The norm ISO 9001:2015 defines the term “risk” as the impact from uncertainty on an
expected result, i.e. the impact, and therefore the risks, of faulty actions on products and
The risk management assumes specific minimal requirements in the manufacturing of
products and services which the basic norm ISO 9001:2015 describes as follows:

  • Documented information on features, activities and expected results are available
    and accurate
  • Meeting the criteria for the handling of processes and results as well as the
    assumption on products and services are sustainably defined and documented
  • Competent personnel, including the required qualification, are trained, named and
    known to everybody
  • On a regular basis, the required expertise is reviewed and adjusted in order to
    achieve the expected results of processes
  • Measures to avoid human mistakes are taken and implemented

In future, companies will have to prove how they are fulfilling these requirements. “A simple
past-orientated administration based on a “risk bookkeeping” – which is often seen in
companies – will not be sufficient as an evidence (RiskNet GmbH).

Take the example of the FMEA (Failure Mode and Effects Analysis)

The German TÜV Rheinland describes the FMEA as one the most current methods for risk
management. Based on this method procedures can be analyzed, evaluated and
documented in respect of possible risks. For almost all procedures FMEA provides suitable
solutions. As the ISO 9001:2015 norm does not determine how and by which method
companies should proceed for their risk evaluation. They are free – that means on their own
– to choose the most appropriate method.
We have already elaborated one of the most common method for you.

