Risk management in ISO 9001:2015

CATEGORY
ISO norm
|
AUTHOR

Risk management is a continuous, repetitive activity of interrelated activities, the aim of which is to manage potential risks, i.e. to reduce the probability of their occurrence or to reduce their impact. However, it must not be forgotten that the risk arises even if the organization does not manage its opportunities and does not look for new market entry opportunities.

 

One of the main changes in the new ISO 9001:2015 standard is risk-based thinking. Risk management replaces preventive measures. Risk management is included in the requirements for the design, implementation, maintenance and continuous improvement of the quality management system.

 

Risk management in the ISO 9001:2015 standard

There are two new chapters in the ISO 9001:2015 standard that are closely related to risk management. Point 4 of the standard - Organizational context, serves as an input to the risk management process. At this point, the organization must identify external and internal issues that are relevant to its purpose and strategic direction and that affect its ability to achieve the intended result of its own quality management system.
 

The risk management itself is described in standard 6 - Planning:

6.1 Risk and opportunity management measures. The organization must identify the risks and opportunities it needs to keep the organization running. The organization must also plan measures to manage these risks and opportunities.
 

Risk management increases the likelihood that an organization will achieve its goals and be able to ensure customer satisfaction.
 

Risk management in ISO 9001:2015 - methods, techniques and standards

The most well-known risk management methods include:

  • CLA (Checklist analysis) - checklist analysis
  • ETA (Event tree analysis) - event tree analysis
  • FMEA (Failure Modes and Effects Analysis) - analysis of possible errors and their consequences
  • Forecasting
  • Probabilistic methods
  • SA (Safety Audit) - safety audit

 

Analytical techniques useful for identifying potential risks include:

  • Brainstorming
  • SWOT analysis
  • Pareto principle
  • SMART - goal design
  • Scenario technique


Basic standards in risk management:

  • ISO 31000 Risk management - Principles and guidance
  • IEC/ISO 31010 Risk management - Risk assessment techniques
  • ISO Guide 73:2009 Risk management - Glossary

 

Resources:

  • STN EN ISO 9001:2016
  • ISO 31000
  • IEC / ISO 31010

 

Training:

Risk management