Information Technology Reference
In-Depth Information
well-defined rating scale to evaluate the potential risk. The risk in both normal and
fault conditions then is estimated. In risk evaluation, the DFSS team decides whether
risk reduction is needed. Risk assessment includes risk identification, analysis, and
evaluation. Brainstorming is a useful tool for identifying hazards. Requirement doc-
uments are another source for hazard identification because many hazards are associ-
ated with the nonfulfillment or partial fulfillment of each requirement. For example,
in infusion medicine instruments, there may be software requirements for medica-
tion delivery and hazards associated with overdelivery or underdelivery. Estimating
the risks associated with each hazard usually concludes the risk analysis part of the
process. The next step is risk evaluation and assessment.
As defined earlier in this chapter, risk is the combination of the likelihood of
harm and the severity of that harm. Risk evaluation can be
qualitative
or
quantitative
depending on when in the software life cycle the risk estimation is occurring and
what information is available at that point of time. If the risk cannot be established
or predicted using objective (quantitative) data, then expert judgment may be ap-
plied. Many risk analysis tools can be used for risk assessment; in this chapter we
will discuss some common tools used in the software industry such as preliminary
hazard analysis (PHA), hazard and operability (HAZOP) analysis, failure mode and
effects analysis (FMEA), and fault tree analysis (FTA). We then will touch base
on other risk analysis tools used by other industries as a gateway to the software
industry.
15.3.1
Preliminary Hazard Analysis (PHA)
PHA is a qualitative risk assessment method for identifying hazards and estimating
risk based on the intended use of the software. In this approach, risk is estimated by
assigning severity ratings to the consequences of hazards and likelihood of occurrence
ratings to the causes. PHA helps to identify risk reduction/elimination measures early
in the design life cycle to help establish safety requirements and test plans.
15.3.2
Hazard and Operability Study (HAZOP)
The HAZOP technique (Center for Chemical Process Safety, 1992) can be defined as
the application of a systematic examination of complex software designs to find actual
or potentially hazardous procedures and operations so that they may be eliminated
or mitigated. The methodology may be applied to any process or project although
most practitioners and experts originate in chemical and offshore industries. This
technique usually is performed using a set of key words (e.g., “more,” “less,” and
“as well as”). From these key words, a scenario that may result in a hazard or an
operational problem is identified. Consider the possible flow problems in a process
control software controlling the flow of chemicals; the guide word “more” will
correspond to a high flow rate, whereas that for “less” will correspond to a low flow
rate. The consequences of the hazard and the measures to reduce the frequency with
which the hazard will occur are evaluated.
Search WWH ::
Custom Search