ISO 9001 is an international standardized quality management system that helps organizations to analyze, control and improve their internal systems, processes, protocols and policies in preparation for any potential risks that the business may face.


ISO 9001 encourages and promotes risk-based thinking in six areas, leadership, context, operation, planning, performance monitoring, and improvement,

There are many different types of business risk. Risks can be internal and external to an organization. They can also affect directly or indirectly the organization’s ability to operate. Risks can be hazard-based (e.g. chemical spills), uncertainty-based (e.g. natural disasters) or associated with opportunities (e.g. exploiting or ignoring them).

Types of risk

The types of risk your company faces are specific to your business and its objectives. To effectively manage risk, you should prepare for internal and external scenarios that may directly or indirectly affect your business.

Direct risks to your organization

Some common risk categories are:

  • Pandemic, such as coronavirus (COVID-19).
  • Natural disasters.
  • Legal, such as insurance issues, resolving disputes, contractual breaches, non-compliance with regulations, and liabilities
  • Global events, such as pandemics and interruptions to air traffic
  • Technology, such as computer network failures and problems associated with using outdated equipment.
  • Regulatory and government policy changes, such as water restrictions, quarantine restrictions, carbon emission restrictions and tax.
  • Environmental, such as climate change, chemical spills and pollution.
  • Work health and safety, such as serious injury or illness, dangerous incidents, accidents caused by materials, equipment, or location of your work.
  • Property and equipment, such as damage from natural disasters, burst water pipes, robbery and vandalism.
  • Security, such as fraud, loss of intellectual property, terrorism, extortion and online security and fraud.
  • Economic and financial, such as global financial events, interest rate increases, cash flow shortages, customers not paying, rapid growth and rising costs.
  • Human Resources, such as in human error, conflict management, staff turnover and difficulty filling vacancies.
  • Suppliers, such as issues within their business or industry resulting in failure or interruptions to the supply chain of products or raw materials.
  • Market, such as changes in consumer preferences and increased competition.
  • Utilities and services, such as failures or interruptions to the delivery of your power, water, transport and telecommunications.

Indirect risks to your business

Organizations sometimes tend to overlook events that don't directly impact their business and are therefore unprepared to deal with change. For example, while an organization might not be directly affected by a natural disaster, it may still suffer if it affects its suppliers, customers or general location.

Effective Risk Management

An effective Risk Management is achieved through the following process:

  • Context analysis and evaluation of compliance: Establishing context and evaluating compliance is the first requirement of risk-based thinking and it is also a concept lauded by ISO 9001 which requires organizations to determine a process of monitoring and quality assuring management systems and the risks and opportunities associated with each of these.
  • Leadership: ISO 9001 holds top management responsible as the sole executors and implementers of systems, protocols, policies and processes. ISO 9001 also makes top management accountable for ensuring that these procedures yield the intended results and work in the way they have been designed to do so. By doing this.
  • Planning for risk using risk-based thinking: According to ISO 9001, planning for risk is a form of quality management and doing so contextually ensures that the organization’s quality management system is able to achieve its intended results by preventing or reducing the risk and also mitigating any of the potential side effects of an undesired outcome.
  • Operation strategies based on risk-based thinking: ISO 9001 also requires organizations to approach their operational strategies in a risk-based thinking manner. This means that businesses need to implement processes, systems and protocols that assess the businesses risks and subsequently, its opportunities.
  • Performance Evaluation and Improvements founded on risk-based thinking: In order to ensure that their processes and systems are up to par with risk management initiatives, organizations are required to constantly monitor, measure and evaluate their risks and their opportunities. It means that organizations not only have to implement all these risk mitigation strategies, but also check them regularly to ensure they work then after making amendments and tweaks to further improve their durability, flexibility and elasticity.

Process Engineering is able to support your organization effectively by:

  • Analyzing context and evaluating the compliance (Gap Analysis Reports).
  • Developing procedures for Risk Management.
  • Implementing risk -based audit programs.
  • Provide training in Risk Management techniques.
  • Supporting the organization to enhance “Risk Based Approach”.

For more information, please contact the technical department of Process Engineering.


find us

  • 64, Apostolopoulou Str. 152 31 Halandri, Athens, Greece
  • +30 210 6724258, +30 210 6724229
  • Email PROCESS
  • Untitled 1 linkedin