The risk-based approach of ISO 9001

The risk-based approach is one of the main novelties of ISO 9001 version 2015. Even if this concept is not totally absent in the 2008 version of ISO 9001, it is mentioned in an implicit way in the paragraph relating to preventive actions.

The systemic approach and the risks of ISO 9001 version 2015

The systemic approach qualifies a method of analysis and apprehension of the QMS. It favors the global approach rather than the exhaustive study of details. To apply a systematic approach, we must think circularly and not linearly. In other words, we have to realize that everything is interconnected.

ISO 9001 version 2015 requires the commitment to a systems approach to risks, throughout the implementation of the QMS (Quality Management System) and the realization and design processes, to:

identify ;
implement ;
control them.

Reasons for using the risk-based approach

The implementation of the risk-based approach improves :

the governance of the organization ;
the quality of products and services
compliance with requirements; and
customer satisfaction.

This concept is action-oriented and creates a proactive culture.

The implementation of the risk-based approach in practice

This approach can be implemented in the following way:

Identification of risks and opportunities: a review of all identified activities can list the risks and opportunities associated with these activities in as much detail as possible.
Risk analysis for prioritization: Several criteria can be used to prioritize the risks. They determine their criticality, in relation to their potential impact on service compliance. Scores (from 1 to 5) are assigned to assess criticality. The frequency of occurrence can be used as another assessment factor. The overall score is obtained by multiplying these two parameters.
Planning of actions to be taken to make the risks less severe.
Implementation of the actions taken
Evaluation of their effectiveness.