A case study on software risk analysis and planning in medical device development
Lindholm, Christin LU
; Holmén Notander, Jesper
LU
and Höst, Martin
LU
(2014)
In Software Quality Journal
22(3).
p.469-497
- Abstract
- Software failures in medical devices can lead to catastrophic situations. Therefore, it is crucial to handle software-related risks when developing medical devices, and there is a need for further analysis of how this type of risk management should be conducted. The objective of this paper is to collect and summarise experiences from conducting risk management with an organisation developing medical devices. Specific focus is put on the first steps of the risk management process, i.e. risk identification, risk analysis, and risk planning. The research is conducted as action research, with the aim of analysing and giving input to the organisation’s introduction of a software risk management process. First, the method was defined based on... (More)
- Software failures in medical devices can lead to catastrophic situations. Therefore, it is crucial to handle software-related risks when developing medical devices, and there is a need for further analysis of how this type of risk management should be conducted. The objective of this paper is to collect and summarise experiences from conducting risk management with an organisation developing medical devices. Specific focus is put on the first steps of the risk management process, i.e. risk identification, risk analysis, and risk planning. The research is conducted as action research, with the aim of analysing and giving input to the organisation’s introduction of a software risk management process. First, the method was defined based on already available methods and then used. The defined method focuses on user risks, based on scenarios describing the expected use of the medical device in its target environment. During the use of the method, different stakeholders, including intended users, were involved. Results from the case study show that there are challenging problems in the risk management process with respect to definition of the system boundary and system context, the use of scenarios as input to the risk identification, estimation of detectability during risk analysis, and action proposals during risk planning. It can be concluded that the risk management method has potential to be used in the development organisation, although future research is needed with respect to, for example, context limitation and how to allow for flexible updates of the product. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/4075174
- author
- Lindholm, Christin
LU
; Holmén Notander, Jesper
LU
and Höst, Martin
LU
- organization
- publishing date
- 2014
- type
- Contribution to journal
- publication status
- published
- subject
- in
- Software Quality Journal
- volume
- 22
- issue
- 3
- pages
- 469 - 497
- publisher
- Springer
- external identifiers
-
- wos:000338530800005
- scopus:84927805065
- ISSN
- 0963-9314
- DOI
- 10.1007/s11219-013-9222-2
- language
- English
- LU publication?
- yes
- additional info
- Published online before assigned to an issue
- id
- 922f0db0-cb0c-49a8-8f07-28c5f0114db3 (old id 4075174)
- date added to LUP
- 2016-04-01 13:52:28
- date last changed
- 2025-01-03 16:30:23
@article{922f0db0-cb0c-49a8-8f07-28c5f0114db3,
abstract = {{Software failures in medical devices can lead to catastrophic situations. Therefore, it is crucial to handle software-related risks when developing medical devices, and there is a need for further analysis of how this type of risk management should be conducted. The objective of this paper is to collect and summarise experiences from conducting risk management with an organisation developing medical devices. Specific focus is put on the first steps of the risk management process, i.e. risk identification, risk analysis, and risk planning. The research is conducted as action research, with the aim of analysing and giving input to the organisation’s introduction of a software risk management process. First, the method was defined based on already available methods and then used. The defined method focuses on user risks, based on scenarios describing the expected use of the medical device in its target environment. During the use of the method, different stakeholders, including intended users, were involved. Results from the case study show that there are challenging problems in the risk management process with respect to definition of the system boundary and system context, the use of scenarios as input to the risk identification, estimation of detectability during risk analysis, and action proposals during risk planning. It can be concluded that the risk management method has potential to be used in the development organisation, although future research is needed with respect to, for example, context limitation and how to allow for flexible updates of the product.}},
author = {{Lindholm, Christin and Holmén Notander, Jesper and Höst, Martin}},
issn = {{0963-9314}},
language = {{eng}},
number = {{3}},
pages = {{469--497}},
publisher = {{Springer}},
series = {{Software Quality Journal}},
title = {{A case study on software risk analysis and planning in medical device development}},
url = {{http://dx.doi.org/10.1007/s11219-013-9222-2}},
doi = {{10.1007/s11219-013-9222-2}},
volume = {{22}},
year = {{2014}},
}