Ctrlk
HomeFree SignupFree DemoContact Us

Risk Assessment

Use Labii as a Risk Assessment tool to identify, analyze, and evaluate risks associated with laboratory operations, experiments, and processes.

Overview

Proactive risk identification and evaluation are foundational to operating safe, compliant, and high-quality laboratories. The Risk Assessment application built on Labii provides a structured, traceable environment for conducting formal risk assessments across laboratory operations, experimental procedures, equipment, and processes.

The application supports widely used risk management frameworks including ISO 14971 (medical devices), ICH Q9 (pharmaceuticals), and ISO 31000 (general risk management). By organizing risk data across six dedicated tables—risk assessments, individual risks, risk controls, standards, components, and verification tests—Labii enables teams to systematically identify hazards, evaluate their likelihood and severity, implement controls, and confirm residual risk acceptability through documented testing.

This application is well suited for organizations operating under ISO 14971, ICH Q9, FDA guidance on risk management, or any quality framework requiring documented risk justification and traceability.

Use Cases

Medical Device Development

  • Conduct product-level risk assessments per ISO 14971

  • Link hazards and hazardous situations to specific device components

  • Document risk controls (design changes, protective measures, labeling) with traceability to risks

  • Verify control effectiveness through documented risk tests

  • Maintain a risk management file across the product lifecycle

Pharmaceutical Process Risk Management

  • Perform ICH Q9-aligned risk assessments for manufacturing processes and analytical methods

  • Identify critical quality attributes (CQAs) and critical process parameters (CPPs)

  • Document risk ranking using FMEA, HACCP, or fault tree analysis

  • Track control measures applied to high-risk process steps

  • Support regulatory submissions with a complete risk management record

Laboratory Safety and Operations

  • Assess chemical, biological, and physical hazards in laboratory procedures

  • Document engineering controls, administrative controls, and PPE requirements

  • Evaluate risks associated with new equipment introductions or process changes

  • Maintain safety risk registers aligned with institutional EHS requirements

  • Support laboratory accreditation with documented risk management practices

Clinical and Diagnostic Laboratories

  • Assess pre-analytical, analytical, and post-analytical risks in testing workflows

  • Document control measures for high-risk assay steps

  • Track risk reduction over time as controls are implemented and validated

  • Support CAP, ISO 15189, and CLIA accreditation requirements

  • Integrate risk assessments with non-conformance and CAPA processes

Software and Systems Risk Assessment

  • Evaluate risks associated with laboratory information system implementations

  • Document software hazards, failure modes, and mitigations per IEC 62304

  • Track verification tests confirming software risk controls are effective

  • Manage risk assessments across software versions and updates

Getting Started

1

Navigate to Settings → Applications from the main menu

2

Click Add application and select Add from a template

3

Choose Risk Assessment from the template list

If Risk Assessment is not listed, it may already be installed. Check the side menu for the risk assessment tables.

4

Wait for installation to complete. The system will automatically create six tables:

  • risk_assessment — Top-level risk assessment records

  • risk — Individual risk items and their evaluations

  • risk_control — Controls and mitigations applied to risks

  • risk_standard — Risk acceptability criteria and standards

  • risk_component — Components or items being assessed

  • risk_test — Verification tests confirming control effectiveness

5

Begin by configuring your risk_standard and risk_component tables with the relevant standards and components for your assessments before creating risk assessment records

Application Structure

Risk Assessment Table

The risk_assessment table holds the top-level record for each formal risk assessment conducted.

Purpose: Document the scope, objectives, methodology, and overall conclusions of a risk assessment activity

Typical Use: Product risk management files, process FMEAs, facility hazard assessments, change-related risk assessments

Risk Table

The risk table captures individual risk items identified within a risk assessment, including hazard identification, probability, severity, and risk priority evaluation.

Purpose: Record discrete risks with quantified or qualitative evaluations, linked to their parent risk assessment

Typical Use: Individual FMEA failure modes, ISO 14971 hazards, HACCP hazard entries, process risk items

Risk Control Table

The risk_control table documents the controls, mitigations, and countermeasures applied to reduce identified risks.

