Implementing Risk-based Thinking in ISO 9001:2015: A Practical Guide

how-to-apply-risk-based-thinking-to-iso-9001-660x330 (1)

For the past several months we've published a series of blog posts on the application of Risk-based Thinking for ISO 9001:2015. It's been a very popular series and there was demand for the series to be collated into a single document for easy reference.

We've done just that and the white paper that resulted is available to download from here. Be aware - it's a 1MiB PDF document just under 60 pages in length.

Here is the summary of what it contains:

The new version of the ISO 9001:2015 standard is scheduled for final publication on September 23rd 2015. One of the new requirements is to show evidence of risk-based thinking (RBT) in the quality management system. How do you do that? How are auditors likely to respond to the new challenges that ISO 9001:2015 brings? How do you produce documented evidence of risk-based thinking?

Although ISO 9001:2015 does not call for formal methods of risk management, it is likely that anyone trying to understand RBT may turn to ISO 31000 and the list of risk assessment techniques in particular. However, this is not as easy as it sounds. There are many techniques to choose from and many may not be applicable to the sectors that ISO 9001 serves.

This white paper has two major sections. The first part provides a primer on many of the ISO 31000 risk assessment techniques and considers their applicability to quality management. The second part provides a six-step methodology that you can follow to deliver evidence of a risk based approach to quality. It is a practical methodology that is specific on inputs / outputs, and what you need to do in-between. Several example templates are provided that could form the basis for your documented information.

New call-to-action

Tags: ISO 9001:2015

Paul Walsh

Written by Paul Walsh

Paul Walsh was one of the founders of Cognidox. After a period as an academic working in user experience (UX) research, Paul started a 25-year career in software development. He's worked for multinational telecom companies (Nortel), two $1B Cambridge companies (Ionica, Virata), and co-founded a couple of startup companies. His experience includes network management software, embedded software on silicon, enterprise software, and cloud computing.

Related Posts

10 Reasons Fabless Semiconductor Companies Need Document Control

With complexity and costs rising, fabless semiconductor companies need to do all they can to keep ...

The Importance of Document Control Systems in Business Operations

What does it mean to 'control documents'? And who needs a formal document control system to manage ...

8 Tips for Effective SOP Documentation

There are many reasons why organisations need to document their SOPs. From ensuring uniformity in ...