Overview
Risk Level synthesizes two independent risk parameters — severity of potential harm and probability of occurrence — into a single categorical classification that drives risk acceptance decisions and mitigation prioritization. The enumeration supports both:
- ISO 26262 HARA workflow: ASIL-based risk classification for functional safety hazards
- ISO 14971 Risk Control Plan workflow: Harm severity × risk probability matrix for medical device risk management
- FMEA workflows: Action Priority-driven risk categorization for design and process failure modes
Risk Level and ASIL serve different purposes. ASIL (Automotive Safety Integrity Level) is an ISO 26262 functional safety classification determined by Severity × Exposure × Controllability. Risk Level is a general risk assessment outcome determined by Severity × Probability and used across ISO 14971, HAZID, and FMEA analyses.
Risk Level Enumeration Values
| Value | Display | Color Code | Icon | Risk Acceptance | Mitigation Required | Use Cases |
|---|
| Acceptable | ✅ Green | #4CAF50 | ✓ | Yes (as-is) | No | Residual risk post-mitigation; FMEA Action Priority = Low |
| ALARP | ⚠️ Yellow | #FFC107 | ⚠ | Conditional | Proportional | Acceptable only with documented benefit-risk analysis |
| Unacceptable | ❌ Orange | #FF9800 | ✗ | No | Yes (mandatory) | Initial risk requiring control implementation |
| Unacceptable High | Red | #F44336 | ‼ | No | Yes (urgent) | Critical risk requiring immediate action |
ALARP (As Low As Reasonably Practicable) risk acceptance requires documented benefit-risk analysis per ISO 14971:2019. Do not accept ALARP risk without recorded justification in the Benefit-Risk Justification column.
Risk Matrix Calculation
Risk Level is computed by combining Severity and Probability using a standard automotive risk matrix:
Probability
1 2 3 4 5
Severity 1 [Acc] [Acc] [Acc] [Acc] [ALARP]
Severity 2 [Acc] [Acc] [Acc] [ALARP] [Unacc]
Severity 3 [Acc] [Acc] [ALARP] [Unacc] [UaccH]
Severity 4 [Acc] [ALARP] [Unacc] [UaccH] [UaccH]
[Acc] = Acceptable (green)[ALARP] = ALARP (yellow)[Unacc] = Unacceptable (orange)[UaccH] = Unacceptable High (red)
ISO 14971 Two-Stage Probability Model
In Risk Control Plan risksheet, Risk Level uses a two-factor probability calculation:
Risk Probability = P1 × P2
where:
P1 = Probability that hazardous situation occurs
P2 = Probability that situation causes harm (given occurrence)
- Frequency of occurrence — how often the hazardous situation arises
- Conditional harm probability — likelihood that harm results from the situation
FMEA Action Priority Mapping
In FMEA risksheets, Risk Level correlates to Action Priority:
| Action Priority | Risk Priority Number (RPN) | Risk Level | Mitigation |
|---|
| H (High) | RPN > 200 | Unacceptable High | Mandatory immediate action |
| M (Medium) | RPN 100–200 | Unacceptable | Mandatory control implementation |
| L (Low) | RPN < 100 | ALARP or Acceptable | Optional; document justification |
RPN = Severity × Occurrence × Detection (S-O-D). TestAuto2 formulas compute RPN and map to Action Priority automatically via calculateActionPriority() JavaScript function.
Risk Level Integration Points
Risksheet Cell Styling
Risk Level controls conditional formatting in risksheet cells using the riskStyle() decorator function:
// Applied to risk value cells and row headers
riskStyle(finalRisk) → CSS class assignment
Classes:
rpn1 → Green background (acceptable)
rpn2 → Yellow background (ALARP)
rpn3 → Orange background (unacceptable)
rpn4 → Red background (unacceptable high)
- riskValuePre — Initial risk (pre-mitigation)
- riskValuePost — Residual risk (post-mitigation)
- finalRisk — Acceptance decision
Risk Control Linking
Risk Level determines risk control requirements:
| Risk Level | Control Type Options | Control Linkage |
|---|
| Acceptable | Optional; document monitoring | May link to verification evidence |
| ALARP | Recommended; must document justification | mitigates link required if control implemented |
| Unacceptable | Mandatory; document design choice | mitigates link required before residual assessment |
| Unacceptable High | Urgent; may require design freeze impact | mitigates link required; traceability chain mandatory |
mitigates role reduce probability or severity, triggering recalculation of residual Risk Level.
