Skip to main content

Overview

Risk controls are mitigation actions assigned to failure modes, failure conditions, hazards, and other risk items to reduce their residual risk. The riskControlType enumeration categorizes controls by their position in the risk reduction hierarchy, following ISO 14971 medical device safety principles adapted for aerospace safety standards (ARP 4761, DO-178C, DO-254, DO-326A).
The riskControlType field is multi-select — a single control can simultaneously serve multiple risk reduction strategies (e.g., a design change that is both inherent safety AND protective).

Risk Control Type Hierarchy

Risk controls are prioritized by effectiveness level according to ISO 14971: diagram

Enumeration Values

Value IDDisplay NameDescriptionUsage Context
inherent-safety-designInherent Safety DesignHazard eliminated or reduced through engineering design changes. No reliance on operator action or device operation.SFMEA, DFMEA, FHA, PSSA, SSA — preferred control type for highest effectiveness
protective-measureProtective MeasureHazard consequences mitigated through protective devices, redundancy, monitoring, or automatic failsafe mechanisms. Activates automatically when hazard detected.SFMEA, DFMEA, hazard tracking — secondary mitigation when design change not feasible
information-for-safetyInformation for SafetyOperator/crew/maintenance personnel informed to manage residual risk through warnings, caution labels, training, or procedures. Relies on human awareness and correct action.All analysis types — used only when design and protective controls insufficient

Control Type vs. Control Category

Do not confuse riskControlType (ISO 14971 hierarchy: inherent/protective/information) with controlType (general classification: Design/Protective/Information).
  • controlType is a general 3-option enum used in requirements and process steps
  • riskControlType is the ISO 14971 specific hierarchy applied to risk control work items
The riskControlType field on riskControl work items implements the ISO 14971 prioritization model. Both may coexist in the data model for cross-domain compatibility (e.g., medical device subsystems within aerospace products).

Multi-Select Behavior

Because riskControlType is multi-select (multi='true' in custom field definition), a single risk control can be marked with multiple strategy types: Example: A design change that adds hardware watchdog monitoring serves two purposes:
  • Inherent Safety Design — reduces software timing failure probability through architectural change
  • Protective Measure — provides automatic failsafe detection and reset if timing violation detected
Both values are selected simultaneously, reflecting the control’s dual effectiveness.

Implementation Status Tracking

Risk controls also track their implementationStatus, a separate 4-state enum:
StatusMeaningRisk Reduction Active?
not-implementedControl identified but not yet executed✗ No
in-progressControl design/coding in progress✗ No (provisional)
implementedControl design complete and integrated✓ Yes (post-mitigation analysis applies)
verifiedControl verification testing complete and passed✓ Yes (full credit for risk reduction)
Post-mitigation RPN and residual risk calculations apply only when implementationStatus is implemented or verified.

Risksheet Integration

Risk controls appear in two primary risksheet views:

Risk Control Plan Risksheet

The dedicated Risk Control Plan risksheet lists all risk controls centrally with:
  • Title / Description
  • riskControlType — ISO 14971 strategy (inherent/protective/information)
  • implementationStatus — implementation progress
  • Linked failure modes / failure conditions / hazards via ‘mitigates’ role
  • Verification method and test references

Task Role in Analysis Risksheets

In SFMEA, DFMEA, FHA, and hazard tracking risksheets, risk controls appear as task rows linked to failure modes via the ‘mitigates’ role, with abbreviated fields for quick reference.
Risksheet layout and display order depend on specific template configuration. See Risksheet Configuration Reference for template-specific details.

Selection Guidance

When to Use Inherent Safety Design

  • Design flaw or architectural weakness identified
  • Failure probability can be reduced by engineering change
  • Example: “Redesign sensor interface to eliminate single-point-of-failure condition”

When to Use Protective Measure

  • Design change infeasible or unacceptable due to cost/schedule/performance
  • Automatic detection and response is possible
  • Example: “Add watchdog timer to detect software hang and trigger reset”

When to Use Information for Safety

  • Residual risk managed through operator action or awareness
  • No design or protective mechanism eliminates the hazard
  • Example: “Add caution placard: Do not exceed maximum pitch rate 15°/sec”

Cross-Reference

This page documents the riskControlType enumeration as defined in the Aerospace Safety Solution configuration. Specific risksheet views, formulas, and UI rendering may vary by project configuration. Review your project’s Risk Control Plan and FMEA risksheets to confirm how control types are displayed and scored in your environment.
Code: .polarion/tracker/fields/designRequirement-subType-enum.xml, environmentalCategory-enum.xml, fta-gateType-enum.xml, cca-analysisType-enum.xml, controlType-enum.xml, riskControlType-enum.xml, verificationMethod-enum.xml, testLevel-enum.xml (0.79) · .polarion/tracker/fields/testCase-custom-fields.xml, desReq-custom-fields.xml, processStep-custom-fields.xml, characteristic-custom-fields.xml, systemElement-custom-fields.xml, commonCauseEvent-custom-fields.xml, riskControl-custom-fields.xml, task-custom-fields.xml, custom-fields.xml (0.72) · modules/RiskTemplates/RiskControlPlanTemplate/attachments/risksheet.json (0.63) · .polarion/tracker/fields/hazard-hazardCategory-enum.xml, hazard-operationalPhase-enum.xml, hazard-acceptanceAuthority-enum.xml (0.56) · .polarion/tracker/fields/riskRecord-custom-fields.xml (0.56) · .polarion/tracker/fields/harm-severity-enum.xml, pOccurrence-enum.xml, p2Occurrence-enum.xml, riskRecord-probability-enum.xml, riskRecord-risk-enum.xml, finalRisk-enum.xml, riskBenefitResult-enum.xml (0.56) · .polarion/tracker/fields/workitem-type-enum.xml (0.55) · .polarion/pages/spaces/_default/Data Model/page.xml (0.53) · modules/Risks/COMPLIANCE-001/module.xml, modules/Risks/MIL-STD-882E-HTS-001/module.xml, modules/Risks/SEC-THREAT-001/module.xml, modules/Risks/SFMEA-SUB-001/module.xml, modules/Risks/SFMEA-SUB-002/module.xml, modules/Risks/SFMEA-SUB-003/module.xml (0.53) · modules/RiskTemplates/PSSATemplate/attachments/risksheet.json (0.52)