The words “risk” or “risks” have been sprinkled throughout the 2015 revision of the ISO 9000 standard.  Although some “requirements” will be easy to satisfy using well-established process monitoring or capability techniques other references to risk are so vaguely stated as to be open to a myriad of interpretations and thus become meaningless.  Having read and re-read the current references to risk spread over several paragraphs I wonder if it would not have been better to address risk in one paragraph at the beginning of the standard.  I have “cut and paste” most of the current references to risk and included brief comments. Continue reading →