Call Today! (800) 244-5409


Quality Resource Center Partners With California Manufacturing Technology Consultants

Silicon Valley based Quality Resource Center (QRC) announced today a partnership with the Torrance, California based California Manufacturing Technology Consultants (CMTC), to provide an array of ISO 9001 and other similar Standards based consulting.

“We are extremely proud of our partnership with California Manufacturing Technology Consultants” stated Dan Terry, President and CEO of Quality Resource Center. “This is a truly synergistic relationship that leverages our more than a quarter century of operation with the vast resources of CMTC. Our product portfolio including ISO 9001, AS9100, ISO 13485, ISO 45001, ISO14001, IATF 16949, and more is an ideal fit for their client base.”

“Working with QRC is indeed a partnership of great synergy. We look forward sharing their industry best experience in so many areas with our highly valued clients” stated Marty Jones, Director of Delivery Resources at California Manufacturing Technology Consulting. “As Dan mentioned, this is a truly synergistic relationship that offers much more than the sum of our separate parts to our valued clients.”

CMTC’s Made in CA Program is dedicated to highlighting the contributions of California’s manufacturers and raising awareness of the products made in the Golden State.

Founded in 1992, California Manufacturing Technology Consultants, is headquartered at 690 Knox Street, Suite 200, Torrance, CA 90502.

Founded in 1992, Quality Resource Center ( is the industry’s oldest and most prestigious ISO based consultancy. With offices in both California and New York City, QRC is headquartered at 111 North Market Street, Suite 300, San Jose, California, 95113.

Quality Resource Center Opens New York City Office

San Jose, California based Quality Resource Center is proud to announce the opening of their New York City office.

The Quality Resource Center’s new offices are located at 315 Madison Avenue, 3rd and 4th Floors, New York, New York 10017.

“We are extremely pleased to reach this important milestone. New York city is the epicenter of the entire business world. Demand for our services in this area has increased dramatically over the years, and this action will allow us to better serve the entire east coast of the United States, including New York, Boston, Philadelphia, the Carolinas, Atlanta, Florida, and more. I am pleased to have placed the entire operation under the steady hand of Dennis Marinsik, our Senior Vice President of Major Accounts. Dennis has been with QRC since the beginning, and we know that under his guidance we will continue to perform at a superior level” remarked Dan Terry, President and CEO of The Quality Resource Center.

“We have gained a reputation over the years as the industry leader in ISO 9001 based quality management systems, and a trusted partner for our clients. Our mission is simple: we exist solely for the benefit of the client; we offer superior service, superior value, and we solve our client’s problems. We are committed to their success. When our clients succeed, we succeed. We have retained so many of our original clients over the years. I take that as a point of personal pride for myself, as well as our entire QRC team. Under Dan’s leadership, I expect QRC to continue to thrive” said Dennis Marinsik.

Founded in 1994, The Quality Resource Center is the oldest and most prestigious ISO 9001 based quality management systems consultant firm, with over 500 successful client registrations in more than a quarter century of operation. In addition to ISO 9001, The Quality Resource Center proudly serves the ISO 14001 Environmental Management, AS9100 Aerospace, ISO 13485 Medical Device, ISO 27001 Data Security, and IATF 16949 Automotive industry segments.

The Company’s Headquarters remain at 111 N. Market Street, Suite 300, San Jose, California. Telephone 1-800-244-5409. ©Copyright 2020, all rights reserved.

What is Quality 4.0 and What You Need to Know About It.

Quality 4.0 aligns quality management with Industry 4.0. It represents a “failure is not an option” priority for organizations and their quality leaders. To assist quality leaders and their teams in keeping pace with Digital Transformation and lead the Quality 4.0 charge, this article highlights the key elements and philosophies needed to embrace and execute this important new concept.

At its core, Quality 4.0 is the digitalization of quality, management systems and compliance. It does not focus exclusively on the technology itself, but rather on the improvements in culture, collaboration, competency and leadership that are produced by those technologies.

What is Quality 4.0?

Quality is the essential aspect of all businesses that cuts across all industries. It basically includes, but is not limited to, quality engineering, quality management systems, quality control and quality assurance. Quality 4.0 integrates all these elements utilizing new technologies that can be integrated into management systems, certifications, and more.

