How to conduct a Software Risk Assessment
First, the risk must be identified. It is always the same scheme; a hazard combined with a hazardous situation can lead to harm. All factors must be determined before the hazard occurs.
Risks combine the severity of harm (S) and the probability of occurrence(O). A numerical score is assigned to assess the risk.
Risk = probability of damage x severity of damage. A simple evaluation scale needs to be used and it must be equivalent for all products. See the table below as an example:
Then the score is interpreted by this table:
Then risk control measures must be defined and implemented according to the score.
Two methods are applicable when performing a risk analysis; the fault tree analysis and the failure mode and effect analysis.
Author: Alix Auter, Life Science Consultant KVALITO
KVALITO is a strategic partner and a global quality and compliance services and network for regulated industries. To learn more about our service please visit us on www.kvalito.ch
If you would like to benefit from KVALITO’s specialized services, please get in contact: firstname.lastname@example.org.