by John J. Guzik
Most organizations implement risk-based thinking without realizing it. When a decision is made that affects a business, there’s a formal or informal assessment of risk versus opportunity. The emphasis on risk-based thinking in ISO 9001:2015’s requirements supports the notion that a proactive decision-making mentality is crucial for the continual improvement of a quality management system (QMS) and an entire organization.
There has been much written and said about this "new" ISO 9001 requirement on risk. Many have pointed to risk management programs, insisting the standard now formally requires them. Tools such as a failure mode and effects analysis (FMEA), a production part approval process (PPAP) and a plethora of new whiz-bang software programs have been introduced as tools that can do the task.
The difficulty with using these tools is that most of them were designed for risk management programs that address requirements of a product or service. Using these tools may help with product integrity, but they could leave you hanging in the breeze when it comes to demonstrating risk-based thinking per ISO 9001’s requirements.