Informational Is Identification of Risks and Opportunities required for QMS Processes?

dsanabria

Quite Involved in Discussions
#11
Thanks! I am familiar with all of this ISO guides. No suitable advices have been found there.
But I would like to return to initial question of this threat: Shall organization identify risks and opportunities for every identified QMS process?

Your opinion, please!
Overall - RISK should be incorporated into all movement of the Quality Management System and the Products and services that you provide. While no requirements to have a procedure written it is best business practice to implement one that everyone can see and measure.

in reality that is what ISO 9001:2015 wants you to do but they left it to you to define it, implemented and most important - let it add value to your QMS.

However, no auditor can give you an NCR if you do not have it written down.

NOTE: the Aerospace Risk Management System from the handbook has been published in this forum.
 
Elsmar Forum Sponsor

Sidney Vianna

Post Responsibly
Staff member
Admin
#12
My conclusion - there is not any DIRECT requirements in 9001:2015 to identify risks and opportunities for ALL QMS processes.

Any opinions will be appreciated!
I have said it numerous times, RBT should have been coded as another principle in ISO 9000. Just like customer focus, leadership, process approach, etc...

The TC 176 developed this concept of RBT as a "replacement" for the preventive action requirement, which got dropped from 9001, taking into account the mandatory framework brought up by the HLS (annex SL) of the ISO/IEC Directives bla bla bla...

Whenever we are designing, implementing, improving, enhancing, revamping, etc. any business process which has a potential to affect product conformity and/or customer satisfaction, we are touching the "QMS", be it while we are selecting suppliers, packaging the product, designing a fabrication fixture, answering a call in the call centre, etc...

So, in my opinion, ANYTHING that an organization does which might affect product conformity and/or customer satisfaction, IRRESPECTIVE of where it happens, needs to be (AS FORMAL OR INFORMAL, COMMENSURATE TO THE POTENTIAL IMPACT) assessed for it's intrinsic risks.

An example of a typical daily occurrence that is not addressed, from a RBT perspective, in many organizations:

Sales people are allowed, sometimes encouraged to lie to a customer about delivery dates, in order to boost sales performance. In the long term, dissatisfied customers will drop that company as a supplier for chronic late deliveries. In the meantime, however, sales people make their quota, get their bonuses and management is "happy". Until they can't find new customers to replace the ones they lost.

So, is there a risk to allow sales people lying to customers about unrealistic delivery dates? I think it is obvious it does. ISO 9001 has requirements that should prevent that from happening, but does it? In the real world?
 

MVladimir

Involved - Posts
#13
So, in my opinion, ANYTHING that an organization does which might affect product conformity and/or customer satisfaction, IRRESPECTIVE of where it happens, needs to be (AS FORMAL OR INFORMAL, COMMENSURATE TO THE POTENTIAL IMPACT) assessed for it's intrinsic risks.
Practically useful point of view. I agree with you. But often Organization identifies a number of processes, not directly related with CS and OTD. For example - HR or Financial Management. Shall organization determined risks for this processes? I'm not sure that it is mandatory.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#14
Practically useful point of view. I agree with you. But often Organization identifies a number of processes, not directly related with CS and OTD. For example - HR or Financial Management. Shall organization determined risks for this processes? I'm not sure that it is mandatory.
We have a post here about the story of a small business that lost it's major customer because, someone in accounting decided out of the blue and unilaterally, that they would no longer accept payment by credit cards.

Financial management is not part of the QMS? We do know, for a fact, that a large percentage of customer dissatisfaction has to do with erroneous billing. Have a look at the Should the billing process....thread..

So, if billing is part of "financial management" and you fail to see the connection between billing mistakes and customer satisfaction, then your RBT needs re-calibration....just kidding.
 

MVladimir

Involved - Posts
#15
If I understood correctly based on our discussion about implementation of the RBT in the process approach - it is up to Organization to decide whether or not to determine risks to any QMS processes. Is it right?
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#16
The risks exist, irrespective if the organization identify them, or not. Like the example I offered of sales people being incentivized by management to make the sale, even if they need to lie to the customer.

It is up to each organization to assess how significant the risks are and which ones need mitigation. Once again, the 9001 standard infers that such assessment should be as formal or informal, commensurate with the potential impacts.
 
Last edited:

MVladimir

Involved - Posts
#17
I found our discussion as very effective! Thanks for everybody involved! The final Sidney's statement will help to find right direction as to RBT implementation.:)
 

armani

Involved In Discussions
#18
Maybe it's just me, but it seems like this discussion thread hasn't reached any conclusion regarding the requirement to identify risks and opportunities for any QMS processes or requirement to identify risks and opportunities for all QMS processes.

In my opinion, ISO doesn't impose this requirement, neither for "any process" nor for "all processes" - 4.4.1f and 6.1 are too vague....it's a question of interpretation.

Any other opinions?
 
Last edited:

Mike S.

