ISO/PAS 25171:2026
(Main)Educational organizations — Management systems — Guidance for auditing ISO 21001
General Information
- Abstract
This document provides guidance on auditing ISO 21001:2025 through examples of: open-ended questions to determine whether the requirements of ISO 21001:2025 have been met; evidence to objectively evaluate conformity to the requirements of ISO 21001:2025; and measures to demonstrate the ability of an educational organization management system (EOMS) to consistently monitor conformity to the requirements of ISO 21001:2025 over time.
- Status
- Published
- Publication Date
- 29-Jun-2026
- Technical Committee
- ISO/TC 232 - Education and learning services
- Drafting Committee
- ISO/TC 232/WG 8 - Auditing practice group
- Current Stage
- 6060 - International Standard published
- Start Date
- 30-Jun-2026
- Due Date
- 20-Mar-2027
- Completion Date
- 30-Jun-2026
Overview
ISO/PAS 25171:2026 provides practical guidance for auditing management systems in educational organizations according to ISO 21001:2025. Developed by the International Organization for Standardization (ISO), this Publicly Available Specification is a valuable resource for education sector auditors, compliance teams, and leaders seeking to enhance the quality and consistency of educational management processes.
The document offers examples of open-ended audit questions, lists of objective evidence, and robust measures to evaluate conformity to the ISO 21001:2025 requirements. Additionally, ISO/PAS 25171:2026 supports the ability of an educational organization management system (EOMS) to continually improve and sustain compliance over time.
Key Topics
ISO/PAS 25171:2026 addresses core areas for effectively auditing educational management systems, including:
- Context of the Organization: Guidance on evaluating how an organization understands its internal and external environment, and aligns its strategy with educational goals.
- Stakeholder Needs and Expectations: Methods to assess whether the EOMS identifies and meets the needs of learners, staff, and other interested parties.
- Scope Determination: Advice on defining the boundaries of the EOMS and ensuring all products, services, and relevant groups are included.
- Leadership and Commitment: Evaluation of leadership support, strategic focus, quality policies, and management engagement.
- Planning and Risk Management: Assessing organizational practices for addressing risks and opportunities, ensuring objectives are set and achieved.
- Support and Resources: Review of resource allocation, staff competence, and communication strategies.
- Operation and Delivery: Examination of how educational products and services are designed, controlled, and delivered to meet quality standards.
- Performance Evaluation and Improvement: Approaches to monitoring, measuring, and continually improving EOMS performance over time.
Example audit tools include open-ended questions (e.g., “What processes are in place to identify and address stakeholder needs?”) and evidence types such as strategic plans, training records, and stakeholder feedback.
Applications
ISO/PAS 25171:2026 is applicable to a range of educational organizations, from schools and universities to training centers and other educational service providers. Practical uses include:
- Internal Auditing: Enables organizations to self-assess and monitor conformity to ISO 21001, preparing for third-party audits and maintaining continuous improvement.
- Third-Party Certification Preparedness: Supports organizations in demonstrating evidence of systematic processes, compliance, and stakeholder engagement in preparation for external certification.
- Process Improvement: Helps identify gaps in existing management systems, providing actionable insights through recommended audit questions and evidence requirements.
- Special Needs Education: Offers tailored guidance for auditing inclusion, accessibility, and support for learners with special needs.
- Stakeholder Communication: Encourages clear documentation and communication of policies, roles, responsibilities, and results to staff, learners, and interested parties.
- Benchmarking and Best Practices: Facilitates benchmarking against leading standards and adoption of international best practices in educational management.
Related Standards
Organizations seeking comprehensive management system compliance may also reference the following:
- ISO 21001:2025: Educational organizations - Management systems for educational organizations - Requirements with guidance for use. The primary standard for educational management systems.
- ISO 9001: Quality management systems - Requirements. Applicable for broader organizational quality assurance.
- ISO 29993: Learning services outside formal education - Service requirements.
- ISO/IEC 17021: Requirements for bodies providing audit and certification of management systems.
