What is the Difference in Risk definition between ISO 9001:2015 and ISO 31000?
The key difference of ISO 31000:2009 is
that the Standard defines the requirements for Risk management as a System. Risk management system
(as per ISO 31000) and Quality management system (as per ISO 9001:2015) can be
seen as Integrated enterprise management systems (as well as ISO 14001, 45001,
27001, 11462, SA 8000 and others) .
P-D-C-A Cycle in Risk management system
per ISO 31000:2009 is defined as follows:
Plan - Planning actions to
address risks and opportunities. Project of risk management framework.
Do - Integration and implementation actions to address risks and
opportunities into QMS processes.
Control - Evaluation of the effectiveness of actions to address risks and opportunities.
Monitoring and analysis of risk management framework.
Act - Achieving improvement.
The key idea of ISO 9001:2015 is
risk management provision in each QMS
process– as per cl.4.4.1.f. Clause 6.1 of ISO 9001:2015 provides some details
on how to do it. That is, the requirements of ISO 9001:2015 regarding risk
management are limited to the stage ‘Do
- Integration and implementation actions to address risks and opportunities
into QMS processes’ of ISO 31000:2009.
Therefore, it is possible to implement the
ISO 31000:2009 in the Quality Management System as per ISO 9001:2015 as a Full-scale
or Small-scale program.
For the Full-scale program, it is
necessary to develop and implement an ISO 31000:2009 Risk management system as a part of the QMS. These systems are easy to integrate, for example:
•
create an
organizational structure for risk management, led by the Risk Owner;
•
distribute
the responsibility and authority (by including them in job descriptions),
identify interaction;
•
Conduct risk
management training at all levels of the company;
•
develop
guidance on risk management system - it is a good practice to do it in a format
of QSP 6.1-01 ‘Actions to address risks and opportunities’;
•
Integrate the risk
management principles as part of the Quality Policy, for example: "Risk
management is a part of decision-making. The efficiency of risk management is
based on the commitment of the leadership at all levels of the organization.
Risk management is systematic, structured, coordinated in time, based on the
best available information, and corresponds to the level of corporate culture
";
•
include risk
treatment tasks in Quality objectives;
•
include
requirements of QSP 6.1 ‘Actions to address risks and opportunities’ in the QMS
internal audit criteria.
This will be quite sufficient.
For the Small-scale program – the implementation can be limited to the ISO
31000:2009 requirements in terms of ‘Do - Integration and implementation
actions to address risks and opportunities into QMS processes’ for each QMS
process. For example, develop a Risk management methodology for the QMS processes,
that includes:
•
risk
identification,
•
risk analysis,
•
risk
evaluation,
•
risk treatment.
Free Downloads
- Risk Management Requirements Implementation in ISO 9001:2015 clauses (Reference Table)
- Risk Management Requirements in ISO 9001:2015 clauses (Presentation, 5 slides)
- Risk Management in QMS Processes (Presentation, 3 slides)
Have an ISO 9001:2015 related question? Get it answered by an expert!
No comments:
Post a Comment