Informational Risk Management (and Risk Based Thinking) in ISO 9001:2015

Elsmar Forum Sponsor

Marc

Hunkered Down for the Duration
Staff member
Admin
#2
Re: Risk Management in ISO 9001:2015

See: How the addition of "Risk" will affect ISO 9001:2015.

Sidney has an ISO 9001:2015 group on Linkedin which is discussing Risk but I don't have the link off hand. I'm sure Sidney will add it here when he sees this post/thread.

Some Risk Examples: Financial uncertainty, project failure, security aspects, competition, technology problems, the effect on the environment from operations such as wastes produced and dangerous emission(s).
 

John Broomfield

Staff member
Super Moderator
#4
Re: Risk Management in ISO 9001:2015

hello everyone

does anyone made risk identification and assessment to share with us?

i like to see some samples;)
aburaggi,

We speak as if we are not already managing risk while realizing opportunities.

When we plan a new project or process we agree the objectives then we consider what could happen to stop us fulfilling the objectives and what we must do to be assured of meeting the objectives.

Accordingly, we ensure we have the necessary resources and controls in place to manage the risks while realizing the opportunity.

Resources include facilities, equipment, materials, authorities and competencies. Controls include methods, procedures, responsibilities, care and coordination. Of course, the resources and controls come with the necessary contingencies such as making sure we do not have single points of control.

For example, we are planning to do business with a supplier for the first time. We apply our established selection criteria and then invest in more monitoring than we do for suppliers accomplished in fulfilling our requirements. Another example, our customers are slow to pay. We find out why and may ensure our management system results in accurate invoices issued as soon as possible. Or, we design a product or process but want to ensure it does not cause injury so we organize multidisciplinary reviews between each design iteration.

Just about every decision is predicated by a risk assessment. Naturally, we need our management systems to help us to manage the knowledge proven useful to quickly assess opportunities and their risks.

The greatest risk, as I see it, is forgetting what we already know and do with our processes and projects in favor of chasing what ISO newly specifies explicitly instead of implicitly.

John
 
H

heartolearn

#5
Re: Risk Management in ISO 9001:2015

In order to provide evidence it would seem from the text within Marc's post that the incorporation of risk based thinking will require some form of tool(s) to log in risks as they apply to the appropriate process. (This in itself becomes a process, does it not?) Personnel accepting of risk management seemingly would need guidance and a working structure to operate from. On-going risk to improvement opportunity conversions would require documentation of some type or else how could they be analyzed, reacted upon, measured and monitored, and lastly reported to Leadership?
 

aburaggi

Starting to get Involved
#6
Re: Risk Management in ISO 9001:2015

aburaggi,

We speak as if we are not already managing risk while realizing opportunities.

When we plan a new project or process we agree the objectives then we consider what could happen to stop us fulfilling the objectives and what we must do to be assured of meeting the objectives.

Accordingly, we ensure we have the necessary resources and controls in place to manage the risks while realizing the opportunity.

Resources include facilities, equipment, materials, authorities and competencies. Controls include methods, procedures, responsibilities, care and coordination. Of course, the resources and controls come with the necessary contingencies such as making sure we do not have single points of control.

For example, we are planning to do business with a supplier for the first time. We apply our established selection criteria and then invest in more monitoring than we do for suppliers accomplished in fulfilling our requirements. Another example, our customers are slow to pay. We find out why and may ensure our management system results in accurate invoices issued as soon as possible. Or, we design a product or process but want to ensure it does not cause injury so we organize multidisciplinary reviews between each design iteration.

Just about every decision is predicated by a risk assessment. Naturally, we need our management systems to help us to manage the knowledge proven useful to quickly assess opportunities and their risks.

The greatest risk, as I see it, is forgetting what we already know and do with our processes and projects in favor of chasing what ISO newly specifies explicitly instead of implicitly.

John
thanks John
of course risk always is considered that?s why we always add control measures in each and every process we do,,,, and i think incorporating it with the QMS should give a greater value. since the risk will be identified and evaluated. Frequency x Severity = Risk

i just need to see few samples -if exist- to start identifying and categorizing those risks
 

John Broomfield

Staff member
Super Moderator
#7
Re: Risk Management in ISO 9001:2015

aburaggi,

Sure, we'd all like a few examples of the evidence expected of risk-based thinking as specified in the DIS.

The DIS also says that it is not specifying requirements for a risk-based management system.

So, are we to generate additional evidence to keep auditors happy or are we to continue managing risk as we now do, without keeping a record?

Hopefully, the FDIS will clarify this.

John
 
Last edited:

LUV-d-4UM

Quite Involved in Discussions
#8
Re: Risk Management in ISO 9001:2015

I am taking a big risk by posting the Quality Policy statement for the ISO9001:2015 management system. I welcome everyone to critique this quality policy. Thank you.

