By the end, you will have one fully scored risk record demonstrating the ISO 14971 risk assessment workflow.
Prerequisites
This tutorial uses the Smart Infusion Pump as the reference device. The same workflow applies to any medical device configured in the solution.
Step 1: Open the HARA Risksheet
- From the sidebar favorites, click Risksheets
- In the document browser, locate and open HARA-ANALYSIS in the Risks space
- The risksheet loads with columns organized into groups: Use Step, Hazard, Hazardous Situation, Harm, Pre-Mitigation, Risk Controls, Post-Mitigation, and Benefit-Risk
You can also navigate directly to the HARA by clicking the green “Open HARA Analysis Sheet” link on the project home dashboard.
Step 2: Identify the Hazard Chain
Each HARA row captures a chain from a use step through a hazard to a potential harm. The risksheet uses a 4-level hierarchy:
- Click the Add row button (or use the keyboard shortcut) to create a new risk record
- In the Use Step column, click the cell and select an existing use step from the picker (e.g., “Patient sets infusion rate via keypad”)
- In the Hazard column, select a hazard from the Hazards Catalog (e.g., “Electrical Energy” from the Energy taxonomy)
- In the Hazardous Situation column, type a description: “Excessive current delivered to patient during infusion”
- In the Harm column, select a harm from the Standard Harms catalog (e.g., “Electrical shock injury”)
The linked harm carries a severity value (1-5) that populates automatically. In this example, “Electrical shock injury” has severity 4 (Critical).
Step 3: Evaluate Pre-Mitigation Risk
The solution uses the ISO 14971 P1 x P2 probability model:
| Parameter | Meaning | Your Entry |
|---|
| P1 (Hazard Probability) | How likely is the hazardous situation? | 3 — Possible |
| P2 (Harm Probability) | Given the situation, how likely is harm? | 4 — Frequent |
| P (Combined) | P1 x P2 = 12, bucketed to level 3 (Medium) | Auto-calculated |
| Severity | From linked harm | 4 — Critical (auto-populated) |
- Set P1 to “Possible” (value 3)
- Set P2 to “Frequent” (value 4)
- The risksheet auto-calculates P = 3 x 4 = 12, which falls in the 9-15 bucket = Medium (3)
- The Pre-Risk cell displays the result from the 5x5 risk matrix: Unacceptable (red)
P1 and P2 default to “Unanalyzed” (value 0). The risk calculation returns null until both probabilities are set to a value of 1 or higher.
Step 4: Assign a Risk Control
Now reduce the risk by linking a control measure:
- In the Risk Controls column group, click the cell to open the risk control picker
- The picker shows risk controls from the RiskControlPlan document in the Risks space
- Select an existing control (e.g., “Current-limiting circuit with hardware cutoff”) or create a new one
- The risk control has a type following the ISO 14971 hierarchy:
- Inherent Safety by Design (highest priority)
- Protective Measure
- Information for Safety (lowest priority)
For a current-limiting circuit, select type: Inherent Safety by Design.
Step 5: Evaluate Residual Risk (Post-Mitigation)
With the risk control in place, re-evaluate the probability:
- Set P1 Post to “Very unlikely” (value 1) — the hardware cutoff makes the situation much less likely
- Set P2 Post to “Occasional” (value 2) — if the situation occurs, harm is less probable due to the cutoff
- The risksheet calculates P Post = 1 x 2 = 2, bucketed to level 1 (Very Low)
- Post-Risk displays: Acceptable (green)
Step 6: Review the Final Risk
If the post-mitigation risk is Acceptable, the Final Risk column auto-populates to Acceptable and no benefit-risk analysis is needed.
If the residual risk were still Investigation or Unacceptable, you would need to:
- Set Additional Controls Possible to “No”
- Enter a Benefit description explaining why the medical benefit outweighs the residual risk
- Set Benefit-Risk Result to “Benefit Acceptable” or “Benefit Not Acceptable”
- The Final Risk formula evaluates the decision tree and sets the classification accordingly
Verification
Your completed risk record should show:
| Column | Value |
|---|
| Use Step | Patient sets infusion rate via keypad |
| Hazard | Electrical Energy |
| Hazardous Situation | Excessive current delivered to patient during infusion |
| Harm | Electrical shock injury (Severity: 4) |
| Pre-Risk | Unacceptable (red) |
| Risk Control | Current-limiting circuit (Inherent Safety) |
| Post-Risk | Acceptable (green) |
| Final Risk | Acceptable (green) |
Row headers in the risksheet are color-coded by the final risk value: green for Acceptable, amber for Investigation, red for Unacceptable, and purple for Benefit-Risk Acceptable.
Next Steps
