Involving user perspective in a software risk management process

Abstract: More and more user groups are using medical devices. Heart starters are, for example, available in public places and used by non-professionals. Different mobile medical applications, designed to help people manage their own health, are now being added to the medical device spectra. Users handling medical devices make errors, but by involving users in the risk management process, it is possible to lower the risk of these errors. This paper presents an evaluation of the value of complementing a traditional risk … Show more

“…As regards the different strategies aiming to support the risk management process, it was established that these do so in a range of application domains. For example, in the development of software for medical devices, the framework for risk management known as RiskUse [57] was found, as was the model of capacity for risk management designed by McCaffrey [87] based on the area of risk management processes as defined in CMMI-DEV v1.2 [100] and on different international regulations regarding control of medical devices. In relation to software projects, the model proposed by Islam et al [64] for goaldriven software development risk management appeared; it is one that is integrated explicitly into the requirements engineering stage.…”

“…The consultation process looks to promote opportune feedback, and to obtain information that will give support to the decision-making process with regard to the risk management process cycle. Lindholm [57], in her preparation stage of the risk management process, places great emphasis on this activity by establishing the risk management team; this should be made up of: (i) Developers who have some knowledge of the context of the system to be developed, (ii) users to represent other user-groups; they will form part of the Fig. 1.…”

“…• A2 -Scope, context, criteria: This activity establishes the internal and external parameters that should be considered when managing a risk, and when establishing the scope of the risk criteria that will make it possible to define the policies for risk management; the aim is to carry out a risk assessment that is effective, alongside treatment that deals with risk appropriately. In her preparation stage for the risk management process, Lindholm [57] proposes that preparations for the whole process be carried out, according to the necessary requirements and the intentions of use. In addition, having an understanding of the context of the system is recommended, since this will make it easier to set up the risk team, making sure that each of the competences needed is catered for.…”

“…Moreover, it takes on the task of providing the bases for risk evaluation, serving as input for decision-making as regards the treatment, the strategies and the methods that are the most suitable for dealing with each risk as corresponds; it does the same for risk estimation. Lindholm [57], in her discussion on risk analysis, sees this as the risk associated with each dangerous situation identified; it is estimated using a scale of risk severity and risk probability, where the risk value is defined by multiplying the severity of the risk by the probability value. Elzamly et al [65], in their contribution, state that risk analysis contributes to the analysis of risk probability and its consequences with reference to those risks that have been identified.…”

“…Lindholm [57] asserts that risk evaluation is the decision-making on each of the risks in relation to their being reduced. These decisions are made through criteria that are based on control measures, which can be debated and then deployed in order to reduce the risk.…”

Risk management in the software life cycle: A systematic literature review

“…As regards the different strategies aiming to support the risk management process, it was established that these do so in a range of application domains. For example, in the development of software for medical devices, the framework for risk management known as RiskUse [57] was found, as was the model of capacity for risk management designed by McCaffrey [87] based on the area of risk management processes as defined in CMMI-DEV v1.2 [100] and on different international regulations regarding control of medical devices. In relation to software projects, the model proposed by Islam et al [64] for goaldriven software development risk management appeared; it is one that is integrated explicitly into the requirements engineering stage.…”

“…The consultation process looks to promote opportune feedback, and to obtain information that will give support to the decision-making process with regard to the risk management process cycle. Lindholm [57], in her preparation stage of the risk management process, places great emphasis on this activity by establishing the risk management team; this should be made up of: (i) Developers who have some knowledge of the context of the system to be developed, (ii) users to represent other user-groups; they will form part of the Fig. 1.…”

“…• A2 -Scope, context, criteria: This activity establishes the internal and external parameters that should be considered when managing a risk, and when establishing the scope of the risk criteria that will make it possible to define the policies for risk management; the aim is to carry out a risk assessment that is effective, alongside treatment that deals with risk appropriately. In her preparation stage for the risk management process, Lindholm [57] proposes that preparations for the whole process be carried out, according to the necessary requirements and the intentions of use. In addition, having an understanding of the context of the system is recommended, since this will make it easier to set up the risk team, making sure that each of the competences needed is catered for.…”

“…Moreover, it takes on the task of providing the bases for risk evaluation, serving as input for decision-making as regards the treatment, the strategies and the methods that are the most suitable for dealing with each risk as corresponds; it does the same for risk estimation. Lindholm [57], in her discussion on risk analysis, sees this as the risk associated with each dangerous situation identified; it is estimated using a scale of risk severity and risk probability, where the risk value is defined by multiplying the severity of the risk by the probability value. Elzamly et al [65], in their contribution, state that risk analysis contributes to the analysis of risk probability and its consequences with reference to those risks that have been identified.…”

“…Lindholm [57] asserts that risk evaluation is the decision-making on each of the risks in relation to their being reduced. These decisions are made through criteria that are based on control measures, which can be debated and then deployed in order to reduce the risk.…”

Risk management in the software life cycle: A systematic literature review