風險管理在iso 9000品質管理標準系列之探討 -以iso … · 捷運技術半年刊...
TRANSCRIPT
-
45 15
ISO 9000ISO 90042009
1
20092176ISO/TC 17626ISO 9000ISO 9001200911ISO 900415ISO 31000ISO9000
:
A Study of Risk Management in ISO 9000 Series StandardTaking ISO 9004:2009 as an Example
Mene-jen Yang1
AbstractThe 26th meeting of the ISO/TC 176 held in Tokyo in February 2009 passed a
resolution that the well-known ISO 9000 series standard should be maintained and updated. In addition, new notions and ideas for a new edition of ISO 9001 came up at the meeting. In November the same year, ISO 9004:2009 Managing for the sustained success of an organization A quality management approach, the third edition of the standard, was published. The ISO 9004 standard mentions risk in a total of 15 articles and clauses. In addition, this edition reminds organizations to refer to ISO 31000 a practical document that seeks to assist organizations in developing their own approach to the management of risk. While ISO 9000 that takes a process-oriented approach as its core concept and leads organizations to move toward sustainable management, it would be better for organizations to first develop and implement a risk management system.
Keywords: risk management, quality management, sustained success
-
16 1 ISO 9000ISO 90042009
20092ISOInternational Organization for standardization176ISO/TC 17626ISO 9000ISO 9001
2009111ISO 9004Managing for the sustained success of an organization A quality management approach
,2011ISO 9004
ISO 900112ISO 9004:2009
45
2
2009 2 ISOInternational Organization for standardization176 ISO/TC 176 26 ISO 9000 ISO 9001
2009 11 1 ISO 9004 Managing for the sustained success of an organization A quality management approach
,2011
ISO 9004 ISO 9001 1 2 ISO 9004:2009
1
2
ISO 9004:2009
ISO 9004 4.3 ISO 31000 ISO 9000 ISO 9001 ISO 9004
2Interested parties
9.3 9.3.5 2
1 2
ISO 9004:2009
ISO 90044.3ISO 31000ISO 9000ISO 9001ISO 9004
2interested parties2
-
45 17
IS09004:20099.39.3.5
ISO 9004:20091ISO 9004:2009
1ISO 9004:2009
No. ISO 9004:2009
4.2 Sustained success
identify associated short and long-term risks and deploy an overall strategy for the organization to mitigate them,
1
4.3 The organization's environment
An organization's environment will be undergoing change continually, regardless of its size (large or small), its activities and products, or its type (for profit or not-for-profit); consequently this should be monitored constantly by the organization. Such monitoring should enable the organization to identify, assess and manage the risks related to interested parties, and their changing needs and expectations.()()NOTE: For more information on risk management,
see ISO 31000.ISO
31000
2
5.3 Strategy and policy deployment
5.3.1 General
evaluate strategic risks and define adequate counter measures,
3
6 Resource management
6.1 General
To ensure the availability of the resources for future activities, the organization should identify and assess the risks of potential scarcity, and continually monitor current use of resources to find opportunities for improvement of their use.
-
18 1 ISO 9000ISO 90042009
No. ISO 9004:2009
5
6.4 Suppliers and partners 6.4.2 Selection, evaluation
and improvement of the capabilities of suppliers and partners
the risks associated in the relationships with the suppliers and partners.
6
6.5 Infrastructure
The organization should identify and assess the risks associated with the infrastructure and take action to mitigate the risks, including the establishment of adequate contingency plans.
76.7.4 Technology
the evaluation of risks related to changes in technology,
8
6.8 Natural resources
The organization should consider the risks and opportunities related to the availability and use of energy and natural resources in the short and long term.The o rgan iza t ion shou ld g ive app rop r i a t e consideration to the integration of environmental protec t ion aspects in to product des ign and development, as well as to the development of its processes to mitigate identified risks.
9
7.2 Process planning and control
potential financial and other risks,
10
8.3 Measurement 8.3.1 General
The methods used for collecting information regarding key performance indicators should be practicable and appropriate to the organization. Typical examples include risk assessments and risk controls,
-
45 19
No. ISO 9004:2009
11
8.3.2 Key performance indicators
Specific information relating to risks and opportunities should be considered when selecting the KPIs.
12
8.3.3 Internal audit
Internal auditing is an effective tool for identifying problems, risks and nonconformities, as well as formonitoring progress in closing previously identified nonconformities (which should have been addressedthrough root cause analysis and the development and implementation of corrective and preventive actionplans).
13
8.4 Analysis
Top management should analyse information gathered from monitoring the organization's environment, identify risks and opportunities, and establish plans to manage them.
14
8.5 Review of information from monitoring, measurement and analysis
Data can be collected from many sources, such as risk assessment, and
15
9.3.5 Risks
The organization should assess the risks related to planned innovation activities, including givingconsideration to the potential impact on the organization of changes, and prepare preventive actions to mitigate those risks, including contingency plans, where necessary.
-
20 1 ISO 9000ISO 90042009
ISO 9004:2009
2001ISO 900120002009ISO 9001200810
ISO 90042009
1. 99CNS12684991221
2. 1002011/02/153. International Organization for standardization, ISO 9004 Managing for the sustained
success of an organization A quality management approach, 2009-11-01.