What to think for Risk-Based-Thinking (RBT) in ISO 9001:2015?

Risk Based CAPA
The ISO standards are reviewed every five years and accordingly revised if needed.

This is mainly to keep pace with changing business environment and to provide effective tools to tackle new industry challenges. It also clearly reflects in Mission & Vision statement of ISO Subcommittee for Quality Systems (ISO/TC 176/SC 2)

The latest version of ISO 9001:2015 edition has replaced the 2008 version which has High Level Structure (HLS) with identical subclause titles, identical text, common terms and core definitions.

In this restructured international standard; a key focus is given on the risk-based-thinking (RBT).

TC 176 has ingeniously rebranded the Preventive Action as risk-based thinking (RBT) by allowing not to specifically include any actual requirements such as records, procedures, processes or evidences rather it mainly focuses on “Thinking” approach.

Now, ISO 9001 being intended for Third Party Assessment; it becomes very challenging for the organizations to prove their “thought-process” to external auditors for a considerate effort towards “risk”.

So, what to really think for Risk-Based-Thinking in ISO 9001:2015?

Even the ISO also approves of the fact that “Risk-based thinking is something we all do automatically in everyday life.” However, during the organizational risk planning, a viable approach towards this can be applied in terms of the “contextual” conditions of the organization.

Although Clause 6.1 in the revised standard does not mandatorily requires any documented information on actions to address risks and opportunities, it does described in new guidance for documented information which is needed to be “maintained” and “retained”. Hence, it can be taken into consideration and accordingly be produced during the certification audit for demonstrating risk-based -thinking at the organizational level.

For example, the records of management review (9.3.3), Audit Program (9.2.2), organizational knowledge (7.1.6), calibration ( and the competence (7.2) constitute amongst the key elements of controlling risk; hence they are mandatorily required to retain the documented information.

Another risk-based approach in terms of Quality Management System can be taken with a “31:31:31” Approach!

So, what is this “31:31:31” approach? Well, it’s not a universally recognised terminology, but we just try to point out an easy-to-remember term for establishing the compatibility to QMS by implementing ISO 31000 as a formal approach towards Risk Management and its supporting Standard IEC/ISO 31010 under which 31 Risk assessment techniques are provided.

Although, some may criticise the 31 tools being statistically oriented and ISO 31000 being viable mostly for large organizations (under a given context) the benefits of the approach cannot be overlooked as it applies to many company situations.

On the introduction page itself it narrates that the provided principles and guidelines in ISO 31000 is “for managing any form of risk in a systematic, transparent and credible manner and within any scope and context” hence giving it a try can be worthwhile to think about risk-based-thinking and have holistic risk management perspective.

Discover more about Qualityze EQMS solutions.

To Request a demo:

Phone: +1-877-207-8616

e-mail: info@qualityze.com

CAPA by filtering – It’s not everything that requires a CAPA!

EQMS Software for Medical Devices

Oftentimes in business it is felt that in the quest of excellence organizations tend to capture all adverse effects (events) to initiate Corrective Actions by overlooking the question of its criticality.

Surprisingly it happens in both type of organizations – one where QMS is comparatively immature and the other where organizations primarily work towards an improved excellence level. The former striving to attain stability and the latter to achieve consistency.

However, by indulging in attaining such perfection level they end up in slowing down the situation and loosing efficiency due to the absence of a filtering system that separates the critical from the non-critical events.

Reason being; in due course of time this accumulated mammoth figure of corrective actions will add up and cause a bottleneck for the organization as influx of data that becomes stagnant, because the addressable problem process is jeopardized.

Thus, manually addressing such a large number of corrective actions creates complexity and requires more processing, losing cost and productive time.

Hence it is advisable to have a filtering system in place to be a truly efficient organization which can identify high risk events to separate and address on a priority basis rather than concentrating on less critical events that can be easily corrected with a one-off basis.

Now, that is where the automation is required to speed up the decision-making process.

An automated CAPA system provides the organization the ability to automate their Problem Addressable Methodology and the associated CAPA processes to filter the critical from the non-critical events.

This is actually the crux of 80:20 Principle… to apply it in phase wise manner to attain the zero-error strategy model.

Hence, now a days it is becoming indispensable for organizations to have an effective and efficient EQMS in place as an automated responsive tool.

And that is where Qualityze Inc. comes…

With a proven history in EQMS space we believe in providing quality solutions for all and focuses on delivering closed-loop quality management solutions.

Qualityze’s CAPA management solution has built-in powerful analytics and reporting capabilities that provide you an early indication of quality issues, so the organization can take simplified corrective actions.

The flexibility of Qualityze’s CAPA system helps and allows you to treat the most important part of a CAPA system, The Root Cause Analysis, in an efficient way by prioritizing the critical events and helping you make right decision – every time.

To Request a demo:
Phone: +1-877-207-8616
e-mail: info@qualityze.com