risk management in development of life critical systems
TRANSCRIPT
®
IBM Software Group
© 2009 IBM Corporation
Risk Management in Developing Life Critical Systems
Kimberly Roberts-CobbIndustry Solution ExecutiveIBM Software Group, Rational Tiger [email protected]
IBM Software Group | Rational software
2
IBM Software Group | Rational software
2
Agenda
Smarter Life Critical Systems and Products – a definition
What is Safety? Risk and Hazard Analysis
Product Development Best Practices
Rational Platform for Smarter Medical Device Development
Success stories based on IBM solutions
Questions and Next Steps
IBM Software Group | Rational software
3
IBM Software Group | Rational software
3
Software, including artificial intelligence, monitors medical device data intake (e.g., physiological data) and sends alerts to caregivers. Chemical and biologic sensors monitor changes in patients’ vital signs and physiology. Micro-manipulation robotics and endoscopic imagery enable minimal invasive surgery.
Life critical systems and devices are becoming instrumented, interconnected and intelligent, resulting in smarter devices
3
INSTRUMENTED INTERCONNECTED
.
INTELLIGENT
And technological advances are enabling medical systems and devices to become smarter
Smart products transcend “one-size-fits-all” products enabling customers to get exactly what they want – tailored to their unique needs
Wireless technologies such as Zigbee (low-power personal area network standard), Bluetooth, WiFi, cell phones, and RFID enable medical devices to communicate with caregivers, electronic medical records, and other devices. Wireless technologies support physiological telemetry systems that monitor patients in real-time
Miniaturization in electro-mechanical components and electronics, including nanotechnology, enables devices to become portable, wearable and implantable. Passive, active, electromechanical and semi conductive sensors respond to patients’ physical changes (e.g., pressure, motion, thermal energy).
IBM Rational software
4
Software drives innovation in smarter life critical systems and devices
Software is key component in differentiating medical systems and products
Increasing amount functionality is now provided by software
Software increases risk: Device safety often now depends on proper software operation
FDA is increasing scrutiny of software controls for device manufacturers Drug and Device Accountability Act of 2009
proposes stiff financial penalties and even jail time for inaccuracies in certification
Effective risk vs. reward in software delivery is a business critical imperative
Globalization and interconnected systems make compliance even more complex
IBM Rational software
5
Examples of IBM Rational and smarter life critical systems and devices
Endless possibilities with the growing trend of embedded software
Implantable Defibrillators Implantable Defibrillators Delivers a life-saving shock to restore the
heart to a more normal rateDelivers a life-saving shock to restore the
heart to a more normal rate
Operating Room Navigation SystemsOperating Room Navigation SystemsTrack spatial location of surgical instruments during procedureTrack spatial location of surgical instruments during procedure
Medtronics LandmarX ElementEndoscopic Image Guidance System
Medtronics LandmarX ElementEndoscopic Image Guidance System
Infusion PumpsInfusion PumpsHelps prevent errors in delivering medicine dosageHelps prevent errors in delivering medicine dosage
Cardinal HealthAlaris System
Cardinal HealthAlaris System
Next Generation CT Scanners Next Generation CT Scanners An "early health" model of care focused on earlier
diagnosis, disease detection and prevention.An "early health" model of care focused on earlier
diagnosis, disease detection and prevention.
GE HealthcareCT Scanner
GE HealthcareCT Scanner
IBM Software Group | Rational software
6
IBM Software Group | Rational software
6
Agenda
Smarter Life Critical Systems and Products – a definition
What is Safety? Risk and Hazard Analysis
Product Development Best Practices
Rational Platform for Smarter Medical Device Development Success stories based on IBM solutions
Questions and Next Steps
IBM Software Group | Rational software
7
IBM Software Group | Rational software
7
What is Safety?
Safety is freedom from accidents or losses.
Safety is not reliability! Reliability is the probability that a system will perform its intended function
satisfactorily.
Safety is not security!Security is protection or defense against attack, interference, or espionage.
IBM Software Group | Rational software
8
IBM Software Group | Rational software
8
Safety-Related Concepts
Accident is a loss of some kind, such as injury, death, or equipment damage
Risk is a combination of the likelihood of an accident and its severity:risk = p(a) * s(a)
Hazard is a set of conditions and/or events that leads to an accident.
