ISO 9001:2015 Planning

6.1 Actions to address risks and opportunities

The Requirement


When planning for the quality management system, the organization shall consider the issues referred to in Understanding the organization and its context (4.1) and the requirements referred to in Understanding the needs and expectations of interested parties(4.2) and determine the risks and opportunities that need to be addressed to give assurance that the quality management system can achieve its intended results so as to prevent, or reduce, undesired effects and to achieve continual improvement.


The organization must plan actions to address the risks and opportunities determined in clause 6.1.1. The organization must also plan on how to integrate and implement the actions into its quality management system processes and evaluate the effectiveness of these actions. Actions taken to address risks and opportunities must be proportionate to the potential impact on the conformity of products and services. Options to address risks can include but not limited to avoiding, risk, taking the risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, retaining risk by informed decision, or implementing standards like ISO 31000. It is the prerogative of the management to adopt any one of the practices. Opportunities can lead to the adoption of new practices, launching new products, opening new markets, addressing new customers, building partnerships, using new technology, and other desirable and viable possibilities to address the organization’s or its customer’s needs. 

 Checklist Questions

  1. How are the internal & external issues and needs & expectations of interested parties considered when planning for the QMS?
  2. Has the organization determined the risks and opportunities that have to be addressed so that QMS can achieve its intended results, enhance desirable effects, prevent, or reduce undesired effects and achieve improvement?
  3. How are actions planned to address risks and opportunities?
  4. How actions are integrated and implemented into the QMS processes?
  5. How do you evaluate the effectiveness of the actions?
  6. How are actions taken to address risks and opportunities determined as being appropriate to the potential impact on the conformity of products and services? 

Implementation Guidelines

  1. Options to address risks and opportunities can include: avoiding risk, taking a risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.
  2. Top management must provide direction, authorization and, resources, and review for QMS planning for determining customer & regulatory requirements, design, development, manufacture, delivery, and customer support,. QMS planning requires you to identify all your QMS processes and describe their sequence and interaction.
  3. When planning its QMS, the top management must implement and promote a culture of risk-based thinking throughout the organization to determine and address the risks and opportunities to provide conforming products and services, enhance customer satisfaction, promote desirable effects and improvement and prevent, or mitigate, undesired effects.
  4. The organization must integrate the actions to address these risks and opportunities into its QMS processes. This planning must be periodically reviewed and updated as necessary when taking corrective actions or at management reviews.
  5. Planning also requires monitoring and measuring these actions and gathering, analyzing, and evaluating appropriate data and information to determine the effectiveness of such actions.
  6. Steps to conduct risk management
    1. Identify the risks and opportunities
    2. Analyze the Risk
    3. Prioritize (risks and opportunities)
    4. Classify (acceptable / unacceptable)
    5. If unacceptable, Plan action (How to avoid or eliminate the risk? How can I mitigate risks?)
    6. Implement the plan
    7. Check the effectiveness of action
    8. Learn from experience – continual improvement

6.2 Quality Objectives and Planning to Achieve Them

The Requirement


The organization must establish quality objectives at relevant functions, levels, and processes. The quality objectives must be consistent with the quality policy. If practicable it must be measurable. It must be based on application requirements. It must be relevant to the conformity of products and services and the enhancement of customer satisfaction. It must be monitored and communicated. It must be updated as appropriate. The organization should maintain a documented information on the quality objectives.


When planning how to achieve the quality objectives, the organization must determine what will be done; what resources will be required; who will be responsible; when it will be completed; how the results will be evaluated. 

 Checklist Questions

  1. Where are the quality objectives and are these at all relevant functions, levels, and processes?
  2. Are they consistent with the quality policy?
  3. Are they measurable?
  4. Do they consider applicable requirements?
  5. Are they relevant to the conformity of products and services and do they enhance customer satisfaction?
  6. Are they monitored? How? How often?
  7. How are they communicated?
  8. How are they updated?
  9. Where is the documented information on the quality objectives?
  10.  How does the organization determine what will be done, with what resources, when completed and how will results be evaluated for quality objectives?

Implementation Guidelines

  1. An objective should include a description of who is responsible, what is the target, when is it planned to be achieved. Progress must be monitored.
  2. Ensure that whatever objectives you implement are SMART ie Specific, Measurable, Achievable, Realistic and Time-bound
  3. Quality objectives should make sure they comply with the law and industry standards and conform to the products and services requirements.
  4. Top management must provide the leadership, organization, and resources to deploy and achieve planned quality objectives.
  5. Quality objectives may be set at various functional levels of the organization – top management, departments, processes, functional groups, work cells, project teams, individuals, etc.
  6. Employees at all of these levels must be made aware of the importance of and how they must contribute to the achievement of these objectives.
  7. Quality objectives may be documented in any or all of these documents such as quality manual, QMS processes, procedures, quality plans, etc.
  8. A review of the quality objectives should be part of the management review process. After the review, the Quality objectives may be updated as appropriate.

6.3 Planning of Changes

The Requirement

Where the organization determines the need for change to the quality management system, the change must be carried out in a planned and systematic manner. The organization must consider the purpose of the change and any of its potential consequences; integrity of the quality management system, availability of resources,  allocation or reallocation of responsibilities, and authorities.

Checklist Questions

  1. While determining changes for the QMS, are changes carried out in a planned manner?
  2. While planning for change, does the organization consider the purpose of the change and their potential consequence; the integrity of the QMS; the availability of resources; and allocation and reallocation of responsibilities and authorities?

Implementation Guidelines

1) When a business changes something, the impact of the change needs to be considered before a change is made. The organization must :

  1. Define the specifics of what is to be changed
  2. Have a plan (tasks, timeline, responsibilities, authorities, budget, resources, needed information, others).
  3. Develop a communication plan (appropriate people within the organization, customers, suppliers, interested parties, etc. may need to be informed)
  4. Use a cross-functional team to review the plan to provide feedback related to the plan and associated risks
  5. Train People
  6. Measure the effectiveness

Documented Information if applicable

  1. Risk Register
  2. Opportunity Register
  3. Quality objectives
  4. Changelog

For more information on Planning click here

Mail us at:

Leave a Reply