The year 2025 is set to be a significant year for businesses for many different reasons but one of the most notable is the fact that two of the most widely used ISO standards are going to receive major amendments, affecting the certification process in various ways.

The centerpiece of Quality Management Systems, ISO 9001:2015, has not been updated in a decade, having been left unamended in 2021.

However, work is being undertaken to develop a revision to the extremely popular and globally recognised standard, and given that the update has been delayed to September 2026, these updates are set to be highly significant.

Meanwhile, the updates to the Environment Management Systems standard ISO 14001:2015 are set to be completed in October 2025, and given that the updates are primarily about clarifying key environmental requirements, this is expected to be completed on time.

What Might Be In The New ISO 9001 Standard?

There has been, as one might expect, a lot of speculation about not only a revision to ISO 9001:2015, but also one of such a scale that it has been delayed, and whilst the drafts are inaccessible to anyone who is not a committee member, there have been some ‘hints’ about the potential direction that the standard is going in.

These are likely to include:

• A greater focus on digital transformation, factoring in the variety in digital space in business compared to 2015. This could include how digital quality management, automation and data security are applied to Quality Management Systems.
• An expanded focus and improved clarification on the risk-based approach initially defined in 2015, shifting to a more proactive exploration of risks and opportunities.
• A stricter focus on environmental sustainability, which would bring it in closer alignment with the ISO 14000 series of standards.
• A greater focus on supply chain resilience, particularly after four years of a wide range of disruptions that have particularly affected the “just in time” model.
• An emphasis on using customer feedback to drive continuous improvements in line with their needs and expectations.
• A mix of data-driven and employee-focused engagement to encourage continual improvement within the organisation.

What Is Likely To Be In The New ISO 14001 Standard?

There has been much more detail revealed about the new ISO 14001 standard, in no small part because the primary focus is on clarification rather than foundational changes.

According to ISO themselves, the main themes that are to be explored, although this does not necessarily mean they will be changed, are:

• An increased focus on the ‘life cycle’ perspective, further exploring environmental risks such as carbon release, from raw material acquisition to final disposal.
• Alignment of business protocols and strategy, which ties in with some of the potential changes to ISO 9001:2015.
• Highlighting specific technical topics such as water security, waste management and climate change.
• ‘External Reporting’ requirements to ensure compliance via independent auditors.
• A broader focus on identification and analysis of risks and opportunities, similar to the ISO 9001:2015 approach.
• Encouragement of environmental responsibility, with engagement and buy-in at all levels within the organisation.
• Ensuring legal compliance not only within the organisation but also the supply chain and through any outsourced process.

This work started in 2023 with an expected completion date of October 2024, although there is the potential for this timeline to be extended.

With the COP 29 conference taking place this month in Baku, the capital of Azerbaijan, politicians and business leaders will express all sorts of hopes for new deals and action to help reduce greenhouse emissions and make the world more sustainable. The event’s slogan is “Investing in a liveable planet for all”.

However, cynics will say we have heard it all before. When COP 26 took place in Glasgow in 2021, some of the loudest voices were from campaigners outside the building like Greta Thunberg, who had made clear her views at a youth climate conference in Milan earlier that year when she famously described the rhetoric of world leaders as “blah blah blah”.

In between the scepticism of Greta and the optimism of those who see progress in various carbon-cutting agreements like reduced coal use, there is the practical reality that governments alone cannot do it all. A great many steps can be taken by businesses making authentic efforts to be greener.

However, companies can face cynicism and doubt too, with accusations of ‘greenwashing’ never far away. When this can be proven, such as a firm making claims that can be demonstrated to be false, this can lead to reputational damage.

This is where companies who not only comply with the regulations but also have a commitment to improvements through a robust environmental management system (EMS) can benefit from gaining certification to show they have done this. That is what ISO 14001 certification provides.

A central feature of ISO 14001 is that it doesn’t just acknowledge the efforts a company has made, but provides a framework for getting to the point where it has effective EMS in place, by showing the way to design the EMS and therefore meet its targets of cutting emissions and taking other steps to improve environmental performance.

These steps can include working with stakeholders on common goals, preserving and improving habitats to uphold biodiversity, more efficient use of resources, avoiding pollution and cutting energy waste. Many of these could come with cost benefits for your firm, such as lower energy bills.

