Risk Analysis: How to Make It a "First-class" Citizen in Your Development
In a recent article, the editors of the Tibco Blog claim “Major Plane Crashes Are Always Technology Failures, Not Human Error”. You can agree with that statement and the premise of the article or not, but it did at least get us thinking about the subject of Risk Analysis, and where (and more importantly how) it fits into product development.
The whole process of analyzing risk is frequently a thing apart from the process of developing an application or product. What happens is that “these guys over here” do a FMEA (or whatever other process) and send the results (usually in some document or set of documents) to “those guys over there” who write up requirements and develop the system or product. (The requirements guys are all too often “siloed” from the development guys too… but that’s another story.)
Understanding how the results of the FMEA risk study actually apply to what artifacts in development is difficult because the former isn’t integrated with the latter. Risk Analysis is in effect, a “second-class citizen” in the actual development project. And it’s really more important than that, if you think about it (which you probably do every time you fly).
You may not know that Polarion’s application lifecycle management solution integrates the risk analysis phase of systems or product engineering with the rest of the application/product development process… requirements management, Agile development, test management and testing, and so on. You’ll find out-of-box features including a custom Work Item type “Risk”, FMEA template documents, and pre-configured workflow that involves before and after Risk Priority calculations (RPN) from user-defined values of Severity, Occurrence, and Detection.
Having risk analysis as a “first-class” citizen in a project means you can easily achieve traceability from the granular risks identified in a FMEA (represented in “Risk” type Work Items), to mitigating requirements and subsystem designs, and from there outward to test cases that verify requirements, the results from executing the test cases, right on into the the source code implementing the software components. Thanks to extensions such as the Polarion Connector for MATLAB Simulink it’s even possible to get traceability into model elements.
We have a couple of webinars that you might find helpful in your quest to make risk analysis an integral component of your product development:
- “FMEA Risk Analysis in Product Development” (Free On-demand Webinar)
- “Hazard & Risk Analysis According to ISO 26262” (Free On-Demand Webinar)