Management system guidance
ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.
Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.
6.1 Actions to Address Risks and Opportunities
The risks and opportunities should be relevant to the context of your organization (Clause 4.1), as well as, any interested parties (Clause 4.2). You should ensure that your organization has applied this risk identification methodology consistently and effectively.
What process has been developed to identify risks and opportunities? In the absence of documented processes or procedures, you may need to use observations and interviews (and a review of the process output, which may contain documented evidence) to assess the processes that determine whether or not undocumented processes are being carried out as planned.
External and internal issues, and relevant needs and expectations of relevant interested parties may be sources of risks. Objective evidence may be in the form of a dedicated risk matrix, risks added to other forms such as an aspect register, corrective action log and forms, etc.
All of the processes that comprise a management system do not represent the same level of risk in terms of your organization’s ability to meet its objectives. Due to this reason, the consequences of failures or non-conformities in relation to processes, systems, products and/or services will not be the same for all organizations.
You should seek and record evidence that your organization has taken a planned approach to addressing risks and accomplishing opportunities to the benefit of the quality management sytem and the organization.
Check that any actions taken to address the risks and opportunities are recorded, and ensure that the effectiveness of each action was effective at addressing the issue, and that the action taken was proportionate to the risk or opportunity. Objective evidence could be in the following various forms:
- Meeting minutes;
- SWOT analysis;
- Reports on customer feedback;
- Competitor analysis;
- Quality manual;
- Brain-storming activities;
- Planning, analysis and evaluation activities;
- Strategic planning documents;
- Design and development reviews;
- Marketing and sales data;
- Production inspections and service reviews;
- Corrective actions;
- Non-conformance reports;
- Management review minutes;
- Risk determination or evaluation records.
More information on PDCA
Free internal audit checklists
Check out our free internal audit checklists. The audit checklist template is just one of the many tools which are available from the auditor’s toolbox that help ensure your audits address the necessary requirements.
Over 8,000 companies and globally recognized brands have relied on our templates to provide a path to improve, collaborate, and to enhance their operations to achieve certification, please see our client list for more information.