Risk registry

Answer:

There is no requirement from ISO 9001:2015 to keep documented information about risks. So, you are quite free about how to do it, if you want to do it. For example, you can keep a risk registry for quality and for process objectives. In columns, for each objective, you list determined risks, you classify each risk, you decide what action will be taken and you define the date of evaluation of its effectiveness. If you do this in your computer you can add new risks whenever you decide it and you can update your classification and actions.

The following material will provide you information about the risk-based approach:

ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/