Risky Business - Cruising to Success with ISO 9001-2015 and ISO 31000
Clark Leiphart, Senior Quality Engineer, Modular Mining Systems, Tucson, AZ, USA
Keywords: Risk Management, IS0 31000, Management Review
Even though 9001:2015 does not REQUIRE a formal risk management methodology, there is an opportunity to consistently use risk management throughout a company, on products and services offered to customers, as well as on internal operational processes. This presentation provides both a lightweight approach to documenting risk-based thinking within existing Internal Audit Planning, Corrective and Preventive Action, and Management Review, as well as a more robust framework that can be used within the framework of a higher level compliance-oriented structure such as ISO31000. Both approaches include generic Microsoft documents that can be used to jumpstart an improvement effort. Screenshots of a system implementation within a Microsoft SharePoint web-based Quality Management System will also be shown. The integration and management of risk across the organization should yield an increase in operational efficiency and a common internal vocabulary to pursue opportunities and reduce unintended consequences Participants will learn: How to add risk based attributes to existing ISO9001 procedures and related documented information How to review and assess these risk-enhanced procedure outputs at Management Review How to determine good and bad reactions to risk-enhanced information How to integrate risk-enhanced procedures into a corporate compliance risk management structure What a web-based system incorporating these concepts looks like What a document-based system incorporating these concepts looks like Participants will also be able to get several artifacts to help them with their internal transition efforts to ISO9001:2015, if desired.
“ISO 9001 is used by millions of people and organisations around the world and the upcoming 2015 revision will have a big impact on those who work with the standard.
The impact of this revision will be similar to, if not greater than the 2000 edition, which was a major change for accreditation bodies, certification bodies, training organisations, implementing organisations, procurement organisations, consultants and customers.”
An excerpt from IRCA Resources on “ISO 9001: IRCA Supporting the 2015 Revision”, October 2013