SOFTWARE DESIGN FOR SIX SIGMA (DFSS) RISK MANAGEMENT PROCESS - Software Design for Six-Sigma: A Roadmap for Excellence

Information Technology Reference

In-Depth Information

Residual Risk : The risk remaining after risk controls have been implemented.

Risk : The combination of the probability of occurrence of harm and the severity

of that harm.

Risk Acceptance Criteria : A process describing how the severity, occurrence, risk,

and risk acceptance decisions are determined. The risk acceptance criteria should be

defined in the risk management plan.

Risk Management Process : This process applies to software risks. It is the process

of identifying hazards associated with software, estimating and evaluating the asso-

ciated risks, controlling these risks, and monitoring the effectiveness of the control

throughout the life cycle of the software, including postmarket analysis.

Risk Analysis : The systematic use of information to identify sources and to estimate

the risk. The risk analysis activity may include a hazard analysis to evaluate the clinical

risks and the use of risk analysis tools to support the software product, production

process, and/or postmarket analysis.

Risk Analysis Documents : Any outputs generated from the risk analysis activities.

Risk Analysis Tools : Risk analysis may use tools (risk analysis tools) such as

FMEA, HAZOP, FTA, or other similar analysis methods.

Risk Evaluation : This activity involves the evaluation of estimated risks by using

risk acceptability criteria to decide whether risk mitigation needs to be pursued. The

risk evaluation may include the initial risk, the residual risk acceptance, and/or the

overall product acceptance.

Risk Control : This involves risk reduction, implementation of risk control mea-

sure(s), residual risk evaluation, risk/benefit analysis, and completeness of risk eval-

uation. If a hazard cannot be mitigated completely, then the potential harms must be

communicated to the user. Risk control should consist of an integrated approach in

which one or more of the following, in the priority order, are used: inherent safety

by design, protective measures in software itself or the associated processes, and

information for safety.

Risk Management File : The software's design history file should document the

location of the risk management file or provide traceability to the documentation

and supporting data. The risk management file should include the appropriate record

retention.

Safety : The freedom from unacceptable risk.

Severity : The measure of the possible consequences of a hazard.

User : A user includes the user and service personnel, internal personnel, by-

standers, and environmental impact. The user is any person that interfaces with the

software during the life cycle.

REFERENCES

Blanchard, B.S. and Fabrycky, W.J. (1981), Systems Engineering and Analysis , Prentice Hall,

Upper Saddle River, NJ.

Center for Chemical Process Safety (1992), Guidelines for Hazard Evaluation Procedures

with Worked Examples , 2nd Ed., John Wiley & Sons, New York.

Search WWH ::

Custom Search

Home