QMS as a preventive tool

Is there a point or a question here? With all due respect, there are a lot of big words and citations in that paragraph and your intent/message is lost on me (and English is my first language).

 

So, to be clear, concise AND articulate, you are giving your perspective on an undeclared aspect of ISO 9001:2015. If I had to guess, you are attempting to say that ISO 9001 is, by its very nature, risk management.

I still don't know what you are attempting to do. Are you asking a question, Leonid? Are you attempting to create a discussion? Are you asking for our opinions? Are you asking for our critique of your written words? We really can't do much unless we understand WHY you posted this.

If I posted "The sky is blue", people would be asking the same questions. Am I asking for confirmation that the sky is blue? Am I asking for a discussion on the various shades of blue? To create a post and provide no context is confusing and we are uncertain how to respond beyond "What are you asking?".

 

I don't agree with this at all. In fact, it's been a long held understanding, going back to the very first versions of the various supplier QA requirements on which ISO 9001 was (ultimately) based. When I implemented NATO AQAP 1 it was UNDERSTOOD by NATO's SHAPE organization to be a preventive measure! I don't know when you came to "ISO", but I and many of my peers have known this for a long time - being "talked up" is because it's understood not needing hype...

 

Like Andy, I disagree about the "new, not talked-up" status of the subject - if you do a search here in QFO for "preventive", "preventative" and "risk", you'll see a lot of conversation on the topic. However, to take it a step further, I also disagree with "Any certified organization maintains the QMS to prevent risks of deviation from the standard requirements." Considering ISO 9001 is pseudo-voluntary standard, organizations pursue either because it will gain new business or maintain existing business, with the added bonus of standardizing (and possibly creating) their management system activities. The level to which they maintain their management system is what separates the "just a piece of paper on the wall" organizations from the platinum performers.

When ISO 9001 was first issued, as long as an organization was producing consistent product, that's all that mattered. It could have been consistent crap (i.e., failed to meet Customer requirements) and an organization could still manage to attain certification. Over time, the standard has evolved to include the consideration of meeting customer and other statutory/regulatory requirements, plus the evaluation of these efforts, but again, this is not done because an organization (at least a benchmark one) wishes to avoid a nonconformance associated to deviating from the requirements. An organization that understand the value of a best practices, standardized system designs and develops processes that support their ability to meet customer and statutory/regulatory requirements, while adding value to the organization...a smart organization examines how ISO 9001 can fit its processes, not the other way around.

Naturally, "non-fulfillment of standard elements...can affect the organization's ability to achieve the intended results". We all know this. However, I think of "results" in terms of value - I'm more concerned with process results, meeting Customer and regulatory/mandatory requirements, quality of product/service, adding something positive to the organization, reducing waste. I don't consider certification to be a "result"...it's really just the icing on my management system cake.