Understanding ISO 9001:2015 (article4)

? Planning

Actions to address risks and opportunities

When planning the QMS, the organization will have to consider the context of the organization and the needs and expectations of interested parties in order to determine risks and opportunities that need to be addressed.

The purpose of addressing risks and opportunities is to ensure that the QMS will achieve the intended results, enhance desirable effects, and achieve improvements. The actions have to be planned and implemented in the QMS and later evaluated for their effectiveness.

• How to address risks and opportunities in ISO 9001?

1. Identify the risks and opportunities
2. Plan your response
3. Integrate the response into your quality management system (QMS)
4. Evaluate effectiveness

Risk-based thinking has been given a far more prominent role in the ISO 9001:2015 standard than it’s received in the past.

1 Identify the Risks and Opportunities

A lot will go into the identification of potential risks for a company. There are two distinct kinds of risk that a company may encounter: external and internal.

External risk is the risk incurred from the environment in which the company operates. These can be legal, regulatory, financial, and cultural risks.

Internal risk is the risk incurred from within an organization. This can be caused by an organization’s structure, resource deficiencies or allocation, and hierarchy.

Risk and opportunity need to be determined within the context of the business, something that will lead to different definitions of each term for different organizations.

Additionally, in many cases, risk will also bring opportunity. Companies need to properly assess where risk ends and opportunity begins, and how they can reduce one while capitalizing on the other.

2 Plan Your Response

As with any other part of the ISO 9001 standard, companies are required to develop a plan for addressing the risk and opportunities they’ve identified. A company will need to do an in-depth assessment of the possible risks for this part.

• How likely are these risks?
• How disruptive would they be if they were to happen?
• What amount of resources is your company willing to dedicate to mitigating these risks?
• Similarly, what is the potential for capitalizing on the opportunities?
• Can their likelihood be increased while mitigating the risk?
• Is the potential risk worth incurring for a chance at capitalizing on the opportunity?

Once these assessments have been made, an organization can develop a plan for addressing the risks and opportunities based on their stated strategies for both. Without properly assessing their appetite for risk, an organization cannot properly plan to either mitigate it or capitalize on the opportunities it presents.

In accordance with the ISO 9001 standard, these plans need to be clearly laid out, with a plan for documenting the process and keeping clear records of it.

3 Integrate the Response into Your QMS

This step requires a company to insert the plan they’ve developed for addressing risk and opportunity into the greater framework of the QMS that they already have in place. This step is critical, in that the plan needs to allow for the rest of a company’s QMS to remain seamless.

As a standard that emphasizes universal application, the nature of ISO 9001 will require that the process developed for addressing risk and opportunity be compatible with all other procedures in the company.

For this reason, keeping a company’s QMS in mind as it goes through the process of developing a plan for addressing risk and opportunity can prove to be helpful. Developing a plan only to find that it doesn’t integrate well into the larger process means time and energy have been wasted.

4 Evaluate Effectiveness

This step in the process is also in lockstep with the core principles of the ISO 9001 standard. As with any other procedure in a company operating under?ISO 9000 standards, proper documentation and record-keeping processes will need to be put in place.

This is where a company can record the outcomes and measure the effectiveness of its efforts. This stage in the process is also why it is crucial to develop a comprehensive assessment of the company’s willingness to take on risk and pursue potential opportunities.

Without a detailed understanding of the company’s aims in regard to both risk and opportunity, it will be all but impossible to properly assess the effectiveness of the process that’s been implemented.

As with any procedure in a company operating under?ISO 9001 standards, this step allows for the constant scanning of potential inefficiencies that can be improved upon.

It should be noted that context is also a key factor in any risk assessment process. Risk at one juncture of the process might look different than the same risk at another juncture. This is why having a comprehensive strategy for risk assessment is critical. Preparing for and thinking about all the possibilities will help better prepare your company.

The ISO 9001 standard is an all-encompassing standard, and its principles will guide any plan a company designs for addressing potential risks and opportunities. Following the guiding principles of the ISO 9001 standard will help a company ensure the plan they implement for risk and opportunity is a success.

Quality objectives and planning to achieve them

The standard requires top-level management to establish quality objectives for appropriate functions and departments in the organization (HR, production, purchase, etc.).

Quality objectives must be measurable, quantitative, and time-bound. They must be in line with the Quality Policy so it can be determined whether objectives are met, and if not, what should be done.

• How to Set Good Quality Objectives?

Quality objectives play a critical role in a company’s quality management system. They provide the framework for planning, implementing, and monitoring quality improvement initiatives. But what are quality objectives, and how do you set them?

• What are Quality Objectives?

Quality objectives are specific, measurable goals that a company sets to improve its quality management system. They are typically derived from the organization’s quality policy and are aligned with its strategic objectives. Businesses use quality objectives to improve their products, services, and operations.

Quality objectives should be specific, achievable, relevant, and time-bound. Additionally, they should be reviewed regularly to ensure that they remain relevant and up-to-date. With quality objectives in place, businesses can track their progress and identify areas for improvement.

• Examples of Quality Objectives

Several factors should be considered when writing quality objectives, such as industry, company size, and business goals. With that in mind, let’s take a look at some examples of quality objectives from real-world businesses:

1. Increase customer satisfaction by 10% for the next two quarters.
2. Reduce product defects by 25% within the next 6 months
3. Improve on-time delivery by 5% within the next year
4. Ensure that all employees receive quality training by the end of the year
5. Achieve 100% compliance with all quality standards by the end of next quarter

Planning changes

When the organization determines the need for changes to the QMS, the changes should be carried out in a planned manner. This includes considering their purpose and consequences, the integrity of the QMS, the availability of resources, and the allocation of responsibilities and authorities.

• What is the Planning for Changes in ISO 9001?

Change Management is intended to be beneficial and lead to progress, but should only be implemented when determined by your organization as?relevant?and?achievable.

The purpose of Planning the Changes is to maintain the integrity of the quality management system and the organization’s ability to continue to provide conforming products and services during the change. These changes could relate to any aspect of any process, such as Inputs, Resources, Personnel, Activities, Controls, Measurements & Outputs

To achieve the benefits associated with changes, your organization should consider all types of change that may occur. These changes may be generated, for example, in:

• Processes & procedures
• Documented information
• Infrastructure
• Tooling
• Process equipment
• Employee training
• Supplier evaluation
• Stakeholder management
• Interested party requirements

Integrating Changes to the QMS

Ensure that the organization has planned how to integrate and implement the changes into their?QMS processes. Check that your organization has considered:

1. The?reason for the change; e.g.?context of the organization,?needs of interested parties, customer feedback, complaints analysis, audit results, performance trends, risk reduction or realizing an opportunity,?continual improvement, organization growth, the launch of new products/services, organization restructuring, etc.
2. Assessing the?purpose of the change(s) and potential impact using a risk-based thinking approach to ensure the integrity of the QMS is maintained i.e. focus on priorities, avoid disruption, ensure business continuity, maintain product/service reliability, protect the customer, maintain capability, continue to meet internal/external requirements, etc.
3. The?resources required?to enable the change such as people, knowledge acquisition, infrastructure, environment, budget, trials/tests, ongoing monitoring, structured reviews, etc.
4. Determination of?responsibility and authority?for the change e.g. process owner, lead process users, end users, etc., including the necessary communication, training, and ongoing review to ensure the change is effective (i.e. the planned activities continue to be realized and planned results are being achieved).

--------------------

Understanding ISO 9001:2015:

• Article (1)
• Article (2)
• Article (3)