IJCA - Volume 2 - Flipbook - Page 30
30 The International Journal of Conformity Assessment
Conformity Assessment in the Scenarios of
Change and Crisis
©Freepik
All this implies a “cultural” transformation, which
the definition of “risk-based thinking” used by ISO
9001:2015 and taken up as part of the ISO 170001
series standards, effectively summarizes.
The adoption of risk-based thinking will serve not
only to build, apply, and improve a management
system aimed at the result, but also to make the
logical process that generated it feasible, enabling
effective conformity assessment.
Regarding the way to apply risk-based thinking,
the standards in question (in line with the
new performance approach) do not provide
specific solutions. In general, simple, small-size
organizations with consolidated technologies,
characterized by a stable/predictable external/
internal context, will not need sophisticated
tools to put risk-based thinking into practice.
Instead, in larger and more complex organizations
its implementation should be more structured
and will involve the implementation of specific
methods, tools, and skills. For them, the main
normative reference to systematically address risk
management is found in the standards developed by
the ISO/TC 262 Technical Committee, particularly in
the following:
• ISO 31000 - Risk management - Guidelines
• IEC 31010 - Risk management - Risk assessment
techniques
• ISO 31050 - Guidance for managing emerging risks
to enhance resilience (currently under development)
1 See ISO 9001.2015 - Quality Management Systems - requirements.
A.4 Risk-based thinking: “... The risk-based thinking applied in this
International Standard has enabled some reduction in prescriptive
requirements and their replacement by performance-based requirements.
There is greater flexibility than in ISO 9001:2008 in the requirements for
processes, documented information, and organizational responsibilities.”
See EN ISO/IEC 17025, December 2017 - General requirements for the
competence of testing and calibration laboratories (ISO/IEC 17025:2017
- Foreword): “...This third edition cancels and replaces the second edition
(ISO/IEC 17025:2005), which has been technically revised. The main
changes compared to the previous edition are as follows:
- the risk-based thinking applied in this edition has enabled some
reduction in prescriptive requirements and their replacement by
performance-based requirements;
- there is greater flexibility than in the previous edition in the requirements for processes, procedures, documented information and
organizational responsibilities; ...”.
As an essential part of the conformity assessment,
the new emphasis on the evolution of management
systems requires assessment processes capable of
providing a reliable estimate of the organization’s
ability to maintain and increase the performance of
its management system amid changing conditions.
In addition to the ability to apply the requirements
and to improve continuously, depending on the
changes in the context and the framework of
expectations, the organization should demonstrate
the following conditions:
• The capacity to innovate, when the context and
the framework of expectations require alternative
propositions of product/service, or rethinking of
processes (for example, to increase the chances of
success in a competitive context).
• The capacity for transformation, in the
event of radical changes in the context and
in the requirement framework that oblige the
organization to rethink/modify itself (for example,
in the presence of a crisis or structural changes in
the scenario).
Thus, the assessment should include an appraisal
of these capacities, i.e., an assessment of the
organization’s “intelligence,” as well as its
“diligence.” This is a task that is difficult to perform
using metrics, and which, due to having highcomplexity systems as its object, cannot in general
be based on a purely deterministic approach. The
assessment of the “new” management systems, and
of future ones already emerging in the debate on
possible revisions of the applicable ISO standards2,
will require the assessor to have a growing ability
to understand and critically examine organizational
behaviour, allowing for the consideration of whether
it responds primarily to criteria of rationality and
reasonableness, including behaviours in place to
effectively react to any (now widely experienced)
economic, health, geopolitical, climatic, energy, etc.
crisis scenarios. This will enable the formulation
of reliable judgments on the resilience and
transformation capacity of the organization under
assessment.
2 See the works of the Technical Group ISO/TC 176/TG04 “Emerging
trends in quality” and the current debate in the same area on the topic
“Quality 4.0.”
