The best approach would be to help the device owner create his risk management process, including the manufacturing of the assemblies you do (to make it clear, what you do i something that the owner should do, but he can’t or don’t want to, and them he delegates the authority to do so to you, however it’s still his responsibility).
With this in mind, you does not need to have any risk management documentation (per ISO 14971), unless the risk management process of the device owner requires you do to so.
Anyway, it would be a good pratice if you would have, for example, risk analysis of your processes, focusing in what you do (because, if you would focus in the final device, you yourself really cannot estimate the impact of any problems of your process on the device use – meaning, what might happen to to the user/patient, for example. You might have an idea, but not the whole picture).
