Risk-based thinking, the process approach and plan-do-check-act are all inherent features within our implementations when designing your management system.

Risk-based thinking.

​One of the key changes in the 2015 revision of ISO 9001 is to establish a systematic approach to considering risk, rather than treating “prevention” as a separate component of a quality management system.

Risk is inherent in all aspects of a quality management system. There are risks in all systems, processes and functions. Risk-based thinking ensures these risks are identified, considered and controlled throughout the design and use of the quality management system.

The Process approach.

​All organisations use processes to achieve their objectives.

​A process:

  • Set of interrelated or interacting activities that use inputs to deliver an intended result.


​The plan-do-check-act cycle can be applied to all processes and to the quality management system as a whole. PDCA stands for:

  • Plan: establish objectives and build processes necessary to deliver results.

  • Do: implement what was planned.

  • Check: monitor and measure processes and results against the objectives.

  • Act: take actions to improve results.


PDCA operates as a cycle of continual improvement, with risk-based thinking at each stage.

Risk based thinking, the Process approach and Plan-Do-Check-Act.

These three concepts together form an integral part of the ISO 9001:2015 standard. Risks that may impact on objectives and results must be addressed by the management system. Risk-based thinking is used throughout the process approach; below shows the typical hierarchy of a management system design:

  • Policy.

  • Processes.

  • Procedure.

  • Forms/templates.

  • Technology/digital e.g. workflow (if applicable)