1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

9001 Risk Based Thinking

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Somashekar, Oct 15, 2015.

  1. Somashekar

    Somashekar Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    114
    Likes Received:
    98
    Trophy Points:
    27
    SUB : 9001: Risk Based Thinking

    Hi all. Newbie.
    We are a smallish (60 people) engineering company certified to 9001:2008.
    With the recent release of the new 9001:2015 standard, do our current manufacturing procedures and work instructions cover the RBT?
    Thank you for any comments.


    {Post in my inbox from New member Inspector 2s}
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Difficult to tell without seeing them. Procedures and work instructions are, in pure terms, about process control. If there is inherent risk that the authors of such documents are aware of, risk treatment may have been included in them. Otherwise, it's best to perform an evaluation of risks and see if the document talk about that.
     
  3. yodon

    yodon Well-Known Member

    Joined:
    Aug 3, 2015
    Messages:
    198
    Likes Received:
    115
    Trophy Points:
    42
    If it's strictly manufacturing procedures, chances are there will be some RBT embedded (maybe some in-process tests) but the expectations, I believe, are for the company to take a more holistic view of risk.

    Just some things that come to mind...
    * When you take on a new job, is it introducing new risk (skills, equipment, production rate, etc.)?
    * What if parts shipments are late? Or short?
    * Are all the specifications complete? Are you having to make assumptions?

    This would, I believe, also include any business continuity considerations.

    So take a step back and think broadly. Presumably you're doing process-based internal auditing so consider risks associated with each of those processes (risks to the business, risk to the customer, risks to operators, and so on).

    The challenge will be meeting auditors' expectations! Who knows what will be considered enough (in the eyes of the auditors).
     
    Jennifer Kirley and Somashekar like this.
  4. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    One example, I'm fairly familiar with is when suppliers are sourced/changed. If you are mature about RBT, your procedures will consider what's important to control from that new supplier - is it a proprietary part for example? Or is it made to print and you have a problem trying to check the material which, if let into your process may not become apparent until the customer gets and uses your product. What do your procedures say about planning for supplier initial checks/certifications of materials/inspection results etc?
     
    Last edited: Oct 15, 2015
  5. Eric Twiname

    Eric Twiname Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    329
    Likes Received:
    232
    Trophy Points:
    42
    Location:
    Northeast USA
    Ewww...there's a term and mindset I hope doesn't catch on...
     
  6. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Probably isn't what I meant, as I was on the phone when I wrote it... Duly edited.
     
    Eric Twiname likes this.
  7. Eric Twiname

    Eric Twiname Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    329
    Likes Received:
    232
    Trophy Points:
    42
    Location:
    Northeast USA
    I figured not...but couldn't/didn't resist... :rolleyes:
     
    Andy Nichols likes this.
  8. NISHITH NEEMA

    NISHITH NEEMA Member

    Joined:
    Sep 15, 2020
    Messages:
    14
    Likes Received:
    2
    Trophy Points:
    2
    We are a smallish (60 people) engineering company certified to 9001:2008.
    With the recent release of the new 9001:2015 standard, do our current manufacturing procedures and work instructions cover the RBT?
    In the new standard 9001:2015 there is the following new clause
    4) Context of the organization
    4.1) Understanding the organization and its context
    4.2) Understanding the needs and expectations of interested)
    so you need to add only a new document 1Identification of Interested parties (stake holders) with context
    then 2.and there expectation of interested parties
     
  9. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    RBT is whatever you say it is. Typically, procedures and work instructions do not manage risk.

    No "new documents" are required for the Context of the organization. Indeed, that section doesn't mention the need to "maintain documented information"...
     
    John C. Abnet likes this.
  10. John C. Abnet

    John C. Abnet Well-Known Member

    Joined:
    May 23, 2017
    Messages:
    709
    Likes Received:
    510
    Trophy Points:
    92
    Location:
    Upper Midwest- USA
    Good day @Somashekar;

    You have received some good council . As mentioned by others, risk based thinking is not about specific documentation, but instead it is intended to ensure a particular approach is used by organizations certified to ISO 9001. ISO 9000 ("Fundamentals and vocabulary"...this document may prove extremely helpful to you), defines risk as "effect of uncertainty", and goes on to describe "effect" as potentially negative or POSITIVE. In other words, risk is any event that can cause your organization to not meet intended results. What are your organization's objectives? Does your organization use any current disciplines such as SWOT, or PFMEA or specific planning meetings, or ????....where your organization reviews and responds to risks?
    Below is information I posted previously in response to a similar question....
    "ISO 9001 has no requirement for 'scoring' or having a matrix listing risk and opportunities. Keep in mind, while clause 4 (specifically 4.1 and 4.2 ) need to periodically reviewed, the information you identify here (essentially WHO are we, WHAT do we do, WHO cares, and WHAT do they care about), rarely changes in most organizations.

    Risk and Opportunity, however, change regularly. For example, fuel prices are currently extremely low. In part because of the fussing between Russia and Saudi Arabia, but also because of the current health crisis. This "risk" or "opportunity" (if you are a US shale producer, huge RISK, if a logistics company, huge OPPORTUNITY). was likely not on the radar (or a matrix) of the industries in my example six months ago.

    Risks and opportunities are very dynamic. Regardless of what ISO 9001 requires, your organization would likely benefit from frequent (e.g. monthly? ) reviews of risks and opportunities that present themselves.

    I assure you, USA shale producer company's Top Management did not wait month(s) to take action when per/barrel prices of oil started this recent significant drop.

    Hopefully from my ramblings you can see why a fixed "matrix" of risks and opportunities might not benefit your organization. ALWAYS do what helps your organization...NOT what simply pleases an auditor."


    Hope this helps.

    Be well.
     
  11. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    The controls that your organization had specified in your procedures and work instructions may demonstrate that risks inherent in your manufacturing processes are being addressed (e.g. inspection controls address risks on receiving defective materials, discrepant in-process and outgoing products, calibration and maintenance controls address risks on equipment/instrument wear and tear, etc.). What about the non-manufacturing processes? The 2015 standard, in clause 4.4.1f, intends organizations to address risks/opportunities in all processes needed for the QMS.

    The statement in 4.4.1f also mentioned "as determined in accordance with the requirements of 6.1". Thus, organizations will need to demonstrate that:
    • the risks and opportunities needed to be addressed were determined during planning while taking into consideration the internal/external issues and needs/expectations of interested parties;
    • the actions that were identified were integrated/implemented (see also 8.1 first paragraph) into the processes of the QMS (not just manufacturing processes);
    • the actions were evaluated for their effectiveness.
    Organizations will also need to demonstrate that, in evaluating the effectiveness of the actions to address risks/opportunities, data were obtained and analyzed (see 9.1.3e). The results of the analysis and evaluation should be made available to the top management for their review and disposition (see 9.3.2e).

    If your organization has adequately covered the requirements in the clauses mentioned above, then, I believe, your RBT approach can satisfy the relevant requirements of ISO 9001:2015 standard.