Risk Based Thinking - Is a Documented Procedure required?


Trusted Information Resource
Is it requested a documented procedure to establish the method followed to meet this requirement for risk analysis?
Could you share your experience and eventually some templates to follow?


Involved In Discussions
Risk Based Thinking is not required as a stand-alone procedure. You do however need to demonstrate that you're assessing risk at all levels of the organization. If you have a procedure on supplier assessment, you're already doing this in Purchasing. Preventive Actions, PFMEAs, Cross Training Matrix, Contingency Plans, AQL sampling plans, capability studies, and Gage R+R's are all examples of Risk Assessment.


Trusted Information Resource
Thank you. I know that it is not a requirement, but the auditor could ask : which kind of method you follow for each QMS process? Which tables?

Sidney Vianna

Post Responsibly
I know that it is not a requirement, but the auditor could ask :
If you want to second guess the million possible asinine questions some auditors could ask, let the ISO gods have mercy on you.

Stick to the requirements of the standard and how you your system complies with them, in a meaningful manner, and you will be in a much better and sane place.

Systems are not meant to pass audits. Especially when conducted by questionably competent auditors. Systems exist to provide GOVERNANCE to an organization.

Good luck.


Fully vaccinated are you?
If it was me, I'd do a spreadsheet listing your processes. In it I would put in things your company does to assess risk(s) for each. If you do that it will get you to thinking about all the areas you do some type of risk assessment, paper based or otherwise. That way you will have a "cheat sheet" that you can use and discuss with the auditor, and it will help you to more fully understand all the various ways your company assesses various risks.



Have you read the official guide to risk based thinking put out by ISO?

I apparently can't post links but ISO/TC 176/SC2/N1284 RISK-BASED THINKING IN ISO 9001:2015
Top Bottom