Purpose: Track what actions are taken to reduce risk probability or severity, and the resulting residual risk level

Typical Use: Design controls, process controls, protective measures, warning labels, administrative controls, PPE requirements

Risk Standard Table

The risk_standard table stores the risk acceptability criteria and scoring matrices used to evaluate risks consistently across assessments.

Purpose: Define and maintain risk scoring scales (probability, severity, detectability), risk priority thresholds, and applicable regulatory standards

Typical Use: Risk scoring matrices (e.g., 1–5 severity × 1–5 probability), RPN thresholds, ISO 14971 risk acceptability criteria, ICH Q9 risk ranking criteria

Risk Component Table

The risk_component table catalogs the components, subsystems, materials, or process steps that are subjects of risk evaluation.

Purpose: Maintain a reusable library of assessed components or process elements that can be referenced across multiple risk assessments

Typical Use: Device subsystems, raw material categories, process unit operations, software modules, equipment types

Risk Test Table

The risk_test table documents verification activities that confirm risk controls are effective and residual risks are acceptable.

Purpose: Record test plans, test results, and pass/fail determinations for risk control verification

Typical Use: Design verification tests, process validation studies, safety testing, analytical method verification tests

Setting Up Risk Standards

Before creating risk assessments, configure your risk scoring criteria in the risk_standard table.

1

Navigate to the risk_standard table from the side menu

2

Click + Add to create a new standard record

3

Define the standard details:

  • Name: Standard title (e.g., "ISO 14971 Risk Matrix" or "Process FMEA Criteria")

  • Applicable regulation: ISO 14971, ICH Q9, ISO 31000, internal procedure, etc.

  • Severity scale: Define severity levels (e.g., 1 = Negligible, 2 = Minor, 3 = Serious, 4 = Critical, 5 = Catastrophic)

  • Probability scale: Define probability levels (e.g., 1 = Improbable, 2 = Remote, 3 = Occasional, 4 = Probable, 5 = Frequent)

  • Acceptability criteria: Define what constitutes acceptable, ALARP, and unacceptable risk levels

4

Save the standard. It will be available to reference when creating individual risk records

Establishing consistent risk standards before conducting assessments ensures that risk evaluations are comparable across products, processes, and time periods.

Creating a Risk Assessment

1

Navigate to the risk_assessment table from the side menu

2

Click + Add to create a new risk assessment record

3

Enter the assessment details:

  • Name: Descriptive title (e.g., "FMEA – Centrifuge Operation v1.0")

  • Assessment type: Product, process, facility, software, or change-based

  • Scope: What is included and excluded from this assessment

  • Methodology: FMEA, HACCP, Fault Tree Analysis, Bow-tie, or other method

  • Applicable standard: Link to the relevant risk_standard record

  • Team members: Assigned owner and participating reviewers

  • Assessment date: When the assessment is being conducted

4

Document any background information, reference documents, or design inputs in the record's sections

5

Begin adding individual risk items by creating records in the risk table linked to this assessment

Identifying and Evaluating Risks

1

Navigate to the risk table from the side menu

2

Click + Add to record a new risk item

3

Document the risk:

  • Name: Concise description of the risk or failure mode

  • Parent assessment: Link to the risk_assessment record this risk belongs to

  • Component: Link to the relevant risk_component record (if applicable)

  • Hazard: The source of potential harm (e.g., electrical hazard, chemical exposure, software error)

  • Hazardous situation: The circumstances that expose someone or something to the hazard

  • Harm: The potential injury, damage, or adverse outcome

4

Assign initial (pre-control) risk scores:

  • Severity: How serious is the potential harm?

  • Probability: How likely is the hazardous situation to occur?

  • Detectability (if using FMEA): How likely is the failure to be detected before harm occurs?

