SBS - The best value in QMS software

Informational Confusion about Risks for Processes in ISO 9001:2015

Ninja

Looking for Reality
Staff member
Super Moderator
#31
Totally agree.
(And I meant to write up above that I hope Top Management was NOT confused in the first place....I left out the important word...

... If the organization really is dealing with risk on a regular basis, top management would most likely be able to give both verbal and written evidence. Records of management reviews and analysis of data would probably include this information because it makes sense for the organization to use it for effective communication and follow-up (not just for the auditor).
Makes sense to me...but we should all keep in mind that the written record is not required.
I agree that there will likely be documented evidence from normal day to day activities...but documenting it just to have something to show an auditor is a waste of time.
...my opinion anyway...
 
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#32
I will be really interested to see how an auditor will write an NC statement to claim that an organization has no evidence to demonstrate against an specific clause of ISO 9001:2015 that has a requirement on risks and opportunities.
Since no single format for evidencing RBT is required, a wide range of methods can be selected from. That may happen at a strategic level, in top management - a SWOT analysis seems like a good addition to Management Review - and a checklist to help prevent omissions can work well at the tactical (process) level. Such things have been happening in many places, but may not be evident or recognized for what they are: trying to control the effects of uncertainty.

"Demonstrate" can be verified through documented information, interviews, and the auditor's personal observation of conditions. To successfully demonstrate conformity, these should support each other. That is, top management shouldn't be claiming how much they support the QMS through active involvement while the rest of auditees say "Top management doesn't give a hoot about anything but production, production, production..."

To demonstrate their awareness of RBT, auditees should be ready to describe what happens in their processes in order to achieve desired outcomes. They don't need to use jargon or possess mystical skills, or apply complex tools.
 

tony s

Information Seeker
Trusted Information Resource
#33
a checklist to help prevent omissions can work well at the tactical (process) level. Such things have been happening in many places, but may not be evident or recognized for what they are: trying to control the effects of uncertainty.
I agree. The fact that controls are specified in procedures is because they are intended to control the effects of uncertainty.
 

armani

Involved In Discussions
#34
From what I have gathered through a few on-line reviews, reading all the ISO RBT material, and reading my CB's ISO9001:2015 interpretation guide auditors will be checking throughout the audit s to if your organization is utilizing RBT. It will be a judgement call. They could bring the topic up during all interviews. My specific CB sid that if your organization is doing any FMEA's then you will meet the RBT requirement. There are no specific requirements like you must to a formal documented risk analysis for every process.
Will it be too much for you if I will ask to post the material here (CB's interpretation guide) for informal purpose??
 
Last edited by a moderator:

LUV-d-4UM

Quite Involved in Discussions
#37
I always believe that to have a valid statement of NC, at least two important information must be presented:
  • Audit criteria - i.e. policy, procedure or requirement - exactly what the organization has committed itself to fulfill;
  • Audit evidence - records, statements of fact or other info w/c are relevant to the audit criteria and verifiable - exactly what the organization has or hasn't done that cause the non-fulfillment of the audit criteria.
I would expect any NC statement has clearly indicated both to make it valid.

If an auditor claims that I am not using an FMEA or SWOT or Risk Matrix or a documented risk management process, then he has to point me where are those in any applicable requirement that we need to fulfill?
Beware of auditor-made-rules. When you see one, APPEAL!
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#38
Will it be too much for you if I will ask to post the material here (CB's interpretation guide) for informal purpose??
The guides I can recommend come from the Auditing Practices Group, not the CBs, whose interpretations may vary though the accreditation process is support to help reduce that.

These guidance documents are not "shalls" but should help understand the intent of the standard and empower us to avoid taking one person's word as gospel. Oh, how I wish I knew about this site when I was an internal auditor!

Element 6.1 of ISO 9001:2015 does not require or recommend any specific approaches, nor require documentation of actions to address risks and opportunities. ISO 14001:2015 does require documentation (6.1.1), which might be confusing some auditors who operate to more than one standard. We have to be careful not to muddle the differences between the standards... But I am thinking you are asking about the quality standard only, yes?

If a CB is trying to issue a nonconformity for lack of documentation to 6.1.1 or 6.1.2 of ISO 9001:2015, you have the right to dispute. And I hope you do, as the auditor should be stopped from repeating this error.
:2cents:
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#39
For those who want to use a tool for managing (and documenting) their risks, I made a Risk Based Planner. It is meant to also work with systems integrating environmental and/or health and safety.

Please note the Instruction page also has hyperlinks to some very helpful web sites I found, as certainly we have choices in how to approach risk - for example, SWOT and checklists. Also please note this spreadsheet has macros.

I hope this helps!
 

Attachments

Last edited:
J

JoShmo

#40
"The guides I can recommend come from the Auditing Practices Group, not the CBs, whose interpretations may vary though the accreditation process is support to help reduce that."

