Professional Documents
Culture Documents
Risk Management Requirement Under ISO 17025-2017: November 2019
Risk Management Requirement Under ISO 17025-2017: November 2019
net/publication/337590390
CITATIONS READS
0 346
1 author:
Sani Ibrahim
Sanichem Resoures
12 PUBLICATIONS 276 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Sani Ibrahim on 28 November 2019.
Foreword,
Introduction,
Clause 4.1.4 and 4.1.5 on impartiality,
Clause 7.8.6.1 considering the risk in terms of decision rules used in reports,
Clause 7.10.1 related to management of nonconforming work,
Clause 8.5 on actions to be implemented to address risks and opportunities,
Clause 8.6 on improvement
Clause 8.7 on corrective action
Clause 8.9 on management reviews
1
ISO/IEC 17025:2017 requires :
The laboratory to plan and implement
actions to address risks and opportunities.
Addressing both risks and opportunities
Establishes a basis for increasing the
effectiveness of the management
INTRODUCTION system,
Achieving improved results and
preventing negative effects.
The laboratory is responsible for deciding
which risks and opportunities need to be
addressed
2
Objective – impartial in conducting lab activities and obtaining
results
Subjective – impartial in subjective approach to laboratory results
Financial – Real or perceived impartiality due to any kind of
financial pressures.
Operation – Internal and external pressure in conducting lab
activities and obtaining result.
Organizational – Conflict of interest due to organizational structure
and management.
Internal – Internal pressure on lab activities and results.
External – Risks to impartiality arise from external sources.
3
Give Assurance Give assurance that QMS achieves its intended results
Prevent
Prevent or reduce undesired impacts and potential failure in the laboratory
undesired activities.
impacts
RISK ASSESSMENT
Risk Identification
Communication Monitor
and Risk Analysis and
Consultation Review
Risk Evaluation
Risk Treatment
4
Establish
• internal context
• external context
• risk management context
ESTABLISHMENT OF CONTEXT
(SCOPE WITHIN WHICH RISK WILL BE IDENTIFIED)
RISK CRITERIA
10
5
RISK ASSESSMENT
Risk Identification
Risk Analysis
Risk Evaluation
RISK ASSESSMENT
11
RISK IDENTIFICATION
12
6
Brainstorming among lab personnel and other stake-holders
Review records and reports such as audit reports, Non-conforming work records,
complaints, MRM and other meeting minutes.
Review customers’ survey feedback.
Review management system and laboratory procedures
Use Risk Identification tools
Root cause analysis – 5-Whys????? to full blown Cause & Effect diagram analysis
FMEA – Failure Mode and Effect Analysis
HACCP – Hazard Analysis and Critical Control Points
SWOT Analysis
13
W O T
Strengths Weaknessess Opportunities Threats
Resources Resources limitation Acquire additional Missed opportunities
resources
Quality of Staff Short-handed Staff Training Lack of Customers’
confidence
Financial strength Low annual return Revise/improve Might go “under”
financial
management
Well maintain quality Weak Quality Improve QMS Deregistered by
system Manager SAMM
High Customer Poor communication Improve rapport with Loss of customers
Satisfaction rating with customers customers
14
7
Impact
Likelihood
Consequences
Probability
Hazard
Intensity
Exposure
Concentration
RISK ANALYSIS
15
Consequence
LOW
Low Risk
16
8
Impact/Consequences
Negligible Minor Serious Critical Catastrophic
(1) (2) (3) (4) (5)
Improbable Low Risk Low Risk Low Risk Low Risk Low Risk
(1) (1) (2) (3) (4) (5) Low Risk
Probability/likelihood
Low Risk Low Risk Medium Risk Medium Risk Medium Risk (1-5)
Remote
(2) (4) (6) (8) (10)
(2)
Low Risk Medium Risk Medium Risk Medium Risk
Occasional High Risk High Risk
(3)
(3) (6) (9)
(12) (15) (6-10)
Probable Low Risk Medium Risk High Risk High Risk High Risk
(4) (4) (8) (12) (16) (20) High Risk
Frequent Low Risk Medium Risk High Risk High Risk High Risk
(11-25)
(5) (5) (10) (15) (20) (25)
17
RISK EVALUATION
18
9
Start with having a risk Evaluate Identified
register or risk log risks.
Register all risks which have been Use risk-based thinking approach
identified and analyzed. – murphy’s law
Record all actions taken to Prioritize risk according to risk
eliminate or reduce risks. levels and available resources to
Table form is best to show risk implement treatment of the risks.
management in one page.
19
20
10
Risk Identification
Risk Analysis
Likelihood or Probability of
Occurring
Level of Impact
Consequence
Frequency of occurrence = Medium MEDIUM
or
Risk Level = Low Risk LOW
Risk Evaluation
Low Risk Level which does not require treatment
21
Risk Identification
Risk Analysis
Likelihood or Probability of
Occurring
Consequence
Risk Evaluation
High Risk Level which will require planning to control or reduce risk.
Require continuous monitoring and periodical review.
22
11
Risk Identification
Laboratory have only one critical equipment which is a risk to laboratory operation
when that equipment break-down.
Risk Analysis
impact to operation = Critical (4)
Likelihood of occurrence = Remote (2)
Risk Level = Medium Risk (8)
Risk Evaluation
Medium risk which may require treatment as soon as resources available.
Take opportunity to add back-up equipment.
23
Risk Identification
Laboratory has majority of women personnel. What is the risk to laboratory operation
when more than one personnel take maternity leaves.
Risk Analysis
impact to operation = Minor (2)
Likelihood of occurrence = Remote (2)
Risk Level = Low Risk (4)
Risk Evaluation
Low risk which may be treated as no risk or low priority in treatment.
However, laboratory may take opportunity to review human resource requirementand.
24
12
The following options may assist in the minimization of negative risk or an
increase in the impact of positive risk.
25
26