When an ISO standard is a set of “requirements”, like ISO 9001, it is often seen as a constraint. It is like a law. It is not fun.
When it is a set of “guidelines”, though, it is only positive. The standard is full of advice on how to do something well! An example is ISO 9004 — which gives advice on how to be ISO 9001 compliant and how to go further.
If your company has auditors who work on management systems, you might want to look at the new version of ISO 19011. It covers the following types of audits:
It presents the seven principles of auditing>
Integrity: the foundation of professionalism
Fair presentation: the obligation to report truthfully and accurately
Due professional care: the application of diligence and judgement in auditing
Confidentiality: security of information
Independence: the basis for the impartiality of the audit and objectivity of the audit conclusions
Evidence-based approach: the rational method for reaching reliable and reproducible audit conclusions in a systematic audit process
Risk-based approach: an audit approach that considers risks and opportunities
It then gives a lot of advice on the setup and management of an audit programme, on the way to conduct an audit, and on the way to select and manage auditors.
All in all, it is a pretty good guide to setting up strong audit and audit management processes. It is not trying to break new ground and yet uou will probably take away several good ideas that are applicable in your organization.
