Is Risk Identification and Treatment a Process?

armani

Involved In Discussions
#1
Do the organisation have to treat risk identification and treatment as a process?
Consequently, if yes, this process must be treated according to 4.4.1?
 
Elsmar Forum Sponsor

dsanabria

Quite Involved in Discussions
#2
Do the organisation have to treat risk identification and treatment as a process?
Consequently, if yes, this process must be treated according to 4.4.1?
The short answer is NO - risk is embedded into all of your processes.

ISO:9001:2015
0.3.3 Risk-based thinking

Risk-based thinking (see Clause A.4) is essential for achieving an effective quality management system. The concept of risk-based thinking has been implicit in previous editions of this International Standard including, for example, carrying out preventive action to eliminate potential nonconformity, analyzing any nonconformity that do occur, and taking action to prevent recurrence that is appropriate for the effects of the nonconformity.

To conform to the requirements of this International Standard, an organization needs to plan and implement actions to address risks and opportunities. Addressing both risks and opportunities establishes a basis for increasing the effectiveness of the quality management system, achieving improved results and preventing negative effects.

Opportunities can arise as a result of a situation favorable to achieving an intended result, for example, a set of circumstances that allow the organization to attract customers, develop new products and services, reduce waste or improve productivity. Actions to address opportunities can also include consideration of associated risks. Risk is the effect of uncertainty and any such uncertainty can have positive or negative effects. A positive deviation arising from a risk can provide an opportunity, but not all positive effects of risk result in opportunities.
 

Mike S.

Happy to be Alive
Trusted Information Resource
#3
What is a process? Activity that takes an input and turns it into an output.

Is risk identification and treatment, the way it is performed in your organization, performed in this way?

When you are determining the risks that need to be addressed, is this a process?

If you are planning actions to address risks, is this a process?

Look at 8.1.1 – is there a process there?

8.1.1 Operation risk management

The organization shall plan, implement and control a process for managing operation risks…
 

armani

Involved In Discussions
#4
What is a process? Activity that takes an input and turns it into an output.

Is risk identification and treatment, the way it is performed in your organization, performed in this way?

When you are determining the risks that need to be addressed, is this a process?

If you are planning actions to address risks, is this a process?

Look at 8.1.1 – is there a process there?

8.1.1 Operation risk management

The organization shall plan, implement and control a process for managing operation risks…
So, the answer is YES?
 
A

Alienraver

#6
Take a look in the standard, Annex A4. In that annex it clearly states that a formal, documented process is not required. However it does state that the organization can decide the level of what is needed, so you will want to take into consideration what you produce. If you make anything with critical components that may result in loss of life if they don't function properly, then yes, I would have a formal management process. Otherwise if you are making printed circuit boards where there are tons of subsequent tests or other avenues to prevent failure from escaping then no, you wouldn't need one. Your QMS should inherently have risk mitigation built in. This one of it's main purposes.
 
R

randomname

#7
Yes, it is a process. Read the Preventive Action clause of the 2008 edition.

Identify potential risks, evaluate whether treatment is required, treat if so, then determine whether treatment was effective. PDCA.

However, various components will be imbedded in different clauses of the QMS.
 
R

randomname

#9
The thing I keep trying to get across to quality professionals is stop worrying about the ISO requirements and look at what your senior management pays attention to. In a public company risk management is a big concern, and the government just mandated it for federal agencies with the revision of A-123.

So if you want to gain greater credibility learn about risk management, then utilize ISO as a way to support it with the QMS.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#10
I think you just encapsulated the wishful thinking of many "risk management" professionals. Hijack 9001:2015 as a platform to support risk management consulting.

Forget the ISO 9001 requirements? Wouldn't that be risky? :rolleyes:
 
Thread starter Similar threads Forum Replies Date
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Risk Identification and Risk Assessment for any Process - Is it necessary? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
R Risk Analysis and Hazard Identification concerning Clinical Decision Support Systems ISO 14971 - Medical Device Risk Management 1
Uriel Alejandro Risk Identification Methods and Risk Management Procedure AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 24
S Hazard Identification and Risk Assessment - Can Risk Assessment be "Grandfathered"? Occupational Health & Safety Management Standards 4
K Do you have to use RPN in Medical Device Risk Analysis? Identification of Hazards ISO 14971 - Medical Device Risk Management 6
K Behaviour Assessment for Hazard Identification & Risk Assessment Occupational Health & Safety Management Standards 25
G Hazard Identification and Risk Assessment 4.3.1 Occupational Health & Safety Management Standards 14
S Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
B Threat/Vulnerability Catalogue for risk assessment IEC 27001 - Information Security Management Systems (ISMS) 4
R Opportunity For Improvement vs Opportunity (Positive Risk) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
R FOD Risk Assessment - What tools would you recommend for assessing FOD risk? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
Q Example of the Risk Template Document Control Systems, Procedures, Forms and Templates 1
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
A Risk Number for each software requirement IEC 62304 - Medical Device Software Life Cycle Processes 7
A IEC 60601 11.2.2.1 Risk of Fire in an Oxygen Rich Environment, Source of Ignition IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Importing a general wellness low risk product Other US Medical Device Regulations 3
C Quantifying risk in choosing the number of parts, operators and replicates in a GR&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
R AQL, Consumer Risk and MA Statistical Analysis Tools, Techniques and SPC 2
M Risk managment report of Surgical Mask Example ISO 14971 - Medical Device Risk Management 14
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
A 5 x 5 Risk Matrix - Looking for a good example Manufacturing and Related Processes 2
F Risk for Quality Assurance Department in a Hospital - Hospital Incident Reporting ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Should volume of sales be factored into risk probability assessments? ISO 14971 - Medical Device Risk Management 33
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
B Risk Assessment Checklist for Non product Software IEC 62304 - Medical Device Software Life Cycle Processes 1
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
S Risk based internal auditing Internal Auditing 6
Robert Stanley I'm @ RISK of not showing my RISKS! ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
M Estimating the benefit-risk ration under MDR EU Medical Device Regulations 1
adir88 Information of safety can reduce risk now? ISO 14971 - Medical Device Risk Management 12
G Any good examples of CAPA forms that include a risk based approach? ISO 13485:2016 - Medical Device Quality Management Systems 8
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
M Has anyone heard of Run at Risk? Manufacturing and Related Processes 15
Tagin Is SARS-CoV-2/COVID-19 on your risk register? Misc. Quality Assurance and Business Systems Related Topics 11
D IEC 62304 Risk Classification - With and without hardware control IEC 62304 - Medical Device Software Life Cycle Processes 2
J ISO 14971 applied to ISO 13485? Low risk class 1 devices ISO 13485:2016 - Medical Device Quality Management Systems 3
DuncanGibbons Classification of aerospace parts depending on their risk and criticality etc. Federal Aviation Administration (FAA) Standards and Requirements 3
D Performance specification as a Risk Control Measure, EN 14971 ISO 14971 - Medical Device Risk Management 7
M Risk Classification For Supplier - Clinical Research Organisation (CRO) Supply Chain Security Management Systems 3
Sidney Vianna IAQG SCMH explains "positive risk"..........but does it? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
MrTetris Unacceptable risk and information for safety ISO 14971 - Medical Device Risk Management 16
M IATF 16949 (6.1.1 - Planning and Risk Analysis for a remote site) Process Maps, Process Mapping and Turtle Diagrams 5

Similar threads

Top Bottom