Informational Confusion about Risks for Processes in ISO 9001:2015

armani

Involved In Discussions
#1
I am very confused about "risks" in this new ISO standard. For what processes do I have to identify the risks (e.g. production process, suport processes)...any (non) exhaustive list of processess for which ISO 9001:2015 says I shall identify risks? :bonk:
And do u have any risk identification example for a process (not for Purchasing, this is a frequent example)?
 
Elsmar Forum Sponsor

rob73

looking for answers
#4
the point is "risk based thinking" is applied across the WHOLE orgainsation. The first step is consideration of risks, it will be up to you to decide how deep you go, some will only need a "what if.....", others a more rigorous study.
 

armani

Involved In Discussions
#5
But the point is I have to identify risks for ALL processes (including communication, change process etc.)...for every process to the extent I determine, but for ALL! Am I right?
 

tony s

Information Seeker
Trusted Information Resource
#7
I'm afraid that we have to identify risks as specified by ISO 9001:2015 clause 4.4.1f which says:
The organization shall determine the processes needed for the quality management system and their application throughout the organization, and shall:
f) address the risks and opportunities as determined in accordance with the requirements of 6.1


Some examples of risks:
  • Human Resource - hiring of persons with derogatory character;
  • Documentation - use of obsolete documents for the current operation;
  • Finance - inaccurate billing;
  • Internal Audit - baseless audit findings;
  • Management Review - uncommitted top management;
  • Communication - incomplete data;
  • Inspection - good products judged as bad or vice versa;
  • Sales - forgot to bring product catalog
 

Kchnwtch

Involved In Discussions
#8
I'm afraid that we have to identify risks as specified by ISO 9001:2015 clause 4.4.1f which says:
The organization shall determine the processes needed for the quality management system and their application throughout the organization, and shall:
f) address the risks and opportunities as determined in accordance with the requirements of 6.1
"

Some examples of risks:
  • Human Resource - hiring of persons with derogatory character;
  • Documentation - use of obsolete documents for the current operation;
  • Finance - inaccurate billing;
  • Internal Audit - baseless audit findings;
  • Management Review - uncommitted top management;
  • Communication - incomplete data;
  • Inspection - good products judged as bad or vice versa;
  • Sales - forgot to bring product catalog
Well, 6.1 cites 4.1 and 4.2, which give specific lists of places to look for risks and opportunities -- to your interested parties (4.2) and your external and internal business operations (4.1) which it lists as things like legal, market, cultural, values, and performance.

I'm wondering if maybe your list might be a little overly specific. Most of these risks would already be addressed in your QMS documentation; for example, human resources probably has job descriptions, and ways to check an employee's job references; the finance department has a billing strategy, or probably a computer system that regulates billing; your internal audit staff has been trained not to waste time on baseless findings.

This list might be a good check of whether the systems you have in place would take care of these issues, but IMO they seem too small to be listed as risks for your QMS. What are the terrible ramifications if a salesperson forgets the catalog? They can drive back to the office and pick it up, and get back on their sales route, or they can refer a client to a web catalog. Putting the sales catalog online might well be an opportunity that would be worth investigating, but because it would be really beneficial to your customer--not just to make sure that one sales guy doesn't have to waste gas.

The CEO of my company is a really great worrier, and could make a list of the most infinitesimal of risks--he puts himself in a tailspin all the time when he thinks of them, and tends to trip up the workflow by interfering when he panics. I think the standard intends to set a larger sense of risk, and especially to direct the majority of risk-based thinking towards the customer and what the customer wants.
 

rob73

looking for answers
#9
I think a lot of people are getting to worked up about "identify risk" as a new requirement of the standard, this is wrong, risk management has always been in there just disguised as capa, audits, calibration etc etc. The standard does not even require you to document risks only the fact that they should be considered at all levels! A few tweaks in your QMS and you are there.
Please have a good read of this thread Informational - Risk Management Implementation for ISO 9001:2015
 

DRAMMAN

Quite Involved in Discussions
#10
From what I have gathered through a few on-line reviews, reading all the ISO RBT material, and reading my CB's ISO9001:2015 interpretation guide auditors will be checking throughout the audit s to if your organization is utilizing RBT. It will be a judgement call. They could bring the topic up during all interviews. My specific CB sid that if your organization is doing any FMEA's then you will meet the RBT requirement. There are no specific requirements like you must to a formal documented risk analysis for every process.
 
