IEC 62304:2006 has ISO 14971:2007 as a normative reference. This means that the risk management standard is “indispensable for the application of this document”.
ISO 14971:2007 says, in clause 3.4.d, that the risk acceptability criteria should include “criteria for accepting risks when the probability of occurrence of harm cannot be estimated”. Clause D.3.2.3 provides four examples “where probabilities are very difficult to estimate”. One is software failure. It also provides, in clause 4.4, “For hazardous situations for which the probability of the occurrence of harm cannot be estimated, the possible consequences shall be listed for use in risk evaluation and risk control”.
Notice that ISO 14971:2007 does say that the probability of software failure must be 100%.
IEC 62304:2006 classifies software systems with the intent of determining the subsequent software development process steps. IEC 62304:2006 Amendment 1 was issued on June 26, 2015 and changed the classification of software systems. The new classes are:
Class A: Software doesn’t contribute to a hazardous situation
Class B: The harm is a non-serious injury
Class C: There is a possibility of serious injury or death
In terms of ISO 14971:2007, recall the sequence: hazard, sequence of events, hazardous situation, and harm. Risk is estimated using the probability and severity of the harm. The classes define the severity (no injury, non-serious injury, serious injury, or death). The probability is the probability of a hazardous situation (software failure = 100%) combined with the probability of the harm with the specified severity. In other words, the software will always create a hazardous situation (100%), but this doesn’t mean exposure with its consequent harm. The risk estimate combines the harm’s severity and its probability.
To finally answer your questions. If you wish to conform to IEC 62304:2006 you must also conform to ISO 14971:2007 as a normative reference.
You should establish probabilities for every harm, not every failure. ISO 14971:2007 does not analyze failures, but hazards – it is not an application of FMEA. To estimate risk and residual risk and to perform the evaluation you need the severity and probability of the harm.
------------------------------
Dan O'Leary
Swanzey NH
United States
Original Message:
Sent: 29-Sep-2016 13:53
From: Gretchen Upton
Subject: Software Risk Assessment and probabilities
Hello,
Quick question as this gets a bit confusing...
For risk assessment of software as device, aren't we to assume that defects will occur and not assign probabilities, but only outline severity?
Also, IEC 62304 speaks of software safety classification and ISO 14971 speaks of estimation of risk. If we wish to conform to both, should I establish probabilities for every failure?
Thank you in advance
------------------------------
Gretchen Upton RAC
San Antonio TX
United States
------------------------------