Informational How the addition of "Risk" will affect ISO 9001:2015

Sidney Vianna

Post Responsibly
Leader
Admin
Colin, as must of us know, the TC 176 SC2 has released a paper on ISO 9001:2015 and Risk.

As usually happens with the "papers" issued by that body, the document does very little, in my estimation, to clarify "acceptable approaches" on "dealing with RBT". The silly example of RBT when crossing a road does not assist people to extrapolate and abstract it to a business setting. A wasted opportunity to truly help the ISO 9001 users community. When will they learn to develop papers that are useful?

I do know for a fact that some high level TC176 members are voyeurs of this space and some of our lengthy discussions at The Cove about the inadequacy of the preventive action text led to it's removal from the 5[sup]th[/sup] Edition of ISO 9001. I wished they had consulted with some of the knowledgeable people here before adding RBT as a requirement.
 

WCHorn

Rubber, Too Glamorous?
Trusted Information Resource
That being the case, what is the need/relevance of a QMS standard having requirements of questionable implementability and auditability for RBT? in other words, if everyone does, all the time, what is the point of a requirement being written to that effect?

Your rhetorical questions made me think, Sydney. I believe that any business that wings it is successful because of pure luck and likely to fail. Successful businesses use RBT all the time; it's the best path to success. Having read the paper TC176 issued on the subject, to me RBT is just a modified statement of the preventive action requirement.

Training operators and supervisors on RBT will be worth the effort, though, to at least make clear how the risks they might take affect the business. Adding written procedures and forms would be overkill, though, in my opinion. That would be like requiring a procedure for breathing.

It should be more like asking folks how their work affects the company's quality policy. If the auditor asks about RBT and gets a coherent response, will auditors be satisfied? Am I being too shallow on the topic?
 

Jen Kirley

Quality and Auditing Expert
Leader
Admin
I have learned to limit using terms like "aspects" and "impacts" in most groups of auditees because they are not words most of us mortals use. I will probably also avoid saying "risk based thinking" in favor of things like "What have you identified as risks to your operations?" This is not a problem.

I have spoken with more than one client who welcome the changes because they already understand risk and are tired of being handed a list of shalls like having the six documented procedures just because the standard tells them to.

Sure there will be transition in thinking. People have been told, via their quality standards, everything short of "right foot, left foot, breathe in and out" for a long time. At first there will be confusion. Auditors will need to have some flexibility as we already do with aspects and impacts. I don't feel especially gifted but I just don't understand why this looks so hard.
:2cents:
 

Jen Kirley

Quality and Auditing Expert
Leader
Admin
If by logical questioning, common sense approach, trail of interacting processes based on established procedures, when a non conforming situation can be potentially seen, and the auditee agrees on same, a NC can be written up on RBT application ...
I agree. This is as I already do with Legal and Other. Through a series of questions and maybe some research we discover together (I do not cite codes in NCs as it is not a regulatory audit, and in any case I make a poor walking rule book) whether the client has failed to recognize a regulatory requirement. One of the things we can look at is the potential impact to the site's goals and objectives.
 

John Broomfield

Leader
Super Moderator
Thanks.

On our public classes for senior managers we could always tell which came from organizations with effective (preventive) management systems; they were cool calm and ready to learn.

...the others were perpetually "busy" and stressed.
 

Marc

Fully vaccinated are you?
Leader
<snip> I have spoken with more than one client who welcome the changes because they already understand risk <snip>
My emphasis. I think this is key. Most companies already understand and address risks (aka risk management).
 
Quite true Marc, but version 2015 does not require 'risk management', just 'risk based actions' (my term), which it can be argued, have been present throughout 9001 in the form of various preventative measures, such as vendor selection and qualification, control of non-conforming material, calibration standards, etc. All of these actions are designed to minimize risk, and have always been present. I am not really sure what the new version is trying to introduce that is different, (except for 'risk opportunities', which is very confusing). I fall into the camp where I think that auditors will want to see the usual risk management tools present, like FMEA, SWOT, etc. Better to be safe than sorry right? As I said previously, I have recommended to our management NOT to proceed with 2015 until these things are all worked out. We are always audited by our customers anyway, regardless of whether we are registered to ISO or not, so why jump into the fray? They [management] have agreed that we will remain compliant to 2008, regardless of these new changes. It really all depends on what our customers will require as evidence of 'risk based thinking' anyway, since they are actually the ones calling the shots. The move in my industry has been away from ISO 9001 anyway, so this should not be much of an issue for us.
 
Top Bottom