Clause 6.3: The New Change Management Requirement in ISO 14001:2026

Of all the changes between ISO 14001:2015 and ISO 14001:2026, the introduction of Clause 6.3 is the one most likely to surface a real, documented gap in an existing EMS. It is the only entirely new clause in the 2026 edition, and there is no equivalent provision in the 2015 standard. If you hold ISO 14001:2015 certification today and your transition audit is in 2027, 2028 or early 2029, this is the clause an auditor is most likely to test first.

That doesn't mean it's complicated. The intent is straightforward, and most organisations are already doing change management in some form — through quality, safety, project management or ITIL-style processes. What the 2026 edition does is bring change management explicitly under EMS control. This article walks through what Clause 6.3 actually says, why ISO has introduced it, what your existing 2015 EMS likely doesn't have, how to build a compliant procedure, and what auditors are likely to look for.

For a clause-by-clause walkthrough of all the 2026 changes, see ISO 14001:2026 Explained: Clause-by-Clause Changes from the 2015 Edition. For background on ISO 14001 itself, see the Compliance Council ISO 14001 page.

What Clause 6.3 actually says

The clause itself is short. The full text reads:

"When the organization determines the need for changes that affect or can affect the environmental management system, the changes shall be carried out in a planned manner. The changes shall be managed to ensure that the organization can achieve the intended outcomes of its environmental management system."

The clause includes two notes — one pointing to Annex A.6.3 for examples of where the need for change can arise, and one noting that managing change is also addressed in various other requirements throughout the standard.

That's it. The auditable text is two sentences. The depth comes from Annex A.6.3, which is where most of the practical guidance lives.

What Annex A.6.3 expands on

Annex A.6.3 explains that managing change is "an important part of maintaining the environmental management system that ensures the organization can achieve the intended outcomes of its environmental management system on an ongoing basis." It describes change as either planned or unplanned — meaning the procedure must cover both anticipated changes (a new process, a new site) and emergent ones (a regulatory shift, a supplier failure, a natural disaster).

The Annex lists eight categories of change that should be planned and managed:

a) New or changes to existing products, services, processes, operations, equipment or facilities; b) Changes to compliance obligations; c) Changes in knowledge or information about environmental aspects, environmental impacts or risks and opportunities; d) Developments in knowledge and technology; e) Changes to technical specifications of materials or process inputs; f) Changes in business assets due to mergers, acquisitions, joint ventures or divestitures; g) Changes in staff or external providers, including contractors; h) Business disruption due to, for example, supply chain issues, labour disputes, natural disasters, regime change, political unrest or war.

Annex A.6.3 also identifies six other clauses where change-management requirements appear: 6.1.2 (environmental aspects), 7.4.2 (internal communication), 7.5.3 (control of documented information), 8.1 (operational control), 9.2.2 (internal audit programme), and 10.2 (nonconformity and corrective action). Clause 6.3 is the umbrella requirement that ties these together.

Why ISO introduced it

Change management was implicit in ISO 14001:2015 — Clause 8.1 already required organisations to "control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary." But that requirement sat inside operational planning and control, focused on the operations layer. It didn't require a structured EMS-level approach to anticipating and planning for changes that affect the EMS itself.

The 2026 edition lifts change management out of operations and into planning. That's deliberate. Several common audit findings under the 2015 edition revealed that organisations were good at controlling operational changes (a process change, an equipment swap) but poor at managing EMS-level changes — for example, treating a major acquisition or a material change to compliance obligations as an EMS event with planning consequences. The 2026 edition closes that gap.

It also brings ISO 14001 into line with ISO 9001:2015's Clause 6.3 (Planning of changes), which has been in place since 2015. If you also hold ISO 9001 certification, you'll find the structure familiar.

What your 2015 EMS likely already has — and what's likely missing

Most organisations we work with are doing change management in some form, just not in a way that 2026 auditors will accept as conformance to Clause 6.3. The common patterns:

You probably have:

• Operational change-management controls under Clause 8.1 (e.g., MOC procedures for plant modifications, change orders for project work).
• Project-management gates that include environmental sign-offs.
• IT change advisory boards for technology changes.
• A management of change (MOC) procedure if you're in mining, manufacturing or process industries.