A good example of this is Blockchain, offers valuable methods for process traceability, from equipment maintenance and calibration certificate to even process data analysis control. A blockchain is a growing list of records called blocks that are linked cryptographically. Each individual block contains a cryptographic hash of the previous block, a timestamp, and transaction data. By definition, a blockchain is resistant to modification of the data.

“Big Data” and “The Internet of Things” (IoT) data are already used for real-time process monitoring and measurement. Augmented reality, the art of blending the physical-digital environment and helping navigate through it easier is another great example. Greater connectivity, new modes of production, and intelligent processing with computing capabilities allows visualization of data faster and better than ever.

The Intersection of Quality and Technology

Industry 4.0 and its technologies provide new ways for people, machines and data to interact, transforming powerful technologies into accessible commodities, resulting in a disruptive synergy of culture, leadership, collaboration and compliance, resulting in forward thinking quality teams standing ready to resolve many long-standing challenges that have prevented innovation and improvement.

The Foundational Pillars of Quality 4.0

Data – By definition, Quality is data driven, and data driven decision making is the key. Organizations must seek ways to combine data from various systems to ensure accuracy and transparency in their decision making.

Analytics –Traditional quality metrics typically describe what has happened, why it happened and what might happen next, but they fail to determine what actions to take. This type of analysis can be achieved by utilizing Big Data, Machine Learning (ML) and Artificial Intelligence. Successful organizations will develop an analytics strategy after or concurrently with a data strategy or the value of the analysis will be of little value.

Connectivity – The integration of various business information technologies (IT) (e.g., EQMS, ERP, PLM, etc.) with operational technology (OT) (e.g., technology used in laboratories, manufacturing and service) is a longstanding challenge. The key here will be enabling data, processes and people to work together in symbiotic fashion.

Collaboration – The adoption of Enterprise Quality Management Software (EQMS) facilitates execution of collaborative processes with the help of email, automated workflows, portals and even paper documents. The advent of social listening and blockchain have transformed collaboration in recent years, and future success will utilize the disruptive powers of connectivity, data and analytics.

App Development – The creation of created “mashup” apps that combine content from multiple sources into a single interface, represent an emerging tool for operations and management, thus realizing the full potential of interactive apps available today, including wearables, augmented reality and virtual reality.

Scalability – Many companies cite disjointed data sources and systems as significant roadblocks to achieving quality objectives. Cloud computing can be a valuable tool to achieving scalability, along with data lake technologies (A data lake is a system or repository of data stored in its natural/raw format,[1] usually object blobs or files. A data lake is usually a single store of all enterprise data including raw copies of source system data and transformed data used for tasks such as reporting, visualization, advanced analytics and machine learning). Start by assessing the current scalability – or the ability to support data volume, users, devices and analytics on a global scale – of your in-house systems.

Management Systems – As of the writing of this paper, less than a quarter of companies have adopted an EQMS. The resulting core process fragmentation makes it difficult for companies to deploy effective quality technology. Harmonizing and automating processes and systems enables quality staff to shift their focus to innovation and improvement.

Compliance – A large percentage of companies report that ensuring compliance was a key strategic objective for quality management, closely followed by reducing the total cost of quality. Quality 4.0 provides multiple opportunities to automate compliance. Highly configurable, automated and connected EQMS solutions, and tools to automate validation are now available.

Culture – Few organizations and their cross-functional teams clearly understand how quality contributes to strategic success. The improved connectivity and collaboration offered by Quality 4.0 makes a culture of quality attainable.

Leadership – Barely ten percent of companies report that quality is a priority for top management. To confront this, quality teams must align their objectives and clearly link them to the organization’s strategic objectives. Quality leaders must advocate and lead quality across the organization, especially at the executive level.

Competency – Quality 4.0 facilitates an improved baseline competency of workers, as well as better scaling of specialized knowledge. Other technologies including certain social media, Machine Learning, Artificial Intelligence, mashup apps, wearables and VR can yield improvements in training and knowledge sharing.

What Should you do?

