ISO 9001:2015 – Risk Based Thinking
The main objective of ISO 9001 is to provide confidence in the organization’s ability to consistently provide customers with conforming goods and services. Control of processes helps ensure consistency, but how can you predict something unexpected?
ISO 9001:2015 introduces Risk-Based Thinking as a systematic approach to risk that should be incorporated throughout the entirety of your QMS, rather than treating risk as a single component. This forces you to be proactive rather than reactive which promotes continual improvement.
In previous revisions of ISO 9001 preventive action was a separate clause within the standard, but now risk is woven throughout. Risk-based thinking makes preventive action part of your organization’s routine. As many people think of risk in a negative way, ISO defines risk as anything that is produced that deviates from the predicted objectives. This means that there can be a positive side of risk.
Here are several tools to help your organization maintain a systematic approach to risk.
- Risk-Based Thinking Training – Helps all process owners understand how to assess risk.
- Risk Management Exercise a simple approach to risk management that can be applied to throughout the organization.
- Using FMEA to manage Risk and FMEA Training – a technical approach to managing risk
Taking a risk-based approach means:
- Determining the risks and opportunities
- Planning actions to address them
- Implementing them in a quality management system
- Evaluating their effectiveness
Risk-Based Thinking will help you improve customer satisfaction and confidence by creating consistency within your organization in the context of goods and services. This requirement forces you to establish a proactive workforce for prevention of risk and improvements
How to implement Risk-Based Thinking into your organization?
- Identify what the risks and opportunities are in your organization- this depends on the context or your organization.
- Analyze and prioritize the risks and opportunities in your organization identify what is acceptable and what is not.
- Plan actions to address the risks, can the risks be avoided, mitigated or eliminated?
- Take action and implement the plan to address the risks.
- Check the effectiveness of your plan
- Continual Improvement
Risk-Based Thinking Example
When you are planning your own actions you must consider the context of your organization. Planning actions to mitigate a potential issue such as a having your supplier wiped out by a tsunami will be much more thorough and meticulous compared to mitigating the risk of the wrong sodas being ordered for the staff.
What can go wrong in a process?
- Purchasing Process
- Single Source supplier is wiped out by Tsunami
- What is the impact?
- You are shut down.
- What is the likelihood?
- How do you mitigate the risk?
- Find another supplier
- Revise product design to allow other options
- Purchase insurance that covers business interruption
Risk has always been an important part of quality management systems. Most organizations take a risk-based approach intuitively, but ISO 9001 takes the approach a step further to ensure that organizations build it into their entire management system. Business risks are ever-growing, and therefore this approach has become crucial for QMS. Risk-based approaches will help you improve customer satisfaction and confidence, assure consistency of quality goods and services, and establish a proactive business mindset which will promote continual improvement. Risk-based thinking should be apart of your scheduled management review and is a key element in continual improvement.