Issue 35 – February 2012
Guidelines for auditing management systems ISO 19011:2011 provides guidance to conduct internal or external management system audits and to manage audit programmes. Many organisations incorporate several management systems, such as quality, environmental, information technology services, and information security. The revised ISO 19011 provides a uniform approach to multiple management system audits, to help organisations to combine the auditing of these systems and to save money, time, and resources.
The 2002 edition of ISO 19011 applied only to ISO 9001 (quality) and ISO 14001 (environment). ISO 19011:2011 has been expanded to reflect current thinking and the complexities of auditing multiple management systems. 'Compared to the 2002 version, the Standard adds the concept of risk and recognises more explicitly the competence of the audit team and individual auditors,' says Alister Dalrymple, Convenor of the team that updated the Standard. 'Also, the use of technology in remote auditing is acknowledged, for example, conducting remote interviews and reviewing records remotely.'
In the 2011 edition, the relationship between ISO 19011:2011 and ISO/IEC 17021:2011 Conformity assessment – Requirements for bodies providing audit and certification of management systems has also been clarified. While those involved in management system certification audits follow the requirements of ISO/IEC 17021, they might also find the guidance in ISO 19011 useful.
Users of ISO 19011 include auditors, audit team leaders, audit programme managers, organisations implementing management systems, and organisations that conduct audits of management systems for contractual or regulatory reasons.
- AS/NZS ISO 9001:2008 Quality management systems – Requirements
- AS/NZS ISO 14001:2004 Environmental management systems – Requirements with guidance for use
- ISO/IEC 27000:2009 Information technology – Security techniques – Information security management systems – Overview and vocabulary
- AS/NZS ISO/IEC 27001:2006 Information technology – Security techniques – Information security management systems – Requirements
- AS/NZS ISO/IEC 27002:2006 Information technology – Security techniques – Code of practice for information management
- ISO/IEC 27003:2010 Information technology – Security techniques – Information security management system implementation guidance
- ISO/IEC 27031:2011 Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity
- Management system Standards – ISO survey reveals certifications are up by 6%, Touchstone, December 2011
- ISO free online tutorial on ISO/IEC 17021 – the benchmark for management system certification, media release, 4 May 2011
- New Standards for business – education and training, system reliability, project management, and auditing, media release, 18 February 2011