By leveraging ISO/PAS 25171:2026, educational organizations strengthen their management systems, foster continual improvement, and demonstrate commitment to delivering high-quality education in alignment with global standards.
Get Certified
Connect with accredited certification bodies for this standard

BSI Group
BSI (British Standards Institution) is the business standards company that helps organizations make excellence a habit.

Bureau Veritas
Bureau Veritas is a world leader in laboratory testing, inspection and certification services.

DNV
DNV is an independent assurance and risk management provider.
Sponsored listings
Frequently Asked Questions
ISO/PAS 25171:2026 is a technical specification published by the International Organization for Standardization (ISO). Its full title is "Educational organizations — Management systems — Guidance for auditing ISO 21001". This standard covers: This document provides guidance on auditing ISO 21001:2025 through examples of: open-ended questions to determine whether the requirements of ISO 21001:2025 have been met; evidence to objectively evaluate conformity to the requirements of ISO 21001:2025; and measures to demonstrate the ability of an educational organization management system (EOMS) to consistently monitor conformity to the requirements of ISO 21001:2025 over time.
This document provides guidance on auditing ISO 21001:2025 through examples of: open-ended questions to determine whether the requirements of ISO 21001:2025 have been met; evidence to objectively evaluate conformity to the requirements of ISO 21001:2025; and measures to demonstrate the ability of an educational organization management system (EOMS) to consistently monitor conformity to the requirements of ISO 21001:2025 over time.
ISO/PAS 25171:2026 is classified under the following ICS (International Classification for Standards) categories: 03.100.70 - Management systems; 03.180 - Education. The ICS classification helps identify the subject area and facilitates finding related standards.
ISO/PAS 25171:2026 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.
Standards Content (Sample)
Publicly
Available
Specification
ISO/PAS 25171
First edition
Educational organizations —
2026-06
Management systems — Guidance
for auditing ISO 21001
Organismes d'éducation/formation — Systèmes de management
— Recommandations pour les audits ISO 21001
Reference number
© ISO 2026
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 1
4.1 Understanding the organization and its context .1
4.2 Understanding the needs and expectations of interested parties .2
4.3 Determining the scope of the educational organization management system .3
4.4 Educational organization management system .3
5 Leadership . 4
5.1 Leadership and commitment .4
5.1.1 General .4
5.1.2 Focus on learners and other beneficiaries .5
5.1.3 Additional requirements for special needs education .6
5.2 Educational organization policy .7
5.3 Roles, responsibilities and authorities .7
6 Planning . 8
6.1 Actions to address risks and opportunities .8
6.2 Educational organization objectives and planning to achieve them .9
6.3 Planning of changes .9
7 Support .10
7.1 Resources .10
7.1.1 General .10
7.1.2 Human resources .11
7.1.3 Facilities . 12
7.1.4 Environment for the operation of educational processes . 13
7.1.5 Monitoring and measuring resources .14
7.1.6 Organizational knowledge .16
7.2 Competence .17
7.2.1 General .17
7.2.2 Additional requirements for special needs education .18
7.3 Awareness .18
7.4 Communication .19
7.4.1 General .19
7.4.2 Communication purposes . 20
7.4.3 Communication arrangements .21
7.5 Documented information . 22
7.5.1 General . 22
7.5.2 Creating and updating . 23
7.5.3 Control of documented information .24
8 Operation .25
8.1 Operation planning and control . 25
8.1.1 General . 25
8.1.2 Specific operational planning and control of educational products and services . 26
8.1.3 Additional requirements for special needs education .27
8.2 Requirements for the educational products and services . 28
8.2.1 Determining the requirements for the educational products and services . 28
8.2.2 Communicating the requirements for the educational products and services . 29
8.2.3 Changes to requirements for the educational products and services . 30
8.3 Design and development of the educational products and services .31
8.3.1 General .31
iii
8.3.2 Design and development planning .32
8.3.3 Design and development inputs . 33
8.3.4 Design and development controls . 34
8.3.5 Design and development outputs . 38
8.3.6 Design and development changes . 39
8.4 Control of externally provided processes, products and services . 40