Failure is the nonperformance of a system or component, not a random faultA random failure is one that can be estimatedFailures are eventse.g., a component failure
Error is a systematic fault A systematic fault is a design errorErrors are states or conditionse.g., a software bug
A fault is either a failure or an error
IBM Software Group | Rational software
9
IBM Software Group | Rational software
9
Safety Measures
Safety measures do one of the following: Remove the hazard Reduce the risk, either by
Reducing the likelihood of the accident Reducing the severity of the accident
Identify the hazard to supervisory personnel so that they can handle it within the fault tolerance time
The purpose of the safety measure is to avoid accident or loss
The FDA and similar governing bodies are primarily concerned with health/safety – i.e. patient harm risks related to active lack of safety and risks related to ineffective performance of intended functions,
on which patients and care providers might reasonably rely to avoid patient harm, are to be analyzed. If harm can occur through the function or dysfunction of the device, there's a hazard or risk to be analyzed and mitigated.
The business is concerned with both health/safety and functionality A failure mode whose impact on health is a 0 but impact on functionality is a 10. E.g., if this happens,
the device will absolutely not work, but there is absolutely no impact to health or safety. This type of device failure could still be a critical business issue despite lack of harm
IBM Software Group | Rational software
10
IBM Software Group | Rational software
10
The Basic Risk Management Process
Risk Analysis Intended use Hazard Identification Risk estimation (likelihood/severity)
Risk Evaluation Acceptability decisions
Risk Control Options Implementation Residual risk evaluation and overall risk acceptance
Post Production Post production actual experience Review of risk management experience
Ris
k A
sses
smen
tR
isk
Ass
essm
ent
Ris
k M
anag
emen
tR
isk
Man
agem
ent
IBM Software Group | Rational software
11
IBM Software Group | Rational software
11
Risk Assessment Methods
Common Risk Assessment Methods
1. Risk matrix
2. Preliminary Hazard Analysis (PHA)
3. Fault Tree Analysis (FTA)
4. Failure Mode Effects (Criticality) Analysis (FMEA/FMECA)
5. Hazard Operability Analysis (HAZOP)
6. Hazard Analysis and Critical Control Point (HACCP)
The FDA "Pre-production Quality Assurance Planning Recommendations For Medical Device Manufacturers" identifies three methods for risk analysis:
•Failure mode effects analysis (FMEA)•Fault tree analysis (FTA)•Failure mode effects criticality analysis (FMECA)
The FDA "Pre-production Quality Assurance Planning Recommendations For Medical Device Manufacturers" identifies three methods for risk analysis:
•Failure mode effects analysis (FMEA)•Fault tree analysis (FTA)•Failure mode effects criticality analysis (FMECA)
IBM Software Group | Rational software
12
IBM Software Group | Rational software
12
Product Development and Risk Management
Basic Product Development Phases
Phase 1 – Researching new opportunitiesPhase 2 – Proving feasibilityPhase 3 – Scheduled development (prototypes)Phase 4 – Validation (clinical trials)Phase 5 – Delivery (launch) and Maintenance
The Timing of Risk MitigationThe purpose of risk mitigation (FMEA/Hazard Analysis) is to affect the design. The time to begin this process is when competing designs are being considered (phases 1 and 2). The FDA requires a risk assessment (hazard analysis) as a deliverable, but if done late in the product lifecycle this is primarily a documentation exercise rather than a true control measure used to identify and mitigate design choices that should not have been chosen or which introduce higher risk or more costly development.
