How to conduct a Software Risk Assessment


First, the risk must be identified. It is always the same scheme; a hazard combined with a hazardous situation can lead to harm. All factors must be determined before the hazard occurs.

Risks combine the severity of harm (S) and the probability of occurrence(O). A numerical score is assigned to assess the risk.

Risk = probability of damage x severity of damage. A simple evaluation scale needs to be used and it must be equivalent for all products. See the table below as an example:

Then the score is interpreted by this table:

Then risk control measures must be defined and implemented according to the score.

Two methods are applicable when performing a risk analysis; the fault tree analysis and the failure mode and effect analysis.

Author: Alix Auter, Life Science Consultant KVALITO 

KVALITO is a strategic partner and a global quality and compliance service and network for regulated industries. To learn more about our service please visit us on 

If you would like to benefit from KVALITO’s specialized services, please get in contact:


You May Also Like…

Introducing the GTR Festival

Introducing the GTR Festival

Get Ready for the #GTRFestival!  We are excited to announce the GTR Festival hosted by Veloclub Riehen on June 8th,...

Would love your thoughts, please comment.x