  1. Evaluate where you stand on each of the 11 elements of Quality 4.0
  2. Recognize and embrace the potential uses of analytics, apps, data, connectivity and other technologies to influence performance across the enterprise
  3. Establish a Digital Transformation strategy. Align your quality objectives with it.

Current State –

A recent American Society of Quality survey of companies around the world found that only 16% of companies have started any Quality 4.0 initiatives. 63% of companies reported that they have not even started any planning on the topic.

Furthermore, Europe is ahead of the Quality 4.0 race. Nearly a quarter of companies have already started planning on the subject. In the US this number drops to just 6%.

Companies that initiated Quality 4.0 initiatives have stated that they intend to apply the concept for quality data centralization, data security and continuous monitoring anywhere, anytime.

While the initiative is still very new, quality professional must be increasingly aware of it and endeavor to understand the need to create a plan to define their strategies in their companies.

Quality 4.0 will transform all aspects about implementation and quality controls.


Silicon Valley based Quality Resource Center is pleased to offer Q-Force™, our Salesforce Customer-Relationship Management (CRM) Consulting services.


CRM manages a company’s interaction with current and potential customers using complied data analysis from a range of different communication channels, including a company’s website, telephone, email, live chat, marketing materials, social media and more.


Utilizing the CRM approach allows businesses to learn more about their target audiences and how to best cater to their needs, thus improving business relationships with customers by specifically focusing on customer retention and ultimately driving sales growth.


Offerings include but are limited to–

  • Design, Development and Administration
  • Business and Systems Use Case Analysis
  • Project Scoping
  • Manage and prioritize daily case inquiries
  • Upgrade cycles
  • Development of reports and dashboards
  • Documentation and Presentations
  • Quality assurance and testing processes
  • Manage and prioritize daily case inquiries
  • Visualforce/Apex development
  • Web Services APIs – SOAP and REST-based Web Service APIs, etc.

Quality Resource Center offers over a quarter century of elite client services, with over 1,000 satisfied customers supporting a multitude of diverse businesses and markets. Please contact Quality Resource Center today to arrange a live, complementary 20 minute consultation.


AS9100D – Risk Management vs Risk-Based Thinking: Just What is the Difference?

AS9100D – Risk Management vs Risk-Based Thinking: Just What is the Difference?

Risk-Based Thinking requires organizations to consider the risks they face during strategic planning, planning for product and service conformity, management review, and when taking corrective action. The idea is that the organization works to identify risks, decides if action is required, and if applicable, takes action. That said, It is important to note that it is not necessary to track the risk as the project progresses to judge the effectiveness of the action, and whether additional action is necessary.

Risk Management, on the other hand, is a process for identifying risks, determining actions to mitigate those risks, tracking those actions, and then re-assessing any remaining risk after actions are deployed. It involves not just thinking about risk at certain stages during the realization of products and services, but also having a process to track these risks until they are addressed, mitigated, or eliminated.

What is required for operational risk management, and what isn’t?

To start with what is not required – there is a note specifying that while clause 6.1 “Actions to address risks and opportunities” addresses the risks and opportunities for the QMS, clause 8.1.1 “Operational Risk Management” is limited to risks that are associated with operational processes needed by the organization to provide its’ products and services. Therefore, while your organization may identify a QMS risk that your organization might soon have a rival company to compete with, this is not a risk that needs to be tracked according to the risk management requirements, as it is not an operational risk.

There are at least five requirements that an organization needs to consider during the planning, implementation, and control of the operational risk management process. They are:

  1. Assign Responsibilities – Who owns the process? Who constitutes the Team? Which departments need to be included? If actions are likely to be assigned to a certain department or function, it is best to have them involved in the whole management process.
  2. Determine Risk Assessment Criteria – What criteria will be used for risk assessment? How will you quantify which risks to accept and what you will mitigate? A note in this clause states that within the aviation, space, and defense industry, risk is generally expressed in terms of the likelihood of the occurrence and the severity of the consequences (a good example of this might be Failure Mode Effects Analysis or FMEA).
  3. Identify, Assess, and Communicate Risks – Any risk of product failure due to must be communicated to those who design and realize the product. Without effective communication, risk identification is ineffective.
  4. Identify, Implement, and Manage Mitigation Actions – There are a multitude of ways to address risk, ranging from risk reduction all the way to complete elimination of the risk – or, in other words, try to prevent the risk from happening. If a risk exceeds your acceptable criteria, take actions to address the risk and track those actions.
  5. Re-evaluate the Risk that remains when mitigation is complete, and continue to work to reduce it – Risk management is an iterative process, where the risk can always be reduced.

