Dear Selma Assili,
The risk assessment is the first step, which has been carried out by you. The receival of the COA and COC at each lot is just a part of the verification.
Now you have to work through the rest of Part 3.5. Just to mention 2 things, as I don't know the exact context:
- Supplier approval system and monitoring procedures need to be in place to ensure that all identified risks are effectively managed
- You have to verify whether just the receival of COA/COC covers the risks you identified. Verification is surely necessary
All this needs to be well implemented and followed up.
Kind regards,
Gerard Heerkens