Informational How the addition of "Risk" will affect ISO 9001:2015

Sidney Vianna

Post Responsibly
Leader
Admin
Sidney, I share many of your concerns with regard to RBT but I also wonder whether we may be being overly worried about the subject.
Good point, Colin. RBT might get the same treatment that the "process approach" got. I.e., either be totally ignored, or cheapened with a high level flow chart as the only evidence that an organization has a process approach based QMS (which, by the way, it becomes explicitly mandatory with the 2015 revision).
So, I can envision a lip-service type organization doing one risk-based exercise, such as a FMECA for a single product design and development and milking that single example for the next 6 years in order to "pass audits".

Tom's comment is also very emblematic of many organizations approach. Instead of deciding for themselves how to comply with the standard, defer it to "what the auditor wants to see" and follow that path. That tends to work very well..........until there is a change of auditors and the new one wants to see something different. That is the risk of tailoring your system to the auditor du jour, instead of using the standard to develop a coherent system that supports the business.
 

somashekar

Leader
Admin
With so much told about the RBT approach, the system must get renamed to Enterprise Management System (EMS) ... Has a clash with the ISO14k or Organization Management System (OMS) rather than tagging the word Quality, and like always the Quality function being made responsible to do all the RBT.
RBT is more of a cultural thinking. Perhaps I can say the Europeans are more analytical and good at RBT than say the Asian. How much will the Top management align with the good RBT management system. Somewhere, this will get countered with the thought "Lets cross the bridge when we come to it".
I see a risk, I not see a risk ... Who wins.
 

Colin

Quite Involved in Discussions
Sidney, I most definitely agree with the comment about the process approach, in fact I ran a discussion on the DIS with one of the UK's largest CB's just last week and we used the same analogy.

We also came to the conclusion that probably the biggest challenge with the changed standard will be with CB's and their interpretations of what is really required - I am not confident.
 
W

wny4ever

I read that one risk management ?guru? defines ?risk? as ?uncertainty that matters?. Sounds good to me.

Maybe the question is better put as "How will the addition of RBT affect those certified to ISO 9001:2008 and needing to transition to ISO 9001:2015?

I believe that the concept of risk has always been implicit in ISO 9001. The DIS makes it more explicit and incorporates it in requirements for the establishment, implementation, maintenance and continual improvement of the QMS. It makes preventive action part of strategic planning.

One of my major questions is how a 3rd party auditor will audit for RBT.

Isn't the entire QMS is essentially a ?preventive tool?, using the ?Plan-Do-Check-Act? (PDCA) methodology?
 

John Broomfield

Leader
Super Moderator
wny4ever,

Unfortunately, ISO Guide 83 (now the mandatory management systems' standards' language) has moved away from prevention to engage us all in the wonders of more intentional risk management.

Risk management instead of prevention may help stop some willful blindness but at what cost? Imagine our suppliers intentionally shipping bad product because their risk assessment (and implicitly, "ISO") said it was okay!

Risk management without the principle of prevention smacks of compromise and moral relativity instead of living by the principles of preventing nonconformity to fulfill customer requirements.

John
 

Johnnymo62

Haste Makes Waste
Draft Standard says:

0.5 Risk is the effect of uncertainty on an expected result...
3.09 Risk: effect of uncertainty on an expected result.

0.5 ... and ISO 31000 provides guidelines on formal risk management which can be appropriate in certain organizational contexts.
 
R

Reg Morrison

If I may add to the discussion,
Now it is mandatory and, apparently, immune from further review.
The ISO/IEC Directives, Part 1, Consolidated ISO Supplement, 2014 which contains annex SL and SL.9 (High level structure, identical core text and common terms and core definitions for use in Management Systems Standards) is in it's fifth edition, thus, it is reviewed and revised. Further, ISO TC's developing Management System Standards are allowed to request waivers and exclusions from the HLS, which would have to be approved by the ISO TMB.

As mentioned elsewhere, to the best of my knowledge, the ISO TC 210 is not following the HLS for the next revision of the ISO 13485 Standard. It might have been to the timing of the revision initiation.

The reality is: if an ISO TC has a strong leadership and has good, solid, sound reasons to deviate from the HLS, they can request that.
 
Last edited by a moderator:
Top Bottom