Improving software Risk Management in a Medical Device Company

Author

McCaffery, Fergal ; Burton, John ; Richardson, Ita

Author_Institution

Dundalk Inst. of Technol., Dundalk

fYear

2009

fDate

16-24 May 2009

Firstpage

152

Lastpage

162

Abstract

Software Risk Management (RM) within Medical Device (MD) companies is a critical area. Failure of the software can have potentially catastrophic effects, leading to injury of patients or even death. Therefore regulators penalise MD manufacturers that do not devote sufficient attention to the areas of hazard analysis and RM throughout the software lifecycle. This paper describes the experience of a MD software development organization when they engaged in a research project to improve their RM practices. We explain how this was achieved through the development of a software process improvement RM model that integrates regulatory MD RM requirements with the goals and practices of the Capability Maturity Model Integration (CMMI). This model is known as the Risk Management Capability Model (RMCM). The authors describe the complete project lifecycle and evaluate the success of the project.

Keywords

Capability Maturity Model; biomedical equipment; hazards; risk management; capability maturity model integration; hazard analysis; medical device company; risk management capability model; software lifecycle; software process improvement; software risk management; Capability maturity model; Government; Hazards; Injuries; Manufacturing; Regulators; Risk management; Software engineering; Software quality; Software safety;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Engineering - Companion Volume, 2009. ICSE-Companion 2009. 31st International Conference on

Conference_Location

Vancouver, BC

Print_ISBN

978-1-4244-3495-4

Type

conf

DOI

10.1109/ICSE-COMPANION.2009.5070973

Filename

5070973