ISO 9001:2015, a new approach to risk-based thinking
Posted: Mon Jan 27, 2025 6:42 am
The Coordinator of the Official University Master's Degree in Food Safety Management at Bureau Veritas University Center , Belén Macías, talks to us about the new ISO 9001:2015 standard .
The new version of ISO 9001:2015 is based especially on three fundamental concepts:
The process-based approach, whose success was already evident in the 2008 version.
The PDCA methodology: Plan, Do, Check and Act.
Risk-based thinking , new in the 2015 version of ISO 9001 .
It is essential that this term does not cause confusion, since risk is generally associated with something negative that must be mitigated, eliminated, its impact reduced, etc., but it must be taken into account that it can also refer to the generation of opportunities , whose impact as well as the possibility of occurrence is to be increased.
The new version of the ISO 9001 standard addresses risk part time data management, focusing especially on strategic risks: "threats" and "opportunities" , with a certain probability of occurrence and a certain impact on the achievement of the vision and the objectives that deploy it.
In this way, a direct link between the risk-based approach and process performance appears . The flexibility required to consider different types of processes and activities is recognized as a necessary factor for the application of this approach, and therefore, the different degrees of risk and opportunities that they may represent for meeting its objectives.
It should be during the planning of the Quality Management System and its processes , when the organization identifies these risks and opportunities of each process to meet the expected results, and defines the actions necessary to treat these risks or achieve these opportunities.
However, it is important to clarify that ISO 9001:2015 will not require a Risk Management System , but rather, it will require the organization to identify the risks that may affect the Quality System and the conformity of the product or service, so that the system can be planned based on this information. What the standard requires is an approach to risk-based thinking .
Thus, the ISO 9001:2015 version leaves the organization completely free to establish the necessary measures and develop a risk-based approach, and can rely on specific tools such as the ISO 31000 standard, " Risk Management. Principles and Application " , which provides guidelines on risk management that can be adapted to the needs of the company.
Using the definition provided by the ISO 31000 Risk Management standard, risk is :
The combination of the probability of something happening and the consequences it could have . The possibility that a certain action could affect, positively or negatively, the result of the processes and/or the achievement of the organization's objectives .
Carrying out an analysis of this definition, it is concluded that the risk-based approach represents the preventive nature of the Quality Management System , which has always been implicitly present in the standard.
The new version of ISO 9001:2015 is based especially on three fundamental concepts:
The process-based approach, whose success was already evident in the 2008 version.
The PDCA methodology: Plan, Do, Check and Act.
Risk-based thinking , new in the 2015 version of ISO 9001 .
It is essential that this term does not cause confusion, since risk is generally associated with something negative that must be mitigated, eliminated, its impact reduced, etc., but it must be taken into account that it can also refer to the generation of opportunities , whose impact as well as the possibility of occurrence is to be increased.
The new version of the ISO 9001 standard addresses risk part time data management, focusing especially on strategic risks: "threats" and "opportunities" , with a certain probability of occurrence and a certain impact on the achievement of the vision and the objectives that deploy it.
In this way, a direct link between the risk-based approach and process performance appears . The flexibility required to consider different types of processes and activities is recognized as a necessary factor for the application of this approach, and therefore, the different degrees of risk and opportunities that they may represent for meeting its objectives.
It should be during the planning of the Quality Management System and its processes , when the organization identifies these risks and opportunities of each process to meet the expected results, and defines the actions necessary to treat these risks or achieve these opportunities.
However, it is important to clarify that ISO 9001:2015 will not require a Risk Management System , but rather, it will require the organization to identify the risks that may affect the Quality System and the conformity of the product or service, so that the system can be planned based on this information. What the standard requires is an approach to risk-based thinking .
Thus, the ISO 9001:2015 version leaves the organization completely free to establish the necessary measures and develop a risk-based approach, and can rely on specific tools such as the ISO 31000 standard, " Risk Management. Principles and Application " , which provides guidelines on risk management that can be adapted to the needs of the company.
Using the definition provided by the ISO 31000 Risk Management standard, risk is :
The combination of the probability of something happening and the consequences it could have . The possibility that a certain action could affect, positively or negatively, the result of the processes and/or the achievement of the organization's objectives .
Carrying out an analysis of this definition, it is concluded that the risk-based approach represents the preventive nature of the Quality Management System , which has always been implicitly present in the standard.