By John Watt on Sunday, 27 May 2018
Category: ISO 9001 Quality Management

ISO 9001 And Actions to Address Risk and Opportunities

As we have mentioned before  ISO 9001:2015 is very much focused on understanding the Risks in your Quality Management System and to your organisation and obviously how you will handle them. Clause 6.1 - Actions to address risk and opportunities is really focused on helping you do this, it's also got that keyword "SHALL" in the clause which means you must do it to meet the standard.

Building On Previous Work

Clause 6.1 of the ISO 9001:2015 standard is a change to the previous standard and it is actually quite a useful change to be fair, it's all about getting you thinking about how you handle the risks that you have previously identified. Now if you have just jumped in here and you haven't been following along then you will want to go back and read the 2 clauses that Clause 6.1 references these are:

Clause 4.1 - Understanding the organisation & it's context (Context of the Organisation)

Clause 4.2 - Understanding the needs & expectations of Interested Parties

From these you will hopefully have done yoru SWOT analysis or perhaps you did push the boat out and the the full on PESTLE Analysis, irrespective you now have a list of risks that you are aware of in the business that could have an impact on yoru Quality management System and now ISO 9001 wants you to take some actions on them. The easiest way of doing this is to take each of the sections in order (Strengths, Weaknesses, Opportunities & Threats) and review each of the elements. Remember that just because soemthing is a threat to you today it doens't mean you can't turn it to an opportunity and vice versa so do all of them and not just what you percieve as a threat. Have someone play devils advocate as well.

Your Choices

It's easy to forget you have a range of choices when dealing with risks or opportunities, it's never back and white and ISO wants you to consider things with respect to  the following 4 elements

  1. How you will give assurance that your Quality Management System will achieve it's intended results.. i.e. you will do what you say
  2. That "desirable effects" i.e. the upsides will be enhanced - so more of the good stuff (think Good to Great!)
  3. Prevent or reduce undesired effects - so less of the bad stuff
  4. Achieve improvement - yep.. it's PDCA time again!

 When you are thinking about risks around say threats think about these things:

  • How can you actually Eliminate what is causing the risk
  • Is it possible to Change the likelihood of the risk coming to pass or consequence/s that occur?
  • How can you just Avoid the risk altogether
  • Can you reduce it by Sharing the risk with perhaps a partner or client?
  • Accept that it's just a risk of business so make the decision to Retain the risk by informed decision
  • Just do it anyway - Yep knowing what you know about the risk do it anyway to pursue an opportunity

 When you are looking at the upsides and your opportunities think about these:

  • Can you Adopt new practices to get the benefit
  • Should you Launch new products to grow a market?
  • Perhaps you can Open new markets altogther
  • Perhaps you can attract new customers
  • Build partnerships to spread risks at the same time as opening opportunities
  • Use new technology to give you that advantage or save on costs

Planning Actions

 The second part of ISO 9001:2015 Clause 6.1 says that you shall (i.e. you must) to create a plan to address the risks & opportunities that you have identified , you must

  1. Integrate & implement the actions into your Quality Management System processes
  2. Evaluate the Effectiveness of these items
So while it doesn't explicitly state you need a documented format for this you would be pretty hard pressed to say you have done it without any evidence and actually why wouldn't you want to do this? There are a number of ways of doing it but I like the use of a risk analysis template which is easy to use, systematic and you can track. The idea of the risk template is that you review the risks and opportunities that you have identified as they are, before you do anything. Then identify the actions you will take to reduce or improve the number and then based on those steps re-evaluate it based on those steps being complete, has it reduced the risk or improve the opportunity? great, guess what, follow through on these things and you tick the box for complying with this requirement and you have an business improvement. 
You of course should review these as part of the ISO 9001 quality management reviews, you may review high risks every 3 months, mediums every 6 and lows every year for example but you should certainly plan for that.

Grab our Free Risk Analysis Template

We have created  a simple excel template that you can use to map out your analysis of your SWOT  quickly and methodically so you can both action what you need to but also clearly demonstrate the steps you have taken to keep the auditor happy as well!

Related Posts

Leave Comments