Risk-based thinking and the impending ISO 9001:2015 Standard?
Risk is the effect of uncertainty on an expected result and the concept of risk-based thinking has always been implicit in ISO 9001 but will now become prevalent with the proposed new Standard.
This new Standard includes risk based thinking in its requirements for the establishment, implementation, maintenance and continual improvement of the quality management system.
To take this approach a step further, the principles and guidelines of ISO 31000 can be adopted to develop a more extensive risk-based approach than will be required by ISO 9001:2015.
Each process within your quality management system will represent different levels of risk with respect to meeting customer requirements and company objectives. The consequences (or potential consequence) of process, product, service or system nonconformities will need to be assessed and appropriate controls adopted to ensure that the residual risk is acceptable.
The consequences of delivering nonconforming products or services can result in minor ramifications but can also be far-reaching and fatal. This approach to “Risk-based thinking” therefore means you must consider each risk on its impact to the company and customer and develop the required controls to mitigate those risks.