Guidelines for auditing management systems (ISO 19011:2011)

This International Standard provides guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the evaluation of competence of individuals involved in the audit process, including the person managing the
audit programme, auditors and audit teams. It is applicable to all organizations that need to conduct internal or external audits of management systems or
manage an audit programme. The application of this International Standard to other types of audits is possible, provided that special
consideration is given to the specific competence needed.

Leitfaden zur Auditierung von Managementsystemen (ISO 19011:2011)

Diese Internationale Norm gibt Anleitung zum Auditieren von Managementsystemen, einschlie߬lich zu den Auditprinzipien, zur Leitung und Lenkung eines Auditprogramms und zur Durch¬führung von Audits von Managementsystemen sowie zur Bewertung der Kompetenz derer, die in den Auditprozess einschließlich in die Leitung und Lenkung der Auditprogramme einbezogen sind — Auditoren und Auditteams.
Sie ist anwendbar auf alle Organisationen, die interne oder externe Audits von Managementsystemen durchführen oder für das Management eines Auditprogramms verantwortlich sind.
Die Anwendung dieser Internationalen Norm auf andere Arten von Audits ist möglich, vorausgesetzt, besondere Aufmerksamkeit wird der speziellen Kompetenz, die erforderlich ist, beigemessen.

Lignes directrices pour l'audit des systèmes de management (ISO 19011:2011)

L'ISO 19011:2011 fournit des lignes directrices sur l'audit de systèmes de management, comprenant les principes de l'audit, le management d'un programme d'audit et la réalisation d'audits de systèmes de management. Elle donne également des lignes directrices sur l'évaluation de la compétence des personnes impliquées dans le processus d'audit, y compris le ou la responsable du management du programme d'audit, les auditeurs et les équipes d'audit.
L'ISO 19011:2011 est applicable à tous les organismes qui doivent réaliser des audits internes ou externes de systèmes de management ou manager un programme d'audit.
L'ISO 19011:2011 peut, en principe, s'appliquer à d'autres types d'audits, à condition toutefois d'accorder une attention toute particulière aux compétences spécifiques requises.

Smernice za presojanje sistemov vodenja (ISO 19011:2011)

Ta mednarodni standard podaja vodilo za presojanje sistemov vodenja, vključno z načeli presojanja, vodenja programa presojanja in izvajanja presoj sistema vodenja, ter vodilo za vrednotenje kompetence posameznikov, vključenih v postopek presojanja, vključno z osebo, ki vodi program presojanja, revizorji in revizorskimi ekipami.
Velja za vse organizacije, ki morajo opraviti notranje ali zunanje presoje sistemov vodenja ali voditi program presoje.
Mogoča je tudi uporaba tega mednarodnega standarda pri drugih vrstah presoje, če se upoštevajo posebne zahtevane kompetence.

General Information

Status
Withdrawn
Public Enquiry End Date
05-Oct-2010
Publication Date
22-Nov-2011
Withdrawal Date
28-Aug-2018
Current Stage
9900 - Withdrawal (Adopted Project)
Start Date
27-Aug-2018
Due Date
19-Sep-2018
Completion Date
29-Aug-2018

Relations

Buy Standard

Standard
EN ISO 19011:2011
English language
53 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
Standard – translation
EN ISO 19011:2011
Slovenian and English language
74 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
Draft
prEN ISO 19011:2010
English language
77 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN ISO 19011:2011
01-december-2011
1DGRPHãþD
SIST EN ISO 19011:2003
Smernice za presojanje sistemov vodenja (ISO 19011:2011)
Guidelines for auditing management systems (ISO 19011:2011)
Leitfaden zur Auditierung von Managementsystemen (ISO 19011:2011)
Lignes directrices pour l'audit des systèmes de management (ISO 19011:2011)
Ta slovenski standard je istoveten z: EN ISO 19011:2011
ICS:
03.120.10 Vodenje in zagotavljanje Quality management and
kakovosti quality assurance
13.020.10 Ravnanje z okoljem Environmental management
SIST EN ISO 19011:2011 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN ISO 19011:2011

---------------------- Page: 2 ----------------------

SIST EN ISO 19011:2011


EUROPEAN STANDARD
EN ISO 19011

NORME EUROPÉENNE

EUROPÄISCHE NORM
November 2011
ICS 03.120.10; 13.020.10 Supersedes EN ISO 19011:2002
English Version
Guidelines for auditing management systems (ISO 19011:2011)
Lignes directrices pour l'audit des systèmes de Leitfaden zur Auditierung von Managementsystemen (ISO
management (ISO 19011:2011) 19011:2011)
This European Standard was approved by CEN on 5 November 2011.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national
standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same
status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2011 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 19011:2011: E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST EN ISO 19011:2011
EN ISO 19011:2011 (E)
Contents Page
Foreword .3

2

---------------------- Page: 4 ----------------------

SIST EN ISO 19011:2011
EN ISO 19011:2011 (E)
Foreword
This document (EN ISO 19011:2011) has been prepared by Technical Committee ISO/TC 176 "Quality
management and quality assurance".
This European Standard shall be given the status of a national standard, either by publication of an identical
text or by endorsement, at the latest by May 2012, and conflicting national standards shall be withdrawn at the
latest by May 2012.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO 19011:2002.
According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech
Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain,
Sweden, Switzerland and the United Kingdom.
3

---------------------- Page: 5 ----------------------

SIST EN ISO 19011:2011

---------------------- Page: 6 ----------------------

SIST EN ISO 19011:2011
INTERNATIONAL ISO
STANDARD 19011
Second edition
2011-11-15
Guidelines for auditing management
systems
Lignes directrices pour l’audit des systèmes de management
Reference number
ISO 19011:2011(E)
©
ISO 2011

---------------------- Page: 7 ----------------------

SIST EN ISO 19011:2011
ISO 19011:2011(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2011
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO’s
member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2011 – All rights reserved

---------------------- Page: 8 ----------------------

SIST EN ISO 19011:2011
ISO 19011:2011(E)
Contents Page
Foreword .iv
Introduction . v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles of auditing . 4
5 Managing an audit programme . 5
5.1 General . 5
5.2 Establishing the audit programme objectives . 6
5.3 Establishing the audit programme . 7
5.4 Implementing the audit programme .10
5.5 Monitoring the audit programme .13
5.6 Reviewing and improving the audit programme .14
6 Performing an audit .14
6.1 General .14
6.2 Initiating the audit.15
6.3 Preparing audit activities .16
6.4 Conducting the audit activities .18
6.5 Preparing and distributing the audit report.23
6.6 Completing the audit .24
6.7 Conducting audit follow-up .24
7 Competence and evaluation of auditors .24
7.1 General .24
7.2 Determining auditor competence to fulfil the needs of the audit programme.25
7.3 Establishing the auditor evaluation criteria .29
7.4 Selecting the appropriate auditor evaluation method .29
7.5 Conducting auditor evaluation .29
7.6 Maintaining and improving auditor competence .29
Annex A (informative) Guidance and illustrative examples of discipline-specific knowledge and skills of
auditors .31
Annex B (informative) Additional guidance for auditors for planning and conducting audits .37
Bibliography .44
© ISO 2011 – All rights reserved iii

---------------------- Page: 9 ----------------------

SIST EN ISO 19011:2011
ISO 19011:2011(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International
Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 19011 was prepared by Technical Committee ISO/TC 176, Quality management and quality assurance,
Subcommittee SC 3, Supporting technologies.
This second edition cancels and replaces the first edition (ISO 19011:2002), which has been technically revised.
The main differences compared with the first edition are as follows:
— the scope has been broadened from the auditing of quality and environmental management systems to the
auditing of any management systems;
— the relationship between ISO 19011 and ISO/IEC 17021 has been clarified;
— remote audit methods and the concept of risk have been introduced;
— confidentiality has been added as a new principle of auditing;
— Clauses 5, 6 and 7 have been reorganized;
— additional information has been included in a new Annex B, resulting in the removal of help boxes;
— the competence determination and evaluation process has been strengthened;
— illustrative examples of discipline-specific knowledge and skills have been included in a new Annex A;
— additional guidelines are available at the following website: www.iso.org/19011auditing.
iv © ISO 2011 – All rights reserved

