Risk assessments should be controlled within a defined document management system. If risk assessments are conducted to justify controls for an ongoing process then the assessments should be subject to change control and periodic review, eg line clearance risk assessment. Frequency of review should be appropriate for the nature of the process. Such risk assessments should be seen as living documents that are visible and subject to change as and when required. Risk assessments that were conducted as one off activities to assess a situation that will not recur need not be controlled in a ‘live’ manner but must be documented, approved and retained eg assessment of a temperature excursion on storage of a batch of starting material. Such ‘one off’ activities should be controlled as live documents if any conclusions are to be used in any future excursions. Ultimately these may then need to be reviewed in light of experience or developments.