8.4.1 General . 40
8.4.2 Type and extent of control .41
8.4.3 Information for external providers .42
8.5 Delivery of the educational products and services .43
8.5.1 Control of delivery of the educational products and services .43
8.5.2 Identification and traceability . 53
8.5.3 Property belonging to interested parties . 54
8.5.4 Preservation . 55
8.5.5 Protection and transparency of learners' data . 56
8.5.6 Control of changes in the educational products and services .57
8.6 Release of the educational products and services . 58
8.7 Control of the educational nonconforming outputs .59
8.7.1 General .59
8.7.2 Nonconforming outputs . 60
8.7.3 Retention of documentation for nonconforming educational outputs .61
9 Performance evaluation .63
9.1 Monitoring, measurement, analysis and evaluation . . 63
9.1.1 General . 63
9.1.2 Satisfaction of learners, other beneficiaries and staff . 64
9.1.3 Other monitoring and measuring needs . 66
9.1.4 Methods for monitoring, measurement, analysis and evaluation . 66
9.1.5 Analysis and evaluation . 68
9.2 Internal audit . 69
9.2.1 Scope determination . 69
9.2.2 Audit requirements .70
9.3 Management review .71
9.3.1 General .71
9.3.2 Management review inputs . 72
9.3.3 Management review outputs . 73
10 Improvement . 74
10.1 Continual improvement .74
10.2 Nonconformity and corrective actions . 75
10.3 Opportunities for improvement . 77
Bibliography .79
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 232, Education and learning services.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
This document is intended as a resource for educational organization management systems (EOMS) to
[1]
support the implementation of, or auditing against, ISO 21001:2025 . It is intended for individuals and
organizations seeking to understand or conduct audits of an EOMS.
The purpose of this document is to assist auditors and educational organizations by offering a comprehensive
set of suggested questions and pointers. These can be reviewed, prioritized and adapted to address specific
organizational priorities, challenges, requirements and exigencies.
[1]
This document follows the structure of ISO 21001:2025 to ensure alignment between its content and the
[1]
requirements of ISO 21001:2025 .
vi
Publicly Available Specification ISO/PAS 25171:2026(en)
Educational organizations — Management systems —
Guidance for auditing ISO 21001
1 Scope
[1]
This document provides guidance on auditing ISO 21001:2025 through examples of:
[1]
— open-ended questions to determine whether the requirements of ISO 21001:2025 have been met;
[1]
— evidence to objectively evaluate conformity to the requirements of ISO 21001:2025 ; and
— measures to demonstrate the ability of an educational organization management system (EOMS) to
[1]
consistently monitor conformity to the requirements of ISO 21001:2025 over time.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO 21001:2025, Educational organizations — Management systems for educational organizations —
Requirements with guidance for use
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 21001:2025 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
4 Context of the organization
4.1 Understanding the organization and its context
[1]
To determine whether the requirements of ISO 21001:2025 , 4.1 have been met, comprehensive and open-
ended questions can be used, such as:
a) Have national, regional or local political, economic and other relevant issues that can affect the
educational organization been considered?
b) What process is in place for the identification of external and internal issues?
c) Have all sites, departments, products and services been considered?
d) Have the issues been listed and recorded?
e) Has the organization’s purpose, mission and stated strategic direction been considered? Has a
perspective been developed on the basis of all of the above?
f) Is this perspective documented and where is it incorporated or available?
[1]
Table 1 provides examples of evidence and measures for ISO 21001:2025 , 4.1.
[1]
Table 1 — Examples of audit evidence and measures for ISO 21001:2025 , 4.1
Evidence of audit Measures
— assessment of the current situation [e.g. strength — turnover;
weakness opportunity threat (SWOT) gap, political
— customer satisfaction (learners);
economic social technical legal environmental
(PESTLE) analysis];
— employee satisfaction;
— organization's strategic plan, including action plans;
— sustainability index;
— meeting minutes related to context identification;
— rankings, market position indices;
— management review related to context;
— revising and updating information relevant to
interested parties on time.
