Informational Is Identification of Risks and Opportunities required for QMS Processes?

M

morteza

Trusted Information Resource
Dear all

I searched in ISO 9001 requirements to find a requirement about the necessity for risk identification for any QMS processes.

As you know, in 4.4.1 f) the standard requires that the QMS process shall address risks and opportunities determined in accordance with the requirement of 6.1.

So, I think that it is only mandatory to identify high level risks and opportunities based on environmental analysis (SWOT, PESTEL,etc) for strategic goals and objectives and there is not any requirement to identify risks and opportunities for any QMS processes. Is it right?

Thanks all
 
Q

QAMTY

Dear Morteza
Look at here:
6.1 Actions to address risks and opportunities
When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to.....

When you plan, you take into consideration the processes, and into this processes you may have risk and opportunities.

Hope this helps
 
R

randomname

From section .1:

Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system to deviate from the planned results, to put in place preventive controls to minimize negative effects and to make maximum use of opportunities as they arise
 
M

morteza

Trusted Information Resource
randomname said:
From section .1:

Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system to deviate from the planned results, to put in place preventive controls to minimize negative effects and to make maximum use of opportunities as they arise
Click to expand...

That's good reference. But as you known it is not a requirement. It is a statement just placed in "Introduction" section.
 
D

dsanabria

Quite Involved in Discussions
morteza said:
Dear all

I searched in ISO 9001 requirements to find a requirement about the necessity for risk identification for any QMS processes.

As you know, in 4.4.1 f) the standard requires that the QMS process shall address risks and opportunities determined in accordance with the requirement of 6.1.

So, I think that it is only mandatory to identify high level risks and opportunities based on environmental analysis (SWOT, PESTEL,etc) for strategic goals and objectives and there is not any requirement to identify risks and opportunities for any QMS processes. Is it right?

Thanks all
Click to expand...

From Annex A.4

Although 6.1 specifies that the organization shall plan actions to address risks, there is no requirement for formal methods for risk management or a documented risk management process.

Organizations can decide whether or not to develop a more extensive risk management methodology than is required by this International Standard (e.g., through the application of other guidance or standards).

Not all the processes of a quality management system represent the same level of risk in terms of the organization’s ability to meet its objectives, and the effects of uncertainty are not the same for all organizations.


Under the requirements of 6.1, the organization is responsible for its application of risk-based thinking and the actions it takes to address risk, including whether or not to retain documented information as evidence of its determination of risks.
 
M

MVladimir

Involved - Posts
This is one of ununderstandable topic of 9001:2015. ISO TC 176 does not provide the clear explanation about that. ISO/TC 176/SC 2/N1289 THE PROCESS APPROACH IN ISO 9001:2015 only states:
"These three concepts together form an integral part of the ISO 9001:2015 standard. Risks that may impact on objectives and results must be addressed by the management system. Risk-based thinking is used throughout the process approach to:
• Decide how risk (positive or negative) is addressed in establishing the processes to improve process outputs and prevent undesirable results​
• Define the extent of process planning and controls needed (based on risk)​
• improve the effectiveness of the quality management system​
• maintain and manage a system that inherently addresses risk and meets objectives."​

Very general and poor explanation indeed!

I personally use and suggest you the following approach:
Initially, take into consideration the requirement of 4.4.1 f. "The organization shall ... address the risks and opportunities as determined in accordance with the requirements of 6.1";​
Following this statement, cl.6.1 "Actions to Address Risks and Opportunities" is a starting point in the risk-based thinking and the main purpose here is to determine the risks and opportunities that need to be addressed in QMS at a whole.​
After risks determined the organization shall integrate and implement the actions into its quality management system processes (cl. 6.1.2). In the other words - divide risks between processes.​
Therefore, for some processes risks will be relevant, but for others - irrelevant.
My conclusion - there is not any DIRECT requirements in 9001:2015 to identify risks and opportunities for ALL QMS processes.

Any opinions will be appreciated!
 
M

MVladimir

Involved - Posts
Jen,
As for me - yes, of course. Above mentioned document - ISO/TC 176/SC 2/N1289 THE PROCESS APPROACH IN ISO 9001:2015 has been downloaded from ISO/TC 176 home page. What then? ISO provides very poor explanation with respect to a lot of requirements. :)

Vladimir
 
Jen Kirley

Jen Kirley

Quality and Auditing Expert
Leader
Admin
MVladimir said:
Jen,
As for me - yes, of course. Above mentioned document - ISO/TC 176/SC 2/N1289 THE PROCESS APPROACH IN ISO 9001:2015 has been downloaded from ISO/TC 176 home page. What then? ISO provides very poor explanation with respect to a lot of requirements. :) Vladimir
Click to expand...
I feel your pain. There is additional guidance provided in ISO/TS 9002:2016(E), Quality management systems - Guidelines for the application of ISO 9001:2015, and ISO 9000:2015 - Quality management system Fundamentals and vocabulary.

