ISO 9001:2015 - Where is Risk Addressed?

Clauses That Make Reference to Risk Based Thinking

​Risk-based thinking is something we all do automatically and often sub-consciously to get the best result. The concept of risk has always been implicit in ISO 9001 – the 2015 edition makes it more explicit and builds it into the whole management system. Risk-based thinking ensures risk is considered from the beginning and throughout.

​While Clause 6, Planning, is an obvious reference to risks and opportunities, the concept of risk-based thinking is present throughout the Standard.  Where is risk addressed in ISO 9001:2015?

Introduction - the concept of risk-based thinking is explained.

Clause 4 – the organization is required to determine its QMS processes and to address its risks and opportunities.

Clause 5 – top management is required to
·      Promote awareness of risk-based thinking
·      Determine and address risks and opportunities that can affect product /service conformity.

Clause 6 – the organization is required to identify risks and opportunities related to QMS performance and take appropriate actions to address them.

Clause 7 – the organization is required to determine and provide necessary resources (risk is implicit whenever “suitable” or “appropriate” is mentioned).

Clause 8 – the organization is required to manage its operational processes (risk is implicit whenever “suitable” or “appropriate” is mentioned).

Clause 9 – the organization is required to monitor, measure, analyze and evaluate effectiveness of actions taken to address the risks and opportunities.

Clause 10 – the organization is required to correct, prevent or reduce undesired effects and improve the QMS and update risks and opportunities.