Page 149 - Safety Risk Management for Medical Devices
P. 149

128   Safety Risk Management for Medical Devices


















                Figure 15.1 Contribution of software to Hazards.


                   Of the above types of software only 3.b is not safety related, and the rest should be
                included in the software risk management process.
                   As depicted in Fig. 15.1, Hazards are the consequence of a chain of events.
                Exposure to Hazards can cause Harm. Since exposure to software cannot cause Harm,
                software itself is not a Hazard. But software failures can cause Hazards in the System
                context. To determine the risks due to software, we’ll need to identify the Harms that
                could result from software failures.
                   Understanding the contribution of software to Hazards and Harms can be
                achieved via top-down System analyses, e.g., Fault Tree Analysis. This requires
                knowledge of the System architecture, indication for use, and the context within
                which the System operates. Starting with potential Harms of the System deductively
                analyze the pathways which could lead to those Harms. If no pathway contains soft-
                ware, you can conclude that software in that System is not a contributor to Hazards.
                   If it is established that software is a contributor to Hazards and device risks, it is ben-
                eficial to analyze the software architecture to determine the roles and contributions of
                the various software items to risk. For simple devices, the manufacturer may choose to
                treat the software as a black box and bypass the software architectural analysis.
                   Before we proceed, it’s important to understand some relevant vocabulary. Three
                important terms are:
                Software System   An integrated collection of Software Items organized to accomplish a
                                  specific function or set of functions [9]
                Software Unit     Software Item that is not subdivided into other items [9]
                Software Item     Any identifiable part of a computer program, i.e., source code, object
                                  code, control code, control data, or a collection of these items [9]

                                  All levels of software composition can be called software Item,
                                  including the top-level: Software System, and the bottom-level:
                                  Software Unit
   144   145   146   147   148   149   150   151   152   153   154