Improvement in effectiveness (10.3 Continual Improvement) of Management System

Risk Management is a Project, Risk Assessment is a Process.

1. Management System requirements esp in ISO standards have 6.1 Risk Assessment as one of the requirement in '6.0 Planning'. Risk Assessment is carried out using a defined method for the scope of management system in the organization. As a part of that methodology, risk assessment is carried out at a planned interval or when triggered to assess the risk at different points in time, and it (reduced status of risk) can demonstrate improvement in effectiveness (10.3 Continual Improvement) of Management System.

2. Risk Management is a project. A project has a beginning and end. When it comes to setting up a new facility or develop a product or, change an existing method, technology or product as a corrective action, it is treated as a Project. Here Project Risk Management is evaluated before and after implementing a change (eg. 8.1 Management of Change and 10.2 Corrective Action).

3. Risk Assessment (6.1) is all about identifying and assessing risks (concerns, causes of uncertainty) against the (5.2 Policy) commitment of the management. As a result, output of Risk Assessment is '6.2 Control Objectives' applicable to 'Processes and Plans'), in order to prevent those identified and assessed Risks and achieve the Policy.