A significant change – understanding risk
In previous versions of ISO9001 the concept of risk was indicated and yet rarely understood, assessed and controlled by organisations.
The 2015 version requires a significant change in thinking and approach.
Organisations are now required to identify external & internal business exposures, assess the level of risk these issues pose, rank the issues for significance and plan controls for improvement.
Part of the risk management process requires that relevant personnel who may have involvement with the quality system are identified and their needs are taken into consideration.
Once all of this data and information is collated, planning must be capable of demonstrating how the organisation’s strategic objectives will be protected or adapted to meet new challenges all of which must be completed within a defined scope and application of the quality management system (QMS).
Whilst providing greater flexibility on how organisations adapt their QMS the 2015 version of ISO9001 calls for a greater level of business analysis as the basis for informed decision making and risk management.