Informational Is Identification of Risks and Opportunities required for QMS Processes?

Elsmar Forum Sponsor
#82
I'm one of those CB Auditor's that register companies to ISO 9001:2015. You know us as those guys concerned about document control, auditor qualifications, etc etc. As for 'Risks' I will say there are numerous differing opinions on risks.

Try thinking of your entire ISO QMS as a process and Risks as a sub-set of the QMS process. What primary controllable Risks can affect the QMS ? Once you identify say a maximum of 5 assign an owner to each for mitigation and have the owner report the status of each Risk & Mitigation monthly. For example:
Risk - aging workforce
Owner - HR
Mitigation - ???

Risk - changes to NAFTA
Owner - Purchasing and Sales
Mitigation - ???.

Just a few ideas for you. Hope it's helpful.
 

John Broomfield

Staff member
Super Moderator
#83
Vladimir,

My opinion:

The fact that you’ve determined what processes are essential to the effectiveness of your organization working as a system means you’ve already thought about the risks (positive and negative) that generally apply.

Within this system you will have planning processes to address specific risks arising from a new or changed situation or opportunity.

At the front of each process within your system you may have activities that address risks to prevent nonconformity and ineffectiveness.

So, you can see at least three ways in which your organization may address risk as necessary for your system to be effective.

It would be wrong to focus all your risk management opportunities in each individual process.

And all this may be achieved without once mentioning risk.

Best wishes,

John
 
#84
From your posts, John, it seems to me that we work in very different worlds. For the most part, my recent experiences are with small/medium sized businesses which are relatively unsophisticated and certainly don't do what you've described. "Risk" is often a board game played with family at the weekend...
Andy,

I cannot imagine such disrespect even for the most unsophisticated of my clients. They usually seek to maximize their chances of success while minimizing their chances of failure.

John
As odd as it may seem. It has happened. The analogy that Andy is making doesn't feel so distant. I'm working in a 70 employee manufacturing organization in a developing country. The owner bought 2 robots in an attempt to "improve productivity". It's been a disaster. Requirement 6.3 of ISO 9001:2015 totally ignored. Process engineering required for this kind of project was non-existant. In the end the productivity remains the same (like it used to be before the aquisition of the robots). Key factors that weren't considered: raw material quality and composition, measuring system requirements, competent personel needed in previous processes.

So yes, this kind of organizations do exist.
 

John Broomfield

Staff member
Super Moderator
#85
Sure such badly run organizations exist (at least temporarily).

But are these organizations also developing their management systems to improve their chances of success?
 

Zearl

Starting to get Involved
#86
Going through all the comments, the bottom line to me is......if you are operating and producing product or service(s), you've already
considered the risks. You've added specifications, service communication protocols, testing, etc. The process involved have controls
in place already for address of big risks important to your customers, or you wouldn't be successful. Yes, top management should also
take an overall look at high level risks (SWOT, etc.) and requirements of interested parties.
However, much of the risk associated with processes is already known and was done ages ago if you have been in business a long time.
If you want, list up the major risks for a process and put the risks in a turtle diagram or something to document what they are.
Then go on. New risks are basically documented in your corrective action process or identified at management review, etc.
Not that big a deal IMHO at this point, since I've already agonized about it way back when working on getting certified to 2015 standard.
But that is how I approached it and it worked. We continue to review SWOT, perform management review, etc. where new risks come
out and as a result, are documented in management review.

There, I said my peace. Probably should apologize for rambling on too long. :)
 

outdoorsNW

Involved In Discussions
#87
The biggest problem I see with risk in AD9100D is auditor training and auditor consistency. If auditors were better trained and were consistent in what was considered a NC, there would be fewer problems.

After several years of auditors complementing how we handle risk, we got an NC last year because many of our big picture risk discussions are in the strategic planning meeting (with a page or more of meeting minutes) and yearly planning process (with meeting minutes) rather than as part of the management review meeting. The auditor did not like that.

This auditor claimed to have better understanding than most auditors and had participated on the committee, but in reality I think she was sometimes auditing to committee discussions and what she thought the standard should require rather than what the standard actually says in the released version. Much of her objective evidence was poor, nonspecific, and vague. I wanted to appeal several NCs but was overruled by my boss. (Tactical and part specific risk is handled as part of the contract review and part intake process.)

Our auditor also did not like we have moved some of the risk management to meetings that happen monthly to weekly and did not have a risk register.
 
