Is foreseeable misuse considered as single fault condition?

#31
If 1st failure is not obvious (hidden), second failure is assumed. This is dual fault condition to be evaluated. If dual fault is not safe (e.g. probability is too high), you may need to consider one more protection or fault detection.

Threshold is depending on the severity of harm. For critical, such as multiple death, 0.0001% is normally expected.
Point taken, thanks!
 
Elsmar Forum Sponsor

MediKit

Starting to get Involved
#32
Hi Apex Hao, just adding to VinceTech's reply - your option 1 illustrates the important of self-test or proof test.. Assuming your reliability of 90% is for the operating life of the device (e.g. 10 years), i.e. 10% failure after 10 years, if a system check is expected to be run every year, the probability of all 3 layers to fail at the same time within 1 years will be way less than 0.999. For example, your probability of failure for each layer within 1 year may becomes 1% instead of 10%. So you reliability now becomes 0.999999. I think this is what makes it easier to achieve high reliability using multiple layers of protections vs a single layer of protection.

But yes, if you do not have any proof test or automatic self-test that will be run within a known period of time,, then multiple layers may still not be sufficient if their reliability is low.
 
#33
Hi Apex Hao, just adding to VinceTech's reply - your option 1 illustrates the important of self-test or proof test.. Assuming your reliability of 90% is for the operating life of the device (e.g. 10 years), i.e. 10% failure after 10 years, if a system check is expected to be run every year, the probability of all 3 layers to fail at the same time within 1 years will be way less than 0.999. For example, your probability of failure for each layer within 1 year may becomes 1% instead of 10%. So you reliability now becomes 0.999999. I think this is what makes it easier to achieve high reliability using multiple layers of protections vs a single layer of protection.

But yes, if you do not have any proof test or automatic self-test that will be run within a known period of time,, then multiple layers may still not be sufficient if their reliability is low.
Hi, thanks for the heads up!

There is indeed a feature which "forces" the user to run some checkup after a certain time frame. The tricky part is that, as mentioned in previous discussion in this thread, this feature is software and its reliability can hardly be predicted. My previous calculation is therefore based on the "assumption" that this software is not functioning as it should.

Software is still like a pandora box from where i work and its discussion does not always lead to conclusive judgement. I am planning to refer to IEC 61508 software development lifecycle and propose the vigor of SIL 4 to justify that the software is robust.
 

Peter Selvey

Staff member
Moderator
#34
In the question in post #25 (Apex Hao) is actually a good point to raise.

Single fault safety is built around simple math that if X is very small, then X² is really really tiny. Specifically, for high severity harm (death etc.) there should be two independent systems both of which have small probabilities of failure, such that probability of two faults is negligible. A reasonable threshold for this to be effective is each system having 0.001 dangerous faults per year. This is not difficult with modern electronics including software, keeping in mind that many if not most faults are benign. The X² approach has another benefit in making the system not sensitive to the precise probabilities. They just have to be very small.

In practice, the failure rate of a single system needs to be small anyhow to be economically viable. So, in effect we are saying ... take a single system that has "normal" reliability for economically viability, and then double it. In general that should be fine for high severity harm.

I think the point that Apex Hao is highlighting is that nowhere in the standard is there an explicit statement that for "single fault safe" to be effective, the "faults" have to be relatively rare. Failure rates of 0.1 are not even in the ball park.

The "hidden fault" scenario is often misunderstood. It does not mean that if a fault is hidden you have to assume a probability of 1. The correct view is to be aware that double fault probabilities increase with time squared, the impact of which is not intuitive. Let's say a system has a simple flat failure rate of 0.02 events / year (this number is just to illustrate the effect). In the first year of use it is 0.02 faults per year, and 10 years later it is still 0.02 events per year. Now, if you combined two systems, the X² effect makes it 0.0004 events per year, but only in the first year. Even if the individual rates are flat, for double faults the rate starts to climb: in the second year 0.0008, after 7 years it is 0.0028 per year (the formula is NX², where N is the number of years). That effect can push the rate above the criteria for acceptable risk. The typical solution is to perform periodic checking of protection system, which resets the cycle and brings it back to X². But it's important to note that this is just a extra step, a refinement. You have to start with a good X² in the first place before worrying about hidden faults.

Software is nothing special. It has to be reasonably reliable in order to be economically effective. As long as normal design controls are applied, and the systems are independent, the X² idea works fine even if there is software involved.

For software, one way to think about it is to consider option (A) two independent systems, each system has 100 hours used in formal software verification, and (B) a single system with 1000 hours in formal software verification. Although the verification time in option B is much higher, it's still likely to have more risk than option A. Having two independent systems is by far the most efficient way to make risk negligible.

