1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationBS EN ISO 19011:2011Guidelines for auditingmanagement systems (ISO19011:2011)BS EN ISO 19011:2011Incorporating corrigendum December 2011BS EN ISO 19011:2011 BRITISH STANDARDNatio
2、nal forewordThis British Standard is the UK implementation of EN ISO19011:2011. It supersedes BS EN ISO 19011:2002 which is withdrawn.The UK participation in its preparation was entrusted to TechnicalCommittee AUS/1, Revision of ISO 19011.A list of organizations represented on this committee can beo
3、btained on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. BSI 2011ISBN 978 0 580 66496 0ICS 03.120.10; 13.020.10Compliance with a British Standard cannot confer immunity fromlegal obli
4、gations.This British Standard was published under the authority of theStandards Policy and Strategy Committee on 30 November 2011.Amendments issued since publicationDate Text affectedl F r ordnullinulli i i i i null inull lnull null null null null nullnull list of ornullaninullations represented on
5、this nullo ittee nullan nullenullt i r null st t its s nullr t rnull.This punulllinullation does not purport to innulllude all the nenullessarnullpronullisions of a nullontranullt. Users are responsinullle for its nullorrenulltapplinullation.null The British Standards Institution 2012ISBN 9nullnull
6、0 nullnull0 nullnullnull2null nullInullS 0null.120.10null 1null.020.10Compliance with a British Standard cannot confer immunity from lenullal onulllinullationsnullThis British Standard was punulllished under the authoritnull of theStandards nullolinullnull and Stratenullnull nullommittee on null0 No
7、nullemnuller 2011.nullmendmentsnullcorrinullenda issued since punulllicationnullate Tenullt affenullted null1 nullanuarnull 2012 Implementation of nullEN nullorrenulltion notinulle null0 Nonullemnuller 2011: endorsement dates modinulledin forewordEUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN
8、ISO 19011 November 2011 ICS 03.120.10; 13.020.10 Supersedes EN ISO 19011:2002English Version Guidelines for auditing management systems (ISO 19011:2011) Lignes directrices pour laudit des systmes de management (ISO 19011:2011) Leitfaden zur Auditierung von Managementsystemen (ISO 19011:2011) This Eu
9、ropean Standard was approved by CEN on 5 November 2011. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
10、 concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN memb
11、er into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
12、 Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG Management Centre: Avenue Mar
13、nix 17, B-1000 Brussels 2011 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN ISO 19011:2011: EBS EN ISO 19011:2011EN ISO 19011:2011 (E) 3 Foreword This document (EN ISO 19011:2011) has been prepared by Technical Committee ISO/TC 17
14、6 “Quality management and quality assurance“. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by April 2012, and conflicting national standards shall be withdrawn at the latest by April 2012. Attenti
15、on is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This document supersedes EN ISO 19011:2002. According to the CEN/CENELEC Internal Regulations
16、, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Ne
17、therlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. Endorsement notice The text of ISO 19011:2011 has been approved by CEN as a EN ISO 19011:2011 without any modification. MayMay . EN ISO 19011:2011 without any modification. BS EN ISO
18、19011:2011ISO 19011:2011(E) ISO 2011 All rights reserved iiiContents PageForeword ivIntroduction v1 Scope 12 Normative references .13 Terms and definitions .14 Principles of auditing .45 Managing an audit programme 55.1 General .55.2 Establishing the audit programme objectives .65.3 Establishing the
19、 audit programme .75.4 Implementing the audit programme .105.5 Monitoring the audit programme 135.6 Reviewing and improving the audit programme .146 Performing an audit 146.1 General .146.2 Initiating the audit156.3 Preparing audit activities 166.4 Conducting the audit activities 186.5 Preparing and
20、 distributing the audit report236.6 Completing the audit 246.7 Conducting audit follow-up 247 Competence and evaluation of auditors .247.1 General .247.2 Determining auditor competence to fulfil the needs of the audit programme257.3 Establishing the auditor evaluation criteria .297.4 Selecting the a
21、ppropriate auditor evaluation method .297.5 Conducting auditor evaluation 297.6 Maintaining and improving auditor competence 29Annex A (informative) Guidance and illustrative examples of discipline-specific knowledge and skills of auditors 31Annex B (informative) Additional guidance for auditors for
22、 planning and conducting audits .37Bibliography .44BS EN ISO 19011:2011ForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO techni
23、cal committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely w
24、ith the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.The main task of technical committees is to prepare International Standards. Draft Inter
25、national Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote.Attention is drawn to the possibility that some of the elements of this document may
26、be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.ISO 19011 was prepared by Technical Committee ISO/TC 176, Quality management and quality assurance, Subcommittee SC 3, Supporting technologies.This second edition cancels and replaces the
27、 first edition (ISO 19011:2002), which has been technically revised.The main differences compared with the first edition are as follows: the scope has been broadened from the auditing of quality and environmental management systems to the auditing of any management systems; the relationship between
28、ISO 19011 and ISO/IEC 17021 has been clarified; remote audit methods and the concept of risk have been introduced; confidentiality has been added as a new principle of auditing; Clauses 5, 6 and 7 have been reorganized; additional information has been included in a new Annex B, resulting in the remo
29、val of help boxes; the competence determination and evaluation process has been strengthened; illustrative examples of discipline-specific knowledge and skills have been included in a new Annex A; additional guidelines are available at the following website: www.iso.org/19011auditing.ISO 19011:2011(
30、E)iv ISO 2011 All rights reservedBS EN ISO 19011:2011ForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Ea
31、ch member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the Internatio
32、nal Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.The main task of technical committees is to prepare International Standards. Draft International Standards
33、 adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote.Attention is drawn to the possibility that some of the elements of this document may be the subject of
34、patent rights. ISO shall not be held responsible for identifying any or all such patent rights.ISO 19011 was prepared by Technical Committee ISO/TC 176, Quality management and quality assurance, Subcommittee SC 3, Supporting technologies.This second edition cancels and replaces the first edition (IS
35、O 19011:2002), which has been technically revised.The main differences compared with the first edition are as follows: the scope has been broadened from the auditing of quality and environmental management systems to the auditing of any management systems; the relationship between ISO 19011 and ISO/
36、IEC 17021 has been clarified; remote audit methods and the concept of risk have been introduced; confidentiality has been added as a new principle of auditing; Clauses 5, 6 and 7 have been reorganized; additional information has been included in a new Annex B, resulting in the removal of help boxes;
37、 the competence determination and evaluation process has been strengthened; illustrative examples of discipline-specific knowledge and skills have been included in a new Annex A; additional guidelines are available at the following website: www.iso.org/19011auditing.ISO 19011:2011(E)iv ISO 2011 All
38、rights reservedBS EN ISO 19011:2011IntroductionSince the first edition of this International Standard was published in 2002, a number of new management system standards have been published. As a result, there is now a need to consider a broader scope of management system auditing, as well as providi
39、ng guidance that is more generic.In 2006, the ISO committee for conformity assessment (CASCO) developed ISO/IEC 17021, which sets out requirements for third party certification of management systems and which was based in part on the guidelines contained in the first edition of this International St
40、andard.The second edition of ISO/IEC 17021, published in 2011, was extended to transform the guidance offered in this International Standard into requirements for management system certification audits. It is in this context that this second edition of this International Standard provides guidance f
41、or all users, including small and medium-sized organizations, and concentrates on what are commonly termed “internal audits” (first party) and “audits conducted by customers on their suppliers” (second party). While those involved in management system certification audits follow the requirements of
42、ISO/IEC 17021:2011, they might also find the guidance in this International Standard useful.The relationship between this second edition of this International Standard and ISO/IEC 17021:2011 is shown in Table 1.Table 1 Scope of this International Standard and its relationship with ISO/IEC 17021:2011
43、Internal auditing External auditingSupplier auditing Third party auditingSometimes called first party audit Sometimes called second party auditFor legal, regulatory and similar purposesFor certification (see also the requirements in ISO/IEC 17021:2011)This International Standard does not state requi
44、rements, but provides guidance on the management of an audit programme, on the planning and conducting of an audit of the management system, as well as on the competence and evaluation of an auditor and an audit team.Organizations can operate more than one formal management system. To simplify the r
45、eadability of this International Standard, the singular form of “management system” is preferred, but the reader can adapt the implementation of the guidance to their own particular situation. This also applies to the use of “person” and “persons”, “auditor” and “auditors”.This International Standar
46、d is intended to apply to a broad range of potential users, including auditors, organizations implementing management systems, and organizations needing to conduct audits of management systems for contractual or regulatory reasons. Users of this International Standard can, however, apply this guidan
47、ce in developing their own audit-related requirements.The guidance in this International Standard can also be used for the purpose of self-declaration, and can be useful to organizations involved in auditor training or personnel certification.The guidance in this International Standard is intended t
48、o be flexible. As indicated at various points in the text, the use of this guidance can differ depending on the size and level of maturity of an organizations management system and on the nature and complexity of the organization to be audited, as well as on the objectives and scope of the audits to
49、 be conducted.This International Standard introduces the concept of risk to management systems auditing. The approach adopted relates both to the risk of the audit process not achieving its objectives and to the potential of the audit to interfere with the auditees activities and processes. It does not provide specific guidance on the organizations risk management process, but recognizes that organizations can focus audit effort on matters of significance to the management system.ISO 19011:2011(E) ISO 2011 All rights reserved vBS EN ISO 190