Apply Risk-Based Thinking in ISO 9001:2015 Quality Processes -Part XII

how-to-apply-risk-based-thinking-p-XII-660x330 (1)

There are twelve posts in this series. To read Part XI, please click here.

This is the final part in our series on how you might apply Risk Assessment techniques to meet the possible Risk Based Thinking (RBT) requirements of the forthcoming ISO9001:2015 standard. Events are moving along for the new version: the last formal draft of ISO/FDIS 9001 has just been issued, and final publication is scheduled on September 23rd 2015.

To close out the series we take another look at the 6 step process we're recommending and provide links to templates for documenting the outputs that we hope you will find useful. Click on the document icon to download the PDF.

1. Establish the context

This step determines the issues and requirements that can impact on the planning of the quality management system; including: (a) the main objectives and outcomes that are uncertain / subject to risk; and (b) the needs and expectations of the organization’s customers and other relevant interested parties; the products and services it provides; the complexity of processes it employs and their interactions; the competence of persons within or working on behalf of the organization; and its size and organizational structure.

An example statement of context template was introduced in Part X of the series and is available here.

2. Risk identification

This step involves selecting a suitable process for risk identification and for each quality process, identifying and numbering the risks. This process records the risks in a Risk and Opportunities Register (R&O Register) that would form an integral part of the Quality Management System.

We offer two supporting templates - a Risk Description Brainstorming Sheet and a Risks & Opportunities Register.

Risk Description Brainstorming Sheet:

Risk Description Brainstorm Sheet

Risks & Opportunities Register:

Risk and opportunities Reguster

3. Qualitative risk analysis & risk evaluation

This step considers (for each risk) the effectiveness of the existing controls using a suitable effectiveness scale; the consequences (impact) for each risk; the likelihood of these consequences occurring; and the potential exposure were the controls in place to fail.

4. Semi-Quantitative risk assessment for systems and processes

A semi-quantitative measure of risk is an estimate derived using a scoring approach. Risk indices are used to rate a series of risks using similar criteria so that they can be more easily compared.

An example Semi-Quantitative Risk Assessment Calculator Template was introduced in Part XI of the series and is available here.

5. Risk-treatment

This step considers options for either avoiding or seeking the risk; changing the likelihood; changing the consequences; sharing the risk; or explicitly accepting the risk without further treatment.

We offer two supporting templates - a Risk Treatment Plan Template and a Risk Treatment Options Worksheet.

Risk Treatment Plan Template:

Risk Treatment plan template

Risk Treatment Options Worksheet:

Risk Worksheet

6. Monitoring & review

Periodically, the team will re-assess risks and decide whether new risks are affecting or could affect quality processes and systems as part of the cycle of continuous quality process improvement.

New call-to-action

Tags: ISO 9001:2015, Quality Management System

Paul Walsh

Written by Paul Walsh

Paul Walsh was one of the founders of Cognidox. After a period as an academic working in user experience (UX) research, Paul started a 25-year career in software development. He's worked for multinational telecom companies (Nortel), two $1B Cambridge companies (Ionica, Virata), and co-founded a couple of startup companies. His experience includes network management software, embedded software on silicon, enterprise software, and cloud computing.

Related Posts

10 Reasons Fabless Semiconductor Companies Need Document Control

With complexity and costs rising, fabless semiconductor companies need to do all they can to keep ...

The Importance of Document Control Systems in Business Operations

What does it mean to 'control documents'? And who needs a formal document control system to manage ...

8 Tips for Effective SOP Documentation

There are many reasons why organisations need to document their SOPs. From ensuring uniformity in ...

What’s the best eQMS software for medical device developers in 2025?

There are many eQMS platforms out there that have been helping medical device developers bring ...

Is Cognidox an eQMS?

Here’s the truth. Cognidox was never conceived as an eQMS platform, but that’s been the secret of ...

Understanding Document Management vs Document Control

For some companies simply managing their documentation is enough to support their business goals. ...