Informational Is Identification of Risks and Opportunities required for QMS Processes?

morteza

Trusted Information Resource
#1
Dear all

I searched in ISO 9001 requirements to find a requirement about the necessity for risk identification for any QMS processes.

As you know, in 4.4.1 f) the standard requires that the QMS process shall address risks and opportunities determined in accordance with the requirement of 6.1.

So, I think that it is only mandatory to identify high level risks and opportunities based on environmental analysis (SWOT, PESTEL,etc) for strategic goals and objectives and there is not any requirement to identify risks and opportunities for any QMS processes. Is it right?

Thanks all
 
Elsmar Forum Sponsor
Q

QAMTY

#2
Dear Morteza
Look at here:
6.1 Actions to address risks and opportunities
When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to.....

When you plan, you take into consideration the processes, and into this processes you may have risk and opportunities.

Hope this helps
 
R

randomname

#3
From section .1:

Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system to deviate from the planned results, to put in place preventive controls to minimize negative effects and to make maximum use of opportunities as they arise
 

morteza

Trusted Information Resource
#4
From section .1:

Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system to deviate from the planned results, to put in place preventive controls to minimize negative effects and to make maximum use of opportunities as they arise
That's good reference. But as you known it is not a requirement. It is a statement just placed in "Introduction" section.
 

dsanabria

Quite Involved in Discussions
#5
Dear all

I searched in ISO 9001 requirements to find a requirement about the necessity for risk identification for any QMS processes.

As you know, in 4.4.1 f) the standard requires that the QMS process shall address risks and opportunities determined in accordance with the requirement of 6.1.

So, I think that it is only mandatory to identify high level risks and opportunities based on environmental analysis (SWOT, PESTEL,etc) for strategic goals and objectives and there is not any requirement to identify risks and opportunities for any QMS processes. Is it right?

Thanks all
From Annex A.4

Although 6.1 specifies that the organization shall plan actions to address risks, there is no requirement for formal methods for risk management or a documented risk management process.

Organizations can decide whether or not to develop a more extensive risk management methodology than is required by this International Standard (e.g., through the application of other guidance or standards).

Not all the processes of a quality management system represent the same level of risk in terms of the organization’s ability to meet its objectives, and the effects of uncertainty are not the same for all organizations.


Under the requirements of 6.1, the organization is responsible for its application of risk-based thinking and the actions it takes to address risk, including whether or not to retain documented information as evidence of its determination of risks.
 

MVladimir

Involved - Posts
#6
This is one of ununderstandable topic of 9001:2015. ISO TC 176 does not provide the clear explanation about that. ISO/TC 176/SC 2/N1289 THE PROCESS APPROACH IN ISO 9001:2015 only states:
"These three concepts together form an integral part of the ISO 9001:2015 standard. Risks that may impact on objectives and results must be addressed by the management system. Risk-based thinking is used throughout the process approach to:
• Decide how risk (positive or negative) is addressed in establishing the processes to improve process outputs and prevent undesirable results​
• Define the extent of process planning and controls needed (based on risk)​
• improve the effectiveness of the quality management system​
• maintain and manage a system that inherently addresses risk and meets objectives."​

Very general and poor explanation indeed!

I personally use and suggest you the following approach:
Initially, take into consideration the requirement of 4.4.1 f. "The organization shall ... address the risks and opportunities as determined in accordance with the requirements of 6.1";​
Following this statement, cl.6.1 "Actions to Address Risks and Opportunities" is a starting point in the risk-based thinking and the main purpose here is to determine the risks and opportunities that need to be addressed in QMS at a whole.​
After risks determined the organization shall integrate and implement the actions into its quality management system processes (cl. 6.1.2). In the other words - divide risks between processes.​
Therefore, for some processes risks will be relevant, but for others - irrelevant.
My conclusion - there is not any DIRECT requirements in 9001:2015 to identify risks and opportunities for ALL QMS processes.

Any opinions will be appreciated!
 

MVladimir

Involved - Posts
#8
Jen,
As for me - yes, of course. Above mentioned document - ISO/TC 176/SC 2/N1289 THE PROCESS APPROACH IN ISO 9001:2015 has been downloaded from ISO/TC 176 home page. What then? ISO provides very poor explanation with respect to a lot of requirements. :)

Vladimir
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#9
Jen,
As for me - yes, of course. Above mentioned document - ISO/TC 176/SC 2/N1289 THE PROCESS APPROACH IN ISO 9001:2015 has been downloaded from ISO/TC 176 home page. What then? ISO provides very poor explanation with respect to a lot of requirements. :) Vladimir
I feel your pain. There is additional guidance provided in ISO/TS 9002:2016(E), Quality management systems - Guidelines for the application of ISO 9001:2015, and ISO 9000:2015 - Quality management system Fundamentals and vocabulary.

To provide insight on what is expected of auditors to verify conformance to requirements, the ISO 9001 Auditing Practices Group has published a website for auditors, consultants and quality practitioners.

