Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits

September 2015 will see the release of the ISO 9001:2015 standard, with some fundamental changes in how companies are expected to operate to remain compliant. One of the fundamental and potentially most meaningful changes comes in the change from the current preventive action process being replaced by “risk-based thinking.” In most organizations I have worked for or with, preventive actions have tended to be a “box-ticking exercise” borne out of the need to satisfy an ISO 9001 requirement, as opposed to a real driver for change and continual improvement. Preventive actions have tended to be carried out at a lower level in organizations in the past, perhaps by a quality team member, and usually have failed to capture the issues that really affect organizations at a top level and allow continual improvement to occur. So, what will this change mean to your organization?

Risk-based thinking: The real difference from preventive action

In previous articles we have examined various types of risk analysis (see Methodology for Risk Analysis), but the ISO 9001:2015 standard requires us to take a “risk-based approach to quality management.” This involves taking a greater strategic view of risk within your business, and also ties in with the changes in leadership requirements, which you can read more about in this article: How to comply with new leadership requirements in ISO 9001:2015. So, given that your top management team should now be involved in the process of identifying, recording, removing, and mitigating risk, then you can see that from the start, using a risk-based thinking process should far surpass preventive action in terms of effectiveness. Ensuring that your management team has a forum for identifying risk at the regular management meetings can be a vital step toward this. Equally important is ensuring that all employees at a lower level have a channel where they can feed their opinions upwards for consideration by the management team. When these two processes are in place, you will have a “risk-based thinking” process that is presided over by the top management team, which holds all the key strategic knowledge about threats to the business, and is supported by information from all levels – some of which may have previously remained unknown to them. So, in effect, in place of a one-dimensional preventive action process, which usually was carried out at a lower level and remained there, you now have a risk-based thinking process presided over by the team who has all information available to them from the pinnacle of the company, filtering all the way down. With the decisions made from this process, and the ensuing actions, it is not difficult to see that the documented actions and objectives will be more effective on a company-wide basis than the preventive action process was. So, what does your organization have to do to get up to speed with this change?

Risk-based thinking: When do we start?

There will be a transition period of up to three years for implementation of the new standard, but some of the changes are so beneficial that the sooner you start, the better. Encouraging your top management team to embrace the changes in leadership requirements and coupling this with a new risk-based thinking process makes perfect sense. The sooner you can facilitate both, and encourage the synergy between the two, the more in tune your organization will be to the threats and risks you will have to navigate in the coming months and years. And, as we all know, where there are risks there are almost always opportunities, so identification of these are another positive spinoff of adopting this overall approach as soon as possible. Removal and mitigation of risk almost always ensures company growth, which can only be good news for your organization. ISO 9001:2015 is a standard that goes far beyond company quality standards, and its outputs ensure that your organization can be protected and improved, and new opportunities identified, as stated above. Given that these changes are so beneficial, can your organization afford not to implement them immediately?

For more information on changes brought about by ISO 9001:2015, check this free ISO 9001:2015 vs. ISO 9001:2008 matrix.

Advisera John Nolan
John Nolan
John Nolan is a Fellow of the Institute of Leaders and Managers in the United Kingdom, and Prince 2 accredited with a background in Engineering and Electronics and Data Storage and Transfer. Having studied and qualified as both a Mechanical and Electronic Engineer, he has spent the last 15 years designing and delivering Quality Systems and projects across many sectors in the UK, including both national and local government.