ISO 9001-2015 6.1 Risks and opportunities


FREE QHSE Software Click <HERE> to Learn More

FREE QHSE Business Software Solutions

FREE Quality, Health and Safety, and HR Business Software Click <HERE> to Learn More and Download




QHSE Support >(Site Map) Quality Guidance > ISO 9001-2015 Clauses > ISO 9001-2015 clause 6 >  

ISO 9001:2015 Clause 6.1 Actions to address risks and opportunities







ISO 9001:2015 Clause 6.1 Actions to address risks and opportunities


ISO 9001:2015 Clause 6 mind map


ISO 9001:2015 6 Planing mind map


ISO 9001:2015 0.1 Introduction states "Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system to deviate from the planned results, to put in place preventive controls to minimize negative effects and to make maximum use of opportunities as they arise." 


ISO 9001:2015 0.3.3 Risk-based thinking states "Risk-based thinking is essential for achieving an effective quality management system. The concept of risk-based thinking has been implicit in previous editions of this International Standard including, for example, carrying out preventive action to eliminate potential nonconformities, analysing any nonconformities that do occur, and taking action to prevent recurrence that is appropriate for the effects of the nonconformity."


It could be reasonable to surmise that 'implicit' can be taken to mean 'unexpressed' in previous editions...


This is a step in the direction that other non quality standards have promoted for quite some time now, in so far as ISO 9000 series is now seeking for businesses to plan by utilising the concept of risk based thinking to develop opportunities, as well as to address, mitigate or eliminate potential risks.  This is essentially a push towards steering businesses to be more proactive and less reactive.   How this is achieved, is principally left down to the organization's discretion, providing it stays within the requirements of the standard.


Clause 6.1 Breakdown


6.1 Actions to address risks and opportunities


Clause 4.1 and 4.2 require risks and opportunities are determined in accordance with the requirements of clause 6.1.1, therefore the organization shall need to consider risks and opportunities that affect its ability to achieve the intended results identified by these clauses.


• The objectives of this determination:

• To ensure that the quality management system (QMS) can achieve its intended results

• To enhance desirable effects

• To prevent or reduce adverse effects

• To achieve improvement


  6.1.1 (consider risks and requirements)


Back in previous editions of the ISO 9001 standard, it could be said that some quality management representatives (with top management surreptitiously endorsing) could mindlessly, or some might even say cynically identify the "shall" clauses and implement systems to meet the minimum requirements. However, with the new standard, it is simply not enough just to meet the "shalls" of the ISO standard, you are required to think, to deliberate, i.e. organizations will require to plan to identify the risks and opportunities. It is therefore a requirement that organizations are fully conscious of the issues that both negatively or positively affect their operation and subsequently plan to implement opportunities as well as alleviate risks.


Risk based analysis for planning can use the same tools and methodology that are available to the Health and Safety officer for undertaking an interpretation of the risks and opportunities.


Here is a rather simplistic risk assessment module that can be used to calculate risk against acceptance criteria.


ISO 9001:2015 6 Planing Risks and Opportunities 5x5 Maxtrix


There many different risk assessment/risk analysis tools out there, but perhaps the 3 x 3 and 5 x 5 risk matrix's are the more widely known, and easily adapted to suit quality planning rather than accident management.


  6.1.2 (plan to address risks and opportunities)


This clause uses the 'shall' verbal form to dictate requirements that are to be implemented.


There are 3 requirements to be met, each will require planning to meet the 'shall' mandate.


a) actions to address these risks and opportunities;

b) how to:


1) integrate and implement the actions into its quality management system processes.

2) evaluate the effectiveness of these actions.


The clause goes on to further clarify the requirements by stating "Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services".


How to implement these requirements will be very much down to the discretion of each organizations and there operational set-up, this could be simple or complex, short term or long term, low cost or high cost.


The mind-map below attempts to more clearly show the different areas of the standard that clause 6 interacts with and may help in addressing the requirements of clause 6.1.2 b.

ISO 9001:2015 6.1.2 Planing QMS integration links



Useful integrated management system cross references


ISO 14001


ISO 14001-2015 6 Planning

ISO 14001-2015 6.1 Risks and opportunities



ISO 45001


ISO 45001-2018 6 Planning

ISO 45001-2018 6.1 Risks and opportunities


Help file v1.175.0542 : Copyright © 2022 Brian G. Welch MSc(QHSE), NVQ4(OH&S), CMIOSH - Supported by Website On Safe Lines