Informational Is Identification of Risks and Opportunities required for QMS Processes?

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#71
As part of their QMS? As in part of their documented ISO 9001:1987/94/2000 certified system? The answer is in many cases, no! They had procedures. Those procedures didn't define input or outputs. No measurement (except of product, only).
Of course. In many cases no, in many other cases yes. But were these procedures developed to reduce the effect of uncertainty?
 
Elsmar Forum Sponsor

ISO_Man

Involved In Discussions
#72
Dear all

I searched in ISO 9001 requirements to find a requirement about the necessity for risk identification for any QMS processes.

As you know, in 4.4.1 f) the standard requires that the QMS process shall address risks and opportunities determined in accordance with the requirement of 6.1.

So, I think that it is only mandatory to identify high level risks and opportunities based on environmental analysis (SWOT, PESTEL,etc) for strategic goals and objectives and there is not any requirement to identify risks and opportunities for any QMS processes. Is it right?

Thanks all
My guidance during a recent ISO-9001:2015 audit was that there is a general push toward risk-based thinking for all processes. When I performed some recent documentation training I stressed that people should think about the risk to which we're exposed if documentation is NOT done correctly.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#73
My guidance during a recent ISO-9001:2015 audit was that there is a general push toward risk-based thinking for all processes.
Please, don't you think for a minute that what you heard from ONE auditor is "general". There is tremendous variation among CB's and even within the same CB, there is tremendous variation among "trained" auditors.

As for risk-based thinking applying universally and permanently, that's a given. It has always been like that, even when we did not use the term risk, explicitly.
 

ISO_Man

Involved In Discussions
#75
Really? I'd be keen to see more on this. All I've seen, so far, is a lot of BS findings about document control and auditor qualifications...
Reading through the standard it's one of the top 3 lines in the introduction, then comments about risk and the PDCA cycle and "
Risk-based thinking enables an organization to determine the factors that could cause its processes and
its quality management system to deviate from the planned results, to put in place preventive controls
to minimize negative effects and to make maximum use of opportunities as they arise..." and that's just in the introductory section.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#76
All I've seen, so far, is a lot of BS findings about document control and auditor qualifications...
But.....but.....but.....weren't we told that the new standard brings more accountability to top management leadership? Weren't auditors supposed to spend more time with the people who can really make sure the quality system is integrated in the organization business processes? Weren't organizations supposed to realize tremendous business improvements by "upgrading" their quality systems to the 2015 Edition of ISO 9001? Were those all empty promises? :mad:
In the IAF resolution (attached below), the message was:
The new ISO 9001 promotes enhanced leadership involvement in the management system, introduces risk-based thinking and aligns the quality management system policy and objectives with the strategy of the organisation.
If the auditors are still focusing on things that are immaterial to customer satisfaction and/or product conformity because they don't have the intelectual horsepower or the intestinal fortitude to address real issues, what is the point of revising standards? We all know that organizations, in the vast majority, will only do things they are written up for.

So, are you telling us that auditors are still delving into inconsequential issues just because this is their comfort zone? all the while ignoring issues of tremendous materiality for the system at hand? Who could see that coming? :sarcasm:

Too bad that people involved in the management system conformity assessment sector have not been introduced to the notion of risks and opportunities for the "certification sector". Until buyers properly specify what they want from suppliers (hint: assurance and confidence) instead of certificates, we will reward mediocrity in the auditing world.

Thanks, Andy, for sharing your perspective. :agree:
 

Attachments

John Broomfield

Staff member
Super Moderator
#78
All,

RIsk-based thinking is second nature for most of us but can easily be taken for granted.

When analyzing your system with top management to determine its key processes the thinking is risk-based, perhaps starting with agreeing the criteria for a process being “key” or critical to success. PESTLE or SWOT can be useful analytical techniques here to flush out this thinking.

When analyzing each of the key processes with the process owner you are both thinking risk as you determine the actions (starting with planning and preparation) taken to fulfill process objectives while preventing nonconformity.

When designing the few new key processes, needed for the system to fulfill its mission, with the process owner you are both thinking risk as you determine the PDCA actions necessary to fulfill process objectives while preventing nonconformity.

So, seek evidence of risk-based thinking and you’ll probably find it or your colleagues will be ready to help.

This is preferable to ignoring risk-based thinking for you to impose your new fangled RM tools on your colleagues.

Asking auditors what they’ll be looking for so you can keep them happy is wrong because our system should be about creating more successful customers.

John
 
#79
When I performed some recent documentation training I stressed that people should think about the risk to which we're exposed if documentation is NOT done correctly.
I'm interested to understand more abut this approach. Seriously. We've seen a significant reduction in ISO 9001 requirements (to almost zero) in prescriptive documentation requirements, while at the same time, increasing references to risk and opportunity. Doesn't this tend to suggest that documentation, in general terms, isn't linked to risk?
 
