6.

1 Actions to Address Risks and Opportunities

The risks and opportunities should be relevant to the context of your organization (Clause 4.1), as well as,
any interested parties (Clause 4.2). You should ensure that your organization has applied this risk
identification methodology consistently and effectively. What process has been developed to identify risks
and opportunities? In the absence of documented processes or procedures, you may need to use observations
and interviews (and a review of the process output, which may contain documented evidence) to assess the
processes that determine whether or not undocumented processes are being carried out as planned.

 6.1.1 General
 6.1.2 Aspects & Impacts
 6.1.3 Occupational Hazards
 6.1.4 Compliance Obligations

External and internal issues, and relevant needs and expectations of relevant interested parties may be
sources of risks. Objective evidence may be in the form of a dedicated risk matrix, risks added to other forms
such as an aspect register, corrective action log and forms, etc. All of the processes that comprise a
management system do not represent the same level of risk in terms of your organization’s ability to meet its
objectives. Due to this reason, the consequences of failures or non-conformities in relation to processes,
systems, products and/or services will not be the same for all organizations.

You should seek and record evidence that your organization has taken a planned approach to addressing risks
and accomplishing opportunities to the benefit of the quality management sytem and the organization. Check
that any actions taken to address the risks and opportunities are recorded, and ensure that the effectiveness of
each action was effective at addressing the issue, and that the action taken was proportionate to the risk or
opportunity. Objective evidence could

be in the following various forms:

1. Meeting minutes;
2. SWOT analysis;
3. Reports on customer feedback;
4. Competitor analysis;
5. Quality manual;
6. Brain-storming activities;
7. Planning, analysis and evaluation activities;
8. Strategic planning documents;
9. Design and development reviews;
10. Marketing and sales data;
11. Production inspections and service reviews;
12. Corrective actions;
13. Non-conformance reports;
14. Management review minutes;
15. Risk determination or evaluation records.