Informational How the addition of "Risk" will affect ISO 9001:2015

Marc

Fully vaccinated are you?
Leader
I copied the above over from another thread for discussion here of "Risk" in the upcoming standard.

The focus shift to "Processes" in 2000 wasn't too big a hurdle. How do you envision "Risk" in terms of ISO 9001:2015?

4.4.2 - Process approach
“The organization shall:
d) determine the risks to conformity of goods and services and customer satisfaction if unintended outputs are delivered or process interaction is ineffective;”

5.1.2 - Leadership and commitment with respect to the needs and expectations of customers
“Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that:
a) the risks which can affect conformity of goods and services and customer satisfaction are identified and addressed;”

6.1 - Actions to address risks and opportunities

“When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 (4.2 Understanding the needs and expectations of interested parties) and determine the risks and opportunities that need to be addressed to:
a) assure the quality management system can achieve its intended outcome(s)
b) assure that the organization can consistently achieve conformity of goods and services and customer satisfaction
c) prevent, or reduce, undesired effects, and
d) achieve continual improvement.”


Also notice opportunities in 6.1 a)

“The organization shall plan:
a) actions to address these risks and opportunities, and
b) how to:
1) integrate and implement the actions into its quality management system processes (see 4.4), and
2) evaluate the effectiveness of these actions.

Any actions taken to address risks and opportunities shall be proportionate to the potential effects on conformity of goods and services and customer satisfaction.”

8.3 - Operational planning process

“In preparing for the realization of goods and services, the organization shall implement a process to determine the following, as appropriate:
b) actions to identify and address risks related to achieving conformity of goods and services to requirements;”

8.5.1 - Development processes

“In determining the stages and controls for the development processes, the organization shall take account of:
e) the determined risks and opportunities associated with the development activities with respect to
1) the nature of the goods and services to be developed and potential consequences of failure
2) the level of control expected of the development process by customers and other relevant interested parties, and
3) the potential impact on the organization’s ability to consistently meet customer requirements and enhance customer satisfaction.”

8.6.5 - Post delivery activities

“The extent of post delivery activities that are required shall take account of:
a) the risks associated with the goods and services”

More "Risks" noted in:
9.1 - Monitoring, measurement, analysis and evaluation
9.2 - Internal audit
10.2 - Improvement
****************************
Your thoughts?
 
P

PaulJSmith

Will the standard contain a definition of "risk"? I haven't seen that yet. Does it reference ISO 31000 for the definition?
 

Marc

Fully vaccinated are you?
Leader
ISO 31000 isn't in the ISO 9001 Draft. I don't have the ISO 9000 Draft to know whether it's in there or not. I assume it will be. I didn't see it in James Lamprecht's article.
 

Randy

Super Moderator
Risk will probably be similar to this definition except related to quality:

"combination of the likelihood of an occurrence of a hazardous event or
exposure(s) and the severity of injury or ill health (3.8) that can be
caused by the event or exposure(s)"
 
B

Boingo-boingo

I don't have the ISO 9000 Draft to know whether it's in there or not.
The definition of risk is in the ISO 9001 CD.
3.09 risk: effect of uncertainty

Note 1 to entry: An effect is a deviation from the expected — positive or negative.
Note 2 to entry: Uncertainty is the state, even partial, of efficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.
Note 3 to entry: Risk is often characterized by reference to potential events (ISO Guide 73, 3.5.1.3) and consequences (ISO Guide 73, 3.6.1.3), or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (ISO Guide 73, 3.6.1.1) of occurrence.
 

somashekar

Leader
Admin
The essence in this is the emphasis put to the planning.
The PDCA approach nevertheless is the basis, however organizations who hardly planned could demonstrate a management system that aligned to the standard. It is a well known fact that the more time you put to planning, the execution gets that much easier, faster and result oriented. When you plan and consider almost all risks associated, you are in better shape to deal and the doing becomes that much more enjoyable.
When you push yourself to consider all possible risks, you end up sharpening your axe that much better.
 
We currently utilize a PPAP process which includes a PFMEA, so this is not really anything new, but the "opportunity" wording is a bit confusing. While process improvement and product improvement is a good thing, it is also difficult to enact when all process changes have to be customer approved. Depending upon the corporate bureaucracy, this may not ever be possible. Once your production plan or manufacturing plan is approved, change, even positive change becomes difficult sometimes. Also, opportunities for improvement of product, process, or service are hard to see at the time your PPAP is filed at the beginning of a production run, these things become more evident later, and at that point you are dealing with CAPAs, NCR's, and all the other fun stuff, although that usually supplies the 'burning platform' to file the needed changes.
 
J

JaneB

Risk will probably be similar to this definition except related to quality:

"combination of the likelihood of an occurrence of a hazardous event or
exposure(s) and the severity of injury or ill health (3.8) that can be
caused by the event or exposure(s)"

Would that it were, Randy, would that it were.

And no, it doesn't reference the 31000 one either. For some reason - which utterly escapes me - they've come up with the definition of it being the 'effect of uncertainty' which is in the CD itself. Which has no fewer than 4 Notes to it. At least they kinda got somewhere near what you say but only right at the end in Note 4.
 
Top Bottom