Risk assessment methodology
Assign topic to the user
Answer:
The standard does not requires organizations to adopt risk assessment methodology, so there are no requirements on how the organization will define its criteria for probability, consequence or any other element of risk. The organization itself can define the criteria for probability and consequence if it decides to apply them at all since they are not required. All the organization needs to do is to identify risks and opportunities and take actions to address them, how it will be done is not defined by the standard and the organization has full liberty to do it as it finds the most suitable.
As far as the certification auditor is concerned, he or she can only audit the QMS (Quality Management System) against the requirements of the standard and cannot interfere or require c hanges in the methodology that the organization adopted.
For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
Comment as guest or Sign in
Jul 17, 2017