TIR97 Risk Management
ISO 14971 Software Risk Management - Automated compliance for medical device software
Organization Maturity Level
Medical device software compliance maturity assessment (CMMI-inspired)
Progress to Level 5 (Optimizing)72%
Level 1
Initial (Ad-hoc)
Level 2
Repeatable
Level 3
Defined
Level 4
Managed (Current)
Level 5
Optimizing (Target)
Achieved Capabilities
- • Automated risk assessment
- • Continuous vulnerability monitoring
- • Standardized SBOM processes
- • Integrated traceability matrix
In Progress
- • AI-driven risk prediction
- • Automated VEX generation
- • Cross-project insights
Next Steps to Level 5
- • Predictive compliance analytics
- • Self-optimizing workflows
- • Industry benchmarking
Risk Management Plan
100%
Plan complete
Hazards Identified
23
31 risks analyzed
SOUP Components
47
Auto-tracked from SBOM
Traceability
94%
Risk Management Plan (RMP)
Define your risk management approach per ISO 14971
Risk Acceptability Criteria
Low Risk1-7
Acceptable with documentation
Medium Risk8-14
ALARP - As Low As Reasonably Practicable
High Risk15-25
Unacceptable - Must reduce
Current Risk Profile
18
Low Risks
10
Medium Risks
3
High Risks