Risk-Based Thinking with ISO 9001:2015
Its projected that starting late 2015 many organizations (thru the quality professional) face the prospect of installing a risk management process into their ISO 9001:2015 quality management system. There are several questions to be answered: [bulletlist]
What is risk-based thinking?
How extensive does it have to be?
How much more work will this be?
Could I do this quick enough?
How do I get started?
[/bulletlist]
How extensive does it have to be?
Risk-based thinking will be new for ISO 9001:2015. In the aerospace industry, risk-based thinking has been required as a part of the AS-series of standards for years. The federal government and NASA also have standards addressing risk management. The AS9100 standard does not specify how to implement a risk management process.
How much more work will this be?
Actually, risk-based thinking could prove to be a very valuable process for your company. Risk entails a probability and impact of a loss or gain. Some useful risk publications include:
[bulletlist]
ISO 31000:2009, Risk management – Principles and guidelines, provides principles, framework and a process for managing risk.
(Sept, 2012). NIST Special Publication 800-30 revision 1: Guide for conducting risk assessments.
Project Management Institute. (2013). A guide to the project management body of knowledge (PMBOK Guide
Prichard, C., & Tate, K. (2013). The risk management memory jogger.
ISO Guide 73:2009, Risk management - Vocabulary complements ISO 31000 by providing a collection of terms and definitions relating to the management of risk.
ISO/IEC 31010:2009, Risk management – Risk assessment techniques focuses on risk assessment.
[/bulletlist]
Can I do this quick enough?
Get started now! There have been some articles on risk-based thinking in Quality Progress (ASQ magazine). See Palmes, P. (Sept 2014). “A new look: 15 things you must know about the upcoming ISO 9001 revision”. Also, there are opportunities to network with experts through ASQ section meetings and through webinars.
How do I get started?
Seek advice from your Registrar about how they are directing their auditors to assess risk. You may want to write a new risk management procedure containing the concepts and body for a risk-based thinking process. It should follow the steps of the standard you want to use, such as NIST SP80-31. (The NIST standard and NASA procedures/ standards are free to the public.)
There will be more blogs on details of risk-based thinking to follow. Of course, Concentric is in place to be the external resource for you to succeed in implementing a good risk-based thinking process. For Glenn's full article register for our upcoming ISO 9001:2015 Forum - January Webinar. You can get update on all the changes including risk-based thinking. Register online here.