A

#### Agent J

I’m working to update my company’s risk management procedures for our medical device software. I’ve reviewed IEC 80002-1 and I’m not certain how to best integrate the guidance from 4.4.3 Probability.

In our current procedure, we estimate the severity and probability each on a scale of 1-5 and compare the results to a chart to determine if the risk requires risk controls. The higher the probability the less tolerant we are of a given severity. When considering the risk of an anomaly, IEC 80002-1 states that the risk should be considered based on severity alone. Is it common to base the judgment of severity as we might if the probability were the maximum, the minimum, or somewhere in between?

In our current procedure, we estimate the severity and probability each on a scale of 1-5 and compare the results to a chart to determine if the risk requires risk controls. The higher the probability the less tolerant we are of a given severity. When considering the risk of an anomaly, IEC 80002-1 states that the risk should be considered based on severity alone. Is it common to base the judgment of severity as we might if the probability were the maximum, the minimum, or somewhere in between?

Last edited by a moderator: