The 2024 Corrigendum: What Changed for ISO Management Systems?

Why ISO Added Climate Change to Management Systems

In February 2024, ISO and the International Accreditation Forum (IAF) jointly announced amendments to over 30 management system standards, including ISO 9001, ISO 14001, ISO 45001, ISO 27001 and ISO/IEC 20000-1. These changes introduce two new requirements that compel organisations to consider climate change as a relevant external issue, and to acknowledge that interested parties may have requirements related to climate change.

The update stems from ISO’s London Declaration on Climate Change; a commitment to ensure that every management system standard supports global climate goals. The intention is not to turn every audit into an environmental review, but to make sure the potential impact of climate change is at least considered within your management system’s context.

What Exactly Has Changed in ISO 27001 (and Others)

Two small sentences were added:

• Clause 4.1 – Understanding the organisation and its context:
  “The organisation shall determine whether climate change is a relevant issue.”

• Clause 4.2 – Understanding the needs and expectations of interested parties:
  “NOTE: Relevant interested parties can have requirements related to climate change.”

On paper, that looks minor. In practice, it prompts every organisation to pause and ask:

• Could climate change affect our ability to achieve our management system’s objectives?

• Do our customers, regulators, or stakeholders expect us to address it?

  For an Information Security Management System, this might mean assessing how extreme weather or energy disruption could impact data centres, connectivity, or business continuity arrangements. For quality or safety systems, the implications will differ, but the principle remains the same: climate change is now part of “context”.

Practical Steps for Compliance and Good Governance

If you already maintain a management system, you’re likely part-way there. The Corrigendum doesn’t require new controls, KPIs or policies. It simply ensures climate change isn’t ignored when reviewing external issues and interested-party expectations.

Here’s how to respond effectively:

1. Update your context review – Add climate change to your list of external factors in Clause 4.1, even if the conclusion is “not relevant at this time”.

2. Record rationale – Keep brief evidence showing how you considered it (e.g. risk register, management review minutes, or SWOT summary).

3. Engage stakeholders – Ask if clients, insurers, or regulators expect you to address climate-related risk in your service delivery.

4. Stay proportionate – The amendment isn’t about carbon accounting; it’s about resilience. Treat it as a governance topic, not a sustainability audit.

By handling it this way, you meet the amended requirement, satisfy auditors, and demonstrate that your organisation recognises broader environmental dependencies, without adding unnecessary bureaucracy.

Copplestone Consulting helps organisations interpret ISO 27001 and related standards pragmatically, embedding compliance and resilience without complexity.