ISO9001:2015 Cl. 6.1 - What evidences of risk addressing is needed?

Q

QAMTY

#1
Hi all

Regarding of documented evidences in 6.1, I don´t see any specific
information required.

Would it be needed to have only a list of identified and treated risks, also to have the evidences of the follow-up and actions plans? Additional, evidences of a swot and list of interested parties.

But I wonder if is needed, say, an evidence of a brainstorming session
with employees when determining risk? and also a sheet/format for every risk detected en each process, where risk is evaluated (the impact, the responsibles, due dates for actions,etc) including sign off of them?.

Please give some feedback

Thanks
 
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#2
I am sorry for the delay in answering this question.

Evidence can be in the form of physical changes, such as 5S to reduce the risk of product damage. It can be a checklist that helps people avoid missing tasks or steps in transaction-based processes. It can be documented in SWOT, in tables, in FMEA, in a short statement within controlled procedures, but none of these types of documentation are specifically required.

I always advise the simple approach if it is possible. The main difficulty with that may be in how you can express effectiveness of actions taken, which is an input in Management Review. That can be a chart, a number or a statement but it should be something that can be verified through documentation and/or talking with people and/or the auditor's physical observations.
 

bpritts

Involved - Posts
#4
As Jen states there are MANY possible considerations and actions on risk. Too many of our QA colleagues seem to think that we invented risk management in 2015! That's just nonsense. Our whole field has been based on managing risks. So, some other examples:

- Any time you do an inspection, you presumably do so because you perceive a risk of nonconformance. (If you were certain that a process was perfect, why would you do inspections? But we know that processes, and people, aren't perfect... there's risk!) How did you decide when to do inspections, and how many? That involved risk based thinking... I hope!

- Anything you do involving STATISTICS probably involves risk. A process capability study measures the risk of producing nonconforming product. Ongoing SPC process control is intended to assess the risk of processes going astray. The entire field of statistics was invented to help assess risk!

- Any time you audit a process, you are considering risk. If you "knew" that processes were always executed 100% correctly why would you audit them?

Same extends to supplier audits.

- When you calibrate/confirm a gauge, you should be considering risk. Why do you decide to do the calibration every 90 days/ 365 days/ 1 day/ etc. Hopefully you have considered the risk of the gauge/ measurement device going wrong, as well as the cost of checking it and the cost of reaction if bad parts have been accepted.

I hope that these everyday examples help illustrate the point. Good QA has always been about managing risk!

Brad
 

somashekar

Staff member
Super Moderator
#5
Please note that the 6.1 is leading you back to 4.1 and 4.2.

This means that its reflecting back on your context and needs and expectations of your organizations's interested parties.

If you have not done this well, you will not be able to focus on the actions to address the risks and opportunities. This is more at a macro level and not just the stuff of product failure risk, calibration risk and such.

Risks that address your business continuity, new technology challenges, changing market and demands, competition, need for diversification and its associated risks, Investment risks .....and more.

Unless your leadership (the management) gets down to discussing these with the executing professionals after a clear understanding of the business process and QMS requirement, most will simply be addressing the risks around what processes and products you see in and around you.
 

Paul Simpson

Trusted Information Resource
#6
Hi all

Regarding of documented evidences in 6.1, I don´t see any specific
information required.

Would it be needed to have only a list of identified and treated risks, also to have the evidences of the follow-up and actions plans? Additional, evidences of a swot and list of interested parties.

But I wonder if is needed, say, an evidence of a brainstorming session
with employees when determining risk? and also a sheet/format for every risk detected en each process, where risk is evaluated (the impact, the responsibles, due dates for actions,etc) including sign off of them?.

Please give some feedback

Thanks
As others have said. How you address planning is up to you and depends on how the organization currently works. As somashekar the results of your internal and external context assessment (perhaps the PESTLE and / or SWOT analysis) will generate a list of issues you want to manage.

Similarly your list of process risks and opportunities (4.4.1 f)may generate some evidence of risk and opportunity management.

So long as your organization is happy you have adequately looked at risk your 3rd party CB should also be happy.
 

zucccchini

Inactive Registered Visitor
#7
:bigwave:Well guys, here is how I am going to approach this risk thing and it may even cover some other little 'shalls' the powers that be have thrown in there. I internal Audit a AS9100 manufacturing (machine shop). I have since retired actually working there but they call me in to do their internals. Long time ago I suggested that they really needed a history paper among the CAD/CAM programs, inspection notes, etc. for reoccurring job. At that time it simply helped the setup people and operator to realize ahead of time the problems that they may run into.

This thing has become invaluable now. It lists the RISKS over time for that job, includes tooling issues, machine issues, hard to find gauges, etc, mistakes made that caused scrap. On top of that it qualifies as addressing loss of learned experience. No starting a new learning curve if someone leaves that always ran that job. It did not walk out the door with him/her.

As far as addressing risks on the outside to the business in general, that would fall into the Planning 6. But that 'job history paper' certainly helped our production side address those issues.
 
