ISO 9001:2015 - Takes Aim at Risk Management

Wednesday, 08 October 2014
ASR Editor
5.0/5 rating (2 votes)
Four Phases of RiskISO 9001:2015 (draft) revision writers thought organizations might reap greater benefits if preventive action was included as part of a formalized risk management system.

Standard writers have defined risk (3.09 - Definitions as listed in the ISO 9001:2015 Draft) as the “effect of uncertainty” on an expected result. Consequently, organizations will now be required to define upfront the scope of risk for their organization as it relates to product conformity and customer satisfaction. It is important to remember in defining risk that it is a part of the QMS and its boundaries must include internal, external, and interested parties (4.2 and 4.3 of ISO 9001:2015 draft).

Some examples of “uncertainty” from the expected results might be scrap, rework, or lack of first time quality. Customer satisfaction “uncertainty” might result from the lack of on time delivery or timely quotations. Presently, some organizations are addressing “uncertainty” as separate events. 2015, as drafted, will require most of these separate events to fall under the risk management segment (6.1) of the QMS.

Example – some organizations look at customer satisfaction as a collection of customer complaints, customer returns, and on-time delivery. 2015 requires organizations to address the “uncertainties” or “risk” to the organization of not meeting an acceptable level of internal performance.

Another example is product quality impacting risk to the organization. In many cases product quality can be viewed as scrap, rework, and productivity.

Managing an organization’s risk extends to “interested” parties. An example might be FDA and UL. These risks are associated with manufacturing the product exactly as initially approved and will need to be included in an organization’s risk management system.

Organizations generally have Quality Objectives or Key Process Indicators (KPIs) for internal as well as external issues. Reviewing these indicators in a formal method with records of the reviews and action plans, an organization can create a risk management system and improve their continual improvement (opportunities) system.

Other risk management tools are the corrective action form with a section to define containment. Good containment reduces risk and good corrective action with effective root cause analysis leads to reduced risk of the product to your customer.

What to do now…..start using the word risk in your QMS and address risk issues on a regular basis. . Example – at weekly team meetings address risk such as risks to on time delivery. Risk issues can be discussed and documented whether supplier or internal issues. A copy of the team meeting minutes can be provided to Top Management for their action, if necessary. There is no reason to “delete” any activity that your organization is currently conducting using ISO 9001:2008.

Management Review usually contains records of the effectiveness of all Quality Objective action plans, customer issues, and can certainly be labeled as an important method to evaluate risk and risk reduction activities. Quoting from ISO 9001:2015 draft….”Top Management shall demonstrate leadership and commitment to customer focus by insuring: b) risk and opportunities that can affect conformity of products and services and the ability of enhancing customer satisfaction are determined and addressed.”

Click here to learn more about the ISO 9001:2015 Draft now in the voting process as an ASR auditor takes an expanded look at the changes.

View Articles With Similar Tags

2015 Revision | Risk Management

Share this Article

Number of times viewed


Transfer your certificate to ASR

We make it easy,
and affordable.

  1. Contact Us
  2. ASR Review
  3. Legal Documents / Approval
  4. Transfer

News Delivered to Your Inbox

Standards of Interest:

Latest Poll

How do you train your employees?


  • IATF 16949
  • Intl. Automotive Task Force
  • BS 25999
  • OHSAS 18001

Medical Devices

  • ISO 13485
  • Product Safety
  • Device Recalls
  • Emergency Situations


  • AS9100
  • AS9110
  • AS9120
  • SAE Technical Standards


  • ISO 14001
  • EPA Regulations
  • EMS Tools
  • Emergency Preparedness