ISO 31000 risk management principles and guidelines are the preferred standard to use with ISO 9001:2015. ISO 31000 is ERM light. We advocate the use of ISO 31000 with ISO 9001:2015 for smaller organizations because it:
- Is a risk management framework. ISO 31000 has all the critical elements of a framework, including a focus on culture, risk philosophy, risk definitions, common risk approach, common risk processes, defined roles and responsibilities, importance of accountability, risk competencies, risk appetite, and risk tolerance of the organization.
- Follows a PDCA framework that can be applied to any ISO management system standard.
- Offers the option of a simple risk management or enhanced risk management program. Both are useful depending on the certified organization’s maturity and capability.
- Follows an enterprise wide approach to risk management considering the potential impact of risks on critical management systems, processes, stakeholders, product development, outcomes, products, and services.
- Addresses the upside (opportunity risk) as well as the downside (consequence risk).
- Is harmonized with other ERM standards.
- Follows the achievement of business objectives approach based upon the risk appetite of organization.
- Focuses on risk – controls as well as other risk treatment options and mitigations.
- Allows an organization to identify, prioritize, and control significant risks.
- Is a process that is based on by a set of unified principles.
- Is supported by a structure that is appropriate to the context of the organization, external environment, and internal environment.
- Is supported by risk taxonomy and risk vocabulary that is appropriate to the organization.
- Explains risk management and its application should be proportionate to the level of acceptable risk for the organization.
- Emphasizes the objective of risk management is to ensure stakeholder and customer satisfaction.
Bio:
Greg Hutchins PE and CERM (503.233.101 & GregH@QualityPlusEngineering.com) is the founder of:
CERMAcademy.com
800Compete.com
QualityPlusEngineering.com
WorkingIt.com
He is the evangelist behind Future of Quality: Risk®. He is currently working on the Future of Work and machine learning projects.
He is a frequent speaker and expert on Supply Chain Risk Management and cyber security. His current books available on all platform are shown below: