ISO 55001 Certification Is a Floor, Not a Finish Line

Your organisation just earned ISO 55001 certification. The certificate is framed in reception. At the celebration, nobody asks the uncomfortable question: does it actually mean your asset management is any good?

Here is the honest answer. Certification proves you conform to a set of requirements. It does not prove you are capable. Those are different things, and the gap between them is where a lot of asset owners quietly come unstuck.

That distinction matters more this year, because the rules of the audit just changed.

What changed in 2026

In June 2026 the Global Forum on Maintenance and Asset Management (GFMAM) published the third edition of its Guidance for an Asset Management System Scheme for Accredited Certification to ISO 55001. It is not a standard for asset owners. It is the rulebook the certification bodies and accreditation bodies follow when they audit and certify your management system.

The scheme supplements the generic conformity assessment standard, ISO/IEC 17021-1:2015, with a set of asset management specific requirements. It pins the audit firmly to ISO 55001:2024 and to the vocabulary in ISO 55000:2024, so terms like strategic asset management plan, critical asset, and the line between a major and a minor nonconformity all mean the same thing across every certified organisation.

It also gets specific about the things that used to vary between auditors. There is now defined guidance on audit durations, on what an audit report must contain, on how the ISO 55001 clauses should be applied during an audit, and on the competencies an audit team must hold. In plain terms: audits should now be tougher, more consistent, and harder to pass on paperwork alone.

That is genuinely good news. A more rigorous, more consistent certification regime lifts the floor for everyone. The trap is mistaking the floor for the ceiling.

What certification actually proves

ISO 55001 is a requirements standard. Read it and you will find the word "shall" on almost every page. Conformance is binary at the clause level: either you have a documented strategic asset management plan that meets the requirement, or you do not. Either you have evidence that you manage your critical assets according to your own policy, or you do not.

A certification audit checks exactly that. The auditor gathers evidence, tests it against the "shall" statements, and raises nonconformities where the evidence falls short. Clear the nonconformities and you are certified. The scheme makes that process more robust, but it does not change what is being tested. It is testing whether the machinery of a management system exists and runs.

That is worth having. It is not the same as being good at managing assets.

What it does not prove

Certification is silent on how well you do any of it. You can hold a compliant asset management plan that nobody outside the asset team has read. You can run a risk process that produces a register no decision is ever based on. You can conform to every clause and still make poor renewal calls, carry the wrong spares, and discover your most critical asset the hard way.

Conformance asks: do you have a process? Capability asks: is the process any good, and is it actually changing decisions and outcomes? A certificate answers the first question. It says nothing about the second.

This is the difference between compliance and maturity, and it is not academic. We have seen organisations treat the certificate as the destination, stop investing the day after the audit, and slide backwards while the certificate on the wall stays valid for another three years.

Close the gap with a maturity view

The fix is not to dismiss certification. It is to pair it with something that measures capability rather than conformance.

A maturity assessment does that. Instead of a pass or fail against "shall" statements, it scores how developed each part of your asset management system actually is, usually on a scale, against a capability framework such as the GFMAM Asset Management Landscape or the guidance in ISO 55002. It tells you not just whether a process exists, but whether it is embedded, repeatable, informed by good data, and driving better decisions.

Used together, the two instruments answer different questions and cover each other's blind spots:

• Certification gives you external assurance and a credible floor. It is the audited, accredited statement that the system exists and conforms.
• Maturity assessment gives you direction. It shows where capability is thin, where to invest next, and whether last year's investment actually moved the needle.

One proves you are in the game. The other tells you whether you are winning it.

Worth noting who is qualified to give you that second view. SAS Asset Management is an IAM Endorsed Assessor, recognised by the Institute of Asset Management to deliver formal asset management maturity assessments. That endorsement is itself a capability check, the assessor is independently vetted, so the maturity picture you get is credible rather than a self graded exercise.

What to do before your next audit

If you are heading toward certification, or recertification under the new scheme, three moves will serve you well.

First, treat the tighter scheme as a prompt, not a threat. Read what auditors will now examine more closely, particularly around critical assets and the competencies of your own people, and close those gaps deliberately rather than scrambling in the audit window.

Second, decide what certification is for in your organisation. If it is a procurement requirement or a board level assurance, fine. Just be honest that it is a floor, and resource it as one.

Third, run a maturity assessment alongside it, on a cycle that is independent of the audit. Let the certificate prove conformance to the outside world. Let the maturity view drive your improvement plan on the inside. The organisations that do both are the ones still improving long after the certificate is framed.

The new GFMAM scheme has raised the floor. The question worth asking your team is not "are we certified?" It is "how far above the floor are we actually standing?"

SAS Asset Management provides advanced analytics, expert asset management services and maturity assessments to help asset owners realise their value. As an IAM Endorsed Assessor, we assess capability against ISO 55001, GFMAM and AI readiness frameworks, vendor neutral and grounded in what works on the tools.

Talk to us

Certified, and want to know how far above the floor you are actually standing? Book a maturity conversation.