API Spec. Q1 9th edition covers the subject of risk assessment in Clause 5.3, Risk Assessment and Management. Risk assessment pertains to product delivery and product quality. It is the responsibility of management to ensure risk assessments are carried out to meet the conformities that is stated through Q1. Although Q1 indicates the requirements it does not give any specifics on how the organization should implement and set-up risk assessments.
When delving into Q1 to achieve risk assessment you need to read all the aspects of the different clauses that depicts the attributes related to risk assessment. It doesn’t just start and stop with Clause 5.3. There are many areas that have information that allows for more understanding. Consider risk assessment more of a Gap Analysis whereas it makes it circle through its relationship with other clauses as shown below.
3.1.19 Defines Risk as Situation or circumstances that has both the likelihood of occurring and a potentially negative consequence.
5.2 (d) Planning – contingencies based on risk assessments.
5.4.2 (g) Design and Development Inputs results and risk assessments.
5.5 Contingency Planning – General – Organization shall maintain a documented procedure for contingency planning needed to address risk and contingency planning shall be based on assessed risk.
5.5.2 (a) Planning Output – at a minimum contingency plan shall include action required in response to significant risk scenarios
5.7.8 Note – preventative maintenance can be based on risk
5.11 Management of Change (MOC) General – the organization shall identify the potential risk
6.5.2 (f) Inputs for Management Review – Results of risk assessment
As stated in previous publication, understanding ISO9001:2015, ISO 31000, Risk Management gives additional insight towards guidelines.
Keep in mind Risk Assessments is thinking, reviewing the potential possibility of a risk occurring. You do this mindfully for everything you do or perform.
In the example above, this is nothing more than what has been occurring during as auditors we see a potential problem under a Preventative Action (PA). The occurrences are still PA’s just drilled down deeper to get to the possible root problem under risk assessments, before a major issue occurs and a non-conformance is noted. Creating the same mindset throughout the Quality Management System the same way your mindset has been created personally will aid in maintaining a better Quality Management System with regards to Quality and Safety meeting the potential possibilities long before they become problems.