Risk management plan – Criteria for risk acceptability

May 22, 2014
Category: Uncategorized

The risk evaluation matrix

This section provides the framework that you will be using for the risk evaluation step in risk management.

Risk evaluation matrix

Example risk evaluation matrix from ISO 14971 for medical device.

The risk evaluation matrix should be based on the risk management policy, which very well may be a narrative description of how the organization looks on risk. That policy should then be translated into limits for acceptable and unacceptable risk and possibly risks that are acceptable but require special attention due to their relatively high risk (this can be risks that previously often were referred to as ALARP).

The matrix may have 3-10 steps on both the probability scale as well as the severity scale. I recommend using 3 to 5. More steps just make it more complicated.

I recommend using a green area for acceptable risk (ACC), a yellow area for risks that are bordering the unacceptable area (ACC*) and red area for unacceptable risk (N ACC).

The severity table

List the harms that are relevant to your product to assist coherent determination of severity. Below is an example:

Rating Definition Harms Value
Catastrophic Results in death Death 5
Critical Results in permanent impairment
or impairment requiring professional
medical intervention.
Arrythmia 4
Serious Results in injury or impairment
requiring professional medical
Broken limb 3
Minor Results in temporary injury or
impairment not requiring
professional medical intervention.
Bruises 2
Negligible Inconvenience or temporary
Pressure to hand 1



  • great mate