I joined the ISO 9001:2015 transition late. Not catastrophically late — I had enough time to do the work properly — but later than I should have. I was running quality operations at a Tier 1 automotive supplier, and like most quality leaders, I was busy. Customer audits, supplier fires, internal nonconformities, production support. The transition felt like a future problem. Until it was a current problem, and the timeline had compressed.

We got through it. The certificate landed clean. But the process was harder, messier, and more expensive than it needed to be. With ISO 9001:2026 now on the horizon, I find myself reflecting on what I learned from that transition — and from every transition since. Here are the five things I would tell my younger self.

1. The gap analysis is the project. Everything else is execution.

In 2015, I treated the gap analysis as a checkbox — a document to produce before the real work began. I spent two days on it. I should have spent two months.

The gap analysis is where you discover the structural changes you need to make. Structural changes — new processes, redefined roles, system modifications — take months to implement. If your gap analysis is shallow, you discover the structural gaps late, during implementation or worse, during internal audit. By then, your timeline is gone.

For ISO 9001:2026, I started the gap analysis during the committee draft stage. Deep, thorough, brutally honest. Every finding mapped to an implementation effort estimate, a risk level, and a resource requirement. The gap analysis was more useful than any consultant engagement I have ever commissioned. It told me exactly what I was facing — no surprises, no late discoveries, no compressed timelines.

Spend more time on the gap analysis than you think you need. Every hour invested here saves five hours during implementation. This is the one area where over-preparation is impossible.

2. Do not let leadership treat this as a quality department project

This is the mistake I see most often, and the one I made myself in 2015. The CEO says "ISO transition — that is quality's job." The plant manager says "let me know when it is done." Leadership engagement becomes a box-checking exercise — a signed policy statement, a fifteen-minute appearance at the management review, a delegated representative who has no real authority.

ISO 9001:2026 makes this approach explicitly non-compliant. Leadership engagement must be demonstrable through specific outputs. But beyond compliance, every successful transition I have led had one thing in common: leadership treated it as an organizational transformation, not a quality project.

At SNOP, where I built the quality function for 900+ employees from a greenfield site, the transition succeeded because the plant director co-chaired the steering committee. Not as a figurehead — as a decision-maker. Resource conflicts were resolved in hours, not weeks. Cross-functional resistance was addressed at the source. The message was clear: this is how we operate, not something the quality department does to us.

If you are a Quality Director preparing for 2026, have the leadership conversation now. Define what engagement looks like. Define specific outputs. Define the consequences of delegation. This conversation is uncomfortable. It is also the single highest-value thing you can do for your transition.

3. Train before you implement, not after

In 2015, we did implementation first and training second. We designed the new processes, deployed them, and then trained people on how to operate them. This is backwards. By the time training happened, people had already developed their own interpretations of the new processes. Some were correct. Most were not. We spent three months undoing informal adaptations that had calcified into daily practice.

For every transition since, I have trained first. Explain the new requirements. Walk through the new processes before they go live. Let people ask questions, raise concerns, identify practical problems. Then implement. The adoption rate is dramatically higher, and the informal-adaptation phase disappears almost entirely.

4. Your internal audit is the real certification audit

I learned this lesson the expensive way. In 2015, our internal audit was performed by our own team, who already knew the QMS inside and out. They found minor documentation gaps. We fixed them. The certification auditor arrived — a fresh pair of eyes with no organizational assumptions — and found three issues our internal audit team had missed because they were too close to the system.

Now I insist on a "cold eyes" internal audit. Either an auditor from a different site, a reciprocal arrangement with another company, or an independent consultant brought in specifically for the transition audit. The internal audit must be harder than the certification audit. If your internal audit produces zero findings, your internal audit is not rigorous enough — it is not a validation of excellence, it is a warning that your auditor has organizational blindness.

5. Use the transition to kill what does not work

An ISO transition is a rare opportunity to clean house. Every documented procedure is up for review. Every process is being reassessed. Every form, checklist, and record is being examined against new requirements. This is the moment to ask: does this add value? Does this help us make better products, reduce risk, or improve decisions?

In 2015, I was too conservative. I kept procedures that were outdated because "they still work." They did not work — they were just familiar. They consumed time, created audit findings, and confused new employees. The procedures I redesigned from scratch were the ones that worked best.

For ISO 9001:2026, my approach is different. Every document gets challenged. If it does not serve the process or the people running it, it gets cut. The transition is not just about adopting new requirements — it is about creating a leaner, more effective management system. The standard gives you permission to simplify. Use it.

The lesson underneath all the lessons

If I could send one message back to my younger self in 2015, it would be this: the transition is not an event. It is a test of whether your organization can change. If you treat it as a compliance project — checkboxes, documents, certificates — you will pass the audit and gain nothing. If you treat it as an opportunity to build a better operating system, you will gain something that outlasts any certificate: an organization that is more capable, more adaptable, and more resilient than it was before.

That is the real return on a transition well done. The certificate is just the receipt.