ISO 9001 originated because quality practitioners recognized, as W. Edwards Deming pointed out long ago, that a bad system will beat a good worker any day of the week. ISO 9001:2000 then recognized the effect of processes rather than individual activities on organizational performance, and ISO 9001:2008 then stressed the need to address handoffs and interfaces between processes. All of these revisions required corrective action for nonconformances.
ISO 9001:2015 added a provision for "Actions to address risks and opportunities," which includes but goes beyond the existing requirement for preventive action. It is still necessary to recognize, however, that the standard does not explicitly address all conceivable risks and opportunities that might affect the organization's performance.
Risks may be internal and controllable by the organization. They may involve the supply chain and be only partly controllable, or they may be entirely external and therefore not controllable.
The Army's Risk Management process is a public domain resource for hazard identification and risk assessment (HIRA). It expands on traditional failure mode effects analysis by recognizing that risk = np and not just p, where p is the individual probability of failure while n is the number of times we are exposed to the risk. This in turn dictates the need for engineering controls or error proofing when the frequency of exposure is high, as it is when we perform a service millions of times (e.g. medications in hospitals) or produce millions of a critical part.
ISO 9001:2015's clause 6.1 for "Actions to address risks and opportunities" is a new feature that goes beyond previous requirements for corrective and preventive action (CAPA). This requirement relates specifically to the context of the organization, and needs and expectations of relevant interested parties.
Risks and opportunities can easily, however, come from sources outside these specific applications. It is quite possible, as shown by the effect of digital photography on the market for Kodak's excellent photographic film, to miss an opportunity or even be put out of business by something the standard does not address. If the standard does not cover the risks and opportunities in question, they are not subject to audit findings, and might therefore be effectively invisible to the standard. This presentation will show how to go beyond the requirements of ISO 9001:2015 to identify and address these issues.
1. Origins and rationale of ISO 9001
• Complex systems and processes make it impossible for any particular worker to control the quality of a job. This created the need for quality management systems.
2. ISO 9001:2015 clause 6.1, Actions to Address Risks and Opportunities and its relationship to Context of the Organization and Needs and Expectations of Interested Parties
3. Scope of risk: internal, supply chain, and external
4. What is risk?
• Application of General Carl von Clausewitz's friction to the workplace—a principle later described by Tom Peters.
5. Risk = np, not just p
• The FMEA occurrence rating focus on p (the chance that an individual part will suffer a failure).
• The Army's Risk Management Process recognizes that risk entails not just p but also n, the number of times we are exposed to the risk.
• The only way to reduce np to zero is to make the failure or mistake impossible.
6. Overview of hazard identification and risk assessment (HIRA)
7. Supply chain risks
• A supply chain failure will shut down a world class factory just as quickly as it will shut down a bad one.
8. Changing technology and new distribution channels as sources of risks and opportunties
9. Self-made risks; how the EpiPen controversy encouraged competitors to step in to "give the people what they want."
William A. Levinson, P.E., is the principal of Levinson Productivity Systems, P.C. He is an ASQ Fellow, Certified Quality Engineer, Quality Auditor, Quality Manager, Reliability Engineer and Six Sigma Black Belt. He is also the author of several books on quality, productivity and management, of which the most recent is The Expanded and Annotated My Life and Work: Henry Ford's Universal Code for World-Class Success.