What Problem Does This Solve?
Medical device manufacturers typically manage risk in disconnected spreadsheets. This creates three problems that grow worse as products mature:- Traceability gaps: Spreadsheet cells cannot link to requirements, test cases, or risk controls in real time. Auditors must manually cross-reference documents.
- Stale data: When requirements change, spreadsheet risk assessments do not update. Risk evaluations drift from the actual design state.
- Audit burden: Generating a Design History File (DHF) risk report requires manual extraction, formatting, and reconciliation across multiple documents.
How the Solution Works
- Polarion LiveDoc manages requirements specifications (user needs, system requirements, design requirements) and test specifications (verification and validation)
- Nextedy Risksheet provides the spreadsheet-like editing interface for HARA, DFMEA, PFMEA, and Risk Control Plan documents with formula-driven risk calculations
- Nextedy Powersheet displays interactive traceability matrices (RTM) and verification/validation sheets that pull live data across all document types
What the Solution Includes
The project template provisions a complete, production-ready environment:| Category | Contents |
|---|---|
| Spaces | 8 organized spaces: Requirements, Design, Risks, Testing, Catalogs, RiskTemplates, Documentation, _default |
| Work Item Types | 16 types spanning requirements, risk, design, testing, and change management |
| Link Roles | 18 constrained traceability relationships enforcing ISO 14971 structure |
| Risk Templates | 4 risksheet templates: HARA, DFMEA, PFMEA, Risk Control Plan |
| Catalogs | 68 hazards (4-level IEC 60601 taxonomy) and 25 standard harms with severity |
| PowerSheet Configs | 7 configurations: Whole RTM, Component RTM, 3 verification sheets, Use Steps, Process Steps |
| Reports | 3 automated Velocity reports: ISO 14971 HARA Report, Risk Matrix, DFMEA Summary |
| Reference Device | Smart Infusion Pump with 6 subsystems and 29 components as working example data |
Dual Risk Analysis
The solution supports two parallel risk analysis methods that cross-reference each other:- HARA (ISO 14971): Risk Record-centric analysis using the P1 x P2 probability model and a 5x5 severity matrix. Three-level classification: Acceptable, Investigation, Unacceptable. Includes benefit-risk analysis for residual risks per Clause 7.2.
- DFMEA (AIAG VDA): Failure Mode-centric analysis using Severity x Occurrence x Detection = RPN scoring. Five-level color-coded severity from Negligible (green) to Critical (red).
analyzedIn relationship, providing cross-methodology traceability.
For details, see Dual Risk Methodology: HARA and DFMEA.
Risksheet-Only Editing
Risk records and failure modes are configured as fully read-only in the standard Polarion work item form. All editing happens through Nextedy Risksheet. This design ensures:- Formula consistency (P1xP2 bucketing and RPN calculations are always applied)
- Structured data entry (enumeration pickers enforce valid values)
- Audit trail integrity (all changes flow through a single editing interface)
Compliance Evidence
The solution generates three automated reports from live Polarion data, eliminating manual DHF preparation:- ISO 14971 HARA Report: Complete risk assessment with chapter numbering, all custom fields, print-ready formatting
- Risk Matrix Report: Pre/post-mitigation 5x5 risk distribution with conditional alert boxes
- DFMEA Summary Report: Executive-level failure analysis statistics by subsystem
type:riskRecord and type:failureMode across the entire project, so they always reflect the current state of the risk analysis.
Related Concepts
- ISO 14971 Risk Management Coverage — Clause-by-clause standards mapping
- Data Model and Work Item Types — The complete entity taxonomy
- V-Model Traceability Chain — End-to-end traceability structure