Note that any reference to having two independent systems is usually only needed for high severity harm. And there's always special cases where it's not practical to apply. This is just discussing the general background behind "single fault safety".
 
Thread starter Similar threads Forum Replies Date
O Safety Classification and Reasonably Foreseeable Misuse IEC 62304 - Medical Device Software Life Cycle Processes 3
B Interpreting "misuse" when assessing Hazardous Situations ISO 14971 - Medical Device Risk Management 2
A Should Intentional Misuse be covered in the Risk Analysis under ISO 62366? IEC 62366 - Medical Device Usability Engineering 3
C Medical Device Malfunction during misuse - Does this need to be reported to the FDA? Other US Medical Device Regulations 5
U The Misuse of Lean Principles Lean in Manufacturing and Service Industries 12
D Another binomial use/misuse question Inspection, Prints (Drawings), Testing, Sampling and Related Topics 6
Le Chiffre Misuse of the ISO name! ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 39
Marc ISO Gets Tough - Cracks down on misuse of the ISO name by web sites World News 1
S What is considered a "core algorithm"? (From an FDA guidance document) Medical Information Technology, Medical Software and Health Informatics 4
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
D CE Marked product considered a Drug in India Other Medical Device Regulations World-Wide 0
J Are DAM tools, Mobile application, clinical dashboard, etc. considered accessories to medical device or supportive functions? Manufacturing and Related Processes 4
S Is any dissatisfaction over a Medical Device considered as a complaint? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
I Is highlighting on a printed document considered a change? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
M Are mortuary/autopsy tables considered to be medical devices EU Medical Device Regulations 7
K AS9100D Clause 7.5.2.a) - What is considered to be "documented information"? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 5
V Which batches should or could be considered for design validation and design verification? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
M Professional Use Medical Software French Labeling for Canada -- Not Considered Medical Device Canada Medical Device Regulations 2
S Tools and equipment provided by customer - Considered as external provider? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
S What is considered the complete software medical device? Medical Information Technology, Medical Software and Health Informatics 6
D Risk Register - have we considered enough and is the format acceptable? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
E Are EEG electrodes considered as one applied part? IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
R Can a Attribute Study be considered a Visual Inspection? Reliability Analysis - Predictions, Testing and Standards 6
M What is considered an "Audit Day" for OASIS AEA application? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 1
K What can be considered a "Post Delivery Activity" (ISO 9001:2015 Clause 8.5) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
C What is considered a "Critical" Raw Material? (Re: DNA Synthesis) Misc. Quality Assurance and Business Systems Related Topics 3
F Is Training Material Considered Labeling - FDA 21 CFR 801 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
C DFAR 252.225-7008 - Is aluminum, say T6061, considered specialty metal (i) steel? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 6
I What are considered next generation ITSM tools? IT (Information Technology) Service Management 1
J Can a Surge test fail to a test level and still considered as Compliant? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
Y Which version of ISO 13485 would be considered for MDSAP certificate? Canada Medical Device Regulations 8
L AIs the R&R study a training evidence considered ? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 2
Chris Ford When is a device considered "sold to the general public?" Canada Medical Device Regulations 2
M Is Pain considered Harm in ISO 14971? ISO 14971 - Medical Device Risk Management 11
F Can be several measurement in a repl considered as nested factor in Minitab analysis Using Minitab Software 14
J Can some measurements be considered information only and not need calibration? General Measurement Device and Calibration Topics 7
M Is a computer used in hospitals considered a medical device? ISO 13485:2016 - Medical Device Quality Management Systems 17
S Are Polyethylene-folie gloves considered Medical Device ? EU Medical Device Regulations 4
T Has anyone considered what logic is? Coffee Break and Water Cooler Discussions 23
D Identification and Traceability 7.5.3 - What is considered Traceable? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
JodiB Is Metals Analysis of Water Samples considered "sampling"? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 15
J Is painting considered a Special Process as defined by ISO 9001 7.5.2? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
E Extent of modification to be considered as Modified Adoption Other ISO and International Standards and European Regulations 1
R How much Protective Current Rating of Building Branch Circuit should be considered? IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
O Is this considered Design and Development in ISO9001? Mushroom Farming ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
V What are Basic Dimensions about and why are they considered basic? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 2
A Outsourcing Records Storage - Compliance Aspects to be considered during Audits Document Control Systems, Procedures, Forms and Templates 7
I Are KPIs (Key Performance Indicators) considered as Quality Objectives? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
R Should Nurse Call Systems be considered as ME Equipment or System? IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
sagai New Draft Guidance from FDA - Factors considered for Risk/Benefit Determination Other US Medical Device Regulations 4
Similar threads


















































Top Bottom