Risk Assessment is being added in ISO 9001:2015

With increasing competitive environment, technology advancements, outsourcing trends, government regulations, greater awareness of environment and safety aspects and many other external threats & challenges, consideration of risk in all business activities is becoming increasingly important. Profit margins are diminishing but Customer expectations are increasing.

With these business challenges and customer expectations if risk assessment of business activities including internal processes relating to production and/or service delivery are not identified and mitigation actions not taken a company can easily go out of business.  

Yes, even if a company does not have some formal or documented risk assessment tools and controls in place, its management on every day basis is taking mitigation actions for some obvious and easily noted risk, else, it would not have been existing in the business. But that is not good enough and now time has come to formalize risk assessment process, mitigation actions, and implement controls to minimize risk. Use of tools like Failure Mode and Effect Analysis (FMEA) will be a big help in risk assessment process. After risk assessment and defining controls, it is also important for the management to clearly define expectations and residual risk after putting controls in place. Residual risk will be assessed by using following expression: Due to the importance of risk assessment in all processes and at all stages of product/service realization, it has already been made a mandatory requirement in QMS standards of Aerospace industry i.e. AS9100, AS9110, Auto industry i.e. TS16949. Sure, it will also be coming in new ISO 9001 standard.  

So, why to wait if it makes good business sense and a good head start for those who are ISO 9001:2008 certified.  

Written By:Safi Qudsi

Certified Lead Auditor &Technical Expert