"We the employees of XYZ company are committed to deliver quality in every product and service which we provide to all our customers. To meet this commitment we will:

Supply products and services which meet customer expectations and requirements surpassing or equalizing the competition

Develop and introduce innovative products and services to meet emerging expectations and requirements

Maintain an environment which encourages us to continuously strive to improve the quality of work, both individual and as a team.

This commitment to quality is a responsibility accepted by all XYZ Company employees to maintain the loyalty and trust of our customers."
 

Helmut Jilling

Auditor / Consultant
#9
Re: Risk Management in ISO 9001:2015

thanks John
of course risk always is considered that?s why we always add control measures in each and every process we do,,,, and i think incorporating it with the QMS should give a greater value. since the risk will be identified and evaluated. Frequency x Severity = Risk

i just need to see few samples -if exist- to start identifying and categorizing those risks
just to be clear, many companies do not adequately evaluate and control risks.
 

somashekar

Staff member
Super Moderator
#10
Re: Risk Management in ISO 9001:2015

just to be clear, many companies do not adequately evaluate and control risks.
Yes, very true.
They do not anticipate, they do not learn from past experiences.
They get surprises, shocks,
They firefight, they become busy, they get tired, then they also get appreciated, and a false sense of achievement is felt. They take pride in it, they get rewarded too for all the fire fighting.
Each process and process interaction must be assessed from two elements.
1. What is the Goal.
2. What are the prospects and consequences in the actions we plan towards meeting the goal.
Does the prospects weigh good, so we decide to go from Plan to Do, with all the available resources, and planned monitoring.
Are there any consequences likely to come up for which we have to make a Plan 2 as a backup...

How you want to document this is your freedom.
 
Thread starter Similar threads Forum Replies Date
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
C AS9100 Rev D 8.1.1 & APQP - Operational risk management process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
B ATP 5-19 "Risk Management" Misc. Quality Assurance and Business Systems Related Topics 2
N Risk Management besides mandated FDA requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M Identifying Hazards - Risk management process ISO 14971 - Medical Device Risk Management 6
R Risk Management in the Medical Device Industry ISO 14971 - Medical Device Risk Management 4
F Linking an ISO 31000 Risk management SOP to ISO 17025 ISO 17025 related Discussions 2
Ronen E The unbearable insensitivity of risk management language Other Medical Device and Orthopedic Related Topics 1
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Risk/Benefit vs. benefit-risk - Revising an SOP covering Risk Management with the MDR in mind EU Medical Device Regulations 10
A Defining Expected Service Life in Risk Management File Reliability Analysis - Predictions, Testing and Standards 5
R Linking the Processes of Continual Improvement, Change Management, Risk Management, Action Planning, etc? Preventive Action and Continuous Improvement 5
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
J Software for Techfiles and Risk management ISO 14971 - Medical Device Risk Management 1
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
T Risk Management Report as per MDR Requirements EU Medical Device Regulations 4
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
M Medical Device News Health Canada Notice of intent: Strengthening the post-market surveillance and risk management Canada Medical Device Regulations 1
Q Evidence of precautions (clinical evaluation report, risk management report) EU Medical Device Regulations 6
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
A How to view supplier APQP timeline and do risk management APQP and PPAP 4
O Medical Device EMC Risk Management CE Marking (Conformité Européene) / CB Scheme 4
S ISO 13485:2016 - How I can integrate a risk management approach in our SOPs ISO 13485:2016 - Medical Device Quality Management Systems 1
B Time necessary for all Risk Management activities ISO 14971 - Medical Device Risk Management 2
W Virtual Manufacturer and Risk Management ISO 14971 - Medical Device Risk Management 3
O CQE Handbook - Missing Section VII - Risk Management Misc. Quality Assurance and Business Systems Related Topics 1
F Medical Device HACCP (Hazard Analysis and Critical Control Point) Risk Management ISO 14971 - Medical Device Risk Management 2
J Differences between a Risk Management Plan vs. Production Part Approval Process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
M Free Risk Management Webinar - Design for Quality - May 2017 Risk Management Principles and Generic Guidelines 1
J Will this fulfill the AS9100D Risk Management Requirement AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
A Including all Processes in Risk Management - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 8
F Risk Management vs. FMEA ISO 14971 - Medical Device Risk Management 11
T Using Risk Management in ISO 10993 - Medical Device Accessory 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Risk Management - Additional Process in ISO 9001:2015? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
alonFAI How to define a Risk Based Approach for Supplier Management per ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1
J What ever happened to Medical Device Risk Management, anyway? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 17
M AAMI draft report - Postmarket Risk Management ISO 14971 - Medical Device Risk Management 2
L Risk Management in an IVD, ISO 13485 certified company ISO 14971 - Medical Device Risk Management 2
S Informational Risk Management Implementation for ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 60
S Risk Management during Contract Review AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
M Risk Management File for Extra Oral RX Equipment ISO 14971 - Medical Device Risk Management 11
D Risk Management for Drug-Device Combinations ISO 14971 - Medical Device Risk Management 1
A AS 9100 - Risk Management Procedure and Flow Chart examples AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2

Similar threads

Top Bottom