In his bestselling book ‘Life Lessons from Space’ Canadian astronaut Chris Hadfield describes the exhaustive preparation that goes into each mission. This preparation doesn’t just take place in the sim, in the pool, or in the lab, but round a table too. At such meetings, NASA colleagues will often scribble on little bits of card that are variously chucked into the centre of the table and read aloud. On each card is a risk; a problem; a bit of trouble that might potentially impact on the quality of the mission – or implode it.
The team (which includes Hadfield’s wife, some lady) explores exactly where these risks might lead – in fine and often gruesome detail. They use the phrase ‘let’s pull on that’ to demonstrate, witness and enact how a tug on one loose thread might just unravel the whole space mission.
That interrogative mindset is central to ISO 9001:2015. The willingness to ‘pull on that’ – as well as the fact that it’s everybody’s problem – underpin the concept of risk-based thinking as a key to quality. While the word ‘risk’ appeared three times in the 2008 standard, it appears a hefty 48 times in the update. It appears that, while your life may not be at stake if you get blind-sided by an unheeded risk, your business quality will be.
No longer is business risk the sole concern of the guy with the clipboard who carries out assessments on the first Friday of the month. Risk is everyone’s concern – from the CEO to the kid on work experience. And business leaders have a new commitment to promote risk-based thinking from the top down – making it part of the company’s ethos on quality.
Preventive measures have disappeared from the standard, replaced by managing risks and opportunities with risk-based thinking. So, what’s new here? Well, there’s an acknowledgement that with risk comes opportunity, and that businesses can also identify and prepare for such positive risk-based challenges, as well as the nastier ones.
Though the standard doesn’t prescribe how you go about it, risk management is greatly emphasised as a key to quality in ISO 9001:2015. And that means risk assessment has become ever more important. Worth remembering, though, that such assessment does not resolve risk – it’s a catalyst for getting to that point.
Most of us will know that risk assessment is a three-fold process. First, you’ll identify risks to the business, then evaluate their likelihood and severity and, lastly, create a considered response that minimises, negates, or accepts the risk. Risk might be inherent in a company’s processes, assets, operations, or even its business context – it’s not just health & safety we’re talking. When properly executed and documented, such risk assessments will drive change and support improvement. They will not only ensure compliance, but they’ll protect staff and, like the standard suggests, enhance your business quality.
Did you know isCompliant can help you manage risk and enhance your business quality? It can also help you transition from ISO 9001: 2008 to ISO 9001: 2015. Find out more.
Sources:
https://www.qualitydigest.com/inside/risk-management-column/030216-what-risk-based-thinking.html
https://hbr.org/2012/06/managing-risks-a-new-framework
http://rube.asq.org/audit/2015/01/a-risk-based-thinking-model-for-iso-9001-2015.pdf
Get your free isCompliant trial here: https://www.iscompliant.com/free-trial
Tags: business risk, ISO 9001, iso 9001:2015, Quality, risk, risk management, transition