The latest revision of the ISO 19011 standard on Guidelines for Auditing Management Systems stripped out language that required auditors to comply with applicable laws of their auditee clients.

Clause 4 of the standard, entitled “Principles of Auditing” previously listed five bullet points related to how auditors shall display “integrity.” One of those was a requirement that auditors “observe and comply with any applicable legal requirements.” In the ISO 19011:2018 version, however, this requirement was removed, leaving only four list items left. The other requirements were left intact, with one being slightly reworded.

Some users have argued the requirement was moot, since documenting a need to comply with laws is redundant with the applicable laws themselves. However, the requirement had existed since the 2002 version of the standard, and has slowly been eroded with the last two revisions.  This could be misinterpreted by some as suggesting laws don’t apply to auditors. It also no longer requires auditors to familiarize themselves with applicable laws before performing work for a client. For auditors who travel frequently, and who may not be familiar with laws in countries or states other than their own, this increases the risk that auditors will then violate such laws.

Overtly illegal and potentially illegal activity by ISO 9001 and other management system registrar auditors is a growing concern. Multiple reports of illegal activity performed by the auditors themselves routinely go unpunished,including where auditors engaged in intellectual property theft, violations of confidentiality agreements, illegally exchanging trade secrets, financial fraud, defamation and libel, sexual harassment and more.

The Chair of ISO/PC 302, which authored the revised standard, was Denise Robitaille.  Ms. Robitaille did not respond to a request to clarify the reason the requirements were stripped; similar requests were ignored by Lance Coleman, Alister Dalrymple and other known representatives of PC302.



Surviving ISO 9001 Book

Why we report on these topics

Since 2000, Oxebridge has worked to improve ISO and related certification schemes by identifying problems and then proposing solutions. We report on issues affecting standards users because so few other news outlets do. Our belief is that in order to fix the problems in these schemes, we must first understand the nature and breadth of those problems. Our reporting aims to do just that. Elsewhere on the Oxebridge site you will find White Papers and other articles proposing ideas to correct these problems.


Available Tools

Oxebridge SWAG