— implementation plans with priorities;
— (market) analyses including studies of trends;
— process for updating context information.
4.2 Understanding the needs and expectations of interested parties
[1]
To determine whether the requirements of ISO 21001:2025 , 4.2 have been met, comprehensive and open-
ended questions can be used, such as:
a) What is the process for identifying interested parties (stakeholder analysis, media reports or past
information)?
b) How does the organization determine the expectations of external and internal interested parties?
c) How are they documented?
d) How are the expectations addressed by various parts of the educational organization management
system (EOMS)?
e) What is the process to periodically review the needs and expectations of interested parties?
[1]
Table 2 provides examples of evidence and measures for ISO 21001:2025 , 4.2.
[1]
Table 2 — Examples of audit evidence and measures for ISO 21001:2025 , 4.2
Evidence of audit Measures
— identification of interested parties to define the — customer satisfaction (learners) and pedagogical
sphere of influence of the EOMS (e.g. stakeholder quality of outcomes;
analysis, stakeholder matrix, stakeholder feedback);
— employee satisfaction;
— documented information relating to how the needs
— satisfaction of other relevant interested parties;
and expectations of interested parties have been
determined (e.g. minutes of meetings, interface
— revising and updating information relevant to
documentation, cooperation agreements, teaching
interested parties on time.
and learning contracts) and weighted;
— documented information demonstrating the link
between the conflicting requirements of interested
[1]
parties and ISO 21001:2025 , 6.1.
4.3 Determining the scope of the educational organization management system
[1]
To determine whether the requirements of ISO 21001:2025 , 4.3 have been met, comprehensive and open-
ended questions can be used, such as:
a) How has the scope of the EOMS been established with respect to different target groups with socio-
cultural and personally differentiated prerequisites, requirements and expectations?
b) How has the conformity of educational products and services with learner requirements been ensured?
c) What are the related identified risks and opportunities?
d) What are the unique selling points of the organization in the context of competition and developments
in the education sector?
[1]
Table 3 provides examples of audit evidence and measures for ISO 21001:2025 , 4.3.
[1]
Table 3 — Examples of audit evidence and measures for ISO 21001:2025 , 4.3
Evidence of audit Measures
— documented information relating to the scope, — criteria for the assessment of the educational
specifying the limits and boundaries of the EOMS, product;
including a list of products and services including
— satisfaction and complaints forms;
non-educational services;
— process indicators and objectives, including
— documented information giving justification for
pedagogical quality, productivity, risk rate,
the possible limitation of the scope and for non-
satisfaction rates of learners and employees.
applicability, as long as the limitation does not affect
the ability of the EOMS to effectively provide stated
products and services;
— evidence of externally provided educational services
and processes;
— analysis of risks and opportunities of non-applicable
requirements.
[1]
NOTE Conformity to ISO 21001:2025 can only be claimed if the requirements that are determined as not
being applicable do not affect the organization’s ability or responsibility to ensure the conformity of its products and
services and the enhancement of learners' and other beneficiaries' satisfaction.
4.4 Educational organization management system
[1]
To determine whether the requirements of ISO 21001:2025 , 4.4.1 and 4.4.2 have been met, comprehensive
and open-ended questions can be used, such as:
a) What are the core and subsidiary processes?
b) How are interactions between processes represented?
c) What are the most important internal and external influencing factors and how are they identified?
d) How is process effectiveness evaluated?
e) What performance indicators define the process results?
f) What criteria are used to determine whether sufficient resources are available?
g) How are bottlenecks dealt with?
h) How are processes (including those which are externally provided) managed and documented?
[1]
Table 4 provides examples of audit evidence and measures for ISO 21001:2025 , 4.4.1 and 4.4.2.