Indeed, it can help steer your company in a direction where it can build partnerships and trading agreements with other companies committed to green principles, who will know from your certification that they can trust you and work with you. This can then be the catalyst for your company to enjoy sustainable growth.

Further benefits can come from highlighting the certification to ensure customers have confidence in you and your public reputation can grow as a result.

Over in Baku, politicians and diplomats will negotiate, critics will ask why the event is being held in an oil-producing state and those whose interests are still tied to fossil fuels will lobby as hard as the green campaigners.

What will not happen, of course, is any government getting its own equivalent ISO 14001. Instead, each will make a presentation on their work to meet the Paris 2015 climate targets, and the event will attempt to update this.

The result may provide more fudge than a sweet factory, which is why cynics will have much to question. But while governments may take a lot of flak, companies can protect themselves against that and also take tangible action to raise their environmental game through ISO 14001 certification.

The idea of business continuity is something that means different things to different people. There was a time when it would mostly relate to the physical premises of a company, where work could be disrupted by a major calamity, such as a fire, flood, major power outage, or terrorist attack. However, in a more interconnected world, it now extends to the online realm.

Many an organisation can face genuine threats from hackers and other cybercriminals, who may use denial-of-service attacks or malware to prevent a firm’s operations from functioning. But sometimes it can come from an internal problem, such as a software glitch.

The latter issue occurred in July this year when software firm Crowdstrike attempted a new software upload on Microsoft systems and a software bug led to massive IT outages across the globe, impacting everything from airports to banks and healthcare systems.

Such issues highlight the need for organisations to have back-up systems in place to achieve business continuity even in the face of calamity.

Whether that is about having alternative premises to work in, the ability to switch to remote working (something most firms developed the capacity to do during the pandemic lockdowns if they hadn’t already), or back-up IT systems, the best-prepared firms will be able to maintain their work, providing a better service and increasing client confidence as a result.

An ISO 22301 is a certification that shows you have met the international standard for business continuity management systems.

The purpose of attaining it is to demonstrate that you have measures in place that offer a reliable contingency when disaster strikes. In addition, it shows that you have taken clear steps to make such problems less likely to occur in the first place.

For example, when it comes to your IT systems, it could involve having strong cyber security systems and practices that make it less likely you will fall victim to cybercrime and suffer a loss of system functions as a result, as well as having measures to get your system back up and running swiftly if problems do occur.

The benefits of this are not just about being resilient in a crisis. It also means you will benefit from having a clear systemic approach to dealing with a challenging situation, so that when problems arise, you and your staff will know exactly what to do, while having better processes for managing risk.

When you have all this in place, it will increase confidence among everyone who matters, from your colleagues who can get on with their work to company shareholders who will be pleased to see earnings are not badly impacted by disruption, not to mention your clients to whom you can continue to provide a service when others might not have done.

This means the benefits of attaining an ISO 22301 are twofold. Firstly, the very act of qualifying for one means you will have established strong means of maintaining business continuity, which will benefit your business when it needs to weather the storm (sometimes literally). Secondly, having it increases the confidence others have in you.

This is why it makes sense to start working towards ISO 22301 certification today.

Most firms will want to show their clients and customers that they are recognised as being competent and indeed excellent at what they do. Look at any company website and you will see them displaying their awards, accreditation kitemarks and memberships of trade bodies like an old soldier displays his medals.

There are some trades where certification is essential, such as Gas Safe Register membership for firms and their employees that are involved in work on gas appliances, which is required by law.

However, ISO certification is more about demonstrating standards and control than mandatory attainment of a standard to be allowed to practise.

Nonetheless, ISO certification is very much worth having, because it does provide an internationally recognised measurement of competence and standards. However, it is useful to understand the difference between certification and accreditation.

The simplest point to understand is that when it comes to ISO standards, accreditation is not something the companies being certificated attain. Rather, it applies to the bodies and organisations that can issue the certificates, which in this case includes ourselves at ISO-Cert Online.

While this accreditation is not itself a mandatory thing for certificate-issuing bodies, many organisations, such as government departments and other companies, will require that the certificate has come from an accredited body. That is the main reason why we are accredited, as that brings more benefits for you in terms of recognition.

