Back to the Glossary

Risk-Based Thinking

Risk-Based Thinking is the practice of embedding the principles of risk management into the entire Quality Management System (QMS), ensuring that decisions are proactive and prioritize minimizing negative effects (risks) while maximizing desirable effects (opportunities). It functions as a preventive tool for the entire management system.

RBT is a core element of several ISO management systems, providing a foundation for proactive quality assurance rather than reactive correction.

RBT in the ISO 9001:2015 Standard

The introduction of RBT was a key change in the ISO 9001:2015 standard.

The term Risk-Based Thinking (RBT) refers to a fundamental mindset required by modern management system standards, most notably ISO 9001:2015, where the organization systematically considers and addresses risks and opportunities across all processes to enhance quality, achieve desired results, and prevent negative outcomes.

Integration with PDCA

The standard is designed to follow the Plan-Do-Check-Act (PDCA) cycle in a process-based approach, and RBT is incorporated into this cycle. The ISO 9001:2015 version achieves its performance focus by combining the process approach with RBT.

Fundamental Way of Thinking

RBT is considered a development from traditional risk management, shifting responsibility away from a single "risk manager" to a "fundamental way of thinking and decision making throughout [the] entire organization".

Preventive Tool

RBT makes the entire management system function as a preventive tool and encourages continuous improvement.

Essential for Effectiveness

The concept of risk-based thinking is considered essential for achieving an effective quality management system.

Statutory Requirement

The International Standard specifies requirements for the organization to understand and determine its context and identify and determine the risks and opportunities as a basis for planning. This is found in Section 6: Planning, which addresses actions to address risks and opportunities.

Implementation and Requirements

RBT mandates specific planning activities within the QMS to address potential issues and leverage opportunities.

Action Planning: Organizations must plan and implement actions to address both risks and opportunities.

  • Risks: Actions should aim to prevent or reduce undesirable effects. The concept of prevention is expressed through the use of RBT in formulating quality management system requirements.
  • Opportunities: Opportunities can lead to favorable results, such as adopting new practices, launching new products, opening new markets, or addressing new clients. RBT should be applied to take advantage of opportunities and prevent undesirable results.

Resource Allocation: RBT helps organizations allocate resources more effectively by prioritizing risks related to quality.

Addressing Issues: The organization is required to assess risks and opportunities (Section 6.1) and determine internal and external issues relevant to its purpose and strategic direction (Section 4.1).

Integrating Risk Management: Integrating risk management into the QMS is a relatively recent, but valuable, development that allows organizations to proactively address issues before they impact customers or regulatory compliance.

Connection to Risk Management Tools and Continuous Improvement

RBT provides the framework within which formal risk management tools (like those used in the medical device industry) operate.

Foundation for ISO 13485: ISO 13485:2016 requires risk to be considered throughout the quality management system.

CAPA Integration: RBT supports the goals of the Corrective and Preventive Action (CAPA) system, as Preventive Action (PA) specifically mandates proactive measures to identify and eliminate potential nonconformities before they occur, often involving analyzing data trends and assessing risks. CAPA is applied proactively to manage issues and risks in medical device industry processes.

Enhancing Improvement: The information from RBT activities (specifically the effectiveness of actions taken to address risks and opportunities) is used to evaluate the performance of the quality management system and drive the need for continuous improvement.

Analogy for Understanding Risk-Based Thinking

If traditional Quality Management (QMS) was like driving a car only using the rear-view mirror to see the problems you just passed, Risk-Based Thinking (RBT) is installing a sophisticated GPS system tied to weather data, traffic patterns, and mechanical diagnostics.

RBT means the organization doesn't just respond when a quality issue (accident) occurs; instead, it uses the GPS (RBT) to:

  1. Identify Risks: See where accidents (nonconformities) are likely to occur ahead of time (e.g., "The plan shows a steep curve ahead, high risk of deviation").
  2. Plan Mitigations: Proactively slow down or reroute (implement control actions).
  3. Identify Opportunities: See a newly opened, faster toll road (opportunity for efficiency and enhancement).

This constant, comprehensive perspective ensures safety and strategic efficiency are built into every movement, rather than bolted on afterward.

Ready to see what Botable can do for you?

Book your demo now to see how Botable can transform your workplace.

Identify your unique challenges

Flexible pricing options

Easy integrations

Step-by-step implementation plan

Customize Botable for your workflow

Book a demo

Find out how Botable can answer your employee’s questions in just 30 minutes.