In the new revision of ISO 9001:2015, AS9100 D and AS9120 B, significant changes have been made to risk-based thinking. The concept of risk has always been implicit in the previous standards; however, new additions have made it more precise and builds it into all aspects of the Quality Management System.
Risk-based thinking ensures that risk is considered throughout all organization’s processes. Now, risk-based thinking makes prevention a part of strategic and operational planning.
Typically, risks are identified and prioritized taking in to consideration external and internal issues within the context of the organization. Externally, this can involve several factors such as legal, financial, regulatory, social and cultural. Internal factors can involve the structure of the organization including financial resources, investment opportunities, equipment, facilities and human resources.
Once areas are identified, a risk assessment can be performed along with appropriate actions to address these risks and mitigate them to an acceptable level.