[1]
Table 4 — Examples of audit evidence and measures for ISO 21001:2025 , 4.4.1 and 4.4.2
Evidence of audit Measures
— documentation of processes and work instructions, — process indicators and objectives;
including process mapping to the extent necessary;
— quality;
— process evaluations, including details of monitoring,
— productivity;
measuring, analysis, improvements and interaction
matrices;
— risk rate;
— documented information such as event-driven
— satisfaction rates of learners and employees.
process chains (EPC), swim lanes, interface
acquisitions;
— assignments of task areas and responsibilities
[e.g. responsible, accountable, consulted, informed
matrix (RACI)];
— documented information of outsourced processes
(e.g. service level agreements, reporting, contracts);
— organizational charts and job descriptions of process
owners;
— processes to determine risks and opportunities, risk
matrices and risk assessment reports;
— corrective actions;
— satisfaction and complaints forms.
5 Leadership
5.1 Leadership and commitment
5.1.1 General
[1]
To determine whether the requirements of ISO 21001:2025 , 5.1.1 have been met, comprehensive and
open-ended questions can be used, such as:
a) What leadership principles are applied by top management? How are these communicated to and
expected from other managers?
b) How does the EOMS support the delivery of educational programmes? Are there specific examples?
c) How is the link between the EOMS and the strategic objectives of the organization ensured?
d) In what way does top management manage its actions within the framework of the EOMS?
e) What improvement plans exist with regard to strategy, responsibilities or goals?
[1]
Table 5 provides examples of audit evidence and measures for ISO 21001:2025 , 5.1.1.
[1]
Table 5 — Examples of audit evidence and measures for ISO 21001:2025 , 5.1.1
Evidence of audit Measures
— codes of conduct for teachers, learners and other — degree to which quality objectives have been met;
interested parties;
— return on sales or cost of error ratio;
— declaration of commitment of the top management
— results of employee satisfaction analyses.
and the wider management team to the quality
policy;
— documented information of management reviews;
— EOMS being a regular agenda item at management
meetings;
— documented information of resource planning (e.g.
human resources, infrastructure, external services);
— reviews and updates of the quality policy;
— communications policy;
— determination of relevant indicators.
5.1.2 Focus on learners and other beneficiaries
[1]
To determine whether the requirements of ISO 21001:2025 , 5.1.2 have been met, comprehensive and
open-ended questions can be used, such as:
a) What is the importance of learner orientation in the organization, and how has it evolved?
b) How are learners involved in the continual improvement and development of services?
c) How are risks and opportunities in learner and customer orientation identified and assessed?
d) What measures are in place to ensure effective learner orientation?
e) What improvements have been observed in learners and other relevant interested parties, and which
indicators are used to evaluate the improvements?
[1]
Table 6 provides examples of audit evidence and measures for ISO 21001:2025 , 5.1.2.
[1]
Table 6 — Examples of audit evidence and measures for ISO 21001:2025 , 5.1.2
Evidence of audit Measures
— mission statement that takes into account the — number and qualitative evaluation of active
diverse needs and requirements of learners; customer relationships;
— marketing activities, trade fair activities, lectures, — referral rate;
publications, awards;
— complaint rate.
— reports on needs analysis concerning training
and vocational qualifications for participation in
educational services;
— customer-oriented business equipment and
information material;
— process description (e.g. determination of market
requirements), benchmarking research;
— meaningfully involving learners in the development
of educational services and continuous
improvement.
5.1.3 Additional requirements for special needs education
[1]
To determine whether the requirements of ISO 21001:2025 , 5.1.3 have been met, comprehensive and
open-ended questions can be used, such as:
a) How are accessibility needs of learners with special needs assessed and addressed by top management?
b) What training and support are provided to educators and other staff to ensure accessibility?
c) What processes are in place to evaluate and improve accessibility and accommodations over time?
d) How are learners with special needs and their families involved in shaping policies and evaluating
impact?
e) What challenges has the organization encountered in implementing accessibility and how were they
addressed?
f) How does the organization engage external stakeholders or experts to support inclusive education?
[1]
Table 7 provides examples of audit evidence and measures for ISO 21001:2025 , 5.1.3.
