Clause 6.1 of ISO 9001 - Actions to Address Risks and Opportunities

by Elina D

Assuming you are asking about a business context:

There are a few key requirements necessary to establish effective action plans to address risks and opportunities:




  1. A clear understanding of the risks and opportunities facing the business. This includes an understanding of the likelihood and potential impact of each risk, as well as an understanding of the potential upside and downside of each opportunity
  2. A clear understanding of the company's capabilities and capacity to act. This includes an understanding of the resources available to the company, as well as the company's ability to execute on various actions.
  3. A clear prioritization of the risks and opportunities. This includes an understanding of which risks and opportunities should take precedence, and why.
  4. A clear plan of action. This includes a detailed plan of how the company intends to address each risk and opportunity, including timelines, milestones, and responsibilities.
  5. Regular monitoring and review. This includes a process for regularly monitoring the progress of the action plan and adjusting as necessary.

Methodology: Plan, Do, Check, Act

The Plan, Do, Check, Act (PDCA) methodology is a well-known that can be used to address risks and opportunities. This methodology is also known as the Deming Cycle or Shewhart Cycle. It is a four-step process that can be used to solve problems or implement changes.
The Plan-Do-Check-Act (PDCA) cycle is a continuous quality improvement model which consists of a sequence of four steps:

  1. Plan: Identify an opportunity or problem and develop a plan for improvement.
  2. Do: Implement the plan and collect data.
  3. Check: Analyse the data to see if the plan was successful in improving the process.
  4. Act: If the plan was successful, standardise the new process. If the plan was not successful, revise and try again.

 The PDCA cycle can be used to address both risks and opportunities. When used to address risks, the cycle is known as the Deming cycle. When used to address opportunities, it is known as the Plan-Do-Study-Act (PDSA) cycle.

Planning Actions

Actions to address risks and opportunities ISO 9001

Organisations face many risks and opportunities, which can have a significant impact on their business. To effectively identify, manage, and respond to these risks and opportunities, organisations need to have a planning process.

The planning process involves four key steps:
1. Identify risks and opportunities
2. Assess risks and opportunities
3. Develop action plans
4. Implement action plans
5. Monitor and review
Each of these steps is essential to ensure that the organisation is effectively addressing its risks and opportunities. In this article, we will discuss each step-in detail.

1. Identify risks and opportunities

The first step in the planning process is to identify risks and opportunities. Organisations need to identify all potential risks and opportunities that could impact their business. To do this, they should consider all aspects of their business, including their products and services, Operations, financials, governance, and compliance.
There are several methods organisations can use to identify risks and opportunities. One method is to perform a SWOT analysis. This involves looking at the organisation's strengths, weaknesses, opportunities, and threats. Another method is to Conduct interviews with employees, customers, suppliers, and other stakeholders.

2. Assess risks and opportunities

Once all potential risks and opportunities have been identified, the organisation needs to assess them to determine which ones are most likely to occur or have the biggest impact on the business. To do this, organisations should consider the probability of each event occurring and its potential consequences.

3. Develop action plans

After assessing the risks and opportunities, the organisation needs to develop action plans to address them. The action plans should be designed to minimize the negative impact of risks and maximize the positive impact of opportunities.

4. Implement action plans

Once the action plans have been developed, the organization needs to implement them. This may involve changing the way the business operates, modifying products or services, or implementing new procedures.

5. Monitor and review

The organisation should periodically monitor and review the risks and opportunities to ensure that they are still relevant and that the action plans are effective.

Risk management strategy

Risk management is a process of identifying, assessing, and controlling risks arising from operational activities and individual projects. Risks are identified and prioritized for action based on the likelihood of their occurrence and the potential impact on business objectives.
An effective risk management strategy will help you to:

  • Understand the types of risks that could affect your business
  • Assess the likelihood of risks occurring
  • Identify actions to control or mitigate risks

Implementing an effective risk management strategy will help you to protect your business from the impact of potentially damaging events. It will also help you to take advantage of opportunities that could arise from taking risks.

Risk analysis and evaluation

Risk analysis and evaluation is a process that helps organisations identify potential risks and determine the best way to address them. By understanding the potential risks, an organisation can develop a plan to minimise or eliminate the risks.
There are many factors to consider when conducting a risk analysis and evaluation. Some of the most important factors include:

  • The probability of a risk occurring
  • The severity of the risk
  • The potential impact of the risk
  • The organisation's ability to control or mitigate the risk

Once the risks have been identified, the organisation can develop a plan to address the risks. The plan should include actions to take to minimise or eliminate the risks. The actions should be realistic and achievable and should be tailored to the specific risks of the organisation.


Here are some actions you can take to address risks and opportunities:

- Understand what risks and opportunities are out there
This is the first and most important step. You can't address something if you don't know it exists. Spend time researching your industry and sector and identify any risks and opportunities that could affect your business.

- Create a plan of action
Once you know what risks and opportunities are out there, you need to create a plan of action. This should detail how you will address each one. Make sure you involve all relevant members of staff in this process.

- Act
Once you have a plan, it's time to take action. This might mean making changes to your products or services, altering the way you operate, or anything else that will help mitigate risks or take advantage of opportunities.

-Monitor and review
It's important to monitor the situation and review your plans on a regular basis. This will ensure that you are always prepared for any risks or opportunities that come your way.