Already we managed quality based on risk? (ISO 9001:2015)
I remember about six months ago and a seminar in which some of the participants questioned the companies were not based on managing risks, including an assistant wondered how could it be? In some aspect? Just in some way or some approach ?, it supposed ALL QUALITY considered at risk, and what has always been done? simply because, when any company implemented a system of quality management, like ISO 9001, IFS, ISO 22000, BRM, EFQM, etc., always seeks to reduce its exposure to the risk of getting it wrong or that the market does not buy it.
It never (so far) has been a requirement of ISO 9001 have established a formal procedure for risk analysis, but there has always been a number of procedures that have been indicated for this purpose, especially but not only, nonconformity Control Nonconformity, Corrective Action and Preventive Action, whatever their organization and structure in the system. Including internal audits, they are described for us to reduce the risk that "we get caught" with a non-conformity, that is, to ensure that monitoring the quality management reduces the risk of creating "non-quality".
So what is the case in the 2015 version of ISO 9001? For simple, so far, this risk control said was focused on documentation, customer requirements, etc. It appears, we confirm in September with its publication, the "risk-based thinking (risk based thinking)" should be extended in the system, and therefore, although not a requirement to have a system of formal risk assessment (which had hitherto only small traces of it), you must change the focus. How the focus is changed to something that is not defined in the standard? This is only a problem we hope will be temporary, and that by September left clarified, because if not, how audits will be carried out on something that is not defined? In addition we expect a fairly accurate definition, we can see from and clauses 6.1 Actions to address risks and opportunities, identifying risks and opportunities and ensuring that the quality system achieves its objectives, ensure that the organization achieves compliance and customer satisfaction consistently, prevent and reduce unwanted effects and achieve improvement. Not only that, but the organization must plan actions to address those risks and opportunities, and how to integrate and implement actions within the system processes as well as evaluate the effectiveness of those actions.
The decision to implement or not a formal risk assessment process should be analyzed because there are cases of systems in place to get the certificate and systems that rub excellence, and it will be a wide variety of starting points for adaptation in the universe of companies, but in any case it is interesting to access training (can contact us) on risk assessment and management from now, and the evaluation of the implementation of changes from September, to evolve without major frights. The risk assessment systems are known in environments of Practice, type GMP (Good Manufacturing Practice), Lean Manufacturing, and other systems, unless they have been much less known to many sectors, which does not mean that is something to avoid adopting as it all depends on the case, do not forget that this is a high standard version (HLS).