indubioush
Ah ha!
Fact 1: ISO 14971 defines risk as the combination of the probability of occurrence of harm and the severity of that harm.
Fact 2: This definition of risk does not mention "hazard" or "hazardous situation."
Fact 3: One harm could be caused by more than one hazard or hazardous situation.
Example: Using the example of stroke as the harm, let's list two associated hazards:
1. Patient noncompliance with anticoagulant medication
2. Implantable device causes blood coagulation
Discussion:
Many companies have hazard analysis documents in which they assign risk levels to individual hazards. Using the above examples:
1. Stroke due to noncompliance to meds: occurrence 2, severity 4, risk 3
2. Stroke due to device: occurrence 1, severity 4, risk 2
Is this really good enough to assess the probability of occurrence of harm and severity of the harm? Don't we really want to know the risk of stroke alone, not the risk of stroke based on a particular hazard?
Let's say there is a harm that is caused by 20 different hazards. Shouldn't this harm have a higher risk level than another harm with the same severity level but caused by only one hazard?
Please can you tell me how this is addressed in your risk management system. What is your denominator for your numeric risk levels? Is your risk per harm, per hazard, or per hazardous situation?
Fact 2: This definition of risk does not mention "hazard" or "hazardous situation."
Fact 3: One harm could be caused by more than one hazard or hazardous situation.
Example: Using the example of stroke as the harm, let's list two associated hazards:
1. Patient noncompliance with anticoagulant medication
2. Implantable device causes blood coagulation
Discussion:
Many companies have hazard analysis documents in which they assign risk levels to individual hazards. Using the above examples:
1. Stroke due to noncompliance to meds: occurrence 2, severity 4, risk 3
2. Stroke due to device: occurrence 1, severity 4, risk 2
Is this really good enough to assess the probability of occurrence of harm and severity of the harm? Don't we really want to know the risk of stroke alone, not the risk of stroke based on a particular hazard?
Let's say there is a harm that is caused by 20 different hazards. Shouldn't this harm have a higher risk level than another harm with the same severity level but caused by only one hazard?
Please can you tell me how this is addressed in your risk management system. What is your denominator for your numeric risk levels? Is your risk per harm, per hazard, or per hazardous situation?