Re: "Context of the Organization" in 4.1 of ISO 9001
I will offer one example. In ISO 9001:2008, we have the following requirement
In my mind, this is a typical case where the authors of 9001:2008 wrote a requirement using a risk-based mindset, without using the word risk. So, from that perspective, I am in the field of those who believe that, (if well understood) ISO 9001 has always been supposed to be a risk-based approach to managing quality.
If you were looking specifically for the word risk, then you would be correct, but, if you understand the term "managing risks" as identifying the critical aspects that could lead to a failure and prioritize the use of the resources wisely, then ISO 9001:2008 is full of examples for that line of thought.so its "NEVER" "ALWAYS" been about manageing risks.
I will offer one example. In ISO 9001:2008, we have the following requirement
the bold font clearly indicates a "risk-based" approach to develop an audit schedule and the intent is clear to identify processes/areas which represent a higher risk to product conformity and customer satisfaction, and prioritize, emphasize, scrutinize, etc. such processes/areas with a higher intensity, frequency, depth, etc.An audit programme shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits.
In my mind, this is a typical case where the authors of 9001:2008 wrote a requirement using a risk-based mindset, without using the word risk. So, from that perspective, I am in the field of those who believe that, (if well understood) ISO 9001 has always been supposed to be a risk-based approach to managing quality.