Applying ISO 9001 system standards to company risk management

ISO Management system standards (such as ISO 9001:2008, ISO 14001:2004) have proved invaluable to shipping companies around the world for improvement in a variety of areas (i.e. enanche of customer satisfacation and environmental aspects and impacts identification). 

These areas are quite specific and they all are unified to a common goal. They can “work” for common goals, helping the shipping companies of any type to systematically manage risk.  That, in turn, is a condition for business stability, profitability and safety.

Managing different types of risk

All shipping companies work under a certain level of uncertainty, including market risks, credit risks, legal risks and operational risks. These risks influence organizational performace and often hamper development, and in many cases impact business parterns.

Professionalism in dealing with uncertainty reduces threats to shipowners stability, improves general economic health , and increase personal safety and quality of life on board vessels. With proper risk management methodology and tools, shipowners of all kinds enhance thier governance systems to become more predictable, stable and safe. Another important consideration is that a company’s risks can expose its partners and customers. This means that risk management systems are necessary not only for organizational profitability and security (i.e. ISPS Code) , but also for maintaing stable business.

ISO 31000 for risk management and ISO 9001

Risk management is a continuous process encompassing the following steps:

  1. Risk Identification
  2. Quantification
  3. Accept the Risk
  4. Mitigate the risk
  5. Transfer the risk
  6. Avoid the risk
  7. Implementation
  8. Project Analysis
  9. Residual risk evaluation

After everything is complete, residual risks need to be evaluated and business continuity must be planned. Mitigation does not provide a 100% guarantee that the risk will not occur.

If we treat ISO 9001:2008 as the core standard for the management system, meaning that all activites are managed within the quality management system (QMS) and the quality is broadly understood both on board and ashore, we see that all the processes from Section 8 of the standard are necessary for risk management, including internal audits, corrective actions and preventive actions, customer feedback, strategic planning and management review, and nonconforming product/service management.

If the shipowner arrives at the conclusion that a nonconformity can be called a realized risk which require mitigation, and a potential nonconmformity is called a risk, the corrective actions process (clause 8.5.2 and 8.5.3) is suitable for identification, quantification and management of risk.

Corrective and preventive actions may be implemented is such a way that thier registration and analysis serve as a tool for risk processing. A sure way for a company to manage  the many risks it faces is to process them trough such a process. The Steps required by ISO 9001 cover all aspects of the risk management process.  However, there are many risks that are not covered by the ISO 9001 standard, but they are addressed in other standards for management systems. For example environmental risks are addressed in the ISO 14000 standards.


In general, ISO management system standards contain tools for managing operational risks as int he case discussed above. In addition the new ISO 31000 standard provide principles and generic guidelines on risk management.

The implementation of a company risk management system will help shipowners to effectively manage risks, providing profitability for their organizations, assuring the safety of stakeholders and meeting the new ISM Code objectives entering into force on 01 July 2010.


Comments are closed.

Stay updated with us

Stay updated with us

You can receive our free news directly by: