Guest user Created: Jul 18, 2017 Last commented: Jul 18, 2017

Risk assessment methodology

How to get the risk rating considering the probability, consequence etc. for what rating mitigation plan to be provided and basis? As such standard is not give details for various parameters and rating etc.. how auditors will accept such table made a company?

0 0

Assign topic to the user

Select user

Expert

Strahinja Stojanovic Jul 18, 2017

Answer:

The standard does not requires organizations to adopt risk assessment methodology, so there are no requirements on how the organization will define its criteria for probability, consequence or any other element of risk. The organization itself can define the criteria for probability and consequence if it decides to apply them at all since they are not required. All the organization needs to do is to identify risks and opportunities and take actions to address them, how it will be done is not defined by the standard and the organization has full liberty to do it as it finds the most suitable.

As far as the certification auditor is concerned, he or she can only audit the QMS (Quality Management System) against the requirements of the standard and cannot interfere or require c hanges in the methodology that the organization adopted.

For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 17, 2017

Expert Advice Community