Advanced

A case study on software risk analysis and planning in medical device development

Lindholm, Christin LU ; Holmén Notander, Jesper LU and Höst, Martin LU (2014) In Software Quality Journal 22(3). p.469-497
Abstract
Software failures in medical devices can lead to catastrophic situations. Therefore, it is crucial to handle software-related risks when developing medical devices, and there is a need for further analysis of how this type of risk management should be conducted. The objective of this paper is to collect and summarise experiences from conducting risk management with an organisation developing medical devices. Specific focus is put on the first steps of the risk management process, i.e. risk identification, risk analysis, and risk planning. The research is conducted as action research, with the aim of analysing and giving input to the organisation’s introduction of a software risk management process. First, the method was defined based on... (More)
Software failures in medical devices can lead to catastrophic situations. Therefore, it is crucial to handle software-related risks when developing medical devices, and there is a need for further analysis of how this type of risk management should be conducted. The objective of this paper is to collect and summarise experiences from conducting risk management with an organisation developing medical devices. Specific focus is put on the first steps of the risk management process, i.e. risk identification, risk analysis, and risk planning. The research is conducted as action research, with the aim of analysing and giving input to the organisation’s introduction of a software risk management process. First, the method was defined based on already available methods and then used. The defined method focuses on user risks, based on scenarios describing the expected use of the medical device in its target environment. During the use of the method, different stakeholders, including intended users, were involved. Results from the case study show that there are challenging problems in the risk management process with respect to definition of the system boundary and system context, the use of scenarios as input to the risk identification, estimation of detectability during risk analysis, and action proposals during risk planning. It can be concluded that the risk management method has potential to be used in the development organisation, although future research is needed with respect to, for example, context limitation and how to allow for flexible updates of the product. (Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Contribution to journal
publication status
published
subject
in
Software Quality Journal
volume
22
issue
3
pages
469 - 497
publisher
Springer
external identifiers
  • wos:000338530800005
  • scopus:84927805065
ISSN
0963-9314
DOI
10.1007/s11219-013-9222-2
language
English
LU publication?
yes
id
922f0db0-cb0c-49a8-8f07-28c5f0114db3 (old id 4075174)
date added to LUP
2013-10-07 14:38:38
date last changed
2017-02-12 03:50:06
@article{922f0db0-cb0c-49a8-8f07-28c5f0114db3,
  abstract     = {Software failures in medical devices can lead to catastrophic situations. Therefore, it is crucial to handle software-related risks when developing medical devices, and there is a need for further analysis of how this type of risk management should be conducted. The objective of this paper is to collect and summarise experiences from conducting risk management with an organisation developing medical devices. Specific focus is put on the first steps of the risk management process, i.e. risk identification, risk analysis, and risk planning. The research is conducted as action research, with the aim of analysing and giving input to the organisation’s introduction of a software risk management process. First, the method was defined based on already available methods and then used. The defined method focuses on user risks, based on scenarios describing the expected use of the medical device in its target environment. During the use of the method, different stakeholders, including intended users, were involved. Results from the case study show that there are challenging problems in the risk management process with respect to definition of the system boundary and system context, the use of scenarios as input to the risk identification, estimation of detectability during risk analysis, and action proposals during risk planning. It can be concluded that the risk management method has potential to be used in the development organisation, although future research is needed with respect to, for example, context limitation and how to allow for flexible updates of the product.},
  author       = {Lindholm, Christin and Holmén Notander, Jesper and Höst, Martin},
  issn         = {0963-9314},
  language     = {eng},
  number       = {3},
  pages        = {469--497},
  publisher    = {Springer},
  series       = {Software Quality Journal},
  title        = {A case study on software risk analysis and planning in medical device development},
  url          = {http://dx.doi.org/10.1007/s11219-013-9222-2},
  volume       = {22},
  year         = {2014},
}