AEC Insights

Standards · Audits · Compliance · Implementation

Standard Updates Mar 17, 2026 11 min read
ISO 50001 Energy Baseline Drift: Why Your EnPIs Won’t Survive CSRD Assurance
ISO 50001 energy baseline drift produces EnPIs that look like improvement but won't survive CSRD limited assurance. Learn why Clause 6.5 gaps create cross-framework reporting risk and how to build a baseline review trigger protocol.
Read article →
Diagram showing PRP baseline shift from ISO TS 22002-1 2009 to ISO 22002:2025
Audit Preparation Mar 9, 2026
Your Hazard Analysis PRP Baseline Is Wrong — FSSC 22000 V7 Will Expose It
ISO 22002:2025 replaces the PRP baseline underpinning most ISO 22000 hazard analyses. When FSSC 22000 V7 mandates the new reference, every unreconstructed hazard analysis faces scope invalidation at the PRP–oPRP–CCP categorisation interface.
Read article →
ISO 13485 design controls mapping from legacy 820.30 to QMSR Clause 7.3
Audit Preparation Mar 1, 2026
ISO 13485 Design Controls Under FDA QMSR: Why Relabeled DHF Records Fail at Clause 7.3
Relabeled DHF headers do not satisfy ISO 13485 design controls under FDA QMSR. This analysis identifies the three Clause 7.3 gaps — at 7.3.3, 7.3.6, and 7.3.7 — where legacy 820.30 records break, and provides a phased implementation sequence to close them.
Read article →
Governing body reviewing anti-bribery function direct reporting evidence
Implementation Guides Feb 26, 2026
How ISO 37001:2025 Catches Anti-Bribery Function Independence Failures
ISO 37001:2025 requires the anti-bribery function to operate with structural independence and direct governing body access. Most organisations' reporting lines create a nonconformity under Clause 5.3.2 — here's how to identify and fix the gap before transition audit.
Read article →
Diagram showing AI impact assessment lifecycle under ISO 42001 Clause 8.2
Audit Preparation Feb 26, 2026
Your AI Impact Assessment Is Already Outdated — The ISO 42001 Clause That Proves It
Most ISO 42001 AI impact assessments are performed once and never updated. Clause 8.2 requires reassessment when significant changes occur — but most organisations never define that threshold. Here's how to close the gap before surveillance.
Read article →
Auditor reviewing ISO 22301 BIA documentation during surveillance visit
Audit Preparation Feb 5, 2026
Your ISO 22301 BIA Passed Certification. It Doesn’t Reflect Your Organisation Anymore.
Most ISO 22301 BIAs are accurate at certification and rubber-stamped thereafter. Clause 8.6 now gives auditors a direct mechanism to challenge whether your BIA is fit for purpose — not just whether it was reviewed on schedule.
Read article →
Diagram showing ISMS scope boundary gaps where cloud and SaaS data flows cross undocumented perimeters
Audit Preparation Jan 17, 2026
Your ISMS Scope Is Protecting the Wrong Perimeter — and ISO 27001 Auditors Know It
Most ISMS scope statements describe an organisation that existed three migrations ago. Learn why ISO 27001 Clause 4.3 scope failures trigger Stage 2 findings and how to define boundaries that follow information flows, not org charts.
Read article →
ISO 45001 hazard identification scope gap diagram showing contractor coverage
Audit Preparation Jan 3, 2026
ISO 45001 Hazard Identification: The Scope Gap That Fails First Audits
Most ISO 45001 hazard registers look complete until an auditor asks one question: “Show me the contractor hazards.” The register covers production lines, office ergonomics, warehouse traffic. It…
Read article →
ISO 9001 Clause 4 review workflow for context, interested parties, and scope
Audit Preparation Jan 1, 2026
ISO 9001 Clause 4: The Certification Box-Tick That Becomes a Transition Liability
Most organisations certified to ISO 9001:2015 completed their ISO 9001 Clause 4 documentation once — at initial certification — and have not meaningfully updated it since. The context…
Read article →