Risk analysis 6.1 and contingency plans 6.1.2.3, are they related?

SamuelB

Starting to get Involved
In IATF 16949 clause 6.1, which is the same as in ISO 9001, we need to conduct a risk analysis and then plan actions to mitigate such risks.

Then the contingency plan clause 6.1.2.3, mentions the risks analysis and risk mitigation activity again.

What is the difference between 6.1 (6.1.1-6.1.2) and 6.1.2.3? From what I could understand, they are referring to the same requirement. I could be wrong however.

We already have contingency plans in place despite the fact that they where not explicitly mentioned in ISO9001.

Thanks for your help.
 
Last edited:

Ninja

Looking for Reality
Trusted Information Resource
You may be simply thinking too much...it happens to all of us.

6.1 is the parent clause digging into risk analysis
6.1.1 and 6.1.2 give a little more specific, under the parent 6.1
6.1.2.1, 6.1.2.2, 6.1.2.3 are even more specific as to areas to apply 6.1, specifically as they fall under 6.1.2

As you look at it that way, it is no longer surprising that sub-clauses may reiterate pieces of the parent clause just for the wording to work a little better.

Overall Picture--> section of picture-->specific detail they wanted to pull out

HTH
 

SamuelB

Starting to get Involved
That would make sense Hendor, after looking at the requirements again with your insight I could see the difference.
 

Sebastian

Trusted Information Resource
Relation between 6.1.2.3 and 6.1 is also pointing out examples of risks which shall be determined during risk based thinking activities. Otherwise there is no sense to establish contingency plans. Additionally there is e.g. 7.1.5.1.1 related to risk of variation in inspection results affecting its reliability.
 

Johnson

Involved In Discussions
The relation is : You should do risk analysis for each process, considering the level of risk, you may take related measures like:
a) Avoiding the risk by deciding not to start or continue an activity
b) Accepting, or even increasing the risk in order to pursue an opportunity
c) Removing the source of the risk
d) Changing the Likelihood of the risk occurring
e) Changing the Consequence of the risk occurring
(Contingency)

f) Sharing the risk with another party or parties
g) Retaining the risk by informed decision

Contingeny plan is only one of the risk treatment method when the risk can not be avoided.
 

AndyN

Moved On
I see nothing in either ISO 9001:2015 nor IATF 16949 which would require a risk analysis of each process. Indeed, I have assisted in the implementation of many ISO9001:2015, IATF 16949 and AS9100D systems where this was NOT done and it's been successful and been certified.
 

Johnson

Involved In Discussions
I see nothing in either ISO 9001:2015 nor IATF 16949 which would require a risk analysis of each process. Indeed, I have assisted in the implementation of many ISO9001:2015, IATF 16949 and AS9100D systems where this was NOT done and it's been successful and been certified.

The following contents is in fact the requirements that risks have to be addressed in all QMS process. In order to address risk, we need to do risk analysis firstly
6.1 Actions to address risks and opportunities
6.1.1 When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:
6.1.2.1 Risk analysis

In fact, the "Risk analysis" is spread in many sections of IATF16949, the following are quested as some examples:
8.3.2.1 Design and development planning—supplemental: c)development and review of product design risk analysis(FMEAs)
8.4.2.5 Supplier development;d)risk analysis.
8.7.1.4 Control of reworked product: The organization shall utilize risk analysis
10.3.1 Continual improvement – supplemental: c)risk analysis
 

Johnson

Involved In Discussions
The following looks more clear that risk analysis should be applied to (all) quality management proesses. ( we can not interpreter it as: some processes needs risks analysis, but some process don't need risk analysis)

6.1.2 The organization shall plan:
a) actions to address these risks and opportunities;
b) how to: 1) integrate and implement the actions into its quality management system processes
 
Top Bottom