White Paper – How to apply Risk-based Thinking to ISO 9001:2015

For the past several months we've published a series of blog posts on the application of Risk-based Thinking for ISO 9001:2015. It's been a very popular series and there was demand for the series to be collated into a single document for easy reference.

We've done just that and the white paper that resulted is available to download from here. Be aware - it's a 1MiB PDF document just under 60 pages in length.

Here is the summary of what it contains:

The new version of the ISO 9001:2015 standard is scheduled for final publication on September 23rd 2015. One of the new requirements is to show evidence of risk-based thinking (RBT) in the quality management system. How do you do that? How are auditors likely to respond to the new challenges that ISO 9001:2015 brings? How do you produce documented evidence of risk-based thinking?

Although ISO 9001:2015 does not call for formal methods of risk management, it is likely that anyone trying to understand RBT may turn to ISO 31000 and the list of risk assessment techniques in particular. However, this is not as easy as it sounds. There are many techniques to choose from and many may not be applicable to the sectors that ISO 9001 serves.

This white paper has two major sections. The first part provides a primer on many of the ISO 31000 risk assessment techniques and considers their applicability to quality management. The second part provides a six-step methodology that you can follow to deliver evidence of a risk based approach to quality. It is a practical methodology that is specific on inputs / outputs, and what you need to do in-between. Several example templates are provided that could form the basis for your documented information.