English (UK) hello@isochecklist.com
Help & FAQ Contact Us
Cart (0)
HomeIntegratedMigration Guide

ISO Standard Migration & Transition Guide

Everything you need to know about transitioning your management system between ISO standard versions, including timelines, gap analysis and what auditors expect.

What is ISO Migration?

ISO migration is the process of transitioning your management system from one version of an ISO standard to a newer version. Certification bodies commonly refer to this as a “transition”. When the International Organization for Standardization publishes a revised standard, organisations holding certification to the previous version must migrate within a set transition period — typically three years — or risk losing their certification.

Migration is not simply a documentation exercise. It requires a thorough understanding of what has changed, a gap analysis of your current system against the new requirements, and a structured plan to implement the necessary updates across your organisation.

Current Standard Versions

The following are the current versions of the three major management system standards:

  • ISO 9001:2015 — The current quality management system standard, replacing ISO 9001:2008. Published in September 2015 with a three-year transition period that closed in September 2018.
  • ISO 14001:2015 — The current environmental management system standard, replacing ISO 14001:2004. Published in September 2015 with a three-year transition period that closed in September 2018.
  • ISO 45001:2018 — The current occupational health and safety management system standard, replacing OHSAS 18001:2007. Published in March 2018 with a three-year migration period that closed in March 2021.

ISO periodically reviews all standards on a five-year cycle. Future revisions to any of these standards will follow the same transition model, with a defined migration period announced at the time of publication.

Migration Process — Step by Step

Regardless of which standard you are transitioning, the migration process follows a consistent sequence of steps:

  1. Step 1: Obtain the new standard and understand the changes — Purchase the revised standard from your national standards body or directly from ISO. Read it thoroughly and identify every clause that has changed.
  2. Step 2: Conduct a gap analysis — Compare your current management system against the new requirements. Document every gap where your existing processes, documentation or practices do not meet the revised standard.
  3. Step 3: Develop a transition plan with timeline — Create a project plan that assigns responsibilities, sets deadlines and sequences the work. Allow enough time for implementation and at least one full internal audit cycle before your transition audit.
  4. Step 4: Update documentation — Revise your policy, manual, procedures and forms to reflect the new requirements. This includes updating terminology (for example, “documented information” replacing “documents” and “records”).
  5. Step 5: Train staff on new and changed requirements — Ensure that everyone affected by the changes understands what is different and what is expected of them. Focus training on the practical impact rather than just reading out clause numbers.
  6. Step 6: Implement the changes — Put the revised processes into practice. Allow sufficient time for the changes to bed in so that you can demonstrate a track record of conformance.
  7. Step 7: Conduct internal audit against the new standard — Audit your management system against the new version to verify that all gaps have been closed and the system is functioning as intended.
  8. Step 8: Management review of transition — Present the results of the gap closure and internal audit to top management. Confirm that the system is ready for the external transition audit.
  9. Step 9: Transition audit by certification body — Your certification body conducts a formal audit against the new version of the standard. This can be combined with a scheduled surveillance or recertification audit.

Key Changes When Migrating

The 2015 revisions of ISO 9001 and ISO 14001 introduced several fundamental changes that carry across to ISO 45001:2018 as well. Understanding these themes is essential for any migration:

  • Risk-based thinking — Introduced in the 2015 versions, this replaces the former concept of “preventive action” with a systematic approach to identifying risks and opportunities throughout the management system.
  • Context of the organisation — A new requirement in all three standards, requiring organisations to identify internal and external issues that affect their ability to achieve intended outcomes.
  • Leadership emphasis — The 2015 and 2018 standards place greater responsibility on top management, replacing the former concept of “management responsibility” with active leadership and commitment.
  • Documented information — The terms “documents” and “records” have been replaced by the single term “documented information”, giving organisations more flexibility in how they maintain their system documentation.
  • No requirement for a Management Representative — The formal role of Management Representative has been removed. Responsibility for the management system is now dispersed among top management, though organisations may still choose to appoint a dedicated role.
  • Performance evaluation emphasis — Greater focus on monitoring, measurement, analysis and evaluation of management system performance, including the need to determine what to measure, how and when.

OHSAS 18001 to ISO 45001 Migration

The transition from OHSAS 18001 to ISO 45001 deserves special attention because it involves moving from a British Standard (OHSAS) to a full international ISO standard. This is not a simple revision but a fundamental restructure. Key differences include:

  • Worker consultation and participation — ISO 45001 places significantly greater emphasis on consulting workers at all levels and ensuring their active participation in the OH&S management system. This goes well beyond the OHSAS 18001 requirements.
  • Organisational context — A completely new requirement. Organisations must identify the internal and external issues relevant to OH&S, as well as the needs and expectations of workers and other interested parties.
  • Risks and opportunities (expanded) — While OHSAS 18001 focused on hazards and risks, ISO 45001 expands this to include opportunities for improving OH&S performance and opportunities arising from changes in processes or the work environment.
  • Outsourcing and procurement requirements — ISO 45001 includes explicit requirements for controlling outsourced processes and ensuring that procurement of goods and services does not introduce unacceptable OH&S risks.
  • Annex SL High Level Structure — OHSAS 18001 did not follow the HLS. Migrating to ISO 45001 means restructuring your entire system documentation to align with the ten-clause framework shared by ISO 9001 and ISO 14001.