A case study on software risk analysis and planning in medical device development

Lindholm, Christin; Holmén Notander, Jesper; Höst, Martin

A case study on software risk analysis and planning in medical device development

Mark

Lindholm, Christin ^LU ; Holmén Notander, Jesper ^LU and Höst, Martin ^LU (2014) In Software Quality Journal 22(3). p.469-497

Abstract: Software failures in medical devices can lead to catastrophic situations. Therefore, it is crucial to handle software-related risks when developing medical devices, and there is a need for further analysis of how this type of risk management should be conducted. The objective of this paper is to collect and summarise experiences from conducting risk management with an organisation developing medical devices. Specific focus is put on the first steps of the risk management process, i.e. risk identification, risk analysis, and risk planning. The research is conducted as action research, with the aim of analysing and giving input to the organisation’s introduction of a software risk management process. First, the method was defined based on... (More); Software failures in medical devices can lead to catastrophic situations. Therefore, it is crucial to handle software-related risks when developing medical devices, and there is a need for further analysis of how this type of risk management should be conducted. The objective of this paper is to collect and summarise experiences from conducting risk management with an organisation developing medical devices. Specific focus is put on the first steps of the risk management process, i.e. risk identification, risk analysis, and risk planning. The research is conducted as action research, with the aim of analysing and giving input to the organisation’s introduction of a software risk management process. First, the method was defined based on already available methods and then used. The defined method focuses on user risks, based on scenarios describing the expected use of the medical device in its target environment. During the use of the method, different stakeholders, including intended users, were involved. Results from the case study show that there are challenging problems in the risk management process with respect to definition of the system boundary and system context, the use of scenarios as input to the risk identification, estimation of detectability during risk analysis, and action proposals during risk planning. It can be concluded that the risk management method has potential to be used in the development organisation, although future research is needed with respect to, for example, context limitation and how to allow for flexible updates of the product. (Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/4075174

author

Lindholm, Christin ^LU ; Holmén Notander, Jesper ^LU and Höst, Martin ^LU

organization

publishing date

2014

type

Contribution to journal

publication status

published

subject

Computer Science

in

Software Quality Journal

volume

22

issue

3

pages

469 - 497

publisher

Springer

external identifiers

wos:000338530800005
scopus:84927805065

ISSN

0963-9314

DOI

10.1007/s11219-013-9222-2

language

English

LU publication?

yes

additional info

Published online before assigned to an issue

id

922f0db0-cb0c-49a8-8f07-28c5f0114db3 (old id 4075174)

date added to LUP

2016-04-01 13:52:28

date last changed

2022-05-15 07:42:06

@article{922f0db0-cb0c-49a8-8f07-28c5f0114db3,
  abstract     = {{Software failures in medical devices can lead to catastrophic situations. Therefore, it is crucial to handle software-related risks when developing medical devices, and there is a need for further analysis of how this type of risk management should be conducted. The objective of this paper is to collect and summarise experiences from conducting risk management with an organisation developing medical devices. Specific focus is put on the first steps of the risk management process, i.e. risk identification, risk analysis, and risk planning. The research is conducted as action research, with the aim of analysing and giving input to the organisation’s introduction of a software risk management process. First, the method was defined based on already available methods and then used. The defined method focuses on user risks, based on scenarios describing the expected use of the medical device in its target environment. During the use of the method, different stakeholders, including intended users, were involved. Results from the case study show that there are challenging problems in the risk management process with respect to definition of the system boundary and system context, the use of scenarios as input to the risk identification, estimation of detectability during risk analysis, and action proposals during risk planning. It can be concluded that the risk management method has potential to be used in the development organisation, although future research is needed with respect to, for example, context limitation and how to allow for flexible updates of the product.}},
  author       = {{Lindholm, Christin and Holmén Notander, Jesper and Höst, Martin}},
  issn         = {{0963-9314}},
  language     = {{eng}},
  number       = {{3}},
  pages        = {{469--497}},
  publisher    = {{Springer}},
  series       = {{Software Quality Journal}},
  title        = {{A case study on software risk analysis and planning in medical device development}},
  url          = {{http://dx.doi.org/10.1007/s11219-013-9222-2}},
  doi          = {{10.1007/s11219-013-9222-2}},
  volume       = {{22}},
  year         = {{2014}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

A case study on software risk analysis and planning in medical device development