Risk management and different standards
Assign topic to the user
So could you please providing me by the requirement of risk management in each standard
I am looking for word to get your reply as soon as possible.
Answer:
Non of the standard you mentioned requires risk management, they only require risk assessment and ISO 9001 doesn't even require risk assessment. Here is what each of the standards require:
ISO 9001 - addressing risks and opportunities - meaning that you need to identify risks and opportunities regarding the QMS and take actions to address them. It doesn't require developing methodology for addressing risks and opportunities neither procedures and records. For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
ISO 14001 - addressing risks and opportunities and identification and evaluation of environmental aspects - requirements for risks and opportunities are the same as for ISO 9001 but you need to focus on environmental aspects and compliance obligation in addition to context of the organization. For more information, see: Risks and opportunities in ISO 14001:2015 – What they are and why they are important https://advisera.com/14001academy/blog/2016/03/07/risks-and-opportunities-in-iso-140012015-what-they-are-and-why-they-are-important/
On the other hand, identification and evaluation of environmental aspects require organization to establish criteria for determining significant environmental aspects. For more information, see:
- ISO 14001 risks and opportunities vs. environmental aspects https://advisera.com/14001academy/blog/2016/06/06/iso-14001-risks-and-opportunities-vs-environmental-aspects/
- 4 steps in identification and evaluation of environmental aspects https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/
- ISO 22000 - hazard analysis - the standard requires hazard analysis regarding food safety and for this purpose it require organization to conduct HACCP (Hazard Analysis and Critical Control Points) analysis. Again, this is only risk assessment methodology but not requirement for the full risk management.
- ISO 13485 and ISO/TS 16949 - FMEA - this two standards require organization to conduct FEMA (Failure Mode Effect Analysis) risk assessment methodology for production, purchasing and design process. For more information, see:
- ISO 9001 vs. ISO 13485 https://advisera.com/9001academy/blog/2015/01/21/iso-9001-vs-iso-13485/
- ISO 9001 vs ISO/TS 16949 https://advisera.com/9001academy/blog/2014/10/01/iso-9001-vs-isots-16949/
- ISO 50001 doesn't even mention risks or hazards and it has completely different to establishing management system.
Comment as guest or Sign in
Sep 19, 2016