# Configuring Periodic Risk Review (QMS)

QMS contains periodic risk review capabilities to allow your organization to store historical data about a _Risk Assessment_ and its _Assessment Risks_ (including risk scores and mitigation actions) in a structured format. Depending on your configuration, Vault may also automatically start an approved _Risk Assessment_'s periodic review workflow based on its _Next Review Date_ field.


## Configuration Overview {#configuration-overview}

You must perform the following steps to enable full use of periodic risk review in your Vault:

* [Configure fields][2] on the _Risk Assessment History_ and _Assessment Risk History_ objects that will store copies of the data in the corresponding custom fields on the _Risk Assessment_ and _Assessment Risk_ objects.
* [Update layouts][3] for _Risk Assessment_ and _Assessment Risk_ objects.
* [Enable the Assessment Risk Mitigation object][4] (`assessment_risk_mitigation__v`)
* [Update the _Risk Assessment_ object lifecycle][5] to create history records.
* Optional: [Configure a workflow ][6] to enable a process that obtains approval to conduct a periodic review of a _Risk Assessment_ record.
* Optional: [Configure Vault jobs][7] to automatically initiate a workflow to periodically request a review of an approved _Risk Assessment_.

## Configuring Risk Assessment History & Assessment Risk History Objects {#configuring-history-objects}

When Vault creates a _Risk Assessment History_ or _Assessment Risk History_ record, the system automatically copies data from certain standard fields into the history record. You can also configure Vault to copy data from custom fields in _Risk Assessment_ and _Assessment Risk_ records.

In order for Vault to transfer custom field data from a source _Risk Assessment_ or _Assessment Risk_ record to the corresponding _Risk Assessment History_ or _Assessment Risk History_ records, you must add the [custom fields](/en/lr/15057/) to history objects using an identical field _Name_ and _Data Type_. 

## Configuring Layouts for Assessment & Assessment Risk Objects {#configuring-assessment-objects}

Add the _History_ related object sections to the _Risk Assessment_ and _Assessment Risk_ [object page layouts](/en/lr/26387/). For both, select the _Prevent record creation_ option.

## Enable the Assessment Risk Mitigation Object {#enable-risk-mitigation-object}

The _Assessment Risk Mitigation_ object allows users to create and associate mitigation records for _Assessment Risks_. Supported mitigation record types include:

* _Mitigation Actions_
* _Quality Events_ 
* _CAPA Actions_ 
* _Change Controls_ 
* _Continuous Improvements_
* _MedTech CAPAs_

You must [make the _Assessment Risk Mitigation_ object active](/en/lr/15057/), and the _Assessment Risk Mitigation_ related object section should be added to the _Assessment Risk_ object layout.

## Configuring the Risk Assessment Lifecycle {#configuring-the-risk-assessment-lifecycle}

To ensure that Vault automatically sets field data as necessary and creates _Risk Assessment History_ records when a _Risk Assessment_ enters the _Approved_ state, configure the _Capture Assessment History_ [entry action](/en/lr/59885/) on the _Risk Assessment Lifecycle_'s appropriate states. You can configure the action on one or both life cycle states corresponding to the _Approved_ and _Complete_ state types. Typically you would do this on _Approved_ and _Approved * Pending Mitigation_ states.

## Configuring Risk Assessment Periodic Review Workflows {#configuring-risk-assessment-periodic-review-workflows}

Configure a [workflow](/en/lr/33550/) which allows users to obtain approval to conduct a review of an approved _Risk Assessment_ record. If the workflow starts automatically, ensure the workflow configuration uses the _Allow auto-start from entry action and event action_ option.

## Configuring Automated Periodic Risk Review Jobs {#configuring-automated-periodic-risk-review-jobs}

Organizations can optionally configure Vault to automatically initiate a workflow to periodically request a review of an approved _Risk Assessment_. To do so, you can [configure an automated Vault job](/en/lr/22897/) that checks for approved _Risk Assessment_ records that are due for review based on a date. When the job finds a _Risk Assessment_ record, it changes its state to automatically start the configured periodic review workflow.

  [1]: #configuration-overview
  [2]: #configuring-history-objects
  [3]: #configuring-assessment-objects
  [4]: #enable-risk-mitigation-object
  [5]: #configuring-the-risk-assessment-lifecycle
  [6]: #configuring-risk-assessment-periodic-review-workflows
  [7]: #configuring-automated-periodic-risk-review-jobs