ISO 9001 Requirements Clause 6.1 Actions to address risks and opportunities

By | June 17, 2017

ISO 9001 Requirements

ISO 9001 Requirements Clause 6.1 Actions to address risks and opportunities

An organization’s external and internal environment is subject to constant change and change is characterized by uncertainty which in turn pose risks.

Uncertainty may be defined as having insufficient or no knowledge of a potential event to determine whether or not it will happen or if it does happen, whether the outcomes of the event will be positive or negative. So uncertainty presents both risk and opportunity, with the potential to hinder or grow the business.

Risk is generally defined as participating in an event and thereby being exposed to the ‘uncertainty of the event and its consequences’.

For example in a poker game there is always uncertainty as to who will win the pot. But unless you’re in the game there is no risk to you that you will lose your stake in it. In other words, to be at risk, you must participate in the event and be exposed to the uncertainty of the event and its consequences. You can have uncertainty without risk, but you cannot have risk without uncertainty.

ISO 9000 gets more technical and defines risk as the “effect of uncertainty”. Effect is described as a “deviation from the expected”, either positive or negative. An organization may embark on a risky business venture expecting a 10% return on investment. The risk or effect of uncertainties related to the venture may in fact result in a loss (negative) of 50% or a gain (positive) of 20% (i.e. deviation from the expected 10% ROI).

Risk management is about using processes, methods and tools for managing these risks. Risk management focuses on proactively identifying what could go wrong, prioritizing and evaluating risks and implementing strategies to deal with them. Organizations that proactively identify risks will be better positioned to achieve its business goals and strategies.

Risk based thinking takes a narrower focus in that it applies the above risk management definition to contextual risks and opportunities that relate to the organization’s QMS as opposed to a full blown risk management system that covers the entire organization. The concept of preventive action is expressed through the application of risk based thinking in planning and implementing QMS processes.

ISO 9001 Requirements Clause 6.1 Actions to address risks and opportunities

The ISO 9001:2015 standard does not call for formal methods for risk management or a documented risk management system. Organizations can decide whether or not to develop a more extensive risk management methodology through the application of other risk management guidance, standards and tools.

The organization must integrate the actions to address these risks and opportunities into its QMS processes using the PDCA cycle. Not all processes of a QMS represent the same level of risk in terms of the organization’s ability to meet its objectives and the effects of uncertainty are not the same for all organizations. Each organization is therefore responsible for the extent it applies risk-based thinking and the actions it takes to address risk, including whether or not to retain documented information as evidence of its determination of risks.

Planning also requires monitoring and measuring these actions and gathering, analyzing and evaluating appropriate data and information to determine the effectiveness of such actions. This planning must be periodically reviewed and updated as necessary when taking corrective actions or at management reviews. These actions must be proportional to the potential impact on the conformity of products and services.

When planning its QMS, the organization must consider the risks and opportunities presented by external and internal issues as well as the needs and expectations of interested parties, relevant to its purpose and strategic direction

Opportunities can derive from favorable circumstances that can lead to the use of new practices, launch new products, enter new markets, address new clients, reduce waste or improve productivity, grow relationships, use new technology and other desirable and viable opportunities to facilitate the organization in achieving its strategic direction and enhance customer satisfaction.

The ”Understanding ISO 9001:2015 eCourse” provides more details on risk based thinking and management and shows you how to easily and effectively IMPLEMENT the action items required by clause 6.1 of the Standard.

ISO 9001 Requirements Clause 6.1 Actions to address risks and opportunities

ISO 9001 Requirements eCourse