Informational Risk Management (and Risk Based Thinking) in ISO 9001:2015

Mike S.

Happy to be Alive
Trusted Information Resource
Re: Risk Management in ISO 9001:2015

does anyone made risk identification and assessment to share with us?

i like to see some samples

Search here or on the internet for FMEA, PFMEA, and/or risk register. Those are a few ways to do it and you will see lots of examples.

Or you can do it much more informally, simply listing a risk and how you intend to deal with it.

You use risk-based thinking quite often in your everyday life with no documentation: Do I need an umbrella or not; do I need a jacket or not, is it safe to pull into traffic now, if I speed on this road will I get a ticket, how much life insurance do I need, what deductible do I get on my car insurance, do I buy the extended warranty, will these tires get me through winter, do I trade in my old car now or wait until next year, do I need to get that mole looked at, should I get a cancer screening, do I get a flu shot, should I try for that other job, should I ask that person out on a date, etc. etc. etc.
 

dhakadmilind

Starting to get Involved
Re: Risk Management in ISO 9001:2015

Dear ,
I need help to under stand risk base approach for ISO9001. As 14001 is very clear to have Risk base approach on aspects,compliance obligation and interested party issue.But ISO 9001 is not specific about Risk base apporach application.DO we have to consider all process with Risk base approach in ISO like calibration,maintainacne etc.
Regards
 

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Re: Risk Management in ISO 9001:2015

Dear ,
I need help to under stand risk base approach for ISO9001. As 14001 is very clear to have Risk base approach on aspects,compliance obligation and interested party issue.But ISO 9001 is not specific about Risk base apporach application.DO we have to consider all process with Risk base approach in ISO like calibration,maintainacne etc.
Regards
It is important to not make the subject of risk-based thinking (RBT) too complex. The ISO 9001:2015 standard does not cite specific requirements because organizations need flexibility, and they need to both understand and operate to the concept.

Organizations have been already doing RBT in many cases; now they need to recognize that and be ready to "speak to it" (demonstrate it) for certification purposes. Examples include:

  • Calibration frequency set based on instrument's amount of use, the environment in which it is being used, its sensitivity and the degree to which it is important to ensure conforming output reaches the customer.
  • Planned maintenance is scheduled based on machine criticality for producing conforming outputs, its age, its extent of usage, its physical environment, etc. OEM Manuals often suggest frequencies, which provides a good starting point but these frequencies may need to be adjusted based on the above factors.
  • A checklist at Shipping helps personnel ensure outgoing parcels are complete and correct.
  • A SWOT Analysis in Management Review facilitates a strategic-level overview of internal and external issues, opportunities, and how internal and external changes might affect the organization

There are similar discussion threads referenced at the bottom of this page. Two threads have my Risk-Based Planner attachment for those organizations that really want a tool. The Planner's Instructions page also has links to four other RBT information sources, including checklists and SWOT.

I hope this helps!
 

somashekar

Leader
Admin
Re: Risk Management in ISO 9001:2015

The Risk based thinking has got to do a lot about people in the organization knowing their business well. It stems from the properly applied people (see 7.1.2) as well as from the Organizational knowledge (see 7.1.6)
Decisions and actions taken based on Analysis and evaluation (see 9.1.3) as said in the Actions to address risks and opportunities (see 6.1) ... and in this process if you are able to keep ready a plan B., then this is all the risk based thinking approach is.
Therefore if you are doing something knowing well what you are doing, and if you are not doing something because you have been said to do so., you are on proper risk based thinking. You will certainly be able to walk the talk about it.
Experience, Statistical knowledge, market research information, state of the art techniques, and many other as guided in clause 7.1.6 of the standard has to make you stronger in your risk based thinking and decision.
If you are looking to make or copy a documented procedure for this., then I guess you have not understood the standard OR more so your business.....
 
M

MayaP

Re: Risk Management in ISO 9001:2015

We use excel file with 3 worksheets:
1st worksheet: all generic risks applicable to company and its business (see generic matrix and Orange Book)
2nd worksheet: my SQE Department risks (i.e. non-compliance with applicable legal requirements etc etc, then whats done about it, scores, what else needs doing, who in charge and next review date
3rd: current problems and potential problems (brought up into broad daylight and managed), tabs as above
 
M

MayaP

Re: Risk Management in ISO 9001:2015

P.s. I have toyed with the idea of doing in depth process risk chart but due to the nature of the business (cleaning services), this was the best way to get risks addressed
 
D

DRAMMAN

Re: Risk Management in ISO 9001:2015

We use excel file with 3 worksheets:
1st worksheet: all generic risks applicable to company and its business (see generic matrix and Orange Book)
2nd worksheet: my SQE Department risks (i.e. non-compliance with applicable legal requirements etc etc, then whats done about it, scores, what else needs doing, who in charge and next review date
3rd: current problems and potential problems (brought up into broad daylight and managed), tabs as above

Mayap, can you post up an example?
 
M

MayaP

Re: Risk Management in ISO 9001:2015

Please see attached. It is for cleaning and grounds maintenance company and as I am the Risk Management driver, I have dissected my department ... I had to clear the active risks, though but it is whatever comes up in management meetings, then all active risks in one place and get looked at monthly
 

Attachments

  • Blank Risk matrix, updated on 31.01.2017. .xlsx
    17.5 KB · Views: 2,288
Q

QAMTY

Re: Risk Management in ISO 9001:2015

Very large policy, try it in a simple manner.
Keep it simple ,remember,from here,the quality objectives will come and you have to support all what state in the policy.
 
J

josephjohn

Re: Risk Management in ISO 9001:2015

ISO 9001:2015 does not prescribe a risk methodology – organisations are free to adopt their own approach. This approach must be proportionate to the potential impact on customer satisfaction and the intended results of the QMS, should the risk (or opportunity) be realised.
 
Top Bottom