How do you start your ISO 9001:2015 risk management journey?

You can use ISO 31000 framework as your guide.  ISO 9001:2015 is a new ISO 9001 standard.  However, organizations have been initiating Enterprise Risk Management programs for almost 10 years, largely in the financial and IT areas of the organization.

The following are some lessons learned from organizations that have done it successfully implemented risk management.

Developing a common taxonomy, language, and syntax for risk management is one of the first critical items in the quality management.  The language should be based upon a  commonly accepted risk framework, such as ISO 31000 or COSO.  While there are other risk frameworks, these are the most commonly used.

If you are simply going to comply with the requirements of ISO 9001:2015, you can use ISO 31000 as your risk framework and taxonomy.  If you work for a global organization with complex processes and products or those that are heavily regulated then I would suggest looking at COSO as a strategic risk framework and then look at ISO 31000 as a tactical framework.

You may discover your organization is already using COSO as a result of Sarbanes-Oxley in the US.  Many countries have or are developing their governance statutes.  If you live outside of the US, then select a framework that works with your national regulations.

Lesson Learned:  Just do it!  There is no one method or approach that will ensure success.  We recommend just starting the RBT journey.

Bio:

Greg Hutchins PE and CERM (503.233.101 & GregH@QualityPlusEngineering.com)  is the founder of:

CERMAcademy.com
800Compete.com
QualityPlusEngineering.com
WorkingIt.com

He is the evangelist behind Future of Quality: Risk®.  He is currently working on the Future of Work and machine learning projects.

He is a frequent speaker and expert on Supply Chain Risk Management and cyber security.  His current books available on all platform are shown below: