What is risk-based thinking and why it has been introduced into the standard?
In the context of ISO 9001:2015, risk-based thinking replaces what was called preventive action in the previous standard version.
It’s important to note that risk isn’t limited to negative possibilities. Companies can also use risk-based thinking to pinpoint opportunities, which represent the positive side of risk.
Areas where risk appears in the new standard requirements include:
- Context of organization: When establishing the context of the organization, ISO requires companies to identify risks that could impact its objectives of business processes. There is also needed to evaluate the risk of producing nonconforming products (goods and services), which can vary depending on the type of good manufactured.
- Leadership: Your company’s management must commit to addressing risks and opportunities that could affect product quality.
- Planning: This section of the standard requires you to not just identify risks and opportunities, but also create plans for how to address them.
- Support: Monitoring of resources including work environment consider risk based thinking for their conformity to make sure the support activities of organization to avoid any nonconformance in the middle of the business processes.
- Operation: ISO requires you to implement and control the actions identified during planning steps.
- Performance evaluation: Here’s where you track and analyze the risks and opportunities identified.
- Improvement: Organizations must make improvements based on any changes in risk.