Page 159 - Safety Risk Management for Medical Devices
P. 159

138   Safety Risk Management for Medical Devices


                   The Software System is software safety class B if:
                   2   the software system can contribute to a Hazardous Situation which results in
                       unacceptable risk after consideration of Risk Control measures external to
                       the Software System and the resulting possible harm is non-serious injury.
                      The Software System is software safety class C if:
                   2   the Software System can contribute to a Hazardous Situation which results in
                       unacceptable risk after consideration of Risk Control measures external to the
                       Software System and the resulting possible harm is death or serious injury.”

                   Naturally these definitions necessitate the need to know what “serious Injury” is.
                IEC 62304 [9] sec. 3.23 defines Serious Injury as:
                   “injury or illness that:

                   a. is life threatening, or
                   b. results in permanent impairment of a body function or permanent damage to a
                      body structure, or
                   c. necessitates medical or surgical intervention to prevent permanent impairment
                      of a body function or permanent damage to a body structure
                NOTE Permanent impairment means an irreversible impairment or damage to a body
                structure or function excluding trivial impairment or damage.”
                   These definitions are not well aligned with the definitions of seriousness of Harm as
                offered in ISO 14971 [3,7] and cited in Table 17.1. One could roughly align the defini-
                tion of Serious Injury with a combination of Critical and Serious from ISO 14971 [3].
                   All Harms have an associated Hazardous Situation. If the Hazardous Situation can
                manifest solely due to software failure, then P 1 for that Hazardous Situation is
                presumed to be 100% and risks are equal to the P 2 numbers for each Harm severity
                class. According to IEC 62304 [9] Section 7.2.2, the safety class of software that is
                intended to be a Risk Control is based on the risk that the risk-control-measure is
                controlling. If the software Risk Control is controlling the risk of a software item,
                then its class would be the same as the class of the controlled software. If the software
                Risk Control is controlling the risk of a hardware item, then use the following algo-
                rithm to determine the software safety class for the Risk Control software.

                   1. What Harm(s) can the hardware-failure cause? Utilizing the Harms Assessment
                      List (HAL), identify the Harm severity class that has the highest probability. If
                      more than one Harm is identified, choose the highest class among all the Harms.
                   2. Using Table 15.6 select the software safety class that correlates to the hardware
                      severity class from Step 1.
   154   155   156   157   158   159   160   161   162   163   164