The webinar covers: • Important changes in QMS • Context of the organization • Planning - Risk Assessment & Identification of Objectives Presenter: This live session was presented by Tariq Khan, PECB Partner and Trainer, who is also the country manager for IMS Reliance. Link of the recorded session published on YouTube: https://youtu.be/MhDWbDPHMeA

1. QMS Risk Assessment

2. Main Topics
• Important changes in QMS
• Context of the organization
• Planning (Risk Assessment & Identification of Objectives)

3. Structure
• ISO 9001:2015 now follows the same overall structure as other ISO
management system standards (High-Level Structure), making it easier
for anyone using multiple management systems.
• See Annex SL of ISO/IEC Directives Part 1 (the rules for developing ISO
standards) for further information.

4. Focus on risk-based thinking
• This has always been part of the standard, but the new version gives it
increased prominence.

5. What benefits does the new version bring?
• The new version of the standard brings the user a number of benefits.
• ISO 9001:2015:
• Puts greater emphasis on leadership engagement
• Helps address organizational risks and opportunities in a structured manner
• Uses simplified language and a common structure and terms, particularly helpful
to organizations using multiple management systems
• Addresses supply chain management more effectively
• Is more user-friendly for service and knowledge-based organizations

6. Where is risk addressed in ISO 9001:2015?
The concept of risk-based thinking is explained in the introduction of ISO
9001:2015 as an integral part of the process approach.
ISO 9001:2015 uses risk-based thinking in the following way:
• Introduction - the concept of risk-based thinking is explained
• Clause 4 – the organization is required to determine its QMS processes and
to address its risks and opportunities
• Clause 5 – top management is required to
 Promote awareness of risk-based thinking
 Determine and address risks and opportunities that can affect product /service
conformity
• Clause 6 – the organization is required to identify risks and opportunities
related to QMS performance and take appropriate actions to address them

7. Where is risk addressed in ISO 9001:2015?
• Clause 7 – the organization is required to determine and provide necessary
resources (risk is implicit whenever “suitable” or “appropriate” is
mentioned)
• Clause 8 – the organization is required to manage its operational processes
(risk is implicit whenever “suitable” or “appropriate” is mentioned)
• Clause 9 – the organization is required to monitor, measure, analyse and
evaluate effectiveness of actions taken to address the risks and
opportunities
• Clause 10 – the organization is required to correct, prevent or reduce
undesired effects and improve the QMS and update risks and opportunities

8. Why use risk-based thinking?
By considering risk throughout the system and all processes the likelihood of
achieving stated objectives is improved, output is more consistent and
customers can be confident that they will receive the expected product or
service.
Risk-based thinking:
• improves governance
• establishes a proactive culture of improvement
• assists with statutory and regulatory compliance
• assures consistency of quality of products and services
• improves customer confidence and satisfaction
• Successful companies intuitively incorporate risk-based thinking.

9. Context of the organization
• The purpose of Context of the organization is to define key elements of the
Organization's management system.
• By identifying the key elements herein, the full context of the organization
can be understood, and thus communicated to employees, customers,
regulators and other third parties.
• By doing so, senior management is also better able to guide the company
through the use of an informed strategic direction.

10. Context of the organization
• Interested parties
Interested Party Internal or External
Customers External
Employees Internal
End users External
Suppliers (vendors) External
Regulators External
Public External
Certification Bodies External
Competitors External

11. Context of the organization
• INTERNAL ISSUES OF CONCERN
Type Issue Bias
Technological XYZ currently has adequate technological resources to
consistently produce its products
Positive
Employee base Availability of skilled workforce in the area remains high Positive
Employee base Employee turnover is low Positive
Supply Chain Quality issues pertaining to raw materials or critical services
may not be addressed properly when using sole source or
limited-source suppliers
Negative

12. Context of the organization
• EXTERNAL ISSUES OF CONCERN
Type Issue Bias
Competition
Services does not have significant competition in this market
at this time.
Positive
Society & Culture
Services not present any particularly controversies that
would result in negative reactions from society or the public.
Neutral
Labor
Statutory/Regulatory
Economic

13. Context of the organization
• ORGANIZATIONAL RISKS
Risk Likelihood Severity Mitigation
Business interruption due to
natural disaster
Low High Develop Business Continuity Plan
Business interruption due to
labor dispute
Critical equipment failure
Product recall
Loss of critical supplier(s)
Loss of critical personnel

14. Risk Assessment
• Organization shall;
• Considers and manages risks and opportunities differently.
• Risks are managed with a focus on decreasing their likelihood, and minimizing
their impact if they should occur.
• Opportunities are managed to increase their likelihood, and to maximize their
benefits if they should occur.
• Where risks and opportunities overlap, the best appropriate method for
managing them shall be ascertained, given the situation at hand.

15. Risk Assessment
• Management of Risks;
• Risks are considered during the execution of various processes.
• Each process is defined in detail through a Process Flow. This document
includes the identification and mitigation plans for key risks associated with
the defined process. management reviews these risks and takes action to
minimize them.
• The methods for risk assessments vary, but should always include a means of
identifying the risk under examination, and a description of the result of the
risk assessment.
• Detailed methods may include FMEA (failure mode effects analysis), SWOT
(strength, weakness, opportunity and threat) or other tools. No single method
is used for all risk assessments; the tool selected should be the best tool
applicable to that particular risk analysis.

16. Objectives development
• Each process has at least one objective established for it; this is a
statement of the intent of the process. Each objective is then
supported by at least one “metric” or key performance indicator (KPI)
which is then measured to determine the process’ ability to meet the
quality objective.

17. Objectives development
• Some processes have multiple objectives and multiple metrics. This is
determined by the nature of the process, it’s impact on various types
of Calibration Services, and associated risks.
• Outcome of all identified risk(s), required to noted down.
• Based on priority develop your organization Quality Objectives, with
the same activities should follow as you did in past.

18. Key tips
• Tip 1 – Define your objectives. Why do you want to implement the
standard?
• Tip 2 – Ensure senior management is on board. It is crucial that everyone is
supportive of the initiative and its objectives. The publications Reaping the
benefits of ISO 9001 and ISO 9001: Debunking the myths may help with
this.
• Tip 3 – Identify your organization’s key processes for meeting your
objectives and customers’ needs. Within each of these processes, ensure
you understand your customers’ requirements and can guarantee that
these are met. This will form the basis of your quality management system.

19. Questions & Answers
Thank you