1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Evidences for risk addressing?

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Qualmx, Jul 31, 2017.

  1. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Hi all

    Regarding of documented evidences in 6.1.1

    Would it be needed to have only a list of identified and treated risks, the evaluated impact, treatment and evidences of the follow-up and action plans?

    But I wonder if is needed, say, an evidence of a brainstorming session (special format), then a fishbone with employees when determining risk? and also a sheet/format for every risk detected en each process, the responsibles, due dates for actions,etc,including sign off of them?.

    Please give some feedback
    Pd I have determined to use fishbone for the analysis of risk insted of FMEA.

    Thanks
     
  2. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    Hi, The ISo9001:2015 does not require you to have a formal Risk Analysis. The standard requires a risk-based thinking. One way is to add a Risk and Opportunity section in the SOPs to detect a potential risk in the process. But because we ate IATF we have to include this risk-based work instruction in our FMEA. I hope this helps.
     
    Qualmx likes this.
  3. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Just to be clear, this WI isn't a requirement of IATF 16949, but your approach to meeting a requirement...
     
    Qualmx likes this.
  4. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Thanks MCW and Andy, ok I could add this section to procedures, but to be consistent, what to do when there is a risk in an activity which doesnt have a procedure or WI?, for example I dont have procedure for e.g., 7.1.4 Environment for the operation of processes, for these cases, would it be recommended to have a list of risks detected for all the System?, say for risk coming from the context, from third party, and all the processes? wouldn´t be more practical, since in that list is defined who is responsible, the follow-up, due dates and so on?
    Please share your opinion. ( Im attaching a sample downloaded form the web).
     

    Attached File(s): 1. Scan for viruses before using. 2. Report any 'bad' files by reporting this post. 3. Use at your own Risk.:

  5. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
     
  6. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    Yes thank you
    Hello there. Your spread sheet is really good. I used a similar spreadsheet for our ISO9001 certified plants. I used your example of PURCHASING for Risk and Opportunity. We already went through a transition audit, and the presentation, story behind it and the objective evidence was acceptable. Here look at the ones I typed in RED.
     

    Attached File(s): 1. Scan for viruses before using. 2. Report any 'bad' files by reporting this post. 3. Use at your own Risk.:

    Qualmx likes this.
  7. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    A simple risks/opportunities analysis like the one below can serve as documented evidence:
    upload_2017-8-7_21-34-51.png
    Further documented information can be presented by integrating the "actions to address risks/opportunities" in a company's documented procedure (see clause 6.1.2b.1 and 4.4.1f), including records that the "actions..." are actually implemented.
     
  8. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Thanks Tonys

    I´ll plan to include a brainstorming format, where I include ideas of risks of members under a process
    After evaluating all the risk mentioned by people, I´ll select the ones which may apply.

    and because my business is not so risky, as a methodology , I have selected the fishbone method.

    In the head of fishbone, is the process or the issue, and in each bone, is the possible cause of the problem or process.

    After that, I evaluate the impact and decide how to mitigate it.
    I have the option to give a value of the risk as a whole or evaluate each cause and have an average value

    Thanks