[Ocganization logo} [Organization name] PROCEDURE FOR ADDRESSING RISKS AND OPPORTUNITIES Sommer tenures immer [43 fwd ees ‘ener ant ode: Veron Grated by ‘Approved by Date af verion Signature Distribution list Copy AP” | vistbuted to ate Signature Returned ate [OR Sigature ‘©216ieelatryb id by atl PS Sa. war ccd wth the eer t ‘Commented [93] A ot eign[organization named Change history Date Version | Created by | Description of change ‘GA | S0DIAcademy_ Basie document outine Table of contents 1 PURPOSE, SCOPE AND USERS. 2. REFERENCE DOCUMENTS... 2 RISKS AND OPPORTUNITIES TREATMENT. 32 Mmie00(06"FoR vALUANON OF SKS 0 CHFORTUNTES a 33. Impactofrits and opportuntiee 4 332 Probability of ecumence : ve 34, Omumaron ores ev ks a cHPONTUNTES 5 36, EvAUnnon oF HEACTONS FOR ADDRESS HS 0 OPPORTU 5 |. MANAGING RECORDS KEPT ON THE BASIS OFTHIS DOCUMENT ccs es) 5. APPENDICES. 6 roca torRiresigatsand vedo ned opportunites[organization named 1. Purpose, scope and users ‘The purpose of this document sto ensure understanding of the sources of risk and opportunities that arise from the context of {organization name! and requirements of interested patie, and their treatment, ‘This procedure will nt be used for identification ofthe risks inthe production and design processes inthat case, the Procedure for FMEA Rsk Assessment must be applied ‘Commented [OAS] Die is panna Ftase scart seamen ober ost Users of this document are top management members of [organization name] within the scape of the ams, 2. Reference documents = 1809002:2015, clause 6.1 © Quality Manual ‘+ Procedure fr Determining Context of the Organization and Identification of Interested Parties ‘© [other documents and regulations that determine document control 3. Risks and opportunities treatment In accordance withthe context of [organization name] and equlrements of identified interested partes, [jo tite] has to ‘Identity risks and opporturities that have potential impact on product and service conformity, Determine ris significance ‘+ Define appropriate actions ‘Conduct evaluation of actions’ effectiveness ‘Establish hierarchy In actions for aderessng risks 3.1. Identification of risks and opportunities \When planning the GMS, (jb ite] considers internal and extemal sues relevant to the purpose and strategccirecton of [organization name], as well as needs and expectations of interested partes relevant tothe QMS to determine rsks and opportunities tobe addressed. During identification ofthe rks and opportunities, (job tt] takes Into account, among others, the {following questions: recta tarRresigaand vedo ted Sppertuntie[organization named ‘© Whatean happen? ‘+ How can it happen? 4+ Are our strategie documents and information protected enough? ‘+ Canthere be changes inthe priate of our interested parties? 3.2, Methodology for evaluation of risks and opportunities Alrisks and opporturites relevant to the QMS are entered into Registry of Key Risks and (Opportunities by [ob tite}, who i responsible forthe process of addressing risks and opportunities. 3.3. Determining the level ofthe risk job titel, together with other relevant roles and functions inthe organization, determines the significance of each risk and opportunity according tothe following eters 3.3.4. Impact of rsks and opportunities ‘owimoen The rss or opportunity have The risk can have minor impact Medium impact The risk ean have High impact 3.3.2, Probability of occurrence Atr the evaluation ofthe rss’ and opportunities’ impact onthe QMS and the company isl Job title] must. roca torRresigtand vedo te][organization named Medium probabiity wen The risk oveurs Treaventiv probabiity 3.4. Criteria for determining key risks and opportunities ‘ter determining a rating foreach risk and opportunity, [job ttle} determines the level of significance of each risk and opportunity (R) as Level of significance of ‘evel | aspect and itsimpact Score _| Actions that need tobe taken Tnsigniicant Signcant (etal) aspect/impact 35. Actions to address risks and opportunities Uo ttle] must define measures for achieving opportunities and risk treatment in accordance with the hierarchy described in section 3.7. 3.6. Evaluation of the actions for addressing rsks and opportunities lo ttle} must, at least annually, review 37. Hie chy of actions for addressing risks Forall key rks, when conducting measures for tsk treatment and establishing control over rss, [job title} has o establish the following hierarchy: recta tor Rresngntand veo ne][organization named . Managing records kept on the basis of this document ore [rere fee fee | 5. Appendices ‘Appendix 1 Registry of Key Risks and Opportunities. ‘+ Appendix 2 — Procedure for FMEA Rsk Assessment ‘+ Appendix 3~ FMEA Risks Assessment Record Trocetartor Riresigtsand va esd fom ed opportunites ‘eae ont mayb by ett ee waar comma wih ars Agee