# Risk Acceptability Criteria - Probability and Acceptability Level

#### alimary15

##### Involved In Discussions
Good afternoon,

My problem/doubt is the following:

We have a medical device ( I will call it System) which is composed by different sub-systems, which are also medical devices.
Each sub-system can be seen as an indipendent product (Software in most cases) which comes with its own risk management plan and risk acceptability matrix and criteria.

The System is looking at the integration of these sub-systems and also for the System a risk matrix, with related risk acceptability criteria, is defined.

My doubt is the following: how to handle at system level different acceptability criteria that might come from different sub-units?

My guts tell me that we always have to consider the most critical acceptability level but I am not sure if this is right.

I believe that the scale of probability and severity should not change , because the probability is always a number from zero to one and should have the same meaning for all the products. However, I wonder how different level of acceptability criteria for two risks that are rated with same P and S can be assessed.

Do you have any experience or suggestion in how such cases could be handled?

Thanks so much for your help!

#### Bev D

##### Heretical Statistician
Staff member
Super Moderator
Good afternoon,

My problem/doubt is the following:

We have a medical device ( I will call it System) which is composed by different sub-systems, which are also medical devices.
Each sub-system can be seen as an indipendent product (Software in most cases) which comes with its own risk management plan and risk acceptability matrix and criteria.

The System is looking at the integration of these sub-systems and also for the System a risk matrix, with related risk acceptability criteria, is defined.

My doubt is the following: how to handle at system level different acceptability criteria that might come from different sub-units?
hmmm. I always provide an assessment of any failure mode/risk for components at both the component AND system level. could you give us an example of what you are concerned with?

My guts tell me that we always have to consider the most critical acceptability level but I am not sure if this is right.
well yes you need to address the most critical somehow. but I think is in the context that you cannot simply address the lower risks while ignoring the higher risks...some failure modes will have several effects and if we only address the worst effect we are not assured that the slightly less (yet still serious) risks will be addressed. does that make sense?

I believe that the scale of probability and severity should not change , because the probability is always a number from zero to one and should have the same meaning for all the products. However, I wonder how different level of acceptability criteria for two risks that are rated with same P and S can be assessed.
hmm, in general items with the same probability and severity should have the same acceptability criteria. Perhaps if you give us an example of this dilemma it will help. I can see where two items having the same Probability and Severity would land on different sides of the acceptability criteria based on cost to mitigate vs cost of the total number of occurrences...(usually this happens when the probability is low and/or the severity is low...

How to create the Policy for determining criteria for Risk Acceptability ISO 14971 - Medical Device Risk Management 11
A Correlating Hazard Analysis and DFMEA Risk Acceptability Criteria FMEA and Control Plans 8
T Defining Criteria for Risk Acceptability - ISO 14971 Clause 3.2 ISO 14971 - Medical Device Risk Management 4
Risk acceptability alignment between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 6
Rationale for Risk Acceptability Matrix - ISO 14971 ISO 14971 - Medical Device Risk Management 9
Is risk acceptability really needed if all risks must be reduced as far as possible? ISO 14971 - Medical Device Risk Management 6
K What is the policy for Risk Acceptability per ISO 14971 ISO 13485:2016 - Medical Device Quality Management Systems 2
ISO 14971 Clause 7 - Evaluation of Overall Residual Risk Acceptability ISO 14971 - Medical Device Risk Management 3
B Residual Risk Acceptability - Where do I get this Data/Figures from? CE Marking (Conformité Européene) / CB Scheme 9
A How to Rate a Risk Acceptability and on What Basis is it Measured? ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 7
AS9102 - 3D printing a special tool required for assembly (counterfeit risk?) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
Defining risk control measures IEC 62304 - Medical Device Software Life Cycle Processes 13
Supply risk management Manufacturing and Related Processes 4
Biological Evaluation (10993) & Risk Management ISO 14971 - Medical Device Risk Management 9
Cybersecurity and Risk Management: Loss of confidentiality IEC 62304 - Medical Device Software Life Cycle Processes 4
FMEA and Risk assessment in Microsoft Access FMEA and Control Plans 6
Realization processes input into overall risk ISO 14971 - Medical Device Risk Management 2
Need Help With Information Security Asset Risk Register IEC 27001 - Information Security Management Systems (ISMS) 2
Post Market/Production Risk Assessment ISO 14971 - Medical Device Risk Management 0
Risk Management Review ISO 14971 - Medical Device Risk Management 4
Low risk IVD study in the UK, do I need MHRA approval? UK Medical Device Regulations 1
Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
ISO 27001 for Jumb Burger - Risk Assessment sheet IEC 27001 - Information Security Management Systems (ISMS) 11
Risk Assessment Tools ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
Examples to mitigate risk from Covid ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Risk of stopping your customer's line IATF 16949 - Automotive Quality Systems Standard 4
Risk Matrix vs FMEAs ISO 14971 - Medical Device Risk Management 11
IVD risk class II devices for Brazil and MDSAP Other Medical Device Regulations World-Wide 0
ISO 14971:2019: Criteria for overall residual risk ISO 14971 - Medical Device Risk Management 11
ISO14971:2019 - Verification of implementation and effectiveness of risk control ISO 14971 - Medical Device Risk Management 3
Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
Traceability of requirements to design and risk Design and Development of Products and Processes 3
Risk control measures as per ISO 14971 ISO 14971 - Medical Device Risk Management 6
Deciding whether or not pre-market clinical investigation is required for low risk device EU Medical Device Regulations 5
The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 4
Security Risk Assessment Tool IEC 27001 - Information Security Management Systems (ISMS) 0
21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
Contract Review and risk managment AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 2
Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
Threat/Vulnerability Catalogue for risk assessment IEC 27001 - Information Security Management Systems (ISMS) 4
Opportunity For Improvement vs Opportunity (Positive Risk) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
FOD Risk Assessment - What tools would you recommend for assessing FOD risk? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
Example of the Risk Template Document Control Systems, Procedures, Forms and Templates 1