Software as control or protection will lead to different Software Safety Class?

Marcelo

Inactive Registered Visitor
#11
Generally regarding the software classification, a "simple" solution is - forget about the classification system and apply the whole standard all the time - you may need to justify that some requirements will require less effort for some less complex devices, but at least you won't spend hours/days discussing the classification. I've already said several times during meetings that my feeling is the classification causes more harm than good, so it probably should be taken out (unfortunately most experts did not agree because they were afraid of having to do too much work).

Anyway, regarding the C to A problem, I'm making some inquiries and will follow up in a while. This was pointed out in one of the draft, but it was also thought to be solved by the current flowchart. Now that you mention it, it may not have been solved. But just take care with the fact that the classification can go from C to B if the severity is reduced.
 
Elsmar Forum Sponsor

Marcelo

Inactive Registered Visitor
#12
Also, I would suggest taking care with the 100%. The software failure being 100% does not mean the P1 is 100%, as the software failure if one event in the sequence of events leading to harm, and it thus does not mean that P (the probability of occurrence of harm) is 100 % either. This still confuses most people reading the standard (and it's another reason to remove the safety classification :p)
 

sagai

Quite Involved in Discussions
#13
I do not really mind the concept of safety classification for the software, however it should have been originated by the target safety level of the hardware that it runs on.
I do mind however the Class A measures those are not even would be the approach to develop software of any kind.
As for the failure rate of software, there is still the running "theory" of software only device. Okay, so if it software only (whatever it means), 100% failure rate of the software stands for any fmea that is for the software only device.
Cheers
 
Last edited:

Peter Selvey

Staff member
Super Moderator
#14
The idea of applying Class C controls all the time (the whole standard) doesn't work in theory as the resources required would be too high.

It might work in practice if the manufacturers declare Class C but actually prepare surface level, Class B like records, and then the regulators (auditors etc.) don't really check the implementation is Class C level.

To be honest, I think this is what happens now and will only increase thanks to the A1/Figure 3.

It's really difficult to document Class C and there are similar difficulties to audit it properly.

I have been involved in a number of projects recently handing performance and functional safety testing, including implementing faults to see the protection systems operate. Then I'm asked to check PEMS/62304. The problem is that by that stage I'm very familiar with the design and it's clear the manufacturers really struggle to keep the design documentation matching the actual system, especially with traceability. The designers are doing a great job with the design, the actual implementation makes sense, but the documentation is surface level only, scratch away a little and it falls apart.

I think most regulators don't scratch so the don't see the disconnect between the documentation and the actual design.

My guess is the only way to achieve an accurate specification and test would be to wait for the design to stabilise, throw away the original documents, start with a blank sheet and reverse engineer from the final design. That way you can be sure to capture exactly what the software and hardware really do. But by that stage the designers are exhausted and just want to close the project :)
 

VinceTech

Involved In Discussions
#15
Yes, P1 is the probability of failure occurrence, P2 is the probability of failure leading to harm. The probability of harm is P1* P2. Process in Fig. 3 assumes P1 is 1. However, have we ever challenged how P2 is determined. A regulatory body may requires the evaluation of P2 when they see we use P2 for reducing the classification of software. The evaluation of P2 may lead more work than just developing a Class C software in the end. No saving at all.
 

Marcelo

Inactive Registered Visitor
#16
Yes, P1 is the probability of failure occurrence, P2 is the probability of failure leading to harm. The probability of harm is P1* P2. Process in Fig. 3 assumes P1 is 1. However, have we ever challenged how P2 is determined.
Nope. Figure 3 assumes software failure is 1, not P1 is 1. If there are other events (after the software failure) in the sequence of events leading do P1 which are different than 1, then P1 won't be 1. This is exactly one of the reason we drafted Figure 3 in the first place.
 

VinceTech

Involved In Discussions
#17
No difference,

Let me change is. P1 = p11*p12, P11 is the probability of failure occrence, P11 is the rest of sequence of event leading to hazardous situation, P2 is the P of hazardous situation leading to harm. Then the probability of harm is P=P11*P12*P2 = P1* P2.

What about if P12 and P2 are both 1. which is still possible? If not possible, how the conditional probability P12 can be determined under the condition P11 is 1.

Thanks.
 

sagai

Quite Involved in Discussions
#18
Our designer believed a good design is better than correct classification. However, a regulatory body will spend months or years to argue the correct classification is more important than a design itself because they believe it is 'objective' to follow the standard process.
:sarcasm:
We could keep reading all day longs the recall and adverse incident reports of devices those were deemed to have good design by their designers.
 

VinceTech

Involved In Discussions
#19
Nope. Figure 3 assumes software failure is 1, not P1 is 1. If there are other events (after the software failure) in the sequence of events leading do P1 which are different than 1, then P1 won't be 1. This is exactly one of the reason we drafted Figure 3 in the first place.
Hi Marcelo

If in 3rd step of the process the risk is acceptable, the process will be ended with Class A. Could you give an example how to derive a class B software using the process if the harm under consideration is serious. Do you think the intention of the process is to require a class C software even if an independent risk control has been involved in mitigating serious harm?