  • The system calculates the Risk Priority Number (RPN) or Risk Level based on your standard's formula

5

Determine if the initial risk is acceptable per your risk_standard criteria. If not, proceed to define risk controls in the risk_control table

Defining Risk Controls

1

Navigate to the risk_control table from the side menu

2

Click + Add to create a new risk control record

3

Document the control:

  • Name: Description of the control measure

  • Linked risk: Reference the risk record this control addresses

  • Control type: Design control, process control, protective measure, warning/labeling, or administrative control

  • Control description: Detailed explanation of what the control does and how it reduces risk

  • Responsible owner: Who is accountable for implementing and maintaining this control

4

After the control is implemented, update the risk record with the residual risk scores:

  • Residual severity: Severity after the control is applied

  • Residual probability: Likelihood after the control is applied

  • Residual RPN / Residual risk level: Recalculated risk level

5

Verify that the residual risk is acceptable per the applicable risk_standard. If still unacceptable, add additional controls and repeat

Document the rationale for accepting any residual risk, especially for risks evaluated as ALARP (As Low As Reasonably Practicable). Undocumented risk acceptance is a common finding during regulatory audits.

Verifying Risk Control Effectiveness

1

Navigate to the risk_test table from the side menu

2

Click + Add to create a verification test record

3

Define the test:

  • Name: Test title or test case ID

  • Linked control: Reference the risk_control record being verified

  • Test method: How the test will be performed (bench test, simulation, inspection, analysis)

  • Acceptance criteria: What constitutes a passing result

  • Tester: Person responsible for executing the test

  • Planned test date: When the test is scheduled

4

After executing the test, record the results:

  • Test result: Pass or Fail

  • Actual result: Observed outcome with supporting data

  • Test date: When the test was performed

  • Attach test data, reports, or raw data files using the Files section

5

If the test passes, update the linked risk_control record status to Verified. If the test fails, revise the control and retest

Advanced Features

Risk Traceability Matrix

Labii's linked records create an end-to-end traceability chain: Risk Assessment → Risk → Risk Control → Risk Test

This full traceability is critical for regulatory submissions and audits, allowing reviewers to follow every identified risk through its control and verification evidence.

Use the Record Link column widget to navigate between linked risk records across tables, or use filtered table views to see all risks, controls, and tests associated with a specific assessment.

Residual Risk Summary and Benefit-Risk Analysis

Use Labii's dashboard and reporting features to generate a residual risk summary across all risks in an assessment:

  • Count of risks by residual risk level (Acceptable, ALARP, Unacceptable)

  • Distribution of risks before and after controls

  • Overall risk acceptability conclusion supporting a benefit-risk determination

Reusing Components and Standards

The risk_component and risk_standard tables serve as reusable libraries. Once defined, components and standards can be referenced across multiple risk assessments, ensuring consistency and reducing setup time for subsequent assessments.

Integration with QMS Workflows

Risk assessments can be linked to related quality records in the QMS application:

  • Connect a risk assessment to a Change Control record to document the risk evaluation supporting a proposed change

  • Link risk findings to Non-Conformance or CAPA records when a quality event reveals a previously unidentified risk

  • Reference risk assessments in controlled Documents as supporting evidence

Troubleshooting

Issue: Risk scores or RPN are not calculating automatically

Symptoms: After entering severity and probability values, the calculated risk level or RPN field remains empty

Solution:

1

Verify that the risk_standard record linked to the risk assessment has the scoring scale and formula correctly configured

2

Check that the severity and probability values entered match the scale defined in the linked standard (e.g., values must be numeric integers within the defined range)

3

Contact your Labii administrator to confirm that the RPN or risk level column formula is correctly configured in the table settings

Issue: Cannot link a risk to a specific risk assessment

Symptoms: The parent assessment field in the risk table does not show the expected assessment record

Solution:

1

Confirm the risk_assessment record has been saved and is not in a draft or archived state

2

Check your project permissions—you must have access to the project containing the risk assessment record to link to it

3

Use the search function within the link field to search by the exact assessment name or record ID

Issue: Risk test record is not updating the linked control status

Symptoms: After recording a passing test result, the linked risk control status does not automatically update to "Verified"

Solution:

1

Manually update the risk_control record status to Verified — status transitions based on test outcomes may require manual updates depending on your configuration

2

Attach the completed test report to the risk test record and note the test record ID in the risk control record's notes for traceability

PreviousQuality Management System (QMS)NextTraining Management

Last updated