I'm going to open with a bit of an inflammatory statement and hope you don't close the page, are you ready…  You are doing risk management wrong, and your business is suffering because of it. For that matter, I bet your whole ISO document structure is wrong! Now, while you calm down a bit here's a question, if I asked you how your risk managem...

Understanding and documenting business risks is something that many just fail to do. They view them as a thing "only big businesses do" or a "corporate thing" but that's not the case. Managing business risks is an important step for any business, no matter how big or small, to consider all the risks to them keeping the doors open. This is a re...

We work with a lot of organisations helping with their ISO9001, 14001, 27001 or 45001 implementation and ongoing management of their new systems. We like to use Mango for this as it's a fantastic fully integrated platform to manage all the requirements of these standards. Over the last few years, we have noticed an ongoing trend within these implem...

When it comes to understanding risk analysis people are used to using a risk matrix and walking through a step by step risk analyses process, it's probably the default way of looking at the analysis of risk, but it's not the only way. The bow tie method is a really visual way of understanding the impacts of a hazard, the risk it presents, the conse...

On Wednesday morning my alarm went to remind me to get up to watch SpaceX's Falcon Heavy take off on it's test flight. Truth be told I didn't need the alarm, I was up already and excited, this was history in the making. Then, disappointment it was delayed by over an hour because the wind conditions weren't quite right. Finally the wind was good, th...

Understanding the risks in your organisation is a key part of being able to effectively manage it and its part of the reason that the ISO management systems now take a risk-based approach to things. ISO27001:2015 is no different to the other standards in that respect, if you want to have an effective Information Security Management System (ISMS) th...

Throughout the whole AS9100D standard, risk-based thinking is an important thread. In clause 6.1 you are required to look at the risks (and opportunities) linked to the quality management system of the organisation, now AS9100D wants you to focus on even further. The whole point of the 5 points in clause 8.1.1 of AS9100 is to get you to understand ...