- When planning how to address risks and opportunities the best way is risk-based thinking
- Risk-based thinking will guide your top management to make better decisions
- Plan actions to address risks then integrate them into processes and later evaluate the effectiveness of actions
This part of the ISO 9001 standard highlights risk-based thinking. Why? Because it will help you by directing you to look and see opportunities, to address risks that will guide you to better and safe decisions. Risk-based thinking is a ground base for the ‘preventive action’ concept. It forces you to look at what, who, how, and when these risks must be addressed.
But, the difference between risk-based thinking and preventive action lies in the fact that in preventive action, a QMS is relying on employees to detect and report potential risks and initiate preventive action.
Risk management strategy
The ISO 9001 Standard particularly implies that you do not formally have to have a certain methodology for applying risk management. But you can independently decide, as an organization whether and how to develop a more extensive risk management methodology.
When planning to apply risk-based thinking, you must consider the entire life-cycle of processes or products. Therefore, we suggest these processes for implementing risk-based thinking.
- For existing processes or products, you need to prove that it addresses risks in the frame of the ISO 9001 standard requirements
- Include the actions needed to address risks that are implemented, and processes, goods, and services are controlled.
- For the planning of changes in processes, you are supposed to show how you analyze risks and address them.
Risk analysis and evaluation
You must analyze all the components of a QMS that affect the quality of their probability to affect the ability of an organization to provide confirmed products. During the analysis, you identify and document the qualitative and quantitative characteristics of those system elements. For example, when allocating an employee for a critical activity, you may identify the level of its competence, qualifications, and experience. The identification is an essential step in recognizing all the aspects of the QMS that may affect the quality or the ability to meet the requirements.
While analyzing the associated risks, ensure that you review the next aspects related to the realization of the product. At the end of this review, you will have a comprehensive list of potential events that interfere with achieving the objectives.
The goal of the evaluation is to assess which objective will be impacted, what the significance of the risk is, and if the risk is acceptable. First, you will define the criteria to determine the acceptability of the risk.
Despite that risks are considered negative, risk-based thinking suggests a positive aspect— opportunities. Opportunities are not always directly related to risks, but they always refer to objectives, developing an opportunity improves our activities and assists in achieving objectives.