The document outlines the integration of risk management within the IEC 62304 framework, emphasizing the interdependence of design and risk management in medical devices. It discusses various risk management elements, including hazard identification, risk evaluation, and control measures, alongside regulatory standards like ISO 14971 and ISO 13485. Additionally, it introduces aligned elements as tools for consistent documentation and risk analysis throughout the software lifecycle.

1. Risk Management and IEC 62304
Applying IEC 62304 Risk Management in Aligned Elements
February 2015

2. Elements
Medical Devices and Risk Management
 Workflows and functions drives
Risk Management
 Risk Management drives Design
 Design and Risk Management
are interdependent
 Traceability connects Design and
Risk Management
Workflows
&
Functions
Hazardous
Situation
Risk
Risk
Control
Design

3. Elements
Risk Management and Regulations
ISO 13485
QMS
ISO 14971
Risk
Management
IEC 62304
Software
Lifecycle
IEC 60601-1
Security in
Electromedical
devices
IEC 62366
Usability
Refers to
Refers to
Refers to

4. Elements
Risk Management and Regulations
ISO 13485
QMS
ISO 14971
Risk
Management
IEC 62304
Software
Lifecycle
Design &
Maintenance of
software in MD
IEC 60601-1
Security in
Electromedical
devices
IEC 62366
Usability
Affects
Affects
Affects

5. Elements
General Concepts of Risk Assessments
 Identify Hazards
 Evaluate Risks (likelihood &
consequences)
 Perform Risk Reduction
 Evaluate residual Risks

6. Elements
Risk Management in IEC 62304
 Risk drives the level of
documentation required
 Software Safety Classification of
architectural artifacts
 Risk inheritance in architecture
 Systematic risks => 100% probability
of occurrence
 Affects not only development, also
affects maintenance
Software System
Class C
Software Item
Class C
Software Unit
Class C
Software Unit
Class B
Software Item
Class A
Software Item
Class A

7. Elements
Documenting Medical Device Development
 Increasing number of regulations
 Development documentation is difficult,
complex and resource intensive to manage
 Aligned Elements helps you “build” a
consistent and complete documentation
 Free up valuable resources from
cumbersome administrative tasks

8. Elements
Aligned Elements – a medical device ALM
 Manages the DHF Design Control Items
 Version Control + Traceability + Documents
 Integrated Risk Management
 Real-time quality checks on content
 Ensures completeness and consistency

9. Elements
FMEA
 Concerns Safety & “Business”
 Widely adopted technique
 Versatile usage
 Probability x Severity x
Visibility
Preliminary Hazard Analysis
 Concerns Safety / Harm only
 In the early design phase
 Full device implementation is
not required
 Aligned with ISO 14971
Risk Assessments in Aligned Elements

10. Elements
Preliminary Hazard Analysis (PHA) Overview
Cause
(with probability)
Harm
(with severity)
Hazardous
Situation
Risk Control
Measure
Hazard

11. Elements
Risk Analysis Element
PHA in Aligned Elements
Cause
Harm
(with severity)
Hazardous
Situation
Risk Control
Measure
Reusable Elements
Probability of
Harm
Potential
Hazard

12. Elements
PHA in Aligned Elements

13. Elements
Aligned Elements PHA in Word

14. Elements
Risk Analysis
PHA and Traceability
Cause 1
Measure 1
Cause 2
Cause 3
Measure 2
Measure 3
SW Use Case
HW Function
SW Item
SW
Requirement
Instructions
For Use
HW
Specification
Potential
Hazards

15. Elements
Aligned Elements as Risk Management Tool
 Automatic calculation of RPN
 Automatic checks of RPN against
thresholds
 Reuse of Harms, Causes and Measures
 Measures grouped and sorted according
to Risk Reduction Type
 Highlighting of insufficiently controlled
risks
 Highlighting of unimplemented Measures
 Risk elements integrated with Design
trace landscape

16. Elements
Risk Management in IEC 62304
Cause
Hazardous
Situation
Risk Reduction
Measure
Hazard Software Item
Software
Requirement
Verification
IEC 62304 – 7.3.3 Document Traceability

17. Elements
Risk Analysis
IEC 62304 PHA in Aligned Elements
Cause
Measure
Software Item
(with classification)
SW
Requirement
Verification
Harm
Does classification
match Harms in the
Risk Analysis?
Hazardous
Situation
Are Risk Control
Measures implemented
and verified?

