Skip to main content

Overview

Risk Level synthesizes two independent risk parameters — severity of potential harm and probability of occurrence — into a single categorical classification that drives risk acceptance decisions and mitigation prioritization. The enumeration supports both:
  • ISO 26262 HARA workflow: ASIL-based risk classification for functional safety hazards
  • ISO 14971 Risk Control Plan workflow: Harm severity × risk probability matrix for medical device risk management
  • FMEA workflows: Action Priority-driven risk categorization for design and process failure modes
Risk Level and ASIL serve different purposes. ASIL (Automotive Safety Integrity Level) is an ISO 26262 functional safety classification determined by Severity × Exposure × Controllability. Risk Level is a general risk assessment outcome determined by Severity × Probability and used across ISO 14971, HAZID, and FMEA analyses.

Risk Level Enumeration Values

ValueDisplayColor CodeIconRisk AcceptanceMitigation RequiredUse Cases
Acceptable✅ Green#4CAF50Yes (as-is)NoResidual risk post-mitigation; FMEA Action Priority = Low
ALARP⚠️ Yellow#FFC107ConditionalProportionalAcceptable only with documented benefit-risk analysis
Unacceptable❌ Orange#FF9800NoYes (mandatory)Initial risk requiring control implementation
Unacceptable HighRed#F44336NoYes (urgent)Critical risk requiring immediate action
ALARP (As Low As Reasonably Practicable) risk acceptance requires documented benefit-risk analysis per ISO 14971:2019. Do not accept ALARP risk without recorded justification in the Benefit-Risk Justification column.

Risk Matrix Calculation

Risk Level is computed by combining Severity and Probability using a standard automotive risk matrix:
                    Probability
                 1    2    3    4    5
    Severity 1 [Acc] [Acc] [Acc] [Acc] [ALARP]
    Severity 2 [Acc] [Acc] [Acc] [ALARP] [Unacc]
    Severity 3 [Acc] [Acc] [ALARP] [Unacc] [UaccH]
    Severity 4 [Acc] [ALARP] [Unacc] [UaccH] [UaccH]
Legend:
  • [Acc] = Acceptable (green)
  • [ALARP] = ALARP (yellow)
  • [Unacc] = Unacceptable (orange)
  • [UaccH] = Unacceptable High (red)

ISO 14971 Two-Stage Probability Model

In Risk Control Plan risksheet, Risk Level uses a two-factor probability calculation:
Risk Probability = P1 × P2

where:
  P1 = Probability that hazardous situation occurs
  P2 = Probability that situation causes harm (given occurrence)
This multiplicative model distinguishes between:
  1. Frequency of occurrence — how often the hazardous situation arises
  2. Conditional harm probability — likelihood that harm results from the situation

FMEA Action Priority Mapping

In FMEA risksheets, Risk Level correlates to Action Priority:
Action PriorityRisk Priority Number (RPN)Risk LevelMitigation
H (High)RPN > 200Unacceptable HighMandatory immediate action
M (Medium)RPN 100–200UnacceptableMandatory control implementation
L (Low)RPN < 100ALARP or AcceptableOptional; document justification
RPN = Severity × Occurrence × Detection (S-O-D). TestAuto2 formulas compute RPN and map to Action Priority automatically via calculateActionPriority() JavaScript function.

Risk Level Integration Points

Risksheet Cell Styling

Risk Level controls conditional formatting in risksheet cells using the riskStyle() decorator function:
// Applied to risk value cells and row headers
riskStyle(finalRisk) → CSS class assignment

Classes:
  rpn1Green background (acceptable)
  rpn2Yellow background (ALARP)
  rpn3Orange background (unacceptable)
  rpn4Red background (unacceptable high)
Risksheet columns with Risk Level styling:
  • riskValuePre — Initial risk (pre-mitigation)
  • riskValuePost — Residual risk (post-mitigation)
  • finalRisk — Acceptance decision

Risk Control Linking

Risk Level determines risk control requirements:
Risk LevelControl Type OptionsControl Linkage
AcceptableOptional; document monitoringMay link to verification evidence
ALARPRecommended; must document justificationmitigates link required if control implemented
UnacceptableMandatory; document design choicemitigates link required before residual assessment
Unacceptable HighUrgent; may require design freeze impactmitigates link required; traceability chain mandatory
Risk Controls linked via mitigates role reduce probability or severity, triggering recalculation of residual Risk Level.

