Link Between Essential Performance Requirements and Essential Design Outputs

sunbike

Registered
Hi, what is the link, if any, between Essential Performance Requirements (EPRs) and Essential Design Outputs (EDOs)? Does every EPR need to be linked to at least one EDO or are they considered separately?

While there is no formal FDA guidance yet, one definition of EPRs in IEC 60601-1 relates EPRs to unacceptable risk while EDOs are related to "proper functioning" in 21 CFR 820, which seems to be a roader definition compared to EPRs. Intellectually it seems like EDOs should include design outputs related to EPRs and may include additional outputs (e.g. outputs related to needle safety in combination products). Wanted to get additional opinions / thoughts.

Additionally I have heard of EDOs being scoped to point of use while EPRs have no such scope limitation. Has anyone defined it this way as well?

Thanks
 

Tidge

Trusted Information Resource
My $0.02, and then some: Essential Performance was discovered to be the missing piece from 2nd edition 60601-1 "Basic Safety"... essentially, per earlier editions of the 60601, for example: a ME device like a respirator was considered "safe" as long as it didn't shock, pinch, burn, etc. people when it fell over... even if it stopped breathing for the patient. This obviously flies in the face of safety when it is defined as freedom from unacceptable risk. "Essential Performance" was required to be defined (by the manufacturer) so that the NRTLs testing ME devices could fulfill the 3rd edition requirements for (more complete) safety testing/assessments.

Still my humble opinion: Essential Performance ought to be a very simple statement of what clinical role the device is supposed to perform, e.g. "breathe for the patient". It may be necessary to decompose the simple statement into more detailed Essential Performance Requirements so that a NRTL (among others) can objectively determine if the device is meeting it's essential performance... especially when undergoing "basic safety" tests required by the standard and applicable collateral and particular standards (e.g. "when tipped over").

The Essential Design Outputs are often identified as individual components (e.g. a polypropylene washer) but a better practice IMO is to identify the Essential Characteristics of components instead (e.g. the thickness of the polypropylene washer) because the same component could be used elsewhere in the design in circumstances that have nothing to do with risk controls... and the burden of design controls (and testing) is heavier when risk controls are impacted.

In days past when basic safety was the only consideration, it was common to simply maintain a list of "critical components" that a NRTL had used to determine (and sometimes even test, but not always) that a ME manufacturer could not change without risking the NRTL no longer standing by a past certification of compliance. Think something like a particular fuse with a specified rating, or shrink tubing with a particular flammability rating. When designs were simple, and certified compliance was "only" for basic safety, it was reasonable to take this approach, but when the actual performance of the ME devices became part of 3rd edition, it no longer makes sense to stand by the older, simpler approach.
 

sunbike

Registered
My $0.02, and then some: Essential Performance was discovered to be the missing piece from 2nd edition 60601-1 "Basic Safety"... essentially, per earlier editions of the 60601, for example: a ME device like a respirator was considered "safe" as long as it didn't shock, pinch, burn, etc. people when it fell over... even if it stopped breathing for the patient. This obviously flies in the face of safety when it is defined as freedom from unacceptable risk. "Essential Performance" was required to be defined (by the manufacturer) so that the NRTLs testing ME devices could fulfill the 3rd edition requirements for (more complete) safety testing/assessments.

Still my humble opinion: Essential Performance ought to be a very simple statement of what clinical role the device is supposed to perform, e.g. "breathe for the patient". It may be necessary to decompose the simple statement into more detailed Essential Performance Requirements so that a NRTL (among others) can objectively determine if the device is meeting it's essential performance... especially when undergoing "basic safety" tests required by the standard and applicable collateral and particular standards (e.g. "when tipped over").

The Essential Design Outputs are often identified as individual components (e.g. a polypropylene washer) but a better practice IMO is to identify the Essential Characteristics of components instead (e.g. the thickness of the polypropylene washer) because the same component could be used elsewhere in the design in circumstances that have nothing to do with risk controls... and the burden of design controls (and testing) is heavier when risk controls are impacted.

In days past when basic safety was the only consideration, it was common to simply maintain a list of "critical components" that a NRTL had used to determine (and sometimes even test, but not always) that a ME manufacturer could not change without risking the NRTL no longer standing by a past certification of compliance. Think something like a particular fuse with a specified rating, or shrink tubing with a particular flammability rating. When designs were simple, and certified compliance was "only" for basic safety, it was reasonable to take this approach, but when the actual performance of the ME devices became part of 3rd edition, it no longer makes sense to stand by the older, simpler approach.

Thanks Tidge for the background and I agree that EDOs should focus on component characteristics instead of just the component. If I'm understanding correctly, it sounds like EDOs should be identified based on use as a risk control and not the more subjective "proper functioning". This would then imply that EDOs are linked to EPRs, assuming the EPR definition based on risk from IEC 60601-1.

In your opinion, should EPRs / EDOs be scoped to point of use (not including preparation steps)?
 

Tidge

Trusted Information Resource
In your opinion, should EPRs / EDOs be scoped to point of use (not including preparation steps)?

I don't know if this will help, but consider a risk of "fire", with the "single fault condition" being "too much electrical current". As single component (e.g. "fuse") can directly address address this failure mode and the fuse becomes the implementation (of the risk control) for the (common, well-understood, seriously considered) failure mode.

In the 2nd edition era, the NRTL would look at the device specs, check the fuse, and say something like "The fuse is a critical component, if you ever change it we won't stand by our assessment of your product's safety."

What they REALLY meant (from a process PoV, not necessarily a financial PoV) is: "The fuse has a some specific rating, and there exists OE (usually also from us, the NRTL) that the fuse works as advertised. We know you may pick a replacement fuse with the same specific ratings, so just check with use before you start using the new fuse. If we've also already tested the new fuse, we'll probably let you make the change and continue to stand behind you device."

Fuses are easy to consider, because the safety theory behind electricity is so well developed. In practice, there are often single devices (not assemblies) with a specific characteristic that makes an otherwise unacceptable risk an acceptable risk. It could be the flammability rating of a plastic, it could be the insulation characteristics of a power supply, it could be a ferrite bead on a cable.. The NRTLs are really good (and comfortable) about identifying the "basic safety" critical characteristics, but they won't know if a manufacturer has any related to essential performance.... I say that they should be able to know by examination of a well-prepared/robust RM file, but as a practical matter they won't have time to comb through one.

My preference is to have a clear link from the top-level RM document to the specific characteristic of a specific part (that makes an otherwise unacceptable risk an acceptable risk), and maintain that list (of parts/characteristics) for easy reference (and updating, if necessary). This is not the only way of doing it, but I make this suggestion because (a) it should be easy to work with the NRTLs and (b) when design changes are considered it is a hand reference for (necessary) activities that might be otherwise overlooked.

One last statement: complicated devices are unlikely to have many "critical characteristics' of individual components, as often it is only as an assembly that they can satisfy their essential performance.
 
Top Bottom