ISO 9001: 2008, 01. General:..... or the risk associated with that environment.

[harry]

From the introduction of ISO 9001: 2008, first paragraph:

The adoption of a quality management system should be a strategic decision of an organization. The design and implementation of an organization‘s quality management system is influenced by: its business environment, changes in that environment, or risks associated with that environment; its varying needs; its particular objectives; the products it provides; the processes it employs; its size and organizational structure. It is not the intent of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation.

How do you interpret the sentences in bold?

I was in a recent audit where the Auditor states that organizations would now need to show evidence that they assess risk periodically. While I agree that regular scanning is important or part of good practice, I felt that this is not the intention of the standard. My interpretation is that when you are designing the system, they want you to take risk management into account - something which a lot of companies had been doing. With regards to environmental scanning/management, it had always been part of business management.

My interpretation is that you don't need to do anything extra but should be able to answer questions such as how are risk management being incorporated into your business or Quality management system.

 

[Stijloor]

There is no "shall" in that paragraph; so, it's not a requirement. Smart organizations make decisions based on their business plan and take the "bold" words in consideration because they make good business sense.

Stijloor.

 

[AndyN]

Isn't this at the heart of an effective Management Review - "changes which could affect the quality management system"?

 

[trainerbob]

I think your interpretation is correct - I think "this "clarification" is telling you to do what makes sense for your organization!

 

[Colin]

Not only is risk assessment not a 'shall', para 0.4 even states that 'this International Standard does not include requirements specific to other management systems such as .... risk assessment'.

My personal view on the subject is that it is down to the organisation to determine how critical their product or service is and what the consequences of failure would be, Obviously if the organisation are making aircraft parts or nuclear components it suggests that their QMS is likely to be more complex and 'tighter' than if they were making pencils or furniture.

 

[Jeff Frost]

The first sentence and bullet points “a” through “b” of 0.1 are a list of things an organization should consider when designing and developing their management system for quality. Not all items are applicable unless they are part of statutory and regulatory requirements of the product to be produced.

 

[Helmut Jilling]

...
My interpretation is that you don't need to do anything extra but should be able to answer questions such as how are risk management being incorporated into your business or Quality management system.

I would agree. This is a rather open ended discussion of some of the factors you need to consider when developing your system. Not a checklist requiring evidence for each point.

 

[FilipeF]

Hello to everyone,

According to the 9001:2008, risk assessment is not mandatory, even though if you would like to do so, do it. If you think it will be a good tool for your company go ahead, if not, just don't.

Happy New Year

Filipe

 

[Randy]

You're creating a $10 problem out of a $0.01 issue

Spend your time with all the stuff after "4"