ISO 9001 standard has moved away from what it called preventive action towards a risk-based approach as prevention was found to be lacking when it came to driving change and continuous improvement.
ISO 9001 introduced Risk-Based Thinking as a systematic approach that should be incorporated throughout the entirety of your Quality Management System, rather than treating risk as a single component, thus promoting continual improvement and being procative rather than reactive.
Taking a risk-based approach means determining the risks and opportunities, planning actions to address them, implementing them in your QMS and evaluating their effectiveness. It’s not the same as risk management, but automated risk management tools such as Risk Focus can help you make risk part of your QMS rather than a siloed activity, and incorporate risk-based thinking into your processes, through :
- Identification :
Risks and opportunities identification concerns the issues that may affect your values, culture, knowledge and performance, at any level of the organisation. Risk Focus is a crowdsourcing based tool that allows your employees to declare uncertainties that may negatively or positively impact your ability to deliver products and services that meet customers' needs and any regulations that may apply.
- Analysis and prioritization
Risks and opportunities analyse and prioritization allows in your organization to identify what is acceptable and what is nor. Risk management software such as Risk Focus enables you to identify and assess risks looking at likelihood and impact and its workflow feature guarantee that critical risks never go ignored.
- Planning and implementation
Planning actions to address can include avoiding the risk, eliminating its source, challenging its likelihood or consequences, retaining it or even taking it to pursue an opportunity. Your strategy may vary depending on your business objectives and our tool enables you to create automated workflows for addressing each, creating tasks, assigning them to teams and keeping the stakeholders informed and engaged with the appropriate email notifications. This ensures actions to address risks are completed via a closed-loop process.
- Improvement
Continual improvement requires checking the effectiveness of your implementation and taking the adequate decisions to improve your decision making. Through aggregated risk data and effective KPIs, our tool gives you real-time and instant access to critical information and allows you to track your performance and make informed strategic decisions.
This new high-level structure for ISO standards is based on the Plan-Do-Check-Act (PDCA) cycle for process improvement, corresponding with proven risk management approaches. As business risks are ever-growing worldwide, reflecting widespread political, economic and social uncertainties, ISO 9001 made it mandatory for organisations to adopt a risk-based approach, so that they improve customer confidence and satisfaction, assure a consistency of quality of goods and services, and establish a proactive culture of prevention and improvement.
What you can do now
Contact our technical team to book a demo of our risks and opportunities identification tool, and learn more about how our software can help your organisation adopt a risk-based approach, aligned with your QMS and requirements.