The new edition of ISO 9001 under development will include the concept of risk in the form of definition, guidance and requirements. Previous editions included a clause on preventive action which aimed to prevent the occurrence of nonconformities and to some extent this was risk mitigation by another name.
Risk has therefore always been addressed in ISO 9001. In addition if we look at ISO 9001 through a ‘risk tinted’ lens we would see all requirements in ISO 9001 as risk treatments, therefore risk and ISO 9001 is not a new combination. However, the way in which the term risk is defined, used and explained in the current draft creates some uncertainty as to what the term means and this has implications for users. In Part I, I look at the differences in meaning between the word ‘risk’ as commonly understood and the word ‘risk’ as defined in ISO 9001. Continue reading