Benefit-Risk Analysis
When Risk Level cannot be reduced further, ISO 14971 requires benefit-risk analysis:
Risksheet columns for benefit-risk workflow:
- Additional Controls Possible (yes/no)
- Benefit-Risk Justification (narrative)
- Benefit-Risk Result (decision)
Severity and Probability Enumerations
Risk Level depends on two input enumerations:
Severity Scale (ISO 14971)
See Harm Severity for medical device risk context.
| Severity | Clinical Definition | Example | Risk Level Impact |
|---|
| Negligible | No injury or minor first aid | Minor skin irritation | Lowest risk |
| Minor | Minor medical intervention required | Small laceration needing bandaging | Low risk with high probability |
| Serious | Medical intervention + ongoing care required | Fracture requiring casting and PT | Medium risk threshold |
| Critical | Life-threatening or permanent injury | Internal bleeding, organ failure | High risk driver |
| Catastrophic | Death or multiple serious injuries | Multi-organ failure, death | Highest risk |
Probability Scale (ISO 14971 P1×P2 Model)
See Risk Probability for detailed calculation methodology.
| Probability | P1×P2 Range | Occurrence Rate | Meaning |
|---|
| 1 (Very Low) | 1–3 | ~1 in 100,000+ | Extremely unlikely |
| 2 (Low) | 4–8 | ~1 in 10,000–50,000 | Remote probability |
| 3 (Medium) | 9–15 | ~1 in 1,000–10,000 | Moderate probability |
| 4 (High) | 16–20 | ~1 in 100–1,000 | Likely to occur |
| 5 (Very High) | 21–25 | ≥1 in 100 | Highly likely |
Each factor (P1, P2) typically ranges 1–5. The product P1×P2 = 1 to 25, mapped to the five probability levels above. See Risk Probability for detailed enumeration definition. Risk Level in Document Workflows
HAZID/HARA Risk Assessment
In HAZID Risksheet, Risk Level is calculated from Severity (S0–S3) and Exposure/Controllability:
Risk Level in HAZID context maps to ASIL-driven safety goals.
FMEA Risk Assessment
In FMEA Risksheet, Risk Level is calculated from Severity (1–10), Occurrence (0–10), and Detection (0–10):
See Action Priority (H/M/L) for RPN thresholds.
Risk Control Plan Workflow
In Risk Control Plan Risksheet (ISO 14971), Risk Level drives control acceptance:
Risk Control Plan risksheet uses named views to guide workflow:
- Identify Risks — Initial risk discovery (3 columns)
- Initial Evaluation — Severity and probability assessment (8 columns)
- Residual Evaluation — Post-control reassessment (10 columns)
- Measures — All columns (risk controls, verification, benefit-risk)
Risk Level Decision Matrix (Visual Reference)
Implementation in Risksheet JSON
Risk Level is implemented in risksheet configuration using Velocity formulas and JavaScript decorators:
Configuration Example (Risk Control Plan):
{
"columns": [
{
"id": "finalRisk",
"title": "Risk Level",
"type": "calculated",
"formula": "=riskValueFinal()",
"decorator": "riskStyle(value)",
"description": "Final risk acceptance decision"
}
],
"decorators": {
"riskStyle": "function(value) { return ['rpn1','rpn2','rpn3','rpn4'][value-1]; }"
}
}
#set($riskDistribution = $itemService.listItems('riskRecord'))
#foreach($risk in $riskDistribution)
#set($riskLevel = $risk.finalRisk.name)
#if($riskLevel == 'Acceptable')
<span class="status-green">✓ Acceptable</span>
#elseif($riskLevel == 'ALARP')
<span class="status-yellow">⚠ ALARP</span>
#elseif($riskLevel == 'Unacceptable')
<span class="status-orange">✗ Unacceptable</span>
#elseif($riskLevel == 'Unacceptable High')
<span class="status-red">‼ Unacceptable High</span>
#end
#end
Risk Level Properties Reference
| Property | Type | Default | Usage Context |
|---|
| name | String | — | Display label (Acceptable, ALARP, Unacceptable, etc.) |
| sortOrder | Integer | 0–3 | Numeric sort order (0=Acceptable, 3=Unacceptable High) |
| color | Hex | Varies | Risksheet cell background CSS color |
| icon | String | SVG | Dashboard and status display |
| requiresAcceptance | Boolean | false | Workflow gate (true for Unacceptable, Unacceptable High) |
| requiresJustification | Boolean | true | ALARP requires documented benefit-risk analysis |
See Also
