Expert Advice Community

Guest

ISO 9001 Creating Risk and Opportunities Assessment

  Quote
Guest
Guest user Created:   Sep 03, 2020 Last commented:   Sep 03, 2020

ISO 9001 Creating Risk and Opportunities Assessment

How to create a Risk and Opportunities Assessment?

0 0

Assign topic to the user

Assign

ISO 9001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 9001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Carlos Pereira da Cruz Sep 03, 2020

https://www.screencast.com/users/ccruz5284/folders/Default/media/45222093-366e-435b-991c-532963ec9d96

The risk-based thinking (RBT) should be an ongoing process, it can’t be done once a year and considered as effective. The best way to apply is through the PDCA cycle.

First you should define the scope of RBT. According to clauses 4.4.1 f), 5.1.2 b) and 6.1 of ISO 9001:2015 I recommend determining risks around processes, around products and services and around processes.

About the methodology to treat risks and opportunities there are a lot of available methodologies and there is no single methodology that will fit all organizations. My advice is to do a little research and select the methodology according to criteria that you find appropriate.

Determine the risks and opportunities. Although not mandatory, I recommend using a register to record risks and opportunities.

Next step is, of course, to conduct the risk evaluation. The best way is to include relevant people from your organization and get the most relevant information and data needed for the evaluation. I use and recommend using a simple approach like the one embodied in the following matrix:

https://www.screencast.com/users/ccruz5284/folders/Default/media/b88dee74-9e86-42bc-a11a-7740cf494b12

For opportunities think advantage instead of severity.

Once you identify unacceptable risk, you need to create the plan for mitigation of those risks. This can be done in same way you performed the preventive actions.

And, at the end, you need to do a follow up to determine whether the actions for risk mitigation were effective and if the risk assessment methodology or scope should be altered. If there is need for further action, you need to initiate corrective actions.

Consider the non-conformities, complaints, devolutions, lost customers as signs, as warnings about the quality to update of the risk assessment or of the risk evaluation. Are they signaling that changes must be made?

 

You can find more information below.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 03, 2020

Sep 03, 2020

Suggested Topics