1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Baseline data for risks

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Leonid, Feb 3, 2016.

  1. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    An organization could select and review actions (administrative, managerial, technical, etc.) implemented in the last year(s), understand their purpose and determine what risks, i.e. probable deviations from expected, were or could be addressed by them and what context of the organization was pertinent to these risks. As a result, the organization will have ample baseline data for determining risks for the present. The best would be to get access directly to preventive actions taken in response to potential nonconformities (per se risks) but this data are usually limited.
    Will this preliminary step to determining risks be helpful?
     
    Somashekar likes this.
  2. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    What would be the basis upon which these actions were selected?

    There is a hurdle for the purpose of establishing the process is in place for existing processes and products/services. How to "demonstrate" risk based thinking looks like a chore, something to conjure for the sake of certification. Such thinking has led to concerns that FMEAs must be made for everything. But ISO/TC 176 has offered that other means will work for "demonstrating" so as to broaden our thinking and reassure us that we don't have to rewrite everything or do a lot of busywork.

    I suggest the basis of an organization's risk management would be their existing business plan. ISO/TC 176 has included it in suggested tools to help with risk based thinking. What does it say?

    Going forward from that, yes I agree that it's perfectly okay to take what we already know about risk, so we can point to that as part of demonstrating and use the data to further develop/change what is done in order to make the risks more desirable.
     
    Somashekar likes this.
  3. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    The business plan is a good sample of actions to be reviewed with the purpose to determine “deviations from expected - positive or negative” (the definition of risk) addressed by these actions.
     
  4. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Yes, exactly; also changes made based on actions should they be treating it like the living document it is, which indicates risk was recognized, decisions were made, and so on. The business plan could also be the Annual Operations Plan, or go by some other name.
     
    MCW8888 likes this.
  5. Somashekar

    Somashekar Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    114
    Likes Received:
    98
    Trophy Points:
    27
    I only hope all the organizations who go into the 2015 have a business plan consistent with the organization purpose ... :):cool: