1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Need help to clear my Doubt on Actions to address risks & opportunities

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Baner, Jul 12, 2023.

  1. Baner

    Baner Member

    Joined:
    Oct 4, 2022
    Messages:
    7
    Likes Received:
    3
    Trophy Points:
    2
    Clause No - 6.1.2 - Standard says that : The organization shall plan a) Actions to address these risks & opportunities
    By actions does the Standard mean here that we should do planning of the risks which we have identified in terms of low ,medium & high ? What does the word address means here .Does the word address means that whatever risks we have identified we should first plan to put them in category in this clause & after that decide an action
     
    Baner, Jul 12, 2023
    #1
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,109
    Likes Received:
    2,562
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Welcome to the QFO!

    If you look elsewhere in the standard I believe it makes a statement (Annex A.4, page 22) to the effect that a formal risk management methodology is not required, so no categorizing "H, M, L" is needed. All the organization needs to do is distill the information from the external and internal issues (for example using a S.W.O.T or P.E.S.T. Analysis - in the Context - and decide a plan to address those the leadership identify as most in need of action. Don't over complicate things.
     
    Andy Nichols, Jul 12, 2023
    #2
    tony s, MonsterEnergy22 and John C. Abnet like this.
  3. John C. Abnet

    John C. Abnet Well-Known Member

    Joined:
    May 23, 2017
    Messages:
    710
    Likes Received:
    510
    Trophy Points:
    92
    Location:
    Upper Midwest- USA

    I would add to the good council you received from @Andy Nichols that the clause you stated is in section 6- Planning. While we are required to refer back to the parties and 'issues'(challenges) that may impact achieving their needs when we are planning, those "parties-issues' (challenges) are in section 4- context of the organization and are generally quite STATIC.

    In section 6- planning, which is where you are referring to, it (as you pointed out) directs us to plan actions to address ...risks and opportunities. Risks and opportunities as describe in section 6 are often VERY dynamic (NOT static). In other words, your organization likely does not realize TODAY, risks and opportunities that may present TOMORROW. It is likely that your organization plans 'actions to address risks and opportunities" on a regular basis. This makes it nearly impossible to have a 'list' of risks and opportunities. The real challenge is to be able to show evidence of those "plans"...regarding actions to address risks and opportunities. While there is no specific requirement to document those plans...it is a fair question for auditors to ask for evidence where risks-opportunities were determined and planned actions were taken.

    Hope this helps.
    Be well.
     
    John C. Abnet, Jul 12, 2023
    #3
  4. Baner

    Baner Member

    Joined:
    Oct 4, 2022
    Messages:
    7
    Likes Received:
    3
    Trophy Points:
    2
    Thank you all to clear my Doubt
     
    Baner, Jul 14, 2023
    #4
  5. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,055
    Trophy Points:
    112
    Location:
    Laguna Philippines
    The requirement only says "plan actions" NOT "plan risks". @Andy Nichols is right about Annex A.4.
    Definitely, the answer is a big NO. If somebody will insist that you have to adopt the guidelines in ISO 31000, here's another good reference that will help you to demystify their interpretation:
    According to ISO/TS 9002:2016 (Guidelines for the application of ISO 9001:2015) clause 6.1.1: "There is no requirement in ISO 9001 to use formal risk management (in accordance with ISO 31000) in determining and addressing risks and opportunities. An organization can choose the methods that suit its needs."
     
    tony s, Jul 17, 2023
    #5
    Andy Nichols likes this.
  6. Baner

    Baner Member

    Joined:
    Oct 4, 2022
    Messages:
    7
    Likes Received:
    3
    Trophy Points:
    2
    Thank you Tony
     
    Baner, Jul 19, 2023
    #6
    tony s likes this.