Section 4.4.

1: the organization is required to determine the processes needed to

address risks and opportunities that are determined

Section 5.1.2: top management needs to ensure that risks and opportunities that
affect product and service conformity are determined and addressed

Section 6.1: actions to address risks and opportunities. This section discusses the
need to plan the actions needed to address the risks and opportunities,
integrate these actions into the QMS, and evaluate the actions for
effectiveness.

Section 9.1.3: talks about analyzing the information necessary to determine if

actions were effective

Section 9.3.2: specifies that management review will look at the effectiveness of
the actions taken to address risks and opportunities.

Section 10.2: There is also mention that risks and opportunities should be
updated when a non-conformity occurs (section 10.2).

4.7 Understanding the organization and its context

The organization shall determine external and its strategic direction and that
affect its management system. (SWOT, Strategic plan)

The organization shall monitor and review information about these external and
internal issues. (???? No monitoring of the issue!!!)

4.2 Understanding the needs and expectations of interested parties

Due to their effect or potential effect on organizations ability to consistently

provide products and services that meet customer and applicable statutory
and regulatory requirements, the organization shall determine:

a) the interested parties that are relevant to the quality management system
(list of interested parties.. (SME, LGU, NGO, NGAs, students)
b) the requirements of these interested parties that are relevant to the quality
management system (No list of requirements)

The organization shall monitor and review information about these interested
parties and their relevant requirements (No monitoring)
6 Planning
6.1 Actions to address risks and opportunities

6.1.1 When planning for the quality management system, the organization shall
consider tire issues referred to in 4.1 and the requirements referred to in 4.2 and
determine the risks and opportunities that need to be addressed to:

a) give assurance that the quality management system can achieve its
intended result(s);
b) enhance desirable effects;
c) prevent, or reduce, undesired effects;
d) achieve improvement.

6.1.2 The organization shall plan:

a) actions to address these risks and opportunities;

b) how to:
1) integrate and implement the actions into its quality management
system processes (see 4.4);
2) evaluate the effectiveness of these actions

Actions taken to address risks and opportunities shall be proportionate to the

potential impact on the conformity of products and services.
5.1.1General under leadership and commitment
Top management shall demonstrate leadership and commitment with respect to the
quality management system by: d) promoting the use of the process approach and risk-
based thinking;

5.1.2Customer focus
Top management shall demonstrate leadership and commitment with respect to
customer focus by ensuring that:
b) the risks and opportunities that can affect conformity of products and services and
ability to enhance customer satisfaction are determined and addressed;

9.1.3 Analysis and evaluation

The organization shall analyse and evaluate appropriate data and information arising
from monitoring and measurement.
The results of analysis shall be used to evaluate:
e) the effectiveness of actions taken to address risks and opportunities;

9.3.2 Management review Inputs

 The management review shall be planned and carried out taking into consideration: e)
the effectiveness of actions taken to address risks and opportunities (see 6.1)

10.2.1- Non Conformity and Corrective action

When a nonconformity occurs, including any arising from complaints, the organization
shall:
e) update risks and opportunities determined during planning, if necessary;

The Main Objectives of International Standards

To provide confidence in the organizations ability to consistently provide

customers with conforming goods and services
To enhance customer satisfaction

The concept of risk in the context of the international standards relates to the
uncertainty in achieving these objectives.

What is Risk-Based Thinking

Risk-based thinking is something we all do automatically and often sub-

consciously
The concept of risk has always been implicit in ISO 9001 the 2015 revision
makes it more explicit and builds it into the whole management system
Risk-based thinking is already part of the process approach
Risk-based thinking makes preventive action part of the routine

Risk is often thought of only in the negative sense. Risk-based thinking can also
help to identify opportunities. This can be considered to be the positive side of
risk.
What Should I Do?

Identify what the risks and opportunities are in your organization - it depends on
context.

ISO 9001:2015 will not automatically require you to carry out a full, formal
risk assessment, or to maintain a risk register
ISO 31000 (Risk management Principles and guidelines) will be a useful
reference (but not mandated)
 Analyze and prioritize the risks and opportunities in your organization what
is acceptable? what is unacceptable?
Plan actions to address the risks how can I avoid or eliminate the risk?
how can I mitigate the risk?
Implement the plan take action
Check the effectiveness of the actions does it work?
Learn from experience continual improvement
Key Points to Remember
Risk Based Thinking = Preventative Action
Risk Based Thinking is everybody s business!

Risk Based Thinking is not just the responsibility of management

Risk Based Thinking must become an integral part of the organizational
culture

Mandatory documents and records required by ISO 9001:2015

Here are the documents you need to produce if you want to be compliant with
ISO 9001:2015. (Please note that some of the documents will not be mandatory if
the company does not perform relevant processes.):
Scope of the QMS (clause 4.3)
Quality policy (clause 5.2)
Quality objectives (clause 6.2)
Criteria for evaluation and selection of suppliers (clause 8.4.1)

Mandatory Records

And, here are the mandatory records (note that records marked with * are only
mandatory in cases when the relevant clause is not excluded):

Monitoring and measuring equipment calibration records* (clause 7.1.5.1)

Records of training, skills, experience and qualifications (clause 7.2)
Product/service requirements review records (clause 8.2.3.2)
Record about design and development outputs review* (clause 8.3.2)
Records about design and development inputs* (clause 8.3.3)
 Records of design and development controls* (clause 8.3.4)
Records of design and development outputs *(clause 8.3.5)
Design and development changes records* (clause 8.3.6)
Characteristics of product to be produced and service to be provided
(clause 8.5.1)
Records about customer property (clause 8.5.3)
Production/service provision change control records (clause 8.5.6)
Record of conformity of product/service with acceptance criteria (clause 8.6)
Record of nonconforming outputs (clause 8.7.2)
Monitoring and measurement results (clause 9.1.1)
Internal audit program (clause 9.2)
Results of internal audits (clause 9.2)
Results of the management review (clause 9.3)
Results of corrective actions (clause 10.1)