ISO 19011 describes the intent behind the requirements for internal audits in ISO 9001 and other management system standards and gives guidance on how to audit and manage an audit program. Organizations are not certified to ISO 19011, but their audit practices will be examined in light of its guidance. DESARA uses ISO 19011 as the basis for all of our audit-related activities including training programs, gap assessments, and internal audits.
ISO 27001 sets out requirements for an information security management system that can be certified by an outside authority. Released in 2013, this version uses the same common terms and structure as ISO 9001:2015. Users should own a copy of the current version.
ISO 9000 defines the basic concepts and language used in ISO 9001. It was significantly revised in 2015. Organizations who use the terminology in their quality management systems should own a copy of the 2015 version. During ISO 9001:2015 transition, organizations should make a point of understanding and adopting new terms and subtle distinctions that will be used for many years to come.