Informational How the addition of "Risk" will affect ISO 9001:2015

somashekar

Staff member
Super Moderator
#91
Good lead from Jennifer ...
Similar to the "5 why" analysis that if often applied for the root cause analysis, think of a "What if" analysis for your process / area / work to determine how good they are to handle them. One can thereafter determine changes and build the strength, and continue with timely "What if" analysis to assess suitability. No paperwork necessary in all these. One must be able to talk through the process / area / work and be good to detail questions about most of the "What if" ...
If you are blank OR dodge with some off the hat responses, the auditor will be competent enough to know the RBT is hardly understood.
 
Elsmar Forum Sponsor

Mike S.

Happy to be Alive
Trusted Information Resource
#92
Colin, as must of us know, the TC 176 SC2 has released a paper on ISO 9001:2015 and Risk.

As usually happens with the "papers" issued by that body, the document does very little, in my estimation, to clarify "acceptable approaches" on "dealing with RBT". The silly example of RBT when crossing a road does not assist people to extrapolate and abstract it to a business setting. A wasted opportunity to truly help the ISO 9001 users community. When will they learn to develop papers that are useful?
Sidney -- I agree with ya. Imagine how helpful it would be if someone who really understands this subject well took the time to re-write that paper with a useful example or examples! Fame would surely come their way.... :notme:
 

charanjit singh

Involved In Discussions
#93
Thanks to all for the posts in response to my doubts. Actually while trying to find out how the CBs. may interpret the new requirements, I came across the following link:

http://lawrence-international-llc.blogspot.in/2015/04/risk-based-thinking-how-are-registrars.html

Given the present scenario, I wonder whether we may be able to satisfy third-party auditors on new requirements. It is fine to say we can explain how we are trying to mitigate the risks in a given case. But what prevents an auditor from asking for written (hard copy or soft) evidence? It could turn out to be a case of bringing in requirements, e.g. for PFMAs, Control Plans PPAP and so on, through the backdoor, so to say, even though not called for in the standard.
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#94
Thanks for the link. I rarely comment on links, but this essentially echo's my thoughts. RBT is going to be one of those "I know it when I see it" things which will cause a lot of confusion. I will repeat what I have said in the past - As long as at least one person in the company can speak to it, and is ready to explain to the auditor how the company "complies", no problem.

The question I have at this point is - If an auditor gets a "deer in the headlights" reply, how will the auditor write it up as a non-conformance?
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#95
Just a quick "bump" - It's 2016 now, heading towards 2017 in a few months.

How do you folks see this now?
 

John Broomfield

Staff member
Super Moderator
#96
RBT applied to contract review:

"With this customer we see the risk of having the pay the price of nonconformity as low. Therefore, we will ignore the costliest requirements in our quality planning. Our planning team will also apply the results of their risk-based thinking (RBT) in accordance with our new quality policy."

:sarcasm:
 

Kronos147

Trusted Information Resource
#97
How do you folks see this now?
Like most of the requirements, most successful organizations are doing things that meet the requirements, the challenge is setting the stage for it (manual or procedure) and capturing evidence.

I am a HUGE believer in the process approach, so I see RTB applied at the process level, rather than some centralized Risk process.

I plan to capture evidence in our current methods. For example, contract review and production planning. A few changes in wording in the procedure and form explains why looking at capacity is a risk assessment.
 

charanjit singh

Involved In Discussions
#98
As we all know, any successful organisation would ensure they take action needed to keep their customers satisfied. They would therefore naturally take into account any potential risks that could impact their ability to do so.

Coming to the satisfaction of the external auditors, one approach could be to list out potential risks along with the probability of occurrence of each. If the probability is very low/remote, it wouldn't justify investing into mitigation of the same. And if the probability is moderate to high, the organisation would already have taken corresponding and proportionate mitigation action. So all that is needed is to prepare such a list and show the same to an auditor if he insists on seeing something in black & white.
 

Helmut Jilling

Auditor / Consultant
#99
Most good companies have already been doing some degree of Risk based Thinking. Conceptually, it is not that new. But, they have not kept very cohesive records in each case.

I have been suggesting clients develop a simple multi-column matrix that shows what risks were identified, and what actions were taken. Add some simple columns for dates and responsibilities, and use it for each new project. Very similar to a Corrective Action Tracker.

I also recommend clients should analyze each process in their system, for any remaining risks, and consider if any actions should be taken. The same matrix can be applied to that exercise.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
I do agree with documenting the risks identified, not to satisfy the auditor but to help keep all of the responsible persons, as well as new process members, appraised of the status and determined areas of focus.

