Since the second edition of ISO 19011 was published in 2011, a number of new management system standards have been published, many of which have a common structure, identical core requirements and common terms and core definitions.
As a result, there is a need to consider a broader approach to management system auditing, as well as providing guidance that is more generic.
Audit results can provide input to the analysis aspect of business planning, and can contribute to the identification of improvement needs and activities.
An audit can be conducted against a range of audit criteria, separately or in combination, including but not limited to:
Requirements defined in one or more management system standards
Policies and requirements specified by relevant interested parties
One or more management system processes defined by the organisation or other parties
Management system plan(s) relating to the provision of specific outputs of a management system
Statutory and regulatory requirements
ISO 19011 Training Course
ISO 19011:2018 provides guidance for all sizes and types of organisations and audits of varying scopes and scales, including those conducted by large audit teams, typically of larger organisations, and those by single auditors, whether in large or small organisations.
This guidance should be adapted as appropriate to the scope, complexity and scale of the audit programme, and concentrates on internal audits (first party) and audits conducted by organisations on their external providers and other external interested parties (second party).
This guidance can also be useful for external audits conducted for purposes other than third party management system certification.