Has anything really changed from AS9100 Rev C?

The requirements have remained greatly unchanged since the past revision. Risk management process requirements were already included in AS9100 Rev C as risk management, and the five requirements have remained basically as they were. The real change here is the clarification that these requirements only applied to operational risk, hence the name change in the clause. The other change from Rev C is the addition of the two notes to clarify how these requirements are separate from risk-based thinking and to make it clear that risk in aerospace is a combination of likelihood and severity. For organizations that are already compliant with AS9100 Rev C, the current risk management process should most likely remain unchanged.

ISO 9001:2015 Transitions – Embracing the Challenge and Lessons Learned So Far

Quality Resource Center proudly announces the successful completion of our 100th ISO 9001:2015 project. During that time, we have learned a lot…

It’s estimated that less than 25 percent of the more than one million organizations certified globally have made the transition to ISO 9001:2015 (as of mid-2017). The September 2018 deadline is approaching and your quality management system (QMS) isn’t going to transition itself. But there is so much to consider; Where to begin? How do you start? What happens next? This paper will assist you in answering those questions.

As with any successful project, start by defining your objectives and create a plan to achieve them. The main objective is to identify the additional as well as modified requirements within the standard and then demonstrate compliance to them during your organization’s transition audit.

But how? What does that involve? These steps can be invaluable in your successful transition to ISO 9001:2015.

Step 1: Get 39,000 Foot View

The fact that your Organization is transitioning means you are already working with an accredited Certification Body (CB), or Registrar. It is important to note that they too had to develop a plan, vetted by their accreditation body, to facilitate the transition. In other words, your Registrar will may have their own analysis for the transition. So, talk to your registrar. Better yet, contact Quality Resource Center, the industry’s oldest and most successful ISO 9001 consulting firm, with over 25 years of operation, and let us talk to them.

This type of guidance will give you valuable information on issues and challenges that may affect your organization’s transition:

• Deadlines – No later than Sept. 14, 2018, however it may be earlier based on your CB’s policies.

• Audits – It might be possible to have your transition conducted as part of a regularly scheduled surveillance or recertification. Some CB’s may offer separate standalone transition audits. In either case, determine what this audit will involve and how it will be conducted. Additional time may be added to address the changes, they may require additional preparation, and it will cover specific new elements of the new standard. Having your ISO 9001:2015 Internal Audits and Management Review conducted by Quality Resource Center can provide great value; having the industry’s premiere Audit teams prepare you for your Registrar audits can identify embarrassing and painful findings at the internal level and guard against ugly exposure and the consequences of same at your surveillance or re-certification audits. Studies show that outsourcing these activities to Quality Resource Center can result in as much as 85% reductions in time and cost, and greatly enhance your chances for a trouble free Registration audit process.

• Existing Certifications – You will want to maintain your existing ISO 9001:2008 certification until your organization has successfully completed the transition— but what will that entail? When does your current registration expire? How can you best achieve a seamless transition?

• Get Trained by Professionals – Gain a working knowledge of the standard. Your CB will give you a glimpse of what to expect in the new standard (and what they might expect from you), from the new clause structure to the new requirements. Quality Resource Center offers invaluable expertise in this area. If you plan on doing your own Audits, they will need training and certification. Quality Resource Center offers superior training and certification services.

Once you have an outline of the project and potential impacts, begin to fill in your plan. Target the audit date at which you wish to have your transition, then backfill the dates from there to develop a roadmap. Be sure to communicate with your CB to align expectations and availability for your transition audit, and make sure your target date works within the deadlines, gives you enough time to address any potential non-conformances, doesn’t risk any lapse of coverage, etc.

