Risk Based Thinking in the new ISO Standard

Process Approach

A major change in the 2015 revision of ISO 9001 is considering risks and opportunities as part of your Quality Management System (QMS). Establishing a systematic approach for consideration of risk and opportunities to minimize or eliminate risks is an important function of the 2015 revision.

Risk is inherent in all aspect of a QMS. The new revision challenges companies to be proactive rather than reactive in preventing or reducing undesired effects of certain risks.

Risk-based thinking is already part of the process approach

According to ISO, not all the processes of a quality management system represent the same level of risk in terms of the organization’s ability to meet its objectives. Some need more careful and formal planning and controls than others.

Example: To cross the road I may go directly or I may use a nearby footbridge. Which process I choose will be determined by considering the risks.

Risk is commonly understood to have only negative consequences; however the effects of risk can be either negative or positive.

In ISO 9001:2015 risks and opportunities are often cited together. Opportunity is not the positive side of risk. An opportunity is a set of circumstances which makes it possible to do something. Taking or not taking an opportunity then presents different levels of risk.

Risk-based thinking considers both the current situation and the possibilities for change

Analysis of the example above shows opportunities for improvement:

  • a subway leading directly under the road
  • pedestrian traffic lights, or
  • diverting the road so that the area has no traffic

Risk is addressed in clauses 4, 5, 6, 7, 8, 9 and 10 in the standard.  Risk-based thinking is an important part of the QMS as it provides the likelihood of achieving stated objectives.  Outputs can be more consistent and customer satisfaction will be higher as the customers should receive more consistent products and services as the process is followed and improved.

Source: ISO Whitepaper, Risk-Based Thinking in ISO 9001:2015