Severity Remains: ISO 14971’s Precise Framework for Understanding Risk Control and Residual Risk Assessment

Introduction

A significant misconception persists in medical device risk management practice: whether risk mitigation measures change the severity of harm. In the medical device industry, applying ISO 14971 often reveals confusion about the relationship between severity and probability of occurrence of harm. This article provides an accurate understanding based on ISO 14971:2019 requirements, clarifying the nature of severity, the mechanisms through which risk controls function, and how severity is properly evaluated in residual risk assessment.

Confirming Fundamental Risk Elements

Definition of Risk

ISO 14971:2019 defines risk as follows:

Risk = Probability of Occurrence of Harm × Severity of That Harm

These two elements represent independent concepts, typically presented as separate axes in risk evaluation matrices. A critical point is the importance of clearly distinguishing which element—or elements—a risk mitigation measure affects.

The Nature and Definition of Severity

ISO 14971’s Definition of Severity

In ISO 14971, severity represents “the measure of the possible consequences of a hazard”—the degree of seriousness of harm should it actually occur. Severity is not a measure of probability; rather, it quantifies the degree of impact if a harmful event does materialize. Severity encompasses the following elements:

• Human harm (death, permanent disability, temporary injury)
• Financial loss
• Environmental impact
• Reputational damage
• Legal liability

Practical Challenges in Defining Severity

A fundamental ISO 14971 requirement is that severity classification criteria must be clearly and reproducibly defined—not merely using descriptive terms such as “minor,” “serious,” “severe,” or “catastrophic.” Multiple manufacturers must be able to apply consistent severity assessments to identical harmful events.

Additionally, ISO 14971 guidance recommends avoiding ethically complex comparisons—such as weighing impact on multiple patients or comparing brief life-threatening situations against long-term disabilities—by establishing comprehensive and explicit severity class definitions.

Risk Control Measures: Types and Mechanisms of Action

Priority Order of Risk Controls

ISO 14971 specifies that risk control measures must be implemented in the following priority order:

1. Inherent Safety by Design: At the design phase, eliminate or fundamentally mitigate the hazard itself. Examples include designing single-use medical devices to prevent reuse, or designing electrical equipment to prevent contact with live parts.
2. Protective Measures: Incorporate protective means into the device design or manufacturing process. Examples include filters, barriers, and alarm systems.
3. Information for Safety: Communicate information to users through warnings, contraindications, and usage instructions.

Action Mechanisms: Probability vs. Severity

Risk control measures can be classified by which risk element they affect:

Measures Acting on Probability: Preventive measures reduce either the probability of a hazardous situation occurring (P1) or the probability that a hazardous situation leads to harm (P2). For example, safety barriers reduce worker contact probability.

Measures Acting on Severity: ISO 14971:2019 formally recognizes that some measures reduce severity. However, misconceptions about “severity reduction controls” remain common in practice, requiring detailed examination in the following section.

Measures Acting on Both: Some measures reduce both probability and severity. For instance, output-limiting design in a medical device may reduce event probability while also limiting the severity of outcomes should an event occur.

Risk Control and Severity Evaluation: What ISO 14971 Actually Requires

Divergence from Traditional Interpretation

Historically, many practitioners understood that “preventive controls affect probability only, never severity.” However, ISO 14971:2019 and its supplementary guidance (ISO/TR 24971:2020) present a more nuanced and accurate requirement.

ISO 14971’s Recognition of “Severity Reduction”

Note 2 to Clause 7.1 of ISO 14971 explicitly states:

“Risk control measures can reduce the severity of the harm or reduce the probability of occurrence of the harm, or both.”

This formally acknowledges the existence of control measures that reduce severity. The following examples illustrate this concept:

Medical Device Output-Limiting Design: An injection device with automatic puncture depth control that limits maximum penetration depth. Should unintended operation occur, the design reduces potential tissue damage severity. This reduces severity directly, not probability.

Protective Equipment Installation: A firewall in a chemical plant does not reduce fire probability; however, it limits the spatial extent of harm if fire occurs, thus reducing the severity of the fire’s consequences.

Medical Oxygen Supply Flow Limitation: Flow-limiting valves prevent abrupt high-oxygen administration. Should system malfunction occur, the valve limits oxygen toxicity severity compared to unlimited flow scenarios.

Risk Scenarios and Severity Re-evaluation

Redefining Risk Scenarios After Control Implementation

After risk control implementation, what changes is often not the “absolute severity value” but rather the “risk scenario itself.” The following example illustrates this concept:

Case Example: Medical Device Infection Risk

Before Control: “Use of insufficiently sterilized equipment causes nosocomial infection in patients” (high probability, high severity)

After Preventive Control: “Improved sterilization process dramatically reduces infection occurrence probability” (low probability, severity unchanged)

After Severity Reduction Control: “Should infection occur despite sterilization improvements, early diagnostic protocol prevents severe progression” (probability unchanged, reduced severity)

Combined Approach: “Improved sterilization + early diagnostic protocol” reduces both residual probability and residual severity.

