Will it become a requirement, indirectly?
I plan to identify and review all risks and opportunities in the MRM but still unsure about maintaining a separate register (document).
A: 1. ISO 9001:2015 does not require neither development, nor maintenance of a Risk register. Risk register is a part of risk management methodology. Risk register development is a good practice, but not the Standard requirement.
Risk- based thinking initiates the consideration of multi-variant approach in decision-making. It may be represented as a possibility of the expected result offset into a negative or positive part of a certain ‘scale’ depending on disturbances in the result achieving process.
1) risk formulating (naming the possible disturbances);
2) risk identification (digitization), as a rule, the negative consequences are considered;
3) risk ranking (risk value sorting, descending)
In this case, the ‘Risk register’ describes the possibility of the expected result offset to the negative part of the ‘scale’.
A good practice is to develop an ‘Opportunity Register’ - the analysis of disturbances and consequences that offset the expected result into the positive part of the ‘scale’.
This decision is fully aligned with the requirement 6.1.1 of ISO 9001:2015 to
‘determine the risks and opportunities that need to be addressed to b) enhance desirable effects; c) prevent, or reduce, undesired effects;’ |
2. Documenting the Register is also a good practice, not the requirement of the Standard. Over time, and as a result of risk treatment, the components (probability and consequences) change. A good practice is to review the Registers at the set intervals, for example every 6 months.
More on Risk management:
$109.00
|
 |
|
$24.00
|
||
Reference table
Free
|
||
Presentation, 5 slides
Free
|
||
Presentation, 3 slides
Free
|
||
No comments:
Post a Comment