Between practice and vision: What do industry experts expect from the ISO 9001 update?

Rethinking ISO 9001

What DQS experts expect from the revision

The experience of our customers, auditors and experts shows where ISO 9001 reaches its limits in practice, which trends should not be overlooked and which opportunities a revision of the standard could open up. These assessments are based on concrete observations, diverse audit experiences and reflected expert opinions.

And they clearly show that there are no one-size-fits-all solutions - but there are many well-founded suggestions as to how the leading standard for quality management systems should develop in order to provide companies with effective guidance in the future.

Perceive QM more strongly as a central system for value creation

ISO/DIS 9001 indicates that quality policies, objectives, and measures should be derived more explicitly from the requirements of external stakeholders and corporate strategy. This can and should lead to QM being perceived and recognized more strongly as a central system for value creation.

In practice, this means establishing a reliable top-down flow of information. This allows strategic and market-relevant information to reach the various operational contexts and shape the definition of objectives and measures. From there, it guides the thinking and actions of employees. This makes it easier to meet the requirements of external stakeholders – and creates a more quality-conscious mindset.

Against this background, it would be desirable to further develop the requirements for “organizational knowledge” in a measured manner. On the one hand, this would allow for better control of information processing. On the other hand, ISO 9001 already requires knowledge-based activities such as “understanding,” “determining,” and “evaluating” at every turn.

If we take a step back from the text of the standard, a completely different picture emerges. We see that the pursuit of quality requires that stakeholder requirements be clarified and known, not just assumed. We recognize that understanding the context of the organization is a means of acquiring competitive knowledge about the market. And even the PDCA cycle can be seen as a process that generates valuable internal company knowledge from best practices and mistakes.

It might therefore be worthwhile to define a concept of knowledge for quality that certainly does not answer all philosophical questions on this topic, but can be used as a sharp instrument of QM.

Resisting the temptation of current trends

Positive after all that is emerging: that there seems to be no temptation to integrate current trend topics such as AI or digitalization into the standard, but rather to continue to focus on creating a set of rules that is independent of technology and methods. Even digital tools such as AI are merely additional operating resources when used in a company. Certainly, some of them are novel in their origin and functionality, but they are used in the same way; they simply require different skills and entail different risks. With the context of the organization, risk management, and other tools provided by the standard, each of these topics can still be addressed without any problems.

However, risk management itself appears largely unchanged at first glance, which is unfortunate. Other standards such as ISO 27001 go a step further in this area by providing more specific guidelines, often to the benefit of the organization. More narrowly defined requirements, such as the use of criteria such as probability of occurrence and extent of damage, would lead to more objective assessments and a more intensive examination of the risks.

On the other hand, separate opportunity management would be very welcome. Not only because this has often been neglected in the past, but also because it requires a different mindset than risk management. A conceptual separation in the standard would take this into account very well.

In summary, it can be said that the new standard appears to be an improvement. Not despite, but because it has changed little and continues to build on its strengths.

Thinking opportunities instead of just managing risks

The risk-based approach has been a recurring theme throughout ISO 9001, and not just since the 2015 revision, as it is a core task of the quality management system to have a preventative effect. In the current draft standard, the consideration of opportunities plays a greater role.

Unfortunately, this has hardly been realized in practice to date, as my current research project also shows: Opportunity management is systematically neglected. Yet the global parameters of what quality can and must achieve have changed rapidly over the past 10 years. An organization that not only wants to survive the sometimes chaotic conditions of the VUCA world, but also wants to benefit from them and satisfy its relevant interested parties, must also deal with its opportunities.

As part of TG 4 (Future Topics "Risk"), we have established that this applies to organizations worldwide. In the resulting "Risk Paper" of TG 4, it is therefore proposed that risks and opportunities be understood as two different concepts of dealing with change and systematically decoupled from each other. In addition to risk-based thinking, there would then also be opportunity-based thinking. This idea is currently the subject of controversial debate as part of the revision of ISO 9000 and ISO 9001.

In my opinion, the further development of both standards would benefit from raising the bar for dealing with risks and opportunities. After all, an organization that wants to position itself for the future cannot avoid the targeted definition and control of integrated risk and opportunity management(IRCM). An IRCM goes far beyond what can be found in organizations today. Should the revision of the standard pave the way for this, even top management would benefit directly from the result: Through better, coordinated decision templates that enable faster and more appropriate decisions for company-specific measures.

Quality management as a user experience

I expect the ISO 9001 revision to expand the stakeholder focus to include a user orientation of the management system. At its core, a quality management system has an information model that links the various aspects, processes and tools with each other. This essential information, methods and processes should be made available to the various (user) groups in the organization in a user-oriented manner. This also means that the structure of the management system should only be based on the individual sections of the standard if the organization of the company allows it. Otherwise, it should be adapted to the organization in order to ensure targeted information.

