What Exactly is Risk-Based Thinking?

Risk-based thinking is a central theme which is newly introduced in ISO 9001:2015. The authors of this standard intended to replace the old 'Preventive Action' clause from ISO 9001:2008 with this simpler and more practical feature. Their intent was not to include the entire gamut of Risk Management such as can be found in the ISO 31000 Risk Management Standard, but something that may be viewed as "Risk-Management-Light".

Liquid Web Storm VPS

Risk-based thinking means that you should be proactively engaged in thinking about the uncertainties that your organization faces, what effects these uncertainties may have on your organization and how they may affect your objectives.

Where Does ISO 31000 fit into the picture?

While not required, this standard provides principles, a framework and a detailed process for managing risk. Many of these components can prove useful to an organization beginning to use risk-based thinking. There is a second commonality between the two standards called 'establishing the context'. While it is only mentioned casually in ISO 9001, it is explained in greater detail in ISO 31000.

To Learn More about the ISO 31000 Risk Management Standard, visit ERM 31000 Training. and see a short video recorded by ASQ at the ISO TC 176 TAG meeting in Washington, DC, August 8, 2014. This video is featured on the ASQ Standards Channel (along with video comments by many ISO 9001 experts) which are accessible to ASQ members.

Join the Risk-Based Thinking LinkedIn Discussion Group

This group is dedicated to discussions regarding the inclusion of risk-based thinking in the new ISO 9001:2015 revision. It is hoped that this group becomes a repository of advanced discussions exclusively relating to the risk component of the ISO 9001 Quality Management System Standard.

There will be millions of quality professionals who will interest themselves in risk-based thinking, in order to keep the quality systems they work with in alignment with this new requirement. The moderators of this group posit that the ISO 31000 risk management standard, while not being a requirement for ISO 9001 certification, will be the quality profesional's best friend for learning, understanding and implementing risk-based thinking.

Although there are a number of popular LinkedIn groups on ISO 9001 and quality management systems, this group focuses on the intersection of ISO 9001, the quality management standard and ISO 31000, the risk management standard.