How do you see the "Risk Analysis" issue in the ISO 9001 context?

H

Henriqued

#1
How do you see the "Risk Analysis" issue in the ISO 9001 context?

In Quality ISO related discussions with the client, when it comes to defining the business processes, I am noticing that the risk analysis (e.g., risk assessment, risk management and policy relating to risk) is one of the matters that the customer identifies as being of importance.

Therefore, it appears to be appropriate, in most cases, to include it as a process or at least a sub process of the core business processes.
But, in this case, what could be the inputs, outputs, objectives, and indicators of this process?

As anyone dealt with this matter and how do you consider the inclusion (or not) of risk analysis within the concept and implementation of the QMS in a service company, let's say, a building/infrastructure construction/maintenance company or a consulting services company?

Your views would be most wellcomed.
Thanks in advance,
Henrique
 
Elsmar Forum Sponsor

Andrej

Involved In Discussions
#2
Enrique,


The risk analysis has a basic purpose to answer four questions:

What can go wrong?
What is the probability of that to happen?
What are the consequences?
How to avoid or minimize the probability that things can go wrong?

The closest to this are requirements for preventive actions. In ISO 9001:2000 - 8.5.3 Preventive action requirements are:

a) determining potential nonconformities and their causes, (Determine what can go wrong?)

b) evaluating the need for action to prevent occurrence of nonconformities, (Determine the probability that something can go wrong and evaluate the consequences.)

c) determining and implementing action needed, (Carry out actions to avoid probability that things can go wrong.)

d) records of results of action taken (see 4.2.4), and

e) reviewing preventive action taken.

Each process is comprised of one or more consecutive steps. For each step there is probability that something can go wrong. Performing PFMEA (not just for production but for any process) or HACCP (in food or pharmaceutical related industry) analysis will be sufficient. Therefore there is no need for additional process in QMS.

Regards,

Andrej
 

JodiB

Still plugging along
#3
Maybe I'm off track, but are you referring to the type of risk analysis that may take place for each individual job? For meeting the terms of each contract? Like, for this job what can go wrong and what would be the financial and scheduling implications if it were to happen?

I agree that it is a function similar to a generic Preventive Action program for the business, but it is also a vital part of the commercial process and is addressed early on in proposal generation and contract review. In my mind's eye, I see you showing a Preventive Action process that describes your principles of action, and shows these initial risk analysis being fed into the larger PA cycle. It is a component of your PA, but is not the entire PA. I also see it as part of the original bid process where it originates and then is spun off to the PA process.

Make sense?
 
H

Henriqued

#4
Risk analysis into QMS

Lucinda and Andrej,

The purpose of this issue, as I said, is to discuss the different ways of dealing with the issue of “Risk Analysis” into the scope of the QMS.
In this sense, I welcome your comments and think that you are both right.

In short, it appears that what could be advised to a company implementing a QMS is a risk analysis associated with each key-process, to be dealt with by the process owner in terms of identification of possible risks and taking the considered appropriate preventive measures.
The business commercial process, being one of the key processes, may well suffer the same approach.

On the other hand, the idea of feeding the risk analysis in the PA process/procedure as one of its components appears to be also a good one.

Thank you for your views on this thread.
Best regards,
Henrique
 

Andrej

Involved In Discussions
#6
FMEA is one of possible tool for risk prediction and evaluation. There are other interesting tools available. One of them is Anticipatory failure determination.

AFD™ is a method that is a disciplined, rigorous process by which the user can:
- thoroughly analyze given failure mechanisms
- obtain an exhaustive set of potential failure "scenarios"
- develop "inventive" solutions to prevent, counteract, or minimize the impact of the failure scenarios

What is the difference between AFD™ and other conventional failure prevention techniques?

The principle difference between AFD™ and conventional techniques such as Failure Mode and Effects Analysis and Hazard and Operability Analysis is the perspective from which potential failures are determined.

See http://www.triz-journal.com/archives/1999/10/a/index.htm for details.

Regards,

Andrej
 

Manoj Mathur

Quite Involved in Discussions
#7
In TS 16949:2002 The risk analysis is clearly mentioned while In ISO 9001:2000 it is not very exclusively covered.

According to ISO/TS 16949:2002 Clause 7.2.2.2, “The organization shall investigate, confirm and document the manufacturing feasibility of the proposed products in the contract review process, including risk analysis” During Risk analysis we need to formulate the risk associated with Organisation's nonconformity to customer specification may be time schedule or any rejection including field failure. Organisation must find out commercial liability in case of non-compliances.

There was a good leangth discussion by TUV auditors while TS 16949:2002 auditing while doing auditing of Contract Review.
 
Thread starter Similar threads Forum Replies Date
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 2
E Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
M IATF 16949 (6.1.1 - Planning and Risk Analysis for a remote site) Process Maps, Process Mapping and Turtle Diagrams 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
M An example of risk analysis of class I MD ISO 14971 - Medical Device Risk Management 36
T Risk analysis of QMS software - Validating software we use for QMS ISO 13485:2016 - Medical Device Quality Management Systems 5
B Grouping of Products for Risk Analysis ISO 14971 - Medical Device Risk Management 9
A Risk-benefit Analysis - Hazard Analysis (HA) and FMEAs ISO 14971 - Medical Device Risk Management 18
R The difference b/w FMEA & Risk analysis as per iso 14971 ISO 14971 - Medical Device Risk Management 8
K Risk Analysis Updates due to complaints ISO 14971 - Medical Device Risk Management 10
S The Severity of a Medical Device Hazard - Risk Analysis Clarification ISO 14971 - Medical Device Risk Management 6
Ed Panek Transition to IEC 60601 4th Edition - Risk Analysis and test submissions CE Marking (Conformité Européene) / CB Scheme 2
S In a risk analysis, how can we tie mobile app security breach to ISO 14971? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
R IATF 16949 Clause 6.1.2.1 - Lessons Learned and Risk Analysis IATF 16949 - Automotive Quality Systems Standard 6
S Risk analysis 6.1 and contingency plans 6.1.2.3, are they related? IATF 16949 - Automotive Quality Systems Standard 26
B Software Class A - Lengthy further risk analysis IEC 62304 - Medical Device Software Life Cycle Processes 9
W Biocompatibility Risk Analysis for Clinical Practitioner 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
F Risk Analysis of a Medical Device Accessory ISO 14971 - Medical Device Risk Management 4
S How we can use risk analysis for suppliers IATF 16949 - Automotive Quality Systems Standard 6
I Medical Device Software Risk Analysis ISO 14971 - Medical Device Risk Management 4
Q Risk Analysis - Same Risk Treatment for Context and Interested Parties ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
C Risk Analysis for COTS/OTS Risk Management Principles and Generic Guidelines 4
M IATF 16949 Cl. 8.7.1.4 - Risk analysis for decision making about rework IATF 16949 - Automotive Quality Systems Standard 2
E Risk Analysis - Events which may cause to Data Loss ISO 14971 - Medical Device Risk Management 12
W Risk Benefit Analysis - ISO 14971:2012 Requirements ISO 14971 - Medical Device Risk Management 27
F Medical Device HACCP (Hazard Analysis and Critical Control Point) Risk Management ISO 14971 - Medical Device Risk Management 2
Q Risk Tools in ISO 31010 - Root Cause Analysis vs. Cause-and-effect Analysis ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
S Organizing Risk Analysis and Controls for a New Medical Device (ISO 14971) ISO 14971 - Medical Device Risk Management 4
S Please review my Risk Analysis Table ISO 14971 - Medical Device Risk Management 13
K Risk Analysis and "Information for Safety" / Labeling ISO 14971 - Medical Device Risk Management 10
M Risk analysis - ISO/TS 16949 clause 7.2.2.2 IATF 16949 - Automotive Quality Systems Standard 2
C Help with Risk/Benefit Analysis Self-help Device for Diabetics ISO 14971 - Medical Device Risk Management 3
A FTA-Top/Down approach to Risk Analysis ISO 14971 - Medical Device Risk Management 2
A Industry best practice about Post-Market Surveillance and Risk Analysis ISO 14971 - Medical Device Risk Management 6
T Risk Analysis help for CE Marking Class I Medical Device ISO 14971 - Medical Device Risk Management 10
T Risk Analysis for moving manufacturing equipment ISO 14971 - Medical Device Risk Management 17
D Different kinds of Risk Analysis for various Hazards ISO 14971 - Medical Device Risk Management 3
L GHTF/SG3/N15R8 - Process Validation and Risk Analysis ISO 13485:2016 - Medical Device Quality Management Systems 4
R Risk Analysis of Class IIb Disinfectant ISO 14971 - Medical Device Risk Management 6
J Does anyone have an example of Risk-Benefit Analysis per ISO 14971? Other ISO and International Standards and European Regulations 2
P FMEA Risk Analysis Recommended Action Priority FMEA and Control Plans 2
N ISO 14971 Risk Analysis - Sections 4.2 and 4.3 ISO 14971 - Medical Device Risk Management 2
D ISO 14971 - Risk Analysis Best Practices ISO 14971 - Medical Device Risk Management 5
S Internal Audit Plan per Risk Analysis Internal Auditing 5
K RISK ANALYSIS SAMPLE according to Annex ZA of EN ISO-14971-2012 Other Medical Device and Orthopedic Related Topics 1

Similar threads

Top Bottom