This worksheet should only be used for simple, low criticality devices/equipment - more detailed worksheets are available for more complex and higher criticality technology.
At the top of the RAPAT “Technical Risks (Simple)” worksheet, the “Risk Sheet Completion Status” will initially be set to “Not started”. Use the dropdown list to change this to “In progress”, “Completed” or “Updated” as appropriate.
At the bottom of the worksheet is the risk matrix used to assess the level of risk, see further guidance below. This needs to be defined for the project application ahead of the risk assessment.
Populate the Simple Technical / User Risk Assessment table (using the guidance below and in the table) at an appropriate level of component granularity, adding further requirements and associated risks using the “Add Row” button as required. The technical risk dashboard at the top of the worksheet is automatically populated and provides an overview of the identified risks.
A generic 3 x 3 risk matrix is provided to assess the level of risk. If a more detailed assessment is required, the detailed risk assessment worksheet, which provides a 5 x 5 risk matrix, can be used.
The risk matrix includes 3 columns which define the levels of consequence severity of the risk. Generic example business, user and technology consequences are provided for the example severity levels (noticeable, significant and major). These example definitions should be modified as required to align with the device/equipment application and any required industry regulations/codes/standards.
The risk matrix includes 3 rows which define the likelihood of the risk occurring. Two generic example likelihood scales are provided, one based on number of uses and the other on time periods. These definitions should be modified as required to align with the device/equipment application and any required regulations/industry codes/standards. It is important that time/use scales reflect the user application - definitions for a device used several times a day may need to be different to those for a device used once a month or once a year or for a disposable device used only once.
The risk criticality matrix includes 3 default risk criticality levels (low, medium and high) with the risk criticality level for a specific risk likelihood and consequence severity combination determined from the corresponding cell colour on the risk matrix i.e. red cells correspond to high criticality. If the risk criticality level for a specific risk matrix cell needs to be changed, this can be done by selecting the appropriate risk criticality level from the drop-down list in the relevant matrix cell. The risk criticality levels can also be renamed if required - this must be done in the key below the risk matrix and the individual matrix cells updated where relevant by selecting the new criticality name from the drop-down list. Any previously assessed risks already recorded in the worksheet risk table will also need to similarly have their risk criticality levels updated.
The “Requirements” worksheet identifies the functions and requirements for the device/equipment. For each of these, list the requirement in the risk register and then identify the associated risk (what could happen to stop the requirement being met) e.g. how the device could fail and what could cause this. Some functions/requirements may have multiple risks which may need to be captured on separate rows. Risks could be a result of design or manufacturing errors (e.g. incorrect material specification), damage during transit or incorrect use, storage, testing or maintenance by users, etc. Each row will have its own unique reference number for traceability - these will be automatically populated by the tool.
Use the risk matrix definitions to identify the likelihood and the consequence severity of the risk. From these, identify where the risk lies on the risk matrix and, based on the colour of the corresponding risk matrix cell, select the risk criticality from the drop down list.
Identify what can be done to mitigate and control the risk - this is particularly important for high criticality risks. Examples include use of alternative materials/parts, manufacturing quality control checks, improved product labelling, instructions and user training. The mitigated risk criticality column is used to understand the effectiveness of the mitigation action - consider the extent to which the mitigation action has reduced risk likelihood or the consequence severity, and from this, identify the mitigated risk criticality. It is unusual for both the likelihood and the consequence severity to be reduced. The status column reflects the current status of the risk mitigation action(s) i.e. not started, in progress, complete or no action required.
All risks will initially be displayed as an unmitigated risk on the risk dashboard.
For risk requiring a mitigation action, once the mitigation action status is set to “Completed”, the risk will be moved to the mitigated row of the dashboard and show the mitigated risk level. If the mitigated risk has not been specified, then the unmitigated risk value will be carried forward as the mitigated risk.
Risks not requiring a mitigation action will remain in the unmitigated row of the dashboard. It will not be possible to select “Completed” in the risk action status column.
