Informational Is Identification of Risks and Opportunities required for QMS Processes?

morteza

Trusted Information Resource
#31
This is one of ununderstandable topic of 9001:2015. ISO TC 176 does not provide the clear explanation about that. ISO/TC 176/SC 2/N1289 THE PROCESS APPROACH IN ISO 9001:2015 only states:
"These three concepts together form an integral part of the ISO 9001:2015 standard. Risks that may impact on objectives and results must be addressed by the management system. Risk-based thinking is used throughout the process approach to:
• Decide how risk (positive or negative) is addressed in establishing the processes to improve process outputs and prevent undesirable results
• Define the extent of process planning and controls needed (based on risk)
• improve the effectiveness of the quality management system
• maintain and manage a system that inherently addresses risk and meets objectives."
Very general and poor explanation indeed!
I personally use and suggest you the following approach:
Initially, take into consideration the requirement of 4.4.1 f. "The organization shall ... address the risks and opportunities as determined in accordance with the requirements of 6.1";
Following this statement, cl.6.1 "Actions to Address Risks and Opportunities" is a starting point in the risk-based thinking and the main purpose here is to determine the risks and opportunities that need to be addressed in QMS at a whole.
After risks determined the organization shall integrate and implement the actions into its quality management system processes (cl. 6.1.2). In the other words - divide risks between processes.
Therefore, for some processes risks will be relevant, but for others - irrelevant.
My conclusion - there is not any DIRECT requirements in 9001:2015 to identify risks and opportunities for ALL QMS processes.

Any opinions will be appreciated!
Dear all,

I searched much on this topic after my initial post. I believe that MVladimir is right.

Based on clause 6.1.1, the organization shall determine its risks and opportunities (e.g. emerge of new competitors). Based on clause 6.1.2, the organization shall plan actions to address the determined risks (reduction of product price). These action shall implement through QMS processes,(reduction waste in production process, providing raw material with lower price by supply process, etc.) as it has been referred in clause 6.1.2 and has been stated in clause 4.4.1 f).

Totally, I think ISO 9001:2015 does not require to determine risks and opportunities for any processes. It requires to determine risks that effect on organizational objectives, and plan treatment actions and implement them through processes.

What are your idea, friends?
 
Elsmar Forum Sponsor

Jim Green

Involved In Discussions
#32
I am not getting something. The whole ISO system was created as a way to control/ mitigate RISK! Starting back to the 20 elements in 1994, to the process approach in 2000, til now. It is inherent within Quality System Management. I gotta admit, not really impressed with the upgrade. if you already had a robust system, this stuff is covered. So, when it is time to "Promote risk based thinking" I will turn to 21 years of ISO certification as proof positive , objective evidence:cool:.
 
#33
I am not getting something. The whole ISO system was created as a way to control/ mitigate RISK! Starting back to the 20 elements in 1994, to the process approach in 2000, til now.
Was it? Viewed from which perspective? If I recall correctly, the 94 version wasn't much of a change from 87 and the organization's customers' satisfaction wasn't mentioned... So what risk is being considered?
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#34
So, when it is time to "Promote risk based thinking" I will turn to 21 years of ISO certification as proof positive , objective evidence:cool:.
Sorry, but I don't think that would be a good evidentiary proof. In the context of ISO 9001, risk based thinking is the (presumed better) alternative to the previous maligned preventive action requirement, a clause that was exhaustively discussed and, for many people, brought more challenges than benefits.

I would suggest that a much better evidence of risk based thinking for a quality system is the low number of dissatisfied customers and quality escapes.

Many dysfunctional organizations have attained and maintained certification to a quality system standard for over 20 years, so that would not be a good nor proper indicator, in my opinion.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#35
Dear all,

I searched much on this topic after my initial post. I believe that MVladimir is right.