---------------------- Page: 10 ----------------------

SIST EN ISO 19011:2011
ISO 19011:2011(E)
Introduction
Since the first edition of this International Standard was published in 2002, a number of new management
system standards have been published. As a result, there is now a need to consider a broader scope of
management system auditing, as well as providing guidance that is more generic.
In 2006, the ISO committee for conformity assessment (CASCO) developed ISO/IEC 17021, which sets out
requirements for third party certification of management systems and which was based in part on the guidelines
contained in the first edition of this International Standard.
The second edition of ISO/IEC 17021, published in 2011, was extended to transform the guidance offered in
this International Standard into requirements for management system certification audits. It is in this context
that this second edition of this International Standard provides guidance for all users, including small and
medium-sized organizations, and concentrates on what are commonly termed “internal audits” (first party)
and “audits conducted by customers on their suppliers” (second party). While those involved in management
system certification audits follow the requirements of ISO/IEC 17021:2011, they might also find the guidance in
this International Standard useful.
The relationship between this second edition of this International Standard and ISO/IEC 17021:2011 is shown
in Table 1.
Table 1 — Scope of this International Standard and its relationship with ISO/IEC 17021:2011
Internal auditing External auditing
Supplier auditing Third party auditing
For legal, regulatory and similar
purposes
Sometimes called first party audit Sometimes called second party audit
For certification (see also the
requirements in ISO/IEC 17021:2011)
This International Standard does not state requirements, but provides guidance on the management of an
audit programme, on the planning and conducting of an audit of the management system, as well as on the
competence and evaluation of an auditor and an audit team.
Organizations can operate more than one formal management system. To simplify the readability of this
International Standard, the singular form of “management system” is preferred, but the reader can adapt the
implementation of the guidance to their own particular situation. This also applies to the use of “person” and
“persons”, “auditor” and “auditors”.
This International Standard is intended to apply to a broad range of potential users, including auditors,
organizations implementing management systems, and organizations needing to conduct audits of management
systems for contractual or regulatory reasons. Users of this International Standard can, however, apply this
guidance in developing their own audit-related requirements.
The guidance in this International Standard can also be used for the purpose of self-declaration, and can be
useful to organizations involved in auditor training or personnel certification.
The guidance in this International Standard is intended to be flexible. As indicated at various points in the text,
the use of this guidance can differ depending on the size and level of maturity of an organization’s management
system and on the nature and complexity of the organization to be audited, as well as on the objectives and
scope of the audits to be conducted.
This International Standard introduces the concept of risk to management systems auditing. The approach
adopted relates both to the risk of the audit process not achieving its objectives and to the potential of the
audit to interfere with the auditee’s activities and processes. It does not provide specific guidance on the
organization’s risk management process, but recognizes that organizations can focus audit effort on matters of
significance to the management system.
© ISO 2011 – All rights reserved v

---------------------- Page: 11 ----------------------

SIST EN ISO 19011:2011
ISO 19011:2011(E)
This International Standard adopts the approach that when two or more management systems of different
disciplines are audited together, this is termed a “combined audit”. Where these systems are integrated into a
single management system, the principles and processes of auditing are the same as for a combined audit.
Clause 3 sets out the key terms and definitions used in this International Standard. All efforts have been taken
to ensure that these definitions do not conflict with definitions used in other standards.
Clause 4 describes the principles on which auditing is based. These principles help the user to understand the
essential nature of auditing and they are important in understanding the guidance set out in Clauses 5 to 7.
Clause 5 provides guidance on establishing and managing an audit programme, establishing the audit
programme objectives, and coordinating auditing activities.
Clause 6 provides guidance on planning and conducting an audit of a management system.
Clause 7 provides guidance relating to the competence and evaluation of management system auditors and
audit teams.
Annex A illustrates the application of the guidance in Clause 7 to different disciplines.
Annex B provides additional guidance for auditors on planning and conducting audits.
vi © ISO 2011 – All rights reserved

---------------------- Page: 12 ----------------------

SIST EN ISO 19011:2011
INTERNATIONAL STANDARD ISO 19011:2011(E)
Guidelines for auditing management systems
1 Scope
This International Standard provides guidance on auditing management systems, including the principles of
auditing, managing an audit programme and conducting management system audits, as well as guidance on
the evaluation of competence of individuals involved in the audit process, including the person managing the
audit programme, auditors and audit teams.
It is applicable to all organizations that need to conduct internal or external audits of management systems or
manage an audit programme.
The application of this International Standard to other types of audits is possible, provided that special
consideration is given to the specific competence needed.
2 Normative references
No normative references are cited. This clause is included in order to retain clause numbering identical with
other ISO management system standards.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
audit
systematic, independent and documented process for obtaining audit evidence (3.3) and evaluating it
objectively to determine the extent to which the audit criteria (3.2) are fulfilled
NOTE 1 Internal audits, sometimes called first party audits, are conducted by the organization itself, or on its behalf, for
management review and other internal purposes (e.g. to confirm the effectiveness of the management system or to obtain
information for the improvement of the management system). Internal audits can form the basis for an organization’s self-
declaration of conformity. In many cases, particularly in small organizations, independence can be demonstrated by the
freedom from responsibility for the activity being audited or freedom from bias and conflict of interest.
NOTE 2 External audits include second and third party audits. Second party audits are conducted by parties having an
interest in the organization, such as customers, or by other persons on their behalf. Third party audits are conducted by
independent auditing organizations, such as regulators or those providing certification.
NOTE 3 When two or more management systems of different disciplines (e.g. quality, environmental, occupational
health and safety) are audited together, this is termed a combined audit.
NOTE 4 When two or more auditing organizations cooperate to audit a single auditee (3.7), this is termed a joint audit.
NOTE 5 Adapted from ISO 9000:2005, definition 3.9.1.
3.2
audit criteria
set of policies, procedures or requirements used as a reference against which audit evidence (3.3) is compared
NOTE 1 Adapted from ISO 9000:2005, definition 3.9.3.
NOTE 2 If the audit criteria are legal (including statutory or regulatory) requirements, the terms “compliant” or “non-
compliant” are often used in an audit finding (3.4).
© ISO 2011 – All rights reserved 1

---------------------- Page: 13 ----------------------

SIST EN ISO 19011:2011
ISO 19011:2011(E)
3.3
audit evidence
records, statements of fact or other information which are relevant to the audit criteria (3.2) and verifiable
NOTE Audit evidence can be qualitative or quantitative.
[ISO 9000:2005, definition 3.9.4]
3.4
audit findings
results of the evaluation of the collected audit evidence (3.3) against audit criteria (3.2)
NOTE 1 Audit findings indicate conformity or nonconformity.
NOTE 2 Audit findings can lead to the identification of opportunities for improvement or recording good practices.
NOTE 3 If the audit criteria are selected from legal or other requirements, the audit finding is termed compliance or
non-compliance.
NOTE 4 Adapted from ISO 9000:2005, definition 3.9.5.
3.5
audit conclusion
outcome of an audit (3.1), after consideration of the audit objectives and all audit findings (3.4)
NOTE Adapted from ISO 9000:2005, definition 3.9.6.
3.6
audit client
organization or person requesting an audit (3.1)
NOTE 1 In the case of internal audit, the audit client can also be the auditee (3.7) or the person managing the audit
programme. Requests for external audit can come from sources such as regulators, contracting parties or potential clients.
NOTE 2 Adapted from ISO 9000:2005, definition 3.9.7.
3.7
auditee
organization being audited
[ISO 9000:2005, definition 3.9.8]
3.8
auditor
person who conducts an audit (3.1)
3.9
audit team
one or more auditors (3.8) conducting an audit (3.1), supported if needed by technical experts (3.10)
NOTE 1 One auditor of the audit team is appointed as the audit team leader.
NOTE 2 The audit team may include auditors-in-training.
[ISO 9000:2005, definition 3.9.10]
3.10
technical expert
person who provides specific knowledge or expertise to the audit team (3.9)
NOTE 1 Specific knowledge or expertise is that which relates to the organization, the process or activity to be audited,
or language or culture.
NOTE 2 A technical expert does not act as an auditor (3.8) in the audit team.
2 © ISO 2011 – All rights reserved

