From the introduction of ISO 9001: 2008, first paragraph:
How do you interpret the sentences in bold?
I was in a recent audit where the Auditor states that organizations would now need to show evidence that they assess risk periodically. While I agree that regular scanning is important or part of good practice, I felt that this is not the intention of the standard. My interpretation is that when you are designing the system, they want you to take risk management into account - something which a lot of companies had been doing. With regards to environmental scanning/management, it had always been part of business management.
My interpretation is that you don't need to do anything extra but should be able to answer questions such as how are risk management being incorporated into your business or Quality management system.
The adoption of a quality management system should be a strategic decision of an organization. The design and implementation of an organization‘s quality management system is influenced by: its business environment, changes in that environment, or risks associated with that environment; its varying needs; its particular objectives; the products it provides; the processes it employs; its size and organizational structure. It is not the intent of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation.
How do you interpret the sentences in bold?
I was in a recent audit where the Auditor states that organizations would now need to show evidence that they assess risk periodically. While I agree that regular scanning is important or part of good practice, I felt that this is not the intention of the standard. My interpretation is that when you are designing the system, they want you to take risk management into account - something which a lot of companies had been doing. With regards to environmental scanning/management, it had always been part of business management.
My interpretation is that you don't need to do anything extra but should be able to answer questions such as how are risk management being incorporated into your business or Quality management system.