Accreditation is also a matter of process, of course. Accreditation for individuals, for instance, comes from undertaking and passing courses to be able to practise, be they doctors, lawyers, or gas engineers. In the case of ISO certification, this is awarded based on a company demonstrating they are compliant with the requirements of their industry.

Consequently, the path to becoming certificated is a different one to accreditation. It is not about training and passing exams, a process by which you would be learning and gaining experience as you work your way up towards a particular standard. Rather, it is about being rigorously assessed to establish if your current practices meet the required standard.

This assessment, therefore, is about where you are at, not a standard you are working towards.

Of course, there is a possible scenario in which the audit shows that you have fallen short of the ISO standard you need to demonstrate to achieve certification. In that event, we would of course let you know why, and you can seek to address these issues before being assessed again.

That may be analogous to retaking an exam, except that in this case you know what the answers are. It is about whether you can achieve and demonstrate the required standard. 

Of course, the assessment will be a thorough one, but that is something you should welcome. Because ISO certificates are not simply given out to anyone who wants one, your clients and customers can be assured that they are dealing with a company that has demonstrated standards that they can trust. Add in our accreditation and that trust will be all the greater.

When many businesses think about ISO, they are typically looking for an accredited body to provide them with ISO 9001 certification. 

They want to be certified either as a condition for a particular client, as part of a reorganisation or simply to add value to the business by celebrating a system that they have either already implemented or are in the process of implementing.

There are a lot of motivations to receive certification, but it can sometimes be easy to miss what that standardisation represents and ultimately why it matters within a business and to other businesses.

An answer to both of these questions comes, somewhat unusually, from another critical part of many businesses: a cup of tea.

How Can You Standardise Tea?

There is perhaps no singular beverage that has so many variations and preferences as tea, as whilst the basic process of steeping tea leaves in water is universal, every other element from the blend to the use of teabags and the addition of milk and sugar is a matter of fierce and intense debate.

However, ISO 3103:2019 (formerly BS 6008:1980) describes a standard method of brewing and serving tea that will produce consistent results every time.

It describes two testing pots (310 ml or 150 ml) with loosely fitting lids as well as two testing bowls (380 ml and 200 ml). Both the pots and bowls are made of white porcelain (or white glazed earthenware), with a partly serrated edge.

For every 100 ml of water that will be added to the pot, 2g of tea is also placed within the pot, before that measured amount of freshly boiled water (described as similar to nearby drinking water) is added.

The tea is then brewed for six minutes before being poured into the bowl, with 5ml (or 2.5ml for a smaller bowl) milk added beforehand (although alternative suggestions are made for adding milk after).

Why Standardise Tea?

The resulting standard won an Ig Nobel Prize and serves as a perfect example of how standards can often be misinterpreted as a prescriptive method towards a platonic ideal for the object, method or system being standardised.

However, this somewhat misses the point, as ISO 3103:2019 is not intended to make the best cup of tea or a “perfect” cup of tea by the standards of a tea drinker, but is instead intended to create a standard cup of tea that is relatively easily reproducible.

The reason for this is the same reason why no specific type or blend of tea is described in the standard. It is designed for tea tasting and for making sensory comparisons.

Many criticisms of the process, such as no prewarming of the pot, a brewing time that is relatively lengthy compared to the typical three-minute brewing times used when brewing a tea bag, and pouring milk in before tea largely misses the point.

These are not cups that are made to be enjoyed, but ones that create a benchmark for meaningful analysis and studies, such as taste testing or quality control.

On that same token, ISO certification means adopting a universal set of standards and protocols so that other businesses and customers understand how an order is managed by your company.

Companies of all shapes, sizes and scales have expressed an interest in receiving ISO certification, even though it is not a strict business need per se to do so.

There are a lot of benefits to organising your business and running under ISO 9001:2015 quality management standards and practices, but whilst being certified by an accredited company brings with it a wide range of benefits, there is no regulatory or legal requirement to do so.

However, there might be some occasions where an ISO 9001 certificate becomes an effective necessity due to business requirements, rather than a system that allows a company to opt-in to more long-term benefits.

A Prerequisite To Close A Deal

One of the main reasons why companies are interested in ISO 9001, particularly if they want to get certified quickly, is because they need it to meet the prerequisite of a company or government tender.

