Guidelines for auditing management systems (ISO 19011:2018)

This document provides guidance on auditing management systems, including the principles of auditing,
managing an audit programme and conducting management system audits, as well as guidance on
the evaluation of competence of individuals involved in the audit process. These activities include the
individual(s) managing the audit programme, auditors and audit teams.
It is applicable to all organizations that need to plan and conduct internal or external audits of
management systems or manage an audit programme.
The application of this document to other types of audits is possible, provided that special consideration
is given to the specific competence needed.

Leitfaden zur Auditierung von Managementsystemen (ISO 19011:2018)

Dieses Dokument bietet eine Anleitung zum Auditieren von Managementsystemen, einschließlich der Auditprinzipien, der Steuerung eines Auditprogramms und der Durchführung von Audits von Management¬systemen sowie zur Beurteilung der Kompetenz derer, die in den Auditprozess einbezogen sind. Diese Tätigkeiten beziehen die Person(en), die das Auditprogramm steuert (steuern), Auditoren und Auditteams mit ein.
Es ist auf alle Organisationen, die interne oder externe Audits von Managementsystemen planen und durchführen oder ein Auditprogramm steuern müssen, anwendbar.
Die Anwendung dieses Dokuments auf andere Arten von Audits ist möglich, vorausgesetzt, besondere Aufmerksamkeit wird der speziellen Kompetenz, die erforderlich ist, beigemessen.

Lignes directrices pour l'audit des systèmes de management (ISO 19011:2018)

Le présent document fournit des lignes directrices sur l'audit de systèmes de management, comprenant les principes de l'audit, le management d'un programme d'audit et la réalisation d'audits de systèmes de management. Elle donne également des lignes directrices sur l'évaluation de la compétence des personnes impliquées dans le processus d'audit. Ces activités concernent le(s) responsable(s) du management du programme d'audit, les auditeurs et les équipes d'audit.
Il est applicable à tous les organismes qui doivent planifier et réaliser des audits internes ou externes de systèmes de management ou manager un programme d'audit.
Le présent document peut, en principe, s'appliquer à d'autres types d'audits, à condition toutefois d'accorder une attention toute particulière aux compétences spécifiques requises.

Smernice za presojanje sistemov vodenja (ISO 19011:2018)

Ta dokument opisuje smernice za presojanje sistemov vodenja, vključno z načeli presojanja, vodenjem programa presoje in izvajanjem presoj sistemov vodenja ter smernicami za oceno usposobljenosti posameznikov, vključenih v postopek presoje. Te dejavnosti zajemajo posameznike, ki vodijo program presoje, presojevalce in skupine za presojo.
Uporablja se za vse organizacije, ki morajo načrtovati in izvajati notranje ali zunanje presoje sistemov vodenja ali voditi program presoje.
Ta dokument se lahko uporablja za druge vrste presoj, če je posebna pozornost namenjena posebni usposobljenosti, ki je potrebna zanje.

General Information

Status
Published
Public Enquiry End Date
30-Oct-2017
Publication Date
04-Sep-2018
Current Stage
6100 - Translation of adopted SIST standards (Adopted Project)
Start Date
03-Sep-2019
Due Date
01-Sep-2020
Completion Date
13-Mar-2020

Relations

Buy Standard

Standard
EN ISO 19011:2018
English language
56 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
Standard – translation
EN ISO 19011:2018
Slovenian and English language
81 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
Draft
prEN ISO 19011:2017
English language
53 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN ISO 19011:2018
01-oktober-2018
1DGRPHãþD
SIST EN ISO 19011:2011
Smernice za presojanje sistemov vodenja (ISO 19011:2018)
Guidelines for auditing management systems (ISO 19011:2018)
Leitfaden zur Auditierung von Managementsystemen (ISO 19011:2018)
Lignes directrices pour l'audit des systèmes de management (ISO 19011:2018)
Ta slovenski standard je istoveten z: EN ISO 19011:2018
ICS:
03.100.70 Sistemi vodenja Management systems
03.120.10 Vodenje in zagotavljanje Quality management and
kakovosti quality assurance
13.020.10 Ravnanje z okoljem Environmental management
SIST EN ISO 19011:2018 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN ISO 19011:2018

---------------------- Page: 2 ----------------------

SIST EN ISO 19011:2018


EN ISO 19011
EUROPEAN STANDARD

NORME EUROPÉENNE

July 2018
EUROPÄISCHE NORM
ICS 03.100.70; 03.120.20 Supersedes EN ISO 19011:2011
English Version

Guidelines for auditing management systems (ISO
19011:2018)
Lignes directrices pour l'audit des systèmes de Leitfaden zur Auditierung von Managementsystemen
management (ISO 19011:2018) (ISO 19011:2018)
This European Standard was approved by CEN on 18 June 2018.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and United Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2018 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 19011:2018 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST EN ISO 19011:2018
EN ISO 19011:2018 (E)
Contents Page
European foreword . 3

2

---------------------- Page: 4 ----------------------

SIST EN ISO 19011:2018
EN ISO 19011:2018 (E)
European foreword
This document (EN ISO 19011:2018) has been prepared by Technical Committee ISO/PC 302
"Guidelines for auditing management systems" in collaboration with CCMC.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by January 2019, and conflicting national standards shall
be withdrawn at the latest by January 2019.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO 19011:2011.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
Endorsement notice
The text of ISO 19011:2018 has been approved by CEN as EN ISO 19011:2018 without any modification.

3

---------------------- Page: 5 ----------------------

SIST EN ISO 19011:2018

---------------------- Page: 6 ----------------------

SIST EN ISO 19011:2018
INTERNATIONAL ISO
STANDARD 19011
Third edition
2018-07
Guidelines for auditing management
systems
Lignes directrices pour l'audit des systèmes de management
Reference number
ISO 19011:2018(E)
©
ISO 2018

---------------------- Page: 7 ----------------------

SIST EN ISO 19011:2018
ISO 19011:2018(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2018 – All rights reserved

---------------------- Page: 8 ----------------------

SIST EN ISO 19011:2018
ISO 19011:2018(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles of auditing . 5
5 Managing an audit programme . 6
5.1 General . 6
5.2 Establishing audit programme objectives . 9
5.3 Determining and evaluating audit programme risks and opportunities . 9
5.4 Establishing the audit programme .10
5.4.1 Roles and responsibilities of the individual(s) managing the audit programme .10
5.4.2 Competence of individual(s) managing audit programme .11
5.4.3 Establishing extent of audit programme .11
5.4.4 Determining audit programme resources .12
5.5 Implementing audit programme .12
5.5.1 General.12
5.5.2 Defining the objectives, scope and criteria for an individual audit .13
5.5.3 Selecting and determining audit methods .14
5.5.4 Selecting audit team members .14
5.5.5 Assigning responsibility for an individual audit to the audit team leader.15
5.5.6 Managing audit programme results .16
5.5.7 Managing and maintaining audit programme records .16
5.6 Monitoring audit programme .17
5.7 Reviewing and improving audit programme .17
6 Conducting an audit .18
6.1 General .18
6.2 Initiating audit .18
6.2.1 General.18
6.2.2 Establishing contact with auditee .18
6.2.3 Determining feasibility of audit .19
6.3 Preparing audit activities .19
6.3.1 Performing review of documented information.19
6.3.2 Audit planning . . .19
6.3.3 Assigning work to audit team .21
6.3.4 Preparing documented information for audit .21
6.4 Conducting audit activities .21
6.4.1 General.21
6.4.2 Assigning roles and responsibilities of guides and observers .21
6.4.3 Conducting opening meeting .22
6.4.4 Communicating during audit .23
6.4.5 Audit information availability and access .23
6.4.6 Reviewing documented information while conducting audit .23
6.4.7 Collecting and verifying information .24
6.4.8 Generating audit findings .25
6.4.9 Determining audit conclusions .25
6.4.10 Conducting closing meeting .26
6.5 Preparing and distributing audit report .27
6.5.1 Preparing audit report .27
6.5.2 Distributing audit report .27
6.6 Completing audit .28
6.7 Conducting audit follow-up.28
© ISO 2018 – All rights reserved iii