Thread starter Similar threads Forum Replies Date
X [QMS] Identification and Evaluation of Aspects, Impacts and Risks... ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
M Medical Device Identification & Codes - Article 27 Requirements questions EU Medical Device Regulations 1
T Non conformance product identification and traceability 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Monitoring of lead time - Good KPI identification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
Q Controlled sticker for product identification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
Watchcat Identification of Test Sample in Test Reports? Design and Development of Products and Processes 22
B Marking of Medical Electrical equipment and accessories - Cl. 7.2.2 "Identification" and Cl. 7.2.4 "Accessories" IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
M Informational EU – Unique Device Identification (UDI) System – FAQs Medical Device and FDA Regulations and Standards News 0
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
Z Two Payment Identification Number (PIN) for the same order in DFUF website 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
K Identification and Traceability with an ERP system - Barcode Labels? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M MDR Annex IX Chapter I, 2.2 (c) - Device identification procedures during manufacture. EU Medical Device Regulations 1
M Informational USFDA final guidance – Unique Device Identification: Convenience Kits Medical Device and FDA Regulations and Standards News 0
Stefan Mundt ISO 9001:2015 - 8.5.2 Identification and Traceability Manufacturing and Related Processes 14
S Looking for procedure on UDI (Unique Device Identification) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
S UDI (Unique Device Identification) Requirements for Remanufactured devices 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
B Quality Management System documentation identification Document Control Systems, Procedures, Forms and Templates 11
K Document Numbering (Identification) System Document Control Systems, Procedures, Forms and Templates 10
N Requirements for the identification and traceability of demo product for sales force US Food and Drug Administration (FDA) 1
M RFID (Radio Frequency Identification) Registration in Europe and in MENA countries EU Medical Device Regulations 1
Q Identification of Training Needs = People Performance? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
H European Pharmacopoeia First Identification Requirements Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
J Identification of gage blocks General Measurement Device and Calibration Topics 8
DeeDeeM IATF16949, clause 8.5.2.1 Identification and traceability-supplemental IATF 16949 - Automotive Quality Systems Standard 1
DeeDeeM IATF 16949 - Clause 8.5.2 Identification and Traceability IATF 16949 - Automotive Quality Systems Standard 7
Q ISO 9001 Cl. 8.5.2 and 8.5.4 - Identification in Products ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Measurement Equipment - Identification of Calibration Status General Measurement Device and Calibration Topics 25
J Customer Identification and Traceability in Manufacturing Plans Manufacturing and Related Processes 5
M Risk Identification and Risk Assessment for any Process - Is it necessary? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
Edward Reesor UDI (Unique Device Identification): HIBCC or GS1? ISO 13485:2016 - Medical Device Quality Management Systems 31
R Identification of Medical Devices in MDD 93/42 Certificate EU Medical Device Regulations 2
L Managing Finance Processes - Identification of Sub Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
dubrizo Initial Supplier Identification, Review and Controls ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
H UDI (Unique Device Identification) Requirements for IVD Software EU Medical Device Regulations 2
A Receiving Goods Inwards - Identification Records and Data - Quality, Legal and Other Evidence 8
Pmarszal UDI (Unique Device Identification) Transition Period - Packaging Labeling Other US Medical Device Regulations 5
Q RFID (radio frequency identification) registration for Medical Device Other Medical Device Regulations World-Wide 6
B Class II Medical Device UDI (Unique Device Identification) Question(s) Other US Medical Device Regulations 8
A Is Risk Identification and Treatment a Process? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
D 820.120 UDI (Unique Device Identification) Labeling Verification Requirements Other US Medical Device Regulations 11
M Identification of Glass Instruments and Measurement Devices General Measurement Device and Calibration Topics 2
A Identification of Customer Property: Customer-Supplied Thumb Drives & Ext Hard Drives ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Z Failure Mode Identification in PFMEA according to AIAG FMEA Rev.4 FMEA and Control Plans 6
M Reagent Status Identification - 7.4.3 Verification of Purchased Product ISO 13485:2016 - Medical Device Quality Management Systems 6
Gman2 Identification of Raw Material being used In-Process ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Identification and labeling medical device replacement system components Other Medical Device and Orthopedic Related Topics 12
L Identification of Inputs vs. Outputs in Design and Development (Section 7.3) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
T Implementing a Suspect Counterfeit Identification Program Quality Manager and Management Related Issues 3
S Understanding UDI (Unique Device Identification) Other US Medical Device Regulations 10
Similar threads


















































Top Bottom