Benefit-Risk Analysis

When Risk Level cannot be reduced further, ISO 14971 requires benefit-risk analysis: diagram Risksheet columns for benefit-risk workflow:
  • Additional Controls Possible (yes/no)
  • Benefit-Risk Justification (narrative)
  • Benefit-Risk Result (decision)

Severity and Probability Enumerations

Risk Level depends on two input enumerations:

Severity Scale (ISO 14971)

See Harm Severity for medical device risk context.
SeverityClinical DefinitionExampleRisk Level Impact
NegligibleNo injury or minor first aidMinor skin irritationLowest risk
MinorMinor medical intervention requiredSmall laceration needing bandagingLow risk with high probability
SeriousMedical intervention + ongoing care requiredFracture requiring casting and PTMedium risk threshold
CriticalLife-threatening or permanent injuryInternal bleeding, organ failureHigh risk driver
CatastrophicDeath or multiple serious injuriesMulti-organ failure, deathHighest risk

Probability Scale (ISO 14971 P1×P2 Model)

See Risk Probability for detailed calculation methodology.
ProbabilityP1×P2 RangeOccurrence RateMeaning
1 (Very Low)1–3~1 in 100,000+Extremely unlikely
2 (Low)4–8~1 in 10,000–50,000Remote probability
3 (Medium)9–15~1 in 1,000–10,000Moderate probability
4 (High)16–20~1 in 100–1,000Likely to occur
5 (Very High)21–25≥1 in 100Highly likely
Each factor (P1, P2) typically ranges 1–5. The product P1×P2 = 1 to 25, mapped to the five probability levels above. See Risk Probability for detailed enumeration definition.

Risk Level in Document Workflows

HAZID/HARA Risk Assessment

In HAZID Risksheet, Risk Level is calculated from Severity (S0–S3) and Exposure/Controllability: diagram Risk Level in HAZID context maps to ASIL-driven safety goals.

FMEA Risk Assessment

In FMEA Risksheet, Risk Level is calculated from Severity (1–10), Occurrence (0–10), and Detection (0–10): diagram See Action Priority (H/M/L) for RPN thresholds.

Risk Control Plan Workflow

In Risk Control Plan Risksheet (ISO 14971), Risk Level drives control acceptance: diagram
Risk Control Plan risksheet uses named views to guide workflow:
  1. Identify Risks — Initial risk discovery (3 columns)
  2. Initial Evaluation — Severity and probability assessment (8 columns)
  3. Residual Evaluation — Post-control reassessment (10 columns)
  4. Measures — All columns (risk controls, verification, benefit-risk)

Risk Level Decision Matrix (Visual Reference)

diagram

Implementation in Risksheet JSON

Risk Level is implemented in risksheet configuration using Velocity formulas and JavaScript decorators: Configuration Example (Risk Control Plan):
{
  "columns": [
    {
      "id": "finalRisk",
      "title": "Risk Level",
      "type": "calculated",
      "formula": "=riskValueFinal()",
      "decorator": "riskStyle(value)",
      "description": "Final risk acceptance decision"
    }
  ],
  "decorators": {
    "riskStyle": "function(value) { return ['rpn1','rpn2','rpn3','rpn4'][value-1]; }"
  }
}
Velocity Template Example (Dashboard):
#set($riskDistribution = $itemService.listItems('riskRecord'))
#foreach($risk in $riskDistribution)
  #set($riskLevel = $risk.finalRisk.name)
  #if($riskLevel == 'Acceptable')
    <span class="status-green">✓ Acceptable</span>
  #elseif($riskLevel == 'ALARP')
    <span class="status-yellow">⚠ ALARP</span>
  #elseif($riskLevel == 'Unacceptable')
    <span class="status-orange">✗ Unacceptable</span>
  #elseif($riskLevel == 'Unacceptable High')
    <span class="status-red">‼ Unacceptable High</span>
  #end
#end

Risk Level Properties Reference

PropertyTypeDefaultUsage Context
nameStringDisplay label (Acceptable, ALARP, Unacceptable, etc.)
sortOrderInteger0–3Numeric sort order (0=Acceptable, 3=Unacceptable High)
colorHexVariesRisksheet cell background CSS color
iconStringSVGDashboard and status display
requiresAcceptanceBooleanfalseWorkflow gate (true for Unacceptable, Unacceptable High)
requiresJustificationBooleantrueALARP requires documented benefit-risk analysis

See Also