ELM-335-01

Your 2 Minute Guide to Risk Severity [ISO 14971]

A risk is characterized by the severity of harm and a probability of occurrence.

Acceptable Risk

Something must define how risks are scored and what constitutes acceptable risk.

Numerous methods have been seen on how to define risk rankings but a 5×5 matrix has proven to be a solid approach.

Risk Approach

Fewer (e.g., 3×3) doesn’t provide needed granularity and more (e.g., 10×10) often leads to arguments as to whether something is a 5 or 6, for example.

With 5, it’s fairly easy to come to agreement on the ranking.

Consider Severity

First, because it’s easiest, let’s consider severity.

Severity can run the gamut from annoyance to death (if we were talking about airlines, we might have mass deaths but most devices are used on a single patient at a time, so
death is typically the worst case considered).

The severity scale is typically a 5-level scale, giving a subjective ranking and a definition as shown on the table.

The best approach is to use the same ranking scales throughout the risk management process for everything to ensure consistency.

Author

Don Hurd

Practical Quality & Thorough Validation The Realtime Group