Informational Risk Management Implementation for ISO 9001:2015

dsanabria

Quite Involved in Discussions
#21
The new ISO 9001 2015 standards place much emphasis on risk based thinking and risk management See below:

4.4.2 - Process approach
?The organization shall:
d) determine the risks to conformity of goods and services and customer satisfaction if unintended outputs are delivered or process interaction is ineffective;?

5.1.2 - Leadership and commitment with respect to the needs and expectations of customers
?Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that:
a) the risks which can affect conformity of goods and services and customer satisfaction are identified and addressed;

Right now I am concerned with operational changes my organization will have to implement be compliant with the new standards. From what I understand our company will essentially have to draft a Process Failure Modes and Effect Analysis for all of our processes.

We will have three years to get our organization up to date. I have never gone through an ISO revision process before. I am interested to find out from more experienced quality people what new types of procedures/policies will be necessary to meet the new risk management requirements. Any input would be a great help.
Before you begin and create an empire of documents and beuricracy - FMEA is one out of many tools that you can use.

For additional information ofn this subject follow the link and incorporate what works for your processes and it is effective - use the KISS principle.

https://www.sae.org/servlets/regist...HGeneral&PAGE=getSCMHBOOK&vgenNum=224&scmhs=1
.
 

Attachments

Elsmar Forum Sponsor

Zearl

Starting to get Involved
#22
Agree.
In our current system, we have documented "turtle diagrams" which basically detail each process in our system....production, maintenance, purchasing, etc. We are
planning at this point to document risk assessment by simply tabulating Risk/Results/Controls for areas of concern. These areas of concern already, naturally, have controls to prevent unintended results, thus mitigating associated risks.

My opinion is this doesn't have to be a massive undertaking encompassing every risk
that can possibly be considered, since we just need to demonstrate we have considered risk.

For example, with respect to Raw Materials, one risk is Poor Quality Raw Material. Result, off-spec product, control, incoming inspection procedure requirements, etc.
With respect to production, one risk is off-specification product. Result, poor customer satisfaction/monetary losses. Control, final product analysis and inspection requirements.

At first I considered doing a risk assessment similar to environmental aspects in 14001, but on further reading of the standard and elsmar comments, I don't believe such a massive undertaking is warranted. I'll be checking with our auditor to see what
he/she expects.

What say you Elsmar?
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#23
I'll be checking with our auditor to see what he/she expects.
Be careful with designing and implementing a system based on "auditor's wishes" because they can be fickle and there is auditor rotation. Much wiser to implement something that is well thought out and make sense and is sustainable for the organization, instead of something that is a moving target, extrinsic to the company.

What say you Elsmar?
First thing I would say: there is NO REQUIREMENT in ISO 9001:2015 for Risk Management. Risk based thinking does not equate to formal risk management.

Risk based thinking is supposed to be a framework, a MINDSET to be deployed when confronted with decisions, challenges and dilemmas related to the organization's ability to deliver conforming product and enhancing customer satisfaction. I provided one example of solving a typical question along the lines of risk based thinking deployment in this thread.

Obviously, in more complex contexts (e.g. medical devices, aerospace, automotive, chemical sectors), formal (qualitative and quantitative) risk management processes and practices could be required.
 

Zearl

Starting to get Involved
#24
Sidney,
Appreciate you comments and agree with the auditor statement. My intent is to explore what he/she has noted from talks with other auditors. But it is our system.

With regard to risk management, section 6.1 requires actions to address risks and opportunities. 6.1.2 states "the organization shall plan: a) actions to address these
risks and opportunities; b) how to: 1) integrate and implement the actions into its
QMS processes (4.4) and 2) evaluate the effectiveness of these actions."
So documenting risks associated with processes would seem to help accomplish 1) above. if we need to plan actions to address risk, isn't that managing risks? Not a
all out formal risk management matrix, but simply a means of documenting risks and actions which we have already considered in the first place.
 

LUV-d-4UM

Quite Involved in Discussions
#25
Just today our TS auditor told us that her recommendation for Risk Based Thinking is FMEA and elaborated why. I told her in front of the management she's auditing that the standard does not require FMEA.
 

Big Jim

Trusted Information Resource
#27
Just today our TS auditor told us that her recommendation for Risk Based Thinking is FMEA and elaborated why. I told her in front of the management she's auditing that the standard does not require FMEA.
It may not be required but for some companies it would be very useful. For others it would be a huge pain in the neck.
 

Zearl

Starting to get Involved
#28
It may not be required but for some companies it would be very useful. For others it would be a huge pain in the neck.
Agree. But I am afraid we will see auditors all across the board on risk, as the standard is very vague on the subject. It seems with every new revision, the more ambiguous. As a result, there is too much interpretation by the auditors at times.
 
