Risk-based thinking, the process approach and plan-do-check-act are all inherent features within our implementations when designing your management system.

Risk based thinking.

One of the key changes in the 2015 revision of ISO 9001 is to establish a systematic approach to considering risk, rather than treating “prevention” as a separate component of a quality management system.

Risk is inherent in all aspects of a quality management system. There are risks in all systems, processes and functions. Risk-based thinking ensures these risks are identified, considered and controlled throughout the design and use of the quality management system.

The Process approach.

All organisations use processes to achieve their objectives.

A process:

  • Set of interrelated or interacting activities that use inputs to deliver an intended result.


The plan-do-check-act cycle can be applied to all processes and to the quality management system as a whole. PDCA stands for:

Plan: establish objectives and build processes necessary to deliver results.

Do: implement what was planned.

Check: monitor and measure processes and results against the objectives.

Act: take actions to improve results.


PDCA operates as a cycle of continual improvement, with risk-based thinking at each stage.

Risk based thinking, the Process approach and Plan-Do-Check-Act.

These three concepts together form an integral part of the ISO 9001:2015 standard. Risks that may impact on objectives and results must be addressed by the management system. Risk-based thinking is used throughout the process approach; below shows the typical hierarchy of a management system design:

  • Policy.

  • Processes.

  • Procedure.

  • Forms/templates.

  • Technology/digital e.g. workflow (if applicable)

Contact us for a typical illustration of a roadmap to achieve certification and start building your business case.

Thanks! Message sent.