SOFTWARE DESIGN FOR SIX SIGMA (DFSS) RISK MANAGEMENT PROCESS - Software Design for Six-Sigma: A Roadmap for Excellence

Information Technology Reference

In-Depth Information

TABLE 15.4

Software Risk Classification Criteria

Severity of Hazard/harm

1

2

3

4

5

Likelihood of

Occurrence

Negligible

Marginal

Critical

Serious

Catastrophic

5

Frequent

R 3

R 4

4

Probable

R 2

R 3

R 4

3

Occasional

R 1

R 2

R 3

R 4

2

Remote

R 1

R 2

R 4

1

Improbable

R 1

R 3

R 4 Event

Intolerable- risk is unacceptable and must be reduced.

R 3 Event

Risk should be reduced as low as reasonably practicable - benefits

must rationalize any residual risks even at a considerable cost.

R 2 Event

Risk is unacceptable and should be reduced as low as reasonably

practicable - benefits must rationalize any residual risks at a cost

that represents value.

R 1 Event

Broadly acceptable- No need for further risk reduction.

associated with the software outweigh the residual risk. However, intolerable risks

are not acceptable and must be reduced at least to the level of ALARP risks. If this is

not feasible, then the software must be redesigned with fault prevention standpoint.

The concept of practicability in ALARP involves both technical and economic

consideration, a part of what we defined as business risk earlier in this chapter in

which technical refers to the availability and feasibility of solutions that mitigate or

reduce risk, and economic refers to the ability to reduce risks at a cost that represent

value.

Risk-versus-benefit determination must satisfy at least one of the following: 1)

all practicable measures to reduce the risk have been applied, 2) risk acceptance has

been met, and finally, 3) the benefit that the software provides outweighs the residual

risk.

15.5

RISK CONTROL

Once the decision is made to reduce risk, control activities begin. Risk reduction

should focus on reducing the hazard severity, the likelihood of occurrence, or both.

Only a design revision or technology change can bring a reduction in the severity

ranking. The likelihood of occurrence reduction can be achieved by removing or

controlling the cause (mechanism) of the hazard. Increasing the design verification

actions can reduce detection ranking.

Risk control should consist of an integrated approach in which software companies

will use one or more of the following in the priority order listed: 1) inherent safety

Software Design for Six-Sigma: A Roadmap for Excellence

Search WWH ::

Custom Search

Home