Informational "Context of the Organization" in ISO 9001:2015 Clause 4.1

Sidney Vianna

Post Responsibly
Leader
Admin
Re: "Context of the Organization" in 4.1 of ISO 9001

so its "NEVER" "ALWAYS" been about manageing risks.
If you were looking specifically for the word risk, then you would be correct, but, if you understand the term "managing risks" as identifying the critical aspects that could lead to a failure and prioritize the use of the resources wisely, then ISO 9001:2008 is full of examples for that line of thought.

I will offer one example. In ISO 9001:2008, we have the following requirement
An audit programme shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits.
the bold font clearly indicates a "risk-based" approach to develop an audit schedule and the intent is clear to identify processes/areas which represent a higher risk to product conformity and customer satisfaction, and prioritize, emphasize, scrutinize, etc. such processes/areas with a higher intensity, frequency, depth, etc.

In my mind, this is a typical case where the authors of 9001:2008 wrote a requirement using a risk-based mindset, without using the word risk. So, from that perspective, I am in the field of those who believe that, (if well understood) ISO 9001 has always been supposed to be a risk-based approach to managing quality.
 

Randy

Super Moderator
Re: "Context of the Organization" in 4.1 of ISO 9001

Please excuse my ignorance I'm still trying to move up on the learning curve.
 
J

JoShmo

Re: "Context of the Organization" in 4.1 of ISO 9001

If you were looking specifically for the word risk, then you would be correct, but, if you understand the term "managing risks" as identifying the critical aspects that could lead to a failure and prioritize the use of the resources wisely, then ISO 9001:2008 is full of examples for that line of thought.

I will offer one example. In ISO 9001:2008, we have the following requirement

the bold font clearly indicates a "risk-based" approach to develop an audit schedule and the intent is clear to identify processes/areas which represent a higher risk to product conformity and customer satisfaction, and prioritize, emphasize, scrutinize, etc. such processes/areas with a higher intensity, frequency, depth, etc.

In my mind, this is a typical case where the authors of 9001:2008 wrote a requirement using a risk-based mindset, without using the word risk. So, from that perspective, I am in the field of those who believe that, (if well understood) ISO 9001 has always been supposed to be a risk-based approach to managing quality.

And before 2008? ISO existed before then and never made such requirements (before 2000 actually). Plus, how come registers allow one/two internal audit a year, by their clients, if it's about risk? Risks don't happen on some kinda planned schedule (not in my book anywhoo)
 

Randy

Super Moderator
Re: "Context of the Organization" in 4.1 of ISO 9001

And before 2008? ISO existed before then and never made such requirements (before 2000 actually). Plus, how come registers allow one/two internal audit a year, by their clients, if it's about risk? Risks don't happen on some kinda planned schedule (not in my book anywhoo)

CB's don't allow internal audits, they just verify the effectiveness of them. (I detect a dislike of CB's, but I could be wrong)
 

Sidney Vianna

Post Responsibly
Leader
Admin
Re: "Context of the Organization" in 4.1 of ISO 9001

how come registers allow one/two internal audit a year, by their clients, if it's about risk? Risks don't happen on some kinda planned schedule
The fact that organizations don't use the risk-based approach requirement to plan their internal audit schedules and that "takes a pass" by their respective CB's has been discussed numerous times in this forum. For example in the (broken link removed) thread.
 
J

JoShmo

Re: "Context of the Organization" in 4.1 of ISO 9001

CB's don't allow internal audits, they just verify the effectiveness of them. (I detect a dislike of CB's, but I could be wrong)

They "allow" a client to do one or two a year, is what I mean. I displike register auditors who have no clue what "effectiveness" looks like and use the CB process as a measure - asking for "all elements to be covered once a year/2 yers/cycle or whatevers. I don't dislike registers, I dilsike meaningless audits.
 

LUV-d-4UM

Quite Involved in Discussions
Re: "Context of the Organization" in 4.1 of ISO 9001

They "allow" a client to do one or two a year, is what I mean. I displike register auditors who have no clue what "effectiveness" looks like and use the CB process as a measure - asking for "all elements to be covered once a year/2 yers/cycle or whatevers. I don't dislike registers, I dilsike meaningless audits.

Then you need to have a conversation with your CB to change your auditor. Be factual when you do that.
 
I

isotexas

Re: "Context of the Organization" in 4.1 of ISO 9001

Well said. I think the boss will understand it, said this way.

Thanks
 

LUV-d-4UM

Quite Involved in Discussions
Re: "Context of the Organization" in 4.1 of ISO 9001

We just went through an appeal process and the CB was on our side that most of our findings should be opportunities for improvement. Changes will be granted on our behalf.
 
Top Bottom