Finally, work on how you’ll address the new structure; start thinking about some of the major changes such as risk and context. Prioritize, prioritize, and, finally, prioritize. . Communicate the agreed upon schedule and plan to your organization, and ask for feedback.

Best advice is to have Quality Resource Center prepare your plan, and commit it to paper with a professional Gantt chart.

Step 2: Do Your Homework – Study the Standard

Read and comprehend the standard. You cannot address requirements you haven’t even read. It’s not a lengthy;

Get the companion ISO 9000 document, it provides guidance on terms and fundamental concepts used in the new standard.

The standard can also be a bit vague, however; that’s again where you should consult with a Quality Resource Center professional. QRC can provide expert knowledge regarding topics like the context of the organization, leadership, risks and opportunities, organizational knowledge, and other critical areas and changes pertinent for transition, and in many cases offer interpretive guidance on the expected outcomes related to these changes.

GAP analysis can cut through the interpretation of minor wording changes and get to the changes that need to be addressed within your organization’s QMS. Quality Resource offers a very cost effective GAP analysis that can identify all areas of concern.

Once the focal points have been identified, utilize the standard to determine the actual requirement and key deliverables. You may find existing processes that address these elements. Utilize them wherever possible. The key to successful deployment of ISO 9001:2015 is alignment with your actual business activities.

Regarding documentation (or documented information) – It is important to note that while the new standard does not require any specific documented procedures. However, documented information in the form of procedures, forms, records, etc. are beneficial for any new or changed requirements. Having objective evidence to review during a transition audit will avoid unnecessary back and forth.

Step 3: Implement, Operate, and Review

Once the key elements of the new standard are identified and the plan to address them has been developed, the required changes and improvements to your QMS need to be deployed. Take time to communicate the changes to the organization to ensure their understanding. Next, the new and updated QMS needs review and correction, similar to the preparation for your initial registrar audits. Identify and work with the appropriate players, especially process owners, throughout the organization to verify and validate changes, and take the time to review everything again before your transition audit. A month or two prior to your scheduled transition audit, conduct your own internal audit to the new requirements, then follow that up with a management review to go over the results and determine the effectiveness of the updated QMS. Again, a good rule of thumb here would be to give enough time to react to any internal audit findings or management review actions items prior to your transition audit. Quality Resource Center can offer valuable assistance in this endeavor.

Registrars have requirements for internal preparations and reviews such as this, and some may even have tools to use. Consider the checklist transition tools they may have developed for your use; look for any transition checklists, transition audit plans, or transition requirements to leverage in your own internal audits. Quality Resource Center offers a valuable tool set that is extremely cost-effective.

Look for any lessons learned that might help you avoid pitfalls and/or showstoppers.

Here are a few for consideration:

• Have Quality Resource Center convert your existing documentation and upgrade to fit the new standard. Renumbering your documents is not required, but it is a very good idea, especially for your Quality Manual and your QOP’s. Don’t unilaterally eliminate all your documentation, nor your management representative, nor your quality manual! While you have the flexibility to do so (either partly or completely) if it fits the context of your organization, remember that just because the new standard is silent on such things doesn’t prohibit you from keeping such approaches if they work for your organization. It will aid great in your Internal Audits, Management Review, Improvements, and Registrar Audits.

New areas to consider include –

• Context of the Organization (sub-clause 4.1) – This must be addressed within management review as a minimum. Additional consideration may be adding support to this in your quality manual you do retain, or other planning components of your QMS. In short, the context of your organization should drive the approach your QMS (and all applicable processes) takes.

• Leadership (sub-clause 5.1) – Expect auditors to ask for time with top management, see their active involvement in the QMS, and the applicable processes (e.g. objectives, resources, and management reviews).

• Organizational Knowledge (sub-clause 7.1.6) – While this is a new requirement it cannot be overlooked. Auditors will expect to see this addressed in some fashion, and it is an ever-evolving process. Focus on getting it up and running without being overwhelmed by the potential; create a process that can be expanded and improved upon in the future.

• Risks and Opportunities­ (sub-clause 6.1) – This is one of most important areas to consider getting professional training and help with. Risk is an intricate part of the new standard, and there are a variety of tools available. Quality Resource Center can help you identify the tools that will work best for you, and assist you in completing the process.

