance for organisations with remote workers to promote their health and safety, as well as work-life balance. It is intended for those workers that perform remote work on a recurring basis (e.g., fly in fly out workers, sustained work from home arrangements, etc.), rather than ad hoc offsite work or business trips.
    • ISO/CD 45010 – Menstruation, menstrual health, and menopause in the workplace Guidance is currently at the committee draft stage, with comments on the current CD having closed in November 2024. The standard will provide guidance on developing policies and practices that are supportive of the menstruation, menstrual health and peri/menopause experiences of employees in the workplace. If the comments from the previous round are accepted by the working group, the CD should be approved for registration as a DIS and continue development. 

    There are no currently published release timeframes for these three standards from ISO. 


    ISO 22301 – Business Continuity management systems

    Since ISO 22301 Security and resilience – Business Continuity management systems – Requirements was most recently revised in 2019, no further update or revision has been announced. However, the security and resilience technical committee (ISO/TC 292) is developing supporting standards and guidelines in the 22300 series which are at different stages, from an approved work item through to draft international standards. Here’s some of what’s in the pipeline:


    ISO/IEC 27001 – Information Security management systems

    Having been updated in 2022, ISO/IEC 27001 is the most recently updated standard we regularly train in. There are no current announcements for a revision of ISO/IEC 27001, beyond the climate change amendment in February 2024. Typically, following the release of a standard, its next review will be in 5 years, so we expect that the earliest that ISO/IEC 27001 will enter its next formal review period will be in late 2027. 

    This doesn’t mean that the technical committee (ISO/IEC JTC 1/SC27) will just be twiddling their thumbs until the review! They’re an extremely active technical committee, and currently have almost 70 standards and guidelines in various stages of development. Many of the standards are very technical in nature or relate to specific information security controls, and we certainly won’t list them all here, but some of the key ones in development include: 


    ISO 22000 – Food Safety management systems

    A work item has been approved to review and revise ISO 22000, with ISO/AWI 22000. Little is currently known about this revision; however, it will likely align its terminology and requirements with the revised Harmonised Structure. There have been updates in recent years to the Codex Alimentarius, published by the Food and Agriculture Organisation and Work Health Organisation of the United Nations which have increased the focus on an organisation’s food safety culture, so we may see these updates also reflected in ISO/AWI 22000. 

    Additional standards for food safety overseen by ISO/TC 34/SC 17 are also under review and at the Draft International Standard stage and include the various standards which provide guidance on prerequisite programmes on food safety, including for food manufacturing, catering, food packaging manufacturing, transport and storage, feed and animal food production, retail and wholesale, and requirements common for food, feed, and packaging supply chain. Further updates are expected to bring ISO 22000 in line with evolving global food safety trends, including a stronger focus on food safety culture.


    ISO 31000 – Risk Management

    When ISO 31000 was reviewed in 2023, it was confirmed at the time there was no plan to review or revise the standard. However, ISO revised this decision in October 2024 and have approved a work programme for the technical committee to commence a review and update of ISO 31000 with ISO/AWI 31000. There is no known timeframe for when we should expect the update to ISO 31000 to be released, however given how early it is in development, a release before late 2027 is unlikely.  

    An important distinction between ISO 31000 and the MSS discussed above is that ISO 31000 does not provide requirements for a risk management system, but rather guidance on the principles, framework, and processes needed to manage risk that can be embedded and integrated within other management systems, and so it is not aligned with the Harmonised Structure. 


    And that’s a wrap!

    The world of standards is evolving rapidly. ISO has plenty on their agenda for 2025 (and beyond) to ensure they stay up to date with advancements both in technology and society. Stay tuned for further updates as the revisions and new standards become closer to being published.

    Let us know which updates you’re most excited about, and if you want to get ahead of the curve, enrol in our training today!


    The ISO Standard Review Process infographic

    The ISO standards review is typically a 7-step process:  

    1. Preliminary stage: Determines whether a revision or review of the standard is required
    2. Proposal Stage (AWI – Approved Work Item): A new standard or revision proposal is approved, and work officially begins.
    3. Preparatory Stage (WD – Working Draft): Initial drafts are prepared by the working group, which includes experts from relevant industries.
    4. Committee Stage (CD – Committee Draft): The draft is reviewed by the committee members, and feedback is collected to refine the standard.
    5. Enquiry Stage (DIS – Draft International Standard): The refined draft is shared for public enquiry, allowing ISO members to comment and vote.
    6. Approval Stage (FDIS – Final Draft International Standard): The final draft is prepared after addressing all comments from the DIS stage. It undergoes a final vote.
    7. Publication Stage: The standard is published as an official ISO standard after successful approval.

    Glossary:

    • AWI (Approved Work Item): The stage where a new standard or revision proposal is formally approved.
    • WD (Working Draft): The initial drafts developed by the working group.
    • CD (Committee Draft): A version reviewed by the committee, open for comments.
    • DIS (Draft International Standard): A draft available for public comment and voting.
    • FDIS (Final Draft International Standard): The final draft prepared for the last voting round before publication.

    This article was updated on 5 February to include the key changes outlined in ISO 14001:2015/DAmd 2.

    Back to Insights

    “The virtual classroom coupled with an enthusiastic trainer made the course easy to run through and as good as any face to face courses I have ever attended.”

    It was evident that the trainer had significant industry related experience in auditing. They were able to reinforce learnings and keep us interested by integrating their experiences into the course with relevant and engaging real world examples.

    Course was enjoyable and I like the fact that we’re given a copy of the each of the Standards!

    Honestly thought it was gonna be boring. I was very wrong! Very engaging and informative. Loved all 5 days and will be back for more courses!

    Really enjoyed the training. What could be a very stale topic was delivered in a very engaging and detailed way. I particularly enjoyed the conversational delivery of the content and the practical activities were challenging and well presented. The catering was great too.

    Need help finding a course?

    Speak directly with a member of the RTP team to decide which course is right for you.

    ×
    Menu