Writing a Risk Assessment for Software

Recently we’ve spent a lot of time bogged down in medical device registration for The Open Voice Factory.

As part of this we developed a risk assessment around the software – looking at the potential causes of harm (i.e. “What happens if there is a fire in the house and our software fails to help someone speak to emergency services?”).   These sorts of documents are valuable but also pretty bruising – half the time you are making notes about features to add and test, and the other half of the time you are saying “We’d better make sure the documentation is clear that we don’t think that is a good idea”.

I wanted to share our first attempt more broadly (it’s already public because it’s on our public project board) because I think people might be interested, and I also think they might have some ideas for risks that we’ve missed out.

Please look at it here: OVF.risk.assessment.v0.2.

One of my ambitions with The Open Voice Factory is that we also make all the software tests public and easily understood (the first bit of that is easy, the second is hard) and then we can say “These are the risks we thought of, and the tests we wrote to check them, if you think of anything we’ve missed, let us know and we will add some tests”.

If we have a convincing enought test suite, then it also becomes possible to say: “If we don’t have a test for it, then you shouldn’t rely on it”.

Leave a Reply

Your email address will not be published. Required fields are marked *