My interpretation is as follows.
7.1.2 Risk Management.
We are Contract Manufacturer and produce PCBs (no design work). We should manage risks of being non-compliant to industry/customer/regulatory requirements on quality/delivery/and safety.
a) To satisfy industry requirements I have written
PFMEA to manage quality related production risks. Our main source of requirements is IPC-A-600 standard (Acceptance of PCBs) and my PFMEA is based on Control Plan. (Evidence - Record)
b) To satisfy customer requirements we manage risks by identifying Customer Critical Items during Job Planing, such as Key Dimensions, special requirements for raw materials, etc. (Evidence - specific Travelers with identified Critical Items)
c) To satisfy Customer requirements for Delivery we have Job Planning procedure where we manage Delivery risks. (Evidence - no record just procedure)
d) Compliance people make sure that we have all necessary safety related documents (WHIMIS, MSDS). Procedures are in place. (Evidence - records)
e) Risk of loosing important Customer. Decided to conduct Reviews bi-annualy based on Customer Satisfaction Surveys. (Evidence - records)
Further have outlined all these risks above in one document, called it Risk Matrix, assigned RPN numbers, and put together future Action plan to reduce RPN. (Evidence - Record)
I am not sure that I am correct with the above, just seems logical.
Alexander.