Capable Risk for Jira
This documentation describes the risk assessment models available in the Jira “Capable Risk” field.
These models are designed to help evaluate and track risks according to industry standards, particularly focusing on medical device and healthcare IT system risks.
Available Models
Risk Matrix
The Risk Matrix model follows ISO 14971 for medical device risk management. It provides:
- A qualitative approach to risk assessment
- Combined evaluation of likelihood and impact
- Clear categorization of risks as Acceptable, Needs Control, or Unacceptable
- Alignment with UK NHS DCB 0160 and ISO/TR 24971:2022 standards
- Specific focus on patient safety impacts
CVSS
The CVSS model follows BS EN ISO/IEEE 11073-40101:2022 for security vulnerability assessment. It offers:
- A quantitative scoring system from 0.0 to 10.0
- Detailed evaluation of attack vectors and complexity
- Assessment of authentication requirements
- Analysis of confidentiality, integrity, and availability impacts
- Standardized vector string format for sharing assessments
Choosing a Model
- Use the Risk Matrix when:
- Performing medical device hazard analysis
- Following ISO 14971 requirements
- Needing to assess patient safety impacts
- Working with NHS or healthcare providers
- Use the CVSS model when:
- Assessing cybersecurity vulnerabilities
- Following ISO/IEEE 11073-40101 requirements
- Needing quantitative risk scores
- Sharing vulnerability assessments with other organizations
Both models provide structured approaches to risk assessment and are designed to comply with relevant medical device and healthcare IT standards.
Output Fields
The plugin creates several read-only fields in Jira that are automatically updated based on the risk assessment to provide a standardized way to track and share risk information for external consumption.