How risk-based thinking aligns with ISO standards

Risk-based thinking refers to a set of activities and methods that a business would use to manage and control the risk factors that could prevent them from achieving the objectives.

Previously referred to as a preventive action, newer versions of ISOs, in particular, ISOs 9001:2015 and 14001:2015, both require businesses to apply risk-based thinking across planning, operations and performance evaluation.

But how does risk-based thinking link with ISO? How is it different from previous models of thinking and risk-reducing actions?


What is risk-based thinking?

In terms of ISO9001:2015, risk-based thinking replaces preventive action and whereas once preventive thinking was a separate clause, risk-based thinking is now incorporated throughout.

In other words, you need to evaluate risk when establishing processes, controls and improvements in quality management systems.

But it is recognised that risks are not always negative. You can use this risk-based thinking strategy to pinpoint opportunities, the flipside of risk. Just as negativity can swamp your business, so too can unparalleled and unplanned success. Finding a product all of a sudden takes off can leave your struggling to meet demand whilst maintaining quality.

Risk-based thinking appears in the newer versions of ISOs across key areas such as;

  • Organisational context – risk-based thinking requires a business to identify risks that may impact on quality objectives. What would be the risk of producing non-conforming products, for example?
  • Leadership – business management must commit to addressing both the risk and opportunities to qualities
  • Planning – it makes sense that once risk and opportunities have been identified, that there is a plan to exploit and minimise them in turn.

Performance evaluation, improvement and operation are also subjects to which risk-based thinking needs to be applied.

So, it’s risk management then?

Risk management is not a new concept in business – understand what your risks are and how to minimise and deal with them is nothing new – and it would be easy to assume that risk-based thinking is a watered down version of the same thing.

Under ISO 9001:2015 there is no requirement for a formal risk assessment nor is there a need to maintain a Risk register.

Rather than it being a tangible process, it is a mode of thinking or attitude that runs through every decision-making process, without necessarily formalising it.

It allows a company to maintain both its flexibility and adaptability in an increasingly competitive marketplace.

Risks can change from day to day or they can be a long time coming but the process of thinking in this way, this constant state of vigilance if you like, improves how responsive and adaptive a company could be, an important factor when standards need to be maintained.

Building in risk-mitigating technology

Many companies are choosing to use tech to bring about a more recognisable risk-thinking approach to business and quality.

A centralised risk register, although there is no requirement, has proved an excellent tool, as have flexible risk tools such as a decision tree alongside risk-based effectiveness checks.

Automation also reduces risk, ensuring nothing falls through the cracks. Is your business ready to take the risk-based thinking test?

How can we help you?

If you’re in need of assistance with any aspect of ISO or GDPR compliance, here at Synergos we’d be delighted to help. Whether you have questions about the path to compliance or are looking for advice and support to maintain compliance, call 01484 817 444 or Email and we’ll be happy to talk it over with you.


Share This Post:

Jenny Kilburn
Jenny Kilburn
Completed my Masters in Business Administration (MBA) in 2012 I was looking to start my own business. With over 10 years improving and streamlining business systems, I grasped an opportunity to assist a local business to improve their quality and communication processes by researching the requirements of a quality management system based upon ISO 9001 and conducted my first internal audit that resulted in 97 improvement recommendations. After a successful outcome, I was recommended again and again with glowing reviews and in February 2014, Synergos Consultancy was born. I now have the role of regularly reviewing and planning the strategic direction of the business to ensure that Synergos continues to develop, whilst at the same time, still actively working closely with some of our clients. In my spare time I love to attend the theatre to watch musicals, dance productions and plays. In 2019, I attended the theatre a whopping 24 times. I follow a plant-based diet which I absolutely love. A keen tick-tock follower, I have picked up a lot of interesting recipes. A firm favourite is Brussel sprouts and sriracha sauce baked in the oven. Delicious!
What our clients say:
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue