Informational How the addition of "Risk" will affect ISO 9001:2015

Right now the authors are repeatedly saying ISO 9001:2015 requires no preventive action. But this is baloney. TC176 may have remove the clause specifying preventive action but for RM to be effective it must predominantly be preventive.
For someone to say that the new ISO 9001 requires no preventive action is, I think, misleading.
In an effectively managed system there is no discernible difference between Continual Improvement and Preventive Action.
You may be Jennifer, but considering how poorly many organizations and internal/external auditors have addressed the "Process Approach" (even after 14 years), I am very concerned. Unless there is a standard audit approach based on actual RBT evidence rather than auditor's opinion, I am not convinced that this RBT is a good idea.
My DNV auditors do a pretty good job of evaluating the state of the QMS as a whole: robust processes, plenty of DFMEA and PFMEA in evidence (even when not required), extremely low cost of poor quality, extremely high ratings from customers, years of 99.8%+ on time delivery, etc. and figuring out that you are taking a "process approach". Some better than others.
"What does that look like?" is an entry question. No, I don't expect documentation just to appease an auditor. Far from it. People can also show me outcomes, describe examples, we can review projects, etc. Unless records are required, of course. And there will be the clause requiring documentation to help control things as needed, similar to 14001 approach. I'm more comfortable with that than some auditees will be if they never worked with 14001 or 18001.

As for Boeing, my understanding is they operate to the aerospace standard, yes? I'm not an aerospace auditor but my guess is that they have project requirements like automotive does. If I was auditing the 787 project it is indeed worth looking at whether or not they applied risk based thinking. Did they just pick any old supplier or did they qualify the supplier first? Did they try to anticipate the inherent challenges of all that production outsourcing, and other issues? If they used an FMEA approach then they applied risk based thinking. As an auditor I am chartered with having enough imagination to consider whether the auditee's approach conforms to the standard, why or why not.
You are a rare bird, Jen. In my experience, the majority of auditors have little to no imagination. I expect that your imagination would allow you to take the same approach as in my comment above.
You are right to be concerned. Observing the variation that I do even in document control expectations, this one is going to be hard. Auditors are notoriously difficult to calibrate. I see it all the time.
Auditor calibration is a finding rich environment.:lmao:
There will be a percentage of organizations AND auditors that will embrace the intent of RBT and do a good job at it.
I expect DNV and their auditors to be among them.
Maybe organizations seeking certification should identify the risk that the auditor will not understand their risk-based approach ...
I have: Risk Priority Number = 910.

My company cannot design power conversion electronics that will survive absolutely everything that comes down the input line, or back up the output line. To do so would create a product that is so expensive that no customer would buy it. Therefore, we evaluate the risk of potential (pun intended) events outside of the expected parameters. Then we design for the most likely suspects. Then we verify and validate against a variety of SAE specifications to assure that we got it right. Only then do we release the product. I am currently dividing a 3 year span of warranty returns by a 2 year span of shipments. My line item return rate is less than 1%. My warranty costs are less than 0.5% of total revenue. My management approves that these rates and costs are acceptable risks. That approval is documented during Management Review.

And that's just page 1 of this thread. I am in the middle of addressing any changes I need to make to my Procedures Manual to address the 2015 versions so I am reading up...
 
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
You are too kind, Icy Mountain.

Auditors will need to develop imaginations or there will be (I hope) a LOT of disputes filed with CBs.

I am cranking up to provide internal and lead auditor training. It won't be accredited but I will provide my best product and service possible.

There is still preventive action. It is called operational controls to address risks, and error proofing: as you know, the standard calls out for both.
 
Prevention is still there under Section 10 Improvement. How many of you have said, thought or discussed in a meeting: "Some day that is going to bite us in the ass"? Well, write down what "that" is. Treat it like it already happened. Do root cause analysis and corrective action (no containment, YAY, it didn't happen!).

That's Preventive Action.
 

Helmut Jilling

Auditor / Consultant
You are too kind, Icy Mountain.

Auditors will need to develop imaginations or there will be (I hope) a LOT of disputes filed with CBs.

I am cranking up to provide internal and lead auditor training. It won't be accredited but I will provide my best product and service possible.

There is still preventive action. It is called operational controls to address risks, and error proofing: as you know, the standard calls out for both.
I have promoted Preventive Action as one of 5 internal audit outputs....and will continue to do so. The only change is now it is optional.

