Information Technology Reference
In-Depth Information
The risk management process starts early on during the voice of the customer
(VOC) stage (see Chapter 11 for DFSS project road map) by identifying poten-
tial hazards and establishing risk assessment criteria. A risk management plan de-
fines the process for ensuring that hazards resulting from errors in the customer
usage environment, foreseeable software misuses, and the development and produc-
tion of nonconformities are addressed. A risk management plan should include the
following:
1. The scope of the plan in the context of the software development life cycle as
applicable
2. A verification plan, allocation of responsibilities and requirements for activities
review
3. Criteria for risk acceptability
Risk management plans are performed on software platforms where activities are
reviewed for effectiveness either as part of a standard design review process or as
independent stand-alone reviews. Sometimes the nature of hazards and their causes
are unknown, so the plan may change as knowledge of the software is accumulated.
Eventually, hazards and their controls should be linked to verification and validation
plans.
At the DFSS identify phase, risk estimation establishes a link between require-
ments and hazards and ensures the safety requirements are complete. Then risk
assessment is performed on the software as a design activity. Subsequently, risk miti-
gation, including risk elimination and/or reduction, ensures that effective traceability
between hazards and requirements are established during verification and validation.
Risk acceptability and residual risks are reviewed at applicable milestones (see Chap-
ter 11 for DFSS tollgate in ICOV process). It is very important for management to
determine responsibilities, establish competent resources, and review risk manage-
ment activities and results to ensure that an effective management process is in place.
This should be an on-going process in which design reviews and DFSS gate reviews
are decision-making milestones.
A risk management report summarizes all results from risk management activities
such as a summary of the risk-assessment-techniques, risk-versus-benefit analysis,
and the overall residual risk assessment. The results of all risk management activities
should be recorded and maintained in a software risk management file. See Section
15.7 for more details on the roles and responsibilities that can be assumed by the
software DFSS team members in developing a risk management plan.
15.3
SOFTWARE RISK ASSESSMENT TECHNIQUES
Risk assessment starts with a definition of the intended use of the software and their
potential risks or hazards, followed by a detailed analysis of the software function-
ality or characteristics that cause each of the potential hazards, and then finally, a
Search WWH ::




Custom Search