Improving Software Risk Management in a Medical Device Company

McCaffery, Fergal and Burton, John and Richardson, Ita (2009) Improving Software Risk Management in a Medical Device Company. In: ICSE Conference 2009.

[thumbnail of Improving_Software_Risk_Management_in_a_Medical_Device_Company.docx] Microsoft Word
Download (204kB)


Software Risk Management (RM) within Medical Device (MD) companies is a critical area. Failure of the software can have potentially catastrophic effects, leading to injury of patients or even death. Therefore regulators penalise MD manufacturers that do not devote sufficient attention to the areas of hazard analysis and RM throughout the software lifecycle. This paper describes the experience of a MD software development organization when they engaged in a research project to improve their RM practices. We explain how this was achieved through the development of a software process improvement RM model that integrates regulatory MD RM requirements with the goals and practices of the Capability Maturity Model Integration (CMMI). This model is known as the Risk Management Capability Model (RMCM). The authors describe the complete project lifecycle and evaluate the success of the project.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: Software risk management; Regulators; MD software development; CMMI
Subjects: Computer Science
Research Centres: Regulated Software Research Centre
Depositing User: Sonya Grimley
Date Deposited: 20 Feb 2012 09:09
Last Modified: 11 Nov 2014 16:10

Actions (login required)

View Item View Item


Downloads per month over past year