Corrective Actions, Preventive Actions, Opportunities for Improvement, Simple Action Items, and Document Change Requests -5 simple audit outputs...
 
Thread starter Similar threads Forum Replies Date
O In addition to the standard, what other ISO 13485 sources do people recommend? ISO 13485:2016 - Medical Device Quality Management Systems 5
shrutisancheti Addition of flat panel detector EU Medical Device Regulations 1
I Importer Address in addition to Manufacturer details on label EU Medical Device Regulations 13
S Is Lot Number required in addition to UDI serial number? Other Medical Device Regulations World-Wide 7
C Addition of Design & Manufacture - CE Mark Reissue? EU Medical Device Regulations 1
K Addition of a test reader to existing CE marked product. Other ISO and International Standards and European Regulations 2
M CO2 Incubators - Equipment Qualifications in addition to Calibration Qualification and Validation (including 21 CFR Part 11) 5
Q Actions Taken - Updating a FMEA for the addition of a downstream poke yoke FMEA and Control Plans 3
E Addition of Label by Initial Importer 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
S Addition in the Scope of Quality Manual ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
S Is TGA approval required for a ARTG listed IVD for a sample type addition? Other Medical Device Regulations World-Wide 11
G Document Control - Are hard copies required in addition to soft copies maintained? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 4
S MDD Technical File CE Mark - Addition of a Device to our Current CE Marked Family EU Medical Device Regulations 4
D Packaging Addition - Non-sterile barrier to protect the whole package 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 12
P Addition of Testing to Our ISO 17025 Scope - How? ISO 17025 related Discussions 1
E Addition of French Language (translation) - New 510(k) required? Other US Medical Device Regulations 1
somashekar ISO 13485 & ISO 9001 certified with addition of site. Covegratulations 10
N AS9100 Certification in addition to TS-16949 AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 5
J Addition of a Class 1 (Sterile) Medical Device ISO 13485:2016 - Medical Device Quality Management Systems 3
L CEDAC (Cause and Effect with Addition of Cards) - Sharing Experiences and Form(s) Training - Internal, External, Online and Distance Learning 15
K Differences - ISO17025:1999 vs. ISO17025:2005 - The addition of "Improvement" in 4.10 ISO 17025 related Discussions 16
S Value addition to product ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
A Validation of Processes in addition to Customer Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
J Differences - ISO 13485 - Requirements in Addition to ISO 9001:2000 ISO 13485:2016 - Medical Device Quality Management Systems 25
C Is it necessary to have a documented 3 R recycling plan in addition to measures? Miscellaneous Environmental Standards and EMS Related Discussions 10
D Importing a general wellness low risk product Other US Medical Device Regulations 3
C Quantifying risk in choosing the number of parts, operators and replicates in a GR&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
R AQL, Consumer Risk and MA Statistical Analysis Tools, Techniques and SPC 2
M Risk managment report of Surgical Mask Example ISO 14971 - Medical Device Risk Management 14
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 7
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
A 5 x 5 Risk Matrix - Looking for a good example Manufacturing and Related Processes 2
F Risk for Quality Assurance Department in a Hospital - Hospital Incident Reporting ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Should volume of sales be factored into risk probability assessments? ISO 14971 - Medical Device Risk Management 33
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 4
B Risk Assessment Checklist for Non product Software IEC 62304 - Medical Device Software Life Cycle Processes 1
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
S Risk based internal auditing Internal Auditing 6
Robert Stanley I'm @ RISK of not showing my RISKS! ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
M Estimating the benefit-risk ration under MDR EU Medical Device Regulations 1
adir88 Information of safety can reduce risk now? ISO 14971 - Medical Device Risk Management 12
G Any good examples of CAPA forms that include a risk based approach? ISO 13485:2016 - Medical Device Quality Management Systems 5
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
M Has anyone heard of Run at Risk? Manufacturing and Related Processes 14
Tagin Is SARS-CoV-2/COVID-19 on your risk register? Misc. Quality Assurance and Business Systems Related Topics 11
D IEC 62304 Risk Classification - With and without hardware control IEC 62304 - Medical Device Software Life Cycle Processes 2
J ISO 14971 applied to ISO 13485? Low risk class 1 devices ISO 13485:2016 - Medical Device Quality Management Systems 3
Similar threads


















































Top Bottom