Risk identification and mitigation

I always recommend following three ways to determine risks:

• Risks deriving from context and interested parties (see clause 6.1.1 of ISO 9001:2015)
• Risks deriving from products and services (see clause 5.1.2 b) of ISO 9001:2015)
• Risks deriving from processes (see clause 4.4.1 f) of ISO 9001:2015) 

In this free webinar on demand - How to implement risk management in ISO 9001:2015 - https://advisera.com/9001academy/webinar/how-to-implement-risk-management-in-iso-90012015-free-webinar/ - I show some examples of determining risks and then acting on them.

After determining risks, you have to evaluate them to determine which ones are more relevant and deserve some kind of action (see clause 6.1.2 of ISO 9001:2015). ISO 9001:2015 is very flexible about how organizations decide to evaluate and to act.

You can find more information below about mitigating risks.

• How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
• Does ISO 9001 require a procedure for addressing risks and opportunities?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/
• For a free preview of an example of the Registry of Key Risks and Opportunities - https://advisera.com/9001academy/documentation/registry-of-key-risks-and-opportunities/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ (I use a lot of examples based on the risk-based approach)