The Concept of Residual Risk

Definition and Evaluation Method

Residual risk is the risk remaining after implementing risk control measures. ISO 14971 requires that residual risk be evaluated using the same methodology as initial risk analysis—meaning both residual probability (R-P) and residual severity (R-S) must be assessed.

Updates in ISO 14971:2019

The 2019 edition of ISO 14971 strengthened the following requirements:

Clause 7.3—Residual Risk Evaluation: The requirement to re-evaluate whether residual risk meets acceptability criteria after control implementation is clarified. This evaluation must include re-estimation of both residual probability and residual severity.

Clause 8—Evaluation of Overall Residual Risk: A new requirement to evaluate whether the combined residual risks from multiple individual risks collectively meet acceptable levels. This prevents situations where multiple small residual risks combine to create an unexpectedly large overall risk.

Benefit-Risk Analysis: When residual risk fails to meet acceptability criteria, a benefit-risk analysis comparing the medical benefits of the device against residual risks becomes mandatory. This provides flexibility: devices with non-zero residual risk may be marketed if clinical benefits justify remaining risks.

Practical Application and Correct Understanding

Clarification in Risk Evaluation

The following clarifications are essential in risk management practice:

Specification of Control Mechanism: For each risk control measure, clearly document whether it acts on probability, severity, or both. For example: “This measure reduces foodborne pathogen infection probability to below 1% annually; however, should infection occur, the severity of potential kidney injury remains unchanged.”

Prevention of New Hazard Introduction: When implementing risk controls, verify that the controls themselves do not introduce new hazards. ISO 14971 Clause 7.6 requires confirmation that risk controls are complete and that no new risks have been introduced.

Scenario-Based Risk Assessment: Move beyond simple “probability × severity” calculations to evaluate actual use scenarios incorporating sequential events—the “sequence of events” concept presented in ISO 14971 Annex E. For instance, Annex C’s driving collision example separates P1 (collision probability) from P2 (probability of injury from collision), demonstrating the importance of this granular approach.

Effective Risk Communication

When reporting risk assessment results to the organization and regulatory authorities, employ precisely accurate language:

Incorrect Expression: “Safety measures have reduced the severity of this risk.”

Correct Expression: “This safety measure has reduced risk occurrence probability to near-zero levels. Should an event occur, the severity of potential consequences remains unchanged; however, the overall risk (probability × severity) has been reduced to acceptable levels.”

Priority Assignment in High-Severity Risk Control

For risks with high severity (such as death or permanent disability), reducing probability to near-zero is essential. This necessity arises from the risk equation: when severity is extremely high, even modest probability reductions may be insufficient to achieve acceptable overall risk. Therefore, the strategy of “keeping severity unchanged while reducing probability to near-zero” is critically important for high-risk medical devices.

For example, in artificial heart devices, thromboembolism severity (death or major stroke) is extremely high; therefore, design and clinical measures limiting annual incidence to below 1% are mandatory.

Current Regulatory Developments Worldwide

FDA (United States) Trends

Since 2023, the FDA has emphasized through updated risk management guidance documents the importance of “separated probability and severity evaluation in residual risk assessment.” Particularly in the Software Precertification program, assessment precision is highly valued.

EU MDR/IVDR Requirements

The European Medical Device Regulation (MDR) and IVDR strengthened alignment with ISO 14971:2019, requiring that effectiveness of “severity-reduction control measures” be evaluated within benefit-risk analyses. Particularly following COVID-19, clinical diagnostic device approval processes have emphasized the rigor of severity evaluation.

Japanese Medical Device Regulation

The Japanese Pharmaceuticals and Medical Devices Agency (PMDA) increasingly requires applications compliant with ISO 14971:2019 in pursuit of international harmonization. For regenerative medicine products and AI-equipped medical devices, detailed risk analysis and residual risk evaluation have become competitive differentiators in approval processes.

Conclusion

Accurate understanding of severity evaluation after risk control implementation forms the foundation of effective, regulatory-compliant risk management. The following points summarize key concepts:

1. Severity and probability of occurrence represent independent concepts requiring separate evaluation in risk assessment.
2. Risk control measures are classified as affecting probability, severity, or both.
3. ISO 14971:2019 formally recognizes severity-reduction control measures, requiring evaluation of their effectiveness.
4. Residual risk evaluation must re-estimate both residual probability (R-P) and residual severity (R-S), comparing results against acceptability criteria.
5. For high-severity risks, the strategy of “reducing probability to near-zero” is critically important; complete elimination of absolute severity should not be expected.
6. Combining multiple risk mitigation measures—addressing both probability and severity—typically proves most effective in practice.

Medical device manufacturers and risk management professionals are expected to understand ISO 14971 requirements accurately, moving beyond mere formal compliance to practice risk management that genuinely contributes to improved patient safety.