The original 2002 Standard was aimed at Quality and Environmental Auditing but it soon became clear that there were quite a number of other Management Standards that required auditing these include :
- ISO9001:2008 Quality Management
- ISO14001:2004 Environmental Management
- AS9100:2009 Aerospace and Defence Management Standard
- OHSAS 18001:2007 Occupational Health & Safety Management Standard
- ISO20000-1:2011 IT Service Management Standard
- ISO22000:2005 Food Safety Management Standard
- ISO27001:2005 Information Security Management Standard
- Highways/Transportation Safety Management and Sector schemes
- ATEX ( Equipment used in Explosive Atmospheres)
- Various Product Standards.
For the first time it has been recognised there are two standards for auditing:
- ISO19011:2011 Guidelines for auditing Management Systems
- and ISO 17021 :2006 External Assessment for Conformity Certification.
This new Standard recognises a number of elements that have been used by seasoned auditors but not formally approved, these include:
- Combined audits where two or more Standards are audited at the same time
- Risk based auditing Particularly in Health and Safety and information security management systems
- Remote audits where auditing is carried out by video conference, telephone or other means.
- Sampling audits this is used where it is impractical to audit all available information; the use of a statistically accurate sample plan should be used to ensure the results are effective
- Judgement based sampling relies on the knowledge, skills and experience of the audit team or auditor.
- Guides and Observers the roles of both guides and observers are recognised for the first time.
There are a number of areas where modern terminology replaces that used in the 2002 version and incorporates new guidelines on the competence and evaluation of auditors.
All in all the new Standard will be a useful tool in the management of Standards in use by organisations both large and small.