FDA Premarket Submissions for Embedded Software - Level of Concern

kreid

Involved In Discussions
Hello,

I have been looking into the level of concern for a piece of embedded software under development.
Question 4 of Table 1 of the FDA Premarket Submissions for Software guide, asks:
Prior to mitigation of hazards, could a failure of the Software Device result in death or serious injury, either to a patient or to a user of the device?
As part of the design of the device a Preliminary Hazard Analysis was carried out which showed that a software failure might lead to a serious injury. As a result of the PHA the device is being designed so that there are hardware safe-guards to prevent any software failiures leading to serious injury.
My question is, does the "Prior to mitigation" part of Q4 mean that if the design is created (based on the PHA) that prevents software failures causing serious hazards, does this constitute a risk mitigation, and hence still qualify it as software of a major concern or can we say that the design is such that software failures cannot contribute to serious harm.

In effect, at what point in the design and development lifecycle should Q4 be asked?

Thanks
 

yodon

Leader
Super Moderator
While this may seem to be skirting the question a bit, IEC 62304 does make this rather clear:

If the RISK of death or SERIOUS INJURY arising from a software failure is subsequently reduced to an acceptable level (as defined by ISO 14971) by a hardware RISK CONTROL measure, either by reducing the consequences of the failure or by reducing the probability of death or SERIOUS INJURY arising from that failure, the software safety classification may be reduced from C to B; and if the RISK of non-SERIOUS INJURY arising from a software failure is similarly reduced to an acceptable level by a hardware RISK CONTROL measure, the software safety classification may be reduced from B to A.

Given that and the fact that 62304 is a recognized consensus standard by the FDA, I think you'd be in a pretty defensible position if you did so.
 

kreid

Involved In Discussions
Hi Yodon,
Thanks for your response.

My problem is that for the FDA if the software failure could cause a seriuos injury pre-mitigation then it is classsed as a major level of concern and this has an impact on registration and other activities.

The excerpt you quote from 62304 is a common approach in safety critcal software systems but the FDA approach would seem to penalise someone following the good engineering practice of changing a design to limit the effects of software failure.

Kreid
 

kreid

Involved In Discussions
As an aside the passage you quote from 62304 was removed in the last update.

It was replaced by a flow chart that I think is very confusing, and makes it difficult to conclude your software is anything but Class A!
 

yodon

Leader
Super Moderator
As an aside the passage you quote from 62304 was removed in the last update.

It was replaced by a flow chart that I think is very confusing, and makes it difficult to conclude your software is anything but Class A!

I think it's generally the same; they just replaced hardware control with control external to the software system.
 
Top Bottom