I have seen a huge amount of discussion, concern and misinformation about risk-based thinking and ISO 9001:2015 (and related standards that use it as their core requirements).
Some people have tried to claim FMEAs will be required. That is not true. Indeed, ISO TC 176/SC2 has published a white paper on RBT to help clarify FMEAs are not required.
The FMEA's format has tended to be suited for manufacturing widgets, but I have seen its format adapted to help IT groups perform their risk control systems. Environmental and safety managers have been making Aspects and Impacts and Risk-Hazard Analyses for years, using an adapted FMEA format.
For that reason it seems sensible for some to suggest such a format might be helpful, especially for those of us who are accustomed to seeing it for product. That is why I made an adaptation of the FMEA for managing risks in processes. The fact that it somewhat resembles an FMEA is due to the usefulness of the FMEA for sorting information. That is all. Please see attached. I hope this helps!
Some people have tried to claim FMEAs will be required. That is not true. Indeed, ISO TC 176/SC2 has published a white paper on RBT to help clarify FMEAs are not required.
The FMEA's format has tended to be suited for manufacturing widgets, but I have seen its format adapted to help IT groups perform their risk control systems. Environmental and safety managers have been making Aspects and Impacts and Risk-Hazard Analyses for years, using an adapted FMEA format.
For that reason it seems sensible for some to suggest such a format might be helpful, especially for those of us who are accustomed to seeing it for product. That is why I made an adaptation of the FMEA for managing risks in processes. The fact that it somewhat resembles an FMEA is due to the usefulness of the FMEA for sorting information. That is all. Please see attached. I hope this helps!
Attachments
Last edited: