FDA recommends that you submit a Device Hazard Analysis for all Software Devices. The Device Hazard Analysis should take into account all device hazards associated with the device’s intended use, including both hardware and software hazards. FDA recommends that you present the information in tabular form with a line item for each identified hazard. This document can be in the form of an extract of the software-related items from a comprehensive risk management document, such as the Risk Management Summary described in ISO 14971. In this format, each line item should include:
- identification of the hazardous event
- severity of the hazard
- cause(s) of the hazard
- method of control (e.g. alarm, hardware design)
- corrective measures taken, including an explanation of the aspects of the device design/requirements, that eliminate, reduce, or warn of a hazardous event
- verification that the method of control was implemented correctly
When performing a hazard analysis, FDA recommends that you address all foreseeable hazards, including those resulting from intentional or inadvertent misuse of the device.