A risk is characterized by the severity of harm and a probability of occurrence.
Acceptable Risk
Something must define how risks are scored and what constitutes acceptable risk.
Numerous methods have been seen on how to define risk rankings but a 5×5 matrix has proven to be a solid approach.
Risk Approach
Fewer (e.g., 3×3) doesn’t provide needed granularity and more (e.g., 10×10) often leads to arguments as to whether something is a 5 or 6, for example.
With 5, it’s fairly easy to come to agreement on the ranking.
Consider Severity
First, because it’s easiest, let’s consider severity.
Severity can run the gamut from annoyance to death (if we were talking about airlines, we might have mass deaths but most devices are used on a single patient at a time, so
death is typically the worst case considered).
The severity scale is typically a 5-level scale, giving a subjective ranking and a definition as shown on the table.
The best approach is to use the same ranking scales throughout the risk management process for everything to ensure consistency.