• And About Those Risks – Risk, specifically risk-based thinking is likely everyone’s No. 1 topic when discussing ISO 9001:2015—it is a given. But how will you demonstrate it? Is it simply by addressing sub-clause 6.1? That is part of it, as would be the inclusion of it in Management Review (sub-clause 9.3.2.e).But it shouldn’t stop there. It is not sufficient to solely consider product-focused risks via Failure Mode and Effects Analysis (FMEA) process. Incorporate risk into the language of any and all processes and departments. View every process in the context of risk, and understand that the actions to address identified risks will yield improvements, which again is synonymous with the overall intent of ISO 9001:2015.

Finally, remember that Quality Resource Center is the recognized industry leader in the upgrade, deployment, and implementation of ISO 9001:2015. We offer a rich skill set that that not only increases your chance for success in your project, it also offers maximum value and cost efficiency.

Experience the Difference that 25 years of Total ISO Solutions offers.

International Standards Upgrades and Direction Forward

2015 and 2016 have seen major revisions of many of the very important and popular international quality management systems standards –

  • ISO 9001:2015 – Released in September, 2015 in conjunction with Annex SL
    – Upgrades no later than 2018
  • ISO 14001:2015 – Released in September, 2015 in conjunction with Annex SL
    – Upgrades no later than 2018
  • AS9100D :2016 – Re-aligned with ISO 9001:2015 and Annex SL – Release by 2016
    – Upgrades no later than 2018
  • ISO 13485:2016 – Released in February 2016
    – Upgrade no later than February 2019
  • ISO/TS 16949:2016 – Re-aligned with ISO 9001:2015 and Annex SL
    – Release by Q4 of 2016; Upgrades no later than 2018

Alignment to Annex SL of these standards (other than ISO 13485:2016) has enabled new and upgraded systems to be easily integrated. This means that adding ISO 14001:2016 to and existing ISO 9001:2015 systems is easily achieved. Similar for upgrading ISO 9001:2016 to include AS9100D or ISO/TS 16949:2016.

It also means that maintaining these systems is more straightforward than ever before. But much depends on the accurate and correct design and deployment of your new or upgraded systems.

Quality Resource Center offers unmatched expertise in these areas.

It also means that you will need additional training, and your auditors will need upgrades to their Auditor Certifications.
Here again, Quality Resource Center is the recognized industry leader.

Take advantage of our complimentary telephone consultation via our toll free line -1 800 244 5409 or simply drop us an email through this we portal.

Quality Resource Center – Experience the Difference.

ISO 9001:2015 Risk Analysis

Key Questions –

  1. Why implement Risk Based Thinking?
  2. What does ISO 9001:2015 require?
  3. What is Risk Based Thinking?
  4. What is Risk?
  5. What is a simple Risk Tool?
  6. How does it integrate into the Process Approach?
  7. How do you make Risk Based Thinking a Continual Process Improvement activity?

ISO 9001:2015 Risk & Opportunities –

“4.4 Quality management system and its processes

The organization shall establish, implement, maintain and continually improve a quality management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard.

“The organization shall determine the processes needed for the quality management system and their application throughout the organization and shall determine…

f) The risks and opportunities in accordance with the requirements of 6.1, and plan and implement the appropriate actions to address them;”

6 planning for the Quality Management system

6.1 Actions to Address Risks and Opportunities

6.1.1 When Planning for the Quality Management System,

The organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:

  1. Give assurance that the quality management system can achieve its intended result(s);
  2. Prevent, or reduce, undesired effects;
  3. Achieve continual improvement.


6.1.2 The Organization Shall Plan:

  1. a) Actions to address these risks and opportunities;
  2. b) How to integrate and implement the actions into its quality management system processes (see 4.4) and evaluate the effectiveness of these actions.


Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.”


The Main Objectives of International Standards are to provide confidence in the organization’s ability to consistently provide customers with conforming goods and services and enhance customer satisfaction


The concept of “risk” in the context of the ISO 9001:2015 international standard relates to the uncertainty in achieving these objectives.


What is “Risk Based Thinking”?