---------------------- Page: 14 ----------------------

SIST EN ISO 19011:2011
ISO 19011:2011(E)
[ISO 9000:2005, definition 3.9.11]
3.11
observer
person who accompanies the audit team (3.9) but does not audit
NOTE 1 An observer is not a part of the audit team (3.9) and does not influence or interfere with the conduct of the
audit (3.1).
NOTE 2 An observer can be from the auditee (3.7), a regulator or other interested party who witnesses the audit (3.1).
3.12
guide
person appointed by the auditee (3.7) to assist the audit team (3.9)
3.13
audit programme
arrangements for a set of one or more audits (3.1) planned for a specific time frame and directed towards a
specific purpose
NOTE Adapted from ISO 9000:2005, definition 3.9.2.
3.14
audit scope
extent and boundaries of an audit (3.1)
NOTE The audit scope generally includes a description of the physical locations, organizational units, activities and
processes, as well as the time period covered.
[ISO 9000:2005, definition 3.9.13]
3.15
audit plan
description of the activities and arrangements for an audit (3.1)
[ISO 9000:2005, definition 3.9.12]
3.16
risk
effect of uncertainty on objectives
NOTE Adapted from ISO Guide 73:2009, definition 1.1.
3.17
competence
ability to apply knowledge and skills to achieve intended results
NOTE Ability implies the appropriate application of personal behaviour during the audit process.
3.18
conformity
fulfilment of a requirement
[ISO 9000:2005, definition 3.6.1]
3.19
nonconformity
non-fulfilment of a requirement
[ISO 9000:2005, definition 3.6.2]
© ISO 2011 – All rights reserved 3

---------------------- Page: 15 ----------------------

SIST EN ISO 19011:2011
ISO 19011:2011(E)
3.20
management system
system to establish policy and objectives and to achieve those objectives
NOTE A management system of an organization can include different management systems, such as a quality
management system, a financial management system or an environmental management system.
[ISO 9000:2005, definition 3.2.2]
4 Principles of auditing
Auditing is characterized by reliance on a number of principles. These principles should help to make the audit
an effective and reliable tool in support of management policies and controls, by providing information on which
an organization can act in order to improve its performance. Adherence to these principles is a prerequisite for
providing audit conclusions that are relevant and sufficient and for enabling auditors, working independently
from one another, to reach similar conclusions in similar circumstances.
The guidance given in Clauses 5 to 7 is based on the six principles outlined below.
a) Integrity: the foundation of professionalism
Auditors and the person managing an audit programme should:
— perform their work with honesty, diligence, and responsibility;
— observe and comply with any applicable legal requirements;
— demonstrate their competence while performing their work;
— perform their work in an impartial manner, i.e. remain fair and unbiased in all their dealings;
— be sensitive to any influences that may be exerted on their judgement while carrying out an audit.
b) Fair presentation: the obligation to report truthfully and accurately
Audit findings, audit conclusions and audit reports should reflect truthfully and accurately the audit
activities. Significant obstacles encountered during the audit and unresolved diverging opinions between
the audit team and the auditee should be reported. The communication should be truthful, accurate,
objective, timely, clear and complete.
c) Due professional care: the application of diligence and judgement in auditing
Auditors should exercise due care in accordance with the importance of the task they perform and the
confidence placed in them by the audit client and other interested parties. An important factor in carrying
out their work with due professional care is having the ability to make reasoned judgements in all audit
situations.
d) Confidentiality: security of information
Auditors should exercise discretion in the use and protection of information acquired in the course of
their duties. Audit information should not be used inappropriately for personal gain by the auditor or the
audit client, or in a manner detrimental to the legitimate interests of the auditee. This concept includes the
proper handling of sensitive or confidential information.
e) Independence: the basis for the impartiality of the audit and objectivity of the audit conclusions
Auditors should be independent of the activity being audited wherever practicable, and should in all
cases act in a manner that is free from bias and conflict of interest. For internal audits, auditors should
be independent from the operating managers of the function being audited. Auditors should maintain
4 © ISO 2011 – All rights reserved

---------------------- Page: 16 ----------------------

SIST EN ISO 19011:2011
ISO 19011:2011(E)
objectivity throughout the audit process to ensure that the audit findings and conclusions are based only
on the audit evidence.
For small organizations, it may not be possible for internal auditors to be fully independent of the activity
being audited, but every effort should be made to remove bias and encourage objectivity.
f) Evidence-based approach: the rational method for reaching reliable and reproducible audit conclusions
in a systematic audit process
Audit evidence should be verifiable. It will in general be based on samples of the information available,
since an audit is conducted during a finite period of time and with finite resources. An appropriate use of
sampling should be applied, since this is closely related to the confidence that can be placed in the audit
conclusions.
5 Managing an audit programme
5.1 General
An organization needing to conduct audits should establish an audit programme that contributes to the
determination of the effectiveness of the auditee’s management system. The audit programme can include
audits considering one or more management system standards, conducted either separately or in combination.
The top management should ensure that the audit programme objectives are established and assign one or
more competent persons to manage the audit programme. The extent of an audit programme should be based
on the size and nature of the organization being audited, as well as on the nature, functionality, complexity
and the level of maturity of the management system to be audited. Priority should be given to allocating
the audit programme resources to audit those matters of significance within the management system. These
may include the key characteristics of product quality or hazards related
...

SLOVENSKI SIST EN ISO 19011
STANDARD
december 2011












Smernice za presojanje sistemov vodenja (ISO 19011:2011)

Guidelines for auditing management systems (ISO 19011:2011)

Leitfaden zur Auditierung von Managementsystemen (ISO 19011:2011)

Lignes directrices pour l’audit des systèmes de management (ISO 19011:2011)

























Referenčna oznaka
ICS 03.120.10; 13.020.10 SIST EN ISO 19011:2011 (sl,en)


Nadaljevanje na straneh II in od 1 do 73



© 2013-03. Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN ISO 19011 : 2011
NACIONALNI UVOD

Standard SIST EN ISO 19011 (sl,en), Smernice za presojanje sistemov vodenja (ISO 19011:2011),
2011, ima status slovenskega standarda in je enakovreden evropskemu standardu EN ISO 19011,
Guidelines for auditing management systems (ISO 19011:2011), 2011.

NACIONALNI PREDGOVOR

Besedilo standarda EN ISO 19011:2011 je pripravil tehnični odbor ISO/TC 176 "Vodenje in
zagotavljanje kakovosti". Slovenski standard SIST EN ISO 19011:2011 je prevod angleškega besedila
evropskega standarda EN ISO 19011:2011. V primeru spora glede besedila slovenskega prevoda v
tem standardu je odločilen izvirni evropski standard v angleškem jeziku. Slovensko-angleško izdajo
standarda je pripravil SIST/TC VZK Vodenje in zagotavljanje kakovosti.

Odločitev za privzem tega standarda je dne 25. novembra 2011 sprejel SIST/TC VZK Vodenje in
zagotavljanje kakovosti.

OSNOVA ZA IZDAJO STANDARDA

– privzem standarda EN ISO 19011:2011

PREDHODNA IZDAJA

– SIST EN ISO 19011:2003

OPOMBE

– Povsod, kjer se v besedilu standarda uporablja izraz “mednarodni standard”, v SIST EN ISO
19011:2011 to pomeni “slovenski standard”.
– Nacionalni uvod in nacionalni predgovor nista sestavni del standarda.
– Ta nacionalni dokument je istoveten EN ISO 19011:2011 in je objavljen z dovoljenjem

CEN
Avenue Marnix 17
1050 Bruselj
Belgija

This national document is identical with EN ISO 19011:2011 and is published with the permission of

CEN
Avenue Marnix 17
1050 Bruxelles
Belgium


II

---------------------- Page: 2 ----------------------

EVROPSKI STANDARD EN ISO 19011
EUROPEAN STANDARD
EUROPÄISCHE NORM
NORME EUROPÉENNE november 2011


ICS: 03.120.10; 13.020.10 Nadomešča EN ISO 19011:2002




Slovenska izdaja

Smernice za presojanje sistemov vodenja (ISO 19011:2011)

