ISO Consultant67159703

Get A Quotation


What are the requirements for “Risk Based Thinking” within the new standard- ISO 14001:2015?

There are four requirements for “Risk Based Thinking” which is to be identified under the context of the organization.

  1. Identifying the significant impacts.
  2. Identifying internal and external issues.
  3. Scope of the EMS.
  4. Identifying the business flow.

Significant environmental aspects can result in risk and opportunities associated with either adverse environmental impacts (threats) or beneficial environmental impacts (opportunities).

Risk and opportunities brings the existing aspect- impact study of the older clause 4.3.1, which establishes criteria.

Risk treatment method requires to evaluate (assess) the risk in some way and then determines the course of action to take. This may mean simply writing the evaluations and actions in a simple text document and filing it, or it may require more formal activities and records.

From the context of organisation, internal and external issues of concern and other factors, which will build the framework for thinking about risk.

The information derived from context of the organisation will be different for every company as per their scope of work. Management shall decide what are the levels of risks they are going to manage.

In the AS9100 scheme, which has had requirements for risk management since 2009, we have seen auditors come on site and try to point out the risks during the audit, and then play blame role with the client. Despite being presented with formal risk registers, they will stroke the auditee’s chin and muse on things that have missed.

Re-Defining Risk and Opportunity

ISO has completely mucked up traditional concepts of risk. The reasons for this are complicated and political and not at all universally agreed-upon.

There are two camps: one that thinks “risk” is neutral, and thus can be either negative or positive and the other that believes risk is solely negative.  The “positive risk” crowd has won over the ISO Technical Management Board and the authors of ISO 31000 on risk management, but did not win over TC 176.The “positive risk” debate is one of the main sticking points for ISO 14k ratification across the world.

Traditional tools like FMEA focus only on reducing risk, understanding that risk is inherently bad. Other tools might work to maximize opportunities (such as expanding business development leads) but these wouldn’t work for reducing negative risk.