Risk Matrix Assessment
Use this type of risk ranking for your device hazard analysis following ISO 14971.
In order to maximise compatibility with client requirements, the risk matrix follows the UK NHS standard DCB 0160 implementation guide v4.2 and PD CEN ISO/TR 24971:2022 standards for assessing and categorizing risks.
Risk Assessment Matrix
The risk assessment is based on two primary factors:
- Likelihood (Qualitative Probability)
- Impact (Qualitative Severity)
Likelihood Levels
The following description is based on the UK NHS standard DCB 0160, implementation guide v4.2:
- Very High
- The risk is almost certain to occur in the current circumstances (greater than 90%)
- The risk is already occurring or is likely to occur more than once within the next 12 months
- High
- More than an even chance of occurring (greater than 50% but less than 90%)
- The risk could easily occur and is likely to occur at least once within the next 12 months
- Medium
- Could occur quite often (greater than 25% but less than 50%)
- There is an above average chance that the risk will occur at least once in the next 2 years
- Low
- Small likelihood but could happen (greater than 5% but less than 25%)
- The risk occurs infrequently and is unlikely to occur within the next 2 years
- Very Low
- Not expected to happen (less than 5%)
- Event would be a surprise
- The risk is conceivable but is only likely to occur in extreme circumstances
Impact Levels
Patient Safety Impact
- Minor
- Results in inconvenience or temporary discomfort
- Significant
- Results in temporary injury or impairment not requiring medical or surgical intervention
- Considerable
- Results in injury or impairment requiring medical or surgical intervention
- Major
- Results in permanent impairment or irreversible injury
- Catastrophic
- Results in death
Risk Assessment Outcomes
The matrix produces the following possible outcomes:
- Acceptable (Green)
- Risk is sufficiently controlled
- Regular monitoring should continue
- Mitigations are not a requirement, can be considered where reasonable
- Needs Control (Yellow)
- Additional controls or mitigations must be implemented
- Regular review and monitoring required
- Unacceptable (Red)
- Immediate action required
- Risk must be mitigated before proceeding
Risk Level Matrix
Likelihood vs Impact:
| Likelihood | Minor | Significant | Considerable | Major | Catastrophic |
|---|---|---|---|---|---|
| Very High | Needs Control | Needs Control | Unacceptable | Unacceptable | Unacceptable |
| High | Acceptable | Needs Control | Needs Control | Unacceptable | Unacceptable |
| Medium | Acceptable | Needs Control | Needs Control | Needs Control | Needs Control |
| Low | Acceptable | Acceptable | Needs Control | Needs Control | Needs Control |
| Very Low | Acceptable | Acceptable | Acceptable | Acceptable | Needs Control |
Standards Reference
- The likelihood and impact scale names are taken from the UK NHS standard DCB 0160, implementation guide v4.2
- The definitions of impact - patient safety are taken from PD CEN ISO/TR 24971:2022 Table 4 in section 5.5.5