ISO 9001:2015 uses the phrase “risk-based approach” instead of “preventive action”. For organizations that want to comply with this ISO standard, does taking a “risk-based approach” require something more than using new terminology? What does risk-based thinking mean anyway? Just as importantly, what do a supplier’s attempts to adopt risk-based thinking mean for you?

What Is Preventive Action?

As many quality professionals know, preventive action means taking proactive steps to ensure that a potential non-conformity does not occur. By employing process and system analysis, an organization can identify potential deficiencies and establish priorities for improvement. Preventive action involves doing, but so does risk-based thinking.

What the Risk-Based Approach Requires

The risk-based approach in ISO 9001:2015 involves four main steps:

  • Determine the risks and opportunities
  • Develop plans to address them
  • Implement the actions into quality management system (QMS) processes
  • Evaluate the effectiveness of these actions

Let’s take a closer look at each one.

Step 1: Determine Risks and Opportunities

Risk-based thinking begins by defining the organization’s objectives. The management team then identifies potential events that can impede or advance the organization’s aims. Some risks, such as the retirement of a training manager, are internal to the organization. Other risks, such as a lack of manufacturing talent for hire, are external.

Step 2: Develop Plans

Organizations that use risk-based thinking can adopt various strategies. In addition to risk avoidance and risk elimination, organizations may focus on the likelihood and impact of specific events such as supply chain disruptions. Organizations can also share risks with their supply chain partners, or take risks to pursue new business opportunities.

Step 3: Incorporate Plans into the QMS

Risk-based planning doesn’t stop with determining risks or developing plans to address them. ISO 9001:2015 requires organizations to these incorporate plans into the QMS, which is then systematically examined by both an internal audit team and an external auditor.

Step 4: Evaluate Effectiveness

Successful manufacturers know you can’t manage what you can’t measure. To determine the effectiveness of risk-based thinking, organizations may perform internal reviews, key performance indicator (KPI) analysis, and product evaluations. When necessary, organizations make adjustments. It’s all part of a plan-do-check-act strategy (PDCA) strategy for continual improvement.

Risk-Based Thinking and Your Supply Chain

SHINE is in the process of transitioning from ISO 9001:2008 to ISO 9001:2015 certification. By taking a truly pro-active approach, SHINE will remain a leader in custom cable assemblies, electro-mechanical assemblies, and wire harnessing services. To learn how we can help you, contact us.