I have spent a fair amount of my time encouraging my clients to take credit for that which has already been done; checklists, as lowly as they seem, are absolutely fair to point to as RBT as long as people can describe their role in helping to control risk. RBT need not be complex to be effective, but people in the processes do need to understand it within the extent of their responsibility and authority.

This standard provides us with a chance to demystify system management and make it more holistic. There has been a great deal of uncertainty, mostly among those who gravitate toward complexity.
 
Thread starter Similar threads Forum Replies Date
O In addition to the standard, what other ISO 13485 sources do people recommend? ISO 13485:2016 - Medical Device Quality Management Systems 5
shrutisancheti Addition of flat panel detector EU Medical Device Regulations 1
I Importer Address in addition to Manufacturer details on label EU Medical Device Regulations 13
S Is Lot Number required in addition to UDI serial number? Other Medical Device Regulations World-Wide 7
C Addition of Design & Manufacture - CE Mark Reissue? EU Medical Device Regulations 1
K Addition of a test reader to existing CE marked product. Other ISO and International Standards and European Regulations 2
M CO2 Incubators - Equipment Qualifications in addition to Calibration Qualification and Validation (including 21 CFR Part 11) 5
Q Actions Taken - Updating a FMEA for the addition of a downstream poke yoke FMEA and Control Plans 3
E Addition of Label by Initial Importer 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
S Addition in the Scope of Quality Manual ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
S Is TGA approval required for a ARTG listed IVD for a sample type addition? Other Medical Device Regulations World-Wide 11
G Document Control - Are hard copies required in addition to soft copies maintained? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 4
S MDD Technical File CE Mark - Addition of a Device to our Current CE Marked Family EU Medical Device Regulations 4
D Packaging Addition - Non-sterile barrier to protect the whole package 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 12
P Addition of Testing to Our ISO 17025 Scope - How? ISO 17025 related Discussions 1
E Addition of French Language (translation) - New 510(k) required? Other US Medical Device Regulations 1
somashekar ISO 13485 & ISO 9001 certified with addition of site. Covegratulations 10
N AS9100 Certification in addition to TS-16949 AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 5
J Addition of a Class 1 (Sterile) Medical Device ISO 13485:2016 - Medical Device Quality Management Systems 3
L CEDAC (Cause and Effect with Addition of Cards) - Sharing Experiences and Form(s) Training - Internal, External, Online and Distance Learning 15
K Differences - ISO17025:1999 vs. ISO17025:2005 - The addition of "Improvement" in 4.10 ISO 17025 related Discussions 16
S Value addition to product ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
A Validation of Processes in addition to Customer Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
J Differences - ISO 13485 - Requirements in Addition to ISO 9001:2000 ISO 13485:2016 - Medical Device Quality Management Systems 25
C Is it necessary to have a documented 3 R recycling plan in addition to measures? Miscellaneous Environmental Standards and EMS Related Discussions 10
A IEC 60601 11.2.2.1 Risk of Fire in an Oxygen Rich Environment, Source of Ignition IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Importing a general wellness low risk product Other US Medical Device Regulations 3
C Quantifying risk in choosing the number of parts, operators and replicates in a GR&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
R AQL, Consumer Risk and MA Statistical Analysis Tools, Techniques and SPC 2
M Risk managment report of Surgical Mask Example ISO 14971 - Medical Device Risk Management 14
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 7
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
A 5 x 5 Risk Matrix - Looking for a good example Manufacturing and Related Processes 2
F Risk for Quality Assurance Department in a Hospital - Hospital Incident Reporting ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Should volume of sales be factored into risk probability assessments? ISO 14971 - Medical Device Risk Management 33
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 4
B Risk Assessment Checklist for Non product Software IEC 62304 - Medical Device Software Life Cycle Processes 1
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
S Risk based internal auditing Internal Auditing 6
Robert Stanley I'm @ RISK of not showing my RISKS! ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
M Estimating the benefit-risk ration under MDR EU Medical Device Regulations 1
adir88 Information of safety can reduce risk now? ISO 14971 - Medical Device Risk Management 12
G Any good examples of CAPA forms that include a risk based approach? ISO 13485:2016 - Medical Device Quality Management Systems 5
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
M Has anyone heard of Run at Risk? Manufacturing and Related Processes 14
Tagin Is SARS-CoV-2/COVID-19 on your risk register? Misc. Quality Assurance and Business Systems Related Topics 11
D IEC 62304 Risk Classification - With and without hardware control IEC 62304 - Medical Device Software Life Cycle Processes 2
Similar threads


















































Top Bottom