I'm having a little bit of trouble reconciling the flow between ISO 14971 and IEC 62304. My current approach is as follows:

1) Perform hazard analysis per 14971 - this entails 5 classes of probability (improbable to frequent) and 5 severities (Negligible to Critical).

2) Identify risk mitigations in the hazard analysis. Some of these are software tasks, some are software that is mitigating a hardware issue.

3) Take these upper level mitigations and pass them to the Software Risk Analysis (this is where we jump from 14971 to 62304)

4) In the SRA:

a) accept all of the above hazard analysis generated SW risk mitigations from above into a risk table

b) identify any other risks (specifications, SOUP, user, etc per 62304) not covered by the hazard analysis and add them to this risk table

c) create the pre- and post- mitigation severity table. This has a % likelihood and expects 3 severities (A, B, C).

Now comes the disconnect example. Let's say we have a 14971 based hazard analysis with a hazard having a prob/severity of Occasional / Major. It lists as a mitigation a software activity that reduces that prob/severity to Improbable / Major. Great, we reduced the risk! But....

In the SRA, the software task must be shown and per 62304 you have to assume that its likelihood is 100% to occur. But the 14971 hazard analysis does not have that constraint, or it would have to be listed as Frequent/Major to start with. If I set this software item to 100% likelihood, than it seems there is a break between this flow. You can't have a pre-mitigation of "Occasional" in 14971-speak if the 62304 also requires the software risk to be 100% likely to happen pre-mitigation. That would require you to flow that higher probability to the 14971 hazard analysis.

So, the three questions I have are:

1) Is the flow shown above reasonable? (14971 hazard to 14971 risk mitigation identification to 62304 software risk analysis to 62304 software requirements). If not, can you suggest something different?

2) How do you reconcile the mismatch in risk probability (likelihood) when you make this leap from 14971 to 62304?

3) 14971 uses a range of 5 levels of severity. 62304 is supposed to use 3 (A, B, C) for risk severity. How do you reconcile this if you have evaluated it using 14971 but are now in the 62304 risk analysis?

Thank you for your time!