CARISMA - Computer Assisted Risk Management (1997 - 2004)

A software for risk analysis and documentation


Surgical robots are complex surgical assistance systems, which perform part of the surgery autonomously under the supervision of the surgeon. To deploy these robots on patient, anassessment of system reliability is mandatory. This is done by risk analysis, which aims todetect potential failures of the system. The risk resulting from deployment of the system iscalculated from the probability of occurrence of each failure and from a value quantifying theseverity of the expected damage. For surgical robots, identification of risk potential for thepatient and medical team is most important.

Fig 1. HIA-CaRisMa - software for systematic risk analysis

Risk Analysis for the CRIGOS robot

To perform systematic risk analysis of the CRIGOS surgical robot (CRIGOS-Projekt BMH4-CT97-2427), the HIA-CaRisMa software tool was developed and deployed (CaRisMa - ComputerAssisted Risk Management, Fig. 1). By this tool it is possible to perform both, the failure modeand risk analysis (FMEA) and the fault tree assessment (FTA) methods, both recommendedby EN 1441. Basically potential failures are determined for each function of the system, andconnected to each other by reason and consequence. From these fault trees the softwaresemi-automatically calculates risk parameters (probability for detection, probability foroccurrence, severity) for each level of failure.

Fig 2. Low-level safety system for risk reduction

Low-Level Safety System

To allow for an early detection of failures and thus reducing the identified risk for the patient,an independent low-level safety system was developed. The system monitors a number ofdifferent signals on the level of the robot controller, including motor power, rotation speedand forces to the roboter's tool flange. It is equipped with a micro-controller to performlogic combinations of the monitored values and to test them for exceeding of threshold values. Incase of error detection the drives are stopped and cut from power, while indicating the state to higher control units.
The functioning of the safety hardware was tested by artificial error situation. These included disconnecting of power from the robot drives, placing of an excessive load on the robot anddisconnecting the rotary encoders. All error situations were monitored with 100 Hz anddetected by the safety system from exceeding of threshold value of motor power, or frominconsistencies in encoder values. From these tests it can be concluded that the low-level safetysystem is an important means to lower the risk as it has been identified by CaRisMa risk analysis,and to improve the reliability of the CRIGOS surgical robot.


  • P. Bast: Sicherheitsstrategie für ein Parallelrobotersystem beim Einsatz in der cranialen Neurochirurgie. In: S. Leonhardt, K. Radermacher & T. Schmitz-Rode (ed.): Aachener Beiträge zur Medizintechnik (ISBN 978-3-8322-9160-0), Shaker, 2010, pp. 170