18. Elements
Software Safety Classification (SSC) in Aligned
Automatic Rule Checks:
 Is SSC consistent with severity of
(implicitly) linked Harms?
 Is SSC consistent with classification
of dependent Software Items?
Specify Rules:
 SSC inheritance of Software Items
 Software Item must trace to Cause
 Connect Severity of Harm with SSC
Severity of Harm Classification
5 or 4 C
3 or 2 B
1 A

19. Elements
Risk Analysis
SSC example in Aligned Elements
Cause
Software Item
(Class B)
SW Unit
(Class C)
Harm
Severity: 5
Not OK!
Not OK!
Severity of Harm Classification
5 or 4 C
3 or 2 B
1 A

20. Elements
IEC 62304 and Probability in Risk Management
 Software error probability is difficult
to estimate
 Software errors are systematic
 IEC 62304 claims that Software
Safety Classification shall not
depend on probability, only on harm
 Assume Probability of software
error = 100% (section 4.3. a)
 Can we reduce the probability with
our Risk Control Measures?

21. Elements
Use two probabilities:
 Probability of Hazardous Situation (P1)
 Probability of Harm (P2)
Usage:
 P2 can be estimated by professional (e.g.
a Medical Doctor)
 Adapt risk policy and thresholds
 Risk Control Measures affect P1 and P2
Using two probabilities
Software
Error
Hazardous
Situation
Harm
P1
P2

22. Elements
Two probabilities in Aligned Elements

23. Elements
Two probabilities in Aligned Elements

24. Elements
Architecture vs. Functional Usage
 Architecture: Hierarchical
decomposition of Software
into Items and Units
 Software risk emanates from
how we use the software
i.e. in which functional
context we use the software
items
 Functional use cuts across
the architecture
Use Case
1
(high risk)
Use Case
2
(mid risk)
Use Case
3
(low risk)
SW Item 1
SW Item
2
SW Item 4
SW Item
3
SW Unit
1
SW Unit
2
SW Unit
3

25. Elements
The Matrix Model in IEC 62304

26. Elements
Matrix Model in Aligned Elements
 Write Use Cases from SW Reqs
 Perform Risk Analysis on Use Cases
 Generate Causes from Use Cases
where applicable
 Create Architecture
 Map Use Cases to Software Items by
connecting Software Items to existing
Causes
 If applicable, generate new Causes
from Software Items and map back to
User CasesRisk Analysis
Causes
Software
Requirements
Harm
Hazardous
Situation
Software
Items

27. Elements
Software Problem Resolution Process
 Record Problem Report
 Identify Causes and perform risk
analysis
 Evaluate Risk
 Create Change Request (if
applicable)
 Verify Change
Risk AnalysisCause
Measure
Problem
Report
Change
Request
Verification
Harm Hazardous
Situation

28. Elements
Aligned Elements IEC 62304 Package
 Full template set for all IEC 62304 Artifacts
 Includes clear references to applicable sections in IEC 62304
 Full usage of Aligned Elements automatic consistency checks
 Integrated Checklists and Review Generators
 Preconfigured Word reports
 Preconfigured Trace Tables
 Preconfigured Queries

29. Elements
Maximal results, minimal effort

30. Thank You!Aligned AG
Binzmühlstrasse 210
CH-8050 Zürich
Switzerland
t +41 (0)44 312 50 20
f +41 (0)44 312 50 20
m info@aligned.ch
w www.aligned.ch