ISO 9001:2015 – How to apply Risk-based Thinking to Quality Processes [Part XII]

how-to-apply-risk-based-thinking-p-XII-660x330 (1)

There are twelve posts in this series. To read Part XI, please click here.

This is the final part in our series on how you might apply Risk Assessment techniques to meet the possible Risk Based Thinking (RBT) requirements of the forthcoming ISO9001:2015 standard. Events are moving along for the new version: the last formal draft of ISO/FDIS 9001 has just been issued, and final publication is scheduled on September 23rd 2015.

To close out the series we take another look at the 6 step process we're recommending and provide links to templates for documenting the outputs that we hope you will find useful. Click on the document icon to download the PDF.

1. Establish the context

This step determines the issues and requirements that can impact on the planning of the quality management system; including: (a) the main objectives and outcomes that are uncertain / subject to risk; and (b) the needs and expectations of the organization’s customers and other relevant interested parties; the products and services it provides; the complexity of processes it employs and their interactions; the competence of persons within or working on behalf of the organization; and its size and organizational structure.

An example statement of context template was introduced in Part X of the series and is available here.

2. Risk identification

This step involves selecting a suitable process for risk identification and for each quality process, identifying and numbering the risks. This process records the risks in a Risk and Opportunities Register (R&O Register) that would form an integral part of the Quality Management System.

We offer two supporting templates - a Risk Description Brainstorming Sheet and a Risks & Opportunities Register.

Risk Description Brainstorming Sheet:

Risk Description Brainstorm Sheet

Risks & Opportunities Register:

Risk and opportunities Reguster

3. Qualitative risk analysis & risk evaluation

This step considers (for each risk) the effectiveness of the existing controls using a suitable effectiveness scale; the consequences (impact) for each risk; the likelihood of these consequences occurring; and the potential exposure were the controls in place to fail.

4. Semi-Quantitative risk assessment for systems and processes

A semi-quantitative measure of risk is an estimate derived using a scoring approach. Risk indices are used to rate a series of risks using similar criteria so that they can be more easily compared.

An example Semi-Quantitative Risk Assessment Calculator Template was introduced in Part XI of the series and is available here.

5. Risk-treatment

This step considers options for either avoiding or seeking the risk; changing the likelihood; changing the consequences; sharing the risk; or explicitly accepting the risk without further treatment.

We offer two supporting templates - a Risk Treatment Plan Template and a Risk Treatment Options Worksheet.

Risk Treatment Plan Template:

Risk Treatment plan template

Risk Treatment Options Worksheet:

Risk Worksheet

6. Monitoring & review

Periodically, the team will re-assess risks and decide whether new risks are affecting or could affect quality processes and systems as part of the cycle of continuous quality process improvement.

New call-to-action

Tags: ISO 9001:2015, Quality Management System

Paul Walsh

Written by Paul Walsh

Paul Walsh was one of the founders of Cognidox. After a period as an academic working in user experience (UX) research, Paul started a 25-year career in software development. He's worked for multinational telecom companies (Nortel), two $1B Cambridge companies (Ionica, Virata), and co-founded a couple of startup companies. His experience includes network management software, embedded software on silicon, enterprise software, and cloud computing.

Related Posts

8 tips for documenting your SOPs (Standard Operating Procedures)

There are many reasons why organisations need to document their SOPs. From ensuring uniformity in ...

Should you use Microsoft software to build your own digital QMS?

SMEs creating a digital Quality Management System (QMS) will often reach for the most familiar ...

Document Control requirements in ISO 9001:2015; what you need to know

Document control is a key part of any Quality Management System (QMS) and, therefore, a requirement ...

A short guide to non-conformance reports; what, why and how

How do you log and deal with non-conformities so that faulty products don't end up in the hands of ...

What does it take to make your TMF an eTMF?

A Trial Master File (TMF) is a comprehensive collection of documents that ensures the conduct of ...

Data integrity in life sciences: the vital role of ALCOA principles

Data integrity is central to the safe development and manufacturing of every life-science product ...