Is it worth the effort to implement ISO 31000 Risk based on ISO 9001:2015?

Q

QAMTY

Hi everybody

I´m somewhat confused regarding what to implement as risk in ISO 9001 2015.

It is not an obligation to use ISO 31000/31010, according to 9001 2015 requirements, but some people recommend to use it.

My point is, if we take as a reference the 31000 we also have to consider all the next:

Establishing the context

Risk identification
Risk analysis
Risk evaluation
Risk treatment
Risk monitoring
additionally to establish a policy
For me. I think is too much work to do.

While , if you want to take it easy, you just identify the risk by a brainstorming method, then you do the analysis (a simple analysis, not using the tools explained in 31010), then is evaluated in a qualitative way assigning them low, medium, and high level, then apply treatment and monitoring.


Considering that my business is a print shop, (not risky), I don´t consider to use 31000/31010, I´ll follow the easy way.

what do you think about this?

thanks for your feedback
 

Marcelo

Inactive Registered Visitor
ISO 31000 defines a full risk management process (and it really is focused on business/financial risk management, although ISO tries to sell the idea that it's risk management for everything). ISO 9001 does not require a full risk management process, only risk-based thinking (whatever it is, because no one knows).

So not, you probably should not use a full risk management process with ISO 9001 (unless you understand the differences and concludes it's worthwhile).

(You also can think of a risk management system, which is a management system to manage risks, in the same way a quality management system manage quality).
 

Randy

Super Moderator
Ask yourself a very simple question...Is the effort worth the expense?

Basically, will the results be equal to or greater than the resources that will be expended to achieve them?

You're going to be expending a great deal of time in an effort that may or may not provide any return or be of any long term value....

Remember this equation... T=$ (Time is equal to money)

Before you start undertaking a task that might require hundreds or even thousands of man hours you might be well served to figure out what a man hour of time is worth...And the value of time exceeds just salary when you start factoring in prorated costs like benefits. Over the last 40 years or so I've yet to fail with a factor of MH = 1.33 - 1.5 base salary when I start working on costs.
 

Mike S.

Happy to be Alive
Trusted Information Resource
QAMTY,

I think you have done a risk analysis on the needs of your risk analysis process and you have an answer: you do not see a need for a 31000-based risk analysis process. You probably have lots of company on that......
 

Randy

Super Moderator
QAMTY,

I think you have done a risk analysis on the needs of your risk analysis process and you have an answer: you do not see a need for a 31000-based risk analysis process. You probably have lots of company on that......

You don't even need a formal process or way to determine risk
 
Top Bottom