You probably don't have:

• A documented EMS-level change-management procedure that explicitly references Clause 6.3.
• A defined trigger that brings non-operational changes (M&A, regulatory updates, business disruption, leadership changes) into the EMS.
• Documented evidence that EMS-level changes have been planned and managed under a single coherent procedure.
• Cross-references between the change procedure and the other clauses where change is implicated (6.1.2, 7.4.2, 7.5.3, 8.1, 9.2.2, 10.2).

The transition gap, in other words, is usually about consolidation and documentation — bringing existing practices under a single Clause-6.3 procedure — rather than building something brand new.

How to build a compliant Clause 6.3 procedure

We typically structure a Clause 6.3 procedure around six elements. The exact format (a procedure document, a section of the EMS manual, or a process map) is up to you — what matters is that the elements are visible to an auditor.

1. Define what counts as a change

Annex A.6.3 lists eight categories. You don't have to use them verbatim, but your procedure should define the scope of changes that fall under it. The temptation is to be too narrow ("only changes to processes that have a significant environmental aspect"); the better practice is to start broad and let the procedure's risk-based assessment filter what actually needs detailed planning.

A useful working definition: "any change, planned or unplanned, that affects or can affect the EMS or the organisation's ability to achieve the intended outcomes of the EMS."

2. Identify the trigger points

A change-management procedure that doesn't get used isn't worth the paper it's written on. Build trigger points into the procedures you already have. Typical triggers include:

• New project or contract initiation gates;
• Procurement of new equipment, materials or external providers;
• Onboarding of a new significant supplier or contractor;
• Receipt of new or changed regulatory advice;
• Internal audit or management review identifying a need for change;
• Mergers, acquisitions, divestitures or major restructures;
• Significant external events (supply chain disruption, regulatory action, natural disaster).

For each trigger, the procedure should specify who initiates the change-management process and what the first step is.

3. Define roles and authorities

Clause 6.3 doesn't explicitly require role definitions, but Clause 5.3 (Roles, responsibilities and authorities) does. A workable Clause-6.3 procedure typically defines:

• A change initiator (the person or team that raises the change);
• A change reviewer (typically the EMS manager or environmental lead);
• A change approver (proportionate to risk — small changes can be approved at line-management level; major changes typically require senior management or top management);
• Functional reviewers — depending on the change, this may include compliance, engineering, procurement, HR, legal, IT.

4. Plan the change

The planning step is where the procedure should require the change initiator (and reviewer) to consider:

• Purpose of the change and intended outcome;
• Potential consequences for environmental performance — both intended and unintended;
• Resources required (people, capital, time);
• Effect on existing significant environmental aspects, compliance obligations, and risks and opportunities;
• Whether the change introduces new aspects, obligations or risks;
• How the integrity of the EMS will be maintained during and after the change;
• Whether documented information needs to be created, updated or retired (Clause 7.5.3 applies);
• Whether internal or external communication is required (Clause 7.4 applies);
• Whether the internal audit programme needs to be adjusted (Clause 9.2.2 applies).

Most of our clients use a one-page change request form covering these items. Larger or higher-risk changes can spawn a full plan with workstreams, RACIs and a schedule.

5. Implement and verify

The procedure should require:

• Approval before implementation, proportionate to risk;
• Implementation against the documented plan;
• Verification that the change has achieved its intended outcome and not introduced unmitigated adverse effects;
• An after-action check or post-implementation review for higher-risk changes.

For unplanned changes (a regulatory shift, a supplier failure, a natural disaster), the implementation step compresses but the verification step is still required.

6. Cross-reference the related clauses

Annex A.6.3 lists six other clauses that contain change-related requirements. Your Clause-6.3 procedure should cross-reference each:

• Clause 6.1.2 (Environmental aspects) — the aspects register must be reviewed and updated as part of the change.
• Clause 7.4.2 (Internal communication) — material changes affecting the EMS must be communicated internally.
• Clause 7.5.3 (Control of documented information) — version control, distribution, and retention/disposition of changed documents.
• Clause 8.1 (Operational control) — operational changes still need to flow through the operational control regime.
• Clause 9.2.2 (Internal audit programme) — changes affecting the EMS should be considered when planning audit cycles.
• Clause 10.2 (Nonconformity and corrective action) — where a change is triggered by a nonconformity, the corrective action and the change can be managed together.

