ISO 14971 HARA Report

Report Structure

The report implements the full ISO 14971:2019 HARA documentation structure in a single Velocity template (~2,200 lines):

Section	Title	ISO 14971 Clause
1	Scope and Purpose of the Analysis	Clause 4
2	Risk Calculation Methodology	Clause 5
3	Definitions	ISO 14971:2019 terms
4	Summary of Identified Hazards and Harms	Clause 5
5	Pre-Mitigation Risk Distribution Matrix	Clause 5
6	Post-Mitigation Risk Distribution Matrix	Clause 7.1
7	Final Risk Distribution Matrix	Clause 8.3
8	Risk Acceptability Summary	Clause 8
9	Risk Control Measures Overview	Clause 7
10	Residual Risk Evaluation	Clause 8
11	Traceability	Clause 9
12	Compliance Statement	Clause 10

Three-Stage Risk Evaluation Pipeline

The report computes risk statistics at three stages, mapping directly to ISO 14971 clauses:

Risk level values by stage:

Stage	Possible Values
Pre-mitigation (`preRisk`)	Acceptable, Investigation, Unacceptable
Post-mitigation (`postRisk`)	Acceptable, Investigation, Unacceptable
Final risk (`finalRisk`)	Acceptable, Unacceptable, Benefit-Risk Acceptable

The benefitAcceptable value is unique to the final risk stage. It implements ISO 14971 Clause 7.4, where residual risk is justified by clinical benefit even when post-mitigation risk remains in the Investigation or Unacceptable zone.

Risk Calculation Methodology (Section 2)

Two-Factor Probability Model

The report documents the P1 x P2 probability approach:

P1 (Hazard Probability): probability of the hazardous situation occurring (scale 1-5, from pOccurrence enum)
P2 (Harm Probability): probability that the hazardous situation leads to harm (scale 1-5, from p2Occurrence enum)
Combined Probability P: bucket(P1 x P2), mapped to 5 buckets

Probability bucket mapping (P1 x P2 product to bucket):

Product Range	Bucket	Label
1-3	1	Very Low
4-8	2	Low
9-15	3	Medium
16-20	4	High
21-25	5	Very High

5x5 Risk Acceptability Matrix

The report renders a static 5x5 matrix defining risk acceptability criteria:

P \ S	1 Negligible	2 Minor	3 Serious	4 Critical	5 Catastrophic
5 Very High	Investigation	Unacceptable	Unacceptable	Unacceptable	Unacceptable
4 High	Acceptable	Investigation	Unacceptable	Unacceptable	Unacceptable
3 Medium	Acceptable	Investigation	Investigation	Unacceptable	Unacceptable
2 Low	Acceptable	Acceptable	Investigation	Investigation	Unacceptable
1 Very Low	Acceptable	Acceptable	Acceptable	Investigation	Investigation

Risk acceptability thresholds are hardcoded in the Velocity template, not read from configuration. Changes to acceptability criteria require template modification.

Executive Summary (Section 4)

The executive summary displays dashboard-style cards showing risk counts and percentages at each stage:

Pre-mitigation: Acceptable / Investigation / Unacceptable counts
Post-mitigation: Acceptable / Investigation / Unacceptable counts
Final risk: Acceptable / Benefit-Risk Acceptable / Unacceptable counts

Additionally lists all identified hazard categories from the analysis.

Risk Distribution Matrices (Sections 5-7)

Three 5x5 color-coded matrices visualize risk distribution:

Pre-mitigation (Section 5): Uses preHazardProbability and preHarmProbability fields
Post-mitigation (Section 6): Uses postHazardProbability and postHarmProbability fields
Final risk (Section 7): Includes benefit-risk analysis impact

Each matrix cell shows the count of risk records at that probability-severity intersection, color-coded:

Green: Acceptable
Orange: Investigation required
Red: Unacceptable

The post-mitigation matrix is completely hidden when no risk records have post-mitigation data, rather than showing an empty matrix.

Benefit-Risk Analysis (Section 7)

Section 7 includes three additional tables:

Table	Content
Benefit-Risk Impact	Counts risks justified by benefit analysis (`finalRisk = benefitAcceptable`)
Benefit-Risk Decision Map	Details for each benefit-justified risk: ID, description, post-risk, additional controls possible, benefit documentation, result, final decision
Unacceptable Final Risks	Action items for risks with `finalRisk = unacceptable`

Action item logic:

If additionalControlsPossible = yes: “Implement additional risk controls”
Otherwise: “Re-evaluate device design or benefit-risk justification”

Compliance Statement (Section 8)

The report concludes with an ISO 14971 compliance statement:

Success box (green): Displayed when no unacceptable final risks remain
Danger box (red): Displayed when unacceptable final risks exist, with regulatory action items

The compliance statement uses finalUnacceptableCount (not postUnacceptableCount). This means benefit-risk analysis can change a risk from non-compliant to compliant.

Data Sources

The report queries all work items of type:riskRecord in the project and resolves harm severity by traversing linked work items of type harm. Key fields consumed:

Field	Purpose
`preHazardProbability` / `preHarmProbability`	Pre-mitigation P1, P2
`postHazardProbability` / `postHarmProbability`	Post-mitigation P1, P2
`preRisk` / `postRisk` / `finalRisk`	Risk level at each stage
`additionalControlsPossible`	Whether further controls are feasible
`benefit`	Benefit-risk justification text
`riskBenefitResult`	Benefit-risk analysis outcome
`hazardousSituation`	Description of hazardous circumstance
`severity` (from linked harm)	Harm severity (1-5)

Technical Details

Property	Value
Page location	`.polarion/pages/spaces/_default/iso-14971-hara-report/page.xml`
Template type	Velocity script (~2,200 lines)
Sidebar shortcut	`wiki/iso-14971-hara-report`
CSS scope	`.hara-report-container`
Print support	`page-break-inside:avoid` on sections

Risk Matrix Report Dashboard — standalone risk matrix visualization
HARA Risksheet Configuration Reference — the risksheet that feeds this report
Risk Record (riskRecord) — field definitions for risk records
Harm Severity Levels — severity scale used in matrices
Risk Classification — risk level enum values

Getting Started

Concepts

How-To Guides

Reference

FAQ

Report Structure

Three-Stage Risk Evaluation Pipeline

Risk Calculation Methodology (Section 2)

Two-Factor Probability Model

5x5 Risk Acceptability Matrix

Executive Summary (Section 4)

Risk Distribution Matrices (Sections 5-7)

Benefit-Risk Analysis (Section 7)

Compliance Statement (Section 8)

Data Sources

Technical Details

Getting Started

Concepts

How-To Guides

Reference

FAQ

​Report Structure

​Three-Stage Risk Evaluation Pipeline

​Risk Calculation Methodology (Section 2)

​Two-Factor Probability Model

​5x5 Risk Acceptability Matrix

​Executive Summary (Section 4)

​Risk Distribution Matrices (Sections 5-7)

​Benefit-Risk Analysis (Section 7)

​Compliance Statement (Section 8)

​Data Sources

​Technical Details

​Related Pages

Report Structure

Three-Stage Risk Evaluation Pipeline

Risk Calculation Methodology (Section 2)

Two-Factor Probability Model

5x5 Risk Acceptability Matrix

Executive Summary (Section 4)

Risk Distribution Matrices (Sections 5-7)

Benefit-Risk Analysis (Section 7)

Compliance Statement (Section 8)

Data Sources

Technical Details

Related Pages