At what level should the risk identification be made from the Laboratory according to the new standard ISO/IEC 17025:2017? On a more global scale or in detail for all processes?
Any and all risks to the validity of results should be considered and the activity required will depend if it is relevant only to narrow areas or to the activities of the lab as a whole.
Risk identification needs to be built in to the lab MS and ongoing. This requirement features throughout the Standard and is now a basic and innate philosophy. Steps required will depend on the structure and nature of the lab and of the risk found.
Note that not all risks shall necessarily result in changes, maybe some will be accepted and steps taken to minimize the impact rather than minimizing the likelihood of occurrence.
Identification by top management at Management Review is unlikely to suffice. This should be open to all staff who are involved and may be generated by mechanisms to suit the nature of the lab organization.