In addition to internal audits and the annual management review, a further aspect for making managers and process owners in particular even more accountable is the independent verification of the effectiveness of a management system. Key figures and stress tests can contribute to this in order to demonstrate not only the performance of the organization, but also that of the local management system component. It is particularly important that the management system is broken down and applied to each individual area in a systematic and verifiable manner.

Focus on the customer - but consistently

The fulfillment of customer requirements is a core objective of ISO 9001. Now, in addition to the collection and evaluation of customer requirements, the customer can increasingly assert itself in the processes. While the last revision of the standard in 2015 included more detailed requirements for external providers, the customer is perhaps now more in focus when it comes to integration into processes, learning from mistakes and enthusiasm factors. "Customer experience" is the relevant buzzword here.

This immediately raises a few questions: To what extent is the customer actually mapped in the processes, in the process descriptions and swimlanes? What customer experiences does the customer have at the touchpoints and in communication with the company? What mistakes do customers make and how can these be rectified? How do we really involve the customer as part of our continuous improvement? Is there a customer idea management system?

Do you have answers to all these questions? Congratulations - then your company is certainly a good "customer understanding". As early as 2011, such aspects were presented in the context of "DIN SPEC 77224 - Achieving customer delight through service excellence". I think this is a good guide to involving the customer and taking a closer look at the organization.

Incidentally, the same applies to another very important interested party - the employees. After all, DIN SPEC 77224 states that enthusiastic employees often also inspire customers. So if the topic of customer experience is on the agenda for the revision of the standard, you already know what could be behind it. And if not, dealing with it can definitely be exciting for the further development of your management system!

Focus on the key "emerging trends"

My expectation for the further development of ISO 9001:2015 is that the conversion effort for companies will be minimized and at the same time an improved, verifiable implementation quality will be achieved. The revision of the quality management standard should help to intensify the focus on quality worldwide, establish more effective and environmentally friendly processes and further increase customer satisfaction.

It is welcomed when the revision focuses on selected "emerging trends" that are crucial for a quality management system. This means that new technologies and business models are integrated into the requirements in order to meet future market demands.

Despite the adjustments, ISO 9001 is intended to remain a generic standard that can be applied to companies of different industries and sizes worldwide. This approach enables a uniform, reliable assessment of quality systems and creates trust among customers and business partners.

Yes to sustainability – but in the right context

As part of the discussion about what the ISO 9001 revision will contain, there is always speculation about which sustainability topics and verification requirements will be included in the standard. The fact is that apart from the topic of "climate change", which has made it into section 4 of the standard via the new "Harmonized Structure" for management systems, no other sustainability topics will be added. We can already see the practical effects of this today.

The scope of ISO 9001:2026 focuses on quality, so it is surprising that many auditors are suddenly focusing on climate change. The intention of this extension is clearly defined by ISO. It is about the company's impact on climate change. This was also confirmed by NA 147 in the corresponding statement on the request for interpretation on the extension of section 4.1. Whether climate change is a relevant "external issue" has always had to be answered by the company and is not an innovation. In my view, many people are clearly overshooting the mark here and trying to interpret something into the requirements.

Furthermore, there are no other product-related sustainability topics in the draft of the ISO 9001 update. This is not necessary, as the relevant sustainability requirements for products and services are already included in section 8.2. Although legal requirements, for example on CSR reporting, are binding for all companies, they are not related to the scope of the quality standard and therefore play no role here.

ISO 9001 therefore remains a standard that focuses on quality management and is not diluted by other non-scope requirements.

Leadership, culture, change - more than just a process description

The current ISO 9001:2015 requires, among other things, the definition of processes with their expected results and their control via KPIs, the definition of sequences and interfaces and the determination of resources. But is this requirement profile still sufficient for today's - and above all tomorrow's - world, in which factors such as leadership, flexibility, resilience, agility and change management are increasingly decisive for success?

My answer is: No. In companies that are successful in the long term, QM is understood and implemented holistically. It is not something that happens 'on the side', but is integrated into the corporate culture and strategy as an integral part of the 'corporate genes'. Good processes and their control are important and a good basis, but no guarantee of success. On the other hand, well-managed processes that are carried out in an organization with a clear strategic direction that is easy for all employees to understand and where resilient management systems supported by leadership exist are more likely to lead to corporate success.

The expected new standard requirements for promoting a quality culture and ethical behavior (section 5.1.1, section 7.3) and for linking the quality policy to the strategic orientation (section 5.2.1 e) are not groundbreaking innovations, but they are a small step in the right direction. These planned new management-related requirements on the topics of culture and ethics would place a clear focus on the great importance of 'soft' corporate factors. A good quality culture ensures that quality not only exists formally, but is lived on a daily basis - supported by management and employees, shaped by trust, participation and continuous improvement.

