When do you need to do a software hazard analysis?
ฝัง
- เผยแพร่เมื่อ 27 ก.ย. 2024
- At least once a week, I have a call with the founder of a new MedTech company that developed a new software application as a medical device (SaMD). The founder will ask me to explain the process for obtaining a 510(k), and they want help with software validation.
Although you can create all of your software validation documentation after you create a working application, certain tasks are important to perform before you develop software code. One of the most important pre-requisite tasks for software developers is hazard analysis. If you develop an application first and then document the software hazard analysis, you will struggle with hazards you failed to address in the development process. This always happens, and it is one of the biggest causes of delays in device product launches.
If you hire a consultant to create a hazard analysis for you, that person will probably copy hazards from ANSI AAMI IEC TIR 80002-1:2009 (Annex B). They will delete the hazards that don't apply to your software, but there are several pages of potential hazards listed in that Annex. If you did not identify a risk control for the hazards they identified, then there won't be an SRS item associated with it. You also won't have an SDS item. You won't be able to complete your traceability matrix for the software documentation either. This is why you need to do the hazard analysis before you write you code and before you create your SRS document.
If you have other questions, please visit our blog on this topic:
medicaldevicea...
Do you have to do a hazard analysis for new features you add to the non-device functions of the software medical device? The Multiple Function Guidance would say only an impact analysis, but I know some developers would say nothing at all.
The software hazard analysis needs to be updated whenever you make a change to the SRS or the SDS. An impact analysis is intended to identify how much revalidation is required for the change, and IEC/TR 80002-1 was created to help developers understand that a software hazard analysis needs to include more than just hazards that directly cause harm. The software hazard analysis needs to include hazardous situations too.