ISO has initiated actions to develop and publish ISO 17021-16 for the audit and certification of Innovation Management Systems (IMS), based on the ISO 56001:2024 Innovation Management System - Requirements. This will be the first edition of this audit and certification standard.

Innovation management is an important business area. Organizations compete based on price and differentiators, and innovation is one of the principal ways that organizations create differentiators. While still a young standard, ISO expects interest in innovation management to accelerate. As an example, all most all forms of artificial intelligence (AI) started as innovation initiatives.

The development of ISO 17021-16 is expected to be completed before mid-2027, and is jointly oversee by the ISO CASCO committee for conformity assessments and ISO Technical Committee 279 - Innovation Management. Once published, ISO certification bodies (CBs) worldwide will be able to apply for, and become authorized to perform ISO 56001 certification audits.

NOTE: Dallas N. Bishoff, the President of PROCESS 360, serves as the U.S. expert for the development of this standard. Given Dallas’ extension audit credentials, his voice and vision will drive this intiative towards a success outcome.

ISO 19011:2018 Guidelines for Auditing Management Systems is under revision, and is expected to be reissued in 2026. All ISO management systems are audited using the uniform collection of processes published in ISO 19011, which is the principal guidance for audit programs, how audits are conducted, audit reports are generated, and continual improvement is incorporated into management system audits.

The revision is oversee by ISO Project Committee (PC) 302. You can track the progress of ISO 19011 here on the PC 302 website.

NOTE: Dallas N. Bishoff, the President of PROCESS 360 is a voting member of PC 302.

On October 15, 2025 ISO initiative a review of ISO 17021-1:2015 Requirements for Bodies Providing Audit and Certification of Management System — Part 1: Requirements. ISO 17021-1, is the foundational standard used to certify all management systems, and maintain the certificate life cycle.

Generally, each management system is addressed by a dedicated standard that is part of the 17021-1 series, As an example, the ISO 9001 QMS standard is covered by Part 3 (ISO 17021-3). In other cases the audit and certification standard is an extension of the management system series. ISO 20000 (Service Management) is addressed by ISO 20000-6:2017; ISO 27001 (Information Security) is addressed by ISO 27006; ISO 27701 (Privacy Management) is addressed by ISO 27706; and ISO 42001 is addressed by ISO 42006. All of these standards start with ISO 17021-1 and identify the unique aspects, extensions, and requirements necessary to establish the audit and certify an organization against a specific management system standard.

The review and revision process will probably last all of 2026. The revision is overseen by CASCO, the ISO Technical Committee responsible for conformity assessments.

ISO 37304 Compliance Management Systems — Requirements for Bodies Providing Audit and Certification of Compliance Management Systems is currently under development, and in the Draft International Standard (DIS) stage. This standard will still have to pass through the Final Draft International Standard stage before it can be officially published, which is expected in 2026.

When published, ISO certification bodies can gain authorization to formally certify an organization’s Compliance Management System (CMS). ISO 37304 is an extension to the ISO 17021, Part 1: Requirements. This means that companies will be able to formally apply for and receive a formal ISO 37301 certificate, and gain recognition for their CMS programs.

ISO 17012 Guidelines for the Use of Remote Auditing Methods in Auditing Management Systems was published in 2024, and provides valuable guidance on how to conduct remote audits, which have become more prevalent after COVID.

Remote audits have unique challenges, especially auditing physical environments remotely, and the introduction of video conferencing and collaboration platforms to evaluate evidence. Video conferencing can incorporate recordings that may capture sensitive information, to include intellectual property, privacy information, business partner protected information, and client / attorney privileged protected content.

NOTE: The practice and risks of conducting audits using AI tools for evidence evaluation, audit transcription services, and related capabilities are not addressed by ISO 17012 (or other audit standards). AI possesses unique challenges to the confidentiality principle in audits. (See ISO 17021-1, Clause 4.6 and ISO 19011, Clause 4 d)). Auditors need to understand the application and risk of AI before incorporating artificial intelligence into audit practices.