Risk Based Thinking - Is a Documented Procedure required?

[qusys]

Is it requested a documented procedure to establish the method followed to meet this requirement for risk analysis?
Could you share your experience and eventually some templates to follow?
thanks

 

[pziemlewicz]

Risk Based Thinking is not required as a stand-alone procedure. You do however need to demonstrate that you're assessing risk at all levels of the organization. If you have a procedure on supplier assessment, you're already doing this in Purchasing. Preventive Actions, PFMEAs, Cross Training Matrix, Contingency Plans, AQL sampling plans, capability studies, and Gage R+R's are all examples of Risk Assessment.

 

[qusys]

Thank you. I know that it is not a requirement, but the auditor could ask : which kind of method you follow for each QMS process? Which tables?

 

[Sidney Vianna]

I know that it is not a requirement, but the auditor could ask :

If you want to second guess the million possible asinine questions some auditors could ask, let the ISO gods have mercy on you.

Stick to the requirements of the standard and how you your system complies with them, in a meaningful manner, and you will be in a much better and sane place.

Systems are not meant to pass audits. Especially when conducted by questionably competent auditors. Systems exist to provide GOVERNANCE to an organization.

Good luck.

 

[Marc]

If it was me, I'd do a spreadsheet listing your processes. In it I would put in things your company does to assess risk(s) for each. If you do that it will get you to thinking about all the areas you do some type of risk assessment, paper based or otherwise. That way you will have a "cheat sheet" that you can use and discuss with the auditor, and it will help you to more fully understand all the various ways your company assesses various risks.

 

[QAMTY]

gusys

This list may be helpful. (attached)

Hope this helps

 

[marcbritten]

Have you read the official guide to risk based thinking put out by ISO?

I apparently can't post links but ISO/TC 176/SC2/N1284 RISK-BASED THINKING IN ISO 9001:2015

 

[Marc]

I think this is the ISO document link: https://committee.iso.org/files/liv...tion guidance docs/ISO9001_2015_and_Risk.docx

And here's one the ASQ has online: http://rube.asq.org/audit/2015/01/a-risk-based-thinking-model-for-iso-9001-2015.pdf

I think these links are already posted in one or more other threads here.

 

[Sidney Vianna]

I think these links are already posted in one or more other threads here.

You are correct, Marc. Several times.

From ISO 9001 2015

The following have been prepared by ISO/TC 176/SC2 to inform and assist your organization in making the transition:

• News on the ISO 9001 revision
• A summary of the changes, and on the revision of ISO 9001:2015
• Transition Planning Guidance for ISO 9001:2015
• Implementation Guidance for ISO 9001:2015
• ISO 9001:2008 and ISO 9001:2015 Correlation matrices
• A paper on ISO 9001 and Risk
• A presentation on ISO 9001 and Risk Based Thinking
• Guidance on the requirements for Documented Information of ISO 9001:2015
• How Change is addressed within ISO 9001:2015
• A paper on the Process Approach in ISO 9001:2015
• A presentation on the Process Approach in ISO 9001:2015
• Frequently Asked Questions (FAQs)

 

[qusys]

gusys

This list may be helpful. (attached)

Hope this helps

Thank you. I had already seen... Based upon requirements, the opportunities should be listed too, right?