Stan Hamilton and Brian Pate of SoftwareCPR offer the following tip.
As risk managers, we often struggle to draw the line for inclusion of foreseeable misuse. We ask questions like what is credible, and how far must you go? When performing risk analysis, we decide if it is credible enough to list as a hazard cause, and to consider adding risk controls. In the case of a recent recall, it causes one to consider those difficult risk management decisions. Would it have been better to be more conservative and add another software risk control for a particular case of misuse? A dangerous modification was made by third party personnel. The unit was able to continue functioning with active energy, and led to an adverse event.
Of course, from the outside looking in, it is only speculation. It does remind us (and we often encourage clients) to add risk controls, even if the initial risk evaluation is extremely low, if they are relatively easy to add. Often, the engineers, if aware early enough in the process, will say that risk controls are easy to add and have very little impact on unit cost or development schedules. So integrate risk management planning very early in your design process and don’t hesitate to add simple risk controls even if you consider the likelihood of the misuse to be low.”