ISO9001:2015 requires organizations to define the key stakeholder requirements, the risks that might prevent each of such requirements from being satisfied as well as the actions to minimize such risks. ProcessFrame supports an integrated risk analysis based on the principles of ISO31000 (Risk Management standard), that can be extended to manage safety, environment and IT security risks. The system allows the registration of all the risks and for each of them the impact ( the gravity) and the probability using numeric indexes to produce a dynamic report listing all the risks in priority order.
The mitigation actions are planned, assigned and monitored using similar workflows to all the other actions traced in the system and finally the effectiveness of such actions is reviewed to create new actions in case of inadequate results.
ProcessFrame also supports the continuous monitoring of the adverse events, traced by the system and analyzed with the help of the software statistical functions. The result of the monitoring activity is a reassessment of gravity and probability and a revised priority list that might suggest new actions.