Scoring risk

Scoring turns a described risk into something you can compare and prioritize. TraceUnified supports the two methods regulated teams rely on — a risk matrix and FMEA — so you can use whichever your process calls for.

Severity and probability

The foundation of risk scoring is two dimensions: severity (how bad the harm would be) and probability (how likely it is to occur). Each is rated on a defined scale, and the combination places the risk on a risk matrix that yields its overall level — typically a band such as acceptable through unacceptable.

A configurable matrix

The matrix isn’t fixed. Its dimensions are configurable — 3×3, 4×4, 5×5, or 6×6 — so the granularity of your severity and probability scales matches your risk policy rather than a built-in assumption. The scales and the resulting risk levels are part of your configuration.

FMEA and the risk priority number

For failure-mode analysis, the module supports FMEA, which scores each failure mode on three factors — severity, occurrence, and detection — and combines them into a risk priority number (RPN). The RPN ranks failure modes so attention goes to the ones that are severe, likely, and hard to detect. FMEA sits alongside the matrix view, against the same risk records.

Priority and what it drives

However it’s scored, the result gives each risk a priority that drives the work: which risks demand controls, which need the closest review, and which are already acceptable. Scoring is the input to mitigation — covered next in Mitigations — and is re-checked once controls are in place.