I hope this helps!
 

MVladimir

Involved - Posts
#10
Thanks! I am familiar with all of this ISO guides. No suitable advices have been found there.

But I would like to return to initial question of this discussion thread: Shall organization identify risks and opportunities for every identified QMS process?

Your opinion, please!
 
Thread starter Similar threads Forum Replies Date
x-files [QMS] Identification and Evaluation of Aspects, Impacts and Risks... ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
J 1.11 Preliminary Identification of Special Product and Process Characteristics APQP and PPAP 4
T ISO 9001 8.5.2. - Identification and traceability to Identify Outputs - Services ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
M Medical Device Identification & Codes - Article 27 Requirements questions EU Medical Device Regulations 1
T Non conformance product identification and traceability 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
qualprod Monitoring of lead time - Good KPI identification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
qualprod Controlled sticker for product identification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
Watchcat Identification of Test Sample in Test Reports? Design and Development of Products and Processes 22
B Marking of Medical Electrical equipment and accessories - Cl. 7.2.2 "Identification" and Cl. 7.2.4 "Accessories" IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
M Informational EU – Unique Device Identification (UDI) System – FAQs Medical Device and FDA Regulations and Standards News 0
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
Z Two Payment Identification Number (PIN) for the same order in DFUF website 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
K Identification and Traceability with an ERP system - Barcode Labels? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M MDR Annex IX Chapter I, 2.2 (c) - Device identification procedures during manufacture. EU Medical Device Regulations 1
M Informational USFDA final guidance – Unique Device Identification: Convenience Kits Medical Device and FDA Regulations and Standards News 0
Stefan Mundt ISO 9001:2015 - 8.5.2 Identification and Traceability Manufacturing and Related Processes 14
S Looking for procedure on UDI (Unique Device Identification) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
S UDI (Unique Device Identification) Requirements for Remanufactured devices 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
B Quality Management System documentation identification Document Control Systems, Procedures, Forms and Templates 11
K Document Numbering (Identification) System Document Control Systems, Procedures, Forms and Templates 10
N Requirements for the identification and traceability of demo product for sales force US Food and Drug Administration (FDA) 1
M RFID (Radio Frequency Identification) Registration in Europe and in MENA countries EU Medical Device Regulations 1
qualprod Identification of Training Needs = People Performance? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
H European Pharmacopoeia First Identification Requirements Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
J Identification of gage blocks General Measurement Device and Calibration Topics 8
DeeDeeM IATF16949, clause 8.5.2.1 Identification and traceability-supplemental IATF 16949 - Automotive Quality Systems Standard 1
DeeDeeM IATF 16949 - Clause 8.5.2 Identification and Traceability IATF 16949 - Automotive Quality Systems Standard 7
Q ISO 9001 Cl. 8.5.2 and 8.5.4 - Identification in Products ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Measurement Equipment - Identification of Calibration Status General Measurement Device and Calibration Topics 25
J Customer Identification and Traceability in Manufacturing Plans Manufacturing and Related Processes 5
M Risk Identification and Risk Assessment for any Process - Is it necessary? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
Edward Reesor UDI (Unique Device Identification): HIBCC or GS1? ISO 13485:2016 - Medical Device Quality Management Systems 31
R Identification of Medical Devices in MDD 93/42 Certificate EU Medical Device Regulations 2
L Managing Finance Processes - Identification of Sub Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
dubrizo Initial Supplier Identification, Review and Controls ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
H UDI (Unique Device Identification) Requirements for IVD Software EU Medical Device Regulations 2
A Receiving Goods Inwards - Identification Records and Data - Quality, Legal and Other Evidence 8
Pmarszal UDI (Unique Device Identification) Transition Period - Packaging Labeling Other US Medical Device Regulations 5
Q RFID (radio frequency identification) registration for Medical Device Other Medical Device Regulations World-Wide 6
B Class II Medical Device UDI (Unique Device Identification) Question(s) Other US Medical Device Regulations 8
A Is Risk Identification and Treatment a Process? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
D 820.120 UDI (Unique Device Identification) Labeling Verification Requirements Other US Medical Device Regulations 11
M Identification of Glass Instruments and Measurement Devices General Measurement Device and Calibration Topics 2
A Identification of Customer Property: Customer-Supplied Thumb Drives & Ext Hard Drives ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Z Failure Mode Identification in PFMEA according to AIAG FMEA Rev.4 FMEA and Control Plans 6
M Reagent Status Identification - 7.4.3 Verification of Purchased Product ISO 13485:2016 - Medical Device Quality Management Systems 6
Gman2 Identification of Raw Material being used In-Process ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Identification and labeling medical device replacement system components Other Medical Device and Orthopedic Related Topics 12
L Identification of Inputs vs. Outputs in Design and Development (Section 7.3) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4

Similar threads

Top Bottom