How to manage procedures and master list of identified risks?

I wonder how to manage the documentation for the risk in compliance to ISO 9001 2015.

I detected a risk in delivery product to client (delivery process), for the treatment, I will rent an additional truck for transporting the product, and such risk is registered in a master list of risk of all the processes, on it, I do the follow-up and this is shown in every management review meeting.

Should I include in the procedure that I´m having an additional resource for transportation? duplicating the information?

We know that from time to time, risks are changing, then I will have to change the procedure every time a new risk appears?.

I may face a risk, then I can mitigate it and its over, but a new risk may appear.

Is it not better that in every procedure (where apply, Where I have risks) I only refer the list of risk?, thus saving time and paperwork?

Thanks

 

One method that I have heard suggested several times is the use of a Risk Register (here's a link to a Wikipedia article: https://en.wikipedia.org/wiki/Risk_register)

Indeed, the process is supposed to be living (continuously updated) so you'll be looking at effectiveness of the controls, what new risks arise, etc.

In essence, any documented procedure is a risk mitigation (helps ensure you do everything / repeatedly) so once something is instituted, it should probably be folded into the procedure. However, that doesn't mean that the first time you define a mitigation you should update the procedure. Effectiveness needs to be confirmed before it goes into the procedure. If, in your example, having a spare (?) truck is not cost-effective, you wouldn't want to institutionalize that and may need to explore other mitigations.

 

Good day Qualmx;
In regards to how you identify, document, and manage this activity, it is obviously up to you and your organization. I do, however, strongly recommend (as you eluded to) that you do not duplicate information at any point within your QMS. This creates great difficulty in regards to document and process control (i.e. to ensure that information is same/consistent across the management system).

It is difficult to know for sure without seeing and understanding your QMS structure, however, your idea to "...is it not better that in every procedure... I only refer the list of risk?,", seems like a great approach. Yes, this will potentially save "time and paperwork", but more importantly, it will help to ensure your QMS is sustainable and scaleable by not creating the document and process control problems (inconsistencies) I mentioned previously. Hope this helps.

 

Thanks John and Yodon

very helpful your advises