---------------------- Page: 9 ----------------------

SIST EN ISO 19011:2018
ISO 19011:2018(E)

7 Competence and evaluation of auditors .28
7.1 General .28
7.2 Determining auditor competence . .29
7.2.1 General.29
7.2.2 Personal behaviour .29
7.2.3 Knowledge and skills .30
7.2.4 Achieving auditor competence .32
7.2.5 Achieving audit team leader competence .33
7.3 Establishing auditor evaluation criteria.33
7.4 Selecting appropriate auditor evaluation method .33
7.5 Conducting auditor evaluation .33
7.6 Maintaining and improving auditor competence.34
Annex A (informative) Additional guidance for auditors planning and conducting audits .35
Bibliography .46
iv © ISO 2018 – All rights reserved

---------------------- Page: 10 ----------------------

SIST EN ISO 19011:2018
ISO 19011:2018(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www .iso .org/iso/foreword .html.
This document was prepared by Project Committee ISO/PC 302, Guidelines for auditing management
systems.
This third edition cancels and replaces the second edition (ISO 19011:2011), which has been technically
revised.
The main differences compared to the second edition are as follows:
— addition of the risk-based approach to the principles of auditing;
— expansion of the guidance on managing an audit programme, including audit programme risk;
— expansion of the guidance on conducting an audit, particularly the section on audit planning;
— expansion of the generic competence requirements for auditors;
— adjustment of terminology to reflect the process and not the object (“thing”);
— removal of the annex containing competence requirements for auditing specific management
system disciplines (due to the large number of individual management system standards, it would
not be practical to include competence requirements for all disciplines);
— expansion of Annex A to provide guidance on auditing (new) concepts such as organization context,
leadership and commitment, virtual audits, compliance and supply chain.
© ISO 2018 – All rights reserved v

---------------------- Page: 11 ----------------------

SIST EN ISO 19011:2018
ISO 19011:2018(E)

Introduction
Since the second edition of this document was published in 2011, a number of new management system
standards have been published, many of which have a common structure, identical core requirements
and common terms and core definitions. As a result, there is a need to consider a broader approach
to management system auditing, as well as providing guidance that is more generic. Audit results can
provide input to the analysis aspect of business planning, and can contribute to the identification of
improvement needs and activities.
An audit can be conducted against a range of audit criteria, separately or in combination, including but
not limited to:
— requirements defined in one or more management system standards;
— policies and requirements specified by relevant interested parties;
— statutory and regulatory requirements;
— one or more management system processes defined by the organization or other parties;
— management system plan(s) relating to the provision of specific outputs of a management system
(e.g. quality plan, project plan).
This document provides guidance for all sizes and types of organizations and audits of varying scopes
and scales, including those conducted by large audit teams, typically of larger organizations, and
those by single auditors, whether in large or small organizations. This guidance should be adapted as
appropriate to the scope, complexity and scale of the audit programme.
This document concentrates on internal audits (first party) and audits conducted by organizations
on their external providers and other external interested parties (second party). This document can
also be useful for external audits conducted for purposes other than third party management system
certification. ISO/IEC 17021-1 provides requirements for auditing management systems for third party
certification; this document can provide useful additional guidance (see Table 1).
Table 1 — Different types of audits
st nd rd
1 party audit 2 party audit 3 party audit
Internal audit External provider audit Certification and/or accreditation
audit
Other external interested party Statutory, regulatory and similar
audit audit
To simplify the readability of this document, the singular form of “management system” is preferred,
but the reader can adapt the implementation of the guidance to their own situation. This also applies to
the use of “individual” and “individuals”, “auditor” and “auditors”.
This document is intended to apply to a broad range of potential users, including auditors, organizations
implementing management systems and organizations needing to conduct management system audits
for contractual or regulatory reasons. Users of this document can, however, apply this guidance in
developing their own audit-related requirements.
The guidance in this document can also be used for the purpose of self-declaration and can be useful to
organizations involved in auditor training or personnel certification.
The guidance in this document is intended to be flexible. As indicated at various points in the text,
the use of this guidance can differ depending on the size and level of maturity of an organization’s
management system. The nature and complexity of the organization to be audited, as well as the
objectives and scope of the audits to be conducted, should also be considered.
vi © ISO 2018 – All rights reserved

---------------------- Page: 12 ----------------------

SIST EN ISO 19011:2018
ISO 19011:2018(E)

This document adopts the combined audit approach when two or more management systems of different
disciplines are audited together. Where these systems are integrated into a single management system,
the principles and processes of auditing are the same as for a combined audit (sometimes known as an
integrated audit).
This document provides guidance on the management of an audit programme, on the planning and
conducting of management system audits, as well as on the competence and evaluation of an auditor
and an audit team.
© ISO 2018 – All rights reserved vii

---------------------- Page: 13 ----------------------

SIST EN ISO 19011:2018

---------------------- Page: 14 ----------------------

SIST EN ISO 19011:2018
INTERNATIONAL STANDARD ISO 19011:2018(E)
Guidelines for auditing management systems
1 Scope
This document provides guidance on auditing management systems, including the principles of auditing,
managing an audit programme and conducting management system audits, as well as guidance on
the evaluation of competence of individuals involved in the audit process. These activities include the
individual(s) managing the audit programme, auditors and audit teams.
It is applicable to all organizations that need to plan and conduct internal or external audits of
management systems or manage an audit programme.
The application of this document to other types of audits is possible, provided that special consideration
is given to the specific competence needed.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
3.1
audit
systematic, independent and documented process for obtaining objective evidence (3.8) and evaluating
it objectively to determine the extent to which the audit criteria (3.7) are fulfilled
Note 1 to entry: Internal audits, sometimes called first party audits, are conducted by, or on behalf of, the
organization itself.
Note 2 to entry: External audits include those generally called second and third party audits. Second party audits
are conducted by parties having an interest in the organization, such as customers, or by other individuals on
their behalf. Third party audits are conducted by independent auditing organizations, such as those providing
certification/registration of conformity or governmental agencies.
[SOURCE: ISO 9000:2015, 3.13.1, modified — Notes to entry have been modified]
3.2
combined audit
audit (3.1) carried out together at a single auditee (3.13) on two or more management systems (3.18)
Note 1 to entry: When two or more discipline-specific management systems are integrated into a single
management system this is known as an integrated management system.
[SOURCE: ISO 9000:2015, 3.13.2, modified]
© ISO 2018 – All rights reserved 1

