Improving software risk management in a medical device company

Fergal McCaffery; John Burton; Ita Richardson

doi:10.1109/ICSE-COMPANION.2009.5070973

Improving software risk management in a medical device company

Fergal McCaffery, John Burton, Ita Richardson

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Software Risk Management (RM) within Medical Device (MD) companies is a critical area. Failure of the software can have potentially catastrophic effects, leading to injury of patients or even death. Therefore regulators penalise MD manufacturers that do not devote sufficient attention to the areas of hazard analysis and RM throughout the software lifecycle. This paper describes the experience of a MD software development organization when they engaged in a research project to improve their RM practices. We explain how this was achieved through the development of a software process improvement RM model that integrates regulatory MD RM requirements with the goals and practices of the Capability Maturity Model Integration (CMMI). This model is known as the Risk Management Capability Model (RMCM). The authors describe the complete project lifecycle and evaluate the success of the project.

Original language	English
Title of host publication	2009 31st International Conference on Software Engineering - Companion Volume, ICSE 2009
Pages	152-162
Number of pages	11
DOIs	https://doi.org/10.1109/ICSE-COMPANION.2009.5070973
Publication status	Published - 2009
Event	2009 31st International Conference on Software Engineering, ICSE 2009 - Vancouver, BC, Canada Duration: 16 May 2009 → 24 May 2009

Publication series

Name	2009 31st International Conference on Software Engineering - Companion Volume, ICSE 2009

Conference

Conference	2009 31st International Conference on Software Engineering, ICSE 2009
Country/Territory	Canada
City	Vancouver, BC
Period	16/05/09 → 24/05/09

Access to Document

10.1109/ICSE-COMPANION.2009.5070973

Cite this

McCaffery, F., Burton, J., & Richardson, I. (2009). Improving software risk management in a medical device company. In 2009 31st International Conference on Software Engineering - Companion Volume, ICSE 2009 (pp. 152-162). Article 5070973 (2009 31st International Conference on Software Engineering - Companion Volume, ICSE 2009). https://doi.org/10.1109/ICSE-COMPANION.2009.5070973

@inproceedings{f67b786845f84738bbcaa2d6da3f7573,

title = "Improving software risk management in a medical device company",

abstract = "Software Risk Management (RM) within Medical Device (MD) companies is a critical area. Failure of the software can have potentially catastrophic effects, leading to injury of patients or even death. Therefore regulators penalise MD manufacturers that do not devote sufficient attention to the areas of hazard analysis and RM throughout the software lifecycle. This paper describes the experience of a MD software development organization when they engaged in a research project to improve their RM practices. We explain how this was achieved through the development of a software process improvement RM model that integrates regulatory MD RM requirements with the goals and practices of the Capability Maturity Model Integration (CMMI). This model is known as the Risk Management Capability Model (RMCM). The authors describe the complete project lifecycle and evaluate the success of the project.",

author = "Fergal McCaffery and John Burton and Ita Richardson",

year = "2009",

doi = "10.1109/ICSE-COMPANION.2009.5070973",

language = "English",

isbn = "9781424434947",

series = "2009 31st International Conference on Software Engineering - Companion Volume, ICSE 2009",

pages = "152--162",

booktitle = "2009 31st International Conference on Software Engineering - Companion Volume, ICSE 2009",

note = "2009 31st International Conference on Software Engineering, ICSE 2009 ; Conference date: 16-05-2009 Through 24-05-2009",

}

McCaffery, F, Burton, J & Richardson, I 2009, Improving software risk management in a medical device company. in 2009 31st International Conference on Software Engineering - Companion Volume, ICSE 2009., 5070973, 2009 31st International Conference on Software Engineering - Companion Volume, ICSE 2009, pp. 152-162, 2009 31st International Conference on Software Engineering, ICSE 2009, Vancouver, BC, Canada, 16/05/09. https://doi.org/10.1109/ICSE-COMPANION.2009.5070973

Improving software risk management in a medical device company. / McCaffery, Fergal; Burton, John; Richardson, Ita.
2009 31st International Conference on Software Engineering - Companion Volume, ICSE 2009. 2009. p. 152-162 5070973 (2009 31st International Conference on Software Engineering - Companion Volume, ICSE 2009).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Improving software risk management in a medical device company

AU - McCaffery, Fergal

AU - Burton, John

AU - Richardson, Ita

PY - 2009

Y1 - 2009

N2 - Software Risk Management (RM) within Medical Device (MD) companies is a critical area. Failure of the software can have potentially catastrophic effects, leading to injury of patients or even death. Therefore regulators penalise MD manufacturers that do not devote sufficient attention to the areas of hazard analysis and RM throughout the software lifecycle. This paper describes the experience of a MD software development organization when they engaged in a research project to improve their RM practices. We explain how this was achieved through the development of a software process improvement RM model that integrates regulatory MD RM requirements with the goals and practices of the Capability Maturity Model Integration (CMMI). This model is known as the Risk Management Capability Model (RMCM). The authors describe the complete project lifecycle and evaluate the success of the project.

AB - Software Risk Management (RM) within Medical Device (MD) companies is a critical area. Failure of the software can have potentially catastrophic effects, leading to injury of patients or even death. Therefore regulators penalise MD manufacturers that do not devote sufficient attention to the areas of hazard analysis and RM throughout the software lifecycle. This paper describes the experience of a MD software development organization when they engaged in a research project to improve their RM practices. We explain how this was achieved through the development of a software process improvement RM model that integrates regulatory MD RM requirements with the goals and practices of the Capability Maturity Model Integration (CMMI). This model is known as the Risk Management Capability Model (RMCM). The authors describe the complete project lifecycle and evaluate the success of the project.

UR - http://www.scopus.com/inward/record.url?scp=70349680909&partnerID=8YFLogxK

U2 - 10.1109/ICSE-COMPANION.2009.5070973

DO - 10.1109/ICSE-COMPANION.2009.5070973

M3 - Conference contribution

AN - SCOPUS:70349680909

SN - 9781424434947

T3 - 2009 31st International Conference on Software Engineering - Companion Volume, ICSE 2009

SP - 152

EP - 162

BT - 2009 31st International Conference on Software Engineering - Companion Volume, ICSE 2009

T2 - 2009 31st International Conference on Software Engineering, ICSE 2009

Y2 - 16 May 2009 through 24 May 2009

ER -

Improving software risk management in a medical device company

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this