Risk-based thinking is something we all do automatically and often sub-consciously


The concept of risk has always been implicit in ISO 9001, but the ISO 9001:2015 makes it explicit and requires formal inclusion across the entire management system


Risk-based thinking is already part of the process approach Risk-based thinking enhances Preventive Action. Risk is often thought of only in the negative sense.


Risk-based thinking can also help to identify opportunities. This can be considered to be the positive side of risk

Why Should I adopt “Risk-Based Thinking”?

  1. To improve customer confidence and satisfaction
  2. To assure consistency of quality of goods and services
  3. To establish a proactive culture of prevention and improvement
  4. Successful companies intuitively take a risk- based approach


What Should I Do?

Identify what the risks and opportunities are in your organization

  1. Analyze and prioritize risks and opportunities in your organization and quantify them
    1. What is acceptable?
    2. What is unacceptable?
  2. Plan actions to address the risks by prioritizing them based on RPN numbers
    1. How can I avoid or eliminate the risk? Can it be designed out?
    2. How can I mitigate the risk? Increase detection? Reduce Occurrence?
  3. Implement the plan – take action based on priorities
  4. Check the effectiveness of the actions – and re-score your RPN’s.
  5. Learn from experience – continual improvement

Key Points to Remember


  1. Risk Based Thinking is Preventative Action
  2. Risk Based Thinking is everyone’s job
  3. Risk Based Thinking is not just the sole responsibility of management
  4. Risk Based Thinking is an integral part of the organizational DNA


What is Risk?

Risk is the possibility of events or activities impacting the organization’s strategic and operational objectives.


Risk Definitions

Risk can be defined by three (3) parameters


  1. Severity – The Seriousness of the harm
  2. Probability (or Occurrence) – The Probability that the harm will occur
  3. Detection – How well can the item be detected


Severity x Occurrence x Detection or “SOD” = Risk Priority Number or RPN


The Importance of a Risk (or FMEA) Worksheet


The risk worksheet, (example – FMEA), is essential, as it records identified risks, their severity, and the actions steps to be taken.


It can be a simple document, spreadsheet, or a database system, but the most effective format is a table.

A table presents a great deal of information in just a few pages.


There is no standard list of components that should be included in the risk worksheet. Some important ones include –


  1. Description of the Risk: A phrase that describes the risk.
  2. Risk Type (business, project, failure, yield, stage, etc.)
  3. Classification of the risk:
    1. Business risks relate to delivery of achieved benefit
    2. Project risks relate to the management of the project such as timeframes and resources
    3. Stage risks are risks associated with a specific stage of the plan.
  4. Likelihood of Occurrence: An assessment on how likely or often the risk will occur. Examples are:
    1. L-Low >30%)
    2. M-Medium (31-70%)
    3. H-High (>70%).
  5. Severity of Effect: Provides an assessment of the impact that the occurrence of this risk would have on the project.
  6. Detection – how well a risk can be detected via countermeasures
  7. Components of a Risk Worksheet (example – FMEA)
  8. Countermeasures: Actions to be taken to prevent, reduce, or transfer the risk. This may include production of contingency plans.
  9. Owner: The individual responsible for ensuring that risks are appropriately engaged with countermeasures undertaken.
  10. Status: Indicates whether this is a current risk or if risk can no longer arise and impact the project.


Other columns such as quantitative values can also be added if appropriate.




Integrating Risk Based Thinking with the Process Approach


Purpose of the Process  Approach

The purpose of the process approach is to enhance an organization’s effectiveness and efficiency in achieving its defined objectives. This means enhancing customer satisfaction by meeting customer requirements. Effective Risk Management means integrating it into your Process & Interactions Map, and resulting KPI’s.

Integrating Risk Management into Management Review Input

“Top management shall review the organization’s quality management system, at planned intervals, to ensure its continuing suitability, adequacy, and effectiveness. The management review shall be planned and carried out taking into consideration – d) The effectiveness of actions taken to address risks and opportunities (see clause 6.1)”


If the organization has a formalized Management Review procedure it is very important to update it to include the elements of Risk Management into the procedure.


In summary, Risk Management with respect to ISO 9001:2015 compliance is not optional. It is an integral part of the overall QMS.