A simple cross-reference table at the back of the procedure usually does the job.

What auditors will look for

Based on early certification body briefings on the 2026 edition, auditors will typically check three things:

First, that the procedure exists and is documented. The bare minimum is a Clause-6.3 procedure (or a section of the EMS manual that addresses the requirement) with a clear scope, trigger points, roles, and planning steps.

Second, that the procedure is being used. A pristine procedure with no records of use is a finding waiting to happen. Auditors will sample recent changes — a new contract, a new supplier, a new piece of equipment, a regulatory update — and ask to see how the change-management procedure was applied. Be prepared to walk through real examples.

Third, that the procedure is integrated with the rest of the EMS. Common findings include cases where the change-management procedure exists but the aspects register, document control, communication and audit programme are out of step. The cross-reference table mentioned above is a useful pre-audit self-check.

Common audit pitfalls

Some common pitfalls we see in early 2026-aligned EMSs:

• Procedure scope too narrow. Limiting Clause-6.3 to operational changes leaves M&A, regulatory updates, business disruption and supply chain issues outside the EMS. Annex A.6.3 explicitly names these as in scope.
• No coverage of unplanned changes. The procedure must address both planned and unplanned changes. Most quality-driven MOC procedures only cover planned changes.
• No records. A procedure with no records of recent use will be found in any 2026 audit. Even small changes should be logged.
• Disconnected from aspects and risks. A change-management procedure that doesn't update the aspects register or the risk register is incomplete.
• No cross-reference to operational controls. Operational changes still need to flow through Clause 8.1; Clause 6.3 is the planning umbrella, not a replacement.

Worked example — a small change

To make this concrete, here's a worked example. A mid-size construction firm wins a new contract that includes works in a state-government-listed wetland buffer.

Trigger: Contract award.

Initiator: Project manager.

Reviewer: EMS manager.

Approver: Operations director (because the change introduces a new compliance obligation and a new significant aspect).

Planning considerations:

• New compliance obligation (state EPBC referral and wetland-specific approval conditions). Must be added to compliance obligations register (6.1.3).
• New significant aspect (works in sensitive aquatic ecosystem). Must be added to aspects register (6.1.2).
• New risks (sediment runoff, machinery in wet areas, biodiversity disturbance). Must be added to risk register (6.1.4).
• New operational controls (sediment fencing, dewatering protocols, ecological supervision). Must be embedded in project EMS (8.1).
• Communication to subcontractors and site personnel about the conditions (7.4.2).
• Internal audit programme to include a wetland-condition compliance check (9.2.2).
• Documented information: project EMS, sub-plans, monitoring records (7.5).

Outcome: The change is documented, approved, implemented under the project's EMS, and verified at project closeout. Records on file include the change request, the approval, the updated registers, the operational controls, and the post-implementation review.

That's Clause 6.3 working as intended.

What to do now

If your transition audit is more than 12 months out, you have time. The recommended sequence:

1. Audit your existing change-management practice. Identify what already exists across operations, project management, MOC, compliance and IT.
2. Write or update a Clause 6.3 procedure. Cover the six elements above.
3. Train EMS users and triggers owners. Most pilot users will be project managers, procurement, compliance and HR — the functions where changes typically originate.
4. Run the procedure for a quarter. Generate enough records to demonstrate the procedure is in use.
5. Update related registers. Make sure aspects, compliance obligations and risk registers reflect the changes managed during the pilot.
6. Internal audit before the transition audit. The 2026 internal audit programme should specifically test Clause 6.3.

The work is rarely heroic — it's a few weeks of consolidation and documentation. But it's the work most likely to be queried in a 2026 transition audit, and the work most often left until the last minute.

For a clause-by-clause walkthrough of every 2026 change, see ISO 14001:2026 Explained: Clause-by-Clause Changes from the 2015 Edition. For the new environmental conditions in Clauses 4.1 and 6.1.4, see Climate, Biodiversity and Ecosystem Health in ISO 14001:2026 — What Each Industry Needs to Do. For the strengthened lifecycle and supply-chain provisions in Clause 8, see Supply Chain and Lifecycle Obligations in ISO 14001:2026.

For background on ISO 14001 generally — what it is, who needs it, and how certification works — see the Compliance Council ISO 14001 page.