The Cove Business Standards Discussion Forums More Free Files Forum Discussion Thread Post Attachments Listing Cove Discussion Forums Main Page
UL - Underwriters Laboratories - Health Sciences
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > National and International Business System Standards > ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards
Forum Username

Elsmar Cove Forum Visitor Notice(s)

Wooden Line

How the addition of "Risk" will affect ISO 9001:2015 - Page 13


Elsmar XML RSS Feed
Elsmar Cove Forum RSS Feed

Monitor the Elsmar Forum
Sponsor Links




Courtesy Quick Links


Links that Cove visitors will find useful in your quest for knowledge:

International Standards Bodies - World Wide Standards Bodies

ASQ - American Society for Quality

International Standards Organization - ISO Standards and Information

Howard's
International Quality Services


Marcelo Antunes'
SQR Consulting, and
Medical Devices Expert Forum


Bob Doering
Bob Doering's Blogs and,
Correct SPC - Precision Machining


Ajit Basrur
Claritas Consulting, LLC


NIST's Engineering Statistics Handbook

IRCA - International Register of Certified Auditors

SAE - Society of Automotive Engineers

Quality Digest

IEST - Institute of Environmental Sciences and Technology


Related Topic Tags
iso 31000 - risk management, iso 9001 - quality management systems, iso 9001:2015, risk based thinking (rbt), risk management and analysis
Reply
 
Thread Tools Search this Thread Rating: Thread Rating: 2 votes, 5.00 average. Display Modes
  Post Number #97  
Old 9th September 2016, 10:39 AM
Kronos147

 
 
Total Posts: 190
Re: How the addition of "Risk" will affect ISO 9001:2015

Quote:
In Reply to Parent Post by Marc View Post

How do you folks see this now?
Like most of the requirements, most successful organizations are doing things that meet the requirements, the challenge is setting the stage for it (manual or procedure) and capturing evidence.

I am a HUGE believer in the process approach, so I see RTB applied at the process level, rather than some centralized Risk process.

I plan to capture evidence in our current methods. For example, contract review and production planning. A few changes in wording in the procedure and form explains why looking at capacity is a risk assessment.

Sponsored Links
  Post Number #98  
Old 9th September 2016, 01:03 PM
charanjit singh

 
 
Total Posts: 97
Re: How the addition of "Risk" will affect ISO 9001:2015

As we all know, any successful organisation would ensure they take action needed to keep their customers satisfied. They would therefore naturally take into account any potential risks that could impact their ability to do so.

Coming to the satisfaction of the external auditors, one approach could be to list out potential risks along with the probability of occurrence of each. If the probability is very low/remote, it wouldn't justify investing into mitigation of the same. And if the probability is moderate to high, the organisation would already have taken corresponding and proportionate mitigation action. So all that is needed is to prepare such a list and show the same to an auditor if he insists on seeing something in black & white.
Sponsored Links

  Post Number #99  
Old 9th September 2016, 02:00 PM
Helmut Jilling

 
 
Total Posts: 4,357
Re: How the addition of "Risk" will affect ISO 9001:2015

Most good companies have already been doing some degree of Risk based Thinking. Conceptually, it is not that new. But, they have not kept very cohesive records in each case.

I have been suggesting clients develop a simple multi-column matrix that shows what risks were identified, and what actions were taken. Add some simple columns for dates and responsibilities, and use it for each new project. Very similar to a Corrective Action Tracker.

I also recommend clients should analyze each process in their system, for any remaining risks, and consider if any actions should be taken. The same matrix can be applied to that exercise.
Thank You to Helmut Jilling for your informative Post and/or Attachment!
  Post Number #100  
Old 9th September 2016, 05:35 PM
Jen Kirley's Avatar
Jen Kirley

 
 
Total Posts: 5,923
Re: How the addition of "Risk" will affect ISO 9001:2015

I do agree with documenting the risks identified, not to satisfy the auditor but to help keep all of the responsible persons, as well as new process members, appraised of the status and determined areas of focus.

I have spent a fair amount of my time encouraging my clients to take credit for that which has already been done; checklists, as lowly as they seem, are absolutely fair to point to as RBT as long as people can describe their role in helping to control risk. RBT need not be complex to be effective, but people in the processes do need to understand it within the extent of their responsibility and authority.

This standard provides us with a chance to demystify system management and make it more holistic. There has been a great deal of uncertainty, mostly among those who gravitate toward complexity.
Thank You to Jen Kirley for your informative Post and/or Attachment!
  Post Number #101  
Old 12th January 2017, 04:16 PM
Icy Mountain's Avatar
Icy Mountain

 
 
Total Posts: 898
Re: How the addition of "Risk" will affect ISO 9001:2015

Quote:
In Reply to Parent Post by John Broomfield View Post

Right now the authors are repeatedly saying ISO 9001:2015 requires no preventive action. But this is baloney. TC176 may have remove the clause specifying preventive action but for RM to be effective it must predominantly be preventive.
Quote:
In Reply to Parent Post by pldey42 View Post

For someone to say that the new ISO 9001 requires no preventive action is, I think, misleading.
In an effectively managed system there is no discernible difference between Continual Improvement and Preventive Action.
Quote:
In Reply to Parent Post by Stijloor View Post

You may be Jennifer, but considering how poorly many organizations and internal/external auditors have addressed the "Process Approach" (even after 14 years), I am very concerned. Unless there is a standard audit approach based on actual RBT evidence rather than auditor's opinion, I am not convinced that this RBT is a good idea.
My DNV auditors do a pretty good job of evaluating the state of the QMS as a whole: robust processes, plenty of DFMEA and PFMEA in evidence (even when not required), extremely low cost of poor quality, extremely high ratings from customers, years of 99.8%+ on time delivery, etc. and figuring out that you are taking a "process approach". Some better than others.
Quote:
In Reply to Parent Post by Jen Kirley View Post

"What does that look like?" is an entry question. No, I don't expect documentation just to appease an auditor. Far from it. People can also show me outcomes, describe examples, we can review projects, etc. Unless records are required, of course. And there will be the clause requiring documentation to help control things as needed, similar to 14001 approach. I'm more comfortable with that than some auditees will be if they never worked with 14001 or 18001.

