Congratulations to Texas Stress on their successful ISO 9001:2015 Certification! Learn more about their company and services at http://www.texasstress.com.
This photo is from just outside our Fulshear, TX office during Hurricane Harvey 2017.
When determining business risk, make sure to consider the environment as an external factor. In extreme circumstances such as this, there is no way to provide your products and services to your customers.
Two of the most frequent inquiries we receive relating to the ISO 9001:2015 Standard are seeking help in understanding and determining "Context" and "Risk Based Thinking".
As for context, the easiest explanation is to consider it as an opportunity to present “about our company”. Who we are, what we do, how do we do it, and who do we do it for. For example, many companies may make chairs, but all chairs are not created equal (e.g., a chair may be for an office, a kitchen table, a bar, a plane, a patio, a pool, etc.). If your business was a painting on canvas, your context would be the background.
The best approach we’ve had so far is to replace the “old” ISO 9001:2008 manual with a “new” ISO 9001:2015 manual that addresses all of the above. Rather than just restating and paraphrasing the ISO 9001 standard, the QMS becomes the company’s explanation of its interested parties, products and processes, and how it manages quality. Once documented, it should be communicated internally, so everyone can understand and speak the same language.
As for risk based thinking, the only requirement of ISO 9001:2015 is that the organization can demonstrate that it is applying this concept. TC-176, the ISO technical committee responsible for this standard, intentionally didn’t prescribe any requirements, for fear of alienating the various users of the standard. Along with several other new requirements, this hesitation created more problems than it solved. Now the certification auditors are taking it upon themselves to mandate their own personal opinions…
The best approach we’ve had with this area is the use of a risk registry (list), detailing by each QMS process, what risks we consider to be important. Once identified, this registry is scored highest-to-lowest (based on whatever company-defined method is used), with the highest values being those which are considered to require immediate control. The rest can just be monitored for change. If you’re familiar with the term, think FMEA (Failure Modes Effects Analysis).
Our ISO 9001 Blog
Information, thoughts and periodic updates from MAS Solutions' QMS Consulting Group.
Please Like or Share this page if you find the content useful, so we'll know to keep posting. Enjoy!