Documenting risks and opportunities

Since ISO 9001:2015 has no mandatory requirements about retaining documented information about risks and opportunities we are free to decide how to do it.

Working with organizations, I recommend using a Risk and Opportunities Register where we centralize all risks and opportunities determined (related with products and services, related with quality objectives and with management system’s processes), their evaluation (for example about probability and severity), the decision about doing something or not, and an overall description of what will be done (when applicable)

The following material will provide you information about the risk-based approach:

- ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
- ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/