Software Hazard Analysis
Software for medical devices and other safety critical applications must have a software hazard analysis. This section provides a framework for performing a software hazard analysis, as part of an overall safety risk management program. While this section is presented from the viewpoint of medical device software, it may also be appropriate for any type of mission critical system.
Risk analysis for software cannot be based on probability of occurrence. This is because if a software defect exists, then the defect always exists. This means that probability of the hazard occurring is always 100%. The only questions are whether the user will encounter the defect and the impact when it occurs.
Therefore, the process of risk analysis for software can be reduced to a hazard analysis function. Use of the term hazard analysis reinforces the concept that calculating risk based on software failure rates is generally not justified, and that it is more appropriate to manage software safety risk based on the severity of harm rather than the software failure rates.
FMEAs and Fault Trees are often used for hardware, but not not apply themselves well to software since they are predicated upon a previously working system encountering a system failure. Since a software defect is always present, FMEAs and Fault Trees are not appropriate for software will not be considered as tools for software hazard analysis.
Software Hazard Analysis is a system level input to the software requirements and is performed by looking at the information flow from the user's perspective. This is a black box process and does not consider the actual implementation of the software (if it did, hazard analysis could become infinitely recursive).
Hazard analysis is also performed whenever changes are made to the software.