The Effective Software FMEA Risk Management Approach

Software FMEA, also known as Software Failure Modes and Effects Analysis, is a specific method of risk management that pertains to identifying single-fault failure modes in software design and code engineering. During software development, medical device FMEA is applied to prevent possible defects that might occur and ensure the software system safety works predictably. Factors like missing software requirements, software response to hardware anomalies, output variables, interfaces in addition to functions, are all considered during the analysis process. These possible defects are known as failure modes which are analyzed to consider the consequences of occurrence and the Risk Priority Number associated with it. RPN is provided by management set standards, typically with the traditional ratio of occurrence to severity.


The software FMEA process generally entails planning, training, and documentation on cause and effect analysis, identifying potential failure modes, assigning original RPN ratings pre/post risk mitigation, as are standards in general FMEA. From there, software systems and subsystems (including the Network Element level and Software Components) also undergo failure mode analysis. Afterward, it can be determined what fail-safes software development must cover in order to mitigate and create awareness for residual risks that exist to the users.


Function and Limitations of FMEA in Medical Device Software Development


Medical devices use a wide array of software that, in some cases, can be compiled using previous existing software, but most often must be built from scratch. Single-fault errors that are not targeted early on before they reach user-release may become extremely costly resultant of delaying or restarting the medical device development process. As there are no specific official standards set for software FMEA and its process overall—it is crucial to utilize the expertise of an experienced partner to provide a sense of what specific software standards need be applied to the development of a project. Software FMEA should be performed the moment the initial software architecture and functional requirements are designed and periodically thereafter. Doing so permits an accurate Bottom-Up approach of previous releases of medical device software, where a Top-Down approach using the System Engineering FMEA results may not confront in time. FMEA becomes heavily dependent on the precision of the analyst.


Furthermore, FMEA, while still necessary and useful to the risk management process overall, independently it is insufficient for completing all required standards of ISO 14971 during medical device development. A clear shortcoming in FMEA pertains to the risks that are not considered throughout the entirety of the development lifecycle that is made explicit by ISO 14971—which need to be sought out individually. Sterling’s extensive expertise in risk management works to not only assure that FMEA applications be applied where necessary, but that all standards of risk management are reviewed to create a high quality, low cost, and reliably safe product.