Risk management and ISO 9001:2015
Risk planning and management is a critical and vital activity for any organisation. The revised version of standard ISO 9001 moved away from so-called “preventative action” and took steps to implement a “risk-based approach” instead. Risk has been an important component and consideration across various ISO standards, but recently the newer versions of standards have been featuring risk and risk management much more prominently.
What is risk-based thinking?
Risk-based thinking is a preventative step that requires that companies perform a risk evaluation when controls, processes and improvements are established within a quality management system. Risk-based thinking is not only used to identify potential negative outcomes but is also used to identify opportunities.
The 2015 revision of ISO 9001 implemented a significant change; rather than treating “prevention” as a separate component of a quality management system, the standard has established a systematic approach to considering risk.
Why risk-based thinking matters
Risk is an inherent part of most activities, and managing these risks is an important task for all organisations. Risk management allows companies to evaluate risks in processes and content. This type of thinking identifies and highlights the critical topics and issues that an organisation must address, and enables the organisation to understand how it is adapting to change.
- Builds a strong knowledge base
- Assures consistency
- Establishes a proactive culture of improvement
- Improves customer confidence.
A risk-based approach entails the following:
- Determining the risks and opportunities
- Planning actions to address these risks and opportunities
- Implementing the aforementioned actions in a quality management system
- Evaluating the effectiveness of the system.
Ultimately, a risk-based thinking scheme ensures that your organisation is proactive rather than reactive. A risk-based management system ensures that preventative action is automatic, taking steps to prevent potentially damaging events and promoting improvement as part of the normal steps.
DQS is committed to sharing up to date, relevant news. For more information about training, standards or the certification process, please contact DQS. DQS South Africa is your local business solutions partner, offering solutions that work for your sector. We form part of an international network dedicated to ensuring compliance and business conformity. For any questions about our services or to contact us, please visit dqs.co.za.