For example: When a mask manufacturer passed an ISO13485 certification audit by UK accredited certification body (such as SGS, BV, Lloyd’s, BSI ..) covering operation and management of a company. The mask manufacturer received a UK Accredited ISO13485 certificate. The ISO13485 certificate states that the operation and management of masks manufacturers meet ISO13485 requirements. However, it cannot be claimed that the mask conforms to ISO13485, because ISO13485 is a certification of the company’s management practices, not a certification of the mask itself.
For ISO 9001 risk identification, the company should identify risk from 6 aspects such as Political, Economic, Social, Technology, Environmental and Legal.
Moreover, the company conduct SWOT Analysis through brainstorm meeting. You can identify where the strength, weakness, opportunity and threat are for improvement.