ISO 19011-2018 PDF

Full title and description

St ISO 19011-2018 — Guidelines for auditing management systems. This International Standard gives guidance on principles of auditing, managing an audit programme and conducting management system audits; it also provides advice on evaluating the competence of auditors and those who manage audit programmes.

Abstract

ISO 19011:2018 provides generic, non‑prescriptive guidance to organizations that need to plan and perform internal or external audits of management systems. It covers audit principles, the management of audit programmes, audit planning and conduct, audit reporting and follow‑up, and the competence and evaluation of auditors and audit teams. The 2018 revision broadened the standard’s applicability across multiple management system standards and emphasised a risk‑based approach.

General information

• Status: Published.
• Publication date: July 2018 (third edition).
• Publisher: ISO — International Organization for Standardization (published by ISO).
• ICS / categories: 03.120.20 (Product and company certification. Conformity assessment); commonly associated with 03.100.70 (Management systems).
• Edition / version: 3rd edition (ISO 19011:2018).
• Number of pages: 46 pages (ISO published English edition: 46 pages).

Scope

Applies to organizations of any type or size that need to conduct first‑, second‑ or third‑party audits of management systems, or to manage an audit programme. The standard is intended to be generic and usable across different management system disciplines (for example quality, environmental, occupational health & safety, information security and others), offering guidance on audit principles, programme management, planning and performing audits, and on assessing auditor competence. The 2018 revision was prepared by ISO/PC 302 to make the guidance usable across the expanding family of management system standards.

Key topics and requirements

• Auditing principles — impartiality, evidence‑based approach, risk‑based thinking and other core principles that underpin reliable audits.
• Audit programme management — establishing, implementing, monitoring and improving an audit programme (objectives, resources, risks and record keeping).
• Audit planning and conduct — initiating audits, preparing audit plans, collecting and verifying audit evidence, conducting opening/closing meetings and producing conclusions.
• Competence and evaluation — criteria for auditor and audit team competence, selection, evaluation and development.
• Reporting and follow‑up — preparing audit reports, handling nonconformities, follow‑up actions and continual improvement of the audit programme.
• Applicability across systems — guidance to support combined and joint audits and to align audit practices with multiple ISO management system standards.

Typical use and users

Used by internal audit functions, certification and registrar bodies, second‑party auditors (suppliers/customers), consultancy firms, and organizations establishing or improving audit programmes. Typical users include quality, EHS, information security and compliance managers, lead auditors, and those responsible for auditor training and competence assessment.

Related standards

Commonly used alongside ISO management system standards such as ISO 9001 (quality), ISO 14001 (environment), ISO 45001 (occupational health & safety), ISO/IEC 17021 (conformity assessment — certification bodies) and newer guidance on remote auditing (for example ISO/IEC TS 17012:2024). ISO 19011 itself is guidance (not a certifiable requirement) and complements requirements standards used as audit criteria.

Keywords

audit programme, auditing principles, management system audit, auditor competence, audit planning, audit reporting, risk‑based auditing, internal audit, external audit

FAQ

Q: What is this standard?

A: ISO 19011:2018 is an international guidance document titled "Guidelines for auditing management systems" that provides best‑practice advice for planning, conducting and managing audits of management systems.

Q: What does it cover?

A: It covers auditing principles, how to establish and manage an audit programme, detailed guidance on preparing and performing audits, reporting and follow‑up, and criteria for auditor competence and evaluation. The 2018 edition expanded the guidance to be broadly applicable across many management system standards and emphasised risk‑based thinking.

Q: Who typically uses it?

A: Internal auditors, external auditors, certification bodies, supplier auditors, audit programme managers, consultants and organizations that need to plan or run management‑system audits use ISO 19011 as guidance.

Q: Is it current or superseded?

A: ISO 19011:2018 is the third edition (published July 2018) and replaced ISO 19011:2011. As of the 2018 publication it was marked for periodic review; users should check with their national standards body or ISO for any newer revisions or related documents (for example draft updates or technical specifications addressing remote auditing).

Q: Is it part of a series?

A: ISO 19011 is a standalone guidance standard for auditing management systems; it is commonly used together with specific management system standards (ISO 9001, ISO 14001, ISO 45001, etc.) and with conformity assessment standards (for example ISO/IEC 17021 series). The 2018 revision was developed by ISO/PC 302 to serve the broader family of management system standards.

Q: What are the key keywords?

A: Audit, audit programme, auditing principles, auditor competence, management system audit, risk‑based auditing, audit planning, audit reporting.