What Exactly is Risk-Based Thinking?

Risk-based thinking is a central theme which is newly introduced in ISO 9001:2015. The authors of this standard intended to replace the old 'Preventive Action' clause from ISO 9001:2008 with this simpler and more practical feature. Their intent was not to include the entire gamut of Risk Management such as can be found in the ISO 31000 Risk Management Standard, but something that may be viewed as "Risk-Management-Light".

Risk-based thinking means that you should be proactively engaged in thinking about the uncertainties that your organization faces, what effects these uncertainties may have on your organization and how they may affect your objectives.

Where Does ISO 31000 fit into the picture?

While not required, this standard provides principles, a framework and a detailed process for managing risk. Many of these components can prove useful to an organization beginning to use risk-based thinking. There is a second commonality between the two standards called 'establishing the context'. While it is only mentioned casually in ISO 9001, it is explained in greater detail in ISO 31000.

To Learn More about the ISO 31000 Risk Management Standard, visit ERM 31000 Training. and see a short video recorded by ASQ at the ISO TC 176 TAG meeting in Washington, DC, August 8, 2014. This video is featured on the ASQ Standards Channel (along with video comments by many ISO 9001 experts) which are accessible to ASQ members.

Nine-hour ISO 31000 Training Course

Avrohom Gluck is the primary trainer at his ERM 31000 Training and Consulting firm based in New York State. He teaches ISO 31000 Risk Management theory and practice to businesses in multiple sectors across the United States. For a list of satisfied trainees, click here. In addition to his on-prem training, his best-selling, nine-hour Udemy course can be found here. Want the best available price? Use this coupon! (Coupon expires soon!)

Join my Risk-Based Thinking LinkedIn Discussion Group

Consider joining the Risk-Based Thinking LinkedIn Discussion Group. This group was initiated to foster discussions after the inclusion of risk-based thinking in the new ISO 9001:2015 revision. Since then, many contributors have added posts regarding a broad cross-section of industry risks. I hope that this group becomes a repository of advanced discussions relating to the risk component of the ISO 9001 Quality Management System Standard, the ISO 31000 Risk Management Standard and many aspects of privacy related risks such as GDPR, CCPA and other U.S. state mandates.

There will be millions of quality professionals who will interest themselves in risk-based thinking, in order to keep the quality systems they work with in alignment with this new requirement. The moderators of this group posit that the ISO 31000 risk management standard, while not being a requirement for ISO 9001 certification, will be the quality profesional's best friend for learning, understanding and implementing risk-based thinking.

Although there are a number of popular LinkedIn groups on ISO 9001 and quality management systems, this group focuses on the intersection of ISO 9001, the quality management standard and ISO 31000, the risk management standard.