Archive for September 17th, 2009
ISO 9001 And Risk Management
Under the ISO 9001:2008 standard risk management falls under strategic, operational, and legal/regulatory categories. Management performs risk assessment activities as part of the ordinary course of business in each of these categories. Examples include: strategic planning, and marketing planning.
Risk management is basically very simple with the level of complexity prescribed by the nature of the situation that it applies to – usually a process, and the parties involved. In its basically speaking risk management involves:
1. Identifying risk – Looking for anything that threatens the successful operation of the process against the original requirement. Risks can be environmental, organizational, technical, legal, economic or commercial.
2. Neutralizing risk – Taking action to remove or reduce the probability of a risk being brought to fruition. The response depends on the nature or seriousness of the risk.
3. Acting when the risk incident occurs – Putting in place whatever contingency measures were planned for the risk that has occurred.
Risk management can be greatly simplified by using such tools as quality management software, and ISO 9001 templates that are designed to classify and indentify significant risks so that strategic plans can be put in place to neutralize them.