Other meaningful changes have been implemented in an effort to harmonize all of the top level standards.
The criteria for evaluation and selection of suppliers needs to be proportionate to the risk associated with the device.The methodology used to check the effectiveness of training shall be proportionate to the risk associated with the work for which the training or other action is being provided.The risk-based approach to the control of appropriate processes needed for the QMS needs to be applied as well. Effectiveness of risk management and opportunities for analysis must be evaluated and the effectiveness of the actions associated with objectives or planning must be included in them management review. Opportunities generated from uncertainty are considered independently.īoth standards stress the concept of risks and opportunities, which emphasizes identifying potential problems as well as opportunities for improvement as applicable to Quality Management System (QMS) processes, the conformity of products and services, and planning of QMS objectives. Whereas ISO 13485:2016 separates out risk as wholly negative and defines “risk” as a combination of the probability of occurrence of harm and the severity of that harm. “Uncertainty” is clarified as a lack of information or knowledge about an event that can be expressed as a result of the likelihood and consequence of such an event, which may be either positive or negative.
ISO 9001:2015 defines “risk” as the effect of uncertainty on an unexpected result and/or deviation from the expected. Though the standards vary somewhat on how risk is defined, the general principles of how risk-based thinking is applied are similar. Risk-based decision making has always been implied in each version of ISO 9001 and ISO 13485, but with the release of ISO 9001:2015 last September and ISO 13485:2016 this March, it is now explicit throughout both standards.