Welcome back to Morris Medical Monthly: a monthly series for medical device development companies (and companies who are related to such companies), providing some useful information about Polarion solutions and Polarion extensions.
Today we will start on the subject of Polarion's RiskPack extension, and have a look how to use RiskPack.
Planning: Choose the right data model
Define the starting point for your risk management
Before you can start using the RiskPack for a live project, it is necessary to define a starting point for your risk
management. If you described your product with functional requirements, they can be the starting point for your risk
analysis. If you already know the architecture and the components of your device, they could be the starting point,
too. "Starting point" means the type of information (i.e. the work item type) that is the beginning of the sequence of
events that finally will lead to a harm. If you do a more general risk analysis, even the possible hazards can form the
starting point, but they could also "only" be a part in the sequence of events.
Figures 1 to 3 show three options for modeling sequences of events. The RiskPack Default Template uses the data
model shown in figure 1.
Figure 1: Sequence of events starting with functional requirements (click for larger image)
Figure 2: Sequence of events starting with functional and physical interfaces (click for larger image)
Figure 3: Sequence of events starting with hazards (click for larger image)
Planning: Define process, team and risk policy
Document risk management process
Use the Risk Management Process wiki page to document your approach to risk management or refer to another
document which contains a process description.
Document risk management team members
Use the Risk Management Team wiki page to document the risk management team for this project.
Ensure risk acceptance levels are appropriate
Define the risk acceptance levels according to your company. Use the Risk Acceptance Editor for this. At least two
levels are required: A level for acceptable risks and a level for unacceptable risks. You can define as many level
in between as suitable. It is common to have a third level called "ALARP", so this is predefined in the template.
Ensure proper categories for the severity of harm
Ensure that the categories for the severity of harm are suitable for your project. The predefined values are just an example. Adapt them to your needs.
Ensure proper categories for the probability of occurrence of a harm
Ensure that the categories for the probability of occurence of a harm are suitable for your project. The predefined
values are just an example. Adapt them to your needs.
Define risk acceptability
Use the Risk Acceptance Editor to define acceptability for all severity/probability combinations.