Breda Kearney

Consultant Lead

Risk Based Thinking & ISO 9001:2015

August 20, 2018

Preventive Action is a well-known term in relation to quality management systems, which requires organizations to act to prevent quality failures from recurring. The problem with this approach is that the organization is continually reacting to quality failures which have already occurred (i.e. fire-fighting), leading to increased costs, time delays and customer dissatisfaction. ISO 9001:2015 addresses this issue by replacing “Preventive Action” with Risk-Based Thinking (RBT). The introduction of RBT forces organizations to become more proactive in preventing or reducing undesired effects through early identification and action. Application of RBT must be driven and lead by Top Management and needs to encompass the whole organization by taking into consideration strategic/business level risks, process level risks, product/service risks and risks to customer satisfaction.

Risk Based Thinking involves the following steps:

  1. Risk Identification – What could potentially go wrong?
  2. Risk Likelihood – What is the probability that the event could occur?
  3. Risk Severity – What is the impact on the business/ customer satisfaction/process performance/ product or service conformity if the event occurred?
  4. Risk Detection – What is our ability to detect the event?
  5. Determine risk rating – High, Medium, Low level risk
  6. Take appropriate actions to address the risk – Accept and monitor, Accept to pursue an opportunity, Mitigate, Share, Transfer
  7. Evaluate effectiveness of actions taken

Failure Mode Effect Analysis (FMEA) is a useful risk methodology tool which can be used by organizations to assess and monitor their risks.

Risk Based Thinking: What does ISO 9001:2015 Require?

  • Top Management promote use of risk-based thinking
  • Address risks and opportunities related to:
    • Context of the Organization
    • QMS processes
    • Product/service conformity
    • Enhancing customer satisfaction
  • Evaluate effectiveness of actions taken

Risk Based Thinking Model


If you are interested in learning more about Risk Based Thinking (RBT) & ISO 9001:2015, Kelmac Group offer a range of ISO 9001:2015 Training Courses – check them out and if you have any questions about any of our courses, get in touch, one of our representatives would be delighted to assist you!


Ready to stand out from the crowd?