The risk analysis begins with the identification of the Concerned Parties in the quality management system. The concept of Concerned Parties is a recent addition to the latest revision of ISO 9001 and it is important to review its definition, in accordance with ISO 9000.
Concerned Party (stakeholder), is a person or organization that may be affected, affected or perceived to be affected by a decision or activity of our organization. Examples of Concerned Parties are: customers (buyers, interns, end users, etc.), owners, persons in an organisation, suppliers, banks, legislators, trade unions, partners or society in general that may include competitors or lobbyists with opposing interests.
The following is a recommendation on how Concerned Parties could be approached from a risk analysis perspective.
Step 1 – Determine the concerned parties in the SGC
The organization must determine which persons or organizations have an interest in its decisions or activities within the organization itself. This is an activity for Senior Management and may include a List of Stakeholders in the Organization that includes, for example:
Governments (federal, state and local), direct customers, OEMs, end users, regulatory & regulatory bodies, investors, suppliers, employees, society, etc.
Step 2 – Determine the Pertinent Concerned Parties (relevant) to SGC
The organization must determine which stakeholders are relevant to it. This is an activity for senior management and it is recommended that the Mendelow Matrix be used for stakeholder ranking. The Pertinent Concerned Parties are the most important to the organization and have the most influence (power) over it.
As Pertinent Concerned Parties you would expect to find, for example, governments, principal clients, industry policy-making bodies, etc.
Step 3 – Determine the needs and expectations of the Pertinent Concerned Parties (relevant) to SGC
The organization should determine the needs and expectations of the Relevant Stakeholders, i.e., what they expect to achieve from the organization or what they want to achieve or happen. Senior management can carry out a List of Needs and Expectations of Pertinent Concerned Parties for each of the Concerned Parties.
The needs and expectations can be at the legal, normative, regulatory, product, process, management system, organization, commercial, ethical, social, etc. levels.
Step 4 – Determine the relevant requirements (relevant) of Pertinent Concerned Parties (relevant) to SGC
When the organization decides that the need or expectation of a Concerned Party is pertinent (relevant) to the organization, it becomes a requisite (requirement) for the QMS and its processes. Senior management can carry out a List of Relevant Requirements of Pertinent Concerned Parties based on the commitments (legal, contractual and even verbal) that have been agreed with the pertinent Concerned Parties.