In reviewing the ISO DIS 9001 version for commentary and discussion, I thought that one of the most significant modifications was found within the Quality Planning section. The text is below, and my commentary will follow.
6 Planning for the quality management system
6.1 Actions to address risks and opportunities
6.1.1 When planning for the quality management system, the organization shall consider the issues
referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:
a) give assurance that the quality management system can achieve its intended result(s);
b) prevent, or reduce, undesired effects;
c) achieve continual improvement.
6.1.2 The organization shall plan:
a) actions to address these risks and opportunities;
b) how to:
1) integrate and implement the actions into its quality management system processes (see 4.4);
2) evaluate the effectiveness of these actions.
Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.
NOTE Options to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.
In this version, I have highlighted the phrase, "determined risks and opportunities". The emphasis on risks has distinguished the 2015 version of ISO 9001 from its earlier incarnations. By explicitly referencing risks and opportunities, the new ISO 9001 standard will expand the quality planning to include these identified risks and opportunities, and the effectiveness of the quality management system in relation to the mitigation and control of risks and the fulfillment and capitalization of opportunities.
Conformity and effectiveness of the quality management system extends beyond the conditions of the ISO 9001 standard to now incorporate both risks and opportunities. For example, if a commercial enterprise uses a non-renewable resource, its quality system must incorporate risk mitigation steps to address resource depletion and material substitution (i.e. recycled material).
The corresponding sections of ISO 9004:2009 are intended to provide the "how" for the implementation of ISO 9001 attributes. However, by inserting the phrase, "determined risks and opportunities", the scope shifts from strictly internal quality attributes to external drivers and influences.
The inclusion of risks and opportunities also creates natural extensions of the management system from quality to include overall sustainability, security, information controls, environmental management, social responsibility, and other corporate governance practices.