Implementation of risk management

Answer:

There are no mandatory documents required by ISO 9001:2015 to evidence implementation of Risk Management.

So, you are free to decide how to perform and evidence Risk Management. Normally, organizations create a non-mandatory procedure for addressing risks and opportunities, and generate a Risk Registry to keep a list of updated determined risks and opportunities, their evaluation according to action need; the actions performed and the evaluation of their effectiveness.

The following material will provide you information about the risk-based approach:

ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
List of mandatory docum ents required by ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-90012015/
ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/