Skip to main content

What is the Medical Device Safety Solution?

The Medical Device Safety Solution is a pre-configured Polarion ALM project template that implements ISO 14971:2019 risk management for medical devices. It uses Nextedy risksheet for structured risk analysis (HARA and DFMEA) and Nextedy powersheet for requirements traceability matrix (RTM) navigation. The solution replaces Excel-based risk management with a structured, audit-ready environment that provides real-time traceability between hazards, requirements, risk controls, and verification activities.

What standards does the solution support?

The solution primarily implements ISO 14971:2019 (Medical devices — Application of risk management to medical devices). It also aligns with:
  • IEC 60601 — Hazard taxonomy based on the IEC 60601 classification of electrical, thermal, mechanical, and other hazard types
  • IEC 62366 — Human factors support through perceptionError and cognitionError fields on failure modes
  • ISO 13485 — Quality management system support via the document workflow with electronic signatures

What is the difference between risksheet and powersheet?

Featurerisksheetpowersheet
PurposeRisk analysis editing (HARA, DFMEA, PFMEA, Risk Control Plan)Requirements Traceability Matrix (RTM) navigation
URL pattern/risksheet?document=.../powersheet?document=...
Data typesriskRecord, failureMode, riskControluserNeed, sysReq, desReq, testCase
Key featureFormula-computed risk levels, P1xP2 probabilityV-model relationship navigation, pick constraints
Both are Nextedy products that run inside Polarion ALM. They share the same project configuration (.polarion/context.properties) but serve different roles in the risk management workflow.

What risk analysis methodologies are supported?

The solution supports three risk analysis methodologies, each with its own risksheet configuration:
  1. HARA (Hazard Analysis and Risk Assessment) — ISO 14971 Clause 5-8. Uses a 4-level hierarchy (Use Step > Hazard > Event > Harm) with P1xP2 probability model and 5x5 risk acceptability matrix.
  2. DFMEA (Design Failure Mode and Effects Analysis) — Analyzes how design functions can fail. Uses RPN scoring (Severity x Occurrence x Detection) with pre/post-mitigation evaluation.
  3. PFMEA (Process Failure Mode and Effects Analysis) — Analyzes manufacturing process failures. Similar to DFMEA but operates on process steps instead of design functions.
Additionally, a Risk Control Plan risksheet manages all risk controls with their type classification (inherent safety design, protective measure, information for safety).

How is risk calculated in the HARA?

Risk in the HARA uses a two-factor probability model per ISO 14971:
  • P1 (Hazard Probability): How likely is the hazardous situation? (scale 1-5)
  • P2 (Harm Probability): Given the hazardous situation, how likely is harm? (scale 1-5)
  • Combined Probability P: bucket(P1 x P2), mapped to 5 buckets
  • Risk Level: Determined by a 5x5 matrix of P (combined probability) vs. S (harm severity)
The three possible risk levels are: Acceptable, Investigation Required, and Unacceptable. See Risk Matrix and P1xP2 Probability Model for the full explanation.

How many work item types are in the solution?

The solution configures 16 work item types across 6 domains:
DomainTypes
RequirementsuserNeed, sysReq, useStep, systemElement
DesigndesReq, function
Riskhazard, harm, riskRecord, failureMode, cause, riskControl
TestingtestCase
ProcessprocessStep, task
Change ManagementchangeRequest, defect
See Work Item Types for detailed field definitions.

Where do I find the project navigation shortcuts?

The sidebar provides 6 quick-access shortcuts:
  1. Home — Project home dashboard
  2. Risksheets — Risksheet document browser
  3. HARA Report — ISO 14971 HARA Report
  4. Risk Matrix Report — 5x5 risk distribution matrices
  5. RTM Sheet — Whole RTM powersheet (cross-cutting traceability)
  6. DFMEA Summary Report — Executive DFMEA overview
These are configured in .polarion/portal/default_project_favorite_shortcuts.xml.

How are hazards and harms managed?

Hazards and harms are managed as catalog items stored in dedicated Polarion documents:
CatalogDocumentCountPurpose
Hazards CatalogRisks/Catalogs/HazardsCatalog68 hazardsIEC 60601-aligned hazard taxonomy
Standard HarmsRisks/Catalogs/Standard-Harms25 harmsStandardized harm definitions with severity
These catalogs are pre-populated with industry-standard entries. Risk records link to catalog items via hasHazard and hasHarm link roles rather than duplicating hazard/harm data.

What is the project space structure?

The solution organizes content across 4 main spaces with 2 sub-spaces:
SpaceContentDashboard
RequirementsUSER-NEEDS, USE-STEPS, SYSTEM-ELEMENTS, SRS-* documentsDocument listing (systemRequirementsSpecification type)
DesignDRS-*, *-Functions documentsDocument listing (designRequirementsSpecification type)
RisksHARA-ANALYSIS, FMEA-, DFMEA-, RiskControlPlanMinimal (uses risksheet browser)
TestingSystemReqsVerification-, DesignReqsVerification-, UserNeedsValidationMinimal
Catalogs (sub-space of Risks)HazardsCatalog, Standard-HarmsMinimal
RiskTemplates (sub-space of Risks)HARATemplate, DFMEATemplate, PFMEATemplate, RiskControlPlanTemplateMinimal

How do I get help or support?

The solution includes a support booking link on the Project Home Dashboard:
Book a short session to walk through your use case: https://go.nextedy.com/meet
The Documentation space also contains a redirect to the Nextedy powersheet support portal at go.nextedy.com/powersheet-support-portal.