Risk Opportunities Management ISO 9001 2015 | QP0600

ISO Risk Opportunities Management Procedure

The ISO Risk and Opportunities Management Procedure assesses threats related to the organizational context, interested parties, and the quality management system in order to prioritize the risks and manage them effectively and efficiently in conformance with the company’s QMS and ISO 9001:2015. (14 pages, 2131 words)

ISO Risk Opportunities Management Responsibilities

The Quality Manager is responsible for (1) directing the Organization’s risk assessment and management processes. (2) identify potential nonconformities, ensuring that preventive actions appropriate to the nature of the potential nonconformities are taken, and ensuring that preventive actions yield the desired results.

The Organization’s Top Management[1] is responsible for creating the Risk Management Committee[2], providing the resources needed to assess and manage risk, and initiating preventive actions and following up on there effectiveness at Management Review

[1] Top Management typically consists of the Organization’s chief executive (e.g., President) and finance official (e.g., Controller), at a minimum.

[2] Also referred to as RMC or “the Committee” in this document.

ISO Risk Opportunities Management Definition

Failure Modes and Effects Analysis (FMEA) – Stepwise approach to identification of possible field failures in a design, process, or product, and their consequences.

Preventive Action – Measure put in place to eliminate, or reduce the likelihood of, a potential nonconformity.

Hazard – Source of danger or specific situation that may influence the probability and/or extent of loss.

Risk – 1. Possibility that the quality management system may not achieve its intended result(s); Something that may enhance desirable effects; prevent, or reduce, undesired effects; or that may limit improvement.

Risk assessment – Identifying and ranking potential hazards (threats) in the work environment.

Risk management – Actions to address risk can include: avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.

Threat – Indication or source of impending danger.

Vulnerability – Weakness; inability to withstand an attack or cope with a disaster.

ISO Risk Opportunities Management Activities

• Risk Management Committee
• Risk Assessment Guidelines
• Risk Assessment
• Risk Management Actions and Review

ISO Risk Opportunities Management References

• ISO 9001:2015, “Quality Management Systems – Requirements”, International Organization for Standardization (ISO), Sept., 2015 http://www.iso.org.
• Quality Procedures
  • QP0500 SITUATIONAL ANALYSIS
• Statutory and Regulatory Requirements
  • Laws & Regulations: Certain businesses (e.g., food processors, medical, chemical and pharmaceutical manufacturers) are required to identify, evaluate, and manage risks (a) to comply with laws and regulations and (b) because their products or processes have the potential to adversely affect worker or consumer health and safety. These organizations are strongly urged to seek the help of qualified and competent legal counsel, as well as certified and experienced health and safety experts.

ISO Risk Opportunities Management Forms

• QP0600-1 Risk Assessment / Management Worksheet
• QP0600-2 Risk Controls Cost-Benefit Worksheet
• QP0600-3 Preventive Action Report