I was wondering if anybody could help.

Currently when performing Periodic Review on a Computerised System, we assess the standard set of items that should be considered. When it comes to incident reports/quality incidents though, we currently only report on issues that were caused due to the system being at fault i.e. a system failure. We do not report on incident reports/quality incidents that are caused by:
(1) users/operators incorrectly using the system or
(2) the SOP or process being at fault.

Is this approach correct? Is there any guidance that would help steer me in the right direction?

Thanks in advance,