[1]
Table 7 — Examples of audit evidence and measures for ISO 21001:2025 , 5.1.3
Evidence of audit Measures
— accessibility and inclusion policies, along with staff — accessibility policy and staff conformity (policy
training manuals and materials for supporting updates, staff training):
learners with special needs;
— accessible infrastructure and technology (accessible
— records of accommodation requests and actions facilities, assistive technologies and digital
taken, plus documentation of staff participation accessibility);
in accessibility and inclusion training and their
— learner support effectiveness (accommodations
feedback on training effectiveness;
provided, response times, complaints and student
— certifications or accreditations related to inclusive outcomes);
education practices;
— training and professional development (training
— physical accessibility improvements, such as coverage, number of sessions and staff satisfaction);
ramps, elevators, adaptive furniture, and accessible
— student and parent feedback (satisfaction and
restrooms;
perceived accessibility);
— assistive technology implementations, including
— continual improvement performance (audits,
screen readers, hearing loops and alternative input
improvement actions and reduction of issues).
devices;
— digital accessibility of websites, online platforms
and learning materials [e.g. web content accessibility
guidelines (WCAG) standards];
— learner support services such as individualized
education plans (IEPs) and personal learning plans
(PLPs), counselling records, and case studies or
testimonials from students and families;
— engagement and feedback mechanisms, including
student-parent surveys, focus groups and
collaboration with external disability organizations;
— internal audits and action plans, including
accessibility assessments, plans to address gaps and
examples of improvements implemented based on
feedback.
5.2 Educational organization policy
[1]
To determine whether the requirements of ISO 21001:2025 , 5.2 have been met, comprehensive and open-
ended questions can be used, such as:
a) How does the organization ensure that its strategy aligns with the educational policy?
b) What are the most relevant quality objectives and how are they derived from the policy?
c) How is the policy communicated and understood by learners, staff and other stakeholders?
d) What methods are used to determine the effectiveness and relevance of the policy?
e) When was the quality policy last reviewed and what changes resulted from that evaluation?
[1]
Table 8 provides examples of audit evidence and measures for ISO 21001:2025 , 5.2.
[1]
Table 8 — Examples of audit evidence and measures for ISO 21001:2025 , 5.2
Evidence of audit Measures
— process description; — results of internal investigations to understand the
contents of the policy document.
— meeting minutes on the communication of the
quality policy;
— quality policy on the website;
— documented information of the promotion of the
mission and vision of the organization at all levels of
teaching and administration;
— quality awareness training plan;
— examples of communicating the quality policy to
external interested parties;
— identification and dissemination of the quality
policy.
5.3 Roles, responsibilities and authorities
[1]
To determine whether the requirements of ISO 21001:2025 , 5.3 have been met, comprehensive and open-
ended questions can be used, such as:
a) How are relevant roles within the organization defined and where are these definitions documented?
b) How are roles, responsibilities and authorities communicated and reviewed for appropriateness?
c) What responsibilities do process owners have, and how are these linked to learner needs?
d) How is it ensured that assigned roles take into account the individual needs of learners?
e) Where and how are responsibilities documented, monitored and updated?
f) How is the effectiveness of this documentation process verified and maintained?
[1]
Table 9 provides examples of audit evidence and measures for ISO 21001:2025 , 5.3.
[1]
Table 9 — Examples of audit evidence and measures for ISO 21001:2025 , 5.3
Evidence of audit Measures
— role descriptions and functional descriptions; — achievement of objectives;
— process descriptions, creating functional — process performance counters;
descriptions;
— staff turnover, including in teaching and
— organizational charts and function diagrams; administrative roles.
— organizational and communication structures;
— definition of responsibilities and powers, such as
process owners;
— examples of target agreements.
6 Planning
6.1 Actions to address risks and opportunities
[1]
To determine whether the requirements of ISO 21001:2025 , 6.1 have been met, comprehensive and open-
ended questions can be used, such as:
a) Does the organization ensure it achieves its EOMS results by enhancing positives, reducing negatives,
and promoting continual improvement?
b) Are risks and opportunities addressed through actions aligned with the defined risk appetite and
impact probability?
c) Are these actions integrated into EOMS processes, and is effectiveness regularly evaluated?
d) Does risk-based thinking guide planning for new products, services, and process changes?
e) Are disaster risk reduction and resilience taken into account in strategic and operational planning?
