Where is Risk Addressed in ISO 9001:2015?

The number #1 topic of discussion in regards to the future ISO 9001:2015 Standard to be published late this year is the concept of risk‐based thinking.  Let’s look at the content of the ISO/TC176/SC2 document of how risk is explained in the introduction of ISO 9001:2015 standard.  


ISO 9001:2015 defines risk as the effect of uncertainty on an expected result.

  1. An effect is a deviation from the expected – positive or negative.
  2. Risk is about what could happen and what the effect of this happening might be
  3. Risk also considers how likely it is to take place

The target of a management system is achieve conformity and customer satisfaction.  ISO 9001:2015 uses riskbased thinking to achieve this in the following way:

Clause 4 (Context) the organization is required to determine the risks which may affect this.

Clause 5 (Leadership) top management are required to commit to ensuring Clause 4 is followed.

Clause 6 (Planning) the organization is required to take action to identify risks and opportunities.

Clause 8 (Operation) the organization is required to implement processes to address risks and opportunities.

Clause 9 (Performance evaluation) the organization is required to monitor, measure, analyze and evaluate the risks and opportunities.

Clause 10 (Improvement) the organization is required to improve by responding to changes in risk.

Why use riskbased thinking?

By considering risk throughout the organization the likelihood of achieving stated objectives is improved, output is more consistent and customers can be confident that they will receive the expected product or service.  Risk‐based thinking therefore:

  • builds a strong knowledge base
  • establishes a proactive culture of improvement
  • assures consistency of quality of goods or services
  • improves customer confidence and satisfaction

Members of the ISO/TC176 agree that Risk has always been in the ISO 9001 Standard, such as preventive action. “The changes relating to risk, creates requirements for that which was always implicit in ISO 9001.”  Do you agree, or disagree with this conclusion?  Let us know.   


Leave a Reply