---------------------- Page: 15 ----------------------

SIST EN ISO 19011:2018
ISO 19011:2018(E)

3.3
joint audit
audit (3.1) carried out at a single auditee (3.13) by two or more auditing organizations
[SOURCE: ISO 9000:2015, 3.13.3]
3.4
audit programme
arrangements for a set of one or more audits (3.1) planned for a specific time frame and directed
towards a specific purpose
[SOURCE: ISO 9000:2015, 3.13.4, modified — wording has been added to the definition]
3.5
audit scope
extent and boundaries of an audit (3.1)
Note 1 to entry: The audit scope generally includes a description of the physical and virtual-locations, functions,
organizational units, activities and processes, as well as the time period covered.
Note 2 to entry: A virtual location is where an organization performs work or provides a service using an on-line
environment allowing individuals irrespective of physical locations to execute processes.
[SOURCE: ISO 9000:2015, 3.13.5, modified — Note 1 to entry has been modified, Note 2 to entry has
been added]
3.6
audit plan
description of the activities and arrangements for an audit (3.1)
[SOURCE: ISO 9000:2015, 3.13.6]
3.7
audit criteria
set of requirements (3.23) used as a reference against which objective evidence (3.8) is compared
Note 1 to entry: If the audit criteria are legal (including statutory or regulatory) requirements, the words
“compliance” or “non-compliance” are often used in an audit finding (3.10).
Note 2 to entry: Requirements may include policies, procedures, work instructions, legal requirements,
contractual obligations, etc.
[SOURCE: ISO 9000:2015, 3.13.7, modified — the definition has been changed and Notes to entry 1 and
2 have been added]
3.8
objective evidence
data supporting the existence or verity of something
Note 1 to entry: Objective evidence can be obtained through observation, measurement, test or by other means.
Note 2 to entry: Objective evidence for the purpose of the audit (3.1) generally consists of records, statements of
fact, or other information which are relevant to the audit criteria (3.7) and verifiable.
[SOURCE: ISO 9000:2015, 3.8.3]
3.9
audit evidence
records, statements of fact or other information, which are relevant to the audit criteria (3.7) and
verifiable
[SOURCE: ISO 9000:2015, 3.13.8]
2 © ISO 2018 – All rights reserved

---------------------- Page: 16 ----------------------

SIST EN ISO 19011:2018
ISO 19011:2018(E)

3.10
audit findings
results of the evaluation of the collected audit evidence (3.9) against audit criteria (3.7)
Note 1 to entry: Audit findings indicate conformity (3.20) or nonconformity (3.21).
Note 2 to entry: Audit findings can lead to the identification of risks, opportunities for improvement or recording
good practices.
Note 3 to entry: In English if the audit criteria are selected from statu
...

SLOVENSKI SIST EN ISO 19011
STANDARD oktober 2018
Smernice za presojanje sistemov vodenja (ISO 19011:2018)
Guidelines for auditing management systems (ISO 19011:2018)
Lignes directrices pour l'audit des systèmes de management (ISO 19011:2018)
Leitfaden zur Auditierung von Managementsystemen (ISO 19011:2018)
Referenčna oznaka
ICS 03.100.70; 03.120.10; 13.020.10 SIST EN ISO 19011:2018 (sl,en)
Nadaljevanje na straneh II in od 1 do 80
© 2020-04. Slovenski inštitut za standardizacijo. Razmnoževanje ali kopiranje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN ISO 19011 : 2018

NACIONALNI UVOD
Standard SIST EN ISO 19011 (sl,en), Smernice za presojanje sistemov vodenja (ISO 19011:2018),
2018, ima status slovenskega standarda in je enakovreden evropskemu standardu EN ISO 19011,
Guidelines for auditing management systems (ISO 19011:2018), 2018.
NACIONALNI PREDGOVOR
Besedilo standarda EN ISO 19011:2018 je pripravil Projektni odbor ISO/PC 302, Smernice za presojanje
sistemov vodenja. Slovenski standard SIST EN ISO 19011:2018 je prevod angleškega besedila
evropskega standarda EN ISO 19011:2018. V primeru spora glede besedila slovenskega prevoda v tem
standardu je odločilen izvirni evropski standard v angleškem jeziku. Slovensko-angleško izdajo
standarda je pripravil SIST/TC VZK Vodenje in zagotavljanje kakovosti.

Odločitev za privzem tega standarda je dne 28. 8. 2018 sprejel SIST/TC VZK Vodenje in zagotavljanje
kakovosti.

ZVEZA S STANDARDI
Standard se ne sklicuje na druge standarde.
OSNOVA ZA IZDAJO STANDARDA
– Privzem standarda EN ISO 19011:2018.

PREDHODNA IZDAJA
– SIST EN ISO 19011:2011.

OPOMBE

– Povsod, kjer se v besedilu standarda uporablja izraz "mednarodni standard", v SIST EN ISO
19011:2018 to pomeni "slovenski standard".

– Nacionalni uvod in nacionalni predgovor nista sestavni del standarda.

– Ta nacionalni dokument je istoveten EN ISO 19011:2018 in je objavljen z dovoljenjem

Upravni center
CEN-CENELEC
Rue de la Science 23
B-1040 Bruselj

This national document is identical with EN ISO 19011:2018 and is published with the permission
of

 CEN-CENELEC
 Management Centre
Rue de la Science 23
 B-1040 Brussels



II

---------------------- Page: 2 ----------------------
EVROPSKI STANDARD  EN ISO 19011
EUROPEAN STANDARD

NORME EUROPÉENNE
 julij 2018
EUROPÄISCHE NORM

ICS 03.100.70, 03.120.20   Nadomešča EN ISO 19011:2011






Slovenska izdaja

Smernice za presojanje sistemov vodenja
(ISO 19011:2018)

Guidelines for auditing Lignes directrices pour l'audit Leitfaden zur Auditierung von
management systems des systèmes de management Managementsystemen
(ISO 19011:2018) (ISO 19011:2018) (ISO 19011:2018)





Ta evropski standard je CEN sprejel 18. junija 2018.

Člani CEN morajo izpolnjevati določila notranjih predpisov CEN/CENELEC, s katerimi je predpisano,
da mora biti ta evropski standard brez kakršnih koli sprememb sprejet kot nacionalni standard.
Seznami najnovejših izdaj teh nacionalnih standardov in njihovi bibliografski podatki so na zahtevo
na voljo pri Upravnem centru CEN-CENELEC ali kateremkoli članu CEN.

Ta evropski standard obstaja v treh uradnih izdajah (angleški, francoski in nemški). Izdaje v drugih
jezikih, ki jih člani CEN na lastno odgovornost prevedejo in izdajo ter prijavijo pri Upravnem centru
CEN-CENELEC, veljajo kot uradne izdaje.

Člani CEN so nacionalni organi za standarde Avstrije, Belgije, Bolgarije, Cipra, Češke republike,
Danske, Estonije, Finske, Francije, Grčije, Hrvaške, Irske, Islandije, Italije, Latvije, Litve,
Luksemburga, Madžarske, Malte, Nekdanje jugoslovanske republike Makedonije, Nemčije,
Nizozemske, Norveške, Poljske, Portugalske, Romunije, Srbije, Slovaške, Slovenije, Španije,
Švedske, Švice, Turčije in Združenega kraljestva.











