The Effective Software FMEA Risk Management Approach
Software FMEA, (Software Failure Modes and Effects Analysis) is a method of risk management that identifies single-fault failure modes in software design and code engineering. During software development, FMEA is applied to prevent possible defects and to ensure the software system safety works predictably. Factors like missing software requirements, software response to hardware anomalies, output variables, interfaces in addition to functions, are all considered during the analysis process. These failure modes are analyzed to consider the consequences of occurrence and the Risk Priority Number associated with it. RPN is provided by management set standards, typically with the traditional ratio of occurrence to severity.
The software FMEA process generally entails planning, training, and documentation on cause and effect analysis, identifying potential failure modes, assigning original RPN ratings pre/post risk mitigation, as are standards in general FMEA. From there, software systems and subsystems (including the Network Element level and Software Components) also undergo failure mode analysis. Afterward, it can be determined what fail-safes software development must cover to mitigate residual risks that exist to the users.
Function and Limitations
Medical devices use various software that, occasionally, can be compiled using existing software, but often must be built from scratch. Failure to target single-fault errors before they reach user-release may result in delaying or restarting the development process. No specific official standards are set for software FMEA, so it is crucial to utilize an experienced partner. Experienced partners can provide assistance in understanding what specific software standards need be applied to the project. Software FMEA should be performed the moment the initial software architecture and functional requirements are designed and periodically thereafter. Doing so permits an accurate Bottom-Up approach of previous releases of medical device software. In contrast, a top-Down approach using the System Engineering FMEA results may not confront in time. FMEA becomes heavily dependent on the precision of the analyst.
Furthermore, while still necessary to the risk management process, FMEA alone is insufficient for completing all requirements of ISO 14971. A clear shortcoming in FMEA pertains to the risks that are not considered throughout the entirety of the development lifecycle that is made explicit by ISO 14971—which need to be sought out individually. Sterling’s extensive expertise in risk management works to not only assure that FMEA applications be applied where necessary, but that all standards of risk management are reviewed to create a high quality, low cost, and reliably safe product.
Failure Analysis is only a part of the story. Click here to learn more about how Sterling applies ISO 14971 to medical device risk management.
