Advanced

Software development and risk management in the safety critical medical device domain

Lindholm, Christin LU (2009)
Abstract
The healthcare sector is one of the fastest growing economic sectors of today. The medical

device domain is one part of that sector. An increasing part of functionality in medical devices

and systems is implemented in software and many features should not be possible to

implement without software.

The use of medical software is an inherent risk to the patient and the outcome of a failure can

vary from death to almost no effect at all. Risks and risk management is closely connected to

medical device domain and it is crucial to all medical device companies to have a good risk

management process. It is also stated in law that the companies developing medical devices

must... (More)
The healthcare sector is one of the fastest growing economic sectors of today. The medical

device domain is one part of that sector. An increasing part of functionality in medical devices

and systems is implemented in software and many features should not be possible to

implement without software.

The use of medical software is an inherent risk to the patient and the outcome of a failure can

vary from death to almost no effect at all. Risks and risk management is closely connected to

medical device domain and it is crucial to all medical device companies to have a good risk

management process. It is also stated in law that the companies developing medical devices

must have a risk management process.

One part of the research in this thesis focuses on the current state of practice in the medical

device domain. As a result of this research, the need for high quality software in this domain

has been identified and also the needs for new techniques, methods and processes to further

improve software quality in the medical device domain. The results have been used to derive a

set of requirements on new processes, methods and techniques in the area, to be used by

researchers as a guide in the development of more adapted processes, methods and techniques

for software development in the medical devices domain.

The other part of the research in this thesis focuses on risk and is based on two experiments.

A number of decisions regarding risks are taken during software project risk management and

it is the people involved that make the decisions. Different people’s opinions about the

importance of identified risks are investigated in an experiment and it is concluded that

different participants have different opinions about how serious risks are concerning faults

remaining after testing are. Probably it is possible to generalise this and conclude that in the

software engineering process different people are more or less risk seeking.

From the second experiment it could be concluded that multiple roles and thereby different

experiences will affect the risk identification process. Involving multiple roles will result in a

more complete set of identified risks than if only one role is included. (Less)
Please use this url to cite or link to this publication:
author
supervisor
organization
publishing date
type
Thesis
publication status
published
subject
keywords
risk management, Software development, medical device
pages
212 pages
publisher
Department of Computer Science, Lund University
language
English
LU publication?
yes
id
27567b51-8368-427b-80ff-25433131b969 (old id 1304138)
date added to LUP
2009-03-06 10:08:54
date last changed
2016-09-19 08:44:47
@misc{27567b51-8368-427b-80ff-25433131b969,
  abstract     = {The healthcare sector is one of the fastest growing economic sectors of today. The medical<br/><br>
device domain is one part of that sector. An increasing part of functionality in medical devices<br/><br>
and systems is implemented in software and many features should not be possible to<br/><br>
implement without software.<br/><br>
The use of medical software is an inherent risk to the patient and the outcome of a failure can<br/><br>
vary from death to almost no effect at all. Risks and risk management is closely connected to<br/><br>
medical device domain and it is crucial to all medical device companies to have a good risk<br/><br>
management process. It is also stated in law that the companies developing medical devices<br/><br>
must have a risk management process.<br/><br>
One part of the research in this thesis focuses on the current state of practice in the medical<br/><br>
device domain. As a result of this research, the need for high quality software in this domain<br/><br>
has been identified and also the needs for new techniques, methods and processes to further<br/><br>
improve software quality in the medical device domain. The results have been used to derive a<br/><br>
set of requirements on new processes, methods and techniques in the area, to be used by<br/><br>
researchers as a guide in the development of more adapted processes, methods and techniques<br/><br>
for software development in the medical devices domain.<br/><br>
The other part of the research in this thesis focuses on risk and is based on two experiments.<br/><br>
A number of decisions regarding risks are taken during software project risk management and<br/><br>
it is the people involved that make the decisions. Different people’s opinions about the<br/><br>
importance of identified risks are investigated in an experiment and it is concluded that<br/><br>
different participants have different opinions about how serious risks are concerning faults<br/><br>
remaining after testing are. Probably it is possible to generalise this and conclude that in the<br/><br>
software engineering process different people are more or less risk seeking.<br/><br>
From the second experiment it could be concluded that multiple roles and thereby different<br/><br>
experiences will affect the risk identification process. Involving multiple roles will result in a<br/><br>
more complete set of identified risks than if only one role is included.},
  author       = {Lindholm, Christin},
  keyword      = {risk management,Software development,medical device},
  language     = {eng},
  note         = {Licentiate Thesis},
  pages        = {212},
  publisher    = {Department of Computer Science, Lund University},
  title        = {Software development and risk management in the safety critical medical device domain},
  year         = {2009},
}