PD IEC/TR 80002-1:2009

PD IEC/TR 80002-1-1:2009 Medical device software. Guidance on the application of ISO 14971 to medical device software

PD IEC/TR 80002-1-1 is a technical report aimed at risk management practitioners who need to perform risk management when software is included in the medical device/system, and at software engineers who need to understand how to fulfil the requirements for risk management addressed in ISO 14971.

BS EN ISO 14971, recognized worldwide by regulators, is widely acknowledged as the principal standard to use when performing medical device risk management. IEC 62304 makes a normative reference to ISO 14971 requiring its use. The content of these two standards provides the foundation for this technical report.

Even though ISO 14971 and this technical report focus on medical devices, this technical report could also be used to implement a safety risk management process for all software in the healthcare environment independent of whether it is classified as a medical device.

Software is often an integral part of medical device technology. Establishing the safety and effectiveness of a medical device containing software requires knowledge of what the software is intended to do and demonstration that the implementation of the software fulfils those intentions without causing any unacceptable risks.

It is important to understand that software is not itself a hazard, but software may contribute to hazardous situations. Software should always be considered in a system perspective and software risk management cannot be performed in isolation from the system.

Complex software designs can permit complex sequences of events which may contribute to hazardous situations. Much of the task of software risk management consists of identifying those sequences of events that can lead to a hazardous situation and identifying points in the sequences of events at which the sequence can be interrupted, preventing harm or reducing its probability.

Software sequences of events which contribute to hazardous situations may fall into two categories:

A) sequences of events representing unforeseen software responses to inputs (errors in specification of the software)

B) sequences of events arising from incorrect coding (errors in implementation of the software).

These categories are specific to software, arising from the difficulty of correctly specifying and implementing a complex system and the difficulty of completely verifying a complex system.

Since it is very difficult to estimate the probability of software anomalies that could contribute to hazardous situations, and since software does not fail randomly in use due to wear and tear, the focus of software aspects of risk analysis should be on identification of potential software functionality and anomalies that could result in hazardous situations – not on estimating probability. Risks arising from software anomalies need most often to be evaluated on the severity of the harm alone.

Risk management is always a challenge and becomes even more challenging when software is involved. The following clauses contain additional details regarding the specifics of software and provide guidance for understanding ISO 14971:2007 in a software perspective. of risk management activities in the software life-cycle.

Contents of PD IEC/TR 80002-1-1 contain:

• General
• Scope
• Normative references
• Terms and definitions
• General requirements for risk management
• Risk management process
• Management responsibilities
• Qualification of personnel
• Risk management plan
• Risk management file
• Risk analysis
• Risk analysis process
• Intended use and identification of characteristics related to the safety of the medical device
• Identification of hazards
• Estimation of the risk(s) for each hazardous situation
• Risk evaluation
• Risk control
• Risk reduction
• Risk control option analysis
• Implementation of risk control measure(s)
• Residual risk evaluation
• Risk/benefit analysis
• Risks arising from risk control measures
• Completeness of risk control
• Evaluation of overall residual risk acceptability
• Risk management report
• Production and post-production information
• Discussion of definitions
• Examples of software causes
• Potential software-related pitfalls
• Life-cycle/risk management grid
• Safety cases
• Bibliography
• Index of defined terms
• Pictorial representation of the relationship of hazard, sequence of events, hazardous situation and harm – from ISO 14971:2007
• FTA showing risk control measure which prevents incorrect software outputs from causing harm
• Relationship between sequence of events, harm and hazard
• Requirements for documentation to be included in the risk management file in addition to ISO 14971:2007 requirements
• Relationship between hazards, foreseeable sequences of events, hazardous situations and the harm that can occur
• Examples of causes by software function area
• Examples of software causes that can introduce side-effects
• Methods to facilitate assurance that risk control methods are likely to perform as intended
• Potential software-related pitfalls to avoid
• Life-cycle/risk management grid

 This part of PD IEC/TR 80002 does not address:

• Areas already covered by existing or planned standards, e.g. alarms, usability engineering, networking
• Production or quality management system software
• Software development tools.

PD IEC/TR 80002-1-1 is not intended to be used as the basis of regulatory inspection or certification assessment activities.