As for Boeing, my understanding is they operate to the aerospace standard, yes? I'm not an aerospace auditor but my guess is that they have project requirements like automotive does. If I was auditing the 787 project it is indeed worth looking at whether or not they applied risk based thinking. Did they just pick any old supplier or did they qualify the supplier first? Did they try to anticipate the inherent challenges of all that production outsourcing, and other issues? If they used an FMEA approach then they applied risk based thinking. As an auditor I am chartered with having enough imagination to consider whether the auditee's approach conforms to the standard, why or why not.
You are a rare bird, Jen. In my experience, the majority of auditors have little to no imagination. I expect that your imagination would allow you to take the same approach as in my comment above.
Quote:
In Reply to Parent Post by Jen Kirley View Post

You are right to be concerned. Observing the variation that I do even in document control expectations, this one is going to be hard. Auditors are notoriously difficult to calibrate. I see it all the time.
Auditor calibration is a finding rich environment.
Quote:
In Reply to Parent Post by Sidney Vianna View Post

There will be a percentage of organizations AND auditors that will embrace the intent of RBT and do a good job at it.
I expect DNV and their auditors to be among them.
Quote:
In Reply to Parent Post by pldey42 View Post

Maybe organizations seeking certification should identify the risk that the auditor will not understand their risk-based approach ...
I have: Risk Priority Number = 910.

My company cannot design power conversion electronics that will survive absolutely everything that comes down the input line, or back up the output line. To do so would create a product that is so expensive that no customer would buy it. Therefore, we evaluate the risk of potential (pun intended) events outside of the expected parameters. Then we design for the most likely suspects. Then we verify and validate against a variety of SAE specifications to assure that we got it right. Only then do we release the product. I am currently dividing a 3 year span of warranty returns by a 2 year span of shipments. My line item return rate is less than 1%. My warranty costs are less than 0.5% of total revenue. My management approves that these rates and costs are acceptable risks. That approval is documented during Management Review.

And that's just page 1 of this thread. I am in the middle of addressing any changes I need to make to my Procedures Manual to address the 2015 versions so I am reading up...
Thank You to Icy Mountain for your informative Post and/or Attachment!
  Post Number #102  
Old 12th January 2017, 10:25 PM
Jen Kirley's Avatar
Jen Kirley

 
 
Total Posts: 5,923
Re: How the addition of "Risk" will affect ISO 9001:2015

You are too kind, Icy Mountain.

Auditors will need to develop imaginations or there will be (I hope) a LOT of disputes filed with CBs.

I am cranking up to provide internal and lead auditor training. It won't be accredited but I will provide my best product and service possible.

There is still preventive action. It is called operational controls to address risks, and error proofing: as you know, the standard calls out for both.
Thank You to Jen Kirley for your informative Post and/or Attachment!
  Post Number #103  
Old 13th January 2017, 06:04 PM
Icy Mountain's Avatar
Icy Mountain

 
 
Total Posts: 898
Re: How the addition of "Risk" will affect ISO 9001:2015

Prevention is still there under Section 10 Improvement. How many of you have said, thought or discussed in a meeting: "Some day that is going to bite us in the ass"? Well, write down what "that" is. Treat it like it already happened. Do root cause analysis and corrective action (no containment, YAY, it didn't happen!).

That's Preventive Action.
Thank You to Icy Mountain for your informative Post and/or Attachment!
  Post Number #104  
Old 20th January 2017, 06:22 PM
Helmut Jilling

 
 
Total Posts: 4,357
Re: How the addition of "Risk" will affect ISO 9001:2015

Quote:
In Reply to Parent Post by Jen Kirley View Post

You are too kind, Icy Mountain.

Auditors will need to develop imaginations or there will be (I hope) a LOT of disputes filed with CBs.

I am cranking up to provide internal and lead auditor training. It won't be accredited but I will provide my best product and service possible.

There is still preventive action. It is called operational controls to address risks, and error proofing: as you know, the standard calls out for both.
I have promoted Preventive Action as one of 5 internal audit outputs....and will continue to do so. The only change is now it is optional.

Corrective Actions, Preventive Actions, Opportunities for Improvement, Simple Action Items, and Document Change Requests -5 simple audit outputs...
Thanks to Helmut Jilling for your informative Post and/or Attachment!
Reply

Lower Navigation Bar
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > National and International Business System Standards > ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards

Bookmarks



Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
"Context of the Organization" in 4.1 of ISO 9001:2015 Mike S. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 87 15th January 2017 08:44 PM
"Partial Design" Designation and Applicable ISO 9001:2015 Exemptions MichelleMcR ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11 10th January 2017 10:41 AM
ISO 9001:2015 4.4.1 - Providing Evidence of QMS Processes "Shalls" ogghall ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9 3rd October 2016 02:02 AM
Differences between "Hazard" and "Risk" in ISO 22000 Ka Pilo Food Safety - ISO 22000, HACCP (21 CFR 120) 4 22nd November 2010 05:19 AM
How do you see the "Risk Analysis" issue in the ISO 9001 context? Henriqued ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6 7th January 2003 06:25 AM



The time now is 11:07 AM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.


 
 


NOTE: This forum uses "Cookies" - A Peachfarm Internet Property