Prerequisites
- Risk controls assigned to hazardous situations (see Assign Risk Controls to Hazards)
- Understanding of the P1 x P2 probability model (see Risk Matrix and P1xP2 Probability Model)
Residual Risk in the ISO 14971 Workflow
Residual risk evaluation is the critical step that determines whether your risk controls are effective enough — or whether additional measures, including benefit-risk analysis, are required.
Step 1: Switch to the Residual Evaluation View
- Open your HARA document in risksheet mode
- Select the Residual Evaluation view — this shows 12 columns including post-mitigation probabilities and benefit-risk fields
- Confirm you see both the pre-mitigation and post-mitigation column groups for comparison
Step 2: Assign Post-Mitigation P1 (Hazard Probability)
For each risk record with assigned controls, update the post-mitigation P1 value:- Click the P1 Post (
postHazardProbability) cell - Select the probability level reflecting conditions after risk controls are in place:
| P1 Value | Label | Frequency |
|---|---|---|
| 1 | Very unlikely | <= 1/100,000 |
| 2 | Unlikely | <= 1/10,000 |
| 3 | Possible | <= 1/1,000 |
| 4 | Likely | <= 1/100 |
| 5 | Very likely | <= 1/1 |
Step 3: Assign Post-Mitigation P2 (Harm Probability)
Update the post-mitigation P2 value:- Click the P2 Post (
postHarmProbability) cell - Select the probability level for harm occurrence given the hazardous situation, after controls:
| P2 Value | Label | Percentage |
|---|---|---|
| 1 | Rare | <= 5% |
| 2 | Occasional | 6-25% |
| 3 | Probable | 26-75% |
| 4 | Frequent | 76-95% |
| 5 | Almost certain | >= 96% |
Step 4: Review the Post-Mitigation Combined Probability
The risksheet automatically calculates the post-mitigation combined probability using the same P1 x P2 bucketing algorithm:| P1 x P2 Product | Combined P |
|---|---|
| 1-3 | 1 (Remote) |
| 4-8 | 2 (Low) |
| 9-13 | 3 (Moderate) |
| 14-18 | 4 (High) |
| 19-25 | 5 (Very high) |
postControlProbability column updates automatically.
Step 5: Review the Residual Risk Level
The Post-Risk Level (postRisk) column shows the residual risk classification:
| Post-Risk Level | Color | Required Action |
|---|---|---|
| Acceptable | Green | Risk is tolerable. Proceed to final risk determination. |
| Investigation | Amber | Further analysis needed. Consider additional controls or benefit-risk analysis. |
| Unacceptable | Red | Residual risk is still too high. Apply additional risk controls or redesign. |
Step 6: Compare Pre and Post Risk
Use the Residual Evaluation view to compare initial and residual risk side by side:- Verify that post-mitigation probability is equal to or lower than pre-mitigation
- Confirm that at least one factor (P1 or P2) has been reduced by the applied controls
- Severity does not change — it is an inherent property of the linked harm
Harm severity is read from the linked Harm work item and cannot be changed by risk controls. Risk reduction works exclusively through probability reduction (P1 and/or P2).
What Happens Next
Based on the residual risk level:- Acceptable — Proceed to document final risk. The
finalRiskfield will be set to Acceptable automatically. - Investigation — Determine whether additional controls are possible. If not, perform a Benefit-Risk Analysis per ISO 14971 Clause 7.4.
- Unacceptable — Return to Assign Risk Controls and apply additional measures.
- If
postRisk= Acceptable —>finalRisk= Acceptable - If
additionalControlsPossibleis not “No” —>finalRisk= Unacceptable (must exhaust controls first) - If
riskBenefitResult= “Benefit > Risk” —>finalRisk= Benefit-Risk Acceptable - Otherwise —>
finalRisk= Unacceptable
Sources
Sources
HARA risksheet configuration (
HARATemplate/risksheet.json), risk record custom fields (riskRecord-custom-fields.xml), HARA top panel formulas (risksheetTopPanel.vm), P1 probability scale (pOccurrence-enum.xml), P2 probability scale (p2Occurrence-enum.xml), final risk enumeration (finalRisk-enum.xml).