Featured Product
This Week in Quality Digest Live
Standards Features
Mark Esser
Much of its early work is baked into the U.S. economy, but NIST continues advancing measurement science
Joseph Near
New blog series from NIST seeks to fill gaps in its Privacy Framework
Clare Naden
Views from the experts on occupational health and safety in a pandemic
Elizabeth Benham
Equity in the marketplace takes the effort of many people and institutions

More Features

Standards News
ISO 37301 provides everything needed to develop, implement, maintain, and improve an effective compliance management system
Two new standards join the ISO series
Design, develop, implement, continually improve risk management in systems and software engineering
ISO/IEC/IEEE 16085 has just been updated
Patient safety is a key focus in update of ISO 14155, the industry reference for good practice in clinical trials.
Is the standard adequate, or should it be improved? Deadline: Dec. 31, 2020
Good quality is adding an average of 11 percent to organizations’ revenue growth
Awards to be presented March 24, 2020, at the Quest for Excellence Conference, in National Harbor, MD

More News

Mark Schmit


Things Could Get Risky

The ISO 9001:2015 revision is coming

Published: Monday, May 19, 2014 - 13:10

ISO 9001 has been the quality management standard, with almost a million businesses certified around the world. It has been through many revisions, in 1994, 2000, and 2008, but the 2015 revision has an added element to consider—risk.

ISO international standards help to ensure that products and services are safe, reliable, and of good quality. ISO standards identify strategic tools to reduce costs, minimize waste and errors, and increase productivity. The adoption of ISO standards can also level the playing field a bit for developing countries by facilitating free and fair global trade, which opens opportunities in new markets.

“This revision deserves particular attention, because it’s not only a change to the requirements themselves, it’s a change to the structure of the standard, with a new focus on risk management,” says Terry Weiner, senior consultant, California Manufacturing Technology Consulting, a Manufacturing Extension Partnership (MEP) affiliate.

Companies in the know will need to reexamine the structure of their current systems and documentation to ensure it fits the new “high level format” or HLF that is now under consideration by the ISO technical committee.

Even AS9100, which already has a requirement for risk identification, assessment, and mitigation, will be affected. Risk management, as part of AS9100, currently focuses on product-based risk. The risk management proposed in the ISO 9001:2015 standard encompasses supply chain risks from the suppliers all the way to the customer and includes consideration of both risks and opportunities.

“In the aerospace world, AS9100 is the de facto standard and anyone who qualifies is assumed to be in compliance to the ISO standard,” says Bob Uptagrafft, aerospace specialist from Impact Washington. “We assist about 25 to 30 companies a year [to] prep for initial registration or audits to AS9100. And the risk component is of particular concern for this industry, which is so heavily regulated.”

The Manufacturing Extension Partnership (MEP) has developed a risk management program as part of their supply chain optimization program, which helps companies incorporate risk management components, strategically and effectively throughout their supply chain. The program developed as a result of a voice of the customer study.

Embedded in all of this change is a movement to incorporate risk management into all of the standards, as witnessed in an excerpt from the current draft of the 2015 revision. The following is excerpted from an ISO technical committee draft document dated June 3, 2013, ISO/TC 176/SC 2/N 1147.

6. Planning
6.1 Actions to address risks and opportunities When planning for the quality management system, the organization shall…determine the risks and opportunities that need to be addressed to a) assure the quality management system can achieve its intended outcome(s), b) assure that the organization can consistently achieve conformity of goods and services and customer satisfaction, c) prevent, or reduce, undesired effects, and d) achieve continual improvement. The organization shall plan: a) actions to address these risks and opportunities, and b) how to 1) integrate and implement the actions into its quality management system processes and 2) evaluate the effectiveness of these actions. Any actions taken to address risks and opportunities shall be proportionate to the potential effects on conformity of goods and services and customer satisfaction.

A Risk Management Program has four key elements that are tied together in a top level Risk Management Plan.
• Risk Identification
• Risk Assessment
• Risk Action Management
• Risk Reporting and Monitoring

MEP assisted more than 800 companies in 2013 with industry-specific certifications (like AS9100)and general quality certifications. MEP has created tools that simplify the development of four stages of a risk management plan as part of its supply chain optimization program. Templates are provided for planning, for reactions that trigger events, and for risk management meeting minutes.

The goal for participants is to learn a structured process for identifying and mitigating risks and acquiring knowledge of how to:
• Create a risk management plan to document mitigation strategies
• Describe trigger events
• Establish monitoring metrics and assign monitoring activities
• Determine the financial impact of risk through a tool called Value at Risk (VaR)
• Implement a risk management program that complies with ISO 9001:2015

MEP affiliates across the country can help manufacturers incorporate a risk management plan into their existing processes; building healthier value chains better able to respond to risk events. Click here for more information.


About The Author

Mark Schmit’s picture

Mark Schmit

Mark Schmit has served multiple roles while with the National Institute of Standards & Technology (NIST) Manufacturing Extension Partnership (MEP). Schmit is currently MEP’s National Accounts Manager. In this role he is responsible for developing partnerships with both the public and private sector entities. He identifies new business opportunities that leverage state & federal funding with the goal to improve the competitiveness of US- based manufacturers. His major area of focus supply chain optimization.


Risk is an integral part of planning

Generally people make planning as what needs to be done and when and how. But, in practicality, the risk components which will create bottlenecks in the execution process are to be taken into consideration. This will facilitate an effective system. Understand the risk, impact on the process (including quality management) and the final product, and make countermeasures to eliminate or overcome risks.

It may not be possible to create an ideal situation in any process, but continuous improvement depending upon the risks creep into, or emerge into a process could be thought of and needed course correction will make the process optimised.

Plan for the unexpected. Expect potential unexpected ones. Equip the process.

Nice ad, poor fact-checking

Far be it from me to interrupt a perfectly good advertisement for the MEP, but a few facts are deserving here, for clarification.

ISO 9001:2015 will not "focus on risk management" since it specifically differentiates between the notion of "risk-based thinking" (which it is based on) and "risk management." In fact, the standard in its current form specifically says "formal risk management" is NOT required

Second, AS9100 does not merely "focus on product-related risk," but includes risk management requirements for business development / contract consideration and vendor evaluation. It is a far more holistic risk-based standard than even the new 9001 draft.

Third, there is no guarantee that the IAQG will adopt the High Level Structure of ISO 9001:2015 for the future revision of AS9100, as they have considered specifically NOT doing so, and the Annex SL document does allow for deviations. 

One would hope that the MEP with their "more than 800" clients, would know these basic facts. 

Since we're allowing links and shameless plugs, readers are invited to get a bit more accurate information from www.oxebridge.com, which includes reporting on ISO 9001 developments not seen anywhere else.