Podcast: What's changing in ISO standards and why it matters

Hello everyone, and to all our listeners worldwide, welcome to LRQA's Future in Focus podcast. My name’s Xavier Francis, and it’s my pleasure to host this episode. Today I’m joined by two very special returning guests: Stuart Kelly, Chief Commercial Officer at LRQA, and Kevin Franklin, LRQA’s Chief Product Officer. Glad to talk with you both today. Thank you for being here.

Thank you, it’s a pleasure to be here.

Thanks, X.

Today’s topic is Transition Talks: what’s changing in ISO standards and why it matters. Before we dive in, let’s first learn a little bit about our guests. Kevin, can you give me a bit of background about yourself?

Thanks, X. Yes, I’m Kevin Franklin, Chief Product Officer at LRQA. This topic is particularly close to my heart, especially ISO 14001, because I was lucky enough to be trained to that standard myself about 10 years ago. It’s very timely, given that was around the time of the last major update. I’m very much looking forward to this conversation.

Awesome. Stuart, how about you?

Great to be here. I’m Stuart Kelly, Chief Commercial Officer for LRQA. I’m especially interested in this topic—probably a bit too much—because I started my professional career just as ISO 9001 was first introduced. I’ve seen it grow into a living and breathing way of working for businesses globally. I now work with many global clients on their supply chain assurance and quality management programmes, helping to manage risk and protect their brand. These updates are highly relevant, and they reflect a shift in what the world expects from business in terms of both legal responsibilities and ethical standards. I’m excited to get into it.

Absolutely. I was reviewing some of the changes coming through, and it really feels like they’re aligning more closely with current global trends—especially with 14001 and 9001 evolving to the next level. We’re at the start of one of the most significant shifts in ISO standards in a decade. Three major standards are due for updates: ISO 14001, 9001 and 45001. Kevin, what’s behind this wave of updates?

It’s a great question. As you mentioned, this reflects a conscious shift towards aligning ISO frameworks with the world we live in today. We’re seeing more emphasis on the integration of advanced technology, data-driven decision-making and, crucially, sustainability at the core of management systems. These updates also recognise the need for greater organizational resilience and reposition ISO as a central tool in the sustainability conversation—something that wasn’t the case 10 years ago.

Stuart, what are you seeing in terms of what’s driving these changes?

It’s a broader comment, really. These standards have always evolved over time, and we should remind ourselves of why they exist—to set a minimum benchmark for quality and management systems. Once most organizations reach that benchmark, the standards need to move forward to reflect the next level of excellence. This is about continuing that journey, helping businesses improve how they manage quality and assurance, and adapt to a changing world. These updates are part of a natural cycle, and as the world evolves, so must the standards that support it.

Absolutely. It feels like they’re becoming more externally focused as well. Yes, they support the business, but there’s more emphasis on environmental and societal impact. Would you agree?

I’d look at it slightly differently. What may once have been seen as externalities are now being internalised. These updates are about embedding sustainability, resilience and long-term thinking into the heart of business strategy. For example, ISO 14001 now requires companies to evaluate climate change risks—not just for external compliance, but because climate change affects business continuity, investment, operations and profitability. The aim is to prepare companies to remain strong and viable in a rapidly changing environment.

Great take. So, ISO 14001 is the first of the updates on the horizon. Kevin, what stage are we at now?

ISO 14001:2026 is currently at the Draft International Standard stage—the DIS stage. It’s about 95% technically complete and is now out for review and voting by ISO member countries. If approved without further technical changes, we could see formal publication as soon as January 2026 or Q1 of that year. In the meantime, the draft is publicly available, so businesses can start preparing now.

What are some of the key themes in this update?

There are several. First is the continued push for harmonised structure across ISO standards—more consistency in terminology and format. Second, the 2024 climate change amendment is now fully integrated into the standard. This includes a stronger focus on biodiversity and a life cycle perspective within the environmental aspects section. There are also new expectations around leadership, external communication, enhanced planning and value chain engagement.

One important point is that the climate change annex requires businesses to assess whether climate change is a relevant issue for them. Auditors will need to confirm this assessment has been done, and if it is relevant, that it’s reflected in objectives, risk registers and operational controls. These are meaningful, impactful changes.

Stuart, any thoughts on that?

Yes, for me it’s about consolidation—bringing various regulatory pressures and global expectations into the quality framework. The changes are positive, but they’re significant. Standards need to keep pace with the wider world, and this update is helping them do exactly that.

Kevin, do these changes reflect regulatory shifts, stakeholder pressure or something else entirely?

All of the above. The standards acknowledge things like the EU Corporate Sustainability Reporting Directive, climate-related financial disclosure rules and SEC climate regulations. They also respond to investor pressure and consumer expectations. And beyond that, we’re seeing major influence from digital transformation—AI, IoT, real-time monitoring—being acknowledged in these standards. So yes, it's regulation, stakeholders and a broader shift in how businesses operate and compete.

Stuart, what do these evolving standards say about the expectations being placed on organizations today?

The bar has been raised. Many businesses initially adopted ISO standards because it was required by clients or to access certain markets. That was a strong starting point. But now the focus is shifting toward regulatory compliance, broader societal expectations and, crucially, outcome-based approaches. It’s no longer just about having a process in place—it’s about being able to show it’s delivering the right results, every day, not just at audit time.

Kevin, would you agree that we’re now in an era where businesses are being audited daily—not by auditors, but by the public?

Absolutely. In the past, regulators were the main source of accountability. Today, it could be anyone. An environmental breach could be picked up on social media and go viral before lunch. The speed at which information spreads and the ease with which people can access it means that businesses are now accountable 24/7. It’s critical they operate in a way that is always on, always aligned with their commitments.

So, in a way, it’s Christmas every day—no more packing away the decorations after the audit. You’ve got to live it every day.

Exactly. Standards like ISO 14001 are moving from periodic compliance checks to being embedded into daily operations. That’s the only way businesses will remain credible and resilient in today’s world.

Let’s shift now to ISO 45001—occupational health and safety. Kevin, where are we in the update process for this standard? I’m assuming it's a bit further behind than 9001?

Yes, you’re right. ISO 45001 is still in the early drafting phase. Initial technical discussions are ongoing, and if everything stays on track, we expect the Draft International Standard in 2026, with the final updated version published in 2027. So we’re a fair bit behind the updates to ISO 9001 and 14001.

This revision is expected to include topics such as worker wellbeing, psychosocial health, mental health, hybrid work patterns and even climate-related safety risks. It’s a very modern, forward-looking revision.

That does sound really interesting. Traditionally, 45001 has been about proactively preventing hazards and emergencies. But wellbeing goes even further—into things like happiness, fulfilment, mental resilience. That’s quite a shift.

Yes, it really is. I look at this through a slightly different lens. Earlier in my career, I worked extensively in health and safety. The standard was always about physical protection—avoiding major injuries and assuring others that systems were in place.

But today, businesses need to go further. They need to ensure they can continue delivering effectively in modern conditions. That includes considering mental health, hybrid and remote work models, and the full spectrum of modern safety risks.

For example, years ago we introduced display screen equipment rules. Most employees didn’t meet the definition of a “user.” But now, the vast majority spend their entire working day in front of a screen. That’s just one simple example of how much has changed—and why the standard must adapt.

So for businesses, this is about going beyond the minimum. It’s not just safety—it’s resilience and readiness.

Exactly. It’s about demonstrating that you’ve thought through the risks of today’s working world—and put policies and procedures in place to support your people. That includes isolated workers, hybrid teams, multigenerational workforces and more.

There’s a huge opportunity for early adopters to show that they genuinely care about their workforce and are building sustainable, responsible, high-performing businesses. It’s a major point of differentiation.

Kevin, anything to add to that?

Yes—and to ground this in specifics, these changes matter because current definitions of safety don’t always capture the full reality. Psychosocial and mental health risks, hybrid and remote work, digital fatigue, decentralised supervision—all of these are becoming material concerns.

Similarly, the gig economy is growing rapidly, and it presents non-traditional risks that were never included in earlier versions of these standards. And climate-related safety issues—extreme weather events or rising temperatures—are increasingly relevant too.

Including these topics in the revised standard will help businesses identify them, label them and address them in a structured way. That supports better recruitment, retention and employee engagement. People want to work for companies that care about their wellbeing, and this update helps businesses prove that.

