Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
    • GP-001 Control of documents
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 Human Resources and Training
    • GP-006 Non-conformity, Corrective and Preventive actions
    • GP-007 Post-market surveillance
    • GP-008 Product requirements
    • GP-009 Sales
    • GP-010 Purchases and suppliers evaluation
    • GP-011 Provision of service
    • GP-012 Design, redesign and development
    • GP-013 Risk management
    • GP-014 Feedback and complaints
    • GP-015 Clinical evaluation
    • GP-016 Traceability and identification
    • GP-017 Technical assistance service
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation plan
    • GP-020 QMS Data analysis
    • GP-021 Communications
    • GP-022 Document translation
    • GP-023 Change control management
    • GP-024 Predetermined Change Control Plan
    • GP-025 Usability and Human Factors Engineering
    • GP-027 Corporate Governance
    • GP-028 AI Development
      • Specific procedures
        • T-TF-028-001 AI Description
        • T-TF-028-002 AI Development Plan
        • T-TF-028-003 Data Collection Instructions
        • T-TF-028-004 Data Annotation Instructions
        • T-TF-028-005 AI Development Report
        • T-TF-028-006 AI Release Report
        • T-TF-028-007 AI Retraining Report
        • T-TF-028-008 AI Reevaluation Report
        • T-TF-028-009 AI Design Checks
        • T-TF-028-010 AI V&V Checks
        • T-TF-028-011 AI Risk Assessment
    • GP-029 Software Delivery and Commissioning
    • GP-030 Cyber Security Management
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-100 Business Continuity (BCP) and Disaster Recovery plans (DRP)
    • GP-101 Information security
    • GP-200 Remote Data Acquisition in Clinical Investigations
    • GP-026 Market-specific product requirements
    • GP-110 Esquema Nacional de Seguridad
  • Records
  • Legit.Health Plus Version 1.1.0.0
  • Legit.Health Plus Version 1.1.0.1
  • Legit.Health Utilities
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Pricing
  • Public tenders
  • Procedures
  • GP-028 AI Development
  • Specific procedures
  • T-TF-028-011 AI Risk Assessment

T-TF-028-011 AI Risk Assessment

Table of contents
  • Purpose
  • Scope
    • Clinical Models
    • Non-Clinical Models
  • Methodology
    • Risk Identification
    • Risk Estimation
      • Severity Scale
      • Likelihood Scale
      • Risk Priority Number (RPN)
    • Risk Control Measures
    • Traceability
  • Risk Assessment Table
  • Summary of Risk Assessment
    • Risk Distribution
    • Critical Risks Requiring Ongoing Monitoring
  • Residual Risk Acceptability
  • Integration with Device Risk Management
  • References

Purpose​

Describe the purpose of this AI Risk Assessment. Reference the applicable standards and regulations (ISO 14971, MDR 2017/745, EU AI Act, IEC 62304, GP-028).

Scope​

Define the scope of this risk assessment, including which AI algorithms are covered.

Clinical Models​

ModelFunctionPerformance Threshold

Non-Clinical Models​

ModelFunctionPerformance Threshold

Methodology​

Risk Identification​

Describe the methods used for risk identification.

  • Method 1
  • Method 2

Risk Estimation​

Describe the risk estimation methodology. Reference the Risk Matrix used.

Severity Scale​

LevelDescriptionDefinition
1Negligible
2Minor
3Moderate
4Critical
5Catastrophic

Likelihood Scale​

LevelDescriptionProbability
1Very low
2Low
3Moderate
4High
5Very high

Risk Priority Number (RPN)​

RPN = Severity × Likelihood

RPN RangeRisk ClassRequired Action
1-4Acceptable
5-9Tolerable
10-25Unacceptable

Risk Control Measures​

Describe the hierarchy of risk control measures.

  1. Inherent safety by design: Description
  2. Protective measures: Description
  3. Information for safety: Description

Traceability​

Describe how risks are traced to other documents.

AI RiskTraced To

Risk Assessment Table​

Include the risk assessment table. Can use a component or manual table.

Risk IDRisk DescriptionHazardSeverity (S)Likelihood (L)RPNRisk Control MeasureResidual SResidual LResidual RPN

Summary of Risk Assessment​

Risk Distribution​

Risk ClassCountPercentage
Acceptable (RPN ≤4)
Tolerable (RPN 5-9)
Unacceptable (RPN ≥10)

Critical Risks Requiring Ongoing Monitoring​

List any risks that remain at Tolerable level and require enhanced post-market surveillance.

  1. Risk 1
  2. Risk 2

Describe the monitoring approach for these risks.

Residual Risk Acceptability​

Provide the overall residual risk acceptability statement, including the benefit-risk analysis.

Integration with Device Risk Management​

Describe how this AI Risk Assessment integrates with the overall device risk management per ISO 14971.

  • Risks transferred to safety: Percentage and description
  • Residual risk evaluation: Description
  • Change management: Description

References​

DocumentTitle
R-TF-013-001
R-TF-013-002
R-TF-028-001
R-TF-028-002
R-TF-028-005
GP-007
GP-028

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: JD-009
  • Reviewer: JD-009
  • Approver: JD-005
Previous
T-TF-028-010 AI V&V Checks
Next
GP-029 Software Delivery and Commissioning
  • Purpose
  • Scope
    • Clinical Models
    • Non-Clinical Models
  • Methodology
    • Risk Identification
    • Risk Estimation
      • Severity Scale
      • Likelihood Scale
      • Risk Priority Number (RPN)
    • Risk Control Measures
    • Traceability
  • Risk Assessment Table
  • Summary of Risk Assessment
    • Risk Distribution
    • Critical Risks Requiring Ongoing Monitoring
  • Residual Risk Acceptability
  • Integration with Device Risk Management
  • References
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI Labs Group S.L.)