T

tqmexpert

#30
to John R. Broomfield

Good point, but here is the guideline for you...

You must use your head...
for each potential risk component you must ask...
"Is the risk artifact ACCEPTABLE OR NOT, in order to ensure
that this particular QMS process can work out as planned?"

By answering this question you find the right answers
to put into your QMS Contingency Plan, which you should develop
to summarize your risk findings plus mitigation strategies.
If you really know your QMS processes well,
you will have no probelm with all the "holistic" risk assessment,
but make sure you apply it to all potential risk factors, like geographical risk,
process risk, pruduct risk, people risk, etc...well, that is what "risk based thinking" is all about...FMEA cannot cover it all and does not suit always 100%.

Hope that helps.:bigwave:
 
Thread starter Similar threads Forum Replies Date
P Risk Management Verification Activities for Implementation and Efficiency ISO 14971 - Medical Device Risk Management 3
Y ISO 31004 - Risk Management Implementation Guidance Risk Management Principles and Generic Guidelines 2
V Factors Influencing Implementation of Risk Management Policies ISO 13485:2016 - Medical Device Quality Management Systems 3
A Implementation of Risk Management for NO DESIGN Aerospace Company AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 31
Antonio Vieira ISO 31000 Guidelines for Principles and Implementation of Risk Management information Risk Management Principles and Generic Guidelines 3
M ISO 13485 training - Understanding of intent and implementation of risk management Training - Internal, External, Online and Distance Learning 1
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
C AS9100 Rev D 8.1.1 & APQP - Operational risk management process AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 0
B ATP 5-19 "Risk Management" Misc. Quality Assurance and Business Systems Related Topics 2
N Risk Management besides mandated FDA requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M Identifying Hazards - Risk management process ISO 14971 - Medical Device Risk Management 6
R Risk Management in the Medical Device Industry ISO 14971 - Medical Device Risk Management 4
F Linking an ISO 31000 Risk management SOP to ISO 17025 ISO 17025 related Discussions 2
Ronen E The unbearable insensitivity of risk management language Other Medical Device and Orthopedic Related Topics 1
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Risk/Benefit vs. benefit-risk - Revising an SOP covering Risk Management with the MDR in mind EU Medical Device Regulations 10
A Defining Expected Service Life in Risk Management File Reliability Analysis - Predictions, Testing and Standards 5
R Linking the Processes of Continual Improvement, Change Management, Risk Management, Action Planning, etc? Preventive Action and Continuous Improvement 5
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
J Software for Techfiles and Risk management ISO 14971 - Medical Device Risk Management 1
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
T Risk Management Report as per MDR Requirements EU Medical Device Regulations 4
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
M Medical Device News Health Canada Notice of intent: Strengthening the post-market surveillance and risk management Canada Medical Device Regulations 1
Q Evidence of precautions (clinical evaluation report, risk management report) EU Medical Device Regulations 6
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
A How to view supplier APQP timeline and do risk management APQP and PPAP 4
O Medical Device EMC Risk Management CE Marking (Conformité Européene) / CB Scheme 4
S ISO 13485:2016 - How I can integrate a risk management approach in our SOPs ISO 13485:2016 - Medical Device Quality Management Systems 1
B Time necessary for all Risk Management activities ISO 14971 - Medical Device Risk Management 2
W Virtual Manufacturer and Risk Management ISO 14971 - Medical Device Risk Management 3
O CQE Handbook - Missing Section VII - Risk Management Misc. Quality Assurance and Business Systems Related Topics 1
F Medical Device HACCP (Hazard Analysis and Critical Control Point) Risk Management ISO 14971 - Medical Device Risk Management 2
J Differences between a Risk Management Plan vs. Production Part Approval Process AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 3
M Free Risk Management Webinar - Design for Quality - May 2017 Risk Management Principles and Generic Guidelines 1
J Will this fulfill the AS9100D Risk Management Requirement AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 7
A Including all Processes in Risk Management - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 8
F Risk Management vs. FMEA ISO 14971 - Medical Device Risk Management 11
T Using Risk Management in ISO 10993 - Medical Device Accessory 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Risk Management - Additional Process in ISO 9001:2015? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
alonFAI How to define a Risk Based Approach for Supplier Management per ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1
J What ever happened to Medical Device Risk Management, anyway? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 17
M AAMI draft report - Postmarket Risk Management ISO 14971 - Medical Device Risk Management 2
L Risk Management in an IVD, ISO 13485 certified company ISO 14971 - Medical Device Risk Management 2
Similar threads


















































Top Bottom