Are FMEA and Risks Registries adequate against Clause 6.1.1?

I think ISO TC176/SC2 meant to retreat from simple concepts like yin and yang; they did revise their guidance document (it used to describe opportunity as "the upside of risk.") Now opportunities can also have risks. We just need to consider them, weigh them, decide if and when actions are appropriate. Risk is merely the effect of uncertainty. We usually think of it as a bad thing, but is it always? Wasn't the Post It Note the result of a failed super glue experiment? Uncertainty led to opportunity, which of course had its own uncertainties (they had to start at the beginning to market a glue-that-was-not-a-glue) but it turned out to be a good risk didn't it?

 

That is an intriguing idea. I haven't seen it yet, but why not? It sounds creative and could work. All that's left is to find a way to link those identified risks to the "what-next" steps: consideration, decision, action, results.

 

Neither! Your consultant doesn't understand that the ISO 9001 requirements are attempting to have the organization look at these issues at a strategic level - the word is right in there. Not meeting a target isn't strategic. It's tactical. AUditors also don't understand this aspect, so make all kinds of random comments which go to compound the confusion.

Have your management done a SWOT analysis or similar? What are the strategic risks/opportunities? What (strategic) planning is in place to address the issues you've identified and develop the QMS processes to address them?

That's what this is about.

 

I'd somewhat agree with John, except to say that my experience with this aspect has shown that the S & W are internal, and can still be strategic. For example, in the USA in manufacturing, we're running low on skills. Most high schools don't have any kind of "shop" technology class, so grads have never had hands on with basic metal or wood working tools (many schools don't have chemistry either). This may result in an organization developing (with a local education provider, like a community college) a fully fledged apprenticeship program. This is likely significantly different from any current training process and will need to be developed to deliver the quantity of people, with the right skills to provide for the short-fall being projected.

 

I think this is too complex and not what the standard is actually looking for. I'm not sure what you refer to as an "OFI", but I'm guessing that it has little to do with the "risks and opportunities" mentioned in the ISO 9001 requirements. A quick look at ISO/TS 9002 gives excellent coverage to what the Quality Management System is supposed to be considering. All this discussion of risk registers and what auditors "think" (who really cares what they do?) has little to do with the practical identification of the "issues" mentioned in the Context section and then the Planning section of ISO 9001. People run the actual risk of making things far more complex than is really needed. Don't forget, the standard is written in terms that far less sophisticated businesses all around the World can understand and implement. Let's make this easy for management to a) grasp and b) support because it's valuable. Mixing "improvement" and risk has no place in a QMS. They are fundamentally different things.