Newbie Risk based question

A little background. Our company deals with live product. Our deliver vehicles are equipped with two generators, and an additional back-up procedure. All of our facilities have automatic start back-up generators that are exercised at least monthly should we lose power. We have alarms on our equipment and rooms if temperatures should fall out of range. These areas also have documented human checks. We also deal with bio-security risks. These risks are minimized with visitation request forms that have to be approved by vet department. We also shower into most of our facility and change our clothes. These processes are currently documented in our procedures. We have been following these procedures since before I arrived 15 years ago. Do we need to formally re-address all of these risk reduction process in order to comply with RBT?

Thanks All,

Matt

 

I believe you have adequately address the risks you have mentioned.

Should your organization update, improve or introduce changes to your system/processes/products/services, most probably your organization will need some form of planning or review. Clauses 6.1 and 10.2.1e will be useful as your reference.

For guidance, you may refer to Annex A.4 statement that says: "Although 6.1 specifies that the organization shall plan actions to address risks, there is no requirement for formal methods for risk management or a documented risk management process".

 

I agree with Tony I think you have things covered and you have the plans in place that you shouldn't need to "formally" do anything.

With that said it might be a good opportunity to re-evaluate the system under the RBT. I encountered a similar situation in that everything had been in place and working. We were required to do a risk analysis and it turned into a fun discussion of things that could be improved upon and questions of why we were doing something so dumb. Bottom line it was a very worthwhile exercise and left us with a really good template to manage change from. Just a thought.

 

A good risk analysis program will help organization to ensure that they are monitoring and measuring those factors that are critical to the effective implementation of the QMS. (9.1.1). Furthermore you need to evaluate the monitoring and measuring results and retain appropriate documented information.(7.5.1). Hope this helps.

 

Dear Matt,
ISO 9001:2015 requires for the organization to determine and address not only risks but also opportunities. The standard distinguishes opportunities “at large” (6.1) and opportunities for improvement (10.1). The former are wider in scope than the latter since they are to be addressed, on one hand, to ensure the achievement of QMS intended results, and on the other hand, implement QMS improvements.. It would be interesting to know how your company deals with opportunities.

 

No. Your company has implemented the Risk-based thinking. An auditor will examine that you have records of your mitigation as planned.