More on ISO 19011
The ISO 19011:2011 auditing standard has a new name, “Guidelines for Auditing Management Systems”. The prior edition, ISO 19011:2002, limited its audit guidance to just quality and environmental systems. The new standard has broadened its scope to the auditing of any management system, but has reduced its focus to internal (first-party) and supplier (second-party) audits. Requirements for management system certification (third-party) audits are provided in ISO 17021:2011 (see my March 2011 article). ISO 19011:2011 provides guidance...
Read MoreISO/TR 27008:2011
ISO/TR 27008:2011, Information technology – Security techniques – Guidelines for auditors on information security controls, is a new Technical Report (TR) that provides technical controls and compliance guidelines for auditors to help improve the effectiveness of an organization’s information security system. The document supports a rigorous organizational security audit and review program for information security controls, to enable the organization to have confidence that their controls have been appropriately implemented...
Read MoreAudit Definitions
The ISO 19011:2011 audit guidance standard has revised audit definitions, expanded related notes, and added new definitions. Some examples of these changes are described below. The definition of audit remains: a systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. Its revised note clarifies that the purpose of an internal audit may be to confirm the effectiveness of the management system or to obtain information for the...
Read MoreFuture ISO 9001
In October 2010, the ISO technical committee that developed the ISO 9000 series of standards launched a major survey of existing and potential users of ISO 9001 in 122 countries. The survey objective was to better understand user needs, identify opportunities for improvement, and guide the long-term strategic direction for quality management. The worldwide survey was conducted in 11 languages (Arabic, Chinese, English, French, German, Italian, Japanese, Korean, Portuguese, Russian, and Spanish) and received 11,722 responses. Although the full...
Read More