Hi,

I was wondering if I could get some advice regarding the approach that should be taken to deviations/incidents that are reviewed as part of the periodic review of a computerized system.

I currently only consider any incidents or deviations that can be attributed to a root cause of system/software failure, I do not consider any incidents or deviations that are down to an operator or user using the system incorrectly, or even any incidents or deviations that are caused by process (SOP) failures?

My question is should I exclude what I currently do and focus on the actual failures of the software, or are there any regulations or guidelines that say I should include the other root causes I have mentioned?

Thanks in advance.