We have had an interesting internal discussion. Section 4.3(a) if 62304 says, when addressing the safety classification, “If the HAZARD could arise from a failure of the SOFTWARE SYSTEM to behave as specified, the probability of such failure shall be assumed to be 100 percent.”
The discussion arose about how this translates into the risk analysis. We're using an FMEA-type approach with severity / likelihood scales of 1..5.
In one school of thought, the failure WILL (100%) occur but the likelihood of it failing can still be considered (pre-controls). So a likelihood of occurrence of '1' (on the 1..5 scale) means that it WILL occur (thus meeting the 100% requirement) but it's still quite unlikely to occur over the life of use.
The other school of though is that, prior to mitigation, the likelihood must be 5 (to meet the 100% requirement) since it will occur at any given instance (and thus considering it occurring at the worst possible time).
We recognize that the root of the difference is the view (over the life -v- any given point in time).
Curious how others are approaching this. Maybe there's an entirely different method other than the FMEA approach that would be more suitable?
The discussion arose about how this translates into the risk analysis. We're using an FMEA-type approach with severity / likelihood scales of 1..5.
In one school of thought, the failure WILL (100%) occur but the likelihood of it failing can still be considered (pre-controls). So a likelihood of occurrence of '1' (on the 1..5 scale) means that it WILL occur (thus meeting the 100% requirement) but it's still quite unlikely to occur over the life of use.
The other school of though is that, prior to mitigation, the likelihood must be 5 (to meet the 100% requirement) since it will occur at any given instance (and thus considering it occurring at the worst possible time).
We recognize that the root of the difference is the view (over the life -v- any given point in time).
Curious how others are approaching this. Maybe there's an entirely different method other than the FMEA approach that would be more suitable?