Guidelines for auditing Lignes directrices pour l'audit des Leitfaden zur Auditierung von
management systems systèmes de management Managementsystemen
(ISO 19011:2011) (ISO 19011:2011) (ISO 19011:2011)




Ta evropski standard je CEN sprejel 5. novembra 2011.
Člani CEN morajo izpolnjevati notranje predpise CEN/CENELEC, s katerimi je predpisano, da mora
biti ta standard brez kakršnih koli sprememb sprejet ko nacionalni standard. Seznami najnovejših izdaj
teh nacionalnih standardov in njihovi bibliografski podatki so na zahtevo na voljo pri Upravnem centru
CEN-CENELEC ali pri kateremkoli članu CEN.
Ta evropski standard obstaja v treh uradnih izdajah (angleški, francoski, nemški). Izdaje v drugih
jezikih, ki jih člani CEN na lastno odgovornost prevedejo in izdajo ter prijavijo pri Upravnem centru
CEN-CENELEC, veljajo kot uradne izdaje.
Člani CEN so nacionalni organi za standarde Avstrije, Belgije, Bolgarije, Cipra, Češke republike,
Danske, Estonije, Finske, Francije, Grčije, Hrvaške, Irske, Islandije, Italije, Latvije, Litve,
Luksemburga, Madžarske, Malte, Nemčije, Nizozemske, Norveške, Poljske, Portugalske, Romunije,
Slovaške, Slovenije, Španije, Švedske, Švice in Združenega kraljestva.












CEN
Evropski komite za standardizacijo
European Committee for Standardization
Europäisches Komitee für Normung
Comité Européen de Normalisation

Upravni center: Avenue Marnix 17, B-1000 Bruselj


© 2011. Lastnice avtorskih pravic so vse države članice CEN Ref. oznaka: EN ISO 19011:2011 E

---------------------- Page: 3 ----------------------

SIST EN ISO 19011 : 2011

Vsebina StranContents Page
Predgovor k evropskemu standardu.3 Foreword to the european standard . 3
Predgovor k mednarodnemu standardu. 4 Foreword to the international standard. 4
Uvod.6 Introduction . 6
1 Področje uporabe . 9 1 Scope. 9
2 Zveza s standardi . 9 2 Normative references. 9
3 Izrazi in definicije . 9 3 Terms and definitions. 9
4 Načela presojanja. 13 4 Principles of auditing .13
5 Vodenje programa presoj.14 5 Managing an audit programme.14
5.1 Splošno. 14 5.1 General .14
5.2 Določitev okvirnih ciljev programa  5.2 Establishing the audit programme
presoj . 17 objectives .17
5.3 Določitev programa presoj.18 5.3 Establishing the audit programme.18
5.4 Izvedba programa presoj. 21 5.4 Implementing the audit programme.21
5.5 Nadzorovanje programa presoj . 27 5.5 Monitoring the audit programme.27
5.6 Pregledovanje in izboljševanje  5.6 Reviewing and improving the audit
programa presoj. 27 programme.27
6 Izvedba presoje.28 6 Performing an audit.28
6.1 Splošno.28 6.1 General.28
6.2 Začetek presoje. 29 6.2 Initiating the audit .29
6.3 Priprava aktivnosti presoje.31 6.3 Preparing audit activities.31
6.4 Izvajanje aktivnosti presoje . 34 6.4 Conducting the audit activities .34
6.5 Priprava in razdelitev poročila o presoji. 41 6.5 Preparing and distributing the audit report .41
6.6 Dokončanje presoje. 42 6.6 Completing the audit .42
6.7 Izvajanje aktivnosti po presoji.43 6.7 Conducting audit follow-up.43
7 Kompetentnost in vrednotenje  7 Competence and evaluation
presojevalcev . 43 of auditors .43
7.1 Splošno.43 7.1 General.43
7.2 Ugotavljanje kompetentnosti presojevalcev 7.2 Determining auditor competence to
za izpolnjevanje potreb programa presoj. 44 fulfil the needs of the audit programme.44
7.3 Določitev kriterijev za vrednotenje  7.3 Establishing the auditor evaluation
presojevalcev . 50 criteria.50
7.4 Izbira ustrezne metode za vrednotenje  7.4 Selecting the appropriate auditor
presojevalcev . 50 evaluation method .50
7.5 Izvedba vrednotenja presojevalcev. 51 7.5 Conducting auditor evaluation .51
7.6 Vzdrževanje in izboljševanje  7.6 Maintaining and improving auditor
kompetentnosti presojevalcev. 52 competence .52
Dodatek A (informativni): Napotki in  Annex A (informative) Guidance and
primeri prikaza specifičnega strokovnega illustrative examples of discipline-specific
znanja in veščin presojevalcev . 53 knowledge and skills of auditors .53
Dodatek B (informativni): Dodatni napotki  Annex B (informative): Additional guidance
presojevalcem za načrtovanje in izvajanje for auditors for planning and conducting
presoj . 62 audits .62
Literatura. 72 Bibliography.72
2

---------------------- Page: 4 ----------------------

SIST EN ISO 19011 : 2011

Predgovor k evropskemu standardu Foreword to the european standard
Ta dokument (EN ISO 19011:2011) je pripravil This document (EN ISO 19011:2011) has been

tehnični odbor ISO/TC 176 "Vodenje in prepared by Technical Committee ISO/TC 176
zagotavljanje kakovosti". "Quality management and quality assurance".
Ta evropski standard mora z objavo istovetnega This European Standard shall be given the

besedila ali z razglasitvijo dobiti status status of a national standard, either by
nacionalnega standarda najpozneje do maja publication of an identical text or by
2012, nacionalne standarde, ki so v nasprotju s endorsement, at the latest by May 2012, and
tem standardom, pa je treba umakniti najpozneje conflicting national standards shall be withdrawn
do maja 2012. at the latest by May 2012.
Opozarja se na možnost, da je lahko nekaj Attention is drawn to the possibility that some of

elementov tega dokumenta predmet patentnih the elements of this document may be the
pravic. CEN [in/ali CENELEC] ne prevzema subject of patent rights. CEN [and/or CENELEC]
odgovornosti za identifikacijo katerih koli ali vseh shall not be held responsible for identifying any
takih patentnih pravic. or all such patent rights.
Ta dokument nadomešča EN ISO 19011:2002. This document supersedes EN ISO 19011:2002.

V skladu z notranjimi predpisi CEN/CENELEC According to the CEN/CENELEC Internal

morajo ta evropski standard obvezno uvesti Regulations, the national standards
nacionalne organizacije za standardizacijo organizations of the following countries are
naslednjih držav: Avstrije, Belgije, Bolgarije, bound to implement this European Standard:
Cipra, Češke republike, Danske, Estonije, Austria, Belgium, Bulgaria, Croatia, Cyprus,
Finske, Francije, Grčije, Hrvaške, Irske, Islandije, Czech Republic, Denmark, Estonia, Finland,
Italije, Latvije, Litve, Luksemburga, Madžarske, France, Germany, Greece, Hungary, Iceland,
Malte, Nemčije, Nizozemske, Norveške, Poljske, Ireland, Italy, Latvia, Lithuania, Luxembourg,
Portugalske, Romunije, Slovaške, Slovenije, Malta, Netherlands, Norway, Poland, Portugal,
Španije, Švedske, Švice in Združenega Romania, Slovakia, Slovenia, Spain, Sweden,
kraljestva. Switzerland and the United Kingdom.