Moved On
Trusted Information Resource
#19
There are some very vague areas of the standard, but with respect to your question, 4.4.1.f and 6.1 is not that vague, IMO.

In addition, FWIW, I was told by an auditor and trainer who is part of TC176 that auditors will put a great deal of focus on the risks and opportunities associated with your key processes. YMMV.
 

armani

Involved In Discussions
#20
Then, where 4.4.1 and 6.1 says about requirements to identify risks for processes??....I repeat, for processes, not resulting from 4.1 and 4.2?? and much more, for ALL processes?
 
Thread starter Similar threads Forum Replies Date
X [QMS] Identification and Evaluation of Aspects, Impacts and Risks... ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
M Medical Device Identification & Codes - Article 27 Requirements questions EU Medical Device Regulations 1
T Non conformance product identification and traceability 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Monitoring of lead time - Good KPI identification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
Q Controlled sticker for product identification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
Watchcat Identification of Test Sample in Test Reports? Design and Development of Products and Processes 22
B Marking of Medical Electrical equipment and accessories - Cl. 7.2.2 "Identification" and Cl. 7.2.4 "Accessories" IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
M Informational EU – Unique Device Identification (UDI) System – FAQs Medical Device and FDA Regulations and Standards News 0
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
Z Two Payment Identification Number (PIN) for the same order in DFUF website 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
K Identification and Traceability with an ERP system - Barcode Labels? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M MDR Annex IX Chapter I, 2.2 (c) - Device identification procedures during manufacture. EU Medical Device Regulations 1
M Informational USFDA final guidance – Unique Device Identification: Convenience Kits Medical Device and FDA Regulations and Standards News 0
Stefan Mundt ISO 9001:2015 - 8.5.2 Identification and Traceability Manufacturing and Related Processes 14
S Looking for procedure on UDI (Unique Device Identification) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
S UDI (Unique Device Identification) Requirements for Remanufactured devices 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
B Quality Management System documentation identification Document Control Systems, Procedures, Forms and Templates 11
K Document Numbering (Identification) System Document Control Systems, Procedures, Forms and Templates 10
N Requirements for the identification and traceability of demo product for sales force US Food and Drug Administration (FDA) 1
M RFID (Radio Frequency Identification) Registration in Europe and in MENA countries EU Medical Device Regulations 1
Q Identification of Training Needs = People Performance? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
H European Pharmacopoeia First Identification Requirements Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
J Identification of gage blocks General Measurement Device and Calibration Topics 8
DeeDeeM IATF16949, clause 8.5.2.1 Identification and traceability-supplemental IATF 16949 - Automotive Quality Systems Standard 1
DeeDeeM IATF 16949 - Clause 8.5.2 Identification and Traceability IATF 16949 - Automotive Quality Systems Standard 7
Q ISO 9001 Cl. 8.5.2 and 8.5.4 - Identification in Products ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Measurement Equipment - Identification of Calibration Status General Measurement Device and Calibration Topics 25
J Customer Identification and Traceability in Manufacturing Plans Manufacturing and Related Processes 5
M Risk Identification and Risk Assessment for any Process - Is it necessary? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
Edward Reesor UDI (Unique Device Identification): HIBCC or GS1? ISO 13485:2016 - Medical Device Quality Management Systems 31
R Identification of Medical Devices in MDD 93/42 Certificate EU Medical Device Regulations 2
L Managing Finance Processes - Identification of Sub Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
dubrizo Initial Supplier Identification, Review and Controls ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
H UDI (Unique Device Identification) Requirements for IVD Software EU Medical Device Regulations 2
A Receiving Goods Inwards - Identification Records and Data - Quality, Legal and Other Evidence 8
Pmarszal UDI (Unique Device Identification) Transition Period - Packaging Labeling Other US Medical Device Regulations 5
Q RFID (radio frequency identification) registration for Medical Device Other Medical Device Regulations World-Wide 6
B Class II Medical Device UDI (Unique Device Identification) Question(s) Other US Medical Device Regulations 8
A Is Risk Identification and Treatment a Process? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
D 820.120 UDI (Unique Device Identification) Labeling Verification Requirements Other US Medical Device Regulations 11
M Identification of Glass Instruments and Measurement Devices General Measurement Device and Calibration Topics 2
A Identification of Customer Property: Customer-Supplied Thumb Drives & Ext Hard Drives ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Z Failure Mode Identification in PFMEA according to AIAG FMEA Rev.4 FMEA and Control Plans 6
M Reagent Status Identification - 7.4.3 Verification of Purchased Product ISO 13485:2016 - Medical Device Quality Management Systems 6
Gman2 Identification of Raw Material being used In-Process ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Identification and labeling medical device replacement system components Other Medical Device and Orthopedic Related Topics 12
L Identification of Inputs vs. Outputs in Design and Development (Section 7.3) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
T Implementing a Suspect Counterfeit Identification Program Quality Manager and Management Related Issues 3
S Understanding UDI (Unique Device Identification) Other US Medical Device Regulations 10
Similar threads


















































Top Bottom