A corporate culture based on trust rather than power and control, a positive management and change culture and the sustainable exploitation of opportunities is crucial. Successful companies are characterized by leadership and not by silo thinking and 'micro-management'.

I have (unfortunately) not yet discovered requirements for entrepreneurial resilience, organizational change management and agility in the current draft standard, but these factors are definitely part of a successful company.

Context assessment: where, when, how often and by whom?

The struggle for and over the revision of ISO 9001:2015 shows one thing above all: everything is becoming increasingly complex and therefore less and less plannable and controllable; actually a basic concern of quality management systems, which have by no means forgotten their origins in quality assurance. Something is planned, then executed, then checked to see if the plan has worked. Good if it has. If not, we react in order to achieve the planned target after all. In short: Plan - Do - Check - Act.

But what happens when the foundations for the "plan" are constantly changing in an unforeseen and highly dynamic global context? How can meaningful, long-term and assessable "plan goals" still be developed and formulated? Where, when, how often and by whom are contextual considerations, assessments and practical derivations incorporated into the management system? Or does this happen - as is not uncommon - outside of the management system? While this very system continues to run in parallel without disruption, decoupled from reality and therefore without any great impact.

The context evaluation (political, economic, socio-cultural, technological, ecological and legal, e.g. according to the well-known PESTEL analysis) must therefore be given a completely new status in practice. If this is the case, then our management systems will become more dynamic, more adaptable, more flexible, but precisely for this reason also more comprehensive and more effective. This is and will become even more of a challenge for company managements that think and act in an integrated manner, but also for auditors. The question of a document entitled "contextual view" is no longer sufficient now, but will certainly no longer be sufficient in the future. Not even in the beginning.

Quality management must be tangible - not just verifiable

Impact over bureaucracy. Many people are calling for this when it comes to the future of ISO 9001. Time and again, audits show that companies invest a lot of time and resources in documenting measures. But whether these measures are actually effective is rarely systematically checked.

This is precisely where many auditors see a need to catch up: Instead of focusing primarily on the "whether" - i.e. the existence of procedures, evidence and formulations - the standard should ask more questions: How effective is what has been documented?

A continuous improvement process may be formally in place, with clearly defined procedures, responsibilities and documentation requirements - but if employees hardly use it or results are lacking, the actual benefit remains low. The situation is similar with standardized assessments, for example in supplier management. Here too, the decisive factor is whether concrete measures are derived from the data collected or whether they merely serve as a formal requirement.

Such constellations show: Conformity with the standard is not automatically an indicator of quality in the lived sense. A stronger emphasis on impact orientation would encourage organizations to consistently gear their management systems towards real improvement. This does not mean dispensing with evidence. But it should not become an end in itself. Instead, they should be a means of making developments visible - and progress comprehensible.

Conclusion: Expert opinions on the ISO 9001 update

The discussion about the ISO 9001 revision clearly shows that the requirements for quality and organizations have changed - and with them the expectations of an effective management system. Auditors, standards experts and users from the field are not calling for a radical reorientation, but for clear further development in key areas: more impact instead of formalism, more room for opportunities, a more consistent customer and user focus and a modern approach to leadership, change and technology.

The use of artificial intelligence will also change the way in which quality management systems are developed, monitored and evaluated. Initial approaches to AI-supported data evaluation in the audit process show the potential that is emerging here - provided that standards create the space for digital tools without losing their binding nature.

The voices that have their say in this article reflect the reality of dealing with ISO 9001 - and the conviction that quality must be thought of differently today. Not as a collection of specifications, but as a system that provides orientation, promotes responsibility and enables companies to operate successfully in dynamic markets.

What DQS can do for you

DQS has stood for reliable and independent certification of management systems since 1985. As the first German certifier, we offer companies worldwide orientation, security and trust - through value-adding audits and certificates with international recognition.

Our strength: technical depth, regulatory expertise and a clear understanding of industry-specific requirements. This enables us to demonstrate the effectiveness of your management system and develop it further in a targeted manner - fact-based, comprehensible and future-oriented.

Certification with DQS stands for trust - both internally and externally. Our audits are not a matter of working through checklists, but a structured dialog at eye level. We have been accredited for ISO 9001 by the German Accreditation Body(DAkkS) since 1991.

Through our involvement in the committees of the German Society for Quality(DGQ) and the German Institute for Standardization(DIN), we follow the ISO 9001 revision process at close quarters. We keep you up to date on all developments - well-founded, practical and to the point. Find out more in our article on the revision of ISO 9001.

Trust and expertise

Our texts and brochures are written exclusively by our standards experts or long-standing auditors. If you have any questions about the text content or our services to our author, we look forward to hearing from you.

Note: For reasons of better readability, we use the generic masculine. However, the directive includes persons of all gender identities where necessary for the statement.