3

---------------------- Page: 5 ----------------------

SIST EN ISO 19011 : 2011

Predgovor k mednarodnemu standardu Foreword to the international standard
ISO (Mednarodna organizacija za standardizacijo) ISO (the International Organization for
je svetovna zveza nacionalnih organov za Standardization) is a worldwide federation of
standarde (članov ISO). Mednarodne standarde national standards bodies (ISO member bodies).
ponavadi pripravljajo tehnični odbori ISO. Vsak The work of preparing International Standards is
član, ki želi delovati na določenem področju, za normally carried out through ISO technical
katero je bil ustanovljen tehnični odbor, ima committees. Each member body interested in a
pravico biti zastopan v tem odboru. Pri delu subject for which a technical committee has been
sodelujejo tudi mednarodne vladne in nevladne established has the right to be represented on
organizacije, povezane z ISO. V vseh zadevah, that committee. International organizations,
ki so povezane s standardizacijo na področju governmental and non-governmental, in liaison
elektrotehnike, ISO tesno sodeluje z with ISO, also take part in the work. ISO
Mednarodno elektrotehniško komisijo (IEC). collaborates closely with the International
Electrotechnical Commission (IEC) on all matters
of electrotechnical standardization.
Mednarodni standardi so pripravljeni v skladu s International Standards are drafted in
pravili, podanimi v Direktivah ISO/IEC, 2. del. accordance with the rules given in the ISO/IEC
Directives, Part 2.
Glavna naloga tehničnih odborov je priprava The main task of technical committees is to
mednarodnih standardov. Osnutki mednarodnih prepare International Standards. Draft
standardov, ki jih sprejmejo tehnični odbori, se International Standards adopted by the technical
pošljejo vsem članom v glasovanje. Za objavo committees are circulated to the member bodies
mednarodnega standarda je treba pridobiti for voting. Publication as an International
soglasje najmanj 75 odstotkov članov, ki so Standard requires approval by at least 75 % of
glasovali. the member bodies casting a vote.
Opozarja se na možnost, da je lahko nekaj Attention is drawn to the possibility that some of
elementov tega dokumenta predmet patentnih the elements of this document may be the
pravic. ISO ne prevzema odgovornosti za subject of patent rights. ISO shall not be held
identifikacijo katerih koli ali vseh takih patentnih responsible for identifying any or all such patent
pravic. rights.
ISO 19011 je pripravil tehnični odbor ISO/TC 176 ISO 19011 was prepared by Technical
Vodenje in zagotavljanje kakovosti, pododbor Committee ISO/TC 176, Quality management
SC 3 Podporne tehnologije. and quality assurance, Subcommittee SC 3,
Supporting technologies.
Ta druga izdaja razveljavlja in nadomešča prvo This second edition cancels and replaces the
izdajo (ISO 19011:2002), ki je tehnično first edition (ISO 19011:2002), which has been
revidirana. technically revised.
Glavne razlike v primerjavi s prvo izdajo so: The main differences compared with the first
edition are as follows:
– področje uporabe je s presojanja sistemov – the scope has been broadened from the
vodenja kakovosti in ravnanja z okoljem auditing of quality and environmental
razširjeno na presojanje katerega koli management systems to the auditing of
sistema vodenja; any management systems;
– razjasnjena je povezava med ISO 19011 in – the relationship between ISO 19011 and
ISO/IEC 17021; ISO/IEC 17021 has been clarified;
– uvedeni so metode presoje na daljavo in – remote audit methods and the concept of
koncept tveganja; risk have been introduced;
4

---------------------- Page: 6 ----------------------

SIST EN ISO 19011 : 2011
– kot novo načelo presojanja je dodana – confidentiality has been added as a new
zaupnost; principle of auditing;
– točke 5, 6 in 7 so preoblikovane; – Clauses 5, 6 and 7 have been reorganized;
– v nov dodatek B so zaradi odstranitve – additional information has been included in
okvirov za pomoč vključene dodatne a new Annex B, resulting in the removal of
informacije; help boxes;
– okrepljen je proces določanja in – the competence determination and
vrednotenja kompetentnosti; evaluation process has been
strengthened;
– v nov dodatek A so vključeni primeri – illustrative examples of discipline-specific
prikaza specifičnega strokovnega znanja in knowledge and skills have been included
veščin; in a new Annex A;
– dodatne smernice so na voljo na spletni – additional guidelines are available at the
strani: www.iso.org/19011auditing. following website: www.iso.org/19011auditing






































5

---------------------- Page: 7 ----------------------

SIST EN ISO 19011 : 2011
Uvod Introduction
Odkar je bila leta 2002 izdana prva izdaja tega Since the first edition of this International
mednarodnega standarda, so bili objavljeni Standard was published in 2002, a number of
številni novi standardi za sisteme vodenja. Zato new management system standards have been
sta nastopili potrebi po upoštevanju širšega published. As a result, there is now a need to
obsega presojanja sistemov vodenja in po consider a broader scope of management
zagotavljanju splošnejših navodil. system auditing, as well as providing guidance
that is more generic.
Leta 2006 je Odbor ISO za ugotavljanje In 2006, the ISO committee for conformity
skladnosti (CASCO) razvil standard ISO/IEC assessment (CASCO) developed ISO/IEC
17021, ki podaja zahteve za certificiranje 17021, which sets out requirements for third
sistemov vodenja tretje stranke in je delno party certification of management systems and
temeljil na smernicah iz prve izdaje tega which was based in part on the guidelines
mednarodnega standarda. contained in the first edition of this International
Standard.
Leta 2011 izdana druga izdaja ISO/IEC 17021 The second edition of ISO/IEC 17021, published
je bila razširjena v tem pogledu, da so bili in 2011, was extended to transform the guidance
napotki iz tega mednarodnega standarda offered in this International Standard into
spremenjeni v zahteve za presoje certificiranja requirements for management system
sistemov vodenja. Prav v tem okviru podaja certification audits. It is in this context that this
druga izdaja tega mednarodnega standarda second edition of this International Standard
napotke za vse uporabnike, vključno z majhnimi provides guidance for all users, including small
in srednje velikimi organizacijami, ter posveča and medium-sized organizations, and
posebno pozornost t. i. "notranjim presojam" concentrates on what are commonly termed
(prva stranka) in "presojam, ki jih odjemalci “internal audits” (first party) and “audits
izvajajo pri svojih dobaviteljih" (druga stranka). conducted by customers on their suppliers”
Tistim, ki izvajajo presoje certificiranja sistemov (second party). While those involved in
vodenja po zahtevah standarda ISO/IEC management system certification audits follow
17021:2011, pa bi utegnili koristiti tudi napotki iz the requirements of ISO/IEC 17021:2011, they
tega mednarodnega standarda. might also find the guidance in this International
Standard useful.
V preglednici 1 so prikazane povezave med The relationship between this second edition of
drugo izdajo tega mednarodnega standarda in this International Standard and ISO/IEC
ISO/IEC 17021:2011. 17021:2011 is shown in Table 1.
Preglednica 1: Področje uporabe tega Table 1 – Scope of this International
mednarodnega standarda in njegova Standard and its relationship with
povezava z ISO/IEC 17021:2011 ISO/IEC 17021:2011

Zunanja presoja External auditing
Notranja Internal
Presoja Presoja tretje Supplier Third party
presoja auditing
dobaviteljev stranke auditing auditing
Za pravne, For legal, regulatory
regulativne in Sometimes and similar purposes
Včasih Včasih Sometimes
podobne namene called For certification
imenovana imenovana
called first
Za certificiranje second (see also the
presoja prve presoja druge party audit
(glej tudi zahteve v party audit requirements in
stranke stranke
ISO/IEC ISO/IEC 17021:2011)

17021:2011)

Ta mednarodni standard ne navaja zahtev, This International Standard does not state

temveč podaja napotke za vodenje programa requirements, but provides guidance on the
presoj, načrtovanje in izvajanje presoje sistema management of an audit programme, on the
vodenja ter za kompetentnost in ovrednotenje planning and conducting of an audit of the
6