Concept & Feasibility Design Develop Test Produce
Design Control
Product Portfolio Planning & Requirements
Specification, Modeling, Simulation
Build & Release
Verification and Validation
Change Control
Risk Assessment
Preliminary Hazard Analysis and Risk Management Plan
Detailed risk analysis (FMEA, FTA)
Risk Management Report
Risk Reviews
IBM Software Group | Rational software
13
IBM Software Group | Rational software
13
Agenda
Smart medical device – a definition
What is Safety? Risk and Hazard Analysis
Product Development Best Practices
Rational Platform for Smarter Medical Device Development
Success stories based on IBM solutions
Questions and Next Steps
IBM Rational software
14
Best Practices for Smarter and Safer Product Development
1. Evolve Product Portfolios effectivelyBalance potential product reward with risk to choose the right product design, at the right time, for the right market: Risk Estimation/Balancing
2. Begin Hazard Analysis at the Requirements stage Capture, define, analyze potential hazards up front while developing and managing the requirements: Preliminary Hazard Analysis and Risk Management Plan
3. Develop Systems and Software in a Model-Driven wayVisually develop complex systems using a structured approach and introduce control measures to balance risk vs reward in design choices: Detailed risk analysis (FTA)
4. Control Change for Good Manufacturing Practice (GMP) Establish an integrated change process across the lifecycle: Manage Safety Impact of Changes
5. Metrics, Measurement, Reporting and Automated Document GenerationGenerate the right document at the right time across the development disciplines to adhere to standards and demonstrate compliance: Dynamically Monitor Risk Factors and Generate Risk Management Reports
6. Improve Quality from the Beginning through the EndMake quality management a continuous lifecycle activity: Verification and Validation
IBM Rational software
15
Determine risk elements up front and balance risk with reward – perform decision analysis inclusive of increased or decreased risk of harm and/or higher/lower profit and reliability
Compare and rank features and functions against possible hazards and impact on sales/profitability
Utilize visualization, prioritization, and unique road mapping and planning capabilities
Centralize information for key decision-making and status reporting
Ensure most valuable capabilities are not unintentionally minimized or eliminated
Use objective information to overcome the influence of the loudest voice
Product Portfolio Management - Evolve Product Portfolios Effectively
Best Practice 1: Product Line Portfolio Management
(generated from Rational FocalPoint)(generated from Rational FocalPoint)
IBM Rational software
16
Requirements Management across the Product LifecycleCapture, define, analyze, and manage requirements
Create Preliminary Hazard Analysis and Risk Management Plans
Improves visibility of and collaboration on requirements for all product stakeholders
Comprehensive support for recording, structuring, managing, and analyzing requirements, hazards and their traceability across development
Supports FDA CFR21 Part 11 compliant electronic signatures for sign off of specification baselines
Integrates with portfolio management, modeling, change management and quality management solutions for a full lifecycle solution
Best Practice 2: Requirements Engineering and Management
(generated from Rational DOORS)(generated from Rational DOORS)
IBM Rational software
17
Develop Systems and Software in a Model-Driven wayVisually develop complex systems using a structured approach
Design and analyze the system and to identify the conditions and events that can lead to hazards
Traceability from requirements through implementation and test
Validate, simulate and verify design and implementation during entire product lifecycle
Customizable documentation generation automates FDA documentation submission
Visual modeling manages complexity and improves communication
Generate production quality code for embedded targets
Reduce testing time and improve results with model-driven testing
Leverage and visualize existing code for documentation
Best Practice 3: Model Driven Systems Engineering
(generated from Rational Rhapsody)(generated from Rational Rhapsody)
IBM Rational software
18
Design for Safety
The key to safe systems is to analyze the system and to identify the conditions and events that can lead to hazards
Fault Tree Analysis (FTA) determines what logical combination of events and conditions lead to faults
By adding “ANDing-redundancy”, architectural redundancy can be added
Fault Tree Analysis determines what combinations of conditions or events are necessary for a hazard condition to
occur
Best Practice 3: Model Driven Systems Engineering
IBM Software Group | Rational software
19
IBM Software Group | Rational software
19
Model system use cases to understand and identify potential hazards and risks
(generated from Rational Rhapsody)(generated from Rational Rhapsody)
Best Practice 3: Model Driven Systems Engineering
IBM Software Group | Rational software
20
IBM Software Group | Rational software
20
Link requirements to use cases to ensure all uses are fully understood so hazards can be identified earlier
(generated from Rational Rhapsody)(generated from Rational Rhapsody)
Best Practice 3: Model Driven Systems Engineering
IBM Software Group | Rational software
21
IBM Software Group | Rational software
21
Produce Hazard and fault tables as part of your development and ongoing risk management process not “after the fact”
(generated from Rational Rhapsody)(generated from Rational Rhapsody)
Best Practice 3: Model Driven Systems Engineering
IBM Software Group | Rational software
22
IBM Software Group | Rational software
22
Link potential faults to requirements for clarity on requirements with hazard mitigations
