Looking to Integrate 9001+14001+27001+45001+50001? Click here!

ISO 9001:2015 – Risk Based Thinking

The main objective of ISO 9001 is to provide confidence in the organization’s ability to consistently provide customers with conforming goods and services. Control of processes helps ensure consistency, but how can you predict something unexpected?

ISO 9001:2015 introduces Risk-Based Thinking as a systematic approach to risk that should be incorporated throughout the entirety of your QMS, rather than treating risk as a single component. This forces you to be proactive rather than reactive which promotes continual improvement.  

In previous revisions of ISO 9001 preventive action was a separate clause within the standard, but now risk is woven throughout. Risk-based thinking makes preventive action part of your organization’s routine. As many people think of risk in a negative way, ISO defines risk as anything that is produced that deviates from the predicted objectives. This means that there can be a positive side of risk.

Here are several tools to help your organization maintain a systematic approach to risk.

Taking a risk-based approach means:

Risk-Based Thinking will help you improve customer satisfaction and confidence by creating consistency within your organization in the context of goods and services. This requirement forces you to establish a proactive workforce for prevention of risk and improvements

How to implement Risk-Based Thinking into your organization?

Risk-Based Thinking Example

When you are planning your own actions you must consider the context of your organization. Planning actions to mitigate a potential issue such as a having your supplier wiped out by a tsunami will be much more thorough and meticulous compared to mitigating the risk of the wrong sodas being ordered for the staff.

What can go wrong in a process?

  • Purchasing Process
    • Single Source supplier is wiped out by Tsunami
  • What is the impact?
    • You are shut down.
  • What is the likelihood?
    • Unlikely
  • How do you mitigate the risk?
    • Find another supplier
    • Revise product design to allow other options
    • Purchase insurance that covers business interruption

Risk has always been an important part of quality management systems. Most organizations take a risk-based approach intuitively, but ISO 9001 takes the approach a step further to ensure that organizations build it into their entire management system. Business risks are ever-growing, and therefore this approach has become crucial for QMS. Risk-based approaches will help you improve customer satisfaction and confidence, assure consistency of quality goods and services, and establish a proactive business mindset which will promote continual improvement. Risk-based thinking should be apart of your scheduled management review and is a key element in continual improvement.


Our All-in-One Certification Package is a proven, efficient system. It gives you all you need to prepare for registration – in one simple to use package.

Buy the Standard

9100 Store Logo ISO 9001:2015

Customer Review:

"I have just passed my ISO-9001 Audit with zero non-conformances for the second year in a row using your ISO products to write my entire QMS. Thank you for producing documents of this quality"

Bettye Patrick

United Plating, Inc