Easy Way of "Implementing" Risk in ISO 9001 2015

Q

QAMTY

#1
Hi everybody

By reading information from the web, watching some webinars, Iso articles, etc.
this is the way I "see" how to implement Risk in ISO 9001 2015.

In my point of view, I plan to implement it in a very easy way, since I don´t have risky processes, so I won´t follow fully the 31000 suggestions.

I´m attaching an excel file, showing an approximate idea of steps I´ll follow.

Please take a look and give me some ideas/guidelines in order to improve it.

Steps in Risks/Monitoring.

Additionally, I´m preparing beside to these, Procedures and formats
which are not shown here.

Basically it is as follows:

1. Define Internal and external 4.1
2. Define Interested parties 4.2
3. Identify Risks in processes
4. Under risk in processes, look also for Opportunities
5. Analyze Risk
6. Evaluate Risk
7. Apply a treatment
8. Do the Monitoring​

Risk and Opportunities are numbered for easy identification

Hope it is clear for everybody

Thanks for you inputs
 

Attachments

rkk2014

Starting to get Involved
#3
Thanks for very good guideline.:applause:

I want to ask, whether, there is need to address risk & Opportunities separately or we can club it with PFMEAs.:confused:
 

dsanabria

Quite Involved in Discussions
#4
Additionally, I´m preparing beside to these, Procedures and formats
which are not shown here.

Basically it is as follows:

1. Define Internal and external 4.1
2. Define Interested parties 4.2
3. Identify Risks in processes
4. Under risk in processes, look also for Opportunities
5. Analyze Risk
6. Evaluate Risk
7. Apply a treatment
8. Do the Monitoring​



Thanks for you inputs
i would place Interested party and internal / external issues as part of management review since you are required to demonstrate objective evidence of review - don't write another procedure if you could meet the requirements with the existing processes
 

dsanabria

Quite Involved in Discussions
#5
Hi everybody

By reading information from the web, watching some webinars, Iso articles, etc.
this is the way I "see" how to implement Risk in ISO 9001 2015.

In my point of view, I plan to implement it in a very easy way, since I don´t have risky processes, so I won´t follow fully the 31000 suggestions.

I´m attaching an excel file, showing an approximate idea of steps I´ll follow.

Please take a look and give me some ideas/guidelines in order to improve it.

Steps in Risks/Monitoring.

Additionally, I´m preparing beside to these, Procedures and formats
which are not shown here.

Basically it is as follows:

1. Define Internal and external 4.1
2. Define Interested parties 4.2
3. Identify Risks in processes
4. Under risk in processes, look also for Opportunities
5. Analyze Risk
6. Evaluate Risk
7. Apply a treatment
8. Do the Monitoring​

Risk and Opportunities are numbered for easy identification

Hope it is clear for everybody

Thanks for you inputs
Good work but an overkill for my taste. Looking at your math - how are you going to mitigate or explain how to reduce the risks.

Furthermore who is responsible for the risks - I see that you place who was going to the the work - same individual?

I also want clear how you covered 8.1 Operational Planning and Control
 
Q

QAMTY

#6
Thanks dsanabria
Answering your questions
-For the mitigation, look the column (new controls)?,that is the action taken,aditionally I m including the residual risk after the mitigation (not shown here)
- the person in charge is the owner of the process, he or she is responsible.
- for the planning , where it applies, the procedures are modified and into them Im referring the risk register (where risks from all the organization are controlled)
I appreciate your comments,thanks
 

dsanabria

Quite Involved in Discussions
#7
Thanks dsanabria
Answering your questions
-For the mitigation, look the column (new controls)?,that is the action taken,aditionally I m including the residual risk after the mitigation (not shown here)
- the person in charge is the owner of the process, he or she is responsible.
- for the planning , where it applies, the procedures are modified and into them Im referring the risk register (where risks from all the organization are controlled)
I appreciate your comments,thanks
Overall good job and with a little coaching to the staff it looks like it will work - remember to make work for you not for an auditor...
 

Colin

Quite Involved in Discussions
#8
Good work but as others have said, maybe a little complicated for some. One thing I would add is that the outcomes from your SWOT analysus can be the inputs for your objectives e.g. if you have identified a weakness as being lack of training, make it an objective to review and provide training.
 

Top Bottom