CEN
Evropski komite za standardizacijo
European Committee for Standardization
Comité Européen de Normalisation
Europäisches Komitee für Normung

Upravni center CEN-CENELEC: Rue de la Science 23, B-1040 Bruselj


© 2018 CEN Lastnice avtorskih pravic so vse države članice CEN Ref. oznaka EN ISO 19011:2018 E

---------------------- Page: 3 ----------------------
SIST EN ISO 19011 : 2018
VSEBINA StranCONTENTS Page

Predgovor k evropskemu standardu . 5 European foreword . 5

Predgovor . 6 Foreword . 6
Uvod . 8 Introduction . 8
1 Področje uporabe . 11 1 Scope . 11
2 Zveza s standardi . 11 2 Normative references . 11
3 Izrazi in definicije . 11 3 Terms and definitions . 11
4 Načela presojanja . 17 4 Principles of auditing . 17
5 Vodenje programa presoj . 19 5 Managing an audit programme . 19
5.1 Splošno . 19 5.1 General . 19
5.2 Določitev ciljev programa presoj . 23 5.2 Establishing audit programme
objectives . 23
5.3 Določitev in ovrednotenje tveganj ter 5.3 Determining and evaluating audit
priložnosti programa presoj . 24 programme risks and opportunities . 24
5.4 Določitev programa presoj . 25 5.4 Establishing the audit programme . 25
5.4.1 Vloge in odgovornosti posameznikov, 5.4.1 Roles and responsibilities of the
ki vodijo program presoj. . 25 individual(s) managing the audit
programme . 25
5.4.2 Kompetentnost posameznikov, 5.4.2 Competence of individual(s)
ki vodijo program presoj . 26 managing audit programme . 26
5.4.3 Določitev obsega programa presoj . 26 5.4.3 Establishing extent of audit
programme . 26
5.4.4 Določitev virov za program presoj . 28 5.4.4 Determining audit programme
resources . 28
5.5 Izvedba programa presoj . 28 5.5 Implementing audit programme . 28
5.5.1 Splošno . 28 5.5.1 General . 28
5.5.2 Določitev ciljev, obsega in kriterijev 5.5.2 Defining the objectives, scope and
za posamezno presojo . 29 criteria for an individual audit . 29
5.5.3 Izbira in določitev presojevalnih 5.5.3 Selecting and determining audit
metod . 31 methods . 31
5.5.4 Izbira članov presojevalne skupine . 31 5.5.4 Selecting audit team members . 31
5.5.5 Dodelitev odgovornosti za posamezno 5.5.5 Assigning responsibility for an individual
presojo vodji presojevalne skupine . 32 audit to the audit team leader . 32
5.5.6 Vodenje rezultatov programa 5.5.6 Managing audit programme results . 34
presoj . 34
5.5.7 Vodenje in vzdrževanje zapisov 5.5.7 Managing and maintaining audit
programa presoj . 34 programme records .34
5.6 Nadzorovanje programa presoj . 35 5.6 Monitoring audit programme . 35
5.7 Pregledovanje in izboljševanje programa 5.7 Reviewing and improving audit
presoj . 36 programme . 36
6 Izvajanje presoje . 37 6 Conducting an audit . 37
6.1 Splošno . 37 6.1 General . 37
6.2 Začetek presoje . 37 6.2 Initiating audit . 37
6.2.1 Splošno . 37 6.2.1 General . 37
6.2.2 Vzpostavitev stika s presojancem . 37 6.2.2 Establishing contact with auditee . 37
6.2.3 Ugotavljanje izvedljivosti presoje . 38 6.2.3 Determining feasibility of audit . 38
2

---------------------- Page: 4 ----------------------
SIST EN ISO 19011 : 2018
6.3 Priprava aktivnosti presoje . 38 6.3 Preparing audit activities . 38
6.3.1 Pregled dokumentiranih informacij . 38 6.3.1 Performing review of documented
information . 38

6.3.2 Načrtovanje presoje . 39 6.3.2 Audit planning . 39
6.3.3 Dodelitev dela presojevalni skupini . 41 6.3.3 Assigning work to audit team . 41
6.3.4 Priprava dokumentiranih informacij 6.3.4 Preparing documented information for
za presojo . 42 audit .42
6.4 Izvajanje aktivnosti presoje . 42 6.4 Conducting audit activities . 42
6.4.1 Splošno . 42 6.4.1 General . 42
6.4.2 Dodelitev vlog in odgovornosti 6.4.2 Assigning roles and responsibilities of
spremljevalcem in opazovalcem . 42 guides and observers . 42
6.4.3 Izvedba uvodnega sestanka . 43 6.4.3 Conducting opening meeting . 43
6.4.4 Komuniciranje med presojo . 45 6.4.4 Communicating during audit . 45
6.4.5 Razpoložljivost in dostop do 6.4.5 Audit information availability and
informacij o presoji . 45 access . 45
6.4.6 Pregledovanje dokumentiranih 6.4.6 Reviewing documented information
informacij med izvedbo presoje . 46 while conducting audit . 46
6.4.7 Zbiranje in preverjanje informacij . 46 6.4.7 Collecting and verifying information . 46
6.4.8 Oblikovanje ugotovitev presoje . 48 6.4.8 Generating audit findings . 48
6.4.9 Določanje sklepov presoje . 48 6.4.9 Determining audit conclusions . 48
6.4.10 Izvedba zaključnega sestanka . 49 6.4.10 Conducting closing meeting . 49
6.5 Priprava in razdelitev poročila o presoji . 50 6.5 Preparing and distributing audit report . 50
6.5.1 Priprava poročila o presoji . 50 6.5.1 Preparing audit report . 50
6.5.2 Razdelitev poročila o presoji . 52 6.5.2 Distributing audit report . 52
6.6 Dokončanje presoje . 52 6.6 Completing audit . 52
6.7 Izvajanje aktivnosti po presoji . 52 6.7 Conducting audit follow-up . 52
7 Kompetentnost in vrednotenje 7 Competence and evaluation of auditors . 53
presojevalcev . 53
7.1 Splošno . 53 7.1 General .53
7.2 Ugotavljanje kompetentnosti 7.2 Determining auditor competence. . 54
presojevalcev . 54
7.2.1 Splošno . 54 7.2.1 General . 54
7.2.2 Osebno vedenje . 54 7.2.2 Personal behaviour . 54
7.2.3 Znanje in veščine . 55 7.2.3 Knowledge and skills . 55
7.2.4 Doseganje kompetentnosti 7.2.4 Achieving auditor competence . 59
presojevalcev . 59
7.2.5 Doseganje kompetentnosti vodje 7.2.5 Achieving audit team leader
presojevalne skupine . 60 competence . 60
7.3 Določitev kriterijev za vrednotenje 7.3 Establishing auditor evaluation criteria . 60
presojevalcev . 60
7.4 Izbira ustrezne metode za vrednotenje 7.4 Selecting appropriate auditor evaluation
presojevalcev . 60 method . 60
7.5 Izvedba vrednotenja presojevalcev . 62 7.5 Conducting auditor evaluation . 62
7.6 Vzdrževanje in izboljševanje 7.6 Maintaining and improving auditor
kompetentnosti presojevalcev . 62 competence . 62
3