Thread starter Similar threads Forum Replies Date
B EMPB (Erstmusterprufbericht) VDA form confusion + PSW VDA Standards - Germany's Automotive Standards 2
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
S Some confusion about the creepage and clearance distance? IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
S CE Mark - Classification Confusion EU Medical Device Regulations 12
A CE mark - Measuring Instruments Directive confusion! CE Marking (Conformité Européene) / CB Scheme 0
B Confusion on the new FMEA guidebook - Are we supposed to replace our FMEAs? IATF 16949 - Automotive Quality Systems Standard 3
Q Buy American Act - COTS confusion Manufacturing and Related Processes 7
M IAS (USA) Accreditation with IAF for ISO 13485 Logo Confusion EU Medical Device Regulations 10
K Design and Development Exemption/NA confusion Design and Development of Products and Processes 6
M Accept/Reject (Ac/Re) Numbers (ISO 2859-1) Confusion Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
supadrai Confusion on 510(k) Transfer Guidance - Device Listing 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
I Gage R&R confusion on a part that has little variation Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 6
M "Single Patient Use" Terminology Confusion Other Medical Device Related Standards 9
M Health Canada Private Label Guidance Confusion - Quality System Required? Canada Medical Device Regulations 5
S Ionograph Testing - MIL-PRF-55110 Confusion AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
N Confusion within CE Mark and European Regulations CE Marking (Conformité Européene) / CB Scheme 5
C Clause 6.3 Infrastructure - Clearing the Confusion ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
T Acronym COP - Acronym Confusion Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 21
O Hazards vs. Hazardous Situation Confusion ISO 14971 - Medical Device Risk Management 11
SteveK EN ISO 13485:2012 vs. ISO 13485:2003 - Confusion? ISO 13485:2016 - Medical Device Quality Management Systems 25
AmandaMusser Documentation Confusion - Agile BOM Structure ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
M Defining what is a Medical Device Accessory and what isn't - Much Confusion EU Medical Device Regulations 8
T Product Realization Confusion - Manufacturer Specifications Aspects and Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
B 510k exempt Class I Medical Device - Confusion during the facility registration US Food and Drug Administration (FDA) 3
D Confusion in writing a SIPOC (Supplier, Input, Process, Output, Customer) Six Sigma 5
thisby_ Confusion between Software Medical Device and Health Software to do a QM IEC 62304 - Medical Device Software Life Cycle Processes 5
S Confusion DPU, PPM & DPMO vs. Sigma Level - ASQ Six Sigma Black Belt hand book Six Sigma 14
Hershal Participation...........(Which Clause(s) cause you the most confusion or question?) General Measurement Device and Calibration Topics 6
P Confusion on declared (part of the quality manual) and non-declared documents Document Control Systems, Procedures, Forms and Templates 18
Marc Confusion Reigns As Analog TV Begins Shutdown After Work and Weekend Discussion Topics 2
Q Confusion over REACH Chemical List RoHS, REACH, ELV, IMDS and Restricted Substances 5
V How to use Sampling Plans - Confusion on Lot Sampling Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
I Six Sigma - Confusion while creating SIPOC diagram Six Sigma 6
G Health & Safety Executive - ISO 14001 and OHSAS 18001 Confusion Occupational Health & Safety Management Standards 6
T ISO/TS 16949:2002 Audit Confusion Internal Auditing 21
Manix WEEE and the confusion surrounding whether we fall into the scope of the directive! Other ISO and International Standards and European Regulations 9
Domoreto IATF Confusion - Our Registrar bought by another Registrar IATF 16949 - Automotive Quality Systems Standard 6
D Confusion regarding design responsibility - What can arguably be excluded? Design and Development of Products and Processes 10
R Confusion - Which tools are used and why on a daily basis? Quality Tools, Improvement and Analysis 3
M PPAP vs. Annual layout confusion - Customer "emergency PPAP" request APQP and PPAP 14
Randy Confusion and Castor Oil Coffee Break and Water Cooler Discussions 6
Manix Staging Process - Some confusion about what this stage actually is Manufacturing and Related Processes 10
S Control chart limit calculation confusion concerning SPC control limit calculation Statistical Analysis Tools, Techniques and SPC 27
F ISO 9001:2000 Confusion - Process Aspects: Interactions, Inputs, Outputs, Etc. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Clause 4.2.3 Confusion: Documents that predate the doc control procedure. Document Control Systems, Procedures, Forms and Templates 17
S Numbering Confusion - BS EN ISO 9001:2000 vs. Other national versions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Q ISO Confusion - Do we comply and other questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
A IEC 62304 safety classification, External Controls and off-label use related risks IEC 62304 - Medical Device Software Life Cycle Processes 5
D ISO 14971:2019 vs MDR Annex 1, Requirement #4 - "Manufacturers shall inform users of any residual risks" ISO 14971 - Medical Device Risk Management 5
silentmonkey Are risks in supply chain and development activities within scope of MDD? EU Medical Device Regulations 3

Similar threads

Top Bottom