Absolutely. And linking back to ISO 9001 for a second—if your business needs to pivot quickly, your workforce needs to come with you. That kind of change can create stress, confusion and uncertainty, which makes wellbeing even more important.

Right. Change brings risk, not just operationally but emotionally for people. If you’re asking employees to be agile and adapt quickly, you need to support them. And that support is part of what ISO 45001 is evolving to address.

Stuart, let’s touch on risks and opportunities specifically. Anything you’d add on that for ISO 45001?

Yes—again, the message is similar to the other standards. Early adoption brings significant advantage. Organizations that embrace the updates will be better positioned to attract and retain top talent, adapt to change and deliver consistent performance.

But there’s also a risk if businesses ignore the changes. We’re in an era where people make informed choices about who they work for. The younger generations entering the workforce are more values-driven and are quick to walk away if they don’t feel supported.

So businesses that fail to evolve could struggle to attract or keep the people they need. That’s a very real operational risk, and one that could hurt your reputation as well.

Great point. And it’s so true—people today care about where they work and why. That expectation of purpose, care and value alignment is no longer a “nice to have.”

Exactly. The pandemic made people reevaluate what matters. Many realised they only get one life, and they want their work to reflect their values. They’re making decisions with that in mind, and standards like 45001 help businesses show they’re aligned with those expectations.

Kevin, anything else you’d add?

Just that this is about evolving what we mean by safety. It’s not only about physical protection anymore—it’s about psychological wellbeing, workforce engagement and the ability to operate sustainably in a fast-changing world.

Businesses that understand and embrace that will be stronger for it.

As we near the end here, let’s zoom out. Are these standard updates finally catching up to the ESG and sustainability conversation? Or even going further?

Yes, and they’re accelerating. In the past, critics have said ISO standards were too slow, too bureaucratic and too focused on paperwork. Many businesses built their own internal frameworks that went far beyond what ISO required.

But these latest updates are different. They’re not just catching up—they’re issuing a bold challenge to business. They’re saying: this is the new baseline. This is what resilient, modern, sustainable businesses look like. And if you’re not evolving with them, you’re falling behind.

Stuart, your thoughts?

I completely agree. In the past, revisions have sometimes been reactive—playing catch-up. But this time, they feel more like a proactive attempt to future-proof both the standards and the businesses that use them. That’s a very positive development.

So here we are, mid-2025. We’re just at the beginning of this transition across all three standards. What should clients be doing now to prepare—so they don’t end up scrambling in 2026?

Early engagement is absolutely critical. These aren’t small updates—they’re significant changes that will shape your business strategy, operations and risk profile.

Start by educating yourself and your teams. Do the training. Attend webinars. Work with your assurance provider to understand what’s coming. Then do a thorough gap assessment so you have time to make real changes—not just surface-level adjustments.

And if they want to future-proof rather than just stay compliant?

The key is to stop thinking of standards as a certificate or a badge—and start thinking of them as strategic tools. Align them with your business goals, integrate them into daily operations and use them to drive better outcomes.

And don’t be afraid to embrace data and technology. Businesses that invest in intelligence, insights and real-time monitoring will be far better prepared than those who don’t.

Brilliant. So how can LRQA help clients through all of this?

We’ve launched the NST Club—New Standards Transition Club—for both existing clients and anyone exploring certification for the first time. It’s free to join and includes updates, timelines, guidance and briefings to help you stay ahead.

Members get access to training at preferential rates, early visibility of changes and support with planning assessments. So my recommendation: join the club, stay informed and don’t leave this to the last minute.

Also, reach out to your LRQA auditor or account manager—we’re here to help. That’s our job, and we take it seriously.

Kevin, final thought from you?

The risks are clear. The opportunities are real. So just do it—get ahead, embrace the change and use it to make your business stronger.

Thank you both. This has been a fantastic conversation. I love discussions where we can look at the details, but also connect the dots and see the big picture. These aren’t isolated changes—they’re part of a broader evolution in how business is done. Thank you both again.

Anytime. Thank you, X.

Thanks, X. And thank you, Stuart.

And finally, just a reminder to our listeners: you can visit our Spotify homepage to hear more episodes and stay up to date on future releases. To learn more about LRQA’s New Standards Transition Club, visit www.lrqa.com. You’ve been listening to the LRQA Future in Focus podcast. Thanks for joining us, and we hope to see you again soon.