1. Traceability
Traceability is the ability to link risks to the actual product design and requirements, as well as to the risk mitigations and verification activities. Traceability helps to ensure that all risks are identified, assessed, controlled and verified throughout the product lifecycle. Traceability also enables easy reporting and auditing of risk management processes and outcomes. Excel does not support traceability well, as it requires manual updating of multiple spreadsheets and cross-referencing of data. This can lead to errors, inconsistencies and gaps in risk information.
An optimal solution would allow you to create and maintain traceable relationships between risks, product design elements, requirements, mitigations and verification activities. This would enable you to see how changes in one element affect the others, and how well the risks are addressed by the mitigations and verification.
2. Holistic Real-Time Visibility of Status
Visibility of status allows you to see the risk and mitigation tasks and their status at any given time. Understanding the status of risks helps in managing the risk mitigation efforts and resources, as well as communication and collaboration with stakeholders. Visibility also supports continuous improvement of risk management processes and practices. Excel does not provide good visibility to status, as it does not allow you to create and track tasks, assign owners and deadlines, or update statuses easily. This can lead to delays, confusion and missed opportunities for risk reduction.
A better suited tool would allow you to create and track risk mitigation tasks, assign owners and deadlines, and update statuses in real time. This would enable you to see the current state of risk mitigation activities, identify bottlenecks and issues, and take corrective actions as needed. You should be able to generate reports and dashboards that show the status and progress of risk management activities and outcomes. This would also help you to share and discuss risk information with stakeholders, such as customers, regulators, suppliers and partners.
3. Versioning and Audit Trail
Versioning refers to the process of creating and maintaining different versions of documentation and information. Versioning is important for risk management because it allows maintaining documentation for different versions of the product, tracking changes and comparison between different versions. Excel is lacking in versioning because it does not have built-in version control system that can automatically save and label different versions of a workbook and it is missing a clear audit trail that can show who made what changes, when, and why. These limitations require you to use additional file based document management solutions for storing and versioning your excel files.
Best in class solution should support managing different versions of documentation and individual pieces of information while maintaining the full audit trail. This allows you to efficiently manage your risk documentation in unison with your requirements, design and testing documentation for different versions of you products. If you need to formally review and approve your risk documentation E-signatures should also be supported. All this makes achieving compliance as easy as a breeze.
4. Reuse of risk information
Reusing risk related information means that you can easily copy any previously created risk documentation for any new projects you are starting. On the other hand reuse also means that you need to write down common shared by each product type of things like hazardous situations, hazards, threats, vulnerabilities, controls, failure modes, causes, effects etc. only once. After the information is created you can then point to it in any risks being assessed instead of re-writing it every time. Excel files can off course be copied as is to new projects but copying does not take the relationship to other information into account in anyway. After the copy you have to manually update all the references to other product documentation. Excel also does not support maintaining information in a re-usable object based way that allows pointing to already written information instead of always writing it again.
In a great solution reuse of the whole risk documentation for a new project should allow the reuse of all the other documentation like requirement definitions, design specifications etc. at the same time while preserving all the relationships between the documentation. This should happen with a push of a button to help you efficiently utilize your information from past projects.
You should also be able to capture all relevant information in one place in a way that collects the meaningful information together as objects and their properties (e.g. severity is a property of a harm object) and then lets you reuse that information for each risk being assessed by just selecting the right information object. This will reduce the effort needed for documenting all the risks and makes the whole process less prone for errors. It also ensures that the risk assessments are consistent as e.g. the same harm will always have the same severity.
In conclusion, using a better suited tool than Excel can bring significant benefits for product safety and cyber security risk management. It can provide better traceability, visibility, Versioning and reuse capabilities. This can result in improved productivity, product quality, compliance, customer satisfaction and competitive advantage.
Siemens Polarion® ALM – take control
Get a holistic view, traceability and transparency for all product development and project management information. Everyone is aligned around what is being built while protecting integrity and compliance.
Enhancing Polarion’s Capabilities – NEXTEDY RISKSHEET
At the recent Taipuva Polarion Days 2024, Jiri Walek shared perspectives on how to improve the usability and functionality of Polarion using NEXTEDY RISKSHEET. This software solution assists in managing, tracking and communicating safety-critical product risks within Polarion.