A risk based approach is stated in clauses 7.10 Nonconforming work b) and 8.7.1 Corrective Action, b. In 8.7.1 e, and 8.7.2 the requirement is clearly specified that a laboratory must refer to the risk and opportunities in the register and take the degree of action according to the risk. i.e a high risk requires appropriate resources and action to reduce the risk to a level the laboratory identifies as appropriate. The low risks could justified as not needing action.
Practically the laboratory must state your approach. E.g treat assign resources to reduce all high risks to an acceptable level, consider reducing medium risks if solutions and resources are readily available, while accepting any low risks without further action.
Start off with considering that you are never looking for a singular root cause to take one action to address a nonconforming event. You are seeking the best possible practical, executable solutions to implement, and then monitoring and reassessing the remaining risk. Certain actions can be complicated, time consuming and expensive to implement while a combination of other actions may be less costly and quicker, while reducing risk of a reoccurring event to a suitable, but not “zero” level.
For more information have a look at the article Corrective actions principles and root cause analysis in ISO 17025 at https://advisera.com/17025academy/blog/2020/11/04/corrective-actions-principles-and-root-cause-analysis-in-iso-17025/
And the available toolkit https://advisera.com/17025academy/iso-17025-documentation-toolkit/