To provide insight on what is expected of auditors to verify conformance to requirements, the ISO 9001 Auditing Practices Group has published a website for auditors, consultants and quality practitioners.

I hope this helps!
 
M

MVladimir

Involved - Posts
Thanks! I am familiar with all of this ISO guides. No suitable advices have been found there.

But I would like to return to initial question of this discussion thread: Shall organization identify risks and opportunities for every identified QMS process?

Your opinion, please!
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
x-files [QMS] Identification and Evaluation of Aspects, Impacts and Risks... ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
G Clause 8.5.1 -- Is non Identification evidence of ineffective control of production ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
M ISO 13485:2016 Identification & Traceability ISO 13485:2016 - Medical Device Quality Management Systems 4
T Use errors identification - based on primary operating functions or use scenarios ? IEC 62366 - Medical Device Usability Engineering 3
M Document Control - Applying Suitable Identification to Obsolete Documents ISO 13485:2016 - Medical Device Quality Management Systems 7
H Resin Identification Code Applicability REACH and RoHS Conversations 1
H Marking of Resin Identification Code CE Marking (Conformité Européene) / CB Scheme 0
C Document Identification Question ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
R IRB Identification US Food and Drug Administration (FDA) 0
J Help needed on clauses identification ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
Y CE marking with NB identification number EU Medical Device Regulations 0
Q ISO 20417:2021- Regulatory Identification Other ISO and International Standards and European Regulations 3
R UDI Number Identification EU Medical Device Regulations 5
K Identification test in ph.eur. Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 1
S SOP Identification of Special Characteristics IATF 16949 - Automotive Quality Systems Standard 9
I Hazard Identification and Naming ISO 14971 - Medical Device Risk Management 10
C ISO 45001 6.1.2.1 Hazard Identification Occupational Health & Safety Management Standards 1
J 1.11 Preliminary Identification of Special Product and Process Characteristics APQP and PPAP 4
T ISO 9001 8.5.2. - Identification and traceability to Identify Outputs - Services ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 15
M Medical Device Identification & Codes - Article 27 Requirements questions EU Medical Device Regulations 1
T Non conformance product identification and traceability 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
qualprod Monitoring of lead time - Good KPI identification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
qualprod Controlled sticker for product identification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
Watchcat Identification of Test Sample in Test Reports? Design and Development of Products and Processes 22
B Marking of Medical Electrical equipment and accessories - Cl. 7.2.2 "Identification" and Cl. 7.2.4 "Accessories" IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
M Informational EU – Unique Device Identification (UDI) System – FAQs Medical Device and FDA Regulations and Standards News 0
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
Z Two Payment Identification Number (PIN) for the same order in DFUF website 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
K Identification and Traceability with an ERP system - Barcode Labels? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M MDR Annex IX Chapter I, 2.2 (c) - Device identification procedures during manufacture. EU Medical Device Regulations 1
M Informational USFDA final guidance – Unique Device Identification: Convenience Kits Medical Device and FDA Regulations and Standards News 0
Stefan Mundt ISO 9001:2015 - 8.5.2 Identification and Traceability Manufacturing and Related Processes 14
S Looking for procedure on UDI (Unique Device Identification) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
S UDI (Unique Device Identification) Requirements for Remanufactured devices 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
B Quality Management System documentation identification Document Control Systems, Procedures, Forms and Templates 11
K Document Numbering (Identification) System Document Control Systems, Procedures, Forms and Templates 10
N Requirements for the identification and traceability of demo product for sales force US Food and Drug Administration (FDA) 1
M RFID (Radio Frequency Identification) Registration in Europe and in MENA countries EU Medical Device Regulations 1
qualprod Identification of Training Needs = People Performance? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
H European Pharmacopoeia First Identification Requirements Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
Q Identification of gage blocks General Measurement Device and Calibration Topics 8
DeeDeeM IATF16949, clause 8.5.2.1 Identification and traceability-supplemental IATF 16949 - Automotive Quality Systems Standard 1
DeeDeeM IATF 16949 - Clause 8.5.2 Identification and Traceability IATF 16949 - Automotive Quality Systems Standard 7
Q ISO 9001 Cl. 8.5.2 and 8.5.4 - Identification in Products ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
M Measurement Equipment - Identification of Calibration Status General Measurement Device and Calibration Topics 25
J Customer Identification and Traceability in Manufacturing Plans Manufacturing and Related Processes 5
M Risk Identification and Risk Assessment for any Process - Is it necessary? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
Edward Reesor UDI (Unique Device Identification): HIBCC or GS1? ISO 13485:2016 - Medical Device Quality Management Systems 39
R Identification of Medical Devices in MDD 93/42 Certificate EU Medical Device Regulations 2

Similar threads

Top Bottom