ISO 9001-2015 Strategic Approach to Risk Based Thinking


Risk is not a straightforward concept. Definitions of risk vary, even within documents published by the International Organizations for Standardization (ISO).

One ISO definition indicates that risk is the “effect of uncertainty on an expected result.” Risk is now addressed by ISO 9001:2015, “Quality management systems—Requirements,” the international standard for quality management systems (QMS). In it, organizations are asked to “address risks and opportunities.”

In ISO 9000:2015, “Quality management systems – Fundamentals and vocabulary,” risk is defined as the “effect of uncertainty.” Notes in the definition further describe risk as a “deviation from the expected,” either positive or negative. The term “uncertainty” is clarified as a lack of information or knowledge about an event that can be expressed in terms of consequences the likelihood of occurrence. Lastly, ISO 9000 states that risk is related to potential events, and that it’s typically expressed as a result of the likelihood and consequence of such an event.

Process Risk and Planning Risk Ref. Clauses 4.1 and 6.1

When the requirements of ISO/FDIS 9001:2015 are studied, these are the relationships indicated as they relate to QMS processes and planning:

Product and Process Risks and Opportunities Ref. Clause 5.1.1

Risk as it relates to product and process conformance can be quite broad. The following are some areas where risk is usually addressed by organizations:

The objective of this course is to provide participants with an overview of the purpose and requirements of a risk management system (RMS) based on the principles of ISO 9001. A well-functioning quality management system, certified to ISO 9001, is a great start to building sustainable business performance. It can help you ensure on-time delivery, zero defects, and reduce waste, for example.

Program Objectives

On successful completion of this training learners will:

Have an understanding of the ISO 9000 series of standards and be aware of the development and application of the ISO 9000 family of standards.

  •  Have an understanding of ISO 9001:2015 and risk based thinking.
  • Be able to discuss and understand hazard identification and risk assessment (HIRA) as well as the types of risk assessments and the application thereof in the workplace.
  • Be able to discuss quality risk management and risk management methodology.
  • Understand and be able to discuss various risk analysis tools.


  1. Delivery of the conceptual framework together with a demonstration of how systems and its components tie up and form a complete whole.
  2. Once a concept is understood, practical application is applied.
  3. Once application is made clear, implementation can be executed at work place.
  4. Spoon-feeding.

Who Should Attend

  • Managers and individual contributors interested in learning how to implement a continual improvement process that integrates the Process Approach, Risk-Based thinking, and PDCA.

Program Topics

Part I – Why implement Risk Based Thinking?

  • What does ISO 9001:2015 require?
  • ISO 9001:2015 Risk & Opportunities.
  • The Main Objectives of International Standards.

Part 2 – What is Risk Based Thinking?

  • Understanding the Concept of Risk based Thinking.
  • Why Should the Organization adopt “Risk-Based Thinking”?

Part 3 – What is Risk?

  • Risk – A Simple Definition.
  • Definitions of Risk.
  • A Quantitative Approach to Risk Assessment.
  • Understanding the Acceptable Regions of Risk.
  • A Qualitative Approach to Risk Assessment.
  • The Importance of a Risk Register.

Part 4 – Integrating Risk Based Thinking with the Process Approach

  •  Purpose of the Process Approach.
  • Proposed Risk Model.
  • Addressing Risk.

Part 5 – Integrating Risk Based Thinking with the Process Approach and PDCA

  • The Plan-Do-Check-Act (PDCA) methodology.
  • Understanding the Relationship of Process + Risk + PDCA Model.
  • Identifying the Relevant Inputs to Management Review.
Open chat