---------------------- Page: 5 ----------------------
SIST EN ISO 19011 : 2018
Dodatek A (informativni): Dodatni napotki Annex A (informative) Additional guidance
presojevalcem za načrtovanje in izvajanje for auditors planning and conducting
presoj . 63 audits . 63


Bibliography . 80
Literatura . 80

4

---------------------- Page: 6 ----------------------
SIST EN ISO 19011 : 2018
Predgovor k evropskemu standardu European foreword
Ta dokument (EN ISO 19011:2018) je pripravil This document (EN ISO 19011:2018) has been
tehnični odbor ISO/PC 302 "Smernice za prepared by Technical Committee ISO/PC 302
presojanje sistemov vodenja" v sodelovanju s "Guidelines for auditing management systems" in
CCMC. collaboration with CCMC.
Ta evropski standard mora z objavo istovetnega This European Standard shall be given the status
besedila ali z razglasitvijo dobiti status of a national standard, either by publication of an
nacionalnega standarda najpozneje do januarja identical text or by endorsement, at the latest by
2019, nacionalne standarde, ki so v nasprotju s January 2019, and conflicting national standards
tem standardom, pa je treba umakniti najpozneje shall be withdrawn at the latest by January 2019.
do januarja 2019.
Opozoriti je treba na možnost, da je lahko nekaj Attention is drawn to the possibility that some of
elementov tega dokumenta predmet patentnih the elements of this document may be the subject
pravic. CEN ne prevzema odgovornosti za of patent rights. CEN shall not be held responsible
identifikacijo katerihkoli ali vseh takih patentnih for identifying any or all such patent rights.
pravic.
Ta dokument nadomešča EN ISO 19011:2011. This document supersedes EN ISO 19011:2011.
Ta dokument je bil pripravljen v okviru mandata, This document has been prepared under a
ki sta ga Evropska komisija in Evropsko združenje mandate given to CEN by the European
za prosto trgovino (EFTA) dala CEN. Commission and the European Free Trade
Association.
V skladu z notranjimi predpisi CEN-CENELEC According to the CEN-CENELEC Internal
morajo ta evropski standard obvezno uvesti Regulations, the national standards organizations
nacionalne organizacije za standardizacijo of the following countries are bound to implement
naslednjih držav: Avstrije, Belgije, Bolgarije, this European Standard: Austria, Belgium,
Cipra, Češke republike, Danske, Estonije, Finske, Bulgaria, Croatia, Cyprus, Czech Republic,
Francije, Grčije, Hrvaške, Irske, Islandije, Italije, Denmark, Estonia, Finland, Former Yugoslav
Latvije, Litve, Luksemburga, Madžarske, Malte, Republic of Macedonia, France, Germany,
Nekdanje jugoslovanske republike Makedonije, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Nemčije, Nizozemske, Norveške, Poljske, Lithuania, Luxembourg, Malta, Netherlands,
Portugalske, Romunije, Srbije, Slovaške, Norway, Poland, Portugal, Romania, Serbia,
Slovenije, Španije, Švedske, Švice, Turčije in Slovakia, Slovenia, Spain, Sweden, Switzerland,
Združenega kraljestva. Turkey and the United Kingdom.
Razglasitvena objava Endorsement notice
Besedilo ISO 19011:2018 je CEN odobril kot EN The text of ISO 19011:2018 has been approved
ISO 19011:2018 brez kakršnih koli sprememb. by CEN as EN ISO 19011:2018 without any
modification.




5

---------------------- Page: 7 ----------------------
SIST EN ISO 19011 : 2018
Predgovor Foreword
Mednarodna organizacija za standardizacijo ISO (the International Organization for
(ISO) je svetovna zveza nacionalnih organov za Standardization) is a worldwide federation of
standarde (članov ISO). Mednarodne standarde national standards bodies (ISO member bodies).
ponavadi pripravljajo tehnični odbori ISO. Vsak The work of preparing International Standards is
član, ki ga zanima področje, za katero je bil normally carried out through ISO technical
ustanovljen tehnični odbor, ima pravico biti committees. Each member body interested in a
zastopan v tem odboru. Pri delu sodelujejo tudi subject for which a technical committee has been
mednarodne vladne in nevladne organizacije, established has the right to be represented on that
povezane z ISO. V vseh zadevah, ki so povezane committee. International organizations,
s standardizacijo na področju elektrotehnike, ISO governmental and non-governmental, in liaison
tesno sodeluje z Mednarodno elektrotehniško with ISO, also take part in the work. ISO
komisijo (IEC). collaborates closely with the International
Electrotechnical Commission (IEC) on all matters
of electrotechnical standardization.
Postopki, uporabljeni pri pripravi tega dokumenta, The procedures used to develop this document
in predvideni postopki za njegovo vzdrževanje so and those intended for its further maintenance are
opisani v Direktivah ISO/IEC, 1. del. Posebna described in the ISO/IEC Directives, Part 1. In
pozornost naj se nameni različnim kriterijem particular the different approval criteria needed for
odobritve, potrebnim za različne vrste the different types of ISO documents should be
dokumentov ISO. Ta dokument je bil pripravljen v noted. This document was drafted in accordance
skladu z uredniškimi pravili Direktiv ISO/IEC, 2. with the editorial rules of the ISO/IEC Directives,
del (glej www.iso.org/directives). Part 2 (see www.iso.org/directives).
Opozoriti je treba na možnost, da je lahko nekaj Attention is drawn to the possibility that some of
elementov tega dokumenta predmet patentnih the elements of this document may be the subject
pravic. ISO ne prevzema odgovornosti za of patent rights. ISO shall not be held responsible
identifikacijo nekaterih ali vseh takih patentnih for identifying any or all such patent rights. Details
pravic. Podrobnosti o morebitnih patentnih of any patent rights identified during the
pravicah, opredeljenih med pripravo tega development of the document will be in the
dokumenta, bodo navedene v uvodu in/ali na Introduction and/or on the ISO list of patent
seznamu patentnih izjav, ki jih je prejela declarations received (see www.iso.org/patents).
organizacija ISO (glej www.iso.org/patents).
Morebitna trgovska imena, uporabljena v tem Any trade name used in this document is
dokumentu, so informacije za uporabnike in ne information given for the convenience of users
pomenijo podpore blagovni znamki. and does not constitute an endorsement.
Obrazložitev prostovoljne narave standardov, For an explanation on the voluntary nature of
pomena specifičnih terminov in izrazov ISO, standards, the meaning of ISO specific terms and
povezanih z ugotavljanjem skladnosti, ter expressions related to conformity assessment, as
informacije o tem, kako ISO spoštuje načela well as information about ISO's adherence to the
Svetovne trgovinske organizacije (WTO) v World Trade Organization (WTO) principles in the
Tehničnih ovirah pri trgovanju (TBT), je na voljo Technical Barriers to Trade (TBT) see the
na povezavi: www.iso.org/iso/foreword.html. following URL: www.iso.org/iso/foreword.html.
Ta dokument je pripravil Projektni odbor ISO/PC This document was prepared by Project
302, Smernice za presojanje sistemov vodenja. Committee ISO/PC 302, Guidelines for auditing
management systems.
Ta tretja izdaja razveljavlja in nadomešča drugo This third edition cancels and replaces the second
izdajo (ISO 19011:2011), ki je tehnično edition (ISO 19011:2011), which has been
revidirana. technically revised.
Glavne razlike v primerjavi z drugo izdajo so: The main differences compared to the second
edition are as follows:
6

---------------------- Page: 8 ----------------------
SIST EN ISO 19011 : 2018
– k načelom presojanja je dodan pristop na – addition of the risk-based approach to the
podlagi tveganj; principles of auditing;
– razširjeni so napotki o vodenju programa – expansion of the guidance on managing an
presoj, vključno s tveganjem programa audit programme, including audit
presoj; programme risk;
– razširjeni so napotki o izvajanju presoje, – expansion of the guidance on conducting
zlasti razdelek o načrtovanju presoje; an audit, particularly the section on audit
planning;
– razširjene so splošne zahteve glede – expansion of the generic competence
kompetentnosti presojevalcev; requirements for auditors;
– terminologija je prilagojena tako, da odraža – adjustment of terminology to reflect the
proces in ne predmeta ("stvari"); process and not the object ("thing");
– odstranjen je dodatek, ki vsebuje zahteve – removal of the annex containing
glede kompetentnosti za presojanje competence requirements for auditing
specifičnih strok sistema vodenja (ker specific management system disciplines
obstaja veliko posameznih standardov s (due to the large number of individual
področja sistemov vodenja, ne bi bila management system standards, it would
praktična vključitev zahtev glede not be practical to include competence
kompetentnosti za vse stroke); requirements for all disciplines);
– razširitev dodatka A, da se zagotovijo – expansion of Annex A to provide guidance
napotki o presojanju (novih) konceptov, kot on auditing (new) concepts such as
so kontekst organizacije, vodenje in organization context, leadership and
zavezanost, virtualne presoje, skladnost in commitment, virtual audits, compliance and
oskrbovalna veriga. supply chain.

7

---------------------- Page: 9 ----------------------
SIST EN ISO 19011 : 2018
Uvod Introduction
Od objave druge izdaje tega dokumenta v letu Since the second edition of this document was
2011 je bilo objavljenih več novih standardov s published in 2011, a number of new
področja sistemov vodenja, od katerih imajo management system standards have been
mnogi skupno strukturo, enake temeljne zahteve published, many of which have a common
ter skupne izraze in osnovne definicije. Zato je structure, identical core requirements and
treba razmisliti o širšem pristopu k presojanju common terms and core definitions. As a result,
sistemov vodenja, pa tudi o splošnejših there is a need to consider a broader approach
navodilih. Rezultati presoje lahko prispevajo k to management system auditing, as well as
vidiku analize poslovnega načrtovanja ter k providing guidance that is more generic. Audit
opredelitvi potreb in aktivnosti za izboljševanje. results can provide input to the analysis aspect
of business planning, and can contribute to the
identification of improvement needs and
activities.
Presojo je mogoče izvesti glede na vrsto An audit can be conducted against a range of
kriterijev presoje, ločeno ali v kombinaciji, kar audit criteria, separately or in combination,
med drugim vključuje: including but not limited to:
– zahteve, določene v enem ali več – requirements defined in one or more

standardih s področja sistemov vodenja; management system standards;
– politiko in zahteve, ki jih določijo zadevne – policies and requirements specified by
zainteresirane strani; relevant interested parties;
– zakonske in regulativne zahteve; – statutory and regulatory requirements;
– enega ali več procesov sistema vodenja, ki – one or more management system
jih določi organizacija ali druge stranke; processes defined by the organization or
other parties;
– načrt(-i) sistema vodenja v zvezi z – management system plan(s) relating to the

zagotavljanjem specifičnih rezultatov provision of specific outputs of a
sistema vodenja (npr. plan kakovosti, management system (e.g. quality plan,
projektni načrt). project plan).
Ta dokument podaja napotke za organizacije This document provides guidance for all sizes
vseh vrst in velikosti ter presoje različnih and types of organizations and audits of varying
obsegov, vključno s tistimi, ki jih izvajajo velike scopes and scales, including those conducted by
presojevalne skupine, ponavadi v okviru večjih large audit teams, typically of larger
organizacij, in s presojami posameznih organizations, and those by single auditors,
presojevalcev, ki se izvajajo v okviru večjih ali whether in large or small organizations. This
manjših organizacij. Ti napotki naj se ustrezno guidance should be adapted as appropriate to
prilagodijo obsegu, kompleksnosti in obsežnosti the scope, complexity and scale of the audit
programa presoj. programme.
Ta dokument se osredotoča na notranje presoje This document concentrates on internal audits
(prva stranka) in presoje, ki jih izvajajo (first party) and audits conducted by
organizacije pri svojih zunanjih ponudnikih in organizations on their external providers and
drugih zunanjih zainteresiranih straneh (druga other external interested parties (second party).
stranka). Ta dokument se lahko uporablja tudi za This document can also be useful for external
zunanje presoje, ki se ne izvajajo z namenom audits conducted for purposes other than third
certificiranja sistemov vodenja tretjih strank. party management system certification. ISO/IEC
ISO/IEC 17021-1 podaja zahteve za presojanje 17021-1 provides requirements for auditing
sistemov vodenja za certificiranje tretjih strank; v management systems for third party certification;
tem dokumentu so lahko podani uporabni this document can provide useful additional
dodatni napotki (glej preglednico 1). guidance (see Table 1).

8

---------------------- Page: 10 ----------------------
SIST EN ISO 19011 : 2018
Preglednica 1: Različne vrste presoj

Presoja prve stranke Presoja druge stranke Presoja tretje stranke
Notranja presoja Presoja zunanjega ponudnika Presoja za certificiranje in/ali
akreditacijo
Presoja druge zunanje Zakonska, regulativna in
zainteresirane strani podobna presoja

Table 1 – Different types of audits

1st party audit 2nd party audit 3rd party audit
Internal audit External provider audit Certification and/or accreditation
audit
Other external interested party Statutory, regulatory and similar
audit
audit

Za poenostavitev berljivosti tega dokumenta je To simplify the readability of this document, the

uporabljena edninska oblika "sistem vodenja", singular form of "management system" is
bralec pa lahko izvajanje napotkov prilagodi preferred, but the reader can adapt the
svojim razmeram. To velja tudi za uporabo implementation of the guidance to their own
izrazov "posameznik" in "posamezniki" ter situation. This also applies to the use of
"presojevalec" in "presojevalci". "individual" and "individuals", "auditor" and
"auditors".
Ta dokument je namenjen širokemu krogu This document is intended to apply to a broad
morebitnih uporabnikov, vključno s presojevalci, range of potential users, including auditors,
organizacijami, ki izvajajo sisteme vodenja, in organizations implementing management
organizacijami, ki morajo izvajati presoje systems and organizations needing to conduct
sistemov vodenja iz pogodbenih ali regulativnih management system audits for contractual or
razlogov. Uporabniki tega dokumenta lahko te regulatory reasons. Users of this document can,
napotke uporabljajo tudi za pripravo lastnih however, apply this guidance in developing their
zahtev v zvezi s presojo. own audit-related requirements.
Napotki iz tega dokumenta se lahko uporabljajo The guidance in this document can also be used
tudi za samodeklariranje in lahko koristijo for the purpose of self-declaration and can be
organizacijam, ki so vključene v usposabljanje useful to organizations involved in auditor
presojevalcev ali certificiranje osebja. training or personnel certification.
Uporaba napotkov v tem dokumentu se lahko The guidance in this document is intended to be
prilagaja. Kot je razvidno iz različnih delov flexible. As indicated at various points in the text,
besedila, se lahko uporaba teh napotkov the use of this guidance can differ depending on
razlikuje glede na velikost in stopnjo zrelosti the size and level of maturity of an organization
...