Aren't these guides writen for registers, but register auditors? Corrie works for BSI, Ezrakhovich work(ed) for SAI global etc. They see things through registers eye's and who else would disagree with them? WHen one of their guides is entitled "dealing with consultants"...
 
Thread starter Similar threads Forum Replies Date
B EMPB (Erstmusterprufbericht) VDA form confusion + PSW VDA Standards - Germany's Automotive Standards 2
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
S Some confusion about the creepage and clearance distance? IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
S CE Mark - Classification Confusion EU Medical Device Regulations 12
A CE mark - Measuring Instruments Directive confusion! CE Marking (Conformité Européene) / CB Scheme 0
B Confusion on the new FMEA guidebook - Are we supposed to replace our FMEAs? IATF 16949 - Automotive Quality Systems Standard 3
Q Buy American Act - COTS confusion Manufacturing and Related Processes 7
M IAS (USA) Accreditation with IAF for ISO 13485 Logo Confusion EU Medical Device Regulations 10
K Design and Development Exemption/NA confusion Design and Development of Products and Processes 6
M Accept/Reject (Ac/Re) Numbers (ISO 2859-1) Confusion Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
supadrai Confusion on 510(k) Transfer Guidance - Device Listing 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
I Gage R&R confusion on a part that has little variation Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 6
M "Single Patient Use" Terminology Confusion Other Medical Device Related Standards 9
M Health Canada Private Label Guidance Confusion - Quality System Required? Canada Medical Device Regulations 5
S Ionograph Testing - MIL-PRF-55110 Confusion AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
N Confusion within CE Mark and European Regulations CE Marking (Conformité Européene) / CB Scheme 5
C Clause 6.3 Infrastructure - Clearing the Confusion ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
T Acronym COP - Acronym Confusion Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 21
O Hazards vs. Hazardous Situation Confusion ISO 14971 - Medical Device Risk Management 11
S EN ISO 13485:2012 vs. ISO 13485:2003 - Confusion? ISO 13485:2016 - Medical Device Quality Management Systems 25
A Documentation Confusion - Agile BOM Structure ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
M Defining what is a Medical Device Accessory and what isn't - Much Confusion EU Medical Device Regulations 8
T Product Realization Confusion - Manufacturer Specifications Aspects and Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
B 510k exempt Class I Medical Device - Confusion during the facility registration US Food and Drug Administration (FDA) 3
D Confusion in writing a SIPOC (Supplier, Input, Process, Output, Customer) Six Sigma 5
thisby_ Confusion between Software Medical Device and Health Software to do a QM IEC 62304 - Medical Device Software Life Cycle Processes 5
S Confusion DPU, PPM & DPMO vs. Sigma Level - ASQ Six Sigma Black Belt hand book Six Sigma 14
Hershal Participation...........(Which Clause(s) cause you the most confusion or question?) General Measurement Device and Calibration Topics 6
P Confusion on declared (part of the quality manual) and non-declared documents Document Control Systems, Procedures, Forms and Templates 18
Marc Confusion Reigns As Analog TV Begins Shutdown After Work and Weekend Discussion Topics 2
Q Confusion over REACH Chemical List RoHS, REACH, ELV, IMDS and Restricted Substances 5
V How to use Sampling Plans - Confusion on Lot Sampling Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
I Six Sigma - Confusion while creating SIPOC diagram Six Sigma 6
G Health & Safety Executive - ISO 14001 and OHSAS 18001 Confusion Occupational Health & Safety Management Standards 6
T ISO/TS 16949:2002 Audit Confusion Internal Auditing 21
Manix WEEE and the confusion surrounding whether we fall into the scope of the directive! Other ISO and International Standards and European Regulations 9
Domoreto IATF Confusion - Our Registrar bought by another Registrar IATF 16949 - Automotive Quality Systems Standard 6
D Confusion regarding design responsibility - What can arguably be excluded? Design and Development of Products and Processes 10
R Confusion - Which tools are used and why on a daily basis? Quality Tools, Improvement and Analysis 3
M PPAP vs. Annual layout confusion - Customer "emergency PPAP" request APQP and PPAP 14
Randy Confusion and Castor Oil Coffee Break and Water Cooler Discussions 6
Manix Staging Process - Some confusion about what this stage actually is Manufacturing and Related Processes 10
S Control chart limit calculation confusion concerning SPC control limit calculation Statistical Analysis Tools, Techniques and SPC 27
F ISO 9001:2000 Confusion - Process Aspects: Interactions, Inputs, Outputs, Etc. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Clause 4.2.3 Confusion: Documents that predate the doc control procedure. Document Control Systems, Procedures, Forms and Templates 17
S Numbering Confusion - BS EN ISO 9001:2000 vs. Other national versions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Q ISO Confusion - Do we comply and other questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
I Сorrespondence between hazards and risks ISO 14971 - Medical Device Risk Management 2
T Risks of failure to meet intended use ISO 14971 - Medical Device Risk Management 6
L Sampling Plan Risks AQL - Acceptable Quality Level 6

Similar threads

Top Bottom