Risk Assessment Technique that fits the Context of the Organization

[armani]

In 31010 I stumbled upon this formula (more or less!): "risk assessment technique that fits the context of your organization". What does this mean?...I am afraid I cannot grasp sufficiently the meaning of this...;(

 

[rob73]

Re: Risk assessment technique that fits the context of organization

I thing what it is trying so say is use the tool for risk analysis/assessment that best fits your business, for instance an automotive supplier will be going through design FMEA's, medical device manufacturer will be using ISO 14971, a fastener supplier may have a recorded meeting where business and supply risks are discussed. If you are not doing design work is becomes much simpler!
Horses for courses, comes to mind.
Rob

 

[Jean_B]

Re: Risk assessment technique that fits the context of organization

IEC 31010 is an entire catalog of risk assessment techniques. The keywords in your paraphrased extract do not identifiably match with any one topic in the standard.

If it comes down to basics, then yes what Rob says is the first point. Choose the right tool (or assessment technique) for the job you are doing.
Only you know the context in which your organisation operations (swiftness of operations, necessary detail, regulatory requirements). Keeping that in mind, the following steps will lead you to

Table A.1 of IEC 31010 shows you where techniques are applicable (either strongly recommended or simply feasible) or whether they are regarded as a poor choice or impossible, and thus stated as "not applicable". Using it as a starting point:
1. Know what each phase (identification, analysis (consequence/effect, probability, level of risk/severity), evaluation) of risk management is about.
2. Determine which phase you are in, and/or will be covering in the future. Life-cycle and regulatory requirements play a heavy role in this.
3. Then read the more detailed sections on the applicable techniques.
4. Choose the ones that suits your situation best. Some even have specific standards explaining them more in depth (e.g. FMEA, FTA).
5. Execute.

Do note that though FMEA is stated to be strongly applicable in any phase, this doesn't automatically make it the best all of the time (especially since a specific failure mode can have complex and even independent failure mechanisms/causes, and diverse effects).
Sometimes using a different tool when you're entering a different phase is simply easier, more efficient or more effective depending on what you are managing the risk of.

 

[rkk2014]

Can Organizational Risks, as identified in 4.1, be linked through PFMEAs into all QMS Processes. As Standard does not specify any specific tool for Risk analysis.

 

[QAMTY]

It depends of your activities, ISO 9001 2015, only needs RBT, doesnt ask you to follow 31000 or 301010 standard.

You could comply it in a very easy way or going deeping by using 31000.

If you follow a RBT concept, dont need 31000.

Make it easy.

Hope this helps

 

[rkk2014]

I am working in a Automotive part Mfg Company. We are already having PFMEAs / CP for all our QMS Processes. I have adopted following sequence for moving from IS/TS 16949 TO IATF 2016.
1. Identified IP
2. Needs / Expectations of IP
3. From Point no : 2 , fine tuned the Org. Risk & Opportunities.
4. From Point No : 2 ---identified Indicators controlling them.
5. In this way identified Indicators for the Org Risks & IP Concerns
6. These Indicators I m planning to address in PFMEAs.

As as per my opinion, Analysis of these risk indicator parameters comes through analyzing 6M Conditions of Processes, which we are already doing in PFMEAs.
RISK prioritization, we will do by S *O only.
Some of the Risks may be acceptable , while others may be intolerable - for which risk mitigation plan will be available.

I am a bit confused, whether this route will suffice the standard requirement or not.