ISO9001:2015 – A practical guide for risk assessment

3 Replies

QHSE
ISO9001 risk assessment guide

Over the past months we have seen the introduction of the new ISO9001:2015 standard. To comply with this new standard we applied a strategy to introduce risk based thinking throughout the organisation with one of our customers.

The customer used the migration to this new standard as an opportunity to increase the employee engagement. This blog post describes the steps that were taken to get the employees involved in the risk assessment.

Step 1 — Explanation

Before we started actually identifying risks we explained to all employees what the new standard entails and how it may impact the way they work. The presentation covered all the changes to the norm but had a focus on risk based thinking. We elaborated on the description of what risks are and how they can affect the business negatively and/or positively. At the end of the presentation the employees were given the opportunity to ask questions.

We experienced this step as very important with the employees. These people are not into the ISO9001 content so some explanation really helped. Especially the opportunity to ask questions was important to get everyone on the same page.

Step 2 — Department based risk assessment

Every department of the organisation incorporates very specific risks. The employees of the different departments are the ones that have all the knowledge when it comes to these risks. To leverage this knowledge, we performed the risk assessments together with the employees of the different departments. It was like a brainstorm session where the input of all team members of the specific department was gathered. Doing the exercise with every department gave an enormous amount of data to structure the risk assessment.

Step 3 — Aggregation

All the outcomes of every session were combined in one big register to give an overview of the risks, their impacts and the actions taken by the company. Next, the actions that needed to be taken were handed out to the employees of the different departments. This is done to make every single employee responsible for a part of the risk mitigation strategy. The QHSE manager now only has to check if the employees are performing the actions instead of performing the complete risk assessment while employee engagement increased, because they are held directly responsible for a part of the risk management.

We applied this strategy to a relatively small company but it can be applied to bigger organisation as well. The process can exactly the same but only with middle and lower level management instead of every employee. Do remember that it is imperative to include management in the risk assessment.

The register used for this exercise can be provided to you within your Qooling account. If you would like to make use of this template please let us know.

3 comments

Leave a Reply

Your email address will not be published. Required fields are marked *