Thread starter Similar threads Forum Replies Date
X [QMS] Identification and Evaluation of Aspects, Impacts and Risks... ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
M Medical Device Identification & Codes - Article 27 Requirements questions EU Medical Device Regulations 1
T Non conformance product identification and traceability 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Monitoring of lead time - Good KPI identification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
Q Controlled sticker for product identification? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
Watchcat Identification of Test Sample in Test Reports? Design and Development of Products and Processes 22
B Marking of Medical Electrical equipment and accessories - Cl. 7.2.2 "Identification" and Cl. 7.2.4 "Accessories" IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
M Informational EU – Unique Device Identification (UDI) System – FAQs Medical Device and FDA Regulations and Standards News 0
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
Z Two Payment Identification Number (PIN) for the same order in DFUF website 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
K Identification and Traceability with an ERP system - Barcode Labels? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M MDR Annex IX Chapter I, 2.2 (c) - Device identification procedures during manufacture. EU Medical Device Regulations 1
M Informational USFDA final guidance – Unique Device Identification: Convenience Kits Medical Device and FDA Regulations and Standards News 0
Stefan Mundt ISO 9001:2015 - 8.5.2 Identification and Traceability Manufacturing and Related Processes 14
S Looking for procedure on UDI (Unique Device Identification) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
S UDI (Unique Device Identification) Requirements for Remanufactured devices 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
B Quality Management System documentation identification Document Control Systems, Procedures, Forms and Templates 11
K Document Numbering (Identification) System Document Control Systems, Procedures, Forms and Templates 10
N Requirements for the identification and traceability of demo product for sales force US Food and Drug Administration (FDA) 1
M RFID (Radio Frequency Identification) Registration in Europe and in MENA countries EU Medical Device Regulations 1
Q Identification of Training Needs = People Performance? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
H European Pharmacopoeia First Identification Requirements Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
J Identification of gage blocks General Measurement Device and Calibration Topics 8
DeeDeeM IATF16949, clause 8.5.2.1 Identification and traceability-supplemental IATF 16949 - Automotive Quality Systems Standard 1
DeeDeeM IATF 16949 - Clause 8.5.2 Identification and Traceability IATF 16949 - Automotive Quality Systems Standard 7
Q ISO 9001 Cl. 8.5.2 and 8.5.4 - Identification in Products ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Measurement Equipment - Identification of Calibration Status General Measurement Device and Calibration Topics 25
J Customer Identification and Traceability in Manufacturing Plans Manufacturing and Related Processes 5
M Risk Identification and Risk Assessment for any Process - Is it necessary? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
Edward Reesor UDI (Unique Device Identification): HIBCC or GS1? ISO 13485:2016 - Medical Device Quality Management Systems 31
R Identification of Medical Devices in MDD 93/42 Certificate EU Medical Device Regulations 2
L Managing Finance Processes - Identification of Sub Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
dubrizo Initial Supplier Identification, Review and Controls ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
H UDI (Unique Device Identification) Requirements for IVD Software EU Medical Device Regulations 2
A Receiving Goods Inwards - Identification Records and Data - Quality, Legal and Other Evidence 8
Pmarszal UDI (Unique Device Identification) Transition Period - Packaging Labeling Other US Medical Device Regulations 5
Q RFID (radio frequency identification) registration for Medical Device Other Medical Device Regulations World-Wide 6
B Class II Medical Device UDI (Unique Device Identification) Question(s) Other US Medical Device Regulations 8
A Is Risk Identification and Treatment a Process? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
D 820.120 UDI (Unique Device Identification) Labeling Verification Requirements Other US Medical Device Regulations 11
M Identification of Glass Instruments and Measurement Devices General Measurement Device and Calibration Topics 2
A Identification of Customer Property: Customer-Supplied Thumb Drives & Ext Hard Drives ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Z Failure Mode Identification in PFMEA according to AIAG FMEA Rev.4 FMEA and Control Plans 6
M Reagent Status Identification - 7.4.3 Verification of Purchased Product ISO 13485:2016 - Medical Device Quality Management Systems 6
Gman2 Identification of Raw Material being used In-Process ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Identification and labeling medical device replacement system components Other Medical Device and Orthopedic Related Topics 12
L Identification of Inputs vs. Outputs in Design and Development (Section 7.3) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
T Implementing a Suspect Counterfeit Identification Program Quality Manager and Management Related Issues 3
S Understanding UDI (Unique Device Identification) Other US Medical Device Regulations 10
Similar threads


















































Top Bottom