ISO IEC TS 17012-2024 PDF

Full title and description

ISO/IEC TS 17012:2024 — Conformity assessment — Guidelines for the use of remote auditing methods in auditing management systems. This Technical Specification provides practical guidance for planning, conducting and reporting remote audits of management systems (first-, second- and third-party), supporting the principles in ISO 19011 and aiming to strengthen confidence in remote auditing among accreditation bodies, certification bodies, regulators, scheme owners and other stakeholders.

Abstract

This technical specification describes considerations, opportunities, limitations and good practices for the use of remote auditing methods when auditing management systems. It covers remote audit planning, technology and tool selection, information security and data protection, remote evidence gathering (interviews, document review, observations), competence requirements for remote auditors, risk assessment and decision criteria for combining remote and on-site audit activities. It is intended to complement ISO 19011:2018 and to increase consistency and confidence in remote auditing as a tool to achieve audit objectives without replacing on-site methods where they are needed.

General information

• Status: Published
• Publication date: 9 July 2024
• Publisher: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), published under the ISO/IEC collaboration (ISO/CASCO)
• ICS / categories: 03.120.20 (Product and company certification; Conformity assessment)
• Edition / version: Edition 1.0 (2024)
• Number of pages: 24 pages

Scope

ISO/IEC TS 17012:2024 is applicable to organizations that plan, perform or oversee internal and external audits of management systems using remote auditing methods. It provides guidance to certification bodies, accreditation bodies, scheme owners, organizations and auditors on how to determine when remote techniques are appropriate, how to manage risks and confidentiality, and how to combine remote and on-site activities to achieve audit objectives. The document supplements the general auditing principles in ISO 19011 and is intended for first-, second- and third-party audits of management systems; it can also be adapted for other types of assessments.

Key topics and requirements

• Definitions and terminology for remote auditing methods and activities.
• Principles for deciding suitability of remote auditing vs on-site auditing, including risk-based decision criteria.
• Planning remote audits: objectives, scope, logistics, roles and responsibilities.
• Technology and tool considerations: selection, reliability, interoperability and accessibility.
• Information security, confidentiality and data protection measures for remote activities.
• Collection and verification of remote evidence (documents, records, interviews, remote observation).
• Auditor competence and training specific to remote techniques and communication skills.
• Managing limitations and bias introduced by remote methods; when on-site follow-up is required.
• Communication, reporting and record-keeping for remote audit findings.
• Ethical and legal considerations, including cross-border data transfers and privacy.

Typical use and users

This specification is used by accreditation bodies, certification bodies, scheme owners, internal audit teams, external auditors, conformity assessment practitioners and organizations that need to perform or host remote audits. Typical uses include: enabling remote certification audits where travel is impractical, supporting hybrid audit programmes that mix remote and on-site elements, facilitating supplier and second-party assessments, and providing consistent practices for regulators and stakeholders who rely on remote assessment outcomes.

Related standards

Key related publications and guidance include ISO 19011:2018 (Guidelines for auditing management systems); ISO/IEC 17021 series (requirements for bodies certifying management systems); ISO/IEC 17011 (requirements for accreditation bodies); accreditation forum guidance and IAF/ILAC informative documents on remote assessments and use of ICT; and national accreditation body guidance (for example EA and regional accreditation policies on remote assessments). These documents together provide the normative, accreditation and practical context for applying remote auditing methods.

Keywords

remote audit, remote auditing methods, management system audit, ISO 19011, conformity assessment, accreditation, certification bodies, remote assessment, ICT for auditing, hybrid audit, auditor competence, information security, data protection

FAQ

Q: What is this standard?

A: ISO/IEC TS 17012:2024 is a Technical Specification giving guidance on the use of remote auditing methods when auditing management systems. It helps organizations and auditors apply remote techniques consistently and securely.

Q: What does it cover?

A: It covers planning, technology selection, evidence collection, auditor competence, information security, risk assessment and criteria for when remote audits are appropriate or when on-site follow-up is required. It complements ISO 19011:2018.

Q: Who typically uses it?

A: Accreditation bodies, certification bodies, internal and external auditors, scheme owners, regulators, suppliers and organizations that host or undergo management-system audits use this specification to guide remote and hybrid audit programmes.

Q: Is it current or superseded?

A: It is current as published in 2024 (Edition 1.0). Users should check for any later amendments or related guidance from accreditation forums and bodies, but as of publication this Technical Specification is the active guidance document for remote auditing methods.

Q: Is it part of a series?

A: It is part of the broader ISO/IEC conformity assessment corpus and was developed under ISO/CASCO to complement ISO 19011 and the ISO/IEC 17021/17011 family of documents; it sits alongside other conformity assessment and accreditation guidance rather than in a numbered series of TS documents.

Q: What are the key keywords?

A: Remote audit, remote auditing methods, management systems, conformity assessment, accreditation, hybrid audits, ICT for auditing, auditor competence, information security, data protection.