Also, it?s important to note some differences between the ISO 14971 process and the risk management required by IEC 62366 (and IEC 62366-1).
The "full" risk management from ISO 14971 requires the analysis, evaluation and control of risks, and risk needs to be analyzed, as the definition, based on severity and probability.
Another important aspect is use error. Use error is a kind of "failure". Failures are not a problem in itself, they lead to a problem. Speaking in ISO 14971 terms, failures are part of the sequence of events that leads to a hazardous situation (but are never the hazard situation itself). Use errors follow the same principles (although, in the case of use errors, some may be a hazardous situation).
Going back to the differences, there?s no known method to estimate the probability of use errors. So it?s not possible to estimate the probability of the hazardous situation (P1), and thus the usability engineering process do not require that the probability of the risk (which is P1xP2) to be estimated, only the severity. Also, there?s no need to evaluate the risk. The rationale is that, as we cannot predict the probability of use error, it?s better to treat (control) all use errors that led to hazardous situation.
So, the requirement is that, for any safety-related use error, the user interface design has to include requirements related to them.
Which means, in practice, that you only perform part of the full ISO 14971 RM process for user error-related risk management.
This can be seen in the comparison table between ISO 14971 and IEC 62366 that in the annex of the standards