The concept of risk-based thinking has been implicit in previous editions of ISO 9001 through requirements planning, review, and improvement. But ISO 9001:2015 requires companies to use risk-based thinking to manage their business.

If you want to implement an ISO 9001:2015-compliant quality management system (QMS) that uses risk-based thinking, there are 10 things you need to know.

Top 10 things you need to know

1. What is risk?
Risk has two components. The first is the probability of an objectionable incident occurring. The second is the severity of harm when the objectionable incident occurs.

2. How is risk reduced?
Risk can be reduced by reducing the probability of occurrence of the objectionable incident or the severity of harm when the objectionable incident occurs. It is typically much more difficult to reduce the severity of harm than to reduce the probability of the objectionable incident from occurring.

 …