[1]
Table 10 provides examples of audit evidence and measures for ISO 21001:2025 , 6.1.
[1]
Table 10 — Examples of audit evidence and measures for ISO 21001:2025 , 6.1
Evidence of audit Measures
— risk assessment processes (systematic method) in — number of errors related to identified risks and
[1]
ISO 21001:2025 , 4.1, 4.2 and 4.4; opportunities;
— evaluation and determination of the level of risks — failures or level of success for each action;
and opportunities based on established risk criteria;
— training of staff on risk-based approach;
— actions determined to address the risks and
— number of times risk appetite or risk tolerance is not
opportunities;
respected or surpassed;
— actions being integrated into processes;
— risk based thinking being applied in the planning
— evaluation of the effectiveness of actions; process when determining new products, services,
or changes to operational processes;
— updating of the identified risks and opportunities
based on changes in the organization or its context. — degree to which actions are integrated into
processes or used as inputs to planning;
— training of staff on actions.
6.2 Educational organization objectives and planning to achieve them
[1]
To determine whether the requirements of ISO 21001:2025 , 6.2 have been met, comprehensive and open-
ended questions can be used, such as:
a) Are the objectives for the EOMS defined at all relevant levels and functions?
b) Is a structured method used to identify objectives and define related performance indicators?
c) Are objectives aligned with the policy, measurable (when applicable), based on requirements, monitored,
updated, communicated and focused on conformity and interested party satisfaction?
[1]
Table 11 provides examples of audit evidence and measures for ISO 21001:2025 6.2.
[1]
Table 11 — Examples of audit evidence and measures for ISO 21001:2025 , 6.2
Evidence of audit Measures
— documented EOMS objectives (e.g. as part of a — degree to which objectives are achieved and aligned
strategic and tactical plan or improvement plan) with strategy, policy and the needs and expectations
at all organizational levels including units and of interested parties;
functions linked to policy, continual improvement
— staff knowledge evaluation about objectives
and conformity to products and services and
and their roles in achieving the objectives (e.g.
related to the enhancement of learners and other
competencies evaluation matrices);
beneficiaries;
— number and frequency with which performance
— communication of objectives, including involvement
evaluations against objectives are conducted and
of relevant interested parties;
reported to top management;
— monitoring methods of setting and updating
— how often and how many staff participate in setting
objectives;
objectives;
— action plans that include detailed steps, clear
— degree to which the strategic plan is implemented
responsibilities and authorities, clear timelines,
and achieved.
resources needed, evaluation methods and
contingencies.
6.3 Planning of changes
[1]
To determine whether the requirements of ISO 21001:2025 , 6.3 have been met, comprehensive and open-
ended questions can be used, such as:
a) Are changes to the EOMS implemented in a planned and systematic way?
b) Does change management consider purpose, risks, impact on EOMS integrity, internal resources,
responsibilities and external provider readiness?
c) Are changes validated prior to implementation and verified post-implementation to ensure effectiveness?
[1]
Table 12 provides examples of audit evidence and measures for ISO 21001:2025 , 6.3.
[1]
Table 12 — Examples of audit evidence and measures for ISO 21001:2025 , 6.3
Evidence of audit Measures
— structured approach to manage changes — performance indicators of effectiveness and
(documented procedures explaining the change efficiency of change;
management process including who will be doing
— performance indicators on improvement results;
what, when and how);
— time and lost reduction;
— lists of risks and opportunities related to the
proposed changes;
— learners and other interested parties' feedback on
the changes;
— analysis of change impacts on the EOMS involving
interested parties;
— conformity improvement.
— analysis of availability of resources to deal with
changes;
— change action plans;
— analysis and communication of external providers'
capabilities to provide needed resources.
7 Support
7.1
...



