What Is the Meaning of Risk-Based Thinking in ISO 9001

Risk-based thinking is when you’re essentially doing risk management. ISO 9001 wants you to think in this risk-based approach throughout the board, meaning in the business objectives, strategies, processes, systems, and products. So you’ll need to instil a strong concept of risk in your company. There are some ways you can accomplish this with ISO 9001 Certification.

Let’s have a step-by-step look at this systematic approach.

Identifying Business Risks and Taking Action

You’ll need to identify the possible risks in your business through management reviews and performance evaluation to make sure you didn’t miss anything. As soon as you have found a possible risk, you’ll have to apply risk assessment on every nook and cranny of your business to make sure that you have captured the severity or non-severity of the risk and then apply remedial actions on the priority risks first and then later on the other risks. Risk assessments usually have a severity from ‘remote’ to ‘very likely’.These ‘very likely’ risks will take  priority. Then you can start evaluating if there are any positive sides of the risk and how to exploit these positive sides. If there aren’t any positive sides, you’ll have to take action to address risks head-on so that you can apply corrective action to each scenario. You can either tolerate the risk, treat the risk by addressing it directly, transfer the risk to other companies more equipped to eliminate it like insurance companies, or terminate the risk by simply removing it.

Turning Risk Management Into Risk-Based Thinking

Risk management is a job description, but risk-based thinking is our habitual way of running the business. They want to give management a new set of habits that includes risk identifying, risk assessments, and preventative action daily. This will help them to reduce risks by planning actions that will benefit the company in the future. If you incorporate risk management and the way you think about it, the end product will undeniably be a continual improvement on every spectre of the business. This will ensure that the only management system that you’ll have in your company is a quality management system. You should keep a close eye out for risks and keep them organized in a risk register, so nothing gets forgotten or overlooked. You can include ISO guidelines in there as well to make sure you’re on the right path. It’ll be much easier if workers have practiced risk management. Then it’ll come more naturally and you can make decisions without a colossal heap of paperwork. They should also practise their ability to spot opportunities in risks and then take full advantage of these opportunities. Risks are everywhere and some people are natural decision-makers when it comes to possible risks. Others need a little push to become a natural decision-maker. That’s why ISO wants you to start from the beginning and work your way up to become a risk-based thinker.


The company wants management to make better decisions with the information they have. Information should be thoroughly studied and all options should be on the table. Nothing should get overlooked, not even the possible opportunities to be had from some of these risks. Management should get so accustomed to assessing risks that making decisions becomes quicker and easier for them. They should strive to one day become risk-based thinkers.

Best Practice Biz are a JAS-ANZ accredited Certification body that aims to provide ISO Certification globally, with a range of in-house training and support systems to help you on your journey to continual improvement.

Subscribe to our Newsletter


This field is for validation purposes and should be left unchanged.

Share This Post With Your Network

More To Discover