Quality Resource Center offers an array of training and services in this area. Contact QRC today.

ISO 9001:2015 FAQ

Q – ISO 9001:2015 has been published. What now?

A – Obtain a copy of the Standard. They are available at

Review the standard in detail and also become familiar with Annex SL. Annex SL establishes a consistent structure featuring 10 clauses and common terminology and definitions applicable to all ISO Management System Standards.

Check out the numerous publications, briefs, FAQ’s, and White Papers offered by Quality Resource Center.

Review the manner in which your organization currently manages the new and significantly changed areas of the standard and how this relates to your quality or integrated management system. Consider a full GAP Analysis performed by Quality Resource Center professional.

Start by putting together an outline as well as a Gantt chart, taking into account milestones and timings for when and how you will upgrade your current management system. Make sure to start including Risk Management in every aspect of planning.

Establish a transition team, identify requirements and a plan for necessary training for key team members, managers, and other leadership. It is imperative that executive Management update their knowledge ISO 9001:2015, as their responsibilities have been significantly expanded.

Q – Who needs to be aware of the revisions to ISO 9001:2015?

A – Determine the key stakeholders who need to be aware of and understand the ISO 9001:2015 revisions:

  1. While there is no longer a requirement for a designated management representative, significant responsibilities still remain; they can delegated by Top Management to the System Manager.
  2. Top Management must understand and engage the leadership aspects of the revised standard.
  3. Key Process Owners must understand their obligations in managing their defined processes and associated Key Process Indicators.
  4. Internal Auditors and Audit Program Managers need to understand their specific requirements.

Q – What changes and revisions have been made to ISO 9001:2015?

A – Annex SL, Annex SL, Annex SL! It is the single biggest change to the ISO 9001:2015 document.

Other new areas include:

  1. Organizational context
  2. Control of externally provided products and services
  3. Formal introduction of a risk based approach (several clauses), among others.

Revisions to the standard include:

  1. Increased emphasis on top management engagement with ISO 9001
  2. Managing change
  3. Performance and evaluation
  4. Management review
  5. Risk Management

Q – How do the changes impact integrated management systems?

A – Annex SL has the goal of aligning ISO 9001:2015, ISO 14001:2015, and ISO 45001 (replaces OHSAS 18001). Since each of the standards share the structure and terminology of Annex SL, integration of these three important standards is much straightforward.

Q – Who are the key internal interested parties for large and medium size organizations in relation to the ISO 9001:2015 revision?

A – The most important internal interested party is top management. ISO 9001:2015 requires much greater understanding of the external environment, including addressing risk as well as greater top management ‘quality leadership’, and establishing tighter links between the management system and product/service quality.

There is increased emphasis on their direct involvement or oversight for the design, implementation, structure and performance of the organization’s management system and to ensure the QMS is an integral part of the organization’s business processes.

Q – How are smaller organizations impacted?

A – All the new and changed requirements will likely apply. The approach and degree of formality should be appropriate to the organization’s operating environment. Bear in mind that an organization should not be doing more than it needs to do to meet its customer and product/ service regulatory requirements but should be achieving this through a management systems approach based on ISO 9001:2015.

Q – When does the transition need to be achieved?

The transition guidance from ISO shows that organizations have three years from publication of ISO 9001:2015 to transition to the new standard. The cutoff point is September 2018. While some may choose their next certification cycle, many will want to be among the first to benefit from the increased functionality that ISO 9001:2015.

Q – What is the bottom line?

Focus on the areas of ISO 9001:2015 that are completely new or have been revised. Those are the areas that need to be included in your transition plan. Make sure that quality managers and internal auditors understand the differences that Annex SL (common text and structure) will bring to the design, operation and performance of your QMS.

Engage a professional –

Talk to Quality Resource Center – We not only understand the revisions, but more importantly, we know what the revisions mean to your QMS and wider organization – and how to apply it to best effect.

Engage with QRC to find out how a gap analysis and training on specific areas of ISO 9001:2015 can benefit you personally, as well as your organization.

Quality Resource Center offers a range of services to help you transition to the revised standards. Find out more at