As part of the requirements for ISO9001 2015, Section 6 is entitled Planning and Section 6.1 is entitled “Actions to address risks and opportunities”.
There are two areas of risk; firstly strategic risks and secondly process risks. Companies have to identify the different types of risks that fall into these categories and assess both the likelyhood that an identified risk will happen and the impact of the risk. One effective way of doing this is to rate the likely occurrence and the impact on a scale of 1to10 where 1 is very low and 10 is very high. For each of the risks i suggest that the 2 numbers are multiplied together and for those with the highest results the company should have in place an action plan including timescale to reduce the likelyhood and/or impact of the risk.. These risk assessments should be documented together agreed action plans
a regular review of progress on these action plans plus ongoing review of all the risks identified should be carried out and In addition a review of whether any new strategic and process risks have been identified…
Phil Brown Quality and Environmental Consultant 