Risk registers

A risk register is where your hazards and risks are recorded and managed together. TraceUnified’s risk capability is built on the ISO 14971 model, so a register captures risk the way a regulated risk-management file expects.

The ISO 14971 model

Risk here isn’t a single field — it follows the chain ISO 14971 describes: a hazard (a potential source of harm), a hazardous situation (the circumstance that exposes someone to it), the sequence of events that leads there, and the resulting harm. Capturing this chain, rather than just “a risk,” is what makes the analysis defensible: you can show how harm could occur, not only that it might.

Risks as records

Each risk in the register is a controlled record — its own identity, fields, lifecycle, history, and audit trail, like every other item. That means risks are reviewed, versioned, and signed the same way requirements and tests are, and they participate in the thread.

Organizing the register

Risks are organized so a large analysis stays navigable, and you can work across the register in bulk when you need to apply a change to many entries at once. The register is the single place your risk picture lives, rather than a spreadsheet maintained alongside the real work.

Bringing risk data in and out

Because the model follows the standard, risk data can be imported and exported in line with ISO 14971 — so an existing risk-management file can be brought in, and your register can be taken out for exchange or submission. The rest of this section covers how risks are scored, mitigated, linked, and reduced to acceptable residual risk.