Safety Risk Analysis

MEDICAL SYSTEM:

ECG Monitor / Defibrillator (Class III)

WORK SCOPE:

Identify traceability between hazards and software items, aligned with the software architecture specification, from software items to specific causes, and from causes to risk control measures, per the IEC-62304 and ISO-14971 standards.

Generate documentation and conduct a hazard analysis related to SOUP, and consolidate with the system safety risk assessment. Review and update safety risk assessment to address several CAPAs related to inadequate design history records and inaccuracies in traceability to design input requirements, defined user needs, and intended uses.

Address IEC-60601 3rd edition compliance issues, including:

• Add Biocompatibility hazards (per IEC-60601-1 standard) to the safety risk assessment to align with other similar products
• Update risk probabilities with field history data
• Labeling mitigations alone should not reduce probability
• Update risk severity assessments based on a consistent criteria in relation to system use cases

BACKGROUND:

The company was in the process of addressing several audit findings, with much pressure to uplift a quality initiative stop-ship on a large product line. The QA procedures rely on manual methods to verify conformance to processes, work instructions, and traceability using hard copy as the official design history records. Several information management tools are in place but they're not integrated between engineering, manufacturing, and operations (field support); making for a difficult situation to keep documents current, with missing links between requirements and other system elements, replicated information across similar product lines leading to synchronization issues and duplicated efforts, and other challenges related to risk management compliance. A big part of the challenge was the complexity and large number of requirements (> 2000) and hazardous situations (> 400), with a product service history of more than 15 years around the world.

RESULTS:

As an initial step, a complete export of the following elements created a basis for a traceability matrix in an Excel workbook:

• System requirements (from requirements management tool)
• Software items (from software architecture spec)
• Safety risk assessment (from existing FMEA Excel workbook)

In order to identify the traces within this enormous data set and update for accuracy and thoroughness, a three-step approach was taken:

1. Using VBA scripting, cleanup risk assessments to address the following:
   • Remove risks relating to obsolete (not fielded releases)
   • Correct requirements traces to match mitigations identified
   • Fix links to obsolete requirements
2. Perform fuzzy text matching with an Excel plug-in tool and VBA scripting to map system requirements to software items (and their related dependencies), and map hazard causes and mitigations to system requirements (bi-directionally). The fuzzy matching tool was setup to use a Levenshtein distance algorithm to accurately identify non-exact text matches with language stemming, weighted keywords, and a similarity percent score.
3. Sort the hazard traces with lowest similarity scores from Step 2, and conduct a cross-functional review involving regulatory, clinical, and systems engineering leads to reach consensus on recommended updates to risk assessment, risk-benefit analysis, and traceability data

The risk assessment data was extracted from the Excel workbook to create a Word document providing a baseline for the risk management report addressing essential performance and overall risk-benefit statement. As a final step, the traceability matrix data was filtered to produce hazard traceability for software aspects including SOUP items, to provide objective evidence of IEC-62304 compliance in the design history file.