Risk and Opportunity in ISO 22000:2018
In one of our audits our auditor says that risk and opportunity for all departments needs to be there. The standard says that the clause 4.1,4.2,4.3 has to be done, what is the clariifcation?
Dear rajasmi25,
You might need to show the linkage of risks and opportunity to a particular department that is responsible for it.
E.g. If repeated Regulatory changes is mentioned in risk then this can be converted to a action plan in compliance to Clause 6.1. The department responsible for implementation of this action plan might be QA.
This is how our organization has prepared the document.
I'm interested to know opinion of other members.
Thanks and Regards
4.1 and 4.2 expresses that you must identify those things that could affect your strategic direction as it relates to achieving the goals of your FSMS. Typically this is done in a SWOT matrix. It includes looking at polical, economical, social, technological, legal, and environmental aspects (PESTLE).
4.1 = your results of a SWOT/PESTLE analysis
4.2 = your results of evaluating the needs of interested parties
4.3 = the scope of your FSMS
6.1 tells you take what you determined from 4.1-4.3 to document what your significant risks and opportunities are, and what actions you are taking to mitigate or enhance, accept as is, etc. those risks and opportunities
You don't need a documented procedure for risks and opportunities; however, many companies have one.
Regarding the auditors insight, it depends how you documented your scope (4.3). if it is broad and covers several departments then 4.1 and 4.2 would include looking at each department, but generally it is not a separate document for each department. Typically the SWOT looks at the company as whole in regards to the facility under certification. Looking at the company as a whole means you've considered each department
I've never heard a claim against 4.1-4.3 being so specific, it is evidenced by how the clauses are written that it is a holistic view rather than a microscopic analysis of each department. Most of your problems aren't necessarily going to be departmental risks but rather broader things that impact the company:
Strengths:
- Low turnover rate
- Highly skilled employees with longevity within the company
- Very accurate forecast and scheduling
Weaknesses
- Old equipment requires constant maintenance to keep running
Threats
- Natural disasters
- Competition is beginning to expand SKU which could take more market share
Opportunities
- New technology exists to increase production efficiency by reducing maintenance burden and increasing product quality and consistency
- New technology exists to broaden SKU development and increase market share
Hi there, is there a template to use in order to comply with 6.1 ?
For 4.1, 4.2, 4.3 is it enough to document them in the manual ?
Thanks