Based on clause 6.1.1, the organization shall determine its risks and opportunities (e.g. emerge of new competitors). Based on clause 6.1.2, the organization shall plan actions to address the determined risks (reduction of product price). These action shall implement through QMS processes,(reduction waste in production process, providing raw material with lower price by supply process, etc.) as it has been referred in clause 6.1.2 and has been stated in clause 4.4.1 f).

Totally, I think ISO 9001:2015 does not require to determine risks and opportunities for any processes. It requires to determine risks that effect on organizational objectives, and plan treatment actions and implement them through processes.

What are your idea, friends?
ISO/TC 9002:2016 (Guidelines for the application of ISO 9001:2015) disagrees, stating: "(6.1.1) The intent of this subclause is to ensure that when planning the quality management system processes, the organization determines its risks and opportunities and plans actions to address them. Its purpose is to prevent nonconformities, including nonconforming outputs, and to determine opportunities that might enhance customer satisfaction or achieve an organization’s quality objectives."

Neither standard invites us to pick and choose which processes to identify risks for. 9002:2016 does specify that no requirement for a formal risk management program is required, and lists several options and says the organization can choose the methods that suit its needs. Of all the changes in 9001:2015, this has been the least understood.
 

tony s

Information Seeker
Trusted Information Resource
#37
I would agree that ISO 9001 doesn't categorically mention "identify risks/opportunities on all processes". ISO 9001 is a requirement standard and could only tell us WHAT must be done. However, guideline standards such as the ISO/TS 9002 help us to understand WHY and sometimes HOW. The statement from ISO/TS 9002 quoted by Jen Kirley, IMHO, clearly established the INTENT of ISO 9001 about "identifying risks and opportunities".
 
#38
I'd go as far as to say that if anyone thinks that determining risk/opportunities regarding (all) QMS processes is what is intended, then they are missing the point, almost completely. It's NOT the same as, for example, doing a process failure modes effects analysis.

Indeed, ISO/TS 9002 makes reference to simple tools such as a SWOT analysis. If you consider that the standard is written to be applicable to all sizes/complexities of business, plus it references the "strategic" nature of risk and opportunity, it seems (to me) that doing anything more than something simple like a SWOT or PEST(LE) analysis is overkill. It's not supposed to be a form filling exercise and certainly NOT as extensive as ISO 31000 would suggest it is...
 
Last edited:

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#40
I'd go as far as to say that if anyone thinks that determining risk/opportunities regarding (all) QMS processes is what is intended, then they are missing the point, almost completely. It's NOT the same as, for example, doing a process failure modes effects analysis.

Indeed, ISO/TS 9002 makes reference to simple tools such as a SWOT analysis. If you consider that the standard is written to be applicable to all sizes/complexities of business, plus it references the "strategic" nature of risk and opportunity, it seems (to me) that doing anything more than something simple like a SWOT or PEST(LE) analysis is overkill. It's not supposed to be a form filling exercise and certainly NOT as extensive as ISO 31000 would suggest it is...
One of the biggest struggles is the idea that filling out forms for risks is required. 9001:2015 does not require it, but an organization's members should still be aware of the risks, how they are being addressed in order to avoid nonconformity to requirements, and (as required in management review) the effectiveness of the actions taken to address risk. That is supposed to be the point of the whole thing; it is why they took out the preventive action clause.

SWOT is ideal for high level risk consideration, specially in subjects like human resources.
 
Thread starter Similar threads Forum Replies Date
X [QMS] Identification and Evaluation of Aspects, Impacts and Risks... ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
M Medical Device Identification & Codes - Article 27 Requirements questions EU Medical Device Regulations 1
T Non conformance product identification and traceability 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Monitoring of lead time - Good KPI identification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
Q Controlled sticker for product identification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
Watchcat Identification of Test Sample in Test Reports? Design and Development of Products and Processes 22
B Marking of Medical Electrical equipment and accessories - Cl. 7.2.2 "Identification" and Cl. 7.2.4 "Accessories" IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
M Informational EU – Unique Device Identification (UDI) System – FAQs Medical Device and FDA Regulations and Standards News 0
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
Z Two Payment Identification Number (PIN) for the same order in DFUF website 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
K Identification and Traceability with an ERP system - Barcode Labels? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M MDR Annex IX Chapter I, 2.2 (c) - Device identification procedures during manufacture. EU Medical Device Regulations 1
M Informational USFDA final guidance – Unique Device Identification: Convenience Kits Medical Device and FDA Regulations and Standards News 0
Stefan Mundt ISO 9001:2015 - 8.5.2 Identification and Traceability Manufacturing and Related Processes 14
S Looking for procedure on UDI (Unique Device Identification) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
S UDI (Unique Device Identification) Requirements for Remanufactured devices 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
B Quality Management System documentation identification Document Control Systems, Procedures, Forms and Templates 11
K Document Numbering (Identification) System Document Control Systems, Procedures, Forms and Templates 10
N Requirements for the identification and traceability of demo product for sales force US Food and Drug Administration (FDA) 1
M RFID (Radio Frequency Identification) Registration in Europe and in MENA countries EU Medical Device Regulations 1
Q Identification of Training Needs = People Performance? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
H European Pharmacopoeia First Identification Requirements Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
J Identification of gage blocks General Measurement Device and Calibration Topics 8
DeeDeeM IATF16949, clause 8.5.2.1 Identification and traceability-supplemental IATF 16949 - Automotive Quality Systems Standard 1
DeeDeeM IATF 16949 - Clause 8.5.2 Identification and Traceability IATF 16949 - Automotive Quality Systems Standard 7
Q ISO 9001 Cl. 8.5.2 and 8.5.4 - Identification in Products ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Measurement Equipment - Identification of Calibration Status General Measurement Device and Calibration Topics 25
J Customer Identification and Traceability in Manufacturing Plans Manufacturing and Related Processes 5
M Risk Identification and Risk Assessment for any Process - Is it necessary? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
Edward Reesor UDI (Unique Device Identification): HIBCC or GS1? ISO 13485:2016 - Medical Device Quality Management Systems 31
R Identification of Medical Devices in MDD 93/42 Certificate EU Medical Device Regulations 2
L Managing Finance Processes - Identification of Sub Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
dubrizo Initial Supplier Identification, Review and Controls ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
H UDI (Unique Device Identification) Requirements for IVD Software EU Medical Device Regulations 2
A Receiving Goods Inwards - Identification Records and Data - Quality, Legal and Other Evidence 8
Pmarszal UDI (Unique Device Identification) Transition Period - Packaging Labeling Other US Medical Device Regulations 5
Q RFID (radio frequency identification) registration for Medical Device Other Medical Device Regulations World-Wide 6
B Class II Medical Device UDI (Unique Device Identification) Question(s) Other US Medical Device Regulations 8
A Is Risk Identification and Treatment a Process? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
D 820.120 UDI (Unique Device Identification) Labeling Verification Requirements Other US Medical Device Regulations 11
M Identification of Glass Instruments and Measurement Devices General Measurement Device and Calibration Topics 2
A Identification of Customer Property: Customer-Supplied Thumb Drives & Ext Hard Drives ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Z Failure Mode Identification in PFMEA according to AIAG FMEA Rev.4 FMEA and Control Plans 6
M Reagent Status Identification - 7.4.3 Verification of Purchased Product ISO 13485:2016 - Medical Device Quality Management Systems 6
Gman2 Identification of Raw Material being used In-Process ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Identification and labeling medical device replacement system components Other Medical Device and Orthopedic Related Topics 12
L Identification of Inputs vs. Outputs in Design and Development (Section 7.3) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
T Implementing a Suspect Counterfeit Identification Program Quality Manager and Management Related Issues 3
S Understanding UDI (Unique Device Identification) Other US Medical Device Regulations 10
Similar threads


















































Top Bottom