(generated from Rational Rhapsody)(generated from Rational Rhapsody)
Best Practice 3: Model Driven Systems Engineering
IBM Rational software
23
Control Change for Quality Systems Good Manufacturing Practice Establish an integrated change process across the lifecycle
Testing Eco-system
Manage Portfolio &
Product Priorities
Develop Model-Driven
System -> Software
Collaboration,Process, Workflow
ExecuteTests
Capture & manage
requirements
Integrated Change
Management
Configuration Management
Integrate Suppliers
Capture customer requests & market
driven enhancements
Mechanical
Collaborate across Development Disciplines
Electrical
Software
Best Practice 4: Integrated Change and Configuration Management
IBM Rational software
24
Use Metrics and Dynamic Reporting to Reduce Risk
Make more informed, faster, and more aligned decisions to reduce risk & costs
Full range of BI capabilities for all software delivery communities to receive relevant information with connection to live ALM data– in a single integrated offering
Open enterprise-class platform to cost-effectively scale to meet user demands
Why?Reporting & Analysis
How are we doing?Scorecards & Dashboards
Best Practice 5: Metrics, Measurement and Report Generation
(generated from Rational Insight)(generated from Rational Insight)
IBM Rational software
25
Automate Document GenerationGenerate the right report and the right document at the right time
Increase productivity by allowing engineers to focus on engineering, NOT formatting concerns
Maintain accuracy through quick one-click document generation that captures last minute changes to data held in disparate source applications
Enhance documentation quality and consistency by sharing and reusing templates
Deploy a consistent set of reports, measurements, and dashboards with tight integrations to tools across the Rational and Telelogic ALM product lines, and other common/3rd data sources
Measure, monitor and analyze data to improve efficiency and process maturity, as well as early identification and mitigation of risks.
Best Practice 5: Metrics, Measurement and Report Generation
(generated from Rational Publishing Engine from data sources of Rational RTC and RQM)(generated from Rational Publishing Engine from data sources of Rational RTC and RQM)
IBM Rational software
26
Improve Quality from the Beginning through the EndMake quality management a continuous lifecycle activity
Unify the entire team with a shared view of quality assets
Comprehensive dynamic planning and updates
Intelligent automation to improve accuracy and efficiency
Automated reporting to enhance project decision-making
Best Practice 6: Continuous Quality Management
RMPPM RM
PPM
QM
IBM Software Group | Rational software
27
IBM Software Group | Rational software
27
Agenda
Smart medical device – a definition
What is Safety? Risk and Hazard Analysis
Product Development Best Practices
Rational Platform for Smarter Medical Device Development
Success stories based on IBM solutions
Questions and Next Steps
IBM Rational software
28
Lagging
Modern Approaches for Describing Systems Are EvolvingTo Better Manage Complexity and Reduce Time-to-market
Moving from manual methods to an automated approach
Specifications
Interface requirements
System design
Risk Analysis & trade-off
Test plans
Leading
Organizations are looking for a productivity breakthrough. Not just incremental improvement. How can we significantly increase the value from our product delivery platform?
IBM Rational software
2929
Collaborate ImproveAutomate
Collaborate across diverse engineering disciplines and development teams
Achieve “quality by design” with an integrated, automated
testing process
Manage all system requirements with full traceability across
the lifecycle
Use modeling to validate requirements, architecture and design throughout
the development process
Rational Rhapsody
RationalQuality Manager
RationalRRC/DOORS
RationalTeam Concert
The design and delivery of smart products is enabled by a collaborative solution that facilitates innovation while fostering visibility and integration to quantify hazards and risks
IBM Rational software
30
Rational Combined Portfolio in Action Industry’s most comprehensive offering
System and Software Lifecycle Process Management
RequirementsDefinition &Management
Analysis & Design
Quality Management
Release Management
Team Management
Configuration & Change Mgmt
Production / Operations
Enterprise Architecture/Architectural Frameworks
Measurement &Reporting
Product, Project &Portfolio Management
IBM Software Group | Rational software
31
IBM Software Group | Rational software
31
Agenda
Smart medical device – a definition
What is Safety? Risk and Hazard Analysis
Product Development Best Practices
Rational Platform for Smarter Medical Device Development
Success stories based on IBM solutions
Questions and Next Steps
IBM Rational software
32
Aberdeen Study on Best in Class Product Development
Performance measures of Best in Class
Achieve quality targets 95% on average, 12% above Industry average, 1.8 times as often as laggards
Achieve product launch dates 92% on average, 21% above Industry average, 2.9 times as often as laggards
Achieve revenue targets 96% on average, 25% above Industry average, nearly twice as often as laggards
Common characteristics of Best in Class
Manage Requirements: Twice as likely as the Industry average and 3 times as likely as laggards to address entire lifecycle of requirements
Leaders in Systems Modeling and Simulation. 5 times as likely as the Industry average and 7 times as likely as laggards to digitally validate system behavior with the simulation of integrated mechanical, electrical and software components
Manage Change: 51% more likely than Industry average and 3 times more likely than laggards to notify other disciplines of changes.
