W
If you were looking specifically for the word risk, then you would be correct, but, if you understand the term "managing risks" as identifying the critical aspects that could lead to a failure and prioritize the use of the resources wisely, then ISO 9001:2008 is full of examples for that line of thought.
I will offer one example. In ISO 9001:2008, we have the following requirement
the bold font clearly indicates a "risk-based" approach to develop an audit schedule and the intent is clear to identify processes/areas which represent a higher risk to product conformity and customer satisfaction, and prioritize, emphasize, scrutinize, etc. such processes/areas with a higher intensity, frequency, depth, etc.
In my mind, this is a typical case where the authors of 9001:2008 wrote a requirement using a risk-based mindset, without using the word risk. So, from that perspective, I am in the field of those who believe that, (if well understood) ISO 9001 has always been supposed to be a risk-based approach to managing quality.
I will offer one example. In ISO 9001:2008, we have the following requirement
the bold font clearly indicates a "risk-based" approach to develop an audit schedule and the intent is clear to identify processes/areas which represent a higher risk to product conformity and customer satisfaction, and prioritize, emphasize, scrutinize, etc. such processes/areas with a higher intensity, frequency, depth, etc.
In my mind, this is a typical case where the authors of 9001:2008 wrote a requirement using a risk-based mindset, without using the word risk. So, from that perspective, I am in the field of those who believe that, (if well understood) ISO 9001 has always been supposed to be a risk-based approach to managing quality.