Many larger businesses who work with a network of smaller suppliers have prerequisites before they allow a business to work with them, and whilst this will naturally vary by market sector and particular need, one of the most common requirements is ISO 9001 certification.

Many government agencies have replaced bespoke standards with one based on ISO 9001 because it allows for a more streamlined approach to tenders and enables these companies to focus on the more specific aspects of a tender application.

Getting certified, therefore, becomes a requirement for many businesses that work closely with government agencies.

This may be the catalyst for getting certified, but it is also an opportunity to make sustained, effective and long-term changes to the business that provides far more than an immediate gain.

Open For International Business

When working with international clients, there is a need for a universal language mutually understood by both parties, which in many cases involves the use of mutually understood and referenced standards.

One of the biggest benefits of ISO standards in general, but particularly ISO 9001, is that they are universal; to date, 167 countries have national ISO members, which means that the standard is understood and recognised practically anywhere you might do business.

This makes an ISO 9001 certificate an effective requirement when doing business overseas, as it means that a company knows that your business is focused on quality management in a way that is universally understood and can therefore focus on what your company brings to the table.

Get The Best Employees

Typically, when businesses talk about ISO 9001 as a requirement, they are generally referring to the needs of customers. However, it can also be an important tool for improving recruitment, with the right candidates knowing how the quality management standard can help them personally and professionally.

One of the key requirements of ISO 9001 concerns employee management and job expectations.

Having a clear set of quality objectives, procedures, instructions and process metrics allows for a culture of constant feedback and improvement, with an emphasis on constantly learning and developing.

Many employees who would be perfect for your corporate culture will see the standard as one that prioritises them and how they can contribute to the goals of the organisation.

When businesses are interested in ISO certification, the fastest way to achieve this is through a dedicated online service that will help them meet the necessary quality management standards.

When businesses are looking for certification, they are typically thinking about the ISO 9000 family, which is a set of five quality management systems (QMS) that ensure that businesses are meeting their regulatory responsibilities, whilst also ensuring they are keeping up with the demands of customers and stakeholders alike.

Of the five ISO 9000 QMS standards, the one that most companies are looking for is ISO 9001:2015, often known simply as “ISO 9001”, “ISO 9000” or even simply “ISO”.

The standard itself is based around a 30-page set of requirements but its fundamental focus is based on seven quality management principles (QMP) which form or at least should form a foundation for how a business is managed and operated.

Here are the seven and why they matter.

Customer Focus

The first QMP standard is perhaps the most obvious one. As the late entrepreneur and businessman Jack Tramiel put it, businesses are there to serve the customer.

Without customers, businesses simply cannot exist, and with that in mind, companies focused on ISO 9001 should be mindful not only of customer needs right now but the future of their needs in the future.

The priority should be to meet the standards of the customer and serve them, ensuring that the customer’s expectations are understood so they can be delivered upon effectively and efficiently.

Leadership

One of the most critical and misunderstood aspects of many businesses is structure, hierarchy and leadership, as well as the role of leaders in organisations of varying scales.

Leaders need to be the ones to form and shape a united direction and purpose of any organisation and be able to lead a wide range of disparate teams in the same direction to achieve the overarching mission of the company.

Engagement Of People

Companies are ultimately collectives of diverse, skilled individuals, and ultimately no company succeeds without people who are able to do the job they are employed to, are empowered and recognised for their abilities, and buy into the overall goals of the organisation.

Without people on board, you do not have a company.

Process Approach

Business activities are typically a series of interrelated processes that work together to create an overall system, and once a business fully understands this, it can manage and continually improve these processes to achieve consistent output results.

Improvement

Perfection is an overall goal, but not one that is achievable. There is always room for improvement, and an eternal goal for any organisation is to keep getting better, streamline processes and get the greatest return out of every part of the business.

Evidence-Based Decision Making

Data dominates the business world, and whilst one should avoid discounting anything that cannot be quantified, decisions should be made based on effective, objective analysis to as much pertinent information as possible.

Relationship Management

No business exists in a vacuum. Virtually every company has contractors, suppliers, service providers and other stakeholders that are part of symbiotic, interdependent business relationships. It is important to see the value in these relationships and foster them to ensure everyone thrives.