SLOVENSKI STANDARD
oSIST prEN ISO 19011:2017
01-oktober-2017
Smernice za presojanje sistemov vodenja (ISO/DIS 19011:2017)
Guidelines for auditing management systems (ISO/DIS 19011:2017)
Leitfaden zur Auditierung von Managementsystemen (ISO/DIS 19011:2017)
Lignes directrices pour l'audit des systèmes de management ( ISO/DIS 19011:2017)
Ta slovenski standard je istoveten z: prEN ISO 19011
ICS:
03.100.70 Sistemi vodenja Management systems
03.120.10 Vodenje in zagotavljanje Quality management and
kakovosti quality assurance
13.020.10 Ravnanje z okoljem Environmental management
oSIST prEN ISO 19011:2017 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN ISO 19011:2017

---------------------- Page: 2 ----------------------
oSIST prEN ISO 19011:2017
DRAFT INTERNATIONAL STANDARD
ISO/DIS 19011
ISO/PC 302 Secretariat: ANSI
Voting begins on: Voting terminates on:
2017-08-03 2017-10-25
Guidelines for auditing management systems
Lignes directrices pour l’audit des systèmes de management
ICS: 03.120.10; 03.100.70; 13.020.10
THIS DOCUMENT IS A DRAFT CIRCULATED
This document is circulated as received from the committee secretariat.
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
ISO/CEN PARALLEL PROCESSING
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/DIS 19011:2017(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
©
PROVIDE SUPPORTING DOCUMENTATION. ISO 2017

---------------------- Page: 3 ----------------------
oSIST prEN ISO 19011:2017
ISO/DIS 19011:2017(E) ISO 19011:2011(E)

Contents Page
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles of auditing . 5
5 Managing an audit programme . 6
5.1 General . 6
5.2 Establishing the audit programme objectives. 8
5.3 Determining and evaluating audit programme risks and opportunities . 9
5.4 Establishing the audit programme . 10
5.4.1 Roles and responsibilities of the person(s) managing the audit programme . 10
5.4.2 Competence of the person(s) managing the audit programme. 11
5.4.3 Establishing the extent of the audit programme . 11
5.4.4 Determining audit programme resources . 12
5.5 Implementing the audit programme . 13
5.5.1 General . 13
5.5.2 Defining the objectives, scope and criteria for an individual audit . 13
5.5.3 Selecting the audit methods. 14
5.5.4 Selecting the audit team members . 14
5.5.5 Assigning responsibility for an individual audit to the audit team leader . 15
5.5.6 Managing the audit programme outcome . 16
5.5.7 Managing and maintaining audit programme records . 16
5.6 Monitoring the audit programme . 17
5.7 Reviewing and improving the audit programme . 18
6 Conducting an audit . 18
6.1 General . 18
6.2 Initiating the audit . 19
6.2.1 General . 19
6.2.2 Establishing contact with the auditee . 19
6.2.3 Determining the feasibility of the audit . 20
6.3 Preparing audit activities . 20
6.3.1 Performing review of documented information . 20
6.3.2 Audit planning . 21
6.3.3 Assigning work to the audit team . 22
6.3.4 Preparing documented information for the audit . 23
6.4 Conducting the audit activities . 23
6.4.1 General . 23
6.4.2 Assigning roles and responsibilities of guides and observers . 23
6.4.3 Conducting the opening meeting . 24
6.4.4 Communicating during the audit . 25
6.4.5 Audit information availability and access . 25
COPYRIGHT PROTECTED DOCUMENT 6.4.6 Reviewing documented information while conducting the audit . 25
6.4.7 Collecting and verifying information . 26
© ISO 2017, Published in Switzerland
6.4.8 Generating audit findings . 27
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
6.4.9 Determining audit conclusions . 27
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
6.4.10 Conducting the closing meeting . 28
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
6.5 Preparing and distributing the audit report . 29
the requester.
6.5.1 Preparing the audit report . 29
ISO copyright office
6.5.2 Distributing the audit report . 29
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland 6.6 Completing the audit . 30
Tel. +41 22 749 01 11
6.7 Conducting audit follow-up . 30
Fax +41 22 749 09 47
copyright@iso.org 7 Competence and evaluation of auditors . 30
www.iso.org
ii © ISO 2017 – All rights reserved
© ISO 2011 – All rights reserved iii

---------------------- Page: 4 ----------------------
oSIST prEN ISO 19011:2017
ISO/DIS 19011:2017(E)
Contents Page
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles of auditing . 5
5 Managing an audit programme . 6
5.1 General . 6
5.2 Establishing the audit programme objectives. 9
5.3 Determining and evaluating audit programme risks and opportunities . 10
5.4 Establishing the audit programme . 10
5.4.1 Roles and responsibilities of the person(s) managing the audit programme . 10
5.4.2 Competence of the person(s) managing the audit programme. 11
5.4.3 Establishing the extent of the audit programme . 11
5.4.4 Determining audit programme resources . 12
5.5 Implementing the audit programme . 13
5.5.1 General . 13
5.5.2 Defining the objectives, scope and criteria for an individual audit . 13
5.5.3 Selecting the audit methods. 14
5.5.4 Selecting the audit team members . 14
5.5.5 Assigning responsibility for an individual audit to the audit team leader . 15
5.5.6 Managing the audit programme outcome . 16
5.5.7 Managing and maintaining audit programme records . 17
5.6 Monitoring the audit programme . 17
5.7 Reviewing and improving the audit programme . 18
6 Conducting an audit . 19
6.1 General . 19
6.2 Initiating the audit . 19
6.2.1 General . 19
6.2.2 Establishing contact with the auditee . 19
6.2.3 Determining the feasibility of the audit . 19
6.3 Preparing audit activities . 20
6.3.1 Performing review of documented information . 20
6.3.2 Audit planning . 20
6.3.3 Assigning work to the audit team . 22
6.3.4 Preparing documented information for the audit . 22
6.4 Conducting the audit activities . 22
6.4.1 General . 22
6.4.2 Assigning roles and responsibilities of guides and observers . 22
6.4.3 Conducting the opening meeting . 23
6.4.4 Communicating during the audit . 24
6.4.5 Audit information availability and access . 24
6.4.6 Reviewing documented information while conducting the audit . 25
6.4.7 Collecting and verifying information . 25
6.4.8 Generating audit findings . 26
6.4.9 Determining audit conclusions . 27
6.4.10 Conducting the closing meeting . 27
6.5 Preparing and distributing the audit report . 28
6.5.1 Preparing the audit report . 28
6.5.2 Distributing the audit report . 29
6.6 Completing the audit . 29
6.7 Conducting audit follow-up . 30
7 Competence and evaluation of auditors . 30
© ISO 2017 – All rights reserved iii