---------------------- Page: 8 ----------------------

SIST EN ISO 19011 : 2011
posameznega presojevalca in presojevalne management system, as well as on the
skupine. competence and evaluation of an auditor and
an audit team.
V organizaciji lahko deluje več formalnih Organizations can operate more than one formal

sistemov vodenja. Da bi poenostavili berljivost management system. To simplify the readability
tega mednarodnega standarda, je uporabljena of this International Standard, the singular form
edninska oblika "sistem vodenja", bralec pa of “management system” is preferred, but the
lahko izvajanje napotkov prilagodi svojim reader can adapt the implementation of the
razmeram. To se nanaša tudi na uporabo guidance to their own particular situation. This
samostalnikov "oseba" in "osebe", "presojevalec" also applies to the use of “person” and “persons”,
in "presojevalci". “auditor” and “auditors”.
Ta mednarodni standard je namenjen širokemu This International Standard is intended to apply
krogu morebitnih uporabnikov, vključno s to a broad range of potential users, including
presojevalci, organizacijami, ki izvajajo sisteme auditors, organizations implementing manage-
vodenja, in organizacijami, ki morajo iz ment systems, and organizations needing to
pogodbenih ali regulativnih razlogov izvajati conduct audits of management systems for
presojo sistemov vodenja. Uporabniki tega contractual or regulatory reasons. Users of this
mednarodnega standarda pa lahko te napotke International Standard can, however, apply this
uporabijo tudi za pripravo lastnih zahtev v zvezi s guidance in developing their own audit-related
presojo. requirements.
Napotki iz tega mednarodnega standarda se The guidance in this International Standard can
lahko uporabljajo tudi za samodeklariranje in also be used for the purpose of self-declaration,
lahko koristijo organizacijam, ki izvajajo and can be useful to organizations involved in
usposabljanje presojevalcev ali certificiranje auditor training or personnel certification.
osebja.
Napotki iz tega mednarodnega standarda se The guidance in this International Standard is
lahko prilagajajo. Kot je razvidno iz različnih intended to be flexible. As indicated at various
delov besedila, se lahko uporaba teh napotkov points in the text, the use of this guidance can
razlikuje glede na velikost in stopnjo zrelosti differ depending on the size and level of maturity
sistema vodenja organizacije, na naravo in of an organization’s management system and on
kompleksnost presojane organizacije ter tudi the nature and complexity of the organization to
glede na cilje in obseg predvidenih presoj. be audited, as well as on the objectives and
scope of the audits to be conducted.
Ta mednarodni standard v presojanje sistemov This International Standard introduces the
vodenja uvaja koncept tveganja. Privzeti pristop concept of risk to management systems
se nanaša tako na tveganje, da proces presoje auditing. The approach adopted relates both to
ne bo dosegel svojih ciljev, kot tudi na možnost the risk of the audit process not achieving its
poseganja presoje v dejavnosti in procese objectives and to the potential of the audit to
presojanca. Ne daje pa posebnih napotkov glede interfere with the auditee’s activities and
procesa obvladovanja tveganja organizacije, processes. It does not provide specific guidance
temveč dopušča, da organizacije osredotočijo on the organization’s risk management process,
presojo na zadeve, ki so pomembne za sistem but recognizes that organizations can focus
vodenja. audit effort on matters of significance to the
management system.
V tem mednarodnem standardu je sprejet This International Standard adopts the
pristop, da se skupno presojanje dveh ali več approach that when two or more management
sistemov vodenja imenuje "kombinirana presoja". systems of different disciplines are audited
Kadar so ti sistemi povezani v en sistem together, this is termed a “combined audit”.
vodenja, so načela in procesi presojanja enaki Where these systems are integrated into a
kot pri kombinirani presoji.  single management system, the principles and
processes of auditing are the same as for a
combined audit.
7

---------------------- Page: 9 ----------------------

SIST EN ISO 19011 : 2011
V točki 3 so podani ključni izrazi in definicije, ki Clause 3 sets out the key terms and definitions
se uporabljajo v tem mednarodnem standardu. used in this International Standard. All efforts
Pri tem je bilo v največji možni meri poskrbljeno, have been taken to ensure that these definitions
da te definicije niso v nasprotju z definicijami, do not conflict with definitions used in other
uporabljenimi v drugih standardih. standards.
V točki 4 so opisana načela, na katerih temelji Clause 4 describes the principles on which
presojanje. Ta načela pomagajo uporabniku auditing is based. These principles help the user
razumeti bistvene značilnosti presojanja in so to understand the essential nature of auditing
pomembna za razumevanje napotkov v točkah and they are important in understanding the
od 5 do 7. guidance set out in Clauses 5 to 7.
V točki 5 so podani napotki za določitev in Clause 5 provides guidance on establishing and
vodenje programa presoj, določitev ciljev managing an audit programme, establishing the
programa presoj in koordiniranje aktivnosti audit programme objectives, and coordinating
presojanja. auditing activities.
V točki 6 so podani napotki za načrtovanje in Clause 6 provides guidance on planning and
vodenje presoje sistema vodenja. conducting an audit of a management system.
V točki 7 so podani napotki glede kompetentnosti Clause 7 provides guidance relating to the
in vrednotenja presojevalcev in presojevalnih competence and evaluation of management
skupin za sisteme vodenja. system auditors and audit teams.
Dodatek A ponazarja uporabo napotkov iz točke Annex A illustrates the application of the
7 v različnih strokah. guidance in Clause 7 to different disciplines.
Dodatek B podaja dodatne napotke za Annex B provides additional guidance for
presojevalce glede načrtovanja in izvajanja auditors on planning and conducting audits.
presoj.

8

---------------------- Page: 10 ----------------------

SIST EN ISO 19011 : 2011

Smernice za presojanje sistemov Guidelines for auditing management
vodenja systems
1 Področje uporabe 1 Scope
Ta mednarodni standard podaja napotke o This International Standard provides guidance
presojanju sistemov vodenja, vključno z načeli on auditing management systems, including the
presojanja, vodenjem programa presoj in principles of auditing, managing an audit
izvajanjem presoj sistema vodenja, ter tudi programme and conducting management
napotke glede vrednotenja kompetentnosti system audits, as well as guidance on the
posameznikov, zajetih v proces presoje, vključno evaluation of competence of individuals
z osebo, ki vodi program presoj, presojevalci in involved in the audit process, including the
presojevalnimi skupinami. person managing the audit programme,
auditors and audit teams.
Uporaben je v vseh organizacijah, ki morajo It is applicable to all organizations that need to
izvajati notranje ali zunanje presoje sistemov conduct internal or external audits of management
vodenja ali voditi program presoj. systems or manage an audit programme.
Ta mednarodni standard je mogoče uporabiti pri The application of this International Standard to
drugih vrstah presoj, če se pri tem posebna other types of audits is possible, provided that
pozornost posveti potrebni specifični special consideration is given to the specific
kompetentnosti. competence needed.
2 Zveza s standardi 2 Normative references
Standard ne vsebuje sklicevanj na druge No normative references are cited. This clause is
standarde. Ta točka je vključena zgolj zato, da included in order to retain clause numbering
se ohrani istovetno številčenje z drugimi identical with other ISO management system
standardi ISO za sisteme vodenja. standards.
3 Izrazi in definicije 3 Terms and definitions
V tem mednarodnem standardu se uporabljajo For the purposes of this document, the
naslednji izrazi in definicije: following terms and definitions apply.
3.1  3.1
presoja audit
sistematičen, neodvisen in dokumentiran proces systematic, independent and documented
pridobivanja dokazov presoje (3.3) in njihovega process for obtaining audit evidence (3.3) and
objektivnega vrednotenja, da bi se določil obseg, evaluating it objectively to determine the extent
v katerem so izpolnjeni kriteriji presoje (3.2) to which the audit criteria (3.2) are fulfilled
OPOMBA 1: Notranje presoje, ki se včasih imenujejo NOTE 1 Internal audits, sometimes called first party
presoje prve stranke, izvaja organizacija sama audits, are conducted by the organization itself,
ali nekdo v njenem imenu za vodstveni or on its behalf, for management review and
pregled in druge notranje namene (npr. za other internal purposes (e.g. to confirm the
potrditev uspešnosti sistema vodenja ali effectiveness of the management system or to
pridobitev informacij za izboljšanje sistema obtain information for the improvement of the
vodenja). Notranje presoje so lahko podlaga management system). Internal audits can form
za samodeklariranje organizacije o skladnosti. the basis for an organization’s self-declaration
V številnih primerih, zlasti v manjših of conformity. In many cases, particularly in
organizacijah, se lahko neodvisnost izkazuje z small organizations, indepen-dence can be
neodgovornostjo za aktivnost, ki se presoja, demonstrated by the freedom from
ali z odsotnostjo predsodkov in nasprotja responsibility for the activity being audited or
interesov. freedom from bias and conflict of interest.
O
...

