Page 148 - Safety Risk Management for Medical Devices
P. 148

CHAPTER 15


                   Software Risk Management





                   Abstract
                      Software can have a strong influence on the safety of medical devices. This includes new software as
                      well as legacy software and SOUP. IEC 62304 offers guidance and strategies that support the creation
                      of safer software. These strategies in concert with ISO 14971 allow management of risks due to
                      software failures. SFMEA as one of the tools of software risk management is expounded in this chap-
                      ter, and special tips are offered for successful development of safety-critical medical software.
                   Keywords: Software risk management; Software FMEA; SFMEA; legacy software; SOUP; software safety
                   classification



                   Software can have a strong influence on the safety of medical devices. Software for
                   complex Systems is difficult to correctly specify, implement, and verify. Errors in software
                   requirements specification, and software design and implementation are the main
                   contributors of software-caused System Hazards. The most effective way to manage risks
                   due to software is to consider the role of software before System design is completed.
                      Though deterministic, software is not necessarily predictable for complex Systems.
                   This makes risk management of software a particularly difficult challenge. IEC 62304
                   [9] suggests three means to manage software risks:

                      1. Safety Classification, Risk Controls, and rigor in software development
                      2. Software configuration management
                      3. Software problem resolution process

                      Safety classification of software is covered in Section 15.3. Software configuration
                   management and problem resolution process are/should be part of the Quality system,
                   and are not discussed in this book.
                      With respect to functionality in medical devices, three types of software can be identified:
                      1. Software that provides clinical function
                      2. Software that is used as a Risk Control measure
                         a. For hardware failures
                         b. For software failures
                         c. For use-failures
                      3. Other software
                         a. Software whose failure could create a safety impact
                         b. Software whose failure would not create a safety impact

                   Safety Risk Management for Medical Devices                    r 2018 Elsevier Ltd.
                   DOI: https://doi.org/10.1016/B978-0-12-813098-8.00015-5         All rights reserved.  127
   143   144   145   146   147   148   149   150   151   152   153