M
Not sure if this will help, but it has helped me in the past in similar circumstances.
https :// www -950.ibm.com/events/wwe/grp/grp004.nsf/vLookupPDFs/IEC%2062304%20presentation/$file/IEC%2062304%20presentation.pdf - DEAD LINK
See page 12 in the above links - IEC 62304 " If the HAZARD could arise from the failure of the SOFTWARE SYSTEM to behave as specified, the probability of such failure shall be assumed to be 100%”.
The FDA looks at this in a similar manner.
http :// www .fda .gov/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm089543.htm#8 - DEAD LINK
The risk associated with Software Devices varies over a continuum from negligible to very severe. In general, FDA considers risk as the product of the severity of injury and the probability of its occurrence. However, software failures are systemic in nature and therefore the probability of occurrence cannot be determined using traditional statistical methods. Therefore, we recommend that you base your estimation of risk for your Software Device on the severity of the hazard resulting from failure, assuming that the failure will occur. We also recommend that you use risk identification and control techniques described in consensus standards such as ISO 14971
http: //www .fda. gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM073779.pdf - DEAD LINK
The FDA states: On the software engineering side, probabilities of occurrence would normally be based on software failure rates. However, software failures are systematic in nature and therefore their probability of occurrence can not be determined using traditional statistical methods.
Because the risk estimates for hazards related to software cannot easily be estimated based on software failure rates, CDRH has concluded that engineering risk management for medical device software should focus on the severity of the harm that could result from the software failure. Hazard Analysis is defined as the identification of Hazards and their initiating causes [IEC 60601-1-4]. Based on the definition of Risk Analysis in ISO DIS 14971 and EN 1441, hazard analysis is actually a subset of risk analysis; because risk analysis for software cannot be based on probability of occurrence, the actual function of risk analysis for software can then be reduced to a hazard analysis function. Technically speaking, the use of either term risk or hazard analysis is appropriate. However, CDRH has chosen to use the term hazard analysis to reinforce the concept that calculating risk based on software failure rates is generally not justified, and that it is more appropriate to manage software safety risk based on the severity of harm rather then the software failure rates.
Search on Risk here:
http :// www .fda. gov /MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm085281.htm - DEAD LINK
https :// www -950.ibm.com/events/wwe/grp/grp004.nsf/vLookupPDFs/IEC%2062304%20presentation/$file/IEC%2062304%20presentation.pdf - DEAD LINK
See page 12 in the above links - IEC 62304 " If the HAZARD could arise from the failure of the SOFTWARE SYSTEM to behave as specified, the probability of such failure shall be assumed to be 100%”.
The FDA looks at this in a similar manner.
http :// www .fda .gov/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm089543.htm#8 - DEAD LINK
The risk associated with Software Devices varies over a continuum from negligible to very severe. In general, FDA considers risk as the product of the severity of injury and the probability of its occurrence. However, software failures are systemic in nature and therefore the probability of occurrence cannot be determined using traditional statistical methods. Therefore, we recommend that you base your estimation of risk for your Software Device on the severity of the hazard resulting from failure, assuming that the failure will occur. We also recommend that you use risk identification and control techniques described in consensus standards such as ISO 14971
http: //www .fda. gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM073779.pdf - DEAD LINK
The FDA states: On the software engineering side, probabilities of occurrence would normally be based on software failure rates. However, software failures are systematic in nature and therefore their probability of occurrence can not be determined using traditional statistical methods.
Because the risk estimates for hazards related to software cannot easily be estimated based on software failure rates, CDRH has concluded that engineering risk management for medical device software should focus on the severity of the harm that could result from the software failure. Hazard Analysis is defined as the identification of Hazards and their initiating causes [IEC 60601-1-4]. Based on the definition of Risk Analysis in ISO DIS 14971 and EN 1441, hazard analysis is actually a subset of risk analysis; because risk analysis for software cannot be based on probability of occurrence, the actual function of risk analysis for software can then be reduced to a hazard analysis function. Technically speaking, the use of either term risk or hazard analysis is appropriate. However, CDRH has chosen to use the term hazard analysis to reinforce the concept that calculating risk based on software failure rates is generally not justified, and that it is more appropriate to manage software safety risk based on the severity of harm rather then the software failure rates.
Search on Risk here:
http :// www .fda. gov /MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm085281.htm - DEAD LINK
Last edited by a moderator:
