Can we merge Risk Management for QMS and EMS?
If yes what is the common criteria?
Integration of Risk Management for QMS and EMS is highly advisable.
A unified methodology does not confuse employees, makes the organization's management system more "slender", etc.International standards ISO 31000: 2009 and ISO 31010: 2009 are the common criteria.
There are two possible approaches:
- In full - risk management system is developed and implemented in accordance with ISO 31000:2009, as part of the organization's management system. A simple tried-and-tested option is to word Risk Management Manual in a single documented procedure.
- At minimum - risk management methodology is developed that is uniform for all systems. A set of methods suitable for the organization's tasks should be taken from ISO 31010:2009. An example of a simple risk management technique can be found in ISO 9001:2015 Actions to Address Risks and Opportunities Methodical Manual.
Examples of risk management description in the system manuals can be found:
- ISO 9001:2015 Quality Management System Manual Template
- ISO 14001:2015 Environmental Management System Manual Template
This post first appeared on CBG Inc. - Management System Professionals Support, please read the originial post: here