• Home

ISO 19011:2026 - how audits are actually run has changed


ISO 19011 doesn't get certified against, but it quietly underpins how every internal, supplier and certification audit is planned and conducted — for ISO 9001, ISO 14001, ISO 45001, ISO/IEC 27001 and more. The fourth edition, ISO 19011:2026, was published on 27 May 2026, replacing the 2018 version. Because it's guidance rather than a requirements standard, it applies immediately. There's no transition period to plan around, which makes it easy to overlook.


The core auditing principles are unchanged, but the practical guidance has caught up with how audits are genuinely delivered today:

  • Remote and hybrid auditing is formally defined and built into the audit lifecycle from the planning stage, rather than treated as an exception.
  • Auditor competence now explicitly includes comfort with digital tools, and judgement around the reliability of electronic evidence.
  • The risk-based approach is applied more concretely across three levels, the audit programme, the individual audit, and the techniques chosen.
  • Supply chain and outsourced activities receive expanded guidance, reflecting how interconnected most operations now are.
  • Terminology has been aligned with the 2026 editions of ISO 9001 and ISO 14001, reducing scope for interpretation drift between auditor and auditee.

If your internal auditors or lead auditors were trained under the 2018 edition, this is worth a conscious update rather than something to absorb by osmosis, particularly the expanded expectations around remote evidence gathering.


It's a natural trigger to build ISO 19011 awareness into your next CPD cycle, and our Internal Auditor and Lead Auditor programmes are taught with the 2026 guidance built in.