Prerequisites
- A project created from the Medical Device Safety Solution template
- At least one risk analysis document (HARA or DFMEA) created
Understanding the Risk Control Plan
The Risk Control Plan is structurally different from HARA and FMEA documents:| Aspect | HARA/DFMEA/PFMEA | Risk Control Plan |
|---|---|---|
| Hierarchy | Multi-level (2-4 levels) | Single-level (flat list) |
| Primary work item | riskRecord / failureMode | riskControl |
| Direction | Identifies risks, links to controls | Lists controls, links back to risks |
| RPN/Risk formulas | Active (calculated columns) | Inherited but not used in columns |
| Editing | Risksheet required | Standard Polarion or risksheet |
Step 1: Open the Risk Control Plan Document
The solution includes a pre-configured Risk Control Plan atRisks/RiskControlPlan:
- Navigate to the Risks space
- Open RiskControlPlan
- The document was created from the RiskControlPlanTemplate
Step 2: Understand the Risksheet Layout
The Risk Control Plan risksheet has a minimal three-column layout:| Column | Binding | Description |
|---|---|---|
| Title | title | Name of the risk control measure (250px width) |
| Risk Control Type | riskControlType | ISO 14971 control classification |
| Risk Records | multiItemLink (mitigates role) | Linked riskRecord work items |
Step 3: Add Risk Controls
For each risk control measure:- Open the Risk Control Plan in risksheet (or in the standard Polarion document view)
- Add a new riskControl work item
- Set the Title to a descriptive name (e.g., “Over-pressure Relief Valve”)
- Set the Risk Control Type per the ISO 14971 hierarchy:
| Type | ID | Priority | Description |
|---|---|---|---|
| Inherent Safety by Design | InherentSafetyDesign | 1 (highest) | Eliminate the hazard through design changes |
| Protective Measure | ProtectiveMeasure | 2 | Physical barriers, guards, interlocks, or alarms |
| Information for Safety | InformationForSafety | 3 (lowest) | Labels, warnings, training, or instructions for use |
The
riskControlType field supports multiple values (multi='true'). A single risk control can be tagged with more than one type, though ISO 14971 typically treats these as a priority hierarchy — apply design controls first, then protective measures, then information for safety.Step 4: Link Risk Controls to Risk Records
Risk controls gain their traceability context through links: From the Risk Control Plan:- The Risk Records column shows all riskRecord items linked via the
mitigatesrole - This provides a reverse view: which risks does this control address?
- Risk controls appear as Task columns in the HARA sheet
- The HARA’s
dataTypes.taskreferencesRisks/RiskControlPlanas the target document - When you add a risk control in the HARA, it links to (or creates in) the Risk Control Plan
- Mitigation tasks in DFMEA/PFMEA also link to risk controls via the
mitigatesrole
Step 5: Verify Traceability
After linking risk controls, verify the traceability chain:- In the HARA risksheet: confirm the Risk Control column shows linked controls
- In the Risk Control Plan: confirm the Risk Records column shows linked risk records
- In the HARA risksheet Requirements column: verify that server-rendered traceability shows requirements linked to your risk controls
- In the HARA risksheet Verification column: verify the two-hop traversal shows test cases
Step 6: Configure Review Workflow
The Risk Control Plan follows the same document lifecycle as other risk documents:- Draft — initial editing and control definition
- In Review — send for review with automatic signer assignment
- Approved — at least one electronic signature from a project approver
- Published — released for use
reviewManager: CommentBased), enabling inline commenting directly in the risksheet.
Next Steps
- Assign Risk Controls to Hazards — link controls from the HARA perspective
- Evaluate Residual Risk — assess post-mitigation risk levels
- Risk Control Hierarchy — ISO 14971 risk control prioritization
- Risk Control Plan Configuration Reference — full column and formula details
Source References
Source References
Configuration:
modules/RiskTemplates/RiskControlPlanTemplate/attachments/risksheet.json | Document: modules/Risks/RiskControlPlan/module.xml | Fields: .polarion/tracker/fields/riskControl-custom-fields.xml | Enum: riskControlType-enum.xml