Hello all,
In 62304 you are allowed to reduce a software class by the use of external risk controls (clause 4.3). For example the flow-chart allows you to reduce a class C software item to class A with the use of an external risk controls. If the risk control contains software, it inherits the software classification based on the risk it is preventing (clause 7.2.2). Therfore the original software item would be class A and the external risk control would be class C. Can anyone provide guidance on what the software classification should be if you have 2 independent external risk controls that contain software? Which is correct below?
1)
-Origianl software item that can cause serious harm (assigned class A based on external risk control)
-First external risk control (assigned class C based on risk of original software item)
-Second external risk control (assigned class A as it is not needed and isn't considered to provide any meaningful additional safety)
2)
-Origianl software item that can cause serious harm (assigned class A based on external risk control)
-First external risk control (assigned class A based on the fact that there is a second independent external risk control, so if this risk control failure there is redundacy)
-Second external risk control (assigned class A based on the fact that there is a second independent external risk control, so if this risk control failure there is redundacy)
Thank you for any guidance
In 62304 you are allowed to reduce a software class by the use of external risk controls (clause 4.3). For example the flow-chart allows you to reduce a class C software item to class A with the use of an external risk controls. If the risk control contains software, it inherits the software classification based on the risk it is preventing (clause 7.2.2). Therfore the original software item would be class A and the external risk control would be class C. Can anyone provide guidance on what the software classification should be if you have 2 independent external risk controls that contain software? Which is correct below?
1)
-Origianl software item that can cause serious harm (assigned class A based on external risk control)
-First external risk control (assigned class C based on risk of original software item)
-Second external risk control (assigned class A as it is not needed and isn't considered to provide any meaningful additional safety)
2)
-Origianl software item that can cause serious harm (assigned class A based on external risk control)
-First external risk control (assigned class A based on the fact that there is a second independent external risk control, so if this risk control failure there is redundacy)
-Second external risk control (assigned class A based on the fact that there is a second independent external risk control, so if this risk control failure there is redundacy)
Thank you for any guidance