Mitigations

Once a risk is scored, you act on it. A mitigation — a risk control in ISO 14971 terms — is the measure you put in place to reduce a risk, and TraceUnified keeps each control tied to the risk it addresses.

Risk controls

A mitigation reduces a risk by lowering its severity, its probability, or both. Controls can take different forms — designing the hazard out, adding protective measures, or providing information for safety — and the register records what control applies to which risk. Because the control is attached to the risk record, the rationale for the current risk level is always visible.

From initial to residual

Mitigation is what moves a risk from its initial score to its residual score — the risk that remains after the control is in place and effective. Recording both makes the effect of your controls explicit: you can show not just that a risk was treated, but how much the treatment actually reduced it. The residual side is covered in ALARP & residual risk.

Controls as real work

A control isn’t complete just because it’s written down — it has to be implemented and verified. Mitigations connect to the rest of the lifecycle: the requirement that implements a control, and the test that verifies the control works. That linkage, covered in Linking, is what turns a mitigation from an intention into demonstrable, verified risk reduction.

Tracking status

As controls are designed, implemented, and verified, their status is tracked so you can see which mitigations are in place and which are still outstanding. A register full of planned-but-unimplemented controls is a different risk picture from one where every control is verified — and the module keeps that distinction clear.