Risk Based Thinking ISO 9001  Risk Management

What is Risk-Based Thinking (RBT)?

→ Risk-based thinking ensures these risks are identified, considered, and controlled throughout the design and use of the Quality Management System.
→ It is one of the major changes in the updated ISO 9001:2015 standard.
→ It is used to establish a systematic approach to considering risk and take action before the thing happens instead of taking action after things happen.
→ So, it is a preventive aspect of the new ISO 9001:2015 QMS standard rather than a reactive approach.

What is Risk?

→ An ISO 9001:2015 defines Risk as “The Effect Of Uncertainty On an Expected Result."
→ There are two types of risks available with the system - Positive & Negative
→ It is built-in characteristics with all systems, processes, and functions.
→ RBT ensures these risks are identified, considered, and eliminated or controlled throughout the design and use of the QMS.
→ It is something we all do automatically and often sub-consciously in everyday life and it makes preventive action part of the routine.
→ Example: If I have a flight then I plan to reach the airport at least 30 to 40 minutes before flight timing with considering all desirable or undesirable events may happen during the journey (from home to airport) like rain, traffic, fuel refilling, puncture, check-in times, etc...
→ It is a part of the process approach of ISO 9001:2015.
→ All processes have different likelihood related to the effect of uncertainty.
→ Some process needs more careful and effective planning to mitigate and control than others.
→ Example: In the above example the risk_factors are different (1) I go to the airport in my car, (2) I go to the airport with cab service, and (3) I go by public transport like metro or BRTS, etc.

what is risk

Risk-Based Thinking (RBT) in ISO 9001

→ It is the newly addressed Requirements of an ISO 9001-2015 and clause wise description is mentioned below.
→ Introduction - the concept explained
→ Clause 04 – the organization is required to determine its QMS processes and to address its risks and opportunities 
→ Clause 05 – top management is required to
     ⇢ Promote awareness of RBT.
     ⇢ Determine and address risks and opportunities that can affect product /service conformity
→ Clause 06 – the organization is required to identify risks and opportunities related to QMS performance and take appropriate actions to address them 
→ Clause 07 – the organization is required to determine and provide necessary resources (risk is implicit whenever “suitable” or “appropriate” is mentioned)
→ Clause 08 – the organization is required to manage its operational processes (risk is implicit whenever “suitable” or “appropriate” is mentioned) 
→ Clause 09 – the organization is required to monitor, measure, analyze and evaluate the effectiveness of actions taken to address the risks and opportunities
→ Clause 10 – the organization is required to correct, prevent or reduce undesired effects and improve the QMS and update risks and opportunities 

Why use RBT?

→ By considering risks throughout the system and all processes the likelihood of achieving stated objectives is improved, the output is more consistent and customers can be confident that they will receive the expected product or service. 
→ Benefits of RBT:
→ It improves governance and establishes a proactive culture of improvement 
→ RBT assists with statutory and regulatory compliance
→ It assures the consistency of the Quality of Products and Services
→ Also, improves customer confidence and satisfaction

Strengths and Weakness:

→ The strength associated with a system is like:
→ Infrastructure
→ Machines
→ Resources
→ Good Will
→ Fewer Competitors, etc.

→ Similarly, The weakness associated with a system is:
→ Delay
→ Defects
→ Scrap
→ Complaints
→ Repetitive Issues, etc.

Strength and Weakness

Internal Factors:

→ External Provider
→ Input
→ Process
→ Output
→ Customer

→ Also, it is associated with a system by 6M:
→ Man
→ Machine
→ Material
→ Method
→ Mother Nature (Environment)
→ Measurement (Measures)

Risks associated with system

External Factors:

→ Below External Factors associated with a system:
  1. Political
  2. Economical
  3. Social
  4. Technological
  5. Environmental
  6. Legal
External Factors

[1] Political factor:
→ They are basically how the government gets involved in the economy like,
→ Tax policy,
→ Labor law,
→ Environmental law,
→ Tariffs etc....

[2] Economic factor:
→ They economically affect the organization like:
→ Economic growth,
→ Interest rates,
→ Exchange rates and
→ The inflation rate etc.…

[3] Social factor:
→ They are socially related to the organization like:
→ The cultural aspects,
→ Customs, festivals,
→ Lifestyle and
→ Locality etc.….

[4] Technological factor:
→ They are related to the system by technological aspects such as,
→ New process adaption,
→ R&D activity, automation,
→ Technology  incentives and
→ The rate of technological change etc.…

[5] Environmental factors:
→ They include ecological and environmental aspects such as…
→ Weather,
→ Climate and
→ Climate change
→ Natural Resources etc.…

[6] Legal factors:
→ They include the statutory and regulatory compliances associated with the system.

👉 Also Read:

👉 For a regular update :
Join us (Telegram Group)
Join us (WhatsApp Group)

👉 See Also:


  1. Thank you sir, quick understanding information.

    All the best

  2. Thank you for good information. But, i believe, we can't avoid the risk completely in the system, The risk shall be calculated in such a way that, there shall be a % of risk which can be accepted. Do you have any information related to the risk % calculation? If so, can you please share. Thank you.


Post a Comment

Previous Post Next Post