Changing software classification via software - IEC 62304

david316

Involved In Discussions
#1
I have a question about the software classification as per clause 4.3 in edition 1.1. (2015 version) of 62304. In clause 4.3 the following statement is made:

For a SOFTWARE SYSTEM initially classified as software safety class B or C, the MANUFACTURER may implement additional RISK CONTROL measures external to the SOFTWARE SYSTEM (including revising the system architecture containing the SOFTWARE SYSTEM) and subsequently assign a new software safety classification to the SOFTWARE SYSTEM.

NOTE 1 External RISK CONTROL measures can be hardware, an independent SOFTWARE SYSTEM, health care procedures, or other means to minimize that software can contribute to a HAZARDOUS SITUATION.

So, I as understand this, you can change the software classification if a risk control external to the software makes the risk acceptable. As stated in Note 1, a risk control can be an independent software system. I don’t understand why when doing the software classification you assume 100% probability for software failure, but then the standard allows you to reduce the risk by an independent software system and potentially change the software classification. This seems counter intuitive. I would you assume you would need to justify the independent software control is effective at reducing the risk though the use of best practise for design and testing. Comments?

As a follow-up, how independent is independent. Can an independent software system be in the same microprocessor if you partition it appropriately and have an appropriate architecture? The standard kind of hints at this in Annex B.4.3?

Any input will be greatly appreciated.
 
Elsmar Forum Sponsor

Marcelo

Inactive Registered Visitor
#2
I don’t understand why when doing the software classification you assume 100% probability for software failure,
This is clearly explained in B.4.3 (which was taken from 80002-1 to put in the standard so people may try to stop saying that the (erroneous) statement that the hazardous situation probability is 100 % (when in fact what is meant is that only the software failure, which is part of the sequence of events that characterize P1, is suggested to be 100 %).

I'm not sure what else can be said.


but then the standard allows you to reduce the risk by an independent software system and potentially change the software classification. This seems counter intuitive.
This was included because it was never the intention of the standard that the software classification is done once and can never change. Coming from the discussion above, clearly it's possible to have a risk probability (P1 x P2) which is different from 1, if there are events on the sequence of events of P1 that reduce the probability.

I would you assume you would need to justify the independent software control is effective at reducing the risk though the use of best practise for design and testing. Comments?
"Best practise for design and testing" does not reduce risk. Only inherit safe design (unconditional safety), protective measures (conditional safety) and information for safety (descriptive safety) reduces risk (please note that ISO 14971 does allow, in the second level, protective measures in the manufacturing process as control, but this is technically incorrect).

But you are right the the independent software control is effective at reducing the risk, as is already required by the verification of effectiveness requirement of ISO 14971.

As a follow-up, how independent is independent. Can an independent software system be in the same microprocessor if you partition it appropriately and have an appropriate architecture? The standard kind of hints at this in Annex B.4.3?
This is mainly related to be independent enough so a failure in one does not directly lead to a failure in the other.
 

david316

Involved In Discussions
#3
As per Figure 3, there is the statement in the figure:

"A SOFTWARE SYSTEM which implements RISK CONTROL measure may fail, and this may contribute to a HAZARDOUS SITUATION. The resulting HARM may include the HARM which the RISK CONTROL measure is designed to prevent (see 7.2.2b)"

In 7.2.2b it states
"assign to each SOFTWARE ITEM that contributes to the implementation of a RISK CONTROL measure a software safety class based on the RISK That the RISK CONTROL measure is controlling and develop the SOFTWARE ITEM in accordance with Clause 5"

So.... If as per figure 4.3 and clause 4.3 I have a software system that is class C, I can reduce the software classification by having an external risk control if the risk is acceptable (e.g. independent SOFTWARE SYSTEM) . But, assuming the risk control is an independent software system, the software in the independent software system now becomes class C. That's how I read it anyway.
 

Marcelo

Inactive Registered Visitor
#4
As per Figure 3, there is the statement in the figure:

"A SOFTWARE SYSTEM which implements RISK CONTROL measure may fail, and this may contribute to a HAZARDOUS SITUATION. The resulting HARM may include the HARM which the RISK CONTROL measure is designed to prevent (see 7.2.2b)"

In 7.2.2b it states
"assign to each SOFTWARE ITEM that contributes to the implementation of a RISK CONTROL measure a software safety class based on the RISK That the RISK CONTROL measure is controlling and develop the SOFTWARE ITEM in accordance with Clause 5"

So.... If as per figure 4.3 and clause 4.3 I have a software system that is class C, I can reduce the software classification by having an external risk control if the risk is acceptable (e.g. independent SOFTWARE SYSTEM) . But, assuming the risk control is an independent software system, the software in the independent software system now becomes class C. That's how I read it anyway.
Well, yes, but please note that failure of a software system that implement a risk control measure does not directly leads to a hazardous situation. It may lead to a hazardous situation, as mentioned in the standard.
 
