Page 163 - Safety Risk Management for Medical Devices
P. 163

142   Safety Risk Management for Medical Devices


                identification of software-caused Hazards, the probability of occurrence of the Hazard
                is computed by following the sequence of events as depicted in Fig. 3.1, where one of
                the events is a software failure with a known probability.
                   The risk estimation follows the quantitative method as described in Section 17.3.

                15.4.2 Case 2—New software
                For Case 2, the probability of occurrence of software failure cannot be estimated. As
                depicted in Fig. 3.1, in hazard theory, software failure would be an event in the chain
                of events leading to the realization of the Hazard, and the Hazardous Situation.
                Without knowing the probability of occurrence of the software failure, P 1 cannot be
                estimated. Following the guidance in ISO 14971 [3,7] section D.3.2.3, instead of try-
                ing to estimate P 1 , we’ll focus on reducing the probability of software failures, and
                thus reducing the related harms.

                The steps of the BXM method for software risk analysis are:
                   1. Ensure software requirements are correct. Tools: modeling, simulation, reviews.
                   2. Define the software architecture, and classify all software items per IEC 62304 [9].
                   3. Ensure software implementation is correct. Tools: structured walkthroughs, peer
                      reviews, testing, automation, use of robust processes, and levels of rigor pre-
                      scribed for the different software safety classifications.
                   4. Reduce safety classification of software items (to the degree possible) via the use of
                      Risk Controls that are external to the software.

                   Next, develop the software in compliance to IEC 62304 [9] and do not estimate the
                risks due to software-induced Hazards. It follows that without an estimate of software
                risks, software risks could not be included in the computation of the overall residual risks.

                15.5 RISK MANAGEMENT FILE ADDITIONS

                Implementation of IEC 62304 [9] introduces additional documentation requirements.
                The resulting artifacts are to be stored in the RMF. Table 15.7 lists these additional
                entries in the RMF.


                15.6 RISK CONTROLS
                Risk Controls fall in three categories:

                   1. Inherent safety by design
                   2. Protective measures
                   3. Information for safety

                   See further elaboration in Section 18.2 on Risk Control option-analysis.
   158   159   160   161   162   163   164   165   166   167   168