---------------------- Page: 5 ----------------------
oSIST prEN ISO 19011:2017
ISO/DIS 19011:2017(E)
7.1 General . 30
7.2 Determining auditor competence . 31
7.2.1 General . 31
7.2.2 Personal behaviour. 31
7.2.3 Knowledge and skills . 32
7.2.4 Achieving auditor competence . 34
7.2.5 Audit team leaders . 35
7.3 Establishing the auditor evaluation criteria . 35
7.4 Selecting the appropriate auditor evaluation method . 35
7.5 Conducting auditor evaluation . 35
7.6 Maintaining and improving auditor competence . 36
Annex A (informative) Additional guidance for auditors for planning and conducting audits . 37
A.1 Applying audit methods . 37
A.2 Methods of auditing . 38
A.3 Professional judgement . 38
A.4 Performance outcomes . 38
A.5 Verifying information . 39
A.6 Sampling . 39
A.6.1 General . 39
A.6.2 Judgement-based sampling . 40
A.6.3 Statistical sampling . 40
A.7 Auditing risks and opportunities . 41
A.8 Life cycle . 41
A.9 Preparing audit work documents . 42
A.10 Selecting sources of information . 42
A.11 Guidance on visiting the auditee’s location . 43
A.12 Conducting interviews . 44
A.13 Audit findings . 44
A.13.1 Determining audit findings . 44
A.13.2 Recording conformities . 45
A.13.3 Recording nonconformities . 45
A.13.4 Dealing with findings related to multiple criteria . 45


iv © ISO 2017 – All rights reserved

---------------------- Page: 6 ----------------------
oSIST prEN ISO 19011:2017
ISO/DIS 19011:2017(E)
1 Foreword
2 ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
3 (ISO member bodies). The work of preparing International Standards is normally carried out through ISO
4 technical committees. Each member body interested in a subject for which a technical committee has been
5 established has the right to be represented on that committee. International organizations, governmental and
6 non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
7 International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
8 International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
9 The main task of technical committees is to prepare International Standards. Draft International Standards
10 adopted by the technical committees are circulated to the member bodies for voting. Publication as an
11 International Standard requires approval by at least 75 % of the member bodies casting a vote.
12 Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
13 rights. ISO shall not be held responsible for identifying any or all such patent rights.
14 ISO 19011 was prepared by Project Committee ISO/PC 302, Guidelines for auditing management systems.
15 This third edition cancels and replaces the second edition (ISO 19011:2011), which has been technically
16 revised.
17 The main difference compared with the second edition is as follows:
18  updated requirements relating to audit plans; now the output of the audit planning process.
© ISO 2017 – All rights reserved v

---------------------- Page: 7 ----------------------
oSIST prEN ISO 19011:2017
ISO/DIS 19011:2017(E)
19 Introduction
20 Since the second edition of this document was published in 2011, a number of new management system
21 standards have been published, many of which have a common structure, identical core requirements and
22 common terms and core definitions. As a result, there is a need to consider a broader approach to
23 management system auditing, as well as providing guidance that is more generic.
24 Audits can be conducted against a range of audit criteria, separately or in combination, including but not
25 limited to:
26  requirements defined in one or more management system standards;
27  policies and requirements specified by other parties;
28  legal requirements;
29  one or more management system processes defined by the organization or other parties;
30  management system plan(s) relating to the provision of specific outputs of a management system (e.g.
31 quality plan, project plan).
32 This document provides guidance for all users, including small and medium-sized organizations, and
33 concentrates on internal audits (first party), and audits conducted by organizations on their external providers
34 (second party). This document can also be useful for external audits conducted for purposes other than third
35 party management system certification. ISO/IEC 17021-1:2015 provides requirements for auditing
36 management systems for third party certification; however, this document can provide useful additional
37 guidance (see Table 1).
38 .
39 Table 1 — Different types of auditing
40
st nd rd
1 party auditing 2 party auditing 3 party auditing
Internal auditing External provider auditing Certification and/or accreditation
auditing
Other external interested party Legal, regulatory and similar
auditing auditing
41
42 This document provides guidance on the management of an audit programme, on the planning and
43 conducting of an audit of the management system, as well as on the competence and evaluation of an auditor
44 and an audit team.
45 Organizations can operate or use more than one management system.
46 To simplify the readability of this document, the singular form of “management system” is preferred, but the
47 reader can adapt the implementation of the guidance to their own particular situation. This also applies to the
48 use of “person” and “persons”, “auditor” and “auditors”.
49 This document is intended to apply to a broad range of potential users, including auditors, organizations
50 implementing management systems, and organizations needing to conduct audits of management systems for
51 contractual or regulatory reasons. Users of this document can, however, apply this guidance in developing
52 their own audit-related requirements.
vi © ISO 2017 – All rights reserved

---------------------- Page: 8 ----------------------
oSIST prEN ISO 19011:2017
ISO/DIS 19011:2017(E)
53 The guidance in this document can also be used for the purpose of self-declaration, and can be useful to
54 organizations involved in auditor training or personnel certification.
55 The guidance in this document is intended to be flexible. As indicated at various points in the text, the use of
56 this guidance can differ depending on the size and level of maturity of an organization’s management system
57 and on the nature and complexity of the organization to be audited, as well as on the objectives and scope of
58 the audits to be conducted.
59 This document adopts the approach that when two or more management systems of different disciplines are
60 audited together, this is termed a “combined audit”. Where these systems are integrated into a single
61 management system, the principles and processes of auditing are the same as for a combined audit.
62 Clause 3 sets out the key terms and definitions used in this document. All efforts have been taken to ensure
63 that these definitions do not conflict with definitions used in other standards.
64 In this document the following terms are also used:
65 - should – indicates a recommendation;
66 - can – indicates a possibility or a capability;
67 - may – indicates a permission.
68 Clause 4 describes the principles on which auditing is based. These principles help the user to understand the
69 essential nature of auditing and are important in understanding the guidance set out in Clauses 5 to 7.
70 Clause 5 provides guidance on establishing and managing an audit programme, establishing the audit
71 programme objectives, and coordinating auditing activities.
72 Clause 6 provides guidance on planning and conducting an audit of a management system.
73 Clause 7 provides guidance relating to the competence and evaluation of management system auditors and
74 audit teams.
75 Annex A provides additional guidance for auditors on planning and conducting audits.
© ISO 2017 – All rights reserved vii

---------------------- Page: 9 ----------------------
oSIST prEN ISO 19011:2017

---------------------- Page: 10 ----------------------
oSIST prEN ISO 19011:2017
DRAFT INTERNATIONAL STANDARD ISO/DIS 19011:2017(E)

76 Guidelines for auditing management systems
77 Guidelines for auditing management systems
78 1 Scope
79 This document provides guidance on auditing management systems, including the principles of auditing,
80 managing an audit programme and conducting management system audits, as well as guidance on the
81 evaluation of competence of individuals involved in the audit process. These people may include the person(s)
82 managing the audit programme, aud
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.