1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Risk register for ISO 9001-2015

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Chris Michael, Mar 20, 2019.

  1. Chris Michael

    Chris Michael New Member

    Joined:
    Mar 20, 2019
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    I have prepared the risk register for ISO 9001-2015 which includes only the probability and severity of the risk and mitigation plan, is that okay for ISO 9001-2015 or it also needs DETECTION and CONTINGENCY PLAN? Does the risk is only limited to the all processes of business failure or it should also contain risk to human beings involved in the process or act?
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Hey Chris. Can I ask why you did this? I'm concerned that a) you'll create a monster, b) you'll have to feed it and c) it's not what ISO 9001 is looking for you to do...
     
    Last edited: Mar 20, 2019
  3. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Andy is right. A register is not required; in fact we are encouraged to think of risk in a variety of ways that may be more appropriate to the processes and/or business.
     
    Suraiya Ramkissoon likes this.
  4. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    It's not a requirement to assess the level of risk.
    ISO 9001 clause 6.1.2 only specifies "plan... actions to address risks".
    Any risk, within your scope, that can prevent your organization to:
    • achieve the intended results;
    • enhance desirable effects;
    • reduce undesired effects; and
    • achieve improvement (see clause 6.1.1)
     
  5. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    If you take the definition of risk from the various ISO standards, it's the "effect of uncertainty". ISO 9001 is attempting to have the organization take a strategic look at what might impact - in terms of risks and opportunities - the ability of the QMS to deliver products and services, and to plan for those.

    ISO/TS 9002 mentions the use of SWOT or PEST(LE) analysis as a means to do this. Having determined the internal risk (W) and the external risk (T) and opportunities, you have to plan for those. A weakness may be the loss of older employees and the knowledge they posses and no-one younger to replace them, so you have to plan to train people, using the resources you have - before they retire. etc.
     
    Jennifer Kirley and tony s like this.
  6. KyleG

    KyleG Active Member

    Joined:
    Nov 7, 2018
    Messages:
    96
    Likes Received:
    68
    Trophy Points:
    17
    Location:
    Reno Nevada
    we use a SWOT analysis, we also have a weekly Communications meeting where we discuss potential risk, new customers, not enough product, too much product etc. Just have to show management is focused on risk base thinking and not blindly jumping into things.
     
  7. KyleG

    KyleG Active Member

    Joined:
    Nov 7, 2018
    Messages:
    96
    Likes Received:
    68
    Trophy Points:
    17
    Location:
    Reno Nevada
    yes
     
    Andy Nichols likes this.
  8. KyleG

    KyleG Active Member

    Joined:
    Nov 7, 2018
    Messages:
    96
    Likes Received:
    68
    Trophy Points:
    17
    Location:
    Reno Nevada
    i wasnt questioning my process, i was helping OP be explaining how my company does it.....
     
    RoxaneB likes this.
  9. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    I hope you still have your report on this issue. Can you share with us how you described the audit finding?
     
  10. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Because I'm asking you about how you stated your finding of a major NC?
     
  11. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    If you take the various requirements of ISO 9001 and put them together, (mainly 4 and 6 in this case) some type of planning IS required (I wouldn't call it "contingency", but that's your choice for your org.) and that plan is to work on whatever processes of the QMS are going to address the risk(s) and opportunities. Before we make a monster here, of creating registers and rankings and so on, let's not overlook that ISO 9001 wasn't just written for the western world where people like to complicate things to massage an ego, show how much they know about a subject or keep some mystery about a job. It's written so that "3rd World" countries can also implement it, and hence, the requirements need to apply to unsophisticated businesses - it would be unfair to trade if it wasn't. Back to the story...

    If you have identified that a lack of skilled people to replace looming retirements is a risk, then clearly, one way to address that is to develop a training program like an apprenticeship. That isn't like 30, 60, 90 day training and annual needs evaluations. It's far different, may need the support of a local technical school and so on. Who will develop the training, testing and so on? That's what's needed. Anyone promoting anything more complex isn't speaking from the point of view of actually IMPLEMENTING this stuff, which is all that counts.
     
  12. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    I have seen a number of posters ask the question "Must the top manager attend management review?" as a plaintive cry for validation in thinking top management is not engaged enough.

    That said, there is not enough information here for me to feel sure this is a nonconformity, let alone a major. For example, I would need to know in what other ways the top manager supports the system, goals and policies, and if he/she participates in management review remotely. I would need to see if he/she provides part of the output and feedback.

    As for major versus minor, the rules as per my own CB's procedures are specific and differ a little from the explanation ANAB provides. So it is no good to judge without having all the procedural details about that either.

    Let us return our focus on the original subject: risks and how to address them.
     
    tony s likes this.
  13. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    This is a "people helping people" forum. There are times that posters will impose on others that "if you don't do this/that, it's an NC". For those who are still new to ISO standards, they might take such impositions as the gospel truth. To help this newbies acquire a broader perspective, those with exposure with "evidence-based" information should not be hushed when they express their positions dissenting against impositions that are bereft of bases.

    As much as we want to stay neutral, there are times we need to take sides when being neutral begets acquiescence.
     
    Andy Nichols likes this.
  14. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    It is okay to not be neutral, but the conversation must remain civil and productive.