SLOVENSKI STANDARD
oSIST prEN ISO 19011:2010
01-september-2010
Smernice za presojanje sistemov vodenja
Guidelines for auditing management systems
Lignes directrices pour l'audit des systèmes de management
Ta slovenski standard je istoveten z: prEN ISO 19011
ICS:
03.120.10 Vodenje in zagotavljanje Quality management and
kakovosti quality assurance
13.020.10 Ravnanje z okoljem Environmental management
oSIST prEN ISO 19011:2010 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN ISO 19011:2010

---------------------- Page: 2 ----------------------
oSIST prEN ISO 19011:2010


EUROPEAN STANDARD
DRAFT
prEN ISO 19011
NORME EUROPÉENNE

EUROPÄISCHE NORM

June 2010
ICS 03.120.10; 13.020.10 Will supersede EN ISO 19011:2002
English Version
Guidelines for auditing management systems (ISO/DIS
19011:2010)
Lignes directrices pour l'audit des systèmes de Leitfaden für Audits von Managementsystemen (ISO/DIS
management (ISO/DIS 19011:2010) 19011:2010)
This draft European Standard is submitted to CEN members for parallel enquiry. It has been drawn up by the Technical Committee
CEN/SS F20.

If this draft becomes a European Standard, CEN members are bound to comply with the CEN/CENELEC Internal Regulations which
stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

This draft European Standard was established by CEN in three official versions (English, French, German). A version in any other language
made by translation under the responsibility of a CEN member into its own language and notified to the CEN Management Centre has the
same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to
provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without notice and
shall not be referred to as a European Standard.


EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2010 CEN All rights of exploitation in any form and by any means reserved Ref. No. prEN ISO 19011:2010: E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------
oSIST prEN ISO 19011:2010
prEN ISO 19011:2010 (E)
Contents Page
Foreword .3

2

---------------------- Page: 4 ----------------------
oSIST prEN ISO 19011:2010
prEN ISO 19011:2010 (E)
Foreword
This document (prEN ISO 19011:2010) has been prepared by Technical Committee ISO/TC 176 "Quality
management and quality assurance".
This document is currently submitted to the parallel Enquiry.
This document will supersede EN ISO 19011:2002.
Endorsement notice
The text of ISO/DIS 19011:2010 has been approved by CEN as a prEN ISO 19011:2010 without any
modification.

3

---------------------- Page: 5 ----------------------
oSIST prEN ISO 19011:2010

---------------------- Page: 6 ----------------------
oSIST prEN ISO 19011:2010
DRAFT INTERNATIONAL STANDARD ISO/DIS 19011
ISO/TC 176/SC 3 Secretariat: NEN
Voting begins on: Voting terminates on:
2010-06-17 2010-11-17
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION • МЕЖДУНАРОДНАЯ ОРГАНИЗАЦИЯ ПО СТАНДАРТИЗАЦИИ • ORGANISATION INTERNATIONALE DE NORMALISATION
Guidelines for auditing management systems
Lignes directrices pour l'audit des systèmes de management
[Revision of first edition (ISO 19011:2002)]
ICS 03.120.10; 13.020.10

ISO/CEN PARALLEL PROCESSING
This draft has been developed within the International Organization for Standardization (ISO), and
processed under the ISO-lead mode of collaboration as defined in the Vienna Agreement.
This draft is hereby submitted to the ISO member bodies and to the CEN member bodies for a parallel
five-month enquiry.
Should this draft be accepted, a final draft, established on the basis of comments received, will be
submitted to a parallel two-month approval vote in ISO and formal vote in CEN.
In accordance with the provisions of Council Resolution 15/1993 this document is circulated in
the English language only.
Conformément aux dispositions de la Résolution du Conseil 15/1993, ce document est distribué
en version anglaise seulement.
To expedite distribution, this document is circulated as received from the committee secretariat.
ISO Central Secretariat work of editing and text composition will be undertaken at publication
stage.
Pour accélérer la distribution, le présent document est distribué tel qu'il est parvenu du
secrétariat du comité. Le travail de rédaction et de composition de texte sera effectué au
Secrétariat central de l'ISO au stade de publication.
THIS DOCUMENT IS A DRAFT CIRCULATED FOR COMMENT AND APPROVAL. IT IS THEREFORE SUBJECT TO CHANGE AND MAY NOT BE
REFERRED TO AS AN INTERNATIONAL STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS BEING ACCEPTABLE FOR INDUSTRIAL, TECHNOLOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN NATIONAL REGULATIONS.
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT, WITH THEIR COMMENTS, NOTIFICATION OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPORTING DOCUMENTATION.
©
International Organization for Standardization, 2010

---------------------- Page: 7 ----------------------
oSIST prEN ISO 19011:2010
ISO/DIS 19011
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall
not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the
unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.
Copyright notice
This ISO document is a Draft International Standard and is copyright-protected by ISO. Except as permitted
under the applicable laws of the user's country, neither this ISO draft nor any extract from it may be
reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, photocopying,
recording or otherwise, without prior written permission being secured.
Requests for permission to reproduce should be addressed to either ISO at the address below or ISO's
member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Reproduction may be subject to royalty payments or a licensing agreement.
Violators may be prosecuted.
©
ii ISO 2010 – All rights reserved

---------------------- Page: 8 ----------------------
oSIST prEN ISO 19011:2010
ISO/DIS 19011
29 Contents Page
30 Foreword.v
31 Introduction.vi
32 1 Scope.1
33 2 Normative references .1
34 3 Terms and definitions .1
35 4 Principles of auditing .3
36 5 Managing an audit programme .5
37 5.1 General.5
38 5.2 Establishing the audit programme .6
39 5.2.1 Developing the programme objectives .6
40 5.2.2 Role and responsibility of the person(s) managing audit programme(s).7
41 5.2.3 Competence of the person responsible for managing audit programme(s) .7
42 5.2.4 Determining the extent of an audit programme.8
43 5.2.5 Evaluating audit programme risks.8
44 5.2.6 Establishing audit programme procedures .9
45 5.2.7 Identifying audit programme resources.9
46 5.3 Implementing the audit programme .9
47 5.3.1 General.9
48 5.3.2 Defining individual audit objectives, scope and criteria .10
49 5.3.3 Determining the audit method(s) .10
50 5.3.4 Selecting the audit team .11
51 5.3.5 Assigning responsibility for individual audit(s) to the audit team leader.12
52 5.3.6 Managing and maintaining audit programme records .12
53 5.4 Audit programme monitoring.13
54 5.5 Reviewing and improving audit programmes.14
55 6 Audit activities .14
56 6.1 General.14
57 6.2 Initiating the audit.15
58 6.2.1 General.15
59 6.2.2 Establishing initial contact with the auditee.15
60 6.2.3 Determining the feasibility of the audit .16
61 6.3 Preparing for the audit activities.16
62 6.3.1 Preparing the audit plan.16
63 6.3.2 Assigning work to the audit team .17
64 6.3.3 Preparing work documents .17
65 6.4 Conducting audit activities.18
66 6.4.1 Document review .18
67 6.4.2 Conducting opening meeting.18
68 6.4.3 Communication during the audit .19
69 6.4.4 Roles and responsibilities of guides and observers .19
70 6.4.5 Collection and verification of information .20
71 6.4.6 Audit findings.21
72 6.4.7 Audit conclusions.22
73 6.4.8 Conducting the closing meeting.22
74 6.5 Preparing and distributing the audit report .23
75 6.5.1 Preparing the audit report.23
76 6.5.2 Distributing the audit report .24
77 6.6 Completing the audit .24
78 6.7 Conducting audit follow-up .24
© ISO 2010 – All rights reserved iii

---------------------- Page: 9 ----------------------
oSIST prEN ISO 19011:2010
ISO/DIS 19011
79 7 Competence and evaluation of auditors .25
80 7.1 General.25
81 7.2 Determine auditor competence to meet the needs of the audit programme.25
82 7.2.1 Personal behaviours .26
83 7.2.2 Knowledge and skills .26
84 7.2.3 Education, work experience, training and audit experience of auditors .29
85 7.3 Establish the evaluation criteria .29
86 7.4 Select the appropriate evaluation method.29
87 7.5 Conduct the evaluation .30
88 7.6 Maintenance and improvement of competence .30
89 Annex A (Informative) Discipline-specific knowledge and skills of auditors .32
90 A.1 General.32
91 A.2 Discipline-specific knowledge and skills of auditors – Quality.32
92 A.3 Discipline-specific knowledge and skills of auditors – Environmental .33
93 A.4 Discipline-specific knowledge and/or skills of auditors – Occupational health and safety
94 (OH&S) .35
95 A.5 The discipline-specific knowledge and/or skills of auditors – Resilience, security, preparedness
96 and continuity (RSPC) management .36
97 A.6 The discipline-specific knowledge and/or skills of auditors - Discipline: Transportation safety
98 management.38
99 A.7 Discipline-specific knowledge and skills of auditors – Records.39
100 Annex B (Informative) Examples of discipline specific evaluations of audit team competence.42
101 B.1 General.42
102 B.2 Application of the evaluation process for an audit team undertaking an internal audit of an
103 aviation organization’s quality and environmental management systems .43
104 B.3 Application of the evaluation process for an audit team undertaking an internal audit of an
105 event management organization’s Quality and OH&S management systems.49
106 B.4 Application of the evaluation process for an auditor in a hypothetical resilience, security,
107 preparedness and/or continuity management internal audit programme.52
108 Annex C (Informative) Additional Guidance for Auditors for Planning and Conducting Audits .61
109 C.1 Applying audit methods.61
110 C.2 Sources of information .62
111 C.3 Conducting document review .62
112 C.4 Preparing Work Documents .63
113 C.5 Sampling strategy considerations for audits .63
114 C.6 Guidance for site visits and observations .65
115 C.7 Conducting interviews .66
116 C.8 Audit findings.66
117 Bibliography.68
118
iv © ISO 2010 – All rights reserved

---------------------- Page: 10 ----------------------
oSIST prEN ISO 19011:2010
ISO/DIS 19011
119 Foreword
120 ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO
121 member bodies). The work of preparing International Standards is normally carried out through ISO technical
122 committees. Each member body interested in a subject for which a technical committee has been established has
123 the right to be represented on that committee. International organizations, governmental and non-governmental, in
124 liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical
125 Commission (IEC) on all matters of electrotechnical standardization.
126 International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
127 The main task of technical committees is to prepare International Standards. Draft International Standards adopted
128 by the technical committees are circulated to the member bodies for voting. Publication as an International Standard
129 requires approval by at least 75 % of the member bodies casting a vote.
130 Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights.
131 ISO shall not be held responsible for identifying any or all such patent rights.
132 ISO 19011 was prepared by Technical Committee ISO/TC 176, Quality management and quality assurance,
133 Subcommittee SC 3, Supporting technologies.
134 ISO 19011:2011 was prepared under the auspices of the Joint Technical Coordination Group and administered by
135 Technical Committee ISO/TC 176, Quality management and quality assurance, Subcommittee SC 3, Supporting
136 technologies. Members of Working Group 16 under TC 176/SC 3 included representatives of other technical
137 committees (e.g., TC 207, TC 34) and other interested parties for the management systems included within the
138 scope of this standard.
139 This second edition of ISO 19011 cancels and replaces ISO 19011: 2002 which has been technically revised.
140
© ISO 2010 – All rights reserved v

---------------------- Page: 11 ----------------------
oSIST prEN ISO 19011:2010
ISO/DIS 19011
141 Introduction
142 Since the initial publication of ISO 19011 in 2002, a number of new management system standards have been
143 published. This has resulted in a need to consider a broader scope of management system auditing as well as
144 provide guidance that is more generic.
145 In 2006, ISO CASCO developed a standard with requirements for 3rd party management system certification audit
146 purposes in ISO/IEC 17021.
147 It is in this context that this revision of ISO 19011 provides guidance for all users, including small and medium sized
148 enterprises, specially concentrating on what are commonly termed internal (first party) and second party audit.
149 This International Standard does not state requirements but provides guidance on the management of audit
150 programmes and on the conduct of audits of management systems, as well as on the competence and evaluation of
151 auditors and audit teams. Users of this International Standard may, however, apply this guidance in developing their
152 own audit-related requirements.
153 This guidance is intended to apply to a broad range of potential users, including auditors, organizations
154 implementing management systems, and organizations needing to conduct audits of management systems for
155 contractual or regulatory reasons. It may also be used for the purpose self-declaration. It may also be useful to
156 organizations involved in auditor training or certification
157 The guidance in this International Standard is intended to be flexible. As indicated at various points in the text, the
158 use of this guidance may differ according to the size, level of maturity of an organizations’ management system, the
159 nature and complexity of the organization to be audited, as well as the objectives and scope of the audits to be
160 conducted.
161 In this International Standard, Clause 4 describes the principles on which credible auditing is based. These
162 principles help the user to understand the essential nature of auditing and they are important to understanding the
163 guidance set out in Clauses 5 to 7.
164 Clause 5 provides guidance on the establishment and management of audit programmes, including establishing the
165 audit programme objectives, and coordinating auditing activities.
166 Clause 6 provides guidance on conducting audits of management systems.
167 Clause 7 provides guidance relating to the competence and evaluation of management system auditors and audit
168 teams.
169 Annex A illustrates the application of the guidance in Clause 7 to different disciplines (e.g. quality, environmental,
170 occupational health and safety, resilience, security, preparedness and continuity management and transportation
171 safety management).
172 Annex B provides examples of the evaluation of audit team competencies in various hypothetical organizations in
173 different sectors (e.g. aviation, event management).
174 Annex C provides additional guidance for auditors on planning and conducting audits.
vi © ISO 2010 – All rights reserved

---------------------- Page: 12 ----------------------
oSIST prEN ISO 19011:2010
DRAFT INTERNATIONAL STANDARD ISO/DIS 19011

175
Guidelines for auditing management systems
176
177 1 Scope
178 This International Standard provides guidance on auditing management systems, including the principles of
179 auditing, managing audit programmes and conducting management system audits, as well as guidance on the
180 evaluation of competence of individuals involved in the audit process including those responsible for audit
181 programme management, auditors and audit teams.
182 It is applicable to all organizations needing to conduct internal or external audits of management systems or
183 manage an audit programme.
184 The application of this International Standard to other types of audit is possible, provided that special consideration
185 is paid to the specific competences needed.
186 2 Normative references
187 Where standards or other documents have been used or referred to (e.g. for some definitions in clause 3) it was
188 decided to include the original text in the present International standard in order to create a stand-alone document.
189 A bibliography at the end of this present International standard lists these documents as well as other useful source
190 material.
191 3 Terms and definitions
192 For the purposes of this document, the following terms and definitions given below apply. All efforts have been
193 taken that these definitions should not conflict with the definitions used in other management system standards.
194 3.1
195 audit
196 systematic, independent and documented process for obtaining audit evidence (3.3) and evaluating it objectively
197 to determine the extent to which the audit criteria (3.2) are fulfilled
198 NOTE 1 Internal audits, sometimes called first party audits, are conducted by, or on behalf of, the organization itself for
199 management review and other internal purposes (e.g. to confirm the intended operation of the management system or to obtain
200 information for improvement of the management system), and may form the basis for an organization’s self-declaration of
201 conformity. In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from
202 responsibility for the activity being audited or freedom from bias and conflict of interest.
203 NOTE 2 External audits include second and third party audits. Second party audits are conducted by parties having an
204 interest in the organization, such as customers, or by other persons on their behalf. Third party audits are conducted by
205 independent auditing organizations, such as regulators or those providing registration or certification.
206 NOTE 3 When two or more management systems of different disciplines (e.g. quality, environmental, occupational health
207 and safety) are audited together, this is termed a combined audit.
208 NOTE 4 When two or more auditing organizations cooperate to audit a single auditee (3.7), this is termed a joint audit.
© ISO 2010 – All rights reserved 1

---------------------- Page: 13 ----------------------
oSIST prEN ISO 19011:2010
ISO/DIS 19011
209 3.2
210 audit criteria
211 set of policies, procedures or requirements
212 NOTE 1 Audit criteria are used as a reference against which audit evidence (3.3) is compared.
213 NOTE 2 If the audit criteria are selected from legal or other requirements, the audit finding (3.4) is termed compliance or non-
214 compliance.
215 NOTE 3 If the audit criteria are selected from standards (internal or external), the audit finding (3.4) is termed a conformity
216 (3.16) or nonconformity (3.17).
217 3.3
218 audit evidence
219 records, statements of
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.