Thanks
 
Last edited:
Thread starter Similar threads Forum Replies Date
I Document Control Software Document Control Systems, Procedures, Forms and Templates 2
N ISO 13485 7.3.9 Change control in medical device software ISO 13485:2016 - Medical Device Quality Management Systems 6
GreatNate Master Control QMS software Quality Tools, Improvement and Analysis 0
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
C 8.5.1.1 Control of Equipment, Tools, and Software Programs - Questions about the extent of control of NC programs AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
R Software change control process and defect tracking ISO 13485:2016 - Medical Device Quality Management Systems 1
J Document Control Software Needed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
R SaMD - Software as a Medical Device - Software change control form ISO 13485:2016 - Medical Device Quality Management Systems 3
R Changing Document Control software. Must I transfer EVERYTHING? Document Control Systems, Procedures, Forms and Templates 3
JoCam Medical Device Software - Apps which can control medical devices EU Medical Device Regulations 13
D Software as risk control - Confused on one aspect of IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 20
D Software for advancing with Document Control Quality Assurance and Compliance Software Tools and Solutions 4
A CAQ Software - Implementation of a Software for FMEA's and Control Plans FMEA and Control Plans 0
Y Risk Control Implemented in Software IEC 60601 - Medical Electrical Equipment Safety Standards Series 6
M IEC 62304 Applicability - GUI Control Software IEC 62304 - Medical Device Software Life Cycle Processes 3
A 5.5.3 - Software Unit Acceptance Criteria (Risk Control Measures) IEC 62304 - Medical Device Software Life Cycle Processes 3
T Software for linking Process Flow Diagram, Process FMEA and Control Plan APQP and PPAP 9
A Non-Conforming Material Control and Inventory Software System Recommendations Quality Assurance and Compliance Software Tools and Solutions 5
I Any recommendations on software for managing the APQP, PPAP, PFMEA, Control Plan etc? Quality Assurance and Compliance Software Tools and Solutions 2
M Is explicit revision control needed if handled automatically by software? Document Control Systems, Procedures, Forms and Templates 6
H ISO 9001:2008 Clause 7.6 Control of Monitoring and Measurement (Computer Software) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
O Camio Output Control - Programming on Camio 4.6 CMM Software Inspection, Prints (Drawings), Testing, Sampling and Related Topics 1
D Documentation Control Software for small companies on a Budget Quality Assurance and Compliance Software Tools and Solutions 10
C Change Control Forms Post Software Validation Medical Information Technology, Medical Software and Health Informatics 2
L OpenDocMan Document Control Software Question Document Control Systems, Procedures, Forms and Templates 2
R A simple electronic (software) document control question ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
J Implementing "Gage Control Software" Is anyone using this program? Calibration and Metrology Software and Hardware 12
D Drawing Revision Control Software Document Control Systems, Procedures, Forms and Templates 3
K Change Control for Software System that Controls Aspects of GMP Quality Assurance and Compliance Software Tools and Solutions 5
E Help with ECR/DCR Document Change Control Software Validation Qualification and Validation (including 21 CFR Part 11) 6
M How to Choose the Best Document Control Software Quality Assurance and Compliance Software Tools and Solutions 14
Z Floppy Disk Software Control - Floppy Disk with Software for Testing Document Control Systems, Procedures, Forms and Templates 4
M Has anyone used "Paradigm 3" software to Control their Quality or Management System? Quality Tools, Improvement and Analysis 2
C Process Mapping Electronic Document Control Software Recommendations Quality Tools, Improvement and Analysis 5
L Engineering Change Control Software Systems - Recommendations? Document Control Systems, Procedures, Forms and Templates 2
B Work Instruction Application (Software for Document Control) Quality Assurance and Compliance Software Tools and Solutions 2
V Electronic Document Control Software suggestions wanted Document Control Systems, Procedures, Forms and Templates 14
L Data Management and Web based Document Control Software Document Control Systems, Procedures, Forms and Templates 18
J Design Control & Rapid Prototyping - Medical Device Software 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
A Choosing Document Control Software Document Control Systems, Procedures, Forms and Templates 13
D How to Control Software Program based Forms - Document Control Document Control Systems, Procedures, Forms and Templates 1
A ISO 13485, Document Control and Software Validation ISO 13485:2016 - Medical Device Quality Management Systems 9
C Document Control Software Pricing Document Control Systems, Procedures, Forms and Templates 1
M Commercially available software solution for the control of our CNC programs. Records and Data - Quality, Legal and Other Evidence 3
T Document Control of ERP Report Format from Software Document Control Systems, Procedures, Forms and Templates 13
T Control of Medical Device Software Subcontractor ISO 13485:2016 - Medical Device Quality Management Systems 1
M Document Control Software Program with Revision Tracking Recommendations Document Control Systems, Procedures, Forms and Templates 7
Casana Control ES vs. Compliant Pro Document Control Software - Recommendations please Document Control Systems, Procedures, Forms and Templates 1
J What SPC (Statistical Process Control) software is your company using? Statistical Analysis Tools, Techniques and SPC 15
M Do you use Software to Control Preventative & Corrective Actions? Quality Assurance and Compliance Software Tools and Solutions 1

Similar threads

Top Bottom