Thread starter Similar threads Forum Replies Date
R Changing Document Control software. Must I transfer EVERYTHING? Document Control Systems, Procedures, Forms and Templates 3
S Documentation needed when changing software due non-compliance of 21 CRF Part 11 Qualification and Validation (including 21 CFR Part 11) 2
J Control of Obsolete Documents - Changing document control software ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
Q Global change software where changing one document changes all documents Quality Assurance and Compliance Software Tools and Solutions 1
S Sterilization validation after changing sterilization process provider Qualification and Validation (including 21 CFR Part 11) 3
R Impact of changing manufacturer post clinical investigation CE Marking (Conformité Européene) / CB Scheme 3
D Clothes changing in pharmaceutical factory Manufacturing and Related Processes 8
M Changing supplier of critical raw material (III class device) Other Medical Device and Orthopedic Related Topics 1
K Changing the Address in 510(K) Approved Product 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
T AS9100 - Changing PEARs target AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 41
C FDA on changing acceptance criteria re: analytical method validation US Food and Drug Administration (FDA) 1
V Statistical basis and justification while comparing / changing sampling plans Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 11
K Changing from Procedure based to Process based Competency Evaluations General Auditing Discussions 5
J Steps when changing material for class 1 medical device 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
Marc Email Addresses - Changing your email address Elsmar Xenforo Forum Software Instructions and Help 0
supadrai OEM Changing the name of the manufacturer - length of process? Is 1-3 months correct? Other Medical Device Regulations World-Wide 0
A IMDS - Changing the Locked Weight Value RoHS, REACH, ELV, IMDS and Restricted Substances 1
D Changing Templates Approval Field Document Control Systems, Procedures, Forms and Templates 5
P Romer Arm - Profile of a Surface Changing General Measurement Device and Calibration Topics 4
L MINITAB 17 - Changing Data Using Minitab Software 3
S Process validation when changing location ISO 13485:2016 - Medical Device Quality Management Systems 10
Don Fardie CAPA vs. Risk Assessment - Changing a product material for better performance ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
C Changing Registrars Registrars and Notified Bodies 15
MDD_QNA Changing the Layout of Medical Device Label(s) CE Marking (Conformité Européene) / CB Scheme 3
S Keeping track of the changing Medical Device Standards Other Medical Device Related Standards 3
J Changing of our New Hire Orientation Training Records Training - Internal, External, Online and Distance Learning 12
A Changing a Form Template & Updating Records ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
D Is anyone changing their ISO 14001:2004 EMS Policy? ISO 14001:2015 Specific Discussions 8
Q Changing Terminology in ISO 9001:2015 - Documentation Content ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
V Changing Indication of Use for a Class IIa Medical Device EU Medical Device Regulations 2
B Changing out Thermocouple - Is new calibration required? General Measurement Device and Calibration Topics 1
F Rules to respect when changing from Certification Body ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
MDD_QNA Clinical data requirements - Changing a Class I Medical Device to Class II EU Medical Device Regulations 5
shimonv Changing the Label of a Medical Device product in the field Other US Medical Device Regulations 5
E Information required about changing an off shelf part 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
M Changing FMEA template to include Detection Ranking for the PFMEA FMEA and Control Plans 2
WCHorn Changing Sampling Accept Number to Zero, Arbitrarily AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
M Amending CFDA Registration for changing site of shipment China Medical Device Regulations 2
S Gage R&R on Potentially Changing Parts - Guidance Needed Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
R Re-registration of medical device in Russia - "changing holder" Other Medical Device Regulations World-Wide 1
R Changing CE Mark on Documentation ISO 13485:2016 - Medical Device Quality Management Systems 2
K Changing the Auditor within a Notified Body ISO 13485:2016 - Medical Device Quality Management Systems 4
B Process Capability - Changing Limits to Improve Cpk or find Root Causes? Capability, Accuracy and Stability - Processes, Machines, etc. 6
M Changing Notified Body - Anyone have stories to share CE Marking (Conformité Européene) / CB Scheme 3
R Changing ISO 9001 Certification Scope Quality Manager and Management Related Issues 4
W Depth Gage Spindle moved when changing Contact Point Calibration and Metrology Software and Hardware 6
M Changing a Chinese Legal Agent China Medical Device Regulations 5
B Changing dimensional tolerances to approve rejected product ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
Q How to handle customer request for changing specifications 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
T Change Control Requirements when changing Suppliers IATF 16949 - Automotive Quality Systems Standard 4

Similar threads

Top Bottom