IEC 60601-1 and ISO 14971 Assessment

D

dbdb89

We have submitted our product for 60601 certification and all EMC / Safety Markings have come back with passing results. However the test lab is requiring all the risk documentation before they will provide the certification report. Is this common?

For instance, we have not finished our design transfer, but the test house would like to see our risk management report which per our SOP needs to contain process risk evaluation.
 

Pads38

Moderator
Yes, unfortunately this is standard.

With so many of the requirements of 60601-1 having a 'by risk management' or 'by inspection of the risk management file' options the test house needs to know how you (the manufacturer) have dealt with it.

Many test houses are affiliated to the IEC IECEE conformity scheme. I use a version of an IECEE operational document OD-2044 Edition 2.2 to provide a summary of all the risk parts of 60601-1. This lists every individual clause risk management requirement and the parts of 14971 that apply.

For instance-
60601-1 Clause 8.8.4.1 Mechanical strength and resistance to heat

requires the following parts of 14971

4.2 Intended use and characteristics
4.3 Identification of hazards
4.4 Estimation of risk
5 Risk evaluation
6.2 Risk options analysis
6.3 Control measures implementation
6.4 Residual risk analysis
6.5 Risk / benefit analysis

As you can imagine the form is long!
and filled with a LOT of N/A entries.

Your test house should be able to provide you with a blank form to fill in.

Welcome to the forums.
 

Peter Selvey

Leader
Super Moderator
Bit of a side issue, but this actually highlights a legal fault in 601-1 and other standards that embed risk management.

Logically, the risk management system should sit outside of product standards, and provide only supplementary specifications for use within the product standard.

Then we can test and state that the device complies with the product standard and any supplementary specifications used.

Following this, the RM file can be signed off as complete.

Embedding the whole risk management system creates circular reference where you can't sign the 601-1 report without the RM being signed off, and you can't sign off the RM without the 601-1 report being signed off. Apart from this, embedding RM creates the painful process for the test labs and a fuzziness around responsibilities (who is responsible, the test lab or manufacturer? Test labs will claim no responsibility, but then why do they charge to review? What are they really doing?)

In practice there is a bit of a fudge going on - either the test lab accepts draft documents (common in my experience) or the manufacturer falsely signs the RMF before things are actually complete.

Wondering if there is any experience how to handle this for the forum members?
 
J

John Alleman

It is a bit of "do loop" which requires a bit of finesse. What we've generally done is for the clauses in the standard(s) which require "inspection of the RMF":
1. We make our best attempt to analyze the associated risks based on literature and experience.
2. If we can verify the necessary risk controls in house, then we'll close that out and present it as evidence to the test lab.
3. For risk controls which rely upon the test lab's data as evidence to complete the assessment, we give that a provisional "pass" with the assumption that the lab test will be PASS. We hold that as an open item in our verification of controls.
4. The above is all captured in an initial version of the risk management report.
5. We present this version of the RMF to the lab.
6. Following lab tests, we update the affected risk control verifications and issue a revision to the risk management report.
 

hornet456

Starting to get Involved
Yes, unfortunately this is standard.

With so many of the requirements of 60601-1 having a 'by risk management' or 'by inspection of the risk management file' options the test house needs to know how you (the manufacturer) have dealt with it.

Many test houses are affiliated to the IEC IECEE conformity scheme. I use a version of an IECEE operational document OD-2044 Edition 2.2 to provide a summary of all the risk parts of 60601-1. This lists every individual clause risk management requirement and the parts of 14971 that apply.

For instance-
60601-1 Clause 8.8.4.1 Mechanical strength and resistance to heat

requires the following parts of 14971

4.2 Intended use and characteristics
4.3 Identification of hazards
4.4 Estimation of risk
5 Risk evaluation
6.2 Risk options analysis
6.3 Control measures implementation
6.4 Residual risk analysis
6.5 Risk / benefit analysis

As you can imagine the form is long!
and filled with a LOT of N/A entries.

Your test house should be able to provide you with a blank form to fill in.

Welcome to the forums.

Hello, I realize this thread is almost two years old, but found it relevant to the question I have. We have been asked by our test house to write up a risk management document for 60601-1 based on our ISO 14971 risk management file. Do you know if all the 60601-1 clauses will have to be addressed, or just 4.2 (general requirements)? If its the former, then that is a hell of a long list! TIA
 

Tidge

Trusted Information Resource
Hello, I realize this thread is almost two years old, but found it relevant to the question I have. We have been asked by our test house to write up a risk management document for 60601-1 based on our ISO 14971 risk management file. Do you know if all the 60601-1 clauses will have to be addressed, or just 4.2 (general requirements)? If its the former, then that is a hell of a long list! TIA

I can't speak for your NRTL, but it is likely more than just 4.2, although it will not not be all the clauses of 60601-1. My recollection from my 3rd edition experience with a NRTL is that all the clauses of 60601-1 which include "Compliance is checked by inspection of the RISK MANAGEMENT FILE" are the ones that the NRTL wants you to summarize for them. For example, some element of the risk file should bluntly state what the essential performance (4.3) is of the ME device because in a 14971-compliant process this would be a key driver for the risk management process.
 

hornet456

Starting to get Involved
Thank you for your reply. We are working with a testing firm for CB certification in Korea, and this was a request from them. We did not receive any other explanation other than that a "risk management file" for 60601-1 3rd edition needs to be provided. You make a good point about all clauses not being needed, as a vast majority of them do not apply to our device. Are you basically saying that we should look at the definition of essential performance within our ISO 14971 file, and use that to determine which clauses of 60601-1 need to be summarized?
 

Tidge

Trusted Information Resource
I recommend that you review 60601-1 for all the clauses which include "Compliance is checked by inspection of the RISK MANAGEMENT FILE" and then explain where in your risk files (many companies consider the entire DHF as part of the risk files) you satisfy those clauses. The essential performance is just one section; there are others. Some of these clauses may also be address by established procedures at your company along with specific outputs of that process.
 

hornet456

Starting to get Involved
I recommend that you review 60601-1 for all the clauses which include "Compliance is checked by inspection of the RISK MANAGEMENT FILE" and then explain where in your risk files (many companies consider the entire DHF as part of the risk files) you satisfy those clauses. The essential performance is just one section; there are others. Some of these clauses may also be address by established procedures at your company along with specific outputs of that process.

Thank you, will check that out :)
 
Top Bottom