X

xxxxxxl

#8
I have been wondering if Opportunities need to be addressed separately to risks. Some identified risks due reveal opportunities, but sometimes opportunities originate from places other than risk assessment, business plans, or management review outputs.

Thoughts?
 
Q

QAMTY

#9
It could be both ways, maybe at the same time a risk is detected, or may come alone.

A good practice is to have a method to evaluate if the opportunity is worth to take it

there is a method somewhere, that considers probability and benefit and you get a factor, depending of the factor, you can decide if it is convenient or not.


Hope this helps
 
#10
I have prepared the risk register for ISO 9001-2015 which includes only the probability and severity of the risk and mitigation plan, is that okay for ISO 9001-2015 or it also needs DETECTION and CONTINGENCY PLAN? Does the risk is only limited to the all processes of business failure or it should also contain risk to human beings involved in the process or act?
 
Thread starter Similar threads Forum Replies Date
S Are there ISO9001:2015 Requirements for Preventive Maintenance? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 36
A ISO9001:2015 Document control and training aids ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
S ISO9001:2015 Clause 9.1 - What the external auditor will look at? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
S ISO9001:2015 6.3 - Planning of Changes - OFI from auditor ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
I ISO9001:2015 9.1.2 - Customer Satisfaction Feedback ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
L Is writing out the ISO9001:2015 standard full name a requirement ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 37
E Interesting Discussion Was this the fastest ever stage 2 ISO9001:2015 audit? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 76
ScottK Question for Auditors on 7.1.4 in the ISO9001:2015 revision ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
qualprod ISO9001:2015 Cl. 9.1.1 and 9.1.3 evidenced with only improvement actions? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
G Effect of ISO9001 2015 transition on ISO IEC 80079-34 Other ISO and International Standards and European Regulations 2
A ISO9001:2015 Process Matrix with clauses General Auditing Discussions 13
S ISO9001:2015 Cl. 4.4.1 - What Processes Do I Need Documented ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
B Bare Bones/Under the Radar ISO9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
W Is ISO9001:2015 required for AS9100:2016 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
Icy Mountain ISO9001:2015 & IATF 16949:2016 Gap Analysis Tool IATF 16949 - Automotive Quality Systems Standard 7
D Internal Audit During the Transition Period from ISO9001:2008 to ISO9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
D Does ISO9001:2015 require any specific "processes"? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
N ISO9001:2015 clause 7.1.5 "Resources" (Formerly "Equipment") ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
Icy Mountain ISO9001:2015 Upgrade Diary ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
S ISO9001:2015 and ISO14001:2015 Readiness/Self Evaluation Checklists wanted ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
J Understanding ISO9001:2015 - 8.3: Design and Development of Products and Services ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
W ISO9001:2015 - Clause 7.5.2 - Requirements for Creating & Updating Documents ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
C Process Map Transition from ISO9001:2008 to ISO9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
A ISO9001:2015 Auditor Training Materials Training - Internal, External, Online and Distance Learning 2
M ISO9001:2015 Clause 8.4 Control of External Processes and Purchased Goods & Materials ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
L Corporate Manual - Global Multi-Site ISO9001:2015 Certification ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
A ISO9001:2015 comparison with AS9100:2016 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
C Auditing Clause 5 - Leadership in ISO9001:2015 Internal Auditing 4
S Informational ISO9001:2015 Process Interactions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 65
S ISO9001:2015 Section 4.4.1 - Support Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
C Risks involved in requesting Cert to ISO9001:2015 right when released ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
T Changes in ISO9001:2015 to the requirements for a management representative ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
L Customer Waiver in ISO9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
L Lean in the ISO9001:2015 World Lean in Manufacturing and Service Industries 1
A Has anyone made an ISO9001:2015 vs. ISO9001:2008 Matrix ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 32
T COVID, Furlough and ISO9001 Surveillance Audit Coffee Break and Water Cooler Discussions 2
D ISO9001 for one man company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
S What's meant by ISO9001 clause 8.7 non conforming output? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
G Calibration: Conforming to ISO9001 Requirements General Measurement Device and Calibration Topics 6
H Communication plan according to ISO9001 - Pharmaceutical field Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 3
R Major nonformance finding was given during a closing meeting of a ISO9001 certification audit General Auditing Discussions 76
N Is consultant prohibited in ISO9001 audit? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 66
R ISO13485/ISO9001 Convenient Document Management System Document Control Systems, Procedures, Forms and Templates 3
R ISO9001 & ISO13485 QMS for 2 types of products ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
T In house Calibration? Measurement equipment traceability requirements - ISO9001 General Measurement Device and Calibration Topics 12
a_bardi Excluding ISO9001 Cl. 8.4 - Supplier Selection and Evaluation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
M Can Six sigma support ISO9001? If yes, in what ways? Lean in Manufacturing and Service Industries 5
C Checklist comparison between ISO9001:2008 and ISO 3834 Quality Management System (QMS) Manuals 1
Y The challenge of why should we have ISO9001 and process audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
G BCARs/EASA to ISO9001/AS9100 cross reference matrix/table wanted EASA and JAA Aviation Standards and Requirements 1

Similar threads

Top Bottom