AberdeenSystem Design: New Product Development for Mechatronics
Inclusion of embedded software components in product development
66%34%
IBM Rational software
33
What’s smart? Intelligent ventilation for intensive care Innovative cockpit display, ease of use Frees medical staff, improves patient
outcome, reduces cost
Smarter business outcomes: Earlier error recognition, using modeling
approach with code generation Consistent documentation with direct
association between design and code Improved collaboration
How Rational Rhapsody helps: Proven embedded and real-time track record Code generation Re-usable Software Platform
"Thanks to graphical representation of processes and states and being able to execute them, we
now have a significantly improved basis for discussion. It's also easier for new employees to
get going - provided they have some basic understanding of UML and Rhapsody®, “Andreas Anderegg – Software Engineer
Customer Success: Safe Ventilation – at rest and on the move Hamilton Medical AG and IBM partner EVOCEAN GmbH
IBM Rational software
34
Customer Success: Innovation, streamlined audits, increased quality Waters Corporation
“After about 15 minutes of spending with the auditor, he was just blown away on how effective the Rational tools were in
terms of addressing all of his audit questions.”
What’s smart? Efficient systems for verifying the purity of drugs, food
products and water resources. Highly accurate blood tests with greater precision for
healthcare diagnosis
Smarter business outcomes Innovation to enable significant advancements in
healthcare delivery, environmental management, food safety, and water quality worldwide
Increased quality and throughput of the assays performed with cost effective technology
How Rational enables smarter products Full traceability with an integrated requirements,
change, and configuration management solution Performance improvement through global
collaboration and component based development
IBM Rational software
35
Customer Success: Mobile access to medical images Merge Healthcare
What’s smart?
Provides medical professionals access to complex medical images on mobile devices
Helps facilitate prompt access to medical imaging data – anytime or anywhere*
Smarter business outcomes
Reduced hospital operations costs
Reliable, secure, scalable delivery of medical images and reports
How Rational enables smarter products
Collaboration across globally distributed development teams
Change management across the end-to-end software lifecycle **Product not yet released
“We rely on (Rational Change and Configuration Management Solutions)
to manage the complexity of the software and to ensure that our global development teams operate as one, for the best result to our customers. This software from IBM
is part of our livelihood; it's our DNA.”
IBM Software Group | Rational software
36
Customer Success: Going Agile with Global CollaborationReducing Cost in a Global Context – Medical Device Company
Environment Issues Improved Outcomes
Desire to use Agile techniques thwarted by internal process overhead
No global access to assets Poor change management
support for parallel development
Multiple points of failure No continuous integration Lack of compliance support
1000+ users worldwide 3 development sites
(US, Europe, India) Continuous unit testing
required with strong auditing Heterogeneous development
infrastructure
Global Agile development process supported by repeatable deployment model
Iterations accelerated 3X, build times reduced by 65%
Improved compliance Secure developer self-
service established $6M+ savings per year over
3 years
“We were interested to adopt Agile Development, but were limited by an inflexible, non-standard process. Each team did their own thing, and there were multiple points of failure on each project.”
IBM Rational software
37
Summary: IBM Rational Solution for Developing Life Critical Systems
Deliver life critical systems and medical devices that address market needs through portfolio management
Provide clear audit trail across the development lifecycle with requirements management
Validate designs and associated risks early with model driven development and model and manage safety risks and hazards FTAs
Integrate change management processes to coordinate development in a collaborative platform
Automate document generation for compliance
Drive quality throughout the product lifecycle
Execute best practices and collaborate through an integrated product lifecycle solution
Execute best practices and collaborate through an integrated product lifecycle solution
Powered by
IBM Software Group | Rational software
38
IBM Software Group | Rational software
38
© Copyright IBM Corporation 2008. All rights reserved.
The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way.
IBM, the IBM logo, the on-demand business logo, Rational, the Rational logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.