Risk Management is going to be a mandatory requirement for all ISO standards. Until now, risk management was a requirement of CMMI Level III and above, and ISO 27001. In ISO 9001:2008, risk management is not a standard requirement. But with the upcoming edition of ISO 9001 in the year 2015, risk-based thinking will be an approach of the standard. This is a more proactive approach. The organization and its functions have to act proactively and identify risks and issues in all their projects/processes.