Paul, generally speaking, your risk management/clinical risk department should have allready set in place an appropiate criteria for grading any medical device in terms of its associated risk.
Generally speaking, it may consist of a simple number process from 1-5 for example. each then sub divided into further categories, that may entail things like, "Near miss" "Death" "Clinical error" Injury to patient" and the likes. These are just a few thing I recall from memory, (getting old now).

Ours is not to reason why?,
Simply obey & then comply !