Dear Reader,
In my last newsletter episode, I announced that I’d need three episodes to cover the risk assessment of essential product requirements: Prerequisites, Process and Documentation. Well, my risk assessment was slightly wrong 😉 While writing the second step of the five-step process, Substack started complaining that I am close to the word limit for one episode. It’s not a hard limit but a sure sign that I should split up the episode.
I’ll divide the Process episode in three more episodes according to the five steps of lean risk assessment:
- Step 1: Identifying risks (this episode).
- Steps 2 and 3: Evaluating and prioritising risks (publication date: 15 September).
- Steps 4 and 5: Mitigating and reviewing risks (publication date: 6 October).
For a change, I do not skip a newsletter or publish one late, but I’ll publish two extra episodes 🎉
Enjoy reading,
Burkhard 💜
Risk Assessment of Essential Product Requirements: Identifying Risks
Combining Threat Modeling and Risk Assessment
Article 13(2) of the EU CRA mandates that we - as manufacturers - must perform a risk assessment of the essential product requirements (Annex I, Part I). Risk assessment processes are ten a penny and boil down to five steps (see Lean Six Sigma for a good example):
- Identifying risks
- Evaluating risks
- Prioritising risks
- Mitigating risks
- Continuously reviewing risks