INTEGRATED CONSULTANCY SERVICES

(An Organization providing Industrial Consultancy and Training services )

RISK BASED APPROACH ( SYSTEM and ACTIVITY ) – easy explanation

CORPORATE OFFICE: # 257, “LANDMARK”, SILVASSA-KHANVEL ROAD, SILVASSA

- 396 230 UT OF DADRA AND NAGAR HAVELI | INDIA MOB: +91 971 420 4382
| E-MAIL: info.icssilvassa@gmail.com
 INTEGRATED CONSULTANCY SERVICES
(An Organization providing Industrial Consultancy and Training services )
RISK BASED APPROACH ( SYSTEM and ACTIVITY ) – easy explanation

Notes : FSSC 22000 / FSMS ( ISO 22000 ) are to be read as QMS ( ISO 9001 )
/ EMS (ISO 14001 ) / OHSMS ( ISO 45001 ) / IMS -QEHS ( in case it is
Integrated with ISO 9001-14001-45001) / IMS-HSE ( integrated with ISO
45001 -14001) / IMS-QEMS ( integrated with ISO 9001-14001) / LQMS (
ISO/IEC 17025 –Laboratory ) / AQMS ( Automotive QMS – IATF 16949) ,
like that …. Under HLS ( High Level Structure )

The Concept of Organizational Risk Assessment (can be referred as SYSTEM

BASED RISK and OPPORTUNITY --- SROP) is same for any type of
Management System under ISO …

To understand this organizational risk-based approach it is important to

understand the requirements in and relation between the chapters 4, 6, 8, 9 and 10

• Chapter 4.1 requires identification of internal and external issues (

departmental and organizational level) that might have an impact on intended
outcome of relevant standard . Note 1 and 2 in chapter 4.1 of the standard provides
examples of typical related issues .

• Chapter 4.2 requires identification of the relevant interested parties and

their expectations and requirements (departmental and organizational level)

• Chapter 6.1 requires identification of risks and opportunities (6.1.1)

based on the issues and requirements of interested parties. It also requires
identification of actions (6.1.2) for these risks and opportunities—Planning stage (
P for PDCA Cycle) .

• Chapter 6.1.1 : General : SROP ( System based Risk and Opportunity )

at Organizational Level ( can be made as a single document) with the Input from
(departmental and organizational level under chapter 4.1 and 4.2 .
CORPORATE OFFICE: # 257, “LANDMARK”, SILVASSA-KHANVEL ROAD, SILVASSA
- 396 230 UT OF DADRA AND NAGAR HAVELI | INDIA MOB: +91 971 420 4382
| E-MAIL: info.icssilvassa@gmail.com
 INTEGRATED CONSULTANCY SERVICES
(An Organization providing Industrial Consultancy and Training services )
RISK BASED APPROACH ( SYSTEM and ACTIVITY ) – easy explanation

• Chapter 6.1.2 : Activity based ( linked with chapter 4.4 – Flow Chart of
Process/ Activity ) risk and opportunity assessment at relevant departmental level
as per following table :

Standard Type of Assessment Remarks

QMS ( ISO 9001) PFMEA( Process Failure Mode Effect Analysis) / FMEA must for
QROP ( Quality-based risk and Opportunity ) or any other IATF 16949.
similar terminology For ISO 9001: it
is not mandatory
EMS ( ISO 14001) Environmental Aspect –Impact Analysis ( EAIM) Considering LCP
( Life cycle
perspective)
OHSMS( ISO 45001) Hazard Identification and Assessment of Risk & OHS based
Opportunity ( HIRA/ HIARO)
FSMS ( ISO 22000) Hazard Analysis and Critical Control Point (HACCP) Food Safety
ISO/IEC 17025 ( Risk and Opportunity assessment for the Laboratory Competence of
NABL) Clause 8.5 Activities Lab
IATF 16949 FMEA ( PFMEA, DFMEA , as applicable ) in a much Product Safety
elaborated way ( linking with PFD and Control Plan)

• Chapter 8.1 requires the actions to be integrated in the operational

processes of the organization--- Implementation stage ( Do for PDCA)

• Chapter 9.1 requires evaluating effectiveness of the implemented actions.

Checking stage ( C for PDCA cycle)

CORPORATE OFFICE: # 257, “LANDMARK”, SILVASSA-KHANVEL ROAD, SILVASSA

- 396 230 UT OF DADRA AND NAGAR HAVELI | INDIA MOB: +91 971 420 4382
| E-MAIL: info.icssilvassa@gmail.com
 INTEGRATED CONSULTANCY SERVICES
(An Organization providing Industrial Consultancy and Training services )
RISK BASED APPROACH ( SYSTEM and ACTIVITY ) – easy explanation
• Chapter 9.3 : requires reviewing the effectiveness in the management
review and to identify additional actions where required—MRM ( C for PDCA
Cycle)

• Chapter 10.2 requires the organization to take corrective action against any
type of non-conformity , NC/ Incident ( A for PDCA Cycle)

• Chapter 10.3 requires top management to ensure the continual

improvement of the suitability, adequacy and effectiveness of the relevant
management system ( A for PDCA Cycle)

For any kind of Risk Assessment ( be it System based or Activity based under
current management system of ISO ) :

RISK RATING ( RR) or RISK PRIORITY MUMBER (RPN) is defined as a

multiplied product of PROBABILITY ( PR) or Likelihood of Occurrence and
SEVERITY (SE) or Consequence of the Occurrence ( Refer ISO 31000)

RPN = PR X SE

The Organisation need to define the Criteria of PR and SE and the

acceptability or significance level of RPN

Compiled by : Er. SIDDHARTHA SANKAR ROY

Having overall 28 plus years of Industrial Experience ( including 7 years in the Consultancy –
Training –Auditing field)

M.Tech ( IIT) ;Lead Auditor /Auditor( QMS-ISO 9001; EMS-ISO 14001 ; OHSMS-ISO
45001 ; EnMS-ISO 50001 ; FSMS-ISO 22000 ; ; NABL-ISO/IEC 17025 ; IATF 16949)

CORPORATE OFFICE: # 257, “LANDMARK”, SILVASSA-KHANVEL ROAD, SILVASSA

- 396 230 UT OF DADRA AND NAGAR HAVELI | INDIA MOB: +91 971 420 4382
| E-MAIL: info.icssilvassa@gmail.com