أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.
It is important to note that there are no requirements for a formal process to monitor and control risks and opportunities within the Quality Management System. Just like risk-based thinking, there is not a requirement for full risk management, only the identification of the risks and opportunities and decisions on what action to take. This does not even need to be maintained as documented information within the QMS.
As with any new requirements for ISO 9001:2015, it is a good practice to look at what you already do within your organization to see if you address these requirements with your current business practices. For instance, many companies have business planning processes that look at the risks to the business and the opportunities that could be present, such as the use of a SWOT analysis (strengths, weaknesses, opportunities, and threats).
The use of a SWOT analysis in business planning will also include making plans to address the risks and opportunities identified, which is also required by the ISO 9001:2015 standard requirements. For instance, if you identify a risk that a key component in your product or service will become obsolete, you can make the plans necessary to find a replacement before your customers are impacted by your product becoming unavailable.
If you already do this as part of your business capture strategy, then you are already meeting the requirements of the ISO 9001:2015 standards; if not, then this is certainly an industry best practice that you could be adopt. Remember, the format of this identification is not mandated, so you can look at these risks and opportunities in any fashion you wish.