How to address risks and opportunities in the framework of an ISO 9001: 2015 quality management system?

One of the most novel requirements of ISO 9001: 2015, which may be a source of doubts and concerns in organizations that implement their quality management system (QMS), according to this international standard, is undoubtedly related to point 6.1 on actions to address risks and opportunities.
Share on social networks
inspenet - iso

Table of Contents

One of the most novel requirements of ISO 9001: 2015, which may be a source of doubts and concerns in organizations that implement their quality management system (QMS), according to this international standard, is undoubtedly related to point 6.1 on actions to address risks and opportunities. It discusses the need to plan the necessary actions to address the different risks and opportunities, integrating the actions into the Quality Management System and evaluating their effectiveness.

It is prudent to point out that ISO 9000 in its 2015 version defines risk as the effect of uncertainty, even though the formal definition of risk encompasses the possibility of negative and positive effects. In practice, the word “risk” is often associated with negative consequences, whereas an opportunity is an event for which there is uncertainty as to whether or not it will occur, and which may positively affect the achievement of objectives or the continuous improvement of the QMS.

One of the most repeated doubts and concerns when implementing quality management systems ISO 9001: 2015; is how to address this requirement, the first thing we must make clear; that the risks and opportunities mentioned by the standard in reference; are those that primarily impact the conformity of products and services, customer satisfaction and continuous improvement of the QMS, however, those related to business continuity (resulting from disasters, natural causes, economic or financial situation, among others.) and other aspects of the organization’s life, such as environmental and social issues, are not covered by this standard.

The requirement does not refer to the need for the organization to develop formal methods or a documented risk management process, nor does it establish any specific tool for this purpose. However, in practice, the different organizations must develop a methodological scheme to implement this requirement and carry it out in a controlled manner.

Organizations are free to approach this requirement as they wish, taking into account any specific requirements of their customers or the sector in which they operate. For example, automotive and aerospace industry QMS standards require the use of specific techniques such as Failure Mode and Effect Analysis; the food industry requires HACCP among others. They can resort to formal, qualitative or quantitative, existing and documented methods such as SWOT analysis, or the widely used ISO 31000 or simply Risks and Opportunities according to their practice. In any case, organizations must ensure that the practices or methods adopted themselves guarantee consistency and coherence in the results obtained. Simply put, in the absence of formal practices and specific methodologies adopted, the organization must ensure that Risks and Opportunities are determined independently of who and when the available information is analyzed and effective actions are put in place to address them.

References

Own source

Share this article in your social network
Rate this post
1 star2 stars3 stars4 stars5 stars (No rating yet)
Post Rating LoaderLoading...