FAQ

An audit that takes place in the course of certification according to an ISO standard is subject to the rules of the ISO or the respective accreditor, which must be observed by accredited certification companies.
In practice, this refers, for example, to the qualification of auditors and the correct planning and management of audits, etc., which is documented in standards and guidelines developed specifically for this purpose:

• ISO/IEC 17021:2011 specifies the requirements for "bodies that audit and certify management systems".
• ISO/IEC 17065:2013 sets requirements for "bodies that certify products, processes and services."
• ISO 19011:2020 is a guide to auditing management systems.

Importantly, ISO 19011 does not provide classic requirements for how an audit must be conducted, rather it provides "guidance for leading and directing an audit program and for planning and conducting an audit."
Therefore, ISO 19011 is used for the internal audit (1st party audit) or for example the supplier audit (2nd party audit), while ISO 17021 is mandatory for the certification audit (3rd party audit) for certification bodies.
None
None
None