First question comes in our mind, how to use risk-based thinking in the QMS. Simple, we need to identify, understand and then address risks. ISO 9001:2015 QMS standard does not provide any specific procedure or method to determine risks and opportunities. It is for the organization to apply any procedure or method to determine risks and opportunities. Risk analysis is the important step of identify potential problems. One commonly used method of risk identification and risk analysis is known as 'Failure Modes and Effect Analysis' (FMEA) that is done during the design of a product or process. The purpose of FMEA is to identify all potential problems that could arise in the product or process, identify how critical is the risk and decide what to do about it. FMEA is a structured approach to discovering potential failures that may exist within the design of a product or process. Failure modes are the ways in which a process can fail. Effects are the ways that these failures can lead to waste, defects or harmful outcomes.
FMEA process includes four steps -
(i) Identify your risks - It can be done in a brainstorming from different areas of your organization. List all potential problems that could arise. Considering external and internal issues and interested parties (as determined as per clause 4.1 and 4.2 of the standard) will be helpful in identifying the risks.
(ii) Determine how critical each risk is - You should assess the risk against probability of occurrence, severity of occurrence and chance of detection of occurrence. Brainstorm each risk that you identify. What is the probability of risk occurring? What is its impact?
(iii) Rank the risk - You should decide the rank of the risk, whether the risk is acceptable or unacceptable. What is your priority with regard to the risk?
(iv) Determine actions - After understanding the risk, determine your actions, what should be done. What you plan? Plan actions to address the risks. Mention mitigation steps to eliminate or reduce the risks.
FMEA process is simple. It is easy to use. FMEA process gives results that are easy to determine acceptability, and thus provides a framework to assign resources to risk reduction that is easily supported. You should clearly understand that FMEA is a way of dealing risk analysis, and it is in no way mandated by ISO 9001:2015 QMS standard that you must use it. Any method you find useful, relevant and efficient can be used.
After FMEA process, you need to address the risk:
(i) Implement the plan - Take action
(ii) Check the effectiveness of the action
(iii) Improve your action on the basis of check results
Thanks,
Keshav Ram Singhal
Organizations may contact for conducting in-house training program on (i) 'ISO 9001:2015 QMS Awareness', and (ii) 'Applying risk-based thinking'.