Hello,
I am a little confused on one aspect of 62304. If I have a class C system and I use software as part of a risk control (e.g. an alarm due to loss of some critical function), I need to develop the software item in accordance with Clause 5. Assuming I develop the software item according to the requirements of 62304, when completing a post mitigation risk assessment, can I assume my software risk control works or do I need to assume it never works (i.e. probability of failure is 1).
For example, maybe consider an alarm with software involved that detects a loss of mains power to a device. When looking at whether the software has successfully helped make the risk acceptable can I assume it works 100% of the time or do I need to assume it never works (which seems silly) or is there some middle ground? The standard isn't very clear on this.
Thanks
I am a little confused on one aspect of 62304. If I have a class C system and I use software as part of a risk control (e.g. an alarm due to loss of some critical function), I need to develop the software item in accordance with Clause 5. Assuming I develop the software item according to the requirements of 62304, when completing a post mitigation risk assessment, can I assume my software risk control works or do I need to assume it never works (i.e. probability of failure is 1).
For example, maybe consider an alarm with software involved that detects a loss of mains power to a device. When looking at whether the software has successfully helped make the risk acceptable can I assume it works 100% of the time or do I need to assume it never works (which seems silly) or is there some middle ground? The standard isn't very clear on this.
Thanks